vyom-soft
diff --git a/‎README.md
+1-2 b/‎README.md
+1-2
diff --git a/‎pom.xml
+4 b/‎pom.xml
+4
diff --git a/‎src/main/java/com/bfwg/common/TimeProvider.java
+19 b/‎src/main/java/com/bfwg/common/TimeProvider.java
+19
diff --git a/‎src/main/java/com/bfwg/config/WebSecurityConfig.java
+4-11 b/‎src/main/java/com/bfwg/config/WebSecurityConfig.java
+4-11
diff --git a/‎src/main/java/com/bfwg/rest/AuthenticationController.java
+62-2 b/‎src/main/java/com/bfwg/rest/AuthenticationController.java
+62-2
diff --git a/‎src/main/java/com/bfwg/security/TokenHelper.java
+97-39 b/‎src/main/java/com/bfwg/security/TokenHelper.java
+97-39
@@ -71,8 +71,7 @@ springboot-jwt-starter/
  │   │   │   │   └──UserController.java                         * REST controller to handle User related requests
  │   │   │   ├──security                                        * Security related folder(JWT, filters)
  │   │   │   │   ├──auth
- │   │   │   │   │   ├──AuthenticationFailureHandler.java       * login fail handler, configrued in WebSecurityConfig
- │   │   │   │   │   ├──AuthenticationSuccessHandler.java       * login success handler, configrued in WebSecurityConfig
+ │   │   │   │   │   ├──JwtAuthenticationRequest.java           * login request object, contains username and password
  │   │   │   │   │   ├──LogoutSuccess.java                      * controls the behavior after sign out.
  │   │   │   │   │   ├──RestAuthenticationEntryPoint.java       * handle auth exceptions, like invalid token etc.
  │   │   │   │   │   ├──TokenAuthenticationFilter.java          * the JWT token filter, configured in WebSecurityConfig
 
@@ -37,6 +37,10 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-data-jpa</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-mobile</artifactId>
+		</dependency>
 		<dependency>
             <groupId>io.jsonwebtoken</groupId>
             <artifactId>jjwt</artifactId>
 
@@ -0,0 +1,19 @@
+package com.bfwg.common;
+
+import org.springframework.stereotype.Component;
+
+import java.io.Serializable;
+import java.util.Date;
+
+/**
+ * Created by fanjin on 2017-10-07.
+ */
+@Component
+public class TimeProvider implements Serializable {
+
+    private static final long serialVersionUID = -3301695478208950415L;
+
+    public Date now() {
+        return new Date();
+    }
+}
@@ -53,13 +53,6 @@ public void configureGlobal( AuthenticationManagerBuilder auth ) throws Exceptio
             .passwordEncoder( passwordEncoder() );
     }
 
-    @Autowired
-    private AuthenticationSuccessHandler authenticationSuccessHandler;
-
-    @Autowired
-    private AuthenticationFailureHandler authenticationFailureHandler;
-
-
     @Autowired
     TokenHelper tokenHelper;
 
@@ -72,6 +65,8 @@ protected void configure(HttpSecurity http) throws Exception {
                 .antMatchers(
                         HttpMethod.GET,
                         "/",
+                        "/auth/**",
+                        "/webjars/**",
                         "/*.html",
                         "/favicon.ico",
                         "/**/*.html",
@@ -81,10 +76,6 @@ protected void configure(HttpSecurity http) throws Exception {
                 .antMatchers("/auth/**").permitAll()
                 .anyRequest().authenticated().and()
                 .addFilterBefore(new TokenAuthenticationFilter(tokenHelper, userDetailsService), BasicAuthenticationFilter.class)
-                .formLogin()
-                .loginPage("/auth/login")
-                .successHandler(authenticationSuccessHandler)
-                .failureHandler(authenticationFailureHandler).and()
                 .logout()
                 .logoutRequestMatcher(new AntPathRequestMatcher("/auth/logout"))
                 .logoutSuccessHandler(logoutSuccess)
@@ -104,6 +95,8 @@ public void configure(WebSecurity web) throws Exception {
         web.ignoring().antMatchers(
                 HttpMethod.GET,
                 "/",
+                "/auth/**",
+                "/webjars/**",
                 "/*.html",
                 "/favicon.ico",
                 "/**/*.html",
 
@@ -1,18 +1,30 @@
 package com.bfwg.rest;
 
+import com.bfwg.model.User;
 import com.bfwg.model.UserTokenState;
 import com.bfwg.security.TokenHelper;
+import com.bfwg.security.auth.JwtAuthenticationRequest;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.mobile.device.Device;
+import org.springframework.mobile.device.DeviceUtils;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
 
