Merge pull request 'Token expiration added' (#22) from token-expiration into master

Reviewed-on: http://git.plannaplan.pl/filipizydorczyk/backend/pulls/22
This commit is contained in:
Marcin Woźniak 2020-11-11 14:08:12 +01:00
commit 1ddeb83cb4
4 changed files with 109 additions and 7 deletions

View File

@ -1,6 +1,7 @@
package com.plannaplan.entities; package com.plannaplan.entities;
import java.sql.Date; import java.sql.Timestamp;
import java.util.concurrent.TimeUnit;
import javax.persistence.Entity; import javax.persistence.Entity;
import javax.persistence.GeneratedValue; import javax.persistence.GeneratedValue;
@ -11,6 +12,8 @@ import com.plannaplan.types.UserRoles;
@Entity @Entity
public class User { public class User {
private static final float TOKEN_EXPIRE_MINUTES = 15;
@Id @Id
@GeneratedValue(strategy = GenerationType.AUTO) @GeneratedValue(strategy = GenerationType.AUTO)
private Long id; private Long id;
@ -19,7 +22,7 @@ public class User {
private String email; private String email;
private UserRoles role; private UserRoles role;
private String token; private String token;
private Date tokenCreatedDate; private Timestamp tokenUsageDate;
public User() { public User() {
} }
@ -39,8 +42,8 @@ public class User {
this.email = email; this.email = email;
} }
public Date getTokenCreatedDate() { public Timestamp getTokenUsageDate() {
return tokenCreatedDate; return tokenUsageDate;
} }
public String getToken() { public String getToken() {
@ -48,7 +51,7 @@ public class User {
} }
public void setToken(String token) { public void setToken(String token) {
this.tokenCreatedDate = new Date(System.currentTimeMillis()); this.tokenUsageDate = new Timestamp(System.currentTimeMillis());
this.token = token; this.token = token;
} }
@ -79,4 +82,16 @@ public class User {
public Long getId() { public Long getId() {
return this.id; return this.id;
} }
public boolean isCredentialsNonExpired() {
final long diffInMilliseconds = Math
.abs(this.tokenUsageDate.getTime() - new Timestamp(System.currentTimeMillis()).getTime());
final long minutes = TimeUnit.MILLISECONDS.toMinutes(diffInMilliseconds);
if (minutes > TOKEN_EXPIRE_MINUTES) {
return false;
}
this.tokenUsageDate = new Timestamp(System.currentTimeMillis());
return true;
}
} }

View File

@ -0,0 +1,13 @@
package com.plannaplan.exceptions;
public class TokenExpiredException extends RuntimeException {
/**
*
*/
private static final long serialVersionUID = 1L;
public TokenExpiredException(String message) {
super(message);
}
}

View File

@ -0,0 +1,71 @@
package com.plannaplan.entities;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.lang.reflect.Field;
import java.sql.Timestamp;
import java.util.concurrent.TimeUnit;
import org.junit.Test;
public class UserTest {
@Test
public void shouldResturnTokenIsNotExpired() {
final User user = new User();
user.setToken("testowy-bezpieczny-token");
assertTrue(user.isCredentialsNonExpired(), "Credential shouldnt expire yet");
long minutes = this.getMinutesDiff(user.getTokenUsageDate());
assertTrue(minutes == 0, "Should update last token usage");
}
@Test
public void shouldResturnTokenIsNotExpiredWithLessThan15minutes()
throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
final User user = new User();
user.setToken("testowy-bezpieczny-token");
this.setLastTokenUsage(user, new Timestamp(System.currentTimeMillis() - (6 * 60 * 1000)));
assertTrue(user.isCredentialsNonExpired(), "Credential shouldnt expire yet");
final long minutes = this.getMinutesDiff(user.getTokenUsageDate());
assertTrue(minutes == 0, "Should update last token usage");
}
@Test
public void shouldResturnTokenIsExpired()
throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
final User user = new User();
user.setToken("testowy-bezpieczny-token");
this.setLastTokenUsage(user, new Timestamp(System.currentTimeMillis() - (25 * 60 * 1000)));
assertFalse(user.isCredentialsNonExpired(), "Credential should expire");
final long diffInMilliseconds = Math
.abs(user.getTokenUsageDate().getTime() - new Timestamp(System.currentTimeMillis()).getTime());
final long minutes = TimeUnit.MILLISECONDS.toMinutes(diffInMilliseconds);
assertTrue(minutes > 0, "Shouldn't update last token usage");
}
private long getMinutesDiff(Timestamp timestamp) {
final long diffInMilliseconds = Math
.abs(timestamp.getTime() - new Timestamp(System.currentTimeMillis()).getTime());
final long minutes = TimeUnit.MILLISECONDS.toMinutes(diffInMilliseconds);
return minutes;
}
private void setLastTokenUsage(User user, Timestamp timestampToSet)
throws IllegalArgumentException, IllegalAccessException, NoSuchFieldException, SecurityException {
Field reader = User.class.getDeclaredField("tokenUsageDate");
reader.setAccessible(true);
reader.set(user, timestampToSet);
}
}

View File

@ -70,8 +70,11 @@ public class AuthenticationProvider extends AbstractUserDetailsAuthenticationPro
@Override @Override
public boolean isCredentialsNonExpired() { public boolean isCredentialsNonExpired() {
// is being done in other task if (user.isCredentialsNonExpired()) {
return true; userService.save(user);
return true;
}
return false;
} }
@Override @Override