Fix #32581: log id token and user info claims even if not using roles

LEDfan · LEDfan · commit eae87f41c57e · 2024-03-11T09:45:05.000+01:00
diff --git a/src/main/java/eu/openanalytics/containerproxy/auth/impl/OpenIDAuthenticationBackend.java b/src/main/java/eu/openanalytics/containerproxy/auth/impl/OpenIDAuthenticationBackend.java
@@ -158,12 +158,15 @@ public Set<GrantedAuthority> parseClaims(StandardClaimAccessor standardClaimAcce
                 .collect(Collectors.joining(lineSep));
             log.debug(String.format("Available claims in %s (%d):%s%s", logInfo, standardClaimAccessor.getClaims().size(), lineSep, claims));
         }
+        Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
+        if (rolesClaimName == null || rolesClaimName.isEmpty()) {
+            return mappedAuthorities;
+        }
 
         Object claimValue = standardClaimAccessor
             .getClaims()
             .get(rolesClaimName);
 
-        Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
         for (String role : parseRolesClaim(log, logInfo, rolesClaimName, claimValue)) {
             String mappedRole = role
                 .toUpperCase()
@@ -285,22 +288,18 @@ public LogoutSuccessHandler getLogoutSuccessHandler() {
 
     protected GrantedAuthoritiesMapper createAuthoritiesMapper() {
         String rolesClaimName = environment.getProperty("proxy.openid.roles-claim");
-        if (rolesClaimName == null || rolesClaimName.isEmpty()) {
-            return authorities -> authorities;
-        } else {
-            return authorities -> {
-                Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
-                for (GrantedAuthority auth : authorities) {
-                    if (auth instanceof OidcUserAuthority) {
-                        OidcIdToken idToken = ((OidcUserAuthority) auth).getIdToken();
-                        mappedAuthorities.addAll(parseClaims(idToken, rolesClaimName));
-                        OidcUserInfo userInfo = ((OidcUserAuthority) auth).getUserInfo();
-                        mappedAuthorities.addAll(parseClaims(userInfo, rolesClaimName));
-                    }
+        return authorities -> {
+            Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
+            for (GrantedAuthority auth : authorities) {
+                if (auth instanceof OidcUserAuthority) {
+                    OidcIdToken idToken = ((OidcUserAuthority) auth).getIdToken();
+                    mappedAuthorities.addAll(parseClaims(idToken, rolesClaimName));
+                    OidcUserInfo userInfo = ((OidcUserAuthority) auth).getUserInfo();
+                    mappedAuthorities.addAll(parseClaims(userInfo, rolesClaimName));
                 }
-                return mappedAuthorities;
-            };
-        }
+            }
+            return mappedAuthorities;
+        };
     }
 
     protected OidcUserService createOidcUserService() {
