[Vertx-Pac4j] Temporary use of session to store a Pac4jUser as a TockUser

Author: assouktim

bot/admin/server/src/main/kotlin/verticle/DialogVerticle.kt

@@ -253,6 +253,6 @@ class DialogVerticle {
      * Get the namespace from the context
      * @param context : the vertx routing context
      */
-    private fun getNamespace(context: RoutingContext) = (context.user() as TockUser).namespace
+    private fun getNamespace(context: RoutingContext) = ((context.user() ?: context.session().get("tockUser")) as TockUser).namespace
 
 }

bot/admin/server/src/main/kotlin/verticle/GenAIVerticle.kt

@@ -252,7 +252,7 @@ class GenAIVerticle {
      * Get the namespace from the context
      * @param context : the vertx routing context
      */
-    private fun getNamespace(context: RoutingContext) = (context.user() as TockUser).namespace
+    private fun getNamespace(context: RoutingContext) = ((context.user() ?: context.session().get("tockUser")) as TockUser).namespace
 
     /**
      * Merge namespace and botId on requested [MetricFilter]

bot/admin/server/src/main/kotlin/verticle/IndicatorVerticle.kt

@@ -150,7 +150,7 @@ class IndicatorVerticle {
      * Get the namespace from the context
      * @param context : the vertx routing context
      */
-    private fun getNamespace(context: RoutingContext) = (context.user() as TockUser).namespace
+    private fun getNamespace(context: RoutingContext) = ((context.user() ?: context.session().get("tockUser")) as TockUser).namespace
 
     /**
      * Merge namespace and botId on requested [MetricFilter]

nlp/admin/server/src/main/kotlin/AdminVerticle.kt

@@ -1174,6 +1174,7 @@ open class AdminVerticle : WebVerticle() {
 
     fun configureStaticHandling() {
         if (!devEnvironment) {
+            logger.info { "Running in production: static content enabled." }
             // serve statics in docker image
             val webRoot = verticleProperty("content_path", "/maven/dist")
             // swagger yaml
@@ -1216,9 +1217,8 @@ open class AdminVerticle : WebVerticle() {
                                 .replace("<base href=\"/\"", "<base href=\"$baseHref\"")
                             logger.debug { "content: $content" }
                             val result = Buffer.buffer(content)
-                            if (!devEnvironment) {
-                                indexContent = result
-                            }
+                            indexContent = result
+
                             context.response()
                                 .putHeader(HttpHeaderNames.CONTENT_TYPE, "text/html; charset=utf-8")
                                 .end(result)
@@ -1242,6 +1242,8 @@ open class AdminVerticle : WebVerticle() {
             router.route(GET, "$baseHref*")
                 .handler(StaticHandler.create(FileSystemAccess.ROOT, webRoot))
                 .handler(indexContentHandler)
+        }else{
+            logger.info { "Running in development: static content disabled." }
         }
     }
 

pom.xml

@@ -75,7 +75,7 @@
         <aws-sdk>1.12.792</aws-sdk>
         <aws-sagemaker>2.35.3</aws-sagemaker>
         <pac4j>6.2.2</pac4j>
-        <vertx-pac4j>7.0.1</vertx-pac4j>
+        <vertx-pac4j>7.0.2</vertx-pac4j>
         <okhttp-eventsource>4.1.1</okhttp-eventsource>
         <graphql-kotlin>6.3.0</graphql-kotlin>
 

shared/src/main/kotlin/security/auth/CASAuthProvider.kt

@@ -36,10 +36,14 @@ import io.vertx.ext.web.RoutingContext
 import io.vertx.ext.web.handler.AuthenticationHandler
 import io.vertx.ext.web.handler.BodyHandler
 import io.vertx.ext.web.handler.SessionHandler
+import io.vertx.ext.web.impl.UserContextInternal
 import io.vertx.ext.web.sstore.LocalSessionStore
 import mu.KotlinLogging
+import org.pac4j.cas.profile.CasProfile
 import org.pac4j.core.config.Config
-import org.pac4j.vertx.auth.Pac4jUser
+import org.pac4j.core.profile.ProfileManager
+import org.pac4j.vertx.VertxProfileManager
+import org.pac4j.vertx.VertxWebContext
 import org.pac4j.vertx.context.session.VertxSessionStore
 import org.pac4j.vertx.handler.impl.CallbackHandler
 import org.pac4j.vertx.handler.impl.CallbackHandlerOptions
@@ -95,10 +99,10 @@ abstract class CASAuthProvider(vertx: Vertx) : SSOTockAuthProvider(vertx) {
     abstract fun getConfig(): Config
 
     /** Read Tock Login from CAS user info */
-    abstract fun readCasLogin(user: Pac4jUser): String
+    abstract fun readCasLogin(userCASProfile: CasProfile): String
 
