QRunIO/qqq
2
0
Fork 0
mirror of https://github.com/Kingsrook/qqq.git synced 2025-07-18 05:01:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'feature/auth0-basic-auth-reuse' into feature/sprint-18

Browse Source
This commit is contained in:
Tim Chamberlain
2023-01-05 11:36:39 -06:00
parent 150582964b de05e4ae58
commit d7e7315dc8
5 changed files with 216 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
qqq-backend-core/pom.xml
View File

@ -167,6 +167,13 @@
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>4.8.1</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>

146
qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/modules/authentication/implementations/Auth0AuthenticationModule.java
View File

@ -26,6 +26,7 @@ import java.nio.charset.StandardCharsets;
import java.security.interfaces.RSAPublicKey;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.Base64;
import java.util.Map;
import java.util.Optional;
@ -49,8 +50,8 @@ import com.kingsrook.qqq.backend.core.model.metadata.authentication.Auth0Authent
import com.kingsrook.qqq.backend.core.model.session.QSession;
import com.kingsrook.qqq.backend.core.model.session.QUser;
import com.kingsrook.qqq.backend.core.modules.authentication.QAuthenticationModuleInterface;
import com.kingsrook.qqq.backend.core.state.AbstractStateKey;
import com.kingsrook.qqq.backend.core.state.InMemoryStateProvider;
import com.kingsrook.qqq.backend.core.state.SimpleStateKey;
import com.kingsrook.qqq.backend.core.state.StateProviderInterface;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
@ -101,17 +102,8 @@ public class Auth0AuthenticationModule implements QAuthenticationModuleInterface
// decode the credentials from the header auth //
/////////////////////////////////////////////////
String base64Credentials = context.get(BASIC_AUTH_KEY).trim();
byte[] credDecoded = Base64.getDecoder().decode(base64Credentials);
String credentials = new String(credDecoded, StandardCharsets.UTF_8);
/////////////////////////////////////
// call auth0 with a login request //
/////////////////////////////////////
TokenHolder result = auth.login(credentials.split(":")[0], credentials.split(":")[1].toCharArray())
.setScope("openid email nickname")
.execute();
context.put(AUTH0_ID_TOKEN_KEY, result.getIdToken());
String idToken = getIdTokenFromBase64BasicAuthCredentials(auth, base64Credentials);
context.put(AUTH0_ID_TOKEN_KEY, idToken);
}
catch(Auth0Exception e)
{
@ -159,7 +151,7 @@ public class Auth0AuthenticationModule implements QAuthenticationModuleInterface
// put now into state so we dont check until next interval passes //
///////////////////////////////////////////////////////////////////
StateProviderInterface spi = getStateProvider();
Auth0StateKey key = new Auth0StateKey(qSession.getIdReference());
SimpleStateKey<String> key = new SimpleStateKey<>(qSession.getIdReference());
spi.put(key, Instant.now());
return (qSession);
@ -198,6 +190,58 @@ public class Auth0AuthenticationModule implements QAuthenticationModuleInterface
/*******************************************************************************
**
*******************************************************************************/
private String getIdTokenFromBase64BasicAuthCredentials(AuthAPI auth, String base64Credentials) throws Auth0Exception
{
////////////////////////////////////////////////////////////////////////////////
// look for a fresh idToken in the state provider for this set of credentials //
////////////////////////////////////////////////////////////////////////////////
SimpleStateKey<String> idTokenStateKey = new SimpleStateKey<>(base64Credentials + ":idToken");
SimpleStateKey<String> timestampStateKey = new SimpleStateKey<>(base64Credentials + ":timestamp");
StateProviderInterface stateProvider = getStateProvider();
Optional<String> cachedIdToken = stateProvider.get(String.class, idTokenStateKey);
Optional<Instant> cachedTimestamp = stateProvider.get(Instant.class, timestampStateKey);
if(cachedIdToken.isPresent() && cachedTimestamp.isPresent())
{
if(cachedTimestamp.get().isAfter(Instant.now().minus(1, ChronoUnit.MINUTES)))
{
return cachedIdToken.get();
}
}
//////////////////////////////////////////////////////////////////////////////
// not found in cache, make request to auth0 and cache the returned idToken //
//////////////////////////////////////////////////////////////////////////////
byte[] credDecoded = Base64.getDecoder().decode(base64Credentials);
String credentials = new String(credDecoded, StandardCharsets.UTF_8);
String idToken = getIdTokenFromAuth0(auth, credentials);
stateProvider.put(idTokenStateKey, idToken);
stateProvider.put(timestampStateKey, Instant.now());
return (idToken);
}
/*******************************************************************************
**
*******************************************************************************/
protected String getIdTokenFromAuth0(AuthAPI auth, String credentials) throws Auth0Exception
{
/////////////////////////////////////
// call auth0 with a login request //
/////////////////////////////////////
TokenHolder result = auth.login(credentials.split(":")[0], credentials.split(":")[1].toCharArray())
.setScope("openid email nickname")
.execute();
return (result.getIdToken());
}
/*******************************************************************************
**
*******************************************************************************/
@ -215,7 +259,7 @@ public class Auth0AuthenticationModule implements QAuthenticationModuleInterface
}
StateProviderInterface spi = getStateProvider();
Auth0StateKey key = new Auth0StateKey(session.getIdReference());
SimpleStateKey<String> key = new SimpleStateKey<>(session.getIdReference());
Optional<Instant> lastTimeCheckedOptional = spi.get(Instant.class, key);
if(lastTimeCheckedOptional.isPresent())
{
@ -336,78 +380,4 @@ public class Auth0AuthenticationModule implements QAuthenticationModuleInterface
return (InMemoryStateProvider.getInstance());
}
/*******************************************************************************
**
*******************************************************************************/
public static class Auth0StateKey extends AbstractStateKey
{
private final String key;
/*******************************************************************************
** Constructor.
**
*******************************************************************************/
Auth0StateKey(String key)
{
this.key = key;
}
/*******************************************************************************
**
*******************************************************************************/
@Override
public String toString()
{
return (this.key);
}
/*******************************************************************************
** Make the key give a unique string to identify itself.
*
*******************************************************************************/
@Override
public String getUniqueIdentifier()
{
return (this.key);
}
/*******************************************************************************
**
*******************************************************************************/
@Override
public boolean equals(Object o)
{
if(this == o)
{
return true;
}
if(o == null || getClass() != o.getClass())
{
return false;
}
Auth0StateKey that = (Auth0StateKey) o;
return key.equals(that.key);
}
/*******************************************************************************
**
*******************************************************************************/
@Override
public int hashCode()
{
return key.hashCode();
}
}
}

