Source Code of com.gadglet.servlets.DomainSignedRequestServlet

/**
 * Copyright (C)  Gadglet .
 *
 * This file is part of Gadglet
 *
 * Gadglet is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * Gadglet is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with Gadglet. If not, see <http://www.gnu.org/licenses/>.
 */

package com.gadglet.servlets;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.logging.Logger;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.gadglet.core.GadgletRequestWrapper;
import com.gadglet.core.GadgletResponse;
import com.gadglet.core.RequestException;
import com.gadglet.data.DomainUser;
import com.gadglet.data.DomainUserUtils;
import com.gadglet.data.Gadget;
import com.gadglet.data.GadgetUtils;
import com.gadglet.data.RegistrationToken;
import com.gadglet.data.RegistrationTokenUtils;
import com.gadglet.data.utils.DomainUserStatus;
import com.gadglet.params.GadgetType;
import com.gadglet.params.ReqErrorTypes;
import com.gadglet.params.SharedConstants;
import com.gadglet.util.UrlUtils;
import com.google.appengine.api.NamespaceManager;
import com.google.gson.Gson;

/**
 * This class serve Bizlets (Google Apps Gadgets) SIGNED requests
 *
 */
public class DomainSignedRequestServlet extends BasicRequestServlet {

  private static final long serialVersionUID = 1758343254324324L;
  Logger log = Logger.getLogger(this.getClass().getName());

  @Override
  public void doGet(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    checkUser(request, response);

  }

  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    checkUser(request, response);

  }

  /**
   *
   * @param httpServletRequest
   * @param httpServletResponse
   */
  private void checkUser(HttpServletRequest httpServletRequest,
      HttpServletResponse httpServletResponse) {


    GadgletResponse gadgetServerResponse = new GadgletResponse();

    GadgletRequestWrapper platformRequestWrapper = new GadgletRequestWrapper(
        httpServletRequest);

    if (!(platformRequestWrapper.getParameter("ignoreJson") != null && UrlUtils
        .isOnDevPort8888(platformRequestWrapper)))
      setResponseHeaders(httpServletResponse);

    boolean userIsValid = false;
    try {
      userIsValid = validateOpenSocialUser(platformRequestWrapper,
          gadgetServerResponse);

      // load gadget
      Gadget g = GadgetUtils.getGadget(platformRequestWrapper.getGadgetName());

      if(g==null || g.getGadgletType()==null || !g.getGadgletType().equals(GadgetType.BIZLET.getGadgetType()))
        throw new RequestException(
            ReqErrorTypes.UNRECOGNIZED_GADGET);
      else
        platformRequestWrapper.setRequestedGadget(g);

    } catch (RequestException e) {

      userIsValid = false;
      gadgetServerResponse.setError(e);
    } catch (Exception e) {

      userIsValid = false;
      gadgetServerResponse.setError(new RequestException(
          ReqErrorTypes.REQUEST_FAILED));
      printStackTrace(e);
    }

    if (userIsValid)
      performRequest(platformRequestWrapper, gadgetServerResponse,
          httpServletResponse);

    else {

      PrintWriter out = null;
      try {
        out = httpServletResponse.getWriter();
        Gson gson = new Gson();
        out.print(gson.toJson(new JsonEnvelope(gadgetServerResponse)));
      } catch (IOException e) {

        log.warning(e.getMessage());
      }

    }

  }

  protected boolean validateOpenSocialUser(
      GadgletRequestWrapper platformRequestWrapper,
      GadgletResponse jsonResponse) throws RequestException {
    boolean userLogin = false;

    if (platformRequestWrapper.getOpenSocialViewerId() == null) {

      log.warning("opensocial_viewer_id is null");
      throw new RequestException(ReqErrorTypes.USER_NOT_LOGGEDIN);
    }

    if (!validateSignedRequestWithContainer(platformRequestWrapper)) {
      userLogin = false;

      throw new RequestException(ReqErrorTypes.USER_NOT_LOGGEDIN);

    }

    DomainUser domainUser = null;

    domainUser = (DomainUser) platformRequestWrapper.getSession()
        .getAttribute("domainUser");

    if (domainUser != null
        && domainUser.getOauthConsumerKey().equals(
            platformRequestWrapper.getOpenSocialConsumerKey())
        && domainUser.getOpensocialViewerId().equals(
            platformRequestWrapper.getOpenSocialViewerId())) {

      NamespaceManager.set(domainUser.getAccount());
      return true;
    }
    else
      domainUser = DomainUserUtils.getDomainUserByOpenSocial(platformRequestWrapper);

    if (domainUser != null){
      if (domainUser.getStatus() != DomainUserStatus.ACTIVE.getUserStatus())
        throw new RequestException(ReqErrorTypes.USER_NOT_ACTIVE);

      // set user in session
      if (platformRequestWrapper != null && domainUser != null) {
        platformRequestWrapper.getSession().setAttribute("domainUser",
            domainUser);
        NamespaceManager.set(domainUser.getAccount());
        return true;
      }
    }


    if (domainUser == null) {
      // Registration
      RegistrationToken token = null;
      // 5 cases:
      //  - token is ready with both OAUTH + SIGNED - send registration url
      //  - token is ready for SIGNED and only SIGNED is needed - send
      // registration url
      // - token is already SIGNED created - send do to OAUTH
      // - token is OAUTH created and id in the session - update SIGNED and
      // send registration url
      // - token is null. send request failed

      String tokenId = null;
      if (platformRequestWrapper.getRegistrationTokenId() != null) {
        tokenId = platformRequestWrapper.getRegistrationTokenId();
        try {
          token = RegistrationTokenUtils.updateTokenForOpenSocial(
              tokenId,
              platformRequestWrapper.getOpenSocialViewerId(),
              platformRequestWrapper.getOpenSocialConsumerKey());
        } catch (Exception e) {
          printStackTrace(e);
        }
      }

      if (token == null) {
        try {
          token = RegistrationTokenUtils
              .createNew(platformRequestWrapper);
          platformRequestWrapper.getSession().setAttribute(SharedConstants.registrationTokenParamName,token.getTokenID());
        } catch (Exception e) {
          log.warning(e.getMessage());
        }
      }
      if(token ==null)
        log.warning("token is null we have a problem");
      else if (token.isTokenReady())
        jsonResponse.addCustomFieldError(
            SharedConstants.registrationTokenParamName,
            token.getTokenID());
      else if (token.isOpenSocialReady() && userRegistrationMethod.equalsIgnoreCase(SharedConstants.registrationMethodSigned))
        jsonResponse.addCustomFieldError(
            SharedConstants.registrationTokenParamName,
            token.getTokenID());
      else if (!token.isOauthReady()){
        jsonResponse.addCustomFieldError(
            SharedConstants.registrationTokenParamName,
            token.getTokenID());
        jsonResponse.addCustomFieldError(SharedConstants.registrationProcessParamName, SharedConstants.registrationDoOAuth);
      }
      else
        token =null;

      if (token != null)
        throw new RequestException(ReqErrorTypes.USER_NOT_REGISTERED);
      else
        throw new RequestException(ReqErrorTypes.REQUEST_FAILED);
    }

    return userLogin;
  }
}