# File lib/openshift-origin-controller/app/controllers/base_controller.rb, line 41
  def authenticate
    login = nil
    password = nil
    @request_id = gen_req_uuid

    if request.headers['User-Agent'] == "OpenShift"
      if params['broker_auth_key'] && params['broker_auth_iv']
        login = params['broker_auth_key']
        password = params['broker_auth_iv']
      else  
        if request.headers['broker_auth_key'] && request.headers['broker_auth_iv']
          login = request.headers['broker_auth_key']
          password = request.headers['broker_auth_iv']
        end
      end
    end
    if login.nil? or password.nil?
      authenticate_with_http_basic { |u, p|
        login = u
        password = p
      }
    end      
    begin
      auth = OpenShift::AuthService.instance.authenticate(request, login, password)
      @login = auth[:username]
      @auth_method = auth[:auth_method]

      if not request.headers["X-Impersonate-User"].nil?
        @parent_user = CloudUser.find @login
        subuser_name = request.headers["X-Impersonate-User"]

        if @parent_user.nil?
          Rails.logger.debug "#{@login} tried to impersonate user but #{@login} user does not exist"
          raise OpenShift::AccessDeniedException.new "Insufficient privileges to access user #{subuser_name}"
        end

        if @parent_user.capabilities.nil? || !@parent_user.capabilities["subaccounts"] == true
          Rails.logger.debug "#{@parent_user.login} tried to impersonate user but does not have require capability."
          raise OpenShift::AccessDeniedException.new "Insufficient privileges to access user #{subuser_name}"
        end

        sub_user = CloudUser.find subuser_name
        if sub_user && sub_user.parent_user_login != @parent_user.login
          Rails.logger.debug "#{@parent_user.login} tried to impersinate user #{subuser_name} but does not own the subaccount."
          raise OpenShift::AccessDeniedException.new "Insufficient privileges to access user #{subuser_name}"
        end

        if sub_user.nil?
          Rails.logger.debug "Adding user #{subuser_name} as sub user of #{@parent_user.login} ...inside base_controller"
          @cloud_user = CloudUser.new(subuser_name,nil,nil,nil,{},@parent_user.login)
          @cloud_user.parent_user_login = @parent_user.login
          init_user
        else
          @cloud_user = sub_user
        end
      else
        @cloud_user = CloudUser.find @login
        if @cloud_user.nil?
          Rails.logger.debug "Adding user #{@login}...inside base_controller"
          @cloud_user = CloudUser.new(@login)
          init_user
        end
      end
      
      @cloud_user.auth_method = @auth_method unless @cloud_user.nil?
    rescue OpenShift::AccessDeniedException
      log_action(@request_id, 'nil', login, "AUTHENTICATE", true, "Access denied")
      request_http_basic_authentication
    end
  end