remove duplicate clientcredential parsing #35

tsuyoshizawa · tsuyoshizawa · commit 8cc4fe83ca26 · 2014-10-14T16:58:09.000+09:00
diff --git a/README.md b/README.md
@@ -135,7 +135,7 @@ type handler to not require client credentials:
 
 ```scala
 class MyTokenEndpoint extends TokenEndpoint {
-  val passwordNoCred = new Password(ClientCredentialFetcher) {
+  val passwordNoCred = new Password() {
     override def clientCredentialRequired = false
   }
 
diff --git a/scala-oauth2-core/src/main/scala/scalaoauth2/provider/GrantHandler.scala b/scala-oauth2-core/src/main/scala/scalaoauth2/provider/GrantHandler.scala
@@ -13,7 +13,7 @@ trait GrantHandler {
    */
   def clientCredentialRequired = true
 
-  def handleRequest[U](request: AuthorizationRequest, dataHandler: DataHandler[U]): Future[GrantHandlerResult]
+  def handleRequest[U](request: AuthorizationRequest, optionalClientCredential: Option[ClientCredential], dataHandler: DataHandler[U]): Future[GrantHandlerResult]
 
   /**
    * Returns valid access token.
@@ -43,10 +43,10 @@ trait GrantHandler {
   }
 }
 
-class RefreshToken(clientCredentialFetcher: ClientCredentialFetcher) extends GrantHandler {
+class RefreshToken extends GrantHandler {
 
-  override def handleRequest[U](request: AuthorizationRequest, dataHandler: DataHandler[U]): Future[GrantHandlerResult] = {
-    val clientCredential = clientCredentialFetcher.fetch(request).getOrElse(throw new InvalidRequest("Authorization header is invalid"))
+  override def handleRequest[U](request: AuthorizationRequest, optionalClientCredential: Option[ClientCredential], dataHandler: DataHandler[U]): Future[GrantHandlerResult] = {
+    val clientCredential = optionalClientCredential.getOrElse(throw new InvalidRequest("Client credential is required"))
     val refreshToken = request.requireRefreshToken
 
     dataHandler.findAuthInfoByRefreshToken(refreshToken).flatMap { authInfoOption =>
@@ -68,54 +68,53 @@ class RefreshToken(clientCredentialFetcher: ClientCredentialFetcher) extends Gra
   }
 }
 
-class Password(clientCredentialFetcher: ClientCredentialFetcher) extends GrantHandler {
+class Password extends GrantHandler {
+
+  override def handleRequest[U](request: AuthorizationRequest, optionalClientCredential: Option[ClientCredential], dataHandler: DataHandler[U]): Future[GrantHandlerResult] = {
+    if (clientCredentialRequired && optionalClientCredential.isEmpty) {
+      throw new InvalidRequest("Client credential is required")
+    }
 
-  override def handleRequest[U](request: AuthorizationRequest, dataHandler: DataHandler[U]): Future[GrantHandlerResult] = {
-    val clientCredential = clientCredentialFetcher.fetch(request)
-    if (clientCredentialRequired && clientCredential.isEmpty)
-      throw new InvalidRequest("Authorization header is invalid")
     val username = request.requireUsername
     val password = request.requirePassword
 
     dataHandler.findUser(username, password).flatMap { userOption =>
       val user = userOption.getOrElse(throw new InvalidGrant("username or password is incorrect"))
       val scope = request.scope
-      val clientId = clientCredential.map { _.clientId }
+      val clientId = optionalClientCredential.map { _.clientId }
       val authInfo = AuthInfo(user, clientId, scope, None)
 
       issueAccessToken(dataHandler, authInfo)
     }
   }
 }
 
-class ClientCredentials(clientCredentialFetcher: ClientCredentialFetcher) extends GrantHandler {
+class ClientCredentials extends GrantHandler {
 
-  override def handleRequest[U](request: AuthorizationRequest, dataHandler: DataHandler[U]): Future[GrantHandlerResult] = {
-    val clientCredential = clientCredentialFetcher.fetch(request).getOrElse(throw new InvalidRequest("Authorization header is invalid"))
-    val clientSecret = clientCredential.clientSecret
-    val clientId = clientCredential.clientId
+  override def handleRequest[U](request: AuthorizationRequest, optionalClientCredential: Option[ClientCredential], dataHandler: DataHandler[U]): Future[GrantHandlerResult] = {
+    val clientCredential = optionalClientCredential.getOrElse(throw new InvalidRequest("Client credential is required"))
     val scope = request.scope
 
-    dataHandler.findClientUser(clientId, clientSecret, scope).flatMap { userOption =>
-      val user = userOption.getOrElse(throw new InvalidGrant("client_id or client_secret or scope is incorrect"))
