fix of expiration time for JWT token

oaplatform · Dec 6, 2023 · 9c52a0f · 9c52a0f
1 parent 9c064c5
commit 9c52a0f
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 4 deletions.
diff --git a/oap-ws-sso-api/src/main/java/oap/ws/sso/JwtTokenGenerator.java b/oap-ws-sso-api/src/main/java/oap/ws/sso/JwtTokenGenerator.java
@@ -54,7 +54,7 @@ public Pair<Date, String> generateAccessToken( User user ) throws JWTCreationExc
             .withClaim( "user", user.getEmail() )
             .withClaim( "roles", user.getRoles() )
             .withIssuer( issuer )
-            .withExpiresAt( new Date( System.currentTimeMillis() + accessSecretExpiration ) )
+            .withExpiresAt( expiresAt )
             .sign( algorithm ) );
     }
 

diff --git a/oap-ws-sso-api/src/main/java/oap/ws/sso/SSO.java b/oap-ws-sso-api/src/main/java/oap/ws/sso/SSO.java
@@ -32,6 +32,7 @@
 
 import javax.annotation.Nullable;
 
+import java.time.Instant;
 import java.util.Date;
 import java.util.Objects;
 
@@ -75,7 +76,7 @@ public static Response authenticatedResponse( Authentication authentication, Str
     }
 
     private static DateTime getExpirationTimeCookie( Date expirationInToken, long cookieExpiration ) {
-        return new DateTime( UTC ).plus( expirationInToken != null ? expirationInToken.getTime() : cookieExpiration );
+        return expirationInToken != null ? new DateTime( expirationInToken ) : new DateTime( cookieExpiration );
     }
 
     public static Response logoutResponse( String cookieDomain ) {

diff --git a/oap-ws-sso-api/src/test/java/oap/ws/sso/JwtTokenGeneratorExtractorTest.java b/oap-ws-sso-api/src/test/java/oap/ws/sso/JwtTokenGeneratorExtractorTest.java
@@ -25,8 +25,12 @@
 package oap.ws.sso;
 
 import oap.util.Pair;
+import org.joda.time.DateTime;
 import org.testng.annotations.Test;
 
+import java.time.Duration;
+import java.time.temporal.*;
+import java.time.Instant;
 import java.util.Date;
 import java.util.Set;
 
@@ -38,14 +42,17 @@
 
 public class JwtTokenGeneratorExtractorTest extends AbstractUserTest {
 
-    private final JwtTokenGenerator jwtTokenGenerator = new JwtTokenGenerator( "secret", "secret", "issuer", 100000, 100000 );
+    private final JwtTokenGenerator jwtTokenGenerator = new JwtTokenGenerator( "secret", "secret", "issuer", 15 * 60 * 1000, 15 * 60 * 1000 * 24 );
     private final JWTExtractor jwtExtractor = new JWTExtractor( "secret", "issuer", new SecurityRoles( new TestSecurityRolesProvider() ) );
 
     @Test
     public void generateAndExtractToken() {
         final Pair<Date, String> token = jwtTokenGenerator.generateAccessToken( new TestUser( "[email protected]", "password", Pair.of( "org1", "ADMIN" ) ) );
         assertNotNull( token._1 );
         assertString( token._2 ).isNotEmpty();
+        Instant expirationTime = token._1.toInstant().truncatedTo( ChronoUnit.MINUTES );
+        Instant expectedExpirationTime = ( Instant.now().plus( Duration.ofMinutes( 15 ) ).truncatedTo( ChronoUnit.MINUTES ) );
+        assertTrue( ( expirationTime.compareTo( expectedExpirationTime ) ) == 0 );
         assertTrue( jwtExtractor.verifyToken( token._2 ) );
         assertEquals( jwtExtractor.getUserEmail( token._2 ), "[email protected]" );
         assertEquals( jwtExtractor.getPermissions( token._2, "org1" ), Set.of( "accounts:list", "accounts:create" ) );

diff --git a/pom.xml b/pom.xml
@@ -71,7 +71,7 @@
     </distributionManagement>
 
     <properties>
-        <oap-ws.project.version>21.1.1</oap-ws.project.version>
+        <oap-ws.project.version>21.1.2</oap-ws.project.version>
         <oap.deps.oap.version>21.1.0</oap.deps.oap.version>
 
         <oap.deps.mail.version>21.0.0</oap.deps.mail.version>