Missing Cache-Control header when response_type parameter is missing in login request
closes #29866 Signed-off-by: mposolda <mposolda@gmail.com>
This commit is contained in:
parent
5ea3becef5
commit
3110bb8989
2 changed files with 25 additions and 1 deletions
|
@ -268,6 +268,8 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
|
||||||
}
|
}
|
||||||
|
|
||||||
private Response redirectErrorToClient(OIDCResponseMode responseMode, String error, String errorDescription) {
|
private Response redirectErrorToClient(OIDCResponseMode responseMode, String error, String errorDescription) {
|
||||||
|
CacheControlUtil.noBackButtonCacheControlHeader(session);
|
||||||
|
|
||||||
OIDCRedirectUriBuilder errorResponseBuilder = OIDCRedirectUriBuilder.fromUri(redirectUri, responseMode, session, null)
|
OIDCRedirectUriBuilder errorResponseBuilder = OIDCRedirectUriBuilder.fromUri(redirectUri, responseMode, session, null)
|
||||||
.addParam(OAuth2Constants.ERROR, error);
|
.addParam(OAuth2Constants.ERROR, error);
|
||||||
|
|
||||||
|
|
|
@ -16,6 +16,9 @@
|
||||||
*/
|
*/
|
||||||
package org.keycloak.testsuite.oauth;
|
package org.keycloak.testsuite.oauth;
|
||||||
|
|
||||||
|
import jakarta.ws.rs.client.Client;
|
||||||
|
import jakarta.ws.rs.core.HttpHeaders;
|
||||||
|
import jakarta.ws.rs.core.Response;
|
||||||
import org.jboss.arquillian.graphene.page.Page;
|
import org.jboss.arquillian.graphene.page.Page;
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
|
@ -37,6 +40,7 @@ import org.keycloak.testsuite.AssertEvents;
|
||||||
import org.keycloak.testsuite.pages.ErrorPage;
|
import org.keycloak.testsuite.pages.ErrorPage;
|
||||||
import org.keycloak.testsuite.pages.InstalledAppRedirectPage;
|
import org.keycloak.testsuite.pages.InstalledAppRedirectPage;
|
||||||
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
|
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
|
||||||
|
import org.keycloak.testsuite.util.AdminClientUtil;
|
||||||
import org.keycloak.testsuite.util.ClientManager;
|
import org.keycloak.testsuite.util.ClientManager;
|
||||||
import org.keycloak.testsuite.util.OAuthClient;
|
import org.keycloak.testsuite.util.OAuthClient;
|
||||||
import org.keycloak.testsuite.util.WaitUtils;
|
import org.keycloak.testsuite.util.WaitUtils;
|
||||||
|
@ -50,6 +54,10 @@ import java.util.HashMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
|
import static org.hamcrest.MatcherAssert.assertThat;
|
||||||
|
import static org.hamcrest.Matchers.containsString;
|
||||||
|
import static org.hamcrest.Matchers.equalTo;
|
||||||
|
import static org.hamcrest.Matchers.is;
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
import static org.junit.Assert.assertTrue;
|
import static org.junit.Assert.assertTrue;
|
||||||
import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson;
|
import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson;
|
||||||
|
@ -185,6 +193,20 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
|
||||||
events.expectLogin().error(Errors.INVALID_REQUEST).user((String) null).session((String) null).clearDetails().detail(Details.RESPONSE_TYPE, "tokenn").assertEvent();
|
events.expectLogin().error(Errors.INVALID_REQUEST).user((String) null).session((String) null).clearDetails().detail(Details.RESPONSE_TYPE, "tokenn").assertEvent();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Issue 29866
|
||||||
|
@Test
|
||||||
|
public void authorizationRequestInvalidResponseType_testHeaders() throws IOException {
|
||||||
|
oauth.responseType("tokenn");
|
||||||
|
Client client = AdminClientUtil.createResteasyClient();
|
||||||
|
Response response = client.target(oauth.getLoginFormUrl()).request().get();
|
||||||
|
|
||||||
|
assertThat(response.getStatus(), is(equalTo(302)));
|
||||||
|
String cacheControl = response.getHeaderString(HttpHeaders.CACHE_CONTROL);
|
||||||
|
Assert.assertNotNull(cacheControl);
|
||||||
|
Assert.assertThat(cacheControl, containsString("no-store"));
|
||||||
|
Assert.assertThat(cacheControl, containsString("must-revalidate"));
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void authorizationRequestFormPostResponseModeInvalidResponseType() throws IOException {
|
public void authorizationRequestFormPostResponseModeInvalidResponseType() throws IOException {
|
||||||
oauth.responseMode(OIDCResponseMode.FORM_POST.value());
|
oauth.responseMode(OIDCResponseMode.FORM_POST.value());
|
||||||
|
@ -395,5 +417,5 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
events.expectLogin().error(Errors.INVALID_REQUEST).user((String) null).session((String) null).client((String) null).clearDetails().assertEvent();
|
events.expectLogin().error(Errors.INVALID_REQUEST).user((String) null).session((String) null).client((String) null).clearDetails().assertEvent();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue