Skip to content

Commit

Permalink
Do not cache disabled tokens (#7061)
Browse files Browse the repository at this point in the history
* Deactivated records should get 409 on GET requests

* Do not cache the token if it id disabled, since the token does not know its disabled state

* Remove unused imports
  • Loading branch information
amontenegro authored Aug 6, 2024
1 parent 168063c commit ee144da
Show file tree
Hide file tree
Showing 5 changed files with 19 additions and 8 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,8 @@ public Response toResponse(Throwable t) {
logShortError(t, clientId);
} else if (t instanceof InvalidPutCodeException) {
logShortError(t, clientId);
} else if (t instanceof MismatchedPutCodeException) {
logShortError(t, clientId);
} else {
LOGGER.error("An exception has occured processing request from client " + clientId, t);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -162,8 +162,11 @@ public Response obtainOauth2Token(String authorization, MultivaluedMap<String, S
}
}

// Do not put the token in the cache if the token is disabled
if(token.getAdditionalInformation() != null && !token.getAdditionalInformation().containsKey(OrcidOauth2Constants.TOKEN_DISABLED)) {
setToCache(client.getName(), token);
}
removeMetadataFromToken(token);
setToCache(client.getName(), token);
return getResponse(token);
} catch (InvalidGrantException e){ //this needs to be caught here so the transaction doesn't roll back
OAuthError error = OAuthErrorUtils.getOAuthError(e);
Expand Down Expand Up @@ -307,6 +310,8 @@ protected void removeMetadataFromToken(OAuth2AccessToken accessToken) {
accessToken.getAdditionalInformation().remove(OrcidOauth2Constants.DATE_CREATED);
if(accessToken.getAdditionalInformation().containsKey(OrcidOauth2Constants.TOKEN_ID))
accessToken.getAdditionalInformation().remove(OrcidOauth2Constants.TOKEN_ID);
if(accessToken.getAdditionalInformation().containsKey(OrcidOauth2Constants.TOKEN_DISABLED))
accessToken.getAdditionalInformation().remove(OrcidOauth2Constants.TOKEN_DISABLED);
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ public class OrcidOauth2Constants {
public static final String IETF_EXCHANGE_SUBJECT_TOKEN = "subject_token";
public static final String IETF_EXCHANGE_SUBJECT_TOKEN_TYPE = "subject_token_type";
public static final String IETF_EXCHANGE_REQUESTED_TOKEN_TYPE = "requested_token_type";
public static final String TOKEN_DISABLED = "token_disabled";

public static final String CODE_RESPONSE_TYPE = "code";

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@

import com.nimbusds.jwt.SignedJWT;

import static org.orcid.core.constants.OrcidOauth2Constants.TOKEN_DISABLED;

public class IETFTokenExchangeResponse implements OAuth2AccessToken {

private Map<String, Object> additionalInformation = new HashMap<String, Object>();
Expand Down Expand Up @@ -47,6 +49,9 @@ public static IETFTokenExchangeResponse accessToken(OAuth2AccessToken accessTok
if (accessToken.getAdditionalInformation().containsKey("name")) {
token.additionalInformation.put("name",accessToken.getAdditionalInformation().get("name"));
}
if(accessToken.getAdditionalInformation().containsKey(TOKEN_DISABLED)) {
token.additionalInformation.put(TOKEN_DISABLED, "true");
}
return token;
}

Expand Down
Original file line number Diff line number Diff line change
@@ -1,12 +1,6 @@
package org.orcid.core.oauth.service;

import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.*;

import javax.annotation.Resource;
import javax.persistence.PersistenceException;
Expand Down Expand Up @@ -465,6 +459,10 @@ public OAuth2AccessToken createRevokedAccessToken(OAuth2Authentication authentic
// create the regular token
DefaultOAuth2AccessToken accessToken = generateAccessToken(authentication);
try {
if(accessToken.getAdditionalInformation() == null) {
accessToken.setAdditionalInformation(Collections.emptyMap());
}
accessToken.getAdditionalInformation().put(OrcidOauth2Constants.TOKEN_DISABLED, true);
orcidTokenStore.storeRevokedAccessToken(accessToken, authentication, revokeReason);
} catch (PersistenceException e) {
// In the unlikely case that there is a constraint violation, lets
Expand Down

0 comments on commit ee144da

Please sign in to comment.