Use KEYCLOAK_REMEMBER_ME as hint to prefill login form. Change lifespan of KEYCLOAK_IDENTITY to maxSsoSessionLifespan

This commit is contained in:
mposolda 2014-09-16 22:09:27 +02:00
parent bd0887d18e
commit 5352872b4b
8 changed files with 94 additions and 14 deletions

View file

@ -40,7 +40,11 @@
<#if realm.rememberMe>
<div class="checkbox">
<label>
<input id="rememberMe" name="rememberMe" type="checkbox" tabindex="3"> Remember Me
<#if login.rememberMe??>
<input id="rememberMe" name="rememberMe" type="checkbox" tabindex="3" checked> Remember Me
<#else>
<input id="rememberMe" name="rememberMe" type="checkbox" tabindex="3"> Remember Me
</#if>
</label>
</div>
</#if>

View file

@ -34,11 +34,14 @@ public class LoginBean {
private String passwordToken;
private String rememberMe;
public LoginBean(MultivaluedMap<String, String> formData){
if (formData != null) {
username = formData.getFirst("username");
password = formData.getFirst("password");
passwordToken = formData.getFirst("password-token");
rememberMe = formData.getFirst("rememberMe");
}
}
@ -53,4 +56,8 @@ public class LoginBean {
public String getPasswordToken() {
return passwordToken;
}
public String getRememberMe() {
return rememberMe;
}
}

View file

@ -23,7 +23,7 @@ public class AppAuthManager extends AuthenticationManager {
if (authResult == null) return null;
// refresh the cookies!
createLoginCookie(realm, authResult.getUser(), authResult.getSession(), uriInfo, connection);
if (authResult.getSession().isRememberMe()) createRememberMeCookie(realm, uriInfo, connection);
if (authResult.getSession().isRememberMe()) createRememberMeCookie(realm, authResult.getUser().getUsername(), uriInfo, connection);
return authResult;
}

View file

@ -87,8 +87,8 @@ public class AuthenticationManager {
if (session != null) {
token.setSessionState(session.getId());
}
if (realm.getSsoSessionIdleTimeout() > 0) {
token.expiration(Time.currentTime() + realm.getSsoSessionIdleTimeout());
if (realm.getSsoSessionMaxLifespan() > 0) {
token.expiration(Time.currentTime() + realm.getSsoSessionMaxLifespan());
}
return token;
}
@ -100,7 +100,7 @@ public class AuthenticationManager {
boolean secureOnly = realm.getSslRequired().isRequired(connection);
int maxAge = NewCookie.DEFAULT_MAX_AGE;
if (session.isRememberMe()) {
maxAge = realm.getSsoSessionIdleTimeout();
maxAge = realm.getSsoSessionMaxLifespan();
}
logger.debugv("Create login cookie - name: {0}, path: {1}, max-age: {2}", KEYCLOAK_IDENTITY_COOKIE, cookiePath, maxAge);
CookieHelper.addCookie(KEYCLOAK_IDENTITY_COOKIE, encoded, cookiePath, null, null, maxAge, secureOnly, true);
@ -116,12 +116,12 @@ public class AuthenticationManager {
}
public void createRememberMeCookie(RealmModel realm, UriInfo uriInfo, ClientConnection connection) {
public void createRememberMeCookie(RealmModel realm, String username, UriInfo uriInfo, ClientConnection connection) {
String path = getIdentityCookiePath(realm, uriInfo);
boolean secureOnly = realm.getSslRequired().isRequired(connection);
// remember me cookie should be persistent
// remember me cookie should be persistent (hardcoded to 1 month for now)
//NewCookie cookie = new NewCookie(KEYCLOAK_REMEMBER_ME, "true", path, null, null, realm.getCentralLoginLifespan(), secureOnly);// todo httponly , true);
CookieHelper.addCookie(KEYCLOAK_REMEMBER_ME, "true", path, null, null, realm.getSsoSessionIdleTimeout(), secureOnly, true);
CookieHelper.addCookie(KEYCLOAK_REMEMBER_ME, username, path, null, null, 2592000, secureOnly, true);
}
protected String encodeToken(RealmModel realm, Object token) {
@ -136,7 +136,6 @@ public class AuthenticationManager {
String path = getIdentityCookiePath(realm, uriInfo);
expireCookie(realm, KEYCLOAK_IDENTITY_COOKIE, path, true, connection);
expireCookie(realm, KEYCLOAK_SESSION_COOKIE, path, false, connection);
expireRememberMeCookie(realm, uriInfo, connection);
}
public static void expireRememberMeCookie(RealmModel realm, UriInfo uriInfo, ClientConnection connection) {
logger.debug("Expiring remember me cookie");

