Token expiration added

This commit is contained in:
BuildTools 2020-11-07 16:30:25 +01:00
parent bd4591f442
commit 62bbf148b2
3 changed files with 92 additions and 7 deletions

View File

@ -1,6 +1,7 @@
package com.plannaplan.entities;
import java.sql.Date;
import java.sql.Timestamp;
import java.util.concurrent.TimeUnit;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
@ -11,6 +12,8 @@ import com.plannaplan.types.UserRoles;
@Entity
public class User {
private static final float TOKEN_EXPIRE_MINUTES = 15;
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private Long id;
@ -19,7 +22,7 @@ public class User {
private String email;
private UserRoles role;
private String token;
private Date tokenCreatedDate;
private Timestamp tokenUsageDate;
public User() {
}
@ -39,8 +42,8 @@ public class User {
this.email = email;
}
public Date getTokenCreatedDate() {
return tokenCreatedDate;
public Timestamp getTokenUsageDate() {
return tokenUsageDate;
}
public String getToken() {
@ -48,7 +51,7 @@ public class User {
}
public void setToken(String token) {
this.tokenCreatedDate = new Date(System.currentTimeMillis());
this.tokenUsageDate = new Timestamp(System.currentTimeMillis());
this.token = token;
}
@ -79,4 +82,16 @@ public class User {
public Long getId() {
return this.id;
}
public boolean isCredentialsNonExpired() {
final long diffInMilliseconds = Math
.abs(this.tokenUsageDate.getTime() - new Timestamp(System.currentTimeMillis()).getTime());
final long minutes = TimeUnit.MILLISECONDS.toMinutes(diffInMilliseconds);
if (minutes > TOKEN_EXPIRE_MINUTES) {
return false;
}
this.tokenUsageDate = new Timestamp(System.currentTimeMillis());
return true;
}
}

View File

@ -0,0 +1,71 @@
package com.plannaplan.entities;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.lang.reflect.Field;
import java.sql.Timestamp;
import java.util.concurrent.TimeUnit;
import org.junit.Test;
public class UserTest {
@Test
public void shouldResturnTokenIsNotExpired() {
final User user = new User();
user.setToken("testowy-bezpieczny-token");
assertTrue(user.isCredentialsNonExpired(), "Credential shouldnt expire yet");
long minutes = this.getMinutesDiff(user.getTokenUsageDate());
assertTrue(minutes == 0, "Should update last token usage");
}
@Test
public void shouldResturnTokenIsNotExpiredWithLessThan15minutes()
throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
final User user = new User();
user.setToken("testowy-bezpieczny-token");
this.setLastTokenUsage(user, new Timestamp(System.currentTimeMillis() - (6 * 60 * 1000)));
assertTrue(user.isCredentialsNonExpired(), "Credential shouldnt expire yet");
final long minutes = this.getMinutesDiff(user.getTokenUsageDate());
assertTrue(minutes == 0, "Should update last token usage");
}
@Test
public void shouldResturnTokenIsExpired()
throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
final User user = new User();
user.setToken("testowy-bezpieczny-token");
this.setLastTokenUsage(user, new Timestamp(System.currentTimeMillis() - (25 * 60 * 1000)));
assertFalse(user.isCredentialsNonExpired(), "Credential should expire");
final long diffInMilliseconds = Math
.abs(user.getTokenUsageDate().getTime() - new Timestamp(System.currentTimeMillis()).getTime());
final long minutes = TimeUnit.MILLISECONDS.toMinutes(diffInMilliseconds);
assertTrue(minutes > 0, "Shouldn't update last token usage");
}
private long getMinutesDiff(Timestamp timestamp) {
final long diffInMilliseconds = Math
.abs(timestamp.getTime() - new Timestamp(System.currentTimeMillis()).getTime());
final long minutes = TimeUnit.MILLISECONDS.toMinutes(diffInMilliseconds);
return minutes;
}
private void setLastTokenUsage(User user, Timestamp timestampToSet)
throws IllegalArgumentException, IllegalAccessException, NoSuchFieldException, SecurityException {
Field reader = User.class.getDeclaredField("tokenUsageDate");
reader.setAccessible(true);
reader.set(user, timestampToSet);
}
}

View File

@ -70,8 +70,7 @@ public class AuthenticationProvider extends AbstractUserDetailsAuthenticationPro
@Override
public boolean isCredentialsNonExpired() {
// is being done in other task
return true;
return user.isCredentialsNonExpired();
}
@Override