Add scopes and authorities to the authorization code table

orcid-core/pom.xml

@@ -326,8 +326,18 @@
 		<dependency>
 		    <groupId>redis.clients</groupId>
 		    <artifactId>jedis</artifactId>
-		    <version>4.4.3</version>
+		    <version>3.7.1</version>
 		</dependency>
+
+
+        <!-- https://mvnrepository.com/artifact/org.json/json -->
+        <dependency>
+            <groupId>org.json</groupId>
+            <artifactId>json</artifactId>
+            <version>20240303</version>
+        </dependency>
+
+
     </dependencies>
     <build>
         <plugins>

orcid-core/src/main/java/org/orcid/core/manager/v3/read_only/EmailManagerReadOnly.java

@@ -37,7 +37,9 @@ public interface EmailManagerReadOnly extends ManagerReadOnlyBase {
 
     EmailEntity find(String email);
 
-    Email findPrimaryEmail(String orcid);   
+    Email findPrimaryEmail(String orcid);
+
+    String findPrimaryEmailValueFromCache(String orcid);
 
     EmailFrequencyOptions getEmailFrequencyOptions();
 

orcid-core/src/main/java/org/orcid/core/manager/v3/read_only/impl/EmailManagerReadOnlyImpl.java

@@ -27,6 +27,7 @@
 import org.orcid.utils.OrcidStringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.cache.annotation.Cacheable;
 
 /**
  * 
@@ -185,7 +186,17 @@ public Email findPrimaryEmail(String orcid) {
         }
         return jpaJaxbEmailAdapter.toEmail(emailDao.findPrimaryEmail(orcid));
     }
-
+
+    @Override
+    @Cacheable("primary-email-value")
+    public String findPrimaryEmailValueFromCache(String orcid) {
+        if(PojoUtil.isEmpty(orcid)) {
+            return null;
+        }
+        EmailEntity entity = emailDao.findPrimaryEmail(orcid);
+        return entity.getEmail();
+    }
+
     @Override
     public boolean isUsersOnlyEmail(String orcid, String email) {
         List<EmailEntity> emails = emailDao.findByOrcid(orcid, getLastModified(orcid));

orcid-core/src/main/java/org/orcid/core/oauth/OrcidProfileUserDetails.java

@@ -13,26 +13,19 @@ public class OrcidProfileUserDetails implements UserDetails {
 
     private static final long serialVersionUID = 1L;
 
-    private String orcid;
+    private final String orcid;
 
-    private String primaryEmail;
-
-    private String password;
+    private final String password;
 
     private Collection<OrcidWebRole> grantedAuthorities = new HashSet<>();
 
-    public OrcidProfileUserDetails() {
-    }
-
-    public OrcidProfileUserDetails(String orcid, String primaryEmail, String password) {
+    public OrcidProfileUserDetails(String orcid, String password) {
         this.orcid = orcid;
-        this.primaryEmail = primaryEmail;
         this.password = password;
     }
 
-    public OrcidProfileUserDetails(String orcid, String primaryEmail, String password, Collection<OrcidWebRole> grantedAuthorities) {
+    public OrcidProfileUserDetails(String orcid, String password, Collection<OrcidWebRole> grantedAuthorities) {
         this.orcid = orcid;
-        this.primaryEmail = primaryEmail;
         this.password = password;
         this.grantedAuthorities = grantedAuthorities;
     }
@@ -122,18 +115,13 @@ public String getOrcid() {
         return orcid;
     }
 
-    public String getPrimaryEmail() {
-        return primaryEmail;
-    }
-
     @Override
     public int hashCode() {
         final int prime = 31;
         int result = 1;
         result = prime * result + ((grantedAuthorities == null) ? 0 : grantedAuthorities.hashCode());
         result = prime * result + ((orcid == null) ? 0 : orcid.hashCode());
         result = prime * result + ((password == null) ? 0 : password.hashCode());
-        result = prime * result + ((primaryEmail == null) ? 0 : primaryEmail.hashCode());
         return result;
     }
 
@@ -161,11 +149,6 @@ public boolean equals(Object obj) {
                 return false;
         } else if (!password.equals(other.password))
             return false;
-        if (primaryEmail == null) {
-            if (other.primaryEmail != null)
-                return false;
-        } else if (!primaryEmail.equals(other.primaryEmail))
-            return false;
         return true;
     }
 

orcid-core/src/main/java/org/orcid/core/security/OrcidUserDetailsServiceImpl.java

