oaplatform · alebastrov · Mar 12, 2025 · Mar 12, 2025 · Mar 14, 2025
diff --git a/oap-mail/oap-mail/src/main/java/oap/mail/Mailman.java b/oap-mail/oap-mail/src/main/java/oap/mail/Mailman.java
@@ -53,13 +53,12 @@ public void run() {
         while( !done ) {
             try {
                 semaphore.acquire();
-
-                log.debug( "sending {} messages from queue ...", queue.size() );
+                if( queue.size() > 0 ) log.debug( "sending {} messages from queue ...", queue.size() );
                 queue.processing( this::sendMessage );
             } catch( InterruptedException e ) {
                 done = true;
             } catch( Exception e ) {
-                log.error( e.getMessage(), e );
+                log.error( "Cannot process queue", e );
             }
         }
     }
@@ -75,11 +74,13 @@ private boolean sendMessage( Message message ) {
     }
 
     public void send( Message message ) {
-        log.debug( "enqueue message {}", message );
-
-        this.queue.add( message );
+        try {
+            log.debug( "enqueue message {}", message );
 
-        semaphore.release();
+            this.queue.add( message );
+        } finally {
+            semaphore.release();
+        }
     }
 
     @Override

diff --git a/oap-storage/oap-storage-mongo/src/main/java/oap/storage/mongo/MongoClient.java b/oap-storage/oap-storage-mongo/src/main/java/oap/storage/mongo/MongoClient.java
@@ -65,11 +65,11 @@ public MongoClient( String connectionString, @Nonnull String migrationPackage )
 
         Preconditions.checkNotNull( this.connectionString.getDatabase(), "database is required" );
 
-        final MongoClientSettings.Builder settingsBuilder = defaultBuilder()
+        MongoClientSettings.Builder settingsBuilder = defaultBuilder()
             .applyConnectionString( this.connectionString );
         this.mongoClient = MongoClients.create( settingsBuilder.build() );
         this.database = mongoClient.getDatabase( this.connectionString.getDatabase() );
-        log.debug( "creating connectionString {} migrationPackage {}",
+        log.debug( "creating connectionString: {}, migrationPackage: {}",
             this.connectionString, migrationPackage );
     }
 
@@ -88,7 +88,8 @@ private MongoClientSettings.Builder defaultBuilder() {
      * @param <R>
      * @return result of function or null otherwise
      */
-    public <R> Optional<R> doWithCollectionIfExist( String collectionName, Function<MongoCollection<Document>, R> consumer ) {
+    public <R> Optional<R> doWithCollectionIfExist( String collectionName,
+                                                    Function<MongoCollection<Document>, R> consumer ) {
         Objects.requireNonNull( collectionName );
         if( collectionExists( collectionName ) ) {
             var collection = this.getCollection( collectionName );
@@ -107,10 +108,11 @@ public boolean collectionExists( String collection ) {
 
     public void preStart() {
         try {
-            MongoSync4Driver driver = MongoSync4Driver.withDefaultLock( mongoClient, database.getName() );
+            var driver = MongoSync4Driver.withDefaultLock( mongoClient, database.getName() );
             driver.disableTransaction();
 
             if( migrationPackage != null ) {
+                log.info( "migrationPackage is set to '{}', processing...", migrationPackage );
                 MongockStandalone
                     .builder()
                     .addMigrationScanPackage( migrationPackage )
@@ -120,9 +122,9 @@ public void preStart() {
 
             }
         } catch( Exception ex ) {
-            log.error( "Cannot perform migration" );
-            log.error( ex.getMessage(), ex );
+            log.error( "Cannot perform migration in package: {}", migrationPackage, ex );
         }
+        log.info( "client is ready" );
     }
 
     public CodecRegistry getCodecRegistry() {
@@ -149,7 +151,7 @@ public void updateVersion( Version version ) {
     }
 
     public void dropDatabase() {
-        log.debug( "dropping database {}", this );
+        log.debug( "dropping database: {}", this );
         this.database.drop();
     }
 }
diff --git a/oap-ws/oap-ws-sso-api/src/main/java/oap/ws/sso/AuthenticationFailure.java b/oap-ws/oap-ws-sso-api/src/main/java/oap/ws/sso/AuthenticationFailure.java
@@ -25,5 +25,5 @@
 package oap.ws.sso;
 
 public enum AuthenticationFailure {
-    TFA_REQUIRED, UNAUTHENTICATED, TOKEN_NOT_VALID, WRONG_TFA_CODE, WRONG_ORGANIZATION
+    TFA_REQUIRED, UNAUTHENTICATED, TOKEN_NOT_VALID, TOKEN_EXPIRED, WRONG_TFA_CODE, WRONG_ORGANIZATION
 }
diff --git a/oap-ws/oap-ws-sso-api/src/test/java/oap/ws/sso/JwtTokenGeneratorExtractorTest.java b/oap-ws/oap-ws-sso-api/src/test/java/oap/ws/sso/JwtTokenGeneratorExtractorTest.java
@@ -29,38 +29,68 @@
 import oap.util.Pair;
 import oap.ws.sso.AbstractUserTest.TestSecurityRolesProvider;
 import oap.ws.sso.AbstractUserTest.TestUser;
+import org.jetbrains.annotations.NotNull;
 import org.joda.time.DateTime;
 import org.joda.time.DateTimeUtils;
 import org.testng.annotations.Test;
 
