Merge pull request #762 from stianst/master

KEYCLOAK-753 Add 'username:' prefix to remember me cookie to prevent iss...
This commit is contained in:
Stian Thorgersen 2014-10-14 13:49:59 +02:00
commit 2dbebd164f
3 changed files with 17 additions and 15 deletions

View file

@ -199,13 +199,7 @@ public class SamlService {
LoginFormsProvider forms = Flows.forms(session, realm, clientSession.getClient(), uriInfo) LoginFormsProvider forms = Flows.forms(session, realm, clientSession.getClient(), uriInfo)
.setClientSessionCode(new ClientSessionCode(realm, clientSession).getCode()); .setClientSessionCode(new ClientSessionCode(realm, clientSession).getCode());
String rememberMeUsername = null; String rememberMeUsername = AuthenticationManager.getRememberMeUsername(realm, headers);
if (realm.isRememberMe()) {
Cookie rememberMeCookie = headers.getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
if (rememberMeCookie != null && !"".equals(rememberMeCookie.getValue())) {
rememberMeUsername = rememberMeCookie.getValue();
}
}
if (rememberMeUsername != null) { if (rememberMeUsername != null) {
MultivaluedMap<String, String> formData = new MultivaluedMapImpl<String, String>(); MultivaluedMap<String, String> formData = new MultivaluedMapImpl<String, String>();

View file

@ -820,13 +820,7 @@ public class OpenIDConnectService {
LoginFormsProvider forms = Flows.forms(session, realm, clientSession.getClient(), uriInfo) LoginFormsProvider forms = Flows.forms(session, realm, clientSession.getClient(), uriInfo)
.setClientSessionCode(new ClientSessionCode(realm, clientSession).getCode()); .setClientSessionCode(new ClientSessionCode(realm, clientSession).getCode());
String rememberMeUsername = null; String rememberMeUsername = AuthenticationManager.getRememberMeUsername(realm, headers);
if (realm.isRememberMe()) {
Cookie rememberMeCookie = headers.getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
if (rememberMeCookie != null && !"".equals(rememberMeCookie.getValue())) {
rememberMeUsername = rememberMeCookie.getValue();
}
}
if (loginHint != null || rememberMeUsername != null) { if (loginHint != null || rememberMeUsername != null) {
MultivaluedMap<String, String> formData = new MultivaluedMapImpl<String, String>(); MultivaluedMap<String, String> formData = new MultivaluedMapImpl<String, String>();

View file

@ -145,7 +145,21 @@ public class AuthenticationManager {
boolean secureOnly = realm.getSslRequired().isRequired(connection); boolean secureOnly = realm.getSslRequired().isRequired(connection);
// remember me cookie should be persistent (hardcoded to 365 days for now) // remember me cookie should be persistent (hardcoded to 365 days for now)
//NewCookie cookie = new NewCookie(KEYCLOAK_REMEMBER_ME, "true", path, null, null, realm.getCentralLoginLifespan(), secureOnly);// todo httponly , true); //NewCookie cookie = new NewCookie(KEYCLOAK_REMEMBER_ME, "true", path, null, null, realm.getCentralLoginLifespan(), secureOnly);// todo httponly , true);
CookieHelper.addCookie(KEYCLOAK_REMEMBER_ME, username, path, null, null, 31536000, secureOnly, true); CookieHelper.addCookie(KEYCLOAK_REMEMBER_ME, "username:" + username, path, null, null, 31536000, secureOnly, true);
}
public static String getRememberMeUsername(RealmModel realm, HttpHeaders headers) {
if (realm.isRememberMe()) {
Cookie cookie = headers.getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
if (cookie != null) {
String value = cookie.getValue();
String[] s = value.split(":");
if (s[0].equals("username") && s.length == 2) {
return s[1];
}
}
}
return null;
} }
protected static String encodeToken(RealmModel realm, Object token) { protected static String encodeToken(RealmModel realm, Object token) {