From fdb4a5605a58a5e4c0d76325e4467e64195da192 Mon Sep 17 00:00:00 2001
From: David Rowe <david@ctrlaltstudio.com>
Date: Sun, 2 Aug 2020 20:54:09 +1200
Subject: [PATCH] Tidy processing user connect request

---
 domain-server/src/DomainGatekeeper.cpp | 31 ++++++++++++++------------
 domain-server/src/DomainGatekeeper.h   |  5 +++--
 2 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/domain-server/src/DomainGatekeeper.cpp b/domain-server/src/DomainGatekeeper.cpp
index 29667b0fd5..ee8da95d6c 100644
--- a/domain-server/src/DomainGatekeeper.cpp
+++ b/domain-server/src/DomainGatekeeper.cpp
@@ -517,20 +517,15 @@ SharedNodePointer DomainGatekeeper::processAgentConnectRequest(const NodeConnect
 #endif
             return SharedNodePointer();
 
-        } else if (!_verifiedDomainUserIdentities.contains(domainUsername)
-                   || _verifiedDomainUserIdentities[domainUsername] != QPair<QString, QString>(domainAccessToken, domainRefreshToken)) {
-            // ####### TODO: Write a function for the above test.
+        } else if (needToVerifyDomainUserIdentity(domainUsername, domainAccessToken, domainRefreshToken)) {
             // User's domain identity needs to be confirmed.
-            if (_verifiedDomainUserIdentities.contains(domainUsername)) {
-                _verifiedDomainUserIdentities.remove(domainUsername);
-            }
             requestDomainUser(domainUsername, domainAccessToken, domainRefreshToken);
 #ifdef WANT_DEBUG
             qDebug() << "Stalling login because we haven't authenticated user yet:" << domainUsername;
 #endif
 
-        } else if (verifyDomainUserSignature(domainUsername, domainAccessToken, domainRefreshToken, 
-                                             nodeConnection.senderSockAddr)) {
+        } else if (verifyDomainUserIdentity(domainUsername, domainAccessToken, domainRefreshToken, 
+                                            nodeConnection.senderSockAddr)) {
             // User's domain identity is confirmed.
             getDomainGroupMemberships(domainUsername);
             verifiedDomainUsername = domainUsername.toLower();
@@ -758,13 +753,17 @@ bool DomainGatekeeper::verifyUserSignature(const QString& username,
     return false;
 }
 
-// ####### TODO: Rename to verifyDomainUser()?
-bool DomainGatekeeper::verifyDomainUserSignature(const QString& username, const QString& accessToken,
-                                                 const QString& refreshToken, const HifiSockAddr& senderSockAddr) {
 
-    // ####### TODO: Verify response from domain OAuth2 request to WordPress, if it's arrived yet.
-    // ####          Or assume the verification step has already occurred?
-    if (_verifiedDomainUserIdentities.contains(username)) {
+bool DomainGatekeeper::needToVerifyDomainUserIdentity(const QString& username, const QString& accessToken, 
+                                                      const QString& refreshToken) {
+    return !_verifiedDomainUserIdentities.contains(username)
+        || _verifiedDomainUserIdentities.value(username) != QPair<QString, QString>(accessToken, refreshToken);
+}
+
+bool DomainGatekeeper::verifyDomainUserIdentity(const QString& username, const QString& accessToken,
+                                                const QString& refreshToken, const HifiSockAddr& senderSockAddr) {
+    if (_verifiedDomainUserIdentities.contains(username)
+            && _verifiedDomainUserIdentities.value(username) == QPair<QString, QString>(accessToken, refreshToken)) {
         return true;
     }
 
@@ -1236,6 +1235,10 @@ void DomainGatekeeper::requestDomainUser(const QString& username, const QString&
     }
     _inFlightDomainUserIdentityRequests.insert(username, QPair<QString, QString>(accessToken, refreshToken));
 
+    if (_verifiedDomainUserIdentities.contains(username)) {
+        _verifiedDomainUserIdentities.remove(username);
+    }
+
     QString apiBase = _server->_settingsManager.valueForKeyPath(AUTHENTICATION_WORDPRESS_URL_BASE).toString();
     if (!apiBase.endsWith("/")) {
         apiBase += "/";
diff --git a/domain-server/src/DomainGatekeeper.h b/domain-server/src/DomainGatekeeper.h
index eaf20a6285..263d5b853d 100644
--- a/domain-server/src/DomainGatekeeper.h
+++ b/domain-server/src/DomainGatekeeper.h
@@ -90,8 +90,9 @@ private:
     bool verifyUserSignature(const QString& username, const QByteArray& usernameSignature,
                              const HifiSockAddr& senderSockAddr);
     
-    bool verifyDomainUserSignature(const QString& username, const QString& accessToken, const QString& refreshToken,
-                                   const HifiSockAddr& senderSockAddr);
+    bool needToVerifyDomainUserIdentity(const QString& username, const QString& accessToken, const QString& refreshToken);
+    bool verifyDomainUserIdentity(const QString& username, const QString& accessToken, const QString& refreshToken,
+                                  const HifiSockAddr& senderSockAddr);
 
     bool isWithinMaxCapacity();