JCL-355: Add reset method to session interface (#475)

acoburn · web-flow · commit 6cbc8b6b8b01 · 2023-05-24T06:40:53.000-04:00
diff --git a/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessGrantSession.java b/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessGrantSession.java
@@ -104,6 +104,12 @@ public String getId() {
         return id;
     }
 
+    @Override
+    public void reset() {
+        session.reset();
+        tokenCache.invalidateAll();
+    }
+
     @Override
     public Optional<URI> getPrincipal() {
         return session.getPrincipal();
diff --git a/access-grant/src/test/java/com/inrupt/client/accessgrant/AccessGrantSessionTest.java b/access-grant/src/test/java/com/inrupt/client/accessgrant/AccessGrantSessionTest.java
@@ -24,8 +24,11 @@
 import static org.junit.jupiter.api.Assertions.*;
 
 import com.inrupt.client.Request;
+import com.inrupt.client.auth.Authenticator;
+import com.inrupt.client.auth.Challenge;
 import com.inrupt.client.auth.Credential;
 import com.inrupt.client.auth.Session;
+import com.inrupt.client.openid.OpenIdAuthenticationProvider;
 import com.inrupt.client.openid.OpenIdSession;
 import com.inrupt.client.util.URIBuilder;
 
@@ -106,6 +109,32 @@ void testAccessGrantSession() throws IOException {
         }
     }
 
+    @Test
+    void testProtectedResource() throws IOException {
+        final Map<String, Object> claims = new HashMap<>();
+        claims.put("webid", WEBID);
+        claims.put("sub", SUB);
+        claims.put("iss", ISS);
+        claims.put("azp", AZP);
+
+        final String token = AccessGrantTestUtils.generateIdToken(claims);
+
+        try (final InputStream resource = AccessGrantTest.class.getResourceAsStream("/access_grant3.json")) {
+            final AccessGrant grant = AccessGrant.ofAccessGrant(resource);
+            final Session session = AccessGrantSession.ofAccessGrant(OpenIdSession.ofIdToken(token), grant);
+            final Request req = Request.newBuilder(URI.create("https://storage.example/protected-resource")).build();
+            final Authenticator auth = new OpenIdAuthenticationProvider().getAuthenticator(Challenge.of("Bearer"));
+
+            final Optional<Credential> credential = session.authenticate(auth, req, Collections.emptySet())
+                .toCompletableFuture().join();
+
+            assertTrue(credential.isPresent());
+            assertTrue(session.fromCache(req).isPresent());
+            session.reset();
+            assertFalse(session.fromCache(req).isPresent());
+        }
+    }
+
     @ParameterizedTest
     @MethodSource
     void ancestors(final URI parent, final URI resource, final boolean expected) {
diff --git a/access-grant/src/test/resources/access_grant3.json b/access-grant/src/test/resources/access_grant3.json
@@ -0,0 +1,31 @@
+{
+    "@context": ["https://www.w3.org/2018/credentials/v1"],
+    "type": ["VerifiablePresentation"],
+    "verifiableCredential": [{
+        "@context":[
+            "https://www.w3.org/2018/credentials/v1",
+            "https://w3id.org/security/suites/ed25519-2020/v1",
+            "https://w3id.org/vc-revocation-list-2020/v1",
+            "https://schema.inrupt.com/credentials/v1.jsonld"],
+        "id":"https://accessgrant.example/credential/5c6060ad-2f16-4bc1-b022-dffb46bff626",
+        "type":["VerifiableCredential","SolidAccessGrant"],
+        "issuer":"https://accessgrant.example",
+        "expirationDate":"2022-08-27T12:00:00Z",
+        "issuanceDate":"2022-08-25T20:34:05.153Z",
+        "credentialSubject":{
+            "id":"https://id.example/grantor",
+            "providedConsent":{
+                "mode":["Read"],
+                "hasStatus":"https://w3id.org/GConsent#ConsentStatusExplicitlyGiven",
+                "isProvidedToPerson":"https://id.example/grantee",
+                "forPurpose":["https://purpose.example/Purpose1"],
+                "forPersonalData":["https://storage.example/protected-resource"]}},
+        "proof":{
+            "created":"2022-08-25T20:34:05.236Z",
+            "proofPurpose":"assertionMethod",
+            "proofValue":"nIeQF44XVik7onnAbdkbp8xxJ2C8JoTw6-VtCkAzxuWYRFsSfYpft5MuAJaivyeKDmaK82Lj_YsME2xgL2WIBQ",
+            "type":"Ed25519Signature2020",
+            "verificationMethod":"https://accessgrant.example/key/1e332728-4af5-46e4-a5db-4f7b89e3f378"}
+    }]
+}
+
diff --git a/api/src/main/java/com/inrupt/client/auth/Session.java b/api/src/main/java/com/inrupt/client/auth/Session.java
@@ -93,6 +93,11 @@ public interface Session {
      */
     Optional<String> selectThumbprint(Collection<String> algorithms);
 
