Examples with Session com.macasaet.fernet.example.pb.Example.Session used on opensource projects

Example 1 with Session

use of com.macasaet.fernet.example.pb.Example.Session in project fernet-java8 by l0s.

the class ProtocolBuffersExampleIT method createSession.

/**
 * Start a new session.
 *
 * @return a serialised Fernet token with a {@link Session} embedded in the payload
 */
@POST
@Path("/api/sessions")
public String createSession(@Context final HttpServletResponse servletResponse) {
    final String sessionId = UUID.randomUUID().toString();
    final Builder builder = Session.newBuilder();
    builder.setSessionId(sessionId);
    builder.setRenewalCount(0);
    builder.setStartTime(Instant.now().getEpochSecond());
    servletResponse.addHeader("Location", "/api/sessions/" + sessionId);
    final Session session = builder.build();
    // persist session in server-side data store
    final Token token = Token.generate(random, key, session.toByteArray());
    return token.serialise();
}

Example 2 with Session

use of com.macasaet.fernet.example.pb.Example.Session in project fernet-java8 by l0s.

the class ProtocolBuffersExampleIT method renew.

/**
 * Renew a session
 *
 * @param sessionId the existing session ID
 * @param tokenString a current valid Fernet token
 * @return a new Fernet token with the updated session state embedded
 */
@PUT
@Path("/api/sessions/{sessionId}/renewal")
public String renew(@PathParam("sessionId") final String sessionId, final String tokenString, @Context final HttpServletResponse servletResponse) {
    final Token inputToken = Token.fromString(tokenString);
    final Session session = inputToken.validateAndDecrypt(key, validator);
    if (!Objects.equals(sessionId, session.getSessionId())) {
        throw new BadRequestException("SessionID mismatch.");
    }
    final Instant lastRenewed = Instant.ofEpochSecond(session.getLastRenewalTime());
    if (session.hasLastRenewalTime() && lastRenewed.isAfter(Instant.now().minus(Duration.ofMinutes(1)))) {
        // prevent denial-of-service
        // if token was renewed less than a minute ago, tell the client to back off
        servletResponse.addHeader("Retry-After", "60");
        // Too Many Requests: https://tools.ietf.org/html/rfc6585#section-4
        throw new WebApplicationException("Try again in a minute", 429);
    }
    // check session validity in server-side data store
    // The token and session are valid, now update the session
    final Builder builder = Session.newBuilder(session);
    builder.setRenewalCount(session.getRenewalCount() + 1);
    builder.setLastRenewalTime(Instant.now().getEpochSecond());
    final Session updatedSession = builder.build();
    // update session in server-side data store
    // store the updated session in a new Fernet token
    final Token retval = Token.generate(random, key, updatedSession.toByteArray());
    return retval.serialise();
}

Example 3 with Session

use of com.macasaet.fernet.example.pb.Example.Session in project fernet-java8 by l0s.

the class ProtocolBuffersExampleIT method testRenewal.

@Test
public final void testRenewal() {
    // given
    final HttpServletResponse initialResponse = mock(HttpServletResponse.class);
    final String initialToken = createSession(initialResponse);
    verify(initialResponse).addHeader(eq("Location"), locationHeaderCaptor.capture());
    final String location = locationHeaderCaptor.getValue();
    final String sessionId = location.substring(location.lastIndexOf('/') + 1);
    // when
    final HttpServletResponse renewalResponse = mock(HttpServletResponse.class);
    final String subsequentToken = renew(sessionId, initialToken, renewalResponse);
    // then
    final Session result = Token.fromString(subsequentToken).validateAndDecrypt(key, validator);
    assertEquals(1, result.getRenewalCount());
    assertEquals(sessionId, result.getSessionId());
}