Merge branch 'main' into allow-token-exchange-if-at-least-one-token-is-not-revoked

Author: amontenegro

CHANGELOG.md

@@ -1,3 +1,75 @@
+## v2.72.15 - 2025-03-10
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.72.14...v2.72.15)
+
+## v2.72.14 - 2025-03-10
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.72.13...v2.72.14)
+
+## v2.72.13 - 2025-03-06
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.72.12...v2.72.13)
+
+## v2.72.12 - 2025-03-06
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.72.11...v2.72.12)
+
+## v2.72.11 - 2025-03-06
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.72.10...v2.72.11)
+
+## v2.72.10 - 2025-03-06
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.72.9...v2.72.10)
+
+## v2.72.9 - 2025-03-05
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.72.8...v2.72.9)
+
+## v2.72.8 - 2025-03-05
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.72.7...v2.72.8)
+
+## v2.72.7 - 2025-03-04
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.72.6...v2.72.7)
+
+## v2.72.6 - 2025-03-04
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.72.5...v2.72.6)
+
+## v2.72.5 - 2025-03-03
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.72.4...v2.72.5)
+
+## v2.72.4 - 2025-03-03
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.72.3...v2.72.4)
+
+- [#7235](https://github.com/ORCID/ORCID-Source/pull/7235): Fix switch user role
+
+## v2.72.3 - 2025-03-03
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.72.2...v2.72.3)
+
+- [#7234](https://github.com/ORCID/ORCID-Source/pull/7234): Do not save the session on email verification events
+
+## v2.72.2 - 2025-03-03
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.72.1...v2.72.2)
+
+## v2.72.1 - 2025-02-25
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.72.0...v2.72.1)
+
+## v2.72.0 - 2025-02-25
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.71.22...v2.72.0)
+
+## v2.71.23 - 2025-02-24
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.71.22...v2.71.23)
+
 ## v2.71.22 - 2025-02-20
 
 [Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.71.21...v2.71.22)

orcid-api-common/src/main/java/org/orcid/api/common/jaxb/OrcidExceptionMapper.java

@@ -88,7 +88,14 @@ public class OrcidExceptionMapper implements ExceptionMapper<Throwable> {
     public Response toResponse(Throwable t) {
         // Whatever exception has been caught, make sure we log it.
         String clientId = securityManager.getClientIdFromAPIRequest();
-        if(t instanceof OrcidDeprecatedException
+        if(t instanceof OrcidInvalidScopeException) {
+            // This exception happens on client_credentials grant, so, the security manager doesn't have the client id info
+            OrcidInvalidScopeException ex = (OrcidInvalidScopeException) t;
+            if(clientId == null) {
+                clientId = ex.getClientId();
+            }
+            logShortError(t, clientId);
+        } else if(t instanceof OrcidDeprecatedException
                 || t instanceof LockedException
                 || t instanceof DeactivatedException
                 || t instanceof OrcidNoBioException

orcid-api-common/src/main/java/org/orcid/api/common/oauth/OrcidClientCredentialEndPointDelegatorImpl.java

@@ -131,7 +131,7 @@ public Response obtainOauth2Token(String authorization, MultivaluedMap<String, S
                     if(scopeType.isInternalScope()) {
                         // You should not allow any internal scope here! go away!
                         String message = localeManager.resolveMessage("apiError.9015.developerMessage", new Object[]{});
-                        throw new OrcidInvalidScopeException(message);
+                        throw new OrcidInvalidScopeException(message, clientId, scope);
                     } else if(OrcidOauth2Constants.GRANT_TYPE_CLIENT_CREDENTIALS.equals(grantType)) {
                         if(!scopeType.isClientCreditalScope())
                             toRemove.add(scope);
@@ -147,7 +147,10 @@ public Response obtainOauth2Token(String authorization, MultivaluedMap<String, S
             }                        
         } catch (IllegalArgumentException iae) {
             String message = localeManager.resolveMessage("apiError.9015.developerMessage", new Object[]{});
-            throw new OrcidInvalidScopeException(message);
+            if(scopes != null) {
+                message += " Provided scopes: " + String.join(",", scopes);
+            }
+            throw new OrcidInvalidScopeException(message, clientId, iae.getMessage());
         }
 
         try{

orcid-core/pom.xml

@@ -326,8 +326,18 @@
 		<dependency>
 		    <groupId>redis.clients</groupId>
 		    <artifactId>jedis</artifactId>
-		    <version>4.4.3</version>
+		    <version>3.7.1</version>
 		</dependency>
+
+
+        <!-- https://mvnrepository.com/artifact/org.json/json -->
+        <dependency>
+            <groupId>org.json</groupId>
+            <artifactId>json</artifactId>
+            <version>20240303</version>
+        </dependency>
+
+
     </dependencies>
     <build>
         <plugins>

