if (tokenInfo.matches(tokenCredentials)) { if (tokenCredentials.getAttribute(TokenConstants.TOKEN_SKIP_REFRESH) == null) { boolean reset = tokenInfo.resetExpiration(loginTime);
private boolean validateCredentials(TokenCredentials tokenCredentials) { // credentials without userID -> check if attributes provide // sufficient information for successful authentication. String token = tokenCredentials.getToken(); tokenInfo = tokenProvider.getTokenInfo(token); if (tokenInfo == null) { log.debug("No valid TokenInfo for token."); return false; } long loginTime = new Date().getTime(); if (tokenInfo.isExpired(loginTime)) { // token is expired log.debug("Token is expired"); tokenInfo.remove(); return false; } if (tokenInfo.matches(tokenCredentials)) { tokenInfo.resetExpiration(loginTime); return true; } return false; } }
if (tokenInfo.matches(tokenCredentials)) { if (tokenCredentials.getAttribute(TokenConstants.TOKEN_SKIP_REFRESH) == null) { boolean reset = tokenInfo.resetExpiration(loginTime);
@Test public void testAuthenticateExpiredTokenMock() throws Exception { TokenCredentials tc = new TokenCredentials("token"); TokenProvider tp = Mockito.mock(TokenProvider.class); TokenInfo ti = Mockito.mock(TokenInfo.class); Mockito.when(tp.getTokenInfo(Mockito.anyString())).thenReturn(ti); Mockito.when(ti.isExpired(Mockito.anyLong())).thenReturn(true); TokenAuthentication auth = new TokenAuthentication(tp); try { auth.authenticate(tc); fail("LoginException expected"); } catch (LoginException e) { // success } Mockito.verify(ti, Mockito.never()).matches(Mockito.any()); Mockito.verify(ti, Mockito.never()).resetExpiration(Mockito.anyLong()); } }
@Test public void testAuthenticateRefreshToken() throws Exception { TokenCredentials tc = new TokenCredentials("token"); TokenProvider tp = Mockito.mock(TokenProvider.class); TokenInfo ti = Mockito.mock(TokenInfo.class); Mockito.when(tp.getTokenInfo(Mockito.anyString())).thenReturn(ti); Mockito.when(ti.isExpired(Mockito.anyLong())).thenReturn(false); Mockito.when(ti.matches(tc)).thenReturn(true); TokenAuthentication auth = new TokenAuthentication(tp); try { assertTrue(auth.authenticate(tc)); Mockito.verify(ti).resetExpiration(Mockito.anyLong()); } catch (LoginException e) { fail(e.getMessage()); } }
@Test public void testAuthenticateSkipRefreshToken() throws Exception { TokenCredentials tc = new TokenCredentials("token"); tc.setAttribute(TokenConstants.TOKEN_SKIP_REFRESH, ""); TokenProvider tp = Mockito.mock(TokenProvider.class); TokenInfo ti = Mockito.mock(TokenInfo.class); Mockito.when(tp.getTokenInfo(Mockito.anyString())).thenReturn(ti); Mockito.when(ti.isExpired(Mockito.anyLong())).thenReturn(false); Mockito.when(ti.matches(tc)).thenReturn(true); TokenAuthentication auth = new TokenAuthentication(tp); try { assertTrue(auth.authenticate(tc)); Mockito.verify(ti, Mockito.never()).resetExpiration(Mockito.anyLong()); } catch (LoginException e) { fail(e.getMessage()); } }
@Test public void testMatches() { TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap()); assertTrue(info.matches(new TokenCredentials(info.getToken()))); Map<String,String> attributes = new HashMap<String, String>(); attributes.put("something", "value"); info = tokenProvider.createToken(userId, attributes); assertTrue(info.matches(new TokenCredentials(info.getToken()))); attributes.put(".token-something", "mandatory"); info = tokenProvider.createToken(userId, attributes); assertFalse(info.matches(new TokenCredentials(info.getToken()))); TokenCredentials tc = new TokenCredentials(info.getToken()); tc.setAttribute(".token-something", "mandatory"); assertTrue(info.matches(tc)); tc.setAttribute("another", "value"); assertTrue(info.matches(tc)); tc.setAttribute(".token_ignored", "value"); assertTrue(info.matches(tc)); }
/** * @see <a href="https://issues.apache.org/jira/browse/OAK-1985">OAK-1985</a> */ @Test public void testTokenValidationIsCaseInsensitive() throws Exception { Root root = adminSession.getLatestRoot(); TokenConfiguration tokenConfig = getSecurityProvider().getConfiguration(TokenConfiguration.class); TokenProvider tp = tokenConfig.getTokenProvider(root); String userId = ((SimpleCredentials) getAdminCredentials()).getUserID(); TokenInfo info = tp.createToken(userId.toUpperCase(), Collections.<String, Object>emptyMap()); assertTrue(info.matches(new TokenCredentials(info.getToken()))); assertEquals(userId, info.getUserId()); info = tp.getTokenInfo(info.getToken()); assertTrue(info.matches(new TokenCredentials(info.getToken()))); assertEquals(userId, info.getUserId()); }
@Test public void testGetTokenInfoFromInvalidLocation4() throws Exception { TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap()); Tree tokenTree = getTokenTree(info); assertNotNull(tokenProvider.getTokenInfo(info.getToken())); TokenInfo info2 = null; try { Tree adminTree = root.getTree(getUserManager(root).getAuthorizable(adminSession.getAuthInfo().getUserID()).getPath()); NodeUtil node = new NodeUtil(adminTree).getOrAddChild(TOKENS_NODE_NAME, JcrConstants.NT_UNSTRUCTURED); assertTrue(root.move(tokenTree.getPath(), node.getTree().getPath() + '/' + tokenTree.getName())); info2 = tokenProvider.getTokenInfo(info.getToken()); assertNotNull(info2); assertFalse(info2.matches(new TokenCredentials(info.getToken()))); } finally { root.refresh(); } }