Clean code

application/src/main/java/org/thingsboard/server/service/security/auth/TokenOutdatingService.java

@@ -19,66 +19,42 @@ import io.jsonwebtoken.Claims;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.event.EventListener;
 import org.springframework.stereotype.Service;
-import org.thingsboard.server.cache.TbCacheValueWrapper;
+import org.springframework.util.StringUtils;
 import org.thingsboard.server.cache.TbTransactionalCache;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.event.UserAuthDataChangedEvent;
 import org.thingsboard.server.common.data.security.model.JwtToken;
-import org.thingsboard.server.config.JwtSettings;
 import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
 
 import java.util.Optional;
 
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
-import static java.util.concurrent.TimeUnit.SECONDS;
 
 @Service
 @RequiredArgsConstructor
 public class TokenOutdatingService {
     private final TbTransactionalCache<String, Long> cache;
     private final JwtTokenFactory tokenFactory;
-    private final JwtSettings jwtSettings;
 
     @EventListener(classes = UserAuthDataChangedEvent.class)
     public void onUserAuthDataChanged(UserAuthDataChangedEvent event) {
+        if (StringUtils.hasText(event.getId())) {
             cache.put(event.getId(), event.getTs());
         }
+    }
 
     public boolean isOutdated(JwtToken token, UserId userId) {
         Claims claims = tokenFactory.parseTokenClaims(token).getBody();
         long issueTime = claims.getIssuedAt().getTime();
-
+        String sessionId = claims.get("sessionId", String.class) == null ? "" : claims.get("sessionId", String.class);
-        String sessionId = claims.get("sessionId", String.class);
+        return isTokenOutdated(issueTime, userId.toString()) || isTokenOutdated(issueTime, sessionId);
-
-        Boolean isUserIdOutdated = Optional.ofNullable(cache.get(userId.toString()))
-                .map(outdatageTimeByUserId -> {
-                    if (refreshTokenNotExpired(outdatageTimeByUserId.get(), System.currentTimeMillis())) {
-                        return accessTokenNotExpired(issueTime, outdatageTimeByUserId.get());
-                    } else {
-                        return false;
-                    }
-                })
-                .orElse(false);
-
-        if (!isUserIdOutdated) {
-            return Optional.ofNullable(cache.get(sessionId)).map(outdatageTimeBySessionId -> {
-                        if (refreshTokenNotExpired(outdatageTimeBySessionId.get(), System.currentTimeMillis())) {
-                            return accessTokenNotExpired(issueTime, outdatageTimeBySessionId.get());
-                        } else {
-                            return false;
-                        }
-                    }
-            ).orElse(false);
     }
 
-        return isUserIdOutdated;
+    private Boolean isTokenOutdated(long issueTime, String sessionId) {
+        return Optional.ofNullable(cache.get(sessionId)).map(outdatageTime -> isTokenOutdated(issueTime, outdatageTime.get())).orElse(false);
     }
 
-    private boolean accessTokenNotExpired(long issueTime, Long outdatageTime) {
+    private boolean isTokenOutdated(long issueTime, Long outdatageTime) {
         return MILLISECONDS.toSeconds(issueTime) < MILLISECONDS.toSeconds(outdatageTime);
     }
-
-    private boolean refreshTokenNotExpired(Long outdatageTime, long currentTime) {
-        return currentTime - outdatageTime <= SECONDS.toMillis(jwtSettings.getRefreshTokenExpTime());
-    }
 }

application/src/main/resources/thingsboard.yml

@@ -421,7 +421,8 @@ cache:
       timeToLiveInMinutes: "${CACHE_SPECS_ATTRIBUTES_TTL:1440}"
       maxSize: "${CACHE_SPECS_ATTRIBUTES_MAX_SIZE:100000}"
     usersUpdateTime:
-      timeToLiveInMinutes: "${CACHE_SPECS_USERS_UPDATE_TIME_TTL:20000}"
+      # MUST be the same as jwt refresh token expiration time, the value here represents 604800 seconds in minutes
+      timeToLiveInMinutes: "${CACHE_SPECS_USERS_UPDATE_TIME_TTL:10080}"
       maxSize: "${CACHE_SPECS_USERS_UPDATE_TIME_MAX_SIZE:10000}"
     otaPackages:
       timeToLiveInMinutes: "${CACHE_SPECS_OTA_PACKAGES_TTL:60}"

application/src/test/java/org/thingsboard/server/service/security/auth/TokenOutdatingTest.java

