Skip to content

Commit e95613e

Browse files
Sheikah45Brutus5000
authored andcommitted
Revert "Hack in support for OpenID scopes"
This reverts commit a91b1d2 Keep removal of dummy user in development profile
1 parent 2fabcdc commit e95613e

5 files changed

Lines changed: 8 additions & 24 deletions

File tree

src/main/java/com/faforever/api/security/FafUserAuthenticationConverter.java

Lines changed: 2 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -8,11 +8,9 @@
88
import org.springframework.security.oauth2.provider.token.DefaultUserAuthenticationConverter;
99

1010
import java.util.Collection;
11-
import java.util.HashSet;
1211
import java.util.List;
1312
import java.util.Map;
1413
import java.util.Optional;
15-
import java.util.Set;
1614

1715
/**
1816
* Converts a {@link FafUserDetails} from and to an {@link Authentication} for use in a JWT token.
@@ -44,11 +42,7 @@ public Authentication extractAuthentication(Map<String, ?> map) {
4442
String username = (String) map.get(USERNAME);
4543
boolean accountNonLocked = Optional.ofNullable((Boolean) map.get(NON_LOCKED)).orElse(true);
4644
Collection<? extends GrantedAuthority> authorities = getAuthorities(map);
47-
48-
// This is a violation of separation of User and Client permission, but the whole code is deprecated once we use
49-
// OpenID everywhere!
50-
Set<String> scopes = new HashSet<>((List<String>) map.get("scope"));
51-
UserDetails user = new FafUserDetails(id, username, "N/A", accountNonLocked, authorities, scopes);
45+
UserDetails user = new FafUserDetails(id, username, "N/A", accountNonLocked, authorities);
5246

5347
return new UsernamePasswordAuthenticationToken(user, "N/A", authorities);
5448
} else {
@@ -68,9 +62,7 @@ public Authentication extractAuthentication(Map<String, ?> map) {
6862
.map(role -> (GrantedAuthority) () -> "ROLE_" + role)
6963
.toList();
7064

71-
var scopes = new HashSet<>((List<String>) map.get("scp"));
72-
73-
UserDetails user = new FafUserDetails(id, "username", "N/A", false, authorities, scopes);
65+
UserDetails user = new FafUserDetails(id, "username", "N/A", false, authorities);
7466
return new UsernamePasswordAuthenticationToken(user, "N/A", authorities);
7567
}
7668

src/main/java/com/faforever/api/security/FafUserDetails.java

Lines changed: 3 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -5,25 +5,19 @@
55
import org.springframework.security.core.GrantedAuthority;
66

77
import java.util.Collection;
8-
import java.util.Set;
98

109
@Getter
1110
public class FafUserDetails extends org.springframework.security.core.userdetails.User {
1211

1312
private final int id;
14-
/**
15-
* Workaround for compatibility with old Spring OAuth2 token AND new OpenID Connect token
16-
*/
17-
private final Set<String> scopes;
1813

19-
public FafUserDetails(User user, Collection<? extends GrantedAuthority> authorities, Set<String> scopes) {
20-
this(user.getId(), user.getLogin(), user.getPassword(), !user.isGlobalBanned(), authorities, scopes);
14+
public FafUserDetails(User user, Collection<? extends GrantedAuthority> authorities) {
15+
this(user.getId(), user.getLogin(), user.getPassword(), !user.isGlobalBanned(), authorities);
2116
}
2217

23-
public FafUserDetails(int id, String username, String password, boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities, Set<String> scopes) {
18+
public FafUserDetails(int id, String username, String password, boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {
2419
super(username, password, true, true, true, accountNonLocked, authorities);
2520
this.id = id;
26-
this.scopes = scopes;
2721
}
2822

2923
public boolean hasPermission(String permission) {

src/main/java/com/faforever/api/security/FafUserDetailsService.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ public UserDetails loadUserByUsername(String usernameOrEmail) throws UsernameNot
3636
authorities.addAll(getUserRoles(user));
3737
authorities.addAll(getPermissionRoles(user));
3838

39-
return new FafUserDetails(user, authorities, Set.of());
39+
return new FafUserDetails(user, authorities);
4040
}
4141

4242
private Collection<GrantedAuthority> getUserRoles(User user) {

src/main/java/com/faforever/api/security/UserSupplier.java

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@
44
import org.springframework.stereotype.Component;
55

66
import java.util.List;
7-
import java.util.Set;
87
import java.util.function.Supplier;
98

109
@Component
@@ -16,7 +15,7 @@ public FafUserDetails get() {
1615
if (principal instanceof FafUserDetails) {
1716
return (FafUserDetails) principal;
1817
} else {
19-
return new FafUserDetails(-1, principal.toString(), null, false, List.of(), Set.of());
18+
return new FafUserDetails(-1, principal.toString(), null, false, List.of());
2019
}
2120
}
2221
}

src/main/java/com/faforever/api/security/elide/permission/FafUserCheck.java

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -33,12 +33,11 @@ private boolean checkOAuthScopes(String... scope) {
3333

3434
OAuth2Authentication oAuth2Authentication = ((OAuth2Authentication) authentication);
3535
OAuth2Request oAuth2Request = oAuth2Authentication.getOAuth2Request();
36-
var requestScopes = ((FafUserDetails) oAuth2Authentication.getPrincipal()).getScopes();
3736

3837
List<String> missedScopes = new ArrayList<>();
3938

4039
for (String currentScope : scope) {
41-
if (!requestScopes.contains(currentScope)) {
40+
if (!oAuth2Request.getScope().contains(currentScope)) {
4241
missedScopes.add(currentScope);
4342
}
4443
}

0 commit comments

Comments
 (0)