From 38ff77f604f48ecbfd30444dca48a8c226bc5e69 Mon Sep 17 00:00:00 2001
From: Dean Hiller <dean.hiller@gmail.com>
Date: Sat, 6 Jan 2024 22:41:23 -0700
Subject: [PATCH] fix the scopes (#261)

Co-authored-by: Dean Hiller <dean.hiller@tray.com>
---
 .../webpieces/googleauth/api/SaveUser.java    |  4 ++++
 .../googleauth/impl/AuthService.java          | 20 ++++++++++++++++---
 .../impl/services/SvcProxyForContent.java     | 11 ++++------
 3 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/googlecloud/plugin-google-auth/src/main/java/org/webpieces/googleauth/api/SaveUser.java b/googlecloud/plugin-google-auth/src/main/java/org/webpieces/googleauth/api/SaveUser.java
index bb5ed071c..68a10864e 100644
--- a/googlecloud/plugin-google-auth/src/main/java/org/webpieces/googleauth/api/SaveUser.java
+++ b/googlecloud/plugin-google-auth/src/main/java/org/webpieces/googleauth/api/SaveUser.java
@@ -1,9 +1,13 @@
 package org.webpieces.googleauth.api;
 
+import org.webpieces.googleauth.client.api.FetchTokenResponse;
 import org.webpieces.googleauth.client.api.ProfileAndTokens;
+import org.webpieces.router.api.controller.actions.Redirect;
 import org.webpieces.util.futures.XFuture;
 
 public interface SaveUser {
     XFuture<Void> saveUserIfNotExist(ProfileAndTokens profile);
 
+    Redirect returnRedirectIfScopesInvalid(FetchTokenResponse resp);
+
 }
diff --git a/googlecloud/plugin-google-auth/src/main/java/org/webpieces/googleauth/impl/AuthService.java b/googlecloud/plugin-google-auth/src/main/java/org/webpieces/googleauth/impl/AuthService.java
index 97e1ad9a9..d0f23f2c8 100644
--- a/googlecloud/plugin-google-auth/src/main/java/org/webpieces/googleauth/impl/AuthService.java
+++ b/googlecloud/plugin-google-auth/src/main/java/org/webpieces/googleauth/impl/AuthService.java
@@ -124,8 +124,20 @@ public XFuture<Redirect> callback() {
         request.setAccessType("offline"); //users can discard the refresh token
 
         return authApi.fetchToken(request)
-                .thenCompose( (resp) -> validateToken(resp))
-                .thenCompose( (resp2) -> fetchPageToRedirectTo(resp2));
+                .thenCompose( (resp) -> processTokenForNextSteps(resp) );
+    }
+
+    private XFuture<Redirect> processTokenForNextSteps(FetchTokenResponse resp) {
+        //if user forgets to checkbox, we have to send him to a public
+        // page to relogin again
+        Redirect redirect = saveUser.returnRedirectIfScopesInvalid(resp);
+        if(redirect != null) {
+            //base page after login screen
+            return XFuture.completedFuture(redirect);
+        }
+
+        return validateToken(resp)
+                .thenCompose((resp2) -> fetchPageToRedirectTo(resp2));
     }
 
     private XFuture<ProfileAndTokens> validateToken(FetchTokenResponse resp) {
@@ -136,7 +148,7 @@ private XFuture<ProfileAndTokens> validateToken(FetchTokenResponse resp) {
     private void validateToken(Map<String, List<String>> queryParams) {
         //all queryParams are run through url decoding so no need to decode it...
         String stateDecoded = fetch(queryParams, "state");
-        String base64Session = Current.session().remove(AUTH0_SECRET_KEY);
+        String base64Session = Current.session().get(AUTH0_SECRET_KEY);
         log.info("fetch from session="+base64Session+"   state from auth0="+stateDecoded);
 
         //SECURITY, do not remove.  Cookie can't be tampered with or webpieces throws exception
@@ -159,6 +171,8 @@ private Redirect continueRedirect(ProfileAndTokens response) {
         }
         Current.session().put(GoogleAuthPlugin.USER_ID_TOKEN, email);
 
+        String base64Session = Current.session().remove(AUTH0_SECRET_KEY);
+
         //5 cases of login  (2 and 4 similar and 3 and 5 similar)
 
         String url = Current.flash().get("url");
diff --git a/webserver/http-router/src/main/java/org/webpieces/router/impl/services/SvcProxyForContent.java b/webserver/http-router/src/main/java/org/webpieces/router/impl/services/SvcProxyForContent.java
index 616f1fb4a..4054fde0b 100644
--- a/webserver/http-router/src/main/java/org/webpieces/router/impl/services/SvcProxyForContent.java
+++ b/webserver/http-router/src/main/java/org/webpieces/router/impl/services/SvcProxyForContent.java
@@ -141,16 +141,13 @@ private XFuture<Action> marshalAndRecord(Throwable t, LoadedController loadedCon
 			//if recording is on, set it up...
 			recordingInfo.setMethod(method);
 			recordingInfo.setArgs(args);
-		}
 
-		if(t != null) {
-			if(recordingInfo != null)
+			if(t != null) {
 				recordingInfo.setFailureResponse(t);
-			return XFuture.failedFuture(t);
-		}
-
-		if(recordingInfo != null)
+				return XFuture.failedFuture(t);
+			}
 			recordingInfo.setResponse(retVal);
+		}
 
 		//record
 		try {