libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Merge pull request #3490 from stianst/KEYCLOAK-3086

Browse source 
[KEYCLOAK-3086] -  NPE when accessing Account with invalid clientId s…
This commit is contained in:
Stian Thorgersen 2016-11-11 09:35:45 +01:00 committed by GitHub
commit 088f0ea630
2 changed files with 17 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java
View file

@ -42,8 +42,9 @@ public class RedirectUtils {
} }
public static String verifyRedirectUri(UriInfo uriInfo, String redirectUri, RealmModel realm, ClientModel client) { public static String verifyRedirectUri(UriInfo uriInfo, String redirectUri, RealmModel realm, ClientModel client) {
Set<String> validRedirects = client.getRedirectUris(); if (client != null)
return verifyRedirectUri(uriInfo, client.getRootUrl(), redirectUri, realm, validRedirects); return verifyRedirectUri(uriInfo, client.getRootUrl(), redirectUri, realm, client.getRedirectUris());
return null;
} }
public static Set<String> resolveValidRedirects(UriInfo uriInfo, String rootUrl, Set<String> validRedirects) { public static Set<String> resolveValidRedirects(UriInfo uriInfo, String rootUrl, Set<String> validRedirects) {

14
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java
View file

@ -813,4 +813,18 @@ public class AccountTest extends TestRealmKeycloakTest {
} }
@Test
public void testInvalidReferrer() {
driver.navigate().to(profilePage.getPath() + "?referrer=test-app");
loginPage.login("test-user@localhost", "password");
Assert.assertTrue(profilePage.isCurrent());
profilePage.backToApplication();
Assert.assertTrue(appPage.isCurrent());
driver.navigate().to(profilePage.getPath() + "?referrer=test-invalid&referrer_uri=http://localhost:8180/auth/realms/master/app/auth?test");
Assert.assertTrue(profilePage.isCurrent());
events.clear();
}
} }