Max665/sharepulse
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Implemented expiration check

Browse Source 
- Added Expiration test
This commit is contained in:
Max W. 2024-04-07 23:47:47 +02:00
parent 278b613230
commit a4c71eccb1
2 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/main/java/de/w665/sharepulse/service/AuthenticationService.java
View File

@ -40,7 +40,10 @@ public class AuthenticationService {
this.secretKey = Keys.hmacShaKeyFor(encodedKey); this.secretKey = Keys.hmacShaKeyFor(encodedKey);
} }
public String authenticate(String username, String password) { public String authenticate(String username, String password, long... expirationTime/*FOR TESTING VALIDITY*/) {
if(expirationTime.length > 0) {
this.expirationTime = expirationTime[0];
}
Optional<User> user = userRepository.retrieveUserByUsername(username); Optional<User> user = userRepository.retrieveUserByUsername(username);
if (user.isPresent() && passwordEncoder.matches(password, user.get().getPassword())) { if (user.isPresent() && passwordEncoder.matches(password, user.get().getPassword())) {
return generateToken(username); return generateToken(username);
@ -64,8 +67,8 @@ public class AuthenticationService {
public boolean validateToken(String token) { public boolean validateToken(String token) {
try { try {
Jwt<?,?> jwt = Jwts.parser().verifyWith(secretKey).build().parseSignedClaims(token); Jwt<?,?> jwt = Jwts.parser().verifyWith(secretKey).build().parseSignedClaims(token);
// TODO: Check if token is expired Claims claims = (Claims) jwt.getPayload();
return true; return !claims.getExpiration().before(new Date()); // Checks if the token is expired too
} catch (Exception e) { } catch (Exception e) {
return false; return false;
} }

13
src/test/java/de/w665/sharepulse/AuthenticationServiceTest.java
View File

@ -11,6 +11,7 @@ import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.mock.mockito.MockBean; import org.springframework.boot.test.mock.mockito.MockBean;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import java.util.Date;
import java.util.Optional; import java.util.Optional;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
@ -26,6 +27,9 @@ public class AuthenticationServiceTest {
@Autowired @Autowired
private AuthenticationService authenticationService; private AuthenticationService authenticationService;
@Value("${secureapi.jwt.expiration}")
private long expirationTime;
private User mockUser; private User mockUser;
private String username = "testUser"; private String username = "testUser";
private String password = "testPass"; private String password = "testPass";
@ -55,4 +59,13 @@ public class AuthenticationServiceTest {
String invalidToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ0ZXN0VXNlciJ9.WrongSignature"; String invalidToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ0ZXN0VXNlciJ9.WrongSignature";
assertFalse(authenticationService.validateToken(invalidToken), "Token validation should return false for an invalid token"); assertFalse(authenticationService.validateToken(invalidToken), "Token validation should return false for an invalid token");
} }
@Test
public void whenTokenIsExplicitlyExpired_thenValidateTokenShouldReturnFalse() throws InterruptedException {
long testExpirationTime = 1; // 1 millisecond
String token = authenticationService.authenticate("testUser", "testPass", testExpirationTime);
assertNotNull(token, "Token should not be null");
Thread.sleep(2); // Wait for 2 milliseconds to ensure the token has expired (Bad practice but easy)
assertFalse(authenticationService.validateToken(token), "Expired token should not be valid");
}
} }