Support unbinding OAuth2User from Halo side (#6734)

#### What type of PR is this? /kind feature /area core /milestone 2.20.x #### What this PR does / why we need it: This PR provides an endpoint for disconnecting user connection. After the user connection is disconnected, an event `UserConnectionDisconnectedEvent` will be published for plugins. Now, OAuth2 plugin can simplify the authentication, binding and unbinding logic, please see the AuthProvider configuration snippet below: ```diff spec: authenticationUrl: /oauth2/authorization/github - bindingUrl: /apis/api.plugin.halo.run/v1alpha1/plugins/plugin-oauth2/connect/github + bindingUrl: /oauth2/authorization/github - unbindUrl: /apis/api.plugin.halo.run/v1alpha1/plugins/plugin-oauth2/disconnect/github + unbindUrl: /apis/uc.api.auth.halo.run/v1alpha1/user-connections/github/disconnect ``` Please note that, OAuth2 plugin can also define binding and unbinding endpoints by self. #### Special notes for your reviewer: OAuth2 test plugin: [plugin-oauth2-1.0.4-SNAPSHOT.zip](https://github.com/user-attachments/files/17184215/plugin-oauth2-1.0.4-SNAPSHOT.zip) #### Does this PR introduce a user-facing change? ```release-note None ```
2024-09-30 18:31:53 +08:00 · 2024-09-30 18:31:53 +08:00 · 8a9b954969
parent c80ceb460d
commit 8a9b954969
5 changed files with 135 additions and 1 deletions
--- a/api/src/main/java/run/halo/app/event/user/UserConnectionDisconnectedEvent.java
+++ b/api/src/main/java/run/halo/app/event/user/UserConnectionDisconnectedEvent.java
@ -0,0 +1,25 @@
+package run.halo.app.event.user;
+
+import lombok.Getter;
+import org.springframework.context.ApplicationEvent;
+import run.halo.app.core.extension.UserConnection;
+import run.halo.app.plugin.SharedEvent;
+
+/**
+ * An event that will be triggered after a user connection is disconnected.
+ *
+ * @author johnniang
+ * @since 2.20.0
+ */
+@SharedEvent
+public class UserConnectionDisconnectedEvent extends ApplicationEvent {
+
+    @Getter
+    private final UserConnection userConnection;
+
+    public UserConnectionDisconnectedEvent(Object source, UserConnection userConnection) {
+        super(source);
+        this.userConnection = userConnection;
+    }
+
+}
--- a/application/src/main/java/run/halo/app/core/endpoint/uc/UserConnectionEndpoint.java
+++ b/application/src/main/java/run/halo/app/core/endpoint/uc/UserConnectionEndpoint.java
@ -0,0 +1,74 @@
+package run.halo.app.core.endpoint.uc;
+
+import static org.springdoc.core.fn.builders.apiresponse.Builder.responseBuilder;
+
+import io.swagger.v3.oas.annotations.enums.ParameterIn;
+import org.springdoc.core.fn.builders.parameter.Builder;
+import org.springdoc.webflux.core.fn.SpringdocRouteBuilder;
+import org.springframework.security.authentication.AuthenticationTrustResolver;
+import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.ReactiveSecurityContextHolder;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.stereotype.Component;
+import org.springframework.web.reactive.function.server.RouterFunction;
+import org.springframework.web.reactive.function.server.ServerResponse;
+import run.halo.app.core.extension.UserConnection;
+import run.halo.app.core.extension.endpoint.CustomEndpoint;
+import run.halo.app.core.user.service.UserConnectionService;
+import run.halo.app.extension.GroupVersion;
+
+/**
+ * User connection endpoint.
+ *
+ * @author johnniang
+ * @since 2.20.0
+ */
+@Component
+public class UserConnectionEndpoint implements CustomEndpoint {
+
+    private final UserConnectionService connectionService;
+
+    private final AuthenticationTrustResolver authenticationTrustResolver =
+        new AuthenticationTrustResolverImpl();
+
+    public UserConnectionEndpoint(UserConnectionService connectionService) {
+        this.connectionService = connectionService;
+    }
+
+    @Override
+    public RouterFunction<ServerResponse> endpoint() {
+        var tag = "UserConnectionV1alpha1Uc";
+        return SpringdocRouteBuilder.route()
+            .PUT(
+                "/user-connections/{registerId}/disconnect",
+                request -> {
+                    var removedUserConnections = ReactiveSecurityContextHolder.getContext()
+                        .map(SecurityContext::getAuthentication)
+                        .filter(authenticationTrustResolver::isAuthenticated)
+                        .map(Authentication::getName)
+                        .flatMapMany(username -> connectionService.removeUserConnection(
+                            request.pathVariable("registerId"), username)
+                        );
+                    return ServerResponse.ok().body(removedUserConnections, UserConnection.class);
+                },
+                builder -> builder.operationId("DisconnectMyConnection")
+                    .description("Disconnect my connection from a third-party platform.")
+                    .tag(tag)
+                    .parameter(Builder.parameterBuilder()
+                        .in(ParameterIn.PATH)
+                        .name("registerId")
+                        .description("The registration ID of the third-party platform.")
+                        .required(true)
+                        .implementation(String.class)
+                    )
+                    .response(responseBuilder().implementationArray(UserConnection.class))
+            )
+            .build();
+    }
+
+    @Override
+    public GroupVersion groupVersion() {
+        return GroupVersion.parseAPIVersion("uc.api.auth.halo.run/v1alpha1");
+    }
+}
--- a/application/src/main/java/run/halo/app/core/user/service/UserConnectionService.java
+++ b/application/src/main/java/run/halo/app/core/user/service/UserConnectionService.java
@ -1,6 +1,7 @@
 package run.halo.app.core.user.service;

