Cleaned up basic authentication.

Change-Id: I023a8554f1c1c2f2cfaadaab234eb792fa1a5a7c
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java b/full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java
index 1d15ca2..6aa2d88 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java
@@ -2,105 +2,79 @@
 
 import java.util.Map;
 
-import org.apache.commons.codec.binary.Base64;
 import org.springframework.beans.factory.annotation.Autowired;
 
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.authentication.framework.TransferEncoding;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.config.AuthenticationType;
 import de.ids_mannheim.korap.config.KustvaktConfiguration;
 import de.ids_mannheim.korap.config.Scopes;
+import de.ids_mannheim.korap.dao.UserDao;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.interfaces.AuthenticationIface;
 import de.ids_mannheim.korap.interfaces.EncryptionIface;
-import de.ids_mannheim.korap.interfaces.db.EntityHandlerIface;
 import de.ids_mannheim.korap.user.KorAPUser;
 import de.ids_mannheim.korap.user.TokenContext;
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.utils.StringUtils;
 import de.ids_mannheim.korap.utils.TimeUtils;
 
-/** EM: do not use at the moment, there is no authentication 
- *  checking, formerly used a database. Should separate between
- *  authentication procedure and the real authentication checking 
- *  method.
+/** 
+ * Implementation of encoding and decoding access token is moved to 
+ * {@link TransferEncoding}. Moreover, implementation of HTTP 
+ * Authentication framework, i.e. creation of authorization header, 
+ * is defined in {@link HttpAuthorizationHandler}. 
  * 
+ * Basic authentication is intended to be used with a database. It is 
+ * currently only used for testing using a dummy DAO (@see {@link UserDao}). 
+ *   
+ * 
+ * @author margaretha
+ * @date 15/11/2017
  * 
  * @author hanl
  * @date 28/04/2015
  */
-// todo: bean injection!
-public class BasicHttpAuth implements AuthenticationIface {
+public class BasicAuthentication implements AuthenticationIface {
 
     @Autowired
+    private TransferEncoding transferEncoding;
+    @Autowired
     private KustvaktConfiguration config;
     @Autowired
     private EncryptionIface crypto;
     @Autowired
-    private EntityHandlerIface dao;
-    
-    public BasicHttpAuth() {
+    private UserDao dao;
 
-    }
-
-    public BasicHttpAuth(KustvaktConfiguration config) {
+    public BasicAuthentication (KustvaktConfiguration config) {
         this.config = config;
     }
 
-
-    public static String[] decode (String token) {
-        //return OAuthUtils.decodeClientAuthenticationHeader(token);
-        String[] tokens = token.split(" ");
-        String encodedCred = null;
-        if (!token.equals(tokens[0])) {
-            if (tokens[0] != null && !tokens[0].isEmpty()) {
-                if (!tokens[0].toLowerCase().equalsIgnoreCase("basic")) {
-                    return null;
-                }
-                encodedCred = tokens[1];
-            }
-        } else {
-            encodedCred = tokens[0];
-        }
-            if(encodedCred != null && !"".equals(encodedCred)) {
-                String decodedCreds = new String(Base64.decodeBase64(encodedCred));
-                if(decodedCreds.contains(":") && decodedCreds.split(":").length == 2) {
-                    String[] creds = decodedCreds.split(":");
-                    if ((creds[0] != null && !creds[0].isEmpty()) && (creds[1] != null && !creds[1].isEmpty()))
-                        return decodedCreds.split(":");
-                }
-            }
-        return null;
-    }
-
-
-    public static String encode (String user, String pass) {
-        String s = user + ":" + pass;
-        return Attributes.BASIC_AUTHENTICATION + " "
-                + new String(Base64.encodeBase64(s.getBytes()));
-    }
-
-
     @Override
-    public TokenContext getTokenContext(String authToken)
+    public TokenContext getTokenContext (String authToken)
             throws KustvaktException {
-        //fixme: handle via constructor
-        String[] values = decode(authToken);
+        // Hanl: fixme: handle via constructor
+        // EM: ?
+        String[] values = transferEncoding.decodeBase64(authToken);
         if (values != null) {
             TokenContext c = new TokenContext();
             User user = dao.getAccount(values[0]);
-            if (user instanceof KorAPUser && ((KorAPUser) user).getPassword() != null) {
+            if (user instanceof KorAPUser
+                    && ((KorAPUser) user).getPassword() != null) {
                 boolean check = crypto.checkHash(values[1],
                         ((KorAPUser) user).getPassword());
 
-                if (!check)
-                    return null;
+                if (!check) return null;
             }
             c.setUsername(values[0]);
-            c.setExpirationTime(TimeUtils.plusSeconds(this.config.getTokenTTL()).getMillis());
-            c.setAuthenticationType(AuthenticationType.DATABASE);
+            c.setExpirationTime(TimeUtils.plusSeconds(this.config.getTokenTTL())
+                    .getMillis());
+            c.setAuthenticationType(AuthenticationType.BASIC);
             // todo: for production mode, set true
             c.setSecureRequired(false);
+            // EM: is this secure?
             c.setToken(StringUtils.stripTokenType(authToken));
             //            fixme: you can make queries, but user sensitive data is off limits?!
             c.addContextParameter(Attributes.SCOPES,
@@ -113,7 +87,7 @@
 
     // not supported!
     @Override
-    public TokenContext createTokenContext(User user, Map<String, Object> attr)
+    public TokenContext createTokenContext (User user, Map<String, Object> attr)
             throws KustvaktException {
         return null;
     }
@@ -126,13 +100,14 @@
 
 
     @Override
-    public TokenContext refresh (TokenContext context) throws KustvaktException {
+    public TokenContext refresh (TokenContext context)
+            throws KustvaktException {
         return null;
     }
 
 
     @Override
     public AuthenticationType getIdentifier () {
-        return AuthenticationType.DATABASE;
+        return AuthenticationType.BASIC;
     }
 }