     /** Read roles grouped by namespace from CAS user infos */
-    abstract fun readRolesByNamespace(user: Pac4jUser): Map<String, Set<String>>
+    abstract fun readRolesByNamespace(userCASProfile: CasProfile): Map<String, Set<String>>
 
     override fun createAuthHandler(verticle: WebVerticle): AuthenticationHandler {
         val options: SecurityHandlerOptions = SecurityHandlerOptions().setClients("CasClient")
@@ -121,10 +125,19 @@ abstract class CASAuthProvider(vertx: Vertx) : SSOTockAuthProvider(vertx) {
         return user!! // !! is because user is already guaranteed to be not null
     }
 
-    protected open fun upgradeToTockUser(user: Pac4jUser, resultHandler: Handler<HttpResult<TockUser>>) {
+    /**
+     * https://github.com/pac4j/vertx-pac4j/wiki/Get-the-authenticated-user-profiles
+     */
+    fun getUserCasProfile(rc: RoutingContext): CasProfile {
+        val profileManager: ProfileManager =
+            VertxProfileManager(VertxWebContext(rc), sessionStore)
+        return profileManager.getProfile(CasProfile::class.java).get()
+    }
+
+    protected open fun upgradeToTockUser(userCASProfile: CasProfile, resultHandler: Handler<HttpResult<TockUser>>) {
         try {
-            val username = readCasLogin(user)
-            val rolesByNamespace = readRolesByNamespace(user)
+            val username = readCasLogin(userCASProfile)
+            val rolesByNamespace = readRolesByNamespace(userCASProfile)
             logger.debug { "authenticate $username/$rolesByNamespace" }
 
             if (rolesByNamespace.keys.isEmpty()) {
@@ -169,15 +182,19 @@ abstract class CASAuthProvider(vertx: Vertx) : SSOTockAuthProvider(vertx) {
 
         verticle.router.route("/*").handler(WithExcludedPathHandler(excluded) { rc ->
             val user = rc.user()
-            if (user != null && user !is TockUser) {
+            if (user != null && user !is TockUser) { // user is Pac4jUser
                 executor.executeBlocking {
-                    upgradeToTockUser(user as Pac4jUser) { hr ->
+                    upgradeToTockUser(getUserCasProfile(rc)) { hr ->
                         if (hr.succeeded()) {
                             vertx.runOnContext {
-                                sessionHandler
-                                    .setUser(rc, hr.result)
-                                    .onSuccess { rc.next() }
-                                    .onFailure { err -> rc.fail(err) }
+                                // TODO : setUser problem (*): This assignment (adding the user to the context) is not maintained for the next vertx handler (rc.next()).
+                                (rc.userContext() as UserContextInternal).setUser(hr.result)
+                                // TODO : we are therefore temporarily using the session to store tockUser.
+                                rc.session().put(
+                                    "tockUser",
+                                    hr.result
+                                )
+                                rc.next()
                             }
                         } else {
                             rc.userContext().clear()

shared/src/main/kotlin/security/auth/TockAuthProvider.kt

@@ -58,5 +58,7 @@ interface TockAuthProvider : AuthenticationProvider {
     /**
      * Gets a [TockUser] from current vert.x state.
      */
-    fun toTockUser(context: RoutingContext): TockUser? = context.user() as? TockUser
+    fun toTockUser(context: RoutingContext): TockUser? {
+        return context.user() as? TockUser ?: context.session().get("tockUser") as? TockUser
+    }
 }

shared/src/main/kotlin/vertx/WebVerticle.kt

@@ -334,7 +334,7 @@ abstract class WebVerticle : AbstractVerticle() {
     ) {
         router.route(method, "$basePath$path")
             .handler { context ->
-                val u = context.user()
+                val u: TockUser? = context.user() as? TockUser ?: context.session().get("tockUser") as? TockUser
                 if (u == null || roles.isNullOrEmpty()) {
                     handler.invoke(context)
                 } else {
@@ -373,7 +373,7 @@ abstract class WebVerticle : AbstractVerticle() {
         role: TockUserRole,
         resultHandler: (AsyncResult<Boolean>) -> Unit
     ) {
-        val u = user() as? TockUser
+        val u: TockUser? = user() as? TockUser ?: session().get("tockUser")
         if (u == null) {
             resultHandler.invoke(Future.failedFuture("No user set"))
         } else {
@@ -388,7 +388,7 @@ abstract class WebVerticle : AbstractVerticle() {
         roles: Set<TockUserRole?>,
         resultHandler: (AsyncResult<Boolean>) -> Unit
     ) {
-        val tockUser = user() as? TockUser
+        val tockUser: TockUser? = user() as? TockUser ?: session().get("tockUser") as? TockUser
         if (tockUser == null) {
             resultHandler.invoke(Future.failedFuture("No user set"))
             return