From 7ac1377c575fcf9e23d46d7b420df87826d866c4 Mon Sep 17 00:00:00 2001 From: GRIMSIM Date: Fri, 11 Jul 2025 10:37:11 +0200 Subject: [PATCH] Enable direct login even if SSO is enabled --- .../CustomAuthenticationEntryPoint.kt | 22 +++++++++++++++++++ .../app/core/security/SecurityConfig.kt | 16 +++++++++----- 2 files changed, 33 insertions(+), 5 deletions(-) create mode 100644 app/src/main/kotlin/org/gameyfin/app/core/security/CustomAuthenticationEntryPoint.kt diff --git a/app/src/main/kotlin/org/gameyfin/app/core/security/CustomAuthenticationEntryPoint.kt b/app/src/main/kotlin/org/gameyfin/app/core/security/CustomAuthenticationEntryPoint.kt new file mode 100644 index 0000000..560ba1a --- /dev/null +++ b/app/src/main/kotlin/org/gameyfin/app/core/security/CustomAuthenticationEntryPoint.kt @@ -0,0 +1,22 @@ +package org.gameyfin.app.core.security + +import jakarta.servlet.http.HttpServletRequest +import jakarta.servlet.http.HttpServletResponse +import org.springframework.context.annotation.Conditional +import org.springframework.security.core.AuthenticationException +import org.springframework.security.web.AuthenticationEntryPoint + +@Conditional(SsoEnabledCondition::class) +class CustomAuthenticationEntryPoint : AuthenticationEntryPoint { + override fun commence( + request: HttpServletRequest, + response: HttpServletResponse, + authException: AuthenticationException? + ) { + if (request.getParameter("direct") == "1") { + response.sendRedirect("/login") + } else { + response.sendRedirect("/oauth2/authorization/${SecurityConfig.SSO_PROVIDER_KEY}") + } + } +} \ No newline at end of file diff --git a/app/src/main/kotlin/org/gameyfin/app/core/security/SecurityConfig.kt b/app/src/main/kotlin/org/gameyfin/app/core/security/SecurityConfig.kt index d0ba699..63885de 100644 --- a/app/src/main/kotlin/org/gameyfin/app/core/security/SecurityConfig.kt +++ b/app/src/main/kotlin/org/gameyfin/app/core/security/SecurityConfig.kt @@ -30,7 +30,9 @@ class SecurityConfig( private val sessionRegistry: SessionRegistry ) : VaadinWebSecurity() { - private val ssoProviderKey: String = "oidc" + companion object { + const val SSO_PROVIDER_KEY = "oidc" + } @Throws(Exception::class) override fun configure(http: HttpSecurity) { @@ -56,14 +58,18 @@ class SecurityConfig( super.configure(http) + setLoginView(http, "/login", "/") + if (config.get(ConfigProperties.SSO.OIDC.Enabled) == true) { - setOAuth2LoginPage(http, "/oauth2/authorization/$ssoProviderKey") // Use custom success handler to handle user registration http.oauth2Login { oauth2Login -> oauth2Login.successHandler(ssoAuthenticationSuccessHandler) } // Prevent unnecessary redirects http.logout { logout -> logout.logoutSuccessHandler((HttpStatusReturningLogoutSuccessHandler(HttpStatus.OK))) } - } else { - setLoginView(http, "/login", "/") + + // Custom authentication entry point to support SSO and direct login + http.exceptionHandling { exceptionHandling -> + exceptionHandling.authenticationEntryPoint(CustomAuthenticationEntryPoint()) + } } } @@ -79,7 +85,7 @@ class SecurityConfig( @Bean @Conditional(SsoEnabledCondition::class) fun clientRegistrationRepository(): ClientRegistrationRepository? { - val clientRegistration = ClientRegistration.withRegistrationId(ssoProviderKey) + val clientRegistration = ClientRegistration.withRegistrationId(SSO_PROVIDER_KEY) .clientId(config.get(ConfigProperties.SSO.OIDC.ClientId)) .clientSecret(config.get(ConfigProperties.SSO.OIDC.ClientSecret)) .scope("openid", "profile", "email")