VerifyTokenOperation.java

/*
 * Copyright 2017 RedRoma, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package tech.aroma.authentication.service.operations;

import com.google.common.base.Strings;
import javax.inject.Inject;
import org.apache.thrift.TException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import tech.aroma.data.TokenRepository;
import tech.aroma.thrift.authentication.AuthenticationToken;
import tech.aroma.thrift.authentication.TokenStatus;
import tech.aroma.thrift.authentication.service.VerifyTokenRequest;
import tech.aroma.thrift.authentication.service.VerifyTokenResponse;
import tech.aroma.thrift.exceptions.InvalidTokenException;
import tech.aroma.thrift.exceptions.OperationFailedException;
import tech.aroma.thrift.functions.TimeFunctions;
import tech.sirwellington.alchemy.annotations.access.Internal;
import tech.sirwellington.alchemy.arguments.AlchemyAssertion;
import tech.sirwellington.alchemy.arguments.FailedAssertionException;
import tech.sirwellington.alchemy.thrift.operations.ThriftOperation;

import static tech.aroma.thrift.assertions.AromaAssertions.checkRequestNotNull;
import static tech.aroma.thrift.assertions.AromaAssertions.withMessage;
import static tech.aroma.thrift.authentication.TokenStatus.EXPIRED;
import static tech.sirwellington.alchemy.arguments.Arguments.checkThat;
import static tech.sirwellington.alchemy.arguments.assertions.Assertions.notNull;
import static tech.sirwellington.alchemy.arguments.assertions.StringAssertions.nonEmptyString;

/**
 *
 * @author SirWellington
 */
@Internal
final class VerifyTokenOperation implements ThriftOperation<VerifyTokenRequest, VerifyTokenResponse>
{

    private final static Logger LOG = LoggerFactory.getLogger(VerifyTokenOperation.class);

    private final TokenRepository repository;

    @Inject
    VerifyTokenOperation(TokenRepository repository)
    {
        checkThat(repository).is(notNull());

        this.repository = repository;
    }

    @Override
    public VerifyTokenResponse process(VerifyTokenRequest request) throws TException
    {
        LOG.debug("Received request to verify an  token: {}", request);

        checkRequestNotNull(request);

        String tokenId = request.tokenId;
        checkThat(tokenId)
            .throwing(withMessage("missing tokenId"))
            .is(nonEmptyString());
        
        AuthenticationToken token = repository.getToken(tokenId);
        
        checkThat(token)
            .throwing(InvalidTokenException.class)
            .usingMessage("Token is expired")
            .is(notExpired());

        //Update and check if the token is expired.
        if(expirationDateHasPassed(token))
        {
            saveAsExpired(token);
            throw new InvalidTokenException("Token has expired.");
        }

        if (shouldCheckAgainstOwner(request))
        {
            String ownerId = request.ownerId;
            ensureTokenAndOwnerMatch(tokenId, ownerId);
        }
        

        return new VerifyTokenResponse();

    }

    private boolean shouldCheckAgainstOwner(VerifyTokenRequest request)
    {
        return request.isSetOwnerId() && !Strings.isNullOrEmpty(request.ownerId);
    }

    private void ensureTokenAndOwnerMatch(String tokenId, String ownerId) throws OperationFailedException, InvalidTokenException
    {

        boolean tokenAndOwnerMatch = tryDetermineMatch(tokenId, ownerId);

        if (!tokenAndOwnerMatch)
        {
            throw new InvalidTokenException();
        }
    }

    private boolean tryDetermineMatch(String tokenId, String ownerId) throws OperationFailedException
    {
        boolean match;

        try
        {
            match = repository.doesTokenBelongTo(tokenId, ownerId);
        }
        catch (Exception ex)
        {
            throw new OperationFailedException("Could not read token repository: " + ex.getMessage());
        }

        return match;
    }
    
    private AlchemyAssertion<AuthenticationToken> notExpired()
    {
        return token ->
        {
            if (token.status == EXPIRED)
            {
                throw new FailedAssertionException("Token has expired");
            }
        };
    }

    private void saveAsExpired(AuthenticationToken token) throws TException
    {
        token.setStatus(TokenStatus.EXPIRED);
        
        repository.saveToken(token);
    }

    private boolean expirationDateHasPassed(AuthenticationToken token)
    {
        return TimeFunctions.isInThePast(token.timeOfExpiration);
    }



}