(pulsar) branch branch-3.3 updated: [fix][cli] Fix expiration of tokens created with "pulsar tokens create" (#22815)

Wed, 05 Jun 2024 23:22:03 -0700 

This is an automated email from the ASF dual-hosted git repository.

technoboy pushed a commit to branch branch-3.3
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/branch-3.3 by this push:
     new 40e7ebcf985 [fix][cli] Fix expiration of tokens created with "pulsar 
tokens create" (#22815)
40e7ebcf985 is described below

commit 40e7ebcf9850c58a57fa1ef9d9ff87eec78c672e
Author: entvex <1580435+ent...@users.noreply.github.com>
AuthorDate: Mon Jun 3 18:33:44 2024 +0200

    [fix][cli] Fix expiration of tokens created with "pulsar tokens create" 
(#22815)
    
    Co-authored-by: David Jensen <d...@danskecommodities.com>
---
 .../pulsar/utils/auth/tokens/TokensCliUtils.java   |  4 +-
 .../utils/auth/tokens/TokensCliUtilsTest.java      | 58 ++++++++++++++++++++++
 2 files changed, 60 insertions(+), 2 deletions(-)

diff --git 
a/pulsar-broker/src/main/java/org/apache/pulsar/utils/auth/tokens/TokensCliUtils.java
 
b/pulsar-broker/src/main/java/org/apache/pulsar/utils/auth/tokens/TokensCliUtils.java
index 4ae28b2c0bd..2a69d1d95a0 100644
--- 
a/pulsar-broker/src/main/java/org/apache/pulsar/utils/auth/tokens/TokensCliUtils.java
+++ 
b/pulsar-broker/src/main/java/org/apache/pulsar/utils/auth/tokens/TokensCliUtils.java
@@ -39,7 +39,7 @@ import java.util.concurrent.Callable;
 import javax.crypto.SecretKey;
 import lombok.Cleanup;
 import org.apache.pulsar.broker.authentication.utils.AuthTokenUtils;
-import org.apache.pulsar.cli.converters.picocli.TimeUnitToSecondsConverter;
+import org.apache.pulsar.cli.converters.picocli.TimeUnitToMillisConverter;
 import org.apache.pulsar.docs.tools.CmdGenerateDocs;
 import picocli.CommandLine;
 import picocli.CommandLine.Command;
@@ -127,7 +127,7 @@ public class TokensCliUtils {
                 "--expiry-time"},
                 description = "Relative expiry time for the token (eg: 1h, 3d, 
10y)."
                         + " (m=minutes) Default: no expiration",
-                converter = TimeUnitToSecondsConverter.class)
+                converter = TimeUnitToMillisConverter.class)
         private Long expiryTime = null;
 
         @Option(names = {"-sk",
diff --git 
a/pulsar-broker/src/test/java/org/apache/pulsar/utils/auth/tokens/TokensCliUtilsTest.java
 
b/pulsar-broker/src/test/java/org/apache/pulsar/utils/auth/tokens/TokensCliUtilsTest.java
index d5dc259438e..c541f8cee42 100644
--- 
a/pulsar-broker/src/test/java/org/apache/pulsar/utils/auth/tokens/TokensCliUtilsTest.java
+++ 
b/pulsar-broker/src/test/java/org/apache/pulsar/utils/auth/tokens/TokensCliUtilsTest.java
@@ -19,10 +19,17 @@
 package org.apache.pulsar.utils.auth.tokens;
 
 import static org.testng.Assert.assertTrue;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.io.Decoders;
 import java.io.ByteArrayOutputStream;
 import java.io.PrintStream;
 import java.lang.reflect.Field;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
 import java.util.Arrays;
+import java.util.Date;
+import org.testng.annotations.DataProvider;
 import org.testng.annotations.Test;
 import picocli.CommandLine.Option;
 
@@ -31,6 +38,57 @@ import picocli.CommandLine.Option;
  */
 public class TokensCliUtilsTest {
 
+
+    @DataProvider(name = "desiredExpireTime")
+    public Object[][] desiredExpireTime() {
+        return new Object[][] {
+                {"600", 600}, //10m
+                {"5m", 300},
+                {"1h", 3600},
+                {"1d", 86400},
+                {"1w", 604800},
+                {"1y", 31536000}
+        };
+    }
+
+    @Test(dataProvider = "desiredExpireTime")
+    public void 
commandCreateToken_WhenCreatingATokenWithExpiryTime_ShouldHaveTheDesiredExpireTime(String
 expireTime, int expireAsSec) throws Exception {
+        PrintStream oldStream = System.out;
+        try {
+            //Arrange
+            ByteArrayOutputStream baoStream = new ByteArrayOutputStream();
+            System.setOut(new PrintStream(baoStream));
+
+            String[] command = {"create", "--secret-key",
+                    
"data:;base64,u+FxaxYWpsTfxeEmMh8fQeS3g2jfXw4+sGIv+PTY+BY=",
+                    "--subject", "test",
+                    "--expiry-time", expireTime,
+            };
+
+            new TokensCliUtils().execute(command);
+            String token = baoStream.toString();
+
+            Instant start = (new Date().toInstant().plus(expireAsSec - 5, 
ChronoUnit.SECONDS));
+            Instant stop = (new Date().toInstant().plus(expireAsSec + 5, 
ChronoUnit.SECONDS));
+
+            //Act
+            Claims jwt = Jwts.parserBuilder()
+                    
.setSigningKey(Decoders.BASE64.decode("u+FxaxYWpsTfxeEmMh8fQeS3g2jfXw4+sGIv+PTY+BY="))
+                    .build()
+                    .parseClaimsJws(token)
+                    .getBody();
+
+            //Assert
+            //Checks if the token expires within +-5 sec.
+            assertTrue(( ! jwt.getExpiration().toInstant().isBefore( start ) ) 
&& ( jwt.getExpiration().toInstant().isBefore( stop ) ));
+
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        } finally {
+            System.setOut(oldStream);
+        }
+    }
+
     /**
      * Test tokens generate docs.
      *

Reply via email to