From eb825f37e972c8234c9409e83ce3db9384ab40f7 Mon Sep 17 00:00:00 2001
From: Arpit Mohan <arpit@appsmith.com>
Date: Thu, 12 Dec 2019 15:25:09 +0530
Subject: [PATCH] Adding endpoint to fetch current user's profile.

Also redirecting the browser to this user profile endpoint on username password login success. This ensures that the client fetches the profile along with setting the session ID cookie in the browser
---
 .../server/controllers/UserController.java    | 15 ++++++++++++++-
 .../FormAuthenticationSuccessHandler.java     | 19 +++++++++++--------
 2 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/UserController.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/UserController.java
index e641907bff..238bcda102 100644
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/UserController.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/UserController.java
@@ -4,9 +4,12 @@ import com.appsmith.server.constants.Url;
 import com.appsmith.server.domains.User;
 import com.appsmith.server.dtos.ResetUserPasswordDTO;
 import com.appsmith.server.dtos.ResponseDTO;
+import com.appsmith.server.services.SessionUserService;
 import com.appsmith.server.services.UserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PutMapping;
@@ -20,9 +23,13 @@ import reactor.core.publisher.Mono;
 @RequestMapping(Url.USER_URL)
 public class UserController extends BaseController<UserService, User, String> {
 
+    private final SessionUserService sessionUserService;
+
     @Autowired
-    public UserController(UserService service) {
+    public UserController(UserService service,
+                          SessionUserService sessionUserService) {
         super(service);
+        this.sessionUserService = sessionUserService;
     }
 
     @PutMapping("/switchOrganization/{orgId}")
@@ -54,4 +61,10 @@ public class UserController extends BaseController<UserService, User, String> {
         return service.resetPasswordAfterForgotPassword(userPasswordDTO.getToken(), userPasswordDTO.getUser())
                 .map(result -> new ResponseDTO<>(HttpStatus.OK.value(), result, null));
     }
+
+    @GetMapping("/me")
+    public Mono<ResponseDTO<User>> getUserProfile() {
+        return sessionUserService.getCurrentUser()
+                .map(user -> new ResponseDTO<>(HttpStatus.OK.value(), user, null));
+    }
 }
diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/filters/FormAuthenticationSuccessHandler.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/filters/FormAuthenticationSuccessHandler.java
index e9b11cb48e..91bb0434aa 100644
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/filters/FormAuthenticationSuccessHandler.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/filters/FormAuthenticationSuccessHandler.java
@@ -1,5 +1,6 @@
 package com.appsmith.server.filters;
 
+import com.appsmith.server.constants.Url;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.Authentication;
@@ -20,20 +21,22 @@ public class FormAuthenticationSuccessHandler implements ServerAuthenticationSuc
 
     private ServerRedirectStrategy redirectStrategy = new DefaultServerRedirectStrategy();
 
+    /**
+     * On authentication success, we send a redirect to the endpoint that serve's the user's profile.
+     * The client browser will follow this redirect and fetch the user's profile JSON from the server.
+     * In the process, the client browser will also set the session ID in the cookie against the server's API domain.
+     *
+     * @param webFilterExchange
+     * @param authentication
+     * @return
+     */
     @Override
     public Mono<Void> onAuthenticationSuccess(WebFilterExchange webFilterExchange,
                                               Authentication authentication) {
         log.debug("Login succeeded for user: {}", authentication.getPrincipal());
         ServerWebExchange exchange = webFilterExchange.getExchange();
 
-        // On authentication success, we send a redirect to the client's home page. This ensures that the session
-        // is set in the cookie on the browser.
-        String originHeader = exchange.getRequest().getHeaders().getOrigin();
-        if(originHeader == null || originHeader.isEmpty()) {
-            originHeader = "/";
-        }
-
-        URI defaultRedirectLocation = URI.create(originHeader);
+        URI defaultRedirectLocation = URI.create(Url.USER_URL + "/me");
         return this.redirectStrategy.sendRedirect(exchange, defaultRedirectLocation);
     }