Return-Path: X-Original-To: apmail-jackrabbit-commits-archive@www.apache.org Delivered-To: apmail-jackrabbit-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 87F351050F for ; Thu, 27 Mar 2014 16:05:13 +0000 (UTC) Received: (qmail 76726 invoked by uid 500); 27 Mar 2014 16:05:12 -0000 Delivered-To: apmail-jackrabbit-commits-archive@jackrabbit.apache.org Received: (qmail 76616 invoked by uid 500); 27 Mar 2014 16:05:10 -0000 Mailing-List: contact commits-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@jackrabbit.apache.org Delivered-To: mailing list commits@jackrabbit.apache.org Received: (qmail 76488 invoked by uid 99); 27 Mar 2014 16:05:07 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Mar 2014 16:05:07 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Mar 2014 16:05:04 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 9B0FE238889B; Thu, 27 Mar 2014 16:04:41 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1582373 - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/security/authentication/token/ test/java/org/apache/jackrabbit/core/security/authentication/token/ Date: Thu, 27 Mar 2014 16:04:41 -0000 To: commits@jackrabbit.apache.org From: angela@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20140327160441.9B0FE238889B@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: angela Date: Thu Mar 27 16:04:41 2014 New Revision: 1582373 URL: http://svn.apache.org/r1582373 Log: JCR-3761 : TokenInfo#resetExpiration always fails with ConstraintViolationException Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenProviderTest.java Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/token/TokenProvider.java jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TestAll.java Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/token/TokenProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/token/TokenProvider.java?rev=1582373&r1=1582372&r2=1582373&view=diff ============================================================================== --- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/token/TokenProvider.java (original) +++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/token/TokenProvider.java Thu Mar 27 16:04:41 2014 @@ -38,6 +38,7 @@ import javax.jcr.PropertyIterator; import javax.jcr.RepositoryException; import javax.jcr.Session; import javax.jcr.SimpleCredentials; +import javax.jcr.Value; import javax.jcr.ValueFactory; import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials; @@ -161,7 +162,7 @@ public class TokenProvider extends Prote String keyHash = PasswordUtility.buildPasswordHash(getKeyValue(key, user.getID())); setProperty(tokenNode, session.getQName(TOKEN_ATTRIBUTE_KEY), vf.createValue(keyHash)); - setProperty(tokenNode, session.getQName(TOKEN_ATTRIBUTE_EXPIRY), vf.createValue(createExpirationValue(creationTime))); + setProperty(tokenNode, session.getQName(TOKEN_ATTRIBUTE_EXPIRY), createExpirationValue(creationTime, session)); for (String name : attributes.keySet()) { if (!RESERVED_ATTRIBUTES.contains(name)) { @@ -186,10 +187,10 @@ public class TokenProvider extends Prote return null; } - private Calendar createExpirationValue(long creationTime) { + private Value createExpirationValue(long creationTime, Session session) throws RepositoryException { Calendar cal = Calendar.getInstance(); cal.setTimeInMillis(createExpirationTime(creationTime, tokenExpiration)); - return cal; + return session.getValueFactory().createValue(cal); } /** @@ -400,7 +401,7 @@ public class TokenProvider extends Prote try { if (expirationTime - loginTime <= tokenExpiration / 2) { s = session.createSession(session.getWorkspace().getName()); - s.getNode(tokenPath).setProperty(TOKEN_ATTRIBUTE_EXPIRY, createExpirationValue(loginTime)); + setProperty((NodeImpl) s.getNode(tokenPath), session.getQName(TOKEN_ATTRIBUTE_EXPIRY), createExpirationValue(loginTime, session)); s.save(); log.debug("Successfully reset token expiration time."); return true; Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TestAll.java URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TestAll.java?rev=1582373&r1=1582372&r2=1582373&view=diff ============================================================================== --- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TestAll.java (original) +++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TestAll.java Thu Mar 27 16:04:41 2014 @@ -35,6 +35,7 @@ public class TestAll extends TestCase { suite.addTestSuite(TokenBasedAuthenticationCompatTest.class); suite.addTestSuite(TokenBasedAuthenticationTest.class); suite.addTestSuite(TokenBasedLoginTest.class); + suite.addTestSuite(TokenProviderTest.class); return suite; } Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenProviderTest.java URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenProviderTest.java?rev=1582373&view=auto ============================================================================== --- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenProviderTest.java (added) +++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenProviderTest.java Thu Mar 27 16:04:41 2014 @@ -0,0 +1,185 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.core.security.authentication.token; + +import java.util.ArrayList; +import java.util.Date; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; +import javax.jcr.Node; +import