Automatic prolongation of active Bürokratt session

[rasmusei]

AS AN Administrative User I WANT TO have my Bürokratt session automatically extended SO THAT I don't have to extend my session manually

Acceptance Criteria

• [x] When user is active in Bürokratt then session function is disabled
• [x] When user becomes inactive then session function is enabled (AS IS)

GUI

• [ ] Timeout set as a configurable value via GUI (AS IS)
• [x] Administrator's activity tracked by mouse usage
• [x] Administrator's activity tracked by keyboard usage
• [x] Set default timeout to 5 min

DSL

User's activity validation

• [ ] Read the user's JWT content to get the current expiration time (expiration time)
• [ ] Define the time period to consider the user as active (user activity period in seconds) defined as a Ruuter DSL value
• [ ] Define the time period to trigger additional steps (remaining jwt lifetime) defined as a Ruuter DSL value
• [ ] If current timestamp - expiration time is less than remaining jwt lifetime, make an additional request to validate if the user has been marked as online within a predefined time period (user activity period in seconds) - OK / NOK
• [ ] If OK, make a request to extend user's JWT lifetime
• [ ] If NOK, respond with an appropriate HTTP response code

[turnerrainer]

@rasmusei Is this one a dubplication of https://github.com/buerokratt/Buerokratt-Chatbot/issues/36?

[rasmusei]

@turnerrainer #36 and #40 are different. #36 is about active chat between CSA and End User, #40 is about Administrative User session in Bürokrat back office

[ceirowe]

@rasmusei How does this task differ from #22 ?

[rasmusei]

@ceirowe Task #22 is about when Administrative User is idle or logs out manually. This task is about automatic prolongation of active session when Administrative User is logged in back office. AS IS functionality is that Admin can set the session length in back office for how long users sessions will be opened.

[joonasroosalung]

@rasmusei Should be able to use existing endpoint. JWT should be stored locally in customJwtCookie.

curl -X POST --location "https://localhost:8445/cs-custom-jwt-extend" \
    -H "Content-Type: application/json" \
    -d "{}"

Extend response, unsuccessful (200)

{
  "data": {
    "custom_jwt_extend": null
  },
  "error": null
}

Extend response, successful (200)

{
  "data": {
    "custom_jwt_extend": "new jwt that should be stored in a cookie called customJwtCookie"
  },
  "error": null
}

[joonasroosalung]

Expiration time is set on initial login (/cs-login), and the time in minutes is taken from the configuration table. TIM is designed to take the original expiration time when extending with /cs-custom-jwt-extend, so the jwt is always extended by the same amount as was set at the time of the initial login.

/cs-login returns

{
  "data": {
    "custom_jwt_cookie": "the generated jwt"
  },
  "error": null
}

The validity is checked with /cs-custom-jwt-userinfo. The body of the request is only the name of the cookie (set in the cs-login conf) where the jwt is stored, between double quotes.

curl -X POST --location "https://localhost:8445/cs-custom-jwt-userinfo" \
    -H "Content-Type: application/json" \
    -d "\"customJwtCookie\""

The response payload, where JWTExpirationTimestamp is the expiration time in epoch milliseconds

{
  "data": {
    "custom_jwt_userinfo": {
      "firstName": "csaEesnimi",
      "lastName": "csaPerekonnanimi",
      "idCode": "EE60001019906",
      "displayName": "sõbralik csa",
      "JWTCreated": 1675863621000,
      "login": "kasutajanimi",
      "csaEmail": "sõbralik@csa.ee",
      "authorities": [
        "ROLE_CUSTOMER_SUPPORT_AGENT"
      ],
      "csaTitle": "Aupaklik",
      "JWTExpirationTimestamp": 1675870821000
    }
  },
  "error": null
}

[MarkusVeltri]

BUG-

1. Session did not end after the CSA was idle for the set amount of time.
2. After setting the session length and being idle for that time, the CSA should be logged out.
3. CSA is not logged out when the time set by the CSA is over.
4. As a CSA go to session length( Sessiooni pikkus), set a time and wait.

[MarkusVeltri]

BUG- @1AhmedYasser

When the bürokratt session time runs out it gives me a notification "sessioon aegunud" that says the session has ended. It should log me out, but I can still manage around the environment. It logs me out when I click on the X on the box.(look at the screenshot)

[1AhmedYasser]

BUG- @1AhmedYasser

When the bürokratt session time runs out it gives me a notification "sessioon aegunud" that says the session has ended. It should log me out, but I can still manage around the environment. It logs me out when I click on the X on the box.(look at the screenshot)

You want it to be automatic logout ?

[MarkusVeltri]

@1AhmedYasser yep

[MarkusVeltri]

tested and done

[janinakimtrohlev]

done