From d02c1edf6a370ba7aeb8e0eecdb2144c965b3e0c Mon Sep 17 00:00:00 2001 From: Shrikant Sharat Kandula Date: Wed, 27 Mar 2024 11:23:03 +0530 Subject: [PATCH] chore: Inject AuthenticationPrincipal in controller method (#31742) Instead of using `sessionUserService.getCurrentUser()`, or the `ReactiveSecurityContextHolder.getContext` directly (which we are doing in several places), this injection will let us get the principal directly at controller-level. Yes, it produces the anonymous user, when there's no session. Why? Less code. More relying on letting Spring do the right thing for us. :stuck_out_tongue: Why aren't we making this change across the board everywhere? Sure, eventually. Small PR like this helps me get consensus, be less daunting to review, and most important of all, easy to revert if we notice something going wrong. In a week or two, if we want to do this, we can start rolling it out to more places in code. /ok-to-test tags="@tag.Sanity" --- .../appsmith/server/controllers/ce/UserControllerCE.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/ce/UserControllerCE.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/ce/UserControllerCE.java index 6a70f26013..039d713dfb 100644 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/ce/UserControllerCE.java +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/ce/UserControllerCE.java @@ -24,6 +24,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.codec.multipart.Part; +import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; @@ -161,10 +162,8 @@ public class UserControllerCE extends BaseController @JsonView(Views.Public.class) @GetMapping("/me") - public Mono> getUserProfile() { - return sessionUserService - .getCurrentUser() - .flatMap(service::buildUserProfileDTO) + public Mono> getUserProfile(@AuthenticationPrincipal User user) { + return service.buildUserProfileDTO(user) .map(profile -> new ResponseDTO<>(HttpStatus.OK.value(), profile, null)); }