SONAR-13372 JWT refresh now really occurs every 5 minutes

3 files changed, 17 insertions, 15 deletions

diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/JwtHttpHandler.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/JwtHttpHandler.java
index 699c771d901..8c000e1a65c 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/JwtHttpHandler.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/JwtHttpHandler.java
@@ -44,6 +44,7 @@ import static org.apache.commons.lang.time.DateUtils.addSeconds;
 import static org.sonar.process.ProcessProperties.Property.WEB_SESSION_TIMEOUT_IN_MIN;
 import static org.sonar.server.authentication.Cookies.findCookie;
 import static org.sonar.server.authentication.Cookies.newCookieBuilder;
+import static org.sonar.server.authentication.JwtSerializer.LAST_REFRESH_TIME_PARAM;
 
 @ServerSide
 public class JwtHttpHandler {
@@ -51,7 +52,6 @@ public class JwtHttpHandler {
   private static final int MAX_SESSION_TIMEOUT_IN_MINUTES = 3 * 30 * 24 * 60;
 
   private static final String JWT_COOKIE = "JWT-SESSION";
-  private static final String LAST_REFRESH_TIME_PARAM = "lastRefreshTime";
 
   private static final String CSRF_JWT_PARAM = "xsrfToken";
 
diff --git a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/JwtSerializer.java b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/JwtSerializer.java
index 3aba1994598..8450f173151 100644
--- a/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/JwtSerializer.java
+++ b/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/JwtSerializer.java
@@ -22,7 +22,6 @@ package org.sonar.server.authentication;
 import com.google.common.annotations.VisibleForTesting;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.ExpiredJwtException;
-import io.jsonwebtoken.JwtBuilder;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import io.jsonwebtoken.security.SignatureException;
@@ -54,6 +53,8 @@ public class JwtSerializer implements Startable {
 
   private static final SignatureAlgorithm SIGNATURE_ALGORITHM = SignatureAlgorithm.HS256;
 
+  static final String LAST_REFRESH_TIME_PARAM = "lastRefreshTime";
+
   private final Configuration config;
   private final System2 system2;
 
@@ -79,16 +80,15 @@ public class JwtSerializer implements Startable {
 
   String encode(JwtSession jwtSession) {
     checkIsStarted();
-    JwtBuilder jwtBuilder = Jwts.builder()
+    return Jwts.builder()
+      .addClaims(jwtSession.getProperties())
+      .claim(LAST_REFRESH_TIME_PARAM, system2.now())
       .setId(jwtSession.getSessionTokenUuid())
       .setSubject(jwtSession.getUserLogin())
       .setIssuedAt(new Date(system2.now()))
       .setExpiration(new Date(jwtSession.getExpirationTime()))
-      .signWith(secretKey, SIGNATURE_ALGORITHM);
-    for (Map.Entry<String, Object> entry : jwtSession.getProperties().entrySet()) {
-      jwtBuilder.claim(entry.getKey(), entry.getValue());
-    }
-    return jwtBuilder.compact();
+      .signWith(secretKey, SIGNATURE_ALGORITHM)
+      .compact();
   }
 
   Optional<Claims> decode(String token) {
@@ -118,13 +118,12 @@ public class JwtSerializer implements Startable {
 
   String refresh(Claims token, long expirationTime) {
     checkIsStarted();
-    JwtBuilder jwtBuilder = Jwts.builder();
-    for (Map.Entry<String, Object> entry : token.entrySet()) {
-      jwtBuilder.claim(entry.getKey(), entry.getValue());
-    }
-    jwtBuilder.setExpiration(new Date(expirationTime))
-      .signWith(secretKey, SIGNATURE_ALGORITHM);
-    return jwtBuilder.compact();
+    return Jwts.builder()
+      .setClaims(token)
+      .claim(LAST_REFRESH_TIME_PARAM, system2.now())
+      .setExpiration(new Date(expirationTime))
+      .signWith(secretKey, SIGNATURE_ALGORITHM)
+      .compact();
   }
 
   private static SecretKey generateSecretKey() {
diff --git a/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/JwtSerializerTest.java b/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/JwtSerializerTest.java
index e94b9fb8ddc..e4938aa9561 100644
--- a/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/JwtSerializerTest.java
+++ b/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/JwtSerializerTest.java
@@ -252,12 +252,14 @@ public class JwtSerializerTest {
     Date createdAt = DateUtils.parseDate("2016-01-01");
     // Expired in 10 minutes
     Date expiredAt = addMinutes(new Date(), 10);
+    Date lastRefreshDate = addMinutes(new Date(), -4);
     Claims token = new DefaultClaims()
       .setId("id")
       .setSubject("subject")
       .setIssuer("sonarqube")
       .setIssuedAt(createdAt)
       .setExpiration(expiredAt);
+    token.put("lastRefreshTime", lastRefreshDate.getTime());
     token.put("key", "value");
 
     // Refresh the token with a higher expiration time
@@ -268,6 +270,7 @@ public class JwtSerializerTest {
     assertThat(result.getSubject()).isEqualTo("subject");
     assertThat(result.getIssuer()).isEqualTo("sonarqube");
     assertThat(result.getIssuedAt()).isEqualTo(createdAt);
+    assertThat(((long) result.get("lastRefreshTime"))).isGreaterThanOrEqualTo(now.getTime());
     assertThat(result.get("key")).isEqualTo("value");
     // Expiration date has been changed
     assertThat(result.getExpiration()).isNotEqualTo(expiredAt)