feat: scrap for each Oauth2 providers favicon (#403)

amosalb · web-flow · commit 691c7a81e92b · 2025-12-17T04:47:30.000-05:00
diff --git a/server/src/main/java/dev/findfirst/users/controller/UserController.java b/server/src/main/java/dev/findfirst/users/controller/UserController.java
@@ -6,7 +6,6 @@
 import java.net.URISyntaxException;
 import java.nio.file.Files;
 import java.rmi.UnexpectedException;
-import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 
@@ -32,12 +31,12 @@
 import dev.findfirst.users.model.user.TokenPassword;
 import dev.findfirst.users.model.user.User;
 import dev.findfirst.users.service.ForgotPasswordService;
+import dev.findfirst.users.service.Oauth2SourceService;
 import dev.findfirst.users.service.RegistrationService;
 import dev.findfirst.users.service.UserManagementService;
 
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.io.FileSystemResource;
 import org.springframework.core.io.Resource;
@@ -46,7 +45,6 @@
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseCookie;
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 
@@ -65,12 +63,8 @@ public class UserController {
 
   private final RefreshTokenService refreshTokenService;
 
-  private InMemoryClientRegistrationRepository oauth2Providers;
+  private final Oauth2SourceService oauth2SourceService;
 
-  @Autowired(required = false)
-  public void setOauth2(InMemoryClientRegistrationRepository clients) {
-    this.oauth2Providers = clients;
-  }
 
   @Value("${findfirst.app.frontend-url}")
   private String frontendUrl;
@@ -93,30 +87,7 @@ public ResponseEntity<User> userInfo() throws NoUserFoundException {
 
   @GetMapping("/oauth2Providers")
   public ResponseEntity<List<Oauth2Source>> oauth2Providers() {
-    List<Oauth2Source> listOfAuth2Providers = new ArrayList<>();
-    if (oauth2Providers == null) {
-      return ResponseEntity.ofNullable(listOfAuth2Providers);
-    }
-    oauth2Providers.iterator().forEachRemaining(provider -> {
-      var tknUri = provider.getProviderDetails().getTokenUri();
-      log.debug("Token URI {}", tknUri);
-      // skip http(s)://
-      var noProto = "";
-      if (tknUri.contains("https://")) {
-        noProto = tknUri.substring(8);
-      } else {
-        log.debug("provider without https {}", tknUri);
-        // do we really want to trust anything that isn't https?
-        return;
-      }
-      var favDomain = noProto.indexOf("/");
-      var faviconURI = "https://" + noProto.substring(0, favDomain) + "/favicon.ico";
-      var registrationId = provider.getRegistrationId();
-      log.debug("Favicon URI {}", faviconURI);
-      listOfAuth2Providers.add(new Oauth2Source(provider.getClientName(), faviconURI,
-          "oauth2/authorization/" + registrationId));
-    });
-    return ResponseEntity.ofNullable(listOfAuth2Providers);
+    return ResponseEntity.ok(oauth2SourceService.oauth2Sources());
   }
 
