Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-10 23:45:44 +01:00
Code Issues Packages Projects Releases Activity

Set parent token id

Browse Source
This commit is contained in:
René Pfeuffer
2018-11-30 09:22:02 +01:00
parent 0b1edaab08
commit 2adcbe5d99
5 changed files with 49 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
scm-webapp/src/main/java/sonia/scm/security/JwtAccessToken.java
View File

@@ -37,6 +37,8 @@ import java.util.Date;
import java.util.Map;
import java.util.Optional;
import static java.util.Optional.ofNullable;
/**
* Jwt implementation of {@link AccessToken}.
*
@@ -44,7 +46,9 @@ import java.util.Optional;
* @since 2.0.0
*/
public final class JwtAccessToken implements AccessToken {
public static final String REFRESHABLE_UNTIL_CLAIM_KEY = "scm-manager.refreshableUntil";
public static final String PARENT_TOKEN_ID_CLAIM_KEY = "scm-manager.parentTokenId";
private final Claims claims;
private final String compact;
@@ -79,8 +83,8 @@ public final class JwtAccessToken implements AccessToken {
}
@Override
public Date getRefreshExpiration() {
return claims.get("scm-manager.refreshableUntil", Date.class);
public Optional<Date> getRefreshExpiration() {
return ofNullable(claims.get(REFRESHABLE_UNTIL_CLAIM_KEY, Date.class));
}
@Override

13
scm-webapp/src/main/java/sonia/scm/security/JwtAccessTokenBuilder.java
View File

@@ -67,6 +67,7 @@ public final class JwtAccessTokenBuilder implements AccessTokenBuilder {
private TimeUnit expiresInUnit = TimeUnit.HOURS;
private long refreshableFor = 12;
private TimeUnit refreshableForUnit = TimeUnit.HOURS;
private String parentKeyId;
private Scope scope = Scope.empty();
private final Map<String,Object> custom = Maps.newHashMap();
@@ -127,6 +128,11 @@ public final class JwtAccessTokenBuilder implements AccessTokenBuilder {
return this;
}
public JwtAccessTokenBuilder parentKey(String parentKeyId) {
this.parentKeyId = parentKeyId;
return this;
}
private String getSubject(){
if (subject == null) {
Subject currentSubject = SecurityUtils.getSubject();
@@ -162,7 +168,12 @@ public final class JwtAccessTokenBuilder implements AccessTokenBuilder {
if (refreshableFor > 0) {
long refreshExpiration = refreshableForUnit.toMillis(refreshableFor);
claims.put("scm-manager.refreshableUntil", new Date(now.getTime() + refreshExpiration).getTime());
claims.put(JwtAccessToken.REFRESHABLE_UNTIL_CLAIM_KEY, new Date(now.getTime() + refreshExpiration).getTime());
}
if (parentKeyId == null) {
claims.put(JwtAccessToken.PARENT_TOKEN_ID_CLAIM_KEY, id);
} else {
claims.put(JwtAccessToken.PARENT_TOKEN_ID_CLAIM_KEY, parentKeyId);
}
if ( issuer != null ) {

15
scm-webapp/src/main/java/sonia/scm/security/JwtAccessTokenRefresher.java
View File

@@ -1,5 +1,8 @@
package sonia.scm.security;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.inject.Inject;
import java.time.Clock;
import java.util.Date;
@@ -9,6 +12,8 @@ import java.util.concurrent.TimeUnit;
public class JwtAccessTokenRefresher {
private static final Logger log = LoggerFactory.getLogger(JwtAccessTokenRefresher.class);
private final JwtAccessTokenBuilderFactory builderFactory;
private final JwtAccessTokenRefreshStrategy refreshStrategy;
private final Clock clock;
@@ -30,8 +35,13 @@ public class JwtAccessTokenRefresher {
claims.forEach(builder::custom);
if (canBeRefreshed(oldToken) && shouldBeRefreshed(oldToken)) {
Optional<Object> parentTokenId = oldToken.getCustom("scm-manager.parentTokenId");
if (!parentTokenId.isPresent()) {
log.warn("no parent token id found in token; could not refresh");
return Optional.empty();
}
builder.expiresIn(1, TimeUnit.HOURS);
// builder.custom("scm-manager.parentTokenId")
builder.parentKey(parentTokenId.get().toString());
return Optional.of(builder.build());
} else {
return Optional.empty();
@@ -47,8 +57,7 @@ public class JwtAccessTokenRefresher {
}
private boolean tokenCanBeRefreshed(JwtAccessToken oldToken) {
Date refreshExpiration = oldToken.getRefreshExpiration();
return refreshExpiration != null && isAfterNow(refreshExpiration);
return oldToken.getRefreshExpiration().map(this::isAfterNow).orElse(false);
}
private boolean tokenIsValid(JwtAccessToken oldToken) {