feat: automatic oauth2 user creation

enable via komga.oauth2-account-creation: true closes #716
2025-12-06 16:42:24 +01:00 · 2021-11-30 11:38:59 +08:00 · 2021-11-30 11:38:59 +08:00 · fed2294b84
commit fed2294b84
parent fca13a7893
5 changed files with 35 additions and 14 deletions
--- a/.gitignore
+++ b/.gitignore
@ -49,3 +49,4 @@ nbdist/
 /komga/src/main/resources/public/
 /komga/artemis/
 /komga/lucene/
+application-oauth2.yml
--- a/.idea/runConfigurations/komgabootRundev_localdb_noclaim_oauth2.xml
+++ b/.idea/runConfigurations/komgabootRundev_localdb_noclaim_oauth2.xml
@ -1,26 +1,26 @@
 <component name="ProjectRunConfigurationManager">
-  <configuration default="false" name="komga [bootRun] dev,localdb,noclaim" type="GradleRunConfiguration" factoryName="Gradle">
+  <configuration default="false" name="komga [bootRun] dev,localdb,noclaim,oauth2" type="GradleRunConfiguration" factoryName="Gradle">
    <ExternalSystemSettings>
      <option name="env">
        <map>
-          <entry key="SPRING_PROFILES_ACTIVE" value="dev,localdb,noclaim" />
+          <entry key="SPRING_PROFILES_ACTIVE" value="dev,localdb,noclaim,oauth2" />
        </map>
      </option>
      <option name="executionName" />
      <option name="externalProjectPath" value="$PROJECT_DIR$" />
      <option name="externalSystemIdString" value="GRADLE" />
-      <option name="scriptParameters" value="" />
+      <option name="scriptParameters" value="bootRun" />
      <option name="taskDescriptions">
        <list />
      </option>
      <option name="taskNames">
-        <list>
-          <option value="bootRun" />
-        </list>
+        <list />
      </option>
-      <option name="vmOptions" value="" />
+      <option name="vmOptions" />
    </ExternalSystemSettings>
-    <GradleScriptDebugEnabled>true</GradleScriptDebugEnabled>
+    <ExternalSystemDebugServerProcess>true</ExternalSystemDebugServerProcess>
+    <ExternalSystemReattachDebugProcess>true</ExternalSystemReattachDebugProcess>
+    <DebugAllEnabled>false</DebugAllEnabled>
    <method v="2" />
  </configuration>
 </component>
--- a/komga/src/main/kotlin/org/gotson/komga/infrastructure/configuration/KomgaProperties.kt
+++ b/komga/src/main/kotlin/org/gotson/komga/infrastructure/configuration/KomgaProperties.kt
@ -32,6 +32,8 @@ class KomgaProperties {

  var nativeWebp: Boolean = true

+  var oauth2AccountCreation: Boolean = false
+
  var database = Database()

  var cors = Cors()
--- a/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/oauth2/KomgaOAuth2UserServiceConfiguration.kt
+++ b/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/oauth2/KomgaOAuth2UserServiceConfiguration.kt
@ -1,6 +1,11 @@
 package org.gotson.komga.infrastructure.security.oauth2

+import mu.KotlinLogging
+import org.apache.commons.lang3.RandomStringUtils
+import org.gotson.komga.domain.model.KomgaUser
 import org.gotson.komga.domain.persistence.KomgaUserRepository
+import org.gotson.komga.domain.service.KomgaUserLifecycle
+import org.gotson.komga.infrastructure.configuration.KomgaProperties
 import org.gotson.komga.infrastructure.security.KomgaPrincipal
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
@ -13,9 +18,13 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticationException
 import org.springframework.security.oauth2.core.oidc.user.OidcUser
 import org.springframework.security.oauth2.core.user.OAuth2User

+private val logger = KotlinLogging.logger {}
+
@Configuration
 class KomgaOAuth2UserServiceConfiguration(
  private val userRepository: KomgaUserRepository,
+  private val userLifecycle: KomgaUserLifecycle,
+  private val komgaProperties: KomgaProperties,
 ) {

  @Bean
@ -34,9 +43,10 @@ class KomgaOAuth2UserServiceConfiguration(
      val email = oAuth2User.getAttribute<String>("email")
        ?: throw OAuth2AuthenticationException("ERR_1024")

-      userRepository.findByEmailIgnoreCaseOrNull(email)?.let {
-        KomgaPrincipal(it, oAuth2User = oAuth2User)
-      } ?: throw OAuth2AuthenticationException("ERR_1025")
+      val existingUser = userRepository.findByEmailIgnoreCaseOrNull(email)
+        ?: tryCreateNewUser(email)
+
+      KomgaPrincipal(existingUser, oAuth2User = oAuth2User)
    }
  }

@ -48,9 +58,16 @@ class KomgaOAuth2UserServiceConfiguration(

      if (!oidcUser.emailVerified) throw OAuth2AuthenticationException("ERR_1026")

-      userRepository.findByEmailIgnoreCaseOrNull(oidcUser.email)?.let {
-        KomgaPrincipal(it, oidcUser)
-      } ?: throw OAuth2AuthenticationException("ERR_1025")
+      val existingUser = userRepository.findByEmailIgnoreCaseOrNull(oidcUser.email)
+        ?: tryCreateNewUser(oidcUser.email)
+
+      KomgaPrincipal(existingUser, oidcUser)
    }
  }
+
+  private fun tryCreateNewUser(email: String) =
+    if (komgaProperties.oauth2AccountCreation) {
+      logger.info { "Creating new user from OAuth2 login: $email" }
+      userLifecycle.createUser(KomgaUser(email, RandomStringUtils.randomAlphanumeric(12), roleAdmin = false))
+    } else throw OAuth2AuthenticationException("ERR_1025")
 }
--- a/komga/src/main/resources/application-dev.yml
+++ b/komga/src/main/resources/application-dev.yml
@ -12,6 +12,7 @@ komga:
 #  file-hashing: false
 #  delete-empty-collections: true
 #  delete-empty-read-lists: true
+  oauth2-account-creation: false
 spring:
  artemis:
    embedded: