/**
* Authenticate within a given realm (user provider).
*
* @param form
* @return
*/
@POST
@Path("/authenticate")
public Json authenticate(Json form) {
if (!form.has("provider") || form.is("provider", ""))
form.set("provider", desc.at("authenticatesWith").at("hasName"));
if (form.is("provider", authenticateProvider())) {
if (!form.has("password") || form.is("password", "")) return ko("Please provide a password.");
Json userdata = userProfile(form);
if (userdata.is("error", "No profile")) return ko("User not found or invalid password.");
else if (!userdata.is("ok", true)) return userdata;
else if (!StartUp.getConfig().is("ignorePasswords", true)) {
if (!provider(form.at("provider").asString())
.authenticate(
userdata.at("profile").at("hasUsername").asString(),
form.at("password").asString())) return ko("User not found or invalid password.");
}
if (dbg()) {
String msg =
(userdata.at("profile").has("hasUsername"))
? userdata.at("profile").at("hasUsername").asString()
: "Unknown";
msg += " | lastname: " + (userdata.at("profile").at("lastName", " no lastname")).toString();
msg +=
"\r\n | groups: "
+ (userdata.at("profile").at("groups", " no groups")).toString()
+ "\r\n";
ThreadLocalStopwatch.getWatch().time("Auth success: " + msg);
ThreadLocalStopwatch.dispose();
}
return ok().set("user", prepareReturn(userdata.at("profile")));
}
// other realms/providers...
else return ko("Unknown realm");
}
@GET
@Path("search")
public Json search(
@QueryParam("id") String id,
@QueryParam("name") String searchString,
@QueryParam("providers") String providers) {
if (id != null && !id.isEmpty()) {
return Json.array().add(searchUserById(id));
}
Json resultList = Json.array();
final int maxResults = 15;
try {
if (searchString == null || searchString.length() == 0) return null;
else searchString = searchString.trim();
Json user = Json.object();
String name = searchString;
name = name.trim();
int idx;
// Parse search string
if ((idx = name.indexOf(',')) > -1) { // Miller, Bob
user.set("LastName", name.substring(0, idx).trim());
user.set("FirstName", name.substring(idx + 1).trim());
} else if ((idx = name.indexOf(' ')) > -1) { // Bob Miller
user.set("LastName", name.substring(idx + 1).trim());
user.set("FirstName", name.substring(0, idx).trim());
} else { // Miller
user.set("LastName", name);
}
if (user.is("FirstName", "")) user.delAt("FirstName");
if (user.is("LastName", "")) user.delAt("LastName");
if (user.asJsonMap().size() > 0) {
Collection<String> P =
providers != null ? Arrays.asList(providers.split(",")) : orderedProviders();
for (String providerName : P)
resultList.with(searchProvider(providerName, user, maxResults));
}
} catch (Exception e) {
e.printStackTrace();
return ko(e);
}
return prepareReturn(resultList);
}
/**
* This is a general method to retrieve information about a particular user. Because it's
* expensive to fill out all information we can get about a user, the request is a more complex
* object that specifies what is to be provided. In this way, a client can request all that is
* needed and only that which is needed in a single network round-trip.
*
* <p>The basic profile (first name, email etc.) is returned regardless. Here are the expected
* properties of the JSON <code>request</code> parameter that control what else is returned:
*
* <ul>
* <li>username - mandatory...of course
* <li>groups - true/false whether to include the list of groups the user belongs to
* <li>access - true/false whether to include the access policies for this user
* </ul>
*
* @param request
* @return
*/
@POST
@Path("/profile")
public Json userProfile(Json request) {
try {
if (!request.isObject() || !request.has("username")) return ko("bad request.");
if (!request.has("provider") || request.is("provider", ""))
request.set("provider", desc.at("authenticatesWith").at("hasName"));
UserProvider providerImpl = provider(request.at("provider").asString());
Json profile = providerImpl.get(request.at("username").asString());
if (profile.isNull()) return ko("No profile");
if (request.is("groups", true) || request.is("access", true))
profile.set("groups", providerImpl.findGroups(request.at("username").asString()));
if (request.is("access", true))
profile.set("access", getAccessPolicies(profile.at("groups")));
return ok().set("profile", prepareReturn(profile));
} catch (Throwable t) {
if (!"unavailable"
.equals(t.getMessage())) // error would have already been reported in the logs
t.printStackTrace(System.err);
return ko(t.getMessage());
}
}
@Test
public void testObjectMerge() {
Json o1 =
object(
"id",
2,
"name",
"John",
"address",
object(
"streetName", "Main",
"streetNumber", 20,
"city", "Detroit"));
Json o2 = o1.dup().set("age", 20).at("address").delAt("city").up();
o1.with(o2, "merge");
Assert.assertTrue(o1.is("age", 20));
Assert.assertTrue(o1.at("address").is("city", "Detroit"));
}
