This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository pollen. See https://gitlab.nuiton.org/chorem/pollen.git commit ac442375de63566982e2a1695a32dd3db4ed5c98 Author: Sylvain Bavencoff <bavencoff@codelutin.com> Date: Fri Nov 10 15:36:23 2017 +0100 utilisation de JWT pour le token de session --- .../rest/api/PollenRestApiApplicationContext.java | 12 +- .../rest/api/PollenRestApiRequestFilter.java | 38 ++- .../PollenAbstractExceptionMapper.java | 12 - .../PollenAuthenticationExceptionMapper.java | 2 +- .../PollenInvalidSessionTokenExceptionMapper.java | 2 +- .../org/chorem/pollen/rest/api/v1/AuthApi.java | 100 +------ .../chorem/pollen/rest/api/v1/PollenUserApi.java | 11 +- .../pollen/rest/api/AbstractPollenRestApiTest.java | 6 +- .../chorem/pollen/rest/api/PollenUserApiTest.java | 30 ++- pollen-services/pom.xml | 5 + pollen-services/src/main/config/PollenServices.ini | 25 +- .../pollen/services/PollenApplicationContext.java | 4 +- .../pollen/services/service/PollenUserService.java | 8 + .../pollen/services/service/SocialAuthService.java | 3 +- .../security/DefaultPollenSecurityContext.java | 22 +- .../PollenInvalidSessionTokenException.java | 7 + .../service/security/PollenSecurityContext.java | 5 +- .../services/service/security/SecurityService.java | 289 ++++++--------------- .../test/FakePollenApplicationContext.java | 6 +- .../i18n/pollen-services_en_GB.properties | 5 +- .../i18n/pollen-services_fr_FR.properties | 5 +- .../pollen/services/AbstractPollenServiceTest.java | 10 +- pollen-ui-riot-js/src/main/web/js/Session.js | 2 +- pom.xml | 9 + 24 files changed, 222 insertions(+), 396 deletions(-) diff --git a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiApplicationContext.java b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiApplicationContext.java index 2e497078..3d07f18f 100644 --- a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiApplicationContext.java +++ b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiApplicationContext.java @@ -31,7 +31,6 @@ import org.chorem.pollen.persistence.PollenTopiaApplicationContext; import org.chorem.pollen.persistence.PollenTopiaPersistenceContext; import org.chorem.pollen.persistence.entity.PollenPrincipal; import org.chorem.pollen.persistence.entity.PollenUser; -import org.chorem.pollen.persistence.entity.SessionToken; import org.chorem.pollen.services.DefaultPollenServiceContext; import org.chorem.pollen.services.PollenApplicationContext; import org.chorem.pollen.services.PollenServiceContext; @@ -162,10 +161,10 @@ public class PollenRestApiApplicationContext implements PollenApplicationContext } @Override - public PollenSecurityContext newSecurityContext(SessionToken sessionToken, PollenPrincipal mainPrincipal) { + public PollenSecurityContext newSecurityContext(PollenUser pollenUser, PollenPrincipal mainPrincipal) { DefaultPollenSecurityContext securityContext = new DefaultPollenSecurityContext(); - securityContext.setSessionToken(sessionToken); + securityContext.setPollenUser(pollenUser); securityContext.setMainPrincipal(mainPrincipal); return securityContext; @@ -271,12 +270,7 @@ public class PollenRestApiApplicationContext implements PollenApplicationContext } @Override - public SessionToken getSessionToken() { - return null; - } - - @Override - public void setSessionToken(SessionToken sessionToken) { + public void setPollenUser(PollenUser pollenUser) { } diff --git a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestFilter.java b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestFilter.java index debc8357..35be8b2f 100644 --- a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestFilter.java +++ b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestFilter.java @@ -29,8 +29,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.chorem.pollen.persistence.PollenPersistenceContext; import org.chorem.pollen.persistence.entity.PollenPrincipal; -import org.chorem.pollen.persistence.entity.SessionToken; -import org.chorem.pollen.rest.api.v1.AuthApi; +import org.chorem.pollen.persistence.entity.PollenUser; import org.chorem.pollen.services.PollenService; import org.chorem.pollen.services.PollenServiceContext; import org.chorem.pollen.services.PollenUIContext; @@ -67,14 +66,15 @@ import javax.ws.rs.container.ContainerResponseContext; import javax.ws.rs.container.ContainerResponseFilter; import javax.ws.rs.container.PreMatching; import javax.ws.rs.core.Cookie; +import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MultivaluedMap; +import javax.ws.rs.core.NewCookie; import javax.ws.rs.core.Response; import javax.ws.rs.ext.Provider; import java.io.IOException; import java.util.List; import java.util.Locale; -import static org.chorem.pollen.rest.api.v1.AuthApi.COOKIE_POLLEN_AUTH; /** * Inject {@link } in services. @@ -100,6 +100,9 @@ public class PollenRestApiRequestFilter implements ContainerRequestFilter, Conta public static final ImmutableList<Locale> ACCEPT_LANGUAGES = ImmutableList.of(Locale.FRENCH, Locale.ENGLISH); public static final Locale DEFAULT_LANGUAGE = Locale.FRENCH; + public static final String COOKIE_POLLEN_AUTH = "pollen-auth"; + public static final int COOKIE_MAX_AGE = 60 * 60 * 24 * 365; // 1 year + public static final ImmutableList<Class<? extends PollenService>> SERVICES = ImmutableList.of( ChoiceService.class, CommentService.class, @@ -135,7 +138,6 @@ public class PollenRestApiRequestFilter implements ContainerRequestFilter, Conta } catch (PollenInvalidSessionTokenException | PollenCypherTechnicalException e) { Response.ResponseBuilder builder = Response.status(Response.Status.UNAUTHORIZED) .entity(e.getMessage()); - builder = AuthApi.removeAuthCookie(builder); containerRequestContext.abortWith(builder.build()); } } @@ -160,6 +162,10 @@ public class PollenRestApiRequestFilter implements ContainerRequestFilter, Conta } + } else { + + addTokenToResponse(containerResponseContext); + } String origin = containerRequestContext.getHeaderString("Origin"); @@ -168,6 +174,7 @@ public class PollenRestApiRequestFilter implements ContainerRequestFilter, Conta