@Nullable private AccessToken currentUserTokenIfPresent(UsernamePasswordToken usernamePassword) { securityManager.authenticate(usernamePassword); // Because securityManager.authenticate does not throw any Exception, the user is authenticated. final AccessToken currentUserToken = cache.getIfPresent(usernamePassword.getUsername()); if (currentUserToken != null) { final long currentTimeMillis = System.currentTimeMillis(); if (currentUserToken.deadline() > currentTimeMillis + Math.min(securityManager.globalSessionTimeout(), 60000 /* 1 minute */)) { return new AccessToken(currentUserToken.accessToken(), currentUserToken.deadline() - currentTimeMillis); } } return null; } }
private void loginAndLogout(AggregatedHttpMessage loginRes) throws Exception { assertThat(loginRes.status()).isEqualTo(HttpStatus.OK); // Ensure authorization works. final AccessToken accessToken = Jackson.readValue(loginRes.content().toStringUtf8(), AccessToken.class); final String sessionId = accessToken.accessToken(); assertThat(usersMe(client, sessionId).status()).isEqualTo(HttpStatus.OK); // Log out. assertThat(logout(client, sessionId).status()).isEqualTo(HttpStatus.OK); assertThat(usersMe(client, sessionId).status()).isEqualTo(HttpStatus.UNAUTHORIZED); }
@Test public void loginAndLogout() throws Exception { final int baselineReplicationLogCount = replicationLogCount(); // Log in from the 1st replica. final AggregatedHttpMessage loginRes = login(client1, USERNAME, PASSWORD); assertThat(loginRes.status()).isEqualTo(HttpStatus.OK); // Ensure that only one replication log is produced. assertThat(replicationLogCount()).isEqualTo(baselineReplicationLogCount + 1); // Ensure authorization works at the 2nd replica. final AccessToken accessToken = Jackson.readValue(loginRes.content().toStringUtf8(), AccessToken.class); final String sessionId = accessToken.accessToken(); await().pollDelay(Duration.TWO_HUNDRED_MILLISECONDS) .pollInterval(Duration.ONE_SECOND) .untilAsserted(() -> assertThat(usersMe(client2, sessionId).status()).isEqualTo(HttpStatus.OK)); // Ensure that no replication log is produced. assertThat(replicationLogCount()).isEqualTo(baselineReplicationLogCount + 1); // Log out from the 1st replica. assertThat(logout(client1, sessionId).status()).isEqualTo(HttpStatus.OK); // Ensure that only one replication log is produced. assertThat(replicationLogCount()).isEqualTo(baselineReplicationLogCount + 2); // Ensure authorization fails at the 2nd replica. await().pollDelay(Duration.TWO_HUNDRED_MILLISECONDS) .pollInterval(Duration.ONE_SECOND) .untilAsserted(() -> assertThat(usersMe(client2, sessionId).status()) .isEqualTo(HttpStatus.UNAUTHORIZED)); }