diff --git a/tools/cldr-apps/src/main/java/org/unicode/cldr/web/KeepLoggedInManager.java b/tools/cldr-apps/src/main/java/org/unicode/cldr/web/KeepLoggedInManager.java index eead2ceaf37..79051065f97 100644 --- a/tools/cldr-apps/src/main/java/org/unicode/cldr/web/KeepLoggedInManager.java +++ b/tools/cldr-apps/src/main/java/org/unicode/cldr/web/KeepLoggedInManager.java @@ -12,8 +12,6 @@ import java.io.IOException; import java.nio.charset.StandardCharsets; import java.util.Date; -import java.util.HashSet; -import java.util.Set; import java.util.logging.Level; import java.util.logging.Logger; import javax.crypto.SecretKey; @@ -33,8 +31,6 @@ public class KeepLoggedInManager { private final File keyFile; private SecretKey key; - private final Set excludedJwtId = new HashSet<>(); - public static File getDefaultParent() { final CLDRConfig config = CLDRConfig.getInstance(); if (config instanceof CLDRConfigImpl) { @@ -179,12 +175,4 @@ public Jws getClaims(String jwt) { return null; } } - - public boolean jwtIsInExcludedSet(String jwtId) { - return excludedJwtId.contains(jwtId); - } - - public void addToExcludedSet(String jwtId) { - excludedJwtId.add(jwtId); - } } diff --git a/tools/cldr-apps/src/main/java/org/unicode/cldr/web/WebContext.java b/tools/cldr-apps/src/main/java/org/unicode/cldr/web/WebContext.java index 6b814b841a1..47c31ed8e13 100644 --- a/tools/cldr-apps/src/main/java/org/unicode/cldr/web/WebContext.java +++ b/tools/cldr-apps/src/main/java/org/unicode/cldr/web/WebContext.java @@ -1328,11 +1328,13 @@ public void setSession() { { final String jwt = getCookieValue(SurveyMain.COOKIE_SAVELOGIN); if (jwt != null && !jwt.isBlank()) { - KeepLoggedInManager klm = CookieSession.sm.klm; - final String jwtId = klm.getSubject(jwt); - if (jwtId != null && !jwtId.isBlank() && !klm.jwtIsInExcludedSet(jwtId)) { + final String jwtId = CookieSession.sm.klm.getSubject(jwt); + if (jwtId != null && !jwtId.isBlank()) { if (!email.isEmpty() && !password.isEmpty()) { - // klm.addToExcludedSet(jwtId); + // If the user was already logged in as Admin/TC/Manager, then used a URL + // with explicit email/password to log in as a different user, the old + // cookies (especially JWT) must be removed to prevent staying logged + // in as the first user removeLoginCookies(request, response); } else { User jwtInfo = CookieSession.sm.reg.getInfo(Integer.parseInt(jwtId)); diff --git a/tools/cldr-apps/src/main/java/org/unicode/cldr/web/api/Auth.java b/tools/cldr-apps/src/main/java/org/unicode/cldr/web/api/Auth.java index 8c8bd967ef0..b6ba90fadd7 100644 --- a/tools/cldr-apps/src/main/java/org/unicode/cldr/web/api/Auth.java +++ b/tools/cldr-apps/src/main/java/org/unicode/cldr/web/api/Auth.java @@ -19,7 +19,6 @@ import org.eclipse.microprofile.openapi.annotations.responses.APIResponses; import org.eclipse.microprofile.openapi.annotations.tags.Tag; import org.unicode.cldr.web.CookieSession; -import org.unicode.cldr.web.KeepLoggedInManager; import org.unicode.cldr.web.SurveyLog; import org.unicode.cldr.web.SurveyMain; import org.unicode.cldr.web.UserRegistry; @@ -66,9 +65,8 @@ public Response login( // Also compare WebContext.setSession() final String jwt = WebContext.getCookieValue(hreq, SurveyMain.COOKIE_SAVELOGIN); if (jwt != null && !jwt.isBlank()) { - KeepLoggedInManager klm = CookieSession.sm.klm; - final String jwtId = klm.getSubject(jwt); - if (jwtId != null && !jwtId.isBlank() && !klm.jwtIsInExcludedSet(jwtId)) { + final String jwtId = CookieSession.sm.klm.getSubject(jwt); + if (jwtId != null && !jwtId.isBlank()) { User jwtInfo = CookieSession.sm.reg.getInfo(Integer.parseInt(jwtId)); if (jwtInfo != null) { request.password = jwtInfo.internalGetPassword();