fix(oidc): align DSOidcUserService behavior with DSOAuth2UserService

Fixes four inconsistencies identified in issue #276:

- Add .toLowerCase() to email lookup in handleOidcLoginSuccess() to
  normalize email case before findByEmail(), matching OAuth2 behavior
- Add @transactional at class level and on registerNewOidcUser() to
  ensure database operations are transactional, matching OAuth2 behavior
- Publish AuditEvent on new OIDC user registration (\"OIDC Registration
  Success\"), matching the OAuth2 \"OAuth2 Registration Success\" event
- Call loginHelperService.userLoginHelper() in loadUser() to update
  lastActivityDate and run lockout checks; set OIDC-specific tokens
  (idToken, userInfo) via new @Setter fields on DSUserDetails

Add @Setter to DSUserDetails.oidcUserInfo and oidcUserInfo to support
setting OIDC tokens after loginHelperService creates the instance.

Update DSOidcUserServiceTest and DSOidcUserServiceRegistrationGuardTest
to inject @mock LoginHelperService and ApplicationEventPublisher.

Closes #276

Author: devondragon

src/main/java/com/digitalsanctuary/spring/user/service/DSOidcUserService.java

@@ -1,6 +1,7 @@
 package com.digitalsanctuary.spring.user.service;
 
 import java.util.Arrays;
+import com.digitalsanctuary.spring.user.audit.AuditEvent;
 import com.digitalsanctuary.spring.user.persistence.model.User;
 import com.digitalsanctuary.spring.user.persistence.repository.RoleRepository;
 import com.digitalsanctuary.spring.user.persistence.repository.UserRepository;
@@ -10,6 +11,7 @@
 import com.digitalsanctuary.spring.user.registration.RegistrationSource;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
 import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
@@ -19,6 +21,7 @@
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
 
 /**
  * OIDC user service implementation for handling OpenID Connect authentication (Keycloak).
@@ -36,17 +39,23 @@
  */
 @Slf4j
 @Service
+@Transactional
 @RequiredArgsConstructor
 public class DSOidcUserService implements OAuth2UserService<OidcUserRequest, OidcUser> {
 
     /** The user repository. */
     private final UserRepository userRepository;
-    
+
     /** The role repository. */
     private final RoleRepository roleRepository;
 
+    private final LoginHelperService loginHelperService;
+
     private final RegistrationGuard registrationGuard;
 
+    /** The Event Publisher. */
+    private final ApplicationEventPublisher eventPublisher;
+
     OidcUserService defaultOidcUserService = new OidcUserService();
 
     /**
@@ -79,7 +88,7 @@ public User handleOidcLoginSuccess(String registrationId, OidcUser oidcUser) {
                     "Unable to retrieve email address from " + registrationId + ". Please ensure you have granted email permissions.");
         }
         log.debug("handleOidcLoginSuccess: looking up user with email: {}", user.getEmail());
-        User existingUser = userRepository.findByEmail(user.getEmail());
+        User existingUser = userRepository.findByEmail(user.getEmail().toLowerCase());
         log.debug("handleOidcLoginSuccess: existingUser: {}", existingUser);
         if (existingUser != null && registrationId != null) {
             log.debug("handleOidcLoginSuccess: existingUser.getProvider(): {}", existingUser.getProvider());
@@ -116,12 +125,17 @@ public User handleOidcLoginSuccess(String registrationId, OidcUser oidcUser) {
      * @param user The User object representing the authenticated user.
      * @return A User object representing the newly registered user.
      */
+    @Transactional
     private User registerNewOidcUser(String registrationId, User user) {
         User.Provider provider = User.Provider.valueOf(registrationId.toUpperCase());
         user.setProvider(provider);
         user.setRoles(Arrays.asList(roleRepository.findByName("ROLE_USER")));
-        // We will trust OAuth2 providers to provide us with a verified email address.
+        // We will trust OIDC providers to provide us with a verified email address.
         user.setEnabled(true);
+        AuditEvent registrationAuditEvent = AuditEvent.builder().source(this).user(user).action("OIDC Registration Success").actionStatus("Success")
+                .message("Registration Confirmed. User logged in.").build();
+
+        eventPublisher.publishEvent(registrationAuditEvent);
         return userRepository.save(user);
     }
 
