cleaned-up JWT processing

jams-server/src/main/java/net/jami/jams/server/servlets/filters/AdminApiFilter.java

@@ -15,11 +15,15 @@ import java.io.IOException;
 import java.util.Date;
 
 import static net.jami.jams.server.Server.userAuthenticationModule;
+import static net.jami.jams.server.servlets.filters.JWTValidator.verifyLevel;
+import static net.jami.jams.server.servlets.filters.JWTValidator.verifyValidity;
 
 @WebFilter(urlPatterns = {"/api/admin/*"})
 @Slf4j
 public class AdminApiFilter implements Filter {
 
+    private static final AccessLevel TARGET_LEVEL = AccessLevel.ADMIN;
+
     @Override
     public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
         HttpServletRequest request = (HttpServletRequest) servletRequest;
@@ -35,8 +39,7 @@ public class AdminApiFilter implements Filter {
                 try {
                     JWSVerifier jwsVerifier = new RSASSAVerifier(userAuthenticationModule.getAuthModulePubKey());
                     signedJWT = SignedJWT.parse(request.getHeader("Bearer"));
-                    if(signedJWT.verify(jwsVerifier) && signedJWT.getJWTClaimsSet().getExpirationTime().compareTo(new Date()) > 0
-                    && AccessLevel.valueOf(signedJWT.getJWTClaimsSet().getClaim("scope").toString()).equals(AccessLevel.ADMIN)){
+                    if(signedJWT.verify(jwsVerifier) && verifyValidity(signedJWT) && verifyLevel(signedJWT,TARGET_LEVEL)){
                         authsuccess = true;
                         request.setAttribute("username",signedJWT.getJWTClaimsSet().getSubject());
                     }

jams-server/src/main/java/net/jami/jams/server/servlets/filters/ApiFilter.java

@@ -14,6 +14,7 @@ import java.io.IOException;
 import java.util.Date;
 
 import static net.jami.jams.server.Server.userAuthenticationModule;
+import static net.jami.jams.server.servlets.filters.JWTValidator.verifyValidity;
 
 @WebFilter(urlPatterns = {"/api/auth/*"})
 @Slf4j
@@ -34,7 +35,7 @@ public class ApiFilter implements Filter {
                 try {
                     JWSVerifier jwsVerifier = new RSASSAVerifier(userAuthenticationModule.getAuthModulePubKey());
                     signedJWT = SignedJWT.parse(request.getHeader("Bearer"));
-                    if(signedJWT.verify(jwsVerifier) && signedJWT.getJWTClaimsSet().getExpirationTime().compareTo(new Date()) > 0){
+                    if(signedJWT.verify(jwsVerifier) && verifyValidity(signedJWT)){
                         authsuccess = true;
                         request.setAttribute("username",signedJWT.getJWTClaimsSet().getSubject());
                     }

jams-server/src/main/java/net/jami/jams/server/servlets/filters/JWTValidator.java

+package net.jami.jams.server.servlets.filters;
+
+import com.nimbusds.jwt.SignedJWT;
+import net.jami.jams.common.objects.user.AccessLevel;
+
+import java.util.Date;
+
+public class JWTValidator {
+
+    public static boolean verifyLevel(SignedJWT signedJWT, AccessLevel TARGET_LEVEL){
+        try {
+            return AccessLevel.valueOf(signedJWT.getJWTClaimsSet().getClaim("scope").toString()).equals(TARGET_LEVEL);
+        }
+        catch (Exception e){
+            return false;
+        }
+    }
+
+    public static boolean verifyValidity(SignedJWT signedJWT){
+        try {
+            return signedJWT.getJWTClaimsSet().getExpirationTime().compareTo(new Date()) > 0;
+        }
+        catch (Exception e){
+            return false;
+        }
+    }
+}