2021-08-20 10:58:07 -07:00
|
|
|
package auth;
|
2021-03-11 13:38:35 -08:00
|
|
|
|
2021-11-22 16:33:14 -08:00
|
|
|
import com.typesafe.config.Config;
|
2022-05-10 18:15:53 -05:00
|
|
|
import java.util.Optional;
|
2021-11-22 16:33:14 -08:00
|
|
|
import javax.inject.Inject;
|
2021-03-11 13:38:35 -08:00
|
|
|
import play.mvc.Http;
|
|
|
|
|
import play.mvc.Result;
|
|
|
|
|
import play.mvc.Security;
|
|
|
|
|
|
|
|
|
|
import javax.annotation.Nonnull;
|
|
|
|
|
import javax.annotation.Nullable;
|
|
|
|
|
|
2021-11-22 16:33:14 -08:00
|
|
|
import static auth.AuthUtils.*;
|
|
|
|
|
|
2021-03-11 13:38:35 -08:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Implementation of base Play Authentication used to determine if a request to a route should be
|
|
|
|
|
* authenticated.
|
|
|
|
|
*/
|
|
|
|
|
public class Authenticator extends Security.Authenticator {
|
2021-11-22 16:33:14 -08:00
|
|
|
|
|
|
|
|
private final boolean metadataServiceAuthEnabled;
|
|
|
|
|
|
|
|
|
|
@Inject
|
|
|
|
|
public Authenticator(@Nonnull Config config) {
|
2022-05-10 18:15:53 -05:00
|
|
|
this.metadataServiceAuthEnabled = config.hasPath(METADATA_SERVICE_AUTH_ENABLED_CONFIG_PATH)
|
|
|
|
|
&& config.getBoolean(METADATA_SERVICE_AUTH_ENABLED_CONFIG_PATH);
|
2021-11-22 16:33:14 -08:00
|
|
|
}
|
|
|
|
|
|
2021-03-11 13:38:35 -08:00
|
|
|
@Override
|
|
|
|
|
public String getUsername(@Nonnull Http.Context ctx) {
|
2021-11-22 16:33:14 -08:00
|
|
|
if (this.metadataServiceAuthEnabled) {
|
|
|
|
|
// If Metadata Service auth is enabled, we only want to verify presence of the
|
|
|
|
|
// "Authorization" header OR the presence of a frontend generated session cookie.
|
|
|
|
|
// At this time, the actor is still considered to be unauthenicated.
|
|
|
|
|
return AuthUtils.isEligibleForForwarding(ctx) ? "urn:li:corpuser:UNKNOWN" : null;
|
|
|
|
|
} else {
|
|
|
|
|
// If Metadata Service auth is not enabled, verify the presence of a valid session cookie.
|
|
|
|
|
return AuthUtils.hasValidSessionCookie(ctx) ? ctx.session().get(ACTOR) : null;
|
|
|
|
|
}
|
2021-03-11 13:38:35 -08:00
|
|
|
}
|
|
|
|
|
|
2022-05-10 18:15:53 -05:00
|
|
|
@Override
|
|
|
|
|
public Optional<String> getUsername(@Nonnull Http.Request request) {
|
|
|
|
|
Http.Context ctx = Http.Context.current();
|
|
|
|
|
if (this.metadataServiceAuthEnabled) {
|
|
|
|
|
// If Metadata Service auth is enabled, we only want to verify presence of the
|
|
|
|
|
// "Authorization" header OR the presence of a frontend generated session cookie.
|
|
|
|
|
// At this time, the actor is still considered to be unauthenicated.
|
|
|
|
|
return Optional.ofNullable(AuthUtils.isEligibleForForwarding(ctx) ? "urn:li:corpuser:UNKNOWN" : null);
|
|
|
|
|
} else {
|
|
|
|
|
// If Metadata Service auth is not enabled, verify the presence of a valid session cookie.
|
|
|
|
|
return Optional.ofNullable(AuthUtils.hasValidSessionCookie(ctx) ? ctx.session().get(ACTOR) : null);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-11 13:38:35 -08:00
|
|
|
@Override
|
|
|
|
|
@Nonnull
|
|
|
|
|
public Result onUnauthorized(@Nullable Http.Context ctx) {
|
|
|
|
|
return unauthorized();
|
|
|
|
|
}
|
2022-05-10 18:15:53 -05:00
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public Result onUnauthorized(Http.Request req) {
|
|
|
|
|
return unauthorized();
|
|
|
|
|
}
|
2021-03-11 13:38:35 -08:00
|
|
|
}
|
