Search in sources :

Example 6 with ResetTimeOffsetEvent

use of org.keycloak.models.utils.ResetTimeOffsetEvent in project keycloak by keycloak.

the class UserSessionProviderOfflineModelTest method testLoadUserSessionsWithNotDeletedOfflineClientSessions.

@Test
public void testLoadUserSessionsWithNotDeletedOfflineClientSessions() {
    // Suspend periodic tasks to avoid race-conditions, which may cause missing updates of lastSessionRefresh times to UserSessionPersisterProvider
    TimerProvider timer = kcSession.getProvider(TimerProvider.class);
    TimerProvider.TimerTaskContext timerTaskCtx = null;
    if (timer != null) {
        timerTaskCtx = timer.cancelTask(PersisterLastSessionRefreshStoreFactory.DB_LSR_PERIODIC_TASK_NAME);
        log.info("Cancelled periodic task " + PersisterLastSessionRefreshStoreFactory.DB_LSR_PERIODIC_TASK_NAME);
    }
    InfinispanTestUtil.setTestingTimeService(kcSession);
    try {
        UserSessionModel[] origSessions = inComittedTransaction(session -> {
            // Create some online sessions in infinispan
            return UserSessionPersisterProviderTest.createSessions(session, realmId);
        });
        inComittedTransaction(session -> {
            RealmModel realm = session.realms().getRealm(realmId);
            sessionManager = new UserSessionManager(session);
            persister = session.getProvider(UserSessionPersisterProvider.class);
            session.sessions().getUserSessionsStream(realm, realm.getClientByClientId("test-app")).collect(Collectors.toList()).forEach(userSession -> createOfflineSessionIncludeClientSessions(session, userSession));
        });
        log.info("Persisted 3 sessions to UserSessionPersisterProvider");
        inComittedTransaction(session -> {
            persister = session.getProvider(UserSessionPersisterProvider.class);
            Assert.assertEquals(3, persister.getUserSessionsCount(true));
        });
        inComittedTransaction(session -> {
            RealmModel realm = session.realms().getRealm(realmId);
            persister = session.getProvider(UserSessionPersisterProvider.class);
            // Expire everything except offline client sessions
            Time.setOffset(7000000);
            persister.removeExpired(realm);
        });
        inComittedTransaction(session -> {
            RealmModel realm = session.realms().getRealm(realmId);
            sessionManager = new UserSessionManager(session);
            persister = session.getProvider(UserSessionPersisterProvider.class);
            Assert.assertEquals(0, persister.getUserSessionsCount(true));
            // create two offline user sessions
            UserSessionModel userSession = session.sessions().createUserSession(realm, session.users().getUserByUsername(realm, "user1"), "user1", "ip1", null, false, null, null);
            session.sessions().createOfflineUserSession(userSession);
            session.sessions().createOfflineUserSession(origSessions[0]);
            // try to load user session from persister
            Assert.assertEquals(2, persister.loadUserSessionsStream(0, 10, true, "00000000-0000-0000-0000-000000000000").count());
        });
    } finally {
        Time.setOffset(0);
        kcSession.getKeycloakSessionFactory().publish(new ResetTimeOffsetEvent());
        if (timer != null) {
            timer.schedule(timerTaskCtx.getRunnable(), timerTaskCtx.getIntervalMillis(), PersisterLastSessionRefreshStoreFactory.DB_LSR_PERIODIC_TASK_NAME);
        }
        InfinispanTestUtil.revertTimeService();
    }
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserSessionManager(org.keycloak.services.managers.UserSessionManager) UserSessionModel(org.keycloak.models.UserSessionModel) UserSessionPersisterProvider(org.keycloak.models.session.UserSessionPersisterProvider) ResetTimeOffsetEvent(org.keycloak.models.utils.ResetTimeOffsetEvent) TimerProvider(org.keycloak.timer.TimerProvider) Test(org.junit.Test) KeycloakModelTest(org.keycloak.testsuite.model.KeycloakModelTest)

Example 7 with ResetTimeOffsetEvent

use of org.keycloak.models.utils.ResetTimeOffsetEvent in project keycloak by keycloak.

the class UserSessionProviderModelTest method testExpiredClientSessions.

