diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/UserController.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/UserController.java index e641907bff..238bcda102 100644 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/UserController.java +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/UserController.java @@ -4,9 +4,12 @@ import com.appsmith.server.constants.Url; import com.appsmith.server.domains.User; import com.appsmith.server.dtos.ResetUserPasswordDTO; import com.appsmith.server.dtos.ResponseDTO; +import com.appsmith.server.services.SessionUserService; import com.appsmith.server.services.UserService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PutMapping; @@ -20,9 +23,13 @@ import reactor.core.publisher.Mono; @RequestMapping(Url.USER_URL) public class UserController extends BaseController { + private final SessionUserService sessionUserService; + @Autowired - public UserController(UserService service) { + public UserController(UserService service, + SessionUserService sessionUserService) { super(service); + this.sessionUserService = sessionUserService; } @PutMapping("/switchOrganization/{orgId}") @@ -54,4 +61,10 @@ public class UserController extends BaseController { return service.resetPasswordAfterForgotPassword(userPasswordDTO.getToken(), userPasswordDTO.getUser()) .map(result -> new ResponseDTO<>(HttpStatus.OK.value(), result, null)); } + + @GetMapping("/me") + public Mono> getUserProfile() { + return sessionUserService.getCurrentUser() + .map(user -> new ResponseDTO<>(HttpStatus.OK.value(), user, null)); + } } diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/filters/FormAuthenticationSuccessHandler.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/filters/FormAuthenticationSuccessHandler.java index e9b11cb48e..91bb0434aa 100644 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/filters/FormAuthenticationSuccessHandler.java +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/filters/FormAuthenticationSuccessHandler.java @@ -1,5 +1,6 @@ package com.appsmith.server.filters; +import com.appsmith.server.constants.Url; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.springframework.security.core.Authentication; @@ -20,20 +21,22 @@ public class FormAuthenticationSuccessHandler implements ServerAuthenticationSuc private ServerRedirectStrategy redirectStrategy = new DefaultServerRedirectStrategy(); + /** + * On authentication success, we send a redirect to the endpoint that serve's the user's profile. + * The client browser will follow this redirect and fetch the user's profile JSON from the server. + * In the process, the client browser will also set the session ID in the cookie against the server's API domain. + * + * @param webFilterExchange + * @param authentication + * @return + */ @Override public Mono onAuthenticationSuccess(WebFilterExchange webFilterExchange, Authentication authentication) { log.debug("Login succeeded for user: {}", authentication.getPrincipal()); ServerWebExchange exchange = webFilterExchange.getExchange(); - // On authentication success, we send a redirect to the client's home page. This ensures that the session - // is set in the cookie on the browser. - String originHeader = exchange.getRequest().getHeaders().getOrigin(); - if(originHeader == null || originHeader.isEmpty()) { - originHeader = "/"; - } - - URI defaultRedirectLocation = URI.create(originHeader); + URI defaultRedirectLocation = URI.create(Url.USER_URL + "/me"); return this.redirectStrategy.sendRedirect(exchange, defaultRedirectLocation); }