PageTokenValidatorAction.java

/app/com/atlassian/connect/play/java/token/PageTokenValidatorAction.java

https://bitbucket.org/awei/ac-play-java
Java | 60 lines | 50 code | 8 blank | 2 comment | 5 complexity | e9f02b7b18adc9d77cf6a476e3602fe5 MD5 | raw file
Possible License(s): Apache-2.0


package com.atlassian.connect.play.java.token;

import com.atlassian.connect.play.java.AC;
import com.atlassian.fugue.Option;
import org.apache.commons.lang3.StringUtils;
import play.mvc.Action;
import play.mvc.Http;
import play.mvc.Result;

import static com.atlassian.connect.play.java.Constants.AC_USER_ID_PARAM;
import static com.atlassian.fugue.Option.option;

public final class PageTokenValidatorAction extends Action<CheckValidToken>
{
    public static final String HEADER_PREFIX = "X-";

    public static final String TOKEN_KEY = "acpt";

    @Override
    public Result call(final Http.Context context) throws Throwable
    {
        final boolean allowInsecurePolling = this.configuration.allowInsecurePolling();
        final Option<String> token = extractTokenDetails(context.request());
        if (token.isEmpty())
        {
            return unauthorized("Unauthorised: It appears your session has expired. Please reload the page.");
        }
        final Option<Token> decryptedToken = AC.validateToken(token.get(), allowInsecurePolling);
        if (decryptedToken.isEmpty())
        {
            return unauthorized("Unauthorised: It appears your session has expired. Please reload the page.");
        }

        AC.setAcHost(decryptedToken.get().getAcHost());
        final Option<String> user = decryptedToken.get().getUser();
        if (user.isDefined())
        {
            context.args.put(AC_USER_ID_PARAM, user.get());
        }

        //valid request so lets refresh the token with a new timestamp and add it to the response headers
        //so clients can update their tokens on ajax responses!
        AC.refreshToken(allowInsecurePolling);
        if (allowInsecurePolling)
        {
            context.response().setHeader(HEADER_PREFIX + TOKEN_KEY, AC.getToken().get());
        }
        return delegate.call(context);
    }

    private Option<String> extractTokenDetails(final Http.Request request)
    {
        String token = request.getHeader(HEADER_PREFIX + TOKEN_KEY);
        if (StringUtils.isBlank(token))
        {
            token = request.getQueryString(TOKEN_KEY);
        }
        return option(token);
    }
}