From 5e8f2b815786e8c8b814ac198b746bf8fcfe512c Mon Sep 17 00:00:00 2001 From: GeorgeC Date: Tue, 30 Jan 2024 14:53:14 -0500 Subject: [PATCH] [ALS-5514] Alter how user metadata is created --- .../auth/OktaOAuthAuthenticationService.java | 40 ++++++++++++------- 1 file changed, 26 insertions(+), 14 deletions(-) diff --git a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/OktaOAuthAuthenticationService.java b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/OktaOAuthAuthenticationService.java index aa58a9186..c2c8b253d 100644 --- a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/OktaOAuthAuthenticationService.java +++ b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/OktaOAuthAuthenticationService.java @@ -119,7 +119,6 @@ private User loadUser(JsonNode introspectResponse) { // If the user does not yet have a subject, set it to the subject from the introspect response if (user.getSubject() == null) { user.setSubject("okta|" + introspectResponse.get("uid").asText()); - userRepository.persist(user); } // All users that login through OKTA should have the fence_open_access role, or they will not be able to interact with the UI @@ -133,24 +132,15 @@ private User loadUser(JsonNode introspectResponse) { // Add metadata to the user upon logging in if it doesn't exist if (StringUtils.isBlank(user.getGeneralMetadata())) { - logger.info("Adding metadata to user: " + user.getUuid()); - // JsonNode is immutable, so we need to convert it to a ObjectNode - ObjectNode objectNode = JAXRSConfiguration.objectMapper.createObjectNode(); - objectNode.set("email", introspectResponse.get("sub")); - - // Set the remaining introspect fields to objectNode - introspectResponse.fields().forEachRemaining(field -> { - objectNode.set(field.getKey(), field.getValue()); - }); + ObjectNode objectNode = generateUserMetadata(introspectResponse, user); + logger.info("Adding metadata to user: " + user.getUuid()); // Set the general metadata to the objectNode user.setGeneralMetadata(objectNode.asText()); - userRepository.persist(user); - } else { - logger.info("User already has metadata: " + user.getUuid()); } - logger.info("LOGIN SUCCESS ___ USER DATA: " + user.toString()); + userRepository.persist(user); + logger.info("LOGIN SUCCESS ___ USER DATA: " + user); return user; } catch (NoResultException ex) { logger.info("LOGIN FAILED ___ USER NOT FOUND ___ " + userEmail + " ___"); @@ -158,6 +148,28 @@ private User loadUser(JsonNode introspectResponse) { } } + /** + * Generate the user metadata that will be stored in the database. This metadata is used to determine the user's + * role and other information. + * + * @param introspectResponse The response from the introspect endpoint + * @param user The user + * @return The user metadata as an ObjectNode + */ + private ObjectNode generateUserMetadata(JsonNode introspectResponse, User user) { + // JsonNode is immutable, so we need to convert it to an ObjectNode + ObjectNode objectNode = JAXRSConfiguration.objectMapper.createObjectNode(); + ObjectNode authzNode = objectNode.putObject("authz"); + ObjectNode tagsNode = authzNode.putObject("tags"); + + authzNode.put("role", "user"); + authzNode.put("sub", introspectResponse.get("sub").asText()); + authzNode.put("user_id", user.getUuid().toString()); + authzNode.put("username", user.getEmail()); + tagsNode.put("email", user.getEmail()); + return objectNode; + } + /** * Introspect the token to get the user's email address. This is a call to the OKTA introspect endpoint. * Documentation: /introspect