From 52355689b63492388c7abd3d8d7fac2eabeaed0d Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Fri, 6 Oct 2023 12:05:55 +0200
Subject: [PATCH] OZG-3928 adjust currentUserId; fix order/modifierAccessor

---
 .../alfa/common/user/CurrentUserHelper.java   | 36 ++++++++++---------
 1 file changed, 20 insertions(+), 16 deletions(-)

diff --git a/alfa-service/src/main/java/de/ozgcloud/alfa/common/user/CurrentUserHelper.java b/alfa-service/src/main/java/de/ozgcloud/alfa/common/user/CurrentUserHelper.java
index c375274543..82ab8a80f3 100644
--- a/alfa-service/src/main/java/de/ozgcloud/alfa/common/user/CurrentUserHelper.java
+++ b/alfa-service/src/main/java/de/ozgcloud/alfa/common/user/CurrentUserHelper.java
@@ -34,6 +34,7 @@ import org.springframework.security.authentication.AuthenticationTrustResolverIm
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.jwt.Jwt;
 
 import lombok.AccessLevel;
 import lombok.NoArgsConstructor;
@@ -41,20 +42,13 @@ import lombok.NoArgsConstructor;
 @NoArgsConstructor(access = AccessLevel.PRIVATE)
 public class CurrentUserHelper {
 	static final String ROLE_PREFIX = "ROLE_";
+	private static final String SUB_CLAIM_KEY = "sub";
 
 	public static final Predicate<String> HAS_ROLE = CurrentUserHelper::hasRole;
 
 	private static final AuthenticationTrustResolver TRUST_RESOLVER = new AuthenticationTrustResolverImpl();
 	private static final Predicate<Authentication> TRUSTED = auth -> !TRUST_RESOLVER.isAnonymous(auth);
 
-	public static Authentication getAuthentication() {
-		return findAuthentication().orElseThrow(() -> new IllegalStateException("No authenticated User found"));
-	}
-
-	public static Optional<Authentication> findAuthentication() {
-		return Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication()).filter(TRUSTED);
-	}
-
 	public static boolean hasRole(String role) {
 		var auth = getAuthentication();
 
@@ -82,7 +76,15 @@ public class CurrentUserHelper {
 		return containsRole(roleToCheck, authorities);
 	}
 
-	public static String prepareRoleForCheck(String role) {
+	static boolean containsRole(String role, Collection<? extends GrantedAuthority> authorities) {
+		return authorities.stream().anyMatch(a -> isAuthorityEquals(role, a.getAuthority()));
+	}
+
+	private static boolean isAuthorityEquals(String role, String authority) {
+		return StringUtils.equalsIgnoreCase(role, authority) || StringUtils.equalsIgnoreCase(prepareRoleForCheck(role), authority);
+	}
+
+	static String prepareRoleForCheck(String role) {
 		if ((Objects.nonNull(role)) && (!role.startsWith(ROLE_PREFIX))) {
 			return ROLE_PREFIX + role;
 		} else {
@@ -90,17 +92,19 @@ public class CurrentUserHelper {
 		}
 	}
 
-	public static boolean containsRole(String role, Collection<? extends GrantedAuthority> authorities) {
-		return authorities.stream().anyMatch(a -> isAuthorityEquals(role, a.getAuthority()));
+	public static UserId getCurrentUserId() {
+		return UserId.from(getSubClaim());
 	}
 
-	private static boolean isAuthorityEquals(String role, String authority) {
-		String roleToCheck = prepareRoleForCheck(role);
-		return StringUtils.equalsIgnoreCase(role, authority) || StringUtils.equalsIgnoreCase(roleToCheck, authority);
+	private static String getSubClaim() {
+		return ((Jwt) getAuthentication().getPrincipal()).getClaim(SUB_CLAIM_KEY);
 	}
 
-	static UserId getCurrentUserId() {
-		return UserId.from(getAuthentication().getName());
+	public static Authentication getAuthentication() {
+		return findAuthentication().orElseThrow(() -> new IllegalStateException("No authenticated User found"));
 	}
 
+	private static Optional<Authentication> findAuthentication() {
+		return Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication()).filter(TRUSTED);
+	}
 }
-- 
GitLab