Merge pull request #25 from dbalduini/play-2.2.x

Fix: Async DataHandler #23

Author: tsuyoshizawa

play2-oauth2-provider/src/main/scala/scalaoauth2/provider/OAuth2Provider.scala

@@ -2,7 +2,11 @@ package scalaoauth2.provider
 
 import play.api.mvc._
 import play.api.libs.json._
+import scala.concurrent.Await
+import scala.concurrent.Future
+import scala.concurrent.ExecutionContext.Implicits.global
 import scala.language.implicitConversions
+import scala.concurrent.duration._
 
 /**
  * Basic OAuth2 provider trait.
@@ -110,12 +114,16 @@ trait OAuth2Provider extends OAuth2BaseProvider {
    * @return Request is successful then return JSON to client in OAuth 2.0 format.
    *         Request is failed then return BadRequest or Unauthorized status to client with cause into the JSON.
    */
-  def issueAccessToken[A, U](dataHandler: DataHandler[U])(implicit request: play.api.mvc.Request[A]): SimpleResult = {
-    TokenEndpoint.handleRequest(request, dataHandler) match {
-      case Left(e) if e.statusCode == 400 => BadRequest(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e))
-      case Left(e) if e.statusCode == 401 => Unauthorized(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e))
-      case Right(r) => Ok(Json.toJson(responseAccessToken(r))).withHeaders("Cache-Control" -> "no-store", "Pragma" -> "no-cache")
+  def issueAccessToken[A, U](dataHandler: DataHandler[U], timeout: Duration = 60.seconds)(implicit request: Request[A]): Result = {
+    val f = TokenEndpoint.handleRequest(request, dataHandler).map { requestResult =>
+      requestResult match {
+        case Left(e) if e.statusCode == 400 => BadRequest(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e))
+        case Left(e) if e.statusCode == 401 => Unauthorized(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e))
+        case Right(r) => Ok(Json.toJson(responseAccessToken(r))).withHeaders("Cache-Control" -> "no-store", "Pragma" -> "no-cache")
+      }
     }
+
+    Await.result(f, timeout)
   }
 
   /**
@@ -128,12 +136,16 @@ trait OAuth2Provider extends OAuth2BaseProvider {
    * @return Authentication is successful then the response use your API result.
    *         Authentication is failed then return BadRequest or Unauthorized status to client with cause into the JSON.
    */
-  def authorize[A, U](dataHandler: DataHandler[U])(callback: AuthInfo[U] => SimpleResult)(implicit request: play.api.mvc.Request[A]): SimpleResult = {
-    ProtectedResource.handleRequest(request, dataHandler) match {
-      case Left(e) if e.statusCode == 400 => BadRequest.withHeaders(responseOAuthErrorHeader(e))
-      case Left(e) if e.statusCode == 401 => Unauthorized.withHeaders(responseOAuthErrorHeader(e))
-      case Right(authInfo) => callback(authInfo)
+  def authorize[A, U](dataHandler: DataHandler[U], timeout: Duration = 60.seconds)(callback: AuthInfo[U] => Result)(implicit request: Request[A]): Result = {
+    val f = ProtectedResource.handleRequest(request, dataHandler).map { requestResult =>
+      requestResult match {
+        case Left(e) if e.statusCode == 400 => BadRequest.withHeaders(responseOAuthErrorHeader(e))
+        case Left(e) if e.statusCode == 401 => Unauthorized.withHeaders(responseOAuthErrorHeader(e))
+        case Right(authInfo) => callback(authInfo)
+      }
     }
+
+    Await.result(f, timeout)
   }
 
 }
@@ -170,8 +182,6 @@ trait OAuth2Provider extends OAuth2BaseProvider {
  */
 trait OAuth2AsyncProvider extends OAuth2BaseProvider {
 
