From dcec76074a5ff10e68edb4b45bb94e2c4e4947dd Mon Sep 17 00:00:00 2001
From: Sergey Beryozkin <sberyozkin@gmail.com>
Date: Wed, 8 Dec 2021 18:22:54 +0000
Subject: [PATCH] Skip OIDC DevConsole setup if quarkus.oidc.auth-server-url
 can not be accessed at build time

---
 .../devservices/OidcDevConsoleProcessor.java  |  8 ++++-
 .../resources/dev-templates/provider.html     | 22 ++++++------
 .../runtime/OidcConfigPropertySupplier.java   | 16 ++++-----
 .../DevConsoleOidcNoDiscoverySmokeTest.java   | 36 +++++++++++++++++++
 4 files changed, 62 insertions(+), 20 deletions(-)
 create mode 100644 integration-tests/devmode/src/test/java/io/quarkus/test/devconsole/DevConsoleOidcNoDiscoverySmokeTest.java

diff --git a/extensions/oidc/deployment/src/main/java/io/quarkus/oidc/deployment/devservices/OidcDevConsoleProcessor.java b/extensions/oidc/deployment/src/main/java/io/quarkus/oidc/deployment/devservices/OidcDevConsoleProcessor.java
index f3f66493681c3..90a3842c3568a 100644
--- a/extensions/oidc/deployment/src/main/java/io/quarkus/oidc/deployment/devservices/OidcDevConsoleProcessor.java
+++ b/extensions/oidc/deployment/src/main/java/io/quarkus/oidc/deployment/devservices/OidcDevConsoleProcessor.java
@@ -73,7 +73,13 @@ public void run() {
                 closeBuildItem.addCloseTask(closeTask, true);
             }
 
-            String authServerUrl = getConfigProperty(AUTH_SERVER_URL_CONFIG_KEY);
+            String authServerUrl = null;
+            try {
+                authServerUrl = getConfigProperty(AUTH_SERVER_URL_CONFIG_KEY);
+            } catch (Exception ex) {
+                // It is not possible to initialize OIDC Dev Console UI without being able to access this property at the build time
+                return;
+            }
             JsonObject metadata = null;
             if (isDiscoveryEnabled()) {
                 metadata = discoverMetadata(authServerUrl);
diff --git a/extensions/oidc/deployment/src/main/resources/dev-templates/provider.html b/extensions/oidc/deployment/src/main/resources/dev-templates/provider.html
index d420abbe9e921..4266ae871aaed 100644
--- a/extensions/oidc/deployment/src/main/resources/dev-templates/provider.html
+++ b/extensions/oidc/deployment/src/main/resources/dev-templates/provider.html
@@ -100,13 +100,13 @@
 
     function signInToOidcProviderAndGetTokens() {
       {#if info:oidcGrantType is 'implicit'}
-        window.location.href = '{info:authorizationUrl}'
+        window.location.href = '{info:authorizationUrl??}'
           + "?client_id=" + '{info:clientId}'
           + "&redirect_uri=" + "http%3A%2F%2Flocalhost%3A" + port + encodedDevRoot + "%2Fio.quarkus.quarkus-oidc%2Fprovider"
           + "&scope=openid&response_type=token id_token&response_mode=query&prompt=login"
           + "&nonce=" + makeid();
       {#else}
-        window.location.href = '{info:authorizationUrl}'
+        window.location.href = '{info:authorizationUrl??}'
           + "?client_id=" + '{info:clientId}'
           + "&redirect_uri=" + "http%3A%2F%2Flocalhost%3A" + port + encodedDevRoot + "%2Fio.quarkus.quarkus-oidc%2Fprovider"
           + "&scope=openid&response_type=code&response_mode=query&prompt=login"
@@ -193,7 +193,7 @@
     function exchangeCodeForTokens(code){
         $.post("exchangeCodeForTokens",
             {
-              tokenUrl: '{info:tokenUrl}',
+              tokenUrl: '{info:tokenUrl??}',
               client: '{info:clientId}',
               clientSecret: '{info:clientSecret}',
               authorizationCode: code,
@@ -258,7 +258,7 @@
     function testServiceWithPassword(userName, password, servicePath){
         $.post("testService",
             {
-              tokenUrl: '{info:tokenUrl}',
+              tokenUrl: '{info:tokenUrl??}',
               serviceUrl: "http://localhost:" + port + servicePath,
               client: '{info:clientId}',
               clientSecret: '{info:clientSecret}',
@@ -274,7 +274,7 @@
     function testServiceWithPasswordInSwaggerUi(userName, password){
         $.post("testService",
             {
-              tokenUrl: '{info:tokenUrl}',
+              tokenUrl: '{info:tokenUrl??}',
               client: '{info:clientId}',
               clientSecret: '{info:clientSecret}',
               user: userName,
@@ -289,7 +289,7 @@
     function testServiceWithPasswordInGraphQLUi(userName){
         $.post("testService",
             {
-              tokenUrl: '{info:tokenUrl}',
+              tokenUrl: '{info:tokenUrl??}',
               client: '{info:clientId}',
               clientSecret: '{info:clientSecret}',
               user: userName,
@@ -305,7 +305,7 @@
     function testServiceWithClientCredentials(servicePath) {
         $.post("testService",
             {
-              tokenUrl: '{info:tokenUrl}',
+              tokenUrl: '{info:tokenUrl??}',
               serviceUrl: "http://localhost:" + port + servicePath,
               client: '{info:clientId}',
               clientSecret: '{info:clientSecret}',
@@ -318,7 +318,7 @@
     function testServiceWithClientCredentialsInSwaggerUi(){
         $.post("testService",
             {
-              tokenUrl: '{info:tokenUrl}',
+              tokenUrl: '{info:tokenUrl??}',
               client: '{info:clientId}',
               clientSecret: '{info:clientSecret}',
               grant: '{info:oidcGrantType}'
@@ -331,7 +331,7 @@
     function testServiceWithClientCredentialsInGraphQLUi(){
         $.post("testService",
             {
-              tokenUrl: '{info:tokenUrl}',
+              tokenUrl: '{info:tokenUrl??}',
               client: '{info:clientId}',
               clientSecret: '{info:clientSecret}',
               grant: '{info:oidcGrantType}'
@@ -350,8 +350,8 @@
         "SecurityScheme":{
             "schema":{
                 "flow":"implicit",
-                "authorizationUrl":"{info:authorizationUrl}",
-                "tokenUrl":"{info:tokenUrl}",
+                "authorizationUrl":"{info:authorizationUrl??}",
+                "tokenUrl":"{info:tokenUrl??}",
                 "type":"oauth2",
                 "description":"Authentication"
             },
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcConfigPropertySupplier.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcConfigPropertySupplier.java
index 03681610db70c..9220acadc32a6 100644
--- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcConfigPropertySupplier.java
+++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcConfigPropertySupplier.java
@@ -37,21 +37,21 @@ public String get() {
         if (defaultValue != null || END_SESSION_PATH_KEY.equals(oidcConfigProperty)) {
             Optional<String> value = ConfigProvider.getConfig().getOptionalValue(oidcConfigProperty, String.class);
             if (value.isPresent()) {
-                return checkUrlProperty(value.get());
+                return checkUrlProperty(value);
             }
             return defaultValue;
         } else {
-            return checkUrlProperty(ConfigProvider.getConfig().getValue(oidcConfigProperty, String.class));
+            return checkUrlProperty(ConfigProvider.getConfig().getOptionalValue(oidcConfigProperty, String.class));
         }
     }
 
