diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/CustomServerOAuth2AuthorizationRequestResolver.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/CustomServerOAuth2AuthorizationRequestResolver.java index 532819bec5..a945d6e190 100644 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/CustomServerOAuth2AuthorizationRequestResolver.java +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/CustomServerOAuth2AuthorizationRequestResolver.java @@ -1,6 +1,7 @@ package com.appsmith.server.authentication.handlers; import com.appsmith.server.authentication.handlers.ce.CustomServerOAuth2AuthorizationRequestResolverCE; +import com.appsmith.server.authentication.oauth2clientrepositories.CustomOauth2ClientRepositoryManager; import com.appsmith.server.configurations.CommonConfig; import com.appsmith.server.helpers.RedirectHelper; import org.springframework.security.oauth2.client.registration.ClientRegistration; @@ -29,12 +30,14 @@ public class CustomServerOAuth2AuthorizationRequestResolver extends CustomServer public CustomServerOAuth2AuthorizationRequestResolver( ReactiveClientRegistrationRepository clientRegistrationRepository, CommonConfig commonConfig, - RedirectHelper redirectHelper) { + RedirectHelper redirectHelper, + CustomOauth2ClientRepositoryManager oauth2ClientManager) { this( clientRegistrationRepository, new PathPatternParserServerWebExchangeMatcher(DEFAULT_AUTHORIZATION_REQUEST_PATTERN), commonConfig, - redirectHelper); + redirectHelper, + oauth2ClientManager); } /** @@ -49,8 +52,14 @@ public class CustomServerOAuth2AuthorizationRequestResolver extends CustomServer ReactiveClientRegistrationRepository clientRegistrationRepository, ServerWebExchangeMatcher authorizationRequestMatcher, CommonConfig commonConfig, - RedirectHelper redirectHelper) { - super(clientRegistrationRepository, authorizationRequestMatcher, commonConfig, redirectHelper); + RedirectHelper redirectHelper, + CustomOauth2ClientRepositoryManager oauth2ClientManager) { + super( + clientRegistrationRepository, + authorizationRequestMatcher, + commonConfig, + redirectHelper, + oauth2ClientManager); this.redirectHelper = redirectHelper; Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null"); Assert.notNull(authorizationRequestMatcher, "authorizationRequestMatcher cannot be null"); diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/ce/CustomServerOAuth2AuthorizationRequestResolverCE.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/ce/CustomServerOAuth2AuthorizationRequestResolverCE.java index 9b963eb243..2c7fc9b311 100644 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/ce/CustomServerOAuth2AuthorizationRequestResolverCE.java +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/ce/CustomServerOAuth2AuthorizationRequestResolverCE.java @@ -1,5 +1,7 @@ package com.appsmith.server.authentication.handlers.ce; +import com.appsmith.server.authentication.oauth2clientrepositories.BaseClientRegistrationRepository; +import com.appsmith.server.authentication.oauth2clientrepositories.CustomOauth2ClientRepositoryManager; import com.appsmith.server.configurations.CommonConfig; import com.appsmith.server.constants.Security; import com.appsmith.server.exceptions.AppsmithError; @@ -77,22 +79,27 @@ public class CustomServerOAuth2AuthorizationRequestResolverCE implements ServerO private final RedirectHelper redirectHelper; + private final CustomOauth2ClientRepositoryManager ouath2ClientManager; + /** * Creates a new instance * - * @param clientRegistrationRepository the repository to resolve the {@link ClientRegistration} + * @param clientRegistrationRepository the repository to resolve the {@link ClientRegistration} * @param commonConfig * @param redirectHelper + * @param oauth2ClientManager Client repository manager to get client repository based on registration id */ public CustomServerOAuth2AuthorizationRequestResolverCE( ReactiveClientRegistrationRepository clientRegistrationRepository, CommonConfig commonConfig, - RedirectHelper redirectHelper) { + RedirectHelper redirectHelper, + CustomOauth2ClientRepositoryManager oauth2ClientManager) { this( clientRegistrationRepository, new