more fixes (#759)

Author: rishabhpoddar

src/main/java/io/supertokens/session/accessToken/AccessToken.java

@@ -216,7 +216,8 @@ public static TokenInfo createNewAccessTokenV1(@Nonnull Main main, @Nonnull Stri
                                                    @Nullable String parentRefreshTokenHash1,
                                                    @Nonnull JsonObject userData, @Nullable String antiCsrfToken)
             throws StorageQueryException, StorageTransactionLogicException, InvalidKeyException,
-            NoSuchAlgorithmException, UnsupportedEncodingException, InvalidKeySpecException, SignatureException {
+            NoSuchAlgorithmException, UnsupportedEncodingException, InvalidKeySpecException, SignatureException,
+            AccessTokenPayloadError {
 
         Utils.PubPriKey signingKey = new Utils.PubPriKey(
                 SigningKeys.getInstance(main).getLatestIssuedDynamicKey().value);
@@ -229,11 +230,10 @@ public static TokenInfo createNewAccessTokenV1(@Nonnull Main main, @Nonnull Stri
 
         // we use toJsonTreeWithoutNulls here cause in this version of the token, we did not add claims which
         // had null values.
-        String token = JWT.createAndSignLegacyAccessToken(Utils.toJsonTreeWithoutNulls(accessToken),
+        String token = JWT.createAndSignLegacyAccessToken(accessToken.toJSON(),
                 signingKey.privateKey,
                 VERSION.V1);
         return new TokenInfo(token, accessToken.expiryTime, accessToken.timeCreated);
-
     }
 
     public static VERSION getAccessTokenVersion(AccessTokenInfo accessToken) {
@@ -369,8 +369,19 @@ JsonObject toJSON() throws AccessTokenPayloadError {
             }
             res.addProperty("sessionHandle", this.sessionHandle);
             res.addProperty("refreshTokenHash1", this.refreshTokenHash1);
-            res.addProperty("parentRefreshTokenHash1", this.parentRefreshTokenHash1);
-            res.addProperty("antiCsrfToken", this.antiCsrfToken);
+
+            if (this.version == VERSION.V1 || this.version == VERSION.V2) {
+                if (parentRefreshTokenHash1 != null) {
+                    res.addProperty("parentRefreshTokenHash1", this.parentRefreshTokenHash1);
+                }
+                if (antiCsrfToken != null) {
+                    res.addProperty("antiCsrfToken", this.antiCsrfToken);
+                }
+            } else {
+                // in v3 onwards, we always add these even if they are null
+                res.addProperty("parentRefreshTokenHash1", this.parentRefreshTokenHash1);
+                res.addProperty("antiCsrfToken", this.antiCsrfToken);
+            }
 
             if (this.version == VERSION.V3) {
                 for (Map.Entry<String, JsonElement> element : this.userData.entrySet()) {

src/main/java/io/supertokens/utils/Utils.java

@@ -374,8 +374,4 @@ public static JsonObject addLegacySigningKeyInfos(Main main, JsonObject result,
     public static JsonElement toJsonTreeWithNulls(Object src) {
         return new GsonBuilder().serializeNulls().create().toJsonTree(src);
     }
-
-    public static JsonElement toJsonTreeWithoutNulls(Object src) {
-        return new GsonBuilder().create().toJsonTree(src);
-    }
 }

src/test/java/io/supertokens/test/session/AccessTokenTest.java

@@ -19,6 +19,7 @@
 import com.google.gson.JsonObject;
 import io.supertokens.ProcessState.EventAndException;
 import io.supertokens.ProcessState.PROCESS_STATE;
+import io.supertokens.exceptions.AccessTokenPayloadError;
 import io.supertokens.exceptions.TryRefreshTokenException;
 import io.supertokens.pluginInterface.exceptions.StorageQueryException;
 import io.supertokens.pluginInterface.exceptions.StorageTransactionLogicException;
@@ -72,7 +73,7 @@ public void beforeEach() {
     // * - create session with some data -> expire -> get access token without verifying, check payload is fine.
     @Test
     public void testCreateSessionWithDataExpireGetAccessTokenAndCheckPayload() throws Exception {
-        String[] args = { "../" };
+        String[] args = {"../"};
 
