akka.http.scaladsl.model.headers.OAuth2BearerToken Scala Examples
The following examples show how to use akka.http.scaladsl.model.headers.OAuth2BearerToken.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
Example 1
| Source File: HTTPRequestAuth.scala From skuber with Apache License 2.0 | 6 votes |
|
package skuber.api.security
import akka.http.scaladsl.model.{HttpHeader, HttpRequest}
import akka.http.scaladsl.model.headers.{Authorization, BasicHttpCredentials, OAuth2BearerToken}
import skuber.api.client._
object HTTPRequestAuth {
def addAuth(request: HttpRequest, auth: AuthInfo) : HttpRequest = {
getAuthHeader(auth).map(request.addHeader).getOrElse(request)
}
def getAuthHeader(auth: AuthInfo) : Option[HttpHeader] = {
auth match {
case NoAuth | _: CertAuth => None
case BasicAuth(user, password) => Some(Authorization(BasicHttpCredentials(user,password)))
case auth: AccessTokenAuth => Some(Authorization(OAuth2BearerToken(auth.accessToken)))
}
}
}
Example 2
| Source File: Client.scala From akka-http-oauth2-client with Apache License 2.0 | 5 votes |
|
package com.github.dakatsuka.akka.http.oauth2.client
import akka.actor.ActorSystem
import akka.http.scaladsl.Http
import akka.http.scaladsl.model.headers.OAuth2BearerToken
import akka.http.scaladsl.model.{ HttpRequest, HttpResponse, Uri }
import akka.stream.Materializer
import akka.stream.scaladsl.{ Flow, Sink }
import com.github.dakatsuka.akka.http.oauth2.client.Error.UnauthorizedException
import com.github.dakatsuka.akka.http.oauth2.client.strategy.Strategy
import scala.concurrent.{ ExecutionContext, Future }
class Client(config: ConfigLike, connection: Option[Flow[HttpRequest, HttpResponse, _]] = None)(implicit system: ActorSystem)
extends ClientLike {
def getAuthorizeUrl[A <: GrantType](grant: A, params: Map[String, String] = Map.empty)(implicit s: Strategy[A]): Option[Uri] =
s.getAuthorizeUrl(config, params)
def getAccessToken[A <: GrantType](
grant: A,
params: Map[String, String] = Map.empty
)(implicit s: Strategy[A], ec: ExecutionContext, mat: Materializer): Future[Either[Throwable, AccessToken]] = {
val source = s.getAccessTokenSource(config, params)
source
.via(connection.getOrElse(defaultConnection))
.mapAsync(1)(handleError)
.mapAsync(1)(AccessToken.apply)
.runWith(Sink.head)
.map(Right.apply)
.recover {
case ex => Left(ex)
}
}
def getConnectionWithAccessToken(accessToken: AccessToken): Flow[HttpRequest, HttpResponse, _] =
Flow[HttpRequest]
.map(_.addCredentials(OAuth2BearerToken(accessToken.accessToken)))
.via(connection.getOrElse(defaultConnection))
private def defaultConnection: Flow[HttpRequest, HttpResponse, _] =
config.site.getScheme match {
case "http" => Http().outgoingConnection(config.getHost, config.getPort)
case "https" => Http().outgoingConnectionHttps(config.getHost, config.getPort)
}
private def handleError(response: HttpResponse)(implicit ec: ExecutionContext, mat: Materializer): Future[HttpResponse] = {
if (response.status.isFailure()) UnauthorizedException.fromHttpResponse(response).flatMap(Future.failed(_))
else Future.successful(response)
}
}
object Client {
def apply(config: ConfigLike)(implicit system: ActorSystem): Client =
new Client(config)
def apply(config: ConfigLike, connection: Flow[HttpRequest, HttpResponse, _])(implicit system: ActorSystem): Client =
