From eb7bfbb9f863cab77506ad2b0eef045f4cfde9a5 Mon Sep 17 00:00:00 2001 From: Martin Lowe <martin.lowe@eclipse-foundation.org> Date: Tue, 4 Mar 2025 10:52:32 -0500 Subject: [PATCH] update: switch to use profile service to fetch user data based on userID Previously, we attempted to use the tokens endpoint, which in recent patches doesn't seem to function correctly. Rather than use a brittle endpoint, we have switched to use the user endpoint to look up by UID, which should be more reliable. --- .../AuthenticatedRequestWrapperProvider.java | 12 +++- .../models/AuthenticatedRequestWrapper.java | 55 +------------------ 2 files changed, 12 insertions(+), 55 deletions(-) diff --git a/efservices/src/main/java/org/eclipsefoundation/efservices/config/AuthenticatedRequestWrapperProvider.java b/efservices/src/main/java/org/eclipsefoundation/efservices/config/AuthenticatedRequestWrapperProvider.java index 88163a73..657b3e07 100644 --- a/efservices/src/main/java/org/eclipsefoundation/efservices/config/AuthenticatedRequestWrapperProvider.java +++ b/efservices/src/main/java/org/eclipsefoundation/efservices/config/AuthenticatedRequestWrapperProvider.java @@ -14,8 +14,11 @@ package org.eclipsefoundation.efservices.config; import java.lang.reflect.Method; import java.util.Collections; +import java.util.Optional; import org.eclipsefoundation.efservices.api.models.DrupalOAuthData; +import org.eclipsefoundation.efservices.api.models.EfUser; +import org.eclipsefoundation.efservices.api.models.UserSearchParams; import org.eclipsefoundation.efservices.helpers.DrupalAuthHelper; import org.eclipsefoundation.efservices.models.AuthenticatedRequestWrapper; import org.eclipsefoundation.efservices.namespace.RequestContextPropertyNames; @@ -68,14 +71,17 @@ public class AuthenticatedRequestWrapperProvider { if (tokenStatus.userId() != null && !"0".equals(tokenStatus.userId())) { // Fetch user data from token and set in context LOGGER.trace("Fetching user info for token with uid: {}", tokenStatus.userId()); - return new AuthenticatedRequestWrapper(tokenStatus, oauthService.getTokenUserInfo(token), profile); + // fetch profile directly, as we can't rely on tokens having openid scope + Optional<EfUser> currentUserProfile = profile + .performUserSearch(new UserSearchParams(tokenStatus.userId(), null, null)); + return new AuthenticatedRequestWrapper(tokenStatus, currentUserProfile.orElse(null)); } LOGGER.trace("Anonymous client request with no associated user detected, continuing"); } else { LOGGER.trace("No valid authentication for current request found, returning anonymous state"); } // fallback to return the found token as the requests auth state (token can be null) - return new AuthenticatedRequestWrapper(tokenStatus, null, profile); + return new AuthenticatedRequestWrapper(tokenStatus, null); } catch (Exception e) { // We want to prevent this from reaching user on profile queries. LOGGER.debug("Invalid authentication", e); @@ -87,7 +93,7 @@ public class AuthenticatedRequestWrapperProvider { } } LOGGER.trace("No valid authentication for current request found, returning anonymous state"); - return new AuthenticatedRequestWrapper(null, null, profile); + return new AuthenticatedRequestWrapper(null, null); } /** diff --git a/efservices/src/main/java/org/eclipsefoundation/efservices/models/AuthenticatedRequestWrapper.java b/efservices/src/main/java/org/eclipsefoundation/efservices/models/AuthenticatedRequestWrapper.java index a6393730..2fe9b991 100644 --- a/efservices/src/main/java/org/eclipsefoundation/efservices/models/AuthenticatedRequestWrapper.java +++ b/efservices/src/main/java/org/eclipsefoundation/efservices/models/AuthenticatedRequestWrapper.java @@ -11,13 +11,8 @@ **********************************************************************/ package org.eclipsefoundation.efservices.models; -import java.util.Optional; - import org.eclipsefoundation.efservices.api.models.DrupalOAuthData; -import org.eclipsefoundation.efservices.api.models.DrupalUserInfo; import org.eclipsefoundation.efservices.api.models.EfUser; -import org.eclipsefoundation.efservices.api.models.UserSearchParams; -import org.eclipsefoundation.efservices.services.ProfileService; import org.eclipsefoundation.utils.exception.FinalForbiddenException; /** @@ -29,13 +24,11 @@ public class AuthenticatedRequestWrapper { private static final String NO_USER_ERR_MSG = "No user associated with this token"; private final DrupalOAuthData tokenStatus; - private final DrupalUserInfo currentUser; - private final ProfileService profile; + private final EfUser currentUser; - public AuthenticatedRequestWrapper(DrupalOAuthData tokenStatus, DrupalUserInfo currentUser, ProfileService profile) { + public AuthenticatedRequestWrapper(DrupalOAuthData tokenStatus, EfUser currentUser) { this.tokenStatus = tokenStatus; this.currentUser = currentUser; - this.profile = profile; } /** @@ -52,7 +45,7 @@ public class AuthenticatedRequestWrapper { * * @return The DrupalUserInfo associated with the current token. */ - public DrupalUserInfo getCurrentUser() { + public EfUser getCurrentUser() { if (currentUser == null) { throw new FinalForbiddenException(NO_USER_ERR_MSG); } @@ -68,46 +61,4 @@ public class AuthenticatedRequestWrapper { return tokenStatus != null; } - /** - * Fetches public profile data for the user bound to the request chain. Throws a FinalForbiddenException if there is no current user, or - * if the profile fetches fail to retrieve data. - * - * @return The EfUser profile data for the user associated with the current token. - */ - public EfUser getUserPublicProfileData() { - if (currentUser == null) { - throw new FinalForbiddenException(NO_USER_ERR_MSG); - } - - // Fetch by username. Then fetch by gh handle if not found - Optional<EfUser> result = profile - .fetchUserByUsername(currentUser.name(), false) - .or(() -> profile.fetchUserByGhHandle(currentUser.githubHandle(), false)); - if (result.isEmpty()) { - throw new FinalForbiddenException(NO_USER_ERR_MSG); - } - return result.get(); - } - - /** - * Retrieves the token user's private profile data by performing a user search by uid and name. It will then fetch via GH id if it can't - * find the user. Throws a FinalForbiddenException if there is no current user, or if the profile fetches fail to retrieve data. - * - * @return The EfUser profile data for the user associated with the current token. - */ - public EfUser getUserPrivateProfileData() { - if (currentUser == null) { - throw new FinalForbiddenException(NO_USER_ERR_MSG); - } - - // Perform user search, then fetch by Gh handle if not found. - Optional<EfUser> result = profile - .performUserSearch(new UserSearchParams(currentUser.getCurrentUserUid(), currentUser.name(), null)) - .or(() -> profile.fetchUserByGhHandle(currentUser.githubHandle(), true)); - if (result.isEmpty()) { - throw new FinalForbiddenException(NO_USER_ERR_MSG); - } - - return result.get(); - } } -- GitLab