Update token manager

stephen-crawford · stephen-crawford · commit e156bfe76376 · 2023-06-06T09:46:14.000-04:00
Signed-off-by: Stephen Crawford &lt;steecraw@amazon.com&gt;
diff --git a/plugins/identity-shiro/src/main/java/org/opensearch/identity/shiro/ShiroTokenManager.java b/plugins/identity-shiro/src/main/java/org/opensearch/identity/shiro/ShiroTokenManager.java
@@ -22,7 +22,6 @@
 import org.apache.shiro.authc.UsernamePasswordToken;
 import org.opensearch.common.Randomness;
 import org.opensearch.identity.IdentityService;
-import org.opensearch.identity.Subject;
 import org.opensearch.identity.tokens.AuthToken;
 import org.opensearch.identity.tokens.BasicAuthToken;
 import org.opensearch.identity.tokens.TokenManager;
@@ -57,11 +56,10 @@ public Optional<AuthenticationToken> translateAuthToken(org.opensearch.identity.
     }
 
     @Override
-    public AuthToken issueToken() {
+    public AuthToken issueToken(String audience) {
 
-        Subject subject = new ShiroSubject(this, SecurityUtils.getSubject());
         String password = generatePassword();
-        final byte[] rawEncoded = Base64.getEncoder().encode((subject.getPrincipal().getName() + ":" + password).getBytes(UTF_8));
+        final byte[] rawEncoded = Base64.getEncoder().encode((audience + ":" + password).getBytes(UTF_8));
         final String usernamePassword = new String(rawEncoded, UTF_8);
         final String header = "Basic " + usernamePassword;
         BasicAuthToken token = new BasicAuthToken(header);
@@ -70,7 +68,6 @@ public AuthToken issueToken() {
         return token;
     }
 
-    @Override
     public boolean validateToken(AuthToken token) {
         if (token instanceof BasicAuthToken) {
             final BasicAuthToken basicAuthToken = (BasicAuthToken) token;
@@ -80,7 +77,6 @@ public boolean validateToken(AuthToken token) {
         return false;
     }
 
-    @Override
     public String getTokenInfo(AuthToken token) {
         if (token instanceof BasicAuthToken) {
             final BasicAuthToken basicAuthToken = (BasicAuthToken) token;
@@ -89,7 +85,6 @@ public String getTokenInfo(AuthToken token) {
         throw new UnsupportedAuthenticationToken();
     }
 
-    @Override
     public void revokeToken(AuthToken token) {
         if (token instanceof BasicAuthToken) {
             final BasicAuthToken basicAuthToken = (BasicAuthToken) token;
@@ -99,7 +94,6 @@ public void revokeToken(AuthToken token) {
         throw new UnsupportedAuthenticationToken();
     }
 
-    @Override
     public void resetToken(AuthToken token) {
         if (token instanceof BasicAuthToken) {
             final BasicAuthToken basicAuthToken = (BasicAuthToken) token;
diff --git a/plugins/identity-shiro/src/test/java/org/opensearch/identity/shiro/AuthTokenHandlerTests.java b/plugins/identity-shiro/src/test/java/org/opensearch/identity/shiro/AuthTokenHandlerTests.java
@@ -89,14 +89,6 @@ public void testShouldFailWhenRevokeToken() {
         assertThrows(UnsupportedAuthenticationToken.class, () -> shiroAuthTokenHandler.revokeToken(bearerAuthToken));
     }
 
-    public void testShouldGetTokenInfoSuccessfully() {
-        final BasicAuthToken authToken = new BasicAuthToken("Basic dGVzdDp0ZTpzdA==");
-        assert (authToken.toString().equals(shiroAuthTokenHandler.getTokenInfo(authToken)));
-        final BearerAuthToken bearerAuthToken = new BearerAuthToken("header.payload.signature");
-        assert (noopTokenManager.getTokenInfo(authToken).equals("Token is of type: " + authToken.getClass()));
-        assert (noopTokenManager.getTokenInfo(bearerAuthToken).equals("Token is of type: " + bearerAuthToken.getClass()));
-    }
-
     public void testShouldFailGetTokenInfo() {
         final BearerAuthToken bearerAuthToken = new BearerAuthToken("header.payload.signature");
         assert (bearerAuthToken.getTokenIdentifier().equals("Bearer"));
@@ -119,12 +111,6 @@ public void testShouldPassThrougbResetToken(AuthToken token) {
         shiroAuthTokenHandler.resetToken(bearerAuthToken);
     }
 
-    public void testShouldPassThrough() {
-        final BearerAuthToken bearerAuthToken = new BearerAuthToken("header.payload.signature");
-        noopTokenManager.resetToken(bearerAuthToken);
-        noopTokenManager.revokeToken(bearerAuthToken);
-    }
-
     public void testVerifyBearerTokenObject() {
         BearerAuthToken testGoodToken = new BearerAuthToken("header.payload.signature");
         IllegalArgumentException exception = assertThrows(IllegalArgumentException.class, () -> new BearerAuthToken("asddfhadfasdfad"));
diff --git a/server/src/main/java/org/opensearch/identity/noop/NoopTokenManager.java b/server/src/main/java/org/opensearch/identity/noop/NoopTokenManager.java
@@ -26,49 +26,8 @@ public class NoopTokenManager implements TokenManager {
      * @return a new Noop Token
      */
     @Override
-    public AuthToken issueToken() {
+    public AuthToken issueToken(String audience) {
         return new AuthToken() {
         };
     }
-
-    /**
-     * Validate a token
-     * @param token The token to be validated
-     * @return true
-     */
-    @Override
-    public boolean validateToken(AuthToken token) {
-        log.info("Validating a token with NoopTokenManager");
-        return true;
-    }
-
-    /**
-     * Get token class
-     * @param token The auth token to be parsed
-     * @return A description of the token's type
-     */
-    @Override
-    public String getTokenInfo(AuthToken token) {
-        return "Token is of type: " + token.getClass();
-    }
-
-    /**
-     * Revoking a Noop Token should not do anything
-     * @param token The Auth Token to be revoked
-     */
-    @Override
-    public void revokeToken(AuthToken token) {
-        log.info("Revoke operation is not supported for NoopTokens");
-        return;
-    }
-
-    /**
-     * Refreshing a NoopToken also not do anything
-     * @param token The token to be refreshed
-     */
-    @Override
-    public void resetToken(AuthToken token) {
-        log.info("Reset operation is not supported for NoopTokens");
-        return;
-    }
 }
diff --git a/server/src/main/java/org/opensearch/identity/tokens/TokenManager.java b/server/src/main/java/org/opensearch/identity/tokens/TokenManager.java
@@ -15,33 +15,8 @@ public interface TokenManager {
 
     /**
      * Create a new auth token
+     * @param audience: The audience for the token
      * @return A new auth token
      */
-    public AuthToken issueToken();
-
-    /**
-     * Validate an auth token based on the rules associated with its format
-     * @param token The token to validate
-     * @return True if the token is valid; False if the token is not valid
-     */
-    public boolean validateToken(AuthToken token);
-
-    /**
-     * Fetch the info from a token
-     * @param token The auth token to be parsed
-     * @return A String representing the info associated with the token
-     */
-    public String getTokenInfo(AuthToken token);
-
-    /**
-     * Revoke a token that should no longer be treated as valid
-     * @param token The Auth Token to be revoked
-     */
-    public void revokeToken(AuthToken token);
-
-    /**
-     * Updates a token to be valid for a greater period of time or to have different attributes.
-     * @param token The token to be refreshed
-     */
-    public void resetToken(AuthToken token);
+    public AuthToken issueToken(String audience);
 }
