Merge pre-release-1.55.0

src/main/java/io/fusionauth/domain/APIKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021, FusionAuth, All Rights Reserved
+ * Copyright (c) 2021-2024, FusionAuth, All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -32,6 +32,8 @@
  * @author sanjay
  */
 public class APIKey implements Buildable<APIKey> {
+  public ZonedDateTime expirationInstant;
+
   public UUID id;
 
   public ZonedDateTime insertInstant;
@@ -68,6 +70,7 @@ public boolean equals(Object o) {
     }
     APIKey apiKey = (APIKey) o;
     return keyManager == apiKey.keyManager &&
+           Objects.equals(expirationInstant, apiKey.expirationInstant) &&
            Objects.equals(id, apiKey.id) &&
            Objects.equals(insertInstant, apiKey.insertInstant) &&
            Objects.equals(ipAccessControlListId, apiKey.ipAccessControlListId) &&
@@ -80,7 +83,7 @@ public boolean equals(Object o) {
 
   @Override
   public int hashCode() {
-    return Objects.hash(id, insertInstant, ipAccessControlListId, key, keyManager, lastUpdateInstant, metaData, permissions, tenantId);
+    return Objects.hash(expirationInstant, id, insertInstant, ipAccessControlListId, key, keyManager, lastUpdateInstant, metaData, permissions, tenantId);
   }
 
   public void normalize() {

src/main/java/io/fusionauth/domain/JWTConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019-2023, FusionAuth, All Rights Reserved
+ * Copyright (c) 2019-2024, FusionAuth, All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -40,6 +40,8 @@ public class JWTConfiguration extends Enableable implements Buildable<JWTConfigu
 
   public RefreshTokenExpirationPolicy refreshTokenExpirationPolicy = RefreshTokenExpirationPolicy.Fixed;
 
+  public RefreshTokenOneTimeUseConfiguration refreshTokenOneTimeUseConfiguration = new RefreshTokenOneTimeUseConfiguration();
+
   /**
    * This can only be set at the tenant level.
    */
@@ -71,6 +73,7 @@ public JWTConfiguration(JWTConfiguration other) {
     this.idTokenKeyId = other.idTokenKeyId;
     this.refreshTokenExpirationPolicy = other.refreshTokenExpirationPolicy;
     this.refreshTokenRevocationPolicy = new RefreshTokenRevocationPolicy(other.refreshTokenRevocationPolicy);
+    this.refreshTokenOneTimeUseConfiguration = new RefreshTokenOneTimeUseConfiguration(other.refreshTokenOneTimeUseConfiguration);
     this.refreshTokenSlidingWindowConfiguration = new RefreshTokenSlidingWindowConfiguration(other.refreshTokenSlidingWindowConfiguration);
     this.refreshTokenTimeToLiveInMinutes = other.refreshTokenTimeToLiveInMinutes;
     this.refreshTokenUsagePolicy = other.refreshTokenUsagePolicy;
@@ -93,6 +96,7 @@ public boolean equals(Object o) {
            Objects.equals(idTokenKeyId, that.idTokenKeyId) &&
            refreshTokenExpirationPolicy == that.refreshTokenExpirationPolicy &&
            Objects.equals(refreshTokenRevocationPolicy, that.refreshTokenRevocationPolicy) &&
+           Objects.equals(refreshTokenOneTimeUseConfiguration, that.refreshTokenOneTimeUseConfiguration) &&
            Objects.equals(refreshTokenSlidingWindowConfiguration, that.refreshTokenSlidingWindowConfiguration) &&
            refreshTokenTimeToLiveInMinutes == that.refreshTokenTimeToLiveInMinutes &&
            refreshTokenUsagePolicy == that.refreshTokenUsagePolicy &&
@@ -106,6 +110,7 @@ public int hashCode() {
                         idTokenKeyId,
                         refreshTokenExpirationPolicy,
                         refreshTokenRevocationPolicy,
+                        refreshTokenOneTimeUseConfiguration,
                         refreshTokenSlidingWindowConfiguration,
                         refreshTokenTimeToLiveInMinutes,
                         refreshTokenUsagePolicy,

src/main/java/io/fusionauth/domain/RefreshTokenOneTimeUseConfiguration.java

@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2024, FusionAuth, All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
+ */
+package io.fusionauth.domain;
+
+import java.util.Objects;
+
+import com.inversoft.json.JacksonConstructor;
+import com.inversoft.json.ToString;
+
+/**
+ * Refresh token one-time use configuration. This configuration is utilized when the usage policy is
+ * configured for one-time use.
+ *
+ * @author Daniel DeGroff
+ */
+public class RefreshTokenOneTimeUseConfiguration implements Buildable<RefreshTokenOneTimeUseConfiguration> {
+  public int gracePeriodInSeconds;
+
+  @JacksonConstructor
+  public RefreshTokenOneTimeUseConfiguration() {
+  }
+
+  public RefreshTokenOneTimeUseConfiguration(RefreshTokenOneTimeUseConfiguration other) {
+    this.gracePeriodInSeconds = other.gracePeriodInSeconds;
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) {
+      return true;
+    }
+    if (o == null || getClass() != o.getClass()) {
+      return false;
+    }
+    RefreshTokenOneTimeUseConfiguration that = (RefreshTokenOneTimeUseConfiguration) o;
+    return gracePeriodInSeconds == that.gracePeriodInSeconds;
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(gracePeriodInSeconds);
+  }
+
+  @Override
+  public String toString() {
+    return ToString.toString(this);
+  }
+}

src/main/java/io/fusionauth/domain/RefreshTokenRevocationPolicy.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020-2023, FusionAuth, All Rights Reserved
+ * Copyright (c) 2020-2024, FusionAuth, All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -28,6 +28,8 @@ public class RefreshTokenRevocationPolicy implements Buildable<RefreshTokenRevoc
 
   public boolean onMultiFactorEnable;
 
