From 2ebd069086b8bdb4447f0a7c910bf6ff00e034bf Mon Sep 17 00:00:00 2001 From: AlexBob Date: Wed, 18 Sep 2024 16:47:28 +0800 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7=20chore(`SecurityController`):=20R?= =?UTF-8?q?efactor=20and=20add=20new=20endpoints=20for=20authentication=20?= =?UTF-8?q?token,=20CSRF=20token,=20OAuth2=20client=20binding,=20and=20pas?= =?UTF-8?q?sword=20change.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../boot/security/SecurityController.java | 42 ++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/boot/platform/src/main/java/com/plate/boot/security/SecurityController.java b/boot/platform/src/main/java/com/plate/boot/security/SecurityController.java index 4ff301df..c6b9c0d4 100644 --- a/boot/platform/src/main/java/com/plate/boot/security/SecurityController.java +++ b/boot/platform/src/main/java/com/plate/boot/security/SecurityController.java @@ -71,14 +71,32 @@ public SecurityController(SecurityManager securityManager, PasswordEncoder passw this.clientRepository = clientRepository; } + /** + * Retrieves an authentication token for the logged-in user by utilizing the provided server web exchange and authentication objects. + * The method leverages the security context repository to save the security context and then extracts session information + * combined with the authentication details to construct an {@link AuthenticationToken}. + * + * @param exchange The {@link ServerWebExchange} representing the current server request and response. + * @param authentication The {@link Authentication} object representing the authenticated user. + * @return A {@link Mono} emitting the constructed {@link AuthenticationToken} containing session and authentication details. + */ @GetMapping("login") - public Mono token(ServerWebExchange exchange, Authentication authentication) { + public Mono loginToken(ServerWebExchange exchange, Authentication authentication) { return ReactiveSecurityContextHolder.getContext() .delayUntil(cts -> this.securityContextRepository.save(exchange, cts)) .flatMap(context -> exchange.getSession()) .flatMap(session -> Mono.just(AuthenticationToken.build(session, authentication))); } + /** + * Retrieves the CSRF token from the context. + *

+ * This endpoint is intended for obtaining a CSRF token which can be used to protect + * against cross-site request forgery attacks. It utilizes the context to fetch the + * CSRF token that has been stored there by the security framework. + * + * @return A Mono emitting the CsrfToken instance if present in the context, otherwise an empty Mono. + */ @GetMapping("csrf") public Mono csrfToken() { return Mono.deferContextual((contextView) -> { @@ -87,12 +105,34 @@ public Mono csrfToken() { }); } + /** + * Binds an OAuth2 authorized client to the current authentication context. + *

+ * This method is responsible for loading the authorized client associated with the provided + * {@code clientRegistrationId} using the current {@link Authentication} and {@link ServerWebExchange}. + * It then extracts the access token from the authorized client and returns it as a Mono. + * + * @param clientRegistrationId The identifier for the client registration. This is used to look up the + * specific OAuth2 configuration details that the client is registered against. + * @param authentication The current authentication context containing user details and credentials. + * @param exchange The current server web exchange which holds information about the HTTP request and response. + * @return A Mono emitting the access token associated with the bound OAuth2 authorized client. + */ @GetMapping("bind") public Mono bindOauth2(String clientRegistrationId, Authentication authentication, ServerWebExchange exchange) { return this.clientRepository.loadAuthorizedClient(clientRegistrationId, authentication, exchange) .flatMap(oAuth2AuthorizedClient -> Mono.just(oAuth2AuthorizedClient.getAccessToken())); } + /** + * Changes the password for the authenticated user. + * + * @param request A {@link ChangePasswordRequest} containing the current password and the new password. + * @param authentication The authentication object representing the currently authenticated user. + * @return A {@link Mono} emitting the updated {@link UserDetails} after the password change. + * @throws RestServerException if the provided password does not match the new password, + * or if the presented password does not match the current stored password. + */ @PostMapping("/change/password") public Mono changePassword(@Valid @RequestBody ChangePasswordRequest request, Authentication authentication) {