orcid-core/src/main/java/org/orcid/core/adapter/impl/MapperFacadeFactory.java

@@ -109,6 +109,7 @@
 import org.orcid.persistence.jpa.entities.SourceAwareEntity;
 import org.orcid.persistence.jpa.entities.StartDateEntity;
 import org.orcid.persistence.jpa.entities.WorkEntity;
+import org.orcid.persistence.jpa.entities.keys.ClientRedirectUriPk;
 import org.orcid.pojo.ajaxForm.PojoUtil;
 import org.orcid.utils.OrcidStringUtils;
 import org.springframework.beans.factory.FactoryBean;
@@ -1040,10 +1041,10 @@ public void mapAtoB(Client a, ClientDetailsEntity b, MappingContext context) {
                             b.getClientRegisteredRedirectUris().add(existingEntity);
                         } else {
                             ClientRedirectUriEntity newEntity = new ClientRedirectUriEntity();
-                            newEntity.setClientDetailsEntity(b);
-                            newEntity.setPredefinedClientScope(ScopePathType.getScopesAsSingleString(cru.getPredefinedClientScopes()));
+                            newEntity.setClientId(b.getClientId());
                             newEntity.setRedirectUri(cru.getRedirectUri());
                             newEntity.setRedirectUriType(cru.getRedirectUriType());
+                            newEntity.setPredefinedClientScope(ScopePathType.getScopesAsSingleString(cru.getPredefinedClientScopes()));
                             newEntity.setUriActType(cru.getUriActType());
                             newEntity.setUriGeoArea(cru.getUriGeoArea());
                             b.getClientRegisteredRedirectUris().add(newEntity);

orcid-core/src/main/java/org/orcid/core/adapter/v3/impl/MapperFacadeFactory.java

@@ -37,7 +37,6 @@
 import org.orcid.core.manager.SourceNameCacheManager;
 import org.orcid.core.manager.impl.OrcidUrlManager;
 import org.orcid.core.manager.v3.read_only.ClientDetailsManagerReadOnly;
-import org.orcid.core.togglz.Features;
 import org.orcid.core.utils.JsonUtils;
 import org.orcid.core.utils.SourceEntityUtils;
 import org.orcid.core.utils.v3.identifiers.PIDNormalizationService;
@@ -141,6 +140,7 @@
 import org.orcid.persistence.jpa.entities.SpamEntity;
 import org.orcid.persistence.jpa.entities.StartDateEntity;
 import org.orcid.persistence.jpa.entities.WorkEntity;
+import org.orcid.persistence.jpa.entities.keys.ClientRedirectUriPk;
 import org.orcid.pojo.WorkExtended;
 import org.orcid.pojo.WorkSummaryExtended;
 import org.orcid.pojo.ajaxForm.PojoUtil;
@@ -1198,10 +1198,10 @@ public void mapAtoB(Client a, ClientDetailsEntity b, MappingContext context) {
                             b.getClientRegisteredRedirectUris().add(existingEntity);
                         } else {
                             ClientRedirectUriEntity newEntity = new ClientRedirectUriEntity();
-                            newEntity.setClientDetailsEntity(b);
-                            newEntity.setPredefinedClientScope(ScopePathType.getScopesAsSingleString(cru.getPredefinedClientScopes()));
+                            newEntity.setClientId(b.getClientId());
                             newEntity.setRedirectUri(cru.getRedirectUri());
                             newEntity.setRedirectUriType(cru.getRedirectUriType());
+                            newEntity.setPredefinedClientScope(ScopePathType.getScopesAsSingleString(cru.getPredefinedClientScopes()));
                             newEntity.setUriActType(cru.getUriActType());
                             newEntity.setUriGeoArea(cru.getUriGeoArea());
                             newEntity.setStatus(ClientRedirectUriStatus.valueOf(cru.getStatus()));

