override def clientConfig: Map[String, JsValue] = Map()

in backend/app/utils/auth/providers/PanDomainUserProvider.scala [28:69]

• 38 lines of code
• 12 McCabe index (conditional complexity)

  override def clientConfig: Map[String, JsValue] = Map(
    "loginUrl" -> JsString(config.loginUrl)
  )

  override def authenticate(request: Request[AnyContent], time: Epoch): Attempt[PartialUser] = {

    def validateUser(user: AuthenticatedUser): Boolean = {
      val passesMultifactor = if (config.require2FA) user.multiFactor else true
      val dbUser = users.getUser(user.user.email.toLowerCase()).awaitEither(10.seconds)
      dbUser.isRight && passesMultifactor
    }

    val maybeCookie = request.cookies.get(config.cookieName)

    maybeCookie match {
      case Some(cookieData) =>
        val status = PanDomain.authStatus(cookieData.value, verificationProvider(), validateUser, 0L, "giant", false, false)
        status match {
          case Authenticated(authedUser) =>
            val downcasedAuthedUser = authedUser.copy(user = authedUser.user.copy(email = authedUser.user.email.toLowerCase()))
            for {
              user <- users.getUser(downcasedAuthedUser.user.email)
              displayName = s"${downcasedAuthedUser.user.firstName} ${downcasedAuthedUser.user.lastName}"
              _ <- if (user.registered)
                Attempt.Right(user)
              else {
                users.registerUser(user.username, displayName, None, None)
              }
            } yield {
              metricsService.recordUsageEvent(user.username)
              PartialUser(user.username, user.displayName.getOrElse(displayName))
            }
          case NotAuthorized(authedUser) => Attempt.Left(PanDomainCookieInvalid(s"User ${authedUser.user.email} is not authorised to use this system.", reportAsFailure = true))
          case InvalidCookie(integrityFailure) => Attempt.Left(PanDomainCookieInvalid(s"Pan domain cookie invalid: $integrityFailure", reportAsFailure = true))
          case Expired(authedUser) => Attempt.Left(PanDomainCookieInvalid(s"User ${authedUser.user.email} panda cookie has expired.", reportAsFailure = false))
          case other =>
            logger.warn(s"Pan domain auth failure: $other")
            Attempt.Left(AuthenticationFailure(s"Pan domain auth failed: $other", reportAsFailure = true))
        }
      case None => Attempt.Left(PanDomainCookieInvalid(s"No pan domain cookie available in request with name ${config.cookieName}", reportAsFailure = false))
    }
  }