use of com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration in project zm-mailbox by Zimbra.
the class CsrfTokenConverter method convert.
@Override
public EphemeralInput convert(String attrName, Object ldapValue) {
String ldapValueStr = (String) ldapValue;
String[] parts = ldapValueStr.split(":");
if (parts.length != 3) {
ZimbraLog.ephemeral.warn("CSRF auth token %s cannot be parsed", ldapValueStr);
return null;
}
String data = parts[0];
String crumb = parts[1];
Long expirationMillis;
try {
expirationMillis = Long.parseLong(parts[2]);
} catch (NumberFormatException e) {
ZimbraLog.ephemeral.warn("CSRF auth token %s does not have a valid expiration value", ldapValueStr);
return null;
}
EphemeralKey key = new EphemeralKey(attrName, crumb);
EphemeralInput input = new EphemeralInput(key, data);
Expiration expiration = new AbsoluteExpiration(expirationMillis);
input.setExpiration(expiration);
return input;
}
use of com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration in project zm-mailbox by Zimbra.
the class LdapEphemeralStoreTest method testInvalidToken.
private void testInvalidToken(String attrName, String expected) throws Exception {
EphemeralLocation target = new TestLocation();
//sanity check: make sure a valid token works
EphemeralKey key = new EphemeralKey(attrName, "dynamicPart");
EphemeralInput input = new EphemeralInput(key, "validToken");
input.setExpiration(new AbsoluteExpiration(1000));
store.set(input, target);
EphemeralResult result = store.get(key, target);
assertEquals(result.getValue(), "validToken");
helper.reset();
//no expiration will result in an invalid auth/CSRF token
key = new EphemeralKey(attrName, "dynamicPart");
store.set(new EphemeralInput(key, "value"), target);
helper.reset();
result = store.get(key, target);
//the invalid token is not returned
assertTrue(result.isEmpty());
//but is instead flagged for deletion
verifyAttrMap(makeMap("-" + attrName, expected));
}
use of com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration in project zm-mailbox by Zimbra.
the class AttributeEncodersTest method testValueEncoders.
@Test
public void testValueEncoders() throws Exception {
EphemeralLocation location = new TestLocation();
EphemeralKey staticKey = new EphemeralKey("foo");
EphemeralKey dynamicKey = new EphemeralKey("foo", "1");
ValueEncoder dynamicExpirationEncoder = new DynamicExpirationValueEncoder();
EphemeralInput staticInput = new EphemeralInput(staticKey, "bar");
EphemeralInput dynamicInput = new EphemeralInput(dynamicKey, "bar");
//static key, no expiration
assertEquals("bar", dynamicExpirationEncoder.encodeValue(staticInput, location));
//dynamic key, no expiration
assertEquals("bar|1|", dynamicExpirationEncoder.encodeValue(dynamicInput, location));
//set expirations
staticInput.setExpiration(new AbsoluteExpiration(1000L));
dynamicInput.setExpiration(new AbsoluteExpiration(1000L));
//static key, expiration
assertEquals("bar||1000", dynamicExpirationEncoder.encodeValue(staticInput, location));
//dynamic key, expiration
assertEquals("bar|1|1000", dynamicExpirationEncoder.encodeValue(dynamicInput, location));
//test special handling of auth and CSRF token encoding for LDAP backwards compatibility
ValueEncoder ldapValueEncoder = new LdapValueEncoder();
EphemeralKey authKey = new EphemeralKey(Provisioning.A_zimbraAuthTokens, "tokenId");
EphemeralInput authInput = new EphemeralInput(authKey, "serverVersion");
authInput.setExpiration(new AbsoluteExpiration(1000L));
assertEquals("tokenId|1000|serverVersion", ldapValueEncoder.encodeValue(authInput, location));
EphemeralKey csrfKey = new EphemeralKey(Provisioning.A_zimbraCsrfTokenData, "crumb");
EphemeralInput csrfInput = new EphemeralInput(csrfKey, "data");
csrfInput.setExpiration(new AbsoluteExpiration(1000L));
assertEquals("data:crumb:1000", ldapValueEncoder.encodeValue(csrfInput, location));
}
use of com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration in project zm-mailbox by Zimbra.
the class AuthTokenConverter method convert.
@Override
public EphemeralInput convert(String attrName, Object ldapValue) {
String ldapValueStr = (String) ldapValue;
String[] parts = ldapValueStr.split("\\|");
if (parts.length != 3) {
ZimbraLog.ephemeral.warn("LDAP auth token %s cannot be parsed", ldapValueStr);
return null;
}
String token = parts[0];
Long expirationMillis;
try {
expirationMillis = Long.parseLong(parts[1]);
} catch (NumberFormatException e) {
ZimbraLog.ephemeral.warn("LDAP auth token %s does not have a valid expiration value", ldapValueStr);
return null;
}
String serverVersion = parts[2];
EphemeralKey key = new EphemeralKey(attrName, token);
EphemeralInput input = new EphemeralInput(key, serverVersion);
Expiration expiration = new AbsoluteExpiration(expirationMillis);
input.setExpiration(expiration);
return input;
}
use of com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration in project zm-mailbox by Zimbra.
the class CsrfUtil method storeTokenData.
/**
*
* @param tokenSalt
* @param accountId
* @param authTokenExpiration
* @param crumb
* @throws ServiceException
*/
private static void storeTokenData(String data, AuthToken authToken, long authTokenExpiration, String crumb) throws ServiceException {
Account account = getAccount(authToken, Boolean.TRUE);
if (account != null) {
Expiration expiration = new AbsoluteExpiration(authTokenExpiration);
boolean needToAdd = true;
String curData = account.getCsrfTokenData(crumb);
if (curData != null) {
if (!data.equals(curData)) {
account.removeCsrfTokenData(crumb, curData);
} else {
ZimbraLog.ephemeral.debug("CSRF token already stored in ephemeral storage");
needToAdd = false;
}
}
if (needToAdd) {
account.addCsrfTokenData(crumb, data, expiration);
}
}
}
Aggregations