pac4j: javadoc + renewSessionId

jknack · jknack · commit 95786c441592 · 2019-12-12T17:47:25.000-03:00
diff --git a/jooby/src/main/java/io/jooby/Session.java b/jooby/src/main/java/io/jooby/Session.java
@@ -8,6 +8,7 @@
 import io.jooby.internal.SessionImpl;
 
 import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 import java.time.Instant;
 import java.util.Map;
 
@@ -22,11 +23,19 @@ public interface Session {
   String NAME = "session";
 
   /**
-   * Session ID.
+   * Session ID or <code>null</code> for stateless (usually signed) sessions.
    *
-   * @return Session ID.
+   * @return Session ID or <code>null</code> for stateless (usually signed) sessions.
    */
-  @Nonnull String getId();
+  @Nullable String getId();
+
+  /**
+   * Set Session ID.
+   *
+   * @param id Session ID or <code>null</code>
+   * @return Session.
+   */
+  @Nonnull Session setId(@Nullable String id);
 
   /**
    * Get a session attribute.
@@ -209,26 +218,32 @@ public interface Session {
    */
   void destroy();
 
+  /**
+   * Assign a new ID to the existing session.
+   * @return This session.
+   */
+  Session renewId();
+
   /**
    * Creates a new session.
    *
    * @param ctx Web context.
-   * @param id Session ID.
+   * @param id Session ID or <code>null</code>.
    * @return A new session.
    */
-  static @Nonnull Session create(@Nonnull Context ctx, @Nonnull String id) {
+  static @Nonnull Session create(@Nonnull Context ctx, @Nullable String id) {
     return new SessionImpl(ctx, id);
   }
 
   /**
    * Creates a new session.
    *
    * @param ctx Web context.
-   * @param id Session ID.
+   * @param id Session ID or <code>null</code>.
    * @param data Session attributes.
    * @return A new session.
    */
-  static @Nonnull Session create(@Nonnull Context ctx, @Nonnull String id,
+  static @Nonnull Session create(@Nonnull Context ctx, @Nullable String id,
       @Nonnull Map<String, String> data) {
     return new SessionImpl(ctx, id, data);
   }
diff --git a/jooby/src/main/java/io/jooby/SessionStore.java b/jooby/src/main/java/io/jooby/SessionStore.java
@@ -76,6 +76,14 @@ public interface SessionStore {
    */
   void saveSession(@Nonnull Context ctx, @Nonnull Session session);
 
+  /**
+   * Renew Session ID. This operation might or might not be implemented by a Session Store.
+   *
+   * @param ctx Web Context.
+   * @param session Session.
+   */
+  void renewSessionId(@Nonnull Context ctx, @Nonnull Session session);
+
   /**
    * Creates a cookie based session and store data in memory. Session data is not keep after
    * restart.
diff --git a/jooby/src/main/java/io/jooby/internal/MemorySessionStore.java b/jooby/src/main/java/io/jooby/internal/MemorySessionStore.java
@@ -80,6 +80,12 @@ public MemorySessionStore(SessionToken token) {
         new SessionData(session.getCreationTime(), Instant.now(), session.toMap()));
   }
 
+  @Override public void renewSessionId(@Nonnull Context ctx, @Nonnull Session session) {
+    String oldId = session.getId();
+    session.setId(token.newToken());
+    sessions.remove(oldId);
+  }
+
   private Session restore(Context ctx, String sessionId, SessionData data) {
     return Session.create(ctx, sessionId, data.hash)
         .setLastAccessedTime(data.lastAccessedTime)
diff --git a/jooby/src/main/java/io/jooby/internal/SessionImpl.java b/jooby/src/main/java/io/jooby/internal/SessionImpl.java
@@ -12,6 +12,7 @@
 import io.jooby.ValueNode;
 
 import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 import java.time.Instant;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
@@ -60,10 +61,15 @@ public SessionImpl(Context ctx, String id, Map<String, String> attributes) {
     return this;
   }
 
-  @Override public @Nonnull String getId() {
+  @Override public @Nullable String getId() {
     return id;
   }
 
+  @Nonnull @Override public Session setId(@Nullable String id) {
+    this.id = id;
+    return this;
+  }
+
   @Override public @Nonnull Value get(@Nonnull String name) {
     return Value.create(ctx, name, attributes.get(name));
   }
@@ -114,6 +120,12 @@ public SessionImpl(Context ctx, String id, Map<String, String> attributes) {
     store(ctx).deleteSession(ctx, this);
   }
 
+  @Override public Session renewId() {
+    store(ctx).renewSessionId(ctx, this);
+    updateState();
+    return this;
+  }
+
   private void updateState() {
     modify = true;
     lastAccessedTime = Instant.now();
diff --git a/jooby/src/main/java/io/jooby/internal/SignedSessionStore.java b/jooby/src/main/java/io/jooby/internal/SignedSessionStore.java
@@ -19,8 +19,6 @@
 
 public class SignedSessionStore implements SessionStore {
 
-  private static final String NO_ID = "<new-session>";
-
   private final Function<String, Map<String, String>> decoder;
 
   private final Function<Map<String, String>, String> encoder;
@@ -35,7 +33,7 @@ public SignedSessionStore(SessionToken token, Function<String, Map<String, Strin
   }
 
