package auth;
import auth.models.Token;
import auth.models.User;
import com.avaje.ebean.Ebean;
public class OAuth2PasswordAuthenticator extends Authenticator {
private final PasswordHasher hasher;
public OAuth2PasswordAuthenticator() {
hasher = new PasswordHasher();
}
@Override
public Token authenticate(Authentication anAuthentication) {
if (GrantType.PASSWORD != anAuthentication.getGrantType()) {
return null;
}
OAuth2PasswordAuthentication authentication = (OAuth2PasswordAuthentication) anAuthentication;
// Client client = Client.findByClientId(authentication.getClientId());
User user = User.findByUsername(authentication.getUsername());
if (user != null && user.isActive
// && client !=null
&& validPassword(authentication.getPassword(), user.passwordHash)
// && client.validClientSecret(authentication.getClientSecret())
) {
// Token token = new Token(generateValidScopesForToken(authentication.getScope(), client), client, user, GrantType.PASSWORD);
Token token = new Token(user, GrantType.PASSWORD);
Ebean.save(token);
return token;
}
else {
return null;
}
}
private boolean validPassword(String givenPassword, String userHash) {
return givenPassword != null &&
userHash != null &&
hasher.authenticate(givenPassword,new PasswordHash(userHash));
}
}