-  import scala.concurrent.Future
-
   /**
    * Issue access token in DataHandler process and return the response to client.
    *
@@ -181,11 +191,13 @@ trait OAuth2AsyncProvider extends OAuth2BaseProvider {
    * @return Request is successful then return JSON to client in OAuth 2.0 format.
    *         Request is failed then return BadRequest or Unauthorized status to client with cause into the JSON.
    */
-  def issueAccessToken[A, U](dataHandler: DataHandler[U])(implicit request: play.api.mvc.Request[A]): Future[SimpleResult] = {
-    TokenEndpoint.handleRequest(request, dataHandler) match {
-      case Left(e) if e.statusCode == 400 => Future.successful(BadRequest(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e)))
-      case Left(e) if e.statusCode == 401 => Future.successful(Unauthorized(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e)))
-      case Right(r) => Future.successful(Ok(Json.toJson(responseAccessToken(r))).withHeaders("Cache-Control" -> "no-store", "Pragma" -> "no-cache"))
+  def issueAccessToken[A, U](dataHandler: DataHandler[U])(implicit request: Request[A]): Future[SimpleResult] = {
+    TokenEndpoint.handleRequest(request, dataHandler).map { requestResult =>
+      requestResult match {
+        case Left(e) if e.statusCode == 400 => BadRequest(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e))
+        case Left(e) if e.statusCode == 401 => Unauthorized(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e))
+        case Right(r) => Ok(Json.toJson(responseAccessToken(r))).withHeaders("Cache-Control" -> "no-store", "Pragma" -> "no-cache")
+      }
     }
   }
 
@@ -199,12 +211,14 @@ trait OAuth2AsyncProvider extends OAuth2BaseProvider {
    * @return Authentication is successful then the response use your API result.
    *         Authentication is failed then return BadRequest or Unauthorized status to client with cause into the JSON.
    */
-  def authorize[A, U](dataHandler: DataHandler[U])(callback: AuthInfo[U] => Future[SimpleResult])(implicit request: play.api.mvc.Request[A]): Future[SimpleResult] = {
-    ProtectedResource.handleRequest(request, dataHandler) match {
-      case Left(e) if e.statusCode == 400 => Future.successful(BadRequest.withHeaders(responseOAuthErrorHeader(e)))
-      case Left(e) if e.statusCode == 401 => Future.successful(Unauthorized.withHeaders(responseOAuthErrorHeader(e)))
-      case Right(authInfo) => callback(authInfo)
+  def authorize[A, U](dataHandler: DataHandler[U])(callback: AuthInfo[U] => Future[SimpleResult])(implicit request: Request[A]): Future[SimpleResult] = {
+    ProtectedResource.handleRequest(request, dataHandler).flatMap { requestResult =>
+      requestResult match {
+        case Left(e) if e.statusCode == 400 => Future.successful(BadRequest.withHeaders(responseOAuthErrorHeader(e)))
+        case Left(e) if e.statusCode == 401 => Future.successful(Unauthorized.withHeaders(responseOAuthErrorHeader(e)))
+        case Right(authInfo) => callback(authInfo)
+      }
     }
   }
 
-}
+}

project/Build.scala

@@ -4,7 +4,7 @@ import Keys._
 object ScalaOAuth2Build extends Build {
 
   lazy val _organization = "com.nulab-inc"
-  lazy val _version =  "0.7.3"
+  lazy val _version =  "0.7.4"
   lazy val _playVersion = "2.2.4"
 
   val _scalaVersion = "2.10.4"

scala-oauth2-core/src/main/scala/scalaoauth2/provider/DataHandler.scala

@@ -1,6 +1,7 @@
 package scalaoauth2.provider
 
 import java.util.Date
+import scala.concurrent.Future
 
 case class AccessTokenRequest[U](clientId: String, clientSecret: String, user: U)
 
@@ -84,7 +85,7 @@ trait DataHandler[U] {
    * @param grantType Client send this value which is registered by application.
    * @return true if request is a regular client, false if request is a illegal client.
    */
-  def validateClient(clientId: String, clientSecret: String, grantType: String): Boolean
+  def validateClient(clientId: String, clientSecret: String, grantType: String): Future[Boolean]
 
