Brendon/gameyfin
1
0
Fork 0
mirror of https://github.com/BrenBroZAYT/gameyfin.git synced 2026-06-13 16:40:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix RoleHierarchy not applied for SSO users (#649)

Browse Source 
Fixes #648
This commit is contained in:
Simon
2025-07-24 11:38:34 +02:00
committed by GitHub
parent af4ddd2f34
commit 3d8f60a7f5
3 changed files with 21 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/package-lock.json
Generated
+2 -2
View File
@@ -1,12 +1,12 @@
{
"name": "gameyfin",
"version": "2.0.0.beta6",
"version": "2.0.0.RC1",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "gameyfin",
"version": "2.0.0.beta6",
"version": "2.0.0.RC1",
"dependencies": {
"@heroui/react": "2.7.9",
"@material-tailwind/react": "^2.1.10",
app/package.json
+1 -1
View File
@@ -265,4 +265,4 @@
"disableUsageStatistics": true,
"hash": "962eccc3fa0735d5234901be4f9e384096113c45bec22564a53688096d62aef4"
}
}
}
app/src/main/kotlin/org/gameyfin/app/core/security/SsoAuthenticationSuccessHandler.kt
+18 -2
View File
@@ -5,10 +5,15 @@ import jakarta.servlet.http.HttpServletResponse
import org.gameyfin.app.config.ConfigProperties
import org.gameyfin.app.config.ConfigService
import org.gameyfin.app.config.MatchUsersBy
import org.gameyfin.app.core.Role
import org.gameyfin.app.users.RoleService
import org.gameyfin.app.users.UserService
import org.gameyfin.app.users.entities.User
import org.springframework.security.access.hierarchicalroles.RoleHierarchy
import org.springframework.security.access.hierarchicalroles.RoleHierarchyAuthoritiesMapper
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
import org.springframework.security.core.Authentication
import org.springframework.security.core.context.SecurityContextHolder
import org.springframework.security.oauth2.core.oidc.user.OidcUser
import org.springframework.security.web.authentication.AuthenticationSuccessHandler
import org.springframework.stereotype.Component
@@ -17,9 +22,12 @@ import org.springframework.stereotype.Component
class SsoAuthenticationSuccessHandler(
private val userService: UserService,
private val roleService: RoleService,
private val config: ConfigService
private val config: ConfigService,
private val roleHierarchy: RoleHierarchy,
) : AuthenticationSuccessHandler {
private val authoritiesMapper = RoleHierarchyAuthoritiesMapper(roleHierarchy)
override fun onAuthenticationSuccess(
request: HttpServletRequest,
response: HttpServletResponse,
@@ -62,9 +70,17 @@ class SsoAuthenticationSuccessHandler(
val grantedAuthorities = roleService.extractGrantedAuthorities(oidcUser.authorities)
matchedUser.roles = roleService.authoritiesToRoles(grantedAuthorities)
val roles = roleService.authoritiesToRoles(grantedAuthorities).ifEmpty { listOf(Role.USER) }
matchedUser.roles = roles
userService.registerOrUpdateUser(matchedUser)
// Update SecurityContext with expanded authorities through RoleHierarchy
val mappedAuthorities = authoritiesMapper.mapAuthorities(grantedAuthorities)
val newAuth =
UsernamePasswordAuthenticationToken(authentication.principal, authentication.credentials, mappedAuthorities)
SecurityContextHolder.getContext().authentication = newAuth
response.sendRedirect("/")
return
}