Use KEYCLOAK_REMEMBER_ME as hint to prefill login form. Change lifespan of KEYCLOAK_IDENTITY to maxSsoSessionLifespan
This commit is contained in:
parent
bd0887d18e
commit
5352872b4b
8 changed files with 94 additions and 14 deletions
|
@ -40,7 +40,11 @@
|
|||
<#if realm.rememberMe>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<input id="rememberMe" name="rememberMe" type="checkbox" tabindex="3"> Remember Me
|
||||
<#if login.rememberMe??>
|
||||
<input id="rememberMe" name="rememberMe" type="checkbox" tabindex="3" checked> Remember Me
|
||||
<#else>
|
||||
<input id="rememberMe" name="rememberMe" type="checkbox" tabindex="3"> Remember Me
|
||||
</#if>
|
||||
</label>
|
||||
</div>
|
||||
</#if>
|
||||
|
|
|
@ -34,11 +34,14 @@ public class LoginBean {
|
|||
|
||||
private String passwordToken;
|
||||
|
||||
private String rememberMe;
|
||||
|
||||
public LoginBean(MultivaluedMap<String, String> formData){
|
||||
if (formData != null) {
|
||||
username = formData.getFirst("username");
|
||||
password = formData.getFirst("password");
|
||||
passwordToken = formData.getFirst("password-token");
|
||||
rememberMe = formData.getFirst("rememberMe");
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -53,4 +56,8 @@ public class LoginBean {
|
|||
public String getPasswordToken() {
|
||||
return passwordToken;
|
||||
}
|
||||
|
||||
public String getRememberMe() {
|
||||
return rememberMe;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -23,7 +23,7 @@ public class AppAuthManager extends AuthenticationManager {
|
|||
if (authResult == null) return null;
|
||||
// refresh the cookies!
|
||||
createLoginCookie(realm, authResult.getUser(), authResult.getSession(), uriInfo, connection);
|
||||
if (authResult.getSession().isRememberMe()) createRememberMeCookie(realm, uriInfo, connection);
|
||||
if (authResult.getSession().isRememberMe()) createRememberMeCookie(realm, authResult.getUser().getUsername(), uriInfo, connection);
|
||||
return authResult;
|
||||
}
|
||||
|
||||
|
|
|
@ -87,8 +87,8 @@ public class AuthenticationManager {
|
|||
if (session != null) {
|
||||
token.setSessionState(session.getId());
|
||||
}
|
||||
if (realm.getSsoSessionIdleTimeout() > 0) {
|
||||
token.expiration(Time.currentTime() + realm.getSsoSessionIdleTimeout());
|
||||
if (realm.getSsoSessionMaxLifespan() > 0) {
|
||||
token.expiration(Time.currentTime() + realm.getSsoSessionMaxLifespan());
|
||||
}
|
||||
return token;
|
||||
}
|
||||
|
@ -100,7 +100,7 @@ public class AuthenticationManager {
|
|||
boolean secureOnly = realm.getSslRequired().isRequired(connection);
|
||||
int maxAge = NewCookie.DEFAULT_MAX_AGE;
|
||||
if (session.isRememberMe()) {
|
||||
maxAge = realm.getSsoSessionIdleTimeout();
|
||||
maxAge = realm.getSsoSessionMaxLifespan();
|
||||
}
|
||||
logger.debugv("Create login cookie - name: {0}, path: {1}, max-age: {2}", KEYCLOAK_IDENTITY_COOKIE, cookiePath, maxAge);
|
||||
CookieHelper.addCookie(KEYCLOAK_IDENTITY_COOKIE, encoded, cookiePath, null, null, maxAge, secureOnly, true);
|
||||
|
@ -116,12 +116,12 @@ public class AuthenticationManager {
|
|||
|
||||
}
|
||||
|
||||
public void createRememberMeCookie(RealmModel realm, UriInfo uriInfo, ClientConnection connection) {
|
||||
public void createRememberMeCookie(RealmModel realm, String username, UriInfo uriInfo, ClientConnection connection) {
|
||||
String path = getIdentityCookiePath(realm, uriInfo);
|
||||
boolean secureOnly = realm.getSslRequired().isRequired(connection);
|
||||