-      val authInfo = AuthInfo(user, Some(clientId), scope, None)
+    dataHandler.findClientUser(clientCredential.clientId, clientCredential.clientSecret, scope).flatMap { optionalUser =>
+      val user = optionalUser.getOrElse(throw new InvalidGrant("client_id or client_secret or scope is incorrect"))
+      val authInfo = AuthInfo(user, Some(clientCredential.clientId), scope, None)
 
       issueAccessToken(dataHandler, authInfo)
     }
   }
 
 }
 
-class AuthorizationCode(clientCredentialFetcher: ClientCredentialFetcher) extends GrantHandler {
+class AuthorizationCode extends GrantHandler {
 
-  override def handleRequest[U](request: AuthorizationRequest, dataHandler: DataHandler[U]): Future[GrantHandlerResult] = {
-    val clientCredential = clientCredentialFetcher.fetch(request).getOrElse(throw new InvalidRequest("Authorization header is invalid"))
+  override def handleRequest[U](request: AuthorizationRequest, optionalClientCredential: Option[ClientCredential], dataHandler: DataHandler[U]): Future[GrantHandlerResult] = {
+    val clientCredential = optionalClientCredential.getOrElse(throw new InvalidRequest("Client credential is required"))
     val clientId = clientCredential.clientId
     val code = request.requireCode
     val redirectUri = request.redirectUri
 
-    dataHandler.findAuthInfoByCode(code).flatMap { authInfoOption =>
-      val authInfo = authInfoOption.getOrElse(throw new InvalidGrant("Authorized information is not found by the code"))
+    dataHandler.findAuthInfoByCode(code).flatMap { optionalAuthInfo =>
+      val authInfo = optionalAuthInfo.getOrElse(throw new InvalidGrant("Authorized information is not found by the code"))
       if (authInfo.clientId != Some(clientId)) {
         throw new InvalidClient
       }
diff --git a/scala-oauth2-core/src/main/scala/scalaoauth2/provider/TokenEndpoint.scala b/scala-oauth2-core/src/main/scala/scalaoauth2/provider/TokenEndpoint.scala
@@ -7,10 +7,10 @@ trait TokenEndpoint {
   val fetcher = ClientCredentialFetcher
 
   val handlers = Map(
-    "authorization_code" -> new AuthorizationCode(fetcher),
-    "refresh_token" -> new RefreshToken(fetcher),
-    "client_credentials" -> new ClientCredentials(fetcher),
-    "password" -> new Password(fetcher)
+    "authorization_code" -> new AuthorizationCode(),
+    "refresh_token" -> new RefreshToken(),
+    "client_credentials" -> new ClientCredentials(),
+    "password" -> new Password()
   )
 
   def handleRequest[U](request: AuthorizationRequest, dataHandler: DataHandler[U]): Future[Either[OAuthError, GrantHandlerResult]] = try {
@@ -22,7 +22,7 @@ trait TokenEndpoint {
         if (!validClient) {
           Future.successful(Left(throw new InvalidClient()))
         } else {
-          handler.handleRequest(request, dataHandler).map(Right(_))
+          handler.handleRequest(request, Some(clientCredential), dataHandler).map(Right(_))
         }
       }.recover {
         case e: OAuthError => Left(e)
@@ -31,7 +31,7 @@ trait TokenEndpoint {
       if (handler.clientCredentialRequired) {
         throw new InvalidRequest("Client credential is not found")
       } else {
-        handler.handleRequest(request, dataHandler).map(Right(_)).recover {
+        handler.handleRequest(request, None, dataHandler).map(Right(_)).recover {
           case e: OAuthError => Left(e)
         }
       }
diff --git a/scala-oauth2-core/src/test/scala/scalaoauth2/provider/AuthorizationCodeSpec.scala b/scala-oauth2-core/src/test/scala/scalaoauth2/provider/AuthorizationCodeSpec.scala
@@ -1,19 +1,17 @@
 package scalaoauth2.provider
 
-import org.scalatest._
 import org.scalatest.Matchers._
+import org.scalatest._
 import org.scalatest.concurrent.ScalaFutures
 
-import scala.concurrent.Await
-import scala.concurrent.duration._
 import scala.concurrent.Future
 
 class AuthorizationCodeSpec extends FlatSpec with ScalaFutures {
 
   it should "handle request" in {
-    val authorizationCode = new AuthorizationCode(new MockClientCredentialFetcher())
+    val authorizationCode = new AuthorizationCode()
     val request = AuthorizationRequest(Map(), Map("code" -> Seq("code1"), "redirect_uri" -> Seq("http://example.com/")))
-    val f = authorizationCode.handleRequest(request, new MockDataHandler() {
