Package org.openmhealth.reference.request

Source Code of org.openmhealth.reference.request.AuthenticationRequest

/*******************************************************************************
* Copyright 2013 Open mHealth
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*   http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
******************************************************************************/
package org.openmhealth.reference.request;

import org.openmhealth.reference.data.AuthenticationTokenBin;
import org.openmhealth.reference.data.UserBin;
import org.openmhealth.reference.domain.AuthenticationToken;
import org.openmhealth.reference.domain.User;
import org.openmhealth.reference.exception.InvalidAuthenticationException;
import org.openmhealth.reference.exception.OmhException;

/**
* <p>
* Creates a new authentication token for an existing user.
* </p>
*
* @author John Jenkins
*/
public class AuthenticationRequest extends Request<AuthenticationToken> {
  /**
   * The message to return to the user if the authentication fails. This
   * should be used in all non-system failure cases to mitigate leaking any
   * additional information about why the authentication failed.
   */
  private static final String MESSAGE_AUTHENTICATION_FAILURE =
    "The username does not exist or the password is incorrect.";
 
  /**
   * The user-name of the user requesting the authentication token.
   */
  private final String username;
  /**
   * The password for the user requesting the authentication token.
   */
  private final String password;
 
  /**
   * Creates a request for an authentication token.
   *
   * @param username The requesting user's user-name.
   *
   * @param password The requesting user's password.
   *
   * @throws OmhException The user-name or password was null.
   */
  public AuthenticationRequest(
    final String username,
    final String password)
    throws OmhException {
   
    // Validate the username.
    if(username == null) {
      throw new OmhException("The username is missing.");
    }
    else {
      this.username = username;
    }
   
    // Validate the password.
    if(password == null) {
      throw new OmhException("The password is missing.");
    }
    else {
      this.password = password;
    }
  }

  /*
   * (non-Javadoc)
   * @see org.openmhealth.reference.request.Request#service()
   */
  @Override
  public void service() throws OmhException {
    // First, short-circuit if this request has already been serviced.
    if(isServiced()) {
      return;
    }
    else {
      setServiced();
    }

    // Get the user.
    User user = getUser(username, password);
   
    // Verify that the account is active.
    if(! user.isActivated()) {
      throw new OmhException("The account has not been activated.");
    }
   
    // Create the user's authentication token.
    AuthenticationToken token = new AuthenticationToken(user);
   
    // Save the token.
    AuthenticationTokenBin.getInstance().storeToken(token);
   
    // Return the token to the user.
    setData(token);
  }
 
  /**
   * Retrieves a {@link User} object from the given credentials if one exists
   * or throws an exception if they are invalid.
   *
   * @param username
   *        The user's username.
   *
   * @param password
   *        The user's password.
   *
   * @return The authenticated User object.
   *
   * @throws OmhException
   *         The username was unknown or the password was incorrect.
   */
  public static User getUser(
    final String username,
    final String password)
    throws OmhException {
   
    // Get the user.
    User user = UserBin.getInstance().getUser(username);
   
    // Make sure the user exists.
    if(user == null) {
      throw
        new InvalidAuthenticationException(
          MESSAGE_AUTHENTICATION_FAILURE);
    }
   
    // Check the password.
    if(! user.checkPassword(password)) {
      throw
        new InvalidAuthenticationException(
          MESSAGE_AUTHENTICATION_FAILURE);
    }
   
    return user;
  }
}
TOP

Related Classes of org.openmhealth.reference.request.AuthenticationRequest

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.