SONAR-9004 Fix max authentication session timeout

Max authentication session timeout was limited to 25 days because of integer usage instead of long

diff --git a/server/sonar-server/src/main/java/org/sonar/server/authentication/JwtSerializer.java b/server/sonar-server/src/main/java/org/sonar/server/authentication/JwtSerializer.java
index 325b0e7ba25af6481ae38fcfb16952a489fae303..8b2a628950817a91922347320760f916ae367ca9 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/authentication/JwtSerializer.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/authentication/JwtSerializer.java
@@ -156,14 +156,14 @@ public class JwtSerializer implements Startable {
   static class JwtSession {
 
     private final String userLogin;
-    private final int expirationTimeInSeconds;
+    private final long expirationTimeInSeconds;
     private final Map<String, Object> properties;
 
-    JwtSession(String userLogin, int expirationTimeInSeconds) {
+    JwtSession(String userLogin, long expirationTimeInSeconds) {
       this(userLogin, expirationTimeInSeconds, Collections.emptyMap());
     }
 
-    JwtSession(String userLogin, int expirationTimeInSeconds, Map<String, Object> properties) {
+    JwtSession(String userLogin, long expirationTimeInSeconds, Map<String, Object> properties) {
       this.userLogin = requireNonNull(userLogin, "User login cannot be null");
       this.expirationTimeInSeconds = expirationTimeInSeconds;
       this.properties = properties;
@@ -173,7 +173,7 @@ public class JwtSerializer implements Startable {
       return userLogin;
     }
 
-    int getExpirationTimeInSeconds() {
+    long getExpirationTimeInSeconds() {
       return expirationTimeInSeconds;
     }
 

diff --git a/server/sonar-server/src/test/java/org/sonar/server/authentication/JwtSerializerTest.java b/server/sonar-server/src/test/java/org/sonar/server/authentication/JwtSerializerTest.java
index cc1df896a697a5b19debc21588ef764ef5350ee2..9095b04f43c03d75ec323bf91c8ddd9f2c4a50d0 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/authentication/JwtSerializerTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/authentication/JwtSerializerTest.java
@@ -74,12 +74,27 @@ public class JwtSerializerTest {
     underTest.start();
     Date now = new Date();
 
-    String token = underTest.encode(new JwtSession(USER_LOGIN, 10));
+    long expirationTimeInSeconds = 10L;
+    String token = underTest.encode(new JwtSession(USER_LOGIN, expirationTimeInSeconds));
+
+    assertThat(token).isNotEmpty();
+    Claims claims = underTest.decode(token).get();
+    assertThat(claims.getExpiration().getTime()).isGreaterThanOrEqualTo(now.getTime() + expirationTimeInSeconds * 1000L - 1000L);
+  }
+
+  @Test
+  public void generate_token_with_big_expiration_date() throws Exception {
+    setSecretKey(A_SECRET_KEY);
+    underTest.start();
+    Date now = new Date();
+
+    long oneYearInSeconds = 12 * 30 * 24 * 60 * 60L;
+    String token = underTest.encode(new JwtSession(USER_LOGIN, oneYearInSeconds));
 
     assertThat(token).isNotEmpty();
     Claims claims = underTest.decode(token).get();
-    // Check expiration date it set to more than 9 seconds in the future
-    assertThat(claims.getExpiration()).isAfterOrEqualsTo(new Date(now.getTime() + 9 * 1000));
+    // Check expiration date it set to one year in the future
+    assertThat(claims.getExpiration().getTime()).isGreaterThanOrEqualTo(now.getTime() + oneYearInSeconds * 1000L - 1000L);
   }
 
   @Test