SEBSERV-417 fix autologin

2024-06-19 16:38:30 +02:00 · 2024-06-19 16:38:30 +02:00 · a31e001f69
commit a31e001f69
parent 1a5bb6ff7d
2 changed files with 6 additions and 4 deletions
--- a/src/main/java/ch/ethz/seb/sebserver/gui/InstitutionalAuthenticationEntryPoint.java
+++ b/src/main/java/ch/ethz/seb/sebserver/gui/InstitutionalAuthenticationEntryPoint.java
@ -130,6 +130,12 @@ public final class InstitutionalAuthenticationEntryPoint implements Authenticati
                    .getBean(AuthorizationContextHolder.class);
            final SEBServerAuthorizationContext authorizationContext = authorizationContextHolder
                    .getAuthorizationContext(request.getSession());
+
+            // check first if we already have an active session if so, invalidate ir
+            if (authorizationContext.isLoggedIn()) {
+                authorizationContext.logout();
+            }
+
            if (authorizationContext.autoLogin(jwt)) {
                forwardToEntryPoint(request, response, this.guiEntryPoint, true);
                return;
--- a/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/OAuth2AuthorizationContextHolder.java
+++ b/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/OAuth2AuthorizationContextHolder.java
@ -270,10 +270,6 @@ public class OAuth2AuthorizationContextHolder implements AuthorizationContextHol
        @Override
        public boolean autoLogin(final String oneTimeToken) {
            try {
-                // check first if we already have an active session if so, invalidate ir
-                if (this.isLoggedIn()) {
-                    this.logout();
-                }

                // Create ad-hoc RestTemplate and call token verification
                final RestTemplate verifyTemplate = new RestTemplate(this.clientHttpRequestFactory);