EFRS-1286: Added a custom change in order to set expiration date for old oauth tokens

Author: VolodymyrBushko

java/admin/src/main/resources/application.yml

@@ -52,6 +52,13 @@ spring:
     database: postgresql
     open-in-view: true
     generate-ddl: false
+  liquibase:
+    parameters:
+      common-client:
+        client-id: ${app.security.oauth2.clients.COMMON.client-id}
+        access-token-validity: ${app.security.oauth2.clients.COMMON.access-token-validity}
+        refresh-token-validity: ${app.security.oauth2.clients.COMMON.refresh-token-validity}
+        authorized-grant-types: ${app.security.oauth2.clients.COMMON.authorized-grant-types}
   mail:
     enable: ${ENABLE_EMAIL_SERVER:false}
     host: ${EMAIL_HOST:example.com}

java/admin/src/main/resources/db/changelog/db.changelog-0.2.4.yaml

@@ -3,11 +3,6 @@ databaseChangeLog:
       id: expand-oauth_access_token-and-oauth_refresh_token-with-expiration-column
       author: Volodymyr Bushko
       changes:
-        # delete all old tokens that do not have an expiration column
-        - delete:
-            tableName: oauth_access_token
-        - delete:
-            tableName: oauth_refresh_token
         # add an expiration column
         - addColumn:
             tableName: oauth_access_token
@@ -21,6 +16,14 @@ databaseChangeLog:
               - column:
                   name: expiration
                   type: timestamp
+        # set an oauth token expiration to avoid conflicts
+        - customChange: {
+          "class": "com.exadel.frs.commonservice.system.liquibase.customchange.SetOAuthTokenExpirationCustomChange",
+          "clientId": "${common-client.client-id}",
+          "accessTokenValidity": "${common-client.access-token-validity}",
+          "refreshTokenValidity": "${common-client.refresh-token-validity}",
+          "authorizedGrantTypes": "${common-client.authorized-grant-types}"
+        }
         # add a non-null constraint to the expiration column
         - addNotNullConstraint:
             tableName: oauth_access_token

java/admin/src/test/resources/application.yml

@@ -33,7 +33,7 @@ spring:
     enabled: false
   datasource:
     driver-class-name: org.postgresql.Driver
-    url: ${POSTGRES_URL:jdbc:postgresql://compreface-postgres-db:5432/frs}
+    url: ${POSTGRES_URL:jdbc:postgresql://localhost:5432/frs_test}
     username: ${POSTGRES_USER:postgres}
     password: ${POSTGRES_PASSWORD:postgres}
   jpa:
@@ -48,6 +48,13 @@ spring:
     database: postgresql
     open-in-view: true
     generate-ddl: false
+  liquibase:
+    parameters:
+      common-client:
+        client-id: ${app.security.oauth2.clients.COMMON.client-id}
+        access-token-validity: ${app.security.oauth2.clients.COMMON.access-token-validity}
+        refresh-token-validity: ${app.security.oauth2.clients.COMMON.refresh-token-validity}
+        authorized-grant-types: ${app.security.oauth2.clients.COMMON.authorized-grant-types}
   mail:
     from: [email protected]
     username: [email protected]

java/api/src/test/resources/application.yml

@@ -7,7 +7,7 @@ spring:
     enabled: false
   datasource-pg:
     driver-class-name: org.postgresql.Driver
-    url: ${POSTGRES_URL:jdbc:postgresql://localhost:6432/frs}
+    url: ${POSTGRES_URL:jdbc:postgresql://localhost:5432/frs_test}
     username: ${POSTGRES_USER:postgres}
     password: ${POSTGRES_PASSWORD:postgres}
     continue-on-error: true
@@ -62,4 +62,4 @@ logging:
   level:
     org.hibernate.SQL: DEBUG
     org.hibernate.type.descriptor.sql.BasicBinder: TRACE
-    org.hibernate.type: TRACE
+    org.hibernate.type: TRACE

