Merge pull request #762 from stianst/master

KEYCLOAK-753 Add 'username:' prefix to remember me cookie to prevent iss...
2014-10-14 13:49:59 +02:00 · 2014-10-14 13:49:59 +02:00 · 2dbebd164f
commit 2dbebd164f
parent 2ad688a663 1021e8af5c
3 changed files with 17 additions and 15 deletions
--- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
@ -199,13 +199,7 @@ public class SamlService {
        LoginFormsProvider forms = Flows.forms(session, realm, clientSession.getClient(), uriInfo)
                .setClientSessionCode(new ClientSessionCode(realm, clientSession).getCode());

-        String rememberMeUsername = null;
-        if (realm.isRememberMe()) {
-            Cookie rememberMeCookie = headers.getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
-            if (rememberMeCookie != null && !"".equals(rememberMeCookie.getValue())) {
-                rememberMeUsername = rememberMeCookie.getValue();
-            }
-        }
+        String rememberMeUsername = AuthenticationManager.getRememberMeUsername(realm, headers);

        if (rememberMeUsername != null) {
            MultivaluedMap<String, String> formData = new MultivaluedMapImpl<String, String>();
--- a/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java
@ -820,13 +820,7 @@ public class OpenIDConnectService {
        LoginFormsProvider forms = Flows.forms(session, realm, clientSession.getClient(), uriInfo)
                .setClientSessionCode(new ClientSessionCode(realm, clientSession).getCode());

-        String rememberMeUsername = null;
-        if (realm.isRememberMe()) {
-            Cookie rememberMeCookie = headers.getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
-            if (rememberMeCookie != null && !"".equals(rememberMeCookie.getValue())) {
-                rememberMeUsername = rememberMeCookie.getValue();
-            }
-        }
+        String rememberMeUsername = AuthenticationManager.getRememberMeUsername(realm, headers);

        if (loginHint != null || rememberMeUsername != null) {
            MultivaluedMap<String, String> formData = new MultivaluedMapImpl<String, String>();
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@ -145,7 +145,21 @@ public class AuthenticationManager {
        boolean secureOnly = realm.getSslRequired().isRequired(connection);
        // remember me cookie should be persistent (hardcoded to 365 days for now)
        //NewCookie cookie = new NewCookie(KEYCLOAK_REMEMBER_ME, "true", path, null, null, realm.getCentralLoginLifespan(), secureOnly);// todo httponly , true);
-        CookieHelper.addCookie(KEYCLOAK_REMEMBER_ME, username, path, null, null, 31536000, secureOnly, true);
+        CookieHelper.addCookie(KEYCLOAK_REMEMBER_ME, "username:" + username, path, null, null, 31536000, secureOnly, true);
+    }
+
+    public static String getRememberMeUsername(RealmModel realm, HttpHeaders headers) {
+        if (realm.isRememberMe()) {
+            Cookie cookie = headers.getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
+            if (cookie != null) {
+                String value = cookie.getValue();
+                String[] s = value.split(":");
+                if (s[0].equals("username") && s.length == 2) {
+                    return s[1];
+                }
+            }
+        }
+        return null;
    }

    protected static String encodeToken(RealmModel realm, Object token) {