API-Explorer-II/server/controllers/UserController.ts

/*
 * Open Bank Project -  API Explorer II
 * Copyright (C) 2023-2024, TESOBE GmbH
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 * Email: contact@tesobe.com
 * TESOBE GmbH
 * Osloerstrasse 16/17
 * Berlin 13359, Germany
 *
 *   This product includes software developed at
 *   TESOBE (http://www.tesobe.com/)
 *
 */

import { Controller, Session, Req, Res, Get } from 'routing-controllers'
import { Request, Response } from 'express'
import OBPClientService from '../services/OBPClientService'
import { Service, Container } from 'typedi'
import { OAuth2Service } from '../services/OAuth2Service'

@Service()
@Controller('/user')
export class UserController {
  private obpExplorerHome = process.env.VITE_OBP_API_EXPLORER_HOST
  private obpClientService: OBPClientService
  private oauth2Service: OAuth2Service

  constructor() {
    // Explicitly get services from the container to avoid injection issues
    this.obpClientService = Container.get(OBPClientService)
    this.oauth2Service = Container.get(OAuth2Service)
  }

  @Get('/logoff')
  async logout(
    @Session() session: any,
    @Req() request: Request,
    @Res() response: Response
  ): Response {
    console.log('UserController: Logging out user')

    // Clear OAuth2 session data
    delete session['oauth2_access_token']
    delete session['oauth2_refresh_token']
    delete session['oauth2_id_token']
    delete session['oauth2_token_type']
    delete session['oauth2_expires_in']
    delete session['oauth2_token_timestamp']
    delete session['oauth2_user_info']
    delete session['oauth2_user']

    // Destroy the session completely
    session.destroy((err: any) => {
      if (err) {
        console.error('UserController: Error destroying session:', err)
      } else {
        console.log('UserController: Session destroyed successfully')
      }
    })

    const redirectPage = (request.query.redirect as string) || this.obpExplorerHome || '/'

    if (!this.obpExplorerHome) {
      console.error(`VITE_OBP_API_EXPLORER_HOST: ${this.obpExplorerHome}`)
    }

    console.log('UserController: Redirecting to:', redirectPage)
    response.redirect(redirectPage)

    return response
  }

  @Get('/current')
  async current(
    @Session() session: any,
    @Req() request: Request,
    @Res() response: Response
  ): Response {
    console.log('UserController: Getting current user')

    // Check OAuth2 session
    if (session['oauth2_user']) {
      console.log('UserController: Returning OAuth2 user info')
      const oauth2User = session['oauth2_user']

      // Check if access token is expired and needs refresh
      const accessToken = session['oauth2_access_token']
      const refreshToken = session['oauth2_refresh_token']

      if (accessToken && this.oauth2Service.isTokenExpired(accessToken)) {
        console.log('UserController: Access token expired')

        if (refreshToken) {
          console.log('UserController: Attempting token refresh')
          try {
            const newTokens = await this.oauth2Service.refreshAccessToken(refreshToken)

            // Update session with new tokens
            session['oauth2_access_token'] = newTokens.accessToken
            session['oauth2_refresh_token'] = newTokens.refreshToken || refreshToken
            session['oauth2_id_token'] = newTokens.idToken
            session['oauth2_token_timestamp'] = Date.now()
            session['oauth2_expires_in'] = newTokens.expiresIn

            console.log('UserController: Token refresh successful')
          } catch (error) {
            console.error('UserController: Token refresh failed:', error)
            // Return empty object to indicate user needs to re-authenticate
            return response.json({})
          }
        } else {
          console.log('UserController: No refresh token available, user needs to re-authenticate')
          return response.json({})
        }
      }

      // Return user info in format compatible with frontend
      return response.json({
        user_id: oauth2User.sub,
        username: oauth2User.username,
        email: oauth2User.email,
        email_verified: oauth2User.email_verified,
        name: oauth2User.name,
        given_name: oauth2User.given_name,
        family_name: oauth2User.family_name,
        provider: oauth2User.provider || 'oauth2'
      })
    }

