ENH: Added Paseto token generator

Author: utsav0209

gradle.properties

@@ -7,7 +7,7 @@ spockVersion=2.0-groovy-3.0
 
 gebVersion=4.1
 seleniumVersion=3.141.59
-jpasetoVersion = '0.7.0'
+jpasetoVersion = 0.7.0
 
 title=Micronaut Security
 projectDesc=Official Security Solution for Micronaut

security-paseto/src/main/java/io/micronaut/security/token/paseto/config/PasetoConfigurationProperties.java

@@ -35,7 +35,6 @@ public class PasetoConfigurationProperties implements PasetoConfiguration {
     /**
      * The default enable value.
      */
-    @SuppressWarnings("WeakerAccess")
     public static final boolean DEFAULT_ENABLED = true;
 
     private boolean enabled = DEFAULT_ENABLED;

security-paseto/src/main/java/io/micronaut/security/token/paseto/generator/PasetoTokenConfiguration.java

@@ -0,0 +1,35 @@
+/*
+ * Copyright 2017-2020 original authors
+ *
+ *  Licensed under the Apache License, Version 2.0 \(the "License"\);
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package io.micronaut.security.token.paseto.generator;
+
+/**
+ * @author Utsav Varia
+ * @since 3.0
+ */
+public interface PasetoTokenConfiguration {
+
+    /**
+     * @return Paseto Version
+     */
+    default int getVersion() {
+        return 1;
+    }
+
+    default String getTokenType() {
+        return "local";
+    }
+}

security-paseto/src/main/java/io/micronaut/security/token/paseto/generator/PasetoTokenConfigurationProperties.java

@@ -0,0 +1,78 @@
+/*
+ * Copyright 2017-2020 original authors
+ *
+ *  Licensed under the Apache License, Version 2.0 \(the "License"\);
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package io.micronaut.security.token.paseto.generator;
+
+import io.micronaut.context.annotation.ConfigurationProperties;
+import io.micronaut.security.token.paseto.config.PasetoConfigurationProperties;
+
+/**
+ * @author Utsav Varia
+ * @since 3.0
+ */
+@ConfigurationProperties(PasetoTokenConfigurationProperties.PREFIX)
+public class PasetoTokenConfigurationProperties implements PasetoTokenConfiguration {
+
+    public static final String PREFIX = PasetoConfigurationProperties.PREFIX + "token";
+
+    /**
+     * The default token type. Possible values local, public.
+     */
+    public static final String DEFAULT_TOKEN_TYPE = "local";
+
+    /**
+     * The default Paseto version. Possible values 1, 2.
+     */
+    public static final int DEFAULT_VERSION = 1;
+
+    private String tokenType = DEFAULT_TOKEN_TYPE;
+    private int version = DEFAULT_VERSION;
+
+    /**
+     * @return An integer indicating version of paseto
+     */
+    @Override
+    public int getVersion() {
+        return version;
+    }
+
+    /**
+     * Sets Paseto version. Default value ({@value #DEFAULT_VERSION}).
+     *
+     * @param version Paseto version
+     */
+    public void setVersion(int version) {
+        this.version = version;
+    }
+
+    /**
+     * @return return token type
+     */
+    @Override
+    public String getTokenType() {
+        return tokenType;
+    }
+
+    /**
+     * Sets Paseto token type. Default value ({@value #DEFAULT_TOKEN_TYPE})
+     *
+     * @param tokenType Paseto token type
+     */
+    public void setTokenType(String tokenType) {
+        this.tokenType = tokenType;
+    }
+
+}

security-paseto/src/main/java/io/micronaut/security/token/paseto/generator/PasetoTokenGenerator.java

