Example 1 with Gw2AccountVerificationChallengeEntity
use of com.gw2auth.oauth2.server.repository.verification.Gw2AccountVerificationChallengeEntity in project oauth2-server by gw2auth.
the class VerificationServiceImpl method startChallenge.
@Override
@Transactional
public VerificationChallengeStart startChallenge(long accountId, long challengeId) {
final VerificationChallenge<?> verificationChallenge = this.challengesById.get(challengeId);
if (verificationChallenge == null) {
throw new Gw2AccountVerificationServiceException("", HttpStatus.BAD_REQUEST);
}
final Optional<Gw2AccountVerificationChallengeEntity> optional = this.gw2AccountVerificationChallengeRepository.findByAccountIdAndGw2AccountId(accountId, STARTED_CHALLENGE_GW2_ACCOUNT_ID);
final Instant currentTime = this.clock.instant();
if (optional.isPresent()) {
final Gw2AccountVerificationChallengeEntity currentStartedChallenge = optional.get();
if (currentStartedChallenge.challengeId() == challengeId) {
throw new Gw2AccountVerificationServiceException(Gw2AccountVerificationServiceException.CHALLENGE_ALREADY_STARTED, HttpStatus.BAD_REQUEST);
} else if (currentTime.isBefore(currentStartedChallenge.timeoutAt())) {
throw new Gw2AccountVerificationServiceException(Gw2AccountVerificationServiceException.CHALLENGE_START_NOT_YET_POSSIBLE, HttpStatus.BAD_REQUEST);
}
}
return startChallenge(accountId, currentTime, verificationChallenge);
}
Also used :
Instant(java.time.Instant)
Gw2AccountVerificationChallengeEntity(com.gw2auth.oauth2.server.repository.verification.Gw2AccountVerificationChallengeEntity)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 2 with Gw2AccountVerificationChallengeEntity
use of com.gw2auth.oauth2.server.repository.verification.Gw2AccountVerificationChallengeEntity in project oauth2-server by gw2auth.
the class VerificationServiceImpl method startChallenge.
private <S> VerificationChallengeStart startChallenge(long accountId, Instant currentTime, VerificationChallenge<S> challenge) {
final S state = challenge.start();
final String rawState;
try {
rawState = challenge.writeState(state);
} catch (IOException e) {
throw new Gw2AccountVerificationServiceException(Gw2AccountVerificationServiceException.INTERNAL_SERVER_ERROR, HttpStatus.INTERNAL_SERVER_ERROR);
}
final Gw2AccountVerificationChallengeEntity entity = this.gw2AccountVerificationChallengeRepository.save(// the timeoutAt in the case of started challenge is not an actual timeout, but the time when a new challenge may be started
new Gw2AccountVerificationChallengeEntity(accountId, STARTED_CHALLENGE_GW2_ACCOUNT_ID, challenge.getId(), rawState, null, currentTime, currentTime.plus(TIME_BETWEEN_UNFINISHED_STARTS)));
return new VerificationChallengeStart(entity.challengeId(), challenge.buildMessage(state), entity.timeoutAt());
}
Also used :
IOException(java.io.IOException)
Gw2AccountVerificationChallengeEntity(com.gw2auth.oauth2.server.repository.verification.Gw2AccountVerificationChallengeEntity)
Example 3 with Gw2AccountVerificationChallengeEntity
use of com.gw2auth.oauth2.server.repository.verification.Gw2AccountVerificationChallengeEntity in project oauth2-server by gw2auth.
the class VerificationControllerTest method startChallengeWithLongEnoughBetween.
