szerhusenBC#109 Add an endpoint for refreshing tokens

jmdopereiro · Apr 9, 2020 · cf09730 · cf09730
1 parent dcf718c
commit cf09730
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 4 deletions.
diff --git a/src/main/java/org/zerhusen/security/rest/AuthenticationRestController.java b/src/main/java/org/zerhusen/security/rest/AuthenticationRestController.java
@@ -8,10 +8,7 @@
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 import org.zerhusen.security.rest.dto.LoginDto;
 import org.zerhusen.security.jwt.JWTFilter;
 import org.zerhusen.security.jwt.TokenProvider;
@@ -52,6 +49,18 @@ public ResponseEntity<JWTToken> authorize(@Valid @RequestBody LoginDto loginDto)
       return new ResponseEntity<>(new JWTToken(jwt), httpHeaders, HttpStatus.OK);
    }
 
+   @GetMapping("/token")
+   public ResponseEntity<JWTToken> refreshAuthenticationToken(Authentication authentication) {
+
+      String jwt = tokenProvider.createToken(authentication, false);
+
+      HttpHeaders httpHeaders = new HttpHeaders();
+      httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer " + jwt);
+
+      return new ResponseEntity<>(new JWTToken(jwt), httpHeaders, HttpStatus.OK);
+
+   }
+
    /**
     * Object to return as body in JWT Authentication.
     */

diff --git a/src/test/java/org/zerhusen/security/rest/AuthenticationRestControllerTest.java b/src/test/java/org/zerhusen/security/rest/AuthenticationRestControllerTest.java
@@ -6,9 +6,11 @@
 
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.not;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+import static org.zerhusen.util.LogInUtils.getTokenForLogin;
 
 public class AuthenticationRestControllerTest extends AbstractRestControllerTest {
 
@@ -57,4 +59,23 @@ public void unsuccessfulAuthenticationWithNotExistingUser() throws Exception {
          .andExpect(content().string(not(containsString("id_token"))));
    }
 
+   @Test
+   public void successfulRefreshToken() throws Exception {
+      final String token = getTokenForLogin("user", "password", getMockMvc());
+
+      getMockMvc().perform(get("/api/token")
+         .contentType(MediaType.APPLICATION_JSON)
+         .header("Authorization", "Bearer " + token))
+         .andExpect(status().isOk())
+         .andExpect(content().string(containsString("id_token")));
+
+   }
+
+   @Test
+   public void unsuccessfulRefreshToken() throws Exception{
+      getMockMvc().perform(get("/api/token")
+         .contentType(MediaType.APPLICATION_JSON))
+         .andExpect(status().isUnauthorized())
+         .andExpect(content().string(not(containsString("id_token"))));
+   }
 }