From e41b62737133f314259616f68d2084f228c70d3a Mon Sep 17 00:00:00 2001
From: ViacheslavKlimov <viacheslavklimov11@gmail.com>
Date: Wed, 7 Aug 2024 14:24:53 +0300
Subject: [PATCH] Renew activation link if less than 15 minutes before
 expiration

---
 .../server/controller/UserController.java     |  3 ++-
 .../server/controller/AuthControllerTest.java | 19 ++++++++++++++++---
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/UserController.java b/application/src/main/java/org/thingsboard/server/controller/UserController.java
index c76958dabe..234a2096d1 100644
--- a/application/src/main/java/org/thingsboard/server/controller/UserController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/UserController.java
@@ -85,6 +85,7 @@ import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
+import java.util.concurrent.TimeUnit;
 
 import static org.thingsboard.server.common.data.query.EntityKeyType.ENTITY_FIELD;
 import static org.thingsboard.server.controller.ControllerConstants.ALARM_ID_PARAM_DESCRIPTION;
@@ -590,7 +591,7 @@ public class UserController extends BaseController {
         TenantId tenantId = getTenantId();
         UserCredentials userCredentials = userService.findUserCredentialsByUserId(tenantId, userId);
         if (!userCredentials.isEnabled() && userCredentials.getActivateToken() != null) {
-            if (userCredentials.isActivationTokenExpired()) {
+            if (System.currentTimeMillis() + TimeUnit.MINUTES.toMillis(15) > userCredentials.getActivateTokenExpTime()) { // renew link if less than 15 minutes before expiration
                 userCredentials = userService.generateUserActivationToken(userCredentials);
                 userCredentials = userService.saveUserCredentials(tenantId, userCredentials);
                 log.debug("[{}][{}] Regenerated expired user activation token", tenantId, userId);
diff --git a/application/src/test/java/org/thingsboard/server/controller/AuthControllerTest.java b/application/src/test/java/org/thingsboard/server/controller/AuthControllerTest.java
index dba5a84e1b..de60cb61ea 100644
--- a/application/src/test/java/org/thingsboard/server/controller/AuthControllerTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/AuthControllerTest.java
@@ -220,6 +220,7 @@ public class AuthControllerTest extends AbstractControllerTest {
         String initialActivationLink = doGet("/api/user/" + user.getId() + "/activationLink", String.class);
         String initialActivationToken = StringUtils.substringAfterLast(initialActivationLink, "activateToken=");
 
+        // expiring activation token
         userCredentials.setActivateTokenExpTime(System.currentTimeMillis() - 1);
         userCredentialsDao.save(tenantId, userCredentials);
         doGet("/api/noauth/activate?activateToken={activateToken}", initialActivationToken)
@@ -229,14 +230,26 @@ public class AuthControllerTest extends AbstractControllerTest {
                 .put("password", "wefewe")).andExpect(status().isBadRequest())
                 .andExpect(jsonPath("$.message", is("Activation token expired")));
 
+        // checking that activation link is regenerated when requested
         String regeneratedActivationLink = doGet("/api/user/" + user.getId() + "/activationLink", String.class);
-        String regeneratedActivationToken = StringUtils.substringAfterLast(regeneratedActivationLink, "activateToken=");
-        assertThat(regeneratedActivationToken).isNotEqualTo(initialActivationLink);
+        assertThat(regeneratedActivationLink).isNotEqualTo(initialActivationLink);
+
+        // checking link renewal if less than 15 minutes before expiration
+        userCredentials = userCredentialsDao.findByUserId(tenantId, user.getUuidId());
+        userCredentials.setActivateTokenExpTime(System.currentTimeMillis() + TimeUnit.MINUTES.toMillis(30));
+        userCredentialsDao.save(tenantId, userCredentials);
+        assertThat(doGet("/api/user/" + user.getId() + "/activationLink", String.class)).isEqualTo(regeneratedActivationLink);
+        userCredentials.setActivateTokenExpTime(System.currentTimeMillis() + TimeUnit.MINUTES.toMillis(10));
+        userCredentialsDao.save(tenantId, userCredentials);
+        String newActivationLink = doGet("/api/user/" + user.getId() + "/activationLink", String.class);
+        assertThat(newActivationLink).isNotEqualTo(regeneratedActivationLink);
+        String newActivationToken = StringUtils.substringAfterLast(newActivationLink, "activateToken=");
+
         userCredentials = userCredentialsDao.findByUserId(tenantId, user.getUuidId());
         assertThat(userCredentials.getActivateTokenExpTime()).isCloseTo(System.currentTimeMillis() + TimeUnit.HOURS.toMillis(ttl), Offset.offset(120000L));
 
         doPost("/api/noauth/activate", JacksonUtil.newObjectNode()
-                .put("activateToken", regeneratedActivationToken)
+                .put("activateToken", newActivationToken)
                 .put("password", "wefewe")).andExpect(status().isOk());
     }