aboutsummaryrefslogtreecommitdiffstats
path: root/server/sonar-webserver-auth
diff options
context:
space:
mode:
authorJulien Lancelot <julien.lancelot@sonarsource.com>2020-06-15 18:19:02 +0200
committersonartech <sonartech@sonarsource.com>2020-06-15 20:05:16 +0000
commit8c7e9ded9ad3f8f9aca79558320f319d229c547c (patch)
tree048e0b153ed4f1897c586b30bc8dbf44e92e5ed2 /server/sonar-webserver-auth
parent41f7eb48fac1b3199f5a75fe504ef309b441d34a (diff)
downloadsonarqube-8c7e9ded9ad3f8f9aca79558320f319d229c547c.tar.gz
sonarqube-8c7e9ded9ad3f8f9aca79558320f319d229c547c.zip
SONAR-13327 Fix SSF-107
* SONAR-13327 Create 'SAML_MESSAGE_IDS' table and DAO * SONAR-13327 Check SAML Message id not already exist during auth * SONAR-13327 Clean expired SAML Message ids daily
Diffstat (limited to 'server/sonar-webserver-auth')
-rw-r--r--server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/AuthenticationModule.java8
-rw-r--r--server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/purge/ExpiredSessionsCleaner.java (renamed from server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/purge/SessionTokensCleaner.java)36
-rw-r--r--server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/purge/ExpiredSessionsCleanerExecutorService.java (renamed from server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/purge/SessionTokensCleanerExecutorService.java)2
-rw-r--r--server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/purge/ExpiredSessionsCleanerExecutorServiceImpl.java (renamed from server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/purge/SessionTokensCleanerExecutorServiceImpl.java)8
-rw-r--r--server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/purge/ExpiredSessionsCleanerTest.java (renamed from server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/purge/SessionTokensCleanerTest.java)33
5 files changed, 54 insertions, 33 deletions
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/AuthenticationModule.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/AuthenticationModule.java
index c2619579720..18681bee6a0 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/AuthenticationModule.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/AuthenticationModule.java
@@ -21,8 +21,8 @@ package org.sonar.server.authentication;
import org.sonar.core.platform.Module;
import org.sonar.server.authentication.event.AuthenticationEventImpl;
-import org.sonar.server.authentication.purge.SessionTokensCleaner;
-import org.sonar.server.authentication.purge.SessionTokensCleanerExecutorServiceImpl;
+import org.sonar.server.authentication.purge.ExpiredSessionsCleaner;
+import org.sonar.server.authentication.purge.ExpiredSessionsCleanerExecutorServiceImpl;
public class AuthenticationModule extends Module {
@Override
@@ -45,8 +45,8 @@ public class AuthenticationModule extends Module {
OAuth2ContextFactory.class,
OAuthCsrfVerifier.class,
RequestAuthenticatorImpl.class,
- SessionTokensCleaner.class,
- SessionTokensCleanerExecutorServiceImpl.class,
+ ExpiredSessionsCleaner.class,
+ ExpiredSessionsCleanerExecutorServiceImpl.class,
UserLastConnectionDatesUpdaterImpl.class,
UserRegistrarImpl.class,
UserSessionInitializer.class);
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/purge/SessionTokensCleaner.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/purge/ExpiredSessionsCleaner.java
index d5764bf3fd8..0c4bb61ce2c 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/purge/SessionTokensCleaner.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/purge/ExpiredSessionsCleaner.java
@@ -22,50 +22,58 @@ package org.sonar.server.authentication.purge;
import java.util.concurrent.TimeUnit;
import org.sonar.api.Startable;
-import org.sonar.api.config.Configuration;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.server.util.GlobalLockManager;
-public class SessionTokensCleaner implements Startable {
+public class ExpiredSessionsCleaner implements Startable {
- private static final Logger LOG = Loggers.get(SessionTokensCleaner.class);
+ private static final Logger LOG = Loggers.get(ExpiredSessionsCleaner.class);
- private static final String PURGE_DELAY_CONFIGURATION = "sonar.authentication.session.tokens.purge.delay";
- private static final long DEFAULT_PURGE_DELAY_IN_SECONDS = 24 * 60 * 60L;
