libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Set status code to internal server error on error pages

Browse source
This commit is contained in:
Stian Thorgersen 2013-12-07 16:00:13 +00:00
parent faec1e5340
commit 53e61326c1
3 changed files with 26 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
View file

@ -90,7 +90,7 @@ public class RequiredActionsService {
public Response updateProfile(final MultivaluedMap<String, String> formData) { public Response updateProfile(final MultivaluedMap<String, String> formData) {
AccessCodeEntry accessCode = getAccessCodeEntry(RequiredAction.UPDATE_PROFILE); AccessCodeEntry accessCode = getAccessCodeEntry(RequiredAction.UPDATE_PROFILE);
if (accessCode == null) { if (accessCode == null) {
return forwardToErrorPage(); return unauthorized();
} }
UserModel user = getUser(accessCode); UserModel user = getUser(accessCode);
@ -116,7 +116,7 @@ public class RequiredActionsService {
public Response updateTotp(final MultivaluedMap<String, String> formData) { public Response updateTotp(final MultivaluedMap<String, String> formData) {
AccessCodeEntry accessCode = getAccessCodeEntry(RequiredAction.CONFIGURE_TOTP); AccessCodeEntry accessCode = getAccessCodeEntry(RequiredAction.CONFIGURE_TOTP);
if (accessCode == null) { if (accessCode == null) {
return forwardToErrorPage(); return unauthorized();
} }
UserModel user = getUser(accessCode); UserModel user = getUser(accessCode);
@ -152,7 +152,7 @@ public class RequiredActionsService {
AccessCodeEntry accessCode = getAccessCodeEntry(RequiredAction.UPDATE_PASSWORD); AccessCodeEntry accessCode = getAccessCodeEntry(RequiredAction.UPDATE_PASSWORD);
if (accessCode == null) { if (accessCode == null) {
logger.debug("updatePassword access code is null"); logger.debug("updatePassword access code is null");
return forwardToErrorPage(); return unauthorized();
} }
logger.debug("updatePassword has access code"); logger.debug("updatePassword has access code");
@ -196,7 +196,7 @@ public class RequiredActionsService {
AccessCodeEntry accessCode = tokenManager.getAccessCode(uriInfo.getQueryParameters().getFirst("key")); AccessCodeEntry accessCode = tokenManager.getAccessCode(uriInfo.getQueryParameters().getFirst("key"));
if (accessCode == null || accessCode.isExpired() if (accessCode == null || accessCode.isExpired()
|| !accessCode.getRequiredActions().contains(RequiredAction.VERIFY_EMAIL)) { || !accessCode.getRequiredActions().contains(RequiredAction.VERIFY_EMAIL)) {
return forwardToErrorPage(); return unauthorized();
} }
UserModel user = getUser(accessCode); UserModel user = getUser(accessCode);
@ -209,7 +209,7 @@ public class RequiredActionsService {
} else { } else {
AccessCodeEntry accessCode = getAccessCodeEntry(RequiredAction.VERIFY_EMAIL); AccessCodeEntry accessCode = getAccessCodeEntry(RequiredAction.VERIFY_EMAIL);
if (accessCode == null) { if (accessCode == null) {
return forwardToErrorPage(); return unauthorized();
} }
return Flows.forms(realm, request, uriInfo).setAccessCode(accessCode).setUser(accessCode.getUser()) return Flows.forms(realm, request, uriInfo).setAccessCode(accessCode).setUser(accessCode.getUser())
@ -224,7 +224,7 @@ public class RequiredActionsService {
AccessCodeEntry accessCode = tokenManager.getAccessCode(uriInfo.getQueryParameters().getFirst("key")); AccessCodeEntry accessCode = tokenManager.getAccessCode(uriInfo.getQueryParameters().getFirst("key"));
if (accessCode == null || accessCode.isExpired() if (accessCode == null || accessCode.isExpired()
|| !accessCode.getRequiredActions().contains(RequiredAction.UPDATE_PASSWORD)) { || !accessCode.getRequiredActions().contains(RequiredAction.UPDATE_PASSWORD)) {
return forwardToErrorPage(); return unauthorized();
} }
return Flows.forms(realm, request, uriInfo).setAccessCode(accessCode).forwardToAction(RequiredAction.UPDATE_PASSWORD); return Flows.forms(realm, request, uriInfo).setAccessCode(accessCode).forwardToAction(RequiredAction.UPDATE_PASSWORD);
} else { } else {
@ -378,8 +378,8 @@ public class RequiredActionsService {
} }
} }
private Response forwardToErrorPage() { private Response unauthorized() {
return Flows.forms(realm, request, uriInfo).forwardToErrorPage(); return Flows.forms(realm, request, uriInfo).setError("Unauthorized request").forwardToErrorPage();
} }
} }

17
services/src/main/java/org/keycloak/services/resources/TokenService.java
View file