@@ -53,13 +53,13 @@ public class OrcidUserDetailsServiceImpl implements OrcidUserDetailsService {
 
     @Resource
     private EmailDao emailDao;
-
-    @Resource(name = "emailManagerReadOnlyV3")
-    protected EmailManagerReadOnly emailManagerReadOnly;
-
+
     @Resource
     private OrcidSecurityManager securityMgr;
 
+    @Resource (name = "emailManagerReadOnlyV3")
+    private EmailManagerReadOnly emailManagerReadOnly;
+
     @Value("${org.orcid.core.baseUri}")
     private String baseUrl;
 
@@ -107,43 +107,19 @@ public OrcidProfileUserDetails loadUserByProfile(ProfileEntity profile) {
     }
 
     private OrcidProfileUserDetails createUserDetails(ProfileEntity profile) {
-        String primaryEmail = retrievePrimaryEmail(profile);
-
+        String primaryEmail = retrievePrimaryEmail(profile.getId());
         OrcidProfileUserDetails userDetails = null;
 
         if (profile.getOrcidType() != null) {
             OrcidType orcidType = OrcidType.valueOf(profile.getOrcidType());
-            userDetails = new OrcidProfileUserDetails(profile.getId(), primaryEmail, profile.getEncryptedPassword(), buildAuthorities(orcidType, profile.getGroupType() != null ? MemberType.valueOf(profile.getGroupType()) : null));
+            userDetails = new OrcidProfileUserDetails(profile.getId(), profile.getEncryptedPassword(), buildAuthorities(orcidType, profile.getGroupType() != null ? MemberType.valueOf(profile.getGroupType()) : null));
         } else {
-            userDetails = new OrcidProfileUserDetails(profile.getId(), primaryEmail, profile.getEncryptedPassword());
+            userDetails = new OrcidProfileUserDetails(profile.getId(), profile.getEncryptedPassword());
         }
 
         return userDetails;
     }
 
-    private String retrievePrimaryEmail(ProfileEntity profile) {
-        String orcid = profile.getId();
-        try {
-            return emailDao.findPrimaryEmail(orcid).getEmail();
-        } catch (javax.persistence.NoResultException nre) {
-            String alternativePrimaryEmail = emailDao.findNewestVerifiedOrNewestEmail(profile.getId());
-            emailDao.updatePrimary(orcid, alternativePrimaryEmail);
-
-            String message = String.format("User with orcid %s have no primary email, so, we are setting the newest verified email, or, the newest email in case non is verified as the primary one", orcid);
-            LOGGER.error(message);
-
-            return alternativePrimaryEmail;
-        } catch (javax.persistence.NonUniqueResultException nure) {
-            String alternativePrimaryEmail = emailDao.findNewestPrimaryEmail(profile.getId());
-            emailDao.updatePrimary(orcid, alternativePrimaryEmail);
-
-            String message = String.format("User with orcid %s have more than one primary email, so, we are setting the latest modified primary as the primary one", orcid);
-            LOGGER.error(message);
-
-            return alternativePrimaryEmail;
-        }
-    }
-
     private void checkStatuses(ProfileEntity profile) {
         if (profile.getPrimaryRecord() != null) {
             throw new DeprecatedProfileException("orcid.frontend.security.deprecated_with_primary", profile.getPrimaryRecord().getId(), profile.getId());
@@ -207,9 +183,25 @@ else if (orcidType.equals(OrcidType.GROUP)) {
     }
 
     private List<OrcidWebRole> rolesAsList(OrcidWebRole... roles) {
-        // Make a mutable list
-        List<OrcidWebRole> list = new ArrayList<OrcidWebRole>(Arrays.asList(roles));
-        return list;
+        return new ArrayList<OrcidWebRole>(Arrays.asList(roles));
+    }
 