java/api/src/test/resources/db/changelog/db.changelog-0.2.4.yaml

@@ -3,11 +3,6 @@ databaseChangeLog:
       id: expand-oauth_access_token-and-oauth_refresh_token-with-expiration-column
       author: Volodymyr Bushko
       changes:
-        # delete all old tokens that do not have an expiration column
-        - delete:
-            tableName: oauth_access_token
-        - delete:
-            tableName: oauth_refresh_token
         # add an expiration column
         - addColumn:
             tableName: oauth_access_token
@@ -21,6 +16,14 @@ databaseChangeLog:
               - column:
                   name: expiration
                   type: timestamp
+        # set an oauth token expiration to avoid conflicts
+        - customChange: {
+          "class": "com.exadel.frs.commonservice.system.liquibase.customchange.SetOAuthTokenExpirationCustomChange",
+          "clientId": "CommonClientId",
+          "accessTokenValidity": "2400",
+          "refreshTokenValidity": "1209600",
+          "authorizedGrantTypes": "password,refresh_token"
+        }
         # add a non-null constraint to the expiration column
         - addNotNullConstraint:
             tableName: oauth_access_token

java/common/src/main/java/com/exadel/frs/commonservice/system/liquibase/customchange/SetOAuthTokenExpirationCustomChange.java

@@ -0,0 +1,108 @@
+package com.exadel.frs.commonservice.system.liquibase.customchange;
+
+import java.sql.Date;
+import java.sql.PreparedStatement;
+import java.sql.SQLException;
+import liquibase.change.custom.CustomTaskChange;
+import liquibase.database.Database;
+import liquibase.database.jvm.JdbcConnection;
+import liquibase.exception.CustomChangeException;
+import liquibase.exception.DatabaseException;
+import liquibase.exception.SetupException;
+import liquibase.exception.ValidationErrors;
+import liquibase.resource.ResourceAccessor;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+@Getter
+@Setter
+public class SetOAuthTokenExpirationCustomChange implements CustomTaskChange {
+
+    private static final String REFRESH_TOKEN = "refresh_token";
+
+    private static final String SET_ACCESS_TOKEN_EXPIRATION_SQL = "UPDATE oauth_access_token SET expiration = ? WHERE client_id = ?";
+    private static final String SET_REFRESH_TOKEN_EXPIRATION_SQL = "UPDATE oauth_refresh_token SET expiration = ? WHERE token_id IN (SELECT refresh_token FROM oauth_access_token WHERE client_id = ?)";
+
+    private String clientId;
+    private Integer accessTokenValidity;
+    private Integer refreshTokenValidity;
+    private String authorizedGrantTypes;
+
+    @Override
+    public void execute(final Database database) throws CustomChangeException {
+        try {
+            JdbcConnection connection = (JdbcConnection) database.getConnection();
+            setAccessTokenExpiration(connection);
+            if (authorizedGrantTypes.contains(REFRESH_TOKEN)) {
+                setRefreshTokenExpiration(connection);
+            }
+        } catch (Exception e) {
+            log.error(e.getMessage(), e);
+            throw new CustomChangeException(e);
+        }
+    }
+
+    private void setAccessTokenExpiration(final JdbcConnection connection)
+            throws DatabaseException, SQLException {
+        int updateCount = setTokenExpiration(
+                connection,
+                SET_ACCESS_TOKEN_EXPIRATION_SQL,
+                accessTokenValidity
+        );
+        log.info(
+                "Updated {} access tokens for client {}",
+                updateCount,
+                clientId
+        );
+    }
+
+    private void setRefreshTokenExpiration(final JdbcConnection connection)
+            throws DatabaseException, SQLException {
+        int updateCount = setTokenExpiration(
+                connection,
+                SET_REFRESH_TOKEN_EXPIRATION_SQL,
+                refreshTokenValidity
+        );
+        log.info(
+                "Updated {} refresh tokens for client {}",
+                updateCount,
+                clientId
+        );
+    }
+
+    private int setTokenExpiration(final JdbcConnection connection, final String sql, final long tokenValidity)
+            throws DatabaseException, SQLException {
+        try (PreparedStatement statement = connection.prepareStatement(sql)) {
+            Date expiration = calculateExpiration(tokenValidity);
+            statement.setDate(1, expiration);
+            statement.setString(2, clientId);
+            return statement.executeUpdate();
+        }
+    }
+
+    private Date calculateExpiration(final long validity) {
+        return new Date((validity - System.currentTimeMillis()) / 1000L);
+    }
+
+    @Override
+    public String getConfirmationMessage() {
+        return null;
+    }
+
+    @Override
+    public void setUp() throws SetupException {
+
+    }
+
+    @Override
+    public void setFileOpener(final ResourceAccessor resourceAccessor) {
+
+    }
+
+    @Override
+    public ValidationErrors validate(final Database database) {
+        return null;
+    }
+}