         Utils.setValueInConfig("access_token_validity", "1"); // 1 second validity
 
@@ -105,10 +106,11 @@ public void testCreateSessionWithDataExpireGetAccessTokenAndCheckPayload() throw
         assertNotNull(process.checkOrWaitForEvent(PROCESS_STATE.STOPPED));
 
     }
+
     // * - create session with some data -> expire -> get access token without verifying, check payload is fine.
     @Test
     public void testCreateSessionV2WithDataExpireGetAccessTokenAndCheckPayload() throws Exception {
-        String[] args = { "../" };
+        String[] args = {"../"};
 
         Utils.setValueInConfig("access_token_validity", "1"); // 1 second validity
 
@@ -146,7 +148,7 @@ public void testCreateSessionV2WithDataExpireGetAccessTokenAndCheckPayload() thr
     // what you gave
     @Test
     public void testSessionWithOldExpiryTimeForAccessToken() throws Exception {
-        String[] args = { "../" };
+        String[] args = {"../"};
 
         TestingProcess process = TestingProcessManager.start(args);
         assertNotNull(process.checkOrWaitForEvent(PROCESS_STATE.STARTED));
@@ -181,7 +183,7 @@ public void testSessionWithOldExpiryTimeForAccessToken() throws Exception {
     // what you gave
     @Test
     public void testSessionWithOldExpiryTimeForAccessTokenV2() throws Exception {
-        String[] args = { "../" };
+        String[] args = {"../"};
 
         TestingProcess process = TestingProcessManager.start(args);
         assertNotNull(process.checkOrWaitForEvent(PROCESS_STATE.STARTED));
@@ -215,7 +217,7 @@ public void testSessionWithOldExpiryTimeForAccessTokenV2() throws Exception {
     // * - create access token version 2 -> get version -> should be 2
     @Test
     public void testCreateAccessTokenVersion2AndCheck() throws Exception {
-        String[] args = { "../" };
+        String[] args = {"../"};
 
         TestingProcess process = TestingProcessManager.start(args);
         assertNotNull(process.checkOrWaitForEvent(PROCESS_STATE.STARTED));
@@ -244,7 +246,7 @@ public void testCreateAccessTokenVersion2AndCheck() throws Exception {
     // good case test
     @Test
     public void inputOutputTest() throws Exception {
-        String[] args = { "../" };
+        String[] args = {"../"};
         TestingProcess process = TestingProcessManager.start(args);
         EventAndException e = process.checkOrWaitForEvent(PROCESS_STATE.STARTED);
         assertNotNull(e);
@@ -254,25 +256,27 @@ public void inputOutputTest() throws Exception {
         // db key
         long expiryTime = System.currentTimeMillis() + 1000;
         TokenInfo newToken = AccessToken.createNewAccessToken(process.getProcess(), "sessionHandle", "userId",
-                "refreshTokenHash1", "parentRefreshTokenHash1", jsonObj, "antiCsrfToken", expiryTime, AccessToken.VERSION.V3, false);
+                "refreshTokenHash1", "parentRefreshTokenHash1", jsonObj, "antiCsrfToken", expiryTime,
+                AccessToken.VERSION.V3, false);
         AccessTokenInfo info = AccessToken.getInfoFromAccessToken(process.getProcess(), newToken.token, true);
         assertEquals("sessionHandle", info.sessionHandle);
         assertEquals("userId", info.userId);
         assertEquals("refreshTokenHash1", info.refreshTokenHash1);
         assertEquals("parentRefreshTokenHash1", info.parentRefreshTokenHash1);
         assertEquals("value", info.userData.get("key").getAsString());
         assertEquals("antiCsrfToken", info.antiCsrfToken);
-        assertEquals(expiryTime/1000*1000, info.expiryTime);
+        assertEquals(expiryTime / 1000 * 1000, info.expiryTime);
 
