pull forward commit from #93

Author: robotdan

build.savant

@@ -29,7 +29,7 @@ logbackVersion = "1.5.13"
 slf4jVersion = "2.0.13"
 testngVersion = "7.8.0"
 
-project(group: "org.primeframework", name: "prime-mvc", version: "5.3.1", licenses: ["ApacheV2_0"]) {
+project(group: "org.primeframework", name: "prime-mvc", version: "5.4.0", licenses: ["ApacheV2_0"]) {
   workflow {
     fetch {
       // Dependency resolution order:

pom.xml

@@ -5,7 +5,7 @@
 
   <groupId>org.primeframework</groupId>
   <artifactId>prime-mvc</artifactId>
-  <version>5.3.1</version>
+  <version>5.4.0</version>
   <packaging>jar</packaging>
 
   <name>FusionAuth App</name>

src/main/java/org/primeframework/mvc/security/BaseJWTRefreshTokenCookiesUserLoginSecurityContext.java

@@ -98,7 +98,7 @@ public Object getCurrentUser() {
       return null;
     }
 
-    user = retrieveUserForJWT(tokens.jwt);
+    user = retrieveUserForJWT(tokens.decodedJWT, tokens.jwt);
     if (user == null) {
       jwtCookie.delete(request, response);
     } else {
@@ -207,12 +207,13 @@ protected boolean isRevoked(@SuppressWarnings("unused") JWT jwt) {
   protected abstract String refreshTokenCookieName();
 
   /**
-   * Retrieve a user given an encoded JWT string.
+   * Retrieve a user with the encoded JWT string or the decoded JWT object.
    *
-   * @param jwt the encoded JWT string
+   * @param decodedJWT the decoded JWT object
+   * @param jwt        the encoded JWT string
    * @return a user object.
    */
-  protected abstract Object retrieveUserForJWT(String jwt);
+  protected abstract Object retrieveUserForJWT(JWT decodedJWT, String jwt);
 
   /**
    * The JWT that is passed to this method is known to be valid. The signature has been validated, and the JWT is not expired.
@@ -223,6 +224,7 @@ protected boolean isRevoked(@SuppressWarnings("unused") JWT jwt) {
    * @return true if the validation is ok and the JWT can be used. False if the JWT is not ok- and it should not be used. Returning true will still
    *     allow a refresh token to be used if available.
    */
+  @SuppressWarnings("BooleanMethodIsAlwaysInverted")
   protected boolean validateJWTClaims(@SuppressWarnings("unused") JWT jwt) {
     return true;
   }

src/test/java/org/primeframework/mvc/security/MockOAuthUserLoginSecurityContext.java

@@ -24,6 +24,7 @@
 import com.google.inject.Inject;
 import io.fusionauth.http.server.HTTPRequest;
 import io.fusionauth.http.server.HTTPResponse;
+import io.fusionauth.jwt.domain.JWT;
 import org.primeframework.mvc.security.oauth.OAuthConfiguration;
 import org.primeframework.mvc.security.oauth.TokenAuthenticationMethod;
 import org.primeframework.mvc.security.oauth.Tokens;
@@ -110,7 +111,7 @@ protected String refreshTokenCookieName() {
   }
 
   @Override
-  protected Object retrieveUserForJWT(String jwt) {
+  protected Object retrieveUserForJWT(JWT decodedJWT, String jwt) {
     return CurrentUser;
   }
 }