Skip to content

Commit

Permalink
merge configureSessionTimeout into setUser #2419 #4475
Browse files Browse the repository at this point in the history
  • Loading branch information
@pdurbin
pdurbin committed Mar 4, 2021
1 parent 8afbf5e commit 610e9ca
Show file tree
Hide file tree
Showing 9 changed files with 10 additions and 22 deletions.
23 changes: 10 additions & 13 deletions src/main/java/edu/harvard/iq/dataverse/DataverseSession.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,9 @@ public User getUser() {
return user;
}

/**
* Sets the user and configures the session timeout.
*/
public void setUser(User aUser) {
// We check for disabled status here in "setUser" to ensure a common user
// experience across Builtin, Shib, OAuth, and OIDC users.
Expand All @@ -108,13 +111,20 @@ public void setUser(User aUser) {
// Log the login/logout and Change the session id if we're using the UI and have
// a session, versus an API call with no session - (i.e. /admin/submitToArchive()
// which sets the user in the session to pass it through to the underlying command)
// TODO: reformat to remove tabs etc.
if(context != null) {
logSvc.log(
new ActionLogRecord(ActionLogRecord.ActionType.SessionManagement,(aUser==null) ? "logout" : "login")
.setUserIdentifier((aUser!=null) ? aUser.getIdentifier() : (user!=null ? user.getIdentifier() : "") ));

//#3254 - change session id when user changes
SessionUtil.changeSessionId((HttpServletRequest) context.getExternalContext().getRequest());
HttpSession httpSession = (HttpSession) context.getExternalContext().getSession(false);
if (httpSession != null) {
// Configure session timeout.
logger.fine("jsession: " + httpSession.getId() + " setting the lifespan of the session to " + systemConfig.getLoginSessionTimeout() + " minutes");
httpSession.setMaxInactiveInterval(systemConfig.getLoginSessionTimeout() * 60); // session timeout, in seconds
}
}
this.user = aUser;
}
Expand Down Expand Up @@ -219,18 +229,5 @@ public void dismissMessage(BannerMessage message){
}

}

public void configureSessionTimeout() {
if (user instanceof GuestUser) {
return;
}
HttpSession httpSession = (HttpSession) FacesContext.getCurrentInstance().getExternalContext().getSession(false);

if (httpSession != null) {
logger.fine("jsession: "+httpSession.getId()+" setting the lifespan of the session to " + systemConfig.getLoginSessionTimeout() + " minutes");
httpSession.setMaxInactiveInterval(systemConfig.getLoginSessionTimeout() * 60); // session timeout, in seconds
}

}

}
1 change: 0 additions & 1 deletion src/main/java/edu/harvard/iq/dataverse/LoginPage.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,6 @@ public String login() {
AuthenticatedUser r = authSvc.getUpdateAuthenticatedUser(credentialsAuthProviderId, authReq);
logger.log(Level.FINE, "User authenticated: {0}", r.getEmail());
session.setUser(r);
session.configureSessionTimeout();
if ("dataverse.xhtml".equals(redirectPage)) {
redirectPage = redirectToRoot();
}
Expand Down
1 change: 0 additions & 1 deletion src/main/java/edu/harvard/iq/dataverse/Shib.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -360,7 +360,6 @@ private void logInUserAndSetShibAttributes(AuthenticatedUser au) {
au.setShibIdentityProvider(shibIdp);
// setUser checks for disabled users.
session.setUser(au);
session.configureSessionTimeout();
logger.fine("Groups for user " + au.getId() + " (" + au.getIdentifier() + "): " + getGroups(au));
}

Expand Down
1 change: 0 additions & 1 deletion ...main/java/edu/harvard/iq/dataverse/authorization/providers/builtin/DataverseUserPage.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,7 +327,6 @@ public String save() {
// Authenticated user registered. Save the new bulitin, and log in.
builtinUserService.save(builtinUser);
session.setUser(au);
session.configureSessionTimeout();
/**
* @todo Move this to
* AuthenticationServiceBean.createAuthenticatedUser
Expand Down
2 changes: 0 additions & 2 deletions ...in/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/OAuth2FirstLoginPage.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,6 @@ public String createNewAccount() {
newUser.getDisplayInfo().getPosition());
final AuthenticatedUser user = authenticationSvc.createAuthenticatedUser(newUser.getUserRecordIdentifier(), getUsername(), newAud, true);
session.setUser(user);
session.configureSessionTimeout();
/**
* @todo Move this to AuthenticationServiceBean.createAuthenticatedUser
*/
Expand Down Expand Up @@ -213,7 +212,6 @@ public String convertExistingAccount() {
builtinUserSvc.removeUser(existingUser.getUserIdentifier());

session.setUser(existingUser);
session.configureSessionTimeout();
AuthenticationProvider newUserAuthProvider = authenticationSvc.getAuthenticationProvider(newUser.getServiceId());
JsfHelper.addSuccessMessage(BundleUtil.getStringFromBundle("oauth2.convertAccount.success", Arrays.asList(newUserAuthProvider.getInfo().getTitle())));

Expand Down
1 change: 0 additions & 1 deletion .../java/edu/harvard/iq/dataverse/authorization/providers/oauth2/OAuth2LoginBackingBean.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,6 @@ public void exchangeCodeForToken() throws IOException {
// login the user and redirect to HOME of intended page (if any).
// setUser checks for disabled users.
session.setUser(dvUser);
session.configureSessionTimeout();
final OAuth2TokenData tokenData = oauthUser.getTokenData();
if (tokenData != null) {
tokenData.setUser(dvUser);
Expand Down
1 change: 0 additions & 1 deletion src/main/java/edu/harvard/iq/dataverse/confirmemail/ConfirmEmailPage.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,6 @@ public String init() {
if (confirmEmailData != null) {
user = confirmEmailData.getAuthenticatedUser();
session.setUser(user);
session.configureSessionTimeout(); // TODO: is this needed here? (it can't hurt, but still)
JsfHelper.addSuccessMessage(BundleUtil.getStringFromBundle("confirmEmail.details.success"));
return "/dataverse.xhtml?faces-redirect=true";
}
Expand Down
1 change: 0 additions & 1 deletion src/main/java/edu/harvard/iq/dataverse/passwordreset/PasswordResetPage.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,6 @@ public String resetPassword() {
String builtinAuthProviderId = BuiltinAuthenticationProvider.PROVIDER_ID;
AuthenticatedUser au = authSvc.lookupUser(builtinAuthProviderId, user.getUserName());
session.setUser(au);
session.configureSessionTimeout();
return "/dataverse.xhtml?alias=" + dataverseService.findRootDataverse().getAlias() + "faces-redirect=true";
} else {
FacesContext.getCurrentInstance().addMessage(null, new FacesMessage(FacesMessage.SEVERITY_ERROR, response.getMessageSummary(), response.getMessageDetail()));
Expand Down
1 change: 0 additions & 1 deletion src/main/java/edu/harvard/iq/dataverse/privateurl/PrivateUrlPage.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@ public String init() {
String draftDatasetPageToBeRedirectedTo = privateUrlRedirectData.getDraftDatasetPageToBeRedirectedTo() + "&faces-redirect=true";
PrivateUrlUser privateUrlUser = privateUrlRedirectData.getPrivateUrlUser();
session.setUser(privateUrlUser);
session.configureSessionTimeout();
logger.info("Redirecting PrivateUrlUser '" + privateUrlUser.getIdentifier() + "' to " + draftDatasetPageToBeRedirectedTo);
return draftDatasetPageToBeRedirectedTo;
} catch (Exception ex) {
Expand Down

0 comments on commit 610e9ca

Please sign in to comment.