use of org.keycloak.models.utils.ResetTimeOffsetEvent in project keycloak by keycloak.
the class UserSessionProviderOfflineModelTest method testLoadUserSessionsWithNotDeletedOfflineClientSessions.
@Test
public void testLoadUserSessionsWithNotDeletedOfflineClientSessions() {
// Suspend periodic tasks to avoid race-conditions, which may cause missing updates of lastSessionRefresh times to UserSessionPersisterProvider
TimerProvider timer = kcSession.getProvider(TimerProvider.class);
TimerProvider.TimerTaskContext timerTaskCtx = null;
if (timer != null) {
timerTaskCtx = timer.cancelTask(PersisterLastSessionRefreshStoreFactory.DB_LSR_PERIODIC_TASK_NAME);
log.info("Cancelled periodic task " + PersisterLastSessionRefreshStoreFactory.DB_LSR_PERIODIC_TASK_NAME);
}
InfinispanTestUtil.setTestingTimeService(kcSession);
try {
UserSessionModel[] origSessions = inComittedTransaction(session -> {
// Create some online sessions in infinispan
return UserSessionPersisterProviderTest.createSessions(session, realmId);
});
inComittedTransaction(session -> {
RealmModel realm = session.realms().getRealm(realmId);
sessionManager = new UserSessionManager(session);
persister = session.getProvider(UserSessionPersisterProvider.class);
session.sessions().getUserSessionsStream(realm, realm.getClientByClientId("test-app")).collect(Collectors.toList()).forEach(userSession -> createOfflineSessionIncludeClientSessions(session, userSession));
});
log.info("Persisted 3 sessions to UserSessionPersisterProvider");
inComittedTransaction(session -> {
persister = session.getProvider(UserSessionPersisterProvider.class);
Assert.assertEquals(3, persister.getUserSessionsCount(true));
});
inComittedTransaction(session -> {
RealmModel realm = session.realms().getRealm(realmId);
persister = session.getProvider(UserSessionPersisterProvider.class);
// Expire everything except offline client sessions
Time.setOffset(7000000);
persister.removeExpired(realm);
});
inComittedTransaction(session -> {
RealmModel realm = session.realms().getRealm(realmId);
sessionManager = new UserSessionManager(session);
persister = session.getProvider(UserSessionPersisterProvider.class);
Assert.assertEquals(0, persister.getUserSessionsCount(true));
// create two offline user sessions
UserSessionModel userSession = session.sessions().createUserSession(realm, session.users().getUserByUsername(realm, "user1"), "user1", "ip1", null, false, null, null);
session.sessions().createOfflineUserSession(userSession);
session.sessions().createOfflineUserSession(origSessions[0]);
// try to load user session from persister
Assert.assertEquals(2, persister.loadUserSessionsStream(0, 10, true, "00000000-0000-0000-0000-000000000000").count());
});
} finally {
Time.setOffset(0);
kcSession.getKeycloakSessionFactory().publish(new ResetTimeOffsetEvent());
if (timer != null) {
timer.schedule(timerTaskCtx.getRunnable(), timerTaskCtx.getIntervalMillis(), PersisterLastSessionRefreshStoreFactory.DB_LSR_PERIODIC_TASK_NAME);
}
InfinispanTestUtil.revertTimeService();
}
}
use of org.keycloak.models.utils.ResetTimeOffsetEvent in project keycloak by keycloak.
the class UserSessionProviderModelTest method testExpiredClientSessions.
@Test
public void testExpiredClientSessions() {
// Suspend periodic tasks to avoid race-conditions, which may cause missing updates of lastSessionRefresh times to UserSessionPersisterProvider
TimerProvider timer = kcSession.getProvider(TimerProvider.class);
TimerProvider.TimerTaskContext timerTaskCtx = null;
if (timer != null) {
timerTaskCtx = timer.cancelTask(PersisterLastSessionRefreshStoreFactory.DB_LSR_PERIODIC_TASK_NAME);
log.info("Cancelled periodic task " + PersisterLastSessionRefreshStoreFactory.DB_LSR_PERIODIC_TASK_NAME);
InfinispanTestUtil.setTestingTimeService(kcSession);
}
try {
UserSessionModel[] origSessions = inComittedTransaction(session -> {
// create some user and client sessions
return createSessions(session, realmId);
});
AtomicReference<List<String>> clientSessionIds = new AtomicReference<>();
clientSessionIds.set(origSessions[0].getAuthenticatedClientSessions().values().stream().map(AuthenticatedClientSessionModel::getId).collect(Collectors.toList()));
inComittedTransaction(session -> {
RealmModel realm = session.realms().getRealm(realmId);
UserSessionModel userSession = session.sessions().getUserSession(realm, origSessions[0].getId());
Assert.assertEquals(origSessions[0], userSession);
AuthenticatedClientSessionModel clientSession = session.sessions().getClientSession(userSession, realm.getClientByClientId("test-app"), origSessions[0].getAuthenticatedClientSessionByClient(realm.getClientByClientId("test-app").getId()).getId(), false);
Assert.assertEquals(origSessions[0].getAuthenticatedClientSessionByClient(realm.getClientByClientId("test-app").getId()).getId(), clientSession.getId());
userSession = session.sessions().getUserSession(realm, origSessions[1].getId());
Assert.assertEquals(origSessions[1], userSession);
});
// not possible to expire client session without expiring user sessions with time offset in map storage because
// expiration in map storage takes min of (clientSessionIdleExpiration, ssoSessionIdleTimeout)
inComittedTransaction(session -> {
if (session.getProvider(UserSessionProvider.class) instanceof MapUserSessionProvider) {
RealmModel realm = session.realms().getRealm(realmId);
UserSessionModel userSession = session.sessions().getUserSession(realm, origSessions[0].getId());
userSession.getAuthenticatedClientSessions().values().stream().forEach(clientSession -> {
// expire client sessions
clientSession.setTimestamp(1);
});
} else {
Time.setOffset(1000);
}
});
inComittedTransaction(session -> {
RealmModel realm = session.realms().getRealm(realmId);
// assert the user session is still there
UserSessionModel userSession = session.sessions().getUserSession(realm, origSessions[0].getId());
Assert.assertEquals(origSessions[0], userSession);
// assert the client sessions are expired
clientSessionIds.get().forEach(clientSessionId -> {
Assert.assertNull(session.sessions().getClientSession(userSession, realm.getClientByClientId("test-app"), clientSessionId, false));
Assert.assertNull(session.sessions().getClientSession(userSession, realm.getClientByClientId("third-party"), clientSessionId, false));
});
});
} finally {
Time.setOffset(0);
kcSession.getKeycloakSessionFactory().publish(new ResetTimeOffsetEvent());
if (timer != null && timerTaskCtx != null) {
timer.schedule(timerTaskCtx.getRunnable(), timerTaskCtx.getIntervalMillis(), PersisterLastSessionRefreshStoreFactory.DB_LSR_PERIODIC_TASK_NAME);
InfinispanTestUtil.revertTimeService();
}
}
}
use of org.keycloak.models.utils.ResetTimeOffsetEvent in project keycloak by keycloak.
