coap-gateway: Fixing device status to offline when the access token e…

…xpires

coap-gateway/service/devicesStatusUpdater_test.go

@@ -21,16 +21,16 @@ import (
 	"github.com/plgd-dev/hub/v2/test/device"
 	oauthService "github.com/plgd-dev/hub/v2/test/oauth-server/service"
 	oauthTest "github.com/plgd-dev/hub/v2/test/oauth-server/test"
-	"github.com/plgd-dev/hub/v2/test/service"
+	testService "github.com/plgd-dev/hub/v2/test/service"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 )
 
-func onboardDeviceAndGetDevice(ctx context.Context, t *testing.T, device device.Device, oauthCfg oauthService.Config, coapCfg coapService.Config) (*pb.Device, time.Time /*startOnboard*/, time.Duration /*delta*/) {
-	tearDown := service.SetUp(ctx, t, service.WithOAuthConfig(oauthCfg), service.WithCOAPGWConfig(coapCfg))
-	defer tearDown()
+func onboardDeviceAndGetDevice(ctx context.Context, t *testing.T, device device.Device, oauthCfg oauthService.Config, coapCfg coapService.Config, wait time.Duration) (*pb.Device, time.Time /*startOnboard*/, time.Duration /*delta*/) {
+	oauthShutdown := oauthTest.New(t, oauthCfg)
+	servicesTeardown := testService.SetUpServices(context.Background(), t, testService.SetUpServicesCertificateAuthority|testService.SetUpServicesId|testService.SetUpServicesResourceAggregate|testService.SetUpServicesResourceDirectory|testService.SetUpServicesCoapGateway|testService.SetUpServicesGrpcGateway, testService.WithCOAPGWConfig(coapCfg))
 	ctx = kitNetGrpc.CtxWithToken(ctx, oauthTest.GetDefaultAccessToken(t))
 
 	conn, err := grpc.Dial(config.GRPC_GW_HOST, grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{
@@ -44,11 +44,16 @@ func onboardDeviceAndGetDevice(ctx context.Context, t *testing.T, device device.
 
 	startOnboard := time.Now()
 	shutdownDevSim := test.OnboardDevice(ctx, t, c, device, config.ACTIVE_COAP_SCHEME+"://"+config.COAP_GW_HOST, device.GetDefaultResources())
-	defer shutdownDevSim()
 	deltaOnboard := time.Since(startOnboard) / 2
 
+	// stop oauth server to don't allow refresh token during sleep
+	oauthShutdown()
+
 	// for update resource-directory cache
-	time.Sleep(time.Second)
+	time.Sleep(wait)
+	oauthShutdown = oauthTest.New(t, oauthCfg)
+	ctx = kitNetGrpc.CtxWithToken(ctx, oauthTest.GetDefaultAccessToken(t))
+	defer oauthShutdown()
 
 	client, err := c.GetDevices(ctx, &pb.GetDevicesRequest{})
 	require.NoError(t, err)
@@ -64,10 +69,12 @@ func onboardDeviceAndGetDevice(ctx context.Context, t *testing.T, device device.
 		devices = append(devices, dev)
 	}
 	require.Len(t, devices, 1)
+	shutdownDevSim()
+	servicesTeardown()
 	return devices[0], startOnboard, deltaOnboard
 }
 
-func TestDevicesStatusUpdaterDisabledAndDeviceAccessTokenHasNoExpiration(t *testing.T) {
+func TestDevicesStatusAccessTokenHasNoExpiration(t *testing.T) {
 	d := test.MustFindTestDevice()
 	ctx, cancel := context.WithTimeout(context.Background(), config.TEST_TIMEOUT)
 	defer cancel()
@@ -76,12 +83,12 @@ func TestDevicesStatusUpdaterDisabledAndDeviceAccessTokenHasNoExpiration(t *test
 	oauthCfg.OAuthSigner.Clients.Find(config.OAUTH_MANAGER_CLIENT_ID).AccessTokenLifetime = 0
 	coapCfg := coapgwTest.MakeConfig(t)
 
-	device, _, _ := onboardDeviceAndGetDevice(ctx, t, d, oauthCfg, coapCfg)
+	device, _, _ := onboardDeviceAndGetDevice(ctx, t, d, oauthCfg, coapCfg, time.Second)
 
 	assert.Equal(t, commands.Connection_ONLINE, device.Metadata.Connection.Status)
 }
 
-func TestDevicesStatusUpdaterDisabledAndDeviceAccessTokenHasExpiration(t *testing.T) {
+func TestDevicesStatusAccessTokenHasExpiration(t *testing.T) {
 	d := test.MustFindTestDevice()
 	ctx, cancel := context.WithTimeout(context.Background(), config.TEST_TIMEOUT)
 	defer cancel()
@@ -90,8 +97,25 @@ func TestDevicesStatusUpdaterDisabledAndDeviceAccessTokenHasExpiration(t *testin
 	accessTokenLifetime := time.Second * 10
 	oauthCfg.OAuthSigner.Clients.Find(config.OAUTH_MANAGER_CLIENT_ID).AccessTokenLifetime = accessTokenLifetime
 	coapCfg := coapgwTest.MakeConfig(t)
+	coapCfg.APIs.COAP.OwnerCacheExpiration = time.Second
 
-	device, _, _ := onboardDeviceAndGetDevice(ctx, t, d, oauthCfg, coapCfg)
+	device, _, _ := onboardDeviceAndGetDevice(ctx, t, d, oauthCfg, coapCfg, time.Second)
 
 	assert.Equal(t, commands.Connection_ONLINE, device.Metadata.Connection.Status)
 }
+
+func TestDevicesStatusAccessTokenHasExpirationAndTokenWillExpire(t *testing.T) {
+	d := test.MustFindTestDevice()
+	ctx, cancel := context.WithTimeout(context.Background(), config.TEST_TIMEOUT)
+	defer cancel()
+
+	oauthCfg := oauthTest.MakeConfig(t)
+	accessTokenLifetime := time.Second * 10
+	oauthCfg.OAuthSigner.Clients.Find(config.OAUTH_MANAGER_CLIENT_ID).AccessTokenLifetime = accessTokenLifetime
+	coapCfg := coapgwTest.MakeConfig(t)
+	coapCfg.APIs.COAP.OwnerCacheExpiration = time.Second
+
+	device, _, _ := onboardDeviceAndGetDevice(ctx, t, d, oauthCfg, coapCfg, accessTokenLifetime)
+
+	assert.Equal(t, commands.Connection_OFFLINE, device.Metadata.Connection.Status)
+}

coap-gateway/service/signIn.go

@@ -229,7 +229,11 @@ func getSignInDataFromClaims(ctx context.Context, client *session, signIn CoapSi
 	expTime, _ := jwtClaims.GetExpirationTime()
 	validUntil := time.Time{}
 	if expTime != nil {
-		validUntil = expTime.Time
+		if time.Until(expTime.Time) < 2*client.server.config.APIs.COAP.OwnerCacheExpiration {
+			return "", time.Time{}, fmt.Errorf("access token will expire (%v) in less time than the interval for checking expiration (%v)", expTime.Time, 2*client.server.config.APIs.COAP.OwnerCacheExpiration)
+		}
+		// set expiration time before token expiration to allow sign off device.
+		validUntil = expTime.Time.Add(-2 * client.server.config.APIs.COAP.OwnerCacheExpiration)
 	}
 
 	return deviceID, validUntil, nil