@WithGw2AuthLogin
public void startChallengeWithLongEnoughBetween(MockHttpSession session) throws Exception {
final long accountId = AuthenticationHelper.getUser(session).orElseThrow().getAccountId();
// prepare the testing clock
Clock testingClock = Clock.fixed(Instant.now(), ZoneId.systemDefault());
this.verificationService.setClock(testingClock);
this.mockMvc.perform(post("/api/verification").session(session).with(csrf()).queryParam("challengeId", "1")).andExpect(status().isOk()).andExpect(jsonPath("$.challengeId").value("1")).andExpect(jsonPath("$.message.apiTokenName").isString()).andExpect(jsonPath("$.nextAllowedStartTime").isString());
final Gw2AccountVerificationChallengeEntity startedChallenge = this.gw2AccountVerificationChallengeRepository.findByAccountIdAndGw2AccountId(accountId, "").orElse(null);
assertNotNull(startedChallenge);
// wait 29min (not enough)
testingClock = Clock.offset(testingClock, Duration.ofMinutes(31L));
this.verificationService.setClock(testingClock);
// try to start a new challenge
this.mockMvc.perform(post("/api/verification").session(session).with(csrf()).queryParam("challengeId", "2")).andExpect(status().isOk()).andExpect(jsonPath("$.challengeId").value("2")).andExpect(jsonPath("$.message.gw2ItemId").isNumber()).andExpect(jsonPath("$.message.buyOrderCoins").isNumber()).andExpect(jsonPath("$.nextAllowedStartTime").isString());
// started challenge should be modified
final Gw2AccountVerificationChallengeEntity updatedStartedChallenge = this.gw2AccountVerificationChallengeRepository.findByAccountIdAndGw2AccountId(accountId, "").orElse(null);
assertNotNull(updatedStartedChallenge);
assertNotEquals(startedChallenge, updatedStartedChallenge);
}
Also used :
Clock(java.time.Clock)
Gw2AccountVerificationChallengeEntity(com.gw2auth.oauth2.server.repository.verification.Gw2AccountVerificationChallengeEntity)
Example 4 with Gw2AccountVerificationChallengeEntity
use of com.gw2auth.oauth2.server.repository.verification.Gw2AccountVerificationChallengeEntity in project oauth2-server by gw2auth.
the class VerificationControllerTest method startAndSubmitChallengeForGw2AccountHavingAPendingVerification.
@WithGw2AuthLogin
public void startAndSubmitChallengeForGw2AccountHavingAPendingVerification(MockHttpSession session) throws Exception {
final long accountId = AuthenticationHelper.getUser(session).orElseThrow().getAccountId();
// prepare the testing clock
Clock testingClock = Clock.fixed(Instant.now(), ZoneId.systemDefault());
this.verificationService.setClock(testingClock);
final UUID gw2AccountId = UUID.randomUUID();
final String gw2ApiToken = TestHelper.randomRootToken();
final String gw2ApiSubtoken = TestHelper.createSubtokenJWT(UUID.randomUUID(), Set.of(Gw2ApiPermission.ACCOUNT), testingClock.instant(), Duration.ofMinutes(90L));
// prepare the gw2 api
this.gw2RestServer.reset();
preparedGw2RestServerForCreateSubtoken(gw2ApiToken, gw2ApiSubtoken, Set.of(Gw2ApiPermission.ACCOUNT), testingClock.instant().plus(Duration.ofMinutes(90L)));
preparedGw2RestServerForAccountRequest(gw2AccountId, gw2ApiSubtoken);
prepareGw2RestServerForTokenInfoRequest(gw2ApiSubtoken, "Not the name that was requested", Set.of(Gw2ApiPermission.ACCOUNT));
// start the challenge
this.verificationService.startChallenge(accountId, 1L);
// submit the challenge
this.mockMvc.perform(post("/api/verification/pending").session(session).with(csrf()).queryParam("token", gw2ApiToken)).andExpect(status().isOk()).andExpect(jsonPath("$.isSuccess").value("false")).andExpect(jsonPath("$.pending").isMap());
// started challenge should be removed
assertTrue(this.gw2AccountVerificationChallengeRepository.findByAccountIdAndGw2AccountId(accountId, "").isEmpty());
// pending challenge should be inserted
final Gw2AccountVerificationChallengeEntity startedChallenge = this.gw2AccountVerificationChallengeRepository.findByAccountIdAndGw2AccountId(accountId, gw2AccountId.toString()).orElse(null);
assertNotNull(startedChallenge);
// start a new challenge
this.verificationService.startChallenge(accountId, 1L);
// prepare the gw2 api again
this.gw2RestServer.reset();
preparedGw2RestServerForCreateSubtoken(gw2ApiToken, gw2ApiSubtoken, Set.of(Gw2ApiPermission.ACCOUNT), testingClock.instant().plus(Duration.ofMinutes(90L)));
preparedGw2RestServerForAccountRequest(gw2AccountId, gw2ApiSubtoken);
prepareGw2RestServerForTokenInfoRequest(gw2ApiSubtoken, "Not the name that was requested", Set.of(Gw2ApiPermission.ACCOUNT));
// submit the challenge again (for the same gw2 account)
this.mockMvc.perform(post("/api/verification/pending").session(session).with(csrf()).queryParam("token", gw2ApiToken)).andExpect(status().isBadRequest());
// pending challenge should not be modified
assertEquals(startedChallenge, this.gw2AccountVerificationChallengeRepository.findByAccountIdAndGw2AccountId(accountId, gw2AccountId.toString()).orElse(null));
}
Also used :
Clock(java.time.Clock)
UUID(java.util.UUID)
Gw2AccountVerificationChallengeEntity(com.gw2auth.oauth2.server.repository.verification.Gw2AccountVerificationChallengeEntity)
Example 5 with Gw2AccountVerificationChallengeEntity
use of com.gw2auth.oauth2.server.repository.verification.Gw2AccountVerificationChallengeEntity in project oauth2-server by gw2auth.
the class VerificationControllerTest method startAndSubmitApiTokenNameChallengeUnfulfilled.
@WithGw2AuthLogin
public void startAndSubmitApiTokenNameChallengeUnfulfilled(MockHttpSession session) throws Exception {
final long accountId = AuthenticationHelper.getUser(session).orElseThrow().getAccountId();
// prepare the testing clock
Clock testingClock = Clock.fixed(Instant.now(), ZoneId.systemDefault());
this.verificationService.setClock(testingClock);
final UUID gw2AccountId = UUID.randomUUID();
final String gw2ApiToken = TestHelper.randomRootToken();
final String gw2ApiSubtoken = TestHelper.createSubtokenJWT(UUID.randomUUID(), Set.of(Gw2ApiPermission.ACCOUNT), testingClock.instant(), Duration.ofMinutes(90L));
// prepare the gw2 api
this.gw2RestServer.reset();
preparedGw2RestServerForCreateSubtoken(gw2ApiToken, gw2ApiSubtoken, Set.of(Gw2ApiPermission.ACCOUNT), testingClock.instant().plus(Duration.ofMinutes(90L)));
preparedGw2RestServerForAccountRequest(gw2AccountId, gw2ApiSubtoken);
prepareGw2RestServerForTokenInfoRequest(gw2ApiSubtoken, "Not the name that was requested", Set.of(Gw2ApiPermission.ACCOUNT));
// start the challenge
this.verificationService.startChallenge(accountId, 1L);
// submit the challenge
this.mockMvc.perform(post("/api/verification/pending").session(session).with(csrf()).queryParam("token", gw2ApiToken)).andExpect(status().isOk()).andExpect(jsonPath("$.isSuccess").value("false")).andExpect(jsonPath("$.pending").isMap());
// started challenge should be removed
assertTrue(this.gw2AccountVerificationChallengeRepository.findByAccountIdAndGw2AccountId(accountId, "").isEmpty());
// pending challenge should be inserted
assertTrue(this.gw2AccountVerificationChallengeRepository.findByAccountIdAndGw2AccountId(accountId, gw2AccountId.toString()).isPresent());
// let 91 minutes pass
testingClock = Clock.offset(testingClock, Duration.ofMinutes(91L));
this.verificationService.setClock(testingClock);
// prepare the api again
this.gw2RestServer.reset();
prepareGw2RestServerForTokenInfoRequest(gw2ApiSubtoken, "Not the name that was requested", Set.of(Gw2ApiPermission.ACCOUNT));
// simulate scheduled check
this.verificationService.tryVerifyAllPending();
// pending challenge should be updated to verification failed entity
final Gw2AccountVerificationChallengeEntity verificationFailedEntity = this.gw2AccountVerificationChallengeRepository.findByAccountIdAndGw2AccountId(accountId, gw2AccountId.toString()).orElse(null);
assertNotNull(verificationFailedEntity);
assertEquals(-1L, verificationFailedEntity.challengeId());
assertInstantEquals(testingClock.instant().plus(Duration.ofHours(2L)), verificationFailedEntity.timeoutAt());
}
Also used :
Clock(java.time.Clock)
UUID(java.util.UUID)
Gw2AccountVerificationChallengeEntity(com.gw2auth.oauth2.server.repository.verification.Gw2AccountVerificationChallengeEntity)
Aggregations
Gw2AccountVerificationChallengeEntity (com.gw2auth.oauth2.server.repository.verification.Gw2AccountVerificationChallengeEntity)10
Clock (java.time.Clock)5
Instant (java.time.Instant)3
IOException (java.io.IOException)2
UUID (java.util.UUID)2
Transactional (org.springframework.transaction.annotation.Transactional)2
JsonNode (com.fasterxml.jackson.databind.JsonNode)1
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1
Gw2SubToken (com.gw2auth.oauth2.server.service.gw2.Gw2SubToken)1
Duration (java.time.Duration)1
HashMap (java.util.HashMap)1
Scheduled (org.springframework.scheduling.annotation.Scheduled)1