+    val f = authorizationCode.handleRequest(request, Some(ClientCredential("clientId1", "clientSecret1")), new MockDataHandler() {
 
       override def findAuthInfoByCode(code: String): Future[Option[AuthInfo[User]]] = Future.successful(Some(
         AuthInfo(user = MockUser(10000, "username"), clientId = Some("clientId1"), scope = Some("all"), redirectUri = Some("http://example.com/"))
@@ -32,9 +30,9 @@ class AuthorizationCodeSpec extends FlatSpec with ScalaFutures {
   }
 
   it should "handle request if redirectUrl is none" in {
-    val authorizationCode = new AuthorizationCode(new MockClientCredentialFetcher())
+    val authorizationCode = new AuthorizationCode()
     val request = AuthorizationRequest(Map(), Map("code" -> Seq("code1"), "redirect_uri" -> Seq("http://example.com/")))
-    val f = authorizationCode.handleRequest(request, new MockDataHandler() {
+    val f = authorizationCode.handleRequest(request, Some(ClientCredential("clientId1", "clientSecret1")), new MockDataHandler() {
 
       override def findAuthInfoByCode(code: String): Future[Option[AuthInfo[MockUser]]] = Future.successful(Some(
         AuthInfo(user = MockUser(10000, "username"), clientId = Some("clientId1"), scope = Some("all"), redirectUri = None)
@@ -51,10 +49,4 @@ class AuthorizationCodeSpec extends FlatSpec with ScalaFutures {
       result.scope should be (Some("all"))
     }
   }
-
-  class MockClientCredentialFetcher extends ClientCredentialFetcher {
-
-    override def fetch(request: AuthorizationRequest): Option[ClientCredential] = Some(ClientCredential("clientId1", "clientSecret1"))
-
-  }
 }
diff --git a/scala-oauth2-core/src/test/scala/scalaoauth2/provider/ClientCredentialsSpec.scala b/scala-oauth2-core/src/test/scala/scalaoauth2/provider/ClientCredentialsSpec.scala
@@ -1,19 +1,17 @@
 package scalaoauth2.provider
 
-import org.scalatest._
 import org.scalatest.Matchers._
+import org.scalatest._
 import org.scalatest.concurrent.ScalaFutures
 
-import scala.concurrent.Await
-import scala.concurrent.duration._
 import scala.concurrent.Future
 
 class ClientCredentialsSpec extends FlatSpec with ScalaFutures {
 
   it should "handle request" in {
-    val clientCredentials = new ClientCredentials(new MockClientCredentialFetcher())
+    val clientCredentials = new ClientCredentials()
     val request = AuthorizationRequest(Map(), Map("scope" -> Seq("all")))
-    val f = clientCredentials.handleRequest(request, new MockDataHandler() {
+    val f = clientCredentials.handleRequest(request, Some(ClientCredential("clientId1", "clientSecret1")), new MockDataHandler() {
 
       override def findClientUser(clientId: String, clientSecret: String, scope: Option[String]): Future[Option[User]] = Future.successful(Some(MockUser(10000, "username")))
 
@@ -28,10 +26,4 @@ class ClientCredentialsSpec extends FlatSpec with ScalaFutures {
       result.scope should be (Some("all"))
     }
   }
-
-  class MockClientCredentialFetcher extends ClientCredentialFetcher {
-
-    override def fetch(request: AuthorizationRequest): Option[ClientCredential] = Some(ClientCredential("clientId1", "clientSecret1"))
-
-  }
 }
diff --git a/scala-oauth2-core/src/test/scala/scalaoauth2/provider/PasswordSpec.scala b/scala-oauth2-core/src/test/scala/scalaoauth2/provider/PasswordSpec.scala
@@ -8,17 +8,17 @@ import scala.concurrent.Future
 
 class PasswordSpec extends FlatSpec with ScalaFutures {
 
-  val passwordClientCredReq = new Password(new MockClientCredentialFetcher())
-  val passwordNoClientCredReq = new Password(new MockClientCredentialFetcher()) {
+  val passwordClientCredReq = new Password()
+  val passwordNoClientCredReq = new Password() {
     override def clientCredentialRequired = false
   }
 
-  "Password when client credential required" should "handle request" in handlesRequest(passwordClientCredReq)
-  "Password when client credential not required" should "handle request" in handlesRequest(passwordNoClientCredReq)
+  "Password when client credential required" should "handle request" in handlesRequest(passwordClientCredReq, Some(ClientCredential("clientId1", "clientSecret1")))
+  "Password when client credential not required" should "handle request" in handlesRequest(passwordNoClientCredReq, None)
 
-  def handlesRequest(password: Password) = {
+  def handlesRequest(password: Password, clientCredential: Option[ClientCredential]) = {