96
qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/state/SimpleStateKey.java Normal file
View File

@ -0,0 +1,96 @@
/*
* QQQ - Low-code Application Framework for Engineers.
* Copyright (C) 2021-2022. Kingsrook, LLC
* 651 N Broad St Ste 205 # 6917 | Middletown DE 19709 | United States
* contact@kingsrook.com
* https://github.com/Kingsrook/
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package com.kingsrook.qqq.backend.core.state;
/*******************************************************************************
**
*******************************************************************************/
public class SimpleStateKey<T> extends AbstractStateKey
{
private final T key;
/*******************************************************************************
** Constructor.
**
*******************************************************************************/
public SimpleStateKey(T key)
{
this.key = key;
}
/*******************************************************************************
**
*******************************************************************************/
@Override
public String toString()
{
return (String.valueOf(this.key));
}
/*******************************************************************************
** Make the key give a unique string to identify itself.
*
*******************************************************************************/
@Override
public String getUniqueIdentifier()
{
return (String.valueOf(this.key));
}
/*******************************************************************************
**
*******************************************************************************/
@Override
public boolean equals(Object o)
{
if(this == o)
{
return true;
}
if(o == null || getClass() != o.getClass())
{
return false;
}
SimpleStateKey<?> that = (SimpleStateKey<?>) o;
return key.equals(that.key);
}
/*******************************************************************************
**
*******************************************************************************/
@Override
public int hashCode()
{
return key.hashCode();
}
}

