From 68280cea8e929b0a16bc6395d8e049cf2284b417 Mon Sep 17 00:00:00 2001
From: Shadowfacts <me@shadowfacts.net>
Date: Mon, 20 May 2019 20:05:54 -0400
Subject: [PATCH] Clean up Fervor authentication plug

---
 lib/frenzy_web/plug/fervor_authenticate.ex | 94 +++++++++++++---------
 1 file changed, 58 insertions(+), 36 deletions(-)

diff --git a/lib/frenzy_web/plug/fervor_authenticate.ex b/lib/frenzy_web/plug/fervor_authenticate.ex
index ba225f2..b0c85cd 100644
--- a/lib/frenzy_web/plug/fervor_authenticate.ex
+++ b/lib/frenzy_web/plug/fervor_authenticate.ex
@@ -1,49 +1,71 @@
 defmodule FrenzyWeb.Plug.FervorAuthenticate do
   import Plug.Conn
-  alias Frenzy.{Repo, ApprovedClient, User}
-  alias FrenzyWeb.Router.Helpers, as: Routes
-  alias FrenzyWeb.Endpoint
+  alias Frenzy.{Repo, User, ApprovedClient}
 
   def init(opts), do: opts
 
   def call(conn, _opts) do
+    with {conn, authorization} when authorization != nil <- get_auth_header(conn),
+         {conn, access_token} when access_token != nil <- get_access_token(conn, authorization),
+         {conn, approved_client} when approved_client != nil <-
+           get_approved_client(conn, access_token) do
+      assign(conn, :user, Repo.get(User, approved_client.user_id))
+    else
+      {conn, _} ->
+        conn
+    end
+  end
+
+  defp get_auth_header(conn) do
     case get_req_header(conn, "authorization") do
       [authorization | _] ->
-        case authorization do
-          "Bearer " <> access_token ->
-            case Repo.get_by(ApprovedClient, access_token: access_token) do
-              nil ->
-                conn
-                |> put_status(401)
-                |> Phoenix.Controller.json(%{
-                  error: "Invalid authorization",
-                  error_description: "The provided access token is not valid."
-                })
-                |> halt()
-
-              approved_client ->
-                assign(conn, :user, Repo.get(User, approved_client.user_id))
-            end
-
-          _ ->
-            conn
-            |> put_status(401)
-            |> Phoenix.Controller.json(%{
-              error: "Invalid authorization",
-              error_description:
-                "The provided Authorization header does notmatc the expected format."
-            })
-            |> halt()
-        end
+        {conn, authorization}
 
       _ ->
-        conn
-        |> put_status(401)
-        |> Phoenix.Controller.json(%{
-          error: "Missing authorization",
-          error_description: "No Authorization header was provided."
-        })
-        |> halt()
+        conn =
+          conn
+          |> put_status(401)
+          |> Phoenix.Controller.json(%{
+            error: "Missing authorization",
+            error_description: "No Authorization header was provided"
+          })
+          |> halt()
+
+        {conn, nil}
+    end
+  end
+
+  defp get_access_token(conn, "Bearer " <> access_token), do: {conn, access_token}
+
+  defp get_access_token(conn, _authorization) do
+    conn =
+      conn
+      |> put_status(401)
+      |> Phoenix.Controller.json(%{
+        error: "Invalid authorization",
+        error_description: "The provided Authorization header does not match the expected format"
+      })
+      |> halt()
+
+    {conn, nil}
+  end
+
+  defp get_approved_client(conn, access_token) do
+    case Repo.get_by(ApprovedClient, access_token: access_token) do
+      nil ->
+        conn =
+          conn
+          |> put_status(400)
+          |> Phoenix.Controller.json(%{
+            error: "Invalid authorization",
+            error_description: "The provided access token is not valid"
+          })
+          |> halt()
+
+        {conn, nil}
+
+      approved_client ->
+        {conn, approved_client}
     end
   end
 end