Merge pull request #323 from Sanapol/add-yandex-authorisation-319

[#319] Add yandex authorisation

Author: fey

.env.example

@@ -0,0 +1,4 @@
+GITHUB_CLIENT_ID=
+GITHUB_CLIENT_SECRET=
+YANDEX_CLIENT_ID=
+YANDEX_CLIENT_SECRET=

README.md

@@ -17,6 +17,31 @@ Before you can build this project, you must install and configure the following
 1. Java 19
 2. Docker, Docker Compose
 
+### Yandex authorization
+
+To enable Yandex authorization, you need to register on [Yandex ID OAuth](https://oauth.yandex.ru/) and create your web application, 
+add `ClientID` and `Client secret` in your secret
+
+```bash
+YANDEX_CLIENT_ID=your_yadex_client_id_values
+YANDEX_CLIENT_SECRET=your_yandex_client_secret_values
+```
+### Registration/Authorization with GitHub
+
+For registration or/and authorization account with GitHub:
+- Create OAuth app https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app.
+- Get values the `Client ID` and `Client Secret` and add to environment variables in any known way.
+
+For example, you can create an `.env` file in the root of the project, where you can enter the names of variables
+and their values as shown below:
+```bash
+GITHUB_CLIENT_ID=your_github_client_id_values
+GITHUB_CLIENT_SECRET=your_github_client_secret_values
+```
+A `.env.example` file has been created in the root of the project, which specifies the variables as they should be specified. For these variables, you need to specify the values you received.
+You can copy this file and rename to `.env`, change and use.
+```
+
 ### Packaging as uber-jar
 
 To build the final jar:

build.gradle.kts

@@ -32,6 +32,9 @@ dependencies {
     implementation("org.springframework.boot:spring-boot-starter-thymeleaf")
     implementation("org.springframework.boot:spring-boot-starter-actuator")
     implementation("org.springframework.boot:spring-boot-starter-validation")
+    implementation ("org.springframework.boot:spring-boot-starter-oauth2-client")
+    implementation("org.springframework.boot:spring-boot-starter-webflux")
+    implementation("org.springframework.session:spring-session-core")
     runtimeOnly("org.springframework.boot:spring-boot-devtools")
     // Thymeleaf
     implementation("org.thymeleaf.extras:thymeleaf-extras-springsecurity6:3.1.1.RELEASE")
@@ -40,13 +43,15 @@ dependencies {
     implementation("org.webjars:bootstrap:5.2.3")
     implementation("nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect:3.3.0")
     // Database
-    runtimeOnly("org.postgresql:postgresql:42.5.4")
+    runtimeOnly("org.postgresql:postgresql:42.5.5")
     implementation("io.hypersistence:hypersistence-utils-hibernate-60:3.2.0")
     implementation("org.liquibase:liquibase-core:4.26.0")
     // Utils
     compileOnly("org.projectlombok:lombok-mapstruct-binding:0.2.0")
     implementation("org.ocpsoft.prettytime:prettytime:5.0.6.Final")
     implementation("org.mapstruct:mapstruct:1.5.3.Final")
+    implementation("io.github.cdimascio:dotenv-java:3.2.0")
+    implementation("org.antlr:antlr4-runtime:4.10.1")
     // Annotation processors
     annotationProcessor("org.mapstruct:mapstruct-processor:1.5.3.Final")
     // Testing
@@ -55,6 +60,7 @@ dependencies {
     testImplementation("org.testcontainers:junit-jupiter")
     testImplementation("org.testcontainers:postgresql")
     testImplementation("com.github.database-rider:rider-spring:1.36.0")
+    testImplementation("org.springframework.cloud:spring-cloud-contract-wiremock:4.0.2")
     testRuntimeOnly("org.junit.platform:junit-platform-launcher")
     testAnnotationProcessor("org.mapstruct:mapstruct-processor:1.5.3.Final")
 }

src/main/java/io/hexlet/typoreporter/HexletTypoReporter.java

@@ -1,12 +1,15 @@
 package io.hexlet.typoreporter;
 
+import io.github.cdimascio.dotenv.Dotenv;
+import io.github.cdimascio.dotenv.DotenvEntry;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.core.env.Environment;
 
 import java.net.InetAddress;
 import java.net.UnknownHostException;
+import java.util.Set;
 
 import static java.util.Optional.ofNullable;
 
