Merge pull request #294 from AuthGuard/refactor/long-id

Migrate from string IDs to number IDs

api/src/main/java/com/nexblocks/authguard/api/dto/entities/Account.java

@@ -15,7 +15,7 @@
 @JsonSerialize(as = AccountDTO.class)
 @JsonDeserialize(as = AccountDTO.class)
 public interface Account {
-    String getId();
+    long getId();
     Instant getCreatedAt();
     Instant getLastModified();
 

api/src/main/java/com/nexblocks/authguard/api/dto/entities/AccountLock.java

@@ -8,6 +8,6 @@
 @Value.Immutable
 @DTOStyle
 public interface AccountLock {
-    String getAccountId();
+    long getAccountId();
     Instant getExpiresAt();
 }

api/src/main/java/com/nexblocks/authguard/api/dto/entities/ActionToken.java

@@ -12,6 +12,6 @@
 public interface ActionToken {
     String getToken();
     String getAction();
-    String getAccountId();
+    Long getAccountId();
     long getValidFor();
 }

api/src/main/java/com/nexblocks/authguard/api/dto/entities/ApiKey.java

@@ -12,10 +12,10 @@
 @JsonSerialize(as = ApiKeyDTO.class)
 @JsonDeserialize(as = ApiKeyDTO.class)
 public interface ApiKey {
-    String getId();
+    long getId();
     Instant getCreatedAt();
     Instant getLastModified();
-    String getAppId();
+    Long getAppId();
     String getKey();
     String getType();
     boolean isForClient();

api/src/main/java/com/nexblocks/authguard/api/dto/entities/App.java

@@ -13,12 +13,12 @@
 @JsonSerialize(as = AppDTO.class)
 @JsonDeserialize(as = AppDTO.class)
 public interface App {
-    String getId();
+    long getId();
     Instant getCreatedAt();
     Instant getLastModified();
     String getExternalId();
     String getName();
-    String getAccountId();
+    Long getAccountId();
     String getDomain();
     String getBaseUrl();
     List<PermissionDTO> getPermissions();

api/src/main/java/com/nexblocks/authguard/api/dto/entities/Client.java

@@ -12,12 +12,12 @@
 @JsonSerialize(as = ClientDTO.class)
 @JsonDeserialize(as = ClientDTO.class)
 public interface Client {
-    String getId();
+    long getId();
     Instant getCreatedAt();
     Instant getLastModified();
     String getExternalId();
     String getName();
-    String getAccountId();
+    Long getAccountId();
     String getDomain();
     String getBaseUrl();
     String getClientType();

api/src/main/java/com/nexblocks/authguard/api/dto/entities/Credentials.java

@@ -11,7 +11,7 @@
 @DTOStyle
 @JsonDeserialize(as = CredentialsDTO.class)
 public interface Credentials {
-    String getId();
+    long getId();
     Instant getCreatedAt();
     Instant getLastModified();
     Instant getPasswordUpdatedAt();

api/src/main/java/com/nexblocks/authguard/api/dto/entities/ExchangeAttempt.java

@@ -8,10 +8,10 @@
 @Value.Immutable
 @DTOStyle
 public interface ExchangeAttempt {
-    String getId();
+    long getId();
     Instant getCreatedAt();
     Instant getLastModified();
-    String getEntityId();
+    Long getEntityId();
     String getExchangeFrom();
     String getExchangeTo();
     boolean isSuccessful();

api/src/main/java/com/nexblocks/authguard/api/dto/entities/Permission.java

@@ -12,7 +12,7 @@
 @JsonSerialize(as = PermissionDTO.class)
 @JsonDeserialize(as = PermissionDTO.class)
 public interface Permission {
-    String getId();
+    long getId();
     Instant getCreatedAt();
     Instant getLastModified();
     String getGroup();

api/src/main/java/com/nexblocks/authguard/api/dto/entities/Role.java

@@ -12,7 +12,7 @@
 @JsonDeserialize(as = RoleDTO.class)
 @JsonSerialize(as = RoleDTO.class)
 public interface Role {
-    String getId();
+    long getId();
     Instant getCreatedAt();
     Instant getLastModified();
     String getName();

api/src/main/java/com/nexblocks/authguard/api/dto/requests/ApiKeyRequest.java

@@ -14,7 +14,7 @@
 public interface ApiKeyRequest {
     boolean isForClient();
     String getKeyType();
-    String getAppId();
+    Long getAppId();
     Instant getExpiresAt();
     DurationRequestDTO getValidFor();
 }

api/src/main/java/com/nexblocks/authguard/api/dto/requests/CreateAppRequest.java

@@ -15,7 +15,7 @@
 public interface CreateAppRequest {
     String getExternalId();
     String getName();
-    String getAccountId();
+    Long getAccountId();
     String getDomain();
     List<PermissionDTO> getPermissions();
     List<String> getScopes();

api/src/main/java/com/nexblocks/authguard/api/dto/requests/CreateClientRequest.java