the class UserSessionProviderTest method testRemoveUserSessionsByExpired.
@Test
@ModelTest
public void testRemoveUserSessionsByExpired(KeycloakSession session) {
try {
RealmModel realm = session.realms().getRealmByName("test");
ClientModel client = realm.getClientByClientId("test-app");
Set<String> validUserSessions = new HashSet<>();
Set<String> validClientSessions = new HashSet<>();
Set<String> expiredUserSessions = new HashSet<>();
// create an user session that is older than the max lifespan timeout.
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> {
Time.setOffset(-(realm.getSsoSessionMaxLifespan() + 1));
UserSessionModel userSession = session1.sessions().createUserSession(realm, session1.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", false, null, null);
expiredUserSessions.add(userSession.getId());
AuthenticatedClientSessionModel clientSession = session1.sessions().createClientSession(realm, client, userSession);
assertEquals(userSession, clientSession.getUserSession());
});
// create an user session whose last refresh exceeds the max session idle timeout.
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> {
Time.setOffset(-(realm.getSsoSessionIdleTimeout() + SessionTimeoutHelper.PERIODIC_CLEANER_IDLE_TIMEOUT_WINDOW_SECONDS + 1));
UserSessionModel s = session1.sessions().createUserSession(realm, session1.users().getUserByUsername(realm, "user2"), "user2", "127.0.0.1", "form", false, null, null);
// no need to explicitly set the last refresh time - it is the same as the creation time.
expiredUserSessions.add(s.getId());
});
// create an user session and associated client session that conforms to the max lifespan and max idle timeouts.
Time.setOffset(0);
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> {
UserSessionModel userSession = session1.sessions().createUserSession(realm, session1.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", false, null, null);
validUserSessions.add(userSession.getId());
validClientSessions.add(session1.sessions().createClientSession(realm, client, userSession).getId());
});
// remove the expired sessions - we expect the first two sessions to have been removed as they either expired the max lifespan or the session idle timeouts.
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> session1.sessions().removeExpired(realm));
for (String e : expiredUserSessions) {
assertNull(session.sessions().getUserSession(realm, e));
}
for (String v : validUserSessions) {
UserSessionModel userSessionLoaded = session.sessions().getUserSession(realm, v);
assertNotNull(userSessionLoaded);
// the only valid user session should also have a valid client session that hasn't expired.
AuthenticatedClientSessionModel clientSessionModel = userSessionLoaded.getAuthenticatedClientSessions().get(client.getId());
assertNotNull(clientSessionModel);
assertTrue(validClientSessions.contains(clientSessionModel.getId()));
}
} finally {
Time.setOffset(0);
session.getKeycloakSessionFactory().publish(new ResetTimeOffsetEvent());
}
}
use of org.keycloak.models.utils.ResetTimeOffsetEvent in project keycloak by keycloak.
the class UserSessionProviderTest method testRemovingExpiredSession.
// KEYCLOAK-2508
@Test
@ModelTest
public void testRemovingExpiredSession(KeycloakSession session) {
UserSessionModel[] sessions = createSessions(session);
try {
Time.setOffset(3600000);
UserSessionModel userSession = sessions[0];
RealmModel realm = userSession.getRealm();
session.sessions().removeExpired(realm);
// Assert no exception is thrown here
session.sessions().removeUserSession(realm, userSession);
} finally {
Time.setOffset(0);
session.getKeycloakSessionFactory().publish(new ResetTimeOffsetEvent());
}
}
use of org.keycloak.models.utils.ResetTimeOffsetEvent in project keycloak by keycloak.
the class TestingResourceProvider method setTimeOffset.
@PUT
@Path("/time-offset")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Map<String, String> setTimeOffset(Map<String, String> time) {
int offset = Integer.parseInt(time.get("offset"));
Time.setOffset(offset);
// Time offset was restarted
if (offset == 0) {
session.getKeycloakSessionFactory().publish(new ResetTimeOffsetEvent());
}
return getTimeOffset();
}
Aggregations