From a559470dc083cd24171ae36d81868b95cbd1dca2 Mon Sep 17 00:00:00 2001
From: pieterlukasse <pieterlukasse@gmail.com>
Date: Wed, 31 Jul 2024 15:49:03 +0200
Subject: [PATCH 1/2] fix: revert back original session.stop() code from
 upstream

---
 .../webapi/shiro/filters/UpdateAccessTokenFilter.java      | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/ohdsi/webapi/shiro/filters/UpdateAccessTokenFilter.java b/src/main/java/org/ohdsi/webapi/shiro/filters/UpdateAccessTokenFilter.java
index 5d5553013..f5597058e 100644
--- a/src/main/java/org/ohdsi/webapi/shiro/filters/UpdateAccessTokenFilter.java
+++ b/src/main/java/org/ohdsi/webapi/shiro/filters/UpdateAccessTokenFilter.java
@@ -115,6 +115,11 @@ protected boolean preHandle(ServletRequest request, ServletResponse response) th
 
     login = UserUtils.toLowerCase(login);
 
+    // stop session to make logout of OAuth users possible
+    Session session = SecurityUtils.getSubject().getSession(false);
+    if (session != null) {
+      session.stop();
+    }
 
     if (jwt == null) {
       if (name == null) {
@@ -169,4 +174,4 @@ private Date getExpirationDate(final int expirationIntervalInSeconds) {
     calendar.add(Calendar.SECOND, expirationIntervalInSeconds);
     return calendar.getTime();
   }
-}
\ No newline at end of file
+}

From 52d0262a0686ed103056b9a9d7aa08f0becc747e Mon Sep 17 00:00:00 2001
From: pieterlukasse <pieterlukasse@gmail.com>
Date: Wed, 31 Jul 2024 15:50:12 +0200
Subject: [PATCH 2/2] fix: do not use session for teamproject role management

---
 .../ohdsi/webapi/shiro/PermissionManager.java   | 17 +++--------------
 1 file changed, 3 insertions(+), 14 deletions(-)

diff --git a/src/main/java/org/ohdsi/webapi/shiro/PermissionManager.java b/src/main/java/org/ohdsi/webapi/shiro/PermissionManager.java
index 239ba58a1..ab8a5909f 100644
--- a/src/main/java/org/ohdsi/webapi/shiro/PermissionManager.java
+++ b/src/main/java/org/ohdsi/webapi/shiro/PermissionManager.java
@@ -83,7 +83,7 @@ public class PermissionManager {
   
   private ThreadLocal<ConcurrentHashMap<String, UserSimpleAuthorizationInfo>> authorizationInfoCache = ThreadLocal.withInitial(ConcurrentHashMap::new);
 
-  private Map<AbstractMap.SimpleEntry<String,String>, String> teamProjectRoles = new HashMap<>();
+  private Map<String, String> teamProjectRoles = new HashMap<>();
 
   public static class PermissionsDTO {
 
@@ -658,25 +658,14 @@ public boolean roleExists(String roleName) {
     return this.roleRepository.existsByName(roleName);
   }
 
-  private String getCurrentUserSessionId() {
-    Subject subject = SecurityUtils.getSubject();
-    return subject.getSession(false).getId().toString();
-  }
-
-  private AbstractMap.SimpleEntry<String,String> getCurrentUserAndSessionTuple() {
-    AbstractMap.SimpleEntry<String, String> userAndSessionTuple = new AbstractMap.SimpleEntry<>
-      (getCurrentUser().getLogin(), getCurrentUserSessionId());
-    return userAndSessionTuple;
-  }
-
   public void setCurrentTeamProjectRoleForCurrentUser(String teamProjectRole, String login) {
     logger.debug("Current user in setCurrentTeamProjectRoleForCurrentUser() {}", login);
-    this.teamProjectRoles.put(getCurrentUserAndSessionTuple(), teamProjectRole);
+    this.teamProjectRoles.put(getCurrentUser().getLogin(), teamProjectRole);
   }
 
   public RoleEntity getCurrentTeamProjectRoleForCurrentUser() {
     logger.debug("Current user in getCurrentTeamProjectRoleForCurrentUser(): {}", getCurrentUser().getLogin());
-    String teamProjectRole = this.teamProjectRoles.get(getCurrentUserAndSessionTuple());
+    String teamProjectRole = this.teamProjectRoles.get(getCurrentUser().getLogin());
     if (teamProjectRole == null) {
       return null;
     } else {