   @Nonnull @Override public Session newSession(@Nonnull Context ctx) {
-    return Session.create(ctx, NO_ID).setNew(true);
+    return Session.create(ctx, null).setNew(true);
   }
 
   @Nullable @Override public Session findSession(@Nonnull Context ctx) {
@@ -61,4 +59,8 @@ public SignedSessionStore(SessionToken token, Function<String, Map<String, Strin
   @Override public void saveSession(@Nonnull Context ctx, @Nonnull Session session) {
     // NOOP
   }
+
+  @Override public void renewSessionId(@Nonnull Context ctx, @Nonnull Session session) {
+    token.saveToken(ctx, encoder.apply(session.toMap()));
+  }
 }
diff --git a/modules/jooby-jwt/src/main/java/io/jooby/jwt/JwtSessionStore.java b/modules/jooby-jwt/src/main/java/io/jooby/jwt/JwtSessionStore.java
@@ -101,6 +101,10 @@ public JwtSessionStore(@Nonnull Key key, @Nonnull SessionToken token) {
     store.saveSession(ctx, session);
   }
 
+  @Override public void renewSessionId(@Nonnull Context ctx, @Nonnull Session session) {
+    store.renewSessionId(ctx, session);
+  }
+
   static SneakyThrows.Function<String, Map<String, String>> decoder(Key key) {
     return value -> {
       try {
diff --git a/modules/jooby-pac4j/src/main/java/io/jooby/internal/pac4j/SessionStoreImpl.java b/modules/jooby-pac4j/src/main/java/io/jooby/internal/pac4j/SessionStoreImpl.java
@@ -72,6 +72,7 @@ private Optional<Session> getSessionOrEmpty(Pac4jContext context) {
   }
 
   @Override public boolean renewSession(Pac4jContext context) {
+    getSessionOrEmpty(context).ifPresent(session -> session.renewId());
     return true;
   }
 
diff --git a/modules/jooby-pac4j/src/main/java/io/jooby/pac4j/Pac4jContext.java b/modules/jooby-pac4j/src/main/java/io/jooby/pac4j/Pac4jContext.java
@@ -9,10 +9,29 @@
 import io.jooby.internal.pac4j.WebContextImpl;
 import org.pac4j.core.context.WebContext;
 
+import javax.annotation.Nonnull;
+
+/**
+ * Pac4j web context.
+ *
+ * @author edgar
+ * @since 2.0.0
+ */
 public interface Pac4jContext extends WebContext {
-  Context getContext();
+  /**
+   * Get underlying context.
+   *
+   * @return The underlying context.
+   */
+  @Nonnull Context getContext();
 
-  static Pac4jContext create(Context ctx) {
+  /**
+   * Wrap a Web context as pac4j context.
+   *
+   * @param ctx Web context.
+   * @return Pac4j web context.
+   */
+  static @Nonnull Pac4jContext create(@Nonnull Context ctx) {
     return new WebContextImpl(ctx);
   }
 }
diff --git a/modules/jooby-pac4j/src/main/java/io/jooby/pac4j/Pac4jOptions.java b/modules/jooby-pac4j/src/main/java/io/jooby/pac4j/Pac4jOptions.java
diff --git a/modules/jooby-test/src/main/java/io/jooby/MockSession.java b/modules/jooby-test/src/main/java/io/jooby/MockSession.java

Original file line number	Diff line number	Diff line change
`@@ -19,8 +19,6 @@`
`19`	`19`
`20`	`20`	`public class SignedSessionStore implements SessionStore {`
`21`	`21`
`22`		`- private static final String NO_ID = "<new-session>";`
`23`		`-`
`24`	`22`	`private final Function<String, Map<String, String>> decoder;`
`25`	`23`
`26`	`24`	`private final Function<Map<String, String>, String> encoder;`
`@@ -35,7 +33,7 @@ public SignedSessionStore(SessionToken token, Function<String, Map<String, Strin`
`35`	`33`	`}`
`36`	`34`
`37`	`35`	`@Nonnull @Override public Session newSession(@Nonnull Context ctx) {`
`38`		`- return Session.create(ctx, NO_ID).setNew(true);`
	`36`	`+ return Session.create(ctx, null).setNew(true);`
`39`	`37`	`}`
`40`	`38`
`41`	`39`	`@Nullable @Override public Session findSession(@Nonnull Context ctx) {`
`@@ -61,4 +59,8 @@ public SignedSessionStore(SessionToken token, Function<String, Map<String, Strin`
`61`	`59`	`@Override public void saveSession(@Nonnull Context ctx, @Nonnull Session session) {`
`62`	`60`	`// NOOP`
`63`	`61`	`}`
	`62`	`+`
	`63`	`+ @Override public void renewSessionId(@Nonnull Context ctx, @Nonnull Session session) {`
	`64`	`+ token.saveToken(ctx, encoder.apply(session.toMap()));`
	`65`	`+ }`
`64`	`66`	`}`
Original file line number	Diff line number	Diff line change
`@@ -72,6 +72,7 @@ private Optional<Session> getSessionOrEmpty(Pac4jContext context) {`
`72`	`72`	`}`
`73`	`73`
`74`	`74`	`@Override public boolean renewSession(Pac4jContext context) {`
	`75`	`+ getSessionOrEmpty(context).ifPresent(session -> session.renewId());`
`75`	`76`	`return true;`
`76`	`77`	`}`
`77`	`78`