diff --git a/backend/core/src/main/java/org/opencdmp/query/UserQuery.java b/backend/core/src/main/java/org/opencdmp/query/UserQuery.java index 6903e91e3..32ee7f2dc 100644 --- a/backend/core/src/main/java/org/opencdmp/query/UserQuery.java +++ b/backend/core/src/main/java/org/opencdmp/query/UserQuery.java @@ -235,20 +235,11 @@ public class UserQuery extends QueryBase { if (this.userScope.isSet()) userId = this.userScope.getUserIdSafe(); else throw new MyNotFoundException("Only user scoped allowed"); - Subquery dmpUserDmpQuery = this.queryUtilsService.buildSubQuery(new BuildSubQueryInput<>( - new BuildSubQueryInput.Builder<>(DmpUserEntity.class, UUID.class, queryContext) - .keyPathFunc((subQueryRoot) -> subQueryRoot.get(DmpUserEntity._dmpId)) - .filterFunc((subQueryRoot, cb) -> cb.and( - cb.equal(subQueryRoot.get(DmpUserEntity._userId), userId), - cb.equal(subQueryRoot.get(DmpUserEntity._isActive), IsActive.Active) - )) - )); - Subquery dmpUserUserQuery = this.queryUtilsService.buildSubQuery(new BuildSubQueryInput<>( new BuildSubQueryInput.Builder<>(DmpUserEntity.class, UUID.class, queryContext) .keyPathFunc((subQueryRoot) -> subQueryRoot.get(DmpUserEntity._userId)) .filterFunc((subQueryRoot, cb) -> cb.and( - cb.in(subQueryRoot.get(DmpUserEntity._dmpId)).value(dmpUserDmpQuery) , + cb.in(subQueryRoot.get(DmpUserEntity._dmpId)).value(this.queryUtilsService.buildDmpAuthZSubQuery(queryContext.Query, queryContext.CriteriaBuilder, userId, false)) , cb.equal(subQueryRoot.get(DmpUserEntity._isActive), IsActive.Active) )) )); diff --git a/dmp-frontend/src/app/core/services/auth/auth.service.ts b/dmp-frontend/src/app/core/services/auth/auth.service.ts index 7002dc306..1eb9a9dbe 100644 --- a/dmp-frontend/src/app/core/services/auth/auth.service.ts +++ b/dmp-frontend/src/app/core/services/auth/auth.service.ts @@ -262,7 +262,16 @@ export class AuthService extends BaseService { if ( e.type === KeycloakEventType.OnTokenExpired ) { - this.refreshToken({}); + this.refreshToken({}).then((isRefreshed) => { + if (!isRefreshed) { + this.clear(); + } + + return isRefreshed; + }).catch(x => { + this.clear(); + throw x; + }); } }, }); @@ -275,7 +284,7 @@ export class AuthService extends BaseService { } public refreshToken(httpParams?: Object): Promise { - return this.keycloakService.updateToken(60).then((isRefreshed) => { + return this.keycloakService.updateToken().then((isRefreshed) => { if (!isRefreshed) { return false; } diff --git a/dmp-frontend/src/common/http/interceptors/unauthorized-response.interceptor.ts b/dmp-frontend/src/common/http/interceptors/unauthorized-response.interceptor.ts index d207e126c..a06eb56e3 100644 --- a/dmp-frontend/src/common/http/interceptors/unauthorized-response.interceptor.ts +++ b/dmp-frontend/src/common/http/interceptors/unauthorized-response.interceptor.ts @@ -48,6 +48,9 @@ export class UnauthorizedResponseInterceptor extends BaseInterceptor { } return true; + }).catch(x => { + this.logoutUser(); + return false; }) ).pipe(filter((x) => x)); } @@ -65,8 +68,10 @@ export class UnauthorizedResponseInterceptor extends BaseInterceptor { } private logoutUser() { - //this.authService.clear(); - if (!this.isLoginRoute() && !this.isSignupRoute()) { this.router.navigate(['/unauthorized']); } + if (!this.isLoginRoute() && !this.isSignupRoute()) { + this.authService.clear(); + this.router.navigate(['/unauthorized']); + } } private isLoginRoute(): boolean {