dendi-wang/thingsboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

JWT factory immutable and test fixed with > 512bit key

Browse Source
This commit is contained in:
Sergey Matvienko 2024-04-18 22:00:14 +02:00
parent f471f1351e
commit 8dc455edc1
2 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
application/src/main/java/org/thingsboard/server/service/security/model/token/JwtTokenFactory.java
View File

@ -16,6 +16,7 @@
package org.thingsboard.server.service.security.model.token; package org.thingsboard.server.service.security.model.token;
import io.jsonwebtoken.Claims; import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ClaimsBuilder;
import io.jsonwebtoken.ExpiredJwtException; import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jws; import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtBuilder; import io.jsonwebtoken.JwtBuilder;
@ -183,20 +184,21 @@ public class JwtTokenFactory {
UserPrincipal principal = securityUser.getUserPrincipal(); UserPrincipal principal = securityUser.getUserPrincipal();
Claims claims = Jwts.claims().setSubject(principal.getValue()).build(); ClaimsBuilder claims = Jwts.claims()
claims.put(USER_ID, securityUser.getId().getId().toString()); .subject(principal.getValue())
claims.put(SCOPES, scopes); .add(USER_ID, securityUser.getId().getId().toString())
.add(SCOPES, scopes);
if (securityUser.getSessionId() != null) { if (securityUser.getSessionId() != null) {
claims.put(SESSION_ID, securityUser.getSessionId()); claims.add(SESSION_ID, securityUser.getSessionId());
} }
ZonedDateTime currentTime = ZonedDateTime.now(); ZonedDateTime currentTime = ZonedDateTime.now();
return Jwts.builder() return Jwts.builder()
.setClaims(claims) .claims(claims.build())
.setIssuer(jwtSettingsService.getJwtSettings().getTokenIssuer()) .issuer(jwtSettingsService.getJwtSettings().getTokenIssuer())
.setIssuedAt(Date.from(currentTime.toInstant())) .issuedAt(Date.from(currentTime.toInstant()))
.setExpiration(Date.from(currentTime.plusSeconds(expirationTime).toInstant())) .expiration(Date.from(currentTime.plusSeconds(expirationTime).toInstant()))
.signWith(SignatureAlgorithm.HS512, jwtSettingsService.getJwtSettings().getTokenSigningKey()); .signWith(SignatureAlgorithm.HS512, jwtSettingsService.getJwtSettings().getTokenSigningKey());
} }
@ -205,7 +207,7 @@ public class JwtTokenFactory {
return Jwts.parser() return Jwts.parser()
.setSigningKey(jwtSettingsService.getJwtSettings().getTokenSigningKey()) .setSigningKey(jwtSettingsService.getJwtSettings().getTokenSigningKey())
.build() .build()
.parseClaimsJws(token); .parseSignedClaims(token);
} catch (UnsupportedJwtException | MalformedJwtException | IllegalArgumentException ex) { } catch (UnsupportedJwtException | MalformedJwtException | IllegalArgumentException ex) {
log.debug("Invalid JWT Token", ex); log.debug("Invalid JWT Token", ex);
throw new BadCredentialsException("Invalid JWT token: ", ex); throw new BadCredentialsException("Invalid JWT token: ", ex);

2
application/src/test/java/org/thingsboard/server/service/security/auth/JwtTokenFactoryTest.java
View File

@ -66,7 +66,7 @@ public class JwtTokenFactoryTest {
public void beforeEach() { public void beforeEach() {
jwtSettings = new JwtSettings(); jwtSettings = new JwtSettings();
jwtSettings.setTokenIssuer("tb"); jwtSettings.setTokenIssuer("tb");
jwtSettings.setTokenSigningKey("abewafaf"); jwtSettings.setTokenSigningKey("abewafaf".repeat(11)); //48*11 bits key > 512 bits
jwtSettings.setTokenExpirationTime((int) TimeUnit.HOURS.toSeconds(2)); jwtSettings.setTokenExpirationTime((int) TimeUnit.HOURS.toSeconds(2));
jwtSettings.setRefreshTokenExpTime((int) TimeUnit.DAYS.toSeconds(7)); jwtSettings.setRefreshTokenExpTime((int) TimeUnit.DAYS.toSeconds(7));