SEBSERV-417 fix autologin

SafeExamBrowser · Jun 19, 2024 · a31e001 · a31e001
1 parent 1a5bb6f
commit a31e001
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 4 deletions.
diff --git a/src/main/java/ch/ethz/seb/sebserver/gui/InstitutionalAuthenticationEntryPoint.java b/src/main/java/ch/ethz/seb/sebserver/gui/InstitutionalAuthenticationEntryPoint.java
@@ -130,6 +130,12 @@ public void commence(
                     .getBean(AuthorizationContextHolder.class);
             final SEBServerAuthorizationContext authorizationContext = authorizationContextHolder
                     .getAuthorizationContext(request.getSession());
+
+            // check first if we already have an active session if so, invalidate ir
+            if (authorizationContext.isLoggedIn()) {
+                authorizationContext.logout();
+            }
+
             if (authorizationContext.autoLogin(jwt)) {
                 forwardToEntryPoint(request, response, this.guiEntryPoint, true);
                 return;

diff --git a/...hz/seb/sebserver/gui/service/remote/webservice/auth/OAuth2AuthorizationContextHolder.java b/...hz/seb/sebserver/gui/service/remote/webservice/auth/OAuth2AuthorizationContextHolder.java
@@ -270,10 +270,6 @@ public boolean login(final String username, final CharSequence password) {
         @Override
         public boolean autoLogin(final String oneTimeToken) {
             try {
-                // check first if we already have an active session if so, invalidate ir
-                if (this.isLoggedIn()) {
-                    this.logout();
-                }
 
                 // Create ad-hoc RestTemplate and call token verification
                 final RestTemplate verifyTemplate = new RestTemplate(this.clientHttpRequestFactory);