From 76a4408d381086b8044127ed80ba312672458c2a Mon Sep 17 00:00:00 2001
From: Swordsteel <swordsteel@gmail.com>
Date: Tue, 5 Aug 2025 11:31:11 +0200
Subject: [PATCH] update RemoteAuthenticationManager

- authenticate add default event on success and error
- processToken nicer catch
- makeSimpleGrantedAuthorities to add ROLE_ to role in
---
 .../manager/RemoteAuthenticationManager.kt    | 22 ++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/src/main/kotlin/ltd/hlaeja/security/manager/RemoteAuthenticationManager.kt b/src/main/kotlin/ltd/hlaeja/security/manager/RemoteAuthenticationManager.kt
index 67512d9..9d30c02 100644
--- a/src/main/kotlin/ltd/hlaeja/security/manager/RemoteAuthenticationManager.kt
+++ b/src/main/kotlin/ltd/hlaeja/security/manager/RemoteAuthenticationManager.kt
@@ -10,9 +10,13 @@ import ltd.hlaeja.security.user.RemoteAuthentication
 import ltd.hlaeja.security.user.RemoteUserDetail
 import ltd.hlaeja.service.AccountRegistryService
 import ltd.hlaeja.util.toAuthenticationRequest
+import org.springframework.context.ApplicationEventPublisher
 import org.springframework.security.authentication.AuthenticationServiceException
 import org.springframework.security.authentication.ReactiveAuthenticationManager
+import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent
+import org.springframework.security.authentication.event.AuthenticationSuccessEvent
 import org.springframework.security.core.Authentication
+import org.springframework.security.core.AuthenticationException
 import org.springframework.security.core.authority.SimpleGrantedAuthority
 import org.springframework.stereotype.Component
 import reactor.core.publisher.Mono
@@ -23,22 +27,30 @@ private val log = KotlinLogging.logger {}
 class RemoteAuthenticationManager(
     private val accountRegistryService: AccountRegistryService,
     private val publicJwtService: PublicJwtService,
+    private val publisher: ApplicationEventPublisher,
 ) : ReactiveAuthenticationManager {
 
     override fun authenticate(
         authentication: Authentication,
     ): Mono<Authentication> = accountRegistryService.authenticate(authentication.toAuthenticationRequest())
         .map(::processToken)
+        .doOnNext { publisher.publishEvent(AuthenticationSuccessEvent(it))  }
+        .doOnError { ex ->
+            if (ex is AuthenticationException) {
+                publisher.publishEvent(AuthenticationFailureBadCredentialsEvent(authentication, ex))
+            }
+        }
 
     private fun processToken(
         response: ltd.hlaeja.library.accountRegistry.Authentication.Response,
     ): Authentication = try {
         publicJwtService.verify(response.token) { claims -> makeRemoteAuthentication(claims) }
     } catch (e: JwtException) {
-        "An error occurred while processing token: ${e.message}".let {
-            log.error(e) { it }
-            throw AuthenticationServiceException(it, e)
-        }
+        throw "An error occurred while processing token: ${e.message}"
+            .let {
+                log.error(e) { it }
+                AuthenticationServiceException(it, e)
+            }
     }
 
     private fun makeRemoteAuthentication(
@@ -53,7 +65,7 @@ class RemoteAuthenticationManager(
         claims: Jws<Claims>,
     ): MutableList<SimpleGrantedAuthority> = (claims.payload["role"] as String)
         .split(",")
-        .map { SimpleGrantedAuthority(it) }
+        .map { SimpleGrantedAuthority("ROLE_$it") }
         .toMutableList()
 
     private fun makeRemoteUserDetail(