refactor: update duration validators and improve expiration date hand…

…ling in token classes
privacyidea · Dec 9, 2024 · 5e7b3a5 · 5e7b3a5
1 parent 8d6180b
commit 5e7b3a5
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 20 deletions.
diff --git a/lib/model/token_container.dart b/lib/model/token_container.dart
@@ -93,6 +93,8 @@ class TokenContainer with _$TokenContainer {
   Uri get transferUrl => serverUrl.replace(path: '/container/$serial/rollover');
   Uri get unregisterUrl => serverUrl.replace(path: '/container/register/$serial/terminate/client');
 
+  DateTime? get expirationDate => this is TokenContainerUnfinalized ? timestamp.add((this as TokenContainerUnfinalized).ttl) : null;
+
   // example: "pia://container/SMPH00067A2F"
   // "?issuer=privacyIDEA"
   // "&ttl=10"
@@ -109,10 +111,10 @@ class TokenContainer with _$TokenContainer {
       map: uriMap,
       validators: {
         ISSUER: const ObjectValidator<String>(),
-        TTL_MINUTES: durationValidator.withDefault(const Duration(minutes: 10)),
+        TTL_MINUTES: minutesDurationValidator.withDefault(const Duration(minutes: 10)),
         NONCE: const ObjectValidator<String>(),
         TIMESTAMP: ObjectValidator<DateTime>(transformer: (v) => DateTime.parse(v)),
-        FINALIZATION_URL: stringToUrivalidator,
+        FINALIZATION_URL: uriValidator,
         SERIAL: const ObjectValidator<String>(),
         EC_KEY_ALGORITHM: ObjectValidator<EcKeyAlgorithm>(transformer: (v) => EcKeyAlgorithm.values.byCurveName(v)),
         HASH_ALGORITHM: stringToAlgorithmsValidator,

diff --git a/lib/model/tokens/day_password_token.dart b/lib/model/tokens/day_password_token.dart
@@ -166,7 +166,7 @@ class DayPasswordToken extends OTPToken {
         OTPToken.ALGORITHM: stringToAlgorithmsValidatorNullable,
         OTPToken.DIGITS: intValidatorNullable,
         OTPToken.SECRET_BASE32: base32SecretValidatorNullable,
-        TOTPToken.PERIOD_SECONDS: stringSecondsToDurationValidatorNullable,
+        TOTPToken.PERIOD_SECONDS: secondsDurationValidatorNullable,
       },
       name: 'DayPasswordToken',
     );
@@ -196,7 +196,7 @@ class DayPasswordToken extends OTPToken {
         OTPToken.ALGORITHM: stringToAlgorithmsValidator.withDefault(Algorithms.SHA1),
         OTPToken.DIGITS: otpAuthDigitsValidatorNullable,
         OTPToken.SECRET_BASE32: base32Secretvalidator,
-        TOTPToken.PERIOD_SECONDS: stringSecondsToDurationValidator.withDefault(const Duration(hours: 24)),
+        TOTPToken.PERIOD_SECONDS: secondsDurationValidator.withDefault(const Duration(hours: 24)),
       },
       name: 'DayPasswordToken',
     );

diff --git a/lib/model/tokens/push_token.dart b/lib/model/tokens/push_token.dart
@@ -219,10 +219,10 @@ class PushToken extends Token {
         Token.ISSUER: const ObjectValidatorNullable<String>(defaultValue: ''),
         Token.SERIAL: const ObjectValidator<String>(),
         SSL_VERIFY: boolValidator.withDefault(true),
-        TTL_MINUTES: durationValidator.withDefault(const Duration(minutes: 3)),
+        TTL_MINUTES: minutesDurationValidator.withDefault(const Duration(minutes: 3)),
         ENROLLMENT_CREDENTIAL: const ObjectValidatorNullable<String>(),
-        ROLLOUT_URL: stringToUrivalidator,
-        Token.IMAGE: stringToUriValidatorNullable,
+        ROLLOUT_URL: uriValidator,
+        Token.IMAGE: uriValidatorNullable,
         Token.PIN: boolValidatorNullable,
         VERSION: const ObjectValidator<String>(),
       },
@@ -285,8 +285,8 @@ class PushToken extends Token {
         Token.SERIAL: const ObjectValidatorNullable<String>(),
         SSL_VERIFY: boolValidatorNullable,
         ENROLLMENT_CREDENTIAL: const ObjectValidatorNullable<String>(),
-        ROLLOUT_URL: stringToUriValidatorNullable,
-        Token.IMAGE: stringToUriValidatorNullable,
+        ROLLOUT_URL: uriValidatorNullable,
+        Token.IMAGE: uriValidatorNullable,
         Token.PIN: boolValidator,
         VERSION: intValidatorNullable,
       },

