From 60258efa7cd80c719bcbbf2a05d60f8bb9677833 Mon Sep 17 00:00:00 2001
From: mwithi <alessandro.domanico@yahoo.it>
Date: Thu, 26 Sep 2024 19:23:03 +0200
Subject: [PATCH] Apply code review suggestions

---
 .../org/isf/security/jwt/TokenProvider.java    | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/src/main/java/org/isf/security/jwt/TokenProvider.java b/src/main/java/org/isf/security/jwt/TokenProvider.java
index 124fe1a8..c05b840c 100644
--- a/src/main/java/org/isf/security/jwt/TokenProvider.java
+++ b/src/main/java/org/isf/security/jwt/TokenProvider.java
@@ -83,11 +83,11 @@ public void init() {
 		byte[] keyBytes = secret.getBytes(StandardCharsets.UTF_8);
 		this.key = Keys.hmacShaKeyFor(keyBytes);
 
-		// 15 minutes (900,000 milliseconds)
-		this.tokenValidityInMilliseconds = 1000L * 60 * 15;
+		// 30 minutes (900,000 milliseconds)
+		this.tokenValidityInMilliseconds = 1000L * 60 * 30;
 
-		// 7 days (604,800,000 milliseconds)
-		this.tokenValidityInMillisecondsForRememberMe = 1000L * 60 * 60 * 24 * 7;
+		// 3 days (604,800,000 milliseconds)
+		this.tokenValidityInMillisecondsForRememberMe = 1000L * 60 * 60 * 24 * 3;
 
 		this.jwtParser = Jwts.parserBuilder().setSigningKey(this.key).build();
 	}
@@ -163,9 +163,8 @@ public String generateRefreshToken(Authentication authentication) {
 	public Authentication getAuthentication(String token) {
 		final Claims claims = getAllClaimsFromToken(token);
 
-		/* 
-		 * claims.get(AUTHORITIES_KEY) cannot be null, at least an empty string
-		 * Left for security but not testable
+		/*
+		 * claims.get(AUTHORITIES_KEY) cannot be null, at least an empty string Left for security but not testable
 		 */
 		String authoritiesClaim = claims.get(AUTHORITIES_KEY) != null ? claims.get(AUTHORITIES_KEY).toString() : "";
 		if (authoritiesClaim.isEmpty()) {
@@ -190,9 +189,8 @@ public Authentication getAuthenticationByUsername(String username) {
 	public TokenValidationResult validateToken(String token) {
 		try {
 			Claims claims = Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(token).getBody();
-			/* 
-			 * If claims.getSubject() not null for sure is not empy.
-			 * Left here for security but not testable
+			/*
+			 * If claims.getSubject() not null for sure is not empy. Left here for security but not testable
 			 */
 			if (claims.getSubject() == null || claims.getSubject().isEmpty()) {
 				throw new IllegalArgumentException("JWT claims string is empty.");