From 664200c01d94c19fb673de059b020cb67b347c3b Mon Sep 17 00:00:00 2001
From: Jonas Hein <jh@acto.dk>
Date: Wed, 21 Feb 2024 13:41:12 +0100
Subject: [PATCH] Made google version 2 optional

---
 .../api/service/AdministrationService.java    |  4 ---
 .../HazelcastAdministrationService.java       |  8 ------
 docker-compose.yaml                           |  1 +
 .../fafnir/sso/provider/GoogleProvider.java   | 25 ++++++++++---------
 4 files changed, 14 insertions(+), 24 deletions(-)

diff --git a/client/src/main/java/dk/acto/fafnir/api/service/AdministrationService.java b/client/src/main/java/dk/acto/fafnir/api/service/AdministrationService.java
index 984c577..1952384 100644
--- a/client/src/main/java/dk/acto/fafnir/api/service/AdministrationService.java
+++ b/client/src/main/java/dk/acto/fafnir/api/service/AdministrationService.java
@@ -101,10 +101,6 @@ public interface AdministrationService {
      */
     OrganisationData readOrganisation(TenantIdentifier identifier);
 
-
-
-    Optional<OrganisationData> readOrganisationDoesNotThrow(TenantIdentifier identifier);
-
     /**
      * Updates an organisation. Fails if organisation does not exist.
      *
diff --git a/client/src/main/java/dk/acto/fafnir/api/service/hazelcast/HazelcastAdministrationService.java b/client/src/main/java/dk/acto/fafnir/api/service/hazelcast/HazelcastAdministrationService.java
index fbaf23a..d0958db 100644
--- a/client/src/main/java/dk/acto/fafnir/api/service/hazelcast/HazelcastAdministrationService.java
+++ b/client/src/main/java/dk/acto/fafnir/api/service/hazelcast/HazelcastAdministrationService.java
@@ -133,14 +133,6 @@ public OrganisationData readOrganisation(TenantIdentifier identifier) {
                 .findAny()
                 .orElseThrow(NoSuchOrganisation::new);
     }
-    @Override
-    public Optional<OrganisationData> readOrganisationDoesNotThrow(TenantIdentifier identifier) {
-        IMap<String, OrganisationData> orgMap = hazelcastInstance.getMap(hazelcastConf.getPrefix() + ORG_POSTFIX);
-        return orgMap.values()
-            .stream()
-            .filter(entry -> identifier.matches(entry.getProviderConfiguration()))
-            .findAny();
-    }
 
 
     @Override
diff --git a/docker-compose.yaml b/docker-compose.yaml
index a38f251..564aad2 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -17,6 +17,7 @@ services:
       - MITID_AUTHORITY_URL=https://brokertest.signaturgruppen.dk/op
       - KEYSTORE_PASS=fafnir
       - KEY_PASS=fafnir
+      - GOOGLE_VERSION2_ENABLED=true
     volumes:
       - ./fafnir-storage:/var/lib/fafnir
 
diff --git a/sso/src/main/java/dk/acto/fafnir/sso/provider/GoogleProvider.java b/sso/src/main/java/dk/acto/fafnir/sso/provider/GoogleProvider.java
index e554e38..e92dbc3 100644
--- a/sso/src/main/java/dk/acto/fafnir/sso/provider/GoogleProvider.java
+++ b/sso/src/main/java/dk/acto/fafnir/sso/provider/GoogleProvider.java
@@ -31,6 +31,8 @@ public String authenticate() {
 
     @Override
     public AuthenticationResult callback(TokenCredentials data) {
+        boolean version2Enabled = Boolean.parseBoolean(System.getenv("GOOGLE_VERSION2_ENABLED"));
+
         var token = Try.of(() -> googleOauth.getAccessToken(data.getCode()))
             .onFailure(x -> log.error("Authentication failed", x))
             .getOrNull();
@@ -50,26 +52,25 @@ public AuthenticationResult callback(TokenCredentials data) {
             .name(displayName)
             .build();
 
-        var orgOptional = administrationService.readOrganisationDoesNotThrow(
-            test -> getMetaData().getProviderId().equals(test.getProviderId()) &&
-                (providerValue.equals(test.getValues().get("Organisation Domain")) || "true".equals(test.getValues().get("Catchall Organisation")))
-        );
-
-        if (orgOptional.isPresent()) {
-            var orgActual = orgOptional.get();
-            var claimsActual = ClaimData.empty();
-            var jwt = tokenFactory.generateToken(subjectActual, orgActual, claimsActual, getMetaData(), providerValue);
-            return AuthenticationResult.success(jwt);
-        } else {
+        if (version2Enabled) {
             var fafnirUser = FafnirUser.builder()
                 .data(subjectActual)
                 .organisationId(providerValue)
-                .organisationName(displayName)
                 .provider("google")
                 .build();
 
             var jwt = tokenFactory.generateToken(fafnirUser);
             return AuthenticationResult.success(jwt);
+
+        } else {
+            var orgActual = administrationService.readOrganisation(
+                test -> getMetaData().getProviderId().equals(test.getProviderId()) &&
+                    (providerValue.equals(test.getValues().get("Organisation Domain")) || "true".equals(test.getValues().get("Catchall Organisation")))
+            );
+            var claimsActual = ClaimData.empty();
+            var jwt = tokenFactory.generateToken(subjectActual, orgActual, claimsActual, getMetaData(), providerValue);
+
+            return AuthenticationResult.success(jwt);
         }
     }