@@ -13,7 +13,7 @@
 public interface CreateClientRequest {
     String getExternalId();
     String getName();
-    String getAccountId();
+    Long getAccountId();
     String getDomain();
     String getBaseUrl();
     ClientType getClientType();

api/src/main/java/com/nexblocks/authguard/api/dto/requests/OtpRequest.java

@@ -10,6 +10,6 @@
 @JsonDeserialize(as = OtpRequestDTO.class)
 @JsonSerialize(as = OtpRequestDTO.class)
 public interface OtpRequest {
-    String getPasswordId();
+    Long getPasswordId();
     String getPassword();
 }

api/src/main/java/com/nexblocks/authguard/api/dto/validation/validators/ApiKeysRequestValidator.java

@@ -14,7 +14,7 @@ public class ApiKeysRequestValidator implements Validator<ApiKeyRequestDTO> {
     @Override
     public List<Violation> validate(final ApiKeyRequestDTO obj) {
         return FluentValidator.begin()
-                .validate("appId", obj.getAppId(), Constraints.required, Constraints.reasonableLength)
+                .validate("appId", obj.getAppId(), Constraints.required)
                 .validate("keyType", obj.getKeyType(), Constraints.required, Constraints.reasonableLength)
                 .validate("validFor", obj.getValidFor(), durationRequest -> {
                     if (durationRequest == null) {

api/src/main/java/com/nexblocks/authguard/api/dto/validation/validators/CreateAppRequestValidator.java

@@ -12,7 +12,6 @@ public class CreateAppRequestValidator implements Validator<CreateAppRequest> {
     public List<Violation> validate(final CreateAppRequest obj) {
         return FluentValidator.begin()
                 .validate("externalId", obj.getExternalId(), Constraints.reasonableLength)
-                .validate("accountId", obj.getAccountId(), Constraints.reasonableLength)
                 .validate("name", obj.getName(), Constraints.required, Constraints.reasonableLength)
                 .validate("domain", obj.getDomain(), Constraints.required)
                 .getViolations();

api/src/main/java/com/nexblocks/authguard/api/dto/validation/validators/CreateClientRequestValidator.java

@@ -12,7 +12,6 @@ public class CreateClientRequestValidator implements Validator<CreateClientReque
     public List<Violation> validate(CreateClientRequestDTO obj) {
         return FluentValidator.begin()
                 .validate("externalId", obj.getExternalId(), Constraints.reasonableLength)
-                .validate("accountId", obj.getAccountId(), Constraints.reasonableLength)
                 .validate("name", obj.getName(), Constraints.required, Constraints.reasonableLength)
                 .validate("domain", obj.getDomain(), Constraints.required)
                 .validate("clientType", obj.getClientType(), Constraints.required)

api/src/test/java/com/nexblocks/authguard/api/dto/validation/validators/ApiKeysRequestValidatorTest.java

@@ -17,7 +17,7 @@ class ApiKeysRequestValidatorTest {
     @Test
     void validate() {
         final ApiKeyRequestDTO request = ApiKeyRequestDTO.builder()
-                .appId("app")
+                .appId(1L)
                 .keyType("default")
                 .build();
 
@@ -44,7 +44,7 @@ void validateMissingValues() {
     @Test
     void validateWithZeroValidity() {
         final ApiKeyRequestDTO request = ApiKeyRequestDTO.builder()
-                .appId("app")
+                .appId(1L)
                 .keyType("default")
                 .validFor(DurationRequestDTO.builder()
                         .build())
@@ -59,7 +59,7 @@ void validateWithZeroValidity() {
     @Test
     void validateWithNonZeroValidity() {
         final ApiKeyRequestDTO request = ApiKeyRequestDTO.builder()
-                .appId("app")
+                .appId(1L)
                 .keyType("default")
                 .validFor(DurationRequestDTO.builder()
                         .days(1)
@@ -77,7 +77,7 @@ void validateWithNonZeroValidity() {
     @Test
     void validateWithNegativeDaysValidity() {
         final ApiKeyRequestDTO request = ApiKeyRequestDTO.builder()
-                .appId("app")
+                .appId(1L)
                 .keyType("default")
                 .validFor(DurationRequestDTO.builder()
                         .days(-1)
@@ -95,7 +95,7 @@ void validateWithNegativeDaysValidity() {
     @Test
     void validateWithNegativeHoursValidity() {
         final ApiKeyRequestDTO request = ApiKeyRequestDTO.builder()
-                .appId("app")
+                .appId(1L)
                 .keyType("default")
                 .validFor(DurationRequestDTO.builder()
                         .hours(-1)
@@ -113,7 +113,7 @@ void validateWithNegativeHoursValidity() {
     @Test
     void validateWithNegativeMinutesValidity() {
         final ApiKeyRequestDTO request = ApiKeyRequestDTO.builder()
-                .appId("app")
+                .appId(1L)
                 .keyType("default")
                 .validFor(DurationRequestDTO.builder()
                         .minutes(-1)

api/src/test/java/com/nexblocks/authguard/api/dto/validation/validators/OtpRequestValidatorTest.java

