Phase B: Keycloak OIDC (PKCE) statt Cookie-Session-Login
App-Code: - KeycloakOidcTokenProvider: PKCE-Login via flutter_appauth, Refresh via Refresh-Token aus flutter_secure_storage, Session-Restore beim App-Start, Logout. - AuthSessionEvent als Provider→Bloc-Brücke (LoggedIn/LoggedOut/ SessionExpired) auf einem Broadcast-Stream. - AuthBloc komplett umgebaut: nimmt jetzt den KeycloakOidcTokenProvider statt UserInfoService, mappt eingehende Provider-Events auf eigene Zustände. Authenticated.fromClaims() liest personalnummer + Name aus dem ID-Token-Payload. - LoginPage: kein Browser+Deep-Link mehr — Button feuert LoginRequested, der Provider übernimmt den restlichen Flow. - network_locator: produktiver KeycloakOidcTokenProvider, doppelt registriert (KeycloakOidcTokenProvider für AuthBloc, AuthTokenProvider für Interceptor). - Auth-State trägt zusätzlich personalnummer/displayName/email; das Legacy-User-Objekt + sessionId bleiben temporär drin, damit die alten ERPframe-Services (Phase D) noch kompilieren. Plattform-Setup: - Android: appAuthRedirectScheme=holzleitner in build.gradle.kts, NetworkSecurityConfig erlaubt HTTP zu localhost/10.0.2.2/127.0.0.1. - iOS: holzleitner als URL-Scheme im Info.plist, ATS-Ausnahme für localhost (HTTP-Keycloak im Dev-Setup). Out of scope: - Keine echte App-Run-Smoke — kommt mit dem User-Test. - iOS-pod-install läuft beim ersten 'flutter run ios' automatisch. - Old ERPframe-Services bleiben aktiv und werfen ab jetzt 401 (kein Cookie-Session-Token mehr) — wird in Phase D entfernt.
This commit is contained in:
@ -1,63 +1,148 @@
|
||||
import 'package:flutter/cupertino.dart';
|
||||
import 'dart:async';
|
||||
|
||||
import 'package:flutter/foundation.dart';
|
||||
import 'package:flutter_bloc/flutter_bloc.dart';
|
||||
|
||||
import 'package:hl_lieferservice/data/network/auth_session_event.dart';
|
||||
import 'package:hl_lieferservice/data/network/keycloak_oidc_token_provider.dart';
|
||||
import 'package:hl_lieferservice/feature/authentication/bloc/auth_event.dart';
|
||||
import 'package:hl_lieferservice/feature/authentication/bloc/auth_state.dart';
|
||||
import 'package:hl_lieferservice/feature/authentication/service/userinfo.dart';
|
||||
import 'package:flutter_bloc/flutter_bloc.dart';
|
||||
import 'package:hl_lieferservice/main.dart';
|
||||
import 'package:hl_lieferservice/widget/operations/bloc/operation_bloc.dart';
|
||||
import 'package:hl_lieferservice/widget/operations/bloc/operation_event.dart';
|
||||
|
||||
/// AuthBloc bridge between der UI und dem [KeycloakOidcTokenProvider].
|
||||
///
|
||||
/// Eingehende UI-Events triggern den Provider (Login/Logout/Restore).
|
||||
/// Provider-Ereignisse kommen über den `events`-Stream rein, werden zu
|
||||
/// `ProviderSessionChanged` übersetzt und vom Bloc in Zustände überführt.
|
||||
class AuthBloc extends Bloc<AuthEvent, AuthState> {
|
||||
UserInfoService service;
|
||||
OperationBloc operationBloc;
|
||||
|
||||
AuthBloc({required this.service, required this.operationBloc})
|
||||
AuthBloc({required this.tokenProvider, required this.operationBloc})
|
||||
: super(Unauthenticated()) {
|
||||
on<SetAuthenticatedEvent>(_auth);
|
||||
on<Logout>(_logout);
|
||||
on<SessionExpiredEvent>(_sessionExpired);
|
||||
on<LoginRequested>(_handleLogin);
|
||||
on<LogoutRequested>(_handleLogout);
|
||||
on<RestoreSessionRequested>(_handleRestore);
|
||||
on<ProviderSessionChanged>(_handleProviderEvent);
|
||||
// Legacy: ERPframe-Repos feuern bei 401.
