mirror of
https://github.com/scm-manager/scm-manager.git
synced 2025-11-15 09:46:16 +01:00
Inject clocks for tests
This commit is contained in:
René Pfeuffer
@@ -87,6 +87,10 @@ public final class JwtAccessToken implements AccessToken {
|
||||
return ofNullable(claims.get(REFRESHABLE_UNTIL_CLAIM_KEY, Date.class));
|
||||
}
|
||||
|
||||
public Optional<String> getParentKey() {
|
||||
return ofNullable(claims.get(PARENT_TOKEN_ID_CLAIM_KEY).toString());
|
||||
}
|
||||
|
||||
@Override
|
||||
public Scope getScope() {
|
||||
return Scopes.fromClaims(claims);
|
||||
|
||||
@@ -36,6 +36,9 @@ import com.google.common.collect.Maps;
|
||||
import io.jsonwebtoken.Claims;
|
||||
import io.jsonwebtoken.Jwts;
|
||||
import io.jsonwebtoken.SignatureAlgorithm;
|
||||
|
||||
import java.time.Clock;
|
||||
import java.time.Instant;
|
||||
import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
@@ -60,6 +63,7 @@ public final class JwtAccessTokenBuilder implements AccessTokenBuilder {
|
||||
|
||||
private final KeyGenerator keyGenerator;
|
||||
private final SecureKeyResolver keyResolver;
|
||||
private final Clock clock;
|
||||
|
||||
private String subject;
|
||||
private String issuer;
|
||||
@@ -72,9 +76,10 @@ public final class JwtAccessTokenBuilder implements AccessTokenBuilder {
|
||||
|
||||
private final Map<String,Object> custom = Maps.newHashMap();
|
||||
|
||||
JwtAccessTokenBuilder(KeyGenerator keyGenerator, SecureKeyResolver keyResolver) {
|
||||
JwtAccessTokenBuilder(KeyGenerator keyGenerator, SecureKeyResolver keyResolver, Clock clock) {
|
||||
this.keyGenerator = keyGenerator;
|
||||
this.keyResolver = keyResolver;
|
||||
this.clock = clock;
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -157,18 +162,19 @@ public final class JwtAccessTokenBuilder implements AccessTokenBuilder {
|
||||
// add scope to custom claims
|
||||
Scopes.toClaims(customClaims, scope);
|
||||
|
||||
Date now = new Date();
|
||||
Instant now = clock.instant();
|
||||
long expiration = expiresInUnit.toMillis(expiresIn);
|
||||
|
||||
Claims claims = Jwts.claims(customClaims)
|
||||
.setSubject(sub)
|
||||
.setId(id)
|
||||
.setIssuedAt(now)
|
||||
.setExpiration(new Date(now.getTime() + expiration));
|
||||
.setIssuedAt(Date.from(now))
|
||||
.setExpiration(new Date(now.toEpochMilli() + expiration));
|
||||
|
||||
|
||||
if (refreshableFor > 0) {
|
||||
long refreshExpiration = refreshableForUnit.toMillis(refreshableFor);
|
||||
claims.put(JwtAccessToken.REFRESHABLE_UNTIL_CLAIM_KEY, new Date(now.getTime() + refreshExpiration).getTime());
|
||||
claims.put(JwtAccessToken.REFRESHABLE_UNTIL_CLAIM_KEY, new Date(now.toEpochMilli() + refreshExpiration).getTime());
|
||||
}
|
||||
if (parentKeyId == null) {
|
||||
claims.put(JwtAccessToken.PARENT_TOKEN_ID_CLAIM_KEY, id);
|
||||
|
||||
@@ -30,6 +30,7 @@
|
||||
*/
|
||||
package sonia.scm.security;
|
||||
|
||||
import java.time.Clock;
|
||||
import java.util.Set;
|
||||
import javax.inject.Inject;
|
||||
import sonia.scm.plugin.Extension;
|
||||
@@ -46,19 +47,25 @@ public final class JwtAccessTokenBuilderFactory implements AccessTokenBuilderFac
|
||||
private final KeyGenerator keyGenerator;
|
||||
private final SecureKeyResolver keyResolver;
|
||||
private final Set<AccessTokenEnricher> enrichers;
|
||||
private final Clock clock;
|
||||
|
||||
@Inject
|
||||
public JwtAccessTokenBuilderFactory(
|
||||
KeyGenerator keyGenerator, SecureKeyResolver keyResolver, Set<AccessTokenEnricher> enrichers
|
||||
) {
|
||||
KeyGenerator keyGenerator, SecureKeyResolver keyResolver, Set<AccessTokenEnricher> enrichers) {
|
||||
this(keyGenerator, keyResolver, enrichers, Clock.systemDefaultZone());
|
||||
}
|
||||
|
||||
JwtAccessTokenBuilderFactory(
|
||||
KeyGenerator keyGenerator, SecureKeyResolver keyResolver, Set<AccessTokenEnricher> enrichers, Clock clock) {
|
||||
this.keyGenerator = keyGenerator;
|
||||
this.keyResolver = keyResolver;
|
||||
this.enrichers = enrichers;
|
||||
this.clock = clock;
|
||||
}
|
||||
|
||||
@Override
|
||||
