Skip to content

Commit

Permalink
Act DSL : handle impersonation in case of restrictByProvider
Browse files Browse the repository at this point in the history
  • Loading branch information
@eletallbetagouv
eletallbetagouv committed Feb 11, 2025
1 parent 3207a5c commit fd0a16c
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 24 deletions.
17 changes: 7 additions & 10 deletions app/controllers/AccountController.scala
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package controllers

import authentication.CookieAuthenticator
import authentication.actions.ImpersonationAction.forbidImpersonationFilter
import cats.implicits.catsSyntaxOption
import config.EmailConfiguration
import models._
Expand Down Expand Up @@ -149,7 +148,7 @@ class AccountController(
}

def edit() =
Act.secured.restrictByProvider.signalConso.andThen(forbidImpersonationFilter).async(parse.json) { implicit request =>
Act.secured.restrictByProvider.signalConso.forbidImpersonation.async(parse.json) { implicit request =>
for {
userUpdate <- request.parseBody[UserUpdate]()
updatedUserOpt <- userOrchestrator.edit(request.identity.id, userUpdate)
Expand All @@ -168,14 +167,12 @@ class AccountController(
}

def updateEmailAddress(token: String) =
Act.secured.restrictByProvider.signalConso
.andThen(forbidImpersonationFilter)
.async { implicit request =>
for {
updatedUser <- accessesOrchestrator.updateEmailAddress(request.identity, token)
cookie <- authenticator.initSignalConsoCookie(updatedUser.email, None).liftTo[Future]
} yield authenticator.embed(cookie, Ok(Json.toJson(updatedUser)))
}
Act.secured.restrictByProvider.signalConso.forbidImpersonation.async { implicit request =>
for {
updatedUser <- accessesOrchestrator.updateEmailAddress(request.identity, token)
cookie <- authenticator.initSignalConsoCookie(updatedUser.email, None).liftTo[Future]
} yield authenticator.embed(cookie, Ok(Json.toJson(updatedUser)))
}

def softDelete(id: UUID) =
Act.secured.admins.async { request =>
Expand Down
24 changes: 12 additions & 12 deletions app/controllers/AuthController.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ import orchestrators.proconnect.ProConnectOrchestrator
import utils.EmailAddress
import cats.syntax.either._
import _root_.controllers.error.AppError._
import authentication.actions.ImpersonationAction.forbidImpersonationFilter

import java.util.UUID
import scala.concurrent.ExecutionContext
Expand Down Expand Up @@ -67,19 +66,20 @@ class AuthController(
} yield authenticator.embed(userSession.cookie, Ok(Json.toJson(userSession.user)))
}

def logout(): Action[AnyContent] = Act.secured.restrictByProvider.signalConso.async { implicit request =>
request.identity.impersonator match {
case Some(impersonator) =>
authOrchestrator
.logoutAs(impersonator)
.map(userSession => authenticator.embed(userSession.cookie, Ok(Json.toJson(userSession.user))))
case None =>
Future.successful(authenticator.discard(NoContent))
}
def logout(): Action[AnyContent] = Act.secured.restrictByProvider.signalConso.allowImpersonation.async {
implicit request =>
request.identity.impersonator match {
case Some(impersonator) =>
authOrchestrator
.logoutAs(impersonator)
.map(userSession => authenticator.embed(userSession.cookie, Ok(Json.toJson(userSession.user))))
case None =>
Future.successful(authenticator.discard(NoContent))
}
}

def logoutProConnect(): Action[AnyContent] =
Act.secured.restrictByProvider.proConnect.async { implicit request =>
Act.secured.restrictByProvider.proConnect.allowImpersonation.async { implicit request =>
request.identity.impersonator match {
case Some(impersonator) =>
authOrchestrator
Expand Down Expand Up @@ -123,7 +123,7 @@ class AuthController(
}

def changePassword =
Act.secured.restrictByProvider.signalConso.andThen(forbidImpersonationFilter).async(parse.json) { implicit request =>
Act.secured.restrictByProvider.signalConso.forbidImpersonation.async(parse.json) { implicit request =>
for {
updatePassword <- request.parseBody[PasswordChange]()
_ <- authOrchestrator.changePassword(request.identity, updatePassword)
Expand Down
4 changes: 2 additions & 2 deletions app/controllers/BaseController.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,8 +156,8 @@ abstract class BaseController(
val adminsAndReadonly = securedAction.andThen(WithRole(AdminsAndReadOnly))

object restrictByProvider {
val signalConso = securedAction.andThen(WithAuthProvider(SignalConso))
val proConnect = securedAction.andThen(WithAuthProvider(ProConnect))
val signalConso = AskImpersonationDsl(securedAction.andThen(WithAuthProvider(SignalConso)))
val proConnect = AskImpersonationDsl(securedAction.andThen(WithAuthProvider(ProConnect)))
}

}
Expand Down

0 comments on commit fd0a16c

Please sign in to comment.