libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

fix: issuedFor added to token to get client id into the token also redirect uri added to token and then passed to info template for "back to application" functionality

Browse source 
test also added to check the availability of issueFor(azp) and redirect uri in Action
Fixes #14860
Fixes #15136
This commit is contained in:
Saman-jafari 2023-04-30 01:46:21 +02:00 committed by Pedro Igor
parent ace83231ee
commit 31db84e924
3 changed files with 45 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
services/src/main/java/org/keycloak/authentication/actiontoken/updateemail/UpdateEmailActionToken.java
View file

@ -29,10 +29,11 @@ public class UpdateEmailActionToken extends DefaultActionToken {
@JsonProperty("newEmail")
private String newEmail;
public UpdateEmailActionToken(String userId, int absoluteExpirationInSecs, String oldEmail, String newEmail){
public UpdateEmailActionToken(String userId, int absoluteExpirationInSecs, String oldEmail, String newEmail, String clientId){
super(userId, TOKEN_TYPE, absoluteExpirationInSecs, null);
this.oldEmail = oldEmail;
this.newEmail = newEmail;
this.issuedFor = clientId;
}
private UpdateEmailActionToken(){

2
services/src/main/java/org/keycloak/authentication/requiredactions/UpdateEmail.java
View file

@ -119,7 +119,7 @@ public class UpdateEmail implements RequiredActionProvider, RequiredActionFactor
AuthenticationSessionModel authenticationSession = context.getAuthenticationSession();
UpdateEmailActionToken actionToken = new UpdateEmailActionToken(user.getId(), Time.currentTime() + validityInSecs,
oldEmail, newEmail);
oldEmail, newEmail, authenticationSession.getClient().getClientId());
String link = Urls
.actionTokenBuilder(uriInfo.getBaseUri(), actionToken.serialize(session, realm, uriInfo),

42
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/AppInitiatedActionUpdateEmailWithVerificationTest.java
View file

@ -16,6 +16,8 @@
*/
package org.keycloak.testsuite.actions;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.endsWith;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
@ -24,18 +26,25 @@ import jakarta.mail.Address;
import jakarta.mail.Message;
import jakarta.mail.MessagingException;
import jakarta.mail.internet.MimeMessage;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.TokenVerifier;
import org.keycloak.common.VerificationException;
import org.keycloak.events.Details;
import org.keycloak.events.EventType;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.InfoPage;
import org.keycloak.testsuite.util.GreenMailRule;
import org.keycloak.testsuite.util.MailUtils;
import org.openqa.selenium.By;
import org.openqa.selenium.WebElement;
public class AppInitiatedActionUpdateEmailWithVerificationTest extends AbstractAppInitiatedActionUpdateEmailTest {
@ -140,4 +149,37 @@ public class AppInitiatedActionUpdateEmailWithVerificationTest extends AbstractA
return MailUtils.getPasswordResetEmailLink(message).trim();
}
@Test
public void updateEmailWithRedirect() throws Exception {
doAIA();
loginPage.login("test-user@localhost", "password");
emailUpdatePage.assertCurrent();
assertTrue(emailUpdatePage.isCancelDisplayed());
emailUpdatePage.changeEmail("new@localhost");
events.expect(EventType.SEND_VERIFY_EMAIL).detail(Details.EMAIL, "new@localhost").assertEvent();
Assert.assertEquals("test-user@localhost", ActionUtil.findUserWithAdminClient(adminClient, "test-user@localhost").getEmail());
String link = fetchEmailConfirmationLink("new@localhost");
String token = link.substring(link.indexOf("key=") + "key=".length()).split("&")[0];
try {
final AccessToken actionTokenVerifyEmail = TokenVerifier.create(token, AccessToken.class).getToken();
//Issue #14860
assertEquals("test-app", actionTokenVerifyEmail.getIssuedFor());
} catch (VerificationException e) {
throw new IOException(e);
}
driver.navigate().to(link);
infoPage.assertCurrent();
assertEquals(String.format("The account email has been successfully updated to %s.", "new@localhost"), infoPage.getInfo());
//Issue #15136
final WebElement backToApplicationLink = driver.findElement(By.linkText("« Back to Application"));
assertThat(backToApplicationLink.toString(), Matchers.containsString("/auth/realms/master/app/auth"));
events.expect(EventType.UPDATE_EMAIL)
.detail(Details.PREVIOUS_EMAIL, "test-user@localhost")
.detail(Details.UPDATED_EMAIL, "new@localhost");
Assert.assertEquals("new@localhost", ActionUtil.findUserWithAdminClient(adminClient, "test-user@localhost").getEmail());
}
}