SpringUserFramework/src/main/java/com/digitalsanctuary/spring/user/service/LoginHelperService.java at 7c372cfbf26c0e062859e28b87cdda61a5821309 · devondragon/SpringUserFramework · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
package com.digitalsanctuary.spring.user.service;

import java.util.Collection;
import java.util.Date;
import java.util.Map;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import com.digitalsanctuary.spring.user.persistence.model.User;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;

/**
 * Helper service for post-authentication user processing.
 *
 * <p>Provides common functionality used by {@link DSUserDetailsService} and {@link DSOAuth2UserService}
 * after a user has been authenticated, including updating activity timestamps, checking account
 * lockout status, and constructing the {@link DSUserDetails} object.</p>
 *
 * @see DSUserDetailsService
 * @see DSOAuth2UserService
 * @see DSUserDetails
 */
@Slf4j
@RequiredArgsConstructor
@Service
@Transactional
public class LoginHelperService {

    /** The login attempt service. */
    private final LoginAttemptService loginAttemptService;

    private final AuthorityService authorityService;

    /**
     * Helper method to authenticate a user after login. This method is called from the DSUserDetailsService after a user has been successfully
     * authenticated via local/password login. Attributes are populated from the {@link User} entity as a fallback.
     *
     * @param dbUser The user to authenticate.
     * @return The user details object.
     */
    public DSUserDetails userLoginHelper(User dbUser) {
        return userLoginHelper(dbUser, (Map<String, Object>) null);
    }

    /**
     * Helper method to authenticate a user after OAuth2 login, preserving the original provider attributes so that
     * {@link DSUserDetails#getAttributes()} returns the full set of attributes from the OAuth2 provider.
     *
     * @param dbUser     The user to authenticate.
     * @param attributes The OAuth2 provider attributes (may be null for local login fallback).
     * @return The user details object with provider attributes set.
     */
    public DSUserDetails userLoginHelper(User dbUser, Map<String, Object> attributes) {
        // Updating lastActivity date for this login
        dbUser.setLastActivityDate(new Date());

        // Check if the user account is locked, but should be unlocked now, and unlock it
        dbUser = loginAttemptService.checkIfUserShouldBeUnlocked(dbUser);

        Collection<? extends GrantedAuthority> authorities = authorityService.getAuthoritiesFromUser(dbUser);
        return new DSUserDetails(dbUser, authorities, attributes);
    }

    /**
     * Helper method to authenticate an OIDC user after login, attaching the OIDC-specific tokens
     * and claims to the principal while keeping {@link DSUserDetails} immutable. Attributes are
     * populated from the OIDC ID token claims as a fallback.
     *
     * @param dbUser       The user to authenticate.
     * @param oidcUserInfo The OIDC user info claims.
     * @param oidcIdToken  The OIDC ID token.
     * @return The user details object with OIDC tokens set.
     */
    public DSUserDetails userLoginHelper(User dbUser, OidcUserInfo oidcUserInfo, OidcIdToken oidcIdToken) {
        return userLoginHelper(dbUser, oidcUserInfo, oidcIdToken, null);
    }

    /**
     * Helper method to authenticate an OIDC user after login, preserving the original provider attributes and
     * attaching the OIDC-specific tokens and claims to the principal.
     *
     * @param dbUser       The user to authenticate.
     * @param oidcUserInfo The OIDC user info claims.
     * @param oidcIdToken  The OIDC ID token.
     * @param attributes   The OIDC provider attributes (may be null to fall back to idToken claims).
     * @return The user details object with OIDC tokens and provider attributes set.
     */
    public DSUserDetails userLoginHelper(User dbUser, OidcUserInfo oidcUserInfo, OidcIdToken oidcIdToken,
            Map<String, Object> attributes) {
        // Updating lastActivity date for this login
        dbUser.setLastActivityDate(new Date());

        // Check if the user account is locked, but should be unlocked now, and unlock it
        dbUser = loginAttemptService.checkIfUserShouldBeUnlocked(dbUser);

        Collection<? extends GrantedAuthority> authorities = authorityService.getAuthoritiesFromUser(dbUser);
        return new DSUserDetails(dbUser, oidcUserInfo, oidcIdToken, authorities, attributes);
    }
}