mirror of
https://github.com/arsvendg/Stirling-PDF.git
synced 2026-07-14 10:34:06 +02:00
This PR migrates the login features from V1 into V2.
---
- Login via username/password
- SSO login (Google & GitHub)
-- Fixed issue where users authenticating via SSO (OAuth2/SAML2) were
identified by configurable username attributes (email,
preferred_username, etc.), causing:
- Duplicate accounts when username attributes changed
- Authentication failures when claim/NameID configuration changed
- Data redundancy from same user having multiple accounts
- Added `sso_provider_id` column to store provider's unique identifier
(OIDC sub claim / SAML2 NameID)
- Added `sso_provider` column to store provider name (e.g., "google",
"github", "saml2")
- User.java:65-69
Backend Changes:
- Updated UserRepository with findBySsoProviderAndSsoProviderId() method
(UserRepository.java:25)
- Modified UserService.processSSOPostLogin() to implement lookup
priority:
a. Find by (`ssoProvider`, `ssoProviderId`) first
b. Fallback to username for backward compatibility
c. Automatically migrate existing users by adding provider IDs
(UserService.java:64-107)
- Updated saveUserCore() to accept and store SSO provider details
(UserService.java:506-566)
OAuth2 Integration:
- CustomOAuth2UserService: Extracts OIDC sub claim and registration ID
(CustomOAuth2UserService.java:49-59)
- CustomOAuth2AuthenticationSuccessHandler: Passes provider info to
processSSOPostLogin()
(CustomOAuth2AuthenticationSuccessHandler.java:95-108)
SAML2 Integration:
- CustomSaml2AuthenticationSuccessHandler: Extracts NameID from SAML2
assertion (CustomSaml2AuthenticationSuccessHandler.java:120-133)
---
- Configurable Rate Limiting
Changes:
- Added RateLimit configuration class to ApplicationProperties.Security
(ApplicationProperties.java:314-317)
- Made reset schedule configurable: security.rate-limit.reset-schedule
(default: "0 0 0 * * MON")
- Made max requests configurable: security.rate-limit.max-requests
(default: 1000)
- Updated RateLimitResetScheduler to use @Scheduled(cron =
"${security.rate-limit.reset-schedule:0 0 0 * * MON}")
(RateLimitResetScheduler.java:16)
- Updated SecurityConfiguration.rateLimitingFilter() to use configured
value (SecurityConfiguration.java:377)
---
- Enable access without security features
Backend:
- Added /api/v1/config to permitAll endpoints
(SecurityConfiguration.java:261)
- Config endpoint already returns enableLogin status
(ConfigController.java:60)
Frontend:
- AuthProvider now checks enableLogin before attempting JWT validation
(UseSession.tsx:98-112)
- If enableLogin=false, skips authentication entirely and sets
session=null
- Landing component bypasses auth check when enableLogin=false
(Landing.tsx:42-46)
- Added createAnonymousUser() and createAnonymousSession() utilities
(springAuthClient.ts:440-464)
Closes #3046
---
## Checklist
### General
- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md)
(if applicable)
- [x] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [x] I have performed a self-review of my own code
- [x] My changes generate no new warnings
### Documentation
- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)
### UI Changes (if applicable)
- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)
### Testing (if applicable)
- [x] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing)
for more details.
---------
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: stirlingbot[bot] <stirlingbot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ludy <[email protected]>
Co-authored-by: EthanHealy01 <[email protected]>
Co-authored-by: Ethan <[email protected]>
Co-authored-by: Anthony Stirling <[email protected]>
Co-authored-by: stirlingbot[bot] <195170888+stirlingbot[bot]@users.noreply.github.com>
162 lines
5.2 KiB
TypeScript
162 lines
5.2 KiB
TypeScript
import { useEffect } from 'react'
|
|
import '../authShared/auth.css'
|
|
import { useTranslation } from 'react-i18next'
|
|
import { SignupFieldErrors } from './SignupFormValidation'
|
|
|
|
interface SignupFormProps {
|
|
name?: string
|
|
email: string
|
|
password: string
|
|
confirmPassword: string
|
|
agree?: boolean
|
|
setName?: (name: string) => void
|
|
setEmail: (email: string) => void
|
|
setPassword: (password: string) => void
|
|