51
qqq-backend-core/src/test/java/com/kingsrook/qqq/backend/core/modules/authentication/implementations/Auth0AuthenticationModuleTest.java
View File

@ -24,17 +24,22 @@ package com.kingsrook.qqq.backend.core.modules.authentication.implementations;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import com.auth0.exception.Auth0Exception;
import com.kingsrook.qqq.backend.core.exceptions.QAuthenticationException;
import com.kingsrook.qqq.backend.core.instances.QMetaDataVariableInterpreter;
import com.kingsrook.qqq.backend.core.model.metadata.QInstance;
import com.kingsrook.qqq.backend.core.model.metadata.authentication.Auth0AuthenticationMetaData;
import com.kingsrook.qqq.backend.core.model.metadata.authentication.QAuthenticationMetaData;
import com.kingsrook.qqq.backend.core.model.session.QSession;
import com.kingsrook.qqq.backend.core.state.InMemoryStateProvider;
import com.kingsrook.qqq.backend.core.state.SimpleStateKey;
import com.kingsrook.qqq.backend.core.utils.TestUtils;
import org.junit.jupiter.api.Test;
import static com.kingsrook.qqq.backend.core.modules.authentication.implementations.Auth0AuthenticationModule.AUTH0_ID_TOKEN_KEY;
import static com.kingsrook.qqq.backend.core.modules.authentication.implementations.Auth0AuthenticationModule.BASIC_AUTH_KEY;
import static com.kingsrook.qqq.backend.core.modules.authentication.implementations.Auth0AuthenticationModule.COULD_NOT_DECODE_ERROR;
import static com.kingsrook.qqq.backend.core.modules.authentication.implementations.Auth0AuthenticationModule.EXPIRED_TOKEN_ERROR;
import static com.kingsrook.qqq.backend.core.modules.authentication.implementations.Auth0AuthenticationModule.INVALID_TOKEN_ERROR;
@ -43,6 +48,10 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
/*******************************************************************************
@ -55,8 +64,6 @@ public class Auth0AuthenticationModuleTest
private static final String EXPIRED_TOKEN = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IllrY2FkWTA0Q3RFVUFxQUdLNTk3ayJ9.eyJnaXZlbl9uYW1lIjoiVGltIiwiZmFtaWx5X25hbWUiOiJDaGFtYmVybGFpbiIsIm5pY2tuYW1lIjoidGltLmNoYW1iZXJsYWluIiwibmFtZSI6IlRpbSBDaGFtYmVybGFpbiIsInBpY3R1cmUiOiJodHRwczovL2xoMy5nb29nbGV1c2VyY29udGVudC5jb20vYS0vQUZkWnVjcXVSaUFvTzk1RG9URklnbUtseVA1akVBVnZmWXFnS0lHTkVubzE9czk2LWMiLCJsb2NhbGUiOiJlbiIsInVwZGF0ZWRfYXQiOiIyMDIyLTA3LTE4VDIxOjM4OjE1LjM4NloiLCJlbWFpbCI6InRpbS5jaGFtYmVybGFpbkBraW5nc3Jvb2suY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImlzcyI6Imh0dHBzOi8va2luZ3Nyb29rLnVzLmF1dGgwLmNvbS8iLCJzdWIiOiJnb29nbGUtb2F1dGgyfDEwODk2NDEyNjE3MjY1NzAzNDg2NyIsImF1ZCI6InNwQ1NtczAzcHpVZGRYN1BocHN4ZDlUd2FLMDlZZmNxIiwiaWF0IjoxNjU4MTgwNDc3LCJleHAiOjE2NTgyMTY0NzcsIm5vbmNlIjoiVkZkQlYzWmplR2hvY1cwMk9WZEtabHBLU0c1K1ZXbElhMEV3VkZaeFpVdEJVMDErZUZaT1RtMTNiZz09In0.fU7EwUgNrupOPz_PX_aQKON2xG1-LWD85xVo1Bn41WNEek-iMyJoch8l6NUihi7Bou14BoOfeWIG_sMqsLHqI2Pk7el7l1kigsjURx0wpiXadBt8piMxdIlxdToZEMuZCBzg7eJvXh4sM8tlV5cm0gPa6FT9Ih3VGJajNlXi5BcYS_JRpIvFvHn8-Bxj4KiAlZ5XPPkopjnDgP8kFfc4cMn_nxDkqWYlhj-5TaGW2xCLC9Qr_9UNxX0fm-CkKjYs3Z5ezbiXNkc-bxrCYvxeBeDPf8-T3EqrxCRVqCZSJ85BHdOc_E7UZC_g8bNj0umoplGwlCbzO4XIuOO-KlIaOg";
private static final String UNDECODABLE_TOKEN = "UNDECODABLE";