javax.jcr.Property; +import javax.jcr.PropertyType; +import javax.jcr.RepositoryException; +import javax.jcr.SimpleCredentials; + +import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal; +import org.apache.jackrabbit.api.security.user.User; +import org.apache.jackrabbit.api.security.user.UserManager; +import org.apache.jackrabbit.core.SessionImpl; +import org.apache.jackrabbit.test.AbstractJCRTest; +import org.apache.jackrabbit.test.NotExecutableException; + +public class TokenProviderTest extends AbstractJCRTest { + + private User testuser; + private String userId; + + private SessionImpl session; + private TokenProvider tokenProvider; + + @Override + protected void setUp() throws Exception { + super.setUp(); + + if (superuser instanceof SessionImpl) { + UserManager umgr = ((SessionImpl) superuser).getUserManager(); + if (!umgr.isAutoSave()) { + umgr.autoSave(true); + } + String uid = "test"; + while (umgr.getAuthorizable(uid) != null) { + uid += "_"; + } + + testuser = umgr.createUser(uid, uid); + userId = testuser.getID(); + } else { + throw new NotExecutableException(); + } + + if (superuser.nodeExists(((ItemBasedPrincipal) testuser.getPrincipal()).getPath())) { + session = (SessionImpl) superuser; + } else { + session = (SessionImpl) getHelper().getSuperuserSession("security"); + } + tokenProvider = new TokenProvider((SessionImpl) session, TokenBasedAuthentication.TOKEN_EXPIRATION); + } + + @Override + protected void tearDown() throws Exception { + try { + testuser.remove(); + session.logout(); + } finally { + super.tearDown(); + } + } + + public void testCreateTokenFromInvalidCredentials() throws Exception { + assertNull(tokenProvider.createToken(testuser, new SimpleCredentials("unknownUserId", new char[0]))); + } + + public void testCreateTokenFromCredentials() throws Exception { + TokenInfo info = tokenProvider.createToken(testuser, new SimpleCredentials(userId, new char[0])); + assertTokenInfo(info); + } + + public void testTokenNode() throws Exception { + Map privateAttributes = new HashMap(); + privateAttributes.put(".token_exp", "value"); + privateAttributes.put(".tokenTest", "value"); + privateAttributes.put(".token_something", "value"); + + Map publicAttributes = new HashMap(); + publicAttributes.put("any", "value"); + publicAttributes.put("another", "value"); + + Map attributes = new HashMap(); + attributes.putAll(publicAttributes); + attributes.putAll(privateAttributes); + + SimpleCredentials sc = new SimpleCredentials(userId, userId.toCharArray()); + for (String s : attributes.keySet()) { + sc.setAttribute(s, attributes.get(s)); + } + + TokenInfo info = tokenProvider.createToken(testuser, sc); + Node tokenNode = getTokenNode(info); + Property prop = tokenNode.getProperty("rep:token.key"); + assertNotNull(prop); + assertEquals(PropertyType.STRING, prop.getType()); + assertTrue(prop.getDefinition().isProtected()); + + prop = tokenNode.getProperty("rep:token.exp"); + assertNotNull(prop); + assertEquals(PropertyType.DATE, prop.getType()); + assertTrue(prop.getDefinition().isProtected()); + + for (String key : privateAttributes.keySet()) { + assertEquals(privateAttributes.get(key), tokenNode.getProperty(key).getString()); + } + + for (String key : publicAttributes.keySet()) { + assertEquals(publicAttributes.get(key), tokenNode.getProperty(key).getString()); + } + } + + public void testGetTokenInfoFromInvalidToken() throws Exception { + List invalid = new ArrayList(); + invalid.add("/invalid"); + invalid.add(UUID.randomUUID().toString()); + + try { + for (String token : invalid) { + TokenInfo info = tokenProvider.getTokenInfo(token); + assertNull(info); + } + } catch (Exception e) { + // success + } + } + + public void testGetTokenInfo() throws Exception { + String token = tokenProvider.createToken(testuser, new SimpleCredentials(userId, userId.toCharArray())).getToken(); + TokenInfo info = tokenProvider.getTokenInfo(token); + assertTokenInfo(info); + } + + public void testIsExpired() throws Exception { + TokenInfo info = tokenProvider.createToken(testuser, new SimpleCredentials(userId, userId.toCharArray())); + + long loginTime = System.currentTimeMillis(); + assertFalse(info.isExpired(loginTime)); + assertTrue(info.isExpired(loginTime + TokenBasedAuthentication.TOKEN_EXPIRATION)); + } + + public void testReset() throws Exception { + TokenInfo info = tokenProvider.createToken(testuser, new SimpleCredentials(userId, userId.toCharArray())); + long expTime = getTokenNode(info).getProperty("rep:token.exp").getLong(); + + long loginTime = System.currentTimeMillis(); + assertFalse(info.resetExpiration(loginTime)); + assertFalse(info.resetExpiration(loginTime + TokenBasedAuthentication.TOKEN_EXPIRATION)); + + assertTrue(info.resetExpiration(loginTime + TokenBasedAuthentication.TOKEN_EXPIRATION / 2)); + long expTime2 = getTokenNode(info).getProperty("rep:token.exp").getLong(); + assertFalse(expTime == expTime2); + } + + //-------------------------------------------------------------------------- + private static void assertTokenInfo(TokenInfo info) { + assertNotNull(info); + assertNotNull(info.getToken()); + assertFalse(info.isExpired(new Date().getTime())); + } + + private Node getTokenNode(TokenInfo info) throws RepositoryException { + return TokenProvider.getTokenNode(info.getToken(), session); + } +} \ No newline at end of file