Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KNOX-3018 - Tokens that never expire should not be evicted automatically and their expiration should be displayed properly #878

Merged
merged 1 commit into from
Mar 12, 2024
+15 −10
Merged

KNOX-3018 - Tokens that never expire should not be evicted automatically and their expiration should be displayed properly #878

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions ...r/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -392,9 +392,10 @@ protected Set<String> getExpiredTokens() {
* @return true, if the associated token state can be evicted; Otherwise, false.
*/
protected boolean needsEviction(final String tokenId) throws UnknownTokenException {
final long tokenExpiration = getTokenExpiration(tokenId, false);
// If the expiration time(+ grace period) has already passed, it should be considered expired
long expirationWithGrace = getTokenExpiration(tokenId, false) + TimeUnit.SECONDS.toMillis(tokenEvictionGracePeriod);
return (expirationWithGrace <= System.currentTimeMillis());
long expirationWithGrace = tokenExpiration + TimeUnit.SECONDS.toMillis(tokenEvictionGracePeriod);
return tokenExpiration > 0 && (expirationWithGrace <= System.currentTimeMillis());
}

/**
Expand Down
4 changes: 2 additions & 2 deletions ...-server/src/main/java/org/apache/knox/gateway/services/token/impl/TokenStateDatabase.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,8 @@ public class TokenStateDatabase {
static final String TOKEN_METADATA_TABLE_NAME = "KNOX_TOKEN_METADATA";
private static final String ADD_TOKEN_SQL = "INSERT INTO " + TOKENS_TABLE_NAME + "(token_id, issue_time, expiration, max_lifetime) VALUES(?, ?, ?, ?)";
private static final String REMOVE_TOKEN_SQL = "DELETE FROM " + TOKENS_TABLE_NAME + " WHERE token_id = ?";
private static final String GET_EXPIRED_TOKENS_SQL = "SELECT token_id FROM " + TOKENS_TABLE_NAME + " WHERE expiration < ?";
private static final String REMOVE_EXPIRED_TOKENS_SQL = "DELETE FROM " + TOKENS_TABLE_NAME + " WHERE expiration < ?";
private static final String GET_EXPIRED_TOKENS_SQL = "SELECT token_id FROM " + TOKENS_TABLE_NAME + " WHERE expiration < ? AND expiration > 0";
private static final String REMOVE_EXPIRED_TOKENS_SQL = "DELETE FROM " + TOKENS_TABLE_NAME + " WHERE expiration < ? AND expiration > 0";
static final String GET_TOKEN_ISSUE_TIME_SQL = "SELECT issue_time FROM " + TOKENS_TABLE_NAME + " WHERE token_id = ?";
static final String GET_TOKEN_EXPIRATION_SQL = "SELECT expiration FROM " + TOKENS_TABLE_NAME + " WHERE token_id = ?";
private static final String UPDATE_TOKEN_EXPIRATION_SQL = "UPDATE " + TOKENS_TABLE_NAME + " SET expiration = ? WHERE token_id = ?";
Expand Down
8 changes: 6 additions & 2 deletions .../src/test/java/org/apache/knox/gateway/services/token/impl/JDBCTokenStateServiceTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -260,9 +260,13 @@ public void testEvictExpiredTokens() throws Exception {
final String tokenId = UUID.randomUUID().toString();
jdbcTokenStateService.addToken(tokenId, 1, 1, 1);
}
assertEquals(tokenCount, getLongTokenAttributeFromDatabase(null, GET_TOKENS_COUNT_SQL));

//add another token that never expires
jdbcTokenStateService.addToken(UUID.randomUUID().toString(), 1, -1, 1);

assertEquals(tokenCount + 1, getLongTokenAttributeFromDatabase(null, GET_TOKENS_COUNT_SQL));
jdbcTokenStateService.evictExpiredTokens();
assertEquals(0, getLongTokenAttributeFromDatabase(null, GET_TOKENS_COUNT_SQL));
assertEquals(1, getLongTokenAttributeFromDatabase(null, GET_TOKENS_COUNT_SQL)); //the one that never expires should remain
}

private long getLongTokenAttributeFromDatabase(String tokenId, String sql) throws SQLException {
Expand Down
2 changes: 1 addition & 1 deletion gateway-spi/src/main/java/org/apache/knox/gateway/services/security/token/KnoxToken.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ public long getIssueTimeLong() {
}

public String getExpiration() {
return KNOX_TOKEN_TS_FORMAT.get().format(new Date(expiration));
return expiration < 0 ? "Never" : KNOX_TOKEN_TS_FORMAT.get().format(new Date(expiration));
}

public long getExpirationLong() {
Expand Down
2 changes: 1 addition & 1 deletion knox-token-generation-ui/token-generation/app/token-generation.service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ export class TokenGenService {
accessToken: tokenData.access_token,
user: jwtJson.sub,
accessPasscode: tokenData.passcode,
expiry: new Date(tokenData.expires_in).toLocaleString(),
expiry: tokenData.expires_in < 0 ? 'Never expires' : new Date(tokenData.expires_in).toLocaleString(),
homepageURL: this.baseURL + tokenData.homepage_url,
targetURL: window.location.protocol + '//' + window.location.host + this.baseURL + tokenData.target_url
};
Expand Down
4 changes: 2 additions & 2 deletions knox-token-management-ui/token-management/app/token.management.component.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,11 +196,11 @@ export class TokenManagementComponent implements OnInit {
}

formatDateTime(dateTime: number) {
return new Date(dateTime).toLocaleString();
return dateTime < 0 ? 'Never' : new Date(dateTime).toLocaleString();
}

isTokenExpired(expiration: number): boolean {
return Date.now() > expiration;
return expiration < 0 ? false : Date.now() > expiration;
}

getExpirationColor(expiration: number): string {
Expand Down
Loading