From 1cdb43bb3e432040aed18c05e129f0131ee7d20a Mon Sep 17 00:00:00 2001
From: Jesse Morgan <jesse@jesterpm.net>
Date: Tue, 27 Aug 2013 08:28:16 -0700
Subject: Introducing F1 Authentication and Adding Site Content.

This change introduced the f1oauth and jesterpm oauth packages for
interacting with Fellowship One's developer API. I have also reworked
the login authentication to verify credentials through F1 and added
session management to track logged in users.

The Authenticator chain works as follows: on every page load we check
for a session cookie, if the cookie exists, the Request is marked as
authenticated and the OAuthUser object is restored in ClientInfo. If
this request is going to an account page, we require authentication. The
LoginFormAuthenticator checks if the user is already authenticated (via
cookie) and if not redirects the user to the login page. When the login
form is submitted, LoginFormAuthenticator catches the POST request and
authenticates the user through F1.

I'm also adding a new account page, but it is currently a work in
progress.

This commit also adds Allen's content to the site.
---
 .../grow/frontend/LoginFormAuthenticator.java      | 122 +++++++++++++++++++++
 1 file changed, 122 insertions(+)
 create mode 100644 src/com/p4square/grow/frontend/LoginFormAuthenticator.java

(limited to 'src/com/p4square/grow/frontend/LoginFormAuthenticator.java')

diff --git a/src/com/p4square/grow/frontend/LoginFormAuthenticator.java b/src/com/p4square/grow/frontend/LoginFormAuthenticator.java
new file mode 100644
index 0000000..d5a3c22
--- /dev/null
+++ b/src/com/p4square/grow/frontend/LoginFormAuthenticator.java
@@ -0,0 +1,122 @@
+/*
+ * Copyright 2013 Jesse Morgan
+ */
+
+package com.p4square.grow.frontend;
+
+import org.apache.log4j.Logger;
+
+import org.restlet.Context;
+import org.restlet.Request;
+import org.restlet.Response;
+import org.restlet.data.ChallengeResponse;
+import org.restlet.data.ChallengeScheme;
+import org.restlet.data.Form;
+import org.restlet.data.Reference;
+import org.restlet.security.Authenticator;
+import org.restlet.security.Verifier;
+
+/**
+ * LoginFormAuthenticator changes 
+ *
+ *
+ * @author Jesse Morgan <jesse@jesterpm.net>
+ */
+public class LoginFormAuthenticator extends Authenticator {
+    private static final Logger LOG = Logger.getLogger(LoginFormAuthenticator.class);
+
+    private final Verifier mVerifier;
+
+    private String mLoginPage    = "/login.html";
+    private String mLoginPostUrl = "/authenticate";
+    private String mDefaultRedirect = "/index.html";
+
+    public LoginFormAuthenticator(Context context, boolean optional, Verifier verifier) {
+        super(context, false, optional, null);
+
+        mVerifier = verifier;
+    }
+
+    public void setLoginFormUrl(String url) {
+        mLoginPage = url;
+    }
+
+    public void setLoginPostUrl(String url) {
+        mLoginPostUrl = url;
+    }
+
+    @Override
+    protected int beforeHandle(Request request, Response response) {
+        if (request.getClientInfo().isAuthenticated()) {
+            // TODO: Logout
+            LOG.debug("Already authenticated. Skipping");
+            return CONTINUE;
+
+        } else {
+            return super.beforeHandle(request, response);
+        }
+    }
+
+
+    @Override
+    protected boolean authenticate(Request request, Response response) {
+        String requestPath = request.getResourceRef().getPath();
+        boolean isLoginAttempt = mLoginPostUrl.equals(requestPath);
+
+        Form query = request.getOriginalRef().getQueryAsForm();
+        String redirect = query.getFirstValue("redirect");
+        if (redirect == null) {
+            if (isLoginAttempt) {
+                redirect = mDefaultRedirect;
+            } else {
+                redirect = request.getResourceRef().getRelativePart();
+            }
+        }
+
+        boolean authenticationFailed = false;
+
+        if (isLoginAttempt) {
+            LOG.debug("Attempting authentication");
+
+            // Process login form
+            final Form form = new Form(request.getEntity());
+            final String email = form.getFirstValue("email");
+            final String password = form.getFirstValue("password");
+
+            boolean authenticated = false;
+
+            if (email != null && !"".equals(email) &&
+                password != null && !"".equals(password)) {
+
+                LOG.debug("Got login request from " + email);
+
+                request.setChallengeResponse(
+                    new ChallengeResponse(ChallengeScheme.HTTP_BASIC, email, password.toCharArray()));
+
+                // We expect the verifier to setup the User object.
+                int result = mVerifier.verify(request, response);
+                if (result == Verifier.RESULT_VALID) {
+                    // TODO: Ensure redirect is a relative url.
+                    response.redirectSeeOther(redirect);
+                    return true;
+                }
+            }
+
+            authenticationFailed = true;
+        }
+
+        if (!isOptional() || authenticationFailed) {
+            Reference ref = new Reference(mLoginPage);
+            ref.addQueryParameter("redirect", redirect);
+
+            if (authenticationFailed) {
+                ref.addQueryParameter("retry", "t");
+            }
+
+            LOG.debug("Redirecting to " + ref.toString());
+            response.redirectSeeOther(ref.toString());
+        }
+        LOG.debug("Failing authentication.");
+        return false;
+    }
+}
-- 
cgit v1.2.3