public JwtAccessTokenBuilder create() {
|
||||
JwtAccessTokenBuilder builder = new JwtAccessTokenBuilder(keyGenerator, keyResolver);
|
||||
JwtAccessTokenBuilder builder = new JwtAccessTokenBuilder(keyGenerator, keyResolver, clock);
|
||||
|
||||
// enrich access token builder
|
||||
enrichers.forEach((enricher) -> {
|
||||
|
||||
@@ -29,6 +29,9 @@ import static org.mockito.Mockito.when;
|
||||
@RunWith(MockitoJUnitRunner.class)
|
||||
public class JwtAccessTokenRefresherTest {
|
||||
|
||||
private static final Instant NOW = Instant.now();
|
||||
private static final Instant TOKEN_CREATION = NOW.minus(ofMinutes(1));
|
||||
|
||||
@Rule
|
||||
public ShiroRule shiro = new ShiroRule();
|
||||
|
||||
@@ -37,7 +40,9 @@ public class JwtAccessTokenRefresherTest {
|
||||
@Mock
|
||||
private JwtAccessTokenRefreshStrategy refreshStrategy;
|
||||
@Mock
|
||||
private Clock clock;
|
||||
private Clock refreshClock;
|
||||
@Mock
|
||||
private Clock creationClock;
|
||||
|
||||
private KeyGenerator keyGenerator = () -> "key";
|
||||
|
||||
@@ -51,10 +56,11 @@ public class JwtAccessTokenRefresherTest {
|
||||
SecureKey secureKey = new SecureKey(bytes, System.currentTimeMillis());
|
||||
when(keyResolver.getSecureKey(any())).thenReturn(secureKey);
|
||||
|
||||
JwtAccessTokenBuilderFactory builderFactory = new JwtAccessTokenBuilderFactory(keyGenerator, keyResolver, Collections.emptySet());
|
||||
refresher = new JwtAccessTokenRefresher(builderFactory, refreshStrategy, clock);
|
||||
JwtAccessTokenBuilderFactory builderFactory = new JwtAccessTokenBuilderFactory(keyGenerator, keyResolver, Collections.emptySet(), creationClock);
|
||||
refresher = new JwtAccessTokenRefresher(builderFactory, refreshStrategy, refreshClock);
|
||||
tokenBuilder = builderFactory.create();
|
||||
when(clock.instant()).thenAnswer(invocationOnMock -> Instant.now());
|
||||
when(creationClock.instant()).thenReturn(TOKEN_CREATION);
|
||||
when(refreshClock.instant()).thenReturn(NOW);
|
||||
when(refreshStrategy.shouldBeRefreshed(any())).thenReturn(true);
|
||||
|
||||
// set default expiration values
|
||||
@@ -76,8 +82,8 @@ public class JwtAccessTokenRefresherTest {
|
||||
|
||||
@Test
|
||||
public void shouldNotRefreshTokenWhenTokenExpired() {
|
||||
Instant afterNormalExpiration = Instant.now().plus(ofMinutes(6));
|
||||
when(clock.instant()).thenReturn(afterNormalExpiration);
|
||||
Instant afterNormalExpiration = NOW.plus(ofMinutes(6));
|
||||
when(refreshClock.instant()).thenReturn(afterNormalExpiration);
|
||||
JwtAccessToken oldToken = tokenBuilder.build();
|
||||
|
||||
Optional<JwtAccessToken> refreshedToken = refresher.refresh(oldToken);
|
||||
@@ -88,7 +94,7 @@ public class JwtAccessTokenRefresherTest {
|
||||
@Test
|
||||
public void shouldNotRefreshTokenWhenRefreshExpired() {
|
||||
Instant afterRefreshExpiration = Instant.now().plus(ofMinutes(2));
|
||||
when(clock.instant()).thenReturn(afterRefreshExpiration);
|
||||
when(refreshClock.instant()).thenReturn(afterRefreshExpiration);
|
||||
JwtAccessToken oldToken = tokenBuilder
|
||||
.refreshableFor(1, MINUTES)
|
||||
.build();
|
||||
@@ -109,14 +115,14 @@ public class JwtAccessTokenRefresherTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldRefreshTokenWithEnabledRefresh() {
|
||||
public void shouldRefreshTokenWithCorrectClaims() {
|
||||
JwtAccessToken oldToken = tokenBuilder.build();
|
||||
when(refreshStrategy.shouldBeRefreshed(oldToken)).thenReturn(true);
|
||||
|
||||
Optional<JwtAccessToken> refreshedToken = refresher.refresh(oldToken);
|
||||
Optional<JwtAccessToken> refreshedTokenResult = refresher.refresh(oldToken);
|
||||
|
||||
assertThat(refreshedToken).isNotEmpty();
|
||||
assertThat(refreshedToken.get().getClaims())
|
||||
.containsEntry(JwtAccessToken.PARENT_TOKEN_ID_CLAIM_KEY, "key");
|
||||
assertThat(refreshedTokenResult).isNotEmpty();
|
||||
JwtAccessToken refreshedToken = refreshedTokenResult.get();
|
||||
assertThat(refreshedToken.getParentKey()).get().isEqualTo("key");
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user