View file

@ -59,6 +59,7 @@ import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
@ -523,7 +524,7 @@ public class TokenService {
AuthenticationStatus status = authManager.authenticateForm(session, clientConnection, realm, formData);
if (remember) {
authManager.createRememberMeCookie(realm, uriInfo, clientConnection);
authManager.createRememberMeCookie(realm, username, uriInfo, clientConnection);
} else {
authManager.expireRememberMeCookie(realm, uriInfo, clientConnection);
}
@ -962,9 +963,21 @@ public class TokenService {
LoginFormsProvider forms = Flows.forms(session, realm, client, uriInfo);
if (loginHint != null) {
String rememberMeUsername = null;
Cookie rememberMeCookie = headers.getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
if (rememberMeCookie != null && !"".equals(rememberMeCookie.getValue())) {
rememberMeUsername = rememberMeCookie.getValue();
}
if (loginHint != null || rememberMeUsername != null) {
MultivaluedMap<String, String> formData = new MultivaluedMapImpl<String, String>();
formData.add(AuthenticationManager.FORM_USERNAME, loginHint);
if (loginHint != null) {
formData.add(AuthenticationManager.FORM_USERNAME, loginHint);
} else {
formData.add(AuthenticationManager.FORM_USERNAME, rememberMeUsername);
formData.add("rememberMe", "on");
}
forms.setFormData(formData);
}

View file

@ -92,7 +92,6 @@ public class OAuthFlows {
if (state != null)
redirectUri.queryParam(OAuth2Constants.STATE, state);
Response.ResponseBuilder location = Response.status(302).location(redirectUri.build());
Cookie remember = request.getHttpHeaders().getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
Cookie sessionCookie = request.getHttpHeaders().getCookies().get(AuthenticationManager.KEYCLOAK_SESSION_COOKIE);
if (sessionCookie != null) {
@ -112,7 +111,7 @@ public class OAuthFlows {
// refresh the cookies!
authManager.createLoginCookie(realm, accessCode.getUser(), userSession, uriInfo, clientConnection);
if (userSession.isRememberMe()) authManager.createRememberMeCookie(realm, uriInfo, clientConnection);
if (userSession.isRememberMe()) authManager.createRememberMeCookie(realm, accessCode.getUser().getUsername(), uriInfo, clientConnection);
return location.build();
}

View file

@ -27,7 +27,9 @@ import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.events.Details;
import org.keycloak.events.Event;
import org.keycloak.models.BrowserSecurityHeaders;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
@ -165,6 +167,49 @@ public class LoginTest {
events.expectLogin().user(userId).detail(Details.USERNAME, "login@test.com").assertEvent();
}
@Test
public void loginWithRememberMe() {
keycloakRule.update(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
appRealm.setRememberMe(true);
}
});
try {
loginPage.open();
Assert.assertFalse(loginPage.isRememberMeChecked());
loginPage.setRememberMe(true);
Assert.assertTrue(loginPage.isRememberMeChecked());
loginPage.login("login-test", "password");
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
Event loginEvent = events.expectLogin().user(userId)
.detail(Details.USERNAME, "login-test")
.detail(Details.REMEMBER_ME, "true")
.assertEvent();
String sessionId = loginEvent.getSessionId();
// Expire session
keycloakRule.removeUserSession(sessionId);
// Assert rememberMe checked and username/email prefilled
loginPage.open();
Assert.assertTrue(loginPage.isRememberMeChecked());
Assert.assertEquals("login-test", loginPage.getUsername());
loginPage.setRememberMe(false);
} finally {
keycloakRule.update(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
appRealm.setRememberMe(false);
}
});
}
}
@Test
public void loginCancel() {
loginPage.open();

View file

@ -44,6 +44,9 @@ public class LoginPage extends AbstractPage {
@FindBy(id = "totp")
private WebElement totp;
@FindBy(id = "rememberMe")
private WebElement rememberMe;
@FindBy(name = "login")
private WebElement submitButton;
@ -119,6 +122,16 @@ public class LoginPage extends AbstractPage {
recoverUsernameLink.click();
}
public void setRememberMe(boolean enable) {
boolean current = rememberMe.isSelected();
if (current != enable) {
rememberMe.click();
}
}
public boolean isRememberMeChecked() {
return rememberMe.isSelected();
}
@Override
public void open() {