Skip to content

Commit

Permalink
Merge pull request #2665 from ThaminduDilshan/thamindu-revoke-fix
Browse files Browse the repository at this point in the history 
Fix token revocation for role deletion or user un-assignment from the role
  • Loading branch information
@ThaminduDilshan
ThaminduDilshan authored Jan 9, 2025
2 parents efceef3 + be46f12 commit 5289eb2
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 8 deletions.
2 changes: 1 addition & 1 deletion ...rg.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -715,7 +715,7 @@ private static AuthenticatedUser buildAuthenticatedUser(UserStoreManager userSto
AuthenticatedUser authenticatedUser = new AuthenticatedUser();
authenticatedUser.setUserStoreDomain(userStoreDomain);
authenticatedUser.setTenantDomain(tenantDomain);
authenticatedUser.setUserName(username);
authenticatedUser.setUserName(UserCoreUtil.removeDomainFromName(username));
boolean isOrganization;
try {
isOrganization = OrganizationManagementUtil.isOrganization(tenantDomain);
Expand Down
33 changes: 26 additions & 7 deletions ...auth/src/main/java/org/wso2/carbon/identity/oauth/listener/IdentityOauthEventHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -490,23 +490,24 @@ private void terminateSession(List<String> userIDList, String roleId, String ten
throws IdentityEventException {

try {
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
UserStoreManager userStoreManager = getUserStoreManager(tenantId);

String userName;
if (CollectionUtils.isNotEmpty(userIDList)) {
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
UserStoreManager userStoreManager = getUserStoreManager(tenantId);

for (String userId : userIDList) {
try {
userName = FrameworkUtils.resolveUserNameFromUserId(userStoreManager, userId);
String userName = FrameworkUtils.resolveUserNameFromUserId(userStoreManager, userId);
if (userName == null) {
log.warn("User name is null for user id: " + userId + ". Hence skipping " +
"token revocation and session termination processes.");
continue;
}
UserStoreManager userStoreManagerOfUser = getUserStoreManagerOfUser(
userStoreManager, userName);
OAuth2ServiceComponentHolder.getInstance()
.getRevocationProcessor()
.revokeTokens(userName, userStoreManager, roleId);
OAuthUtil.removeUserClaimsFromCache(userName, userStoreManager);
.revokeTokens(userName, userStoreManagerOfUser, roleId);
OAuthUtil.removeUserClaimsFromCache(userName, userStoreManagerOfUser);
} catch (UserSessionException e) {
String errorMsg = "Error occurred while revoking access token for user Id: " + userId;
log.error(errorMsg, e);
Expand All @@ -520,4 +521,22 @@ private void terminateSession(List<String> userIDList, String roleId, String ten
throw new IdentityEventException(errorMsg, e);
}
}

/**
* Get the user store manager of the user.
*
* @param userStoreManager User store manager.
* @param userName Username of the user.
* @return User store manager of the user.
*/
private UserStoreManager getUserStoreManagerOfUser(UserStoreManager userStoreManager, String userName) {

String userStoreDomainOfUser = IdentityUtil.extractDomainFromName(userName);
UserStoreManager secondaryUserStoreManager = userStoreManager.getSecondaryUserStoreManager(
userStoreDomainOfUser);
if (secondaryUserStoreManager == null) {
return userStoreManager;
}
return secondaryUserStoreManager;
}
}

0 comments on commit 5289eb2

Please sign in to comment.