   /**
    * Find userId with username and password these are used on your system.
@@ -94,15 +95,15 @@ trait DataHandler[U] {
    * @param password Client send this value which is used on your system.
    * @return Including UserId to Option if could find the user, None if couldn't find.
    */
-  def findUser(username: String, password: String): Option[U]
+  def findUser(username: String, password: String): Future[Option[U]]
 
   /**
    * Creates a new access token by authorized information.
    *
    * @param authInfo This value is already authorized by system.
    * @return Access token returns to client.
    */
-  def createAccessToken(authInfo: AuthInfo[U]): AccessToken
+  def createAccessToken(authInfo: AuthInfo[U]): Future[AccessToken]
 
   /**
    * Returns stored access token by authorized information.
@@ -112,15 +113,15 @@ trait DataHandler[U] {
    * @param authInfo This value is already authorized by system.
    * @return Access token returns to client.
    */
-  def getStoredAccessToken(authInfo: AuthInfo[U]): Option[AccessToken]
+  def getStoredAccessToken(authInfo: AuthInfo[U]): Future[Option[AccessToken]]
 
   /**
    * Creates a new access token by refreshToken.
    *
    * @param authInfo This value is already authorized by system.
    * @return Access token returns to client.
    */
-  def refreshAccessToken(authInfo: AuthInfo[U], refreshToken: String): AccessToken
+  def refreshAccessToken(authInfo: AuthInfo[U], refreshToken: String): Future[AccessToken]
 
   /**
    * Find authorized information by authorization code.
@@ -130,7 +131,7 @@ trait DataHandler[U] {
    * @param code Client send authorization code which is registered by system.
    * @return Return authorized information that matched the code.
    */
-  def findAuthInfoByCode(code: String): Option[AuthInfo[U]]
+  def findAuthInfoByCode(code: String): Future[Option[AuthInfo[U]]]
 
   /**
    * Find authorized information by refresh token.
@@ -140,34 +141,34 @@ trait DataHandler[U] {
    * @param refreshToken Client send refresh token which is created by system.
    * @return Return authorized information that matched the refresh token.
    */
-  def findAuthInfoByRefreshToken(refreshToken: String): Option[AuthInfo[U]]
+  def findAuthInfoByRefreshToken(refreshToken: String): Future[Option[AuthInfo[U]]]
 
   /**
-   * Find userId by clientId and clientSecret.
+   * Find user by clientId and clientSecret.
    *
    * If you don't support Client Credentials Grant then doesn't need implementing.
    *
    * @param clientId Client send this value which is registered by application.
    * @param clientSecret Client send this value which is registered by application.
    * @return Return user that matched both values.
    */
-  def findClientUser(clientId: String, clientSecret: String, scope: Option[String]): Option[U]
+  def findClientUser(clientId: String, clientSecret: String, scope: Option[String]): Future[Option[U]]
 
   /**
    * Find AccessToken object by access token code.
    *
    * @param token Client send access token which is created by system.
    * @return Return access token that matched the token.
    */
-  def findAccessToken(token: String): Option[AccessToken]
+  def findAccessToken(token: String): Future[Option[AccessToken]]
 
   /**
    * Find authorized information by access token.
    *
    * @param accessToken This value is AccessToken.
    * @return Return authorized information if the parameter is available.
    */
-  def findAuthInfoByAccessToken(accessToken: AccessToken): Option[AuthInfo[U]]
+  def findAuthInfoByAccessToken(accessToken: AccessToken): Future[Option[AuthInfo[U]]]
 
   /**
    * Check expiration.

