Merge pull request #3961 from jblashka/maxLifespanInvalidationFixes

KEYCLOAK-4612 Fix CachePolicy.MAX_LIFESPAN invalidation

model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java

@@ -302,6 +302,10 @@ public class UserCacheSession implements UserCache {
                     invalidate = true;
                 } else if (cached.getCacheTimestamp() < model.getCacheInvalidBefore()) {
                     invalidate = true;
+                } else if (policy == UserStorageProviderModel.CachePolicy.MAX_LIFESPAN) {
+                    if (cached.getCacheTimestamp() + model.getMaxLifespan() < Time.currentTimeMillis()) {
+                        invalidate = true;
+                    }
                 } else if (policy == UserStorageProviderModel.CachePolicy.EVICT_DAILY) {
                     long dailyTimeout = dailyTimeout(model.getEvictionHour(), model.getEvictionMinute());
                     dailyTimeout = dailyTimeout - (24 * 60 * 60 * 1000);

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java

@@ -447,7 +447,6 @@ public class UserStorageTest extends AbstractAuthTest {
     }
 
     @Test
-    @Ignore
     public void testMaxLifespan() {
         ApiUtil.findUserByUsername(testRealmResource(), "thor");
 

testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java

@@ -225,6 +225,38 @@ public class UserStorageTest {
         keycloakRule.stopSession(session, true);
     }
 
+    @Test
+    public void testMaxLifespanEviction() {
+        UserStorageProviderModel model = new UserStorageProviderModel(writableProvider);
+        model.setCachePolicy(UserStorageProviderModel.CachePolicy.MAX_LIFESPAN);
+        model.setMaxLifespan(600000); // Lifetime is 10 minutes
+
+        KeycloakSession session = keycloakRule.startSession();
+        RealmModel realm = session.realms().getRealmByName("test");
+        CachedUserModel thor = (CachedUserModel)session.users().getUserByUsername("thor", realm);
+        realm.updateComponent(model);
+        keycloakRule.stopSession(session, true);
+
+        Time.setOffset(60 * 5); // 5 minutes in future, should be cached still
+
+        session = keycloakRule.startSession();
+        realm = session.realms().getRealmByName("test");
+        // test still
+        UserModel thor2 = session.users().getUserByUsername("thor", realm);
+        Assert.assertTrue(thor2 instanceof CachedUserModel);
+        keycloakRule.stopSession(session, true);
+        Time.setOffset(60 * 20); // 20 minutes into future, cache will be invalidated
+
+        session = keycloakRule.startSession();
+        realm = session.realms().getRealmByName("test");
+        thor2 = session.users().getUserByUsername("thor", realm);
+        Assert.assertFalse(thor2 instanceof CachedUserModel);
+        model.getConfig().remove("cachePolicy");
+        model.getConfig().remove("maxLifespan");
+        realm.updateComponent(model);
+        keycloakRule.stopSession(session, true);
+    }
+
     @Test
     public void testNoCache() {
         UserStorageProviderModel model = new UserStorageProviderModel(writableProvider);