Merge pull request #105 from JakduK/jwt

JWT 토큰 만료 검사 수정.
JakduK · Aug 6, 2016 · b3e7d54 · b3e7d54
2 parents 7bd5773 + 2ddc0bb
commit b3e7d54
Show file tree

Hide file tree

Showing 4 changed files with 81 additions and 24 deletions.
diff --git a/jakduk-api/src/main/java/com/jakduk/api/common/util/JwtTokenUtil.java b/jakduk-api/src/main/java/com/jakduk/api/common/util/JwtTokenUtil.java
@@ -5,6 +5,7 @@
 import com.jakduk.core.authentication.common.SocialUserDetail;
 import com.jakduk.core.common.CommonConst;
 import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import org.springframework.aop.AopInvocationException;
@@ -24,14 +25,13 @@ public class JwtTokenUtil implements Serializable {
 
     private static final long serialVersionUID = -3301605591108950415L;
 
-    private static final String CLAIM_KEY_USER_ID = "uid";
-    private static final String CLAIM_KEY_NAME = "name";
-    private static final String CLAIM_KEY_PROVIDER_ID = "pid";
-
-    private static final String AUDIENCE_UNKNOWN = "unknown";
-    private static final String AUDIENCE_WEB = "web";
-    private static final String AUDIENCE_MOBILE = "mobile";
-    private static final String AUDIENCE_TABLET = "tablet";
+    private final String CLAIM_KEY_USER_ID = "uid";
+    private final String CLAIM_KEY_NAME = "name";
+    private final String CLAIM_KEY_PROVIDER_ID = "pid";
+    private final String AUDIENCE_UNKNOWN = "unknown";
+    private final String AUDIENCE_WEB = "web";
+    private final String AUDIENCE_MOBILE = "mobile";
+    private final String AUDIENCE_TABLET = "tablet";
 
     @Value("${jwt.token.secret}")
     private String secret;
@@ -111,25 +111,26 @@ public AttemptSocialUser getAttemptedFromToken(String token) {
     }
 
     private Claims getClaimsFromToken(String token) {
-        Claims claims;
-        try {
-            claims = Jwts.parser()
-                    .setSigningKey(secret)
-                    .parseClaimsJws(token)
-                    .getBody();
-        } catch (Exception e) {
-            claims = null;
-        }
-        return claims;
+        return Jwts.parser()
+                .setSigningKey(secret)
+                .parseClaimsJws(token)
+                .getBody();
     }
 
     private Date generateExpirationDate() {
         return new Date(System.currentTimeMillis() + expiration * 1000);
     }
 
     private Boolean isTokenExpired(String token) {
-        final Date expiration = getExpirationDateFromToken(token);
-        return expiration.before(new Date());
+
+        try {
+            final Date expiration = getClaimsFromToken(token).getExpiration();
+
+            return expiration.before(new Date());
+
+        } catch (ExpiredJwtException e) {
+            return true;
+        }
     }
 
     private String generateAudience(Device device) {
@@ -143,8 +144,7 @@ private String generateAudience(Device device) {
             } else if (device.isMobile()) {
                 audience = AUDIENCE_MOBILE;
             }
-        } catch (AopInvocationException e) {
-            return audience;
+        } catch (AopInvocationException | NullPointerException ignored) {
         }
 
         return audience;

diff --git a/.../test/java/com/jakduk/api/CommonTest.java → ...ava/com/jakduk/api/common/CommonTest.java b/.../test/java/com/jakduk/api/CommonTest.java → ...ava/com/jakduk/api/common/CommonTest.java
@@ -1,4 +1,4 @@
-package com.jakduk.api;
+package com.jakduk.api.common;
 
 import com.jakduk.api.util.AbstractSpringTest;
 import com.jakduk.core.service.CommonService;

diff --git a/jakduk-api/src/test/java/com/jakduk/api/common/JwtTokenUtilTest.java b/jakduk-api/src/test/java/com/jakduk/api/common/JwtTokenUtilTest.java
@@ -0,0 +1,56 @@
+package com.jakduk.api.common;
+
+import com.jakduk.api.common.util.JwtTokenUtil;
+import com.jakduk.core.authentication.common.CommonPrincipal;
+import com.jakduk.core.common.CommonConst;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mockito;
+import org.mockito.Spy;
+import org.mockito.runners.MockitoJUnitRunner;
+import org.springframework.test.util.ReflectionTestUtils;
+import org.springframework.util.ObjectUtils;
+
+/**
+ * @author pyohwan
+ *         16. 8. 4 오후 9:30
+ */
+
+@RunWith(MockitoJUnitRunner.class)
+public class JwtTokenUtilTest {
+
+    @InjectMocks
+    private JwtTokenUtil jwtTokenUtil = new JwtTokenUtil();
+
+    private CommonPrincipal commonPrincipal;
+
+    @Before
+    public void before() {
+
+        ReflectionTestUtils.setField(jwtTokenUtil, "expiration", 0L);
+        ReflectionTestUtils.setField(jwtTokenUtil, "secret", "abcdef");
+
+        commonPrincipal = CommonPrincipal.builder()
+                .email("test01@test.com")
+                .username("test01")
+                .id("a1b2c3d4")
+                .providerId(CommonConst.ACCOUNT_TYPE.JAKDUK)
+                .build();
+    }
+
+
+    @Test
+    public void JWT토큰검사() {
+
+        String token = jwtTokenUtil.generateToken(commonPrincipal, null);
+
+        Assert.assertTrue(! ObjectUtils.isEmpty(token));
+        Assert.assertFalse(jwtTokenUtil.isValidateToken(token));
+    }
+}
diff --git a/jakduk-api/src/test/java/com/jakduk/api/util/AbstractSpringTest.java b/jakduk-api/src/test/java/com/jakduk/api/util/AbstractSpringTest.java
@@ -8,7 +8,8 @@
 import org.springframework.test.context.web.WebAppConfiguration;
 
 /**
- * Created by pyohwan on 16. 6. 15.
+ * @author pyohwan
+ * 16. 6. 15 오후 9:31
  */
 
 @Ignore