+    /**
+     * Reset the session state, clearing any internal caches.
+     */
+    void reset();
+
     /**
      * Fetch an authentication token from session values.
      *
@@ -159,6 +164,11 @@ public Optional<String> selectThumbprint(final Collection<String> algorithms) {
                 return Optional.empty();
             }
 
+            @Override
+            public void reset() {
+                // no-op
+            }
+
             @Override
             public CompletionStage<Optional<Credential>> authenticate(final Authenticator authenticator,
                     final Request request, final Set<String> algorithms) {
diff --git a/openid/src/main/java/com/inrupt/client/openid/OpenIdSession.java b/openid/src/main/java/com/inrupt/client/openid/OpenIdSession.java
@@ -230,6 +230,12 @@ public Optional<Credential> fromCache(final Request request) {
         return Optional.empty();
     }
 
+    @Override
+    public void reset() {
+        credential.set(null);
+        requestCache.invalidateAll();
+    }
+
     @Override
     public CompletionStage<Optional<Credential>> authenticate(final Authenticator auth,
             final Request request, final Set<String> algorithms) {
diff --git a/openid/src/test/java/com/inrupt/client/openid/OpenIdSessionTest.java b/openid/src/test/java/com/inrupt/client/openid/OpenIdSessionTest.java
@@ -28,6 +28,7 @@
 
 import com.inrupt.client.Request;
 import com.inrupt.client.auth.Authenticator;
+import com.inrupt.client.auth.Challenge;
 import com.inrupt.client.auth.Credential;
 import com.inrupt.client.auth.DPoP;
 import com.inrupt.client.auth.Session;
@@ -158,9 +159,14 @@ void testClientCredentials() {
         final Optional<URI> principal = session.getPrincipal();
         assertEquals(Optional.of(URI.create(WEBID)), principal);
         assertFalse(session.fromCache(null).isPresent());
-        final Optional<Credential> credential = session.authenticate(null, Collections.emptySet())
+        final Authenticator auth = new OpenIdAuthenticationProvider().getAuthenticator(Challenge.of("Bearer"));
+        final Request req = Request.newBuilder(URI.create("https://storage.example")).build();
+        final Optional<Credential> credential = session.authenticate(auth, req, Collections.emptySet())
             .toCompletableFuture().join();
         assertEquals(Optional.of(URI.create(WEBID)), credential.flatMap(Credential::getPrincipal));
+        assertTrue(session.fromCache(req).isPresent());
+        session.reset();
+        assertFalse(session.fromCache(req).isPresent());
     }
 
     @Test
diff --git a/uma/src/main/java/com/inrupt/client/uma/UmaSession.java b/uma/src/main/java/com/inrupt/client/uma/UmaSession.java
@@ -81,6 +81,14 @@ public String getId() {
         return id;
     }
 
+    @Override
+    public void reset() {
+        for (final Session session : internalSessions) {
+            session.reset();
+        }
+        tokenCache.invalidateAll();
+    }
+
     @Override
     public Optional<URI> getPrincipal() {
         for (final Session session : internalSessions) {
