Skip to content

Commit

Permalink
fix: session changes
Browse files Browse the repository at this point in the history
  • Loading branch information
@sattvikc
sattvikc committed Mar 1, 2024
1 parent 89fd936 commit 458c3b6
Show file tree
Hide file tree
Showing 9 changed files with 199 additions and 181 deletions.
229 changes: 115 additions & 114 deletions src/main/java/io/supertokens/session/Session.java
View file

Large diffs are not rendered by default.

8 changes: 5 additions & 3 deletions src/main/java/io/supertokens/webserver/api/session/HandshakeAPI.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import io.supertokens.pluginInterface.RECIPE_ID;
import io.supertokens.pluginInterface.exceptions.StorageQueryException;
import io.supertokens.pluginInterface.exceptions.StorageTransactionLogicException;
import io.supertokens.pluginInterface.multitenancy.TenantIdentifier;
import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
import io.supertokens.utils.SemVer;
import io.supertokens.utils.Utils;
Expand Down Expand Up @@ -60,14 +61,15 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
Utils.addLegacySigningKeyInfos(this.getAppIdentifier(req), main, result,
super.getVersionFromRequest(req).betweenInclusive(SemVer.v2_9, SemVer.v2_21));

TenantIdentifier tenantIdentifier = getTenantIdentifier(req);
result.addProperty("accessTokenBlacklistingEnabled",
Config.getConfig(this.getTenantStorage(req), main)
Config.getConfig(tenantIdentifier, main)
.getAccessTokenBlacklisting());
result.addProperty("accessTokenValidity",
Config.getConfig(this.getTenantStorage(req), main)
Config.getConfig(tenantIdentifier, main)
.getAccessTokenValidity());
result.addProperty("refreshTokenValidity",
Config.getConfig(this.getTenantStorage(req), main)
Config.getConfig(tenantIdentifier, main)
.getRefreshTokenValidity());
super.sendJsonResponse(200, result, resp);
} catch (StorageQueryException | StorageTransactionLogicException | TenantOrAppNotFoundException | UnsupportedJWTSigningAlgorithmException e) {
Expand Down
27 changes: 14 additions & 13 deletions src/main/java/io/supertokens/webserver/api/session/JWTDataAPI.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,10 @@
import io.supertokens.exceptions.UnauthorisedException;
import io.supertokens.output.Logging;
import io.supertokens.pluginInterface.RECIPE_ID;
import io.supertokens.pluginInterface.Storage;
import io.supertokens.pluginInterface.exceptions.StorageQueryException;
import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
import io.supertokens.pluginInterface.multitenancy.AppIdentifierWithStorage;
import io.supertokens.pluginInterface.multitenancy.TenantIdentifier;
import io.supertokens.pluginInterface.multitenancy.TenantIdentifierWithStorage;
import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
import io.supertokens.session.Session;
import io.supertokens.session.accessToken.AccessToken;
Expand Down Expand Up @@ -65,22 +64,23 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO
JsonObject userDataInJWT = InputParser.parseJsonObjectOrThrowError(input, "userDataInJWT", false);
assert userDataInJWT != null;

TenantIdentifierWithStorage tenantIdentifierWithStorage = null;
TenantIdentifier tenantIdentifier;
Storage storage;
try {
AppIdentifier appIdentifier = getAppIdentifier(req);
TenantIdentifier tenantIdentifier = new TenantIdentifier(appIdentifier.getConnectionUriDomain(), appIdentifier.getAppId(), Session.getTenantIdFromSessionHandle(sessionHandle));
tenantIdentifierWithStorage = tenantIdentifier.withStorage(StorageLayer.getStorage(tenantIdentifier, main));
tenantIdentifier = new TenantIdentifier(appIdentifier.getConnectionUriDomain(), appIdentifier.getAppId(), Session.getTenantIdFromSessionHandle(sessionHandle));
storage = StorageLayer.getStorage(tenantIdentifier, main);
} catch (TenantOrAppNotFoundException e) {
throw new ServletException(e);
}

try {
if (getVersionFromRequest(req).greaterThanOrEqualTo(SemVer.v2_21)) {
AccessToken.VERSION version = AccessToken.getAccessTokenVersionForCDI(getVersionFromRequest(req));
Session.updateSession(tenantIdentifierWithStorage, sessionHandle, null,
Session.updateSession(tenantIdentifier, storage, sessionHandle, null,
userDataInJWT, version);
} else {
Session.updateSessionBeforeCDI2_21(tenantIdentifierWithStorage, sessionHandle,
Session.updateSessionBeforeCDI2_21(tenantIdentifier, storage, sessionHandle,
null, userDataInJWT);
}

Expand All @@ -94,7 +94,7 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO
} catch (AccessTokenPayloadError e) {
throw new ServletException(new BadRequestException(e.getMessage()));
} catch (UnauthorisedException e) {
Logging.debug(main, tenantIdentifierWithStorage, Utils.exceptionStacktraceToString(e));
Logging.debug(main, tenantIdentifier, Utils.exceptionStacktraceToString(e));
JsonObject reply = new JsonObject();
reply.addProperty("status", "UNAUTHORISED");
reply.addProperty("message", e.getMessage());
Expand All @@ -109,17 +109,18 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IO
String sessionHandle = InputParser.getQueryParamOrThrowError(req, "sessionHandle", false);
assert sessionHandle != null;

