Brendon/gameyfin
1
0
Fork 0
mirror of https://github.com/BrenBroZAYT/gameyfin.git synced 2026-06-16 16:20:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix RoleHierarchy not applied for SSO users (#649)

Browse Source 
Fixes #648
This commit is contained in:
Simon
2025-07-24 11:38:34 +02:00
committed by GitHub
parent af4ddd2f34
commit 3d8f60a7f5
3 changed files with 21 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/package-lock.json
Generated
+2 -2
View File
@@ -1,12 +1,12 @@
{ {
"name": "gameyfin", "name": "gameyfin",
"version": "2.0.0.beta6", "version": "2.0.0.RC1",
"lockfileVersion": 3, "lockfileVersion": 3,
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "gameyfin", "name": "gameyfin",
"version": "2.0.0.beta6", "version": "2.0.0.RC1",
"dependencies": { "dependencies": {
"@heroui/react": "2.7.9", "@heroui/react": "2.7.9",
"@material-tailwind/react": "^2.1.10", "@material-tailwind/react": "^2.1.10",
app/src/main/kotlin/org/gameyfin/app/core/security/SsoAuthenticationSuccessHandler.kt
+18 -2
View File
@@ -5,10 +5,15 @@ import jakarta.servlet.http.HttpServletResponse
import org.gameyfin.app.config.ConfigProperties import org.gameyfin.app.config.ConfigProperties
import org.gameyfin.app.config.ConfigService import org.gameyfin.app.config.ConfigService
import org.gameyfin.app.config.MatchUsersBy import org.gameyfin.app.config.MatchUsersBy
import org.gameyfin.app.core.Role
import org.gameyfin.app.users.RoleService import org.gameyfin.app.users.RoleService
import org.gameyfin.app.users.UserService import org.gameyfin.app.users.UserService
import org.gameyfin.app.users.entities.User import org.gameyfin.app.users.entities.User
import org.springframework.security.access.hierarchicalroles.RoleHierarchy
import org.springframework.security.access.hierarchicalroles.RoleHierarchyAuthoritiesMapper
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
import org.springframework.security.core.Authentication import org.springframework.security.core.Authentication
import org.springframework.security.core.context.SecurityContextHolder
import org.springframework.security.oauth2.core.oidc.user.OidcUser import org.springframework.security.oauth2.core.oidc.user.OidcUser
import org.springframework.security.web.authentication.AuthenticationSuccessHandler import org.springframework.security.web.authentication.AuthenticationSuccessHandler
import org.springframework.stereotype.Component import org.springframework.stereotype.Component
@@ -17,9 +22,12 @@ import org.springframework.stereotype.Component
class SsoAuthenticationSuccessHandler( class SsoAuthenticationSuccessHandler(
private val userService: UserService, private val userService: UserService,
private val roleService: RoleService, private val roleService: RoleService,
private val config: ConfigService private val config: ConfigService,
private val roleHierarchy: RoleHierarchy,
) : AuthenticationSuccessHandler { ) : AuthenticationSuccessHandler {
private val authoritiesMapper = RoleHierarchyAuthoritiesMapper(roleHierarchy)
override fun onAuthenticationSuccess( override fun onAuthenticationSuccess(
request: HttpServletRequest, request: HttpServletRequest,
response: HttpServletResponse, response: HttpServletResponse,
@@ -62,9 +70,17 @@ class SsoAuthenticationSuccessHandler(
val grantedAuthorities = roleService.extractGrantedAuthorities(oidcUser.authorities) val grantedAuthorities = roleService.extractGrantedAuthorities(oidcUser.authorities)
matchedUser.roles = roleService.authoritiesToRoles(grantedAuthorities) val roles = roleService.authoritiesToRoles(grantedAuthorities).ifEmpty { listOf(Role.USER) }
matchedUser.roles = roles
userService.registerOrUpdateUser(matchedUser) userService.registerOrUpdateUser(matchedUser)
// Update SecurityContext with expanded authorities through RoleHierarchy
val mappedAuthorities = authoritiesMapper.mapAuthorities(grantedAuthorities)
val newAuth =
UsernamePasswordAuthenticationToken(authentication.principal, authentication.credentials, mappedAuthorities)
SecurityContextHolder.getContext().authentication = newAuth
response.sendRedirect("/") response.sendRedirect("/")
return return
} }