Merge pull request #439 from wisemen-digital/bugfix/refactoring-authenticator

Bugfix/refactoring authenticator

Author: DanneD-Wisemen

data/networking/src/main/java/be/appwise/networking/interceptors/Authenticator.kt

@@ -2,10 +2,9 @@ package be.appwise.networking.interceptors
 
 import be.appwise.networking.NetworkConstants
 import be.appwise.networking.Networking
-import be.appwise.networking.NetworkingUtil
+import be.appwise.networking.NetworkingUtil.responseCount
 import be.appwise.networking.model.AccessToken
 import com.orhanobut.logger.Logger
-import kotlinx.coroutines.runBlocking
 import okhttp3.Authenticator
 import okhttp3.Request
 import okhttp3.Response
@@ -16,77 +15,95 @@ class Authenticator(
 ) : Authenticator {
     private var callsWithoutToken = 0
 
-    override fun authenticate(route: Route?, response: Response): Request? {
-        val request = response.request
-        Logger.t("Authenticator").d("Authenticate id: request: $request")
+    private fun extractBearerToken(authHeader: String?): String? {
+        return authHeader?.takeIf { it.startsWith("Bearer ", ignoreCase = true) }
+            ?.substring("Bearer ".length)
+    }
 
+    override fun authenticate(route: Route?, response: Response): Request? {
+        val originalRequest = response.request
+        val requestUrl = originalRequest.url
+        Logger.t("Authenticator").d("Authenticate triggered for $requestUrl")
 
-        // Get the current AccessToken
-        val accessToken = Networking.getAccessToken()?.access_token
+        val failedToken = extractBearerToken(
+            originalRequest.header(NetworkConstants.HEADER_KEY_AUTHORIZATION)
+        )
 
-        Logger.t("Authenticator").d("Accesstoken for $request token: $accessToken")
 
-        if (accessToken == null || accessToken.isEmpty()) {
+        if (failedToken.isNullOrEmpty()) {
             // just try the call without
 
             //TODO: there is still something wrong with the way we handle this...
             // Because the client is only created once in the application's lifecycle the counter is persisted...
             callsWithoutToken++
-            return if (callsWithoutToken >= 2) null else request
+            return if (callsWithoutToken >= 2) null else originalRequest
         }
 
         // This block tries to refresh the token and then retry the call with the new token
         // the 'synchronized' means that when other calls try to refresh the token as well they will wait until the first refresh happened
         //
         // Look at http://tutorials.jenkov.com/java-concurrency/synchronized.html for more information
         synchronized(this) {
-//            Logger.t("Authenticator").d("Synchronized, request: $request")
+            val threadId = Thread.currentThread().id
+            Logger.t("Authenticator").d("Synchronized [$threadId] Sync block entered for: $requestUrl")
 
-            // Get the current AccessToken, this might be different as the previous one because of the 'synchronized' method
-            val newToken = Networking.getAccessToken()
-
-            Logger.t("Authenticator").d("Synchronized, request: $request, newtoken: ${newToken?.access_token}")
+            val currentToken = Networking.getAccessToken()
+            val currentAccessToken = currentToken?.access_token
 
             // Check if the request was previously made as an authenticated request
-            if (response.request.header(NetworkConstants.HEADER_KEY_AUTHORIZATION) != null) {
-                // If the token has changed since the request was made, use the new token
-                if (newToken?.access_token != accessToken) {
-                    Logger.t("Authenticator").d("Same tokens")
-
-                    return request.newBuilder()
-                        .header(
-                            NetworkConstants.HEADER_KEY_AUTHORIZATION,
-                            "${newToken?.token_type} ${newToken?.access_token}"
-                        )
-                        .build()
-                }
-
-                // In case this is the first time this line gets hit refresh the AccessToken
-                val updatedToken = onRefreshToken(newToken.refresh_token ?: "")
-
-                Logger.t("Authenticator").d("Updated token: ${updatedToken?.access_token}")
-
-                if (updatedToken == null || NetworkingUtil.responseCount(response) >= 2) {
-                    // refresh failed , maybe you can logout user
-                    // returning null is critical here , because if you do not return null
-                    // it will try to refresh token continuously like 1000 times.
-                    // also you can try 2-3-4 times by depending you before logging out your user
-                    Networking.logout()
-                } else {
-                    // Refreshing the token worked, save the new one
-                    Networking.saveAccessToken(updatedToken)
-
-                    // Retry the request with the new token
-                    return request.newBuilder()
-                        .header(
-                            NetworkConstants.HEADER_KEY_AUTHORIZATION,
-                            "${updatedToken.token_type} ${updatedToken.access_token}"
-                        )
-                        .build()
-                }
+            if (response.request.header(NetworkConstants.HEADER_KEY_AUTHORIZATION) == null) return null
+
+            // If the token has changed since the request was made, use the new token
+            if (currentAccessToken != failedToken) {
+                Logger.t("Authenticator").i("[$threadId] Token already refreshed by another thread ($requestUrl). Current: $currentAccessToken, Failed with: $failedToken. Retrying with current token.")
+
+                return originalRequest.newBuilder()
+                    .header(
+                        NetworkConstants.HEADER_KEY_AUTHORIZATION,
+                        "${currentToken?.token_type} ${currentToken?.access_token}"
+                    )
+                    .build()
             }
-        }
 
-        return null
+            Logger.t("Authenticator").i("[$threadId] Token needs refresh ($requestUrl). Token that failed: $failedToken")
+
+            // check response count
+            if (responseCount(response) > 1) {
+                Logger.t("Authenticator").w("[$threadId] Retry limit (1 refresh attempt) reached for $requestUrl. Aborting refresh and logging out.")
+                Networking.logout()
+                return null
+            }
+
+            // check if we have a refresh token
+            val refreshToken = currentToken.refresh_token
+            if (refreshToken.isNullOrBlank()) {
+                Logger.t("Authenticator").e("[$threadId] No valid refresh token available for $requestUrl. Cannot refresh. Logging out.")
+                Networking.logout()
+                return null
+            }
+
+            val updatedToken = onRefreshToken(refreshToken)
+
+            if (updatedToken == null) {
+                // refresh failed , maybe you can logout user
+                // returning null is critical here , because if you do not return null
+                // it will try to refresh token continuously like 1000 times.
+                // also you can try 2-3-4 times by depending you before logging out your user
+                Logger.t("Authenticator").e("[$threadId] onRefreshToken failed for $requestUrl. Logging out.")
+                Networking.logout()
+                return null
+            } else {
+                Logger.t("Authenticator").i("[$threadId] Refresh SUCCESS for $requestUrl. Saving new token: ${updatedToken.access_token}. Retrying request.")
+                Networking.saveAccessToken(updatedToken)
+
+                // Retry the request with the new token
+                return originalRequest.newBuilder()
+                    .header(
+                        NetworkConstants.HEADER_KEY_AUTHORIZATION,
+                        "${updatedToken.token_type} ${updatedToken.access_token}"
+                    )
+                    .build()
+            }
+        }
     }
 }