public static final String AUTH0_BASE_URL = "https://kingsrook.us.auth0.com/";
/*******************************************************************************
@ -109,7 +116,7 @@ public class Auth0AuthenticationModuleTest
/////////////////////////////////////////////////////////////
// put the input last-time-checked into the state provider //
/////////////////////////////////////////////////////////////
Auth0AuthenticationModule.Auth0StateKey key = new Auth0AuthenticationModule.Auth0StateKey(token);
SimpleStateKey<String> key = new SimpleStateKey<>(token);
InMemoryStateProvider.getInstance().put(key, lastTimeChecked);
//////////////////////
@ -241,14 +248,38 @@ public class Auth0AuthenticationModuleTest
/*******************************************************************************
**
*******************************************************************************/
@Test
void testBasicAuthSuccess() throws QAuthenticationException, Auth0Exception
{
Map<String, String> context = new HashMap<>();
context.put(BASIC_AUTH_KEY, encodeBasicAuth("darin.kelkhoff@gmail.com", "6-EQ!XzBJ!F*LRVDK6VZY__92!"));
Auth0AuthenticationModule auth0Spy = spy(Auth0AuthenticationModule.class);
auth0Spy.createSession(getQInstance(), context);
auth0Spy.createSession(getQInstance(), context);
auth0Spy.createSession(getQInstance(), context);
verify(auth0Spy, times(1)).getIdTokenFromAuth0(any(), any());
}
/*******************************************************************************
** utility method to prime a qInstance for auth0 tests
**
*******************************************************************************/
private QInstance getQInstance()
{
String auth0BaseUrl = new QMetaDataVariableInterpreter().interpret("${env.AUTH0_BASE_URL}");
String auth0ClientId = new QMetaDataVariableInterpreter().interpret("${env.AUTH0_CLIENT_ID}");
String auth0ClientSecret = new QMetaDataVariableInterpreter().interpret("${env.AUTH0_CLIENT_SECRET}");
QAuthenticationMetaData authenticationMetaData = new Auth0AuthenticationMetaData()
.withBaseUrl(AUTH0_BASE_URL)
.withBaseUrl(auth0BaseUrl)
.withClientId(auth0ClientId)
.withClientSecret(auth0ClientSecret)
.withName("auth0");
QInstance qInstance = TestUtils.defineInstance();
@ -256,4 +287,16 @@ public class Auth0AuthenticationModuleTest
return (qInstance);
}
/*******************************************************************************
**
*******************************************************************************/
private String encodeBasicAuth(String username, String password)
{
Base64.Encoder encoder = Base64.getEncoder();
String originalString = username + ":" + password;
return (encoder.encodeToString(originalString.getBytes()));
}
}

8
qqq-dev-tools/bin/resolve-pom-conflicts.sh Executable file
View File

@ -0,0 +1,8 @@
#!/bin/bash
############################################################################
## resolve-pom-conflicts.sh
## Tries to automatically resove pom conflicts by putting SNAPSHOT back
############################################################################
gsed "/Updated upstream/,/=======/d" pom.xml | gsed "/Stashed/d" > /tmp/temp-pom.xml
mv /tmp/temp-pom.xml pom.xml