KEYCLOAK-16996 User not able to revoke his offline token for directGrant clients

2021-02-10 10:44:11 +01:00 · 2021-02-10 10:44:11 +01:00 · 4dacbb9e0b
commit 4dacbb9e0b
parent 9b0e1fff8d
4 changed files with 22 additions and 7 deletions
--- a/services/src/main/java/org/keycloak/services/resources/account/AccountRestService.java
+++ b/services/src/main/java/org/keycloak/services/resources/account/AccountRestService.java
@ -492,7 +492,7 @@ public class AccountRestService {

        realm.getAlwaysDisplayInConsoleClientsStream().forEach(clients::add);

-        return clients.stream().filter(client -> !client.isBearerOnly() && client.getBaseUrl() != null && !client.getClientId().isEmpty())
+        return clients.stream().filter(client -> !client.isBearerOnly() && !client.getClientId().isEmpty())
                .filter(client -> matches(client, name))
                .map(client -> modelToRepresentation(client, inUseClients, offlineClients, consentModels));
    }
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AbstractRestServiceTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AbstractRestServiceTest.java
@ -104,6 +104,13 @@ public abstract class AbstractRestServiceTest extends AbstractTestRealmKeycloakT
                .secret("secret1").build();
        testRealm.getClients().add(offlineApp);

+        org.keycloak.representations.idm.ClientRepresentation offlineApp2 = ClientBuilder.create().clientId("offline-client-without-base-url")
+                .id(KeycloakModelUtils.generateId())
+                .name("Offline Client Without Base URL")
+                .directAccessGrants()
+                .secret("secret1").build();
+        testRealm.getClients().add(offlineApp2);
+
        org.keycloak.representations.idm.ClientRepresentation alwaysDisplayApp = ClientBuilder.create().clientId("always-display-client")
                .id(KeycloakModelUtils.generateId())
                .name("Always Display Client")
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountRestServiceTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountRestServiceTest.java
@ -778,10 +778,11 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
        assertFalse(applications.isEmpty());

        Map<String, ClientRepresentation> apps = applications.stream().collect(Collectors.toMap(x -> x.getClientId(), x -> x));
-        Assert.assertThat(apps.keySet(), containsInAnyOrder("in-use-client", "always-display-client"));
+        Assert.assertThat(apps.keySet(), containsInAnyOrder("in-use-client", "always-display-client", "direct-grant"));

        assertClientRep(apps.get("in-use-client"), "In Use Client", null, false, true, false, null, inUseClientAppUri);
        assertClientRep(apps.get("always-display-client"), "Always Display Client", null, false, false, false, null, alwaysDisplayClientAppUri);
+        assertClientRep(apps.get("direct-grant"), null, null, false, true, false, null, null);
    }

    @Test
@ -813,6 +814,10 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
        OAuthClient.AccessTokenResponse offlineTokenResponse = oauth.doGrantAccessTokenRequest("secret1", "view-applications-access", "password");
        assertNull(offlineTokenResponse.getErrorDescription());

+        oauth.clientId("offline-client-without-base-url");
+        offlineTokenResponse = oauth.doGrantAccessTokenRequest("secret1", "view-applications-access", "password");
+        assertNull(offlineTokenResponse.getErrorDescription());
+
        TokenUtil token = new TokenUtil("view-applications-access", "password");
        List<ClientRepresentation> applications = SimpleHttp
                .doGet(getAccountUrl("applications"), httpClient)
@ -823,9 +828,10 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
        assertFalse(applications.isEmpty());

        Map<String, ClientRepresentation> apps = applications.stream().collect(Collectors.toMap(x -> x.getClientId(), x -> x));
-        Assert.assertThat(apps.keySet(), containsInAnyOrder("offline-client", "always-display-client"));
+        Assert.assertThat(apps.keySet(), containsInAnyOrder("offline-client", "offline-client-without-base-url", "always-display-client", "direct-grant"));

        assertClientRep(apps.get("offline-client"), "Offline Client", null, false, true, true, null, offlineClientAppUri);
+        assertClientRep(apps.get("offline-client-without-base-url"), "Offline Client Without Base URL", null, false, true, true, null, null);
    }

    @Test
@ -861,7 +867,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
                .asResponse();

        Map<String, ClientRepresentation> apps = applications.stream().collect(Collectors.toMap(x -> x.getClientId(), x -> x));
-        Assert.assertThat(apps.keySet(), containsInAnyOrder(appId, "always-display-client"));
+        Assert.assertThat(apps.keySet(), containsInAnyOrder(appId, "always-display-client", "direct-grant"));

        ClientRepresentation app = apps.get(appId);
        assertClientRep(app, null, "A third party application", true, false, false, null, "http://localhost:8180/auth/realms/master/app/auth");
@ -887,7 +893,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
        assertFalse(applications.isEmpty());

        Map<String, ClientRepresentation> apps = applications.stream().collect(Collectors.toMap(x -> x.getClientId(), x -> x));
-        Assert.assertThat(apps.keySet(), containsInAnyOrder("root-url-client", "always-display-client"));
+        Assert.assertThat(apps.keySet(), containsInAnyOrder("root-url-client", "always-display-client", "direct-grant"));

        assertClientRep(apps.get("root-url-client"), null, null, false, true, false, "http://localhost:8180/foo/bar", "/baz");
    }
@ -1308,7 +1314,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
        assertFalse(applications.isEmpty());

        Map<String, ClientRepresentation> apps = applications.stream().collect(Collectors.toMap(x -> x.getClientId(), x -> x));
-        Assert.assertThat(apps.keySet(), containsInAnyOrder("offline-client", "always-display-client"));
+        Assert.assertThat(apps.keySet(), containsInAnyOrder("offline-client", "always-display-client", "direct-grant"));

        assertClientRep(apps.get("offline-client"), "Offline Client", null, false, true, false, null, offlineClientAppUri);
    }
--- a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/applications-page/ApplicationsPage.tsx
+++ b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/applications-page/ApplicationsPage.tsx
@ -181,7 +181,9 @@ export class ApplicationsPage extends React.Component<ApplicationsPageProps, App
                      {application.description &&
                        <GridItem><strong>{Msg.localize('description') + ': '}</strong> {application.description}</GridItem>
                      }
-                      <GridItem><strong>URL: </strong> <span id={this.elementId('effectiveurl', application)}>{application.effectiveUrl.split('"')}</span></GridItem>
+                      {application.effectiveUrl &&
+                        <GridItem><strong>URL: </strong> <span id={this.elementId('effectiveurl', application)}>{application.effectiveUrl.split('"')}</span></GridItem>
+                      }
                      {application.consent &&
                        <React.Fragment>
                          <GridItem span={12}>