Update

Author: phrocker

.gcp.env

@@ -1,4 +1,4 @@
-SENTRIUS_VERSION=1.0.37
+SENTRIUS_VERSION=1.0.39
 SENTRIUS_SSH_VERSION=1.0.4
-SENTRIUS_KEYCLOAK_VERSION=1.0.6
-SENTRIUS_AGENT_VERSION=1.0.16
+SENTRIUS_KEYCLOAK_VERSION=1.0.7
+SENTRIUS_AGENT_VERSION=1.0.17

api/src/main/java/io/sentrius/sso/config/SecurityConfig.java

@@ -37,6 +37,7 @@ public class SecurityConfig {
 
     private final CustomUserDetailsService userDetailsService;
     private final CustomAuthenticationSuccessHandler successHandler;
+    private final KeycloakAuthSuccessHandler keycloakAuthSuccessHandler;
     final UserService userService;
 
     @Value("${https.required:false}") // Default is false
@@ -55,6 +56,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
             )
             .oauth2Login(oauth2 -> oauth2
                 .loginPage("/oauth2/authorization/keycloak")
+                .successHandler(keycloakAuthSuccessHandler)
             )
             .cors(Customizer.withDefaults());
 

api/src/main/java/io/sentrius/sso/controllers/view/UserController.java

@@ -1,6 +1,7 @@
 package io.sentrius.sso.controllers.view;
 
 import java.lang.reflect.Field;
+import java.security.GeneralSecurityException;
 import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.List;
@@ -15,12 +16,15 @@
 import io.sentrius.sso.core.model.WorkHours;
 import io.sentrius.sso.core.model.dto.DayOfWeekDTO;
 import io.sentrius.sso.core.model.dto.SystemOption;
+import io.sentrius.sso.core.model.dto.UserDTO;
 import io.sentrius.sso.core.model.dto.UserTypeDTO;
 import io.sentrius.sso.core.model.security.UserType;
 import io.sentrius.sso.core.model.security.enums.UserAccessEnum;
 import io.sentrius.sso.core.model.users.User;
 import io.sentrius.sso.core.model.users.UserConfig;
 import io.sentrius.sso.core.model.users.UserSettings;
+import io.sentrius.sso.core.repository.UserTypeRepository;
+import io.sentrius.sso.core.security.service.CryptoService;
 import io.sentrius.sso.core.services.ErrorOutputService;
 import io.sentrius.sso.core.services.UserCustomizationService;
 import io.sentrius.sso.core.services.UserService;
@@ -34,7 +38,9 @@
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 
 @Slf4j
 @Controller
@@ -43,12 +49,16 @@ public class UserController extends BaseController {
 
     final UserCustomizationService userThemeService;
     final WorkHoursService  workHoursService;
+    final CryptoService cryptoService;
 
     protected UserController(UserService userService, SystemOptions systemOptions,
-                             ErrorOutputService errorOutputService, UserCustomizationService userThemeService, WorkHoursService  workHoursService) {
+                             ErrorOutputService errorOutputService, UserCustomizationService userThemeService, WorkHoursService  workHoursService,
+                             CryptoService cryptoService
+    ) {
         super(userService, systemOptions, errorOutputService);
         this.userThemeService = userThemeService;
         this.workHoursService = workHoursService;
+        this.cryptoService = cryptoService;
     }
 
     @ModelAttribute("userSettings")
@@ -155,6 +165,21 @@ public String listUsers(Model model) {
         return "sso/users/list_users";
     }
 
+
+    @GetMapping("/edit")
+    @LimitAccess(userAccess = {UserAccessEnum.CAN_EDIT_USERS})
+    public String editUser(Model model, HttpServletRequest request, HttpServletResponse response,
+                           @RequestParam("userId") String userId) throws GeneralSecurityException {
+        model.addAttribute("globalAccessSet", UserType.createSuperUser().getAccessSet());
+        Long id = Long.parseLong(cryptoService.decrypt(userId));
+        User user = userService.getUserById(id);
+        UserDTO userDTO = new UserDTO(user);
+        var types = userService.getUserTypeList();
+        model.addAttribute("userTypes",types);
+        model.addAttribute("user", userDTO);
+        return "sso/users/edit_user";
+    }
+
     @GetMapping("/settings")
     @LimitAccess(userAccess = {UserAccessEnum.CAN_VIEW_USERS})
     public String getUserSettings(Model model, HttpServletRequest request, HttpServletResponse response) {

api/src/main/resources/application.properties

@@ -64,6 +64,7 @@ server.error.whitelabel.enabled=false
 
 
 keycloak.realm=sentrius
+keycloak.base-url=http://192.168.1.162:8180
 
 spring.security.oauth2.client.registration.keycloak.client-id=sentrius-api
 spring.security.oauth2.client.registration.keycloak.client-secret=nGkEukexSWTvDzYjSkDmeUlM0FJ5Jhh0

