Issues in JwtTokenFactory.java (master) - Issues in master - Apereo-Learning-Analytics-Initiative/OpenLRW - Measure and Improve Code Quality continuously with Scrutinizer

Issues (123)

matthews/security/model/token/JwtTokenFactory.java (1 issue)

Labels

Bug 1

Severity

Critical 1

package unicon.matthews.security.model.token;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;

import java.util.UUID;
import java.util.stream.Collectors;

import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import unicon.matthews.security.config.JwtSettings;
import unicon.matthews.security.model.UserContext;

/**
 * Factory class that should be always used to create {@link JwtToken}.
 * 
 * @author vladimir.stankovic
 *
 * May 31, 2016
 */
@Component
public class JwtTokenFactory {
    private final JwtSettings settings;

    @Autowired
    public JwtTokenFactory(JwtSettings settings) {
        this.settings = settings;
    }

    /**
     * Factory method for issuing new JWT Tokens.
     * 
     * @param username
     * @param roles
     * @return
     */
    public AccessJwtToken createAccessJwtToken(UserContext userContext) {
        if (StringUtils.isBlank(userContext.getTenantId())) 
            throw new IllegalArgumentException("Cannot create JWT Token without tenantId");

        if (StringUtils.isBlank(userContext.getOrgId())) 
            throw new IllegalArgumentException("Cannot create JWT Token without orgId");

        if (userContext.getAuthorities() == null || userContext.getAuthorities().isEmpty()) 
            throw new IllegalArgumentException("User doesn't have any privileges");

        Claims claims = Jwts.claims().setSubject(userContext.getOrgId());
        claims.put("scopes", userContext.getAuthorities().stream().map(s -> s.toString()).collect(Collectors.toList()));
        claims.put("tenant", userContext.getTenantId());

        DateTime currentTime = new DateTime();

        String token = Jwts.builder()
          .setClaims(claims)
          .setIssuer(settings.getTokenIssuer())
          .setIssuedAt(currentTime.toDate())
          .setExpiration(currentTime.plusMinutes(settings.getTokenExpirationTime()).toDate())
          .signWith(SignatureAlgorithm.HS512, settings.getTokenSigningKey())
        .compact();

        return new AccessJwtToken(token, claims);
    }

    public JwtToken createRefreshToken(UserContext userContext) {
      if (StringUtils.isBlank(userContext.getTenantId())) 
        throw new IllegalArgumentException("Cannot create JWT Token without tenantId");

      if (StringUtils.isBlank(userContext.getOrgId())) 
        throw new IllegalArgumentException("Cannot create JWT Token without orgId");

        DateTime currentTime = new DateTime();


        Claims claims = Jwts.claims().setSubject(userContext.getOrgId());
        claims.put("scopes", userContext.getAuthorities().stream().map(s -> s.toString()).collect(Collectors.toList()));
        claims.put("tenant", userContext.getTenantId());
        
        String token = Jwts.builder()
          .setClaims(claims)
          .setIssuer(settings.getTokenIssuer())
          .setId(UUID.randomUUID().toString())
          .setIssuedAt(currentTime.toDate())
          .setExpiration(currentTime.plusMinutes(settings.getRefreshTokenExpTime()).toDate())
          .signWith(SignatureAlgorithm.HS512, settings.getTokenSigningKey())
        .compact();

        return new AccessJwtToken(token, claims);
    }
}


1			package unicon.matthews.security.model.token;
2
3			import io.jsonwebtoken.Claims;
4			import io.jsonwebtoken.Jwts;
5			import io.jsonwebtoken.SignatureAlgorithm;
6
7			import java.util.UUID;
8			import java.util.stream.Collectors;
9
10			import org.apache.commons.lang3.StringUtils;
11			import org.joda.time.DateTime;
12			import org.springframework.beans.factory.annotation.Autowired;
13			import org.springframework.stereotype.Component;
14
15			import unicon.matthews.security.config.JwtSettings;
16			import unicon.matthews.security.model.UserContext;
17
18			/**
19			* Factory class that should be always used to create {@link JwtToken}.
20			*
21			* @author vladimir.stankovic
22			*
23			* May 31, 2016
24			*/
25			@Component
26			public class JwtTokenFactory {
27			private final JwtSettings settings;
28
29			@Autowired
30			public JwtTokenFactory(JwtSettings settings) {
31			this.settings = settings;
32			}
33
34			/**
35			* Factory method for issuing new JWT Tokens.
36			*
37			* @param username
38			* @param roles
39			* @return
40			*/
41			public AccessJwtToken createAccessJwtToken(UserContext userContext) {
42			if (StringUtils.isBlank(userContext.getTenantId()))
43			throw new IllegalArgumentException("Cannot create JWT Token without tenantId");
44
45			if (StringUtils.isBlank(userContext.getOrgId()))
46			throw new IllegalArgumentException("Cannot create JWT Token without orgId");
47
48			if (userContext.getAuthorities() == null \|\| userContext.getAuthorities().isEmpty())
49			throw new IllegalArgumentException("User doesn't have any privileges");
50
51			Claims claims = Jwts.claims().setSubject(userContext.getOrgId());
52			claims.put("scopes", userContext.getAuthorities().stream().map(s -> s.toString()).collect(Collectors.toList()));
53			claims.put("tenant", userContext.getTenantId());
54
55			DateTime currentTime = new DateTime();
56
57			String token = Jwts.builder()
58			.setClaims(claims)
59			.setIssuer(settings.getTokenIssuer())
60			.setIssuedAt(currentTime.toDate())
61			.setExpiration(currentTime.plusMinutes(settings.getTokenExpirationTime()).toDate())
62			.signWith(SignatureAlgorithm.HS512, settings.getTokenSigningKey())
63			.compact();
64
65			return new AccessJwtToken(token, claims);
66			}
67
68			public JwtToken createRefreshToken(UserContext userContext) {
69			if (StringUtils.isBlank(userContext.getTenantId()))
70			throw new IllegalArgumentException("Cannot create JWT Token without tenantId");
71
72			if (StringUtils.isBlank(userContext.getOrgId()))
73			throw new IllegalArgumentException("Cannot create JWT Token without orgId");
74
75			DateTime currentTime = new DateTime();
			0 ignored issues – show Bug introduced 2019-01-30 08:29 UTC by Report Bug Copy Issue Report Show Similar Issues like this This line will not be executed conditionally; only the first line of this 3-line block will be. The rest will execute unconditionally. Even if your block only consists of one line right now, it is good practice to enclose it in curly braces. It makes your code much more readable. Loading history...
76
77			Claims claims = Jwts.claims().setSubject(userContext.getOrgId());
78			claims.put("scopes", userContext.getAuthorities().stream().map(s -> s.toString()).collect(Collectors.toList()));
79			claims.put("tenant", userContext.getTenantId());
80
81			String token = Jwts.builder()
82			.setClaims(claims)
83			.setIssuer(settings.getTokenIssuer())
84			.setId(UUID.randomUUID().toString())
85			.setIssuedAt(currentTime.toDate())
86			.setExpiration(currentTime.plusMinutes(settings.getRefreshTokenExpTime()).toDate())
87			.signWith(SignatureAlgorithm.HS512, settings.getTokenSigningKey())
88			.compact();
89
90			return new AccessJwtToken(token, claims);
91			}
92			}
93

Apereo-Learning-Analytics-Initiative / OpenLRW

Issues (123)

matthews/security/model/token/JwtTokenFactory.java (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like