@Nullable Tree getTokenTree(@NotNull TokenInfo info) { String token = info.getToken(); int pos = token.indexOf('_'); String nodeId = (pos == -1) ? token : token.substring(0, pos); return new IdentifierManager(root).getTree(nodeId); }
/** * Create the {@code AuthInfo} for the specified {@code tokenInfo} as well as * userId and principals, that have been set upon {@link #login}. * * @param tokenInfo The tokenInfo to retrieve attributes from. * @return The {@code AuthInfo} resulting from the successful login. */ @Nullable private static AuthInfo getAuthInfo(@Nullable TokenInfo tokenInfo, @NotNull Set<? extends Principal> principals) { if (tokenInfo != null) { Map<String, Object> attributes = new HashMap<>(); tokenInfo.getPublicAttributes().forEach((key, value) -> attributes.put(key, value)); return new AuthInfoImpl(tokenInfo.getUserId(), attributes, principals); } else { return null; } }
private boolean validateCredentials(TokenCredentials tokenCredentials) { // credentials without userID -> check if attributes provide // sufficient information for successful authentication. String token = tokenCredentials.getToken(); tokenInfo = tokenProvider.getTokenInfo(token); if (tokenInfo == null) { log.debug("No valid TokenInfo for token."); return false; } long loginTime = new Date().getTime(); if (tokenInfo.isExpired(loginTime)) { // token is expired log.debug("Token is expired"); tokenInfo.remove(); return false; } if (tokenInfo.matches(tokenCredentials)) { tokenInfo.resetExpiration(loginTime); return true; } return false; } }
TokenCredentials tc = new TokenCredentials(ti.getToken()); ti.getPrivateAttributes().forEach((key, value) -> tc.setAttribute(key, value)); ti.getPublicAttributes().forEach((key, value) -> tc.setAttribute(key, value)); sharedState.put(SHARED_KEY_ATTRIBUTES, ti.getPublicAttributes()); updateSubject(tc, null, null); } else {
@Test public void testAuthenticateExpiredTokenMock() throws Exception { TokenCredentials tc = new TokenCredentials("token"); TokenProvider tp = Mockito.mock(TokenProvider.class); TokenInfo ti = Mockito.mock(TokenInfo.class); Mockito.when(tp.getTokenInfo(Mockito.anyString())).thenReturn(ti); Mockito.when(ti.isExpired(Mockito.anyLong())).thenReturn(true); TokenAuthentication auth = new TokenAuthentication(tp); try { auth.authenticate(tc); fail("LoginException expected"); } catch (LoginException e) { // success } Mockito.verify(ti, Mockito.never()).matches(Mockito.any()); Mockito.verify(ti, Mockito.never()).resetExpiration(Mockito.anyLong()); } }
/** * @see <a href="https://issues.apache.org/jira/browse/OAK-1985">OAK-1985</a> */ @Test public void testTokenValidationIsCaseInsensitive() throws Exception { Root root = adminSession.getLatestRoot(); TokenConfiguration tokenConfig = getSecurityProvider().getConfiguration(TokenConfiguration.class); TokenProvider tp = tokenConfig.getTokenProvider(root); String userId = ((SimpleCredentials) getAdminCredentials()).getUserID(); TokenInfo info = tp.createToken(userId.toUpperCase(), Collections.<String, Object>emptyMap()); assertTrue(info.matches(new TokenCredentials(info.getToken()))); assertEquals(userId, info.getUserId()); info = tp.getTokenInfo(info.getToken()); assertTrue(info.matches(new TokenCredentials(info.getToken()))); assertEquals(userId, info.getUserId()); }
@Test public void testMatches() { TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap()); assertTrue(info.matches(new TokenCredentials(info.getToken()))); Map<String,String> attributes = new HashMap<String, String>(); attributes.put("something", "value"); info = tokenProvider.createToken(userId, attributes); assertTrue(info.matches(new TokenCredentials(info.getToken()))); attributes.put(".token-something", "mandatory"); info = tokenProvider.createToken(userId, attributes); assertFalse(info.matches(new TokenCredentials(info.getToken()))); TokenCredentials tc = new TokenCredentials(info.getToken()); tc.setAttribute(".token-something", "mandatory"); assertTrue(info.matches(tc)); tc.setAttribute("another", "value"); assertTrue(info.matches(tc)); tc.setAttribute(".token_ignored", "value"); assertTrue(info.matches(tc)); }
