From 362cef066725dec0ffaeacb91e7e3c287d68bc51 Mon Sep 17 00:00:00 2001 From: Jesse Morgan Date: Tue, 27 Aug 2013 08:28:16 -0700 Subject: Introducing F1 Authentication and Adding Site Content. This change introduced the f1oauth and jesterpm oauth packages for interacting with Fellowship One's developer API. I have also reworked the login authentication to verify credentials through F1 and added session management to track logged in users. The Authenticator chain works as follows: on every page load we check for a session cookie, if the cookie exists, the Request is marked as authenticated and the OAuthUser object is restored in ClientInfo. If this request is going to an account page, we require authentication. The LoginFormAuthenticator checks if the user is already authenticated (via cookie) and if not redirects the user to the login page. When the login form is submitted, LoginFormAuthenticator catches the POST request and authenticates the user through F1. I'm also adding a new account page, but it is currently a work in progress. This commit also adds Allen's content to the site. --- src/com/p4square/f1oauth/SecondPartyVerifier.java | 60 +++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 src/com/p4square/f1oauth/SecondPartyVerifier.java (limited to 'src/com/p4square/f1oauth/SecondPartyVerifier.java') diff --git a/src/com/p4square/f1oauth/SecondPartyVerifier.java b/src/com/p4square/f1oauth/SecondPartyVerifier.java new file mode 100644 index 0000000..78bb1bf --- /dev/null +++ b/src/com/p4square/f1oauth/SecondPartyVerifier.java @@ -0,0 +1,60 @@ +/* + * Copyright 2013 Jesse Morgan + */ + +package com.p4square.f1oauth; + +import org.apache.log4j.Logger; + +import net.jesterpm.restlet.oauth.OAuthException; +import net.jesterpm.restlet.oauth.OAuthUser; + +import org.restlet.Context; +import org.restlet.Request; +import org.restlet.Response; +import org.restlet.security.Verifier; + +/** + * Restlet Verifier for F1 2nd Party Authentication + * + * @author Jesse Morgan + */ +public class SecondPartyVerifier implements Verifier { + private static final Logger LOG = Logger.getLogger(SecondPartyVerifier.class); + + private final F1OAuthHelper mHelper; + + public SecondPartyVerifier(F1OAuthHelper helper) { + if (helper == null) { + throw new IllegalArgumentException("Helper can not be null."); + } + + mHelper = helper; + } + + @Override + public int verify(Request request, Response response) { + if (request.getChallengeResponse() == null) { + return RESULT_MISSING; // no credentials + } + + String username = request.getChallengeResponse().getIdentifier(); + String password = new String(request.getChallengeResponse().getSecret()); + + try { + OAuthUser user = mHelper.getAccessToken(username, password); + user.setIdentifier(username); + user.setEmail(username); + + // This seems like a hack... but it'll work + request.getClientInfo().setUser(user); + + return RESULT_VALID; + + } catch (OAuthException e) { + LOG.info("OAuth Exception: " + e, e); + } + + return RESULT_INVALID; // Invalid credentials + } +} -- cgit v1.2.3