Merge pull request #178 from gbourant/main

remove hardcoded strings

docs/modules/ROOT/pages/includes/quarkus-renarde.adoc

@@ -0,0 +1,29 @@
+
+:summaryTableId: quarkus-renarde
+[.configuration-legend]
+icon:lock[title=Fixed at build time] Configuration property fixed at build time - All other configuration properties are overridable at runtime
+[.configuration-reference.searchable, cols="80,.^10,.^10"]
+|===
+
+h|[[quarkus-renarde_configuration]]link:#quarkus-renarde_configuration[Configuration property]
+
+h|Type
+h|Default
+
+a|icon:lock[title=Fixed at build time] [[quarkus-renarde_quarkus.renarde.auth.location-cookie]]`link:#quarkus-renarde_quarkus.renarde.auth.location-cookie[quarkus.renarde.auth.location-cookie]`
+
+
+[.description]
+--
+Option to control the name of the cookie used to redirect the user back to where he wants to get access to.
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++QUARKUS_RENARDE_AUTH_LOCATION_COOKIE+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++QUARKUS_RENARDE_AUTH_LOCATION_COOKIE+++`
+endif::add-copy-button-to-env-var[]
+--|string 
+|`quarkus-redirect-location`
+
+|===

runtime/src/main/java/io/quarkiverse/renarde/configuration/RenardeAuthConfig.java

@@ -0,0 +1,16 @@
+package io.quarkiverse.renarde.configuration;
+
+import io.quarkus.runtime.annotations.ConfigGroup;
+import io.quarkus.runtime.annotations.ConfigItem;
+
+@ConfigGroup
+public class RenardeAuthConfig {
+
+    /**
+     * Option to control the name of the cookie used to redirect the user back
+     * to where he wants to get access to.
+     */
+    @ConfigItem(defaultValue = "quarkus-redirect-location")
+    public String locationCookie;
+
+}

runtime/src/main/java/io/quarkiverse/renarde/configuration/RenardeConfig.java

@@ -0,0 +1,16 @@
+package io.quarkiverse.renarde.configuration;
+
+import io.quarkus.runtime.annotations.ConfigItem;
+import io.quarkus.runtime.annotations.ConfigPhase;
+import io.quarkus.runtime.annotations.ConfigRoot;
+
+@ConfigRoot(name = "renarde", phase = ConfigPhase.BUILD_AND_RUN_TIME_FIXED)
+public class RenardeConfig {
+
+    /**
+     * Renarde Auth config
+     */
+    @ConfigItem
+    public RenardeAuthConfig auth;
+
+}

runtime/src/main/java/io/quarkiverse/renarde/util/AuthenticationFailedExceptionMapper.java

@@ -14,6 +14,7 @@
 import jakarta.ws.rs.core.Response;
 import jakarta.ws.rs.core.Response.ResponseBuilder;
 
+import org.eclipse.microprofile.config.inject.ConfigProperty;
 import org.jboss.resteasy.reactive.server.ServerExceptionMapper;
 import org.jose4j.jwt.consumer.ErrorCodes;
 import org.jose4j.jwt.consumer.InvalidJwtException;
@@ -30,6 +31,9 @@ public class AuthenticationFailedExceptionMapper {
     @Inject
     HttpServerRequest request;
 
+    @ConfigProperty(name = "mp.jwt.token.cookie")
+    String jwtCookie;
+
     @ServerExceptionMapper(priority = Priorities.USER)
     public Response authenticationFailed(AuthenticationFailedException ex) {
         Throwable throwable = ex;
@@ -55,7 +59,7 @@ private Response redirectToRoot(String message) {
         flash.flash("message", message);
         // FIXME: URI, perhaps redirect to login page?
         ResponseBuilder builder = Response.seeOther(URI.create("/"));
-        builder.cookie(invalidateCookie("QuarkusUser"));
+        builder.cookie(invalidateCookie(jwtCookie));
         Map<String, Object> map = new HashMap<>();
         // FIXME: format?
         map.put("message", message);

runtime/src/main/java/io/quarkiverse/renarde/util/RenardeJWTAuthMechanism.java

@@ -4,6 +4,7 @@
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
 
+import org.eclipse.microprofile.config.inject.ConfigProperty;
 import org.jboss.logging.Logger;
 
 import io.quarkiverse.renarde.impl.RenardeConfig;
@@ -29,8 +30,8 @@ public class RenardeJWTAuthMechanism extends JWTAuthMechanism {
     @Inject
     RenardeConfig config;
 
