Merge pull request #83 from qa-guru/fix_redirect

Fix bug on staging & prod - redirect to http /login form

docker-compose.mock.yml

@@ -11,7 +11,7 @@ services:
     volumes:
       - ./postgres:/docker-entrypoint-initdb.d
     healthcheck:
-      test: [ "CMD", "pg_isready" ]
+      test: [ "CMD", "pg_isready", "-U", "postgres", "-d", "postgres" ]
       interval: 3s
       timeout: 3s
       retries: 5

docker-compose.test.yml

@@ -11,7 +11,7 @@ services:
     volumes:
       - ./postgres:/docker-entrypoint-initdb.d
     healthcheck:
-      test: [ "CMD", "pg_isready" ]
+      test: [ "CMD", "pg_isready", "-U", "postgres", "-d", "postgres" ]
       interval: 3s
       timeout: 3s
       retries: 5

docker-compose.yml

@@ -11,7 +11,7 @@ services:
     volumes:
       - ./postgres:/docker-entrypoint-initdb.d
     healthcheck:
-      test: [ "CMD", "pg_isready" ]
+      test: [ "CMD", "pg_isready", "-U", "postgres", "-d", "postgres" ]
       interval: 3s
       timeout: 3s
       retries: 5

niffler-auth/build.gradle

@@ -6,7 +6,7 @@ plugins {
 }
 
 group = 'guru.qa'
-version = '1.1.0'
+version = '1.1.2'
 
 dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-security'

niffler-auth/src/main/java/guru/qa/niffler/config/NifflerAuthServiceConfig.java

@@ -9,8 +9,7 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.core.Ordered;
-import org.springframework.core.annotation.Order;
+import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
@@ -27,11 +26,14 @@
 import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
 import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
 import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
+import org.springframework.security.web.PortMapperImpl;
+import org.springframework.security.web.PortResolverImpl;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
 
 import java.security.NoSuchAlgorithmException;
 import java.time.Duration;
+import java.util.Map;
 import java.util.UUID;
 
 @Configuration
@@ -43,36 +45,64 @@ public class NifflerAuthServiceConfig {
     private final String clientId;
     private final String clientSecret;
     private final CorsCustomizer corsCustomizer;
+    private final String serverPort;
+    private final String defaultHttpsPort = "443";
 
     @Autowired
     public NifflerAuthServiceConfig(KeyManager keyManager,
                                     @Value("${niffler-front.base-uri}") String nifflerFrontUri,
                                     @Value("${niffler-auth.base-uri}") String nifflerAuthUri,
                                     @Value("${oauth2.client-id}") String clientId,
                                     @Value("${oauth2.client-secret}") String clientSecret,
+                                    @Value("${server.port}") String serverPort,
                                     CorsCustomizer corsCustomizer) {
         this.keyManager = keyManager;
         this.nifflerFrontUri = nifflerFrontUri;
         this.nifflerAuthUri = nifflerAuthUri;
         this.clientId = clientId;
         this.clientSecret = clientSecret;
+        this.serverPort = serverPort;
         this.corsCustomizer = corsCustomizer;
     }
 
     @Bean
-    @Order(Ordered.HIGHEST_PRECEDENCE)
-    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
+    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http,
+                                                                      LoginUrlAuthenticationEntryPoint entryPoint) throws Exception {
         OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
         http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
                 .oidc(Customizer.withDefaults());    // Enable OpenID Connect 1.0
 
-        http.exceptionHandling(exceptions -> exceptions.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")))
+        http.exceptionHandling(customizer -> customizer.authenticationEntryPoint(entryPoint))
                 .oauth2ResourceServer(rs -> rs.jwt(Customizer.withDefaults()));
 
         corsCustomizer.corsCustomizer(http);
         return http.build();
     }
 
+    @Bean
+    @Profile({"staging", "prod"})
+    public LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPointHttps() {
+        LoginUrlAuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint("/login");
+        PortMapperImpl portMapper = new PortMapperImpl();
+        portMapper.setPortMappings(Map.of(
+                serverPort, defaultHttpsPort,
+                "80", defaultHttpsPort,
+                "8080", "8443"
+        ));
+        PortResolverImpl portResolver = new PortResolverImpl();
+        portResolver.setPortMapper(portMapper);
+        entryPoint.setForceHttps(true);
+        entryPoint.setPortMapper(portMapper);
+        entryPoint.setPortResolver(portResolver);
+        return entryPoint;
+    }
+
+    @Bean
+    @Profile({"local", "docker"})
+    public LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPointHttp() {
+        return new LoginUrlAuthenticationEntryPoint("/login");
+    }
+
     @Bean
     public RegisteredClientRepository registeredClientRepository() {
         RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())