    // No authentication session found
    console.log('UserController: No authentication session found')
    return response.json({})
  }
}
update copyright notice 2024-05-14 11:41:52 +00:00			`/*`
			`* Open Bank Project - API Explorer II`
			`* Copyright (C) 2023-2024, TESOBE GmbH`
			`*`
			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License as published by`
			`* the Free Software Foundation, either version 3 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*`
			`* Email: contact@tesobe.com`
			`* TESOBE GmbH`
			`* Osloerstrasse 16/17`
			`* Berlin 13359, Germany`
			`*`
			`* This product includes software developed at`
			`* TESOBE (http://www.tesobe.com/)`
			`*`
			`*/`

FIX: user login 2023-06-05 15:32:25 +00:00			`import { Controller, Session, Req, Res, Get } from 'routing-controllers'`
FIX: home page, login username FEAT:logoff 2023-05-24 21:57:08 +00:00			`import { Request, Response } from 'express'`
			`import OBPClientService from '../services/OBPClientService'`
OAuth2 login first step works 2025-12-01 10:07:05 +00:00			`import { Service, Container } from 'typedi'`
Phase 2: Integrate OAuth2 into application Application Integration: - Update server/app.ts to initialize OAuth2Service on startup * Conditional initialization based on VITE_USE_OAUTH2 flag * OIDC discovery document fetching * Comprehensive error handling and logging * Graceful fallback if OIDC provider unavailable UserController Updates: - Support dual authentication (OAuth 1.0a and OAuth2) - OAuth2 user session detection and retrieval - Automatic token refresh when access token expires - Unified user data format for both auth methods - Enhanced logout to clear both OAuth 1.0a and OAuth2 sessions - Comprehensive logging for debugging Features: - Seamless switching between auth methods via feature flag - Backward compatibility maintained - Automatic token refresh before expiry - Session cleanup on logout - Error handling with fallback to empty response Next phase: Update frontend components for OAuth2 login flow 2025-11-29 18:54:58 +00:00			`import { OAuth2Service } from '../services/OAuth2Service'`
FIX: home page, login username FEAT:logoff 2023-05-24 21:57:08 +00:00
			`@Service()`
			`@Controller('/user')`
			`export class UserController {`
docfix/Rename VITE_OBP_EXPLORER_HOST to VITE_OBP_API_EXPLORER_HOST 2024-05-08 14:55:30 +00:00			`private obpExplorerHome = process.env.VITE_OBP_API_EXPLORER_HOST`
OAuth2 login first step works 2025-12-01 10:07:05 +00:00			`private obpClientService: OBPClientService`
			`private oauth2Service: OAuth2Service`

			`constructor() {`
			`// Explicitly get services from the container to avoid injection issues`
			`this.obpClientService = Container.get(OBPClientService)`
			`this.oauth2Service = Container.get(OAuth2Service)`
			`}`
Phase 2: Integrate OAuth2 into application Application Integration: - Update server/app.ts to initialize OAuth2Service on startup * Conditional initialization based on VITE_USE_OAUTH2 flag * OIDC discovery document fetching * Comprehensive error handling and logging * Graceful fallback if OIDC provider unavailable UserController Updates: - Support dual authentication (OAuth 1.0a and OAuth2) - OAuth2 user session detection and retrieval - Automatic token refresh when access token expires - Unified user data format for both auth methods - Enhanced logout to clear both OAuth 1.0a and OAuth2 sessions - Comprehensive logging for debugging Features: - Seamless switching between auth methods via feature flag - Backward compatibility maintained - Automatic token refresh before expiry - Session cleanup on logout - Error handling with fallback to empty response Next phase: Update frontend components for OAuth2 login flow 2025-11-29 18:54:58 +00:00
FIX: home page, login username FEAT:logoff 2023-05-24 21:57:08 +00:00			`@Get('/logoff')`
FIX: user login 2023-06-05 15:32:25 +00:00			`async logout(`
			`@Session() session: any,`
			`@Req() request: Request,`
			`@Res() response: Response`
			`): Response {`
Phase 2: Integrate OAuth2 into application Application Integration: - Update server/app.ts to initialize OAuth2Service on startup * Conditional initialization based on VITE_USE_OAUTH2 flag * OIDC discovery document fetching * Comprehensive error handling and logging * Graceful fallback if OIDC provider unavailable UserController Updates: - Support dual authentication (OAuth 1.0a and OAuth2) - OAuth2 user session detection and retrieval - Automatic token refresh when access token expires - Unified user data format for both auth methods - Enhanced logout to clear both OAuth 1.0a and OAuth2 sessions - Comprehensive logging for debugging Features: - Seamless switching between auth methods via feature flag - Backward compatibility maintained - Automatic token refresh before expiry - Session cleanup on logout - Error handling with fallback to empty response Next phase: Update frontend components for OAuth2 login flow 2025-11-29 18:54:58 +00:00			`console.log('UserController: Logging out user')`

