Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #412 from grassrootza/fix/refresh
Removing deprecated refresh function
  • Loading branch information
luke-grassroot committed Apr 16, 2021
2 parents c66703d + 6351e2a commit a2e6e88
Show file tree
Hide file tree
Showing 3 changed files with 0 additions and 48 deletions.
Expand Up @@ -21,13 +21,6 @@ public interface JwtService {

HttpHeaders createHeadersForLambdaCall();

/**
* Refresh token if old token is still valid or has expired but is still within the expiration grace period.
* @return new token if old token is still valid or has expired but is still within the expiration grace period.
* Otherwise, return <code></code>null.
*/
String refreshToken(String oldToken, JwtType jwtType, Long shortExpiryMillis);

boolean isJwtTokenValid(String token);

boolean isJwtTokenExpired(String token);
Expand Down
Expand Up @@ -170,33 +170,6 @@ private Claims extractClaims(String token) {
.parseClaimsJws(token).getBody();
}

@Override
public String refreshToken(String oldToken, JwtType jwtType, Long shortExpiryMillis) {
boolean isTokenStillValid = false;
Date expirationTime = null;
String newToken = null;
String userId = null;
String systemRoles = null;
try {
Jwt<Header, Claims> jwt = Jwts.parser().setSigningKey(keyPairProvider.getJWTKey().getPublic()).parseClaimsJws(oldToken);
userId = jwt.getBody().get(USER_UID_KEY, String.class);
systemRoles = jwt.getBody().get(SYSTEM_ROLE_KEY, String.class);
isTokenStillValid = true;
}
catch (ExpiredJwtException e) {
logger.error("Token validation failed. The token is expired.", e);
expirationTime = e.getClaims().getExpiration();
}
if (isTokenStillValid || expirationTime != null
&& expirationTime.toInstant().plus(jwtTokenExpiryGracePeriodInMilliseconds, ChronoUnit.MILLIS).isAfter(new Date().toInstant())) {
CreateJwtTokenRequest cjtRequest = new CreateJwtTokenRequest(jwtType, shortExpiryMillis, userId, systemRoles);

newToken = createJwt(cjtRequest);
}

return newToken;
}

private PublicCredentials refreshPublicCredentials() {
keyIdentifier = environment.getProperty("grassroot.publickey.identifier", UUID.randomUUID().toString());
logger.debug("created KUID for main platform: {}", keyIdentifier);
Expand Down
Expand Up @@ -318,20 +318,6 @@ public ResponseEntity<ResponseWrapper> validateToken(@RequestParam String token,
}
}

@RequestMapping(value = "/token/refresh", method = RequestMethod.GET)
@ApiOperation(value = "Refresh JWT token", notes = "Try to refresh an old or expired token, responds with " +
"a new token as a string (in the 'data' property) if the old token is within the refresh window, or a bad request " +
"if the token is still old")
public ResponseEntity<ResponseWrapper> refreshToken(@RequestParam("oldToken")String oldToken,
@RequestParam(value = "durationMillis", required = false) Long durationMillis) {
String newToken = jwtService.refreshToken(oldToken, JwtType.WEB_ANDROID_CLIENT, durationMillis);
if (newToken != null) {
return RestUtil.okayResponseWithData(RestMessage.LOGIN_SUCCESS, newToken);
} else {
return RestUtil.errorResponse(HttpStatus.BAD_REQUEST, RestMessage.TOKEN_EXPIRED);
}
}

private String temporaryTokenSend(String token, String numberOrEmail) {
if (environment.acceptsProfiles(Profiles.of(GrassrootApplicationProfiles.PRODUCTION))) {
passwordTokenService.triggerOtp(userService.findByUsernameLoose(numberOrEmail));
Expand Down

0 comments on commit a2e6e88

Please sign in to comment.