@@ -0,0 +1,96 @@
+/*
+ * Copyright 2017-2020 original authors
+ *
+ *  Licensed under the Apache License, Version 2.0 \(the "License"\);
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package io.micronaut.security.token.paseto.generator;
+
+import dev.paseto.jpaseto.PasetoBuilder;
+import dev.paseto.jpaseto.Pasetos;
+import io.micronaut.security.authentication.Authentication;
+import io.micronaut.security.token.generator.TokenGenerator;
+import io.micronaut.security.token.paseto.generator.claims.ClaimsGenerator;
+import jakarta.inject.Singleton;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.Map;
+import java.util.Optional;
+
+/**
+ * @author Utsav Varia
+ * @since 3.0
+ */
+@Singleton
+public class PasetoTokenGenerator implements TokenGenerator {
+
+    private static final Logger LOG = LoggerFactory.getLogger(PasetoTokenGenerator.class);
+
+    protected final ClaimsGenerator claimsGenerator;
+    protected final PasetoTokenConfigurationProperties tokenConfigurationProperties;
+
+    public PasetoTokenGenerator(ClaimsGenerator claimsGenerator, PasetoTokenConfigurationProperties tokenConfigurationProperties) {
+        this.claimsGenerator = claimsGenerator;
+        this.tokenConfigurationProperties = tokenConfigurationProperties;
+    }
+
+    /**
+     * Returns Paseto Token builder based on configuration.
+     *
+     * @return Paseto Builder
+     */
+    public PasetoBuilder<?> getPasetoBuilder() {
+        if (tokenConfigurationProperties.getVersion() == 1) {
+            if (tokenConfigurationProperties.getTokenType().equals("local")) {
+                return Pasetos.V1.LOCAL.builder();
+            } else {
+                return Pasetos.V1.PUBLIC.builder();
+            }
+        } else {
+            if (tokenConfigurationProperties.getTokenType().equals("local")) {
+                return Pasetos.V2.LOCAL.builder();
+            } else {
+                return Pasetos.V2.PUBLIC.builder();
+            }
+        }
+    }
+
+    /**
+     * Generate a JWT from a map of claims.
+     *
+     * @param claims the map of claims
+     * @return the created JWT
+     */
+    protected String generate(final Map<String, Object> claims) {
+        // claims builder
+        final PasetoBuilder<?> builder = getPasetoBuilder();
+
+        // add claims
+        for (final Map.Entry<String, Object> entry : claims.entrySet()) {
+            builder.claim(entry.getKey(), entry.getValue());
+        }
+
+        return builder.compact();
+    }
+
+    @Override
+    public Optional<String> generateToken(Authentication authentication, Integer expiration) {
+        Map<String, Object> claims = claimsGenerator.generateClaims(authentication, expiration);
+        return generateToken(claims);
+    }
+
+    @Override
+    public Optional<String> generateToken(Map<String, Object> claims) {
+        return Optional.of(generate(claims));
+    }
+}

security-paseto/src/main/java/io/micronaut/security/token/paseto/generator/claims/ClaimsGenerator.java

@@ -0,0 +1,36 @@
+/*
+ * Copyright 2017-2020 original authors
+ *
+ *  Licensed under the Apache License, Version 2.0 \(the "License"\);
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package io.micronaut.security.token.paseto.generator.claims;
+
+import io.micronaut.security.authentication.Authentication;
+
+import java.util.Map;
+
+/**
+ * @author Utsav Varia
+ * @since 3.0
+ */
+public interface ClaimsGenerator {
+
+    /**
+     *
+     * @param authentication Authenticated user's representation.
+     * @param expiration JWT token expiration time in seconds
+     * @return The Claims
+     */
+    Map<String, Object> generateClaims(Authentication authentication, Integer expiration);
+
+}

security-paseto/src/main/java/io/micronaut/security/token/paseto/generator/claims/PasetoClaimsGenerator.java

@@ -0,0 +1,72 @@
+/*
+ * Copyright 2017-2020 original authors
+ *
+ *  Licensed under the Apache License, Version 2.0 \(the "License"\);
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package io.micronaut.security.token.paseto.generator.claims;
+
+import io.micronaut.security.authentication.Authentication;
+import io.micronaut.security.token.config.TokenConfiguration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.Map;
+
+/**
+ * @author Utsav Varia
+ * @since 3.0
+ */
+public class PasetoClaimsGenerator implements ClaimsGenerator {
+
+    private static final Logger LOG = LoggerFactory.getLogger(PasetoClaimsGenerator.class);
+    private static final String ROLES_KEY = "rolesKey";
+
+    private final TokenConfiguration tokenConfiguration;
+
+    public PasetoClaimsGenerator(TokenConfiguration tokenConfiguration) {
+        this.tokenConfiguration = tokenConfiguration;
+    }
+
+    /**
+     * Populates sub claim.
+     *
+     * @param builder     The Paseto Claims Builder
+     * @param authentication Authenticated user's representation.
+     */
+    protected void populateSub(PasetoClaimsSet.Builder builder, Authentication authentication) {
+        builder.claim("sub", authentication.getName()); // sub
+    }
+
+    @Override
+    public Map<String, Object> generateClaims(Authentication authentication, Integer expiration) {
+        // Builder for PasetoClaims
+        PasetoClaimsSet.Builder builder = new PasetoClaimsSet.Builder();
+
+        populateSub(builder, authentication);
+        authentication.getAttributes().forEach(builder::claim);
+        String rolesKey = tokenConfiguration.getRolesName();
+        if (!rolesKey.equalsIgnoreCase(TokenConfiguration.DEFAULT_ROLES_NAME)) {
+            builder.claim(ROLES_KEY, rolesKey);
+        }
+        builder.claim(rolesKey, authentication.getRoles());
+
+        PasetoClaimsSet claimsSet = builder.build();
+
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Generated claim set: {}", claimsSet.getClaims().toString());
+        }
+
+        return claimsSet.getClaims();
+    }
+}