TenantIdentifierWithStorage tenantIdentifierWithStorage = null;
TenantIdentifier tenantIdentifier;
Storage storage;
try {
AppIdentifier appIdentifier = getAppIdentifier(req);
TenantIdentifier tenantIdentifier = new TenantIdentifier(appIdentifier.getConnectionUriDomain(), appIdentifier.getAppId(), Session.getTenantIdFromSessionHandle(sessionHandle));
tenantIdentifierWithStorage = tenantIdentifier.withStorage(StorageLayer.getStorage(tenantIdentifier, main));
tenantIdentifier = new TenantIdentifier(appIdentifier.getConnectionUriDomain(), appIdentifier.getAppId(), Session.getTenantIdFromSessionHandle(sessionHandle));
storage = StorageLayer.getStorage(tenantIdentifier, main);
} catch (TenantOrAppNotFoundException e) {
throw new ServletException(e);
}

try {
JsonElement jwtPayload = Session.getJWTData(tenantIdentifierWithStorage, sessionHandle);
JsonElement jwtPayload = Session.getJWTData(tenantIdentifier, storage, sessionHandle);

JsonObject result = new JsonObject();

Expand All @@ -130,7 +131,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IO
} catch (StorageQueryException e) {
throw new ServletException(e);
} catch (UnauthorisedException e) {
Logging.debug(main, tenantIdentifierWithStorage, Utils.exceptionStacktraceToString(e));
Logging.debug(main, tenantIdentifier, Utils.exceptionStacktraceToString(e));
JsonObject reply = new JsonObject();
reply.addProperty("status", "UNAUTHORISED");
reply.addProperty("message", e.getMessage());
Expand Down
18 changes: 9 additions & 9 deletions src/main/java/io/supertokens/webserver/api/session/RefreshSessionAPI.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,11 @@
import io.supertokens.output.Logging;
import io.supertokens.pluginInterface.RECIPE_ID;
import io.supertokens.pluginInterface.STORAGE_TYPE;
import io.supertokens.pluginInterface.Storage;
import io.supertokens.pluginInterface.exceptions.StorageQueryException;
import io.supertokens.pluginInterface.exceptions.StorageTransactionLogicException;
import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
import io.supertokens.pluginInterface.multitenancy.AppIdentifierWithStorage;
import io.supertokens.pluginInterface.multitenancy.TenantIdentifier;
import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
import io.supertokens.pluginInterface.useridmapping.UserIdMapping;
import io.supertokens.session.Session;
Expand Down Expand Up @@ -78,19 +79,18 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
SessionInformationHolder sessionInfo = Session.refreshSession(appIdentifier, main,
refreshToken, antiCsrfToken,
enableAntiCsrf, accessTokenVersion);
TenantIdentifier tenantIdentifier = new TenantIdentifier(appIdentifier.getConnectionUriDomain(),
appIdentifier.getAppId(), sessionInfo.session.tenantId);
Storage storage = StorageLayer.getStorage(tenantIdentifier, main);

if (StorageLayer.getStorage(this.getTenantStorage(req), main).getType() ==
STORAGE_TYPE.SQL) {
if (storage.getType() == STORAGE_TYPE.SQL) {
try {
UserIdMapping userIdMapping = io.supertokens.useridmapping.UserIdMapping.getUserIdMapping(
this.getTenantStorage(req).toAppIdentifierWithStorage(),
sessionInfo.session.userId, UserIdType.ANY);
appIdentifier, storage, sessionInfo.session.userId, UserIdType.ANY);
if (userIdMapping != null) {
ActiveUsers.updateLastActive(this.getPublicTenantStorage(req), main,
userIdMapping.superTokensUserId);
ActiveUsers.updateLastActive(appIdentifier, main, userIdMapping.superTokensUserId);
} else {
ActiveUsers.updateLastActive(this.getPublicTenantStorage(req), main,
sessionInfo.session.userId);
ActiveUsers.updateLastActive(appIdentifier, main, sessionInfo.session.userId);
}
} catch (StorageQueryException ignored) {
}
Expand Down
34 changes: 18 additions & 16 deletions src/main/java/io/supertokens/webserver/api/session/SessionAPI.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,12 +27,11 @@
import io.supertokens.output.Logging;
import io.supertokens.pluginInterface.RECIPE_ID;
import io.supertokens.pluginInterface.STORAGE_TYPE;
import io.supertokens.pluginInterface.Storage;
import io.supertokens.pluginInterface.exceptions.StorageQueryException;
import io.supertokens.pluginInterface.exceptions.StorageTransactionLogicException;
import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
import io.supertokens.pluginInterface.multitenancy.AppIdentifierWithStorage;
import io.supertokens.pluginInterface.multitenancy.TenantIdentifier;
import io.supertokens.pluginInterface.multitenancy.TenantIdentifierWithStorage;
import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
import io.supertokens.pluginInterface.session.SessionInfo;
import io.supertokens.session.Session;
Expand Down Expand Up @@ -86,7 +85,10 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
assert userDataInDatabase != null;