api/src/main/resources/templates/sso/users/edit_user.html

@@ -0,0 +1,70 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org" class="dark" data-bs-theme="dark">
+<head>
+    <meta th:replace="~{fragments/header}">
+    <title>Edit User</title>
+</head>
+
+<body>
+<div class="container-fluid">
+    <div class="row flex-nowrap">
+        <div th:replace="~{fragments/sidebar}" class="col-auto sidebar" style="width: 180px;"></div>
+        <div class="col py-4">
+            <div class="main-content">
+                <h3>Edit User</h3>
+                <form th:action="@{/api/v1/users/update}" method="post">
+                    <input type="hidden" name="userId" th:value="${user.userId}"/>
+
+                    <table class="table table-striped table-dark">
+                        <thead>
+                        <tr>
+                            <th>Setting</th>
+                            <th>Value</th>
+                        </tr>
+                        </thead>
+                        <tbody>
+                        <tr>
+                            <td><label for="name">Name</label></td>
+                            <td><input type="text" id="name" name="name" class="form-control" th:value="${user.name}"
+                                       readonly></td>
+                        </tr>
+                        <tr>
+                            <td><label for="username">Username</label></td>
+                            <td><input type="text" id="username" name="username" class="form-control" th:value="${user.username}" readonly></td>
+                        </tr>
+                        <tr>
+                            <td><label for="email">Email Address</label></td>
+                            <td><input type="email" id="email" name="emailAddress" class="form-control" th:value="${user.emailAddress}" readonly></td>
+                        </tr>
+                        <tr>
+                            <td><label for="userType">User Type</label></td>
+                            <td>
+                                <select id="userType" name="userType" class="form-control">
+                                    <option th:each="type : ${userTypes}" th:value="${type.id}"
+                                            th:text="${type.userTypeName}"
+                                            th:selected="${type.id == user.authorizationType.id}"></option>
+                                </select>
+                            </td>
+                        </tr>
+                        <tr>
+                            <td><label for="status">Status</label></td>
+                            <td>
+                                <select id="status" name="status" class="form-control">
+                                    <option value="ACTIVE" th:selected="${user.status == 'ACTIVE'}">Active</option>
+                                    <option value="LOCKED" th:selected="${user.status == 'LOCKED'}">Locked</option>
+                                </select>
+                            </td>
+                        </tr>
+                        </tbody>
+                    </table>
+
+                    <button type="submit" class="btn btn-success">Save Changes</button>
+                    <a href="/sso/v1/users/list" class="btn btn-secondary">Cancel</a>
+                </form>
+            </div>
+        </div>
+    </div>
+</div>
+
+</body>
+</html>

api/src/main/resources/templates/sso/users/list_users.html

@@ -47,6 +47,7 @@
                         var actions = "";
                         if (cmu){
                             actions = `<a href="/sso/v1/users/lock/${myId}" class="btn btn-primary" >Lock</a> &nbsp; | &nbsp;`;
+                            actions += `<a href="/sso/v1/users/edit?userId=${myId}" class="btn btn-primary" >Edit</a> &nbsp; | &nbsp;`;
                             actions += `<a href="/api/v1/users/delete?userId=${myId}" class="btn btn-primary" >Delete</a>`;
                         }
                         return actions;

core/src/main/java/io/sentrius/sso/config/KeycloakAuthSuccessHandler.java

@@ -0,0 +1,79 @@
+package io.sentrius.sso.config;
+
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import io.sentrius.sso.core.model.security.UserType;
+import io.sentrius.sso.core.model.users.User;
+import io.sentrius.sso.core.repository.UserRepository;
+import io.sentrius.sso.core.repository.UserTypeRepository;
+import io.sentrius.sso.core.services.JwtUtil;
+import lombok.extern.slf4j.Slf4j;
+import org.keycloak.admin.client.Keycloak;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.List;
+import java.util.Optional;
+
+@Component
+@Slf4j
+public class KeycloakAuthSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
+
+    private final Keycloak keycloak;
+    private final UserRepository userRepository;
+    private final UserTypeRepository userTypeRepository;
+
+    public KeycloakAuthSuccessHandler(Keycloak keycloak, UserRepository userRepository,
+                                      UserTypeRepository userTypeRepository
+    ) {
+        this.keycloak = keycloak;
+        this.userRepository = userRepository;
+        this.userTypeRepository = userTypeRepository;
+    }
+
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
+                                        Authentication authentication) throws IOException, ServletException {
+        var jwt = JwtUtil.getJWT();
+        Optional<String> userIdStr = JwtUtil.getUserId(jwt);
+        Optional<String> usernameStr = JwtUtil.getUsername(jwt);
+
+
+        if (usernameStr.isPresent()) {
+            log.info(" ** Syncing user attributes for user: {} ", usernameStr.get());
+            syncUserAttributes(jwt, usernameStr.get());
+        }
+
+        super.onAuthenticationSuccess(request, response, authentication);
+    }
+
+    private void syncUserAttributes(ObjectNode jwtNode, String userId) {
+        // Get Keycloak attributes
+
+        // Get user from DB
+        Optional<User> user = userRepository.findByUsername(userId);
+        var userTypeFromJwtNode = JwtUtil.getUserTypeName(jwtNode);
+        if (user.isPresent() && userTypeFromJwtNode.isPresent()) {
+            // Example: Syncing "userType" attribute
+            String keycloakUserType = userTypeFromJwtNode.get();
+            UserType dbUserType = user.get().getAuthorizationType();
+            log.info(" ** Syncing user attributes for user: {} and {}", userId, keycloakUserType);
+            if (keycloakUserType != null && !keycloakUserType.isEmpty()) {
+                String keycloakValue = keycloakUserType;
+                if (!keycloakValue.equals(dbUserType.getUserTypeName())) {
+                    Optional<UserType> newType = userTypeRepository.findByUserTypeName(keycloakValue);
+                    if (newType.isPresent()) {
+                        // Update database
+                        user.get().setAuthorizationType(newType.get());
+                        userRepository.save(user.get());
+                    }
+                }
+            }
+        } else {
+            log.info(" userTypeFromJwtNode not defined {} ", userTypeFromJwtNode);
+        }
+    }
+}

