Removed error response on token expiry

This commit is contained in:
Rohan Sircar 2020-05-22 10:18:05 +05:30
parent 6f34f41974
commit 430c0c131a

View File

@ -38,11 +38,13 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
@Autowired @Autowired
private final TokenService tokenService; private final TokenService tokenService;
private final Logger logger = LoggerFactory.getLogger(TokenAuthenticationFilter.class); private final Logger logger = LoggerFactory
.getLogger(TokenAuthenticationFilter.class);
private final int tokenTimeoutDuration; private final int tokenTimeoutDuration;
public TokenAuthenticationFilter(UserTokenService userTokenService, TokenService tokenService, public TokenAuthenticationFilter(UserTokenService userTokenService,
TokenService tokenService,
@Value("${chatto.token.timeout-duration}") String tokenTimeoutDuration) { @Value("${chatto.token.timeout-duration}") String tokenTimeoutDuration) {
this.tokenTimeoutDuration = Integer.parseInt(tokenTimeoutDuration); this.tokenTimeoutDuration = Integer.parseInt(tokenTimeoutDuration);
this.userTokenService = userTokenService; this.userTokenService = userTokenService;
@ -50,7 +52,8 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
} }
private boolean isTokenExpired(UserToken userToken) { private boolean isTokenExpired(UserToken userToken) {
Duration duration = Duration.between(userToken.getCreationTime(), Instant.now()); Duration duration = Duration.between(userToken.getCreationTime(),
Instant.now());
long minutes = Math.abs(duration.toMinutes()); long minutes = Math.abs(duration.toMinutes());
if (minutes > tokenTimeoutDuration) { if (minutes > tokenTimeoutDuration) {
return true; return true;
@ -59,20 +62,23 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
} }
@Override @Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException { throws ServletException, IOException {
try { try {
final String accessToken = request.getHeader("X-AUTH-TOKEN"); final String accessToken = request.getHeader("X-AUTH-TOKEN");
if (null != accessToken) { if (null != accessToken) {
// get and check whether token is valid ( from DB or file wherever you are // get and check whether token is valid ( from DB or file
// wherever you are
// storing the token) // storing the token)
Token token = tokenService.verifyToken(accessToken); Token token = tokenService.verifyToken(accessToken);
if (token == null) { if (token == null) {
throw new BadCredentialsException("Token not issued by us"); throw new BadCredentialsException("Token not issued by us");
} }
UserToken userToken = userTokenService.getTokenByTokenString(accessToken); UserToken userToken = userTokenService
.getTokenByTokenString(accessToken);
if (userToken == null) { if (userToken == null) {
throw new BadCredentialsException("Token not found"); throw new BadCredentialsException("Token not found");
@ -84,24 +90,33 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
} }
boolean isTokenExpired = isTokenExpired(userToken); boolean isTokenExpired = isTokenExpired(userToken);
logger.trace(String.format("Token for %s is expired? %s", userName, isTokenExpired)); logger.trace(String.format("Token for %s is expired? %s",
userName, isTokenExpired));
if (!isTokenExpired) { if (!isTokenExpired) {
userToken.setCreationTime(Instant.now()); userToken.setCreationTime(Instant.now());
userTokenService.saveToken(userToken); userTokenService.saveToken(userToken);
SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(userToken.getRole()); SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(
List<SimpleGrantedAuthority> updatedAuthorities = new ArrayList<SimpleGrantedAuthority>(); userToken.getRole());
var updatedAuthorities = new ArrayList<SimpleGrantedAuthority>();
updatedAuthorities.add(simpleGrantedAuthority); updatedAuthorities.add(simpleGrantedAuthority);
final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken( final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
userName, token.getKey(), updatedAuthorities); userName, token.getKey(), updatedAuthorities);
SecurityContextHolder.getContext().setAuthentication(authentication); SecurityContextHolder.getContext()
.setAuthentication(authentication);
} else { } else {
userTokenService.deleteToken(userToken); userTokenService.deleteToken(userToken);
TokenCacheUtil.evictSingleTokenValue(userToken.getTokenContent()); TokenCacheUtil
response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_VALUE); .evictSingleTokenValue(userToken.getTokenContent());
response.setStatus(440); // response.setHeader(HttpHeaders.CONTENT_TYPE,
// response.sendError(440, "Token authentication error: Token has expired"); // MediaType.TEXT_PLAIN_VALUE);
response.getWriter().write("Token authentication error: Token has expired"); // response.setStatus(440);
logger.warn("Token authentication error: Token has expired"); // // response.sendError(440, "Token authentication error:
// Token has expired");
// response.getWriter().write("Token authentication error:
// Token has expired");
// logger.warn("Token authentication error: Token has
// expired");
// return; // return;
} }
@ -111,9 +126,11 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
} }
catch (BadCredentialsException e) { catch (BadCredentialsException e) {
response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_VALUE); response.setHeader(HttpHeaders.CONTENT_TYPE,
MediaType.TEXT_PLAIN_VALUE);
response.setStatus(HttpServletResponse.SC_BAD_REQUEST); response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
// response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); // response.sendError(HttpServletResponse.SC_BAD_REQUEST,
// e.getMessage());
response.getWriter().write("Token authentication error"); response.getWriter().write("Token authentication error");
logger.warn("Token authentication error: " + e.getMessage()); logger.warn("Token authentication error: " + e.getMessage());
} }