package org.multibit.mbm.auth.cookie;
import com.google.common.base.Optional;
import com.yammer.dropwizard.auth.AuthenticationException;
import com.yammer.dropwizard.auth.Authenticator;
import org.multibit.mbm.auth.InMemorySessionTokenCache;
import org.multibit.mbm.client.PublicMerchantClient;
import org.multibit.mbm.model.ClientUser;
import java.util.Locale;
import java.util.UUID;
/**
* <p>Authenticator to provide the following to application:</p>
* <ul>
* <li>Verifies the provided credentials are valid</li>
* </ul>
*
* @since 0.0.1
*/
public class CookieClientAuthenticator implements Authenticator<CookieClientCredentials, ClientUser> {
@Override
public Optional<ClientUser> authenticate(CookieClientCredentials credentials) throws AuthenticationException {
// Determine if the user is known by their session key
Optional<ClientUser> user =
InMemorySessionTokenCache
.INSTANCE
.getBySessionToken(credentials.getSessionToken());
if (!user.isPresent()) {
// Check if the user can be created on the fly
if (credentials.isPublic()) {
// We can create an anonymous user for this session
Optional<ClientUser> anonymousUserOptional = PublicMerchantClient
.newInstance(Locale.getDefault())
.user()
.registerAnonymously();
if (anonymousUserOptional.isPresent()) {
ClientUser anonymousUser = anonymousUserOptional.get();
anonymousUser.setSessionToken(UUID.randomUUID());
// Keep a copy in the session cache
InMemorySessionTokenCache
.INSTANCE
.put(anonymousUser.getSessionToken(), anonymousUser);
}
return anonymousUserOptional;
}
return Optional.absent();
}
// Check that their authorities match their credentials
if (!user.get().hasAllAuthorities(credentials.getRequiredAuthorities())) {
return Optional.absent();
}
// Must be OK to be here
return user;
}
}