@@ -15,7 +15,7 @@ class OtpRequestValidatorTest {
     @Test
     void validateValid() {
         final OtpRequestDTO request = OtpRequestDTO.builder()
-                .passwordId("password-id")
+                .passwordId(1L)
                 .password("password")
                 .build();
 

basic-auth/src/main/java/com/nexblocks/authguard/basic/otp/OtpProvider.java

@@ -92,7 +92,7 @@ public AuthResponseBO generateToken(final AppBO app) {
         throw new UnsupportedOperationException("OTPs cannot be generated for applications");
     }
 
-    private AuthResponseBO createToken(final String passwordId, final String accountId) {
+    private AuthResponseBO createToken(final long passwordId, final long accountId) {
         return AuthResponseBO.builder()
                 .type(TOKEN_TYPE)
                 .token(passwordId)

basic-auth/src/main/java/com/nexblocks/authguard/basic/otp/OtpVerifier.java

@@ -11,7 +11,6 @@
 import io.vavr.control.Either;
 
 import java.time.Instant;
-import java.time.OffsetDateTime;
 import java.util.Optional;
 
 public class OtpVerifier implements AuthVerifier {
@@ -25,7 +24,7 @@ public OtpVerifier(final OtpRepository otpRepository, final ServiceMapper servic
     }
 
     @Override
-    public Either<Exception, String> verifyAccountToken(final String token) {
+    public Either<Exception, Long> verifyAccountToken(final String token) {
         // TODO: no need to have a special format for the token, just receive the two parts in the request
         final String[] parts = token.split(":");
 
@@ -34,7 +33,14 @@ public Either<Exception, String> verifyAccountToken(final String token) {
                     "Invalid OTP token format"));
         }
 
-        final String passwordId = parts[0];
+        final long passwordId;
+
+        try {
+            passwordId = Long.parseLong(parts[0]);
+        } catch (Exception e) {
+            return Either.left(new ServiceAuthorizationException(ErrorCode.INVALID_AUTHORIZATION_FORMAT,
+                    "Invalid OTP ID"));
+        }
         final String otp = parts[1];
 
         final Optional<OneTimePasswordBO> generatedOpt = otpRepository.getById(passwordId)

basic-auth/src/main/java/com/nexblocks/authguard/basic/passwordless/PasswordlessVerifier.java

@@ -10,7 +10,6 @@
 import io.vavr.control.Either;
 
 import java.time.Instant;
-import java.time.OffsetDateTime;
 
 public class PasswordlessVerifier implements AuthVerifier {
     private final AccountTokensRepository accountTokensRepository;
@@ -21,15 +20,15 @@ public PasswordlessVerifier(final AccountTokensRepository accountTokensRepositor
     }
 
     @Override
-    public Either<Exception, String> verifyAccountToken(final String passwordlessToken) {
+    public Either<Exception, Long> verifyAccountToken(final String passwordlessToken) {
         return accountTokensRepository.getByToken(passwordlessToken)
                 .join()
                 .map(this::verifyToken)
                 .orElseGet(() -> Either.left(new ServiceAuthorizationException(ErrorCode.INVALID_TOKEN,
                         "No passwordless token found for " + passwordlessToken)));
     }
 
-    private Either<Exception, String> verifyToken(final AccountTokenDO accountToken) {
+    private Either<Exception, Long> verifyToken(final AccountTokenDO accountToken) {
         if (accountToken.getExpiresAt().isBefore(Instant.now())) {
             return Either.left(new ServiceAuthorizationException(ErrorCode.EXPIRED_TOKEN, "Expired passwordless token",
                     EntityType.ACCOUNT, accountToken.getAssociatedAccountId()));

basic-auth/src/test/java/com/nexblocks/authguard/basic/BasicAuthProviderTest.java

@@ -53,7 +53,7 @@ void setup() {
 
     private AccountBO createCredentials(final String username) {
         return AccountBO.builder()
-                .id("credentials")
+                .id(1)
                 .active(true)
                 .addIdentifiers(UserIdentifierBO.builder()
                         .identifier(username)
@@ -215,12 +215,6 @@ void authenticateWithPreviousPasswordVersionWrongPassword() {
         assertThat(result.getLeft()).isInstanceOf(ServiceAuthorizationException.class);
     }
 
