Search in sources :

Example 1 with ValidateAccess

use of org.platformlayer.auth.model.ValidateAccess in project platformlayer by platformlayer.

the class KeychainResource method authorizeCertificateChain.

@POST
public ValidateTokenResponse authorizeCertificateChain(@QueryParam("project") String project, CertificateChainInfo chain) {
    try {
        requireSystemAccess();
    } catch (AuthenticatorException e) {
        log.warn("Error while checking system token", e);
        throwInternalError();
    }
    UserEntity userEntity = null;
    try {
        boolean unlock = false;
        userEntity = userAuthenticator.findUserFromKeychain(chain, unlock);
    } catch (AuthenticatorException e) {
        log.warn("Error while fetching user", e);
        throwInternalError();
    }
    if (userEntity == null) {
        throw404NotFound();
    }
    ValidateTokenResponse response = new ValidateTokenResponse();
    response.access = new ValidateAccess();
    response.access.user = Mapping.mapToUserValidation(userEntity);
    // response.access.token = new Token();
    // response.access.token.expires = checkTokenInfo.expiration;
    // response.access.token.id = checkToken;
    String checkProject = project;
    if (checkProject != null) {
        ProjectEntity projectEntity = null;
        try {
            projectEntity = userAuthenticator.findProject(checkProject);
        } catch (AuthenticatorException e) {
            log.warn("Error while fetching project", e);
            throwInternalError();
        }
        if (projectEntity == null) {
            throw404NotFound();
        }
        // Note that we do not unlock the user / project; we don't have any secret material
        // TODO: We could return stuff encrypted with the user's public key
        // projectEntity.unlockWithUser(userEntity);
        // 
        // if (!projectEntity.isSecretValid()) {
        // throw404NotFound();
        // }
        UserProjectEntity userProject = null;
        try {
            userProject = userAuthenticator.findUserProject(userEntity, projectEntity);
        } catch (AuthenticatorException e) {
            log.warn("Error while fetching project", e);
            throwInternalError();
        }
        if (userProject == null) {
            // Not a member of project
            throw404NotFound();
        }
        response.access.project = Mapping.mapToProject(projectEntity);
        response.access.project.roles = Mapping.mapToRoles(userProject.getRoles());
    }
    return response;
}
Also used : ValidateTokenResponse(org.platformlayer.auth.model.ValidateTokenResponse) ValidateAccess(org.platformlayer.auth.model.ValidateAccess) UserProjectEntity(org.platformlayer.auth.UserProjectEntity) ProjectEntity(org.platformlayer.auth.ProjectEntity) AuthenticatorException(org.platformlayer.auth.AuthenticatorException) UserProjectEntity(org.platformlayer.auth.UserProjectEntity) UserEntity(org.platformlayer.auth.UserEntity) POST(javax.ws.rs.POST)

Example 2 with ValidateAccess

use of org.platformlayer.auth.model.ValidateAccess in project platformlayer by platformlayer.

the class TokensResource method validateToken.

@GET
// @HEAD support is automatic from the @GET
@Path("{tokenId}")
public ValidateTokenResponse validateToken(@PathParam("tokenId") String checkToken, @QueryParam("project") String project) {
    try {
        requireSystemAccess();
    } catch (AuthenticatorException e) {
        log.warn("Error while checking system token", e);
        throwInternalError();
    }
    TokenInfo checkTokenInfo = tokenService.decodeToken(checkToken);
    if (checkTokenInfo == null || checkTokenInfo.hasExpired()) {
        throw404NotFound();
    }
    UserEntity userEntity = null;
    try {
        userEntity = userAuthenticator.getUserFromToken(checkTokenInfo.userId, checkTokenInfo.tokenSecret);
    } catch (AuthenticatorException e) {
        log.warn("Error while fetching user", e);
        throwInternalError();
    }
    ValidateTokenResponse response = new ValidateTokenResponse();
    response.access = new ValidateAccess();
    response.access.user = Mapping.mapToUserValidation(userEntity);
    response.access.token = new Token();
    response.access.token.expires = checkTokenInfo.expiration;
    response.access.token.id = checkToken;
    String checkProject = project;
    if (checkProject != null) {
        ProjectEntity projectEntity = null;
        try {
            projectEntity = userAuthenticator.findProject(checkProject);
        } catch (AuthenticatorException e) {
            log.warn("Error while fetching project", e);
            throwInternalError();
        }
        if (projectEntity == null) {
            throw404NotFound();
        }
        projectEntity.unlockWithUser(userEntity);
        if (!projectEntity.isSecretValid()) {
            throw404NotFound();
        }
        UserProjectEntity userProject = null;
        try {
            userProject = userAuthenticator.findUserProject(userEntity, projectEntity);
        } catch (AuthenticatorException e) {
            log.warn("Error while fetching project", e);
            throwInternalError();
        }
        if (userProject == null) {
            // Not a member of project
            throw404NotFound();
        }
        response.access.project = Mapping.mapToProject(projectEntity);
        response.access.project.roles = Mapping.mapToRoles(userProject.getRoles());
    }
    return response;
}
Also used : ValidateTokenResponse(org.platformlayer.auth.model.ValidateTokenResponse) ValidateAccess(org.platformlayer.auth.model.ValidateAccess) UserProjectEntity(org.platformlayer.auth.UserProjectEntity) ProjectEntity(org.platformlayer.auth.ProjectEntity) AuthenticatorException(org.platformlayer.auth.AuthenticatorException) Token(org.platformlayer.auth.model.Token) UserProjectEntity(org.platformlayer.auth.UserProjectEntity) TokenInfo(org.platformlayer.auth.services.TokenInfo) UserEntity(org.platformlayer.auth.UserEntity) Path(javax.ws.rs.Path) GET(javax.ws.rs.GET)

Aggregations

AuthenticatorException (org.platformlayer.auth.AuthenticatorException)2 ProjectEntity (org.platformlayer.auth.ProjectEntity)2 UserEntity (org.platformlayer.auth.UserEntity)2 UserProjectEntity (org.platformlayer.auth.UserProjectEntity)2 ValidateAccess (org.platformlayer.auth.model.ValidateAccess)2 ValidateTokenResponse (org.platformlayer.auth.model.ValidateTokenResponse)2 GET (javax.ws.rs.GET)1 POST (javax.ws.rs.POST)1 Path (javax.ws.rs.Path)1 Token (org.platformlayer.auth.model.Token)1 TokenInfo (org.platformlayer.auth.services.TokenInfo)1