in pan-domain-auth-play/src/main/scala/com/gu/pandomainauth/action/Actions.scala [150:181]
def invalidUserMessage(claimedAuth: AuthenticatedUser) = s"user ${claimedAuth.user.email} not valid for $system"
private def decodeCookie(name: String)(implicit request: RequestHeader) =
request.cookies.get(name).map(cookie => URLDecoder.decode(cookie.value, "UTF-8"))
def processOAuthCallback()(implicit request: RequestHeader): Future[Result] = {
(for {
token <- decodeCookie(ANTI_FORGERY_KEY)
originalUrl <- decodeCookie(LOGIN_ORIGIN_KEY)
} yield {
OAuth.validatedUserIdentity(token)(request, ec, wsClient).map { claimedAuth =>
val existingAuthenticatedIn = readAuthenticatedUser(request).map(_.authenticatedIn)
val authedUserData =
claimedAuth.copy(
authenticatingSystem = system,
authenticatedIn = existingAuthenticatedIn.fold(Set(system))(_ + system),
multiFactor = checkMultifactor(claimedAuth)
)
if (validateUser(authedUserData)) {
val updatedCookie = generateCookie(authedUserData)
Redirect(originalUrl)
.withCookies(updatedCookie)
.discardingCookies(discardCookies:_*)
} else {
showUnauthedMessage(invalidUserMessage(authedUserData))
}
}
}) getOrElse {
Future.successful(BadRequest("Missing cookies"))
}
}