Fixed token expiration bug by removing jsql queries. Instead expired tokens or approved sites are filtered at the repository level

2013-08-06 11:28:13 -04:00 · 2013-08-06 11:28:13 -04:00 · eea37cf79c
parent fc314fe2d1
commit eea37cf79c
5 changed files with 31 additions and 10 deletions
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
@ -60,7 +60,6 @@ import com.nimbusds.jwt.JWTParser;
 	@NamedQuery(name = "OAuth2AccessTokenEntity.getAll", query = "select a from OAuth2AccessTokenEntity a"),
 	@NamedQuery(name = "OAuth2AccessTokenEntity.getByRefreshToken", query = "select a from OAuth2AccessTokenEntity a where a.refreshToken = :refreshToken"),
 	@NamedQuery(name = "OAuth2AccessTokenEntity.getByClient", query = "select a from OAuth2AccessTokenEntity a where a.client = :client"),
-	@NamedQuery(name = "OAuth2AccessTokenEntity.getExpired", query = "select a from OAuth2AccessTokenEntity a where a.expiration is not null and a.expiration < current_timestamp"),
 	@NamedQuery(name = "OAuth2AccessTokenEntity.getByAuthentication", query = "select a from OAuth2AccessTokenEntity a where a.authenticationHolder.authentication = :authentication"),
 	@NamedQuery(name = "OAuth2AccessTokenEntity.getByIdToken", query = "select a from OAuth2AccessTokenEntity a where a.idToken = :idToken"),
 	@NamedQuery(name = "OAuth2AccessTokenEntity.getByTokenValue", query = "select a from OAuth2AccessTokenEntity a where a.value = :tokenValue")
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java
@ -51,7 +51,6 @@ import com.nimbusds.jwt.JWTParser;
@NamedQueries({
 	@NamedQuery(name = "OAuth2RefreshTokenEntity.getAll", query = "select r from OAuth2RefreshTokenEntity r"),
 	@NamedQuery(name = "OAuth2RefreshTokenEntity.getByClient", query = "select r from OAuth2RefreshTokenEntity r where r.client = :client"),
-	@NamedQuery(name = "OAuth2RefreshTokenEntity.getExpired", query = "select r from OAuth2RefreshTokenEntity r where r.expiration is not null and r.expiration < current_timestamp"),
 	@NamedQuery(name = "OAuth2RefreshTokenEntity.getByTokenValue", query = "select r from OAuth2RefreshTokenEntity r where r.value = :tokenValue"),
 	@NamedQuery(name = "OAuth2RefreshTokenEntity.getByAuthentication", query = "select r from OAuth2RefreshTokenEntity r where r.authenticationHolder.authentication = :authentication")
 })
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java
@ -48,7 +48,6 @@ import com.google.common.collect.Sets;
 	@NamedQuery(name = "ApprovedSite.getAll", query = "select a from ApprovedSite a"),
 	@NamedQuery(name = "ApprovedSite.getByUserId", query = "select a from ApprovedSite a where a.userId = :userId"),
 	@NamedQuery(name = "ApprovedSite.getByClientId", query = "select a from ApprovedSite a where a.clientId = :clientId"),
-	@NamedQuery(name = "ApprovedSite.getExpired", query = "select a from ApprovedSite a where a.timeoutDate is not null and a.timeoutDate < current_timestamp"),
 	@NamedQuery(name = "ApprovedSite.getByClientIdAndUserId", query = "select a from ApprovedSite a where a.clientId = :clientId and a.userId = :userId")
 })
 public class ApprovedSite {
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
@ -33,6 +33,8 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.stereotype.Repository;
 import org.springframework.transaction.annotation.Transactional;

+import com.google.common.collect.Lists;
+
@Repository
 public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {

@ -165,9 +167,15 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 	 */
 	@Override
 	public List<OAuth2AccessTokenEntity> getExpiredAccessTokens() {
-		TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery("OAuth2AccessTokenEntity.getExpired", OAuth2AccessTokenEntity.class);
+		TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery("OAuth2AccessTokenEntity.getAll", OAuth2AccessTokenEntity.class);
 		List<OAuth2AccessTokenEntity> accessTokens = queryA.getResultList();
-		return accessTokens;
+		List<OAuth2AccessTokenEntity> expired = Lists.newArrayList();
+		for (OAuth2AccessTokenEntity a : accessTokens) {
+			if (a.isExpired()) {
+				expired.add(a);
+			}
+		}
+		return expired;
 	}

 	/* (non-Javadoc)
@ -175,9 +183,15 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 	 */
 	@Override
 	public List<OAuth2RefreshTokenEntity> getExpiredRefreshTokens() {
-		TypedQuery<OAuth2RefreshTokenEntity> queryR = manager.createNamedQuery("OAuth2RefreshTokenEntity.getExpired", OAuth2RefreshTokenEntity.class);
+		TypedQuery<OAuth2RefreshTokenEntity> queryR = manager.createNamedQuery("OAuth2RefreshTokenEntity.getAll", OAuth2RefreshTokenEntity.class);
 		List<OAuth2RefreshTokenEntity> refreshTokens = queryR.getResultList();
-		return refreshTokens;
+		List<OAuth2RefreshTokenEntity> expired = Lists.newArrayList();
+		for (OAuth2RefreshTokenEntity r : refreshTokens) {
+			if (r.isExpired()) {
+				expired.add(r);
+			}
+		}
+		return expired;
 	}

 	@Override
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java
@ -16,7 +16,10 @@
 ******************************************************************************/
 package org.mitre.openid.connect.repository.impl;

+import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
+
 import java.util.Collection;
+import java.util.List;

 import javax.persistence.EntityManager;
 import javax.persistence.PersistenceContext;
@ -27,7 +30,7 @@ import org.mitre.openid.connect.repository.ApprovedSiteRepository;
 import org.springframework.stereotype.Repository;
 import org.springframework.transaction.annotation.Transactional;

-import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
+import com.google.common.collect.Lists;

 /**
 * JPA ApprovedSite repository implementation
@ -105,7 +108,14 @@ public class JpaApprovedSiteRepository implements ApprovedSiteRepository {
 	@Override
 	@Transactional
 	public Collection<ApprovedSite> getExpired() {
-		TypedQuery<ApprovedSite> query = manager.createNamedQuery("ApprovedSite.getExpired", ApprovedSite.class);
-		return query.getResultList();
+		TypedQuery<ApprovedSite> query = manager.createNamedQuery("ApprovedSite.getAll", ApprovedSite.class);
+		List<ApprovedSite> sites = query.getResultList();
+		List<ApprovedSite> expired = Lists.newArrayList();
+		for (ApprovedSite a : sites) {
+			if (a.isExpired()) {
+				expired.add(a);
+			}
+		}
+		return expired;
 	}
 }