List and delete active tokens (server)

2025-12-13 01:36:18 +00:00 · 2013-08-03 00:53:58 +02:00
parent 9fca036edb
commit 487d538503
5 changed files with 121 additions and 7 deletions
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
@@ -417,6 +417,7 @@ public class UserResource extends BaseResource {
        response.put("status", "ok");
        return Response.ok().entity(response).build();
    }
+    
    /**
     * Returns the information about the connected user.
     * 
@@ -532,4 +533,70 @@ public class UserResource extends BaseResource {
        
        return Response.ok().entity(response).build();
    }
+    
+    /**
+     * Returns all active sessions.
+     * 
+     * @return Response
+     * @throws JSONException
+     */
+    @GET
+    @Path("session")
+    @Produces(MediaType.APPLICATION_JSON)
+    public Response session() throws JSONException {
+        if (!authenticate()) {
+            throw new ForbiddenClientException();
+        }
+        
+        JSONObject response = new JSONObject();
+        List<JSONObject> sessions = new ArrayList<JSONObject>();
+        
+        AuthenticationTokenDao authenticationTokenDao = new AuthenticationTokenDao();
+
+        for (AuthenticationToken authenticationToken : authenticationTokenDao.getByUserId(principal.getId())) {
+            JSONObject session = new JSONObject();
+            session.put("create_date", authenticationToken.getCreationDate().getTime());
+            if (authenticationToken.getLastConnectionDate() != null) {
+                session.put("last_connection_date", authenticationToken.getLastConnectionDate().getTime());
+            }
+            sessions.add(session);
+        }
+        response.put("sessions", sessions);
+        
+        return Response.ok().entity(response).build();
+    }
+    
+    /**
+     * Deletes all active sessions except the one used for this request.
+     * 
+     * @return Response
+     * @throws JSONException
+     */
+    @DELETE
+    @Path("session")
+    @Produces(MediaType.APPLICATION_JSON)
+    public Response deleteSession() throws JSONException {
+        if (!authenticate()) {
+            throw new ForbiddenClientException();
+        }
+        
+        // Get the value of the session token
+        String authToken = null;
+        if (request.getCookies() != null) {
+            for (Cookie cookie : request.getCookies()) {
+                if (TokenBasedSecurityFilter.COOKIE_NAME.equals(cookie.getName())) {
+                    authToken = cookie.getValue();
+                }
+            }
+        }
+        
+        // Remove other tokens
+        AuthenticationTokenDao authenticationTokenDao = new AuthenticationTokenDao();
+        authenticationTokenDao.deleteByUserId(principal.getId(), authToken);
+        
+        // Always return ok
+        JSONObject response = new JSONObject();
+        response.put("status", "ok");
+        return Response.ok().entity(response).build();
+    }
 }
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java
@@ -137,9 +137,32 @@ public class TestUserResource extends BaseJerseyTest {
        Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
        String aliceAuthToken = clientUtil.getAuthenticationCookie(response);

-        // Login user bob
+        // Login user bob twice
        String bobAuthToken = clientUtil.login("bob");
+        String bobAuthToken2 = clientUtil.login("bob");

+        // List sessions
+        userResource = resource().path("/user/session");
+        userResource.addFilter(new CookieAuthenticationFilter(bobAuthToken));
+        response = userResource.get(ClientResponse.class);
+        Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
+        json = response.getEntity(JSONObject.class);
+        Assert.assertTrue(json.getJSONArray("sessions").length() > 0);
+        
+        // Delete all sessions
+        userResource = resource().path("/user/session");
+        userResource.addFilter(new CookieAuthenticationFilter(bobAuthToken));
+        response = userResource.delete(ClientResponse.class);
+        Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
+
+        // Check bob user information with token 2 (just deleted)
+        userResource = resource().path("/user");
+        userResource.addFilter(new CookieAuthenticationFilter(bobAuthToken2));
+        response = userResource.get(ClientResponse.class);
+        Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
+        json = response.getEntity(JSONObject.class);
+        Assert.assertEquals(true, json.getBoolean("anonymous"));
+        
        // Check alice user information
        userResource = resource().path("/user");
        userResource.addFilter(new CookieAuthenticationFilter(aliceAuthToken));