scala-oauth2-core/src/main/scala/scalaoauth2/provider/GrantHandler.scala

@@ -1,106 +1,124 @@
 package scalaoauth2.provider
 
+import scala.concurrent.Future
+import scala.concurrent.ExecutionContext.Implicits.global
 
 case class GrantHandlerResult(tokenType: String, accessToken: String, expiresIn: Option[Long], refreshToken: Option[String], scope: Option[String])
 
 trait GrantHandler {
 
-  def handleRequest[U](request: AuthorizationRequest, dataHandler: DataHandler[U]): GrantHandlerResult
+  def handleRequest[U](request: AuthorizationRequest, dataHandler: DataHandler[U]): Future[GrantHandlerResult]
 
 
   /**
    * Returns valid access token.
-   * 
+   *
    * @param dataHandler
    * @param authInfo
-   * @return 
+   * @return
    */
-  def issueAccessToken[U](dataHandler: DataHandler[U], authInfo: AuthInfo[U]): GrantHandlerResult = {
-    val accessToken = dataHandler.getStoredAccessToken(authInfo) match {
-      case Some(token) if dataHandler.isAccessTokenExpired(token) =>
-        token.refreshToken.map(dataHandler.refreshAccessToken(authInfo, _)).getOrElse(dataHandler.createAccessToken(authInfo))
-      case Some(token) => token
-      case None => dataHandler.createAccessToken(authInfo)
+  def issueAccessToken[U](dataHandler: DataHandler[U], authInfo: AuthInfo[U]): Future[GrantHandlerResult] = {
+    dataHandler.getStoredAccessToken(authInfo).flatMap { optionalAccessToken =>
+      (optionalAccessToken match {
+        case Some(token) if dataHandler.isAccessTokenExpired(token) => {
+          token.refreshToken.map(dataHandler.refreshAccessToken(authInfo, _)).getOrElse(dataHandler.createAccessToken(authInfo))
+        }
+        case Some(token) => Future.successful(token)
+        case None => dataHandler.createAccessToken(authInfo)
+      }).map { accessToken =>
+        GrantHandlerResult(
+          "Bearer",
+          accessToken.token,
+          accessToken.expiresIn,
+          accessToken.refreshToken,
+          accessToken.scope
+        )
+      }
     }
-    
-    GrantHandlerResult(
-      "Bearer",
-      accessToken.token,
-      accessToken.expiresIn,
-      accessToken.refreshToken,
-      accessToken.scope
-    )
   }
 }
 
 class RefreshToken(clientCredentialFetcher: ClientCredentialFetcher) extends GrantHandler {
 
-  override def handleRequest[U](request: AuthorizationRequest, dataHandler: DataHandler[U]): GrantHandlerResult = {
+  override def handleRequest[U](request: AuthorizationRequest, dataHandler: DataHandler[U]): Future[GrantHandlerResult] = {
     val clientCredential = clientCredentialFetcher.fetch(request).getOrElse(throw new InvalidRequest("BadRequest"))
     val refreshToken = request.requireRefreshToken
-    val authInfo = dataHandler.findAuthInfoByRefreshToken(refreshToken).getOrElse(throw new InvalidGrant("NotFound"))
-    if (authInfo.clientId != clientCredential.clientId) {
-      throw new InvalidClient
+
+    dataHandler.findAuthInfoByRefreshToken(refreshToken).flatMap { authInfoOption =>
+      val authInfo = authInfoOption.getOrElse(throw new InvalidGrant("NotFound"))
+      if (authInfo.clientId != clientCredential.clientId) {
+        throw new InvalidClient
+      }
+
+      dataHandler.refreshAccessToken(authInfo, refreshToken).map { accessToken =>
+        GrantHandlerResult(
+          "Bearer",
+          accessToken.token,
+          accessToken.expiresIn,
+          accessToken.refreshToken,
+          accessToken.scope
+        )
+      }
     }
-    
-    val accessToken = dataHandler.refreshAccessToken(authInfo, refreshToken)
-    GrantHandlerResult(
-      "Bearer",
-      accessToken.token,
-      accessToken.expiresIn,
-      accessToken.refreshToken,
-      accessToken.scope
-    )
   }
 }
 
 class Password(clientCredentialFetcher: ClientCredentialFetcher) extends GrantHandler {
 
