libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

KEYCLOAK-7340

Browse source
This commit is contained in:
mposolda 2018-09-05 15:06:05 +02:00 committed by Stian Thorgersen
parent 1b5a83c4f1
commit 0897d969b1
3 changed files with 29 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
services/src/main/java/org/keycloak/protocol/oidc/utils/OIDCRedirectUriBuilder.java
View file

@ -18,6 +18,7 @@
package org.keycloak.protocol.oidc.utils;
import org.keycloak.common.util.Encode;
import org.keycloak.common.util.HtmlUtils;
import org.keycloak.common.util.KeycloakUriBuilder;
import javax.ws.rs.core.MediaType;
@ -148,8 +149,11 @@ public abstract class OIDCRedirectUriBuilder {
builder.append(" <FORM METHOD=\"POST\" ACTION=\"" + redirectUri.toString() + "\">");
for (Map.Entry<String, String> param : params.entrySet()) {
builder.append(" <INPUT TYPE=\"HIDDEN\" NAME=\"").append(param.getKey())
.append("\" VALUE=\"").append(param.getValue()).append("\" />");
builder.append(" <INPUT TYPE=\"HIDDEN\" NAME=\"")
.append(param.getKey())
.append("\" VALUE=\"")
.append(HtmlUtils.escapeAttribute(param.getValue()))
.append("\" />");
}
builder.append(" <NOSCRIPT>");

6
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestApplicationResourceProvider.java
View file

@ -20,6 +20,7 @@ package org.keycloak.testsuite.rest;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.common.util.HtmlUtils;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.JWSInputException;
import org.keycloak.models.KeycloakSession;
@ -135,7 +136,10 @@ public class TestApplicationResourceProvider implements RealmResourceProvider {
HttpRequest request = ResteasyProviderFactory.getContextData(HttpRequest.class);
MultivaluedMap<String, String> formParams = request.getDecodedFormParameters();
for (String paramName : formParams.keySet()) {
sb.append(paramName).append(": ").append("<span id=\"").append(paramName).append("\">").append(formParams.getFirst(paramName)).append("</span><br>");
sb.append(paramName).append(": ").append("<span id=\"")
.append(paramName).append("\">")
.append(HtmlUtils.escapeAttribute(formParams.getFirst(paramName)))
.append("</span><br>");
}
sb.append("<br>");

18
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
View file

@ -151,4 +151,22 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
String codeId = events.expectLogin().assertEvent().getDetails().get(Details.CODE_ID);
}
@Test
public void authorizationRequestFormPostResponseModeWithCustomState() throws IOException {
oauth.responseMode(OIDCResponseMode.FORM_POST.toString().toLowerCase());
oauth.stateParamHardcoded("\"><foo>bar_baz(2)far</foo>");
oauth.doLoginGrant("test-user@localhost", "password");
String sources = driver.getPageSource();
System.out.println(sources);
String code = driver.findElement(By.id("code")).getText();
String state = driver.findElement(By.id("state")).getText();
assertEquals("\"><foo>bar_baz(2)far</foo>", state);
String codeId = events.expectLogin().assertEvent().getDetails().get(Details.CODE_ID);
}
}