Search in sources :

Example 11 with AccessToken

use of com.pratilipi.data.type.AccessToken in project pratilipi by Pratilipi.

the class AccessTokenFilter method doFilter.

@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
    DataAccessor dataAccessor = DataAccessorFactory.getDataAccessor();
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) resp;
    String requestUri = request.getRequestURI();
    String userAgent = request.getHeader("user-agent");
    String accessTokenId = request.getParameter(RequestParameter.ACCESS_TOKEN.getName());
    accessTokenId = accessTokenId == null ? null : accessTokenId.trim();
    AccessToken accessToken;
    if (requestUri.equals("/remote_api") || (userAgent != null && userAgent.equals("Amazon CloudFront"))) {
        accessToken = null;
    } else if (autoGenerate) {
        // Used by gamma, default & api modules.
        String accessTokenCookie = getCookieValue(RequestCookie.ACCESS_TOKEN.getName(), request);
        if ((accessTokenId == null || accessTokenId.isEmpty()) && (accessTokenCookie == null || accessTokenCookie.isEmpty())) {
            accessToken = AccessTokenDataUtil.newUserAccessToken(request);
        } else {
            accessToken = accessTokenId != null && !accessTokenId.isEmpty() ? dataAccessor.getAccessToken(accessTokenId) : dataAccessor.getAccessToken(accessTokenCookie);
            if (accessToken == null || accessToken.isExpired()) {
                accessToken = AccessTokenDataUtil.newUserAccessToken(request);
            } else if (accessToken.getExpiry().getTime() < new Date().getTime() + AccessTokenDataUtil.MIN_EXPIRY_MILLIS) {
                accessToken.setExpiry(new Date(new Date().getTime() + AccessTokenDataUtil.MAX_EXPIRY_MILLIS));
                accessToken = dataAccessor.createOrUpdateAccessToken(accessToken);
            }
        }
        if (!accessToken.getId().equals(accessTokenCookie)) {
            accessTokenId = accessToken.getId();
            setCookieValue(RequestCookie.ACCESS_TOKEN.getName(), accessTokenId, 30, response);
        }
    } else if (isWorker) {
        // Used by worker module.
        accessTokenId = dataAccessor.getAppProperty(AppProperty.WORKER_ACCESS_TOKEN_ID).getValue();
        accessToken = dataAccessor.getAccessToken(accessTokenId);
    } else if (requestUri.equals("/user/accesstoken")) {
        // Used by gamma-android & android module.
        accessToken = AccessTokenDataUtil.newUserAccessToken(request);
        dispatchResponse(response, new UserAccessTokenApi.Response(accessToken.getId(), accessToken.getExpiry()));
        return;
    } else {
        // TODO: Consider only header. Ignore accessToken from request param.
        if (accessTokenId == null || accessTokenId.isEmpty()) {
            accessTokenId = request.getHeader(RequestHeader.ACCESS_TOKEN.getName());
            accessTokenId = accessTokenId == null ? null : accessTokenId.trim();
        }
        if (accessTokenId == null || accessTokenId.isEmpty()) {
            dispatchResponse(response, new InvalidArgumentException("Access Token is missing."));
            return;
        } else if ((accessToken = dataAccessor.getAccessToken(accessTokenId)) == null) {
            dispatchResponse(response, new InvalidArgumentException("Access Token is invalid."));
            return;
        } else if (accessToken.isExpired()) {
            dispatchResponse(response, new InsufficientAccessException("Access Token is expired."));
            return;
        } else if (accessToken.getExpiry().getTime() < new Date().getTime() + AccessTokenDataUtil.MIN_EXPIRY_MILLIS) {
            accessToken.setExpiry(new Date(new Date().getTime() + AccessTokenDataUtil.MAX_EXPIRY_MILLIS));
            accessToken = dataAccessor.createOrUpdateAccessToken(accessToken);
        }
    }
    threadLocalAccessToken.set(accessToken);
    chain.doFilter(request, response);
    threadLocalAccessToken.remove();
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) ServletResponse(javax.servlet.ServletResponse) InvalidArgumentException(com.pratilipi.common.exception.InvalidArgumentException) DataAccessor(com.pratilipi.data.DataAccessor) AccessToken(com.pratilipi.data.type.AccessToken) HttpServletResponse(javax.servlet.http.HttpServletResponse) InsufficientAccessException(com.pratilipi.common.exception.InsufficientAccessException) Date(java.util.Date)

Example 12 with AccessToken

use of com.pratilipi.data.type.AccessToken in project pratilipi by Pratilipi.

the class UserDataUtil method getCurrentUser.

public static UserData getCurrentUser() {
    AccessToken accessToken = AccessTokenFilter.getAccessToken();
    Long userId = accessToken.getUserId();
    if (userId.equals(0L) || accessToken.isExpired()) {
        UserData userData = new UserData(0L);
        userData.setAuthor(new AuthorData());
        userData.setFirstName("Guest");
        userData.setLastName("User");
        userData.setState(UserState.GUEST);
        return userData;
    } else {
        return createUserData(DataAccessorFactory.getDataAccessor().getUser(accessToken.getUserId()));
    }
}
Also used : UserData(com.pratilipi.data.client.UserData) AccessToken(com.pratilipi.data.type.AccessToken) AuthorData(com.pratilipi.data.client.AuthorData)

