KEYCLOAK-547

This commit is contained in:
Bill Burke 2014-08-06 19:15:52 -04:00
parent c17a5823e9
commit 32a19563a5
3 changed files with 374 additions and 325 deletions

View file

@ -429,6 +429,14 @@ public class TokenService {
ClientModel client = authorizeClient(authorizationHeader, form, audit);
String refreshToken = form.getFirst(OAuth2Constants.REFRESH_TOKEN);
if (refreshToken == null) {
Map<String, String> error = new HashMap<String, String>();
error.put(OAuth2Constants.ERROR, OAuthErrorException.INVALID_REQUEST);
error.put(OAuth2Constants.ERROR_DESCRIPTION, "No refresh token");
audit.error(Errors.INVALID_TOKEN);
logger.error("OAuth Error: no refresh token");
return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();
}
AccessToken accessToken;
try {
accessToken = tokenManager.refreshAccessToken(session, uriInfo, clientConnection, realm, client, refreshToken, audit);

View file

@ -34,6 +34,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.RefreshToken;
import org.keycloak.services.resources.TokenService;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
@ -41,9 +42,22 @@ import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
import org.keycloak.util.BasicAuthHelper;
import org.keycloak.util.Time;
import org.openqa.selenium.WebDriver;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.GenericType;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import java.net.URI;
import java.util.HashMap;
import static org.hamcrest.Matchers.allOf;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.greaterThanOrEqualTo;
@ -75,6 +89,33 @@ public class RefreshTokenTest {
@Rule
public AssertEvents events = new AssertEvents(keycloakRule);
/**
* KEYCLOAK-547
*
* @throws Exception
*/
@Test
public void nullRefreshToken() throws Exception {
Client client = ClientBuilder.newClient();
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
URI uri = TokenService.refreshUrl(builder).build("test");
WebTarget target = client.target(uri);
org.keycloak.representations.AccessTokenResponse tokenResponse = null;
{
String header = BasicAuthHelper.createHeader("test-app", "password");
Form form = new Form();
Response response = target.request()
.header(HttpHeaders.AUTHORIZATION, header)
.post(Entity.form(form));
Assert.assertEquals(400, response.getStatus());
response.close();
}
events.clear();
}
@Test
public void refreshTokenRequest() throws Exception {
oauth.doLogin("test-user@localhost", "password");