@Test public void testResetTokenExpiration() throws Exception { TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap()); assertFalse(info.resetExpiration(new Date().getTime())); long loginTime = new Date().getTime() + 3600000; assertFalse(info.isExpired(loginTime)); assertTrue(info.resetExpiration(loginTime)); } }
Map<String,String> pubAttr = info.getPublicAttributes(); assertEquals("public attributes",publicAttributes.size(), pubAttr.size()); for (String key : publicAttributes.keySet()) { Map<String,String> privAttr = info.getPrivateAttributes(); assertEquals("private attributes",privateAttributes.size(), privAttr.size()); for (String key : privateAttributes.keySet()) {
@Test public void testRemoveToken2() throws Exception { TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap()); assertTrue(info.remove()); }
private void waitUntilExpired(@NotNull TokenInfo info) { long now = System.currentTimeMillis(); while (!info.isExpired(now)) { now = waitForSystemTimeIncrement(now); } }
@Nullable @Override public String getUserId() { if (tokenInfo == null) { throw new IllegalStateException("UserId can only be retrieved after successful authentication."); } return tokenInfo.getUserId(); }
@Test public void testNotReset() { TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap()); assertNotNull(info); assertFalse(info.resetExpiration(new Date().getTime())); long loginTime = new Date().getTime() + 3600000; assertFalse(info.resetExpiration(loginTime)); } }
TokenCredentials tc = new TokenCredentials(ti.getToken()); ti.getPrivateAttributes().forEach((key, value) -> tc.setAttribute(key, value)); ti.getPublicAttributes().forEach((key, value) -> tc.setAttribute(key, value)); sharedState.put(SHARED_KEY_ATTRIBUTES, ti.getPublicAttributes()); updateSubject(tc, null, null); } else {
@Test public void testAuthenticateRefreshToken() throws Exception { TokenCredentials tc = new TokenCredentials("token"); TokenProvider tp = Mockito.mock(TokenProvider.class); TokenInfo ti = Mockito.mock(TokenInfo.class); Mockito.when(tp.getTokenInfo(Mockito.anyString())).thenReturn(ti); Mockito.when(ti.isExpired(Mockito.anyLong())).thenReturn(false); Mockito.when(ti.matches(tc)).thenReturn(true); TokenAuthentication auth = new TokenAuthentication(tp); try { assertTrue(auth.authenticate(tc)); Mockito.verify(ti).resetExpiration(Mockito.anyLong()); } catch (LoginException e) { fail(e.getMessage()); } }
@Test public void testGetTokenInfoAfterAuthenticate() throws Exception { TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap()); authentication.authenticate(new TokenCredentials(info.getToken())); TokenInfo info2 = authentication.getTokenInfo(); assertNotNull(info2); assertEquals(info.getUserId(), info2.getUserId()); }
@Test public void testGetTokenInfoFromInvalidLocation4() throws Exception { TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap()); Tree tokenTree = getTokenTree(info); assertNotNull(tokenProvider.getTokenInfo(info.getToken())); TokenInfo info2 = null; try { Tree adminTree = root.getTree(getUserManager(root).getAuthorizable(adminSession.getAuthInfo().getUserID()).getPath()); NodeUtil node = new NodeUtil(adminTree).getOrAddChild(TOKENS_NODE_NAME, JcrConstants.NT_UNSTRUCTURED); assertTrue(root.move(tokenTree.getPath(), node.getTree().getPath() + '/' + tokenTree.getName())); info2 = tokenProvider.getTokenInfo(info.getToken()); assertNotNull(info2); assertFalse(info2.matches(new TokenCredentials(info.getToken()))); } finally { root.refresh(); } }
@Test public void testResetTokenExpirationExpiredToken() throws Exception { TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap()); long expiredTime = new Date().getTime() + 7200001; assertTrue(info.isExpired(expiredTime)); assertFalse(info.resetExpiration(expiredTime)); }