From d1ff789be34b1c3927dccd15f057e5f48c91a22e Mon Sep 17 00:00:00 2001 From: Diego Date: Sat, 8 Jun 2024 14:50:33 -0300 Subject: [PATCH 1/2] fix: ajustando tempo dos tokens e armazenamento do refreshtoken no cookie --- src/main/java/api/educai/controllers/UserController.java | 8 ++++++-- src/main/java/api/educai/services/token/RefreshToken.java | 8 ++++---- src/main/java/api/educai/services/token/Token.java | 8 ++++---- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/src/main/java/api/educai/controllers/UserController.java b/src/main/java/api/educai/controllers/UserController.java index 2a87a08..aec3538 100644 --- a/src/main/java/api/educai/controllers/UserController.java +++ b/src/main/java/api/educai/controllers/UserController.java @@ -49,8 +49,12 @@ public ResponseEntity authUser(@RequestBody @Valid LoginDTO loginDTO, H cookie.setMaxAge(15 * 24 * 60 * 60); // Expires in 15 days cookie.setSecure(true); cookie.setHttpOnly(true); + cookie.setPath("/"); + + String cookieHeader = String.format("refreshToken=%s; Max-Age=%d; Path=%s; Secure; HttpOnly; SameSite=strict", + authDTO.getRefreshToken(), cookie.getMaxAge(), cookie.getPath()); + response.setHeader("Set-Cookie", cookieHeader); - response.addCookie(cookie); return status(200).body(authDTO); } @@ -100,7 +104,7 @@ public ResponseEntity> getUserClassrooms(HttpSe @PostMapping("/logoff") public ResponseEntity logoff( HttpServletRequest request, - @CookieValue(name = "refreshToken") @NotBlank String refreshToken, + @CookieValue(name = "refreshToken") String refreshToken, HttpServletResponse response ) { ObjectId userId = (ObjectId) request.getAttribute("userId"); diff --git a/src/main/java/api/educai/services/token/RefreshToken.java b/src/main/java/api/educai/services/token/RefreshToken.java index a718fd7..dc12c2c 100644 --- a/src/main/java/api/educai/services/token/RefreshToken.java +++ b/src/main/java/api/educai/services/token/RefreshToken.java @@ -13,9 +13,7 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Service; -import java.time.Instant; -import java.time.LocalDateTime; -import java.time.ZoneOffset; +import java.time.*; import java.util.Date; import java.util.Optional; @@ -30,7 +28,9 @@ public class RefreshToken implements IToken { @Override public String getToken(UserDetailsDTO user) { try { - Instant exp = LocalDateTime.now().plusDays(15).toInstant(ZoneOffset.of("-03:00")); //Expires in 15 days + ZoneId zoneId = ZoneId.of("America/Sao_Paulo"); + ZonedDateTime zonedDateTime = ZonedDateTime.now(zoneId).plusDays(15); //Expires in 15 days + Instant exp = zonedDateTime.toInstant(); return JWT.create() .withClaim("id", user.getId().toString()) diff --git a/src/main/java/api/educai/services/token/Token.java b/src/main/java/api/educai/services/token/Token.java index 5898c63..ebb7485 100644 --- a/src/main/java/api/educai/services/token/Token.java +++ b/src/main/java/api/educai/services/token/Token.java @@ -14,9 +14,7 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Service; -import java.time.Instant; -import java.time.LocalDateTime; -import java.time.ZoneOffset; +import java.time.*; import java.util.Date; import java.util.Optional; @@ -30,7 +28,9 @@ public class Token implements IToken{ @Override public String getToken(UserDetailsDTO user) { try { - Instant exp = LocalDateTime.now().plusMinutes(15).toInstant(ZoneOffset.of("-03:00")); //Expires in 15 minutes + ZoneId zoneId = ZoneId.of("America/Sao_Paulo"); + ZonedDateTime zonedDateTime = ZonedDateTime.now(zoneId).plusMinutes(15); //Expires in 15 minutes + Instant exp = zonedDateTime.toInstant(); return JWT.create() .withIssuer("educ.ai-api") From 40ecb4cde25e636473197cd3742e3eacc36ded14 Mon Sep 17 00:00:00 2001 From: Diego Date: Sat, 8 Jun 2024 16:11:29 -0300 Subject: [PATCH 2/2] fix: ajustando logout --- src/main/java/api/educai/controllers/UserController.java | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/main/java/api/educai/controllers/UserController.java b/src/main/java/api/educai/controllers/UserController.java index aec3538..776ef5e 100644 --- a/src/main/java/api/educai/controllers/UserController.java +++ b/src/main/java/api/educai/controllers/UserController.java @@ -116,8 +116,16 @@ public ResponseEntity logoff( Cookie cookie = new Cookie("refreshToken", null); cookie.setMaxAge(0); + cookie.setSecure(true); + cookie.setHttpOnly(true); + cookie.setPath("/"); + response.addCookie(cookie); + String cookieHeader = String.format("refreshToken=; Max-Age=0; Path=%s; Secure; HttpOnly; SameSite=Strict", + cookie.getPath()); + response.addHeader("Set-Cookie", cookieHeader); + return status(200).build(); }