-  override def handleRequest[U](request: AuthorizationRequest, dataHandler: DataHandler[U]): GrantHandlerResult = {
+  override def handleRequest[U](request: AuthorizationRequest, dataHandler: DataHandler[U]): Future[GrantHandlerResult] = {
     val clientCredential = clientCredentialFetcher.fetch(request).getOrElse(throw new InvalidRequest("BadRequest"))
     val username = request.requireUsername
     val password = request.requirePassword
-    val user = dataHandler.findUser(username, password).getOrElse(throw new InvalidGrant())
-    val scope = request.scope
-    val clientId = clientCredential.clientId
-    val authInfo = AuthInfo(user, clientId, scope, None)
 
-    issueAccessToken(dataHandler, authInfo)
+    dataHandler.findUser(username, password).flatMap { userOption =>
+      val user = userOption.getOrElse(throw new InvalidGrant("username or password is incorrect"))
+      val scope = request.scope
+      val clientId = clientCredential.clientId
+      val authInfo = AuthInfo(user, clientId, scope, None)
+
+      issueAccessToken(dataHandler, authInfo)
+    }
   }
 }
 
 class ClientCredentials(clientCredentialFetcher: ClientCredentialFetcher) extends GrantHandler {
 
-  override def handleRequest[U](request: AuthorizationRequest, dataHandler: DataHandler[U]): GrantHandlerResult = {
+  override def handleRequest[U](request: AuthorizationRequest, dataHandler: DataHandler[U]): Future[GrantHandlerResult] = {
     val clientCredential = clientCredentialFetcher.fetch(request).getOrElse(throw new InvalidRequest("BadRequest"))
     val clientSecret = clientCredential.clientSecret
     val clientId = clientCredential.clientId
     val scope = request.scope
-    val user = dataHandler.findClientUser(clientId, clientSecret, scope).getOrElse(throw new InvalidGrant())
-    val authInfo = AuthInfo(user, clientId, scope, None)
-    
-    issueAccessToken(dataHandler, authInfo)
+
+    dataHandler.findClientUser(clientId, clientSecret, scope).flatMap { userOption =>
+      val user = userOption.getOrElse(throw new InvalidGrant())
+      val authInfo = AuthInfo(user, clientId, scope, None)
+
+      issueAccessToken(dataHandler, authInfo)
+    }
   }
 
 }
 
 class AuthorizationCode(clientCredentialFetcher: ClientCredentialFetcher) extends GrantHandler {
 
-  override def handleRequest[U](request: AuthorizationRequest, dataHandler: DataHandler[U]): GrantHandlerResult = {
+  override def handleRequest[U](request: AuthorizationRequest, dataHandler: DataHandler[U]): Future[GrantHandlerResult] = {
     val clientCredential = clientCredentialFetcher.fetch(request).getOrElse(throw new InvalidRequest("BadRequest"))
     val clientId = clientCredential.clientId
     val code = request.requireCode
     val redirectUri = request.redirectUri
-    val authInfo = dataHandler.findAuthInfoByCode(code).getOrElse(throw new InvalidGrant())
-    if (authInfo.clientId != clientId) {
-      throw new InvalidClient
-    }
 
-    if (authInfo.redirectUri.isDefined && authInfo.redirectUri != redirectUri) {
-      throw new RedirectUriMismatch
-    }
+    dataHandler.findAuthInfoByCode(code).flatMap { authInfoOption =>
+      val authInfo = authInfoOption.getOrElse(throw new InvalidGrant())
+      if (authInfo.clientId != clientId) {
+        throw new InvalidClient
+      }
+
+      if (authInfo.redirectUri.isDefined && authInfo.redirectUri != redirectUri) {
+        throw new RedirectUriMismatch
+      }
 
-    issueAccessToken(dataHandler, authInfo)
+      issueAccessToken(dataHandler, authInfo)
+    }
   }
 
 }