From 17c2a6278455b3beb52d61fa6bae2fbd55d341c0 Mon Sep 17 00:00:00 2001
From: Anoop Varma <anoopvarma.2000.p@gmail.com>
Date: Mon, 9 Dec 2024 10:45:34 +0530
Subject: [PATCH] fix: session time out error issue fix

---
 hub-prime/pom.xml                              |  2 +-
 .../http/GitHubUserAuthorizationFilter.java    |  7 ++++---
 .../techbd/service/http/SecurityConfig.java    | 18 ++++++++++++------
 hub-prime/src/main/resources/application.yml   |  2 +-
 4 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/hub-prime/pom.xml b/hub-prime/pom.xml
index 99397b49836..cd814516105 100644
--- a/hub-prime/pom.xml
+++ b/hub-prime/pom.xml
@@ -11,7 +11,7 @@
 	</parent>
 	<groupId>org.techbd</groupId>
 	<artifactId>hub-prime</artifactId>
-	<version>0.370.0</version>
+	<version>0.371.0</version>
 	<packaging>war</packaging>
 	<name>Tech by Design Hub (Prime)</name>
 	<description>Tech by Design Hub (Primary)</description>
diff --git a/hub-prime/src/main/java/org/techbd/service/http/GitHubUserAuthorizationFilter.java b/hub-prime/src/main/java/org/techbd/service/http/GitHubUserAuthorizationFilter.java
index 703535138ee..6c6bde22ecf 100644
--- a/hub-prime/src/main/java/org/techbd/service/http/GitHubUserAuthorizationFilter.java
+++ b/hub-prime/src/main/java/org/techbd/service/http/GitHubUserAuthorizationFilter.java
@@ -21,6 +21,7 @@
 
 @Component
 public class GitHubUserAuthorizationFilter extends OncePerRequestFilter {
+
     private static final String AUTH_USER_SESSION_ATTR_NAME = "authenticatedUser";
     private static final String supportEmail = "help@techbd.org";
     private static final String supportEmailDisplayName = "Tech by Design Support <" + supportEmail + ">";
@@ -28,13 +29,13 @@ public class GitHubUserAuthorizationFilter extends OncePerRequestFilter {
     @JsonIgnoreProperties(ignoreUnknown = true)
     public record AuthenticatedUser(OAuth2User principal, GitHubUsersService.AuthorizedUser ghUser)
             implements Serializable {
+
     }
 
     public static final Optional<AuthenticatedUser> getAuthenticatedUser(
             final @NonNull HttpServletRequest request) {
-        final var sessionUser = (AuthenticatedUser) request.getSession(true)
-                .getAttribute(AUTH_USER_SESSION_ATTR_NAME);
-        return Optional.ofNullable(sessionUser);
+        return Optional.ofNullable(request.getSession(false))
+                .map(session -> (AuthenticatedUser) session.getAttribute(AUTH_USER_SESSION_ATTR_NAME));
     }
 
     protected static final void setAuthenticatedUser(final @NonNull HttpServletRequest request,
diff --git a/hub-prime/src/main/java/org/techbd/service/http/SecurityConfig.java b/hub-prime/src/main/java/org/techbd/service/http/SecurityConfig.java
index 08b471f982b..958a092a379 100644
--- a/hub-prime/src/main/java/org/techbd/service/http/SecurityConfig.java
+++ b/hub-prime/src/main/java/org/techbd/service/http/SecurityConfig.java
@@ -12,6 +12,7 @@
 import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
@@ -49,7 +50,12 @@ public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws E
         http
                 .authorizeHttpRequests(
                         authorize -> authorize
-                                .requestMatchers("/login/**", "/oauth2/**", "/", "/Bundle", "/Bundle/**",  "/flatfile/csv/Bundle","/flatfile/csv/Bundle/**","/Hl7/v2", "/Hl7/v2/", "/metadata",
+                                .requestMatchers("/login/**", "/oauth2/**",
+                                        "/",
+                                        "/Bundle", "/Bundle/**",
+                                        "/flatfile/csv/Bundle", "/flatfile/csv/Bundle/**",
+                                        "/Hl7/v2", "/Hl7/v2/",
+                                        "/metadata",
                                         "/api/expect/**",
                                         "/docs/api/interactive/swagger-ui/**", "/support/**", "/docs/api/interactive/**",
                                         "/docs/api/openapi/**",
@@ -71,11 +77,11 @@ public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws E
                                 .permitAll()
                 )
                 .csrf(AbstractHttpConfigurer::disable)
-                // .sessionManagement(
-                //         sessionManagement -> sessionManagement
-                //                 .invalidSessionUrl("/?timeout=true")
-                //                 //.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) //TODO As this method is not working, remove it.
-                // )
+                .sessionManagement(
+                        sessionManagement -> sessionManagement
+                                .invalidSessionUrl("/?timeout=true")
+                                .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
+                )
                 .addFilterAfter(authzFilter, UsernamePasswordAuthenticationFilter.class);
         // allow us to show our own content in IFRAMEs (e.g. Swagger, etc.)
         http.headers(headers -> {
diff --git a/hub-prime/src/main/resources/application.yml b/hub-prime/src/main/resources/application.yml
index 00ee2660517..be5df79ac13 100644
--- a/hub-prime/src/main/resources/application.yml
+++ b/hub-prime/src/main/resources/application.yml
@@ -67,7 +67,7 @@ server:
         secure: true
         http-only: true
         same-site: LAX
-      timeout: 60m
+      timeout: 5m
 
 org:
   techbd: