Skip to content

feat: add authenticator invalidate (SHOP-231) #134

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
vsolovei-smartling wants to merge 1 commit into
base: master
Choose a base branch
from
+95 −2
Open

feat: add authenticator invalidate (SHOP-231) #134

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 9 additions & 2 deletions smartling-api-commons/src/main/java/com/smartling/api/v2/client/auth/Authenticator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,19 +116,26 @@ boolean isRefreshable()
return refreshExpiresAt > clock.currentTimeMillis();
Copy link
Copy Markdown
Contributor

@sl-mmuradov sl-mmuradov Mar 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would add a gap period to current ms here also.

Copy link
Copy Markdown

@asmirnova-smartling asmirnova-smartling Mar 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we are fixing the timeunit conversion, we need to have a time gap here the same as for the expiresAt. So it should be smth like: refreshExpiresAt > clock.currentTimeMillis() + REFRESH_BEFORE_EXPIRES_MS;

}

public synchronized void invalidate()
{
this.authentication = null;
this.expiresAt = -1;
this.refreshExpiresAt = -1;
}
Comment on lines +119 to +124
Copy link
Copy Markdown

@PavelLoparev PavelLoparev Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not called by anyone, isn't?

Copy link
Copy Markdown
Contributor Author

@vsolovei-smartling vsolovei-smartling Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to use it in https://github.com/Smartling/connectors-export-service/pull/97/changes#diff-eba6a586acd2df1c46841b76ac26172168b0e36ecc51ce56c44400f336660da5R17

Copy link
Copy Markdown

@PavelLoparev PavelLoparev Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that filter is only for logging. your http client from sdk already gets 401 response isn't? why can't you handle this 401 in sdk directly?


private synchronized String getAccessTokenInternal()
{
this.authentication = api.authenticate(new AuthenticationRequest(userIdentifier, userSecret));
this.expiresAt = authentication.getExpiresIn() * 1000 + System.currentTimeMillis();
this.refreshExpiresAt = authentication.getRefreshExpiresIn() * 100 + System.currentTimeMillis();
Copy link
Copy Markdown

@asmirnova-smartling asmirnova-smartling Mar 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also I would consider replacing usage of System.currentTimeMillis with usage of the Clock.
And also replace custom Clock interface with standard java.util.Clock instead (since it's package private I don't think this will be a breaking change).

Copy link
Copy Markdown
Contributor

@sl-mmuradov sl-mmuradov Mar 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What are benefits of usage Clock over plain System.currentTimeMillis?

this.refreshExpiresAt = authentication.getRefreshExpiresIn() * 1000 + System.currentTimeMillis();
Comment on lines -123 to +130
Copy link
Copy Markdown

@PavelLoparev PavelLoparev Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like the real fix is this one?

Copy link
Copy Markdown
Contributor Author

@vsolovei-smartling vsolovei-smartling Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is THE fix, it will reduce full re-authentication count, the only downside of having 100 vs 1000 is the frequency of full re-authentications vs refreshes.

return authentication.getAccessToken();
}

private synchronized String refreshAccessToken()
{
this.authentication = api.refresh(new AuthenticationRefreshRequest(authentication.getRefreshToken()));
this.expiresAt = authentication.getExpiresIn() * 1000 + System.currentTimeMillis();
this.refreshExpiresAt = authentication.getRefreshExpiresIn() * 100 + System.currentTimeMillis();
this.refreshExpiresAt = authentication.getRefreshExpiresIn() * 1000 + System.currentTimeMillis();
return authentication.getAccessToken();
}
}
86 changes: 86 additions & 0 deletions smartling-api-commons/src/test/java/com/smartling/api/v2/client/auth/AuthenticatorTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,4 +141,90 @@ public void isRefreshableExpired()
when(clock.currentTimeMillis()).thenReturn(REFRESH_TOKEN_TTL * 1000 + System.currentTimeMillis());
assertFalse(authenticator.isRefreshable());
}

@Test
public void invalidateClearsToken()
{
when(clock.currentTimeMillis()).thenReturn(System.currentTimeMillis());
authenticator.getAccessToken();
assertTrue(authenticator.isValid());

authenticator.invalidate();

assertFalse(authenticator.isValid());
assertFalse(authenticator.isRefreshable());
}

@Test
public void getAccessTokenAfterInvalidateReAuthenticates()
{
when(clock.currentTimeMillis()).thenReturn(System.currentTimeMillis());
authenticator.getAccessToken();
authenticator.invalidate();
authenticator.getAccessToken();

verify(authenticationApi, times(2)).authenticate(any(AuthenticationRequest.class));
verify(authenticationApi, never()).refresh(any(AuthenticationRefreshRequest.class));
}

@Test
public void getAccessTokenRefreshesAtExactExpiryBoundary()
{
Authentication shortLivedAuth = new Authentication("accessToken", "refreshToken", 480, 21600, "bearer");
Authentication refreshedAuth = new Authentication("newAccessToken", "newRefreshToken", 480, 21600, "bearer");

when(authenticationApi.authenticate(any(AuthenticationRequest.class))).thenReturn(shortLivedAuth);
when(authenticationApi.refresh(any(AuthenticationRefreshRequest.class))).thenReturn(refreshedAuth);

authenticator.getAccessToken();

when(clock.currentTimeMillis()).thenReturn(System.currentTimeMillis() + 480_000L);

String token = authenticator.getAccessToken();

assertEquals(refreshedAuth.getAccessToken(), token);
verify(authenticationApi, times(1)).authenticate(any(AuthenticationRequest.class));
verify(authenticationApi, times(1)).refresh(any(AuthenticationRefreshRequest.class));
}

@Test
public void getAccessTokenRefreshesJustBeforeRefreshTokenExpiry()
{
Authentication shortLivedAuth = new Authentication("accessToken", "refreshToken", 480, 21600, "bearer");
Authentication refreshedAuth = new Authentication("newAccessToken", "newRefreshToken", 480, 21600, "bearer");

when(authenticationApi.authenticate(any(AuthenticationRequest.class))).thenReturn(shortLivedAuth);
when(authenticationApi.refresh(any(AuthenticationRefreshRequest.class))).thenReturn(refreshedAuth);

authenticator.getAccessToken();

// Access token expired, refresh token still valid
when(clock.currentTimeMillis()).thenReturn(System.currentTimeMillis() + 21_510_000L);

String token = authenticator.getAccessToken();

assertEquals(refreshedAuth.getAccessToken(), token);
verify(authenticationApi, times(1)).authenticate(any(AuthenticationRequest.class));
verify(authenticationApi, times(1)).refresh(any(AuthenticationRefreshRequest.class));
}

@Test
public void getAccessTokenRefreshesWhenAccessTokenExpiredButRefreshTokenValid()
{
Authentication shortLivedAuth = new Authentication("accessToken", "refreshToken", 480, 21600, "bearer");
Authentication refreshedAuth = new Authentication("newAccessToken", "newRefreshToken", 480, 21600, "bearer");

when(authenticationApi.authenticate(any(AuthenticationRequest.class))).thenReturn(shortLivedAuth);
when(authenticationApi.refresh(any(AuthenticationRefreshRequest.class))).thenReturn(refreshedAuth);

authenticator.getAccessToken();

when(clock.currentTimeMillis()).thenReturn(System.currentTimeMillis() + 600_000L);

String token = authenticator.getAccessToken();

assertEquals(refreshedAuth.getAccessToken(), token);
verify(authenticationApi, times(1)).authenticate(any(AuthenticationRequest.class));
verify(authenticationApi, times(1)).refresh(any(AuthenticationRefreshRequest.class));
}
}
Loading