Working on OAuth 2 config

src/main/java/stirling/software/SPDF/config/security/CustomLogoutSuccessHandler.java

@@ -158,8 +158,7 @@ public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
         String clientId = null;
         OAUTH2 oauth = applicationProperties.getSecurity().getOauth2();
 
-        if (authentication instanceof OAuth2AuthenticationToken) {
+        if (authentication instanceof OAuth2AuthenticationToken oauthToken) {
-            OAuth2AuthenticationToken oauthToken = (OAuth2AuthenticationToken) authentication;
             registrationId = oauthToken.getAuthorizedClientRegistrationId();
 
             try {

src/main/java/stirling/software/SPDF/config/security/UserService.java

@@ -414,14 +414,25 @@ public class UserService implements UserServiceInterface {
     }
 
     @Transactional
-    public void syncCustomApiUser(String customApiKey)
+    public void syncCustomApiUser(String customApiKey) {
-            throws SQLException, UnsupportedProviderException {
+        if (customApiKey == null || customApiKey.trim().isBlank()) {
-        if (customApiKey == null || customApiKey.trim().length() == 0) {
             return;
         }
+
         String username = "CUSTOM_API_USER";
         Optional<User> existingUser = findByUsernameIgnoreCase(username);
-        if (!existingUser.isPresent()) {
+
+        existingUser.ifPresentOrElse(
+                user -> {
+                    // Update API key if it has changed
+                    User updatedUser = existingUser.get();
+
+                    if (!customApiKey.equals(updatedUser.getApiKey())) {
+                        updatedUser.setApiKey(customApiKey);
+                        userRepository.save(updatedUser);
+                    }
+                },
+                () -> {
                     // Create new user with API role
                     User user = new User();
                     user.setUsername(username);
@@ -432,15 +443,12 @@ public class UserService implements UserServiceInterface {
                     user.setApiKey(customApiKey);
                     user.addAuthority(new Authority(Role.INTERNAL_API_USER.getRoleId(), user));
                     userRepository.save(user);
+                });
+
+        try {
             databaseService.exportDatabase();
-        } else {
+        } catch (SQLException | UnsupportedProviderException e) {
-            // Update API key if it has changed
+            log.error("Error exporting database after synchronising custom API user", e);
-            User user = existingUser.get();
-            if (!customApiKey.equals(user.getApiKey())) {
-                user.setApiKey(customApiKey);
-                userRepository.save(user);
-                databaseService.exportDatabase();
-            }
         }
     }
 

src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2AuthenticationSuccessHandler.java

@@ -48,11 +48,9 @@ public class CustomOAuth2AuthenticationSuccessHandler
         Object principal = authentication.getPrincipal();
         String username = "";
 
-        if (principal instanceof OAuth2User) {
+        if (principal instanceof OAuth2User oauthUser) {
-            OAuth2User oauthUser = (OAuth2User) principal;
             username = oauthUser.getName();
-        } else if (principal instanceof UserDetails) {
+        } else if (principal instanceof UserDetails oauthUser) {
-            UserDetails oauthUser = (UserDetails) principal;
             username = oauthUser.getUsername();
         }
 

src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2UserService.java

@@ -44,6 +44,7 @@ public class CustomOAuth2UserService implements OAuth2UserService<OidcUserReques
     public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
         OAUTH2 oauth2 = applicationProperties.getSecurity().getOauth2();
         String usernameAttribute = oauth2.getUseAsUsername();
+
         if (usernameAttribute == null || usernameAttribute.trim().isEmpty()) {
             Client client = oauth2.getClient();
             if (client != null && client.getKeycloak() != null) {

src/main/java/stirling/software/SPDF/config/security/oauth2/OAuth2Configuration.java

@@ -32,10 +32,7 @@ import stirling.software.SPDF.model.provider.KeycloakProvider;
 
 @Configuration
 @Slf4j
-@ConditionalOnProperty(
+@ConditionalOnProperty(value = "security.oauth2.enabled", havingValue = "true")
-        value = "security.oauth2.enabled",
-        havingValue = "true",
-        matchIfMissing = false)
 public class OAuth2Configuration {
 
     private final ApplicationProperties applicationProperties;
@@ -48,16 +45,14 @@ public class OAuth2Configuration {
     }
 
     @Bean
-    @ConditionalOnProperty(
+    @ConditionalOnProperty(value = "security.oauth2.enabled", havingValue = "true")
-            value = "security.oauth2.enabled",
-            havingValue = "true",
-            matchIfMissing = false)
     public ClientRegistrationRepository clientRegistrationRepository() {
         List<ClientRegistration> registrations = new ArrayList<>();
         githubClientRegistration().ifPresent(registrations::add);
         oidcClientRegistration().ifPresent(registrations::add);
         googleClientRegistration().ifPresent(registrations::add);
         keycloakClientRegistration().ifPresent(registrations::add);
+
         if (registrations.isEmpty()) {
             log.error("At least one OAuth2 provider must be configured");
             System.exit(1);
@@ -169,6 +164,10 @@ public class OAuth2Configuration {
                         .scope(oauth.getScopes())
                         .userNameAttributeName(oauth.getUseAsUsername())
                         .clientName("OIDC")
+                        .redirectUri("{baseUrl}/login/oauth2/code/oidc")
+                        .authorizationGrantType(
+                                org.springframework.security.oauth2.core.AuthorizationGrantType
+                                        .AUTHORIZATION_CODE)
                         .build());
     }
 

src/main/resources/settings.yml.template

@@ -12,11 +12,11 @@
 
 
 security:
-  enableLogin: false # set to 'true' to enable login
+  enableLogin: true # set to 'true' to enable login
   csrfDisabled: false # set to 'true' to disable CSRF protection (not recommended for production)
   loginAttemptCount: 5 # lock user account after 5 tries; when using e.g. Fail2Ban you can deactivate the function with -1
   loginResetTimeMinutes: 120 # lock account for 2 hours after x attempts
-  loginMethod: all # Accepts values like 'all' and 'normal'(only Login with Username/Password), 'oauth2'(only Login with OAuth2) or 'saml2'(only Login with SAML2)
+  loginMethod: saml2 # Accepts values like 'all' and 'normal'(only Login with Username/Password), 'oauth2'(only Login with OAuth2) or 'saml2'(only Login with SAML2)
   initialLogin:
     username: '' # initial username for the first login
     password: '' # initial password for the first login