diff --git a/buisnesslogic/src/main/java/com/plannaplan/entities/User.java b/buisnesslogic/src/main/java/com/plannaplan/entities/User.java index d62384c..d608a90 100755 --- a/buisnesslogic/src/main/java/com/plannaplan/entities/User.java +++ b/buisnesslogic/src/main/java/com/plannaplan/entities/User.java @@ -1,6 +1,7 @@ package com.plannaplan.entities; -import java.sql.Date; +import java.sql.Timestamp; +import java.util.concurrent.TimeUnit; import javax.persistence.Entity; import javax.persistence.GeneratedValue; @@ -11,6 +12,8 @@ import com.plannaplan.types.UserRoles; @Entity public class User { + private static final float TOKEN_EXPIRE_MINUTES = 15; + @Id @GeneratedValue(strategy = GenerationType.AUTO) private Long id; @@ -19,7 +22,7 @@ public class User { private String email; private UserRoles role; private String token; - private Date tokenCreatedDate; + private Timestamp tokenUsageDate; public User() { } @@ -39,8 +42,8 @@ public class User { this.email = email; } - public Date getTokenCreatedDate() { - return tokenCreatedDate; + public Timestamp getTokenUsageDate() { + return tokenUsageDate; } public String getToken() { @@ -48,7 +51,7 @@ public class User { } public void setToken(String token) { - this.tokenCreatedDate = new Date(System.currentTimeMillis()); + this.tokenUsageDate = new Timestamp(System.currentTimeMillis()); this.token = token; } @@ -79,4 +82,16 @@ public class User { public Long getId() { return this.id; } + + public boolean isCredentialsNonExpired() { + final long diffInMilliseconds = Math + .abs(this.tokenUsageDate.getTime() - new Timestamp(System.currentTimeMillis()).getTime()); + final long minutes = TimeUnit.MILLISECONDS.toMinutes(diffInMilliseconds); + + if (minutes > TOKEN_EXPIRE_MINUTES) { + return false; + } + this.tokenUsageDate = new Timestamp(System.currentTimeMillis()); + return true; + } } \ No newline at end of file diff --git a/buisnesslogic/src/test/java/com/plannaplan/entities/UserTest.java b/buisnesslogic/src/test/java/com/plannaplan/entities/UserTest.java new file mode 100755 index 0000000..1ea9bcc --- /dev/null +++ b/buisnesslogic/src/test/java/com/plannaplan/entities/UserTest.java @@ -0,0 +1,71 @@ +package com.plannaplan.entities; + +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import java.lang.reflect.Field; +import java.sql.Timestamp; +import java.util.concurrent.TimeUnit; + +import org.junit.Test; + +public class UserTest { + + @Test + public void shouldResturnTokenIsNotExpired() { + final User user = new User(); + user.setToken("testowy-bezpieczny-token"); + assertTrue(user.isCredentialsNonExpired(), "Credential shouldnt expire yet"); + + long minutes = this.getMinutesDiff(user.getTokenUsageDate()); + + assertTrue(minutes == 0, "Should update last token usage"); + + } + + @Test + public void shouldResturnTokenIsNotExpiredWithLessThan15minutes() + throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException { + + final User user = new User(); + user.setToken("testowy-bezpieczny-token"); + this.setLastTokenUsage(user, new Timestamp(System.currentTimeMillis() - (6 * 60 * 1000))); + + assertTrue(user.isCredentialsNonExpired(), "Credential shouldnt expire yet"); + + final long minutes = this.getMinutesDiff(user.getTokenUsageDate()); + assertTrue(minutes == 0, "Should update last token usage"); + } + + @Test + public void shouldResturnTokenIsExpired() + throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException { + + final User user = new User(); + user.setToken("testowy-bezpieczny-token"); + this.setLastTokenUsage(user, new Timestamp(System.currentTimeMillis() - (25 * 60 * 1000))); + + assertFalse(user.isCredentialsNonExpired(), "Credential should expire"); + + final long diffInMilliseconds = Math + .abs(user.getTokenUsageDate().getTime() - new Timestamp(System.currentTimeMillis()).getTime()); + final long minutes = TimeUnit.MILLISECONDS.toMinutes(diffInMilliseconds); + + assertTrue(minutes > 0, "Shouldn't update last token usage"); + } + + private long getMinutesDiff(Timestamp timestamp) { + final long diffInMilliseconds = Math + .abs(timestamp.getTime() - new Timestamp(System.currentTimeMillis()).getTime()); + final long minutes = TimeUnit.MILLISECONDS.toMinutes(diffInMilliseconds); + return minutes; + } + + private void setLastTokenUsage(User user, Timestamp timestampToSet) + throws IllegalArgumentException, IllegalAccessException, NoSuchFieldException, SecurityException { + Field reader = User.class.getDeclaredField("tokenUsageDate"); + reader.setAccessible(true); + reader.set(user, timestampToSet); + } + +} diff --git a/restservice/src/main/java/com/plannaplan/security/AuthenticationProvider.java b/restservice/src/main/java/com/plannaplan/security/AuthenticationProvider.java index ee27492..562609d 100755 --- a/restservice/src/main/java/com/plannaplan/security/AuthenticationProvider.java +++ b/restservice/src/main/java/com/plannaplan/security/AuthenticationProvider.java @@ -70,8 +70,7 @@ public class AuthenticationProvider extends AbstractUserDetailsAuthenticationPro @Override public boolean isCredentialsNonExpired() { - // is being done in other task - return true; + return user.isCredentialsNonExpired(); } @Override