Refactor method to reduce cognitive complexity

indigo-iam · Sep 28, 2023 · 1a6171c · 1a6171c
1 parent d7d6041
commit 1a6171c
Showing 1 changed file with 42 additions and 20 deletions.
diff --git a/...e/src/main/java/it/infn/mw/iam/core/oauth/profile/wlcg/WLCGProfileAccessTokenBuilder.java b/...e/src/main/java/it/infn/mw/iam/core/oauth/profile/wlcg/WLCGProfileAccessTokenBuilder.java
@@ -61,40 +61,62 @@ public JWTClaimsSet buildAccessToken(OAuth2AccessTokenEntity token,
 
     builder.notBeforeTime(Date.from(issueTime));
 
-    if (!token.getScope().isEmpty()) {
-      builder.claim(SCOPE_CLAIM_NAME, token.getScope().stream().collect(joining(SPACE)));
-    }
-
-    builder.claim(WLCG_VER_CLAIM, PROFILE_VERSION);
+    addScopeClaim(builder, token);
+    addWlcgVerClaim(builder);
 
     if (!isNull(userInfo)) {
       Set<String> groupNames =
           groupHelper.resolveGroupNames(token, ((UserInfoAdapter) userInfo).getUserinfo());
-
-      if (!groupNames.isEmpty()) {
-        builder.claim(WLCGGroupHelper.WLCG_GROUPS_SCOPE, groupNames);
-      }
+      addWlcgGroupsScopeClaim(builder, groupNames);
 
       if (token.getScope().contains(ATTR_SCOPE)) {
-        builder.claim(ATTR_SCOPE, attributeHelper
-          .getAttributeMapFromUserInfo(((UserInfoAdapter) userInfo).getUserinfo()));
+        addAttributeScopeClaim(builder, userInfo);
       }
       if (properties.getAccessToken().isIncludeAuthnInfo()) {
-        if (token.getScope().contains("email")) {
-          builder.claim("email", userInfo.getEmail());
-        }
-        if (token.getScope().contains("profile")) {
-          builder.claim("preferred_username", userInfo.getPreferredUsername());
-          builder.claim("name", userInfo.getName());
-        }
+        addAuthnInfoClaims(builder, token.getScope(), userInfo);
       }
     }
 
+    addAudience(builder, authentication);
+
+    return builder.build();
+  }
+
+  private void addScopeClaim(Builder builder, OAuth2AccessTokenEntity token) {
+    if (!token.getScope().isEmpty()) {
+      builder.claim(SCOPE_CLAIM_NAME, token.getScope().stream().collect(joining(SPACE)));
+    }
+  }
+
+  private void addWlcgVerClaim(Builder builder) {
+    builder.claim(WLCG_VER_CLAIM, PROFILE_VERSION);
+  }
+
+  private void addWlcgGroupsScopeClaim(Builder builder, Set<String> groupNames) {
+    if (!groupNames.isEmpty()) {
+      builder.claim(WLCGGroupHelper.WLCG_GROUPS_SCOPE, groupNames);
+    }
+  }
+
+  private void addAttributeScopeClaim(Builder builder, UserInfo userInfo) {
+    builder.claim(ATTR_SCOPE,
+        attributeHelper.getAttributeMapFromUserInfo(((UserInfoAdapter) userInfo).getUserinfo()));
+  }
+
+  private void addAuthnInfoClaims(Builder builder, Set<String> scopes, UserInfo userInfo) {
+    if (scopes.contains("email")) {
+      builder.claim("email", userInfo.getEmail());
+    }
+    if (scopes.contains("profile")) {
+      builder.claim("preferred_username", userInfo.getPreferredUsername());
+      builder.claim("name", userInfo.getName());
+    }
+  }
+
+  private void addAudience(Builder builder, OAuth2Authentication authentication) {
     if (!hasAudienceRequest(authentication) && !hasRefreshTokenAudienceRequest(authentication)) {
       builder.audience(ALL_AUDIENCES_VALUE);
     }
-
-    return builder.build();
   }
 
 }