feat: automatic oauth2 user creation

enable via
komga.oauth2-account-creation: true

closes #716

.gitignore

@@ -49,3 +49,4 @@ nbdist/
 /komga/src/main/resources/public/
 /komga/artemis/
 /komga/lucene/
+application-oauth2.yml

.idea/runConfigurations/komga__bootRun__dev_localdb_noclaim_oauth2.xml

@@ -1,26 +1,26 @@
 <component name="ProjectRunConfigurationManager">
-  <configuration default="false" name="komga [bootRun] dev,localdb,noclaim" type="GradleRunConfiguration" factoryName="Gradle">
+  <configuration default="false" name="komga [bootRun] dev,localdb,noclaim,oauth2" type="GradleRunConfiguration" factoryName="Gradle">
     <ExternalSystemSettings>
       <option name="env">
         <map>
-          <entry key="SPRING_PROFILES_ACTIVE" value="dev,localdb,noclaim" />
+          <entry key="SPRING_PROFILES_ACTIVE" value="dev,localdb,noclaim,oauth2" />
         </map>
       </option>
       <option name="executionName" />
       <option name="externalProjectPath" value="$PROJECT_DIR$" />
       <option name="externalSystemIdString" value="GRADLE" />
-      <option name="scriptParameters" value="" />
+      <option name="scriptParameters" value="bootRun" />
       <option name="taskDescriptions">
         <list />
       </option>
       <option name="taskNames">
-        <list>
+        <list />
-          <option value="bootRun" />
-        </list>
       </option>
-      <option name="vmOptions" value="" />
+      <option name="vmOptions" />
     </ExternalSystemSettings>
-    <GradleScriptDebugEnabled>true</GradleScriptDebugEnabled>
+    <ExternalSystemDebugServerProcess>true</ExternalSystemDebugServerProcess>
+    <ExternalSystemReattachDebugProcess>true</ExternalSystemReattachDebugProcess>
+    <DebugAllEnabled>false</DebugAllEnabled>
     <method v="2" />
   </configuration>
 </component>

komga/src/main/kotlin/org/gotson/komga/infrastructure/configuration/KomgaProperties.kt

@@ -32,6 +32,8 @@ class KomgaProperties {
 
   var nativeWebp: Boolean = true
 
+  var oauth2AccountCreation: Boolean = false
+
   var database = Database()
 
   var cors = Cors()

komga/src/main/kotlin/org/gotson/komga/infrastructure/security/oauth2/KomgaOAuth2UserServiceConfiguration.kt

@@ -1,6 +1,11 @@
 package org.gotson.komga.infrastructure.security.oauth2
 
+import mu.KotlinLogging
+import org.apache.commons.lang3.RandomStringUtils
+import org.gotson.komga.domain.model.KomgaUser
 import org.gotson.komga.domain.persistence.KomgaUserRepository
+import org.gotson.komga.domain.service.KomgaUserLifecycle
+import org.gotson.komga.infrastructure.configuration.KomgaProperties
 import org.gotson.komga.infrastructure.security.KomgaPrincipal
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
@@ -13,9 +18,13 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticationException
 import org.springframework.security.oauth2.core.oidc.user.OidcUser
 import org.springframework.security.oauth2.core.user.OAuth2User
 
+private val logger = KotlinLogging.logger {}
+
 @Configuration
 class KomgaOAuth2UserServiceConfiguration(
   private val userRepository: KomgaUserRepository,
+  private val userLifecycle: KomgaUserLifecycle,
+  private val komgaProperties: KomgaProperties,
 ) {
 
   @Bean
@@ -34,9 +43,10 @@ class KomgaOAuth2UserServiceConfiguration(
       val email = oAuth2User.getAttribute<String>("email")
         ?: throw OAuth2AuthenticationException("ERR_1024")
 
-      userRepository.findByEmailIgnoreCaseOrNull(email)?.let {
+      val existingUser = userRepository.findByEmailIgnoreCaseOrNull(email)
-        KomgaPrincipal(it, oAuth2User = oAuth2User)
+        ?: tryCreateNewUser(email)
-      } ?: throw OAuth2AuthenticationException("ERR_1025")
+
+      KomgaPrincipal(existingUser, oAuth2User = oAuth2User)
     }
   }
 
@@ -48,9 +58,16 @@ class KomgaOAuth2UserServiceConfiguration(
 
       if (!oidcUser.emailVerified) throw OAuth2AuthenticationException("ERR_1026")
 
-      userRepository.findByEmailIgnoreCaseOrNull(oidcUser.email)?.let {
+      val existingUser = userRepository.findByEmailIgnoreCaseOrNull(oidcUser.email)
-        KomgaPrincipal(it, oidcUser)
+        ?: tryCreateNewUser(oidcUser.email)
-      } ?: throw OAuth2AuthenticationException("ERR_1025")
+
+      KomgaPrincipal(existingUser, oidcUser)
     }
   }
+
+  private fun tryCreateNewUser(email: String) =
+    if (komgaProperties.oauth2AccountCreation) {
+      logger.info { "Creating new user from OAuth2 login: $email" }
+      userLifecycle.createUser(KomgaUser(email, RandomStringUtils.randomAlphanumeric(12), roleAdmin = false))
+    } else throw OAuth2AuthenticationException("ERR_1025")
 }

komga/src/main/resources/application-dev.yml

@@ -12,6 +12,7 @@ komga:
 #  file-hashing: false
 #  delete-empty-collections: true
 #  delete-empty-read-lists: true
+  oauth2-account-creation: false
 spring:
   artemis:
     embedded: