QRunIO/qqq
2
0
Fork 0
mirror of https://github.com/Kingsrook/qqq.git synced 2025-07-19 21:50:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

QQQ-27: couple minor changes and updates from code review feedback

Browse Source
This commit is contained in:
Tim Chamberlain
2022-07-19 18:17:00 -05:00
parent afbba77afe
commit 7a9a83a348
5 changed files with 31 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pom.xml
View File

@ -56,7 +56,7 @@
<dependency> <dependency>
<groupId>com.auth0</groupId> <groupId>com.auth0</groupId>
<artifactId>mvc-auth-commons</artifactId> <artifactId>mvc-auth-commons</artifactId>
<version>[1.0, 2.0)</version> <version>1.9.2</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>com.fasterxml.jackson.core</groupId> <groupId>com.fasterxml.jackson.core</groupId>

3
src/main/java/com/kingsrook/qqq/backend/core/actions/ActionHelper.java
View File

@ -22,6 +22,7 @@
package com.kingsrook.qqq.backend.core.actions; package com.kingsrook.qqq.backend.core.actions;
import com.kingsrook.qqq.backend.core.exceptions.QAuthenticationException;
import com.kingsrook.qqq.backend.core.exceptions.QException; import com.kingsrook.qqq.backend.core.exceptions.QException;
import com.kingsrook.qqq.backend.core.model.actions.AbstractActionInput; import com.kingsrook.qqq.backend.core.model.actions.AbstractActionInput;
import com.kingsrook.qqq.backend.core.modules.authentication.QAuthenticationModuleDispatcher; import com.kingsrook.qqq.backend.core.modules.authentication.QAuthenticationModuleDispatcher;
@ -43,7 +44,7 @@ public class ActionHelper
QAuthenticationModuleInterface authenticationModule = qAuthenticationModuleDispatcher.getQModule(request.getAuthenticationMetaData()); QAuthenticationModuleInterface authenticationModule = qAuthenticationModuleDispatcher.getQModule(request.getAuthenticationMetaData());
if(!authenticationModule.isSessionValid(request.getSession())) if(!authenticationModule.isSessionValid(request.getSession()))
{ {
throw new QException("Invalid session in request"); throw new QAuthenticationException("Invalid session in request");
} }
} }

2
src/main/java/com/kingsrook/qqq/backend/core/exceptions/QAuthenticationException.java
View File

@ -23,7 +23,7 @@ package com.kingsrook.qqq.backend.core.exceptions;
/******************************************************************************* /*******************************************************************************
* Exception thrown while doing module-dispatch * Exception thrown doing authentication
* *
*******************************************************************************/ *******************************************************************************/
public class QAuthenticationException extends QException public class QAuthenticationException extends QException

20
src/main/java/com/kingsrook/qqq/backend/core/modules/authentication/Auth0AuthenticationModule.java
View File