diff --git a/lib/utils/object_validator.dart b/lib/utils/object_validator.dart
@@ -24,12 +24,6 @@ import '../model/enums/encodings.dart';
 import '../model/exception_errors/localized_argument_error.dart';
 import 'logger.dart';
 
-final durationValidatorNullable = durationValidator.nullable();
-final durationValidator = ObjectValidator<Duration>(
-  transformer: (v) => Duration(seconds: v is int ? v : int.parse(v)),
-  allowedValues: (v) => v.inSeconds > 0,
-);
-
 final otpAutjPeriodSecondsValidatorNullable = otpAuthPeriodSecondsValidator.nullable();
 final otpAuthPeriodSecondsValidator = ObjectValidator<int>(
   transformer: (v) {
@@ -67,14 +61,20 @@ final intValidator = ObjectValidator<int>(transformer: (v) {
 final intToStringValidator = ObjectValidator<String>(transformer: (v) => (v as int).toString());
 final intToStringValidatorNullable = intToStringValidator.nullable();
 
-final stringSecondsToDurationValidatorNullable = stringSecondsToDurationValidator.nullable();
-final stringSecondsToDurationValidator = ObjectValidator<Duration>(
-  transformer: (v) => Duration(seconds: int.parse(v)),
+final secondsDurationValidatorNullable = secondsDurationValidator.nullable();
+final secondsDurationValidator = ObjectValidator<Duration>(
+  transformer: (v) => v is Duration ? v : Duration(seconds: v is int ? v : int.parse(v)),
+  allowedValues: (v) => v.inSeconds > 0,
+);
+
+final minutesDurationValidatorNullable = minutesDurationValidator.nullable();
+final minutesDurationValidator = ObjectValidator<Duration>(
+  transformer: (v) => v is Duration ? v : Duration(minutes: v is int ? v : int.parse(v)),
   allowedValues: (v) => v.inSeconds > 0,
 );
 
-final stringToUriValidatorNullable = stringToUrivalidator.nullable();
-final stringToUrivalidator = ObjectValidator<Uri>(transformer: (v) => Uri.parse(v));
+final uriValidatorNullable = uriValidator.nullable();
+final uriValidator = ObjectValidator<Uri>(transformer: (v) => v is Uri ? v : Uri.parse(v));
 
 final boolValidatorNullable = boolValidator.nullable();
 final boolValidator = ObjectValidator<bool>(transformer: (v) {

diff --git a/lib/utils/riverpod/riverpod_providers/generated_providers/token_container_notifier.dart b/lib/utils/riverpod/riverpod_providers/generated_providers/token_container_notifier.dart
@@ -446,6 +446,12 @@ class TokenContainerNotifier extends _$TokenContainerNotifier with ResultHandler
       _finalizationMutex.release();
       throw ArgumentError('Container must not be finalized');
     }
+    if (container.expirationDate != null && container.expirationDate!.isBefore(DateTime.now())) {
+      showStatusMessage(message: 'Container ${container.serial} has expired and can not be rolled out anymore');
+      await deleteContainer(container);
+      _finalizationMutex.release();
+      return;
+    }
     Logger.info('Finalizing container ${container.serial}');
     try {
       container = await _generateKeyPair(container);