removed the need to use /pkce redirect

annahileta · annahileta · commit 0cea90bff8f6 · 2024-10-29T13:23:49.000+01:00
diff --git a/src/main/java/com/docusign/WebSecurityConfig.java b/src/main/java/com/docusign/WebSecurityConfig.java
@@ -10,6 +10,8 @@
 import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
 import org.springframework.security.web.savedrequest.RequestCache;
 
+import com.docusign.core.security.CustomAuthenticationFailureHandler;
+
 @EnableWebSecurity
 public class WebSecurityConfig {
 
@@ -40,7 +42,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                     }
                 })
                 .requestCache().requestCache(requestCache()).and()
-                .oauth2Login(Customizer.withDefaults())
+                .oauth2Login(login -> login.failureHandler(new CustomAuthenticationFailureHandler()))
                 .oauth2Client(Customizer.withDefaults())
                 .logout(logout -> logout
                         .logoutSuccessUrl("/"))
diff --git a/src/main/java/com/docusign/core/security/CustomAuthenticationFailureHandler.java b/src/main/java/com/docusign/core/security/CustomAuthenticationFailureHandler.java
@@ -0,0 +1,24 @@
+package com.docusign.core.security;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class CustomAuthenticationFailureHandler implements AuthenticationFailureHandler {
+
+    @Override
+    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
+            AuthenticationException exception) throws IOException, ServletException {
+        String code = request.getParameter("code");
+        String state = request.getParameter("state");
+
+        if (code != null) {
+            response.sendRedirect("/pkce?code=" + code + "&state=" + state);
+        } else {
+            response.sendRedirect("/login?error=true");
+        }
+    }
+}
diff --git a/src/main/java/com/docusign/core/security/acg/ACGAuthenticationMethod.java b/src/main/java/com/docusign/core/security/acg/ACGAuthenticationMethod.java
@@ -18,7 +18,7 @@
 import com.docusign.esign.client.auth.OAuth;
 
 public class ACGAuthenticationMethod {
-    private static final String REDIRECT_URI = "/pkce";
+    private static final String REDIRECT_URI = "/login/oauth2/code/acg";
     private static final String STATE = "random_state_string";
     private static String codeVerifier;
     private static String codeChallenge;
diff --git a/src/main/java/com/docusign/core/security/jwt/JWTAuthenticationMethod.java b/src/main/java/com/docusign/core/security/jwt/JWTAuthenticationMethod.java
@@ -10,6 +10,8 @@
 import org.springframework.web.servlet.view.RedirectView;
 
 import java.io.IOException;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Paths;
 import java.util.List;
@@ -20,7 +22,7 @@ public class JWTAuthenticationMethod {
 
         public static final String REQUEST_CONSENT_LINK = "https://%s/oauth/auth?prompt=login&response_type=code&scope=%s&client_id=%s&redirect_uri=%s";
 
-        public static final String CONSENT_REDIRECT_URL = "http://localhost:8080/login/oauth2/code/jwt";
+        public static final String CONSENT_REDIRECT_URL = "/login/oauth2/code/jwt";
 
         private static final long TOKEN_EXPIRATION_IN_SECONDS = 3600;
 
@@ -58,7 +60,8 @@ public RedirectView loginUsingJWT(
                                                 configuration.getBaseURL(),
                                                 consent_scopes,
                                                 configuration.getUserId(),
-                                                CONSENT_REDIRECT_URL);
+                                                URLEncoder.encode(configuration.getAppUrl() + CONSENT_REDIRECT_URL,
+                                                                StandardCharsets.UTF_8));
 
                                 System.err.println("\nC O N S E N T   R E Q U I R E D" +
                                                 "\nAsk the user who will be impersonated to run the following URL: " +