         JWT.JWTPreParseInfo jwtInfo = JWT.preParseJWTInfo(newToken.token);
         assertNotNull(jwtInfo.kid);
         assertEquals(jwtInfo.version, AccessToken.VERSION.V3);
 
         process.kill();
     }
+
     @Test
     public void inputOutputTestStatic() throws Exception {
-        String[] args = { "../" };
+        String[] args = {"../"};
         TestingProcess process = TestingProcessManager.start(args);
         EventAndException e = process.checkOrWaitForEvent(PROCESS_STATE.STARTED);
         assertNotNull(e);
@@ -282,15 +286,16 @@ public void inputOutputTestStatic() throws Exception {
         // db key
         long expiryTime = System.currentTimeMillis() + 1000;
         TokenInfo newToken = AccessToken.createNewAccessToken(process.getProcess(), "sessionHandle", "userId",
-                "refreshTokenHash1", "parentRefreshTokenHash1", jsonObj, "antiCsrfToken", expiryTime, AccessToken.VERSION.V3, true);
+                "refreshTokenHash1", "parentRefreshTokenHash1", jsonObj, "antiCsrfToken", expiryTime,
+                AccessToken.VERSION.V3, true);
         AccessTokenInfo info = AccessToken.getInfoFromAccessToken(process.getProcess(), newToken.token, true);
         assertEquals("sessionHandle", info.sessionHandle);
         assertEquals("userId", info.userId);
         assertEquals("refreshTokenHash1", info.refreshTokenHash1);
         assertEquals("parentRefreshTokenHash1", info.parentRefreshTokenHash1);
         assertEquals("value", info.userData.get("key").getAsString());
         assertEquals("antiCsrfToken", info.antiCsrfToken);
-        assertEquals(expiryTime/1000*1000, info.expiryTime);
+        assertEquals(expiryTime / 1000 * 1000, info.expiryTime);
 
         JWT.JWTPreParseInfo jwtInfo = JWT.preParseJWTInfo(newToken.token);
         assertNotNull(jwtInfo.kid);
@@ -300,7 +305,7 @@ public void inputOutputTestStatic() throws Exception {
 
     @Test
     public void inputOutputTestV2() throws Exception {
-        String[] args = { "../" };
+        String[] args = {"../"};
         TestingProcess process = TestingProcessManager.start(args);
         EventAndException e = process.checkOrWaitForEvent(PROCESS_STATE.STARTED);
         assertNotNull(e);
@@ -310,7 +315,8 @@ public void inputOutputTestV2() throws Exception {
         // db key
         long expiryTime = System.currentTimeMillis() + 1000;
         TokenInfo newToken = AccessToken.createNewAccessToken(process.getProcess(), "sessionHandle", "userId",
-                "refreshTokenHash1", "parentRefreshTokenHash1", jsonObj, "antiCsrfToken", expiryTime, AccessToken.VERSION.V2, false);
+                "refreshTokenHash1", "parentRefreshTokenHash1", jsonObj, "antiCsrfToken", expiryTime,
+                AccessToken.VERSION.V2, false);
         AccessTokenInfo info = AccessToken.getInfoFromAccessToken(process.getProcess(), newToken.token, true);
         assertEquals("sessionHandle", info.sessionHandle);
         assertEquals("userId", info.userId);
@@ -325,8 +331,8 @@ public void inputOutputTestV2() throws Exception {
     @Test
     public void inputOutputTestv1() throws InterruptedException, InvalidKeyException, NoSuchAlgorithmException,
             StorageQueryException, StorageTransactionLogicException, TryRefreshTokenException,
-            UnsupportedEncodingException, InvalidKeySpecException, SignatureException {
-        String[] args = { "../" };
+            UnsupportedEncodingException, InvalidKeySpecException, SignatureException, AccessTokenPayloadError {
+        String[] args = {"../"};
         TestingProcess process = TestingProcessManager.start(args);
         EventAndException e = process.checkOrWaitForEvent(PROCESS_STATE.STARTED);
         assertNotNull(e);
@@ -352,7 +358,7 @@ public void signingKeyShortInterval()
             throws InterruptedException, StorageQueryException, StorageTransactionLogicException, IOException {
         Utils.setValueInConfig("access_token_dynamic_signing_key_update_interval", "0.00027"); // 1 second
 
-        String[] args = { "../" };
+        String[] args = {"../"};
         TestingProcess process = TestingProcessManager.start(args);
         EventAndException e = process.checkOrWaitForEvent(PROCESS_STATE.STARTED);
         assertNotNull(e);
@@ -368,7 +374,7 @@ public void signingKeyShortInterval()
     public void signingKeyChangeDoesNotThrow() throws Exception {
         Utils.setValueInConfig("access_token_dynamic_signing_key_update_interval", "0.00027"); // 1 second
 
