Skip to content
Snippets Groups Projects
Select Git revision
  • 29e04d080396cac3fade9f187f96e5cbaf0533d1
  • master default protected
  • react
3 results

TokenController.java

Blame
  • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    TokenController.java 3.01 KiB
    /*
     * Copyright (C) 2020-2024 by Savoir-faire Linux
     *
     * This program is free software; you can redistribute it and/or modify
     * it under the terms of the GNU General Public License as published by
     * the Free Software Foundation; either version 3 of the License, or
     * (at your option) any later version.
     *
     * This program is distributed in the hope that it will be useful,
     * but WITHOUT ANY WARRANTY; without even the implied warranty of
     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     * GNU General Public License for more details.
     *
     * You should have received a copy of the GNU General Public License
     * along with this program.  If not, see <https://www.gnu.org/licenses/>.
     */
    package net.jami.jams.authmodule;
    
    import static net.jami.jams.common.objects.user.AccessLevel.DEVICE;
    
    import com.nimbusds.jose.JOSEObjectType;
    import com.nimbusds.jose.JWSAlgorithm;
    import com.nimbusds.jose.JWSHeader;
    import com.nimbusds.jose.crypto.RSASSASigner;
    import com.nimbusds.jwt.JWTClaimsSet;
    import com.nimbusds.jwt.SignedJWT;
    
    import net.jami.jams.common.authmodule.AuthTokenResponse;
    import net.jami.jams.common.objects.user.User;
    
    import java.security.PrivateKey;
    import java.util.Date;
    import java.util.UUID;
    
    public class TokenController {
    
        private static PrivateKey signingKey;
    
        public TokenController(PrivateKey signingKey) {
            TokenController.signingKey = signingKey;
        }
    
        public AuthTokenResponse getToken(User user, String deviceId) {
            AuthTokenResponse authTokenResponse = new AuthTokenResponse();
            JWSHeader jwsHeader =
                    new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).build();
            JWTClaimsSet.Builder builder =
                    new JWTClaimsSet.Builder()
                            .issuer("JAMS")
                            .subject(user.getUsername())
                            .audience("JAMS")
                            .claim("oneTimePassword", user.getNeedsPasswordReset())
                            .expirationTime(new Date(System.currentTimeMillis() + 30 * 60 * 1000))
                            .notBeforeTime(new Date(System.currentTimeMillis()))
                            .issueTime(new Date(System.currentTimeMillis()))
                            .jwtID(UUID.randomUUID().toString());
            if (deviceId != null) {
                builder.claim("scope", DEVICE);
                builder.claim("deviceId", deviceId);
                authTokenResponse.setScope(DEVICE);
            } else {
                builder.claim("scope", user.getAccessLevel());
                authTokenResponse.setScope(user.getAccessLevel());
            }
            JWTClaimsSet jwtClaims = builder.build();
            SignedJWT signedJWT = new SignedJWT(jwsHeader, jwtClaims);
            try {
                signedJWT.sign(new RSASSASigner(signingKey));
                authTokenResponse.setAccess_token(signedJWT.serialize());
                authTokenResponse.setExpires_in(30 * 60L);
                authTokenResponse.setToken_type("Bearer");
                return authTokenResponse;
            } catch (Exception e) {
                return null;
            }
        }
    }