From e6c453e2bb4565eefd2c8943c24c74c517db8d67 Mon Sep 17 00:00:00 2001
From: Mauro Mugnaini <themaxx76@gmail.com>
Date: Wed, 20 Jan 2021 01:02:24 +0100
Subject: [PATCH] Restored per-session token removal. Logs revised. (#20445)

---
 .../oidc/lr62/OpenIdConnectAutoLogin.java     | 10 +++----
 .../portal/oidc/lr62/PostLoginAction.java     | 26 ++++++++++++-------
 .../oidc/lr62/SessionDestroyAction.java       | 19 ++++++++------
 3 files changed, 32 insertions(+), 23 deletions(-)

diff --git a/src/main/java/org/gcube/portal/oidc/lr62/OpenIdConnectAutoLogin.java b/src/main/java/org/gcube/portal/oidc/lr62/OpenIdConnectAutoLogin.java
index 52aba7f..a20c813 100644
--- a/src/main/java/org/gcube/portal/oidc/lr62/OpenIdConnectAutoLogin.java
+++ b/src/main/java/org/gcube/portal/oidc/lr62/OpenIdConnectAutoLogin.java
@@ -38,16 +38,16 @@ public class OpenIdConnectAutoLogin extends BaseAutoLogin {
 
     @Override
     public String[] doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception {
-        if (log.isTraceEnabled() && request.getSession(false) != null) {
-            log.trace("Session details: id=" + request.getSession(false).getId() + ", instance="
-                    + request.getSession(false));
-        }
         JWTToken token = JWTTokenUtil.getOIDCFromRequest(request);
         if (token == null) {
-            if (log.isTraceEnabled() && request.getSession(false) != null) {
+            if (log.isTraceEnabled()) {
                 log.trace("OIDC token is null. Can't perform auto login");
             }
             return null;
+        } else {
+            if (log.isDebugEnabled()) {
+                log.debug("Perform auto login with OIDC token " + token.getTokenEssentials());
+            }
         }
         LiferayOpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
         long companyId = PortalUtil.getCompanyId(request);
diff --git a/src/main/java/org/gcube/portal/oidc/lr62/PostLoginAction.java b/src/main/java/org/gcube/portal/oidc/lr62/PostLoginAction.java
index 20eabe3..d95e81c 100644
--- a/src/main/java/org/gcube/portal/oidc/lr62/PostLoginAction.java
+++ b/src/main/java/org/gcube/portal/oidc/lr62/PostLoginAction.java
@@ -13,6 +13,7 @@ import com.liferay.portal.kernel.events.Action;
 import com.liferay.portal.kernel.events.ActionException;
 import com.liferay.portal.kernel.log.Log;
 import com.liferay.portal.kernel.log.LogFactoryUtil;
+import com.liferay.portal.kernel.util.WebKeys;
 import com.liferay.portal.model.User;
 
 public class PostLoginAction extends Action {
@@ -25,20 +26,25 @@ public class PostLoginAction extends Action {
             log.info("PostLoginAction invoked");
         }
         JWTToken token = JWTTokenUtil.getOIDCFromRequest(request);
-        HttpSession session = request.getSession();
+        HttpSession session = request.getSession(false);
         if (token != null && session != null) {
-            if (log.isTraceEnabled()) {
-                log.trace("Session details: id=" + session.getId() + ", instance=" + session);
-            }
-            User user = (User) session.getAttribute("USER");
+            User user = (User) session.getAttribute(WebKeys.USER);
             if (user != null) {
-                log.info("Setting OIDC token in proxy");
-                JWTCacheProxy.getInstance().setOIDCToken(user, session, token);
+                log.info("Setting OIDC token in proxy for user " + user.getScreenName() + " and session "
+                        + session.getId());
+
+                JWTCacheProxy.getInstance().setOIDCToken(user, session.getId(), token);
             } else {
-                log.error("User object not found in session");
+                log.error("User object not found in session " + session.getId() + " ["
+                        + Integer.toHexString(session.hashCode()) + "]");
+            }
+        } else {
+            if (token == null) {
+                log.error("OIDC token object is null in request");
+            }
+            if (session == null) {
+                log.error("Session is null");
             }
-            log.info("Setting OIDC token in session");
-            JWTTokenUtil.putOIDCInSession(token, session);
         }
         String redirect = (String) request.getAttribute(OpenIdConnectLoginFilter.REDIRECT_ATTRIBUTE);
         if (redirect != null) {
diff --git a/src/main/java/org/gcube/portal/oidc/lr62/SessionDestroyAction.java b/src/main/java/org/gcube/portal/oidc/lr62/SessionDestroyAction.java
index 60bd6b4..c414b46 100644
--- a/src/main/java/org/gcube/portal/oidc/lr62/SessionDestroyAction.java
+++ b/src/main/java/org/gcube/portal/oidc/lr62/SessionDestroyAction.java
@@ -11,6 +11,7 @@ import com.liferay.portal.kernel.events.ActionException;
 import com.liferay.portal.kernel.events.SessionAction;
 import com.liferay.portal.kernel.log.Log;
 import com.liferay.portal.kernel.log.LogFactoryUtil;
+import com.liferay.portal.kernel.util.WebKeys;
 import com.liferay.portal.model.User;
 
 public class SessionDestroyAction extends SessionAction {
@@ -20,13 +21,13 @@ public class SessionDestroyAction extends SessionAction {
     @Override
     public void run(HttpSession session) throws ActionException {
         if (log.isTraceEnabled()) {
-            log.trace("Session details: id=" + session.getId() + ", instance=" + session);
+            log.trace("Session details " + session.getId() + " [" + Integer.toHexString(session.hashCode()) + "]");
         }
-        User user = (User) session.getAttribute("USER");
+        User user = (User) session.getAttribute(WebKeys.USER);
         LiferayOpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration();
         if (configuration.logoutOnPortalLogout()) {
             // Getting the token from the cache proxy because it can be changed due to the (multiple) refresh
-            JWTToken token = JWTCacheProxy.getInstance().getOIDCToken(user, session);
+            JWTToken token = JWTCacheProxy.getInstance().getOIDCToken(user, session.getId());
             if (token != null) {
                 if (log.isDebugEnabled()) {
                     log.debug("Performing logout on OIDC server due to session destroy for user: "
@@ -41,18 +42,20 @@ public class SessionDestroyAction extends SessionAction {
                     throw new ActionException("Performing logut on OIDC server", e);
                 }
             } else {
-                log.warn("Cannot find the OIDC token in session");
+                log.warn("Cannot find the OIDC token in session " + session.getId() + " ["
+                        + Integer.toHexString(session.hashCode()) + "]");
             }
         } else {
             if (log.isDebugEnabled()) {
-                log.debug("Don't perform OIDC logout according to configuration");
+                log.debug("Don't perform OIDC logout according to configuration for user: " + user.getScreenName());
             }
         }
         if (log.isDebugEnabled()) {
-            log.debug("Removing OIDC tokens from cache proxy");
+            log.debug("Removing OIDC tokens from cache proxy for user " + user.getScreenName() + " and session "
+                    + session.getId());
         }
-        JWTCacheProxy.getInstance().removeAllOIDCTokens(user);
-        JWTCacheProxy.getInstance().removeAllUMATokens(user);
+        JWTCacheProxy.getInstance().removeOIDCToken(user, session.getId());
+        JWTCacheProxy.getInstance().removeUMAToken(user, session.getId());
     }
 
 }