diff --git a/backend/src/main/java/de/szut/casino/security/AuthController.java b/backend/src/main/java/de/szut/casino/security/AuthController.java index 13a238e..561fc3c 100644 --- a/backend/src/main/java/de/szut/casino/security/AuthController.java +++ b/backend/src/main/java/de/szut/casino/security/AuthController.java @@ -23,9 +23,6 @@ public class AuthController { @Autowired private AuthService authService; - @Autowired - private GitHubService githubService; - @PostMapping("/login") public ResponseEntity authenticateUser(@Valid @RequestBody LoginRequestDto loginRequest) throws EmailNotVerifiedException { AuthResponseDto response = authService.login(loginRequest); diff --git a/backend/src/main/java/de/szut/casino/security/CorsFilter.java b/backend/src/main/java/de/szut/casino/security/CorsFilter.java index 446864e..b1c1b3b 100644 --- a/backend/src/main/java/de/szut/casino/security/CorsFilter.java +++ b/backend/src/main/java/de/szut/casino/security/CorsFilter.java @@ -23,7 +23,6 @@ public class CorsFilter implements Filter { HttpServletResponse response = (HttpServletResponse) res; HttpServletRequest request = (HttpServletRequest) req; - // Allow requests from the frontend response.setHeader("Access-Control-Allow-Origin", frontendHost); response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS"); response.setHeader("Access-Control-Allow-Headers", "*"); diff --git a/backend/src/main/java/de/szut/casino/security/GitHubService.java b/backend/src/main/java/de/szut/casino/security/GitHubService.java index a345825..b01cb76 100644 --- a/backend/src/main/java/de/szut/casino/security/GitHubService.java +++ b/backend/src/main/java/de/szut/casino/security/GitHubService.java @@ -45,22 +45,18 @@ public class GitHubService { public AuthResponseDto processGithubCode(String code) { try { - // Exchange code for access token RestTemplate restTemplate = new RestTemplate(); - // Create request body for token endpoint Map requestBody = new HashMap<>(); requestBody.put("client_id", clientId); requestBody.put("client_secret", clientSecret); requestBody.put("code", code); - // Set headers HttpHeaders headers = new HttpHeaders(); headers.set("Accept", "application/json"); HttpEntity> requestEntity = new HttpEntity<>(requestBody, headers); - // Get access token ResponseEntity response = restTemplate.exchange( "https://github.com/login/oauth/access_token", HttpMethod.POST, @@ -70,7 +66,6 @@ public class GitHubService { Map responseBody = response.getBody(); - // Check if there's an error in the response if (responseBody.containsKey("error")) { String error = (String) responseBody.get("error"); String errorDescription = (String) responseBody.get("error_description"); @@ -84,7 +79,6 @@ public class GitHubService { throw new RuntimeException("Failed to receive access token from GitHub"); } - // Get user info HttpHeaders userInfoHeaders = new HttpHeaders(); userInfoHeaders.set("Authorization", "Bearer " + accessToken); @@ -99,7 +93,6 @@ public class GitHubService { Map userAttributes = userResponse.getBody(); - // Get user emails HttpHeaders emailsHeaders = new HttpHeaders(); emailsHeaders.set("Authorization", "Bearer " + accessToken); @@ -115,7 +108,6 @@ public class GitHubService { List> emails = emailsResponse.getBody(); String email = null; - // Find primary email for (Map emailInfo : emails) { Boolean primary = (Boolean) emailInfo.get("primary"); if (primary != null && primary) { @@ -124,24 +116,19 @@ public class GitHubService { } } - // If no primary email, just use the first one if (email == null && !emails.isEmpty()) { email = (String) emails.get(0).get("email"); } - // Process user data String githubId = userAttributes.get("id").toString(); String username = (String) userAttributes.get("login"); - // Check if user exists by provider ID Optional userOptional = userRepository.findByProviderId(githubId); UserEntity user; if (userOptional.isPresent()) { - // Update existing user user = userOptional.get(); } else { - // Check if email exists userOptional = userRepository.findByEmail(email); if (userOptional.isPresent()) { @@ -149,7 +136,6 @@ public class GitHubService { user.setProvider(AuthProvider.GITHUB); user.setProviderId(githubId); } else { - // Create new user user = new UserEntity(); user.setEmail(email); user.setUsername(username); @@ -168,7 +154,6 @@ public class GitHubService { Authentication authentication = this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(user.getEmail(), randomPassword)); - // Generate