headers.add(HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); headers.add(HEADER_ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, DELETE, PUT, OPTIONS"); } + } private void pushRequestContext(ContainerRequestContext context) throws PollenInvalidSessionTokenException, PollenCypherTechnicalException { @@ -226,12 +233,12 @@ public class PollenRestApiRequestFilter implements ContainerRequestFilter, Conta if (log.isDebugEnabled()) { log.debug("Found pollen-auth cookie:: " + cookie.getValue()); } - sessionTokenHeader = securityService.decrypt(cookie.getValue()); + sessionTokenHeader = cookie.getValue(); } } - SessionToken sessionToken = securityService.getSessionTokenByToken(sessionTokenHeader); + PollenUser userConnected = securityService.getUserFromToken(sessionTokenHeader); // --- get mainPrincipal (from request parameters) --- // String permission = null; @@ -243,7 +250,7 @@ public class PollenRestApiRequestFilter implements ContainerRequestFilter, Conta // --- create security context --- // - return applicationContext.newSecurityContext(sessionToken, mainPrincipal); + return applicationContext.newSecurityContext(userConnected, mainPrincipal); } @@ -271,4 +278,21 @@ public class PollenRestApiRequestFilter implements ContainerRequestFilter, Conta } + private void addTokenToResponse(ContainerResponseContext containerResponseContext) { + + SecurityService securityService = ResteasyProviderFactory.getContextData(SecurityService.class); + + String token = securityService.getToken(); + + NewCookie authCookie = new NewCookie( + COOKIE_POLLEN_AUTH, + token, + "/", + null, + null, + StringUtils.isNotBlank(token) ? COOKIE_MAX_AGE : 0, + false); + containerResponseContext.getHeaders().add(HttpHeaders.SET_COOKIE, authCookie); + } + } diff --git a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/exceptionMappers/PollenAbstractExceptionMapper.java b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/exceptionMappers/PollenAbstractExceptionMapper.java index 8f9c80c8..27a9052a 100644 --- a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/exceptionMappers/PollenAbstractExceptionMapper.java +++ b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/exceptionMappers/PollenAbstractExceptionMapper.java @@ -21,8 +21,6 @@ package org.chorem.pollen.rest.api.exceptionMappers; * #L% */ -import org.chorem.pollen.rest.api.v1.AuthApi; - import javax.ws.rs.core.Response; import javax.ws.rs.ext.ExceptionMapper; @@ -33,15 +31,8 @@ public class PollenAbstractExceptionMapper<E extends Exception> implements Excep protected final Response.Status status; - protected final boolean removeConnexionCookie; - public PollenAbstractExceptionMapper(Response.Status status) { - this(status, false); - } - - public PollenAbstractExceptionMapper(Response.Status status, boolean removeConnexionCookie) { this.status = status; - this.removeConnexionCookie = removeConnexionCookie; } protected Object getEntity(E exception) { @@ -53,9 +44,6 @@ public class PollenAbstractExceptionMapper<E extends Exception> implements Excep public Response toResponse(E exception) { Response.ResponseBuilder builder = Response.status(status) .entity(getEntity(exception)); - if (removeConnexionCookie) { - builder = AuthApi.removeAuthCookie(builder); - } return builder.build(); } } diff --git a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/exceptionMappers/PollenAuthenticationExceptionMapper.java b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/exceptionMappers/PollenAuthenticationExceptionMapper.java index d3e1cae8..6e0ec2cc 100644 --- a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/exceptionMappers/PollenAuthenticationExceptionMapper.java +++ b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/exceptionMappers/PollenAuthenticationExceptionMapper.java @@ -31,7 +31,7 @@ import javax.ws.rs.core.Response; public class PollenAuthenticationExceptionMapper extends PollenAbstractExceptionMapper<PollenAuthenticationException> { public PollenAuthenticationExceptionMapper() { - super(Response.Status.UNAUTHORIZED, true); + super(Response.Status.UNAUTHORIZED); } @Override diff --git a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/exceptionMappers/PollenInvalidSessionTokenExceptionMapper.java b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/exceptionMappers/PollenInvalidSessionTokenExceptionMapper.java index ba853679..ec8882e9 100644 --- a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/exceptionMappers/PollenInvalidSessionTokenExceptionMapper.java +++ b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/exceptionMappers/PollenInvalidSessionTokenExceptionMapper.java @@ -31,6 +31,6 @@ import javax.ws.rs.core.Response; public class PollenInvalidSessionTokenExceptionMapper extends PollenAbstractExceptionMapper<PollenInvalidSessionTokenException> { public PollenInvalidSessionTokenExceptionMapper() { - super(Response.Status.UNAUTHORIZED, true); + super(Response.Status.UNAUTHORIZED); } } diff --git a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/AuthApi.java b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/AuthApi.java index 089b2894..ce585a16 100644 --- a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/AuthApi.java +++ b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/AuthApi.java @@ -29,7 +29,6 @@ import org.apache.shiro.codec.Base64; import org.brickred.socialauth.SocialAuthManager; import org.chorem.pollen.persistence.entity.LoginProvider; import org.chorem.pollen.persistence.entity.PollenUser; -import org.chorem.pollen.persistence.entity.SessionToken; import org.chorem.pollen.services.PollenServiceContext; import org.chorem.pollen.services.bean.LoginProviderBean; import org.chorem.pollen.services.bean.PollenEntityId; @@ -59,7 +58,6 @@ import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.NewCookie; import javax.ws.rs.core.Response; import java.util.List; import java.util.Map; @@ -78,39 +76,12 @@ public class AuthApi { /** Logger */ private static final Log log = LogFactory.getLog(AuthApi.class); - public static final String COOKIE_POLLEN_AUTH = "pollen-auth"; - private static final String COOKIE_POLLEN_CONNECTED = "pollen-connected"; - private static final int COOKIE_MAX_AGE = 60 * 60 * 24 * 365; // 1 year - - public static Response.ResponseBuilder removeAuthCookie(Response.ResponseBuilder reponseBuilder) { - - NewCookie authCookie = new NewCookie( - COOKIE_POLLEN_AUTH, - "", - "/", - null, - null, - 0, - false); - - NewCookie connectedCookie = new NewCookie( - COOKIE_POLLEN_CONNECTED, - "", - "/", - null, - null, - 0, - false); - - return reponseBuilder.cookie(authCookie, connectedCookie); - } - @Path("/login") @POST @PUT - public Response login(@HeaderParam("Authorization") String authHeader, - @Context PollenServiceContext serviceContext, - @Context SecurityService securityService, - @Context PollenSecurityContext securityContext) + public PollenEntityRef<PollenUser> login(@HeaderParam("Authorization") String authHeader, + @Context PollenServiceContext serviceContext, + @Context SecurityService securityService, + @Context PollenSecurityContext securityContext) throws PollenAuthenticationException, MissingAuthenticationException, PollenInvalidSessionTokenException, @@ -129,58 +100,13 @@ public class AuthApi { } PollenEntityRef<PollenUser> userPollenEntityRef = securityService.login(login, password, false); - return getLoginResponseFromPollenUser(serviceContext, securityService, securityContext, userPollenEntityRef); + return userPollenEntityRef; } throw new MissingAuthenticationException(); } - protected Response getLoginResponseFromPollenUser(PollenServiceContext serviceContext, - SecurityService securityService, - PollenSecurityContext securityContext, - PollenEntityRef<PollenUser> userPollenEntityRef) - throws PollenInvalidSessionTokenException, PollenCypherTechnicalException { - - userPollenEntityRef.encode(serviceContext.getTopiaApplicationContext().getTopiaIdFactory()); - - // Inject the session token in security context - SessionToken sessionToken = securityService.getSessionTokenByToken(userPollenEntityRef.getPermission()); - - securityContext.setSessionToken(sessionToken); - - // add auth cookies - - String value = securityService.encrypt( - sessionToken.getPollenUser().getTopiaId(), - sessionToken.getPollenToken().getToken() - ); - - NewCookie authCookie = new NewCookie( - COOKIE_POLLEN_AUTH, - value, - "/", - null, - null, - COOKIE_MAX_AGE, - false); - - NewCookie connectedCookie = new NewCookie( - COOKIE_POLLEN_CONNECTED, - "true", - "/", - null, - null, - COOKIE_MAX_AGE, - false); - - if (log.isDebugEnabled()) { - log.debug("Add auth cookie:: " + authCookie.getValue()); - } - - return Response.ok(userPollenEntityRef).cookie(authCookie, connectedCookie).build(); - } - @Path("/login2") @POST @PUT public PollenEntityRef<PollenUser> login2(@Context SecurityService securityService, @@ -209,12 +135,12 @@ public class AuthApi { @Path("/login/{providerId}") @POST - public Response loginProvider(@Context SocialAuthService socialAuthService, - @Context PollenServiceContext serviceContext, - @Context SecurityService securityService, - @Context PollenSecurityContext securityContext, - @Context HttpServletRequest request, - String providerReturn) + public PollenEntityRef<PollenUser> loginProvider(@Context SocialAuthService socialAuthService, + @Context PollenServiceContext serviceContext, + @Context SecurityService securityService, + @Context PollenSecurityContext securityContext, + @Context HttpServletRequest request, + String providerReturn) throws Exception { SocialAuthManager socialAuthManager = @@ -225,7 +151,7 @@ public class AuthApi { Map<String, String> paramsMap = gson.fromJson(providerReturn, Map.class); PollenEntityRef<PollenUser> userPollenEntityRef = socialAuthService.login(socialAuthManager, paramsMap); - return getLoginResponseFromPollenUser(serviceContext, securityService, securityContext, userPollenEntityRef); + return userPollenEntityRef; } @Path("/logout") @@ -233,7 +159,7 @@ public class AuthApi { public Response logout(@Context SecurityService securityService) { securityService.logout(); - return removeAuthCookie(Response.status(Response.Status.NO_CONTENT)).build(); + return Response.status(Response.Status.NO_CONTENT).build(); } @Path("/lostpassword") diff --git a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/PollenUserApi.java b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/PollenUserApi.java index e8681e10..d3e19227 100644 --- a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/PollenUserApi.java +++ b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/PollenUserApi.java @@ -61,7 +61,6 @@ import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import java.util.Map; -import java.util.Objects; /** * TODO @@ -86,9 +85,7 @@ public class PollenUserApi { @Path("/user") @GET public PollenUserBean getConnectedUser(@Context PollenSecurityContext securityContext, @Context PollenUserService pollenUserService) { - PollenUser pollenUser = securityContext.getPollenUser(); - Objects.requireNonNull(pollenUser, "Could not find connected user"); - return pollenUserService.getUser(pollenUser.getTopiaId()); + return pollenUserService.getUser(); } @Path("/users/{userId}") @@ -123,14 +120,10 @@ public class PollenUserApi { @QueryParam("anonymize") boolean anonymize) { boolean selfDeletion = pollenUserService.deleteUser(userId.getEntityId(), anonymize); - Response.ResponseBuilder responseBuilder; if (selfDeletion) { securityService.logout(); - responseBuilder = AuthApi.removeAuthCookie(Response.status(Response.Status.NO_CONTENT)); - } else { - responseBuilder = Response.status(Response.Status.NO_CONTENT); } - return responseBuilder.build(); + return Response.status(Response.Status.NO_CONTENT).build(); } @Path("/users/{userId}") diff --git a/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/AbstractPollenRestApiTest.java b/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/AbstractPollenRestApiTest.java index 0f17c8b8..f826aae1 100644 --- a/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/AbstractPollenRestApiTest.java +++ b/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/AbstractPollenRestApiTest.java @@ -33,7 +33,7 @@ import org.apache.tomcat.util.scan.StandardJarScanner; import org.chorem.pollen.persistence.PollenPersistenceContext; import org.chorem.pollen.persistence.PollenTopiaPersistenceContext; import org.chorem.pollen.persistence.entity.PollenPrincipal; -import org.chorem.pollen.persistence.entity.SessionToken; +import org.chorem.pollen.persistence.entity.PollenUser; import org.chorem.pollen.rest.api.converter.JacksonConfig; import org.chorem.pollen.services.PollenServiceContext; import org.chorem.pollen.services.bean.PollenEntityId; @@ -123,11 +123,11 @@ public class AbstractPollenRestApiTest { } @Override - public PollenSecurityContext newSecurityContext(SessionToken sessionToken, PollenPrincipal mainPrincipal) { + public PollenSecurityContext newSecurityContext(PollenUser pollenUser, PollenPrincipal mainPrincipal) { FakePollenSecurityContext securityContext = new FakePollenSecurityContext(); securityContext.setMainPrincipal(mainPrincipal); - securityContext.setSessionToken(sessionToken); + securityContext.setPollenUser(pollenUser); return securityContext; } diff --git a/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/PollenUserApiTest.java b/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/PollenUserApiTest.java index 309f6c52..6c33d405 100644 --- a/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/PollenUserApiTest.java +++ b/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/PollenUserApiTest.java @@ -21,15 +21,18 @@ package org.chorem.pollen.rest.api; * #L% */ -import com.fasterxml.jackson.core.type.TypeReference; +import org.apache.http.HeaderElement; +import org.apache.http.HeaderElementIterator; +import org.apache.http.HttpResponse; import org.apache.http.client.fluent.Request; +import org.apache.http.client.fluent.Response; +import org.apache.http.message.BasicHeaderElementIterator; import org.chorem.pollen.persistence.entity.PollenUser; -import org.chorem.pollen.services.bean.PollenEntityRef; -import org.junit.Assert; import org.junit.Before; import org.junit.Ignore; import org.junit.Test; +import javax.ws.rs.core.HttpHeaders; import java.io.IOException; import java.net.URI; import java.net.URISyntaxException; @@ -146,19 +149,20 @@ public class PollenUserApiTest extends AbstractPollenRestApiTest { .build(); Request request = Request.Post(uri); - String loginContent = request.execute().returnContent().asString(); - showTestResult(loginContent); + Response response = request.execute(); + HttpResponse httpResponse = response.returnResponse(); - TypeReference<PollenEntityRef<PollenUser>> type = new TypeReference<PollenEntityRef<PollenUser>>() { - }; + String token = ""; - PollenEntityRef<PollenUser> createBeanRef = getObjectMapper().readValue(loginContent, type); - Assert.assertNotNull(createBeanRef); - Assert.assertNotNull(createBeanRef.getEntityId()); - Assert.assertNotNull(createBeanRef.getReducedId()); - Assert.assertNotNull(createBeanRef.getPermission()); + HeaderElementIterator it = new BasicHeaderElementIterator(httpResponse.headerIterator(HttpHeaders.SET_COOKIE)); + while (it.hasNext()) { + HeaderElement elem = it.nextElement(); + if (elem.getName().equals(PollenRestApiRequestFilter.COOKIE_POLLEN_AUTH)) { + token = elem.getValue(); + } + } - return createBeanRef.getPermission(); + return token; } } diff --git a/pollen-services/pom.xml b/pollen-services/pom.xml index f4c817d4..d8a22db2 100644 --- a/pollen-services/pom.xml +++ b/pollen-services/pom.xml @@ -192,6 +192,11 @@ </dependency> <dependency> + <groupId>com.auth0</groupId> + <artifactId>java-jwt</artifactId> + </dependency> + + <dependency> <groupId>org.quartz-scheduler</groupId> <artifactId>quartz</artifactId> </dependency> diff --git a/pollen-services/src/main/config/PollenServices.ini b/pollen-services/src/main/config/PollenServices.ini index d084e71a..71869494 100644 --- a/pollen-services/src/main/config/PollenServices.ini +++ b/pollen-services/src/main/config/PollenServices.ini @@ -7,14 +7,26 @@ type = file transient = true final = true -[option secret] -description = pollen.configuration.secret -key = pollen.secret +[option tokenSecret] +description = pollen.configuration.token.secret +key = pollen.token.secret type = string defaultValue = !secret# transient = true final = true +[option tokenIssue] +description = pollen.configuration.token.issue +key = pollen.token.issue +type = string +defaultValue = Pollen + +[option tokenTimeout] +description = pollen.configuration.token.timeout +key = pollen.token.timeout +type = int +defaultValue = 3600 + [option defaultPollType] description = pollen.configuration.defaultPollType key = pollen.default.pollType @@ -75,13 +87,6 @@ key = pollen.default.notifyMeHoursBeforePollEnds type = int defaultValue = 0 -[option sessionTimeoutDelay] -description = pollen.configuration.sessionTimeoutDelay -key = pollen.default.sessionTimeoutDelay -type = int -# 1 hour = 3600 s -defaultValue = 3600 - [option smtpHost] description = pollen.configuration.smptHost key = pollen.smtp.host diff --git a/pollen-services/src/main/java/org/chorem/pollen/services/PollenApplicationContext.java b/pollen-services/src/main/java/org/chorem/pollen/services/PollenApplicationContext.java index 7ca9dc5c..0cde7f7a 100644 --- a/pollen-services/src/main/java/org/chorem/pollen/services/PollenApplicationContext.java +++ b/pollen-services/src/main/java/org/chorem/pollen/services/PollenApplicationContext.java @@ -25,7 +25,7 @@ import org.chorem.pollen.persistence.PollenPersistenceContext; import org.chorem.pollen.persistence.PollenTopiaApplicationContext; import org.chorem.pollen.persistence.PollenTopiaPersistenceContext; import org.chorem.pollen.persistence.entity.PollenPrincipal; -import org.chorem.pollen.persistence.entity.SessionToken; +import org.chorem.pollen.persistence.entity.PollenUser; import org.chorem.pollen.services.config.PollenServicesConfig; import org.chorem.pollen.services.service.security.PollenSecurityContext; import org.chorem.pollen.votecounting.VoteCountingFactory; @@ -51,7 +51,7 @@ public interface PollenApplicationContext extends Closeable { PollenServiceContext newServiceContext(PollenPersistenceContext persistenceContext, Locale locale); - PollenSecurityContext newSecurityContext(SessionToken sessionToken, PollenPrincipal mainPrincipal); + PollenSecurityContext newSecurityContext(PollenUser user, PollenPrincipal mainPrincipal); void init(); } diff --git a/pollen-services/src/main/java/org/chorem/pollen/services/service/PollenUserService.java b/pollen-services/src/main/java/org/chorem/pollen/services/service/PollenUserService.java index d10a1ec4..39318bb4 100644 --- a/pollen-services/src/main/java/org/chorem/pollen/services/service/PollenUserService.java +++ b/pollen-services/src/main/java/org/chorem/pollen/services/service/PollenUserService.java @@ -135,6 +135,14 @@ public class PollenUserService extends PollenServiceSupport implements PollenSer } + public PollenUserBean getUser() { + + PollenUser pollenUser = checkAndGetConnectedUser(); + + return toPollenUserBean(pollenUser); + + } + public PollenUserBean getUser(String userId) { checkNotNull(userId); diff --git a/pollen-services/src/main/java/org/chorem/pollen/services/service/SocialAuthService.java b/pollen-services/src/main/java/org/chorem/pollen/services/service/SocialAuthService.java index 9a9da664..d1c3bab8 100644 --- a/pollen-services/src/main/java/org/chorem/pollen/services/service/SocialAuthService.java +++ b/pollen-services/src/main/java/org/chorem/pollen/services/service/SocialAuthService.java @@ -117,7 +117,8 @@ public class SocialAuthService extends PollenServiceSupport { getNotificationService().onUserCreatedFromProvider(pollenUser, credential); } - return getSecurityService().getSessionTokenForUser(pollenUser); + this.getSecurityContext().setPollenUser(pollenUser); + return PollenEntityRef.of(pollenUser); } public String addCredentialToUser(SocialAuthManager manager, diff --git a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/DefaultPollenSecurityContext.java b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/DefaultPollenSecurityContext.java index dd65ee72..bfe01f8c 100644 --- a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/DefaultPollenSecurityContext.java +++ b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/DefaultPollenSecurityContext.java @@ -23,7 +23,6 @@ package org.chorem.pollen.services.service.security; import org.chorem.pollen.persistence.entity.PollenPrincipal; import org.chorem.pollen.persistence.entity.PollenUser; -import org.chorem.pollen.persistence.entity.SessionToken; import java.io.Serializable; @@ -42,7 +41,7 @@ public class DefaultPollenSecurityContext implements Serializable, PollenSecurit * <p/> * Can be {@code null} if user is not connected. */ - protected SessionToken sessionToken; + protected PollenUser pollenUser; /** * Main principal (mainly to acquire credentials on a data). @@ -52,23 +51,23 @@ public class DefaultPollenSecurityContext implements Serializable, PollenSecurit protected PollenPrincipal mainPrincipal; @Override - public PollenPrincipal getMainPrincipal() { - return mainPrincipal; + public PollenUser getPollenUser() { + return pollenUser; } @Override - public SessionToken getSessionToken() { - return sessionToken; + public void setPollenUser(PollenUser pollenUser) { + this.pollenUser = pollenUser; } @Override - public PollenUser getPollenUser() { - return sessionToken != null ? sessionToken.getPollenUser() : null; + public PollenPrincipal getMainPrincipal() { + return mainPrincipal; } @Override public boolean isConnected() { - return sessionToken != null; + return getPollenUser() != null; } @Override @@ -77,11 +76,6 @@ public class DefaultPollenSecurityContext implements Serializable, PollenSecurit } @Override - public void setSessionToken(SessionToken sessionToken) { - this.sessionToken = sessionToken; - } - - @Override public void setMainPrincipal(PollenPrincipal mainPrincipal) { this.mainPrincipal = mainPrincipal; } diff --git a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenInvalidSessionTokenException.java b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenInvalidSessionTokenException.java index 4cad1cb1..96802d36 100644 --- a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenInvalidSessionTokenException.java +++ b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenInvalidSessionTokenException.java @@ -30,4 +30,11 @@ package org.chorem.pollen.services.service.security; public class PollenInvalidSessionTokenException extends Exception { private static final long serialVersionUID = 1L; + + public PollenInvalidSessionTokenException() { + } + + public PollenInvalidSessionTokenException(Throwable cause) { + super(cause); + } } diff --git a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenSecurityContext.java b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenSecurityContext.java index 0f31a769..9f964bdc 100644 --- a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenSecurityContext.java +++ b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenSecurityContext.java @@ -23,7 +23,6 @@ package org.chorem.pollen.services.service.security; import org.chorem.pollen.persistence.entity.PollenPrincipal; import org.chorem.pollen.persistence.entity.PollenUser; -import org.chorem.pollen.persistence.entity.SessionToken; /** * Created on 5/1/14. @@ -40,9 +39,7 @@ public interface PollenSecurityContext { */ PollenPrincipal getMainPrincipal(); - SessionToken getSessionToken(); - - void setSessionToken(SessionToken sessionToken); + void setPollenUser(PollenUser pollenUser); PollenUser getPollenUser(); diff --git a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java index 2a0aeabb..9bd9df43 100644 --- a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java +++ b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java @@ -21,20 +21,22 @@ package org.chorem.pollen.services.service.security; * #L% */ +import com.auth0.jwt.JWT; +import com.auth0.jwt.JWTVerifier; +import com.auth0.jwt.algorithms.Algorithm; +import com.auth0.jwt.exceptions.JWTVerificationException; +import com.auth0.jwt.interfaces.DecodedJWT; import com.google.common.base.Preconditions; import org.apache.commons.lang3.