Brendon/gameyfin
1
0
Fork 0
mirror of https://github.com/BrenBroZAYT/gameyfin.git synced 2026-06-15 16:20:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix RoleHierarchy not applied for SSO users (#649)

Browse Source 
Fixes #648
This commit is contained in:
Simon
2025-07-24 11:38:34 +02:00
committed by GitHub
parent af4ddd2f34
commit 3d8f60a7f5
3 changed files with 21 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/src/main/kotlin/org/gameyfin/app/core/security/SsoAuthenticationSuccessHandler.kt
+18 -2
View File
@@ -5,10 +5,15 @@ import jakarta.servlet.http.HttpServletResponse
import org.gameyfin.app.config.ConfigProperties
import org.gameyfin.app.config.ConfigService
import org.gameyfin.app.config.MatchUsersBy
import org.gameyfin.app.core.Role
import org.gameyfin.app.users.RoleService
import org.gameyfin.app.users.UserService
import org.gameyfin.app.users.entities.User
import org.springframework.security.access.hierarchicalroles.RoleHierarchy
import org.springframework.security.access.hierarchicalroles.RoleHierarchyAuthoritiesMapper
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
import org.springframework.security.core.Authentication
import org.springframework.security.core.context.SecurityContextHolder
import org.springframework.security.oauth2.core.oidc.user.OidcUser
import org.springframework.security.web.authentication.AuthenticationSuccessHandler
import org.springframework.stereotype.Component
@@ -17,9 +22,12 @@ import org.springframework.stereotype.Component
class SsoAuthenticationSuccessHandler(
private val userService: UserService,
private val roleService: RoleService,
private val config: ConfigService
private val config: ConfigService,
private val roleHierarchy: RoleHierarchy,
) : AuthenticationSuccessHandler {
private val authoritiesMapper = RoleHierarchyAuthoritiesMapper(roleHierarchy)
override fun onAuthenticationSuccess(
request: HttpServletRequest,
response: HttpServletResponse,
@@ -62,9 +70,17 @@ class SsoAuthenticationSuccessHandler(
val grantedAuthorities = roleService.extractGrantedAuthorities(oidcUser.authorities)
matchedUser.roles = roleService.authoritiesToRoles(grantedAuthorities)
val roles = roleService.authoritiesToRoles(grantedAuthorities).ifEmpty { listOf(Role.USER) }
matchedUser.roles = roles
userService.registerOrUpdateUser(matchedUser)
// Update SecurityContext with expanded authorities through RoleHierarchy
val mappedAuthorities = authoritiesMapper.mapAuthorities(grantedAuthorities)
val newAuth =
UsernamePasswordAuthenticationToken(authentication.principal, authentication.credentials, mappedAuthorities)
SecurityContextHolder.getContext().authentication = newAuth
response.sendRedirect("/")
return
}