@ -27,6 +27,7 @@ import java.time.Duration;
import java.time.Instant; import java.time.Instant;
import java.util.Base64; import java.util.Base64;
import java.util.Map; import java.util.Map;
import java.util.Optional;
import com.auth0.jwk.Jwk; import com.auth0.jwk.Jwk;
import com.auth0.jwk.JwkException; import com.auth0.jwk.JwkException;
import com.auth0.jwk.JwkProvider; import com.auth0.jwk.JwkProvider;
@ -60,7 +61,7 @@ public class Auth0AuthenticationModule implements QAuthenticationModuleInterface
private static final int ID_TOKEN_VALIDATION_INTERVAL_SECONDS = 300; private static final int ID_TOKEN_VALIDATION_INTERVAL_SECONDS = 300;
public static final String AUTH0_ID_TOKEN_KEY = "qqq.idToken"; public static final String AUTH0_ID_TOKEN_KEY = "sessionId";
public static final String TOKEN_NOT_PROVIDED_ERROR = "Id Token was not provided"; public static final String TOKEN_NOT_PROVIDED_ERROR = "Id Token was not provided";
public static final String COULD_NOT_DECODE_ERROR = "Unable to decode id token"; public static final String COULD_NOT_DECODE_ERROR = "Unable to decode id token";
@ -82,9 +83,6 @@ public class Auth0AuthenticationModule implements QAuthenticationModuleInterface
String idToken = context.get(AUTH0_ID_TOKEN_KEY); String idToken = context.get(AUTH0_ID_TOKEN_KEY);
if(idToken == null) if(idToken == null)
{ {
////////////////////////////////
// could not decode the token //
////////////////////////////////
logger.warn(TOKEN_NOT_PROVIDED_ERROR); logger.warn(TOKEN_NOT_PROVIDED_ERROR);
throw (new QAuthenticationException(TOKEN_NOT_PROVIDED_ERROR)); throw (new QAuthenticationException(TOKEN_NOT_PROVIDED_ERROR));
} }
@ -166,9 +164,10 @@ public class Auth0AuthenticationModule implements QAuthenticationModuleInterface
StateProviderInterface spi = getStateProvider(); StateProviderInterface spi = getStateProvider();
Auth0StateKey key = new Auth0StateKey(session.getIdReference()); Auth0StateKey key = new Auth0StateKey(session.getIdReference());
if(spi.get(Instant.class, key).isPresent()) Optional<Instant> lastTimeCheckedOptional = spi.get(Instant.class, key);
if(lastTimeCheckedOptional.isPresent())
{ {
Instant lastTimeChecked = spi.get(Instant.class, key).get(); Instant lastTimeChecked = lastTimeCheckedOptional.get();
/////////////////////////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////////////////////////
// returns negative int if less than compared duration, 0 if equal, positive int if greater than // // returns negative int if less than compared duration, 0 if equal, positive int if greater than //
@ -250,8 +249,15 @@ public class Auth0AuthenticationModule implements QAuthenticationModuleInterface
JSONObject payload = new JSONObject(payloadString); JSONObject payload = new JSONObject(payloadString);
QUser qUser = new QUser(); QUser qUser = new QUser();
qUser.setIdReference(payload.getString("email"));
qUser.setFullName(payload.getString("name")); qUser.setFullName(payload.getString("name"));
if(payload.has("email"))
{
qUser.setIdReference(payload.getString("email"));
}
else
{
qUser.setIdReference(payload.getString("nickname"));
}
QSession qSession = new QSession(); QSession qSession = new QSession();
qSession.setIdReference(idToken); qSession.setIdReference(idToken);

37
src/test/java/com/kingsrook/qqq/backend/core/modules/authentication/Auth0AuthenticationModuleTest.java
View File