-    @Test
-    void authenticateBadAuthorization() {
-        final String authorization = RandomStringUtils.randomAlphanumeric(20);
-        assertThatThrownBy(() -> basicAuth.authenticateAndGetAccount(authorization)).isInstanceOf(ServiceException.class);
-    }
-
     @Test
     void authenticateBadBasicScheme() {
         final String authorization = "dGhpc2RvbmVzbid0Zmx5aW5vdXJjaXR5";

basic-auth/src/test/java/com/nexblocks/authguard/basic/otp/OtpVerifierTest.java

@@ -51,7 +51,7 @@ void verify() {
         Mockito.when(mockOtpRepository.getById(otp.getId()))
                 .thenReturn(CompletableFuture.completedFuture(Optional.of(otp)));
 
-        final Either<Exception, String> generated = otpVerifier.verifyAccountToken(otp.getId() + ":" + otp.getPassword());
+        final Either<Exception, Long> generated = otpVerifier.verifyAccountToken(otp.getId() + ":" + otp.getPassword());
 
         assertThat(generated.get()).isEqualTo(otp.getAccountId());
     }
@@ -84,7 +84,7 @@ void verifyInvalidOtpFormat() {
 
         setup(otpConfig);
 
-        final Either<Exception, String> result = otpVerifier.verifyAccountToken("not a valid OTP");
+        final Either<Exception, Long> result = otpVerifier.verifyAccountToken("not a valid OTP");
 
         assertThat(result.isLeft()).isTrue();
         assertThat(result.getLeft()).isInstanceOf(ServiceAuthorizationException.class);
@@ -105,7 +105,7 @@ void verifyPasswordNotFound() {
         Mockito.when(mockOtpRepository.getById(otp.getId()))
                 .thenReturn(CompletableFuture.completedFuture(Optional.empty()));
 
-        final Either<Exception, String> result = otpVerifier.verifyAccountToken(otp.getId() + ":" + otp.getPassword());
+        final Either<Exception, Long> result = otpVerifier.verifyAccountToken(otp.getId() + ":" + otp.getPassword());
 
         assertThat(result.isLeft()).isTrue();
         assertThat(result.getLeft()).isInstanceOf(ServiceAuthorizationException.class);

basic-auth/src/test/java/com/nexblocks/authguard/basic/passwordless/PasswordlessProviderTest.java

@@ -52,7 +52,7 @@ void generateToken() {
         setup(passwordlessConfig);
 
         final AccountBO account = AccountBO.builder()
-                .id("account")
+                .id(101)
                 .active(true)
                 .build();
 

dal/cache/src/main/java/com/nexblocks/authguard/dal/cache/AccountLocksRepository.java

@@ -7,9 +7,9 @@
 import java.util.concurrent.CompletableFuture;
 
 public interface AccountLocksRepository {
-    CompletableFuture<Collection<AccountLockDO>> findByAccountId(String accountId);
+    CompletableFuture<Collection<AccountLockDO>> findByAccountId(long accountId);
 
     CompletableFuture<AccountLockDO> save(AccountLockDO accountLock);
 
-    CompletableFuture<Optional<AccountLockDO>> delete(String id);
+    CompletableFuture<Optional<AccountLockDO>> delete(long id);
 }

dal/cache/src/main/java/com/nexblocks/authguard/dal/cache/OtpRepository.java

@@ -7,5 +7,5 @@
 
 public interface OtpRepository {
     CompletableFuture<OneTimePasswordDO> save(OneTimePasswordDO password);
-    CompletableFuture<Optional<OneTimePasswordDO>> getById(String id);
+    CompletableFuture<Optional<OneTimePasswordDO>> getById(long id);
 }

dal/cache/src/main/java/com/nexblocks/authguard/dal/cache/SessionsRepository.java

@@ -8,7 +8,7 @@
 public interface SessionsRepository {
     CompletableFuture<SessionDO> save(final SessionDO session);
 
-    CompletableFuture<Optional<SessionDO>> getById(final String sessionId);
+    CompletableFuture<Optional<SessionDO>> getById(final long sessionId);
 
     CompletableFuture<Optional<SessionDO>> getByToken(final String sessionToken);
 

dal/dal-common/src/main/java/com/nexblocks/authguard/dal/model/AbstractDO.java

@@ -19,8 +19,7 @@
 @MappedSuperclass
 public abstract class AbstractDO {
     @Id
-    @Convert(converter = LongToStringConverter.class)
-    private String id;
+    private long id;
     private boolean deleted;
     private Instant createdAt;
     private Instant lastModified;