diff options
author | Julien Lancelot <julien.lancelot@sonarsource.com> | 2020-06-11 10:15:31 +0200 |
---|---|---|
committer | sonartech <sonartech@sonarsource.com> | 2020-06-11 20:04:55 +0000 |
commit | 46a49f0b5ef205f5632b44dc07221eed79ec803d (patch) | |
tree | 091b018d1a86be53643f85bb80f057feb9c201d8 /server/sonar-db-dao/src/main | |
parent | b21504173da1a45b23c7bd6928fbdb31250c692e (diff) | |
download | sonarqube-46a49f0b5ef205f5632b44dc07221eed79ec803d.tar.gz sonarqube-46a49f0b5ef205f5632b44dc07221eed79ec803d.zip |
SONAR-13472 Fix SSF-113
* SONAR-13472 Create 'SESSION_TOKENS' table
* SONAR-13472 Remove 'SESSION_TOKENS' from user when disabling an user
* SONAR-13472 Replace JwtSession expiration duration by a time
* SONAR-13472 Create, update and delete SessionToken during authentication lifecycle
* SONAR-13472 Purge expired session tokens at start-up and every day
* SONAR-13472 Improve log during session tokens cleaning
* Add example to start a Keycloak server already configured
Diffstat (limited to 'server/sonar-db-dao/src/main')
7 files changed, 256 insertions, 0 deletions
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/DaoModule.java b/server/sonar-db-dao/src/main/java/org/sonar/db/DaoModule.java index 05637e31fc6..bba7ecd2731 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/DaoModule.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/DaoModule.java @@ -84,6 +84,7 @@ import org.sonar.db.source.FileSourceDao; import org.sonar.db.user.GroupDao; import org.sonar.db.user.GroupMembershipDao; import org.sonar.db.user.RoleDao; +import org.sonar.db.user.SessionTokensDao; import org.sonar.db.user.UserDao; import org.sonar.db.user.UserGroupDao; import org.sonar.db.user.UserPropertiesDao; @@ -156,6 +157,7 @@ public class DaoModule extends Module { RuleRepositoryDao.class, SnapshotDao.class, SchemaMigrationDao.class, + SessionTokensDao.class, UserDao.class, UserGroupDao.class, UserPermissionDao.class, diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/DbClient.java b/server/sonar-db-dao/src/main/java/org/sonar/db/DbClient.java index 1ca65d852ae..2d3f79aad57 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/DbClient.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/DbClient.java @@ -82,6 +82,7 @@ import org.sonar.db.source.FileSourceDao; import org.sonar.db.user.GroupDao; import org.sonar.db.user.GroupMembershipDao; import org.sonar.db.user.RoleDao; +import org.sonar.db.user.SessionTokensDao; import org.sonar.db.user.UserDao; import org.sonar.db.user.UserGroupDao; import org.sonar.db.user.UserPropertiesDao; @@ -162,6 +163,7 @@ public class DbClient { private final OrganizationAlmBindingDao organizationAlmBindingDao; private final NewCodePeriodDao newCodePeriodDao; private final ProjectDao projectDao; + private final SessionTokensDao sessionTokensDao; public DbClient(Database database, MyBatis myBatis, DBSessions dbSessions, Dao... daos) { this.database = database; @@ -239,6 +241,7 @@ public class DbClient { internalComponentPropertiesDao = getDao(map, InternalComponentPropertiesDao.class); newCodePeriodDao = getDao(map, NewCodePeriodDao.class); projectDao = getDao(map, ProjectDao.class); + sessionTokensDao = getDao(map, SessionTokensDao.class); } public DbSession openSession(boolean batch) { @@ -527,4 +530,8 @@ public class DbClient { return newCodePeriodDao; } + public SessionTokensDao sessionTokensDao() { + return sessionTokensDao; + } + } diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/MyBatis.java b/server/sonar-db-dao/src/main/java/org/sonar/db/MyBatis.java index c56a9646c00..ad5d5310b2f 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/MyBatis.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/MyBatis.java @@ -140,6 +140,7 @@ import org.sonar.db.user.GroupMapper; import org.sonar.db.user.GroupMembershipDto; import org.sonar.db.user.GroupMembershipMapper; import org.sonar.db.user.RoleMapper; +import org.sonar.db.user.SessionTokenMapper; import org.sonar.db.user.UserDto; import org.sonar.db.user.UserGroupDto; import org.sonar.db.user.UserGroupMapper; @@ -286,6 +287,7 @@ public class MyBatis implements Startable { RuleMapper.class, RuleRepositoryMapper.class, SchemaMigrationMapper.class, + SessionTokenMapper.class, SnapshotMapper.class, UserGroupMapper.class, UserMapper.class, diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/user/SessionTokenDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/user/SessionTokenDto.java new file mode 100644 index 00000000000..40c7c73e4f3 --- /dev/null +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/user/SessionTokenDto.java @@ -0,0 +1,74 @@ +/* + * SonarQube + * Copyright (C) 2009-2020 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.db.user; + +public class SessionTokenDto { + + private String uuid; + private String userUuid; + private long expirationDate; + private long createdAt; + private long updatedAt; + + public String getUuid() { + return uuid; + } + + SessionTokenDto setUuid(String uuid) { + this.uuid = uuid; + return this; + } + + public String getUserUuid() { + return userUuid; + } + + public SessionTokenDto setUserUuid(String userUuid) { + this.userUuid = userUuid; + return this; + } + + public long