(pulsar) 02/03: [fix][cli] Fix expiration of tokens created with "pulsar tokens create" (#22815)

lhotari Tue, 04 Jun 2024 08:31:30 -0700

This is an automated email from the ASF dual-hosted git repository.

lhotari pushed a commit to branch branch-3.2
in repository https://gitbox.apache.org/repos/asf/pulsar.git


commit f1c4547664bfd34b6dfc146248a38f81844a25b5
Author: entvex <[email protected]>
AuthorDate: Mon Jun 3 18:33:44 2024 +0200

    [fix][cli] Fix expiration of tokens created with "pulsar tokens create" 
(#22815)
    
    Co-authored-by: David Jensen <[email protected]>
    (cherry picked from commit 245c3e8bee2c1db2b61f00bafb6210ec8a2a612a)
---
 .../pulsar/utils/auth/tokens/TokensCliUtils.java   |  4 +-
 .../utils/auth/tokens/TokensCliUtilsTest.java      | 58 ++++++++++++++++++++++
 2 files changed, 60 insertions(+), 2 deletions(-)

diff --git 
a/pulsar-broker/src/main/java/org/apache/pulsar/utils/auth/tokens/TokensCliUtils.java
 
b/pulsar-broker/src/main/java/org/apache/pulsar/utils/auth/tokens/TokensCliUtils.java
index fa3a7bed8f6..cd2b190c9a1 100644
--- 
a/pulsar-broker/src/main/java/org/apache/pulsar/utils/auth/tokens/TokensCliUtils.java
+++ 
b/pulsar-broker/src/main/java/org/apache/pulsar/utils/auth/tokens/TokensCliUtils.java
@@ -43,7 +43,7 @@ import java.util.Optional;
 import javax.crypto.SecretKey;
 import lombok.Cleanup;
 import org.apache.pulsar.broker.authentication.utils.AuthTokenUtils;
-import org.apache.pulsar.cli.converters.TimeUnitToSecondsConverter;
+import org.apache.pulsar.cli.converters.TimeUnitToMillisConverter;
 import org.apache.pulsar.docs.tools.CmdGenerateDocs;
 
 public class TokensCliUtils {
@@ -119,7 +119,7 @@ public class TokensCliUtils {
                 "--expiry-time"},
                 description = "Relative expiry time for the token (eg: 1h, 3d, 
10y)."
                         + " (m=minutes) Default: no expiration",
-                    converter = TimeUnitToSecondsConverter.class)
+                converter = TimeUnitToMillisConverter.class)
         private Long expiryTime = null;
 
         @Parameter(names = {"-sk",
diff --git 
a/pulsar-broker/src/test/java/org/apache/pulsar/utils/auth/tokens/TokensCliUtilsTest.java
 
b/pulsar-broker/src/test/java/org/apache/pulsar/utils/auth/tokens/TokensCliUtilsTest.java
index a488e4d9584..8583b9ccf37 100644
--- 
a/pulsar-broker/src/test/java/org/apache/pulsar/utils/auth/tokens/TokensCliUtilsTest.java
+++ 
b/pulsar-broker/src/test/java/org/apache/pulsar/utils/auth/tokens/TokensCliUtilsTest.java
@@ -19,11 +19,19 @@
 package org.apache.pulsar.utils.auth.tokens;
 
 import static org.testng.Assert.assertTrue;
+
 import com.beust.jcommander.Parameter;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.io.Decoders;
 import java.io.ByteArrayOutputStream;
 import java.io.PrintStream;
 import java.lang.reflect.Field;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
 import java.util.Arrays;
+import java.util.Date;
+import org.testng.annotations.DataProvider;
 import org.testng.annotations.Test;
 
 /**
@@ -31,6 +39,56 @@ import org.testng.annotations.Test;
  */
 public class TokensCliUtilsTest {
 
+    @DataProvider(name = "desiredExpireTime")
+    public Object[][] desiredExpireTime() {
+        return new Object[][] {
+                {"600", 600}, //10m
+                {"5m", 300},
+                {"1h", 3600},
+                {"1d", 86400},
+                {"1w", 604800},
+                {"1y", 31536000}
+        };
+    }
+
+    @Test(dataProvider = "desiredExpireTime")
+    public void 
commandCreateToken_WhenCreatingATokenWithExpiryTime_ShouldHaveTheDesiredExpireTime(String
 expireTime, int expireAsSec) throws Exception {
+        PrintStream oldStream = System.out;
+        try {
+            //Arrange
+            ByteArrayOutputStream baoStream = new ByteArrayOutputStream();
+            System.setOut(new PrintStream(baoStream));
+
+            String[] command = {"create", "--secret-key",
+                    
"data:;base64,u+FxaxYWpsTfxeEmMh8fQeS3g2jfXw4+sGIv+PTY+BY=",
+                    "--subject", "test",
+                    "--expiry-time", expireTime,
+            };
+
+            TokensCliUtils.main(command);
+            String token = baoStream.toString();
+
+            Instant start = (new Date().toInstant().plus(expireAsSec - 5, 
ChronoUnit.SECONDS));
+            Instant stop = (new Date().toInstant().plus(expireAsSec + 5, 
ChronoUnit.SECONDS));
+
+            //Act
+            Claims jwt = Jwts.parserBuilder()
+                    
.setSigningKey(Decoders.BASE64.decode("u+FxaxYWpsTfxeEmMh8fQeS3g2jfXw4+sGIv+PTY+BY="))
+                    .build()
+                    .parseClaimsJws(token)
+                    .getBody();
+
+            //Assert
+            //Checks if the token expires within +-5 sec.
+            assertTrue(( ! jwt.getExpiration().toInstant().isBefore( start ) ) 
&& ( jwt.getExpiration().toInstant().isBefore( stop ) ));
+
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        } finally {
+            System.setOut(oldStream);
+        }
+    }
+
     /**
      * Test tokens generate docs.
      *

(pulsar) 02/03: [fix][cli] Fix expiration of tokens created with "pulsar tokens create" (#22815)

Reply via email to