vertx-web icon indicating copy to clipboard operation
vertx-web copied to clipboard

Published 20 hours ago verified publisher icon vert-x3

Draft: Refactor authentication code

Open Jotschi opened this issue 2 years ago • 2 comments

Motivation:

The refactor enables re-use of authentication implementation details in non vertx-web projects. (e.g. Vert.x gRPC) There will be a matching PR for vertx-auth + vertx-grpc to incorporate and make use of the refactored codebase.

Draft:

This PR introduces two maven modules. These modules have been added as discussed in the discord meeting to limit the diff and make it easier to review the changes since classes eventually have to be moved to vertx-auth.

Changes:

  • Creation of a UserContext abstraction
  • Move of various interfaces to common modules
  • Introduction of AuthenticationContext interface
  • AuthenticationHandler is now generic to accept implementation specific context objects
  • JWTAuthHandlerImpl, HTTPAuthorizationHandler, AuthenticationHandlerImpl have been refactored to be RoutingContext agnostic and use AuthenticationContext instead.
  • UserContextImpl split into AbstractUserContext to enable re-use of code
  • RoutingContext now extends AuthenticationContext

Tasks:

  • [x] Fix docgen errors
  • [ ] Solve TODO in WebHTTPAuthorizationHandler, WebAuthenticationHandlerImpl - currently code is duplicated
  • [ ] Check Javadoc for needed changes (RoutingContext -> AuthenticationContext)
  • [x] Run all tests
  • [ ] Verify codegen still works properly
  • [x] Rename UserContextImpl into UserWebContextImpl ?
  • [ ] Check whether AuthenticationContext#onContinue can be added
  • [ ] Continue refactor of other authentication handler implementation (e.g. OAuth2) once approach has been reviewed.

Jotschi avatar Oct 17 '23 01:10 Jotschi

Notes from discord meeting:

  • HttpException - Keep the exception in Vert.x web for the moment and make it extend one in auth-common
  • UserContext - Move UserContext definitions + common impl to RoutingContext to decouple the interface
default void refreshUser(UserContext) {

}
  • Refactor user = null by use of user.clear
  • Remove vertx-web-auth-jwt
  • UserContext - Keep UserContext in vert.x web and add a io.vertx.auth.common.UserContext -> Not needed. Context can be unchanged since Session must be moved too.
  • Session / OAuth2 - Try to split auth oauth2 handler and abstract away session related code

Jotschi avatar Oct 20 '23 13:10 Jotschi

Concept for refactoring Exception handling to avoid the use exceptions for common HTTP actions:

postAuthentication method:

if (res instance of PostAuthenticationResult) {
  PostAuthenticationResult result =  postAuthentication(ctx);
} else {
    if (res instanceof PostAuthenticationResult.Proceed) {
        ctx.next();
    }
    …
}

Jotschi avatar Oct 27 '23 13:10 Jotschi