More cleanup

2025-08-02 18:45:21 +00:00 · 2025-07-30 13:13:26 +01:00 · 2025-07-30 13:13:26 +01:00 · f6d35f1c2e
commit f6d35f1c2e
parent 177861ce09
6 changed files with 12 additions and 31 deletions
--- a/app/core/src/main/resources/settings.yml.template
+++ b/app/core/src/main/resources/settings.yml.template
@ -31,7 +31,7 @@ security:
      google:
        clientId: '' # client ID for Google OAuth2
        clientSecret: '' # client secret for Google OAuth2
-        scopes: https://www.googleapis.com/auth/userinfo.email, https://www.googleapis.com/auth/userinfo.profile # scopes for Google OAuth2
+        scopes: email, profile # scopes for Google OAuth2
        useAsUsername: email # field to use as the username for Google OAuth2. Available options are: [email | name | given_name | family_name]
      github:
        clientId: '' # client ID for GitHub OAuth2
@ -51,14 +51,14 @@ security:
    provider: '' # The name of your Provider
    autoCreateUser: true # set to 'true' to allow auto-creation of non-existing users
    blockRegistration: false # set to 'true' to deny login with SSO without prior registration by an admin
-    registrationId: stirlingpdf-dario-saml # The name of your Service Provider (SP) app name. Should match the name in the path for your SSO & SLO URLs
-    idpMetadataUri: https://authentik.dev.stirlingpdf.com/api/v3/providers/saml/5/metadata/ # The uri for your Provider's metadata
-    idpSingleLoginUrl: https://authentik.dev.stirlingpdf.com/application/saml/stirlingpdf-dario-saml/sso/binding/post/ # The URL for initiating SSO. Provided by your Provider
-    idpSingleLogoutUrl: https://authentik.dev.stirlingpdf.com/application/saml/stirlingpdf-dario-saml/slo/binding/post/ # The URL for initiating SLO. Provided by your Provider
-    idpIssuer: authentik # The ID of your Provider
-    idpCert: classpath:authentik-Self-signed_Certificate_certificate.pem # The certificate your Provider will use to authenticate your app's SAML authentication requests. Provided by your Provider
-    privateKey: classpath:private_key.key # Your private key. Generated from your keypair
-    spCert: classpath:certificate.crt # Your signing certificate. Generated from your keypair
+    registrationId: stirling # The name of your Service Provider (SP) app name. Should match the name in the path for your SSO & SLO URLs
+    idpMetadataUri: https://dev-XXXXXXXX.okta.com/app/externalKey/sso/saml/metadata # The uri for your Provider's metadata
+    idpSingleLoginUrl: https://dev-XXXXXXXX.okta.com/app/dev-XXXXXXXX_stirlingpdf_1/externalKey/sso/saml # The URL for initiating SSO. Provided by your Provider
+    idpSingleLogoutUrl: https://dev-XXXXXXXX.okta.com/app/dev-XXXXXXXX_stirlingpdf_1/externalKey/slo/saml # The URL for initiating SLO. Provided by your Provider
+    idpIssuer: '' # The ID of your Provider
+    idpCert: classpath:okta.cert # The certificate your Provider will use to authenticate your app's SAML authentication requests. Provided by your Provider
+    privateKey: classpath:saml-private-key.key # Your private key. Generated from your keypair
+    spCert: classpath:saml-public-cert.crt # Your signing certificate. Generated from your keypair
  jwt:
    enableKeyStore: true # Set to 'true' to enable JWT key store
    enableKeyRotation: false # Set to 'true' to enable JWT key rotation
--- a/app/proprietary/src/main/java/stirling/software/proprietary/security/InitialSecuritySetup.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/InitialSecuritySetup.java
@ -43,7 +43,6 @@ public class InitialSecuritySetup {
                }
            }

-            userService.migrateOauth2ToSSO();
            assignUsersToDefaultTeamIfMissing();
            initializeInternalApiUser();
        } catch (IllegalArgumentException | SQLException | UnsupportedProviderException e) {
--- a/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/JwtAuthenticationFilter.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/JwtAuthenticationFilter.java
@ -130,11 +130,6 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {

                authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                SecurityContextHolder.getContext().setAuthentication(authToken);
-
-                log.info(
-                        "JWT authentication successful for user: {} - Authentication set in SecurityContext",
-                        username);
-
            } else {
                throw new UsernameNotFoundException("User not found: " + username);
            }
--- a/app/proprietary/src/main/java/stirling/software/proprietary/security/saml2/CustomSaml2AuthenticationSuccessHandler.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/saml2/CustomSaml2AuthenticationSuccessHandler.java
@ -121,7 +121,7 @@ public class CustomSaml2AuthenticationSuccessHandler
                            username, saml2Properties.getAutoCreateUser(), SAML2);
                    log.debug("Successfully processed authentication for user: {}", username);

-                    generateJWT(response, authentication);
+                    generateJwt(response, authentication);
                    response.sendRedirect(contextPath + "/");
                } catch (IllegalArgumentException | SQLException | UnsupportedProviderException e) {
                    log.debug(
@ -136,7 +136,7 @@ public class CustomSaml2AuthenticationSuccessHandler
        }
    }

-    private void generateJWT(HttpServletResponse response, Authentication authentication) {
+    private void generateJwt(HttpServletResponse response, Authentication authentication) {
        if (jwtService.isJwtEnabled()) {
            String jwt =
                    jwtService.generateToken(
--- a/app/proprietary/src/main/java/stirling/software/proprietary/security/service/JwtKeystoreService.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/service/JwtKeystoreService.java
@ -213,6 +213,7 @@ public class JwtKeystoreService implements JwtKeystoreServiceInterface {
        byte[] keyBytes = Base64.getDecoder().decode(encodedKey);
        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+
        return keyFactory.generatePrivate(keySpec);
    }

--- a/app/proprietary/src/main/java/stirling/software/proprietary/security/service/UserService.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/service/UserService.java
@ -1,8 +1,5 @@
 package stirling.software.proprietary.security.service;

-import static stirling.software.proprietary.security.model.AuthenticationType.OAUTH2;
-import static stirling.software.proprietary.security.model.AuthenticationType.SSO;
-
 import java.sql.SQLException;
 import java.util.ArrayList;
 import java.util.Collection;
@ -63,17 +60,6 @@ public class UserService implements UserServiceInterface {

    private final ApplicationProperties.Security.OAUTH2 oAuth2;

-    @Transactional
-    public void migrateOauth2ToSSO() {
-        userRepository
-                .findByAuthenticationTypeIgnoreCase(OAUTH2.toString())
-                .forEach(
-                        user -> {
-                            user.setAuthenticationType(SSO);
-                            userRepository.save(user);
-                        });
-    }
-
    // Handle OAUTH2 login and user auto creation.
    public void processSSOPostLogin(
            String username, boolean autoCreateUser, AuthenticationType type)