+    @Deprecated(forRemoval = true)
+    private String retrievePrimaryEmail(String orcid) {
+        try {
+            return emailDao.findPrimaryEmail(orcid).getEmail();
+        } catch (javax.persistence.NoResultException nre) {
+            String alternativePrimaryEmail = emailDao.findNewestVerifiedOrNewestEmail(orcid);
+            emailDao.updatePrimary(orcid, alternativePrimaryEmail);
+            String message = String.format("User with orcid %s have no primary email, so, we are setting the newest verified email, or, the newest email in case non is verified as the primary one", orcid);
+            LOGGER.error(message);
+            return alternativePrimaryEmail;
+        } catch (javax.persistence.NonUniqueResultException nure) {
+            String alternativePrimaryEmail = emailDao.findNewestPrimaryEmail(orcid);
+            emailDao.updatePrimary(orcid, alternativePrimaryEmail);
+            String message = String.format("User with orcid %s have more than one primary email, so, we are setting the latest modified primary as the primary one", orcid);
+            LOGGER.error(message);
+            return alternativePrimaryEmail;
+        }
     }
 }

orcid-core/src/main/java/org/orcid/core/utils/SecurityContextTestUtils.java

@@ -124,7 +124,7 @@ static public void clearSecurityContext() {
     }
 
     static public void setupSecurityContextForWebUser(String userId, String email) {
-        OrcidProfileUserDetails details = new OrcidProfileUserDetails(userId, email, "password");
+        OrcidProfileUserDetails details = new OrcidProfileUserDetails(userId, email);
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(userId, "password");
         auth.setDetails(details);
         SecurityContextImpl securityContext = new SecurityContextImpl();

orcid-core/src/main/java/org/orcid/core/utils/cache/redis/RedisClient.java

@@ -4,6 +4,10 @@
 import java.net.InetAddress;
 import java.net.SocketException;
 import java.net.UnknownHostException;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
 
 import javax.annotation.PostConstruct;
 import javax.annotation.Resource;
@@ -31,7 +35,7 @@ public class RedisClient {
     private final String redisPassword;
     private final int cacheExpiryInSecs;
     private final int clientTimeoutInMillis;
-    private JedisPool pool;
+    public JedisPool pool;
     private SetParams defaultSetParams;
 
     @Resource
@@ -67,7 +71,7 @@ public RedisClient(String redisHost, int redisPort, String password, int cacheEx
     @PostConstruct
     private void init() {
         try {
-            JedisClientConfig config = DefaultJedisClientConfig.builder().connectionTimeoutMillis(this.clientTimeoutInMillis).timeoutMillis(this.clientTimeoutInMillis)
+            JedisClientConfig config = DefaultJedisClientConfig.builder().connectionTimeoutMillis(this.clientTimeoutInMillis)
                     .socketTimeoutMillis(this.clientTimeoutInMillis).password(this.redisPassword).ssl(true).build();        
             pool = new JedisPool(new HostAndPort(this.redisHost, this.redisPort), config);            
             defaultSetParams = new SetParams().ex(this.cacheExpiryInSecs);  
@@ -141,4 +145,33 @@ public boolean remove(String key) {
         }
         return true;
     }
+
+    public static void main(String [] args) {
+        RedisClient client = new RedisClient("reg-qa-redis-001.reg-qa-redis.3zksuc.use2.cache.amazonaws.com", 6379, "aVerySimpleToken");
+        client.init();
+        System.out.println("Connected");
+        Jedis r = client.pool.getResource();
+
+        Set<String> keys = r.keys("spring:session:sessions:*");
+
+        for(String key : keys) {
+            System.out.println("----------------------------------------------");
+            System.out.println(key);
+            String keyType = r.type(key);
+            System.out.println(keyType);
+            if("hash".equals(keyType)) {
+                Map<String, String> myMap = r.hgetAll(key);
+                for(String tkey : myMap.keySet()) {
+                    System.out.println(tkey + ":     " + myMap.get(tkey));
+                }
+            }
+            if("string".equals(keyType)) {
+                System.out.println(key + ":     " + r.get("key"));
+            }
+            System.out.println("----------------------------------------------");
+        }
+
+
+
+    }
 }

orcid-core/src/main/resources/ehcache_default.xml

@@ -294,6 +294,13 @@
             <ehcache:disk unit="MB" persistent="false">16</ehcache:disk>
         </ehcache:resources>
     </ehcache:cache>
+
+    <ehcache:cache alias="primary-email-value" uses-template="defaultTemplate">
+        <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>
+        <ehcache:expiry>
+            <ehcache:tti unit="minutes">10</ehcache:tti>
+        </ehcache:expiry>
+    </ehcache:cache>
 