@@ -32,7 +32,6 @@ import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.Authority;
 import org.thingsboard.server.common.data.security.UserCredentials;
-import org.thingsboard.server.common.data.security.event.UserAuthDataChangedEvent;
 import org.thingsboard.server.common.data.security.event.UserCredentialsInvalidationEvent;
 import org.thingsboard.server.common.data.security.event.UserSessionInvalidationEvent;
 import org.thingsboard.server.common.data.security.model.JwtToken;
@@ -70,7 +69,8 @@ import static org.mockito.Mockito.when;
         "security.jwt.tokenIssuer=test.io",
         "security.jwt.tokenSigningKey=secret",
         "security.jwt.tokenExpirationTime=600",
-        "security.jwt.refreshTokenExpTime=10"
+        "security.jwt.refreshTokenExpTime=60",
+        "cache.specs.usersUpdateTime.timeToLiveInMinutes=1"
 })
 public class TokenOutdatingTest {
     private JwtAuthenticationProvider accessTokenAuthenticationProvider;
@@ -160,7 +160,7 @@ public class TokenOutdatingTest {
 
         assertTrue(tokenOutdatingService.isOutdated(jwtToken, securityUser.getId()));
 
-        SECONDS.sleep(10);
+        SECONDS.sleep(60);
 
         assertFalse(tokenOutdatingService.isOutdated(jwtToken, securityUser.getId()));
     }

common/cache/src/main/java/org/thingsboard/server/cache/usersUpdateTime/UsersSessionInvalidationCaffeineCache.java

@@ -24,11 +24,11 @@ import org.thingsboard.server.common.data.CacheConstants;
 
 
 @ConditionalOnProperty(prefix = "cache", value = "type", havingValue = "caffeine", matchIfMissing = true)
-@Service("UsersUpdateTimeCache")
+@Service("UsersSessionInvalidation")
-public class UsersUpdateTimeCaffeineCache extends CaffeineTbTransactionalCache<String, Long> {
+public class UsersSessionInvalidationCaffeineCache extends CaffeineTbTransactionalCache<String, Long> {
 
     @Autowired
-    public UsersUpdateTimeCaffeineCache(CacheManager cacheManager) {
+    public UsersSessionInvalidationCaffeineCache(CacheManager cacheManager) {
-        super(cacheManager, CacheConstants.USERS_UPDATE_TIME_CACHE);
+        super(cacheManager, CacheConstants.USERS_SESSION_INVALIDATION_CACHE);
     }
 }

common/cache/src/main/java/org/thingsboard/server/cache/usersUpdateTime/UsersSessionInvalidationRedisCache.java

@@ -26,11 +26,11 @@ import org.thingsboard.server.cache.TbFSTRedisSerializer;
 import org.thingsboard.server.common.data.CacheConstants;
 
 @ConditionalOnProperty(prefix = "cache", value = "type", havingValue = "redis")
-@Service("UsersUpdateTimeCache")
+@Service("UsersSessionInvalidation")
-public class UserUpdateTimeRedisCache extends RedisTbTransactionalCache<String, Long> {
+public class UsersSessionInvalidationRedisCache extends RedisTbTransactionalCache<String, Long> {
 
     @Autowired
-    public UserUpdateTimeRedisCache(TBRedisCacheConfiguration configuration, CacheSpecsMap cacheSpecsMap, RedisConnectionFactory connectionFactory) {
+    public UsersSessionInvalidationRedisCache(TBRedisCacheConfiguration configuration, CacheSpecsMap cacheSpecsMap, RedisConnectionFactory connectionFactory) {
-        super(CacheConstants.USERS_UPDATE_TIME_CACHE, cacheSpecsMap, connectionFactory, configuration, new TbFSTRedisSerializer<>());
+        super(CacheConstants.USERS_SESSION_INVALIDATION_CACHE, cacheSpecsMap, connectionFactory, configuration, new TbFSTRedisSerializer<>());
     }
 }

common/cache/src/main/java/org/thingsboard/server/cache/usersUpdateTime/UsersUpdateTimeCacheEvictEvent.java

@@ -1,23 +0,0 @@
-/**
- * Copyright © 2016-2022 The Thingsboard Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.thingsboard.server.cache.usersUpdateTime;
-
-import lombok.Data;
-
-@Data
-public class UsersUpdateTimeCacheEvictEvent {
-    private final String key;
-}

common/data/src/main/java/org/thingsboard/server/common/data/CacheConstants.java

@@ -32,7 +32,7 @@ public class CacheConstants {
 
     public static final String ASSET_PROFILE_CACHE = "assetProfiles";
     public static final String ATTRIBUTES_CACHE = "attributes";
-    public static final String USERS_UPDATE_TIME_CACHE = "usersUpdateTime";
+    public static final String USERS_SESSION_INVALIDATION_CACHE = "usersUpdateTime";
     public static final String OTA_PACKAGE_CACHE = "otaPackages";
     public static final String OTA_PACKAGE_DATA_CACHE = "otaPackagesData";
     public static final String REPOSITORY_SETTINGS_CACHE = "repositorySettings";

common/data/src/main/java/org/thingsboard/server/common/data/security/event/UserAuthDataChangedEvent.java

@@ -15,9 +15,6 @@
  */
 package org.thingsboard.server.common.data.security.event;
 
-import lombok.Data;
-import org.thingsboard.server.common.data.id.UserId;
-
 import java.io.Serializable;
 
 public abstract class UserAuthDataChangedEvent implements Serializable {