new Client(config, Some(connection))
}
Example 3
| Source File: EventSource.scala From nexus with Apache License 2.0 | 5 votes |
|
package ch.epfl.bluebrain.nexus.kg.client
import java.util.UUID
import akka.NotUsed
import akka.actor.ActorSystem
import akka.http.scaladsl.Http
import akka.http.scaladsl.model.headers.OAuth2BearerToken
import akka.http.scaladsl.model.{HttpRequest, HttpResponse}
import akka.persistence.query.{NoOffset, Offset, Sequence, TimeBasedUUID}
import akka.stream.Materializer
import akka.stream.alpakka.sse.scaladsl.{EventSource => SSESource}
import akka.stream.scaladsl.Source
import ch.epfl.bluebrain.nexus.iam.auth.AccessToken
import ch.epfl.bluebrain.nexus.rdf.implicits._
import ch.epfl.bluebrain.nexus.rdf.Iri.AbsoluteIri
import com.typesafe.scalalogging.Logger
import io.circe.Decoder
import io.circe.parser.decode
import scala.concurrent.{ExecutionContext, Future}
import scala.util.Try
trait EventSource[A] {
def apply[A: Decoder](
config: KgClientConfig
)(implicit as: ActorSystem, mt: Materializer, ec: ExecutionContext): EventSource[A] =
new EventSource[A] {
private val logger = Logger[this.type]
private val http = Http()
private def addCredentials(request: HttpRequest)(implicit cred: Option[AccessToken]): HttpRequest =
cred.map(token => request.addCredentials(OAuth2BearerToken(token.value))).getOrElse(request)
private def send(request: HttpRequest)(implicit cred: Option[AccessToken]): Future[HttpResponse] =
http.singleRequest(addCredentials(request)).map { resp =>
if (!resp.status.isSuccess())
logger.warn(s"HTTP response when performing SSE request: status = '${resp.status}'")
resp
}
private def toOffset(id: String): Offset =
Try(TimeBasedUUID(UUID.fromString(id))).orElse(Try(Sequence(id.toLong))).getOrElse(NoOffset)
override def apply(iri: AbsoluteIri, offset: Option[String])(implicit
cred: Option[AccessToken]
): Source[(Offset, A), NotUsed] =
SSESource(iri.asAkka, send, offset, config.sseRetryDelay).flatMapConcat { sse =>
val offset = sse.id.map(toOffset).getOrElse(NoOffset)
decode[A](sse.data) match {
case Right(ev) => Source.single(offset -> ev)
case Left(err) =>
logger.error(s"Failed to decode admin event '$sse'", err)
Source.empty
}
}
}
}
Example 4
| Source File: AuthDirectives.scala From nexus with Apache License 2.0 | 5 votes |
|
package ch.epfl.bluebrain.nexus.service.directives
import akka.http.scaladsl.model.headers.OAuth2BearerToken
import akka.http.scaladsl.server.Directives._
import akka.http.scaladsl.server.directives.Credentials
import akka.http.scaladsl.server.directives.FutureDirectives.onComplete
import akka.http.scaladsl.server.{Directive0, Directive1}
import cats.implicits._
import ch.epfl.bluebrain.nexus.admin.exceptions.AdminError.AuthorizationFailed
import ch.epfl.bluebrain.nexus.iam.acls.{AccessControlLists, Acls}
import ch.epfl.bluebrain.nexus.iam.auth.AccessToken
import ch.epfl.bluebrain.nexus.iam.realms.Realms
import ch.epfl.bluebrain.nexus.iam.types.IamError.InvalidAccessToken
import ch.epfl.bluebrain.nexus.iam.types.{Caller, Permission}
import ch.epfl.bluebrain.nexus.kg.KgError.AuthenticationFailed
import ch.epfl.bluebrain.nexus.rdf.Iri.{AbsoluteIri, Path}
import ch.epfl.bluebrain.nexus.rdf.Iri.Path._
import ch.epfl.bluebrain.nexus.rdf.implicits._
import ch.epfl.bluebrain.nexus.service.config.ServiceConfig.HttpConfig
