Token expiration added
This commit is contained in:
parent
bd4591f442
commit
62bbf148b2
@ -1,6 +1,7 @@
|
|||||||
package com.plannaplan.entities;
|
package com.plannaplan.entities;
|
||||||
|
|
||||||
import java.sql.Date;
|
import java.sql.Timestamp;
|
||||||
|
import java.util.concurrent.TimeUnit;
|
||||||
|
|
||||||
import javax.persistence.Entity;
|
import javax.persistence.Entity;
|
||||||
import javax.persistence.GeneratedValue;
|
import javax.persistence.GeneratedValue;
|
||||||
@ -11,6 +12,8 @@ import com.plannaplan.types.UserRoles;
|
|||||||
|
|
||||||
@Entity
|
@Entity
|
||||||
public class User {
|
public class User {
|
||||||
|
private static final float TOKEN_EXPIRE_MINUTES = 15;
|
||||||
|
|
||||||
@Id
|
@Id
|
||||||
@GeneratedValue(strategy = GenerationType.AUTO)
|
@GeneratedValue(strategy = GenerationType.AUTO)
|
||||||
private Long id;
|
private Long id;
|
||||||
@ -19,7 +22,7 @@ public class User {
|
|||||||
private String email;
|
private String email;
|
||||||
private UserRoles role;
|
private UserRoles role;
|
||||||
private String token;
|
private String token;
|
||||||
private Date tokenCreatedDate;
|
private Timestamp tokenUsageDate;
|
||||||
|
|
||||||
public User() {
|
public User() {
|
||||||
}
|
}
|
||||||
@ -39,8 +42,8 @@ public class User {
|
|||||||
this.email = email;
|
this.email = email;
|
||||||
}
|
}
|
||||||
|
|
||||||
public Date getTokenCreatedDate() {
|
public Timestamp getTokenUsageDate() {
|
||||||
return tokenCreatedDate;
|
return tokenUsageDate;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getToken() {
|
public String getToken() {
|
||||||
@ -48,7 +51,7 @@ public class User {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public void setToken(String token) {
|
public void setToken(String token) {
|
||||||
this.tokenCreatedDate = new Date(System.currentTimeMillis());
|
this.tokenUsageDate = new Timestamp(System.currentTimeMillis());
|
||||||
this.token = token;
|
this.token = token;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -79,4 +82,16 @@ public class User {
|
|||||||
public Long getId() {
|
public Long getId() {
|
||||||
return this.id;
|
return this.id;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean isCredentialsNonExpired() {
|
||||||
|
final long diffInMilliseconds = Math
|
||||||
|
.abs(this.tokenUsageDate.getTime() - new Timestamp(System.currentTimeMillis()).getTime());
|
||||||
|
final long minutes = TimeUnit.MILLISECONDS.toMinutes(diffInMilliseconds);
|
||||||
|
|
||||||
|
if (minutes > TOKEN_EXPIRE_MINUTES) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
this.tokenUsageDate = new Timestamp(System.currentTimeMillis());
|
||||||
|
return true;
|
||||||
|
}
|
||||||
}
|
}
|
71
buisnesslogic/src/test/java/com/plannaplan/entities/UserTest.java
Executable file
71
buisnesslogic/src/test/java/com/plannaplan/entities/UserTest.java
Executable file
@ -0,0 +1,71 @@
|
|||||||
|
package com.plannaplan.entities;
|
||||||
|
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||||
|
|
||||||
|
import java.lang.reflect.Field;
|
||||||
|
import java.sql.Timestamp;
|
||||||
|
import java.util.concurrent.TimeUnit;
|
||||||
|
|
||||||
|
import org.junit.Test;
|
||||||
|
|
||||||
|
public class UserTest {
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void shouldResturnTokenIsNotExpired() {
|
||||||
|
final User user = new User();
|
||||||
|
user.setToken("testowy-bezpieczny-token");
|
||||||
|
assertTrue(user.isCredentialsNonExpired(), "Credential shouldnt expire yet");
|
||||||
|
|
||||||
|
long minutes = this.getMinutesDiff(user.getTokenUsageDate());
|
||||||
|
|
||||||
|
assertTrue(minutes == 0, "Should update last token usage");
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void shouldResturnTokenIsNotExpiredWithLessThan15minutes()
|
||||||
|
throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
|
||||||
|
|
||||||
|
final User user = new User();
|
||||||
|
user.setToken("testowy-bezpieczny-token");
|
||||||
|
this.setLastTokenUsage(user, new Timestamp(System.currentTimeMillis() - (6 * 60 * 1000)));
|
||||||
|
|
||||||
|
assertTrue(user.isCredentialsNonExpired(), "Credential shouldnt expire yet");
|
||||||
|
|
||||||
|
final long minutes = this.getMinutesDiff(user.getTokenUsageDate());
|
||||||
|
assertTrue(minutes == 0, "Should update last token usage");
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void shouldResturnTokenIsExpired()
|
||||||
|
throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
|
||||||
|
|
||||||
|
final User user = new User();
|
||||||
|
user.setToken("testowy-bezpieczny-token");
|
||||||
|
this.setLastTokenUsage(user, new Timestamp(System.currentTimeMillis() - (25 * 60 * 1000)));
|
||||||
|
|
||||||
|
assertFalse(user.isCredentialsNonExpired(), "Credential should expire");
|
||||||
|
|
||||||
|
final long diffInMilliseconds = Math
|
||||||
|
.abs(user.getTokenUsageDate().getTime() - new Timestamp(System.currentTimeMillis()).getTime());
|
||||||
|
final long minutes = TimeUnit.MILLISECONDS.toMinutes(diffInMilliseconds);
|
||||||
|
|
||||||
|
assertTrue(minutes > 0, "Shouldn't update last token usage");
|
||||||
|
}
|
||||||
|
|
||||||
|
private long getMinutesDiff(Timestamp timestamp) {
|
||||||
|
final long diffInMilliseconds = Math
|
||||||
|
.abs(timestamp.getTime() - new Timestamp(System.currentTimeMillis()).getTime());
|
||||||
|
final long minutes = TimeUnit.MILLISECONDS.toMinutes(diffInMilliseconds);
|
||||||
|
return minutes;
|
||||||
|
}
|
||||||
|
|
||||||
|
private void setLastTokenUsage(User user, Timestamp timestampToSet)
|
||||||
|
throws IllegalArgumentException, IllegalAccessException, NoSuchFieldException, SecurityException {
|
||||||
|
Field reader = User.class.getDeclaredField("tokenUsageDate");
|
||||||
|
reader.setAccessible(true);
|
||||||
|
reader.set(user, timestampToSet);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -70,8 +70,7 @@ public class AuthenticationProvider extends AbstractUserDetailsAuthenticationPro
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isCredentialsNonExpired() {
|
public boolean isCredentialsNonExpired() {
|
||||||
// is being done in other task
|
return user.isCredentialsNonExpired();
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
Loading…
Reference in New Issue
Block a user