Fix removal of expired cookies

Cookies that expired during server downtime failed to be
removed from the database.

This occurred because the cookie removal method did a lookup
to the in-memory active cookies, but the startup method does
not load expired cookies to memory.

Because the expired cookies were never loaded to memory this
did not pose a security vulnerability.

Fixed by always deleting a cookie from database if requested.
This commit is contained in:
Aurora Lahtela 2022-11-20 19:50:48 +02:00
parent 4f650e358d
commit 7a582c3b6e
2 changed files with 16 additions and 9 deletions

View File

@ -17,6 +17,8 @@
package com.djrapitops.plan.delivery.webserver.auth;
import com.djrapitops.plan.TaskSystem;
import com.djrapitops.plan.delivery.formatting.Formatter;
import com.djrapitops.plan.delivery.formatting.Formatters;
import com.djrapitops.plan.settings.config.PlanConfig;
import com.djrapitops.plan.settings.config.paths.PluginSettings;
import dagger.Lazy;
@ -40,13 +42,20 @@ public class ActiveCookieExpiryCleanupTask extends TaskSystem.Task {
private final PluginLogger logger;
private final Map<String, Long> expiryDates;
private final Formatter<Long> dateFormatter;
@Inject
public ActiveCookieExpiryCleanupTask(PlanConfig config, Lazy<ActiveCookieStore> activeCookieStore, PluginLogger logger) {
public ActiveCookieExpiryCleanupTask(
PlanConfig config,
Lazy<ActiveCookieStore> activeCookieStore,
Formatters formatters,
PluginLogger logger
) {
this.config = config;
this.activeCookieStore = activeCookieStore;
this.logger = logger;
this.expiryDates = new ConcurrentHashMap<>();
dateFormatter = formatters.secondLong();
}
@Override
@ -74,7 +83,7 @@ public class ActiveCookieExpiryCleanupTask extends TaskSystem.Task {
activeCookieStore.get().removeCookie(cookie);
expiryDates.remove(cookie);
if (config.isTrue(PluginSettings.DEV_MODE)) {
logger.info("Cookie " + cookie + " has expired: " + time);
logger.info("Cookie " + cookie + " has expired: " + dateFormatter.apply(time));
}
}
}
@ -82,7 +91,7 @@ public class ActiveCookieExpiryCleanupTask extends TaskSystem.Task {
public void addExpiry(String cookie, Long time) {
expiryDates.put(cookie, time);
if (config.isTrue(PluginSettings.DEV_MODE)) {
logger.info("Cookie " + cookie + " will expire " + time);
logger.info("Cookie " + cookie + " will expire " + dateFormatter.apply(time));
}
}
}

View File

@ -125,12 +125,10 @@ public class ActiveCookieStore implements SubSystem {
}
public void removeCookie(String cookie) {
Optional<User> foundUser = checkCookie(cookie);
if (foundUser.isPresent()) {
USERS_BY_COOKIE.remove(cookie);
deleteCookieByUser(foundUser.get().getUsername());
deleteCookie(cookie);
}
checkCookie(cookie).map(User::getUsername)
.ifPresent(this::deleteCookieByUser);
USERS_BY_COOKIE.remove(cookie);
deleteCookie(cookie);
}
private void deleteCookie(String cookie) {