import ch.epfl.bluebrain.nexus.service.exceptions.ServiceError.InternalError
import com.typesafe.scalalogging.Logger
import monix.eval.Task
import monix.execution.Scheduler
import scala.concurrent.Future
import scala.util.{Failure, Success}
def extractCallerAcls(path: Path)(implicit c: Caller): Directive1[AccessControlLists] =
onComplete(acls.list(path, ancestors = true, self = true).runToFuture).flatMap {
case Success(AccessControlLists.empty) => failWith(AuthorizationFailed)
case Success(result) => provide(result)
case Failure(err) =>
val message = "Error when trying to check for permissions"
logger.error(message, err)
failWith(InternalError(message))
}
}
Example 5
| Source File: IdentitiesRoutesSpec.scala From nexus with Apache License 2.0 | 5 votes |
|
package ch.epfl.bluebrain.nexus.iam.routes
import akka.http.scaladsl.model.StatusCodes
import akka.http.scaladsl.model.headers.OAuth2BearerToken
import akka.http.scaladsl.testkit.ScalatestRouteTest
import ch.epfl.bluebrain.nexus.iam.acls.Acls
import ch.epfl.bluebrain.nexus.iam.auth.{AccessToken, TokenRejection}
import ch.epfl.bluebrain.nexus.iam.realms._
import ch.epfl.bluebrain.nexus.iam.testsyntax._
import ch.epfl.bluebrain.nexus.iam.types.Caller
import ch.epfl.bluebrain.nexus.iam.types.IamError.InvalidAccessToken
import ch.epfl.bluebrain.nexus.iam.types.Identity.{Anonymous, Authenticated, User}
import ch.epfl.bluebrain.nexus.service.config.Settings
import ch.epfl.bluebrain.nexus.service.marshallers.instances._
import ch.epfl.bluebrain.nexus.service.routes.Routes
import ch.epfl.bluebrain.nexus.util.Resources
import com.typesafe.config.{Config, ConfigFactory}
import io.circe.Json
import monix.eval.Task
import org.mockito.matchers.MacroBasedMatchers
import org.mockito.{IdiomaticMockito, Mockito}
import org.scalatest.BeforeAndAfter
import org.scalatest.concurrent.ScalaFutures
import org.scalatest.matchers.should.Matchers
import org.scalatest.wordspec.AnyWordSpecLike
import scala.concurrent.duration._
//noinspection TypeAnnotation
class IdentitiesRoutesSpec
extends AnyWordSpecLike
with Matchers
with ScalatestRouteTest
with BeforeAndAfter
with MacroBasedMatchers
with Resources
with ScalaFutures
with IdiomaticMockito {
implicit override def patienceConfig: PatienceConfig = PatienceConfig(3.seconds, 100.milliseconds)
override def testConfig: Config = ConfigFactory.load("test.conf")
private val config = Settings(system).serviceConfig
implicit private val http = config.http
private val realms: Realms[Task] = mock[Realms[Task]]
private val acls: Acls[Task] = mock[Acls[Task]]
before {
Mockito.reset(realms, acls)
}
"The IdentitiesRoutes" should {
val routes = Routes.wrap(new IdentitiesRoutes(acls, realms).routes)
"return forbidden" in {
val err = InvalidAccessToken(TokenRejection.InvalidAccessToken)
realms.caller(any[AccessToken]) shouldReturn Task.raiseError(err)
Get("/identities").addCredentials(OAuth2BearerToken("token")) ~> routes ~> check {
status shouldEqual StatusCodes.Unauthorized
}
}
"return anonymous" in {
realms.caller(any[AccessToken]) shouldReturn Task.pure(Caller.anonymous)
Get("/identities") ~> routes ~> check {
status shouldEqual StatusCodes.OK
responseAs[Json].sort shouldEqual jsonContentOf("/identities/anonymous.json")
}
}
"return all identities" in {
