From 1021e8af5c95f2e84977c96ac97f2f2fc3b960af Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Tue, 14 Oct 2014 13:44:03 +0200 Subject: [PATCH] KEYCLOAK-753 Add 'username:' prefix to remember me cookie to prevent issue with old cookie --- .../org/keycloak/protocol/saml/SamlService.java | 8 +------- .../protocol/oidc/OpenIDConnectService.java | 8 +------- .../services/managers/AuthenticationManager.java | 16 +++++++++++++++- 3 files changed, 17 insertions(+), 15 deletions(-) diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java index 3449d65a6b..855b476512 100755 --- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java +++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java @@ -199,13 +199,7 @@ public class SamlService { LoginFormsProvider forms = Flows.forms(session, realm, clientSession.getClient(), uriInfo) .setClientSessionCode(new ClientSessionCode(realm, clientSession).getCode()); - String rememberMeUsername = null; - if (realm.isRememberMe()) { - Cookie rememberMeCookie = headers.getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME); - if (rememberMeCookie != null && !"".equals(rememberMeCookie.getValue())) { - rememberMeUsername = rememberMeCookie.getValue(); - } - } + String rememberMeUsername = AuthenticationManager.getRememberMeUsername(realm, headers); if (rememberMeUsername != null) { MultivaluedMap formData = new MultivaluedMapImpl(); diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java b/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java index 007925c028..44b3934666 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java @@ -820,13 +820,7 @@ public class OpenIDConnectService { LoginFormsProvider forms = Flows.forms(session, realm, clientSession.getClient(), uriInfo) .setClientSessionCode(new ClientSessionCode(realm, clientSession).getCode()); - String rememberMeUsername = null; - if (realm.isRememberMe()) { - Cookie rememberMeCookie = headers.getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME); - if (rememberMeCookie != null && !"".equals(rememberMeCookie.getValue())) { - rememberMeUsername = rememberMeCookie.getValue(); - } - } + String rememberMeUsername = AuthenticationManager.getRememberMeUsername(realm, headers); if (loginHint != null || rememberMeUsername != null) { MultivaluedMap formData = new MultivaluedMapImpl(); diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java index 450dcf68d1..a8e4b6b664 100755 --- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java @@ -145,7 +145,21 @@ public class AuthenticationManager { boolean secureOnly = realm.getSslRequired().isRequired(connection); // remember me cookie should be persistent (hardcoded to 365 days for now) //NewCookie cookie = new NewCookie(KEYCLOAK_REMEMBER_ME, "true", path, null, null, realm.getCentralLoginLifespan(), secureOnly);// todo httponly , true); - CookieHelper.addCookie(KEYCLOAK_REMEMBER_ME, username, path, null, null, 31536000, secureOnly, true); + CookieHelper.addCookie(KEYCLOAK_REMEMBER_ME, "username:" + username, path, null, null, 31536000, secureOnly, true); + } + + public static String getRememberMeUsername(RealmModel realm, HttpHeaders headers) { + if (realm.isRememberMe()) { + Cookie cookie = headers.getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME); + if (cookie != null) { + String value = cookie.getValue(); + String[] s = value.split(":"); + if (s[0].equals("username") && s.length == 2) { + return s[1]; + } + } + } + return null; } protected static String encodeToken(RealmModel realm, Object token) {