Example 13 with AccessToken

use of com.pratilipi.data.type.AccessToken in project pratilipi by Pratilipi.

the class PratilipiDataUtil method hasAccessToReadPratilipiContent.

public static boolean hasAccessToReadPratilipiContent(Pratilipi pratilipi) {
    // Case 1: Any user can read PUBLISHED content.
    if (pratilipi.getState() == PratilipiState.PUBLISHED)
        return true;
    // Case 2: Nobody can read DELETED content.
    if (pratilipi.getState() == PratilipiState.DELETED)
        return false;
    // Case 3: User with PRATILIPI_READ_CONTENT access can read any content in any state.
    AccessToken accessToken = AccessTokenFilter.getAccessToken();
    if (UserAccessUtil.hasUserAccess(accessToken.getUserId(), pratilipi.getLanguage(), AccessType.PRATILIPI_READ_CONTENT))
        return true;
    // Case 4: User can read content, in any state, linked with his/her own Author profile.
    DataAccessor dataAccessor = DataAccessorFactory.getDataAccessor();
    Author author = dataAccessor.getAuthor(pratilipi.getAuthorId());
    if (author != null && accessToken.getUserId().equals(author.getUserId()))
        return true;
    return false;
}
Also used : AccessToken(com.pratilipi.data.type.AccessToken) DataAccessor(com.pratilipi.data.DataAccessor) Author(com.pratilipi.data.type.Author)

Example 14 with AccessToken

use of com.pratilipi.data.type.AccessToken in project pratilipi by Pratilipi.

the class PratilipiDataUtil method hasAccessToAddPratilipiData.

public static boolean hasAccessToAddPratilipiData(PratilipiData pratilipiData) {
    Author author = pratilipiData.getAuthorId() == null ? null : DataAccessorFactory.getDataAccessor().getAuthor(pratilipiData.getAuthorId());
    // Case 1: Content pieces can be added against ACTIVE Author profiles only.
    if (author != null && author.getState() != AuthorState.ACTIVE)
        return false;
    // Case 2: User with PRATILIPI_ADD access can add Pratilipi against any Author profile.
    AccessToken accessToken = AccessTokenFilter.getAccessToken();
    if (UserAccessUtil.hasUserAccess(accessToken.getUserId(), pratilipiData.getLanguage(), AccessType.PRATILIPI_ADD))
        return true;
    // Case 3: User can add Pratilipi against his/her own Author profile.
    if (author != null && accessToken.getUserId().equals(author.getUserId()))
        return true;
    return false;
}
Also used : AccessToken(com.pratilipi.data.type.AccessToken) Author(com.pratilipi.data.type.Author)

Example 15 with AccessToken

use of com.pratilipi.data.type.AccessToken in project pratilipi by Pratilipi.

the class PratilipiDataUtil method hasAccessToReadPratilipiMetaData.

public static boolean hasAccessToReadPratilipiMetaData(Pratilipi pratilipi) {
    AccessToken accessToken = AccessTokenFilter.getAccessToken();
    if (UserAccessUtil.hasUserAccess(accessToken.getUserId(), pratilipi.getLanguage(), AccessType.PRATILIPI_READ_META))
        return true;
    Author author = pratilipi.getAuthorId() == null ? null : DataAccessorFactory.getDataAccessor().getAuthor(pratilipi.getAuthorId());
    if (author != null && author.getUserId() != null && author.getUserId().equals(accessToken.getUserId()))
        return true;
    return false;
}
Also used : AccessToken(com.pratilipi.data.type.AccessToken) Author(com.pratilipi.data.type.Author)

Aggregations

AccessToken (com.pratilipi.data.type.AccessToken)17 DataAccessor (com.pratilipi.data.DataAccessor)8 Author (com.pratilipi.data.type.Author)8 InsufficientAccessException (com.pratilipi.common.exception.InsufficientAccessException)5 Date (java.util.Date)5 UserAuthor (com.pratilipi.data.type.UserAuthor)3 UserPratilipi (com.pratilipi.data.type.UserPratilipi)3 Post (com.pratilipi.api.annotation.Post)2 GenericResponse (com.pratilipi.api.shared.GenericResponse)2 AuditLog (com.pratilipi.data.type.AuditLog)2 Pratilipi (com.pratilipi.data.type.Pratilipi)2 AccessTokenEntity (com.pratilipi.data.type.gae.AccessTokenEntity)2 Gson (com.google.gson.Gson)1 InvalidArgumentException (com.pratilipi.common.exception.InvalidArgumentException)1 AuthorData (com.pratilipi.data.client.AuthorData)1 PratilipiData (com.pratilipi.data.client.PratilipiData)1 TagData (com.pratilipi.data.client.TagData)1 UserData (com.pratilipi.data.client.UserData)1 Comment (com.pratilipi.data.type.Comment)1 Vote (com.pratilipi.data.type.Vote)1