@@ -15,6 +18,15 @@
 public class HexletTypoReporter {
 
     public static void main(String[] args) {
+        Dotenv dotenv = Dotenv.configure()
+            .ignoreIfMalformed()
+            .ignoreIfMissing()
+            .load();
+
+        Set<DotenvEntry> dotenvInFile = dotenv.entries(Dotenv.Filter.DECLARED_IN_ENV_FILE);
+        dotenvInFile.forEach(entry ->
+            System.setProperty(entry.getKey(), entry.getValue()));
+
         final var env = SpringApplication.run(HexletTypoReporter.class, args).getEnvironment();
         logApplicationStartup(env);
     }

src/main/java/io/hexlet/typoreporter/config/SecurityConfig.java

@@ -4,6 +4,7 @@
 import io.hexlet.typoreporter.handler.exception.WorkspaceNotFoundException;
 import io.hexlet.typoreporter.security.service.AccountDetailService;
 import io.hexlet.typoreporter.security.service.SecuredWorkspaceService;
+import io.hexlet.typoreporter.service.oauth2.OAuth2Service;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
@@ -78,15 +79,16 @@ public SecurityContextRepository securityContextRepository() {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http,
                                    SecurityContextRepository securityContextRepository,
-                                   DynamicCorsConfigurationSource dynamicCorsConfigurationSource) throws Exception {
+                                   DynamicCorsConfigurationSource dynamicCorsConfigurationSource,
+                                           OAuth2Service oAuth2Service) throws Exception {
         http.httpBasic();
         http.cors();
         http.exceptionHandling().accessDeniedHandler(accessDeniedHandler());
 
         http.authorizeHttpRequests(authz -> authz
                 .requestMatchers(GET, "/webjars/**", "/widget/**", "/fragments/**", "/img/**",
                     "/favicon.ico").permitAll()
-                .requestMatchers("/", "/login", "/signup", "/error", "/about").permitAll()
+                .requestMatchers("/", "/login", "/signup", "/error", "/about", "/oauth2/**").permitAll()
                 .anyRequest().authenticated()
             )
             .formLogin(login -> login
@@ -101,6 +103,11 @@ public SecurityFilterChain filterChain(HttpSecurity http,
                     new AntPathRequestMatcher("/typo/form/*", POST.name())
                 )
             )
+            .oauth2Login(oauth2 -> oauth2
+                .loginPage("/login")
+                .userInfoEndpoint(userInfo -> userInfo.userService(oAuth2Service))
+                .defaultSuccessUrl("/workspaces", true)
+            )
             .addFilterBefore(corsFilter(dynamicCorsConfigurationSource), CorsFilter.class);
 
         http.securityContext().securityContextRepository(securityContextRepository);

src/main/java/io/hexlet/typoreporter/domain/account/AuthProvider.java

@@ -2,6 +2,24 @@
 
 public enum AuthProvider {
 
-    EMAIL, GITHUB, GOOGLE
+    EMAIL("EMAIL"), GITHUB("GITHUB"), GOOGLE("GOOGLE"), YANDEX("YANDEX");
 
+    private String name;
+
+    AuthProvider(String name) {
+        this.name = name;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public static AuthProvider fromName(String name) {
+        for (AuthProvider provider : values()) {
+            if (provider.name.equals(name)) {
+                return provider;
+            }
+        }
+        throw new IllegalArgumentException("Provider not found: " + name);
+    }
 }