-    // FIXME: make it configurable
-    String locationCookie = "quarkus-redirect-location";
+    @ConfigProperty(name = "quarkus.renarde.auth.location-cookie")
+    String locationCookie;
 
     // for CDI proxy
     RenardeJWTAuthMechanism() {

security/src/main/java/io/quarkiverse/renarde/security/RenardeSecurity.java

@@ -33,6 +33,9 @@ public class RenardeSecurity {
     @ConfigProperty(name = "mp.jwt.token.cookie")
     String jwtCookie;
 
+    @ConfigProperty(name = "quarkus.oidc.authentication.cookie-suffix", defaultValue = "q_session")
+    String oidcCookie;
+
     public NewCookie makeUserCookie(RenardeUser user) {
         Set<String> roles = user.roles();
         String token = Jwt.issuer(jwtIssuer)
@@ -117,14 +120,14 @@ public Response makeLogoutResponse(URI redirectUri) {
         Set<String> tenants = tenantProvider.getTenants();
         List<NewCookie> cookies = new ArrayList<>(tenants.size() + 1);
         // Default tenant
-        cookies.add(invalidateCookie("q_session"));
+        cookies.add(invalidateCookie(oidcCookie));
 
         // Named tenants
         for (String tenant : tenants) {
-            cookies.add(invalidateCookie("q_session_" + tenant));
+            cookies.add(invalidateCookie(oidcCookie + "_" + tenant));
         }
         // Manual
-        cookies.add(invalidateCookie("QuarkusUser"));
+        cookies.add(invalidateCookie(jwtCookie));
         return Response.seeOther(redirectUri).cookie(cookies.toArray(new NewCookie[0])).build();
     }
 

security/src/main/java/io/quarkiverse/renarde/security/impl/RenardeFormLoginController.java

@@ -6,10 +6,12 @@
 import jakarta.validation.constraints.NotBlank;
 import jakarta.ws.rs.POST;
 import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Cookie;
+import jakarta.ws.rs.core.HttpHeaders;
 import jakarta.ws.rs.core.NewCookie;
 import jakarta.ws.rs.core.Response;
 
-import org.jboss.resteasy.reactive.RestCookie;
+import org.eclipse.microprofile.config.inject.ConfigProperty;
 import org.jboss.resteasy.reactive.RestForm;
 
 import io.quarkiverse.renarde.Controller;
@@ -41,10 +43,15 @@ public TemplateInstance login() {
     @Inject
     public RenardeUserProvider userProvider;
 
+    @ConfigProperty(name = "quarkus.renarde.auth.location-cookie")
+    String redirectLocationCookie;
+
+    @Inject
+    HttpHeaders httpHeaders;
+
     @POST
     public Response login(@NotBlank @RestForm String username,
-            @NotBlank @RestForm String password,
-            @RestCookie("quarkus-redirect-location") String quarkusRedirectLocation) {
+            @NotBlank @RestForm String password) {
         if (validationFailed())
             login();
         RenardeUserWithPassword user = (RenardeUserWithPassword) userProvider.findUser("manual", username);
@@ -60,7 +67,8 @@ public Response login(@NotBlank @RestForm String username,
         if (validationFailed())
             login();
         NewCookie cookie = security.makeUserCookie(user);
-        String target = quarkusRedirectLocation != null ? quarkusRedirectLocation : "/";
+        Cookie quarkusRedirectLocation = httpHeaders.getCookies().get(redirectLocationCookie);
+        String target = quarkusRedirectLocation != null ? quarkusRedirectLocation.getValue() : "/";
         return Response.seeOther(URI.create(target)).cookie(cookie).build();
     }
 }