Introducing F1 Authentication and Adding Site Content.

This change introduced the f1oauth and jesterpm oauth packages for interacting with Fellowship One's developer API. I have also reworked the login authentication to verify credentials through F1 and added session management to track logged in users. The Authenticator chain works as follows: on every page load we check for a session cookie, if the cookie exists, the Request is marked as authenticated and the OAuthUser object is restored in ClientInfo. If this request is going to an account page, we require authentication. The LoginFormAuthenticator checks if the user is already authenticated (via cookie) and if not redirects the user to the login page. When the login form is submitted, LoginFormAuthenticator catches the POST request and authenticates the user through F1. I'm also adding a new account page, but it is currently a work in progress. This commit also adds Allen's content to the site.
author: Jesse Morgan <jesse@jesterpm.net> 2013-08-27 08:28:16 -0700
committer: Jesse Morgan <jesse@jesterpm.net> 2013-08-27 08:28:16 -0700
commit: 1cdb43bb3e432040aed18c05e129f0131ee7d20a (patch)
tree: a4c5ad41d183b3874c990de0c5416d1810a1dc85 /src/com/p4square/restlet/oauth/OAuthAuthenticator.java
parent: 9b33aaf27cd8f73402ee9967c6b0fd76a90f8ebe (diff)
1 files changed, 95 insertions, 0 deletions
diff --git a/src/com/p4square/restlet/oauth/OAuthAuthenticator.java b/src/com/p4square/restlet/oauth/OAuthAuthenticator.java
new file mode 100644
index 0000000..c33bb5a
--- /dev/null
+++ b/src/com/p4square/restlet/oauth/OAuthAuthenticator.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2013 Jesse Morgan
+ */
+
+package com.p4square.restlet.oauth;
+
+import org.apache.log4j.Logger;
+
+import org.restlet.Context;
+import org.restlet.Request;
+import org.restlet.Response;
+import org.restlet.security.Authenticator;
+import org.restlet.security.User;
+
+/**
+ * Authenticator which makes an OAuth request to authenticate the user.
+ *
+ * If this Authenticator is made optional than no requests are made to the
+ * service provider.
+ *
+ * @author Jesse Morgan <jesse@jesterpm.net>
+ */
+public class OAuthAuthenticator extends Authenticator {
+    private static Logger LOG = Logger.getLogger(OAuthAuthenticator.class);
+
+    private static final String OAUTH_TOKEN = "oauth_token";
+    private static final String COOKIE_NAME = "oauth_secret";
+
+    private final OAuthHelper mHelper;
+
+    /**
+     * Create a new Authenticator.
+     *
+     * @param Context the current context.
+     * @param optional If true, unauthenticated users are allowed to continue.
+     * @param helper The OAuthHelper which will help with the requests.
+     */
+    public OAuthAuthenticator(Context context, boolean optional, OAuthHelper helper) {
+        super(context, false, optional, null);
+
+        mHelper = helper;
+    }
+
+    protected boolean authenticate(Request request, Response response) {
+        /*
+         * The authentication workflow has three steps:
+         *  1. Get RequestToken
+         *  2. Authenticate the user
+         *  3. Get AccessToken
+         *
+         * The authentication workflow is broken into two stages. In the first,
+         * we generate the RequestToken (step 1) and redirect the user to the
+         * authentication page. When the user comes back, we will request the
+         * AccessToken (step 2).
+         *
+         * We determine which half we are in by the presence of the oauth_token
+         * parameter in the query string.
+         */
+
+        final String token = request.getResourceRef().getQueryAsForm().getFirstValue(OAUTH_TOKEN);
+        final String secret = request.getCookies().getFirstValue(COOKIE_NAME);
+
+        try {
+            if (token == null) {
+                if (isOptional()) {
+                    return false;
+                }
+
+                // 1. Get RequestToken
+                Token requestToken = mHelper.getRequestToken();
+
+                if (requestToken == null) {
+                    return false;
+                }
+
+                // 2. Redirect user
+                // TODO Encrypt cookie
+                response.getCookieSettings().add(COOKIE_NAME, requestToken.getSecret());
+                response.redirectSeeOther(mHelper.getLoginUrl(requestToken, request.getResourceRef().toString()));
+                return false;
+
+            } else {
+                // 3. Get AccessToken
+                Token requestToken = new Token(token, secret);
+                User user = mHelper.getAccessToken(requestToken);
+                request.getClientInfo().setUser(user);
+                return true;
+            }
+
+        } catch (OAuthException e) {
+            LOG.debug("Authentication failed: " + e);
+            return false;
+        }
+    }
+}
author	Jesse Morgan <jesse@jesterpm.net>	2013-08-27 08:28:16 -0700
committer	Jesse Morgan <jesse@jesterpm.net>	2013-08-27 08:28:16 -0700
commit	1cdb43bb3e432040aed18c05e129f0131ee7d20a (patch)
tree	a4c5ad41d183b3874c990de0c5416d1810a1dc85 /src/com/p4square/restlet/oauth/OAuthAuthenticator.java
parent	9b33aaf27cd8f73402ee9967c6b0fd76a90f8ebe (diff)