Merge pull request #762 from stianst/master
KEYCLOAK-753 Add 'username:' prefix to remember me cookie to prevent iss...
This commit is contained in:
commit
2dbebd164f
3 changed files with 17 additions and 15 deletions
|
@ -199,13 +199,7 @@ public class SamlService {
|
||||||
LoginFormsProvider forms = Flows.forms(session, realm, clientSession.getClient(), uriInfo)
|
LoginFormsProvider forms = Flows.forms(session, realm, clientSession.getClient(), uriInfo)
|
||||||
.setClientSessionCode(new ClientSessionCode(realm, clientSession).getCode());
|
.setClientSessionCode(new ClientSessionCode(realm, clientSession).getCode());
|
||||||
|
|
||||||
String rememberMeUsername = null;
|
String rememberMeUsername = AuthenticationManager.getRememberMeUsername(realm, headers);
|
||||||
if (realm.isRememberMe()) {
|
|
||||||
Cookie rememberMeCookie = headers.getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
|
|
||||||
if (rememberMeCookie != null && !"".equals(rememberMeCookie.getValue())) {
|
|
||||||
rememberMeUsername = rememberMeCookie.getValue();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (rememberMeUsername != null) {
|
if (rememberMeUsername != null) {
|
||||||
MultivaluedMap<String, String> formData = new MultivaluedMapImpl<String, String>();
|
MultivaluedMap<String, String> formData = new MultivaluedMapImpl<String, String>();
|
||||||
|
|
|
@ -820,13 +820,7 @@ public class OpenIDConnectService {
|
||||||
LoginFormsProvider forms = Flows.forms(session, realm, clientSession.getClient(), uriInfo)
|
LoginFormsProvider forms = Flows.forms(session, realm, clientSession.getClient(), uriInfo)
|
||||||
.setClientSessionCode(new ClientSessionCode(realm, clientSession).getCode());
|
.setClientSessionCode(new ClientSessionCode(realm, clientSession).getCode());
|
||||||
|
|
||||||
String rememberMeUsername = null;
|
String rememberMeUsername = AuthenticationManager.getRememberMeUsername(realm, headers);
|
||||||
if (realm.isRememberMe()) {
|
|
||||||
Cookie rememberMeCookie = headers.getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
|
|
||||||
if (rememberMeCookie != null && !"".equals(rememberMeCookie.getValue())) {
|
|
||||||
rememberMeUsername = rememberMeCookie.getValue();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (loginHint != null || rememberMeUsername != null) {
|
if (loginHint != null || rememberMeUsername != null) {
|
||||||
MultivaluedMap<String, String> formData = new MultivaluedMapImpl<String, String>();
|
MultivaluedMap<String, String> formData = new MultivaluedMapImpl<String, String>();
|
||||||
|
|
|
@ -145,7 +145,21 @@ public class AuthenticationManager {
|
||||||
boolean secureOnly = realm.getSslRequired().isRequired(connection);
|
boolean secureOnly = realm.getSslRequired().isRequired(connection);
|
||||||
// remember me cookie should be persistent (hardcoded to 365 days for now)
|
// remember me cookie should be persistent (hardcoded to 365 days for now)
|
||||||
//NewCookie cookie = new NewCookie(KEYCLOAK_REMEMBER_ME, "true", path, null, null, realm.getCentralLoginLifespan(), secureOnly);// todo httponly , true);
|
//NewCookie cookie = new NewCookie(KEYCLOAK_REMEMBER_ME, "true", path, null, null, realm.getCentralLoginLifespan(), secureOnly);// todo httponly , true);
|
||||||
CookieHelper.addCookie(KEYCLOAK_REMEMBER_ME, username, path, null, null, 31536000, secureOnly, true);
|
CookieHelper.addCookie(KEYCLOAK_REMEMBER_ME, "username:" + username, path, null, null, 31536000, secureOnly, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static String getRememberMeUsername(RealmModel realm, HttpHeaders headers) {
|
||||||
|
if (realm.isRememberMe()) {
|
||||||
|
Cookie cookie = headers.getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
|
||||||
|
if (cookie != null) {
|
||||||
|
String value = cookie.getValue();
|
||||||
|
String[] s = value.split(":");
|
||||||
|
if (s[0].equals("username") && s.length == 2) {
|
||||||
|
return s[1];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected static String encodeToken(RealmModel realm, Object token) {
|
protected static String encodeToken(RealmModel realm, Object token) {
|
||||||
|
|
Loading…
Reference in a new issue