diff --git a/src/main/java/nl/knaw/dans/dvauth/db/DataverseDao.java b/src/main/java/nl/knaw/dans/dvauth/db/DataverseDao.java index a911ce3..a893669 100644 --- a/src/main/java/nl/knaw/dans/dvauth/db/DataverseDao.java +++ b/src/main/java/nl/knaw/dans/dvauth/db/DataverseDao.java @@ -30,7 +30,7 @@ public interface DataverseDao { Optional findUserByName(@Bind("username") String username); @SqlQuery("select a.useridentifier as username from apitoken t join authenticateduser a on a.id = t.authenticateduser_id " - + "where a.deactivated = false and t.disabled = false and t.tokenstring = :token") + + "where a.deactivated = false and t.disabled = false and t.expiretime > CURRENT_DATE and t.tokenstring = :token") @RegisterBeanMapper(TokenUser.class) Optional findUserByApiToken(@Bind("token") String token); } diff --git a/src/test/java/nl/knaw/dans/dvauth/resources/AuthCheckResourceIntegrationTest.java b/src/test/java/nl/knaw/dans/dvauth/resources/AuthCheckResourceIntegrationTest.java index 58bd246..04d83a4 100644 --- a/src/test/java/nl/knaw/dans/dvauth/resources/AuthCheckResourceIntegrationTest.java +++ b/src/test/java/nl/knaw/dans/dvauth/resources/AuthCheckResourceIntegrationTest.java @@ -136,8 +136,23 @@ void authenticate_should_return_401_for_expired_dataverse_key() { .header("x-dataverse-key", "token5") .post(Entity.entity("", MediaType.APPLICATION_JSON_TYPE))) { - // TODO fix this test + assertEquals(401, result.getStatus()); + } + } + + @Test + void authenticate_should_return_200_despite_expired_token() { + var url = String.format("http://localhost:%s/", EXT.getLocalPort()); + var auth = generateBasicAuthHeader("user005", "user005"); + + try (var result = EXT.client() + .target(url) + .request() + .header("authorization", auth) + .post(Entity.entity("", MediaType.APPLICATION_JSON_TYPE))) { + assertEquals(200, result.getStatus()); + var response = result.readEntity(UserAuthResponse.class); assertEquals("user005", response.getUserId()); } diff --git a/src/test/resources/test-etc/init.sql b/src/test/resources/test-etc/init.sql index 59d92df..4789f00 100644 --- a/src/test/resources/test-etc/init.sql +++ b/src/test/resources/test-etc/init.sql @@ -29,24 +29,26 @@ VALUES (1, '$2a$10$nBBwLlls757bzXY30ts8duy1ymEJKhGxZgdWDBEOwmMkXXvv2C3CC', 1, 'dataverseAdmin'), (2, 'hN/rof975YOfV0wcZVXCrpU8ZlY=', 0, 'user001'), (3, 'EwkfCo7O85qPEM/39U2hTw+3ehE=', 0, 'user002'), - (4, 'CxMv+h/czMwZA554OwNVpibqxxA=', 0, 'user003'); + (4, 'CxMv+h/czMwZA554OwNVpibqxxA=', 0, 'user003'), + (5, '5AJWRgVRLu9d0i0IxzTIcl0dFy4=', 0, 'user005'); --- user001 is OK, permission granted --- user002 is disabled and deactivated, permission denied --- user003 is disabled and not deactivated, permission denied --- user004 is not disabled and deactivated, permission denied +--- user005 has an expired token, permission denied when using token, granted when using username/password INSERT INTO authenticateduser (id, deactivated, useridentifier) VALUES - (5, false, 'user005'), (1, false, 'user001'), (2, true, 'user002'), (3, false, 'user003'), - (4, true, 'user004'); + (4, true, 'user004'), + (5, false, 'user005'); INSERT INTO apitoken (id, disabled, tokenstring, authenticateduser_id, expiretime) VALUES - (5, false, 'token5', 5, CURRENT_DATE - INTERVAL '1' DAY), (1, false, 'token1', 1, CURRENT_DATE + INTERVAL '1' DAY), (2, true, 'token2', 2, CURRENT_DATE + INTERVAL '1' DAY), (3, true, 'token3', 3, CURRENT_DATE + INTERVAL '1' DAY), - (4, false, 'token4', 4, CURRENT_DATE + INTERVAL '1' DAY); + (4, false, 'token4', 4, CURRENT_DATE + INTERVAL '1' DAY), + (5, false, 'token5', 5, CURRENT_DATE - INTERVAL '1' DAY);