cartodb/lib/carto/http_header_authentication.rb

require_dependency 'carto/uuidhelper'

module Carto
  class HttpHeaderAuthentication
    include Carto::UUIDHelper

    def valid?(request)
      value = header_value(request.headers)
      !value.nil? && !value.empty?
    end

    def get_user(request)
      header = identity(request)
      return nil if header.nil? || header.empty?

      ::User.where("#{field(request)} = ?", header).first
    end

    def autocreation_enabled?
      Cartodb.get_config(:http_header_authentication, 'autocreation') == true
    end

    def autocreation_valid?(request)
      autocreation_enabled? && field(request) == 'email'
    end

    def identity(request)
      header_value(request.headers)
    end

    def email(request)
      raise "Configuration is not set to email, or it's auto but request hasn't email" unless field(request) == 'email'
      identity(request)
    end

    def creation_in_progress?(request)
      header = identity(request)
      return false unless header

      Carto::UserCreation.in_progress.where("#{user_creation_field(request)} = ?", header).first.present?
    end

    private

    def field(request)
      field = Cartodb.get_config(:http_header_authentication, 'field')
      field == 'auto' ? field_from_value(request) : field
    end

    def user_creation_field(request)
      field = field(request)
      case field
      when 'username', 'email'
        field
      when 'id'
        'user_id'
      else
        raise "Unknown field #{field}"
      end
    end

    def field_from_value(request)
      value = header_value(request.headers)
      return nil unless value

      if value.include?('@')
        'email'
      elsif uuid?(value)
        'id'
      else
        'username'
      end
    end

    def header_value(headers)
      header = ::Cartodb.get_config(:http_header_authentication, 'header')
      !header.nil? && !header.empty? ? headers[header] : nil
    end
  end
end