@ -489,23 +489,17 @@ public class TokenService {
if (!realm.isEnabled()) { if (!realm.isEnabled()) {
logger.warn("Realm not enabled"); logger.warn("Realm not enabled");
oauth.forwardToSecurityFailure("Realm not enabled"); return oauth.forwardToSecurityFailure("Realm not enabled");
return null;
} }
UserModel client = realm.getUser(clientId); UserModel client = realm.getUser(clientId);
if (client == null) { if (client == null) {
logger.warn("Unknown login requester: " + clientId); logger.warn("Unknown login requester: " + clientId);
oauth.forwardToSecurityFailure("Unknown login requester."); return oauth.forwardToSecurityFailure("Unknown login requester.");
transaction.rollback();
return null;
} }
if (!client.isEnabled()) { if (!client.isEnabled()) {
logger.warn("Login requester not enabled."); logger.warn("Login requester not enabled.");
oauth.forwardToSecurityFailure("Login requester not enabled."); return oauth.forwardToSecurityFailure("Login requester not enabled.");
transaction.rollback();
session.close();
return null;
} }
redirect = verifyRedirectUri(redirect, client); redirect = verifyRedirectUri(redirect, client);
if (redirect == null) { if (redirect == null) {
@ -518,10 +512,7 @@ public class TokenService {
boolean isResource = realm.hasRole(client, resourceRole); boolean isResource = realm.hasRole(client, resourceRole);
if (!isResource && !realm.hasRole(client, identityRequestRole)) { if (!isResource && !realm.hasRole(client, identityRequestRole)) {
logger.warn("Login requester not allowed to request login."); logger.warn("Login requester not allowed to request login.");
oauth.forwardToSecurityFailure("Login requester not allowed to request login."); return oauth.forwardToSecurityFailure("Login requester not allowed to request login.");
transaction.rollback();
session.close();
return null;
} }
logger.info("Checking cookie..."); logger.info("Checking cookie...");
UserModel user = authManager.authenticateIdentityCookie(realm, uriInfo, headers); UserModel user = authManager.authenticateIdentityCookie(realm, uriInfo, headers);

20
services/src/main/java/org/keycloak/services/resources/flows/FormFlows.java
View file

@ -105,7 +105,7 @@ public class FormFlows {
return forwardToForm(Pages.ACCOUNT); return forwardToForm(Pages.ACCOUNT);
} }
private Response forwardToForm(String template, FormService.FormServiceDataBean formDataBean) { private Response forwardToForm(String template, FormService.FormServiceDataBean formDataBean, Response.Status status) {
// Getting URI needed by form processing service // Getting URI needed by form processing service
ResteasyUriInfo uriInfo = request.getUri(); ResteasyUriInfo uriInfo = request.getUri();
@ -142,10 +142,10 @@ public class FormFlows {
while (itr.hasNext()) { while (itr.hasNext()) {
FormService provider = itr.next(); FormService provider = itr.next();
if (provider.getId().equals("FormServiceId")) if (provider.getId().equals("FormServiceId"))
return Response.status(200).type(MediaType.TEXT_HTML).entity(provider.process(template, formDataBean)).build(); return Response.status(status).type(MediaType.TEXT_HTML).entity(provider.process(template, formDataBean)).build();
} }
return Response.status(200).entity("form provider not found").build(); return Response.status(status).entity("form provider not found").build();
} }
public Response forwardToForm(String template) { public Response forwardToForm(String template) {
@ -153,7 +153,15 @@ public class FormFlows {
FormService.FormServiceDataBean formDataBean = new FormService.FormServiceDataBean(realm, userModel, formData, queryParams, message); FormService.FormServiceDataBean formDataBean = new FormService.FormServiceDataBean(realm, userModel, formData, queryParams, message);
formDataBean.setMessageType(messageType); formDataBean.setMessageType(messageType);
return forwardToForm(template, formDataBean); return forwardToForm(template, formDataBean, Response.Status.OK);
}
public Response forwardToForm(String template, Response.Status status) {
FormService.FormServiceDataBean formDataBean = new FormService.FormServiceDataBean(realm, userModel, formData, queryParams, message);
formDataBean.setMessageType(messageType);
return forwardToForm(template, formDataBean, status);
} }
private Response forwardToActionForm(String template, String warningSummary) { private Response forwardToActionForm(String template, String warningSummary) {
@ -201,7 +209,7 @@ public class FormFlows {
} }
public Response forwardToErrorPage() { public Response forwardToErrorPage() {
return forwardToForm(Pages.ERROR); return forwardToForm(Pages.ERROR, Response.Status.INTERNAL_SERVER_ERROR);
} }
public Response forwardToOAuthGrant(){ public Response forwardToOAuthGrant(){
@ -214,7 +222,7 @@ public class FormFlows {
formDataBean.setOAuthCode((String)request.getAttribute("code")); formDataBean.setOAuthCode((String)request.getAttribute("code"));
formDataBean.setOAuthAction((String)request.getAttribute("action")); formDataBean.setOAuthAction((String)request.getAttribute("action"));
return forwardToForm(Pages.OAUTH_GRANT, formDataBean); return forwardToForm(Pages.OAUTH_GRANT, formDataBean, Response.Status.OK);
} }
public FormFlows setAccessCode(AccessCodeEntry accessCode) { public FormFlows setAccessCode(AccessCodeEntry accessCode) {