PathPatternParserServerWebExchangeMatcher(DEFAULT_AUTHORIZATION_REQUEST_PATTERN), commonConfig, - redirectHelper); + redirectHelper, + oauth2ClientManager); } /** @@ -102,13 +109,16 @@ public class CustomServerOAuth2AuthorizationRequestResolverCE implements ServerO * @param authorizationRequestMatcher the matcher that determines if the request is a match and extracts the * {@link #DEFAULT_REGISTRATION_ID_URI_VARIABLE_NAME} from the path variables. * @param redirectHelper + * @param ouath2ClientManager Client repository manager to get client repository based on registration id */ public CustomServerOAuth2AuthorizationRequestResolverCE( ReactiveClientRegistrationRepository clientRegistrationRepository, ServerWebExchangeMatcher authorizationRequestMatcher, CommonConfig commonConfig, - RedirectHelper redirectHelper) { + RedirectHelper redirectHelper, + CustomOauth2ClientRepositoryManager ouath2ClientManager) { this.redirectHelper = redirectHelper; + this.ouath2ClientManager = ouath2ClientManager; Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null"); Assert.notNull(authorizationRequestMatcher, "authorizationRequestMatcher cannot be null"); this.clientRegistrationRepository = clientRegistrationRepository; @@ -138,11 +148,21 @@ public class CustomServerOAuth2AuthorizationRequestResolverCE implements ServerO }); } + /** + * Method to find the client registration repository based on the registration id + * + * @param clientRegistration Registration id of the client + * @return Client registration repository + */ private Mono findByRegistrationId(String clientRegistration) { - return this.clientRegistrationRepository - .findByRegistrationId(clientRegistration) - .switchIfEmpty(Mono.error( - () -> new ResponseStatusException(HttpStatus.BAD_REQUEST, "Invalid client registration id"))); + BaseClientRegistrationRepository customClientRegistrationRepository = + this.ouath2ClientManager.findClientRegistrationRepositoryByRegistrationId(clientRegistration); + + Mono clientRegistrationMono = customClientRegistrationRepository == null + ? this.clientRegistrationRepository.findByRegistrationId(clientRegistration) + : customClientRegistrationRepository.findByRegistrationId(clientRegistration); + return clientRegistrationMono.switchIfEmpty(Mono.error( + () -> new ResponseStatusException(HttpStatus.BAD_REQUEST, "Invalid client registration id"))); } private Mono authorizationRequest( diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/BaseClientRegistrationRepository.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/BaseClientRegistrationRepository.java new file mode 100644 index 0000000000..51afab137f --- /dev/null +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/BaseClientRegistrationRepository.java @@ -0,0 +1,5 @@ +package com.appsmith.server.authentication.oauth2clientrepositories; + +import com.appsmith.server.authentication.oauth2clientrepositories.ce.BaseClientRegistrationRepositoryCE; + +public interface BaseClientRegistrationRepository extends BaseClientRegistrationRepositoryCE {} diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/CustomOauth2ClientRepositoryManager.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/CustomOauth2ClientRepositoryManager.java new file mode 100644 index 0000000000..b4d42fb7e8 --- /dev/null +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/CustomOauth2ClientRepositoryManager.java @@ -0,0 +1,5 @@ +package com.appsmith.server.authentication.oauth2clientrepositories; + +import com.appsmith.server.authentication.oauth2clientrepositories.ce.CustomOauth2ClientRepositoryManagerCE; + +public interface CustomOauth2ClientRepositoryManager extends CustomOauth2ClientRepositoryManagerCE {} diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/CustomOauth2ClientRepositoryManagerImpl.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/CustomOauth2ClientRepositoryManagerImpl.java new file mode 100644 index 0000000000..4d2e359b30 --- /dev/null +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/CustomOauth2ClientRepositoryManagerImpl.java @@ -0,0 +1,8 @@ +package com.appsmith.server.authentication.oauth2clientrepositories; + +import com.appsmith.server.authentication.oauth2clientrepositories.ce.CustomOauth2ClientRepositoryManagerCEImpl; +import org.springframework.stereotype.Component; + +@Component +public class CustomOauth2ClientRepositoryManagerImpl extends CustomOauth2ClientRepositoryManagerCEImpl + implements CustomOauth2ClientRepositoryManager {} diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/ce/BaseClientRegistrationRepositoryCE.