try {
boolean useStaticSigningKey = !Config.getConfig(this.getTenantStorage(req), main)
TenantIdentifier tenantIdentifier = getTenantIdentifier(req);
Storage storage = getTenantStorage(req);

boolean useStaticSigningKey = !Config.getConfig(tenantIdentifier, main)
.getAccessTokenSigningKeyDynamic();
if (version.greaterThanOrEqualTo(SemVer.v2_21)) {
Boolean useDynamicSigningKey = InputParser.parseBooleanOrThrowError(input, "useDynamicSigningKey",
Expand All @@ -99,22 +101,21 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
AccessToken.VERSION accessTokenVersion = AccessToken.getAccessTokenVersionForCDI(version);

SessionInformationHolder sessionInfo = Session.createNewSession(
this.getTenantStorage(req), main, userId, userDataInJWT,
tenantIdentifier, storage, main, userId, userDataInJWT,
userDataInDatabase, enableAntiCsrf, accessTokenVersion,
useStaticSigningKey);

if (StorageLayer.getStorage(this.getTenantStorage(req), main).getType() ==
STORAGE_TYPE.SQL) {
if (storage.getType() == STORAGE_TYPE.SQL) {
try {
io.supertokens.pluginInterface.useridmapping.UserIdMapping userIdMapping =
io.supertokens.useridmapping.UserIdMapping.getUserIdMapping(
this.getTenantStorage(req).toAppIdentifierWithStorage(),
tenantIdentifier.toAppIdentifier(), storage,
sessionInfo.session.userId, UserIdType.ANY);
if (userIdMapping != null) {
ActiveUsers.updateLastActive(this.getPublicTenantStorage(req), main,
ActiveUsers.updateLastActive(tenantIdentifier.toAppIdentifier(), main,
userIdMapping.superTokensUserId);
} else {
ActiveUsers.updateLastActive(this.getPublicTenantStorage(req), main,
ActiveUsers.updateLastActive(tenantIdentifier.toAppIdentifier(), main,
sessionInfo.session.userId);
}
} catch (StorageQueryException ignored) {
Expand All @@ -135,7 +136,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
if (super.getVersionFromRequest(req).greaterThanOrEqualTo(SemVer.v2_21)) {
result.remove("idRefreshToken");
} else {
Utils.addLegacySigningKeyInfos(this.getTenantStorage(req).toAppIdentifier(), main, result,
Utils.addLegacySigningKeyInfos(tenantIdentifier.toAppIdentifier(), main, result,
super.getVersionFromRequest(req).betweenInclusive(SemVer.v2_9, SemVer.v2_21));
}

Expand All @@ -156,18 +157,19 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IO
String sessionHandle = InputParser.getQueryParamOrThrowError(req, "sessionHandle", false);
assert sessionHandle != null;

TenantIdentifierWithStorage tenantIdentifierWithStorage = null;
TenantIdentifier tenantIdentifier;
Storage storage;
try {
AppIdentifier appIdentifier = getAppIdentifier(req);
TenantIdentifier tenantIdentifier = new TenantIdentifier(appIdentifier.getConnectionUriDomain(),
tenantIdentifier = new TenantIdentifier(appIdentifier.getConnectionUriDomain(),
appIdentifier.getAppId(), Session.getTenantIdFromSessionHandle(sessionHandle));
tenantIdentifierWithStorage = tenantIdentifier.withStorage(StorageLayer.getStorage(tenantIdentifier, main));
storage = StorageLayer.getStorage(tenantIdentifier, main);
} catch (TenantOrAppNotFoundException e) {
throw new ServletException(e);
}

try {
SessionInfo sessionInfo = Session.getSession(tenantIdentifierWithStorage, sessionHandle);
SessionInfo sessionInfo = Session.getSession(tenantIdentifier, storage, sessionHandle);

JsonObject result = new Gson().toJsonTree(sessionInfo).getAsJsonObject();
result.add("userDataInJWT", Utils.toJsonTreeWithNulls(sessionInfo.userDataInJWT));
Expand All @@ -176,7 +178,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IO
result.addProperty("status", "OK");

if (getVersionFromRequest(req).greaterThanOrEqualTo(SemVer.v3_0)) {
result.addProperty("tenantId", tenantIdentifierWithStorage.getTenantId());
result.addProperty("tenantId", tenantIdentifier.getTenantId());
}
if (getVersionFromRequest(req).lesserThan(SemVer.v4_0)) {
result.remove("recipeUserId");
Expand All @@ -187,7 +189,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IO
} catch (StorageQueryException e) {
throw new ServletException(e);
} catch (UnauthorisedException e) {
Logging.debug(main, tenantIdentifierWithStorage, Utils.exceptionStacktraceToString(e));
Logging.debug(main, tenantIdentifier, Utils.exceptionStacktraceToString(e));
JsonObject reply = new JsonObject();
reply.addProperty("status", "UNAUTHORISED");
reply.addProperty("message", e.getMessage());
Expand Down
Loading

0 comments on commit 458c3b6

Please sign in to comment.