From a31e001f693749dcdcb9ced964ac7217f4a65a00 Mon Sep 17 00:00:00 2001 From: anhefti Date: Wed, 19 Jun 2024 16:38:30 +0200 Subject: [PATCH] SEBSERV-417 fix autologin --- .../gui/InstitutionalAuthenticationEntryPoint.java | 6 ++++++ .../webservice/auth/OAuth2AuthorizationContextHolder.java | 4 ---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/main/java/ch/ethz/seb/sebserver/gui/InstitutionalAuthenticationEntryPoint.java b/src/main/java/ch/ethz/seb/sebserver/gui/InstitutionalAuthenticationEntryPoint.java index 323e21e0..1fe53bf9 100644 --- a/src/main/java/ch/ethz/seb/sebserver/gui/InstitutionalAuthenticationEntryPoint.java +++ b/src/main/java/ch/ethz/seb/sebserver/gui/InstitutionalAuthenticationEntryPoint.java @@ -130,6 +130,12 @@ public final class InstitutionalAuthenticationEntryPoint implements Authenticati .getBean(AuthorizationContextHolder.class); final SEBServerAuthorizationContext authorizationContext = authorizationContextHolder .getAuthorizationContext(request.getSession()); + + // check first if we already have an active session if so, invalidate ir + if (authorizationContext.isLoggedIn()) { + authorizationContext.logout(); + } + if (authorizationContext.autoLogin(jwt)) { forwardToEntryPoint(request, response, this.guiEntryPoint, true); return; diff --git a/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/OAuth2AuthorizationContextHolder.java b/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/OAuth2AuthorizationContextHolder.java index fd5b6dfa..2314ab37 100644 --- a/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/OAuth2AuthorizationContextHolder.java +++ b/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/OAuth2AuthorizationContextHolder.java @@ -270,10 +270,6 @@ public class OAuth2AuthorizationContextHolder implements AuthorizationContextHol @Override public boolean autoLogin(final String oneTimeToken) { try { - // check first if we already have an active session if so, invalidate ir - if (this.isLoggedIn()) { - this.logout(); - } // Create ad-hoc RestTemplate and call token verification final RestTemplate verifyTemplate = new RestTemplate(this.clientHttpRequestFactory);