github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

added cleaner for duplicate refresh tokens

pull/943/head
Justin Richer 9 years ago
parent
542afca459
commit
e1e892377f
1 changed files with 17 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 25
      openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java

25
openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
Unescape View File

@ -229,18 +229,12 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
@Override
@Transactional(value="defaultTransactionManager")
public void clearDuplicateAccessTokens() {
/*
*
* delete from access_token where token_value in
* (select token_value from (select token_value, count(*) as count from
* access_token group by token_value having count > 1) duplicate_tokens)
*/
Query query = manager.createQuery("select a.jwt, count(1) as c from OAuth2AccessTokenEntity a GROUP BY a.jwt HAVING c > 1");
List<Object[]> resultList = query.getResultList();
List<JWT> values = new ArrayList<>();
for (Object[] r : resultList) {
logger.warn("Found duplicate: {}, {}", r[0], r[1]);
logger.warn("Found duplicate access tokens: {}, {}", ((JWT)r[0]).serialize(), r[1]);
values.add((JWT) r[0]);
}
if (values.size() > 0) {
@ -249,7 +243,7 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
Root<OAuth2AccessTokenEntity> root = criteriaDelete.from(OAuth2AccessTokenEntity.class);
criteriaDelete.where(root.get("jwt").in(values));
int result = manager.createQuery(criteriaDelete).executeUpdate();
logger.warn("Results from delete: {}", result);
logger.warn("Deleted {} duplicate access tokens", result);
}
}
@ -258,6 +252,21 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
*/
@Override
public void clearDuplicateRefreshTokens() {
Query query = manager.createQuery("select a.jwt, count(1) as c from OAuth2RefreshTokenEntity a GROUP BY a.jwt HAVING c > 1");
List<Object[]> resultList = query.getResultList();
List<JWT> values = new ArrayList<>();
for (Object[] r : resultList) {
logger.warn("Found duplicate refresh tokens: {}, {}", ((JWT)r[0]).serialize(), r[1]);
values.add((JWT) r[0]);
}
if (values.size() > 0) {
CriteriaBuilder cb = manager.getCriteriaBuilder();
CriteriaDelete<OAuth2RefreshTokenEntity> criteriaDelete = cb.createCriteriaDelete(OAuth2RefreshTokenEntity.class);
Root<OAuth2RefreshTokenEntity> root = criteriaDelete.from(OAuth2RefreshTokenEntity.class);
criteriaDelete.where(root.get("jwt").in(values));
int result = manager.createQuery(criteriaDelete).executeUpdate();
logger.warn("Deleted {} duplicate refresh tokens", result);
}
}

Write Preview
Loading…
Cancel
Save