diff --git a/googlecloud/plugin-google-auth/src/main/java/org/webpieces/googleauth/api/SaveUser.java b/googlecloud/plugin-google-auth/src/main/java/org/webpieces/googleauth/api/SaveUser.java index bb5ed071c..68a10864e 100644 --- a/googlecloud/plugin-google-auth/src/main/java/org/webpieces/googleauth/api/SaveUser.java +++ b/googlecloud/plugin-google-auth/src/main/java/org/webpieces/googleauth/api/SaveUser.java @@ -1,9 +1,13 @@ package org.webpieces.googleauth.api; +import org.webpieces.googleauth.client.api.FetchTokenResponse; import org.webpieces.googleauth.client.api.ProfileAndTokens; +import org.webpieces.router.api.controller.actions.Redirect; import org.webpieces.util.futures.XFuture; public interface SaveUser { XFuture saveUserIfNotExist(ProfileAndTokens profile); + Redirect returnRedirectIfScopesInvalid(FetchTokenResponse resp); + } diff --git a/googlecloud/plugin-google-auth/src/main/java/org/webpieces/googleauth/impl/AuthService.java b/googlecloud/plugin-google-auth/src/main/java/org/webpieces/googleauth/impl/AuthService.java index 97e1ad9a9..d0f23f2c8 100644 --- a/googlecloud/plugin-google-auth/src/main/java/org/webpieces/googleauth/impl/AuthService.java +++ b/googlecloud/plugin-google-auth/src/main/java/org/webpieces/googleauth/impl/AuthService.java @@ -124,8 +124,20 @@ public XFuture callback() { request.setAccessType("offline"); //users can discard the refresh token return authApi.fetchToken(request) - .thenCompose( (resp) -> validateToken(resp)) - .thenCompose( (resp2) -> fetchPageToRedirectTo(resp2)); + .thenCompose( (resp) -> processTokenForNextSteps(resp) ); + } + + private XFuture processTokenForNextSteps(FetchTokenResponse resp) { + //if user forgets to checkbox, we have to send him to a public + // page to relogin again + Redirect redirect = saveUser.returnRedirectIfScopesInvalid(resp); + if(redirect != null) { + //base page after login screen + return XFuture.completedFuture(redirect); + } + + return validateToken(resp) + .thenCompose((resp2) -> fetchPageToRedirectTo(resp2)); } private XFuture validateToken(FetchTokenResponse resp) { @@ -136,7 +148,7 @@ private XFuture validateToken(FetchTokenResponse resp) { private void validateToken(Map> queryParams) { //all queryParams are run through url decoding so no need to decode it... String stateDecoded = fetch(queryParams, "state"); - String base64Session = Current.session().remove(AUTH0_SECRET_KEY); + String base64Session = Current.session().get(AUTH0_SECRET_KEY); log.info("fetch from session="+base64Session+" state from auth0="+stateDecoded); //SECURITY, do not remove. Cookie can't be tampered with or webpieces throws exception @@ -159,6 +171,8 @@ private Redirect continueRedirect(ProfileAndTokens response) { } Current.session().put(GoogleAuthPlugin.USER_ID_TOKEN, email); + String base64Session = Current.session().remove(AUTH0_SECRET_KEY); + //5 cases of login (2 and 4 similar and 3 and 5 similar) String url = Current.flash().get("url"); diff --git a/webserver/http-router/src/main/java/org/webpieces/router/impl/services/SvcProxyForContent.java b/webserver/http-router/src/main/java/org/webpieces/router/impl/services/SvcProxyForContent.java index 616f1fb4a..4054fde0b 100644 --- a/webserver/http-router/src/main/java/org/webpieces/router/impl/services/SvcProxyForContent.java +++ b/webserver/http-router/src/main/java/org/webpieces/router/impl/services/SvcProxyForContent.java @@ -141,16 +141,13 @@ private XFuture marshalAndRecord(Throwable t, LoadedController loadedCon //if recording is on, set it up... recordingInfo.setMethod(method); recordingInfo.setArgs(args); - } - if(t != null) { - if(recordingInfo != null) + if(t != null) { recordingInfo.setFailureResponse(t); - return XFuture.failedFuture(t); - } - - if(recordingInfo != null) + return XFuture.failedFuture(t); + } recordingInfo.setResponse(retVal); + } //record try {