			`// Clear OAuth2 session data`
			`delete session['oauth2_access_token']`
			`delete session['oauth2_refresh_token']`
			`delete session['oauth2_id_token']`
			`delete session['oauth2_token_type']`
			`delete session['oauth2_expires_in']`
			`delete session['oauth2_token_timestamp']`
			`delete session['oauth2_user_info']`
			`delete session['oauth2_user']`

			`// Destroy the session completely`
			`session.destroy((err: any) => {`
			`if (err) {`
			`console.error('UserController: Error destroying session:', err)`
			`} else {`
			`console.log('UserController: Session destroyed successfully')`
fix page redirect when logout 2025-05-20 11:09:41 +00:00			`}`
Phase 2: Integrate OAuth2 into application Application Integration: - Update server/app.ts to initialize OAuth2Service on startup * Conditional initialization based on VITE_USE_OAUTH2 flag * OIDC discovery document fetching * Comprehensive error handling and logging * Graceful fallback if OIDC provider unavailable UserController Updates: - Support dual authentication (OAuth 1.0a and OAuth2) - OAuth2 user session detection and retrieval - Automatic token refresh when access token expires - Unified user data format for both auth methods - Enhanced logout to clear both OAuth 1.0a and OAuth2 sessions - Comprehensive logging for debugging Features: - Seamless switching between auth methods via feature flag - Backward compatibility maintained - Automatic token refresh before expiry - Session cleanup on logout - Error handling with fallback to empty response Next phase: Update frontend components for OAuth2 login flow 2025-11-29 18:54:58 +00:00			`})`

			`const redirectPage = (request.query.redirect as string) \|\| this.obpExplorerHome \|\| '/'`

			`if (!this.obpExplorerHome) {`
			console.error(`VITE_OBP_API_EXPLORER_HOST: ${this.obpExplorerHome}`)
docfix/Add more logging regarding the logoff feature 2024-10-03 08:26:40 +00:00			`}`
fix page redirect when logout 2025-05-20 11:09:41 +00:00
Phase 2: Integrate OAuth2 into application Application Integration: - Update server/app.ts to initialize OAuth2Service on startup * Conditional initialization based on VITE_USE_OAUTH2 flag * OIDC discovery document fetching * Comprehensive error handling and logging * Graceful fallback if OIDC provider unavailable UserController Updates: - Support dual authentication (OAuth 1.0a and OAuth2) - OAuth2 user session detection and retrieval - Automatic token refresh when access token expires - Unified user data format for both auth methods - Enhanced logout to clear both OAuth 1.0a and OAuth2 sessions - Comprehensive logging for debugging Features: - Seamless switching between auth methods via feature flag - Backward compatibility maintained - Automatic token refresh before expiry - Session cleanup on logout - Error handling with fallback to empty response Next phase: Update frontend components for OAuth2 login flow 2025-11-29 18:54:58 +00:00			`console.log('UserController: Redirecting to:', redirectPage)`
			`response.redirect(redirectPage)`

FIX: home page, login username FEAT:logoff 2023-05-24 21:57:08 +00:00			`return response`
			`}`

