fix the scopes (#261)

Co-authored-by: Dean Hiller <[email protected]>
deanhiller · Jan 7, 2024 · 38ff77f · 38ff77f
1 parent 5536bd8
commit 38ff77f
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 10 deletions.
diff --git a/googlecloud/plugin-google-auth/src/main/java/org/webpieces/googleauth/api/SaveUser.java b/googlecloud/plugin-google-auth/src/main/java/org/webpieces/googleauth/api/SaveUser.java
@@ -1,9 +1,13 @@
 package org.webpieces.googleauth.api;
 
+import org.webpieces.googleauth.client.api.FetchTokenResponse;
 import org.webpieces.googleauth.client.api.ProfileAndTokens;
+import org.webpieces.router.api.controller.actions.Redirect;
 import org.webpieces.util.futures.XFuture;
 
 public interface SaveUser {
     XFuture<Void> saveUserIfNotExist(ProfileAndTokens profile);
 
+    Redirect returnRedirectIfScopesInvalid(FetchTokenResponse resp);
+
 }
diff --git a/googlecloud/plugin-google-auth/src/main/java/org/webpieces/googleauth/impl/AuthService.java b/googlecloud/plugin-google-auth/src/main/java/org/webpieces/googleauth/impl/AuthService.java
@@ -124,8 +124,20 @@ public XFuture<Redirect> callback() {
         request.setAccessType("offline"); //users can discard the refresh token
 
         return authApi.fetchToken(request)
-                .thenCompose( (resp) -> validateToken(resp))
-                .thenCompose( (resp2) -> fetchPageToRedirectTo(resp2));
+                .thenCompose( (resp) -> processTokenForNextSteps(resp) );
+    }
+
+    private XFuture<Redirect> processTokenForNextSteps(FetchTokenResponse resp) {
+        //if user forgets to checkbox, we have to send him to a public
+        // page to relogin again
+        Redirect redirect = saveUser.returnRedirectIfScopesInvalid(resp);
+        if(redirect != null) {
+            //base page after login screen
+            return XFuture.completedFuture(redirect);
+        }
+
+        return validateToken(resp)
+                .thenCompose((resp2) -> fetchPageToRedirectTo(resp2));
     }
 
     private XFuture<ProfileAndTokens> validateToken(FetchTokenResponse resp) {
@@ -136,7 +148,7 @@ private XFuture<ProfileAndTokens> validateToken(FetchTokenResponse resp) {
     private void validateToken(Map<String, List<String>> queryParams) {
         //all queryParams are run through url decoding so no need to decode it...
         String stateDecoded = fetch(queryParams, "state");
-        String base64Session = Current.session().remove(AUTH0_SECRET_KEY);
+        String base64Session = Current.session().get(AUTH0_SECRET_KEY);
         log.info("fetch from session="+base64Session+"   state from auth0="+stateDecoded);
 
         //SECURITY, do not remove.  Cookie can't be tampered with or webpieces throws exception
@@ -159,6 +171,8 @@ private Redirect continueRedirect(ProfileAndTokens response) {
         }
         Current.session().put(GoogleAuthPlugin.USER_ID_TOKEN, email);
 
+        String base64Session = Current.session().remove(AUTH0_SECRET_KEY);
+
         //5 cases of login  (2 and 4 similar and 3 and 5 similar)
 
         String url = Current.flash().get("url");

diff --git a/...rver/http-router/src/main/java/org/webpieces/router/impl/services/SvcProxyForContent.java b/...rver/http-router/src/main/java/org/webpieces/router/impl/services/SvcProxyForContent.java
@@ -141,16 +141,13 @@ private XFuture<Action> marshalAndRecord(Throwable t, LoadedController loadedCon
 			//if recording is on, set it up...
 			recordingInfo.setMethod(method);
 			recordingInfo.setArgs(args);
-		}
 
-		if(t != null) {
-			if(recordingInfo != null)
+			if(t != null) {
 				recordingInfo.setFailureResponse(t);
-			return XFuture.failedFuture(t);
-		}
-
-		if(recordingInfo != null)
+				return XFuture.failedFuture(t);
+			}
 			recordingInfo.setResponse(retVal);
+		}
 
 		//record
 		try {