From ad33679c2b55997721a5837200490e00a87e7410 Mon Sep 17 00:00:00 2001
From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com>
Date: Mon, 15 Dec 2025 23:06:13 +0000
Subject: [PATCH] fix grandfather logs

---
 .../common/model/ApplicationProperties.java   |  1 +
 .../software/SPDF/config/InitialSetup.java    |  1 +
 .../type3/library/Type3FontLibrary.java       |  3 +-
 .../service/UserLicenseSettingsService.java   | 66 +++++++++----------
 4 files changed, 35 insertions(+), 36 deletions(-)

diff --git a/app/common/src/main/java/stirling/software/common/model/ApplicationProperties.java b/app/common/src/main/java/stirling/software/common/model/ApplicationProperties.java
index 1a817e858..72cfef1a0 100644
--- a/app/common/src/main/java/stirling/software/common/model/ApplicationProperties.java
+++ b/app/common/src/main/java/stirling/software/common/model/ApplicationProperties.java
@@ -579,6 +579,7 @@ public class ApplicationProperties {
         @ToString.Exclude private String key;
         private String UUID;
         private String appVersion;
+        private Boolean isNewServer;
     }
 
     // TODO: Remove post migration
diff --git a/app/core/src/main/java/stirling/software/SPDF/config/InitialSetup.java b/app/core/src/main/java/stirling/software/SPDF/config/InitialSetup.java
index 88755f950..2cded405f 100644
--- a/app/core/src/main/java/stirling/software/SPDF/config/InitialSetup.java
+++ b/app/core/src/main/java/stirling/software/SPDF/config/InitialSetup.java
@@ -94,6 +94,7 @@ public class InitialSetup {
         }
         GeneralUtils.saveKeyToSettings("AutomaticallyGenerated.appVersion", appVersion);
         applicationProperties.getAutomaticallyGenerated().setAppVersion(appVersion);
+        applicationProperties.getAutomaticallyGenerated().setIsNewServer(isNewServer);
     }
 
     public static boolean isNewServer() {
diff --git a/app/core/src/main/java/stirling/software/SPDF/service/pdfjson/type3/library/Type3FontLibrary.java b/app/core/src/main/java/stirling/software/SPDF/service/pdfjson/type3/library/Type3FontLibrary.java
index 0fa1d2950..f00c729a2 100644
--- a/app/core/src/main/java/stirling/software/SPDF/service/pdfjson/type3/library/Type3FontLibrary.java
+++ b/app/core/src/main/java/stirling/software/SPDF/service/pdfjson/type3/library/Type3FontLibrary.java
@@ -49,7 +49,8 @@ public class Type3FontLibrary {
             this.indexLocation =
                     applicationProperties.getPdfEditor().getType3().getLibrary().getIndex();
         } else {
-            log.warn("[TYPE3] PdfEditor Type3 library configuration not available; Type3 library disabled");
+            log.warn(
+                    "[TYPE3] PdfEditor Type3 library configuration not available; Type3 library disabled");
             entries = List.of();
             return;
         }
diff --git a/app/proprietary/src/main/java/stirling/software/proprietary/service/UserLicenseSettingsService.java b/app/proprietary/src/main/java/stirling/software/proprietary/service/UserLicenseSettingsService.java
index aa794e699..54660a1cc 100644
--- a/app/proprietary/src/main/java/stirling/software/proprietary/service/UserLicenseSettingsService.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/service/UserLicenseSettingsService.java
@@ -177,6 +177,13 @@ public class UserLicenseSettingsService {
      */
     @Transactional
     public void grandfatherExistingOAuthUsers() {
+        // Only grandfather users if this is a V1→V2 upgrade, not a fresh V2 install
+        Boolean isNewServer = applicationProperties.getAutomaticallyGenerated().getIsNewServer();
+        if (Boolean.TRUE.equals(isNewServer)) {
+            log.info("Fresh V2 installation detected - skipping OAuth user grandfathering");
+            return;
+        }
+
         UserLicenseSettings settings = getOrCreateSettings();
 
         // Check if we've already run this migration
@@ -348,30 +355,22 @@ public class UserLicenseSettingsService {
         String username = (user != null) ? user.getUsername() : "<new user>";
         log.info("OAuth eligibility check for user: {}", username);
 
-        // Grandfathered users always have OAuth access
-        if (user != null && user.isOauthGrandfathered()) {
-            log.debug("User {} is grandfathered for OAuth", user.getUsername());
+        // Check license first - if paying, they're eligible (no need to check grandfathering)
+        boolean hasPaid = hasPaidLicense();
+        if (hasPaid) {
+            log.debug("User {} eligible for OAuth via paid license", username);
             return true;
         }
 
-        // todo: remove
-        if (user != null) {
-            log.info(
-                    "User {} is NOT grandfathered (isOauthGrandfathered={})",
-                    username,
-                    user.isOauthGrandfathered());
-        } else {
-            log.info("New user attempting OAuth login - checking license requirement");
+        // No license - check if grandfathered (fallback for V1 users)
+        if (user != null && user.isOauthGrandfathered()) {
+            log.info("User {} eligible for OAuth via grandfathering (no paid license)", username);
+            return true;
         }
 
-        // Users can use OAuth with SERVER or ENTERPRISE license
-        boolean hasPaid = hasPaidLicense();
-        log.info(
-                "OAuth eligibility result: hasPaidLicense={}, user={}, eligible={}",
-                hasPaid,
-                username,
-                hasPaid);
-        return hasPaid;
+        // Not grandfathered and no license
+        log.info("User {} NOT eligible for OAuth: no paid license and not grandfathered", username);
+        return false;
     }
 
     /**
@@ -391,29 +390,26 @@ public class UserLicenseSettingsService {
         String username = (user != null) ? user.getUsername() : "<new user>";
         log.info("SAML2 eligibility check for user: {}", username);
 
-        // Grandfathered users always have SAML access
-        if (user != null && user.isOauthGrandfathered()) {
-            log.info("User {} is grandfathered for SAML2 - ELIGIBLE", username);
+        // Check license first - if paying, they're eligible (no need to check grandfathering)
+        boolean hasEnterprise = hasEnterpriseLicense();
+        if (hasEnterprise) {
+            log.debug("User {} eligible for SAML2 via ENTERPRISE license", username);
             return true;
         }
 
-        if (user != null) {
+        // No license - check if grandfathered (fallback for V1 users)
+        if (user != null && user.isOauthGrandfathered()) {
             log.info(
-                    "User {} is NOT grandfathered (isOauthGrandfathered={})",
-                    username,
-                    user.isOauthGrandfathered());
-        } else {
-            log.info("New user attempting SAML2 login - checking license requirement");
+                    "User {} eligible for SAML2 via grandfathering (no ENTERPRISE license)",
+                    username);
+            return true;
         }
 
-        // Users can use SAML only with ENTERPRISE license
-        boolean hasEnterprise = hasEnterpriseLicense();
+        // Not grandfathered and no license
         log.info(
-                "SAML2 eligibility result: hasEnterpriseLicense={}, user={}, eligible={}",
-                hasEnterprise,
-                username,
-                hasEnterprise);
-        return hasEnterprise;
+                "User {} NOT eligible for SAML2: no ENTERPRISE license and not grandfathered",
+                username);
+        return false;
     }
 
     /**