/** Validate the token and return it. */
private PersistentToken getPersistentToken(String[] cookieTokens) {
if (cookieTokens.length != 2) {
throw new InvalidCookieException(
"Cookie token did not contain "
+ 2
+ " tokens, but contained '"
+ Arrays.asList(cookieTokens)
+ "'");
}
String presentedSeries = cookieTokens[0];
String presentedToken = cookieTokens[1];
PersistentToken token = persistentTokenRepository.findOne(presentedSeries);
if (token == null) {
// No series match, so we can't authenticate using this cookie
throw new RememberMeAuthenticationException(
"No persistent token found for series id: " + presentedSeries);
}
// We have a match for this user/series combination
log.info("presentedToken={} / tokenValue={}", presentedToken, token.getTokenValue());
if (!presentedToken.equals(token.getTokenValue())) {
// Token doesn't match series value. Delete this session and throw an exception.
persistentTokenRepository.delete(token);
throw new CookieTheftException(
"Invalid remember-me token (Series/token) mismatch. Implies previous "
+ "cookie theft attack.");
}
if (token.getTokenDate().plusDays(TOKEN_VALIDITY_DAYS).isBefore(LocalDate.now())) {
persistentTokenRepository.delete(token);
throw new RememberMeAuthenticationException("Remember-me login has expired");
}
return token;
}
private void addCookie(
PersistentToken token, HttpServletRequest request, HttpServletResponse response) {
setCookie(
new String[] {token.getSeries(), token.getTokenValue()},
TOKEN_VALIDITY_SECONDS,
request,
response);
}