 /**
  * Created by fan.jin on 2017-05-10.
@@ -25,24 +37,72 @@ public class AuthenticationController {
     @Autowired
     TokenHelper tokenHelper;
 
+    @Autowired
+    ObjectMapper objectMapper;
+
+    @Autowired
+    private AuthenticationManager authenticationManager;
+
     @Value("${jwt.expires_in}")
     private int EXPIRES_IN;
 
+    @Value("${jwt.mobile_expires_in}")
+    private int MOBILE_EXPIRES_IN;
+
     @Value("${jwt.cookie}")
     private String TOKEN_COOKIE;
 
+    @RequestMapping(value = "/login", method = RequestMethod.POST)
+    public ResponseEntity<?> createAuthenticationToken(
+            @RequestBody JwtAuthenticationRequest authenticationRequest,
+            HttpServletResponse response,
+            Device device
+    ) throws AuthenticationException, IOException {
+
+        // Perform the security
+        final Authentication authentication = authenticationManager.authenticate(
+                new UsernamePasswordAuthenticationToken(
+                        authenticationRequest.getUsername(),
+                        authenticationRequest.getPassword()
+                )
+        );
+        SecurityContextHolder.getContext().setAuthentication(authentication);
+
+        User user = (User)authentication.getPrincipal();
+
+        String jws = tokenHelper.generateToken( user.getUsername(), device);
+
+        UserTokenState userTokenState;
+        if (device.isMobile() || device.isTablet()) {
+            userTokenState = new UserTokenState(jws, MOBILE_EXPIRES_IN);
+        } else {
+            // Create token auth Cookie
+            Cookie authCookie = new Cookie( TOKEN_COOKIE, ( jws ) );
+            authCookie.setPath( "/" );
+            authCookie.setHttpOnly( true );
+            authCookie.setMaxAge( EXPIRES_IN );
+            // Add cookie to response
+            response.addCookie( authCookie );
+            userTokenState = new UserTokenState(jws, EXPIRES_IN);
+        }
+        // Return the token
+        return ResponseEntity.ok(userTokenState);
+    }
+
     @RequestMapping(value = "/refresh", method = RequestMethod.GET)
     public ResponseEntity<?> refreshAuthenticationToken(HttpServletRequest request, HttpServletResponse response) {
 
         String authToken = tokenHelper.getToken( request );
+        Device currentDevice = DeviceUtils.getCurrentDevice(request);
+
         if (authToken != null && tokenHelper.canTokenBeRefreshed(authToken)) {
             // TODO check user password last update
-            String refreshedToken = tokenHelper.refreshToken(authToken);
+            String refreshedToken = tokenHelper.refreshToken(authToken, currentDevice);
 
             Cookie authCookie = new Cookie( TOKEN_COOKIE, ( refreshedToken ) );
             authCookie.setPath( "/" );
             authCookie.setHttpOnly( true );
-            authCookie.setMaxAge( EXPIRES_IN );
+//            authCookie.setMaxAge( EXPIRES_IN );
             // Add cookie to response
             response.addCookie( authCookie );
 
 
@@ -1,19 +1,18 @@
 package com.bfwg.security;
 
+import com.bfwg.common.TimeProvider;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
-import org.joda.time.DateTime;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.mobile.device.Device;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Component;
 
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import java.util.Date;
-import java.util.Map;
-import java.util.function.Function;
 
 
 /**
@@ -32,74 +31,133 @@ public class TokenHelper {
     @Value("${jwt.expires_in}")
     private long EXPIRES_IN;
 
+    @Value("${jwt.mobile_expires_in}")
+    private long MOBILE_EXPIRES_IN;
+
     @Value("${jwt.header}")
     private String AUTH_HEADER;
 
     @Value("${jwt.cookie}")
     private String AUTH_COOKIE;
 
+    static final String AUDIENCE_UNKNOWN = "unknown";
+    static final String AUDIENCE_WEB = "web";
+    static final String AUDIENCE_MOBILE = "mobile";
+    static final String AUDIENCE_TABLET = "tablet";
+
     @Autowired
-    UserDetailsService userDetailsService;
+    TimeProvider timeProvider;
 
     private SignatureAlgorithm SIGNATURE_ALGORITHM = SignatureAlgorithm.HS512;
 
     public String getUsernameFromToken(String token) {
-        return getClaimsFromToken(token, Claims::getSubject);
+        String username;
+        try {
+            final Claims claims = this.getAllClaimsFromToken(token);
+            username = claims.getSubject();
+        } catch (Exception e) {
+            username = null;
+        }
+        return username;
     }
 