@@ -180,12 +194,9 @@ public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2Authenticatio
         String registrationId = userRequest.getClientRegistration().getRegistrationId();
         log.debug("registrationId: {}", registrationId);
         User dbUser = handleOidcLoginSuccess(registrationId, user);
-        DSUserDetails dsUserDetails = DSUserDetails.builder()
-                .user(dbUser)
-                .oidcUserInfo(user.getUserInfo())
-                .oidcIdToken(user.getIdToken())
-                .grantedAuthorities(user.getAuthorities())
-                .build();
+        DSUserDetails dsUserDetails = loginHelperService.userLoginHelper(dbUser);
+        dsUserDetails.setOidcUserInfo(user.getUserInfo());
+        dsUserDetails.setOidcIdToken(user.getIdToken());
         return dsUserDetails;
     }
 }

src/main/java/com/digitalsanctuary/spring/user/service/DSUserDetails.java

@@ -11,6 +11,7 @@
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import com.digitalsanctuary.spring.user.persistence.model.User;
 import lombok.Builder;
+import lombok.Setter;
 import lombok.ToString;
 
 /**
@@ -54,9 +55,11 @@ public class DSUserDetails implements UserDetails, OidcUser {
 	private Map<String, Object> attributes;
 
 	/** The Oidc user properties. */
+	@Setter
 	private OidcUserInfo oidcUserInfo;
 
 	/** The Oidc user token. */
+	@Setter
 	private OidcIdToken oidcIdToken;
 
 	/**

src/test/java/com/digitalsanctuary/spring/user/service/DSOidcUserServiceRegistrationGuardTest.java

@@ -15,6 +15,7 @@
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 
@@ -37,9 +38,15 @@ class DSOidcUserServiceRegistrationGuardTest {
     @Mock
     private RoleRepository roleRepository;
 
+    @Mock
+    private LoginHelperService loginHelperService;
+
     @Mock
     private RegistrationGuard registrationGuard;
 
+    @Mock
+    private ApplicationEventPublisher eventPublisher;
+
     @InjectMocks
     private DSOidcUserService service;
 

src/test/java/com/digitalsanctuary/spring/user/service/DSOidcUserServiceTest.java

@@ -24,6 +24,7 @@
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import com.digitalsanctuary.spring.user.fixtures.OidcUserTestDataBuilder;
+import org.springframework.context.ApplicationEventPublisher;
 import com.digitalsanctuary.spring.user.persistence.model.Role;
 import com.digitalsanctuary.spring.user.persistence.model.User;
 import com.digitalsanctuary.spring.user.persistence.repository.RoleRepository;
@@ -45,9 +46,15 @@ class DSOidcUserServiceTest {
     @Mock
     private RoleRepository roleRepository;
 
+    @Mock
+    private LoginHelperService loginHelperService;
+
     @Mock
     private RegistrationGuard registrationGuard;
 
+    @Mock
+    private ApplicationEventPublisher eventPublisher;
+
     @InjectMocks
     private DSOidcUserService service;
 
@@ -360,6 +367,10 @@ void shouldLoadUserThroughOidcRequestFlow() {
                 user.setId(999L);
                 return user;
             });
+            when(loginHelperService.userLoginHelper(any(User.class))).thenAnswer(invocation -> {
+                User user = invocation.getArgument(0);
+                return new DSUserDetails(user, new ArrayList<>());
+            });
 
             // When
             OidcUser result = spyService.loadUser(userRequest);
@@ -370,9 +381,9 @@ void shouldLoadUserThroughOidcRequestFlow() {
             DSUserDetails dsUserDetails = (DSUserDetails) result;
             assertThat(dsUserDetails.getIdToken()).isNotNull();
             assertThat(dsUserDetails.getUserInfo()).isNotNull();
-            assertThat(dsUserDetails.getAuthorities()).isNotEmpty();
-            
+
             verify(userRepository).save(any(User.class));
+            verify(loginHelperService).userLoginHelper(any(User.class));
         }
 
         @Test