Fixed: looking up builtin user by username when API_BEARER_AUTH_USE_BUILTIN_USER_ON_ID_MATCH enabled

GPortas · GPortas · commit 0ea888d212af · 2025-04-09T11:40:57.000+01:00
diff --git a/src/main/java/edu/harvard/iq/dataverse/authorization/AuthenticationServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/authorization/AuthenticationServiceBean.java
@@ -65,6 +65,7 @@
 import jakarta.validation.Validation;
 import jakarta.validation.Validator;
 import jakarta.validation.ValidatorFactory;
+import org.apache.commons.logging.Log;
 
 /**
  * AuthenticationService is for general authentication-related operations.
@@ -996,7 +997,7 @@ public AuthenticatedUser lookupUserByOIDCBearerToken(String bearerToken) throws
         // Tokens in the cache should be removed after some (configurable) time.
         OAuth2UserRecord oAuth2UserRecord = verifyOIDCBearerTokenAndGetOAuth2UserRecord(bearerToken);
         if (FeatureFlags.API_BEARER_AUTH_USE_BUILTIN_USER_ON_ID_MATCH.enabled()) {
-            AuthenticatedUser builtinAuthenticatedUser = lookupUser(BuiltinAuthenticationProvider.PROVIDER_ID, oAuth2UserRecord.getUserRecordIdentifier().getUserIdInRepo());
+            AuthenticatedUser builtinAuthenticatedUser = lookupUser(BuiltinAuthenticationProvider.PROVIDER_ID, oAuth2UserRecord.getUsername());
             return (builtinAuthenticatedUser != null) ? builtinAuthenticatedUser : lookupUser(oAuth2UserRecord.getUserRecordIdentifier());
         }
         return lookupUser(oAuth2UserRecord.getUserRecordIdentifier());
diff --git a/src/test/java/edu/harvard/iq/dataverse/authorization/AuthenticationServiceBeanTest.java b/src/test/java/edu/harvard/iq/dataverse/authorization/AuthenticationServiceBeanTest.java
@@ -143,7 +143,7 @@ void testLookupUserByOIDCBearerToken_oneProvider_validToken_userNotPresentAsBuil
 
         // Assert that the first call was with expected parameters
         assertEquals(BuiltinAuthenticationProvider.PROVIDER_ID, providerIdCaptor.getAllValues().get(0));
-        assertEquals("testUserId", userIdCaptor.getAllValues().get(0));
+        assertEquals("testUsername", userIdCaptor.getAllValues().get(0));
     }
 
     @Test
@@ -173,7 +173,7 @@ void testLookupUserByOIDCBearerToken_oneProvider_validToken_userIsPresentAsBuilt
 
         // Assert that lookupUser is called with expected parameters
         assertEquals(BuiltinAuthenticationProvider.PROVIDER_ID, providerIdCaptor.getAllValues().get(0));
-        assertEquals("testUserId", userIdCaptor.getAllValues().get(0));
+        assertEquals("testUsername", userIdCaptor.getAllValues().get(0));
     }
 
     private void setupAuthenticatedUserQueryWithNoResult() {

Original file line number	Diff line number	Diff line change
`@@ -143,7 +143,7 @@ void testLookupUserByOIDCBearerToken_oneProvider_validToken_userNotPresentAsBuil`
`143`	`143`
`144`	`144`	`// Assert that the first call was with expected parameters`
`145`	`145`	`assertEquals(BuiltinAuthenticationProvider.PROVIDER_ID, providerIdCaptor.getAllValues().get(0));`
`146`		`- assertEquals("testUserId", userIdCaptor.getAllValues().get(0));`
	`146`	`+ assertEquals("testUsername", userIdCaptor.getAllValues().get(0));`
`147`	`147`	`}`
`148`	`148`
`149`	`149`	`@Test`
`@@ -173,7 +173,7 @@ void testLookupUserByOIDCBearerToken_oneProvider_validToken_userIsPresentAsBuilt`
`173`	`173`
`174`	`174`	`// Assert that lookupUser is called with expected parameters`
`175`	`175`	`assertEquals(BuiltinAuthenticationProvider.PROVIDER_ID, providerIdCaptor.getAllValues().get(0));`
`176`		`- assertEquals("testUserId", userIdCaptor.getAllValues().get(0));`
	`176`	`+ assertEquals("testUsername", userIdCaptor.getAllValues().get(0));`
`177`	`177`	`}`
`178`	`178`
`179`	`179`	`private void setupAuthenticatedUserQueryWithNoResult() {`