Fix removal of expired cookies

Cookies that expired during server downtime failed to be removed from the database. This occurred because the cookie removal method did a lookup to the in-memory active cookies, but the startup method does not load expired cookies to memory. Because the expired cookies were never loaded to memory this did not pose a security vulnerability. Fixed by always deleting a cookie from database if requested.
2024-06-26 06:34:56 +02:00 · 2022-11-20 19:50:48 +02:00 · 2022-11-20 19:50:48 +02:00 · 7a582c3b6e
commit 7a582c3b6e
parent 4f650e358d
2 changed files with 16 additions and 9 deletions
--- a/Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/auth/ActiveCookieExpiryCleanupTask.java
+++ b/Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/auth/ActiveCookieExpiryCleanupTask.java
@ -17,6 +17,8 @@
 package com.djrapitops.plan.delivery.webserver.auth;

 import com.djrapitops.plan.TaskSystem;
+import com.djrapitops.plan.delivery.formatting.Formatter;
+import com.djrapitops.plan.delivery.formatting.Formatters;
 import com.djrapitops.plan.settings.config.PlanConfig;
 import com.djrapitops.plan.settings.config.paths.PluginSettings;
 import dagger.Lazy;
@ -40,13 +42,20 @@ public class ActiveCookieExpiryCleanupTask extends TaskSystem.Task {
    private final PluginLogger logger;

    private final Map<String, Long> expiryDates;
+    private final Formatter<Long> dateFormatter;

    @Inject
-    public ActiveCookieExpiryCleanupTask(PlanConfig config, Lazy<ActiveCookieStore> activeCookieStore, PluginLogger logger) {
+    public ActiveCookieExpiryCleanupTask(
+            PlanConfig config,
+            Lazy<ActiveCookieStore> activeCookieStore,
+            Formatters formatters,
+            PluginLogger logger
+    ) {
        this.config = config;
        this.activeCookieStore = activeCookieStore;
        this.logger = logger;
        this.expiryDates = new ConcurrentHashMap<>();
+        dateFormatter = formatters.secondLong();
    }

    @Override
@ -74,7 +83,7 @@ public class ActiveCookieExpiryCleanupTask extends TaskSystem.Task {
            activeCookieStore.get().removeCookie(cookie);
            expiryDates.remove(cookie);
            if (config.isTrue(PluginSettings.DEV_MODE)) {
-                logger.info("Cookie " + cookie + " has expired: " + time);
+                logger.info("Cookie " + cookie + " has expired: " + dateFormatter.apply(time));
            }
        }
    }
@ -82,7 +91,7 @@ public class ActiveCookieExpiryCleanupTask extends TaskSystem.Task {
    public void addExpiry(String cookie, Long time) {
        expiryDates.put(cookie, time);
        if (config.isTrue(PluginSettings.DEV_MODE)) {
-            logger.info("Cookie " + cookie + " will expire " + time);
+            logger.info("Cookie " + cookie + " will expire " + dateFormatter.apply(time));
        }
    }
 }
--- a/Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/auth/ActiveCookieStore.java
+++ b/Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/auth/ActiveCookieStore.java
@ -125,12 +125,10 @@ public class ActiveCookieStore implements SubSystem {
    }

    public void removeCookie(String cookie) {
-        Optional<User> foundUser = checkCookie(cookie);
-        if (foundUser.isPresent()) {
-            USERS_BY_COOKIE.remove(cookie);
-            deleteCookieByUser(foundUser.get().getUsername());
-            deleteCookie(cookie);
-        }
+        checkCookie(cookie).map(User::getUsername)
+                .ifPresent(this::deleteCookieByUser);
+        USERS_BY_COOKIE.remove(cookie);
+        deleteCookie(cookie);
    }

    private void deleteCookie(String cookie) {