diff --git a/build.sbt b/build.sbt index 8338ea419f4..c696253b39f 100644 --- a/build.sbt +++ b/build.sbt @@ -150,7 +150,7 @@ val identity = application("identity") .settings( libraryDependencies ++= Seq( filters, - identityAuthPlay, + identityAuthCore, slf4jExt, libPhoneNumber, supportInternationalisation, diff --git a/identity/app/services/AuthenticationService.scala b/identity/app/services/AuthenticationService.scala index f2361290b60..dd4312c9bed 100644 --- a/identity/app/services/AuthenticationService.scala +++ b/identity/app/services/AuthenticationService.scala @@ -1,12 +1,12 @@ package services +import cats.effect.IO import com.gu.identity.auth.{IdapiAuthService, IdapiUserCredentials} import com.gu.identity.cookie.IdentityCookieService import com.gu.identity.model.User -import com.gu.identity.play.IdapiPlayAuthService import idapiclient.{Auth, ScGuRp, ScGuU} import org.joda.time.Hours -import play.api.mvc.{RequestHeader, Results} +import play.api.mvc.{Cookie, RequestHeader, Results} import utils.SafeLogging import scala.language.implicitConversions @@ -31,8 +31,24 @@ class AuthenticationService( /** User has SC_GU_U and GU_U cookies */ def fullyAuthenticatedUser(request: RequestHeader): Option[AuthenticatedUser] = { + + case class UserCredentialsMissingError(message: String) extends Exception { + override def getMessage: String = message + } + + def getSCGUUCookieFromRequest(request: RequestHeader): IO[Cookie] = + IO.fromEither(request.cookies.get("SC_GU_U").toRight(UserCredentialsMissingError("SC_GU_U cookie not set"))) + + def getIdapiUserCredentialsFromRequest( + request: RequestHeader, + ): IO[IdapiUserCredentials] = + getSCGUUCookieFromRequest(request).redeemWith( + err => IO.raiseError[IdapiUserCredentials](err), + cookie => IO(IdapiUserCredentials.SCGUUCookie(cookie.value)), + ) + (for { - credentials <- IdapiPlayAuthService.getIdapiUserCredentialsFromRequest(request, None) + credentials <- getIdapiUserCredentialsFromRequest(request) user <- identityAuthService.getUserFromCredentials(credentials) } yield { // have to explicitly match the retrieved credentials to UserCredentials to see if it's an SCGUUCookie or CryptoAccessToken diff --git a/project/Dependencies.scala b/project/Dependencies.scala index 944f3d34d44..0d4e238cc2e 100644 --- a/project/Dependencies.scala +++ b/project/Dependencies.scala @@ -3,7 +3,7 @@ package com.gu import sbt._ object Dependencies { - val identityLibVersion = "4.17" + val identityLibVersion = "4.22" val awsVersion = "1.12.638" val capiVersion = "25.0.0" val faciaVersion = "5.0.6" @@ -48,7 +48,7 @@ object Dependencies { ExclusionRule("org.scala-lang.modules", "scala-xml_2.13") val identityModel = ("com.gu.identity" %% "identity-model" % identityLibVersion) .excludeAll(excludeDirectScalaXMLDependency) - val identityAuthPlay = ("com.gu.identity" %% "identity-auth-play" % identityLibVersion) + val identityAuthCore = ("com.gu.identity" %% "identity-auth-core" % identityLibVersion) .excludeAll(excludeDirectScalaXMLDependency) val mockWs = "de.leanovate.play-mockws" %% "play-mockws" % "2.6.2" % Test