// remember me cookie should be persistent
|
||||
// remember me cookie should be persistent (hardcoded to 1 month for now)
|
||||
//NewCookie cookie = new NewCookie(KEYCLOAK_REMEMBER_ME, "true", path, null, null, realm.getCentralLoginLifespan(), secureOnly);// todo httponly , true);
|
||||
CookieHelper.addCookie(KEYCLOAK_REMEMBER_ME, "true", path, null, null, realm.getSsoSessionIdleTimeout(), secureOnly, true);
|
||||
CookieHelper.addCookie(KEYCLOAK_REMEMBER_ME, username, path, null, null, 2592000, secureOnly, true);
|
||||
}
|
||||
|
||||
protected String encodeToken(RealmModel realm, Object token) {
|
||||
|
@ -136,7 +136,6 @@ public class AuthenticationManager {
|
|||
String path = getIdentityCookiePath(realm, uriInfo);
|
||||
expireCookie(realm, KEYCLOAK_IDENTITY_COOKIE, path, true, connection);
|
||||
expireCookie(realm, KEYCLOAK_SESSION_COOKIE, path, false, connection);
|
||||
expireRememberMeCookie(realm, uriInfo, connection);
|
||||
}
|
||||
public static void expireRememberMeCookie(RealmModel realm, UriInfo uriInfo, ClientConnection connection) {
|
||||
logger.debug("Expiring remember me cookie");
|
||||
|
|
|
@ -59,6 +59,7 @@ import javax.ws.rs.Path;
|
|||
import javax.ws.rs.Produces;
|
||||
import javax.ws.rs.QueryParam;
|
||||
import javax.ws.rs.core.Context;
|
||||
import javax.ws.rs.core.Cookie;
|
||||
import javax.ws.rs.core.HttpHeaders;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
import javax.ws.rs.core.MultivaluedMap;
|
||||
|
@ -523,7 +524,7 @@ public class TokenService {
|
|||
AuthenticationStatus status = authManager.authenticateForm(session, clientConnection, realm, formData);
|
||||
|
||||
if (remember) {
|
||||
authManager.createRememberMeCookie(realm, uriInfo, clientConnection);
|
||||
authManager.createRememberMeCookie(realm, username, uriInfo, clientConnection);
|
||||
} else {
|
||||
authManager.expireRememberMeCookie(realm, uriInfo, clientConnection);
|
||||
}
|
||||
|
@ -962,9 +963,21 @@ public class TokenService {
|
|||
|
||||
LoginFormsProvider forms = Flows.forms(session, realm, client, uriInfo);
|
||||
|
||||
if (loginHint != null) {
|
||||
String rememberMeUsername = null;
|
||||
Cookie rememberMeCookie = headers.getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
|
||||
if (rememberMeCookie != null && !"".equals(rememberMeCookie.getValue())) {
|
||||
rememberMeUsername = rememberMeCookie.getValue();
|
||||
}
|
||||
|
||||
if (loginHint != null || rememberMeUsername != null) {
|
||||
MultivaluedMap<String, String> formData = new MultivaluedMapImpl<String, String>();
|
||||
formData.add(AuthenticationManager.FORM_USERNAME, loginHint);
|
||||
|
||||
if (loginHint != null) {
|
||||
formData.add(AuthenticationManager.FORM_USERNAME, loginHint);
|
||||
} else {
|
||||
formData.add(AuthenticationManager.FORM_USERNAME, rememberMeUsername);
|
||||
formData.add("rememberMe", "on");
|
||||
}
|
||||
|
||||
forms.setFormData(formData);
|
||||
}
|
||||
|
|
|
@ -92,7 +92,6 @@ public class OAuthFlows {
|
|||
if (state != null)
|
||||
redirectUri.queryParam(OAuth2Constants.STATE, state);
|
||||
Response.ResponseBuilder location = Response.status(302).location(redirectUri.build());
|
||||
Cookie remember = request.getHttpHeaders().getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
|
||||
|
||||
Cookie sessionCookie = request.getHttpHeaders().getCookies().get(AuthenticationManager.KEYCLOAK_SESSION_COOKIE);
|
||||
if (sessionCookie != null) {
|
||||
|
@ -112,7 +111,7 @@ public class OAuthFlows {
|
|||
|
||||
// refresh the cookies!