-    public Boolean canTokenBeRefreshed(String token) {
-        final Date expirationDate = getClaimsFromToken(token, Claims::getExpiration);
-        return expirationDate.compareTo(generateCurrentDate()) > 0;
+    public Date getIssuedAtDateFromToken(String token) {
+        Date issueAt;
+        try {
+            final Claims claims = this.getAllClaimsFromToken(token);
+            issueAt = claims.getIssuedAt();
+        } catch (Exception e) {
+            issueAt = null;
+        }
+        return issueAt;
+    }
+
+    public String getAudienceFromToken(String token) {
+        String audience;
+        try {
+            final Claims claims = this.getAllClaimsFromToken(token);
+            audience = claims.getAudience();
+        } catch (Exception e) {
+            audience = null;
+        }
+        return audience;
     }
 
-    public String refreshToken(String token) {
-        final Claims claims = getAllClaimsFromToken(token);
-        claims.setIssuedAt(generateCurrentDate());
-        return generateToken(claims);
+    public String refreshToken(String token, Device device) {
+        String refreshedToken;
+        try {
+            final Claims claims = this.getAllClaimsFromToken(token);
+            claims.setIssuedAt(timeProvider.now());
+            refreshedToken = Jwts.builder()
+                .setClaims(claims)
+                .setExpiration(generateExpirationDate(device))
+                .signWith( SIGNATURE_ALGORITHM, SECRET )
+                .compact();
+        } catch (Exception e) {
+            refreshedToken = null;
+        }
+        return refreshedToken;
     }
 
-    public String generateToken(String username) {
+    public String generateToken(String username, Device device) {
+        String audience = generateAudience(device);
         return Jwts.builder()
                 .setIssuer( APP_NAME )
                 .setSubject(username)
-                .setIssuedAt(generateCurrentDate())
-                .setExpiration(generateExpirationDate())
+                .setAudience(audience)
+                .setIssuedAt(timeProvider.now())
+                .setExpiration(generateExpirationDate(device))
                 .signWith( SIGNATURE_ALGORITHM, SECRET )
                 .compact();
     }
 
-
-    private <T> T getClaimsFromToken(String token, Function<Claims, T> claimsResolver) {
-        Claims claims = getAllClaimsFromToken(token);
-        return claimsResolver.apply(claims);
+    private String generateAudience(Device device) {
+        String audience = AUDIENCE_UNKNOWN;
+        if (device.isNormal()) {
+            audience = AUDIENCE_WEB;
+        } else if (device.isTablet()) {
+            audience = AUDIENCE_TABLET;
+        } else if (device.isMobile()) {
+            audience = AUDIENCE_MOBILE;
+        }
+        return audience;
     }
 
     private Claims getAllClaimsFromToken(String token) {
-        return Jwts.parser()
-                .setSigningKey(SECRET)
-                .parseClaimsJws(token)
-                .getBody();
-    }
-
-    String generateToken(Map<String, Object> claims) {
-        return Jwts.builder()
-                .setClaims(claims)
-                .setExpiration(generateExpirationDate())
-                .signWith( SIGNATURE_ALGORITHM, SECRET )
-                .compact();
+        Claims claims;
+        try {
+            claims = Jwts.parser()
+                    .setSigningKey(SECRET)
+                    .parseClaimsJws(token)
+                    .getBody();
+        } catch (Exception e) {
+            claims = null;
+        }
+        return claims;
     }
 
-    private long getCurrentTimeMillis() {
-        return DateTime.now().getMillis();
+    private Date generateExpirationDate(Device device) {
+        long expiresIn = device.isTablet() || device.isMobile() ? MOBILE_EXPIRES_IN : EXPIRES_IN;
+        return new Date(timeProvider.now().getTime() + expiresIn * 1000);
     }
 
-    private Date generateCurrentDate() {
-        return new Date(getCurrentTimeMillis());
+    public Boolean canTokenBeRefreshed(String token) {
+        final Date created = getIssuedAtDateFromToken(token);
+        if (created == null) {
+            return false;
+        } else {
+            return true;
+        }
     }
 
-    private Date generateExpirationDate() {
-
-        return new Date(getCurrentTimeMillis() + this.EXPIRES_IN * 1000);
+    public Boolean validateToken(String token, UserDetails userDetails) {
+        final String username = getUsernameFromToken(token);
+//        final Date created = getIssuedAtDateFromToken(token);
+        return (
+                username != null &&
+                username.equals(userDetails.getUsername())
+//                        && !isCreatedBeforeLastPasswordReset(created, user.getLastPasswordResetDate())
+        );
     }
 
     public String getToken( HttpServletRequest request ) {