From fed2294b844133f5763ecfce4b2f6a902d65f2cc Mon Sep 17 00:00:00 2001
From: Gauthier Roebroeck <gauthier.roebroeck@gmail.com>
Date: Tue, 30 Nov 2021 11:38:59 +0800
Subject: [PATCH] feat: automatic oauth2 user creation

enable via
komga.oauth2-account-creation: true

closes #716
---
 .gitignore                                    |  1 +
 ...__bootRun__dev_localdb_noclaim_oauth2.xml} | 16 +++++-----
 .../configuration/KomgaProperties.kt          |  2 ++
 .../KomgaOAuth2UserServiceConfiguration.kt    | 29 +++++++++++++++----
 komga/src/main/resources/application-dev.yml  |  1 +
 5 files changed, 35 insertions(+), 14 deletions(-)
 rename .idea/runConfigurations/{komga__bootRun__dev_localdb_noclaim.xml => komga__bootRun__dev_localdb_noclaim_oauth2.xml} (61%)

diff --git a/.gitignore b/.gitignore
index 6a64b8a4..6cd8f0f0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -49,3 +49,4 @@ nbdist/
 /komga/src/main/resources/public/
 /komga/artemis/
 /komga/lucene/
+application-oauth2.yml
diff --git a/.idea/runConfigurations/komga__bootRun__dev_localdb_noclaim.xml b/.idea/runConfigurations/komga__bootRun__dev_localdb_noclaim_oauth2.xml
similarity index 61%
rename from .idea/runConfigurations/komga__bootRun__dev_localdb_noclaim.xml
rename to .idea/runConfigurations/komga__bootRun__dev_localdb_noclaim_oauth2.xml
index f21603ea..cd4deffe 100644
--- a/.idea/runConfigurations/komga__bootRun__dev_localdb_noclaim.xml
+++ b/.idea/runConfigurations/komga__bootRun__dev_localdb_noclaim_oauth2.xml
@@ -1,26 +1,26 @@
 <component name="ProjectRunConfigurationManager">
-  <configuration default="false" name="komga [bootRun] dev,localdb,noclaim" type="GradleRunConfiguration" factoryName="Gradle">
+  <configuration default="false" name="komga [bootRun] dev,localdb,noclaim,oauth2" type="GradleRunConfiguration" factoryName="Gradle">
     <ExternalSystemSettings>
       <option name="env">
         <map>
-          <entry key="SPRING_PROFILES_ACTIVE" value="dev,localdb,noclaim" />
+          <entry key="SPRING_PROFILES_ACTIVE" value="dev,localdb,noclaim,oauth2" />
         </map>
       </option>
       <option name="executionName" />
       <option name="externalProjectPath" value="$PROJECT_DIR$" />
       <option name="externalSystemIdString" value="GRADLE" />
-      <option name="scriptParameters" value="" />
+      <option name="scriptParameters" value="bootRun" />
       <option name="taskDescriptions">
         <list />
       </option>
       <option name="taskNames">
-        <list>
-          <option value="bootRun" />
-        </list>
+        <list />
       </option>
-      <option name="vmOptions" value="" />
+      <option name="vmOptions" />
     </ExternalSystemSettings>
-    <GradleScriptDebugEnabled>true</GradleScriptDebugEnabled>
+    <ExternalSystemDebugServerProcess>true</ExternalSystemDebugServerProcess>
+    <ExternalSystemReattachDebugProcess>true</ExternalSystemReattachDebugProcess>
+    <DebugAllEnabled>false</DebugAllEnabled>
     <method v="2" />
   </configuration>
 </component>
\ No newline at end of file
diff --git a/komga/src/main/kotlin/org/gotson/komga/infrastructure/configuration/KomgaProperties.kt b/komga/src/main/kotlin/org/gotson/komga/infrastructure/configuration/KomgaProperties.kt
index 350a5958..d50184c1 100644
--- a/komga/src/main/kotlin/org/gotson/komga/infrastructure/configuration/KomgaProperties.kt
+++ b/komga/src/main/kotlin/org/gotson/komga/infrastructure/configuration/KomgaProperties.kt
@@ -32,6 +32,8 @@ class KomgaProperties {
 
