commit 63b35951db1900d2a234286431e6c1079a727dae
author Luca Milanesio <luca.milanesio@gmail.com> Mon Mar 24 21:22:15 2014 +0000
committer Luca Milanesio <luca.milanesio@gmail.com> Mon Mar 24 21:52:07 2014 +0000
tree f8b51e39de7ca1eeb0b6de11d133d791e6f41ea9
parent 58396785f9385ec3f6a37f1c1a0d53c2ea8c3e03

BugFix: expire OAuth token using the correct unit (msec vs. sec)

The OAuth token was declared invalid considering the 
cookie timeout (secs) but checking it against the time in msec.

The elapsed time is now divided by 1000 to make it in sec
and then checked against the cookie timeout.

Change-Id: I63c6bd0fca51d1418f48cb2b7bfc3e73af1532aa

github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthCookieProvider.java

diff --git a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthCookieProvider.java b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthCookieProvider.java
index 57bef76..293abef 100644
--- a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthCookieProvider.java
+++ b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthCookieProvider.java
@@ -48,6 +48,6 @@
 
   private long getGerritSessionMaxAgeMillis() {
     return ConfigUtil.getTimeUnit(config.gerritConfig, "cache", CACHE_NAME,
-        "maxAge", TokenCipher.MAX_COOKIE_TIMEOUT, SECONDS);
+        "maxAge", TokenCipher.MAX_COOKIE_TIMEOUT_SECS, SECONDS);
   }
 }

github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/TokenCipher.java

diff --git a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/TokenCipher.java b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/TokenCipher.java
index 1efce54..042a301 100644
--- a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/TokenCipher.java
+++ b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/TokenCipher.java
@@ -38,9 +38,8 @@
   private static final String ENC_ALGO = "AES";
   private static final Logger log = org.slf4j.LoggerFactory
       .getLogger(OAuthCookieProvider.class);
-  public static final Long MAX_COOKIE_TIMEOUT = HOURS.toSeconds(12);
+  public static final Long MAX_COOKIE_TIMEOUT_SECS = HOURS.toSeconds(12);
 
-  
   private SecretKey aesKey;
   private byte[] IV;
   private SecureRandom sessionRnd = new SecureRandom();
@@ -120,7 +119,7 @@
     }
 
     long ts = Long.parseLong(clearTextParts[1]);
-    if ((System.currentTimeMillis() - ts) > MAX_COOKIE_TIMEOUT) {
+    if (((System.currentTimeMillis() - ts) / 1000) > MAX_COOKIE_TIMEOUT_SECS) {
       throw new OAuthTokenException("Session token " + sessionToken
           + " has expired");
     }