Add request/auth package to Nomulus release

------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=147087621
2025-05-13 07:57:13 +02:00 · 2017-02-09 15:11:17 -08:00 · 2017-02-09 15:11:17 -08:00 · dc66cef8ae
commit dc66cef8ae
parent c41f5bb31c
13 changed files with 808 additions and 1 deletions
--- a/java/google/registry/request/auth/RequestAuthenticator.java
+++ b/java/google/registry/request/auth/RequestAuthenticator.java
@ -0,0 +1,171 @@
+// Copyright 2017 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.request.auth;
+
+import static com.google.common.base.Preconditions.checkArgument;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Optional;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.Ordering;
+import google.registry.util.FormattingLogger;
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+
+/** Top-level authentication/authorization class; calls authentication mechanisms as needed. */
+public class RequestAuthenticator {
+
+  private final AppEngineInternalAuthenticationMechanism appEngineInternalAuthenticationMechanism;
+  private final ImmutableList<AuthenticationMechanism> apiAuthenticationMechanisms;
+  private final LegacyAuthenticationMechanism legacyAuthenticationMechanism;
+
+  private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();
+
+  @VisibleForTesting
+  @Inject
+  public RequestAuthenticator(
+      AppEngineInternalAuthenticationMechanism appEngineInternalAuthenticationMechanism,
+      ImmutableList<AuthenticationMechanism> apiAuthenticationMechanisms,
+      LegacyAuthenticationMechanism legacyAuthenticationMechanism) {
+    this.appEngineInternalAuthenticationMechanism = appEngineInternalAuthenticationMechanism;
+    this.apiAuthenticationMechanisms = apiAuthenticationMechanisms;
+    this.legacyAuthenticationMechanism = legacyAuthenticationMechanism;
+  }
+
+  /**
+   * Attempts to authenticate and authorize the user, according to the settings of the action.
+   *
+   * @param auth the auth settings of the action, which determine what authentication and
+   *     authorization are allowed
+   * @param req the {@link HttpServletRequest}; some authentication mechanisms use HTTP headers
+   * @return an authentication result if authentication/authorization was successful, or absent() if
+   *     not; authentication can be "successful" even without any authentication if the action's
+   *     auth settings are set to NONE -- in this case, NOT_AUTHENTICATED is returned
+   */
+  public Optional<AuthResult> authorize(Auth auth, HttpServletRequest req) {
+    logger.infofmt("Action requires auth: %s", auth);
+    AuthResult authResult = authenticate(auth, req);
+    switch (auth.minimumLevel()) {
+      case NONE:
+        // Any authentication result is ok.
+        break;
+      case APP:
+        if (!authResult.isAuthenticated()) {
+          logger.info("Not authorized; no authentication found");
+          return Optional.absent();
+        }
+        break;
+      case USER:
+        if (authResult.authLevel() != AuthLevel.USER) {
+          logger.info("Not authorized; no authenticated user");
+          return Optional.absent();
+        }
+        break;
+    }
+    switch (auth.userPolicy()) {
+      case IGNORED:
+        if (authResult.authLevel() == AuthLevel.USER) {
+          logger.info("Not authorized; user policy is IGNORED, but a user was found");
+          return Optional.absent();
+        }
+        break;
+      case PUBLIC:
+        // Any user auth result is okay.
+        break;
+      case ADMIN:
+        if (authResult.userAuthInfo().isPresent()
+            && !authResult.userAuthInfo().get().isUserAdmin()) {
+          logger.info("Not authorized; user policy is ADMIN, but the user was not an admin");
+          return Optional.absent();
+        }
+        break;
+    }
+    logger.info("Authorized");
+    return Optional.of(authResult);
+  }
+
+  /**
+   * Attempts to authenticate the user, according to the settings of the action.
+   *
+   * @param auth the auth settings of the action, which determine what authentication is allowed
+   * @param req the {@link HttpServletRequest}; some authentication mechanisms use HTTP headers
+   * @return an authentication result; if no authentication was made, returns NOT_AUTHENTICATED
+   */
+  private AuthResult authenticate(Auth auth, HttpServletRequest req) {
+    checkAuthConfig(auth);
+    for (Auth.AuthMethod authMethod : auth.methods()) {
+      switch (authMethod) {
+        // App Engine internal authentication, using the queue name header
+        case INTERNAL:
+          logger.info("Checking internal auth");
+          // INTERNAL should be skipped if a user is required.
+          if (auth.minimumLevel() != AuthLevel.USER) {
+            AuthResult authResult = appEngineInternalAuthenticationMechanism.authenticate(req);
+            if (authResult.isAuthenticated()) {
+              logger.infofmt("Authenticated: %s", authResult);
+              return authResult;
+            }
+          }
+          break;
+        // API-based user authentication mechanisms, such as OAuth
+        case API:
+          // checkAuthConfig will have insured that the user policy is not IGNORED.
+          for (AuthenticationMechanism authMechanism : apiAuthenticationMechanisms) {
+            logger.infofmt("Checking %s", authMechanism);
+            AuthResult authResult = authMechanism.authenticate(req);
+            if (authResult.isAuthenticated()) {
+              logger.infofmt("Authenticated: %s", authResult);
+              return authResult;
+            }
+          }
+          break;
+        // Legacy authentication via UserService
+        case LEGACY:
+          // checkAuthConfig will have insured that the user policy is not IGNORED.
+          logger.info("Checking legacy auth");
+          AuthResult authResult = legacyAuthenticationMechanism.authenticate(req);
+          if (authResult.isAuthenticated()) {
+            logger.infofmt("Authenticated: %s", authResult);
+            return authResult;
+          }
+          break;
+      }
+    }
+    logger.info("No authentication found");
+    return AuthResult.NOT_AUTHENTICATED;
+  }
+
+  /** Validates an Auth object, checking for invalid setting combinations. */
+  void checkAuthConfig(Auth auth) {
+    ImmutableList<Auth.AuthMethod> authMethods = ImmutableList.copyOf(auth.methods());
+    checkArgument(!authMethods.isEmpty(), "Must specify at least one auth method");
+    checkArgument(
+        Ordering.explicit(Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API, Auth.AuthMethod.LEGACY)
+            .isStrictlyOrdered(authMethods),
+        "Auth methods must be strictly in order - INTERNAL, API, LEGACY");
+    checkArgument(
+        authMethods.contains(Auth.AuthMethod.INTERNAL),
+        "Auth method INTERNAL must always be specified, and as the first auth method");
+    if (authMethods.equals(ImmutableList.of(Auth.AuthMethod.INTERNAL))) {
+      checkArgument(
+          !auth.minimumLevel().equals(AuthLevel.USER),
+          "Actions with only INTERNAL auth may not require USER auth level");
+    } else {
+      checkArgument(
+          !auth.userPolicy().equals(Auth.UserPolicy.IGNORED),
+          "Actions with auth methods beyond INTERNAL must not specify the IGNORED user policy");
+    }
+  }
+}