cuoco-api/src/main/java/com/cuoco/application/usecase/AuthenticateUserUseCase.java at 4c3870650fff8c8eaedca4cd627cd80b40e2465d · adigio/cuoco-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
package com.cuoco.application.usecase;

import com.cuoco.application.exception.ForbiddenException;
import com.cuoco.application.exception.UnauthorizedException;
import com.cuoco.application.port.in.AuthenticateUserCommand;
import com.cuoco.application.port.out.GetUserByEmailRepository;
import com.cuoco.application.usecase.model.AuthenticatedUser;
import com.cuoco.application.usecase.model.User;
import com.cuoco.shared.model.ErrorDescription;
import com.cuoco.application.utils.JwtUtil;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

import java.util.Collections;

@Slf4j
@Component
public class AuthenticateUserUseCase implements AuthenticateUserCommand {

    static final String BEARER_PREFIX = "Bearer ";

    private final JwtUtil jwtUtil;
    private final GetUserByEmailRepository getUserByEmailRepository;

    public AuthenticateUserUseCase(JwtUtil jwtUtil, GetUserByEmailRepository getUserByEmailRepository) {
        this.jwtUtil = jwtUtil;
        this.getUserByEmailRepository = getUserByEmailRepository;
    }

    @Override
    public AuthenticatedUser execute(Command command) {

        log.info("Executing user authentication usecase");

        String authHeader = command.getAuthHeader();

        if (authHeader == null) {
            log.info("Auth header is not present");
            throw new UnauthorizedException(ErrorDescription.NO_AUTH_TOKEN.getValue());
        }

        if (!authHeader.startsWith(BEARER_PREFIX)) {
            log.info("Don't have a valid auth token");
            throw new UnauthorizedException(ErrorDescription.INVALID_CREDENTIALS.getValue());
        }

        String receivedJwt = authHeader.substring(7);
        String email = jwtUtil.extractEmail(receivedJwt);

        if (email == null || SecurityContextHolder.getContext().getAuthentication() != null) {
            log.info("Token is not valid: The email is not present.");
            throw new UnauthorizedException(ErrorDescription.INVALID_CREDENTIALS.getValue());
        }

        User user = getUserByEmailRepository.execute(email);

        if (user == null || !jwtUtil.validateToken(receivedJwt, user)) {
            log.info("Token or user with email {} are not valid or not exists", email);
            throw new UnauthorizedException(ErrorDescription.INVALID_CREDENTIALS.getValue());
        }

        if (user.getActive() != null && !user.getActive()) {
            log.info("User with email {} is not activated yet", email);
            throw new ForbiddenException(ErrorDescription.USER_NOT_ACTIVATED.getValue());
        }

        log.info("User authenticated with email {}", email);
        return buildAuthenticatedUser(user);
    }

    private AuthenticatedUser buildAuthenticatedUser(User user) {
        return new AuthenticatedUser(
                user,
                null,
                Collections.emptyList()
        );
    }
}