HttpSession.java

  1. /*
  2.  * The coLAB project
  3.  * Copyright (C) 2021-2023 AlbaSim, MEI, HEIG-VD, HES-SO
  4.  *
  5.  * Licensed under the MIT License
  6.  */
  7. package ch.colabproject.colab.api.model.user;

  9. import static ch.colabproject.colab.api.model.user.User.USER_SEQUENCE_NAME;
  10. import ch.colabproject.colab.api.model.WithPermission;
  11. import ch.colabproject.colab.api.model.WithWebsocketChannels;
  12. import ch.colabproject.colab.api.model.tools.EntityHelper;
  13. import ch.colabproject.colab.api.security.permissions.Conditions;
  14. import ch.colabproject.colab.api.ws.channel.tool.ChannelsBuilders.AboutAccountChannelsBuilder;
  15. import ch.colabproject.colab.api.ws.channel.tool.ChannelsBuilders.ChannelsBuilder;
  16. import ch.colabproject.colab.api.ws.channel.tool.ChannelsBuilders.ForAdminChannelsBuilder;
  17. import ch.colabproject.colab.generator.model.interfaces.WithId;
  18. import ch.colabproject.colab.generator.model.interfaces.WithJsonDiscriminator;
  19. import java.time.OffsetDateTime;
  20. import javax.json.bind.annotation.JsonbTransient;
  21. import javax.persistence.Entity;
  22. import javax.persistence.FetchType;
  23. import javax.persistence.GeneratedValue;
  24. import javax.persistence.GenerationType;
  25. import javax.persistence.Id;
  26. import javax.persistence.Index;
  27. import javax.persistence.ManyToOne;
  28. import javax.persistence.NamedQuery;
  29. import javax.persistence.Table;
  30. import javax.persistence.Transient;
  31. import javax.validation.constraints.NotEmpty;
  32. import javax.validation.constraints.Size;

  34. /**
  35.  * store session related information
  36.  *
  37.  * @author maxence
  38.  */
  39. @Entity
  40. @Table(
  41.     indexes = {
  42.         @Index(columnList = "account_id"),
  43.     }
  44. )
  45. @NamedQuery(
  46.     name = "HttpSession.getOlderThan",
  47.     query = "SELECT session FROM HttpSession session WHERE session.lastSeen < :time"
  48. )
  49. public class HttpSession
  50.     implements WithId, WithJsonDiscriminator, WithPermission, WithWebsocketChannels {

  52.     private static final long serialVersionUID = 1L;

  54.     // ---------------------------------------------------------------------------------------------
  55.     // fields
  56.     // ---------------------------------------------------------------------------------------------

  58.     /**
  59.      * Not so secret id
  60.      */
  61.     @Id
  62.     @GeneratedValue(strategy = GenerationType.SEQUENCE, generator = USER_SEQUENCE_NAME)
  63.     private Long id;

  65.     /**
  66.      * raw secret, never persisted, never serialized to client. This is just a temporary field to
  67.      * store the raw value to put in SET-COOKIE
  68.      */
  69.     @Size(max = 255)
  70.     @JsonbTransient
  71.     @Transient
  72.     private String rawSessionSecret;

  74.     /**
  75.      * Session secret id. This value is hashed and is persisted in db.
  76.      * <p>
  77.      * DO NOT SERIALIZE IN JSON EVER
  78.      */
  79.     @JsonbTransient
  80.     @NotEmpty
  81.     private byte[] sessionSecret;

  83.     /**
  84.      * Last activity date
  85.      */
  86.     private OffsetDateTime lastSeen;

  88.     /**
  89.      * User Agent who create the session
  90.      */
  91.     @Size(max = 255)
  92.     private String userAgent;

  94.     /**
  95.      * A HttpSession belongs to an account
  96.      */
  97.     @ManyToOne(optional = false, fetch = FetchType.LAZY)
  98.     @JsonbTransient
  99.     private Account account;

  101.     /**
  102.      * id of the account used for authentication
  103.      */
  104.     @Transient
  105.     private Long accountId;

  107.     // ---------------------------------------------------------------------------------------------
  108.     // getters and setters
  109.     // ---------------------------------------------------------------------------------------------

  111.     /**
  112.      * @return account id
  113.      */
  114.     @Override
  115.     public Long getId() {
  116.         return id;
  117.     }

  119.     /**
  120.      * set id
  121.      *
  122.      * @param id id
  123.      */
  124.     public void setId(Long id) {
  125.         this.id = id;
  126.     }

  128.     /**
  129.      * Get the raw secret. This will almost always return null
  130.      *
  131.      * @return the raw secret or null
  132.      */
  133.     public String getRawSessionSecret() {
  134.         return rawSessionSecret;
  135.     }

