SONAR-13472 Fix SSF-113

* SONAR-13472 Create 'SESSION_TOKENS' table * SONAR-13472 Remove 'SESSION_TOKENS' from user when disabling an user * SONAR-13472 Replace JwtSession expiration duration by a time * SONAR-13472 Create, update and delete SessionToken during authentication lifecycle * SONAR-13472 Purge expired session tokens at start-up and every day * SONAR-13472 Improve log during session tokens cleaning * Add example to start a Keycloak server already configured
author: Julien Lancelot <julien.lancelot@sonarsource.com> 2020-06-11 10:15:31 +0200
committer: sonartech <sonartech@sonarsource.com> 2020-06-11 20:04:55 +0000
commit: 46a49f0b5ef205f5632b44dc07221eed79ec803d (patch)
tree: 091b018d1a86be53643f85bb80f057feb9c201d8 /server/sonar-db-dao/src/main/java/org/sonar/db
parent: b21504173da1a45b23c7bd6928fbdb31250c692e (diff)
download: sonarqube-46a49f0b5ef205f5632b44dc07221eed79ec803d.tar.gz
sonarqube-46a49f0b5ef205f5632b44dc07221eed79ec803d.zip
6 files changed, 197 insertions, 0 deletions
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/DaoModule.java b/server/sonar-db-dao/src/main/java/org/sonar/db/DaoModule.java
index 05637e31fc6..bba7ecd2731 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/DaoModule.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/DaoModule.java
@@ -84,6 +84,7 @@ import org.sonar.db.source.FileSourceDao;
 import org.sonar.db.user.GroupDao;
 import org.sonar.db.user.GroupMembershipDao;
 import org.sonar.db.user.RoleDao;
+import org.sonar.db.user.SessionTokensDao;
 import org.sonar.db.user.UserDao;
 import org.sonar.db.user.UserGroupDao;
 import org.sonar.db.user.UserPropertiesDao;
@@ -156,6 +157,7 @@ public class DaoModule extends Module {
     RuleRepositoryDao.class,
     SnapshotDao.class,
     SchemaMigrationDao.class,
+    SessionTokensDao.class,
     UserDao.class,
     UserGroupDao.class,
     UserPermissionDao.class,
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/DbClient.java b/server/sonar-db-dao/src/main/java/org/sonar/db/DbClient.java
index 1ca65d852ae..2d3f79aad57 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/DbClient.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/DbClient.java
@@ -82,6 +82,7 @@ import org.sonar.db.source.FileSourceDao;
 import org.sonar.db.user.GroupDao;
 import org.sonar.db.user.GroupMembershipDao;
 import org.sonar.db.user.RoleDao;
+import org.sonar.db.user.SessionTokensDao;
 import org.sonar.db.user.UserDao;
 import org.sonar.db.user.UserGroupDao;
 import org.sonar.db.user.UserPropertiesDao;
@@ -162,6 +163,7 @@ public class DbClient {
   private final OrganizationAlmBindingDao organizationAlmBindingDao;
   private final NewCodePeriodDao newCodePeriodDao;
   private final ProjectDao projectDao;
+  private final SessionTokensDao sessionTokensDao;
 
   public DbClient(Database database, MyBatis myBatis, DBSessions dbSessions, Dao... daos) {
     this.database = database;
@@ -239,6 +241,7 @@ public class DbClient {
     internalComponentPropertiesDao = getDao(map, InternalComponentPropertiesDao.class);
     newCodePeriodDao = getDao(map, NewCodePeriodDao.class);
     projectDao = getDao(map, ProjectDao.class);
+    sessionTokensDao = getDao(map, SessionTokensDao.class);
   }
 
   public DbSession openSession(boolean batch) {
@@ -527,4 +530,8 @@ public class DbClient {
     return newCodePeriodDao;
   }
 
