update: switch to use profile service to fetch user data based on userID

Previously, we attempted to use the tokens endpoint, which in recent patches doesn't seem to function correctly. Rather than use a brittle endpoint, we have switched to use the user endpoint to look up by UID, which should be more reliable.

update: switch to use profile service to fetch user data based on userID
Previously, we attempted to use the tokens endpoint, which in recent patches doesn't seem to function correctly. Rather than use a brittle endpoint, we have switched to use the user endpoint to look up by UID, which should be more reliable.
eb7bfbb9 · Martin Lowe · b5e2ac58 · eb7bfbb9 · eb7bfbb9
Commit eb7bfbb9 authored 3 months ago by Martin Lowe
--- a/efservices/src/main/java/org/eclipsefoundation/efservices/config/AuthenticatedRequestWrapperProvider.java
+++ b/efservices/src/main/java/org/eclipsefoundation/efservices/config/AuthenticatedRequestWrapperProvider.java
@@ -14,8 +14,11 @@ package org.eclipsefoundation.efservices.config;

 import java.lang.reflect.Method;
 import java.util.Collections;
+import java.util.Optional;

 import org.eclipsefoundation.efservices.api.models.DrupalOAuthData;
+import org.eclipsefoundation.efservices.api.models.EfUser;
+import org.eclipsefoundation.efservices.api.models.UserSearchParams;
 import org.eclipsefoundation.efservices.helpers.DrupalAuthHelper;
 import org.eclipsefoundation.efservices.models.AuthenticatedRequestWrapper;
 import org.eclipsefoundation.efservices.namespace.RequestContextPropertyNames;
@@ -68,14 +71,17 @@ public class AuthenticatedRequestWrapperProvider {
                    if (tokenStatus.userId() != null && !"0".equals(tokenStatus.userId())) {
                        // Fetch user data from token and set in context
                        LOGGER.trace("Fetching user info for token with uid: {}", tokenStatus.userId());
-                        return new AuthenticatedRequestWrapper(tokenStatus, oauthService.getTokenUserInfo(token), profile);
+                        // fetch profile directly, as we can't rely on tokens having openid scope
+                        Optional<EfUser> currentUserProfile = profile
+                                .performUserSearch(new UserSearchParams(tokenStatus.userId(), null, null));
+                        return new AuthenticatedRequestWrapper(tokenStatus, currentUserProfile.orElse(null));
                    }
                    LOGGER.trace("Anonymous client request with no associated user detected, continuing");
                } else {
                    LOGGER.trace("No valid authentication for current request found, returning anonymous state");
                }
                // fallback to return the found token as the requests auth state (token can be null)
-                return new AuthenticatedRequestWrapper(tokenStatus, null, profile);
+                return new AuthenticatedRequestWrapper(tokenStatus, null);
            } catch (Exception e) {
                // We want to prevent this from reaching user on profile queries.
                LOGGER.debug("Invalid authentication", e);
@@ -87,7 +93,7 @@ public class AuthenticatedRequestWrapperProvider {
            }
        }
        LOGGER.trace("No valid authentication for current request found, returning anonymous state");
-        return new AuthenticatedRequestWrapper(null, null, profile);
+        return new AuthenticatedRequestWrapper(null, null);
    }

    /**

--- a/efservices/src/main/java/org/eclipsefoundation/efservices/models/AuthenticatedRequestWrapper.java
+++ b/efservices/src/main/java/org/eclipsefoundation/efservices/models/AuthenticatedRequestWrapper.java
@@ -11,13 +11,8 @@
 **********************************************************************/
 package org.eclipsefoundation.efservices.models;

-import java.util.Optional;
-
 import org.eclipsefoundation.efservices.api.models.DrupalOAuthData;
-import org.eclipsefoundation.efservices.api.models.DrupalUserInfo;
 import org.eclipsefoundation.efservices.api.models.EfUser;
-import org.eclipsefoundation.efservices.api.models.UserSearchParams;
-import org.eclipsefoundation.efservices.services.ProfileService;
 import org.eclipsefoundation.utils.exception.FinalForbiddenException;

 /**
@@ -29,13 +24,11 @@ public class AuthenticatedRequestWrapper {
    private static final String NO_USER_ERR_MSG = "No user associated with this token";

    private final DrupalOAuthData tokenStatus;
-    private final DrupalUserInfo currentUser;
-    private final ProfileService profile;
+    private final EfUser currentUser;

-    public AuthenticatedRequestWrapper(DrupalOAuthData tokenStatus, DrupalUserInfo currentUser, ProfileService profile) {
+    public AuthenticatedRequestWrapper(DrupalOAuthData tokenStatus, EfUser currentUser) {
        this.tokenStatus = tokenStatus;
        this.currentUser = currentUser;
-        this.profile = profile;
    }

    /**
@@ -52,7 +45,7 @@ public class AuthenticatedRequestWrapper {
     * 
     * @return The DrupalUserInfo associated with the current token.
     */
-    public DrupalUserInfo getCurrentUser() {
+    public EfUser getCurrentUser() {
        if (currentUser == null) {
            throw new FinalForbiddenException(NO_USER_ERR_MSG);
        }
@@ -68,46 +61,4 @@ public class AuthenticatedRequestWrapper {
        return tokenStatus != null;
    }

-    /**
-     * Fetches public profile data for the user bound to the request chain. Throws a FinalForbiddenException if there is no current user, or
-     * if the profile fetches fail to retrieve data.
-     * 
-     * @return The EfUser profile data for the user associated with the current token.
-     */
-    public EfUser getUserPublicProfileData() {
-        if (currentUser == null) {
-            throw new FinalForbiddenException(NO_USER_ERR_MSG);
-        }
-
-        // Fetch by username. Then fetch by gh handle if not found
-        Optional<EfUser> result = profile
-                .fetchUserByUsername(currentUser.name(), false)
-                .or(() -> profile.fetchUserByGhHandle(currentUser.githubHandle(), false));
-        if (result.isEmpty()) {
-            throw new FinalForbiddenException(NO_USER_ERR_MSG);
-        }
-        return result.get();
-    }
-
-    /**
-     * Retrieves the token user's private profile data by performing a user search by uid and name. It will then fetch via GH id if it can't
-     * find the user. Throws a FinalForbiddenException if there is no current user, or if the profile fetches fail to retrieve data.
-     * 
-     * @return The EfUser profile data for the user associated with the current token.
-     */
-    public EfUser getUserPrivateProfileData() {
-        if (currentUser == null) {
-            throw new FinalForbiddenException(NO_USER_ERR_MSG);
-        }
-
-        // Perform user search, then fetch by Gh handle if not found.
-        Optional<EfUser> result = profile
-                .performUserSearch(new UserSearchParams(currentUser.getCurrentUserUid(), currentUser.name(), null))
-                .or(() -> profile.fetchUserByGhHandle(currentUser.githubHandle(), true));
-        if (result.isEmpty()) {
-            throw new FinalForbiddenException(NO_USER_ERR_MSG);
-        }
-
-        return result.get();
-    }
 }