Merge pull request 'expire-token' (#3) from expire-token into master

Reviewed-on: #3
2022-05-15 11:38:14 +00:00 · 2022-05-15 11:38:14 +00:00 · 950b880d66
commit 950b880d66
parent 24152ec239 4f1efd8c2e
2 changed files with 46 additions and 36 deletions
--- a/src/main/java/com/covas/Resources/TokenRessource.java
+++ b/src/main/java/com/covas/Resources/TokenRessource.java
@ -1,6 +1,7 @@
 package com.covas.Resources;

 import java.nio.charset.StandardCharsets;
+import java.time.Duration;
 import java.util.Arrays;
 import java.util.HashSet;

@ -21,57 +22,66 @@ import io.smallrye.jwt.auth.principal.JWTParser;
 import io.smallrye.jwt.auth.principal.ParseException;
 import io.smallrye.jwt.build.Jwt;

+import org.eclipse.microprofile.jwt.Claims;
 import org.eclipse.microprofile.jwt.JsonWebToken;
+import org.jboss.logging.Logger;
 import org.jboss.resteasy.annotations.jaxrs.HeaderParam;
 import org.postgresql.shaded.com.ongres.scram.common.bouncycastle.base64.Base64;

-@Path("/api")
+@Path("/token")
 public class TokenRessource {
    @Inject
    JsonWebToken jwt;
+    private static final Logger LOGGER = Logger.getLogger(UsersRessources.class);
+

   
    @Inject JWTParser parser;

    @GET
    @Produces(MediaType.APPLICATION_JSON)
-    @Path("token")
-    public Response getUserName(@HeaderParam("Authorization") String auth, @CookieParam("jwt") String jwtCookie) {
+    public Response tokenRefresh(@HeaderParam("Authorization") String auth, @CookieParam("user") String user, @CookieParam("jwt") String jwtCookie) {
        String name = "anonymous";
        String password = "";
-        
-        if (jwtCookie == null) {
+        if(auth == null){
+            if(user == null){
+                return Response.status(Response.Status.BAD_REQUEST).build();
+            } else {
+                name = new String(Base64.decode(user), StandardCharsets.UTF_8);
+            }
+        } else {
            String[] hash = new String(Base64.decode(auth.split(" ")[1]), StandardCharsets.UTF_8).split(":");
            name = hash[0];
            password = Hash.encryptSHA512(hash[1]);
-
+        }
        UsersEntity users = UsersEntity.findByPseudo(name);
-            if(users != null){
-
-                if(password.equals(users.password)){
-                    // Create a JWT token signed using the 'HS256' algorithm
-                    String newJwtCookie = Jwt.issuer("https://example.com/issuer").upn(name).groups(new HashSet<>(Arrays.asList(users.roles))).sign();
-                    // or create a JWT token encrypted using the 'A256KW' algorithm
-                    // Jwt.upn("alice").encryptWithSecret(secret);
-                    return Response.status(Response.Status.CREATED).cookie(new NewCookie("jwt", newJwtCookie)).build();
-                } else {
+        if (users == null){
+            return Response.status(Response.Status.NOT_FOUND).build();
+        }        
+        if (jwtCookie == null) {
+            if(!password.equals(users.password)){
                return Response.status(Response.Status.FORBIDDEN).build();                
            }
-
-                 
+            // Create a JWT token signed using the 'HS256' algorithm
+            String newJwtCookie = Jwt.issuer("https://example.com/issuer").upn(name).groups(users.roles).claim(Claims.kid, users.id.toString()).expiresIn(Duration.ofMinutes(1)).sign();
+            // or create a JWT token encrypted using the 'A256KW' algorithm
+            // Jwt.upn("alice").encryptWithSecret(secret);
+            String nameEncoded = Base64.toBase64String(name.getBytes(StandardCharsets.UTF_8));
+            return Response.status(Response.Status.CREATED).cookie(new NewCookie("jwt", newJwtCookie), new NewCookie("user", nameEncoded)).build();
      } 
-            return Response.status(Response.Status.NOT_FOUND).build();
-          
-      } else {
      // All mp.jwt and smallrye.jwt properties are still effective, only the verification key is customized.
      try {
        jwt = parser.parse(jwtCookie);
      }
      catch(ParseException p){
-              return Response.status(Response.Status.UNAUTHORIZED).build();
+        return Response.status(Response.Status.NOT_ACCEPTABLE).build();
      }
          // or jwt = parser.decrypt(jwtCookie, secret);
+       String kid = jwt.getClaim(Claims.kid).toString();
+       if(!kid.equals(users.id.toString())){
+            return Response.status(Response.Status.UNAUTHORIZED).build();
+       }
       return Response.status(Response.Status.OK).build();
    }
-    }
+    
 }
--- a/src/main/java/com/covas/Resources/UsersRessources.java
+++ b/src/main/java/com/covas/Resources/UsersRessources.java
@ -20,13 +20,13 @@ import org.jboss.logging.Logger;
 public class UsersRessources {
    private static final Logger LOGGER = Logger.getLogger(UsersRessources.class);
    @GET
-    @RolesAllowed({"Admin"})
+    @RolesAllowed("Admin")
    public Response getUsers(){
        return Response.ok(UsersEntity.listAll()).build();
    }

    @GET
-    @RolesAllowed({"Admin"})
+    @RolesAllowed("Admin")
    @Path("{id}")
    public Response getSingleUser(@PathParam("id") String id){
        UUID uid = UUID.fromString(id);
@ -38,7 +38,7 @@ public class UsersRessources {
    }

    @GET
-    @RolesAllowed({"User"})
+    @RolesAllowed("User")
    @Path("info")
    public Response getInfoUser(){
        return Response.ok().build();