KEYCLOAK-10003 Fix handling of request parameters for SMTP Connection Test

We now transfer the SMTP connection configuration via HTTP POST
request body parameters instead of URL parameters.
The improves handling of SMTP connection configuration values with
special characters. As a side effect sensitive information like SMTP
credentials are now longer exposed via URL parameters.

Previously the SMTP connection test send the connection parameters
as encoded URL parameters in combination with parameters in the request body.
However the server side endpoint did only look at the URL parameters.

Certain values, e.g. passwords with + or ; could lead to broken URL parameters.
This commit is contained in:
Thomas Darimont 2019-12-22 20:08:32 +01:00 committed by Stian Thorgersen
parent f1ddd5016f
commit 303861f7e8
3 changed files with 12 additions and 9 deletions

View file

@ -213,11 +213,11 @@ public interface RealmResource {
@FormParam("bindDn") String bindDn, @FormParam("bindCredential") String bindCredential, @FormParam("bindDn") String bindDn, @FormParam("bindCredential") String bindCredential,
@FormParam("useTruststoreSpi") String useTruststoreSpi, @FormParam("connectionTimeout") String connectionTimeout); @FormParam("useTruststoreSpi") String useTruststoreSpi, @FormParam("connectionTimeout") String connectionTimeout);
@Path("testSMTPConnection/{config}") @Path("testSMTPConnection")
@POST @POST
@NoCache @NoCache
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
Response testSMTPConnection(final @PathParam("config") String config) throws Exception; Response testSMTPConnection(@FormParam("config") String config);
@Path("clear-realm-cache") @Path("clear-realm-cache")
@POST @POST

View file

@ -947,10 +947,10 @@ public class RealmAdminResource {
* @return * @return
* @throws Exception * @throws Exception
*/ */
@Path("testSMTPConnection/{config}") @Path("testSMTPConnection")
@POST @POST
@NoCache @NoCache
public Response testSMTPConnection(final @PathParam("config") String config) throws Exception { public Response testSMTPConnection(final @FormParam("config") String config) throws Exception {
Map<String, String> settings = readValue(config, new TypeReference<Map<String, String>>() { Map<String, String> settings = readValue(config, new TypeReference<Map<String, String>>() {
}); });

View file

@ -440,13 +440,16 @@ module.factory('RealmLDAPConnectionTester', function($resource, $httpParamSerial
}); });
}); });
module.factory('RealmSMTPConnectionTester', function($resource) { module.factory('RealmSMTPConnectionTester', function($resource, $httpParamSerializer) {
return $resource(authUrl + '/admin/realms/:realm/testSMTPConnection/:config', { return $resource(authUrl + '/admin/realms/:realm/testSMTPConnection', {
realm : '@realm', realm : '@realm'
config : '@config'
}, { }, {
send: { send: {
method: 'POST' method: 'POST',
headers : { 'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8' },
transformRequest: function (data) {
return $httpParamSerializer(data)
}
} }
}); });
}); });