Add OIDC support (#39)

* Update readme * First try in oidc implementation * Add secrets * Add connection to fs auth provider, redirect not tested * Working prototype This commit implements the oidc compatibility with the caveat of having every subsite under the app path. For that, there is also a redirection handler to redirect the home page to the app home page. * Small cleanup * Fix access even when logged in * Update application-prod.properties * Ignore login when in test env * Fix reviews
2026-03-11 21:41:02 +01:00 · 2025-06-12 21:24:16 +02:00
parent 5e969ac89b
commit 244f6cbf95
18 changed files with 223 additions and 54 deletions
--- a/src/main/java/org/kickerelo/kickerelo/views/AdminView.java
+++ b/src/main/java/org/kickerelo/kickerelo/views/AdminView.java
@@ -1,21 +1,85 @@
 package org.kickerelo.kickerelo.views;

-import com.vaadin.flow.component.button.Button;
-import com.vaadin.flow.component.html.H2;
-import com.vaadin.flow.component.notification.Notification;
-import com.vaadin.flow.component.notification.NotificationVariant;
-import com.vaadin.flow.component.orderedlayout.VerticalLayout;
-import com.vaadin.flow.component.textfield.TextField;
-import com.vaadin.flow.router.Route;
+import java.util.List;
+
 import org.kickerelo.kickerelo.exception.DuplicatePlayerException;
 import org.kickerelo.kickerelo.exception.InvalidDataException;
 import org.kickerelo.kickerelo.exception.PlayerNameNotSetException;
 import org.kickerelo.kickerelo.service.KickerEloService;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.core.oidc.user.OidcUser;
+
+import com.vaadin.flow.component.button.Button;
+import com.vaadin.flow.component.html.Paragraph;
+import com.vaadin.flow.component.notification.Notification;
+import com.vaadin.flow.component.notification.NotificationVariant;
+import com.vaadin.flow.component.orderedlayout.VerticalLayout;
+import com.vaadin.flow.component.textfield.TextField;
+import com.vaadin.flow.router.BeforeEnterEvent;
+import com.vaadin.flow.router.Route;

@Route("admin")
 public class AdminView extends VerticalLayout {
-    public AdminView(KickerEloService service) {
-        H2 subheader = new H2("Verwaltung");
+
+    private final org.springframework.core.env.Environment environment;
+
+    // Methode zum Prüfen, ob das "test"-Profil aktiv ist
+    private boolean isTestProfileActive() {
+        for (String profile : environment.getActiveProfiles()) {
+            if ("test".equals(profile)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    private boolean isAuthentikated() {
+        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+        if (auth != null && auth.getPrincipal() instanceof OidcUser oidcUser) {
+            Object groupsObj = oidcUser.getClaims().getOrDefault("groups", List.of());
+            List<String> listOfGroups;
+            if (groupsObj instanceof List<?> groupsList) {
+                listOfGroups = groupsList.stream()
+                        .filter(String.class::isInstance)
+                        .map(String.class::cast)
+                        .toList();
+            } else {
+                listOfGroups = List.of();
+            }
+
+            return listOfGroups.contains("Kicker Admin");
+        } else {
+            return false;
+        }
+    }
+
+    public void beforeEnter(BeforeEnterEvent event) {
+        if (isTestProfileActive()) {
+            return; // Skip authentication check in test profile
+        }
+        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+        if (auth == null || !(auth.getPrincipal() instanceof OidcUser oidcUser)) {
+            event.rerouteTo("");
+            return;
+        }
+
+        var groups = oidcUser.getClaimAsStringList("groups");
+        if (groups == null || !groups.contains("Kicker Admin")) {
+            event.rerouteTo("");
+        }
+    }
+
+    public AdminView(KickerEloService service, org.springframework.core.env.Environment environment) {
+        this.environment = environment;
+        
+        if (!isTestProfileActive()) {
+            if (!isAuthentikated()) {
+                add(new Paragraph("Du bist nicht berechtigt, diese Seite zu sehen."));
+                getUI().ifPresent(ui -> ui.navigate(""));
+                return;
+            }
+        }

        TextField spielername = new TextField("Spielername");
        spielername.addClassName("bordered");
@@ -41,6 +105,7 @@ public class AdminView extends VerticalLayout {
            service.recalculateAll1vs1();
            Notification.show("Recalculating finished").addThemeVariants(NotificationVariant.LUMO_SUCCESS);
        });
+
        Button recalc2vs2Button = new Button("2 vs 2 Elo neu berechnen", e -> {
            Notification.show("Recalculating Elo").addThemeVariants(NotificationVariant.LUMO_WARNING);
            service.recalculateAll2vs2();