Skip to content

Commit

Permalink
#78 Add authMethod in AuthContext
Browse files Browse the repository at this point in the history
  • Loading branch information
To-om committed Feb 5, 2019
1 parent 8a6307a commit af2c9ed
Show file tree
Hide file tree
Showing 5 changed files with 22 additions and 14 deletions.
25 changes: 16 additions & 9 deletions app/org/elastic4play/controllers/Authenticated.scala
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ class AuthenticatedRequest[A](val authContext: AuthContext, request: Request[A])
def userName: String = authContext.userName
def requestId: String = Instance.getRequestId(request)
def roles: Seq[Role] = authContext.roles
def authMethod: String = authContext.authMethod
}

sealed trait ExpirationStatus
Expand Down Expand Up @@ -92,18 +93,24 @@ class Authenticated(
* Insert or update session cookie containing user name and session expiration timestamp
* Cookie is signed by Play framework (it cannot be modified by user)
*/
def setSessingUser(result: Result, authContext: AuthContext)(implicit request: RequestHeader): Result =
result.addingToSession(sessionUsername authContext.userId, "expire" (now + maxSessionInactivity.toMillis).toString)
def setSessingUser(result: Result, authContext: AuthContext)(implicit request: RequestHeader): Result = {
if (authContext.authMethod != "key")
result.addingToSession(sessionUsername authContext.userId, "expire" (now + maxSessionInactivity.toMillis).toString, "authMethod" -> authContext.authMethod)
else
result
}

/**
* Retrieve authentication information form cookie
*/
def getFromSession(request: RequestHeader): Future[AuthContext] = {
val userId = for {
val authContext = for {
userId request.session.get(sessionUsername).toRight(AuthenticationError("User session not found"))
authMethod request.session.get("authMethod").toRight(AuthenticationError("Authentication method not found in session"))
_ if (expirationStatus(request) != ExpirationError) Right(()) else Left(AuthenticationError("User session has expired"))
} yield userId
userId.fold(authError Future.failed[AuthContext](authError), id userSrv.getFromId(request, id))
ctx = userSrv.getFromId(request, userId, authMethod)
} yield ctx
authContext.fold(authError Future.failed[AuthContext](authError), identity)
}

def expirationStatus(request: RequestHeader): ExpirationStatus = {
Expand Down Expand Up @@ -199,7 +206,7 @@ class Authenticated(
.collectFirst {
case rdn if rdn.getType.toLowerCase == cf
logger.debug(s"Found user id ${rdn.getValue} in dn:$cf")
userSrv.getFromId(request, rdn.getValue.toString.toLowerCase)
userSrv.getFromId(request, rdn.getValue.toString.toLowerCase, "pki")
}
.orElse {
logger.debug(s"Field $cf not found in certificate subject")
Expand All @@ -209,7 +216,7 @@ class Authenticated(
fieldValue san.asScala.collectFirst {
case CertificateSAN(name, value) if name.toLowerCase == cf
logger.debug(s"Found user id $value in san:$cf")
userSrv.getFromId(request, value.toLowerCase)
userSrv.getFromId(request, value.toLowerCase, "pki")
}
} yield fieldValue
}
Expand All @@ -222,7 +229,7 @@ class Authenticated(
for {
header authHeaderName.fold[Future[String]](Future.failed(AuthenticationError("HTTP header is not configured")))(Future.successful)
username request.headers.get(header).fold[Future[String]](Future.failed(AuthenticationError("HTTP header is not set")))(Future.successful)
user userSrv.getFromId(request, username.toLowerCase)
user userSrv.getFromId(request, username.toLowerCase, "header")
} yield user
}

Expand Down Expand Up @@ -266,7 +273,7 @@ class Authenticated(

def parser: BodyParser[AnyContent] = defaultParser

def invokeBlock[A](request: Request[A], block: (AuthenticatedRequest[A]) Future[Result]): Future[Result] = {
def invokeBlock[A](request: Request[A], block: AuthenticatedRequest[A] Future[Result]): Future[Result] = {
getContext(request).flatMap { authContext
if (requiredRole.isEmpty || requiredRole.toSet.intersect(authContext.roles.toSet).nonEmpty)
block(new AuthenticatedRequest(authContext, request))
Expand Down
5 changes: 3 additions & 2 deletions app/org/elastic4play/services/UserSrv.scala
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,12 @@ trait AuthContext {
def userName: String
def requestId: String
def roles: Seq[Role]
def authMethod: String
}

trait UserSrv {
def getFromId(request: RequestHeader, userId: String): Future[AuthContext]
def getFromUser(request: RequestHeader, user: User): Future[AuthContext]
def getFromId(request: RequestHeader, userId: String, authMethod: String): Future[AuthContext]
def getFromUser(request: RequestHeader, user: User, authMethod: String): Future[AuthContext]
def getInitialUser(request: RequestHeader): Future[AuthContext]
def inInitAuthContext[A](block: AuthContext Future[A]): Future[A]
def get(userId: String): Future[User]
Expand Down
2 changes: 1 addition & 1 deletion app/org/elastic4play/services/auth/ADAuthSrv.scala
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ class ADAuthSrv(
override def authenticate(username: String, password: String)(implicit request: RequestHeader): Future[AuthContext] = {
(for {
_ Future.fromTry(adConnection.authenticate(username, password))
authContext userSrv.getFromId(request, username)
authContext userSrv.getFromId(request, username, name)
} yield authContext)
.recoverWith {
case t
Expand Down
2 changes: 1 addition & 1 deletion app/org/elastic4play/services/auth/LdapAuthSrv.scala
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ class LdapAuthSrv(

override def authenticate(username: String, password: String)(implicit request: RequestHeader): Future[AuthContext] = {
ldapConnection.authenticate(username, password).map { _
userSrv.getFromId(request, username)
userSrv.getFromId(request, username, name)
}
.fold[Future[AuthContext]](Future.failed, identity)
.recoverWith {
Expand Down
2 changes: 1 addition & 1 deletion version.sbt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
version := "1.7.2"
version := "1.8.0-SNAPSHOT"

0 comments on commit af2c9ed

Please sign in to comment.