From ad4d141ecd0714ef90147e3c177bab50882f8f21 Mon Sep 17 00:00:00 2001
From: Lauro Correia Silveira <lauro.silveira@outlook.com.br>
Date: Wed, 7 Feb 2024 21:16:19 +0100
Subject: [PATCH] Changed time of Token JWT and Changed secret of JWT

- Changed the duration of time of JWT Token
- Changed the Secret of JWT
---
 .../infraestructure/security/SecurityConfigurations.java     | 5 +++--
 .../infraestructure/security/SecurityFilter.java             | 1 +
 .../aluraflixapi/infraestructure/security/TokenService.java  | 4 ++--
 .../infraestructure/security/TokenServiceTest.java           | 2 ++
 src/test/resources/application-test.yml                      | 2 ++
 5 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java b/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java
index 390feed..ca9d08e 100644
--- a/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java
+++ b/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java
@@ -21,6 +21,7 @@
  */
 
 @Configuration
+//Enable Custom configuration spring boot
 @EnableWebSecurity
 //enable @Secure("Role_XX")
 @EnableMethodSecurity(securedEnabled = true)
@@ -31,9 +32,9 @@ public class SecurityConfigurations {
 
   @Bean
   public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-    //disable cross site request forgery
+    //disable Cross Site Request Forgery
     return http.csrf(csrf -> csrf.ignoringRequestMatchers("/login/**") )
-        //Disable Spring control and allow all endpoints
+            //Configure to be stateless
             .sessionManagement(managementConfigurer ->
                     managementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
             .authorizeHttpRequests(httpRequest -> httpRequest
diff --git a/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityFilter.java b/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityFilter.java
index e82f01b..a6b29a5 100644
--- a/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityFilter.java
+++ b/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityFilter.java
@@ -53,6 +53,7 @@ protected void doFilterInternal(final HttpServletRequest request,
       SecurityContextHolder.getContext().setAuthentication(authentication);
       log.info("{} User authenticated: {}", PREFIX_LOGGING, authentication.getPrincipal());
     }
+    //continue the flow
     filterChain.doFilter(request, response);
   }
 
diff --git a/src/main/java/com/alura/aluraflixapi/infraestructure/security/TokenService.java b/src/main/java/com/alura/aluraflixapi/infraestructure/security/TokenService.java
index 7ac0640..75499a5 100644
--- a/src/main/java/com/alura/aluraflixapi/infraestructure/security/TokenService.java
+++ b/src/main/java/com/alura/aluraflixapi/infraestructure/security/TokenService.java
@@ -59,9 +59,9 @@ public String getSubject(String tokenJWT) {
     }
 
   }
-  //Create expire date of token, in this case is the current hour plus 2 hours
+  //Create expire date of token, in this case is the current hour plus 10 minutes
   private Instant getExpireDate() {
-    return LocalDateTime.now().plusHours(2).toInstant(ZoneOffset.UTC);
+    return LocalDateTime.now().plusMinutes(10).toInstant(ZoneOffset.UTC);
 
   }
 }
diff --git a/src/test/java/com/alura/aluraflixapi/infraestructure/security/TokenServiceTest.java b/src/test/java/com/alura/aluraflixapi/infraestructure/security/TokenServiceTest.java
index 90971da..280289d 100644
--- a/src/test/java/com/alura/aluraflixapi/infraestructure/security/TokenServiceTest.java
+++ b/src/test/java/com/alura/aluraflixapi/infraestructure/security/TokenServiceTest.java
@@ -10,6 +10,7 @@
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.springframework.boot.test.mock.mockito.SpyBean;
+import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
 
 import java.util.Set;
@@ -18,6 +19,7 @@
 import static org.assertj.core.api.Assertions.assertThat;
 
 @ExtendWith(SpringExtension.class)
+@ActiveProfiles("test")
 class TokenServiceTest {
 
     @SpyBean
diff --git a/src/test/resources/application-test.yml b/src/test/resources/application-test.yml
index 6a6c4a6..13e4ab3 100644
--- a/src/test/resources/application-test.yml
+++ b/src/test/resources/application-test.yml
@@ -2,6 +2,8 @@ server:
   port: 8080
 
 spring:
+  profiles:
+    active: "test"
   application:
     name: alura-flix-api
   data: