fix: OAuth2認証に失敗するようになっているのを修正

2023-11-21 12:38:41 +09:00 · 2023-11-21 12:38:41 +09:00 · f232183679
parent 44563e2251
commit f232183679
4 changed files with 33 additions and 19 deletions
--- a/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt
@ -11,6 +11,7 @@ import dev.usbharu.hideout.core.infrastructure.springframework.httpsignature.Htt
 import dev.usbharu.hideout.core.infrastructure.springframework.httpsignature.HttpSignatureUserDetailsService
 import dev.usbharu.hideout.core.infrastructure.springframework.httpsignature.HttpSignatureVerifierComposite
 import dev.usbharu.hideout.core.infrastructure.springframework.oauth2.UserDetailsImpl
+import dev.usbharu.hideout.core.infrastructure.springframework.oauth2.UserDetailsServiceImpl
 import dev.usbharu.hideout.core.query.UserQueryService
 import dev.usbharu.hideout.util.RsaUtil
 import dev.usbharu.httpsignature.sign.RsaSha256HttpSignatureSigner
@ -31,6 +32,7 @@ import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder
 import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter
 import org.springframework.security.authentication.AccountStatusUserDetailsChecker
 import org.springframework.security.authentication.AuthenticationManager
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider
 import org.springframework.security.config.Customizer
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
@ -59,7 +61,7 @@ import java.security.interfaces.RSAPrivateKey
 import java.security.interfaces.RSAPublicKey
 import java.util.*

-@EnableWebSecurity(debug = false)
+@EnableWebSecurity(debug = true)
@Configuration
@Suppress("FunctionMaxLength", "TooManyFunctions")
 class SecurityConfig {
@ -75,13 +77,12 @@ class SecurityConfig {
    @Order(1)
    fun httpSignatureFilterChain(
        http: HttpSecurity,
-        httpSignatureFilter: HttpSignatureFilter,
        introspector: HandlerMappingIntrospector
    ): SecurityFilterChain {
        val builder = MvcRequestMatcher.Builder(introspector)
        http
            .securityMatcher("/inbox", "/outbox", "/users/*/inbox", "/users/*/outbox", "/users/*/posts/*")
-            .addFilter(httpSignatureFilter)
+            .addFilter(getHttpSignatureFilter(http.getSharedObject(AuthenticationManager::class.java)))
            .addFilterBefore(
                ExceptionTranslationFilter(HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)),
                HttpSignatureFilter::class.java
@ -108,12 +109,11 @@ class SecurityConfig {
            .sessionManagement {
                it.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            }
-
        return http.build()
    }

-    @Bean
-    fun getHttpSignatureFilter(authenticationManager: AuthenticationManager): HttpSignatureFilter {
+
+    fun getHttpSignatureFilter(authenticationManager: AuthenticationManager?): HttpSignatureFilter {
        val httpSignatureFilter = HttpSignatureFilter(DefaultSignatureHeaderParser())
        httpSignatureFilter.setAuthenticationManager(authenticationManager)
        httpSignatureFilter.setContinueFilterChainOnUnsuccessfulAuthentication(false)
@ -124,6 +124,13 @@ class SecurityConfig {
        return httpSignatureFilter
    }

+    @Bean
+    fun daoAuthenticationProvider(userDetailsServiceImpl: UserDetailsServiceImpl): DaoAuthenticationProvider {
+        val daoAuthenticationProvider = DaoAuthenticationProvider()
+        daoAuthenticationProvider.setUserDetailsService(userDetailsServiceImpl)
+        return daoAuthenticationProvider
+    }
+
    @Bean
    fun httpSignatureAuthenticationProvider(transaction: Transaction): PreAuthenticatedAuthenticationProvider {
        val provider = PreAuthenticatedAuthenticationProvider()
@ -187,16 +194,22 @@ class SecurityConfig {
        }
        http.oauth2ResourceServer {
            it.jwt(Customizer.withDefaults())
-        }.passwordManagement { }.formLogin(Customizer.withDefaults()).csrf {
-            it.ignoringRequestMatchers(builder.pattern("/users/*/inbox"))
-            it.ignoringRequestMatchers(builder.pattern(HttpMethod.POST, "/api/v1/apps"))
-            it.ignoringRequestMatchers(builder.pattern("/inbox"))
-            it.ignoringRequestMatchers(PathRequest.toH2Console())
-        }.headers {
-            it.frameOptions {
-                it.sameOrigin()
-            }
        }
+            .passwordManagement { }
+            .formLogin {
+
+            }
+            .csrf {
+                it.ignoringRequestMatchers(builder.pattern("/users/*/inbox"))
+                it.ignoringRequestMatchers(builder.pattern(HttpMethod.POST, "/api/v1/apps"))
+                it.ignoringRequestMatchers(builder.pattern("/inbox"))
+                it.ignoringRequestMatchers(PathRequest.toH2Console())
+            }
+            .headers {
+                it.frameOptions {
+                    it.sameOrigin()
+                }
+            }
        return http.build()
    }

--- a/src/main/kotlin/dev/usbharu/hideout/mastodon/service/app/AppApiService.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/mastodon/service/app/AppApiService.kt
@ -60,7 +60,8 @@ class AppApiServiceImpl(
                "invalid-vapid-key",
                appsRequest.website,
                id,
-                clientSecret
+                clientSecret,
+                appsRequest.redirectUris
            )
        }
    }
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@ -19,7 +19,7 @@ spring:
    default-property-inclusion: always
  datasource:
    driver-class-name: org.h2.Driver
-    url: "jdbc:h2:./test-dev4;MODE=POSTGRESQL;TRACE_LEVEL_FILE=4"
+    url: "jdbc:h2:./test-dev4;MODE=POSTGRESQL"
    username: ""
    password: ""
  #  data:
--- a/src/main/resources/logback.xml
+++ b/src/main/resources/logback.xml
@ -4,7 +4,7 @@
            <pattern>%d{YYYY-MM-dd HH:mm:ss.SSS} [%thread] %-5level [%X{x-request-id}] %logger{36} - %msg%n</pattern>
        </encoder>
    </appender>
-    <root level="INFO">
+    <root level="TRACE">
        <appender-ref ref="STDOUT"/>
    </root>
    <logger name="org.eclipse.jetty" level="INFO"/>
@ -12,7 +12,7 @@
    <logger name="kjob.core.internal.scheduler.JobServiceImpl" level="INFO"/>
    <logger name="Exposed" level="INFO"/>
    <logger name="io.ktor.server.plugins.contentnegotiation" level="INFO"/>
-    <logger name="org.springframework.web.filter.CommonsRequestLoggingFilter" level="INFO"/>
+    <logger name="org.springframework.web.filter.CommonsRequestLoggingFilter" level="DEBUG"/>
    <logger name="org.mongodb.driver.protocol.command" level="INFO"/>
    <logger name="dev.usbharu" level="TRACE"/>
 </configuration>