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.InvalidCipherTextException; import org.bouncycastle.crypto.engines.RijndaelEngine; import org.bouncycastle.crypto.modes.CBCBlockCipher; import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; import org.bouncycastle.crypto.paddings.ZeroBytePadding; -import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.util.encoders.Base64; import org.chorem.pollen.persistence.entity.Choice; import org.chorem.pollen.persistence.entity.Comment; import org.chorem.pollen.persistence.entity.CommentVisibility; @@ -52,17 +54,14 @@ import org.chorem.pollen.persistence.entity.VoteVisibility; import org.chorem.pollen.persistence.entity.VoterList; import org.chorem.pollen.persistence.entity.VoterListMember; import org.chorem.pollen.services.PollenServiceContext; +import org.chorem.pollen.services.PollenTechnicalException; import org.chorem.pollen.services.bean.PollenEntityRef; import org.chorem.pollen.services.bean.UsersRight; import org.chorem.pollen.services.service.PollenServiceSupport; +import org.nuiton.topia.persistence.TopiaNoResultException; -import javax.crypto.Mac; -import javax.crypto.SecretKey; -import javax.crypto.spec.SecretKeySpec; +import java.io.UnsupportedEncodingException; import java.security.Security; -import java.time.Clock; -import java.time.LocalDateTime; -import java.time.ZoneOffset; import java.util.Calendar; import java.util.Date; import java.util.Objects; @@ -140,18 +139,14 @@ public class SecurityService extends PollenServiceSupport { PollenUser user = getPollenUserDao().findUserWithEmailAddressOrNull(login); if (user == null) { throw new PollenUnauthorizedException(login); - } else { - try { - checkUserPassword(user, password); - } catch (PollenInvalidPasswordException e) { - throw new PollenAuthenticationException(e); - } } - return getSessionTokenForUser(user); - } + try { + checkUserPassword(user, password); + } catch (PollenInvalidPasswordException e) { + throw new PollenAuthenticationException(e); + } - public PollenEntityRef<PollenUser> getSessionTokenForUser(PollenUser user) throws PollenEmailNotValidatedException, PollenUserBannedException { if (!user.isEmailValidated()) { throw new PollenEmailNotValidatedException(); } @@ -159,37 +154,15 @@ public class SecurityService extends PollenServiceSupport { throw new PollenUserBannedException(); } - // Generate a token - PollenToken pollenToken = generateNewToken(); - - // Set end date (createDate + sessionTimeoutDelay) - Calendar calendar = Calendar.getInstance(); - calendar.setTime(pollenToken.getCreationDate()); - calendar.add(Calendar.SECOND, getPollenServiceConfig().getSessionTimeoutDelay()); - - Date endDate = calendar.getTime(); - pollenToken.setEndDate(endDate); - - // Create session Token - SessionToken sessionToken = getSessionTokenDao().create( - SessionToken.PROPERTY_POLLEN_TOKEN, pollenToken, - SessionToken.PROPERTY_POLLEN_USER, user); - commit(); + this.getSecurityContext().setPollenUser(user); + return PollenEntityRef.of(user); - return PollenEntityRef.of(sessionToken); } public void logout() { - SessionToken sessionToken = serviceContext.getSecurityContext().getSessionToken(); - - if (sessionToken != null) { - getSessionTokenDao().delete(sessionToken); - commit(); - } - // Remove the session token from security context - getSecurityContext().setSessionToken(null); + getSecurityContext().setPollenUser(null); } public void lostPassword(String login) throws PollenUserUnknownException, PollenEmailNotValidatedException { @@ -232,6 +205,72 @@ public class SecurityService extends PollenServiceSupport { } + public String getToken() { + String token = ""; + if (isConnected()) { + token = getToken(getConnectedUser()); + } + return token; + } + + + public String getToken(PollenUser user) { + + Date now = getNow(); + Calendar calendar = Calendar.getInstance(); + calendar.setTime(now); + calendar.add(Calendar.SECOND, getPollenServiceConfig().getTokenTimeout()); + Date expireDate = calendar.getTime(); + + String token = JWT.create() + .withIssuer(getPollenServiceConfig().getTokenIssue()) + .withIssuedAt(now) + .withExpiresAt(expireDate) + .withSubject(getReduceId(user)) + .sign(getAlgorithm()); + + return token; + } + + public PollenUser getUserFromToken(String token) throws PollenInvalidSessionTokenException { + PollenUser user = null; + + if (StringUtils.isNotBlank(token)) { + + try { + JWTVerifier.BaseVerification verification = + (JWTVerifier.BaseVerification) JWT.require(getAlgorithm()) + .withIssuer(getPollenServiceConfig().getTokenIssue()); + + JWTVerifier verifier = verification + .build(this::getNow); + DecodedJWT jwt = verifier.verify(token); + String userId = jwt.getSubject(); + + user = findEntity(PollenUser.class, userId); + + } catch (JWTVerificationException e) { + if (log.isInfoEnabled()) { + log.info("Invalid Token", e); + } + } catch (TopiaNoResultException e) { + if (log.isErrorEnabled()) { + log.error("Not find Token user", e); + } + } + } + return user; + } + + protected Algorithm getAlgorithm() { + String secret = getPollenServiceConfig().getTokenSecret(); + try { + return Algorithm.HMAC256(secret); + } catch (UnsupportedEncodingException e) { + throw new PollenTechnicalException(e); + } + } + public PollenToken generateNewToken() { // Generate token @@ -261,62 +300,6 @@ public class SecurityService extends PollenServiceSupport { } - public SessionToken getSessionTokenByToken(String token) throws PollenInvalidSessionTokenException { - - SessionToken sessionToken = null; - if (token != null) { - - sessionToken = getSessionTokenDao().findUniqueOrNullByToken(token); - if (sessionToken == null) { - - throw new PollenInvalidSessionTokenException(); - - } - - // check that token is still valid - Date endDate = sessionToken.getPollenToken().getEndDate(); - Date now = getNow(); - - if (endDate.before(now)) { - - throw new PollenInvalidSessionTokenException(); - - } - - int sessionTimeout = getPollenServiceConfig().getSessionTimeoutDelay(); - - Calendar calendar = Calendar.getInstance(); - // From now - calendar.setTimeInMillis(now.getTime()); - // add session timeout delay - calendar.add(Calendar.SECOND, sessionTimeout); - // retrieve 5 minutes - calendar.add(Calendar.MINUTE, -5); - - Date minEndDateToUpdate = calendar.getTime(); - - if (minEndDateToUpdate.after(endDate)) { - - // update end date (now + sessionTimeout) - calendar.setTime(now); - calendar.add(Calendar.SECOND, sessionTimeout); - Date newEndDate = calendar.getTime(); - - if (log.isDebugEnabled()) { - log.debug(String.format("SessionToken %s update endDate : %s", sessionToken.getPollenToken().getToken(), newEndDate)); - } - sessionToken.getPollenToken().setEndDate(newEndDate); - - commit(); - - } - - } - - return sessionToken; - - } - public PollenPrincipal getPollenPrincipalByPermissionToken(String principalId) { PollenPrincipal principal = null; @@ -350,114 +333,6 @@ public class SecurityService extends PollenServiceSupport { } - public String encrypt(String userId, String token) throws PollenCypherTechnicalException { - try { - LocalDateTime date = LocalDateTime.now(Clock.systemUTC()); - date = date.plusDays(1); - long expired = date.toEpochSecond(ZoneOffset.UTC); - - String secret = getPollenServiceConfig().getSecret(); - String key = hashSha1(userId + expired, secret); - String encrytedValue = encrypt0(token, key); - String verifKey = hashSha1(userId + expired + token, key); - - return userId + "|" + expired + "|" + encrytedValue + "|" + verifKey; - - } catch (Exception e) { - throw new PollenCypherTechnicalException(e); - } - } - - public String decrypt(String encrytedValue) throws PollenCypherTechnicalException { - try { - if (encrytedValue == null) { - return null; - } - - String[] split = encrytedValue.split("\\|"); - if (split.length < 4) { - return null; - } - - LocalDateTime date = LocalDateTime.now(Clock.systemUTC()); - long now = date.toEpochSecond(ZoneOffset.UTC); - - long expired = Long.parseLong(split[1]); - if (expired < now) { - return null; - } - - String verifKey = split[3]; - String userId = split[0]; - String token = split[2]; - - String secret = getPollenServiceConfig().getSecret(); - String key = hashSha1(userId + expired, secret); - String decryptedValue = decrypt0(token, key); - String valueVerifKey = hashSha1(userId + expired + decryptedValue, key); - - if (!verifKey.equals(valueVerifKey)) { - return null; - } - - return decryptedValue; - - } catch (Exception e) { - throw new PollenCypherTechnicalException(e); - } - } - - private String encrypt0(String value, String key) throws InvalidCipherTextException { - - byte[] keyBytes = key.getBytes(); - cipher.init(true, new KeyParameter(keyBytes)); - - byte[] input = value.getBytes(); - byte[] cipherText = new byte[cipher.getOutputSize(input.length)]; - - int cipherLength = cipher.processBytes(input, 0, input.length, cipherText, 0); - cipher.doFinal(cipherText, cipherLength); - - return new String(Base64.encode(cipherText)); - } - - private String decrypt0(String value, String key) throws InvalidCipherTextException { - - byte[] keyBytes = key.getBytes(); - cipher.init(false, new KeyParameter(keyBytes)); - - byte[] output = Base64.decode(value.getBytes()); - byte[] cipherText = new byte[cipher.getOutputSize(output.length)]; - - int cipherLength = cipher.processBytes(output, 0, output.length, cipherText, 0); - int outputLength = cipher.doFinal(cipherText, cipherLength); - outputLength += cipherLength; - - byte[] resultBytes = cipherText; - if (outputLength != output.length) { - resultBytes = new byte[outputLength]; - System.arraycopy(cipherText, 0, resultBytes, 0, outputLength); - } - - return new String(resultBytes); - } - - private String hashSha1(String value, String key) throws Exception { - - byte[] keyBytes = key.getBytes(); - SecretKey secretKey = new SecretKeySpec(keyBytes, "HMac-SHA1"); - - Mac mac = Mac.getInstance("HMac-SHA1", "BC"); - mac.init(secretKey); - mac.reset(); - - byte[] input = value.getBytes(); - mac.update(input, 0, input.length); - byte[] out = mac.doFinal(); - - return new String(Base64.encode(out)); - } - protected boolean matchPrincipal(PollenPrincipal principal) { return principal != null && (principal.equals(getSecurityContext().getMainPrincipal()) diff --git a/pollen-services/src/main/java/org/chorem/pollen/services/test/FakePollenApplicationContext.java b/pollen-services/src/main/java/org/chorem/pollen/services/test/FakePollenApplicationContext.java index 82467705..bf39e898 100644 --- a/pollen-services/src/main/java/org/chorem/pollen/services/test/FakePollenApplicationContext.java +++ b/pollen-services/src/main/java/org/chorem/pollen/services/test/FakePollenApplicationContext.java @@ -31,7 +31,7 @@ import org.chorem.pollen.persistence.PollenPersistenceContext; import org.chorem.pollen.persistence.PollenTopiaApplicationContext; import org.chorem.pollen.persistence.PollenTopiaPersistenceContext; import org.chorem.pollen.persistence.entity.PollenPrincipal; -import org.chorem.pollen.persistence.entity.SessionToken; +import org.chorem.pollen.persistence.entity.PollenUser; import org.chorem.pollen.services.PollenApplicationContext; import org.chorem.pollen.services.PollenFixtures; import org.chorem.pollen.services.PollenServiceContext; @@ -230,11 +230,11 @@ public class FakePollenApplicationContext extends TestWatcher implements PollenA } @Override - public FakePollenSecurityContext newSecurityContext(SessionToken sessionToken, PollenPrincipal mainPrincipal) { + public FakePollenSecurityContext newSecurityContext(PollenUser pollenUser, PollenPrincipal mainPrincipal) { FakePollenSecurityContext securityContext = new FakePollenSecurityContext(); securityContext.setMainPrincipal(mainPrincipal); - securityContext.setSessionToken(sessionToken); + securityContext.setPollenUser(pollenUser); return securityContext; } diff --git a/pollen-services/src/main/resources/i18n/pollen-services_en_GB.properties b/pollen-services/src/main/resources/i18n/pollen-services_en_GB.properties index 81bcde79..8417241e 100644 --- a/pollen-services/src/main/resources/i18n/pollen-services_en_GB.properties +++ b/pollen-services/src/main/resources/i18n/pollen-services_en_GB.properties @@ -26,13 +26,14 @@ pollen.configuration.report.maxScore=Maximum score for reporting before administ pollen.configuration.resendEmailsCronSchedule=Time between two cron jobs of email resending pollen.configuration.resource.maxSize=Maximum size of pollen resource pollen.configuration.resource.preview.max=Maximum dimension of image preview -pollen.configuration.secret=secret key for authentification tokens pollen.configuration.sendEndPollRemindersCronSchedule=Time between two cron jobs of poll end reminder sending -pollen.configuration.sessionTimeoutDelay=Inactivity delay before invalidate the session of a user (in seconds) pollen.configuration.smptHost=Smtp Host pollen.configuration.smtpFrom=Smtp From pollen.configuration.smtpPort=Smtp Port pollen.configuration.smtpWait=Time between two send mail to smtp +pollen.configuration.token.issue=Producer name for authentification tokens +pollen.configuration.token.secret=secret key for authentification tokens +pollen.configuration.token.timeout=Inactivity delay before invalidate the session of a user (in seconds) pollen.configuration.userConnectedRequired=Only connected users can be access on application pollen.configuration.usersCanCreatePoll=Wich user can create Poll ("All_USERS", "USERS_CONNECTED" or "USERS_SELECTED") pollen.configuration.version=Application version diff --git a/pollen-services/src/main/resources/i18n/pollen-services_fr_FR.properties b/pollen-services/src/main/resources/i18n/pollen-services_fr_FR.properties index 5a28f64c..347027e4 100644 --- a/pollen-services/src/main/resources/i18n/pollen-services_fr_FR.properties +++ b/pollen-services/src/main/resources/i18n/pollen-services_fr_FR.properties @@ -26,13 +26,14 @@ pollen.configuration.report.maxScore=Score maximum pour un signalement avant que pollen.configuration.resendEmailsCronSchedule=Intervalle entre deux lancements de la tâche de renvoi des emails en erreur pollen.configuration.resource.maxSize=Taille maximal pour un fichier de resource de Pollen pollen.configuration.resource.preview.max=Dimension maximal de la prévisualisation d'un image -pollen.configuration.secret=Clé secret pour chiffer le jetons d'authnetification pollen.configuration.sendEndPollRemindersCronSchedule=Intervalle entre deux lancements de la tâche d'envoi de mails de rappel de fin de sondage -pollen.configuration.sessionTimeoutDelay=Temps autorisé d'inactivité avant d'invalider une session utilisateur (en secondes) pollen.configuration.smptHost=Hôte smtp pollen.configuration.smtpFrom=Expéditeur pollen.configuration.smtpPort=Port smtp pollen.configuration.smtpWait=Intervalle de temps entre deux envois de mail au SMTP +pollen.configuration.token.issue=Nom du producteur de jeton d'authentification +pollen.configuration.token.secret=Clé secret pour chiffer le jetons d'authnetification +pollen.configuration.token.timeout=Temps autorisé d'inactivité avant d'invalider une session utilisateur (en secondes) pollen.configuration.userConnectedRequired=Seul les utilisateurs connectés peuvent accéder à l'application pollen.configuration.usersCanCreatePoll=Quels utilisateurs peuvent créer des sondages ("All_USERS", "USERS_CONNECTED" ou "USERS_SELECTED") pollen.configuration.version=Version de l'application diff --git a/pollen-services/src/test/java/org/chorem/pollen/services/AbstractPollenServiceTest.java b/pollen-services/src/test/java/org/chorem/pollen/services/AbstractPollenServiceTest.java index 62c7b8c7..ad495f7e 100644 --- a/pollen-services/src/test/java/org/chorem/pollen/services/AbstractPollenServiceTest.java +++ b/pollen-services/src/test/java/org/chorem/pollen/services/AbstractPollenServiceTest.java @@ -22,9 +22,6 @@ package org.chorem.pollen.services; */ import com.google.common.collect.Multimap; -import org.chorem.pollen.persistence.entity.PollenUser; -import org.chorem.pollen.persistence.entity.SessionToken; -import org.chorem.pollen.services.bean.PollenEntityRef; import org.chorem.pollen.services.service.InvalidFormException; import org.chorem.pollen.services.service.security.PollenAuthenticationException; import org.chorem.pollen.services.service.security.PollenEmailNotValidatedException; @@ -92,11 +89,8 @@ public abstract class AbstractPollenServiceTest { SecurityService securityService = newService(SecurityService.class); - PollenEntityRef<PollenUser> loginRef = securityService.login(login, password, null); - - SessionToken sessionToken = securityService.getSessionTokenByToken(loginRef.getPermission()); - serviceContext.getSecurityContext().setSessionToken(sessionToken); - + securityService.login(login, password, null); + } protected void logout() { diff --git a/pollen-ui-riot-js/src/main/web/js/Session.js b/pollen-ui-riot-js/src/main/web/js/Session.js index 3410c698..d4e54197 100644 --- a/pollen-ui-riot-js/src/main/web/js/Session.js +++ b/pollen-ui-riot-js/src/main/web/js/Session.js @@ -143,7 +143,7 @@ class Session { } isConnected() { - return document.cookie.indexOf("pollen-connected=true") !== -1; + return document.cookie.indexOf("pollen-auth=") !== -1; } isAdminConnected() { diff --git a/pom.xml b/pom.xml index b2d1a4e8..385d8590 100644 --- a/pom.xml +++ b/pom.xml @@ -190,6 +190,7 @@ <h2Version>1.4.178</h2Version> <postgresqlVersion>9.4.1212.jre7</postgresqlVersion> <shiroVersion>1.2.3</shiroVersion> + <jwtJavaVersion>3.3.0</jwtJavaVersion> <slf4jVersion>1.7.22</slf4jVersion> <jettyVersion>9.0.3.v20130506</jettyVersion> <tomcatEmbedVersion>7.0.50</tomcatEmbedVersion> @@ -491,6 +492,14 @@ <artifactId>shiro-core</artifactId> <version>${shiroVersion}</version> </dependency> + + <!-- Jwt-java --> + <dependency> + <groupId>com.auth0</groupId> + <artifactId>java-jwt</artifactId> + <version>${jwtJavaVersion}</version> + </dependency> + <!--dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> -- To stop receiving notification emails like this one, please contact chorem.org SCM administrator <admin+scm@chorem.org>.