@ -37,7 +37,8 @@ import static com.kingsrook.qqq.backend.core.modules.authentication.Auth0Authent
import static com.kingsrook.qqq.backend.core.modules.authentication.Auth0AuthenticationModule.EXPIRED_TOKEN_ERROR; import static com.kingsrook.qqq.backend.core.modules.authentication.Auth0AuthenticationModule.EXPIRED_TOKEN_ERROR;
import static com.kingsrook.qqq.backend.core.modules.authentication.Auth0AuthenticationModule.INVALID_TOKEN_ERROR; import static com.kingsrook.qqq.backend.core.modules.authentication.Auth0AuthenticationModule.INVALID_TOKEN_ERROR;
import static com.kingsrook.qqq.backend.core.modules.authentication.Auth0AuthenticationModule.TOKEN_NOT_PROVIDED_ERROR; import static com.kingsrook.qqq.backend.core.modules.authentication.Auth0AuthenticationModule.TOKEN_NOT_PROVIDED_ERROR;
import static org.junit.jupiter.api.Assertions.assertTrue; import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.fail; import static org.junit.jupiter.api.Assertions.fail;
@ -73,8 +74,8 @@ public class Auth0AuthenticationModuleTest
Auth0AuthenticationModule auth0AuthenticationModule = new Auth0AuthenticationModule(); Auth0AuthenticationModule auth0AuthenticationModule = new Auth0AuthenticationModule();
auth0AuthenticationModule.setNow(now); auth0AuthenticationModule.setNow(now);
QSession session = auth0AuthenticationModule.createSession(getQInstance(), context); QSession session = auth0AuthenticationModule.createSession(getQInstance(), context);
assertTrue(session.getUser().getIdReference().equals("tim.chamberlain@kingsrook.com")); assertEquals("tim.chamberlain@kingsrook.com", session.getUser().getIdReference(), "Id should be Tim's email.");
assertTrue(session.getUser().getFullName().equals("Tim Chamberlain")); assertEquals("Tim Chamberlain", session.getUser().getFullName(), "Full name should be Tim's full name (well without the middle name).");
} }
@ -93,14 +94,12 @@ public class Auth0AuthenticationModuleTest
{ {
Auth0AuthenticationModule auth0AuthenticationModule = new Auth0AuthenticationModule(); Auth0AuthenticationModule auth0AuthenticationModule = new Auth0AuthenticationModule();
auth0AuthenticationModule.createSession(getQInstance(), context); auth0AuthenticationModule.createSession(getQInstance(), context);
fail("Should never get here");
} }
catch(QAuthenticationException qae) catch(QAuthenticationException qae)
{ {
assertTrue(qae.getMessage().contains(INVALID_TOKEN_ERROR)); assertThat(qae.getMessage()).contains(INVALID_TOKEN_ERROR);
return;
} }
fail("Should never get here");
} }
@ -119,14 +118,12 @@ public class Auth0AuthenticationModuleTest
{ {
Auth0AuthenticationModule auth0AuthenticationModule = new Auth0AuthenticationModule(); Auth0AuthenticationModule auth0AuthenticationModule = new Auth0AuthenticationModule();
auth0AuthenticationModule.createSession(getQInstance(), context); auth0AuthenticationModule.createSession(getQInstance(), context);
fail("Should never get here");
} }
catch(QAuthenticationException qae) catch(QAuthenticationException qae)
{ {
assertTrue(qae.getMessage().contains(COULD_NOT_DECODE_ERROR)); assertThat(qae.getMessage()).contains(COULD_NOT_DECODE_ERROR);
return;
} }
fail("Should never get here");
} }
@ -145,14 +142,12 @@ public class Auth0AuthenticationModuleTest
{ {
Auth0AuthenticationModule auth0AuthenticationModule = new Auth0AuthenticationModule(); Auth0AuthenticationModule auth0AuthenticationModule = new Auth0AuthenticationModule();
auth0AuthenticationModule.createSession(getQInstance(), context); auth0AuthenticationModule.createSession(getQInstance(), context);
fail("Should never get here");
} }
catch(QAuthenticationException qae) catch(QAuthenticationException qae)
{ {
assertTrue(qae.getMessage().contains(EXPIRED_TOKEN_ERROR)); assertThat(qae.getMessage()).contains(EXPIRED_TOKEN_ERROR);
return;
} }
fail("Should never get here");
} }
@ -168,14 +163,12 @@ public class Auth0AuthenticationModuleTest
{ {
Auth0AuthenticationModule auth0AuthenticationModule = new Auth0AuthenticationModule(); Auth0AuthenticationModule auth0AuthenticationModule = new Auth0AuthenticationModule();
auth0AuthenticationModule.createSession(getQInstance(), new HashMap<>()); auth0AuthenticationModule.createSession(getQInstance(), new HashMap<>());
fail("Should never get here");
} }
catch(QAuthenticationException qae) catch(QAuthenticationException qae)
{ {
assertTrue(qae.getMessage().contains(TOKEN_NOT_PROVIDED_ERROR)); assertThat(qae.getMessage()).contains(TOKEN_NOT_PROVIDED_ERROR);
return;
} }
fail("Should never get here");
} }
@ -194,14 +187,12 @@ public class Auth0AuthenticationModuleTest
{ {
Auth0AuthenticationModule auth0AuthenticationModule = new Auth0AuthenticationModule(); Auth0AuthenticationModule auth0AuthenticationModule = new Auth0AuthenticationModule();
auth0AuthenticationModule.createSession(getQInstance(), context); auth0AuthenticationModule.createSession(getQInstance(), context);
fail("Should never get here");
} }
catch(QAuthenticationException qae) catch(QAuthenticationException qae)
{ {
assertTrue(qae.getMessage().contains(TOKEN_NOT_PROVIDED_ERROR)); assertThat(qae.getMessage()).contains(TOKEN_NOT_PROVIDED_ERROR);
return;
} }
fail("Should never get here");
} }