val user = User("theuser", "therealm")
val auth = Authenticated("therealm")
val caller = Caller(user, Set(user, Anonymous, auth))
realms.caller(any[AccessToken]) shouldReturn Task.pure(caller)
Get("/identities").addCredentials(OAuth2BearerToken("token")) ~> routes ~> check {
status shouldEqual StatusCodes.OK
responseAs[Json].sort shouldEqual jsonContentOf("/identities/identities.json")
}
}
}
}
Example 6
| Source File: AuthDirectives.scala From nexus with Apache License 2.0 | 5 votes |
|
package ch.epfl.bluebrain.nexus.storage.routes
import akka.http.scaladsl.model.StatusCodes
import akka.http.scaladsl.model.headers.OAuth2BearerToken
import akka.http.scaladsl.server.Directive1
import akka.http.scaladsl.server.Directives._
import akka.http.scaladsl.server.directives.FutureDirectives.onComplete
import ch.epfl.bluebrain.nexus.storage.IamIdentitiesClient
import ch.epfl.bluebrain.nexus.storage.IamIdentitiesClient.{AccessToken, Caller}
import ch.epfl.bluebrain.nexus.storage.IamIdentitiesClientError.IdentitiesClientStatusError
import ch.epfl.bluebrain.nexus.storage.StorageError._
import com.typesafe.scalalogging.Logger
import monix.eval.Task
import monix.execution.Scheduler.Implicits.global
import scala.util.{Failure, Success}
object AuthDirectives {
private val logger = Logger[this.type]
def extractCaller(implicit identities: IamIdentitiesClient[Task], token: Option[AccessToken]): Directive1[Caller] =
onComplete(identities().runToFuture).flatMap {
case Success(caller) => provide(caller)
case Failure(IdentitiesClientStatusError(StatusCodes.Unauthorized, _)) => failWith(AuthenticationFailed)
case Failure(IdentitiesClientStatusError(StatusCodes.Forbidden, _)) => failWith(AuthorizationFailed)
case Failure(err) =>
val message = "Error when trying to extract the subject"
logger.error(message, err)
failWith(InternalError(message))
}
}
Example 7
| Source File: IamIdentitiesClient.scala From nexus with Apache License 2.0 | 5 votes |
|
package ch.epfl.bluebrain.nexus.storage
import akka.actor.ActorSystem
import akka.http.scaladsl.Http
import akka.http.scaladsl.client.RequestBuilding.Get
import akka.http.scaladsl.model.HttpRequest
import akka.http.scaladsl.model.headers.OAuth2BearerToken
import akka.http.scaladsl.unmarshalling.FromEntityUnmarshaller
import akka.util.ByteString
import cats.effect.{ContextShift, Effect, IO}
import cats.implicits._
import ch.epfl.bluebrain.nexus.rdf.implicits._
import ch.epfl.bluebrain.nexus.storage.IamIdentitiesClient.Identity._
import ch.epfl.bluebrain.nexus.storage.IamIdentitiesClient._
import ch.epfl.bluebrain.nexus.storage.IamIdentitiesClientError.IdentitiesSerializationError
import ch.epfl.bluebrain.nexus.storage.config.IamClientConfig
import de.heikoseeberger.akkahttpcirce.ErrorAccumulatingCirceSupport.{DecodingFailures => AccDecodingFailures}
import io.circe.Decoder.Result
import io.circe.{Decoder, DecodingFailure, HCursor}
import scala.concurrent.ExecutionContext
class IamIdentitiesClient[F[_]](config: IamClientConfig)(implicit F: Effect[F], as: ActorSystem)
extends JsonLdCirceSupport {
private val um: FromEntityUnmarshaller[Caller] = unmarshaller[Caller]
implicit private val ec: ExecutionContext = as.dispatcher
implicit private val contextShift: ContextShift[IO] = IO.contextShift(ec)
def apply()(implicit credentials: Option[AccessToken]): F[Caller] =