src/main/java/io/hexlet/typoreporter/service/AccountService.java

@@ -8,6 +8,7 @@
 import io.hexlet.typoreporter.service.account.UsernameAlreadyExistException;
 import io.hexlet.typoreporter.service.account.signup.SignupAccount;
 import io.hexlet.typoreporter.service.account.signup.SignupAccountUseCase;
+import io.hexlet.typoreporter.service.dto.account.CustomUserDetails;
 import io.hexlet.typoreporter.service.dto.account.InfoAccount;
 import io.hexlet.typoreporter.service.dto.account.UpdatePassword;
 import io.hexlet.typoreporter.service.dto.account.UpdateProfile;
@@ -20,6 +21,9 @@
 import io.hexlet.typoreporter.handler.exception.NewPasswordTheSameException;
 import io.hexlet.typoreporter.handler.exception.OldPasswordWrongException;
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
@@ -66,7 +70,22 @@ public InfoAccount signup(SignupAccount signupAccount) throws UsernameAlreadyExi
         accToSave.setEmail(normalizedEmail);
         accToSave.setUsername(normalizedUsername);
         accToSave.setPassword(passwordEncoder.encode(signupAccount.password()));
-        accToSave.setAuthProvider(AuthProvider.EMAIL);
+
+        if (accToSave.getAuthProvider() == null) {
+            accToSave.setAuthProvider(AuthProvider.EMAIL);
+        }
+
+        CustomUserDetails accountDetail = new CustomUserDetails(
+            normalizedEmail,
+            accToSave.getPassword(),
+            normalizedUsername,
+            List.of(new SimpleGrantedAuthority("ROLE_USER"))
+        );
+
+        var tempAuth = new UsernamePasswordAuthenticationToken(
+            accountDetail, null, accountDetail.getAuthorities());
+        SecurityContextHolder.getContext().setAuthentication(tempAuth);
+
         accountRepository.save(accToSave);
         return accountMapper.toInfoAccount(accToSave);
     }

src/main/java/io/hexlet/typoreporter/service/account/signup/SignupAccount.java

@@ -5,7 +5,8 @@ public record SignupAccount(
     String email,
     String password,
     String firstName,
-    String lastName
+    String lastName,
+    String authProvider
 ) {
 
     @Override

src/main/java/io/hexlet/typoreporter/service/oauth2/CustomOAuth2User.java

@@ -0,0 +1,21 @@
+package io.hexlet.typoreporter.service.oauth2;
+
+import lombok.Getter;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
+
+import java.util.Collection;
+import java.util.Map;
+
+@Getter
+public class CustomOAuth2User extends DefaultOAuth2User {
+    private final String nickname;
+
+    public CustomOAuth2User(Collection<? extends GrantedAuthority> authorities,
+                            Map<String, Object> attributes,
+                            String keyAttribute,
+                            String nickname) {
+        super(authorities, attributes, keyAttribute);
+        this.nickname = nickname;
+    }
+}

src/main/java/io/hexlet/typoreporter/service/oauth2/GithubOAuth2UserInfo.java

@@ -0,0 +1,65 @@
+package io.hexlet.typoreporter.service.oauth2;
+
+import org.springframework.core.ParameterizedTypeReference;
+import org.springframework.http.HttpHeaders;
+import org.springframework.web.reactive.function.client.WebClient;
+
+import java.util.List;
+import java.util.Map;
+
+public class GithubOAuth2UserInfo implements OAuth2UserInfo {
+
+    private final String accessToken;
+    private final Map<String, Object> attributes;
+
+    public GithubOAuth2UserInfo(String accessToken, Map<String, Object> attributes) {
+        this.accessToken = accessToken;
+        this.attributes = attributes;
+    }
+
+    @Override
+    public String getEmail() {
+        var email = attributes.get("email");
+        if (email == null) {
+            WebClient webClient = WebClient.builder()
+                .baseUrl("https://api.github.com")
+                .defaultHeader(HttpHeaders.AUTHORIZATION, "Bearer " + accessToken)
+                .build();
+
+            List<Map<String, Object>> emails = webClient.get()
+                .uri("/user/emails")
+                .retrieve()
+                .bodyToMono(new ParameterizedTypeReference<List<Map<String, Object>>>() { })
+                .block();
+
+            email = emails.stream()
+                .filter(e -> Boolean.TRUE.equals(e.get("primary")))
+                .map(e -> (String) e.get("email"))
+                .findFirst()
+                .orElse(null);
+        }
+        return (String) email;
+    }
+
+    @Override
+    public String getUsername() {
+        return attributes.get("login").toString();
+    }
+
+    @Override
+    public String getFirstName() {
+        String[] names = attributes.get("name").toString().split(" ");
+        return names.length > 0 ? names[0] : "";
+    }
+
+    @Override
+    public String getLastName() {
+        String[] names = attributes.get("name").toString().split(" ");
+        return names.length > 1 ? names[1] : "";
+    }
+
+    @Override
+    public Map<String, Object> getAttributes() {
+        return attributes;
+    }
+}