@Test
public void testExpiredClientSessions() {
    // Suspend periodic tasks to avoid race-conditions, which may cause missing updates of lastSessionRefresh times to UserSessionPersisterProvider
    TimerProvider timer = kcSession.getProvider(TimerProvider.class);
    TimerProvider.TimerTaskContext timerTaskCtx = null;
    if (timer != null) {
        timerTaskCtx = timer.cancelTask(PersisterLastSessionRefreshStoreFactory.DB_LSR_PERIODIC_TASK_NAME);
        log.info("Cancelled periodic task " + PersisterLastSessionRefreshStoreFactory.DB_LSR_PERIODIC_TASK_NAME);
        InfinispanTestUtil.setTestingTimeService(kcSession);
    }
    try {
        UserSessionModel[] origSessions = inComittedTransaction(session -> {
            // create some user and client sessions
            return createSessions(session, realmId);
        });
        AtomicReference<List<String>> clientSessionIds = new AtomicReference<>();
        clientSessionIds.set(origSessions[0].getAuthenticatedClientSessions().values().stream().map(AuthenticatedClientSessionModel::getId).collect(Collectors.toList()));
        inComittedTransaction(session -> {
            RealmModel realm = session.realms().getRealm(realmId);
            UserSessionModel userSession = session.sessions().getUserSession(realm, origSessions[0].getId());
            Assert.assertEquals(origSessions[0], userSession);
            AuthenticatedClientSessionModel clientSession = session.sessions().getClientSession(userSession, realm.getClientByClientId("test-app"), origSessions[0].getAuthenticatedClientSessionByClient(realm.getClientByClientId("test-app").getId()).getId(), false);
            Assert.assertEquals(origSessions[0].getAuthenticatedClientSessionByClient(realm.getClientByClientId("test-app").getId()).getId(), clientSession.getId());
            userSession = session.sessions().getUserSession(realm, origSessions[1].getId());
            Assert.assertEquals(origSessions[1], userSession);
        });
        // not possible to expire client session without expiring user sessions with time offset in map storage because
        // expiration in map storage takes min of (clientSessionIdleExpiration, ssoSessionIdleTimeout)
        inComittedTransaction(session -> {
            if (session.getProvider(UserSessionProvider.class) instanceof MapUserSessionProvider) {
                RealmModel realm = session.realms().getRealm(realmId);
                UserSessionModel userSession = session.sessions().getUserSession(realm, origSessions[0].getId());
                userSession.getAuthenticatedClientSessions().values().stream().forEach(clientSession -> {
                    // expire client sessions
                    clientSession.setTimestamp(1);
                });
            } else {
                Time.setOffset(1000);
            }
        });
        inComittedTransaction(session -> {
            RealmModel realm = session.realms().getRealm(realmId);
            // assert the user session is still there
            UserSessionModel userSession = session.sessions().getUserSession(realm, origSessions[0].getId());
            Assert.assertEquals(origSessions[0], userSession);
            // assert the client sessions are expired
            clientSessionIds.get().forEach(clientSessionId -> {
                Assert.assertNull(session.sessions().getClientSession(userSession, realm.getClientByClientId("test-app"), clientSessionId, false));
                Assert.assertNull(session.sessions().getClientSession(userSession, realm.getClientByClientId("third-party"), clientSessionId, false));
            });
        });
    } finally {
        Time.setOffset(0);
        kcSession.getKeycloakSessionFactory().publish(new ResetTimeOffsetEvent());
        if (timer != null && timerTaskCtx != null) {
            timer.schedule(timerTaskCtx.getRunnable(), timerTaskCtx.getIntervalMillis(), PersisterLastSessionRefreshStoreFactory.DB_LSR_PERIODIC_TASK_NAME);
            InfinispanTestUtil.revertTimeService();
        }
    }
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserSessionProvider(org.keycloak.models.UserSessionProvider) MapUserSessionProvider(org.keycloak.models.map.userSession.MapUserSessionProvider) UserSessionModel(org.keycloak.models.UserSessionModel) ResetTimeOffsetEvent(org.keycloak.models.utils.ResetTimeOffsetEvent) AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel) MapUserSessionProvider(org.keycloak.models.map.userSession.MapUserSessionProvider) TimerProvider(org.keycloak.timer.TimerProvider) List(java.util.List) AtomicReference(java.util.concurrent.atomic.AtomicReference) Test(org.junit.Test) KeycloakModelTest(org.keycloak.testsuite.model.KeycloakModelTest)

Example 8 with ResetTimeOffsetEvent

use of org.keycloak.models.utils.ResetTimeOffsetEvent in project keycloak by keycloak.

the class UserSessionProviderTest method testRemoveUserSessionsByExpired.

