From 8895e3b6574ba6ad41feebbebf5ed17a55b41bb5 Mon Sep 17 00:00:00 2001
From: Longze Chen <cslzchen@gmail.com>
Date: Fri, 7 Jul 2023 11:05:35 -0400
Subject: [PATCH 1/2] Fix an SSO bug where the wrong error is thrown for
 inactive users

---
 .../login/OsfPrincipalFromNonInteractiveCredentialsAction.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/io/cos/cas/osf/web/flow/login/OsfPrincipalFromNonInteractiveCredentialsAction.java b/src/main/java/io/cos/cas/osf/web/flow/login/OsfPrincipalFromNonInteractiveCredentialsAction.java
index dcbcfee..38b2742 100644
--- a/src/main/java/io/cos/cas/osf/web/flow/login/OsfPrincipalFromNonInteractiveCredentialsAction.java
+++ b/src/main/java/io/cos/cas/osf/web/flow/login/OsfPrincipalFromNonInteractiveCredentialsAction.java
@@ -7,6 +7,7 @@
 import com.google.gson.JsonParser;
 
 import io.cos.cas.osf.authentication.credential.OsfPostgresCredential;
+import io.cos.cas.osf.authentication.exception.InstitutionSsoAccountInactiveException;
 import io.cos.cas.osf.authentication.exception.InstitutionSsoAttributeMissingException;
 import io.cos.cas.osf.authentication.exception.InstitutionSsoAttributeParsingException;
 import io.cos.cas.osf.authentication.exception.InstitutionSsoDuplicateIdentityException;
@@ -788,7 +789,7 @@ private OsfApiInstitutionAuthenticationResult notifyOsfApiOfInstnAuthnSuccess(
                 }
                 if (OsfApiPermissionDenied.INSTITUTION_SSO_ACCOUNT_INACTIVE.getId().equals(errorDetail)) {
                     LOGGER.error("[OSF API] Failure - Inactive Account: {}", ssoUser);
-                    throw new InstitutionSsoDuplicateIdentityException("OSF API denies inactive account");
+                    throw new InstitutionSsoAccountInactiveException("OSF API denies inactive account");
                 }
             }
             // Handle unidentified HTTP 403 FORBIDDEN failures

From 4a5da492644470e3d77cccba0c217759487f3c3f Mon Sep 17 00:00:00 2001
From: Longze Chen <cslzchen@gmail.com>
Date: Fri, 7 Jul 2023 11:19:46 -0400
Subject: [PATCH 2/2] Update change log for hotfix 23.2.1

---
 CHANGELOG.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9112fb7..58216b1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,11 @@
 
 We follow the CalVer (https://calver.org/) versioning scheme: YY.MINOR.MICRO.
 
+23.2.1 (07-07-2023)
+===================
+
+* Fix SSO error handling for inactive users
+
 23.2.0 (06-25-2023)
 ===================