public class ApplicationController {
private boolean ensure_valid_client() {
return current_oauth2_client.clientSecret == request.getClientSecret();
}
private OAuth2Client current_oauth2_client() {
return OAuth2Client oauth2Client = OAuth2Client.findById(request.getClientId());
}
}
public class AuthoziationController extends ApplicationController {
before_filter :ensure_valid_client
public void authorize() {
User user = User.findByLogin("jonstorer");
String route = null;
if (!user.passwordMatches("password")) {
route = "/failed?reason=user not found with that login and password";
} else {
// need to investigate associations in hibernate
AuthorizationCode authorizationCode = current_oauth2_client.authorization_codes.build({ user: user });
if (authorizationCode.save) {
route = "/whatever?code=" authorizationCode.code;
} else {
// choose JAVA throws or figure something else out
route = "/failed?reason=" authorizationCode.errors.map(&:full_message).join(' ');
}
}
redirect route;
}
}
public class User extends CrudRepository {
before_save :encrypt_password
// this might not be a thing
public User (Hash params) {
for (key : params) {
String methodName = "set" + key.substring(0,1).toUpper + key.substring(1);
this.getClass().getMethod(methodName, parms[key]).invoke(this, parms[key]);
}
this.salt = this.buildSalt();
return this;
}
public static User findByLogin (String login) {
// don't expose account type and user status to
// the controller. The controller doesn't need
// to know that.
return this.findByUserIDAndAccountTypeAndUserStatus(login, "A", "A");
}
public boolean passwordsMatch (String passphrase) {
return this.encrypt(passphrase) == this.password;
}
private String encrypt (String string) {
// encrypt with this.salt;
}
private String buildSalt () {
// gen code
}
}
public class AuthorizationCode extends SomeOrm {
belongs_to :oauth2Client;
belongs_to :user;
validates :requireCode
private void requireCode () {
return !!self.code;
}
}