Merge pull request #112 from drivergroup/overload-authorizev1.7.4

Overload authorize directive to check against service context
author: Jakob Odersky <jakob@odersky.com> 2018-02-09 13:42:50 -0800
committer: GitHub <noreply@github.com> 2018-02-09 13:42:50 -0800
commit: db338bd1aeb8175967cc0bdc271317576876633d (patch)
tree: 3aae1aa05eebd2a2197dc4f0f11b7c7c7bd6ff07
parent: 3765c504d8bdfcc7ca3a5bdafa44351c1908596e (diff)
parent: db3d1cb6a5dc1aa0fdee3fda79b4dc204cc4af48 (diff)
download: driver-core-db338bd1aeb8175967cc0bdc271317576876633d.tar.gz
driver-core-db338bd1aeb8175967cc0bdc271317576876633d.tar.bz2
driver-core-db338bd1aeb8175967cc0bdc271317576876633d.zip
1 files changed, 35 insertions, 26 deletions
diff --git a/src/main/scala/xyz/driver/core/rest/auth/AuthProvider.scala b/src/main/scala/xyz/driver/core/rest/auth/AuthProvider.scala
index 9c89fc6..5ed98cc 100644
--- a/src/main/scala/xyz/driver/core/rest/auth/AuthProvider.scala
+++ b/src/main/scala/xyz/driver/core/rest/auth/AuthProvider.scala
@@ -29,36 +29,45 @@ abstract class AuthProvider[U <: User](val authorization: Authorization[U], log:
   def authenticatedUser(implicit ctx: ServiceRequestContext): OptionT[Future, U]
 
   /**
+    * Verifies if a service context is authenticated and authorized to have `permissions`
+    */
+  def authorize(
+      context: ServiceRequestContext,
+      permissions: Permission*): Directive1[AuthorizedServiceRequestContext[U]] = {
+    onComplete {
+      (for {
+        authToken <- OptionT.optionT(Future.successful(context.authToken))
+        user      <- authenticatedUser(context)
+        authCtx = context.withAuthenticatedUser(authToken, user)
+        authorizationResult <- authorization.userHasPermissions(user, permissions)(authCtx).toOptionT
+
+        cachedPermissionsAuthCtx = authorizationResult.token.fold(authCtx)(authCtx.withPermissionsToken)
+        allAuthorized            = permissions.forall(authorizationResult.authorized.getOrElse(_, false))
+      } yield (cachedPermissionsAuthCtx, allAuthorized)).run
+    } flatMap {
+      case Success(Some((authCtx, true))) => provide(authCtx)
+      case Success(Some((authCtx, false))) =>
+        val challenge =
+          HttpChallenges.basic(s"User does not have the required permissions: ${permissions.mkString(", ")}")
+        log.warn(
+          s"User ${authCtx.authenticatedUser} does not have the required permissions: ${permissions.mkString(", ")}")
+        reject(AuthenticationFailedRejection(CredentialsRejected, challenge))
+      case Success(None) =>
+        log.warn(
+          s"Wasn't able to find authenticated user for the token provided to verify ${permissions.mkString(", ")}")
+        reject(ValidationRejection(s"Wasn't able to find authenticated user for the token provided"))
+      case Failure(t) =>
+        log.warn(s"Wasn't able to verify token for authenticated user to verify ${permissions.mkString(", ")}", t)
+        reject(ValidationRejection(s"Wasn't able to verify token for authenticated user", Some(t)))
+    }
+  }
+
+  /**
     * Verifies if request is authenticated and authorized to have `permissions`
     */
   def authorize(permissions: Permission*): Directive1[AuthorizedServiceRequestContext[U]] = {
     serviceContext flatMap { ctx =>
-      onComplete {
-        (for {
-          authToken <- OptionT.optionT(Future.successful(ctx.authToken))
-          user      <- authenticatedUser(ctx)
-          authCtx = ctx.withAuthenticatedUser(authToken, user)
-          authorizationResult <- authorization.userHasPermissions(user, permissions)(authCtx).toOptionT
-
-          cachedPermissionsAuthCtx = authorizationResult.token.fold(authCtx)(authCtx.withPermissionsToken)
-          allAuthorized            = permissions.forall(authorizationResult.authorized.getOrElse(_, false))
-        } yield (cachedPermissionsAuthCtx, allAuthorized)).run
-      } flatMap {
-        case Success(Some((authCtx, true))) => provide(authCtx)
-        case Success(Some((authCtx, false))) =>
-          val challenge =
-            HttpChallenges.basic(s"User does not have the required permissions: ${permissions.mkString(", ")}")
-          log.warn(
-            s"User ${authCtx.authenticatedUser} does not have the required permissions: ${permissions.mkString(", ")}")
-          reject(AuthenticationFailedRejection(CredentialsRejected, challenge))
-        case Success(None) =>
-          log.warn(
-            s"Wasn't able to find authenticated user for the token provided to verify ${permissions.mkString(", ")}")
-          reject(ValidationRejection(s"Wasn't able to find authenticated user for the token provided"))
-        case Failure(t) =>
-          log.warn(s"Wasn't able to verify token for authenticated user to verify ${permissions.mkString(", ")}", t)
-          reject(ValidationRejection(s"Wasn't able to verify token for authenticated user", Some(t)))
-      }
+      authorize(ctx, permissions: _*)
     }
   }
 }
author	Jakob Odersky <jakob@odersky.com>	2018-02-09 13:42:50 -0800
committer	GitHub <noreply@github.com>	2018-02-09 13:42:50 -0800
commit	db338bd1aeb8175967cc0bdc271317576876633d (patch)
tree	3aae1aa05eebd2a2197dc4f0f11b7c7c7bd6ff07
parent	3765c504d8bdfcc7ca3a5bdafa44351c1908596e (diff)
parent	db3d1cb6a5dc1aa0fdee3fda79b4dc204cc4af48 (diff)
download	driver-core-db338bd1aeb8175967cc0bdc271317576876633d.tar.gz driver-core-db338bd1aeb8175967cc0bdc271317576876633d.tar.bz2 driver-core-db338bd1aeb8175967cc0bdc271317576876633d.zip