credentials match {
case Some(token) => execute(Get(config.identitiesIri.asAkka).addCredentials(OAuth2BearerToken(token.value)))
case None => F.pure(Caller.anonymous)
}
private def execute(req: HttpRequest): F[Caller] = {
IO.fromFuture(IO(Http().singleRequest(req))).to[F].flatMap { resp =>
if (resp.status.isSuccess())
IO.fromFuture(IO(um(resp.entity))).to[F].recoverWith {
case err: AccDecodingFailures => F.raiseError(IdentitiesSerializationError(err.getMessage))
case err: Error => F.raiseError(IdentitiesSerializationError(err.getMessage))
}
else
IO.fromFuture(IO(resp.entity.dataBytes.runFold(ByteString(""))(_ ++ _).map(_.utf8String)))
.to[F]
.flatMap { err => F.raiseError(IamIdentitiesClientError.unsafe(resp.status, err)) }
}
}
}
object IamIdentitiesClient {
final case class Authenticated(realm: String) extends Identity
private def decodeAnonymous(hc: HCursor): Result[Subject] =
hc.get[String]("@type").flatMap {
case "Anonymous" => Right(Anonymous)
case _ => Left(DecodingFailure("Cannot decode Anonymous Identity", hc.history))
}
private def decodeUser(hc: HCursor): Result[Subject] =
(hc.get[String]("subject"), hc.get[String]("realm")).mapN {
case (subject, realm) => User(subject, realm)
}
private def decodeGroup(hc: HCursor): Result[Identity] =
(hc.get[String]("group"), hc.get[String]("realm")).mapN {
case (group, realm) => Group(group, realm)
}
private def decodeAuthenticated(hc: HCursor): Result[Identity] =
hc.get[String]("realm").map(Authenticated)
private val attempts =
List[HCursor => Result[Identity]](decodeAnonymous, decodeUser, decodeGroup, decodeAuthenticated)
implicit val identityDecoder: Decoder[Identity] =
Decoder.instance { hc =>
attempts.foldLeft(Left(DecodingFailure("Unexpected", hc.history)): Result[Identity]) {
case (acc @ Right(_), _) => acc
case (_, f) => f(hc)
}
}
}
}
Example 8
| Source File: Auth0.scala From graphcool-framework with Apache License 2.0 | 5 votes |
|
package cool.graph.system.externalServices
import akka.actor.ActorSystem
import akka.http.scaladsl.Http
import akka.http.scaladsl.model._
import akka.http.scaladsl.model.headers.OAuth2BearerToken
import akka.stream.ActorMaterializer
import com.typesafe.config.Config
import scaldi.{Injectable, Injector}
import scala.concurrent.ExecutionContext.Implicits.global
import scala.concurrent.Future
case class Auth0ApiUpdateValues(email: Option[String])
trait Auth0Api {
def updateClient(auth0Id: String, values: Auth0ApiUpdateValues): Future[Boolean]
}
class Auth0ApiMock extends Auth0Api {
var lastUpdate: Option[(String, Auth0ApiUpdateValues)] = None
override def updateClient(auth0Id: String, values: Auth0ApiUpdateValues): Future[Boolean] = {
lastUpdate = Some((auth0Id, values))
Future.successful(true)
}
}
class Auth0ApiImplementation(implicit inj: Injector) extends Auth0Api with Injectable {
override def updateClient(auth0Id: String, values: Auth0ApiUpdateValues): Future[Boolean] = {
implicit val system = inject[ActorSystem](identified by "actorSystem")
implicit val materializer =
inject[ActorMaterializer](identified by "actorMaterializer")
val config = inject[Config](identified by "config")
val auth0Domain = config.getString("auth0Domain")
val auth0ApiToken = config.getString("auth0ApiToken")
Http()
.singleRequest(
HttpRequest(
uri = s"https://${auth0Domain}/api/v2/users/${auth0Id}",