			`@Get('/current')`
FIX: user login 2023-06-05 15:32:25 +00:00			`async current(`
			`@Session() session: any,`
			`@Req() request: Request,`
			`@Res() response: Response`
			`): Response {`
Phase 2: Integrate OAuth2 into application Application Integration: - Update server/app.ts to initialize OAuth2Service on startup * Conditional initialization based on VITE_USE_OAUTH2 flag * OIDC discovery document fetching * Comprehensive error handling and logging * Graceful fallback if OIDC provider unavailable UserController Updates: - Support dual authentication (OAuth 1.0a and OAuth2) - OAuth2 user session detection and retrieval - Automatic token refresh when access token expires - Unified user data format for both auth methods - Enhanced logout to clear both OAuth 1.0a and OAuth2 sessions - Comprehensive logging for debugging Features: - Seamless switching between auth methods via feature flag - Backward compatibility maintained - Automatic token refresh before expiry - Session cleanup on logout - Error handling with fallback to empty response Next phase: Update frontend components for OAuth2 login flow 2025-11-29 18:54:58 +00:00			`console.log('UserController: Getting current user')`

OAuth1 to OAuth2 2025-11-30 09:11:51 +00:00			`// Check OAuth2 session`
			`if (session['oauth2_user']) {`
Phase 2: Integrate OAuth2 into application Application Integration: - Update server/app.ts to initialize OAuth2Service on startup * Conditional initialization based on VITE_USE_OAUTH2 flag * OIDC discovery document fetching * Comprehensive error handling and logging * Graceful fallback if OIDC provider unavailable UserController Updates: - Support dual authentication (OAuth 1.0a and OAuth2) - OAuth2 user session detection and retrieval - Automatic token refresh when access token expires - Unified user data format for both auth methods - Enhanced logout to clear both OAuth 1.0a and OAuth2 sessions - Comprehensive logging for debugging Features: - Seamless switching between auth methods via feature flag - Backward compatibility maintained - Automatic token refresh before expiry - Session cleanup on logout - Error handling with fallback to empty response Next phase: Update frontend components for OAuth2 login flow 2025-11-29 18:54:58 +00:00			`console.log('UserController: Returning OAuth2 user info')`
			`const oauth2User = session['oauth2_user']`

			`// Check if access token is expired and needs refresh`
			`const accessToken = session['oauth2_access_token']`
			`const refreshToken = session['oauth2_refresh_token']`

			`if (accessToken && this.oauth2Service.isTokenExpired(accessToken)) {`
			`console.log('UserController: Access token expired')`

			`if (refreshToken) {`
			`console.log('UserController: Attempting token refresh')`
			`try {`
			`const newTokens = await this.oauth2Service.refreshAccessToken(refreshToken)`

			`// Update session with new tokens`
			`session['oauth2_access_token'] = newTokens.accessToken`
			`session['oauth2_refresh_token'] = newTokens.refreshToken \|\| refreshToken`
			`session['oauth2_id_token'] = newTokens.idToken`
			`session['oauth2_token_timestamp'] = Date.now()`
			`session['oauth2_expires_in'] = newTokens.expiresIn`

			`console.log('UserController: Token refresh successful')`
			`} catch (error) {`
			`console.error('UserController: Token refresh failed:', error)`
			`// Return empty object to indicate user needs to re-authenticate`
			`return response.json({})`
			`}`
			`} else {`
			`console.log('UserController: No refresh token available, user needs to re-authenticate')`
			`return response.json({})`
			`}`
			`}`

			`// Return user info in format compatible with frontend`
			`return response.json({`
			`user_id: oauth2User.sub,`
			`username: oauth2User.username,`
			`email: oauth2User.email,`
			`email_verified: oauth2User.email_verified,`
			`name: oauth2User.name,`
			`given_name: oauth2User.given_name,`
			`family_name: oauth2User.family_name,`
			`provider: oauth2User.provider \|\| 'oauth2'`
			`})`
			`}`

OAuth1 to OAuth2 2025-11-30 09:11:51 +00:00			`// No authentication session found`
			`console.log('UserController: No authentication session found')`
			`return response.json({})`
FIX: home page, login username FEAT:logoff 2023-05-24 21:57:08 +00:00			`}`
			`}`