Merged in task/dspace-cris-2025_02_x/DSC-2791 (pull request DSpace#5579)

DSC-2791

Approved-by: Mykhaylo Boychuk

Author: vins01-4science

dspace-server-webapp/src/main/java/org/dspace/app/rest/security/jwt/JWTTokenHandler.java

@@ -390,7 +390,7 @@ private JWTClaimsSet buildJwtClaimsSet(Context context, HttpServletRequest reque
 
         return builder
             .expirationTime(java.util.Date.from(
-                Instant.ofEpochMilli(Instant.now().toEpochMilli() + getExpirationPeriod())))
+                Instant.ofEpochMilli(Instant.now().toEpochMilli() + expirationPeriod)))
             .build();
     }
 

dspace-server-webapp/src/test/java/org/dspace/app/rest/AuthenticationRestControllerIT.java

@@ -38,6 +38,7 @@
 import java.io.InputStream;
 import java.text.ParseException;
 import java.util.Base64;
+import java.util.Date;
 import java.util.Map;
 import java.util.concurrent.atomic.AtomicReference;
 
@@ -1888,6 +1889,48 @@ private boolean tokenClaimsEqual(String token1, String token2) {
         }
     }
 
+    private Date getTokenExpiration(String token) throws ParseException {
+        SignedJWT signedJWT = SignedJWT.parse(token);
+        return signedJWT.getJWTClaimsSet().getExpirationTime();
+    }
+
+    @Test
+    public void testMachineTokenExpirationUsesCorrectPeriod() throws Exception {
+        configurationService.setProperty("jwt.login.machine-token.expiration", "7200000");
+        configurationService.setProperty("jwt.login.token.expiration", "1800000");
+
+        context.turnOffAuthorisationSystem();
+        EPerson user = EPersonBuilder.createEPerson(context)
+            .withCanLogin(true)
+            .withPassword(password)
+            .withEmail("machine-token-exp-test@test.com")
+            .build();
+        context.restoreAuthSystemState();
+
+        String loginToken = getAuthToken(user.getEmail(), password);
+
+        AtomicReference<String> machineToken = new AtomicReference<>();
+        getClient(loginToken).perform(post("/api/authn/machinetokens"))
+            .andExpect(status().isOk())
+            .andExpect(jsonPath("$.token", notNullValue()))
+            .andExpect(jsonPath("$.type", is("machinetoken")))
+            .andDo(result -> machineToken.set(
+                read(result.getResponse().getContentAsString(), "$.token")));
+
+        Date loginExpiration = getTokenExpiration(loginToken);
+        Date machineExpiration = getTokenExpiration(machineToken.get());
+
+        assertTrue("Machine token should expire after login token",
+            machineExpiration.after(loginExpiration));
+
+        long diffMillis = machineExpiration.getTime() - loginExpiration.getTime();
+        assertTrue("Difference should be ~1.5 hours (5400000ms), was: " + diffMillis,
+            Math.abs(diffMillis - 5400000) < 60000);
+
+        getClient(loginToken).perform(post("/api/authn/logout"))
+            .andExpect(status().isNoContent());
+    }
+
     @Test
     public void testShibbolethStaffMappedToStaffAndMembers() throws Exception {
         context.turnOffAuthorisationSystem();