method = HttpMethods.PATCH,
entity = HttpEntity(contentType = ContentTypes.`application/json`, string = s"""{"email":"${values.email.get}"}""")
).addCredentials(OAuth2BearerToken(auth0ApiToken)))
.map(_.status.intValue match {
case 200 => true
case _ => false
})
}
}
Example 9
| Source File: EventSource.scala From nexus-iam with Apache License 2.0 | 5 votes |
|
package ch.epfl.bluebrain.nexus.iam.client
import akka.NotUsed
import akka.actor.ActorSystem
import akka.http.scaladsl.Http
import akka.http.scaladsl.model.headers.OAuth2BearerToken
import akka.http.scaladsl.model.{HttpRequest, HttpResponse}
import akka.stream.Materializer
import akka.stream.alpakka.sse.scaladsl.{EventSource => SSESource}
import akka.stream.scaladsl.Source
import ch.epfl.bluebrain.nexus.iam.client.config.IamClientConfig
import ch.epfl.bluebrain.nexus.iam.client.types.AuthToken
import ch.epfl.bluebrain.nexus.rdf.Iri.AbsoluteIri
import ch.epfl.bluebrain.nexus.rdf.implicits._
import com.typesafe.scalalogging.Logger
import io.circe.Decoder
import io.circe.parser.decode
import scala.concurrent.{ExecutionContext, Future}
trait EventSource[A] {
def apply[A: Decoder](
config: IamClientConfig
)(implicit as: ActorSystem, mt: Materializer, ec: ExecutionContext): EventSource[A] =
new EventSource[A] {
private val logger = Logger[this.type]
private val http = Http()
private def addCredentials(request: HttpRequest)(implicit cred: Option[AuthToken]): HttpRequest =
cred.map(token => request.addCredentials(OAuth2BearerToken(token.value))).getOrElse(request)
private def send(request: HttpRequest)(implicit cred: Option[AuthToken]): Future[HttpResponse] =
http.singleRequest(addCredentials(request)).map { resp =>
if (!resp.status.isSuccess())
logger.warn(s"HTTP response when performing SSE request: status = '${resp.status}'")
resp
}
override def apply(iri: AbsoluteIri, offset: Option[String])(
implicit cred: Option[AuthToken]
): Source[A, NotUsed] =
SSESource(iri.asAkka, send, offset, config.sseRetryDelay).flatMapConcat { sse =>
decode[A](sse.data) match {
case Right(ev) => Source.single(ev)
case Left(err) =>
logger.error(s"Failed to decode admin event '$sse'", err)
Source.empty
}
}
}
}
Example 10
| Source File: AuthDirectives.scala From nexus-iam with Apache License 2.0 | 5 votes |
|
package ch.epfl.bluebrain.nexus.iam.directives
import akka.http.scaladsl.model.headers.OAuth2BearerToken
import akka.http.scaladsl.server.Directives._
import akka.http.scaladsl.server.directives.Credentials
import akka.http.scaladsl.server.{Directive0, Directive1}
import cats.implicits._
import ch.epfl.bluebrain.nexus.rdf.implicits._
import ch.epfl.bluebrain.nexus.iam.acls.Acls
import ch.epfl.bluebrain.nexus.iam.auth.AccessToken
import ch.epfl.bluebrain.nexus.iam.config.AppConfig.HttpConfig
import ch.epfl.bluebrain.nexus.iam.realms.Realms
import ch.epfl.bluebrain.nexus.iam.types.IamError.AccessDenied
import ch.epfl.bluebrain.nexus.iam.types.{Caller, Permission}
import ch.epfl.bluebrain.nexus.rdf.Iri.{AbsoluteIri, Path}
import monix.eval.Task
import monix.execution.Scheduler
import scala.concurrent.Future
object AuthDirectives {
def authorizeFor(permission: Permission)(
implicit
acls: Acls[Task],
s: Scheduler,
c: Caller,
hc: HttpConfig
): Directive0 =
extractResourceAddress.flatMap { address =>