core/src/main/java/io/sentrius/sso/config/KeycloakConfig.java

@@ -0,0 +1,45 @@
+package io.sentrius.sso.config;
+import lombok.extern.slf4j.Slf4j;
+import org.keycloak.OAuth2Constants;
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.admin.client.KeycloakBuilder;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+
+@Configuration
+@Slf4j
+public class KeycloakConfig {
+
+    @Value("${keycloak.base-url}")
+    private String serverUrl;
+
+    @Value("${keycloak.realm}")
+    private String realm;
+
+    private final ClientRegistrationRepository clientRegistrationRepository;
+
+    public KeycloakConfig(ClientRegistrationRepository clientRegistrationRepository) {
+        this.clientRegistrationRepository = clientRegistrationRepository;
+    }
+
+    @Bean
+    public Keycloak keycloak() {
+        // Retrieve the Keycloak client registration at runtime
+        ClientRegistration keycloakClientRegistration = clientRegistrationRepository.findByRegistrationId("keycloak");
+
+        if (keycloakClientRegistration == null) {
+            throw new IllegalStateException("Keycloak client registration not found. Check your OAuth2 client configuration.");
+        }
+
+        return KeycloakBuilder.builder()
+            .serverUrl(serverUrl)
+            .realm(realm)
+            .grantType(OAuth2Constants.CLIENT_CREDENTIALS)
+            .clientId(keycloakClientRegistration.getClientId())
+            .clientSecret(keycloakClientRegistration.getClientSecret())
+            .build();
+    }
+}

core/src/main/java/io/sentrius/sso/config/security/KeycloakUserSyncFilter.java

@@ -0,0 +1,46 @@
+package io.sentrius.sso.config.security;
+
+import io.sentrius.sso.core.services.KeycloakService;
+import io.sentrius.sso.core.services.UserAttributeSyncService;
+import lombok.extern.slf4j.Slf4j;
+import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.Authentication;
+import org.springframework.stereotype.Component;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import java.io.IOException;
+import java.util.Map;
+
+@Component
+@Slf4j
+public class KeycloakUserSyncFilter implements Filter {
+
+    private final KeycloakService keycloakService;
+    private final UserAttributeSyncService syncService;
+
+    public KeycloakUserSyncFilter(KeycloakService keycloakService, UserAttributeSyncService syncService) {
+        this.keycloakService = keycloakService;
+        this.syncService = syncService;
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+        throws IOException, ServletException {
+
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
+        if (authentication instanceof KeycloakAuthenticationToken) {
+            KeycloakAuthenticationToken keycloakAuth = (KeycloakAuthenticationToken) authentication;
+            String userId = keycloakAuth.getAccount().getKeycloakSecurityContext().getToken().getSubject();
+            log.info("Syncing user attributes for user: {}", userId);
+            // Sync user attributes with the database
+            syncService.syncUserAttribute(userId);
+        }
+
+        chain.doFilter(request, response);
+    }
+}

core/src/main/java/io/sentrius/sso/core/config/SystemOptions.java

@@ -186,13 +186,13 @@ public boolean setValue(String fieldName, Object fieldValue, boolean save){
     Field[] fields = this.getClass().getDeclaredFields();
     for (var field : fields) {
       if (field.getName().equalsIgnoreCase(fieldName)) {
-        log.info("Setting field {} to {}", fieldName, fieldValue);
+        log.debug("Setting field {} to {}", fieldName, fieldValue);
         try {
           field.set(this, fieldValue);
 
           // Update the AppConfig with the new field value
           dynamicPropertiesService.updateProperty(fieldName, fieldValue.toString());
-          log.info("Set field {} to {}", fieldName, fieldValue);
+          log.debug("Set field {} to {}", fieldName, fieldValue);
           return true;
         } catch (IllegalAccessException e) {
           log.error("Failed to update field {}", fieldName);
@@ -236,7 +236,7 @@ public Map<String, SystemOption> getOptions() throws IllegalAccessException {
         String fieldName = field.getName();
         Object fieldValue = field.get(this);
 
-        log.info("Field: {} Value: {}", fieldName, fieldValue);
+        log.debug("Field: {} Value: {}", fieldName, fieldValue);
 
         // Create a SystemOption object with the field details
         var sysOpt = SystemOption.builder()