add JWT decoder

merge user info from jwt and user endpoint

Author: Thomas

server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/authentication/request/oauth2/request/GenericAuthRequest.java

@@ -3,6 +3,7 @@
 import org.lowcoder.api.authentication.request.AuthException;
 import org.lowcoder.api.authentication.request.oauth2.GenericOAuthProviderSource;
 import org.lowcoder.api.authentication.request.oauth2.OAuth2RequestContext;
+import org.lowcoder.api.authentication.util.JwtDecoderUtil;
 import org.lowcoder.domain.user.model.AuthToken;
 import org.lowcoder.domain.user.model.AuthUser;
 import org.lowcoder.sdk.auth.Oauth2GenericAuthConfig;
@@ -14,8 +15,7 @@
 
 import java.util.Map;
 
-import static org.lowcoder.api.authentication.util.AuthenticationUtils.mapToAuthToken;
-import static org.lowcoder.api.authentication.util.AuthenticationUtils.mapToAuthUser;
+import static org.lowcoder.api.authentication.util.AuthenticationUtils.*;
 import static org.lowcoder.sdk.plugin.common.constant.Constants.HTTP_TIMEOUT;
 
 /**
@@ -75,7 +75,22 @@ protected Mono<AuthToken> refreshAuthToken(String refreshToken) {
 
     @Override
     protected Mono<AuthUser> getAuthUser(AuthToken authToken) {
-        if(!Boolean.TRUE.equals(config.getUserInfoIntrospection())) return Mono.just(AuthUser.builder().build());
+        //parse the JWT token
+        String jwt = authToken.getJwt();
+        Map<String, Object> jwtMap = null;
+        if(jwt != null) {
+            try {
+                jwtMap = JwtDecoderUtil.decodeJwtPayload(jwt);
+            } catch (Exception ignored) {
+            }
+        }
+
+        if(!Boolean.TRUE.equals(config.getUserInfoIntrospection())) {
+            if(jwtMap == null) return Mono.error(new AuthException("No JWT token found"));
+            return Mono.just(mapToAuthUser(jwtMap, config.getSourceMappings()));
+        }
+
+        Map<String, Object> finalJwtMap = jwtMap;
         return WebClientBuildHelper.builder()
                 .systemProxy()
                 .timeoutMs(HTTP_TIMEOUT)
@@ -89,7 +104,8 @@ protected Mono<AuthUser> getAuthUser(AuthToken authToken) {
                     if (map.containsKey("error") || map.containsKey("error_description")) {
                         return Mono.error(new AuthException(JsonUtils.toJson(map)));
                     }
-                    return Mono.just(mapToAuthUser(map, config.getSourceMappings()));
+                    AuthUser merged = mergeAuthUser(mapToAuthUser(finalJwtMap, config.getSourceMappings()), mapToAuthUser(map, config.getSourceMappings()));
+                    return Mono.just(merged);
                 });
     }
 }

server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/authentication/util/AdvancedMapUtils.java

@@ -12,6 +12,7 @@ public class AdvancedMapUtils {
      * @return The string value if found, otherwise null.
      */
     public static String getString(Map<String, Object> map, String key) {
+        if(key == null) return null;
         String[] parts = key.split("\\.");
         Object current = map;
 

server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/authentication/util/AuthenticationUtils.java

@@ -93,4 +93,20 @@ public static AuthUser mapToAuthUser(Map<String, Object> map, HashMap<String, St
                 .rawUserInfo(map)
                 .build();
     }
+
+    /**
+     * Merge two AuthUser object - overwrite high into low
+     * @param low base object for merge
+     * @param high overwriting object
+     * @return
+     */
+    public static AuthUser mergeAuthUser(AuthUser low, AuthUser high) {
+        return AuthUser.builder()
+                .uid(high.getUid() != null ? high.getUid() : low.getUid())
+                .username(high.getUsername() != null ? high.getUsername() : low.getUsername())
+                .avatar(high.getAvatar() != null ? high.getAvatar() : low.getAvatar())
+                .rawUserInfo(high.getRawUserInfo() != null ? high.getRawUserInfo() : low.getRawUserInfo())
+                .authToken(high.getAuthToken() != null ? high.getAuthToken() : low.getAuthToken())
+                .build();
+    }
 }

server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/authentication/util/JwtDecoderUtil.java

@@ -0,0 +1,35 @@
+package org.lowcoder.api.authentication.util;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import java.util.Base64;
+import java.util.Map;
+
+public class JwtDecoderUtil {
+
+    private static final ObjectMapper objectMapper = new ObjectMapper();
+
+    /**
+     * Decodes the payload of a JWT without verifying its signature.
+     *
+     * @param jwt The JWT string.
+     * @return A Map representing the decoded JWT payload.
+     * @throws Exception if there is an error decoding the JWT.
+     */
+    public static Map<String, Object> decodeJwtPayload(String jwt) throws Exception {
+        // Split the JWT into its components
+        String[] parts = jwt.split("\\.");
+        if (parts.length < 2) {
+            throw new IllegalArgumentException("Invalid JWT format.");
+        }
+
+        // Base64-decode the payload
+        String payload = parts[1];
+        byte[] decodedBytes = Base64.getUrlDecoder().decode(payload);
+
+        // Convert the decoded bytes to a JSON string
+        String decodedString = new String(decodedBytes);
+
+        // Convert the JSON string to a Map
+        return objectMapper.readValue(decodedString, Map.class);
+    }
+}

server/api-service/lowcoder-server/src/test/java/org/lowcoder/api/authentication/JwtDecoderUtilTest.java

@@ -0,0 +1,60 @@
+package org.lowcoder.api.authentication;
+
+import org.junit.jupiter.api.Test;
+import org.lowcoder.api.authentication.util.JwtDecoderUtil;
+
+import java.util.Map;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+class JwtDecoderUtilTest {
+
+    @Test
+    void testDecodeJwtPayload_ValidJwt() throws Exception {
+        // Example JWT with payload: {"sub":"1234567890","name":"John Doe","iat":1516239022}
+        String jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
+
+        Map<String, Object> payload = JwtDecoderUtil.decodeJwtPayload(jwt);
+
+        assertNotNull(payload);
+        assertEquals("1234567890", payload.get("sub"));
+        assertEquals("John Doe", payload.get("name"));
+        assertEquals(1516239022, payload.get("iat"));
+    }
+
+    @Test
+    void testDecodeJwtPayload_InvalidJwtFormat() {
+        // Example of an invalid JWT (missing parts)
+        String jwt = "invalid-jwt";
+
+        Exception exception = assertThrows(IllegalArgumentException.class, () -> {
+            JwtDecoderUtil.decodeJwtPayload(jwt);
+        });
+
+        assertEquals("Invalid JWT format.", exception.getMessage());
+    }
+
+    @Test
+    void testDecodeJwtPayload_InvalidBase64() {
+        // Example of a JWT with an invalid base64 payload part
+        String jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.invalid-base64.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
+
+        Exception exception = assertThrows(Exception.class, () -> {
+            JwtDecoderUtil.decodeJwtPayload(jwt);
+        });
+
+        assertTrue(exception instanceof IllegalArgumentException || exception instanceof java.io.IOException);
+    }
+
+    @Test
+    void testDecodeJwtPayload_EmptyPayload() throws Exception {
+        // Example of a JWT with an empty payload
+        String jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
+
+        Exception exception = assertThrows(Exception.class, () -> {
+            JwtDecoderUtil.decodeJwtPayload(jwt);
+        });
+
+        assertTrue(exception instanceof java.io.IOException);
+    }
+}