@Test
@ModelTest
public void testRemoveUserSessionsByExpired(KeycloakSession session) {
    try {
        RealmModel realm = session.realms().getRealmByName("test");
        ClientModel client = realm.getClientByClientId("test-app");
        Set<String> validUserSessions = new HashSet<>();
        Set<String> validClientSessions = new HashSet<>();
        Set<String> expiredUserSessions = new HashSet<>();
        // create an user session that is older than the max lifespan timeout.
        KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> {
            Time.setOffset(-(realm.getSsoSessionMaxLifespan() + 1));
            UserSessionModel userSession = session1.sessions().createUserSession(realm, session1.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", false, null, null);
            expiredUserSessions.add(userSession.getId());
            AuthenticatedClientSessionModel clientSession = session1.sessions().createClientSession(realm, client, userSession);
            assertEquals(userSession, clientSession.getUserSession());
        });
        // create an user session whose last refresh exceeds the max session idle timeout.
        KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> {
            Time.setOffset(-(realm.getSsoSessionIdleTimeout() + SessionTimeoutHelper.PERIODIC_CLEANER_IDLE_TIMEOUT_WINDOW_SECONDS + 1));
            UserSessionModel s = session1.sessions().createUserSession(realm, session1.users().getUserByUsername(realm, "user2"), "user2", "127.0.0.1", "form", false, null, null);
            // no need to explicitly set the last refresh time - it is the same as the creation time.
            expiredUserSessions.add(s.getId());
        });
        // create an user session and associated client session that conforms to the max lifespan and max idle timeouts.
        Time.setOffset(0);
        KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> {
            UserSessionModel userSession = session1.sessions().createUserSession(realm, session1.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", false, null, null);
            validUserSessions.add(userSession.getId());
            validClientSessions.add(session1.sessions().createClientSession(realm, client, userSession).getId());
        });
        // remove the expired sessions - we expect the first two sessions to have been removed as they either expired the max lifespan or the session idle timeouts.
        KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> session1.sessions().removeExpired(realm));
        for (String e : expiredUserSessions) {
            assertNull(session.sessions().getUserSession(realm, e));
        }
        for (String v : validUserSessions) {
            UserSessionModel userSessionLoaded = session.sessions().getUserSession(realm, v);
            assertNotNull(userSessionLoaded);
            // the only valid user session should also have a valid client session that hasn't expired.
            AuthenticatedClientSessionModel clientSessionModel = userSessionLoaded.getAuthenticatedClientSessions().get(client.getId());
            assertNotNull(clientSessionModel);
            assertTrue(validClientSessions.contains(clientSessionModel.getId()));
        }
    } finally {
        Time.setOffset(0);
        session.getKeycloakSessionFactory().publish(new ResetTimeOffsetEvent());
    }
}
Also used : RealmModel(org.keycloak.models.RealmModel) ClientModel(org.keycloak.models.ClientModel) UserSessionModel(org.keycloak.models.UserSessionModel) ResetTimeOffsetEvent(org.keycloak.models.utils.ResetTimeOffsetEvent) KeycloakSession(org.keycloak.models.KeycloakSession) AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel) HashSet(java.util.HashSet) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 9 with ResetTimeOffsetEvent

use of org.keycloak.models.utils.ResetTimeOffsetEvent in project keycloak by keycloak.

the class UserSessionProviderTest method testRemovingExpiredSession.

// KEYCLOAK-2508
@Test
@ModelTest
public void testRemovingExpiredSession(KeycloakSession session) {
    UserSessionModel[] sessions = createSessions(session);
    try {
        Time.setOffset(3600000);
        UserSessionModel userSession = sessions[0];
        RealmModel realm = userSession.getRealm();
        session.sessions().removeExpired(realm);
        // Assert no exception is thrown here
        session.sessions().removeUserSession(realm, userSession);
    } finally {
        Time.setOffset(0);
        session.getKeycloakSessionFactory().publish(new ResetTimeOffsetEvent());
    }
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserSessionModel(org.keycloak.models.UserSessionModel) ResetTimeOffsetEvent(org.keycloak.models.utils.ResetTimeOffsetEvent) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 10 with ResetTimeOffsetEvent

use of org.keycloak.models.utils.ResetTimeOffsetEvent in project keycloak by keycloak.

the class TestingResourceProvider method setTimeOffset.

@PUT
@Path("/time-offset")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Map<String, String> setTimeOffset(Map<String, String> time) {
    int offset = Integer.parseInt(time.get("offset"));
    Time.setOffset(offset);
    // Time offset was restarted
    if (offset == 0) {
        session.getKeycloakSessionFactory().publish(new ResetTimeOffsetEvent());
    }
    return getTimeOffset();
}
Also used : ResetTimeOffsetEvent(org.keycloak.models.utils.ResetTimeOffsetEvent) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) PUT(javax.ws.rs.PUT)

Aggregations

ResetTimeOffsetEvent (org.keycloak.models.utils.ResetTimeOffsetEvent)10 Test (org.junit.Test)8 RealmModel (org.keycloak.models.RealmModel)7 UserSessionModel (org.keycloak.models.UserSessionModel)7 KeycloakSession (org.keycloak.models.KeycloakSession)5 AuthenticatedClientSessionModel (org.keycloak.models.AuthenticatedClientSessionModel)4 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)4 ModelTest (org.keycloak.testsuite.arquillian.annotation.ModelTest)4 KeycloakModelTest (org.keycloak.testsuite.model.KeycloakModelTest)4 HashSet (java.util.HashSet)3 AtomicReference (java.util.concurrent.atomic.AtomicReference)3 ClientModel (org.keycloak.models.ClientModel)3 UserSessionProvider (org.keycloak.models.UserSessionProvider)3 UserSessionPersisterProvider (org.keycloak.models.session.UserSessionPersisterProvider)3 TimerProvider (org.keycloak.timer.TimerProvider)3 List (java.util.List)2 UserModel (org.keycloak.models.UserModel)2 UserSessionManager (org.keycloak.services.managers.UserSessionManager)2 HashMap (java.util.HashMap)1 LinkedList (java.util.LinkedList)1