From ca35777f313286ffd5bca7427433bcef5bfa1eb0 Mon Sep 17 00:00:00 2001
From: GiuseppeS <g.scorrano@integry.it>
Date: Wed, 24 Jan 2024 18:24:02 +0100
Subject: [PATCH] Fi caching auth tokens

---
 .../integry/security/service/AuthService.java |  1 -
 .../security/service/RefreshTokenService.java | 38 ++++++-------------
 2 files changed, 11 insertions(+), 28 deletions(-)

diff --git a/ems-core/src/main/java/it/integry/security/service/AuthService.java b/ems-core/src/main/java/it/integry/security/service/AuthService.java
index a5146f2f60..8209f97eda 100644
--- a/ems-core/src/main/java/it/integry/security/service/AuthService.java
+++ b/ems-core/src/main/java/it/integry/security/service/AuthService.java
@@ -162,7 +162,6 @@ public class AuthService {
 
             // Ricreo token di accesso e refresh
             StbAuthToken stbAuthToken = refreshTokenService.createRefreshTokenIfNotExists(
-                    null,
                     username,
                     password,
                     String.valueOf(userData.getUser().getKeyGroup()),
diff --git a/ems-core/src/main/java/it/integry/security/service/RefreshTokenService.java b/ems-core/src/main/java/it/integry/security/service/RefreshTokenService.java
index 502eed881c..4aacb66148 100644
--- a/ems-core/src/main/java/it/integry/security/service/RefreshTokenService.java
+++ b/ems-core/src/main/java/it/integry/security/service/RefreshTokenService.java
@@ -91,15 +91,15 @@ public class RefreshTokenService {
         user.setOperation(OperationType.SELECT_OBJECT);
         entityProcessor.processEntity(user, multiDBTransactionManager);
 
+        applicationEventPublisher.publishEvent(new TokenExpireEvent(profileDb, stbAuthToken.getAccessToken()));
 
         StbAuthToken newRefreshToken = this.createRefreshTokenIfNotExists(
-                stbAuthToken,
                 user.getUserName(),
                 user.getPassword(),
                 String.valueOf(user.getKeyGroup()),
-                profileDb);
+                profileDb,
+                stbAuthToken.getDeviceId());
 
-        applicationEventPublisher.publishEvent(new TokenExpireEvent(profileDb, stbAuthToken.getAccessToken()));
         applicationEventPublisher.publishEvent(new TokenCreateEvent(profileDb, newRefreshToken));
 
         return new JwtResponse()
@@ -110,48 +110,32 @@ public class RefreshTokenService {
     }
 
     public void verifyExpiration(StbAuthToken token) {
-        if (token.getExpiryDate() != null && token.getExpiryDate().compareTo(LocalDateTime.now()) < 0) {
+        if (token.getExpiryDate() != null && token.getExpiryDate().isBefore(LocalDateTime.now())) {
             throw new TokenRefreshException(token.getRefreshToken(), "Token scaduto. Esegui un nuovo accesso.");
         }
     }
 
-
-    public StbAuthToken createRefreshTokenIfNotExists(StbAuthToken oldToken, String username, String password, String keyGroup, String profileDb) throws Exception {
-        return this.createRefreshTokenIfNotExists(oldToken, username, password, keyGroup, profileDb, null);
-    }
-
-    public StbAuthToken createRefreshTokenIfNotExists(StbAuthToken oldToken, String username, String password, String keyGroup, String profileDb, Long deviceId) throws Exception {
-        StbAuthToken newToken = oldToken != null ? (StbAuthToken) oldToken.clone() : null;
-
+    public StbAuthToken createRefreshTokenIfNotExists(String username, String password, String keyGroup, String profileDb, Long deviceId) throws Exception {
         LocalDateTime expiryDate = LocalDateTime.now().plusDays(settingsModel.getRefreshTokenExpireDays());
 
-
-        if (newToken == null && deviceId == null)
+        if (deviceId == null)
             throw new Exception("Impossibile creare un refresh token");
 
-        if (newToken == null) {
-            newToken = new StbAuthToken()
-                    .setDeviceId(deviceId)
-                    .setUserName(username);
-            newToken.setOperation(OperationType.INSERT);
-        } else {
-            newToken
-                    .setOperation(OperationType.UPDATE);
-        }
-
-
         UsernamePasswordAuthenticationToken authenticationToken =
-                createAuthenticationToken(username, password, keyGroup, newToken.getDeviceId() == null ? deviceId : newToken.getDeviceId());
+                createAuthenticationToken(username, password, keyGroup, deviceId);
 
         Authentication authentication = authenticationManager.authenticate(authenticationToken);
         SecurityContextHolder.getContext().setAuthentication(authentication);
 
 
-        newToken
+        StbAuthToken newToken = new StbAuthToken()
+                .setDeviceId(deviceId)
+                .setUserName(username)
                 .setExpiryDate(expiryDate)
                 .setRefreshToken(Encoders.BASE64.encode(Keys.secretKeyFor(SignatureAlgorithm.HS512).getEncoded()))
                 .setAccessToken(accessTokenProvider.createToken(profileDb));
 
+        newToken.setOperation(OperationType.INSERT);
 
         entityProcessor.processEntity(newToken, multiDBTransactionManager);