     val request = AuthorizationRequest(Map(), Map("username" -> Seq("user"), "password" -> Seq("pass"), "scope" -> Seq("all")))
-    val f = password.handleRequest(request, new MockDataHandler() {
+    val f = password.handleRequest(request, clientCredential, new MockDataHandler() {
 
       override def findUser(username: String, password: String): Future[Option[User]] = Future.successful(Some(MockUser(10000, "username")))
 
@@ -34,10 +34,4 @@ class PasswordSpec extends FlatSpec with ScalaFutures {
       result.scope should be(Some("all"))
     }
   }
-
-  class MockClientCredentialFetcher extends ClientCredentialFetcher {
-
-    override def fetch(request: AuthorizationRequest): Option[ClientCredential] = Some(ClientCredential("clientId1", "clientSecret1"))
-
-  }
 }
diff --git a/scala-oauth2-core/src/test/scala/scalaoauth2/provider/RefreshTokenSpec.scala b/scala-oauth2-core/src/test/scala/scalaoauth2/provider/RefreshTokenSpec.scala
@@ -4,16 +4,14 @@ import org.scalatest.FlatSpec
 import org.scalatest.Matchers._
 import org.scalatest.concurrent.ScalaFutures
 
-import scala.concurrent.Await
-import scala.concurrent.duration._
 import scala.concurrent.Future
 
 class RefreshTokenSpec extends FlatSpec with ScalaFutures {
 
   it should "handle request" in {
-    val refreshToken = new RefreshToken(new MockClientCredentialFetcher())
+    val refreshToken = new RefreshToken()
     val request = AuthorizationRequest(Map(), Map("refresh_token" -> Seq("refreshToken1")))
-    val f = refreshToken.handleRequest(request, new MockDataHandler() {
+    val f = refreshToken.handleRequest(request, Some(ClientCredential("clientId1", "clientSecret1")), new MockDataHandler() {
 
       override def findAuthInfoByRefreshToken(refreshToken: String): Future[Option[AuthInfo[User]]] =
         Future.successful(Some(AuthInfo(user = MockUser(10000, "username"), clientId = Some("clientId1"), scope = None, redirectUri = None)))
@@ -30,10 +28,4 @@ class RefreshTokenSpec extends FlatSpec with ScalaFutures {
       result.scope should be (None)
     }
   }
-
-  class MockClientCredentialFetcher extends ClientCredentialFetcher {
-
-    override def fetch(request: AuthorizationRequest): Option[ClientCredential] = Some(ClientCredential("clientId1", "clientSecret1"))
-
-  }
 }
diff --git a/scala-oauth2-core/src/test/scala/scalaoauth2/provider/TokenEndPointSpec.scala b/scala-oauth2-core/src/test/scala/scalaoauth2/provider/TokenEndPointSpec.scala
@@ -100,7 +100,7 @@ class TokenEndPointSpec extends FlatSpec with ScalaFutures {
     )
 
     val dataHandler = successfulDataHandler()
-    val passwordNoCred = new Password(ClientCredentialFetcher) {
+    val passwordNoCred = new Password() {
       override def clientCredentialRequired = false
     }
     class MyTokenEndpoint extends TokenEndpoint {
@@ -165,7 +165,7 @@ class TokenEndPointSpec extends FlatSpec with ScalaFutures {
 
     object TestTokenEndpoint extends TokenEndpoint {
       override val handlers = Map(
-        "password" -> new Password(fetcher)
+        "password" -> new Password()
       )
     }
 

Original file line number	Diff line number	Diff line change
`@@ -135,7 +135,7 @@ type handler to not require client credentials:`
`135`	`135`
`136`	`136`	```scala
`137`	`137`	`class MyTokenEndpoint extends TokenEndpoint {`
`138`		`- val passwordNoCred = new Password(ClientCredentialFetcher) {`
	`138`	`+ val passwordNoCred = new Password() {`
`139`	`139`	`override def clientCredentialRequired = false`
`140`	`140`	`}`
`141`	`141`
Original file line number	Diff line number	Diff line change
`@@ -100,7 +100,7 @@ class TokenEndPointSpec extends FlatSpec with ScalaFutures {`
`100`	`100`	`)`
`101`	`101`
`102`	`102`	`val dataHandler = successfulDataHandler()`
`103`		`- val passwordNoCred = new Password(ClientCredentialFetcher) {`
	`103`	`+ val passwordNoCred = new Password() {`
`104`	`104`	`override def clientCredentialRequired = false`
`105`	`105`	`}`
`106`	`106`	`class MyTokenEndpoint extends TokenEndpoint {`
`@@ -165,7 +165,7 @@ class TokenEndPointSpec extends FlatSpec with ScalaFutures {`
`165`	`165`
`166`	`166`	`object TestTokenEndpoint extends TokenEndpoint {`
`167`	`167`	`override val handlers = Map(`
`168`		`- "password" -> new Password(fetcher)`
	`168`	`+ "password" -> new Password()`
`169`	`169`	`)`
`170`	`170`	`}`
`171`	`171`