Improve cleaning issued tokens of an organization user when user is deleting #2680
Conversation
Codecov ReportAttention: Patch coverage is
❌ Your patch check has failed because the patch coverage (29.23%) is below the target coverage (80.00%). You can increase the patch coverage or adjust the target coverage. Additional details and impacted files@@ Coverage Diff @@
## master #2680 +/- ##
============================================
+ Coverage 56.17% 56.55% +0.37%
+ Complexity 8633 8500 -133
============================================
Files 654 654
Lines 49129 48268 -861
Branches 9817 9648 -169
============================================
- Hits 27598 27297 -301
+ Misses 17586 17095 -491
+ Partials 3945 3876 -69
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
ShanChathusanda93
force-pushed
the
org-token-clean-branch
branch
2 times, most recently
from
7bb48f6 to
59463df
Compare
| @@ -763,8 +763,11 @@ private static AuthenticatedUser buildAuthenticatedUser(UserStoreManager userSto | |||
| return authenticatedUser; | |||
| } | |||
|
|
|||
| // Organization SSO user flow | |||
| authenticatedUser.setUserName(userId); | |||
There was a problem hiding this comment.
Are we sure whether removing this code will not affect existing flows by chance?
There was a problem hiding this comment.
This was added to cater the SSO flow token revokation. Before calling the toke revoke method the user id will be added as the username from the following code from the OAuthUtil -> revokeTokens method.
if (authenticatedUser.getUserResidentOrganization() != null) {
try {
userResidentTenant = OAuthComponentServiceHolder.getInstance().getOrganizationManager()
.resolveTenantDomain(authenticatedUser.getUserResidentOrganization());
if (OrganizationManagementUtil.isOrganization(userResidentTenant)) {
authenticatedUserName = authenticatedUser.getUserName();
authenticatedUser.setUserName(authenticatedUser.getUserId());
}
} catch (OrganizationManagementException | UserIdNotFoundException e) {
throw new UserStoreException("Error occurred while constructing the authenticated user.", e);
}
}
...s/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java
Outdated
Show resolved
Hide resolved
ShanChathusanda93
force-pushed
the
org-token-clean-branch
branch
from
59463df to
4379270
Compare
...s/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java
Outdated
Show resolved
Hide resolved
| isErrorOnRevokingTokens = processTokenRevocation(clientIds, authenticatedUser, userStoreDomain, username); | ||
| if (authenticatedUser.getUserResidentOrganization() != null) { |
There was a problem hiding this comment.
Why authenticatedUser.getUserResidentOrganization() != null logic is separately handled in 1098 and 1081 lines?
Can't we handled these in a single if block?
| if (StringUtils.isNotEmpty(userResidentTenant) && | ||
| OrganizationManagementUtil.isOrganization(userResidentTenant)) { |
There was a problem hiding this comment.
Login a sub org user into a B2B app and swicthing to another below sub org can also set a sub org as userResidentTenant
Have you tested that as well?
If the flow I mentioned is handling from here, the added comment is wrong.
There was a problem hiding this comment.
Updated the logic
ShanChathusanda93
force-pushed
the
org-token-clean-branch
branch
4 times, most recently
from
1b39ab0 to
efee736
Compare
…orization related params are updated
ShanChathusanda93
force-pushed
the
org-token-clean-branch
branch
from
efee736 to
34e46de
Compare
|
PR builder started |
|
PR builder completed |
Proposed changes in this pull request