public Optional<UserDto> validateToken(HttpServletRequest request, HttpServletResponse response) { Optional<Token> token = getToken(request, response); if (token.isPresent()) { return Optional.of(token.get().getUserDto()); } return Optional.empty(); }
private Optional<UserDto> getUserFromToken(HttpServletRequest request, HttpServletResponse response) { Optional<JwtHttpHandler.Token> token = jwtHttpHandler.getToken(request, response); if (!token.isPresent()) { return Optional.empty(); } Date now = new Date(system2.now()); int refreshIntervalInMinutes = Integer.parseInt(settingsByKey.get(SONAR_WEB_SSO_REFRESH_INTERVAL_IN_MINUTES.getKey())); Long lastFreshTime = (Long) token.get().getProperties().get(LAST_REFRESH_TIME_TOKEN_PARAM); if (lastFreshTime == null || now.after(addMinutes(new Date(lastFreshTime), refreshIntervalInMinutes))) { return Optional.empty(); } return Optional.of(token.get().getUserDto()); }
private void setNotUserInToken() { when(jwtHttpHandler.getToken(any(HttpServletRequest.class), any(HttpServletResponse.class))).thenReturn(Optional.empty()); }
private void setNoUser() { when(jwtHttpHandler.getToken(any(HttpServletRequest.class), any(HttpServletResponse.class))).thenReturn(Optional.empty()); }
/** * The generation of the authentication event should not prevent the removal of JWT cookie, that's why it's done in a separate method */ private void generateAuthenticationEvent(HttpServletRequest request, HttpServletResponse response) { try { Optional<JwtHttpHandler.Token> token = jwtHttpHandler.getToken(request, response); String userLogin = token.isPresent() ? token.get().getUserDto().getLogin() : null; authenticationEvent.logoutSuccess(request, userLogin); } catch (AuthenticationException e) { authenticationEvent.logoutFailure(request, e.getMessage()); } }
private void setUserInToken(UserDto user, @Nullable Long lastRefreshTime) { when(jwtHttpHandler.getToken(any(HttpServletRequest.class), any(HttpServletResponse.class))) .thenReturn(Optional.of(new JwtHttpHandler.Token( user, lastRefreshTime == null ? Collections.emptyMap() : ImmutableMap.of("ssoLastRefreshTime", lastRefreshTime)))); }
private void setUser(UserDto user) { when(jwtHttpHandler.getToken(any(HttpServletRequest.class), any(HttpServletResponse.class))) .thenReturn(Optional.of(new JwtHttpHandler.Token(user, Collections.emptyMap()))); }
@Test public void generate_auth_event_on_failure() throws Exception { setUser(USER); AuthenticationException exception = AuthenticationException.newBuilder().setMessage("error!").setSource(sso()).build(); doThrow(exception).when(jwtHttpHandler).getToken(any(HttpServletRequest.class), any(HttpServletResponse.class)); executeRequest(); verify(authenticationEvent).logoutFailure(request, "error!"); verify(jwtHttpHandler).removeToken(any(HttpServletRequest.class), any(HttpServletResponse.class)); verifyZeroInteractions(chain); }
public Optional<UserDto> validateToken(HttpServletRequest request, HttpServletResponse response) { Optional<Token> token = getToken(request, response); if (token.isPresent()) { return Optional.of(token.get().getUserDto()); } return Optional.empty(); }
private Optional<UserDto> getUserFromToken(HttpServletRequest request, HttpServletResponse response) { Optional<JwtHttpHandler.Token> token = jwtHttpHandler.getToken(request, response); if (!token.isPresent()) { return Optional.empty(); } Date now = new Date(system2.now()); int refreshIntervalInMinutes = Integer.parseInt(settingsByKey.get(SONAR_WEB_SSO_REFRESH_INTERVAL_IN_MINUTES.getKey())); Long lastFreshTime = (Long) token.get().getProperties().get(LAST_REFRESH_TIME_TOKEN_PARAM); if (lastFreshTime == null || now.after(addMinutes(new Date(lastFreshTime), refreshIntervalInMinutes))) { return Optional.empty(); } return Optional.of(token.get().getUserDto()); }
/** * The generation of the authentication event should not prevent the removal of JWT cookie, that's why it's done in a separate method */ private void generateAuthenticationEvent(HttpServletRequest request, HttpServletResponse response) { try { Optional<JwtHttpHandler.Token> token = jwtHttpHandler.getToken(request, response); String userLogin = token.isPresent() ? token.get().getUserDto().getLogin() : null; authenticationEvent.logoutSuccess(request, userLogin); } catch (AuthenticationException e) { authenticationEvent.logoutFailure(request, e.getMessage()); } }