   var nativeWebp: Boolean = true
 
+  var oauth2AccountCreation: Boolean = false
+
   var database = Database()
 
   var cors = Cors()
diff --git a/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/oauth2/KomgaOAuth2UserServiceConfiguration.kt b/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/oauth2/KomgaOAuth2UserServiceConfiguration.kt
index 299f6c14..7f1126cd 100644
--- a/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/oauth2/KomgaOAuth2UserServiceConfiguration.kt
+++ b/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/oauth2/KomgaOAuth2UserServiceConfiguration.kt
@@ -1,6 +1,11 @@
 package org.gotson.komga.infrastructure.security.oauth2
 
+import mu.KotlinLogging
+import org.apache.commons.lang3.RandomStringUtils
+import org.gotson.komga.domain.model.KomgaUser
 import org.gotson.komga.domain.persistence.KomgaUserRepository
+import org.gotson.komga.domain.service.KomgaUserLifecycle
+import org.gotson.komga.infrastructure.configuration.KomgaProperties
 import org.gotson.komga.infrastructure.security.KomgaPrincipal
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
@@ -13,9 +18,13 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticationException
 import org.springframework.security.oauth2.core.oidc.user.OidcUser
 import org.springframework.security.oauth2.core.user.OAuth2User
 
+private val logger = KotlinLogging.logger {}
+
 @Configuration
 class KomgaOAuth2UserServiceConfiguration(
   private val userRepository: KomgaUserRepository,
+  private val userLifecycle: KomgaUserLifecycle,
+  private val komgaProperties: KomgaProperties,
 ) {
 
   @Bean
@@ -34,9 +43,10 @@ class KomgaOAuth2UserServiceConfiguration(
       val email = oAuth2User.getAttribute<String>("email")
         ?: throw OAuth2AuthenticationException("ERR_1024")
 
-      userRepository.findByEmailIgnoreCaseOrNull(email)?.let {
-        KomgaPrincipal(it, oAuth2User = oAuth2User)
-      } ?: throw OAuth2AuthenticationException("ERR_1025")
+      val existingUser = userRepository.findByEmailIgnoreCaseOrNull(email)
+        ?: tryCreateNewUser(email)
+
+      KomgaPrincipal(existingUser, oAuth2User = oAuth2User)
     }
   }
 
@@ -48,9 +58,16 @@ class KomgaOAuth2UserServiceConfiguration(
 
       if (!oidcUser.emailVerified) throw OAuth2AuthenticationException("ERR_1026")
 
-      userRepository.findByEmailIgnoreCaseOrNull(oidcUser.email)?.let {
-        KomgaPrincipal(it, oidcUser)
-      } ?: throw OAuth2AuthenticationException("ERR_1025")
+      val existingUser = userRepository.findByEmailIgnoreCaseOrNull(oidcUser.email)
+        ?: tryCreateNewUser(oidcUser.email)
+
+      KomgaPrincipal(existingUser, oidcUser)
     }
   }
+
+  private fun tryCreateNewUser(email: String) =
+    if (komgaProperties.oauth2AccountCreation) {
+      logger.info { "Creating new user from OAuth2 login: $email" }
+      userLifecycle.createUser(KomgaUser(email, RandomStringUtils.randomAlphanumeric(12), roleAdmin = false))
+    } else throw OAuth2AuthenticationException("ERR_1025")
 }
diff --git a/komga/src/main/resources/application-dev.yml b/komga/src/main/resources/application-dev.yml
index 9a73694b..7babe20d 100644
--- a/komga/src/main/resources/application-dev.yml
+++ b/komga/src/main/resources/application-dev.yml
@@ -12,6 +12,7 @@ komga:
 #  file-hashing: false
 #  delete-empty-collections: true
 #  delete-empty-read-lists: true
+  oauth2-account-creation: false
 spring:
   artemis:
     embedded: