Fix auth tests

2026-02-05 11:49:25 +00:00 · 2026-01-12 17:40:07 +01:00
parent 8a76ab2fb9
commit 68e3a29268
4 changed files with 35 additions and 2 deletions
--- a/src/main/java/dev/kruhlmann/imgfloat/config/OAuth2AuthorizedClientPersistenceConfig.java
+++ b/src/main/java/dev/kruhlmann/imgfloat/config/OAuth2AuthorizedClientPersistenceConfig.java
@@ -2,6 +2,7 @@ package dev.kruhlmann.imgfloat.config;

 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.env.Environment;
 import org.springframework.jdbc.core.JdbcOperations;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
@@ -14,9 +15,14 @@ public class OAuth2AuthorizedClientPersistenceConfig {
    @Bean
    OAuth2AuthorizedClientService oauth2AuthorizedClientService(
        JdbcOperations jdbcOperations,
-        ClientRegistrationRepository clientRegistrationRepository
+        ClientRegistrationRepository clientRegistrationRepository,
+        Environment environment
    ) {
-        return new SQLiteOAuth2AuthorizedClientService(jdbcOperations, clientRegistrationRepository);
+        return new SQLiteOAuth2AuthorizedClientService(
+            jdbcOperations,
+            clientRegistrationRepository,
+            OAuthTokenCipher.fromEnvironment(environment)
+        );
    }

    @Bean
--- a/src/main/java/dev/kruhlmann/imgfloat/config/OAuthTokenCipher.java
+++ b/src/main/java/dev/kruhlmann/imgfloat/config/OAuthTokenCipher.java
@@ -12,6 +12,7 @@ import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.core.env.Environment;

 public class OAuthTokenCipher {

@@ -52,6 +53,28 @@ public class OAuthTokenCipher {
        return new OAuthTokenCipher(primaryKey, keys);
    }

+    public static OAuthTokenCipher fromEnvironment(Environment environment) {
+        String base64Key = environment.getProperty(KEY_ENV);
+        if (base64Key == null || base64Key.isBlank()) {
+            throw new IllegalStateException(KEY_ENV + " is required to encrypt OAuth tokens");
+        }
+        SecretKey primaryKey = decodeKey(base64Key, KEY_ENV);
+        List<SecretKey> keys = new ArrayList<>();
+        keys.add(primaryKey);
+
+        String previousKeys = environment.getProperty(PREVIOUS_KEYS_ENV);
+        if (previousKeys != null && !previousKeys.isBlank()) {
+            for (String value : previousKeys.split(",")) {
+                String trimmed = value.trim();
+                if (!trimmed.isEmpty()) {
+                    keys.add(decodeKey(trimmed, PREVIOUS_KEYS_ENV));
+                }
+            }
+        }
+
+        return new OAuthTokenCipher(primaryKey, keys);
+    }
+
    public String encrypt(String plaintext) {
        if (plaintext == null) {
            return null;