     <ehcache:cache alias="count-tokens" uses-template="defaultTemplate">
         <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>

orcid-core/src/main/resources/ehcache_orcid-api-web.xml

@@ -108,6 +108,13 @@
     <ehcache:cache alias="emails" uses-template="bioTemplate" />
 
     <ehcache:cache alias="public-emails" uses-template="bioTemplate" />
+
+    <ehcache:cache alias="primary-email-value" uses-template="defaultTemplate">
+        <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>
+        <ehcache:expiry>
+            <ehcache:tti unit="minutes">10</ehcache:tti>
+        </ehcache:expiry>
+    </ehcache:cache>
 
     <ehcache:cache alias="client-details" uses-template="defaultTemplate">
         <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>

orcid-core/src/main/resources/ehcache_orcid-internal-api.xml

@@ -262,6 +262,13 @@
             <ehcache:disk unit="MB" persistent="false">64</ehcache:disk>
         </ehcache:resources>
     </ehcache:cache>
+
+    <ehcache:cache alias="primary-email-value" uses-template="defaultTemplate">
+        <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>
+        <ehcache:expiry>
+            <ehcache:tti unit="minutes">10</ehcache:tti>
+        </ehcache:expiry>
+    </ehcache:cache>
 
     <ehcache:cache alias="count-tokens" uses-template="defaultTemplate">
         <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>

orcid-core/src/main/resources/ehcache_orcid-pub-web.xml

@@ -108,7 +108,14 @@
     <ehcache:cache alias="emails" uses-template="bioTemplate" />
 
     <ehcache:cache alias="public-emails" uses-template="bioTemplate" />
-
+
+    <ehcache:cache alias="primary-email-value" uses-template="defaultTemplate">
+        <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>
+        <ehcache:expiry>
+            <ehcache:tti unit="minutes">10</ehcache:tti>
+        </ehcache:expiry>
+    </ehcache:cache>
+
     <ehcache:cache alias="client-details" uses-template="defaultTemplate">
         <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>
         <ehcache:expiry>

orcid-core/src/main/resources/ehcache_orcid-scheduler-web.xml

@@ -124,7 +124,14 @@
     <ehcache:cache alias="emails" uses-template="bioTemplate" />
 
     <ehcache:cache alias="public-emails" uses-template="bioTemplate" />
-
+
+    <ehcache:cache alias="primary-email-value" uses-template="defaultTemplate">
+        <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>
+        <ehcache:expiry>
+            <ehcache:tti unit="minutes">10</ehcache:tti>
+        </ehcache:expiry>
+    </ehcache:cache>
+
     <ehcache:cache alias="count-tokens" uses-template="defaultTemplate">
         <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>
         <ehcache:resources>

orcid-core/src/main/resources/ehcache_orcid-web.xml

@@ -140,7 +140,14 @@
     <ehcache:cache alias="emails" uses-template="bioTemplate" />
 
     <ehcache:cache alias="public-emails" uses-template="bioTemplate" />
-
+
+    <ehcache:cache alias="primary-email-value" uses-template="defaultTemplate">
+        <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>
+        <ehcache:expiry>
+            <ehcache:tti unit="minutes">10</ehcache:tti>
+        </ehcache:expiry>
+    </ehcache:cache>
+
     <ehcache:cache alias="client-details" uses-template="defaultTemplate">
         <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>
         <ehcache:expiry>

orcid-core/src/test/java/org/orcid/core/security/OrcidUserDetailsServiceTest.java

@@ -217,7 +217,6 @@ public void loadUserByProfile_MoreThanOnePrimaryAvailable() {
 
         assertNotNull(opud);
         opud.getUsername();
-        assertEquals(email, opud.getPrimaryEmail());
         assertEquals(ORCID, opud.getUsername());
     }
 
@@ -233,7 +232,6 @@ public void loadUserByProfile_NoPrimaryAvailable() {
 
         assertNotNull(opud);
         opud.getUsername();
-        assertEquals(email, opud.getPrimaryEmail());
         assertEquals(ORCID, opud.getUsername());
     }
 

orcid-persistence/src/main/resources/db-master.xml

@@ -403,4 +403,5 @@
   <include file="/db/updates/create_profile_email_domain_table.xml" />
   <include file="/db/updates/create_dw_notification.xml" />
   <include file="/db/updates/create_dw_profile_email_domain.xml" />
+  <include file="/db/updates/oauth2_authoriziation_code_detail_improvements.xml" />
 </databaseChangeLog>