Merge pull request 'Token expiration added' (#22) from token-expiration into master

Reviewed-on: http://git.plannaplan.pl/filipizydorczyk/backend/pulls/22

buisnesslogic/src/main/java/com/plannaplan/entities/User.java

@@ -1,6 +1,7 @@
 package com.plannaplan.entities;
 
-import java.sql.Date;
+import java.sql.Timestamp;
+import java.util.concurrent.TimeUnit;
 
 import javax.persistence.Entity;
 import javax.persistence.GeneratedValue;
@@ -11,6 +12,8 @@ import com.plannaplan.types.UserRoles;
 
 @Entity
 public class User {
+    private static final float TOKEN_EXPIRE_MINUTES = 15;
+
     @Id
     @GeneratedValue(strategy = GenerationType.AUTO)
     private Long id;
@@ -19,7 +22,7 @@ public class User {
     private String email;
     private UserRoles role;
     private String token;
-    private Date tokenCreatedDate;
+    private Timestamp tokenUsageDate;
 
     public User() {
     }
@@ -39,8 +42,8 @@ public class User {
         this.email = email;
     }
 
-    public Date getTokenCreatedDate() {
-        return tokenCreatedDate;
+    public Timestamp getTokenUsageDate() {
+        return tokenUsageDate;
     }
 
     public String getToken() {
@@ -48,7 +51,7 @@ public class User {
     }
 
     public void setToken(String token) {
-        this.tokenCreatedDate = new Date(System.currentTimeMillis());
+        this.tokenUsageDate = new Timestamp(System.currentTimeMillis());
         this.token = token;
     }
 
@@ -79,4 +82,16 @@ public class User {
     public Long getId() {
         return this.id;
     }
+
+    public boolean isCredentialsNonExpired() {
+        final long diffInMilliseconds = Math
+                .abs(this.tokenUsageDate.getTime() - new Timestamp(System.currentTimeMillis()).getTime());
+        final long minutes = TimeUnit.MILLISECONDS.toMinutes(diffInMilliseconds);
+
+        if (minutes > TOKEN_EXPIRE_MINUTES) {
+            return false;
+        }
+        this.tokenUsageDate = new Timestamp(System.currentTimeMillis());
+        return true;
+    }
 }

buisnesslogic/src/main/java/com/plannaplan/exceptions/TokenExpiredException.java

@@ -0,0 +1,13 @@
+package com.plannaplan.exceptions;
+
+public class TokenExpiredException extends RuntimeException {
+    /**
+     *
+     */
+    private static final long serialVersionUID = 1L;
+
+    public TokenExpiredException(String message) {
+        super(message);
+    }
+
+}

buisnesslogic/src/test/java/com/plannaplan/entities/UserTest.java

@@ -0,0 +1,71 @@
+package com.plannaplan.entities;
+
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.lang.reflect.Field;
+import java.sql.Timestamp;
+import java.util.concurrent.TimeUnit;
+
+import org.junit.Test;
+
+public class UserTest {
+
+    @Test
+    public void shouldResturnTokenIsNotExpired() {
+        final User user = new User();
+        user.setToken("testowy-bezpieczny-token");
+        assertTrue(user.isCredentialsNonExpired(), "Credential shouldnt expire yet");
+
+        long minutes = this.getMinutesDiff(user.getTokenUsageDate());
+
+        assertTrue(minutes == 0, "Should update last token usage");
+
+    }
+
+    @Test
+    public void shouldResturnTokenIsNotExpiredWithLessThan15minutes()
+            throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
+
+        final User user = new User();
+        user.setToken("testowy-bezpieczny-token");
+        this.setLastTokenUsage(user, new Timestamp(System.currentTimeMillis() - (6 * 60 * 1000)));
+
+        assertTrue(user.isCredentialsNonExpired(), "Credential shouldnt expire yet");
+
+        final long minutes = this.getMinutesDiff(user.getTokenUsageDate());
+        assertTrue(minutes == 0, "Should update last token usage");
+    }
+
+    @Test
+    public void shouldResturnTokenIsExpired()
+            throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
+
+        final User user = new User();
+        user.setToken("testowy-bezpieczny-token");
+        this.setLastTokenUsage(user, new Timestamp(System.currentTimeMillis() - (25 * 60 * 1000)));
+
+        assertFalse(user.isCredentialsNonExpired(), "Credential should expire");
+
+        final long diffInMilliseconds = Math
+                .abs(user.getTokenUsageDate().getTime() - new Timestamp(System.currentTimeMillis()).getTime());
+        final long minutes = TimeUnit.MILLISECONDS.toMinutes(diffInMilliseconds);
+
+        assertTrue(minutes > 0, "Shouldn't update last token usage");
+    }
+
+    private long getMinutesDiff(Timestamp timestamp) {
+        final long diffInMilliseconds = Math
+                .abs(timestamp.getTime() - new Timestamp(System.currentTimeMillis()).getTime());
+        final long minutes = TimeUnit.MILLISECONDS.toMinutes(diffInMilliseconds);
+        return minutes;
+    }
+
+    private void setLastTokenUsage(User user, Timestamp timestampToSet)
+            throws IllegalArgumentException, IllegalAccessException, NoSuchFieldException, SecurityException {
+        Field reader = User.class.getDeclaredField("tokenUsageDate");
+        reader.setAccessible(true);
+        reader.set(user, timestampToSet);
+    }
+
+}

restservice/src/main/java/com/plannaplan/security/AuthenticationProvider.java

@@ -70,8 +70,11 @@ public class AuthenticationProvider extends AbstractUserDetailsAuthenticationPro
 
             @Override
             public boolean isCredentialsNonExpired() {
-                // is being done in other task
-                return true;
+                if (user.isCredentialsNonExpired()) {
+                    userService.save(user);
+                    return true;
+                }
+                return false;
             }
 
             @Override