Merge pull request #359 from deedee/jwttoken_update

FIX ME: HS256 use oldjwt to refresh v3jwt

Author: skyhit

conf/ApplicationServer.properties

@@ -45,3 +45,4 @@ SSO_HASH_SECRET = @ApplicationServer.SSO_HASH_SECRET@
 SSO_DOMAIN = @ApplicationServer.SSO_DOMAIN@
 
 JWT_V3_COOKIE_KEY = @ApplicationServer.JWT_V3_COOKIE_KEY@
+JWT_COOKIE_KEY = @ApplicationServer.JWT_COOKIE_KEY@

src/java/main/com/topcoder/direct/services/configs/ServerConfiguration.java

@@ -56,4 +56,6 @@ public class ServerConfiguration extends ApplicationServer {
      * @since 1.1
      */
     public static String JWT_V3_COOKIE_KEY = bundle.getProperty("JWT_V3_COOKIE_KEY", "v3jwt");
+
+    public static String JWT_COOKIE_KEY = bundle.getProperty("JWT_COOKIE_KEY", "tcjwt");
 }

src/java/main/com/topcoder/direct/services/view/interceptors/AuthenticationInterceptor.java

@@ -300,7 +300,13 @@ public String intercept(ActionInvocation invocation) throws Exception {
         } catch (TokenExpiredException e) {
             logger.error("Token is expired. Try to refresh");
             try {
-                jwtToken = jwtToken.refresh();
+                //TODO .refresh() should use v3jwt for all algo
+                if ("HS256".equals(jwtToken.getAlgorithm())) {
+                    jwtToken = jwtToken.refresh(DirectUtils.getCookieFromRequest(ServletActionContext.getRequest(),
+                            ServerConfiguration.JWT_COOKIE_KEY).getValue());
+                } else {
+                    jwtToken = jwtToken.refresh();
+                }
                 DirectUtils.addDirectCookie(ServletActionContext.getResponse(), ServerConfiguration.JWT_V3_COOKIE_KEY,
                     jwtToken.getToken(), -1);
             } catch (Exception ex) {

src/java/main/com/topcoder/direct/services/view/util/jwt/JWTToken.java

@@ -291,13 +291,17 @@ protected Integer calcExpirySeconds(Integer exp, Integer iat) {
         return exp - issuedAt;
     }
 
+    public JWTToken refresh() throws Exception {
+        return refresh(this.token);
+    }
+
     /**
      * Refresh jwt from authorizationUrl
      *
      * @return this instance
      * @throws Exception if any error occurs
      */
-    public JWTToken refresh() throws Exception {
+    public JWTToken refresh(String oldToken) throws Exception {
         if (authorizationURL == null || "".equals(authorizationURL))
             throw new JWTException("Please set authorizationUrl");
 
@@ -309,7 +313,7 @@ public JWTToken refresh() throws Exception {
             HttpPost httpPost = new HttpPost(authorizationUri);
             httpPost.addHeader(HttpHeaders.CONTENT_TYPE, "application/json");
 
-            StringEntity body = new StringEntity(String.format(AUTHORIZATION_PARAMS, token));
+            StringEntity body = new StringEntity(String.format(AUTHORIZATION_PARAMS, oldToken));
             httpPost.setEntity(body);
             HttpResponse response = httpClient.execute(httpPost);
             HttpEntity entity = response.getEntity();

token.properties.docker

@@ -336,6 +336,7 @@
 #####################################
 # Direct API                        #
 #####################################
+@ApplicationServer.JWT_COOKIE_KEY@=tcjwt_vm
 @ApplicationServer.JWT_V3_COOKIE_KEY@=v3jwt
 
 @memberSearchApiUrl@=https://tc-api.cloud.topcoder.com:8443/v3/members/_suggest/