def user()

in membership-attribute-service/app/services/IdentityAuthService.scala [19:51]

• 27 lines of code
• 9 McCabe index (conditional complexity)

  def user(requiredScopes: List[AccessScope])(implicit requestHeader: RequestHeader): Future[Either[AuthenticationFailure, UserFromToken]] = {
    getUser(requestHeader, requiredScopes).attempt
      .map {
        case Left(UserCredentialsMissingError(_)) =>
          // IdentityPlayAuthService throws an error if there is no SC_GU_U cookie or crypto auth token
          // frontend decides to make a request based on the existence of a GU_U cookie, so this case is expected.
          Left(Unauthorised)

        case Left(OktaValidationException(validationError: ValidationError)) =>
          validationError match {
            case MissingRequiredScope(_) =>
              logger.warnNoPrefix(s"could not validate okta token - $validationError")
              Left(Forbidden)
            case OktaValidationError(originalException) =>
              logger.warnNoPrefix(
                s"could not validate okta token - $validationError. Path: ${requestHeader.path}. User-Agent: ${requestHeader.headers.get("User-Agent")}",
                originalException,
              )
              Left(Unauthorised)
            case _ =>
              logger.warnNoPrefix(s"could not validate okta token - $validationError")
              Left(Unauthorised)
          }

        case Left(err) =>
          logger.warnNoPrefix(s"valid request but expired token or cookie so user must log in again - $err")
          Left(Unauthorised)

        case Right(Some(user)) => Right(user)

        case Right(None) => Left(Unauthorised)
      }
  }