  137.     /**
  138.      * Set raw secret value
  139.      *
  140.      * @param rawSessionSecret the raw secret
  141.      */
  142.     public void setRawSessionSecret(String rawSessionSecret) {
  143.         this.rawSessionSecret = rawSessionSecret;
  144.     }

  146.     /**
  147.      * @return Get the session id
  148.      */
  149.     public byte[] getSessionSecret() {
  150.         return sessionSecret;
  151.     }

  153.     /**
  154.      * Set session id
  155.      *
  156.      * @param sessionSecret id of the session
  157.      */
  158.     public void setSessionSecret(byte[] sessionSecret) {
  159.         this.sessionSecret = sessionSecret;
  160.     }

  162.     /**
  163.      * @return Get last activity date
  164.      */
  165.     public OffsetDateTime getLastSeen() {
  166.         return lastSeen;
  167.     }

  169.     /**
  170.      * Set last activity date
  171.      *
  172.      * @param lastSeen lastSeen
  173.      */
  174.     public void setLastSeen(OffsetDateTime lastSeen) {
  175.         this.lastSeen = lastSeen;
  176.     }

  178.     /**
  179.      * Get the value of userAgent
  180.      *
  181.      * @return the value of userAgent
  182.      */
  183.     public String getUserAgent() {
  184.         return userAgent;
  185.     }

  187.     /**
  188.      * Set the value of userAgent
  189.      *
  190.      * @param userAgent new value of userAgent
  191.      */
  192.     public void setUserAgent(String userAgent) {
  193.         this.userAgent = userAgent;
  194.     }

  196.     /**
  197.      * Get the account linked to this session. The only case the account may be null is on logout or
  198.      * when the session is going to be deleted
  199.      *
  200.      * @return authenticated account
  201.      */
  202.     public Account getAccount() {
  203.         return account;
  204.     }

  206.     /**
  207.      * Set the account linked to this HttpSession
  208.      *
  209.      * @param account authenticated account
  210.      */
  211.     public void setAccount(Account account) {
  212.         this.account = account;
  213.     }

  215.     /**
  216.      * @return authenticated account, null if not authenticated
  217.      */
  218.     public Long getAccountId() {
  219.         if (account != null) {
  220.             return account.getId();
  221.         } else {
  222.             return accountId;
  223.         }
  224.     }

  226.     /**
  227.      * Set authenticated account id
  228.      *
  229.      * @param accountId id of the account account
  230.      */
  231.     public void setAccountId(Long accountId) {
  232.         this.accountId = accountId;
  233.     }

  235.     // ---------------------------------------------------------------------------------------------
  236.     // concerning the whole class
  237.     // ---------------------------------------------------------------------------------------------

  239.     @Override
  240.     public ChannelsBuilder getChannelsBuilder() {
  241.         if (this.account != null) {
  242.             return new AboutAccountChannelsBuilder(this.account);
  243.         } else {
  244.             return new ForAdminChannelsBuilder();
  245.         }
  246.     }

  248.     @Override
  249.     @JsonbTransient
  250.     public Conditions.Condition getReadCondition() {
  251.         if (this.account != null) {
  252.             // same
  253.             return this.account.getReadCondition();
  254.         } else {
  255.             // not linked to any account, nothing to hide
  256.             // This case may only exist when the session is about to be destroyed
  257.             return Conditions.alwaysTrue;
  258.         }
  259.     }

  261.     @Override
  262.     @JsonbTransient
  263.     public Conditions.Condition getUpdateCondition() {
  264.         if (this.account != null) {
  265.             // same
  266.             return this.account.getUpdateCondition();
  267.         } else {
  268.             // not linked to any account, nothing to hide
  269.             // This case may only exist when the session is about to be destroyed
  270.             return Conditions.alwaysTrue;
  271.         }
  272.     }

  274.     @Override
  275.     @JsonbTransient
  276.     public Conditions.Condition getCreateCondition() {
  277.         // anyone can create a session
  278.         return Conditions.alwaysTrue;
  279.     }

  281.     @Override
  282.     public int hashCode() {
  283.         return EntityHelper.hashCode(this);
  284.     }

  286.     @Override
  287.     @SuppressWarnings("EqualsWhichDoesntCheckParameterClass")
  288.     public boolean equals(Object obj) {
  289.         return EntityHelper.equals(this, obj);
  290.     }

  292.     @Override
  293.     public String toString() {
  294.         return "HttpSession{" + "id=" + id + ", account=" + account + ", lastSeen=" + lastSeen
  295.             + '}';
  296.     }

  298. }
Created with JaCoCo 0.8.8.202204050719