From cdf03f48ec5cb3da9c6d947c9d0abbbfbb937a00 Mon Sep 17 00:00:00 2001
From: Pierre Mauduit <pierre.mauduit@camptocamp.com>
Date: Tue, 5 Dec 2023 18:34:48 +0100
Subject: [PATCH] preauth - making sure the authenticated flag on the token is
 set to true

calling the constructor with 3 args, which sets the flag to true.
This fixes issues with targets requiring that the user logged in but
with no specific roles.

tests: adding an IT
---
 .../preauth/PreauthAuthenticationManager.java        |  2 +-
 .../HeaderPreAuthenticationConfigurationIT.java      | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/gateway/src/main/java/org/georchestra/gateway/security/preauth/PreauthAuthenticationManager.java b/gateway/src/main/java/org/georchestra/gateway/security/preauth/PreauthAuthenticationManager.java
index be4f706f..5ab7043f 100644
--- a/gateway/src/main/java/org/georchestra/gateway/security/preauth/PreauthAuthenticationManager.java
+++ b/gateway/src/main/java/org/georchestra/gateway/security/preauth/PreauthAuthenticationManager.java
@@ -59,7 +59,7 @@ public Mono<Authentication> convert(ServerWebExchange exchange) {
                 throw new IllegalStateException("Pre-authenticated user headers not provided");
             }
             PreAuthenticatedAuthenticationToken authentication = new PreAuthenticatedAuthenticationToken(username,
-                    credentials);
+                    credentials, List.of());
             return Mono.just(authentication);
         }
         return Mono.empty();
diff --git a/gateway/src/test/java/org/georchestra/gateway/security/preauth/HeaderPreAuthenticationConfigurationIT.java b/gateway/src/test/java/org/georchestra/gateway/security/preauth/HeaderPreAuthenticationConfigurationIT.java
index 79790fba..ac6cdf7f 100644
--- a/gateway/src/test/java/org/georchestra/gateway/security/preauth/HeaderPreAuthenticationConfigurationIT.java
+++ b/gateway/src/test/java/org/georchestra/gateway/security/preauth/HeaderPreAuthenticationConfigurationIT.java
@@ -54,4 +54,16 @@ private WebTestClient.RequestHeadersUriSpec<?> prepareWebTestClientHeaders(
                 .isNotEmpty();
     }
 
+    public @Test void test_preauthenticatedHeadersAccess_isAuthenticated() {
+        assertNotNull(context.getBean(PreauthGatewaySecurityCustomizer.class));
+        assertNotNull(context.getBean(PreauthenticatedUserMapperExtension.class));
+
+        ResponseSpec exchange = prepareWebTestClientHeaders(testClient.get(), ADMIN_HEADERS).uri("/whoami").exchange();
+        BodyContentSpec body = exchange.expectStatus().is2xxSuccessful().expectBody();
+        body.jsonPath("$.['GeorchestraUser']").isNotEmpty();
+        body.jsonPath(
+                "$.['org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken'].authenticated")
+                .isEqualTo(true);
+    }
+
 }