Examples with PersistentToken io.github.jhipster.sample.domain.PersistentToken used on opensource projects

Example 1 with PersistentToken

use of io.github.jhipster.sample.domain.PersistentToken in project jhipster-sample-app-dto by jhipster.

the class PersistentTokenRememberMeServices method logout.

/**
 * When logout occurs, only invalidate the current token, and not all user sessions.
 * <p>
 * The standard Spring Security implementations are too basic: they invalidate all tokens for the
 * current user, so when he logs out from one browser, all his other sessions are destroyed.
 */
@Override
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
    String rememberMeCookie = extractRememberMeCookie(request);
    if (rememberMeCookie != null && rememberMeCookie.length() != 0) {
        try {
            String[] cookieTokens = decodeCookie(rememberMeCookie);
            PersistentToken token = getPersistentToken(cookieTokens);
            persistentTokenRepository.delete(token);
        } catch (InvalidCookieException ice) {
            log.info("Invalid cookie, no persistent token could be deleted", ice);
        } catch (RememberMeAuthenticationException rmae) {
            log.debug("No persistent token found, so no token could be deleted", rmae);
        }
    }
    super.logout(request, response, authentication);
}

Example 2 with PersistentToken

use of io.github.jhipster.sample.domain.PersistentToken in project jhipster-sample-app-dto by jhipster.

the class AccountResourceIntTest method testGetCurrentSessions.

@Test
@Transactional
@WithMockUser("current-sessions")
public void testGetCurrentSessions() throws Exception {
    User user = new User();
    user.setPassword(RandomStringUtils.random(60));
    user.setLogin("current-sessions");
    user.setEmail("current-sessions@example.com");
    userRepository.saveAndFlush(user);
    PersistentToken token = new PersistentToken();
    token.setSeries("current-sessions");
    token.setUser(user);
    token.setTokenValue("current-session-data");
    token.setTokenDate(LocalDate.of(2017, 3, 23));
    token.setIpAddress("127.0.0.1");
    token.setUserAgent("Test agent");
    persistentTokenRepository.saveAndFlush(token);
    restMvc.perform(get("/api/account/sessions")).andExpect(status().isOk()).andExpect(jsonPath("$.[*].series").value(hasItem(token.getSeries()))).andExpect(jsonPath("$.[*].ipAddress").value(hasItem(token.getIpAddress()))).andExpect(jsonPath("$.[*].userAgent").value(hasItem(token.getUserAgent()))).andExpect(jsonPath("$.[*].tokenDate").value(hasItem(token.getTokenDate().toString())));
}

Example 3 with PersistentToken

use of io.github.jhipster.sample.domain.PersistentToken in project jhipster-sample-app-websocket by jhipster.

the class PersistentTokenRememberMeServices method logout.

/**
 * When logout occurs, only invalidate the current token, and not all user sessions.
 * <p>
 * The standard Spring Security implementations are too basic: they invalidate all tokens for the
 * current user, so when he logs out from one browser, all his other sessions are destroyed.
 */
@Override
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
    String rememberMeCookie = extractRememberMeCookie(request);
    if (rememberMeCookie != null && rememberMeCookie.length() != 0) {
        try {
            String[] cookieTokens = decodeCookie(rememberMeCookie);
            PersistentToken token = getPersistentToken(cookieTokens);
            persistentTokenRepository.delete(token);
        } catch (InvalidCookieException ice) {
            log.info("Invalid cookie, no persistent token could be deleted", ice);
        } catch (RememberMeAuthenticationException rmae) {
            log.debug("No persistent token found, so no token could be deleted", rmae);
        }
    }
    super.logout(request, response, authentication);
}

Example 4 with PersistentToken

use of io.github.jhipster.sample.domain.PersistentToken in project jhipster-sample-app-hazelcast by jhipster.

the class PersistentTokenRememberMeServices method processAutoLoginCookie.

@Override
protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request, HttpServletResponse response) {
    synchronized (this) {
        // prevent 2 authentication requests from the same user in parallel
        String login = null;
        UpgradedRememberMeToken upgradedToken = upgradedTokenCache.getIfPresent(cookieTokens[0]);
        if (upgradedToken != null) {
            login = upgradedToken.getUserLoginIfValidAndRecentUpgrade(cookieTokens);
            log.debug("Detected previously upgraded login token for user '{}'", login);
        }
        if (login == null) {
            PersistentToken token = getPersistentToken(cookieTokens);
            login = token.getUser().getLogin();
            // Token also matches, so login is valid. Update the token value, keeping the *same* series number.
            log.debug("Refreshing persistent login token for user '{}', series '{}'", login, token.getSeries());
            token.setTokenDate(LocalDate.now());
            token.setTokenValue(RandomUtil.generateTokenData());
            token.setIpAddress(request.getRemoteAddr());
            token.setUserAgent(request.getHeader("User-Agent"));
            try {
                persistentTokenRepository.saveAndFlush(token);
            } catch (DataAccessException e) {
                log.error("Failed to update token: ", e);
                throw new RememberMeAuthenticationException("Autologin failed due to data access problem", e);
            }
            addCookie(token, request, response);
            upgradedTokenCache.put(cookieTokens[0], new UpgradedRememberMeToken(cookieTokens, login));
        }
        return getUserDetailsService().loadUserByUsername(login);
    }
}

Example 5 with PersistentToken

use of io.github.jhipster.sample.domain.PersistentToken in project jhipster-sample-app-hazelcast by jhipster.

the class PersistentTokenRememberMeServices method onLoginSuccess.

@Override
protected void onLoginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication) {
    String login = successfulAuthentication.getName();
    log.debug("Creating new persistent login for user {}", login);
    PersistentToken token = userRepository.findOneByLogin(login).map(u -> {
        PersistentToken t = new PersistentToken();
        t.setSeries(RandomUtil.generateSeriesData());
        t.setUser(u);
        t.setTokenValue(RandomUtil.generateTokenData());
        t.setTokenDate(LocalDate.now());
        t.setIpAddress(request.getRemoteAddr());
        t.setUserAgent(request.getHeader("User-Agent"));
        return t;
    }).orElseThrow(() -> new UsernameNotFoundException("User " + login + " was not found in the database"));
    try {
        persistentTokenRepository.saveAndFlush(token);
        addCookie(token, request, response);
    } catch (DataAccessException e) {
        log.error("Failed to save persistent token ", e);
    }
}