onSuccess {
acls
.hasPermission(Path./, permission, ancestors = false)
.ifM(Task.unit, Task.raiseError(AccessDenied(address, permission)))
.runToFuture
}
}
}
Example 11
| Source File: IdentitiesRoutesSpec.scala From nexus-iam with Apache License 2.0 | 5 votes |
|
package ch.epfl.bluebrain.nexus.iam.routes
import akka.http.scaladsl.model.StatusCodes
import akka.http.scaladsl.model.headers.OAuth2BearerToken
import akka.http.scaladsl.testkit.ScalatestRouteTest
import ch.epfl.bluebrain.nexus.commons.test.Resources
import ch.epfl.bluebrain.nexus.iam.auth.{AccessToken, TokenRejection}
import ch.epfl.bluebrain.nexus.iam.config.{AppConfig, Settings}
import ch.epfl.bluebrain.nexus.iam.marshallers.instances._
import ch.epfl.bluebrain.nexus.iam.realms._
import ch.epfl.bluebrain.nexus.iam.testsyntax._
import ch.epfl.bluebrain.nexus.iam.types.Caller
import ch.epfl.bluebrain.nexus.iam.types.IamError.InvalidAccessToken
import ch.epfl.bluebrain.nexus.iam.types.Identity.{Anonymous, Authenticated, User}
import com.typesafe.config.{Config, ConfigFactory}
import io.circe.Json
import monix.eval.Task
import org.mockito.matchers.MacroBasedMatchers
import org.mockito.{IdiomaticMockito, Mockito}
import org.scalatest.BeforeAndAfter
import org.scalatest.concurrent.ScalaFutures
import org.scalatest.matchers.should.Matchers
import org.scalatest.wordspec.AnyWordSpecLike
import scala.concurrent.duration._
//noinspection TypeAnnotation
class IdentitiesRoutesSpec
extends AnyWordSpecLike
with Matchers
with ScalatestRouteTest
with BeforeAndAfter
with MacroBasedMatchers
with Resources
with ScalaFutures
with IdiomaticMockito {
override implicit def patienceConfig: PatienceConfig = PatienceConfig(3.seconds, 100.milliseconds)
override def testConfig: Config = ConfigFactory.load("test.conf")
private val appConfig: AppConfig = Settings(system).appConfig
private implicit val http = appConfig.http
private val realms: Realms[Task] = mock[Realms[Task]]
before {
Mockito.reset(realms)
}
"The IdentitiesRoutes" should {
val routes = Routes.wrap(new IdentitiesRoutes(realms).routes)
"return forbidden" in {
val err = InvalidAccessToken(TokenRejection.InvalidAccessToken)
realms.caller(any[AccessToken]) shouldReturn Task.raiseError(err)
Get("/identities").addCredentials(OAuth2BearerToken("token")) ~> routes ~> check {
status shouldEqual StatusCodes.Unauthorized
}
}
"return anonymous" in {
realms.caller(any[AccessToken]) shouldReturn Task.pure(Caller.anonymous)
Get("/identities") ~> routes ~> check {
status shouldEqual StatusCodes.OK
responseAs[Json].sort shouldEqual jsonContentOf("/identities/anonymous.json")
}
}
"return all identities" in {
val user = User("theuser", "therealm")
val auth = Authenticated("therealm")
val caller = Caller(user, Set(user, Anonymous, auth))
realms.caller(any[AccessToken]) shouldReturn Task.pure(caller)
Get("/identities").addCredentials(OAuth2BearerToken("token")) ~> routes ~> check {
status shouldEqual StatusCodes.OK
responseAs[Json].sort shouldEqual jsonContentOf("/identities/identities.json")
}
}
}
}
Example 12
| Source File: AuthDirectives.scala From nexus-kg with Apache License 2.0 | 5 votes |
|
package ch.epfl.bluebrain.nexus.kg.directives
import akka.http.scaladsl.model.headers.OAuth2BearerToken
import akka.http.scaladsl.server.Directives._