-        String[] args = { "../" };
+        String[] args = {"../"};
         TestingProcess process = TestingProcessManager.start(args);
         EventAndException e = process.checkOrWaitForEvent(PROCESS_STATE.STARTED);
         assertNotNull(e);
@@ -394,7 +400,7 @@ public void accessTokenShortLifetimeThrowsRefreshTokenError()
             throws Exception {
         Utils.setValueInConfig("access_token_validity", "1"); // 1 second
 
-        String[] args = { "../" };
+        String[] args = {"../"};
         TestingProcess process = TestingProcessManager.start(args);
         EventAndException e = process.checkOrWaitForEvent(PROCESS_STATE.STARTED);
         assertNotNull(e);
@@ -421,7 +427,7 @@ public void accessTokenShortLifetimeThrowsRefreshTokenError()
     @Test
     public void verifyRandomAccessTokenFailure()
             throws InterruptedException, StorageQueryException, StorageTransactionLogicException {
-        String[] args = { "../" };
+        String[] args = {"../"};
         TestingProcess process = TestingProcessManager.start(args);
         assertNotNull(process.checkOrWaitForEvent(PROCESS_STATE.STARTED));
 
@@ -439,7 +445,7 @@ public void keyChangeThreadSafetyTest() throws Exception {
         Utils.setValueInConfig("access_token_dynamic_signing_key_update_interval", "0.00027"); // 1 second
         Utils.setValueInConfig("access_token_validity", "1"); // 1 second
 
-        String[] args = { "../" };
+        String[] args = {"../"};
         TestingProcess process = TestingProcessManager.start(args);
         EventAndException e = process.checkOrWaitForEvent(PROCESS_STATE.STARTED);
         assertNotNull(e);

src/test/java/io/supertokens/test/session/api/SessionRegenerateAPITest2_21.java

@@ -137,10 +137,16 @@ public void testCallRegenerateSessionWithv1AccessTokenFromReallyOldAndItSucceeds
         JsonObject toUpdate = new JsonObject();
         toUpdate.addProperty("k1", "v1");
 
-        TokenInfo newToken = AccessToken.createNewAccessTokenV1(process.getProcess(), session.session.handle, "user1",
+        TokenInfo newToken = AccessToken.createNewAccessTokenV1(process.getProcess(),
+                session.session.handle, "user1",
                 info.refreshTokenHash1, null, new JsonObject(), null);
 
-        System.out.println(newToken.token);
+        String payload = newToken.token.split("\\.")[1];
+        String jsonStr = io.supertokens.utils.Utils.convertFromBase64(payload);
+        assert (jsonStr.contains("userId"));
+        assert (!jsonStr.contains("parentRefreshTokenHash1"));
+        assert (!jsonStr.contains("antiCsrf"));
+        assert (!jsonStr.contains("\"version\":\"V1\""));
 
         sessionRegenerateRequest.addProperty("accessToken", newToken.token);
         sessionRegenerateRequest.add("userDataInJWT", toUpdate);
@@ -149,6 +155,23 @@ public void testCallRegenerateSessionWithv1AccessTokenFromReallyOldAndItSucceeds
                 "http://localhost:3567/recipe/session/regenerate", sessionRegenerateRequest, 1000, 1000, null,
                 SemVer.v2_21.get(), "session");
         assertEquals("OK", jsonResp.get("status").getAsString());
+        String accessToken = jsonResp.get("accessToken").getAsJsonObject().get("token").getAsString();
+        payload = accessToken.split("\\.")[1];
+        jsonStr = io.supertokens.utils.Utils.convertFromBase64(payload);
+        assert (jsonStr.contains("userId"));
+        assert (!jsonStr.contains("parentRefreshTokenHash1"));
+        assert (!jsonStr.contains("antiCsrf"));
+        assert (!jsonStr.contains("\"version\":\"V1\""));
+
+        sessionRegenerateRequest = new JsonObject();
+        sessionRegenerateRequest.addProperty("accessToken", accessToken);
+        toUpdate.addProperty("k2", "v2");
+        sessionRegenerateRequest.add("userDataInJWT", toUpdate);
+
+        jsonResp = HttpRequestForTesting.sendJsonPOSTRequest(process.getProcess(), "",
+                "http://localhost:3567/recipe/session/regenerate", sessionRegenerateRequest, 1000, 1000, null,
+                SemVer.v2_21.get(), "session");
+        assertEquals("OK", jsonResp.get("status").getAsString());
 
         process.kill();
         assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STOPPED));