|
||||
authManager.createLoginCookie(realm, accessCode.getUser(), userSession, uriInfo, clientConnection);
|
||||
if (userSession.isRememberMe()) authManager.createRememberMeCookie(realm, uriInfo, clientConnection);
|
||||
if (userSession.isRememberMe()) authManager.createRememberMeCookie(realm, accessCode.getUser().getUsername(), uriInfo, clientConnection);
|
||||
return location.build();
|
||||
}
|
||||
|
||||
|
|
|
@ -27,7 +27,9 @@ import org.junit.Rule;
|
|||
import org.junit.Test;
|
||||
import org.keycloak.OAuth2Constants;
|
||||
import org.keycloak.events.Details;
|
||||
import org.keycloak.events.Event;
|
||||
import org.keycloak.models.BrowserSecurityHeaders;
|
||||
import org.keycloak.models.PasswordPolicy;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserCredentialModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
|
@ -165,6 +167,49 @@ public class LoginTest {
|
|||
events.expectLogin().user(userId).detail(Details.USERNAME, "login@test.com").assertEvent();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loginWithRememberMe() {
|
||||
keycloakRule.update(new KeycloakRule.KeycloakSetup() {
|
||||
@Override
|
||||
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
|
||||
appRealm.setRememberMe(true);
|
||||
}
|
||||
});
|
||||
|
||||
try {
|
||||
loginPage.open();
|
||||
Assert.assertFalse(loginPage.isRememberMeChecked());
|
||||
loginPage.setRememberMe(true);
|
||||
Assert.assertTrue(loginPage.isRememberMeChecked());
|
||||
loginPage.login("login-test", "password");
|
||||
|
||||
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
||||
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
|
||||
Event loginEvent = events.expectLogin().user(userId)
|
||||
.detail(Details.USERNAME, "login-test")
|
||||
.detail(Details.REMEMBER_ME, "true")
|
||||
.assertEvent();
|
||||
String sessionId = loginEvent.getSessionId();
|
||||
|
||||
// Expire session
|
||||
keycloakRule.removeUserSession(sessionId);
|
||||
|
||||
// Assert rememberMe checked and username/email prefilled
|
||||
loginPage.open();
|
||||
Assert.assertTrue(loginPage.isRememberMeChecked());
|
||||
Assert.assertEquals("login-test", loginPage.getUsername());
|
||||
|
||||
loginPage.setRememberMe(false);
|
||||
} finally {
|
||||
keycloakRule.update(new KeycloakRule.KeycloakSetup() {
|
||||
@Override
|
||||
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
|
||||
appRealm.setRememberMe(false);
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loginCancel() {
|
||||
loginPage.open();
|
||||
|
|
|
@ -44,6 +44,9 @@ public class LoginPage extends AbstractPage {
|
|||
@FindBy(id = "totp")
|
||||
private WebElement totp;
|
||||
|
||||
@FindBy(id = "rememberMe")
|
||||
private WebElement rememberMe;
|
||||
|
||||
@FindBy(name = "login")
|
||||
private WebElement submitButton;
|
||||
|
||||
|
@ -119,6 +122,16 @@ public class LoginPage extends AbstractPage {
|
|||
recoverUsernameLink.click();
|
||||
}
|
||||
|
||||
public void setRememberMe(boolean enable) {
|
||||
boolean current = rememberMe.isSelected();
|
||||
if (current != enable) {
|
||||
rememberMe.click();
|
||||
}
|
||||
}
|
||||
|
||||
public boolean isRememberMeChecked() {
|
||||
return rememberMe.isSelected();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void open() {
|
||||
|
|
Loading…
Reference in a new issue