orcid-core/src/main/java/org/orcid/core/cli/AddGrantTypeToExistingClients.java

@@ -11,6 +11,7 @@
 import org.orcid.jaxb.model.clientgroup.ClientType;
 import org.orcid.persistence.jpa.entities.ClientAuthorisedGrantTypeEntity;
 import org.orcid.persistence.jpa.entities.ClientDetailsEntity;
+import org.orcid.persistence.jpa.entities.keys.ClientAuthorisedGrantTypePk;
 import org.orcid.pojo.ajaxForm.PojoUtil;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.support.ClassPathXmlApplicationContext;
@@ -49,11 +50,6 @@ public static void main(String [] args) {
             addGrantTypeToExistingClients.validateParameters(parser);
             addGrantTypeToExistingClients.init();
             addGrantTypeToExistingClients.process();
-            System.out.println();
-            System.out.println();
-            System.out.println(addGrantTypeToExistingClients.getClientsUpdated() + " clients were updated");
-            System.out.println();
-            System.out.println();
         } catch (CmdLineException e) {
             System.err.println(e.getMessage());
             parser.printUsage(System.err);
@@ -110,14 +106,11 @@ private void updateGrantTypes(ClientDetailsEntity clientDetails) {
             if (!alreadyHaveGrantType) {
                 ClientAuthorisedGrantTypeEntity newGrantType = new ClientAuthorisedGrantTypeEntity();
                 newGrantType.setGrantType(grantType);
-                newGrantType.setClientDetailsEntity(clientDetails);
+                newGrantType.setClientId(clientDetails.getClientId());
                 clientDetails.getClientAuthorizedGrantTypes().add(newGrantType);
 
                 clientDetailsManager.merge(clientDetails);
                 clientsUpdated += 1;
-                System.out.println("Client " + clientDetails.getId() + " has been updated");                
-            } else {
-                System.out.println("Client " + clientDetails.getId() + " already have the " + grantType + " scope");
             }
         }                
     }        

orcid-core/src/main/java/org/orcid/core/cli/AddReadPublicScopeToNoneInstitutionMembers.java

@@ -7,6 +7,7 @@
 import org.orcid.jaxb.model.message.ScopePathType;
 import org.orcid.persistence.jpa.entities.ClientDetailsEntity;
 import org.orcid.persistence.jpa.entities.ClientScopeEntity;
+import org.orcid.persistence.jpa.entities.keys.ClientScopePk;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.support.ClassPathXmlApplicationContext;
 import org.springframework.transaction.TransactionStatus;
@@ -70,8 +71,9 @@ private void updateScopes(ClientDetailsEntity clientDetails) {
 
         if (!alreadyHaveReadPublicScope) {
             ClientScopeEntity clientScope = new ClientScopeEntity();
-            clientScope.setClientDetailsEntity(clientDetails);
-            clientScope.setScopeType(ScopePathType.READ_PUBLIC.value());
+            ClientScopePk pk = new ClientScopePk();
+            pk.setClientId(clientDetails.getClientId());
+            pk.setScopeType(ScopePathType.READ_PUBLIC.value());
             clientDetails.getClientScopes().add(clientScope);
             clientDetailsManager.merge(clientDetails);
             clientsUpdated += 1;

orcid-core/src/main/java/org/orcid/core/cli/AddScopesToExistingClients.java

@@ -12,6 +12,7 @@
 import org.orcid.jaxb.model.message.ScopePathType;
 import org.orcid.persistence.jpa.entities.ClientDetailsEntity;
 import org.orcid.persistence.jpa.entities.ClientScopeEntity;
+import org.orcid.persistence.jpa.entities.keys.ClientScopePk;
 import org.orcid.pojo.ajaxForm.PojoUtil;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.support.ClassPathXmlApplicationContext;
@@ -127,7 +128,7 @@ private void updateScopes(ClientDetailsEntity clientDetails) {
 
             if (!alreadyHaveScope) {
                 ClientScopeEntity clientScope = new ClientScopeEntity();
-                clientScope.setClientDetailsEntity(clientDetails);
+                clientScope.setClientId(clientDetails.getClientId());
                 clientScope.setScopeType(scope.value());
                 clientDetails.getClientScopes().add(clientScope);
                 clientDetailsManager.merge(clientDetails);

orcid-core/src/main/java/org/orcid/core/cli/CreateNewClientSecrets.java

@@ -146,7 +146,7 @@ private void createFromFile() {
 
     private void createNewClientSecret(ClientDetailsEntity clientDetails) {
         String clientSecret = UUID.randomUUID().toString();
-        clientDetails.getClientSecrets().add(new ClientSecretEntity(encryptionManager.encryptForInternalUse(clientSecret), clientDetails));
+        clientDetails.getClientSecrets().add(new ClientSecretEntity(encryptionManager.encryptForInternalUse(clientSecret), clientDetails.getClientId()));
         clientDetailsManager.merge(clientDetails);
         String output = String.format("%s\t%s\t%s\n", clientDetails.getId(), clientDetails.getClientName(), clientSecret);
         output(output);

orcid-core/src/main/java/org/orcid/core/common/manager/EventManager.java

@@ -13,6 +13,8 @@ public interface EventManager {
 
     void createEvent(EventType eventType, HttpServletRequest request);
 