+  public SessionTokensDao sessionTokensDao() {
+    return sessionTokensDao;
+  }
+
 }
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/MyBatis.java b/server/sonar-db-dao/src/main/java/org/sonar/db/MyBatis.java
index c56a9646c00..ad5d5310b2f 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/MyBatis.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/MyBatis.java
@@ -140,6 +140,7 @@ import org.sonar.db.user.GroupMapper;
 import org.sonar.db.user.GroupMembershipDto;
 import org.sonar.db.user.GroupMembershipMapper;
 import org.sonar.db.user.RoleMapper;
+import org.sonar.db.user.SessionTokenMapper;
 import org.sonar.db.user.UserDto;
 import org.sonar.db.user.UserGroupDto;
 import org.sonar.db.user.UserGroupMapper;
@@ -286,6 +287,7 @@ public class MyBatis implements Startable {
       RuleMapper.class,
       RuleRepositoryMapper.class,
       SchemaMigrationMapper.class,
+      SessionTokenMapper.class,
       SnapshotMapper.class,
       UserGroupMapper.class,
       UserMapper.class,
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/user/SessionTokenDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/user/SessionTokenDto.java
new file mode 100644
index 00000000000..40c7c73e4f3
--- /dev/null
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/user/SessionTokenDto.java
@@ -0,0 +1,74 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2020 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.db.user;
+
+public class SessionTokenDto {
+
+  private String uuid;
+  private String userUuid;
+  private long expirationDate;
+  private long createdAt;
+  private long updatedAt;
+
+  public String getUuid() {
+    return uuid;
+  }
+
+  SessionTokenDto setUuid(String uuid) {
+    this.uuid = uuid;
+    return this;
+  }
+
+  public String getUserUuid() {
+    return userUuid;
+  }
+
+  public SessionTokenDto setUserUuid(String userUuid) {
+    this.userUuid = userUuid;
+    return this;
+  }
+
+  public long getExpirationDate() {
+    return expirationDate;
+  }
+
+  public SessionTokenDto setExpirationDate(long expirationDate) {
+    this.expirationDate = expirationDate;
+    return this;
+  }
+
+  public long getCreatedAt() {
+    return createdAt;
+  }
+
+  SessionTokenDto setCreatedAt(long createdAt) {
+    this.createdAt = createdAt;
+    return this;
+  }
+
+  public long getUpdatedAt() {
+    return updatedAt;
+  }
+
+  SessionTokenDto setUpdatedAt(long updatedAt) {
+    this.updatedAt = updatedAt;
+    return this;
+  }
+}
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/user/SessionTokenMapper.java b/server/sonar-db-dao/src/main/java/org/sonar/db/user/SessionTokenMapper.java
new file mode 100644
index 00000000000..4aad8e8e6f8
--- /dev/null
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/user/SessionTokenMapper.java
@@ -0,0 +1,40 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2020 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.db.user;
+
+import javax.annotation.CheckForNull;
+import org.apache.ibatis.annotations.Param;
+
+public interface SessionTokenMapper {
+
+  @CheckForNull
+  SessionTokenDto selectByUuid(String uuid);
+
+  void insert(@Param("dto") SessionTokenDto dto);
+
+  void update(@Param("dto") SessionTokenDto dto);
+
+  void deleteByUuid(@Param("uuid") String uuid);
+
+  void deleteByUserUuid(@Param("userUuid") String userUuid);
+
+  int deleteExpired(@Param("now") long now);
+
+}
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/user/SessionTokensDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/user/SessionTokensDao.java
new file mode 100644
index 00000000000..b0142cba32f
--- /dev/null
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/user/SessionTokensDao.java
@@ -0,0 +1,72 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2020 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.db.user;
+
+import java.util.Optional;
+import org.sonar.api.utils.System2;
+import org.sonar.core.util.UuidFactory;
+import org.sonar.db.Dao;
+import org.sonar.db.DbSession;
+
+public class SessionTokensDao implements Dao {
+
+  private final System2 system2;
+  private final UuidFactory uuidFactory;
+
+  public SessionTokensDao(System2 system2, UuidFactory uuidFactory) {
+    this.system2 = system2;
+    this.uuidFactory = uuidFactory;
+  }
+
+  public Optional<SessionTokenDto> selectByUuid(DbSession session, String uuid) {
+    return Optional.ofNullable(mapper(session).selectByUuid(uuid));
+  }
+
+  public SessionTokenDto insert(DbSession session, SessionTokenDto dto) {
+    long now = system2.now();
+    mapper(session).insert(dto
+      .setUuid(uuidFactory.create())
+      .setCreatedAt(now)
+      .setUpdatedAt(now));
+    return dto;
+  }
+
+  public SessionTokenDto update(DbSession session, SessionTokenDto dto) {
+    long now = system2.now();
+    mapper(session).update(dto.setUpdatedAt(now));
+    return dto;
+  }
+
+  public void deleteByUuid(DbSession dbSession, String uuid) {
+    mapper(dbSession).deleteByUuid(uuid);
+  }
+
+  public void deleteByUser(DbSession dbSession, UserDto user) {
+    mapper(dbSession).deleteByUserUuid(user.getUuid());
+  }
+
+  public int deleteExpired(DbSession dbSession) {
+    return mapper(dbSession).deleteExpired(system2.now());
+  }
+
+  private static SessionTokenMapper mapper(DbSession session) {
+    return session.getMapper(SessionTokenMapper.class);
+  }
+}
author	Julien Lancelot <julien.lancelot@sonarsource.com>	2020-06-11 10:15:31 +0200
committer	sonartech <sonartech@sonarsource.com>	2020-06-11 20:04:55 +0000
commit	46a49f0b5ef205f5632b44dc07221eed79ec803d (patch)
tree	091b018d1a86be53643f85bb80f057feb9c201d8 /server/sonar-db-dao/src/main/java/org/sonar/db
parent	b21504173da1a45b23c7bd6928fbdb31250c692e (diff)
download	sonarqube-46a49f0b5ef205f5632b44dc07221eed79ec803d.tar.gz sonarqube-46a49f0b5ef205f5632b44dc07221eed79ec803d.zip