#211. Fixed with regression test. Tests for client credentials flow a…

…dded.

client-installer/buildNumber.properties

@@ -1,3 +1,3 @@
 #maven.buildNumber.plugin properties file
-#Tue Oct 15 05:53:26 CDT 2024
-buildNumber\\d*=439
+#Wed Oct 16 17:17:09 CDT 2024
+buildNumber\\d*=443

oa4mp-server-oauth2/buildNumber.properties

@@ -1,3 +1,3 @@
 #maven.buildNumber.plugin properties file
-#Tue Oct 15 05:52:22 CDT 2024
-buildNumber\\d*=12364
+#Wed Oct 16 17:16:46 CDT 2024
+buildNumber\\d*=12366

proxy/src/main/java/org/oa4mp/server/proxy/OA2ATServlet.java

@@ -935,8 +935,42 @@ Topography of the store. Auth grants (called temp_token for historical reasons)
                     }
                     break;
             }
+            // Fix for https://github.com/ncsa/oa4mp/issues/211
+            // Needed to check exchange store in case multiple refreshes done at some point.
+            if (t == null) {
+                // if there is no such transaction found, then this is probably from a previous exchange. Go find it
+                try {
+                    if (accessToken != null) {
+                        t = OA2TokenUtils.getTransactionFromTX(oa2se, accessToken, debugger);
+                    }
+                    if (refreshToken != null) {
+                        t = OA2TokenUtils.getTransactionFromTX(oa2se, refreshToken, debugger);
+                        if (t != null) {
+                            rfc8693Thingie.oldRTTX = (TXRecord) oa2se.getTxStore().get(refreshToken.getJTIAsIdentifier());
+                        }
+                    }
+                    if (idToken != null) {
+                        t = OA2TokenUtils.getTransactionFromTX(oa2se, idToken, debugger);
+                    }
+                    if (t != null) {
+                        debugger.trace("found transaction from TX record.");
+                    }
 
-            if (t != null) {
+                } catch (OA2GeneralError oa2GeneralError) {
+                    if (!(debugger instanceof ClientDebugUtil)) {
+                        // last ditch effort to tell us what client is doing this.
+                        info("Could not find transaction for client " + client.getIdentifierString());
+                    }
+                    throw oa2GeneralError;
+                }
+            }
+
+            if (t == null) {
+                // Still null. Ain't one no place. Bail.
+                info("No pending transactions found anywhere for client \"" + client.getIdentifierString() + "\".");
+                throw new OA2ATException(OA2Errors.INVALID_GRANT, "no pending transaction found.", client);
+            }
+            if(!client.getIdentifierString().equals(t.getClient().getIdentifierString())){
 
                 debugger.trace(this, "transaction found, checking for ersatz client:" + t.summary());
 
@@ -1042,38 +1076,6 @@ Topography of the store. Auth grants (called temp_token for historical reasons)
         }
 
 
-        if (t == null) {
-            // if there is no such transaction found, then this is probably from a previous exchange. Go find it
-            try {
-                if (accessToken != null) {
-                    t = OA2TokenUtils.getTransactionFromTX(oa2se, accessToken, debugger);
-                }
-                if (refreshToken != null) {
-                    t = OA2TokenUtils.getTransactionFromTX(oa2se, refreshToken, debugger);
-                    if (t != null) {
-                        rfc8693Thingie.oldRTTX = (TXRecord) oa2se.getTxStore().get(refreshToken.getJTIAsIdentifier());
-                    }
-                }
-                if (idToken != null) {
-                    t = OA2TokenUtils.getTransactionFromTX(oa2se, idToken, debugger);
-                }
-                if (t != null) {
-                    debugger.trace("found transaction from TX record.");
-                }
-
-            } catch (OA2GeneralError oa2GeneralError) {
-                if (!(debugger instanceof ClientDebugUtil)) {
-                    // last ditch effort to tell us what client is doing this.
-                    info("Could not find transaction for client " + client.getIdentifierString());
-                }
-                throw oa2GeneralError;
-            }
-        }
-        if (t == null) {
-            // Still null. Ain't one no place. Bail.
-            info("No pending transactions found anywhere for client \"" + client.getIdentifierString() + "\".");
-            throw new OA2ATException(OA2Errors.INVALID_GRANT, "no pending transaction found.", client);
-        }
         rfc8693Thingie.transaction = t;
         if (client.isErsatzClient() && !client.isReadOnly()) {
             // Gotten this far and there is an ersatz client. Read only is a good as "has been resolved"

qdl/buildNumber.properties

@@ -1,3 +1,3 @@
 #maven.buildNumber.plugin properties file
-#Tue Oct 15 05:53:56 CDT 2024
-buildNumber\\d*=13339
+#Wed Oct 16 17:17:26 CDT 2024
+buildNumber\\d*=13345

server-installer/buildNumber.properties

@@ -1,3 +1,3 @@
 #maven.buildNumber.plugin properties file
-#Tue Oct 15 05:53:24 CDT 2024
-buildNumber\\d*=437
+#Wed Oct 16 17:17:07 CDT 2024
+buildNumber\\d*=441

server-test/buildNumber.properties

@@ -1,3 +1,3 @@
 #maven.buildNumber.plugin properties file
-#Tue Oct 15 05:52:24 CDT 2024
-buildNumber\\d*=11400
+#Wed Oct 16 17:16:47 CDT 2024
+buildNumber\\d*=11402

server-test/src/main/resources/flow-tests/auto/tests/all.qdl

@@ -27,6 +27,7 @@ test.:= [
           [path + 'auto/tests/' +'rtx_refreshes.qdl', initialization],
           [path + 'auto/tests/' +'rtx.qdl',initialization],
           [path + 'auto/tests/' +'revoke.qdl'],
+          [(path + 'auto/tests/rfc8693/') + 'github-211.qdl',  '-subject','at'],
           [(path + 'auto/tests/rfc8693/') + 'ersatz-rt.qdl',  '-subject','at'],
           [(path + 'auto/tests/rfc8693/') + 'ersatz-rt.qdl',  '-subject','rt'],
           [(path + 'auto/tests/rfc8693/') + 'ersatz-fork.qdl', '-at', '-subject','at'],