From f6d35f1c2eca6923c9ff77b986ab93c456c9669d Mon Sep 17 00:00:00 2001
From: Dario Ghunney Ware <dariogware@gmail.com>
Date: Wed, 30 Jul 2025 13:13:26 +0100
Subject: [PATCH] More cleanup

---
 .../src/main/resources/settings.yml.template   | 18 +++++++++---------
 .../security/InitialSecuritySetup.java         |  1 -
 .../filter/JwtAuthenticationFilter.java        |  5 -----
 ...ustomSaml2AuthenticationSuccessHandler.java |  4 ++--
 .../security/service/JwtKeystoreService.java   |  1 +
 .../security/service/UserService.java          | 14 --------------
 6 files changed, 12 insertions(+), 31 deletions(-)

diff --git a/app/core/src/main/resources/settings.yml.template b/app/core/src/main/resources/settings.yml.template
index 50a2fc98f..b4cbe7b87 100644
--- a/app/core/src/main/resources/settings.yml.template
+++ b/app/core/src/main/resources/settings.yml.template
@@ -31,7 +31,7 @@ security:
       google:
         clientId: '' # client ID for Google OAuth2
         clientSecret: '' # client secret for Google OAuth2
-        scopes: https://www.googleapis.com/auth/userinfo.email, https://www.googleapis.com/auth/userinfo.profile # scopes for Google OAuth2
+        scopes: email, profile # scopes for Google OAuth2
         useAsUsername: email # field to use as the username for Google OAuth2. Available options are: [email | name | given_name | family_name]
       github:
         clientId: '' # client ID for GitHub OAuth2
@@ -51,14 +51,14 @@ security:
     provider: '' # The name of your Provider
     autoCreateUser: true # set to 'true' to allow auto-creation of non-existing users
     blockRegistration: false # set to 'true' to deny login with SSO without prior registration by an admin
-    registrationId: stirlingpdf-dario-saml # The name of your Service Provider (SP) app name. Should match the name in the path for your SSO & SLO URLs
-    idpMetadataUri: https://authentik.dev.stirlingpdf.com/api/v3/providers/saml/5/metadata/ # The uri for your Provider's metadata
-    idpSingleLoginUrl: https://authentik.dev.stirlingpdf.com/application/saml/stirlingpdf-dario-saml/sso/binding/post/ # The URL for initiating SSO. Provided by your Provider
-    idpSingleLogoutUrl: https://authentik.dev.stirlingpdf.com/application/saml/stirlingpdf-dario-saml/slo/binding/post/ # The URL for initiating SLO. Provided by your Provider
-    idpIssuer: authentik # The ID of your Provider
-    idpCert: classpath:authentik-Self-signed_Certificate_certificate.pem # The certificate your Provider will use to authenticate your app's SAML authentication requests. Provided by your Provider
-    privateKey: classpath:private_key.key # Your private key. Generated from your keypair
-    spCert: classpath:certificate.crt # Your signing certificate. Generated from your keypair
+    registrationId: stirling # The name of your Service Provider (SP) app name. Should match the name in the path for your SSO & SLO URLs
+    idpMetadataUri: https://dev-XXXXXXXX.okta.com/app/externalKey/sso/saml/metadata # The uri for your Provider's metadata
+    idpSingleLoginUrl: https://dev-XXXXXXXX.okta.com/app/dev-XXXXXXXX_stirlingpdf_1/externalKey/sso/saml # The URL for initiating SSO. Provided by your Provider
+    idpSingleLogoutUrl: https://dev-XXXXXXXX.okta.com/app/dev-XXXXXXXX_stirlingpdf_1/externalKey/slo/saml # The URL for initiating SLO. Provided by your Provider
+    idpIssuer: '' # The ID of your Provider
+    idpCert: classpath:okta.cert # The certificate your Provider will use to authenticate your app's SAML authentication requests. Provided by your Provider
+    privateKey: classpath:saml-private-key.key # Your private key. Generated from your keypair
+    spCert: classpath:saml-public-cert.crt # Your signing certificate. Generated from your keypair
   jwt:
     enableKeyStore: true # Set to 'true' to enable JWT key store
     enableKeyRotation: false # Set to 'true' to enable JWT key rotation
diff --git a/app/proprietary/src/main/java/stirling/software/proprietary/security/InitialSecuritySetup.java b/app/proprietary/src/main/java/stirling/software/proprietary/security/InitialSecuritySetup.java
index 4b09fe0e9..e145e2754 100644
--- a/app/proprietary/src/main/java/stirling/software/proprietary/security/InitialSecuritySetup.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/InitialSecuritySetup.java
@@ -43,7 +43,6 @@ public class InitialSecuritySetup {
                 }
             }
 
