List and delete active tokens (server)

This commit is contained in:
jendib 2013-08-03 00:53:58 +02:00
parent 9fca036edb
commit 487d538503
5 changed files with 121 additions and 7 deletions

View File

@ -1,6 +1,7 @@
package com.sismics.docs.core.dao.jpa; package com.sismics.docs.core.dao.jpa;
import java.util.Date; import java.util.Date;
import java.util.List;
import java.util.UUID; import java.util.UUID;
import javax.persistence.EntityManager; import javax.persistence.EntityManager;
@ -96,4 +97,31 @@ public class AuthenticationTokenDao {
q.setParameter("id", id); q.setParameter("id", id);
q.executeUpdate(); q.executeUpdate();
} }
/**
* Returns all authentication tokens of an user.
*
* @param userId
* @return
*/
@SuppressWarnings("unchecked")
public List<AuthenticationToken> getByUserId(String userId) {
EntityManager em = ThreadLocalContext.get().getEntityManager();
Query q = em.createQuery("select a from AuthenticationToken a where a.userId = :userId");
q.setParameter("userId", userId);
return q.getResultList();
}
/**
* Deletes all authentication tokens of an user.
*
* @param userId
*/
public void deleteByUserId(String userId, String id) {
EntityManager em = ThreadLocalContext.get().getEntityManager();
Query q = em.createQuery("delete AuthenticationToken a where a.userId = :userId and a.id != :id");
q.setParameter("userId", userId);
q.setParameter("id", id);
q.executeUpdate();
}
} }

View File

@ -91,12 +91,8 @@ public class FileDao {
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public List<File> getByDocumentId(String documentId) { public List<File> getByDocumentId(String documentId) {
EntityManager em = ThreadLocalContext.get().getEntityManager(); EntityManager em = ThreadLocalContext.get().getEntityManager();
// Get the files
Query q = em.createQuery("select f from File f where f.documentId = :documentId and f.deleteDate is null"); Query q = em.createQuery("select f from File f where f.documentId = :documentId and f.deleteDate is null");
q.setParameter("documentId", documentId); q.setParameter("documentId", documentId);
List<File> files = (List<File>) q.getResultList(); return q.getResultList();
return files;
} }
} }

View File

@ -1,4 +1,4 @@
- List opened sessions and ability to close them (client/server) - List opened sessions and ability to close them (client)
- Display logs (client) - Display logs (client)
- Reordering files and add new files to the end (server) - Reordering files and add new files to the end (server)
- Tag stats (client/server) - Tag stats (client/server)

View File

@ -417,6 +417,7 @@ public class UserResource extends BaseResource {
response.put("status", "ok"); response.put("status", "ok");
return Response.ok().entity(response).build(); return Response.ok().entity(response).build();
} }
/** /**
* Returns the information about the connected user. * Returns the information about the connected user.
* *
@ -532,4 +533,70 @@ public class UserResource extends BaseResource {
return Response.ok().entity(response).build(); return Response.ok().entity(response).build();
} }
/**
* Returns all active sessions.
*
* @return Response
* @throws JSONException
*/
@GET
@Path("session")
@Produces(MediaType.APPLICATION_JSON)
public Response session() throws JSONException {
if (!authenticate()) {
throw new ForbiddenClientException();
}
JSONObject response = new JSONObject();
List<JSONObject> sessions = new ArrayList<JSONObject>();
AuthenticationTokenDao authenticationTokenDao = new AuthenticationTokenDao();
for (AuthenticationToken authenticationToken : authenticationTokenDao.getByUserId(principal.getId())) {
JSONObject session = new JSONObject();
session.put("create_date", authenticationToken.getCreationDate().getTime());
if (authenticationToken.getLastConnectionDate() != null) {
session.put("last_connection_date", authenticationToken.getLastConnectionDate().getTime());
}
sessions.add(session);
}
response.put("sessions", sessions);
return Response.ok().entity(response).build();
}
/**
* Deletes all active sessions except the one used for this request.
*
* @return Response
* @throws JSONException
*/
@DELETE
@Path("session")
@Produces(MediaType.APPLICATION_JSON)
public Response deleteSession() throws JSONException {
if (!authenticate()) {
throw new ForbiddenClientException();
}
// Get the value of the session token
String authToken = null;
if (request.getCookies() != null) {
for (Cookie cookie : request.getCookies()) {
if (TokenBasedSecurityFilter.COOKIE_NAME.equals(cookie.getName())) {
authToken = cookie.getValue();
}
}
}
// Remove other tokens
AuthenticationTokenDao authenticationTokenDao = new AuthenticationTokenDao();
authenticationTokenDao.deleteByUserId(principal.getId(), authToken);
// Always return ok
JSONObject response = new JSONObject();
response.put("status", "ok");
return Response.ok().entity(response).build();
}
} }

View File

@ -137,9 +137,32 @@ public class TestUserResource extends BaseJerseyTest {
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus())); Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
String aliceAuthToken = clientUtil.getAuthenticationCookie(response); String aliceAuthToken = clientUtil.getAuthenticationCookie(response);
// Login user bob // Login user bob twice
String bobAuthToken = clientUtil.login("bob"); String bobAuthToken = clientUtil.login("bob");
String bobAuthToken2 = clientUtil.login("bob");
// List sessions
userResource = resource().path("/user/session");
userResource.addFilter(new CookieAuthenticationFilter(bobAuthToken));
response = userResource.get(ClientResponse.class);
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
json = response.getEntity(JSONObject.class);
Assert.assertTrue(json.getJSONArray("sessions").length() > 0);
// Delete all sessions
userResource = resource().path("/user/session");
userResource.addFilter(new CookieAuthenticationFilter(bobAuthToken));
response = userResource.delete(ClientResponse.class);
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
// Check bob user information with token 2 (just deleted)
userResource = resource().path("/user");
userResource.addFilter(new CookieAuthenticationFilter(bobAuthToken2));
response = userResource.get(ClientResponse.class);
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
json = response.getEntity(JSONObject.class);
Assert.assertEquals(true, json.getBoolean("anonymous"));
// Check alice user information // Check alice user information
userResource = resource().path("/user"); userResource = resource().path("/user");
userResource.addFilter(new CookieAuthenticationFilter(aliceAuthToken)); userResource.addFilter(new CookieAuthenticationFilter(aliceAuthToken));