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/ce/BaseClientRegistrationRepositoryCE.java new file mode 100644 index 0000000000..71e9843bfd --- /dev/null +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/ce/BaseClientRegistrationRepositoryCE.java @@ -0,0 +1,8 @@ +package com.appsmith.server.authentication.oauth2clientrepositories.ce; + +import org.springframework.security.oauth2.client.registration.ClientRegistration; +import reactor.core.publisher.Mono; + +public interface BaseClientRegistrationRepositoryCE { + Mono findByRegistrationId(String registrationId); +} diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/ce/CustomOauth2ClientRepositoryManagerCE.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/ce/CustomOauth2ClientRepositoryManagerCE.java new file mode 100644 index 0000000000..db29960367 --- /dev/null +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/ce/CustomOauth2ClientRepositoryManagerCE.java @@ -0,0 +1,8 @@ +package com.appsmith.server.authentication.oauth2clientrepositories.ce; + +import com.appsmith.server.authentication.oauth2clientrepositories.BaseClientRegistrationRepository; + +public interface CustomOauth2ClientRepositoryManagerCE { + + BaseClientRegistrationRepository findClientRegistrationRepositoryByRegistrationId(String registrationId); +} diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/ce/CustomOauth2ClientRepositoryManagerCEImpl.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/ce/CustomOauth2ClientRepositoryManagerCEImpl.java new file mode 100644 index 0000000000..2ca451bf42 --- /dev/null +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/ce/CustomOauth2ClientRepositoryManagerCEImpl.java @@ -0,0 +1,11 @@ +package com.appsmith.server.authentication.oauth2clientrepositories.ce; + +import com.appsmith.server.authentication.oauth2clientrepositories.BaseClientRegistrationRepository; + +public class CustomOauth2ClientRepositoryManagerCEImpl implements CustomOauth2ClientRepositoryManagerCE { + + @Override + public BaseClientRegistrationRepository findClientRegistrationRepositoryByRegistrationId(String registrationId) { + return null; + } +} diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/SecurityConfig.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/SecurityConfig.java index c24371c29b..60f36fe6e6 100644 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/SecurityConfig.java +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/SecurityConfig.java @@ -3,6 +3,7 @@ package com.appsmith.server.configurations; import com.appsmith.server.authentication.handlers.AccessDeniedHandler; import com.appsmith.server.authentication.handlers.CustomServerOAuth2AuthorizationRequestResolver; import com.appsmith.server.authentication.handlers.LogoutSuccessHandler; +import com.appsmith.server.authentication.oauth2clientrepositories.CustomOauth2ClientRepositoryManager; import com.appsmith.server.constants.FieldName; import com.appsmith.server.constants.Url; import com.appsmith.server.domains.User; @@ -99,6 +100,9 @@ public class SecurityConfig { @Autowired private RateLimitService rateLimitService; + @Autowired + private CustomOauth2ClientRepositoryManager oauth2ClientManager; + @Value("${appsmith.internal.password}") private String INTERNAL_PASSWORD; @@ -232,7 +236,10 @@ public class SecurityConfig { .oauth2Login(oAuth2LoginSpec -> oAuth2LoginSpec .authenticationFailureHandler(failureHandler) .authorizationRequestResolver(new CustomServerOAuth2AuthorizationRequestResolver( - reactiveClientRegistrationRepository, commonConfig, redirectHelper)) + reactiveClientRegistrationRepository, + commonConfig, + redirectHelper, + oauth2ClientManager)) .authenticationSuccessHandler(authenticationSuccessHandler) .authenticationFailureHandler(authenticationFailureHandler) .authorizedClientRepository(new ClientUserRepository(userService, commonConfig)))