+  public boolean onOneTimeTokenReuse;
+
   public boolean onPasswordChanged;
 
   @JacksonConstructor
@@ -38,6 +40,7 @@ public RefreshTokenRevocationPolicy(RefreshTokenRevocationPolicy other) {
     this.onLoginPrevented = other.onLoginPrevented;
     this.onMultiFactorEnable = other.onMultiFactorEnable;
     this.onPasswordChanged = other.onPasswordChanged;
+    this.onOneTimeTokenReuse = other.onOneTimeTokenReuse;
   }
 
   public RefreshTokenRevocationPolicy(boolean onLoginPrevented, boolean onPasswordChanged) {
@@ -54,12 +57,12 @@ public boolean equals(Object o) {
       return false;
     }
     RefreshTokenRevocationPolicy that = (RefreshTokenRevocationPolicy) o;
-    return onLoginPrevented == that.onLoginPrevented && onMultiFactorEnable == that.onMultiFactorEnable && onPasswordChanged == that.onPasswordChanged;
+    return onLoginPrevented == that.onLoginPrevented && onMultiFactorEnable == that.onMultiFactorEnable && onPasswordChanged == that.onPasswordChanged && onOneTimeTokenReuse == that.onOneTimeTokenReuse;
   }
 
   @Override
   public int hashCode() {
-    return Objects.hash(onLoginPrevented, onMultiFactorEnable, onPasswordChanged);
+    return Objects.hash(onLoginPrevented, onMultiFactorEnable, onPasswordChanged, onOneTimeTokenReuse);
   }
 
   @Override

src/main/java/io/fusionauth/domain/jwt/RefreshToken.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018-2023, FusionAuth, All Rights Reserved
+ * Copyright (c) 2018-2024, FusionAuth, All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -92,7 +92,7 @@ public boolean equals(Object o) {
     if (this == o) {
       return true;
     }
-    if (o == null || getClass() != o.getClass()) {
+    if (!(o instanceof RefreshToken)) {
       return false;
     }
     RefreshToken that = (RefreshToken) o;

src/main/java/io/fusionauth/domain/provider/BaseSAMLv2IdentityProvider.java

@@ -1,5 +1,17 @@
 /*
- * Copyright (c) 2023, FusionAuth, All Rights Reserved
+ * Copyright (c) 2023-2024, FusionAuth, All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
  */
 package io.fusionauth.domain.provider;
 
@@ -11,6 +23,8 @@
  * @author Lyle Schemmerling
  */
 public abstract class BaseSAMLv2IdentityProvider<D extends BaseIdentityProviderApplicationConfiguration> extends BaseIdentityProvider<D> {
+  public SAMLv2AssertionDecryptionConfiguration assertionDecryptionConfiguration = new SAMLv2AssertionDecryptionConfiguration();
+
   public String emailClaim;
 
   /**
@@ -36,15 +50,16 @@ public boolean equals(Object o) {
       return false;
     }
     BaseSAMLv2IdentityProvider<?> that = (BaseSAMLv2IdentityProvider<?>) o;
-    return useNameIdForEmail == that.useNameIdForEmail
+    return Objects.equals(assertionDecryptionConfiguration, that.assertionDecryptionConfiguration)
            && Objects.equals(emailClaim, that.emailClaim)
            && Objects.equals(keyId, that.keyId)
            && Objects.equals(uniqueIdClaim, that.uniqueIdClaim)
+           && useNameIdForEmail == that.useNameIdForEmail
            && Objects.equals(usernameClaim, that.usernameClaim);
   }
 
   @Override
   public int hashCode() {
-    return Objects.hash(super.hashCode(), emailClaim, keyId, uniqueIdClaim, useNameIdForEmail, usernameClaim);
+    return Objects.hash(super.hashCode(), assertionDecryptionConfiguration, emailClaim, keyId, uniqueIdClaim, useNameIdForEmail, usernameClaim);
   }
 }

src/main/java/io/fusionauth/domain/provider/SAMLv2AssertionDecryptionConfiguration.java

@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2024, FusionAuth, All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
+ */
+package io.fusionauth.domain.provider;
+
+import java.util.Objects;
+import java.util.UUID;
+
+import com.inversoft.json.ToString;
+import io.fusionauth.domain.Enableable;
+
+/**
+ * Configuration for encrypted assertions when acting as SAML Service Provider
+ *
+ * @author Jaret Hendrickson
+ */
+public class SAMLv2AssertionDecryptionConfiguration extends Enableable {
+  public UUID keyTransportDecryptionKeyId;
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) {
+      return true;
+    }
+    if (!(o instanceof SAMLv2AssertionDecryptionConfiguration)) {
+      return false;
+    }
+    if (!super.equals(o)) {
+      return false;
+    }
+    SAMLv2AssertionDecryptionConfiguration that = (SAMLv2AssertionDecryptionConfiguration) o;
+    return Objects.equals(keyTransportDecryptionKeyId, that.keyTransportDecryptionKeyId);
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(super.hashCode(), keyTransportDecryptionKeyId);
+  }
+
+  @Override
+  public String toString() {
+    return ToString.toString(this);
+  }
+}