Merge branch 'hotfix/21.1.4'

CenterForOpenScience · Apr 14, 2021 · c44d73e · c44d73e
2 parents f2c8f4c + 036a0d0
commit c44d73e
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,11 @@
 
 We follow the CalVer (https://calver.org/) versioning scheme: YY.MINOR.MICRO.
 
+21.1.4 (04-14-2021)
+===================
+
+Fix personal access token revokation
+
 21.1.3 (04-09-2021)
 ===================
 

diff --git a/src/main/java/io/cos/cas/osf/model/OsfOAuth20Pat.java b/src/main/java/io/cos/cas/osf/model/OsfOAuth20Pat.java
@@ -36,6 +36,15 @@ public class OsfOAuth20Pat extends AbstractOsfModel {
     @JoinColumn(name = "owner_id")
     private OsfUser owner;
 
+    /**
+     * Check if the personal access token has been deactivated.
+     *
+     * @return {@code true} or {@code false}
+     */
+    public Boolean isActive() {
+        return isActive;
+    }
+
     @Override
     public String toString() {
         return String.format("OsfOAuth20Pat [name=%s, owner=%s]", name, owner.getUsername());

diff --git a/...java/org/apereo/cas/support/oauth/web/endpoints/OAuth20UserProfileEndpointController.java b/...java/org/apereo/cas/support/oauth/web/endpoints/OAuth20UserProfileEndpointController.java
@@ -181,7 +181,7 @@ protected OAuth20AccessToken attemptToGenerateAccessTokenFromOsfPat(final String
 
         // Attempt to find the OSF personal access token by the given token ID from the OSF database
         val osfPersonalAccessToken = getJpaOsfDao().findOnePatByTokenId(tokenId);
-        if (osfPersonalAccessToken == null) {
+        if (osfPersonalAccessToken == null || !osfPersonalAccessToken.isActive()) {
             LOGGER.warn("Cannot find OSF OAuth 2.0 PAT with id=[{}] in the OSF database", tokenId);
             return null;
         }