setConfirmPassword: (password: string) => void
|
|
setAgree?: (agree: boolean) => void
|
|
onSubmit: () => void
|
|
isSubmitting: boolean
|
|
fieldErrors?: SignupFieldErrors
|
|
showName?: boolean
|
|
showTerms?: boolean
|
|
}
|
|
|
|
export default function SignupForm({
|
|
name = '',
|
|
email,
|
|
password,
|
|
confirmPassword,
|
|
agree = true,
|
|
setName,
|
|
setEmail,
|
|
setPassword,
|
|
setConfirmPassword,
|
|
setAgree,
|
|
onSubmit,
|
|
isSubmitting,
|
|
fieldErrors = {},
|
|
showName = false,
|
|
showTerms = false
|
|
}: SignupFormProps) {
|
|
const { t } = useTranslation()
|
|
const showConfirm = password.length >= 4
|
|
|
|
useEffect(() => {
|
|
if (!showConfirm && confirmPassword) {
|
|
setConfirmPassword('')
|
|
}
|
|
}, [showConfirm, confirmPassword, setConfirmPassword])
|
|
|
|
return (
|
|
<>
|
|
<div className="auth-fields">
|
|
{showName && (
|
|
<div className="auth-field">
|
|
<label htmlFor="name" className="auth-label">{t('signup.name')}</label>
|
|
<input
|
|
id="name"
|
|
type="text"
|
|
name="name"
|
|
autoComplete="name"
|
|
placeholder={t('signup.enterName')}
|
|
value={name}
|
|
onChange={(e) => setName?.(e.target.value)}
|
|
className={`auth-input ${fieldErrors.name ? 'auth-input-error' : ''}`}
|
|
/>
|
|
{fieldErrors.name && (
|
|
<div className="auth-field-error">{fieldErrors.name}</div>
|
|
)}
|
|
</div>
|
|
)}
|
|
|
|
<div className="auth-field">
|
|
<label htmlFor="email" className="auth-label">{t('signup.email')}</label>
|
|
<input
|
|
id="email"
|
|
type="email"
|
|
name="email"
|
|
autoComplete="email"
|
|
placeholder={t('signup.enterEmail')}
|
|
value={email}
|
|
onChange={(e) => setEmail(e.target.value)}
|
|
onKeyPress={(e) => e.key === 'Enter' && !isSubmitting && onSubmit()}
|
|
className={`auth-input ${fieldErrors.email ? 'auth-input-error' : ''}`}
|
|
/>
|
|
{fieldErrors.email && (
|
|
<div className="auth-field-error">{fieldErrors.email}</div>
|
|
)}
|
|
</div>
|
|
|
|
<div className="auth-field">
|
|
<label htmlFor="password" className="auth-label">{t('signup.password')}</label>
|
|
<input
|
|
id="password"
|
|
type="password"
|
|
name="new-password"
|
|
autoComplete="new-password"
|
|
placeholder={t('signup.enterPassword')}
|
|
value={password}
|
|
onChange={(e) => setPassword(e.target.value)}
|
|
onKeyPress={(e) => e.key === 'Enter' && !isSubmitting && onSubmit()}
|
|
className={`auth-input ${fieldErrors.password ? 'auth-input-error' : ''}`}
|
|
/>
|
|
{fieldErrors.password && (
|
|
<div className="auth-field-error">{fieldErrors.password}</div>
|
|
)}
|
|
</div>
|
|
|
|
<div
|
|
aria-hidden={!showConfirm}
|
|
className="auth-confirm"
|
|
style={{ maxHeight: showConfirm ? 96 : 0, opacity: showConfirm ? 1 : 0 }}
|
|
>
|
|
<div className="auth-field">
|
|
<label htmlFor="confirmPassword" className="auth-label">{t('signup.confirmPassword')}</label>
|
|
<input
|
|
id="confirmPassword"
|
|
type="password"
|
|
name="new-password"
|
|
autoComplete="new-password"
|
|
placeholder={t('signup.confirmPasswordPlaceholder')}
|
|
value={confirmPassword}
|
|
onChange={(e) => setConfirmPassword(e.target.value)}
|
|
onKeyPress={(e) => e.key === 'Enter' && !isSubmitting && onSubmit()}
|
|
className={`auth-input ${fieldErrors.confirmPassword ? 'auth-input-error' : ''}`}
|
|
/>
|
|
{fieldErrors.confirmPassword && (
|
|
<div className="auth-field-error">{fieldErrors.confirmPassword}</div>
|
|
)}
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
{/* Terms - only show if showTerms is true */}
|
|
{showTerms && (
|
|
<div className="auth-terms">
|
|
<input
|
|
id="agree"
|
|
type="checkbox"
|
|
checked={agree}
|
|
onChange={(e) => setAgree?.(e.target.checked)}
|
|
className="auth-checkbox"
|
|
/>
|
|
<label htmlFor="agree" className="auth-terms-label">
|
|
{t("legal.iAgreeToThe", 'I agree to all of the')} {" "}
|
|
<a href="https://www.stirlingpdf.com/terms" target="_blank" rel="noopener noreferrer">
|
|
{t('legal.terms', 'Terms and Conditions')}
|
|
</a>
|
|
</label>
|
|
</div>
|
|
)}
|
|
|
|
{/* Sign Up Button */}
|
|
<button
|
|
onClick={onSubmit}
|
|
disabled={isSubmitting || !email || !password || !confirmPassword || (showTerms && !agree)}
|
|
className="auth-button"
|
|
>
|
|
{isSubmitting ? t('signup.creatingAccount') : t('signup.signUp')}
|
|
</button>
|
|
</>
|
|
)
|
|
} |