VerifyTokenOperation.java

/*
 * Copyright 2015 Aroma Tech.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package tech.aroma.banana.authentication.service.operations;

import com.google.common.base.Strings;
import javax.inject.Inject;
import org.apache.thrift.TException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import tech.aroma.banana.authentication.service.data.TokenRepository;
import tech.aroma.banana.thrift.authentication.service.VerifyTokenRequest;
import tech.aroma.banana.thrift.authentication.service.VerifyTokenResponse;
import tech.aroma.banana.thrift.exceptions.InvalidTokenException;
import tech.aroma.banana.thrift.exceptions.OperationFailedException;
import tech.sirwellington.alchemy.annotations.access.Internal;
import tech.sirwellington.alchemy.thrift.operations.ThriftOperation;

import static tech.aroma.banana.authentication.service.AuthenticationAssertions.checkRequestNotNull;
import static tech.aroma.banana.authentication.service.AuthenticationAssertions.tokenInRepository;
import static tech.aroma.banana.authentication.service.AuthenticationAssertions.withMessage;
import static tech.sirwellington.alchemy.arguments.Arguments.checkThat;
import static tech.sirwellington.alchemy.arguments.assertions.Assertions.notNull;
import static tech.sirwellington.alchemy.arguments.assertions.StringAssertions.nonEmptyString;

/**
 *
 * @author SirWellington
 */
@Internal
final class VerifyTokenOperation implements ThriftOperation<VerifyTokenRequest, VerifyTokenResponse>
{

    private final static Logger LOG = LoggerFactory.getLogger(VerifyTokenOperation.class);

    private final TokenRepository repository;

    @Inject
    VerifyTokenOperation(TokenRepository repository)
    {
        checkThat(repository).is(notNull());

        this.repository = repository;
    }

    @Override
    public VerifyTokenResponse process(VerifyTokenRequest request) throws TException
    {
        LOG.debug("Received request to verify an  token: {}", request);

        checkRequestNotNull(request);

        String tokenId = request.tokenId;
        checkThat(tokenId)
            .throwing(withMessage("missing tokenId"))
            .is(nonEmptyString())
            .throwing(InvalidTokenException.class)
            .is(tokenInRepository(repository));

        if (shouldCheckAgainstOwner(request))
        {
            String ownerId = request.ownerId;
            ensureTokenAndOwnerMatch(tokenId, ownerId);
        }

        return new VerifyTokenResponse();

    }

    private boolean shouldCheckAgainstOwner(VerifyTokenRequest request)
    {
        return request.isSetOwnerId() && !Strings.isNullOrEmpty(request.ownerId);
    }

    private void ensureTokenAndOwnerMatch(String tokenId, String ownerId) throws OperationFailedException, InvalidTokenException
    {

        boolean tokenAndOwnerMatch = tryDetermineMatch(tokenId, ownerId);

        if (!tokenAndOwnerMatch)
        {
            throw new InvalidTokenException();
        }
    }

    private boolean tryDetermineMatch(String tokenId, String ownerId) throws OperationFailedException
    {
        boolean match;

        try
        {
            match = repository.doesTokenBelongTo(tokenId, ownerId);
        }
        catch (Exception ex)
        {
            throw new OperationFailedException("Could not read token repository");
        }

        return match;
    }

    @Override
    public String toString()
    {
        return "VerifyTokenOperation{" + "repository=" + repository + '}';
    }
}