libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-3835 Remove redirect on flow and return not modified if page is refreshed

Browse source
This commit is contained in:
Stian Thorgersen 2016-11-02 11:53:07 +01:00
parent 8621733e17
commit 209f8155d1
3 changed files with 47 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java
View file

@ -802,7 +802,7 @@ public class AuthenticationProcessor {
* *
*/ */
public void setActionSuccessful() { public void setActionSuccessful() {
oneActionWasSuccessful = true; // oneActionWasSuccessful = true;
} }
public Response checkWasSuccessfulBrowserAction() { public Response checkWasSuccessfulBrowserAction() {

34
services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
View file

@ -96,6 +96,7 @@ public class LoginActionsService {
public static final String REQUIRED_ACTION = "required-action"; public static final String REQUIRED_ACTION = "required-action";
public static final String FIRST_BROKER_LOGIN_PATH = "first-broker-login"; public static final String FIRST_BROKER_LOGIN_PATH = "first-broker-login";
public static final String POST_BROKER_LOGIN_PATH = "post-broker-login"; public static final String POST_BROKER_LOGIN_PATH = "post-broker-login";
public static final String LAST_PROCESSED_CODE = "last_processed_code";
private RealmModel realm; private RealmModel realm;
@ -323,14 +324,22 @@ public class LoginActionsService {
public Response authenticate(@QueryParam("code") String code, public Response authenticate(@QueryParam("code") String code,
@QueryParam("execution") String execution) { @QueryParam("execution") String execution) {
event.event(EventType.LOGIN); event.event(EventType.LOGIN);
Checks checks = new Checks();
if (!checks.verifyCode(code, ClientSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.LOGIN)) {
return checks.response;
}
event.detail(Details.CODE_ID, code);
ClientSessionCode clientSessionCode = checks.clientCode;
ClientSessionModel clientSession = clientSessionCode.getClientSession();
ClientSessionModel clientSession = ClientSessionCode.getClientSession(code, session, realm);
if (clientSession != null && code.equals(clientSession.getNote(LAST_PROCESSED_CODE))) {
// Allow refresh of previous page
} else {
Checks checks = new Checks();
if (!checks.verifyCode(code, ClientSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.LOGIN)) {
return checks.response;
}
ClientSessionCode clientSessionCode = checks.clientCode;
clientSession = clientSessionCode.getClientSession();
}
event.detail(Details.CODE_ID, code);
clientSession.setNote(LAST_PROCESSED_CODE, code);
return processAuthentication(execution, clientSession, null); return processAuthentication(execution, clientSession, null);
} }
@ -373,12 +382,21 @@ public class LoginActionsService {
public Response authenticateForm(@QueryParam("code") String code, public Response authenticateForm(@QueryParam("code") String code,
@QueryParam("execution") String execution) { @QueryParam("execution") String execution) {
event.event(EventType.LOGIN); event.event(EventType.LOGIN);
ClientSessionModel clientSession = ClientSessionCode.getClientSession(code, session, realm);
if (clientSession != null && code.equals(clientSession.getNote(LAST_PROCESSED_CODE))) {
// Post already processed (refresh) - ignore form post and return next form
request.getFormParameters().clear();
return authenticate(code, null);
}
Checks checks = new Checks(); Checks checks = new Checks();
if (!checks.verifyCode(code, ClientSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.LOGIN)) { if (!checks.verifyCode(code, ClientSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.LOGIN)) {
return checks.response; return checks.response;
} }
final ClientSessionCode clientCode = checks.clientCode; final ClientSessionCode clientCode = checks.clientCode;
final ClientSessionModel clientSession = clientCode.getClientSession(); clientSession = clientCode.getClientSession();
clientSession.setNote(LAST_PROCESSED_CODE, code);
return processAuthentication(execution, clientSession, null); return processAuthentication(execution, clientSession, null);
} }

20
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTotpTest.java
View file

@ -127,6 +127,26 @@ public class LoginTotpTest extends TestRealmKeycloakTest {
events.expectLogin().assertEvent(); events.expectLogin().assertEvent();
} }
// KEYCLOAK-3835
@Test
public void loginWithTotpRefreshTotpPage() throws Exception {
loginPage.open();
loginPage.login("test-user@localhost", "password");
Assert.assertTrue(loginTotpPage.isCurrent());
// Refresh TOTP page
driver.navigate().refresh();
System.out.println(driver.getPageSource());
loginTotpPage.login(totp.generateTOTP("totpSecret"));
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
}
@Test @Test
public void loginWithTotpCancel() throws Exception { public void loginWithTotpCancel() throws Exception {
loginPage.open(); loginPage.open();