def checkAdmin[A]()

in cdslogviewer/app/auth/Security.scala [178:209]

• 30 lines of code
• 11 McCabe index (conditional complexity)

  def checkAdmin[A](uid:String, request:Request[A]) = Seq("X-Hmac-Authorization","Authorization").map(request.headers.get) match {
    case Seq(Some(hmac),_)=>
      logger.debug("hmac auth is never admin")
      false //server-server never requires admin
    case Seq(None,Some(bearer))=>
      //FIXME: seems a bit rubbish to validate the token twice, once for login and once for admin
      val adminClaimContent = for {
        tok <- bearerTokenAuth.extractAuthorization(bearer)
        maybeClaims <- bearerTokenAuth.validateToken(tok)
        maybeAdminClaim <- (Option(maybeClaims.content.getStringArrayClaim("roles")), Option(maybeClaims.content.getStringClaim(bearerTokenAuth.isAdminClaimName()))) match {
          case (Some(roles), _)=>
            logger.debug(s"Administrative rights check via roles claim")
            Right(LoginResultOK(roles.contains(bearerTokenAuth.isAdminClaimName()).toString))
          case (_, Some(_))=>
            Right(LoginResultOK(s"true"))
          case (_, None) =>
            Left(LoginResultNotPresent)
        }
      } yield maybeAdminClaim

      adminClaimContent match {
        case Right(LoginResultOK(stringValue))=>
          logger.debug(s"got value for isAdminClaim ${bearerTokenAuth.isAdminClaimName()}: $stringValue, downcasing and testing for 'true' or 'yes'")
          val downcased = stringValue.toLowerCase()
          downcased == "true" || downcased == "yes"
        case Left(_)=>
          logger.debug(s"got nothing for isAdminClaim ${bearerTokenAuth.isAdminClaimName()}")
          false
      }
    case _=>
      false
  }