getExpirationDate() { + return expirationDate; + } + + public SessionTokenDto setExpirationDate(long expirationDate) { + this.expirationDate = expirationDate; + return this; + } + + public long getCreatedAt() { + return createdAt; + } + + SessionTokenDto setCreatedAt(long createdAt) { + this.createdAt = createdAt; + return this; + } + + public long getUpdatedAt() { + return updatedAt; + } + + SessionTokenDto setUpdatedAt(long updatedAt) { + this.updatedAt = updatedAt; + return this; + } +} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/user/SessionTokenMapper.java b/server/sonar-db-dao/src/main/java/org/sonar/db/user/SessionTokenMapper.java new file mode 100644 index 00000000000..4aad8e8e6f8 --- /dev/null +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/user/SessionTokenMapper.java @@ -0,0 +1,40 @@ +/* + * SonarQube + * Copyright (C) 2009-2020 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.db.user; + +import javax.annotation.CheckForNull; +import org.apache.ibatis.annotations.Param; + +public interface SessionTokenMapper { + + @CheckForNull + SessionTokenDto selectByUuid(String uuid); + + void insert(@Param("dto") SessionTokenDto dto); + + void update(@Param("dto") SessionTokenDto dto); + + void deleteByUuid(@Param("uuid") String uuid); + + void deleteByUserUuid(@Param("userUuid") String userUuid); + + int deleteExpired(@Param("now") long now); + +} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/user/SessionTokensDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/user/SessionTokensDao.java new file mode 100644 index 00000000000..b0142cba32f --- /dev/null +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/user/SessionTokensDao.java @@ -0,0 +1,72 @@ +/* + * SonarQube + * Copyright (C) 2009-2020 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.db.user; + +import java.util.Optional; +import org.sonar.api.utils.System2; +import org.sonar.core.util.UuidFactory; +import org.sonar.db.Dao; +import org.sonar.db.DbSession; + +public class SessionTokensDao implements Dao { + + private final System2 system2; + private final UuidFactory uuidFactory; + + public SessionTokensDao(System2 system2, UuidFactory uuidFactory) { + this.system2 = system2; + this.uuidFactory = uuidFactory; + } + + public Optional<SessionTokenDto> selectByUuid(DbSession session, String uuid) { + return Optional.ofNullable(mapper(session).selectByUuid(uuid)); + } + + public SessionTokenDto insert(DbSession session, SessionTokenDto dto) { + long now = system2.now(); + mapper(session).insert(dto + .setUuid(uuidFactory.create()) + .setCreatedAt(now) + .setUpdatedAt(now)); + return dto; + } + + public SessionTokenDto update(DbSession session, SessionTokenDto dto) { + long now = system2.now(); + mapper(session).update(dto.setUpdatedAt(now)); + return dto; + } + + public void deleteByUuid(DbSession dbSession, String uuid) { + mapper(dbSession).deleteByUuid(uuid); + } + + public void deleteByUser(DbSession dbSession, UserDto user) { + mapper(dbSession).deleteByUserUuid(user.getUuid()); + } + + public int deleteExpired(DbSession dbSession) { + return mapper(dbSession).deleteExpired(system2.now()); + } + + private static SessionTokenMapper mapper(DbSession session) { + return session.getMapper(SessionTokenMapper.class); + } +} diff --git a/server/sonar-db-dao/src/main/resources/org/sonar/db/user/SessionTokenMapper.xml b/server/sonar-db-dao/src/main/resources/org/sonar/db/user/SessionTokenMapper.xml new file mode 100644 index 00000000000..4a655eac015 --- /dev/null +++ b/server/sonar-db-dao/src/main/resources/org/sonar/db/user/SessionTokenMapper.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "mybatis-3-mapper.dtd"> + +<mapper namespace="org.sonar.db.user.SessionTokenMapper"> + + <sql id="columns"> + st.uuid as uuid, + st.user_uuid as "userUuid", + st.expiration_date as "expirationDate", + st.created_at as "createdAt", + st.updated_at as "updatedAt" + </sql> + + <select id="selectByUuid" parameterType="String" resultType="org.sonar.db.user.SessionTokenDto"> + select + <include refid="columns"/> + from session_tokens st + where st.uuid=#{uuid, jdbcType=VARCHAR} + </select> + + <insert id="insert" parameterType="Map" useGeneratedKeys="false"> + insert into session_tokens + ( + uuid, + user_uuid, + expiration_date, + created_at, + updated_at + ) + values ( + #{dto.uuid, jdbcType=VARCHAR}, + #{dto.userUuid, jdbcType=VARCHAR}, + #{dto.expirationDate, jdbcType=BIGINT}, + #{dto.createdAt, jdbcType=BIGINT}, + #{dto.updatedAt, jdbcType=BIGINT} + ) + </insert> + + <update id="update" parameterType="Map"> + update session_tokens set + expiration_date = #{dto.expirationDate, jdbcType=BIGINT}, + updated_at = #{dto.updatedAt, jdbcType=BIGINT} + where + uuid = #{dto.uuid, jdbcType=VARCHAR} + </update> + + <delete id="deleteByUuid" parameterType="String"> + delete from session_tokens where uuid = #{uuid, jdbcType=VARCHAR} + </delete> + + <delete id="deleteByUserUuid" parameterType="String"> + delete from session_tokens where user_uuid = #{userUuid, jdbcType=VARCHAR} + </delete> + + <delete id="deleteExpired" parameterType="Long" > + delete from session_tokens where expiration_date < #{now, jdbcType=BIGINT} + </delete> + +</mapper> |