override fun processAuthenticationRequest()

in azure-active-directory-server/src/main/kotlin/org/jetbrains/teamcity/aad/AADAuthenticationScheme.kt [62:125]

• 50 lines of code
• 12 McCabe index (conditional complexity)

    override fun processAuthenticationRequest(request: HttpServletRequest, response: HttpServletResponse, schemeProperties: Map<String, String>): HttpAuthenticationResult {
        if (request.method != "POST") {
            return HttpAuthenticationResult.notApplicable()
        }

        var uniqueNameClaimName = UNIQUE_NAME_CLAIM
        if (schemeProperties[AADConstants.AUTH_ENDPOINT_SCHEME_PROPERTY_KEY]?.contains("v2.0") == true)
            uniqueNameClaimName = UPN_CLAIM

        val idTokenString = request.getParameter(ID_TOKEN)
        if (idTokenString == null) {
            LOG.debug("POST request contains no $ID_TOKEN parameter so scheme is not applicable.")
            return HttpAuthenticationResult.notApplicable()
        }

        val token = JWT.parse(idTokenString) ?:
                return sendBadRequest(response, "Marked request as unauthenticated since failed to parse JWT from retrieved $ID_TOKEN $idTokenString")

        val error = token.getClaim(ERROR_CLAIM)
        if (error != null) {
            LOG.warn(error)
            val errorDescription = token.getClaim(ERROR_DESCRIPTION_CLAIM)
            return sendUnauthorized(request, response, errorDescription)
        }

        val nonce = token.getClaim(NONCE_CLAIM)
        val uniqueName = token.getClaim(uniqueNameClaimName)
        val oid = token.getClaim(OID_CLAIM)

        if (nonce == null || uniqueName == null || oid == null) {
            return sendBadRequest(response, "Some of required claims were not found in parsed JWT. $NONCE_CLAIM - $nonce; $uniqueNameClaimName - $uniqueName, $OID_CLAIM - $oid")
        }

        if (!accessTokenValidator.validate(nonce)) {
            return sendBadRequest(response, "Marked request as unauthenticated since retrieved JWT '$NONCE_CLAIM' claim is incorrect.")
        }

        // Get e-mail
        val email = token.getClaim(EMAIL_CLAIM) ?: token.getClaim(UPN_CLAIM)

        // Get full user name
        val lastName = token.getClaim(FAMILY_NAME_CLAIM)
        val firstName = token.getClaim(GIVEN_NAME_CLAIM)
        val fullName = token.getClaim(FULL_NAME_CLAIM)

        val userName = if (!fullName.isNullOrEmpty()) {
            fullName
        } else {
            StringBuilder("").apply {
                if (!firstName.isNullOrEmpty()) {
                    this.append(firstName).append(" ")
                }
                if (!lastName.isNullOrEmpty()) {
                    this.append(lastName)
                }
            }.toString().trim()
        }

        val principal = principalFactory.getServerPrincipal(uniqueName, oid, userName, email, schemeProperties)
        LOG.debug("Request authenticated. Determined user ${principal.name}")

        val shouldRemember = TeamCityProperties.getBoolean("teamcity.http.auth.remember.me")
        return HttpAuthenticationResult.authenticated(principal, shouldRemember)
    }