 import org.springframework.security.oauth2.core.user.OAuth2User;
+import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 import run.halo.app.core.extension.UserConnection;

@ -32,4 +33,13 @@ public interface UserConnectionService {
        String registrationId, OAuth2User oauth2User
    );

+    /**
+     * Remove user connection.
+     *
+     * @param registrationId Registration ID
+     * @param username Username
+     * @return A list of user connections
+     */
+    Flux<UserConnection> removeUserConnection(String registrationId, String username);
+
 }
--- a/application/src/main/java/run/halo/app/core/user/service/impl/UserConnectionServiceImpl.java
+++ b/application/src/main/java/run/halo/app/core/user/service/impl/UserConnectionServiceImpl.java
@ -7,12 +7,15 @@ import static run.halo.app.extension.index.query.QueryFactory.equal;
 import java.time.Clock;
 import java.util.HashMap;
 import java.util.Optional;
+import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.stereotype.Service;
+import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 import run.halo.app.core.extension.UserConnection;
 import run.halo.app.core.extension.UserConnection.UserConnectionSpec;
 import run.halo.app.core.user.service.UserConnectionService;
+import run.halo.app.event.user.UserConnectionDisconnectedEvent;
 import run.halo.app.extension.ListOptions;
 import run.halo.app.extension.Metadata;
 import run.halo.app.extension.MetadataOperator;
@ -25,10 +28,14 @@ public class UserConnectionServiceImpl implements UserConnectionService {

    private final ReactiveExtensionClient client;

+    private final ApplicationEventPublisher eventPublisher;
+
    private Clock clock = Clock.systemDefaultZone();

-    public UserConnectionServiceImpl(ReactiveExtensionClient client) {
+    public UserConnectionServiceImpl(ReactiveExtensionClient client,
+        ApplicationEventPublisher eventPublisher) {
        this.client = client;
+        this.eventPublisher = eventPublisher;
    }

    void setClock(Clock clock) {
@ -91,6 +98,21 @@ public class UserConnectionServiceImpl implements UserConnectionService {
            .flatMap(connection -> updateUserConnection(connection, oauth2User));
    }

+    @Override
+    public Flux<UserConnection> removeUserConnection(String registrationId, String username) {
+        var listOptions = ListOptions.builder()
+            .fieldQuery(and(
+                equal("spec.registrationId", registrationId),
+                equal("spec.username", username)
+            ))
+            .build();
+        return client.listAll(UserConnection.class, listOptions, defaultSort())
+            .flatMap(client::delete)
+            .doOnNext(deleted ->
+                eventPublisher.publishEvent(new UserConnectionDisconnectedEvent(this, deleted))
+            );
+    }
+
    private void updateUserInfo(MetadataOperator metadata, OAuth2User oauth2User) {
        var annotations = Optional.ofNullable(metadata.getAnnotations())
            .orElseGet(HashMap::new);
--- a/application/src/main/resources/extensions/role-template-authenticated.yaml
+++ b/application/src/main/resources/extensions/role-template-authenticated.yaml
@ -29,6 +29,9 @@ rules:
    resources: [ "plugins/bundle.js", "plugins/bundle.css" ]
    resourceNames: [ "-" ]
    verbs: [ "get" ]
+  - apisGroups: [ "uc.api.auth.halo.run" ]
+    resources: [ "user-connections/disconnect" ]
+    verbs: [ "update" ]
 ---
 apiVersion: v1alpha1
 kind: "Role"