Merge pull request #1365 from stianst/master

Error page is displayed if user rejects sign in with social provider
2015-06-12 13:03:08 +01:00 · 2015-06-12 13:03:08 +01:00 · 47d1681e90
commit 47d1681e90
parent 0d957311b4 c89a412661
4 changed files with 26 additions and 9 deletions
--- a/broker/core/src/main/java/org/keycloak/broker/provider/IdentityProvider.java
+++ b/broker/core/src/main/java/org/keycloak/broker/provider/IdentityProvider.java
@ -36,7 +36,7 @@ import javax.ws.rs.core.UriInfo;
 */
 public interface IdentityProvider<C extends IdentityProviderModel> extends Provider {

-    public interface AuthenticationCallback {
+    interface AuthenticationCallback {
        /**
         * This method should be called by provider after the JAXRS callback endpoint has finished authentication
         * with the remote IDP
@ -44,7 +44,11 @@ public interface IdentityProvider<C extends IdentityProviderModel> extends Provi
         * @param context
         * @return
         */
-        public Response authenticated(BrokeredIdentityContext context);
+        Response authenticated(BrokeredIdentityContext context);
+
+        Response cancelled(String code);
+
+        Response error(String code, String message);
    }


--- a/broker/oidc/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java
+++ b/broker/oidc/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java
@ -58,6 +58,7 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
    public static final String FEDERATED_ACCESS_TOKEN = "FEDERATED_ACCESS_TOKEN";
    public static final String FEDERATED_REFRESH_TOKEN = "FEDERATED_REFRESH_TOKEN";
    public static final String FEDERATED_TOKEN_EXPIRATION = "FEDERATED_TOKEN_EXPIRATION";
+    public static final String ACCESS_DENIED = "access_denied";
    protected static ObjectMapper mapper = new ObjectMapper();

    public static final String OAUTH2_PARAMETER_ACCESS_TOKEN = "access_token";
@ -213,9 +214,11 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
                                     @QueryParam(OAuth2Constants.ERROR) String error) {
            if (error != null) {
                //logger.error("Failed " + getConfig().getAlias() + " broker login: " + error);
-                event.event(EventType.LOGIN);
-                event.error(error);
-                return ErrorPage.error(session, Messages.IDENTITY_PROVIDER_UNEXPECTED_ERROR);
+                if (error.equals(ACCESS_DENIED)) {
+                    return callback.cancelled(state);
+                } else {
+                    return callback.error(state, Messages.IDENTITY_PROVIDER_UNEXPECTED_ERROR);
+                }
            }

            try {
--- a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java
+++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java
@ -17,7 +17,7 @@ public interface UsersResource {

    @GET
    @Produces(MediaType.APPLICATION_JSON)
-    public List<UserRepresentation> search(@QueryParam("username") String username,
+    List<UserRepresentation> search(@QueryParam("username") String username,
                                           @QueryParam("firstName") String firstName,
                                           @QueryParam("lastName") String lastName,
                                           @QueryParam("email") String email,
@ -26,7 +26,7 @@ public interface UsersResource {

    @GET
    @Produces(MediaType.APPLICATION_JSON)
-    public List<UserRepresentation> search(@QueryParam("search") String search,
+    List<UserRepresentation> search(@QueryParam("search") String search,
                                           @QueryParam("first") Integer firstResult,
                                           @QueryParam("max") Integer maxResults);

@ -34,7 +34,7 @@ public interface UsersResource {
    @Consumes(MediaType.APPLICATION_JSON)
    Response create(UserRepresentation userRepresentation);

-    @Path("{username}")
-    public UserResource get(@PathParam("username") String username);
+    @Path("{id}")
+    UserResource get(@PathParam("id") String id);

 }
--- a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
+++ b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
@ -315,6 +315,16 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
                this.uriInfo, event);
    }

+    @Override
+    public Response cancelled(String code) {
+        return session.getProvider(LoginFormsProvider.class).setClientSessionCode(code).createLogin();
+    }
+
+    @Override
+    public Response error(String code, String message) {
+        return session.getProvider(LoginFormsProvider.class).setClientSessionCode(code).setError(message).createLogin();
+    }
+
    private Response performAccountLinking(ClientSessionModel clientSession, BrokeredIdentityContext context, FederatedIdentityModel federatedIdentityModel, UserModel federatedUser) {
        this.event.event(EventType.IDENTITY_PROVIDER_ACCCOUNT_LINKING);