import static org.sonar.process.ProcessProperties.Property.WEB_SESSION_TIMEOUT_IN_MIN;
import static org.sonar.server.authentication.Cookies.findCookie;
import static org.sonar.server.authentication.Cookies.newCookieBuilder;
+import static org.sonar.server.authentication.JwtSerializer.LAST_REFRESH_TIME_PARAM;
@ServerSide
public class JwtHttpHandler {
private static final int MAX_SESSION_TIMEOUT_IN_MINUTES = 3 * 30 * 24 * 60;
private static final String JWT_COOKIE = "JWT-SESSION";
- private static final String LAST_REFRESH_TIME_PARAM = "lastRefreshTime";
private static final String CSRF_JWT_PARAM = "xsrfToken";
import com.google.common.annotations.VisibleForTesting;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
-import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.SignatureException;
private static final SignatureAlgorithm SIGNATURE_ALGORITHM = SignatureAlgorithm.HS256;
+ static final String LAST_REFRESH_TIME_PARAM = "lastRefreshTime";
+
private final Configuration config;
private final System2 system2;
String encode(JwtSession jwtSession) {
checkIsStarted();
- JwtBuilder jwtBuilder = Jwts.builder()
+ return Jwts.builder()
+ .addClaims(jwtSession.getProperties())
+ .claim(LAST_REFRESH_TIME_PARAM, system2.now())
.setId(jwtSession.getSessionTokenUuid())
.setSubject(jwtSession.getUserLogin())
.setIssuedAt(new Date(system2.now()))
.setExpiration(new Date(jwtSession.getExpirationTime()))
- .signWith(secretKey, SIGNATURE_ALGORITHM);
- for (Map.Entry<String, Object> entry : jwtSession.getProperties().entrySet()) {
- jwtBuilder.claim(entry.getKey(), entry.getValue());
- }
- return jwtBuilder.compact();
+ .signWith(secretKey, SIGNATURE_ALGORITHM)
+ .compact();
}
Optional<Claims> decode(String token) {
String refresh(Claims token, long expirationTime) {
checkIsStarted();
- JwtBuilder jwtBuilder = Jwts.builder();
- for (Map.Entry<String, Object> entry : token.entrySet()) {
- jwtBuilder.claim(entry.getKey(), entry.getValue());
- }
- jwtBuilder.setExpiration(new Date(expirationTime))
- .signWith(secretKey, SIGNATURE_ALGORITHM);
- return jwtBuilder.compact();
+ return Jwts.builder()
+ .setClaims(token)
+ .claim(LAST_REFRESH_TIME_PARAM, system2.now())
+ .setExpiration(new Date(expirationTime))
+ .signWith(secretKey, SIGNATURE_ALGORITHM)
+ .compact();
}
private static SecretKey generateSecretKey() {
Date createdAt = DateUtils.parseDate("2016-01-01");
// Expired in 10 minutes
Date expiredAt = addMinutes(new Date(), 10);
+ Date lastRefreshDate = addMinutes(new Date(), -4);
Claims token = new DefaultClaims()
.setId("id")
.setSubject("subject")
.setIssuer("sonarqube")
.setIssuedAt(createdAt)
.setExpiration(expiredAt);
+ token.put("lastRefreshTime", lastRefreshDate.getTime());
token.put("key", "value");
// Refresh the token with a higher expiration time
assertThat(result.getSubject()).isEqualTo("subject");
assertThat(result.getIssuer()).isEqualTo("sonarqube");
assertThat(result.getIssuedAt()).isEqualTo(createdAt);
+ assertThat(((long) result.get("lastRefreshTime"))).isGreaterThanOrEqualTo(now.getTime());
assertThat(result.get("key")).isEqualTo("value");
// Expiration date has been changed
assertThat(result.getExpiration()).isNotEqualTo(expiredAt)