+ private static final long PERIOD_IN_SECONDS = 24 * 60 * 60L;
private static final String LOCK_NAME = "SessionCleaner";
- private final SessionTokensCleanerExecutorService executorService;
+ private final ExpiredSessionsCleanerExecutorService executorService;
private final DbClient dbClient;
- private final Configuration configuration;
private final GlobalLockManager lockManager;
- public SessionTokensCleaner(SessionTokensCleanerExecutorService executorService, DbClient dbClient, Configuration configuration, GlobalLockManager lockManager) {
+ public ExpiredSessionsCleaner(ExpiredSessionsCleanerExecutorService executorService, DbClient dbClient, GlobalLockManager lockManager) {
this.executorService = executorService;
this.dbClient = dbClient;
- this.configuration = configuration;
this.lockManager = lockManager;
}
@Override
public void start() {
- this.executorService.scheduleAtFixedRate(this::executePurge, 0, configuration.getLong(PURGE_DELAY_CONFIGURATION).orElse(DEFAULT_PURGE_DELAY_IN_SECONDS), TimeUnit.SECONDS);
+ this.executorService.scheduleAtFixedRate(this::executePurge, 0, PERIOD_IN_SECONDS, TimeUnit.SECONDS);
}
private void executePurge() {
if (!lockManager.tryLock(LOCK_NAME)) {
return;
}
- LOG.debug("Start of cleaning expired session tokens");
try (DbSession dbSession = dbClient.openSession(false)) {
- int deletedSessionTokens = dbClient.sessionTokensDao().deleteExpired(dbSession);
- dbSession.commit();
- LOG.info("Purge of expired session tokens has removed {} elements", deletedSessionTokens);
+ cleanExpiredSessionTokens(dbSession);
+ cleanExpiredSamlMessageIds(dbSession);
}
}
+ private void cleanExpiredSessionTokens(DbSession dbSession) {
+ LOG.debug("Start of cleaning expired session tokens");
+ int deletedSessionTokens = dbClient.sessionTokensDao().deleteExpired(dbSession);
+ dbSession.commit();
+ LOG.info("Purge of expired session tokens has removed {} elements", deletedSessionTokens);
+ }
+
+ private void cleanExpiredSamlMessageIds(DbSession dbSession) {
+ LOG.debug("Start of cleaning expired SAML message IDs");
+ int deleted = dbClient.samlMessageIdDao().deleteExpired(dbSession);
+ dbSession.commit();
+ LOG.info("Purge of expired SAML message ids has removed {} elements", deleted);
+ }
+
@Override
public void stop() {
// nothing to do
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/purge/SessionTokensCleanerExecutorService.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/purge/ExpiredSessionsCleanerExecutorService.java
index 551363c6944..3ecd80025c9 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/purge/SessionTokensCleanerExecutorService.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/purge/ExpiredSessionsCleanerExecutorService.java
@@ -23,5 +23,5 @@ import java.util.concurrent.ScheduledExecutorService;
import org.sonar.api.server.ServerSide;
@ServerSide
-public interface SessionTokensCleanerExecutorService extends ScheduledExecutorService {
+public interface ExpiredSessionsCleanerExecutorService extends ScheduledExecutorService {
}
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/purge/SessionTokensCleanerExecutorServiceImpl.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/purge/ExpiredSessionsCleanerExecutorServiceImpl.java
index 3a0bbadb7a6..b97d66c3690 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/purge/SessionTokensCleanerExecutorServiceImpl.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/purge/ExpiredSessionsCleanerExecutorServiceImpl.java
@@ -25,15 +25,15 @@ import org.sonar.server.util.AbstractStoppableScheduledExecutorServiceImpl;
import static java.lang.Thread.MIN_PRIORITY;
-public class SessionTokensCleanerExecutorServiceImpl
+public class ExpiredSessionsCleanerExecutorServiceImpl
extends AbstractStoppableScheduledExecutorServiceImpl<ScheduledExecutorService>
- implements SessionTokensCleanerExecutorService {
+ implements ExpiredSessionsCleanerExecutorService {
- public SessionTokensCleanerExecutorServiceImpl() {
+ public ExpiredSessionsCleanerExecutorServiceImpl() {
super(
Executors.newSingleThreadScheduledExecutor(r -> {
Thread thread = Executors.defaultThreadFactory().newThread(r);
- thread.setName("SessionTokensCleaner-%d");
+ thread.setName("ExpiredSessionsCleaner-%d");
thread.setPriority(MIN_PRIORITY);
thread.setDaemon(false);
return thread;
diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/purge/SessionTokensCleanerTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/purge/ExpiredSessionsCleanerTest.java
index 08a28f7f5df..df04c523a22 100644
--- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/purge/SessionTokensCleanerTest.java
+++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/purge/ExpiredSessionsCleanerTest.java
@@ -26,13 +26,12 @@ import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import org.junit.Rule;
import org.junit.Test;
-import org.sonar.api.config.Configuration;
-import org.sonar.api.config.internal.MapSettings;
import org.sonar.api.impl.utils.TestSystem2;
import org.sonar.api.utils.log.LogAndArguments;
import org.sonar.api.utils.log.LogTester;
import org.sonar.api.utils.log.LoggerLevel;
import org.sonar.db.DbTester;
+import org.sonar.db.user.SamlMessageIdDto;
import org.sonar.db.user.SessionTokenDto;
import org.sonar.db.user.UserDto;
import org.sonar.server.util.AbstractStoppableExecutorService;
@@ -43,7 +42,7 @@ import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
-public class SessionTokensCleanerTest {
+public class ExpiredSessionsCleanerTest {
private static final long NOW = 1_000_000_000L;
@@ -55,18 +54,15 @@ public class SessionTokensCleanerTest {
private GlobalLockManager lockManager = mock(GlobalLockManager.class);
- private final MapSettings settings = new MapSettings();
- private final Configuration configuration = settings.asConfig();
-
private SyncSessionTokensCleanerExecutorService executorService = new SyncSessionTokensCleanerExecutorService();
- private SessionTokensCleaner underTest = new SessionTokensCleaner(executorService, db.getDbClient(), configuration, lockManager);
+ private ExpiredSessionsCleaner underTest = new ExpiredSessionsCleaner(executorService, db.getDbClient(), lockManager);
@Test
public void purge_expired_session_tokens() {
when(lockManager.tryLock(anyString())).thenReturn(true);
UserDto user = db.users().insertUser();
- SessionTokenDto validSessionToken = db.users().insertSessionToken(user);
+ SessionTokenDto validSessionToken = db.users().insertSessionToken(user, st -> st.setExpirationDate(NOW + 1_000_000L));
SessionTokenDto expiredSessionToken = db.users().insertSessionToken(user, st -> st.setExpirationDate(NOW - 1_000_000L));
underTest.start();
@@ -76,7 +72,24 @@ public class SessionTokensCleanerTest {
assertThat(db.getDbClient().sessionTokensDao().selectByUuid(db.getSession(), expiredSessionToken.getUuid())).isNotPresent();
assertThat(logTester.getLogs(LoggerLevel.INFO))
.extracting(LogAndArguments::getFormattedMsg)
- .containsOnly("Purge of expired session tokens has removed 1 elements");
+ .contains("Purge of expired session tokens has removed 1 elements");
+ }
+
+ @Test
+ public void purge_expired_saml_message_ids() {
+ when(lockManager.tryLock(anyString())).thenReturn(true);
+ db.getDbClient().samlMessageIdDao().insert(db.getSession(), new SamlMessageIdDto().setMessageId("MESSAGE_1").setExpirationDate(NOW + 1_000_000L));
+ db.getDbClient().samlMessageIdDao().insert(db.getSession(), new SamlMessageIdDto().setMessageId("MESSAGE_2").setExpirationDate(NOW - 1_000_000L));
+ db.commit();
+ underTest.start();
+
+ executorService.runCommand();
+
+ assertThat(db.getDbClient().samlMessageIdDao().selectByMessageId(db.getSession(), "MESSAGE_1")).isPresent();
+ assertThat(db.getDbClient().samlMessageIdDao().selectByMessageId(db.getSession(), "MESSAGE_2")).isNotPresent();
+ assertThat(logTester.getLogs(LoggerLevel.INFO))
+ .extracting(LogAndArguments::getFormattedMsg)
+ .contains("Purge of expired SAML message ids has removed 1 elements");
}
@Test
@@ -90,7 +103,7 @@ public class SessionTokensCleanerTest {
assertThat(db.getDbClient().sessionTokensDao().selectByUuid(db.getSession(), expiredSessionToken.getUuid())).isPresent();
}
- private static class SyncSessionTokensCleanerExecutorService extends AbstractStoppableExecutorService<ScheduledExecutorService> implements SessionTokensCleanerExecutorService {
+ private static class SyncSessionTokensCleanerExecutorService extends AbstractStoppableExecutorService<ScheduledExecutorService> implements ExpiredSessionsCleanerExecutorService {
private Runnable command;
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-14 02:14:21 +0000