 import static oap.testng.Asserts.assertString;
+import static oap.ws.sso.JWTExtractor.TokenStatus.EXPIRED;
 import static oap.ws.sso.JWTExtractor.TokenStatus.VALID;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.joda.time.DateTimeZone.UTC;
 import static org.testng.Assert.assertNotNull;
 
 
 public class JwtTokenGeneratorExtractorTest extends Fixtures {
-    private static final JwtTokenGenerator jwtTokenGenerator = new JwtTokenGenerator( "secret", "secret", "issuer", 15 * 60 * 1000, 15 * 60 * 1000 * 24 );
+    private static final JwtTokenGenerator jwtTokenGenerator = new JwtTokenGenerator( "secret", "secret", "issuer", 15 * 60 * 1000, 24 * 3_600 * 1_000 + 60_000 );
     private static final JWTExtractor jwtExtractor = new JWTExtractor( "secret", "issuer", new SecurityRoles( new TestSecurityRolesProvider() ) );
 
     public JwtTokenGeneratorExtractorTest() {
         fixture( new SystemTimerFixture() );
     }
 
     @Test
-    public void generateAndExtractToken() {
-        DateTimeUtils.setCurrentMillisFixed( DateTimeUtils.currentTimeMillis() );
+    public void testAccessToken() {
+        long now = DateTimeUtils.currentTimeMillis();
+        DateTimeUtils.setCurrentMillisFixed( now );
 
-        Authentication.Token token = jwtTokenGenerator.generateAccessToken( new TestUser( "email@email.com", "password", Pair.of( "org1", "ADMIN" ) ) );
-        assertNotNull( token.expires );
-        assertString( token.jwt ).isNotEmpty();
-        assertThat( token.expires ).isEqualTo( new DateTime( UTC ).plusMinutes( 15 ).toDate() );
-        assertThat( jwtExtractor.verifyToken( token.jwt ) ).isEqualTo( VALID );
-
-        JwtToken jwtToken = jwtExtractor.decodeJWT( token.jwt );
+        Authentication.Token accessToken = jwtTokenGenerator.generateAccessToken( getUser() );
+        assertNotNull( accessToken.expires );
+        assertThat( accessToken.expires ).isEqualTo( new DateTime( UTC ).plusMinutes( 15 ).toDate() );
+        assertString( accessToken.jwt ).isNotEmpty();
+        assertThat( jwtExtractor.verifyToken( accessToken.jwt ) ).isEqualTo( VALID );
 
+        JwtToken jwtToken = jwtExtractor.decodeJWT( accessToken.jwt );
         assertThat( jwtToken.getUserEmail() ).isEqualTo( "email@email.com" );
         assertThat( jwtToken.getPermissions( "org1" ) ).containsExactlyInAnyOrder( "accounts:list", "accounts:create" );
+
+        DateTimeUtils.setCurrentMillisFixed( now + 16 * 60 * 1000 ); // 1 minute after expiration
+        assertThat( jwtExtractor.verifyToken( accessToken.jwt ) ).isEqualTo( EXPIRED );
+    }
+
+    private static @NotNull TestUser getUser() {
+        return new TestUser( "email@email.com", "password", Pair.of( "org1", "ADMIN" ) );
+    }
+
+    @Test
+    public void testRefreshToken() {
+        long now = DateTimeUtils.currentTimeMillis();
+        DateTimeUtils.setCurrentMillisFixed( now );
+        Authentication.Token refreshToken = jwtTokenGenerator.generateRefreshToken( getUser() );
+        assertNotNull( refreshToken.expires );
+        assertThat( refreshToken.expires ).isEqualTo( new DateTime( UTC ).plusDays( 1 ).plusMinutes( 1 ).toDate() );
+        assertString( refreshToken.jwt ).isNotEmpty();
+        assertThat( jwtExtractor.verifyToken( refreshToken.jwt ) ).isEqualTo( VALID );
+
+        JwtToken jwtToken = jwtExtractor.decodeJWT( refreshToken.jwt );
+        assertThat( jwtToken.getUserEmail() ).isEqualTo( "email@email.com" );
+        assertThat( jwtToken.getPermissions( "org1" ) ).isEmpty();
+
+        DateTimeUtils.setCurrentMillisFixed( now + 24 * 3_600 * 1_000 ); //1 minute before expiration
+        assertThat( jwtExtractor.verifyToken( refreshToken.jwt ) ).isEqualTo( VALID );
+
+        DateTimeUtils.setCurrentMillisFixed( now + 24 * 3_600 * 1_000 + 65_000 ); // 5 seconds after expiration time
+        assertThat( jwtExtractor.verifyToken( refreshToken.jwt ) ).isEqualTo( EXPIRED );
     }
 }
diff --git a/pom.xml b/pom.xml
@@ -71,7 +71,7 @@
     </distributionManagement>
 
     <properties>
-        <oap.project.version>22.9.7</oap.project.version>
+        <oap.project.version>22.9.8</oap.project.version>
 
         <oap.deps.config.version>1.4.3</oap.deps.config.version>
         <oap.deps.oap-teamcity.version>22.0.0</oap.deps.oap-teamcity.version>