Merge pull request #3490 from stianst/KEYCLOAK-3086

[KEYCLOAK-3086] - NPE when accessing Account with invalid clientId s…
2016-11-11 09:35:45 +01:00 · 2016-11-11 09:35:45 +01:00 · 088f0ea630
commit 088f0ea630
parent 08dbdeb57f 675faee593
2 changed files with 17 additions and 2 deletions
--- a/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java
@ -42,8 +42,9 @@ public class RedirectUtils {
    }

    public static String verifyRedirectUri(UriInfo uriInfo, String redirectUri, RealmModel realm, ClientModel client) {
-        Set<String> validRedirects = client.getRedirectUris();
-        return verifyRedirectUri(uriInfo, client.getRootUrl(), redirectUri, realm, validRedirects);
+        if (client != null)
+            return verifyRedirectUri(uriInfo, client.getRootUrl(), redirectUri, realm, client.getRedirectUris());
+        return null;
    }

    public static Set<String> resolveValidRedirects(UriInfo uriInfo, String rootUrl, Set<String> validRedirects) {
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java
@ -813,4 +813,18 @@ public class AccountTest extends TestRealmKeycloakTest {

    }

+    @Test
+    public void testInvalidReferrer() {
+        driver.navigate().to(profilePage.getPath() + "?referrer=test-app");
+        loginPage.login("test-user@localhost", "password");
+        Assert.assertTrue(profilePage.isCurrent());
+        profilePage.backToApplication();
+
+        Assert.assertTrue(appPage.isCurrent());
+
+        driver.navigate().to(profilePage.getPath() + "?referrer=test-invalid&referrer_uri=http://localhost:8180/auth/realms/master/app/auth?test");
+        Assert.assertTrue(profilePage.isCurrent());
+
+        events.clear();
+    }
 }