-    private String checkUrlProperty(String value) {
-        if (urlProperty && !value.startsWith("http:")) {
-            String authServerUrl = ConfigProvider.getConfig().getValue(AUTH_SERVER_URL_CONFIG_KEY, String.class);
-            return OidcCommonUtils.getOidcEndpointUrl(authServerUrl, Optional.of(value));
-        } else {
-            return value;
+    private String checkUrlProperty(Optional<String> value) {
+        if (urlProperty && value.isPresent() && !value.get().startsWith("http:")) {
+            Optional<String> authServerUrl = ConfigProvider.getConfig().getOptionalValue(AUTH_SERVER_URL_CONFIG_KEY,
+                    String.class);
+            return authServerUrl.isPresent() ? OidcCommonUtils.getOidcEndpointUrl(authServerUrl.get(), value) : null;
         }
+        return value.orElse(null);
     }
 
     public String getOidcConfigProperty() {
diff --git a/integration-tests/devmode/src/test/java/io/quarkus/test/devconsole/DevConsoleOidcNoDiscoverySmokeTest.java b/integration-tests/devmode/src/test/java/io/quarkus/test/devconsole/DevConsoleOidcNoDiscoverySmokeTest.java
new file mode 100644
index 0000000000000..e7d4f258f48c8
--- /dev/null
+++ b/integration-tests/devmode/src/test/java/io/quarkus/test/devconsole/DevConsoleOidcNoDiscoverySmokeTest.java
@@ -0,0 +1,36 @@
+package io.quarkus.test.devconsole;
+
+import org.hamcrest.Matchers;
+import org.jboss.shrinkwrap.api.asset.StringAsset;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+import io.quarkus.test.QuarkusDevModeTest;
+import io.restassured.RestAssured;
+
+/**
+ * Note that this test cannot be placed under the relevant {@code -deployment} module because then the DEV UI processor would
+ * not be able to locate the template resources correctly.
+ */
+public class DevConsoleOidcNoDiscoverySmokeTest {
+
+    @RegisterExtension
+    static final QuarkusDevModeTest config = new QuarkusDevModeTest()
+            .withApplicationRoot((jar) -> jar.addAsResource(createApplicationProperties(),
+                    "application.properties"));
+
+    @Test
+    public void testOidcProviderTemplate() {
+        RestAssured.get("q/dev/io.quarkus.quarkus-oidc/provider")
+                .then()
+                .statusCode(200).body(Matchers.containsString("OpenId Connect Dev Console"));
+    }
+
+    private static StringAsset createApplicationProperties() {
+        return new StringAsset("quarkus.oidc.auth-server-url=http://localhost/oidc\n"
+                + "quarkus.oidc.client-id=client\n"
+                + "quarkus.oidc.discovery-enabled=false\n"
+                + "quarkus.oidc.introspection-path=introspect\n");
+
+    }
+}