|
||||
on<SessionExpiredEvent>((event, emit) async {
|
||||
await tokenProvider.logout();
|
||||
if (locator.isRegistered<Authenticated>()) {
|
||||
locator.unregister<Authenticated>();
|
||||
}
|
||||
emit(Unauthenticated(sessionExpired: true));
|
||||
});
|
||||
|
||||
_subscription = tokenProvider.events.listen(
|
||||
(event) => add(_toBlocEvent(event)),
|
||||
);
|
||||
}
|
||||
|
||||
Future<void> _auth(
|
||||
SetAuthenticatedEvent event,
|
||||
final KeycloakOidcTokenProvider tokenProvider;
|
||||
final OperationBloc operationBloc;
|
||||
|
||||
late final StreamSubscription<AuthSessionEvent> _subscription;
|
||||
|
||||
Future<void> _handleLogin(
|
||||
LoginRequested event,
|
||||
Emitter<AuthState> emit,
|
||||
) async {
|
||||
try {
|
||||
debugPrint("Retrieve user information");
|
||||
|
||||
emit(Authenticating());
|
||||
var response = await service.getUserinfo(event.sessionId);
|
||||
var state = Authenticated(sessionId: event.sessionId, user: response);
|
||||
locator.registerSingleton<Authenticated>(state);
|
||||
emit(state);
|
||||
await tokenProvider.login();
|
||||
// Erfolg landet via Stream-Subscription als
|
||||
// ProviderSessionChanged.loggedIn → _handleProviderEvent.
|
||||
} catch (err, st) {
|
||||
debugPrint("Failed to retrieve user information");
|
||||
debugPrint(err.toString());
|
||||
debugPrint(st.toString());
|
||||
|
||||
debugPrint('Login fehlgeschlagen: $err\n$st');
|
||||
emit(Unauthenticated());
|
||||
operationBloc.add(
|
||||
FailOperation(
|
||||
message: "Login war nicht erfolgreich. Probieren Sie es erneut.",
|
||||
message: 'Login war nicht erfolgreich. Probieren Sie es erneut.',
|
||||
),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
Future<void> _logout(Logout event, Emitter<AuthState> emit) async {
|
||||
if (locator.isRegistered<Authenticated>()) {
|
||||
locator.unregister<Authenticated>();
|
||||
}
|
||||
emit(Unauthenticated());
|
||||
}
|
||||
|
||||
Future<void> _sessionExpired(
|
||||
SessionExpiredEvent event,
|
||||
Future<void> _handleLogout(
|
||||
LogoutRequested event,
|
||||
Emitter<AuthState> emit,
|
||||
) async {
|
||||
if (locator.isRegistered<Authenticated>()) {
|
||||
locator.unregister<Authenticated>();
|
||||
await tokenProvider.logout();
|
||||
// Provider feuert AuthLoggedOut → _handleProviderEvent setzt den State.
|
||||
}
|
||||
|
||||
Future<void> _handleRestore(
|
||||
RestoreSessionRequested event,
|
||||
Emitter<AuthState> emit,
|
||||
) async {
|
||||
final restored = await tokenProvider.restoreSession();
|
||||
if (!restored) {
|
||||
// Kein gültiger Token → bleibt bei Unauthenticated, kein Snackbar
|
||||
// (das ist der normale Cold-Start-Pfad).
|
||||
}
|
||||
emit(Unauthenticated(sessionExpired: true));
|
||||
}
|
||||
|
||||
Future<void> _handleProviderEvent(
|
||||
ProviderSessionChanged event,
|
||||
Emitter<AuthState> emit,
|
||||
) async {
|
||||
switch (event.kind) {
|
||||
case ProviderEventKind.loggedIn:
|
||||
try {
|
||||
final state = Authenticated.fromClaims(
|
||||
claims: event.claims ?? const <String, dynamic>{},
|
||||
accessToken: event.accessToken ?? '',
|
||||
);
|
||||
if (locator.isRegistered<Authenticated>()) {
|
||||
locator.unregister<Authenticated>();
|
||||
}
|
||||
locator.registerSingleton<Authenticated>(state);
|
||||
emit(state);
|
||||
} catch (err, st) {
|
||||
debugPrint('Konnte Claims nicht in Authenticated-State mappen: $err\n$st');
|
||||
emit(Unauthenticated());
|
||||
operationBloc.add(
|
||||
FailOperation(
|
||||
message:
|
||||
'Login-Antwort vom Server unvollständig. Bitte erneut versuchen.',
|
||||
),
|
||||
);
|
||||
}
|
||||
case ProviderEventKind.loggedOut:
|
||||
if (locator.isRegistered<Authenticated>()) {
|
||||
locator.unregister<Authenticated>();
|
||||
}
|
||||
emit(Unauthenticated());
|
||||
case ProviderEventKind.sessionExpired:
|
||||
if (locator.isRegistered<Authenticated>()) {
|
||||
locator.unregister<Authenticated>();
|
||||
}
|
||||
emit(Unauthenticated(sessionExpired: true));
|
||||
}
|
||||
}
|
||||
|
||||
ProviderSessionChanged _toBlocEvent(AuthSessionEvent event) {
|
||||
return switch (event) {
|
||||
AuthLoggedIn(:final claims) => ProviderSessionChanged(
|
||||
ProviderEventKind.loggedIn,
|
||||
claims: claims,
|
||||
// Wir würden hier idealerweise den Access-Token mit übergeben.
