Merge pull request #1750 from akto-api-security/hotfix/fix_template_p…

…arse check for template updates every 24 hrs
akto-api-security · Nov 21, 2024 · c323a34 · c323a34
2 parents 9633e23 + e245bb3
commit c323a34
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 18 deletions.
diff --git a/apps/api-runtime/src/test/java/com/akto/utils/TestRedactSampleData.java b/apps/api-runtime/src/test/java/com/akto/utils/TestRedactSampleData.java
@@ -214,8 +214,8 @@ public void redactNonJsonPayload() throws Exception {
 
         assertEquals(2, redactedHttpResponseParams.requestParams.getHeaders().size());
         assertEquals(1, redactedHttpResponseParams.getHeaders().size());
-        assertEquals("{}", redactedHttpResponseParams.requestParams.getPayload());
-        assertEquals("{}", redactedHttpResponseParams.getPayload());
+        assertEquals("something random", redactedHttpResponseParams.requestParams.getPayload());
+        assertEquals("random response payload", redactedHttpResponseParams.getPayload());
         assertEquals(200, redactedHttpResponseParams.statusCode);
 
     }

diff --git a/apps/dashboard/src/main/java/com/akto/action/LoginAction.java b/apps/dashboard/src/main/java/com/akto/action/LoginAction.java
@@ -20,6 +20,8 @@
 import com.akto.utils.JWT;
 import com.mongodb.BasicDBObject;
 import com.mongodb.client.model.Filters;
+import com.mongodb.client.model.FindOneAndUpdateOptions;
+import com.mongodb.client.model.ReturnDocument;
 import com.mongodb.client.model.Updates;
 import com.opensymphony.xwork2.Action;
 
@@ -149,6 +151,8 @@ private void decideFirstPage(BasicDBObject loginResult, int accountId){
         }
     }
 
+    private final static int REFRESH_INTERVAL = 24 * 60 * 60; // one day.
+
     public static String loginUser(User user, HttpServletResponse servletResponse, boolean signedUp, HttpServletRequest servletRequest) {
         String refreshToken;
         Map<String,Object> claims = new HashMap<>();
@@ -190,33 +194,36 @@ public static String loginUser(User user, HttpServletResponse servletResponse, b
             session.setAttribute("user", user);
             session.setAttribute("login", Context.now());
             if (signedUp) {
-                UsersDao.instance.getMCollection().findOneAndUpdate(
+                User tempUser = UsersDao.instance.getMCollection().findOneAndUpdate(
                         Filters.eq("_id", user.getId()),
                         Updates.combine(
                                 Updates.set("refreshTokens", refreshTokens),
                                 Updates.set(User.LAST_LOGIN_TS, Context.now())
-                        )
+                        ),
+                        new FindOneAndUpdateOptions().returnDocument(ReturnDocument.BEFORE)
                 );
                 /*
                  * Creating datatype to template on user login.
                  * TODO: Remove this job once templates for majority users are created.
                  */
-                service.submit(() -> {
-                    try {
-                        for (String accountIdStr : user.getAccounts().keySet()) {
-                            int accountId = Integer.parseInt(accountIdStr);
-                            Context.accountId.set(accountId);
-                            SingleTypeInfo.fetchCustomDataTypes(accountId);
-                            logger.info("updating data type test templates for account " + accountId);
-                            InitializerListener.executeDataTypeToTemplate();
+                if ((tempUser.getLastLoginTs() + REFRESH_INTERVAL) < Context.now()) {
+                    service.submit(() -> {
+                        try {
+                            for (String accountIdStr : user.getAccounts().keySet()) {
+                                int accountId = Integer.parseInt(accountIdStr);
+                                Context.accountId.set(accountId);
+                                SingleTypeInfo.fetchCustomDataTypes(accountId);
+                                logger.info("updating data type test templates for account " + accountId);
+                                InitializerListener.executeDataTypeToTemplate();
+                            }
+                        } catch (Exception e) {
                         }
-                    } catch (Exception e) {
-                    }
-                });
+                    });
+                    service.submit(() ->{
+                        triggerVulnColUpdation(user);
+                    });
+                }
             }
-            service.submit(() ->{
-                triggerVulnColUpdation(user);
-            });
             return Action.SUCCESS.toUpperCase();
         } catch (NoSuchAlgorithmException | InvalidKeySpecException | IOException e) {
             e.printStackTrace();