   @PostMapping("/signup")
diff --git a/server/src/main/java/dev/findfirst/users/service/Oauth2SourceService.java b/server/src/main/java/dev/findfirst/users/service/Oauth2SourceService.java
@@ -0,0 +1,76 @@
+package dev.findfirst.users.service;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import jakarta.annotation.PostConstruct;
+
+import dev.findfirst.users.model.oauth2.Oauth2Source;
+
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.jsoup.Jsoup;
+import org.jsoup.nodes.Element;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
+import org.springframework.stereotype.Service;
+
+@Service
+@RequiredArgsConstructor
+@Slf4j
+public class Oauth2SourceService {
+
+  private InMemoryClientRegistrationRepository oauth2Providers;
+
+  private final List<Oauth2Source> oauth2Sources = new ArrayList<>();
+
+  @PostConstruct
+  void init() {
+    oauth2Providers.iterator().forEachRemaining(provider -> {
+      var tknUri = provider.getProviderDetails().getTokenUri();
+      log.debug("Token URI {}", tknUri);
+      // skip http(s)://
+      if (!tknUri.contains("https://")) {
+        log.debug("provider without https {}", tknUri);
+        // do we really want to trust anything that isn't https?
+        return;
+      }
+      oauth2Sources.add(new Oauth2Source(provider.getClientName(), getFaviconURI(provider),
+          "oauth2/authorization/" + provider.getRegistrationId()));
+    });
+  }
+
+  public List<Oauth2Source> oauth2Sources() {
+    return oauth2Sources;
+  }
+
+  @Autowired(required = false)
+  public void setOauth2Providers(InMemoryClientRegistrationRepository oauth2Providers) {
+    this.oauth2Providers = oauth2Providers;
+  }
+
+  private String getFaviconURI(ClientRegistration provider) {
+    var targetUri = provider.getProviderDetails().getAuthorizationUri();
+    log.debug("Scraping {} for favicon URI", targetUri);
+    try {
+      Element link = Jsoup.connect(targetUri).userAgent("Mozilla").get().head()
+          .select("link[href~=.*\\.(ico|png)]").first();
+
+      if (link == null) {
+        log.debug("No favicon URI found at {}", targetUri);
+        return null;
+      }
+
+      String href = link.attr("href");
+      log.debug("Found favicon URI: {}", href);
+      return href;
+    } catch (IOException e) {
+      log.error("Failed to scrape {}", targetUri, e);
+      return null;
+    }
+
+  }
+
+}
diff --git a/server/src/test/java/dev/findfirst/users/service/Oauth2SourceServiceTest.java b/server/src/test/java/dev/findfirst/users/service/Oauth2SourceServiceTest.java
@@ -0,0 +1,136 @@
+package dev.findfirst.users.service;
+
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.Mockito.*;
+
+import java.io.IOException;
+import java.util.List;
+
+import dev.findfirst.users.model.oauth2.Oauth2Source;
+
+import org.jsoup.Connection;
+import org.jsoup.Jsoup;
+import org.jsoup.nodes.Document;
+import org.jsoup.nodes.Element;
+import org.jsoup.select.Elements;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.MockedStatic;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+
+class Oauth2SourceServiceTest {
+
+  private Oauth2SourceService service;
+
+  private ClientRegistration provider;
+
+  @BeforeEach
+  void setUp() {
+    provider = ClientRegistration.withRegistrationId("test").clientName("Test Provider")
+        .authorizationUri("https://www.example-auth.com")
+        .authorizationGrantType(AuthorizationGrantType.JWT_BEARER)
+        .tokenUri("https://www.example.com").build();
+    var providers = new InMemoryClientRegistrationRepository(List.of(provider));
+    service = new Oauth2SourceService();
+    service.setOauth2Providers(providers);
+  }
+
+  @Test
+  void testReturnsOauth2SourcesWithIconUrl_WhenFoundedAtWebsite() throws IOException {
+    try (MockedStatic<Jsoup> jsoupMock = mockStatic(Jsoup.class)) {
+      Connection mockConnection = mock(Connection.class);
+      Document mockDoc = mock(Document.class);
+      Element mockElement = mock(Element.class);
+      Elements mockElements = mock(Elements.class);
+
+      when(mockConnection.userAgent(anyString())).thenReturn(mockConnection);
+      when(mockConnection.get()).thenReturn(mockDoc);
+      when(mockDoc.head()).thenReturn(mockElement);
+      when(mockElement.select(anyString())).thenReturn(mockElements);
+      when(mockElements.first()).thenReturn(mockElement);
+      when(mockElement.attr("href")).thenReturn("https://example.com/assets/favicon.ico");
+      jsoupMock.when(() -> Jsoup.connect(anyString())).thenReturn(mockConnection);
+
+      service.init();
+
+      List<Oauth2Source> oauth2Sources = service.oauth2Sources();
+
+      assertFalse(oauth2Sources.isEmpty());
+      var oauth2Source = oauth2Sources.getFirst();
+      assertEquals(provider.getClientName(), oauth2Source.provider());
+      assertEquals("https://example.com/assets/favicon.ico", oauth2Source.iconUrl());
+      assertEquals("oauth2/authorization/" + provider.getRegistrationId(),
+          oauth2Source.authEndpoint());
+
+
+    }
+  }
+
+  @Test
+  void testReturnsOauth2SourcesWithoutIconUrl_WhenNotFoundedAtWebsite() throws IOException {
+    try (MockedStatic<Jsoup> jsoupMock = mockStatic(Jsoup.class)) {
+      Connection mockConnection = mock(Connection.class);
+      Document mockDoc = mock(Document.class);
+      Element mockElement = mock(Element.class);
+      Elements mockElements = mock(Elements.class);
+
+      when(mockConnection.userAgent(anyString())).thenReturn(mockConnection);
+      when(mockConnection.get()).thenReturn(mockDoc);
+      when(mockDoc.head()).thenReturn(mockElement);
+      when(mockElement.select(anyString())).thenReturn(mockElements);
+      when(mockElements.first()).thenReturn(null);
+      jsoupMock.when(() -> Jsoup.connect(anyString())).thenReturn(mockConnection);
+
+      service.init();
+
+      List<Oauth2Source> oauth2Sources = service.oauth2Sources();
+
+      assertFalse(oauth2Sources.isEmpty());
+      var oauth2Source = oauth2Sources.getFirst();
+      assertEquals(provider.getClientName(), oauth2Source.provider());
+      assertNull(oauth2Source.iconUrl());
+      assertEquals("oauth2/authorization/" + provider.getRegistrationId(),
+          oauth2Source.authEndpoint());
+
+
+    }
+  }
+
+  @Test
+  void testReturnsOauth2SourcesWithoutIconUrl_WhenNotConnectedAtWebsite() throws IOException {
+    try (MockedStatic<Jsoup> jsoupMock = mockStatic(Jsoup.class)) {
+      Connection mockConnection = mock(Connection.class);
+      when(mockConnection.userAgent(anyString())).thenReturn(mockConnection);
+      when(mockConnection.get()).thenThrow(IOException.class);
+
+      jsoupMock.when(() -> Jsoup.connect(anyString())).thenReturn(mockConnection);
+
+      service.init();
+
+      List<Oauth2Source> oauth2Sources = service.oauth2Sources();
+
+      assertFalse(oauth2Sources.isEmpty());
+      var oauth2Source = oauth2Sources.getFirst();
+      assertEquals(provider.getClientName(), oauth2Source.provider());
+      assertNull(oauth2Source.iconUrl());
+      assertEquals("oauth2/authorization/" + provider.getRegistrationId(),
+          oauth2Source.authEndpoint());
+
+    }
+  }
+
+  @Test
+  void testReturnsOauth2SourcesWithoutUntrustedTokenUri() {
+    provider = ClientRegistration.withRegistrationId("test").clientName("Test Provider")
+        .authorizationUri("https://www.example-auth.com")
+        .authorizationGrantType(AuthorizationGrantType.JWT_BEARER)
+        .tokenUri("http://www.example.com").build();
+    var providersWithoutSSL = new InMemoryClientRegistrationRepository(List.of(provider));
+    service.setOauth2Providers(providersWithoutSSL);
+    service.init();
+    assertTrue(service.oauth2Sources().isEmpty());
+
+  }
+}