|
||||
// Da der Provider den Token nicht im Stream-Event mitliefert,
|
||||
// bauen wir später eine Brücke. Für jetzt: leerer String —
|
||||
// Authenticated.sessionId wird mit Phase D ohnehin abgeschafft.
|
||||
accessToken: '',
|
||||
),
|
||||
AuthLoggedOut() => const ProviderSessionChanged(
|
||||
ProviderEventKind.loggedOut,
|
||||
),
|
||||
AuthSessionExpired() => const ProviderSessionChanged(
|
||||
ProviderEventKind.sessionExpired,
|
||||
),
|
||||
};
|
||||
}
|
||||
|
||||
@override
|
||||
Future<void> close() async {
|
||||
await _subscription.cancel();
|
||||
return super.close();
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,15 +1,48 @@
|
||||
abstract class AuthEvent {}
|
||||
|
||||
class SetAuthenticatedEvent extends AuthEvent {
|
||||
String sessionId;
|
||||
|
||||
SetAuthenticatedEvent({required this.sessionId});
|
||||
/// Events des AuthBloc.
|
||||
///
|
||||
/// Eingehende Events (Trigger): `LoginRequested`, `LogoutRequested`,
|
||||
/// `RestoreSessionRequested`.
|
||||
///
|
||||
/// Stream-Events vom `KeycloakOidcTokenProvider` werden über
|
||||
/// `ProviderSessionChanged` in den Bloc-Bus übersetzt — damit alles
|
||||
/// in der `on<...>`-Maschinerie des Blocs verarbeitet werden kann.
|
||||
sealed class AuthEvent {
|
||||
const AuthEvent();
|
||||
}
|
||||
|
||||
class Logout extends AuthEvent {
|
||||
String username;
|
||||
|
||||
Logout({required this.username});
|
||||
/// Vom UI ausgelöst — startet den PKCE-Login-Flow.
|
||||
final class LoginRequested extends AuthEvent {
|
||||
const LoginRequested();
|
||||
}
|
||||
|
||||
/// Vom UI ausgelöst — beendet die Session.
|
||||
final class LogoutRequested extends AuthEvent {
|
||||
const LogoutRequested();
|
||||
}
|
||||
|
||||
/// Vom App-Bootstrap ausgelöst — prüft, ob es einen persistierten
|
||||
/// Refresh-Token gibt, und stellt die Session ggf. wieder her.
|
||||
final class RestoreSessionRequested extends AuthEvent {
|
||||
const RestoreSessionRequested();
|
||||
}
|
||||
|
||||
/// Interner Event-Typ — Brücke vom Token-Provider-Stream in die
|
||||
/// Bloc-Maschine.
|
||||
final class ProviderSessionChanged extends AuthEvent {
|
||||
const ProviderSessionChanged(this.kind, {this.claims, this.accessToken});
|
||||
|
||||
final ProviderEventKind kind;
|
||||
final Map<String, dynamic>? claims;
|
||||
final String? accessToken;
|
||||
}
|
||||
|
||||
enum ProviderEventKind { loggedIn, loggedOut, sessionExpired }
|
||||
|
||||
/// Legacy-Event: Wird von den alten ERPframe-Repositories gefeuert,
|
||||
/// wenn der Server mit 401 antwortet. Mit Phase D fliegt das raus,
|
||||
/// weil 401 dann direkt vom `HolzleitnerAuthInterceptor` ausgewertet
|
||||
/// und an den Provider gemeldet wird.