-            userService.migrateOauth2ToSSO();
             assignUsersToDefaultTeamIfMissing();
             initializeInternalApiUser();
         } catch (IllegalArgumentException | SQLException | UnsupportedProviderException e) {
diff --git a/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/JwtAuthenticationFilter.java b/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/JwtAuthenticationFilter.java
index 4a0115c1a..3d4b7006e 100644
--- a/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/JwtAuthenticationFilter.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/JwtAuthenticationFilter.java
@@ -130,11 +130,6 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
 
                 authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                 SecurityContextHolder.getContext().setAuthentication(authToken);
-
-                log.info(
-                        "JWT authentication successful for user: {} - Authentication set in SecurityContext",
-                        username);
-
             } else {
                 throw new UsernameNotFoundException("User not found: " + username);
             }
diff --git a/app/proprietary/src/main/java/stirling/software/proprietary/security/saml2/CustomSaml2AuthenticationSuccessHandler.java b/app/proprietary/src/main/java/stirling/software/proprietary/security/saml2/CustomSaml2AuthenticationSuccessHandler.java
index 57d667aa1..3255cbc15 100644
--- a/app/proprietary/src/main/java/stirling/software/proprietary/security/saml2/CustomSaml2AuthenticationSuccessHandler.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/saml2/CustomSaml2AuthenticationSuccessHandler.java
@@ -121,7 +121,7 @@ public class CustomSaml2AuthenticationSuccessHandler
                             username, saml2Properties.getAutoCreateUser(), SAML2);
                     log.debug("Successfully processed authentication for user: {}", username);
 
-                    generateJWT(response, authentication);
+                    generateJwt(response, authentication);
                     response.sendRedirect(contextPath + "/");
                 } catch (IllegalArgumentException | SQLException | UnsupportedProviderException e) {
                     log.debug(
@@ -136,7 +136,7 @@ public class CustomSaml2AuthenticationSuccessHandler
         }
     }
 
-    private void generateJWT(HttpServletResponse response, Authentication authentication) {
+    private void generateJwt(HttpServletResponse response, Authentication authentication) {
         if (jwtService.isJwtEnabled()) {
             String jwt =
                     jwtService.generateToken(
diff --git a/app/proprietary/src/main/java/stirling/software/proprietary/security/service/JwtKeystoreService.java b/app/proprietary/src/main/java/stirling/software/proprietary/security/service/JwtKeystoreService.java
index 64c1900e6..a0082ec81 100644
--- a/app/proprietary/src/main/java/stirling/software/proprietary/security/service/JwtKeystoreService.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/service/JwtKeystoreService.java
@@ -213,6 +213,7 @@ public class JwtKeystoreService implements JwtKeystoreServiceInterface {
         byte[] keyBytes = Base64.getDecoder().decode(encodedKey);
         PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
         KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+
         return keyFactory.generatePrivate(keySpec);
     }
 
diff --git a/app/proprietary/src/main/java/stirling/software/proprietary/security/service/UserService.java b/app/proprietary/src/main/java/stirling/software/proprietary/security/service/UserService.java
index 982f551ca..6f213b25e 100644
--- a/app/proprietary/src/main/java/stirling/software/proprietary/security/service/UserService.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/service/UserService.java
@@ -1,8 +1,5 @@
 package stirling.software.proprietary.security.service;
 
-import static stirling.software.proprietary.security.model.AuthenticationType.OAUTH2;
-import static stirling.software.proprietary.security.model.AuthenticationType.SSO;
-
 import java.sql.SQLException;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -63,17 +60,6 @@ public class UserService implements UserServiceInterface {
 
     private final ApplicationProperties.Security.OAUTH2 oAuth2;
 
-    @Transactional
-    public void migrateOauth2ToSSO() {
-        userRepository
-                .findByAuthenticationTypeIgnoreCase(OAUTH2.toString())
-                .forEach(
-                        user -> {
-                            user.setAuthenticationType(SSO);
-                            userRepository.save(user);
-                        });
-    }
-
     // Handle OAUTH2 login and user auto creation.
     public void processSSOPostLogin(
             String username, boolean autoCreateUser, AuthenticationType type)