1 files changed, 95 insertions, 0 deletions
diff --git a/src/com/p4square/restlet/oauth/OAuthAuthenticator.java b/src/com/p4square/restlet/oauth/OAuthAuthenticator.java
new file mode 100644
index 0000000..c33bb5a
--- /dev/null
+++ b/src/com/p4square/restlet/oauth/OAuthAuthenticator.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2013 Jesse Morgan
+ */
+
+package com.p4square.restlet.oauth;
+
+import org.apache.log4j.Logger;
+
+import org.restlet.Context;
+import org.restlet.Request;
+import org.restlet.Response;
+import org.restlet.security.Authenticator;
+import org.restlet.security.User;
+
+/**
+ * Authenticator which makes an OAuth request to authenticate the user.
+ *
+ * If this Authenticator is made optional than no requests are made to the
+ * service provider.
+ *
+ * @author Jesse Morgan <jesse@jesterpm.net>
+ */
+public class OAuthAuthenticator extends Authenticator {
+    private static Logger LOG = Logger.getLogger(OAuthAuthenticator.class);
+
+    private static final String OAUTH_TOKEN = "oauth_token";
+    private static final String COOKIE_NAME = "oauth_secret";
+
+    private final OAuthHelper mHelper;
+
+    /**
+     * Create a new Authenticator.
+     *
+     * @param Context the current context.
+     * @param optional If true, unauthenticated users are allowed to continue.
+     * @param helper The OAuthHelper which will help with the requests.
+     */
+    public OAuthAuthenticator(Context context, boolean optional, OAuthHelper helper) {
+        super(context, false, optional, null);
+
+        mHelper = helper;
+    }
+
+    protected boolean authenticate(Request request, Response response) {
+        /*
+         * The authentication workflow has three steps:
+         *  1. Get RequestToken
+         *  2. Authenticate the user
+         *  3. Get AccessToken
+         *
+         * The authentication workflow is broken into two stages. In the first,
+         * we generate the RequestToken (step 1) and redirect the user to the
+         * authentication page. When the user comes back, we will request the
+         * AccessToken (step 2).
+         *
+         * We determine which half we are in by the presence of the oauth_token
+         * parameter in the query string.
+         */
+
+        final String token = request.getResourceRef().getQueryAsForm().getFirstValue(OAUTH_TOKEN);
+        final String secret = request.getCookies().getFirstValue(COOKIE_NAME);
+
+        try {
+            if (token == null) {
+                if (isOptional()) {
+                    return false;
+                }
+
+                // 1. Get RequestToken
+                Token requestToken = mHelper.getRequestToken();
+
+                if (requestToken == null) {
+                    return false;
+                }
+
+                // 2. Redirect user
+                // TODO Encrypt cookie
+                response.getCookieSettings().add(COOKIE_NAME, requestToken.getSecret());
+                response.redirectSeeOther(mHelper.getLoginUrl(requestToken, request.getResourceRef().toString()));
+                return false;
+
+            } else {
+                // 3. Get AccessToken
+                Token requestToken = new Token(token, secret);
+                User user = mHelper.getAccessToken(requestToken);
+                request.getClientInfo().setUser(user);
+                return true;
+            }
+
+        } catch (OAuthException e) {
+            LOG.debug("Authentication failed: " + e);
+            return false;
+        }
+    }
+}