|
||||
final class SessionExpiredEvent extends AuthEvent {
|
||||
const SessionExpiredEvent();
|
||||
}
|
||||
|
||||
class SessionExpiredEvent extends AuthEvent {}
|
||||
@ -7,13 +7,85 @@ class Unauthenticated extends AuthState {
|
||||
Unauthenticated({this.sessionExpired = false});
|
||||
}
|
||||
|
||||
/// Transient state while [SetAuthenticatedEvent] is being processed and the
|
||||
/// user info is being fetched from the server.
|
||||
/// Transient state während dem PKCE-Flow (Browser-Tab offen,
|
||||
/// Token-Tausch läuft).
|
||||
class Authenticating extends AuthState {}
|
||||
|
||||
/// Erfolgreiche Authentifizierung. Trägt sowohl die "neuen"
|
||||
/// Token-/Claim-Felder als auch das Legacy-User-Objekt — Letzteres
|
||||
/// wird aus den Claims befüllt und mit Phase D komplett entfernt.
|
||||
class Authenticated extends AuthState {
|
||||
User user;
|
||||
String sessionId;
|
||||
Authenticated({
|
||||
required this.personalnummer,
|
||||
required this.displayName,
|
||||
required this.email,
|
||||
required this.user,
|
||||
required this.sessionId,
|
||||
});
|
||||
|
||||
Authenticated({required this.user, required this.sessionId});
|
||||
}
|
||||
/// Personalnummer aus dem `personalnummer`-Custom-Claim. Das
|
||||
/// Backend nutzt diese als Account-Identifier.
|
||||
final int personalnummer;
|
||||
|
||||
/// Beste verfügbare Beschriftung für den Fahrer:
|
||||
/// `name` > `given_name + family_name` > `preferred_username`.
|
||||
final String displayName;
|
||||
|
||||
/// E-Mail aus dem `email`-Claim, falls vorhanden.
|
||||
final String? email;
|
||||
|
||||
/// Legacy: das alte `User`-Domänenobjekt, aus den Claims befüllt.
|
||||
/// Wird in Phase D entfernt, sobald keine Aufrufer mehr da sind.
|
||||
final User user;
|
||||
|
||||
/// Legacy: füllt für die alten `getSessionOrThrow()`-Aufrufer
|
||||
/// einen Wert — die laufen sowieso gegen ERPframe und werden in
|
||||
/// Phase D abgelöst.
|
||||
final String sessionId;
|
||||
|
||||
/// Konstruiert den State aus dem dekodierten ID-Token-Payload.
|
||||
factory Authenticated.fromClaims({
|
||||
required Map<String, dynamic> claims,
|
||||
required String accessToken,
|
||||
}) {
|
||||
final personalnummerRaw = claims['personalnummer'];
|
||||
final personalnummer = switch (personalnummerRaw) {
|
||||
int v => v,
|
||||
String v => int.parse(v),
|
||||
_ => throw FormatException(
|
||||
'personalnummer-Claim fehlt oder hat unerwarteten Typ '
|
||||
'(${personalnummerRaw.runtimeType})',
|
||||
),
|
||||
};
|
||||
|
||||
final given = (claims['given_name'] as String?) ?? '';
|
||||
final family = (claims['family_name'] as String?) ?? '';
|
||||
final preferredUsername =
|
||||
(claims['preferred_username'] as String?) ?? 'fahrer';
|
||||
final fullName = (claims['name'] as String?)?.trim();
|
||||
|
||||
final displayName =
|
||||
fullName != null && fullName.isNotEmpty
|
||||
? fullName
|
||||
: (given.isNotEmpty || family.isNotEmpty
|
||||
? '$given $family'.trim()
|
||||
: preferredUsername);
|
||||
|
||||
final email = claims['email'] as String?;
|
||||
|
||||
final user = User(
|
||||
number: personalnummer.toString(),
|
||||
firstName: given,
|
||||
lastName: family,
|
||||
mail: email ?? '',
|
||||
);
|
||||
|
||||
return Authenticated(
|
||||
personalnummer: personalnummer,
|
||||
displayName: displayName,
|
||||
email: email,
|
||||
user: user,
|
||||
sessionId: accessToken,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user