JWT token String token = jwtUtils.generateToken(authentication); return new AuthResponseDto(token); diff --git a/backend/src/main/java/de/szut/casino/security/SecurityConfig.java b/backend/src/main/java/de/szut/casino/security/SecurityConfig.java index 9b3c880..740739e 100644 --- a/backend/src/main/java/de/szut/casino/security/SecurityConfig.java +++ b/backend/src/main/java/de/szut/casino/security/SecurityConfig.java @@ -32,9 +32,6 @@ public class SecurityConfig { @Value("${app.frontend-host}") private String frontendHost; - @Value("${app.oauth2.authorizedRedirectUris}") - private String authorizedRedirectUri; - @Autowired private UserDetailsService userDetailsService; @@ -73,8 +70,6 @@ public class SecurityConfig { .requestMatchers(org.springframework.http.HttpMethod.OPTIONS, "/**").permitAll() .anyRequest().authenticated(); }) - // Disable Spring's built-in OAuth2 login since we're implementing a custom flow - // We're using our own GitHubController for OAuth2 login .authenticationProvider(authenticationProvider()) .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); diff --git a/backend/src/main/java/de/szut/casino/security/oauth2/CustomOAuth2UserService.java b/backend/src/main/java/de/szut/casino/security/oauth2/CustomOAuth2UserService.java index de2de14..c873ad9 100644 --- a/backend/src/main/java/de/szut/casino/security/oauth2/CustomOAuth2UserService.java +++ b/backend/src/main/java/de/szut/casino/security/oauth2/CustomOAuth2UserService.java @@ -45,7 +45,6 @@ public class CustomOAuth2UserService extends DefaultOAuth2UserService { String registrationId = oAuth2UserRequest.getClientRegistration().getRegistrationId(); OAuth2UserInfo oAuth2UserInfo = OAuth2UserInfoFactory.getOAuth2UserInfo(registrationId, oAuth2User.getAttributes()); - // For GitHub, the email might not be directly available in attributes String email = oAuth2UserInfo.getEmail(); if (StringUtils.isEmpty(email)) { email = oAuth2UserInfo.getName() + "@github.user"; @@ -79,7 +78,6 @@ public class CustomOAuth2UserService extends DefaultOAuth2UserService { username = "github_" + oAuth2UserInfo.getId(); } - // Check if username already exists and append a suffix if needed if (userRepository.findByUsername(username).isPresent()) { username = username + "_" + UUID.randomUUID().toString().substring(0, 8); } @@ -90,11 +88,10 @@ public class CustomOAuth2UserService extends DefaultOAuth2UserService { user.setEmail(email); user.setEmailVerified(true); - // Generate a random password for OAuth users (they won't use it) String randomPassword = UUID.randomUUID().toString(); user.setPassword(oauth2PasswordEncoder.encode(randomPassword)); - user.setBalance(new BigDecimal("1000.00")); // Starting balance + user.setBalance(new BigDecimal("100.00")); // Starting balance return userRepository.save(user); } diff --git a/backend/src/main/java/de/szut/casino/security/oauth2/OAuth2AuthenticationSuccessHandler.java b/backend/src/main/java/de/szut/casino/security/oauth2/OAuth2AuthenticationSuccessHandler.java index 6e4f1d0..1e27bca 100644 --- a/backend/src/main/java/de/szut/casino/security/oauth2/OAuth2AuthenticationSuccessHandler.java +++ b/backend/src/main/java/de/szut/casino/security/oauth2/OAuth2AuthenticationSuccessHandler.java @@ -1,8 +1,6 @@ package de.szut.casino.security.oauth2; import de.szut.casino.security.jwt.JwtUtils; -import de.szut.casino.user.UserRepository; -import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import org.slf4j.Logger; @@ -26,12 +24,9 @@ public class OAuth2AuthenticationSuccessHandler extends SimpleUrlAuthenticationS @Autowired private JwtUtils jwtUtils; - @Autowired - private UserRepository userRepository; - @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) - throws IOException, ServletException { + throws IOException { String targetUrl = determineTargetUrl(authentication); logger.info("OAuth2 Authentication successful, redirecting to: {}", targetUrl); diff --git a/backend/src/main/java/de/szut/casino/security/oauth2/UserPrincipal.java b/backend/src/main/java/de/szut/casino/security/oauth2/UserPrincipal.java index 1460982..881e3fd 100644 --- a/backend/src/main/java/de/szut/casino/security/oauth2/UserPrincipal.java +++ b/backend/src/main/java/de/szut/casino/security/oauth2/UserPrincipal.java @@ -58,7 +58,6 @@ public class UserPrincipal implements OAuth2User, UserDetails { @Override public String getUsername() { - // We're using email as the username for authentication return email; }