import akka.http.scaladsl.server.directives.FutureDirectives.onComplete
import akka.http.scaladsl.server.{Directive0, Directive1}
import ch.epfl.bluebrain.nexus.admin.client.types.Project
import ch.epfl.bluebrain.nexus.iam.client.types._
import ch.epfl.bluebrain.nexus.iam.client.{IamClient, IamClientError}
import ch.epfl.bluebrain.nexus.kg.KgError.{AuthenticationFailed, AuthorizationFailed, InternalError}
import ch.epfl.bluebrain.nexus.kg.resources.syntax._
import com.typesafe.scalalogging.Logger
import monix.eval.Task
import monix.execution.Scheduler.Implicits.global
import scala.util.{Failure, Success}
object AuthDirectives {
private val logger = Logger[this.type]
def extractCaller(implicit iam: IamClient[Task], token: Option[AuthToken]): Directive1[Caller] =
onComplete(iam.identities.runToFuture).flatMap {
case Success(caller) => provide(caller)
case Failure(_: IamClientError.Unauthorized) => failWith(AuthenticationFailed)
case Failure(_: IamClientError.Forbidden) => failWith(AuthorizationFailed)
case Failure(err) =>
val message = "Error when trying to extract the subject"
logger.error(message, err)
failWith(InternalError(message))
}
}
Example 13
| Source File: EventSource.scala From nexus-kg with Apache License 2.0 | 5 votes |
|
package ch.epfl.bluebrain.nexus.kg.client
import java.util.UUID
import akka.NotUsed
import akka.actor.ActorSystem
import akka.http.scaladsl.Http
import akka.http.scaladsl.model.headers.OAuth2BearerToken
import akka.http.scaladsl.model.{HttpRequest, HttpResponse}
import akka.persistence.query.{NoOffset, Offset, Sequence, TimeBasedUUID}
import akka.stream.Materializer
import akka.stream.alpakka.sse.scaladsl.{EventSource => SSESource}
import akka.stream.scaladsl.Source
import ch.epfl.bluebrain.nexus.rdf.implicits._
import ch.epfl.bluebrain.nexus.iam.client.types.AuthToken
import ch.epfl.bluebrain.nexus.rdf.Iri.AbsoluteIri
import com.typesafe.scalalogging.Logger
import io.circe.Decoder
import io.circe.parser.decode
import scala.concurrent.{ExecutionContext, Future}
import scala.util.Try
trait EventSource[A] {
def apply[A: Decoder](
config: KgClientConfig
)(implicit as: ActorSystem, mt: Materializer, ec: ExecutionContext): EventSource[A] =
new EventSource[A] {
private val logger = Logger[this.type]
private val http = Http()
private def addCredentials(request: HttpRequest)(implicit cred: Option[AuthToken]): HttpRequest =
cred.map(token => request.addCredentials(OAuth2BearerToken(token.value))).getOrElse(request)
private def send(request: HttpRequest)(implicit cred: Option[AuthToken]): Future[HttpResponse] =
http.singleRequest(addCredentials(request)).map { resp =>
if (!resp.status.isSuccess())
logger.warn(s"HTTP response when performing SSE request: status = '${resp.status}'")
resp
}
private def toOffset(id: String): Offset =
Try(TimeBasedUUID(UUID.fromString(id))).orElse(Try(Sequence(id.toLong))).getOrElse(NoOffset)
override def apply(iri: AbsoluteIri, offset: Option[String])(
implicit cred: Option[AuthToken]
): Source[(Offset, A), NotUsed] =
SSESource(iri.asAkka, send, offset, config.sseRetryDelay).flatMapConcat { sse =>
val offset = sse.id.map(toOffset).getOrElse(NoOffset)
decode[A](sse.data) match {
case Right(ev) => Source.single(offset -> ev)
case Left(err) =>
logger.error(s"Failed to decode admin event '$sse'", err)
Source.empty
}
}
}
}
