Merge pull request #823 from mposolda/master

KEYCLOAK-788 Ensure expired ClientSessions removed during UserSessionPro...

model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProvider.java

@@ -210,6 +210,15 @@ public class InfinispanUserSessionProvider implements UserSessionProvider {
         for (String id : map.keySet()) {
             removeUserSession(realm, id);
         }
+
+        map = new MapReduceTask(sessionCache)
+                .mappedWith(ClientSessionMapper.create(realm.getId()).expiredRefresh(expiredRefresh).requireNullUserSession(true).emitKey())
+                .reducedWith(new FirstResultReducer())
+                .execute();
+
+        for (String id : map.keySet()) {
+            tx.remove(sessionCache, id);
+        }
     }
 
     @Override

model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/mapreduce/ClientSessionMapper.java

@@ -28,6 +28,10 @@ public class ClientSessionMapper implements Mapper<String, SessionEntity, String
 
     private String userSession;
 
+    private Long expiredRefresh;
+
+    private Boolean requireNullUserSession = false;
+
     public static ClientSessionMapper create(String realm) {
         return new ClientSessionMapper(realm);
     }
@@ -52,6 +56,16 @@ public class ClientSessionMapper implements Mapper<String, SessionEntity, String
         return this;
     }
 
+    public ClientSessionMapper expiredRefresh(long expiredRefresh) {
+        this.expiredRefresh = expiredRefresh;
+        return this;
+    }
+
+    public ClientSessionMapper requireNullUserSession(boolean requireNullUserSession) {
+        this.requireNullUserSession = requireNullUserSession;
+        return this;
+    }
+
     @Override
     public void map(String key, SessionEntity e, Collector collector) {
         if (!realm.equals(e.getRealm())) {
@@ -72,6 +86,14 @@ public class ClientSessionMapper implements Mapper<String, SessionEntity, String
             return;
         }
 
+        if (requireNullUserSession && entity.getUserSession() != null) {
+            return;
+        }
+
+        if (expiredRefresh != null && entity.getTimestamp() > expiredRefresh) {
+            return;
+        }
+
         switch (emit) {
             case KEY:
                 collector.emit(key, key);

model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/MemUserSessionProvider.java

@@ -194,7 +194,7 @@ public class MemUserSessionProvider implements UserSessionProvider {
         Iterator<ClientSessionEntity> citr = clientSessions.values().iterator();
         while (citr.hasNext()) {
             ClientSessionEntity c = citr.next();
-            if (c.getSession() == null && c.getTimestamp() < Time.currentTime() - realm.getSsoSessionIdleTimeout()) {
+            if (c.getSession() == null && c.getRealmId().equals(realm.getId()) && c.getTimestamp() < Time.currentTime() - realm.getSsoSessionIdleTimeout()) {
                 citr.remove();
             }
         }

testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionProviderTest.java

@@ -244,12 +244,15 @@ public class UserSessionProviderTest {
     @Test
     public void testRemoveUserSessionsByExpired() {
         session.sessions().getUserSessions(realm, session.users().getUserByUsername("user1", realm));
+        ClientModel client = realm.findClient("test-app");
 
         try {
             Set<String> expired = new HashSet<String>();
+            Set<String> expiredClientSessions = new HashSet<String>();
 
             Time.setOffset(-(realm.getSsoSessionMaxLifespan() + 1));
             expired.add(session.sessions().createUserSession(realm, session.users().getUserByUsername("user1", realm), "user1", "127.0.0.1", "form", true).getId());
+            expiredClientSessions.add(session.sessions().createClientSession(realm, client).getId());
 
             Time.setOffset(0);
             UserSessionModel s = session.sessions().createUserSession(realm, session.users().getUserByUsername("user2", realm), "user2", "127.0.0.1", "form", true);
@@ -257,9 +260,15 @@ public class UserSessionProviderTest {
             s.setLastSessionRefresh(0);
             expired.add(s.getId());
 
+            ClientSessionModel clSession = session.sessions().createClientSession(realm, client);
+            clSession.setUserSession(s);
+            expiredClientSessions.add(clSession.getId());
+
             Set<String> valid = new HashSet<String>();
+            Set<String> validClientSessions = new HashSet<String>();
 
             valid.add(session.sessions().createUserSession(realm, session.users().getUserByUsername("user1", realm), "user1", "127.0.0.1", "form", true).getId());
+            validClientSessions.add(session.sessions().createClientSession(realm, client).getId());
 
             resetSession();
 
@@ -269,10 +278,16 @@ public class UserSessionProviderTest {
             for (String e : expired) {
                 assertNull(session.sessions().getUserSession(realm, e));
             }
+            for (String e : expiredClientSessions) {
+                assertNull(session.sessions().getClientSession(realm, e));
+            }
 
             for (String v : valid) {
                 assertNotNull(session.sessions().getUserSession(realm, v));
             }
+            for (String e : validClientSessions) {
+                assertNotNull(session.sessions().getClientSession(realm, e));
+            }
         } finally {
             Time.setOffset(0);
         }