From 712c7cafda6654c4237eef6a8445bbcdebc9ad0a Mon Sep 17 00:00:00 2001
From: Igor Bari <mucsi96@gmail.com>
Date: Mon, 3 Apr 2023 20:02:25 +0000
Subject: [PATCH] use new KubetoolsSecurityConfigurer

---
 server/pom.xml                                |  2 +-
 .../configuration/SecurityConfiguration.java  | 28 +++----------------
 .../traininglog/WithingsControllerTests.java  |  6 ++--
 3 files changed, 8 insertions(+), 28 deletions(-)

diff --git a/server/pom.xml b/server/pom.xml
index 81ace49..d956a1e 100644
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -20,7 +20,7 @@
 		<dependency>
 			<groupId>io.github.mucsi96</groupId>
 			<artifactId>kubetools</artifactId>
-			<version>1.16-SNAPSHOT</version>
+			<version>1.17-SNAPSHOT</version>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
diff --git a/server/src/main/java/mucsi96/traininglog/configuration/SecurityConfiguration.java b/server/src/main/java/mucsi96/traininglog/configuration/SecurityConfiguration.java
index 25c1609..a81417e 100644
--- a/server/src/main/java/mucsi96/traininglog/configuration/SecurityConfiguration.java
+++ b/server/src/main/java/mucsi96/traininglog/configuration/SecurityConfiguration.java
@@ -1,24 +1,16 @@
 package mucsi96.traininglog.configuration;
 
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
-import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
-import org.springframework.web.servlet.HandlerExceptionResolver;
 
-import io.github.mucsi96.kubetools.core.FilterChainExceptionHandlerFilter;
-import io.github.mucsi96.kubetools.security.AutheliaHeaderAuthenticationFilter;
+import io.github.mucsi96.kubetools.security.KubetoolsSecurityConfigurer;
 import mucsi96.traininglog.oauth.AccessTokenResponseClient;
 import mucsi96.traininglog.oauth.AuthorizedClientManager;
 import mucsi96.traininglog.oauth.AuthorizedClientRepository;
@@ -33,24 +25,12 @@ public class SecurityConfiguration {
   @Bean
   SecurityFilterChain securityFilterChain(
       HttpSecurity http,
-      @Qualifier("handlerExceptionResolver") HandlerExceptionResolver resolver,
+      KubetoolsSecurityConfigurer kubetoolsSecurityConfigurer,
       AccessTokenResponseClient accessTokenResponseClient,
-      RedirectToHomeFilter redirectToHomeFilter,
-      AuthenticationManager authenticationManager)
-      throws Exception {
-
-    return http
-        .sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-        .anonymous(AbstractHttpConfigurer::disable)
-        .csrf(AbstractHttpConfigurer::disable)
-        .headers(configurer -> configurer.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
-        .formLogin(AbstractHttpConfigurer::disable)
-        .logout(AbstractHttpConfigurer::disable)
+      RedirectToHomeFilter redirectToHomeFilter) throws Exception {
+    return kubetoolsSecurityConfigurer.configure(http)
         .oauth2Client(configurer -> configurer
             .authorizationCodeGrant(customizer -> customizer.accessTokenResponseClient(accessTokenResponseClient)))
-        .addFilter(new AutheliaHeaderAuthenticationFilter(authenticationManager))
-        .addFilterBefore(new FilterChainExceptionHandlerFilter(resolver),
-            AbstractPreAuthenticatedProcessingFilter.class)
         .addFilterBefore(redirectToHomeFilter, OAuth2AuthorizationCodeGrantFilter.class)
         .build();
   }
diff --git a/server/src/test/java/mucsi96/traininglog/WithingsControllerTests.java b/server/src/test/java/mucsi96/traininglog/WithingsControllerTests.java
index 39694ce..d7dbe78 100644
--- a/server/src/test/java/mucsi96/traininglog/WithingsControllerTests.java
+++ b/server/src/test/java/mucsi96/traininglog/WithingsControllerTests.java
@@ -86,16 +86,16 @@ public void returns_not_authorized_if_no_preauth_headers_are_sent() throws Excep
   }
 
   @Test
-  public void returns_forbidden_if_bearer_token_is_not_sent() throws Exception {
+  public void returns_not_authorized_if_authorized_client_is_not_found() throws Exception {
     MockHttpServletResponse response = mockMvc
         .perform(
             get("/withings/weight")
                 .headers(getAuthHeaders("guest")))
         .andReturn().getResponse();
 
-    assertThat(response.getStatus()).isEqualTo(403);
+    assertThat(response.getStatus()).isEqualTo(401);
     assertThat(JsonPath.parse(response.getContentAsString()).read("$._links.oauth2Login.href", String.class))
-        .isEqualTo("https://training-log.com:3000/api/oauth2/authorization/withings-client");
+        .isEqualTo("http://localhost/oauth2/authorization/withings-client");
   }
 
   @Test