private Claims createToken(String userUuid, long createdAt) { // Expired in 5 minutes by default return createToken(userUuid, createdAt, NOW + 5 * 60 * 1000); }
@Test public void validate_token_does_not_refresh_session_when_user_is_disabled() { addJwtCookie(); UserDto user = addUser(false); Claims claims = createToken(user.getLogin(), NOW); when(jwtSerializer.decode(JWT_TOKEN)).thenReturn(Optional.of(claims)); assertThat(underTest.validateToken(request, response).isPresent()).isFalse(); }
@Test public void validate_token() { UserDto user = db.users().insertUser(); addJwtCookie(); Claims claims = createToken(user.getUuid(), NOW); when(jwtSerializer.decode(JWT_TOKEN)).thenReturn(Optional.of(claims)); assertThat(underTest.validateToken(request, response).isPresent()).isTrue(); verify(jwtSerializer, never()).encode(any(JwtSerializer.JwtSession.class)); }
@Test public void validate_token_refresh_session_when_refresh_time_is_reached() { UserDto user = db.users().insertUser(); addJwtCookie(); // Token was created 10 days ago and refreshed 6 minutes ago Claims claims = createToken(user.getUuid(), TEN_DAYS_AGO); claims.put("lastRefreshTime", SIX_MINUTES_AGO); when(jwtSerializer.decode(JWT_TOKEN)).thenReturn(Optional.of(claims)); assertThat(underTest.validateToken(request, response).isPresent()).isTrue(); verify(jwtSerializer).refresh(any(Claims.class), eq(3 * 24 * 60 * 60)); }
@Test public void validate_token_does_not_refresh_session_when_refresh_time_is_not_reached() { UserDto user = db.users().insertUser(); addJwtCookie(); // Token was created 10 days ago and refreshed 4 minutes ago Claims claims = createToken(user.getUuid(), TEN_DAYS_AGO); claims.put("lastRefreshTime", FOUR_MINUTES_AGO); when(jwtSerializer.decode(JWT_TOKEN)).thenReturn(Optional.of(claims)); assertThat(underTest.validateToken(request, response).isPresent()).isTrue(); verify(jwtSerializer, never()).refresh(any(Claims.class), anyInt()); }
@Test public void validate_token_does_not_refresh_session_when_disconnected_timeout_is_reached() { UserDto user = db.users().insertUser(); addJwtCookie(); // Token was created 4 months ago, refreshed 4 minutes ago, and it expired in 5 minutes Claims claims = createToken(user.getUuid(), NOW - (4L * 30 * 24 * 60 * 60 * 1000)); claims.setExpiration(new Date(NOW + 5 * 60 * 1000)); claims.put("lastRefreshTime", FOUR_MINUTES_AGO); when(jwtSerializer.decode(JWT_TOKEN)).thenReturn(Optional.of(claims)); assertThat(underTest.validateToken(request, response).isPresent()).isFalse(); }
@Test public void validate_token_refresh_state_when_refreshing_token() { UserDto user = db.users().insertUser(); addJwtCookie(); // Token was created 10 days ago and refreshed 6 minutes ago Claims claims = createToken(user.getUuid(), TEN_DAYS_AGO); claims.put("xsrfToken", "CSRF_STATE"); when(jwtSerializer.decode(JWT_TOKEN)).thenReturn(Optional.of(claims)); underTest.validateToken(request, response); verify(jwtSerializer).refresh(any(Claims.class), anyInt()); verify(jwtCsrfVerifier).refreshState(request, response, "CSRF_STATE", 3 * 24 * 60 * 60); }
@Test public void validate_token_verify_csrf_state() { UserDto user = db.users().insertUser(); addJwtCookie(); Claims claims = createToken(user.getUuid(), NOW); claims.put("xsrfToken", CSRF_STATE); when(jwtSerializer.decode(JWT_TOKEN)).thenReturn(Optional.of(claims)); underTest.validateToken(request, response); verify(jwtCsrfVerifier).verifyState(request, CSRF_STATE, user.getUuid()); }