def generateToken()

in play-v30/src/main/scala/com/gu/googleauth/auth.scala [113:137]

• 22 lines of code
• 4 McCabe index (conditional complexity)

  def generateToken(sessionId: String)(implicit clock: Clock = Clock.systemUTC) : String = Jwts.builder()
    .setExpiration(Date.from(clock.instant().plusSeconds(60)))
    .claim(SessionIdJWTClaimPropertyName, sessionId)
    .signWith(keyFor(secretsProvider.snapshot().secrets.active), signatureAlgorithm)
    .compact()

  def checkChoiceOfSigningAlgorithm(claims: Jws[Claims]): Try[Unit] =
    if (claims.getHeader.getAlgorithm == signatureAlgorithm.getValue) Success(()) else
      Failure(throw new IllegalArgumentException(s"the anti forgery token is not signed with $signatureAlgorithm"))

  def checkTokenContainsCorrectSessionId(claims: Jws[Claims], userSessionId: String): Try[Unit] =
    if (claims.getBody.get(SessionIdJWTClaimPropertyName) == userSessionId) Success(()) else
      Failure(throw new IllegalArgumentException("the session ID found in the anti forgery token does not match the Play session ID"))

  def verifyToken(request: RequestHeader): Try[Unit] = for {
    sessionIdFromPlaySession <- Try(request.session.get(sessionIdKeyName).getOrElse {
      val message = "No Play session ID found"
      logger.warn(s"$message. sessionEmpty: ${request.session.isEmpty}; request userAgent: ${request.headers.get(USER_AGENT)}")
      throw new IllegalArgumentException(message)
    })
    oauthAntiForgeryState <- Try(request.getQueryString("state").getOrElse(throw new IllegalArgumentException("No anti-forgery state returned in OAuth callback")))
    jwtClaims <- parseJwtClaimsFrom(oauthAntiForgeryState)
    _ <- checkChoiceOfSigningAlgorithm(jwtClaims)
    _ <- checkTokenContainsCorrectSessionId(jwtClaims, sessionIdFromPlaySession)
  } yield ()