From 417a5fd2936bcc36b719a95de23de73ce06bef77 Mon Sep 17 00:00:00 2001
From: Rick Herrick <jrherrick@wustl.edu>
Date: Thu, 25 Aug 2016 14:09:47 -0500
Subject: [PATCH] XNAT-4356 XNAT-4477 Added expiration time to alias token.
 Fixed logic in user enabling and verifying routines.

---
 .../xnat/restlet/services/AliasTokenRestlet.java  | 15 +++++++++------
 .../xnat/security/XnatAuthenticationFilter.java   |  2 +-
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/src/main/java/org/nrg/xnat/restlet/services/AliasTokenRestlet.java b/src/main/java/org/nrg/xnat/restlet/services/AliasTokenRestlet.java
index 17206c71..60c0d869 100644
--- a/src/main/java/org/nrg/xnat/restlet/services/AliasTokenRestlet.java
+++ b/src/main/java/org/nrg/xnat/restlet/services/AliasTokenRestlet.java
@@ -30,6 +30,7 @@ import org.restlet.resource.StringRepresentation;
 import org.restlet.resource.Variant;
 
 import java.io.IOException;
+import java.text.SimpleDateFormat;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -93,13 +94,14 @@ public class AliasTokenRestlet extends SecureResource {
         Map<String, String> map = Maps.newHashMap();
         map.put("alias", token.getAlias());
         map.put("secret", token.getSecret());
-        String value = "";
+        if (token.getEstimatedExpirationTime() != null) {
+            map.put("estimatedExpirationTime", FORMATTER.format(token.getEstimatedExpirationTime()));
+        }
         try {
-            value = _serializer.toJson(map);
-        } catch (IOException e) {
-            //
+            return _serializer.toJson(map);
+        } catch (IOException ignored) {
+            return "";
         }
-        return value;
     }
 
     @Override
@@ -114,7 +116,8 @@ public class AliasTokenRestlet extends SecureResource {
         return _service;
     }
 
-    private static final int INVALID = -1;
+    private static final SimpleDateFormat FORMATTER = new SimpleDateFormat("yyyyMMdd_HHmmss");
+
     private final SerializerService _serializer;
     private       AliasTokenService _service;
     private       String            _operation;
diff --git a/src/main/java/org/nrg/xnat/security/XnatAuthenticationFilter.java b/src/main/java/org/nrg/xnat/security/XnatAuthenticationFilter.java
index ae2d1c99..e005f238 100644
--- a/src/main/java/org/nrg/xnat/security/XnatAuthenticationFilter.java
+++ b/src/main/java/org/nrg/xnat/security/XnatAuthenticationFilter.java
@@ -120,7 +120,7 @@ public class XnatAuthenticationFilter extends UsernamePasswordAuthenticationFilt
 
         try {
             AccessLogger.LogServiceAccess(username, AccessLogger.GetRequestIp(request), "Authentication", "SUCCESS");
-            Authentication auth =  getAuthenticationManager().authenticate(authRequest);
+            Authentication auth = getAuthenticationManager().authenticate(authRequest);
 
             //Fixed XNAT-4409 by adding a check for a par parameter on login. If a PAR is present and valid, then grant the user that just logged in the appropriate project permissions.
             if(StringUtils.isNotBlank(request.getParameter("par"))){
-- 
GitLab