+    void createReauthorizeEvent(String clientId);
+
     void createPapiEvent(String clientId, String ip, boolean anonymous);
 
 }

orcid-core/src/main/java/org/orcid/core/common/manager/impl/EventManagerImpl.java

@@ -20,7 +20,6 @@
 import org.orcid.persistence.jpa.entities.EventEntity;
 import org.orcid.persistence.jpa.entities.EventType;
 import org.orcid.pojo.ajaxForm.PojoUtil;
-import org.orcid.pojo.ajaxForm.RequestInfoForm;
 
 /**
  *
@@ -45,42 +44,51 @@ public void createEvent(EventType eventType, HttpServletRequest request) {
 
         if (request != null) {
             Boolean isOauth2ScreensRequest = (Boolean) request.getSession().getAttribute(OrcidOauth2Constants.OAUTH_2SCREENS);
-            RequestInfoForm requestInfoForm = (RequestInfoForm) request.getSession().getAttribute("requestInfoForm");
-            if (requestInfoForm != null) {
-                clientId = requestInfoForm.getClientId();
-                label = "OAuth " + requestInfoForm.getMemberName() + " " + requestInfoForm.getClientName();
-            } else if (isOauth2ScreensRequest != null && isOauth2ScreensRequest) {
+            if (isOauth2ScreensRequest != null && isOauth2ScreensRequest) {
                 String queryString = (String) request.getSession().getAttribute(OrcidOauth2Constants.OAUTH_QUERY_STRING);
                 clientId = getParameterValue(queryString, "client_id");
-                ClientDetailsEntity clientDetailsEntity = clientDetailsEntityCacheManager.retrieve(clientId);
-                String memberName = "";
-                String clientName = clientDetailsEntity.getClientName();
-
-                if (ClientType.PUBLIC_CLIENT.equals(clientDetailsEntity.getClientType())) {
-                    memberName = "PubApp";
-                } else if (!PojoUtil.isEmpty(clientDetailsEntity.getGroupProfileId())) {
-                    Name name = recordNameManagerReadOnly.getRecordName(clientDetailsEntity.getGroupProfileId());
-                    if (name != null) {
-                        memberName = name.getCreditName() != null ? name.getCreditName().getContent() : "";
-                    }
-                }
-
-                if (StringUtils.isBlank(memberName)) {
-                    memberName = clientName;
-                }
-                label = "OAuth " + memberName + " " + clientName;
+                label = generateLabel(clientId);
             }
         }
 
         EventEntity eventEntity = new EventEntity();
-
         eventEntity.setEventType(eventType.getValue());
         eventEntity.setClientId(clientId);
         eventEntity.setLabel(label);
         eventEntity.setDateCreated(new Date());
         eventDao.createEvent(eventEntity);
     }
 
+    @Override
+    public void createReauthorizeEvent(String clientId) {
+        EventEntity eventEntity = new EventEntity();
+        eventEntity.setEventType(EventType.REAUTHORIZE.getValue());
+        eventEntity.setClientId(clientId);
+        eventEntity.setLabel(generateLabel(clientId));
+        eventEntity.setDateCreated(new Date());
+        eventDao.createEvent(eventEntity);
+    }
+
+    private String generateLabel(String clientId) {
+        ClientDetailsEntity clientDetailsEntity = clientDetailsEntityCacheManager.retrieve(clientId);
+        String memberName = "";
+        String clientName = clientDetailsEntity.getClientName();
+
+        if (ClientType.PUBLIC_CLIENT.equals(clientDetailsEntity.getClientType())) {
+            memberName = "PubApp";
+        } else if (!PojoUtil.isEmpty(clientDetailsEntity.getGroupProfileId())) {
+            Name name = recordNameManagerReadOnly.getRecordName(clientDetailsEntity.getGroupProfileId());
+            if (name != null) {
+                memberName = name.getCreditName() != null ? name.getCreditName().getContent() : "";
+            }
+        }
+
+        if (StringUtils.isBlank(memberName)) {
+            memberName = clientName;
+        }
+        return "OAuth " + memberName + " " + clientName;
+    }
+
     private String getParameterValue(String queryString, String parameter)  {
         if (StringUtils.isNotEmpty(queryString)) {
             try {