KEYCLOAK-2349
This commit is contained in:
Bill Burke
parent
449bc5c4dc
commit
66e1ee79d0
4 changed files with 18 additions and 6 deletions
|
|
@ -65,6 +65,7 @@ public class ClientSessionCode {
|
||||||
ClientSessionCode code;
|
ClientSessionCode code;
|
||||||
boolean clientSessionNotFound;
|
boolean clientSessionNotFound;
|
||||||
boolean illegalHash;
|
boolean illegalHash;
|
||||||
|
ClientSessionModel clientSession;
|
||||||
|
|
||||||
public ClientSessionCode getCode() {
|
public ClientSessionCode getCode() {
|
||||||
return code;
|
return code;
|
||||||
|
|
@ -77,6 +78,10 @@ public class ClientSessionCode {
|
||||||
public boolean isIllegalHash() {
|
public boolean isIllegalHash() {
|
||||||
return illegalHash;
|
return illegalHash;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public ClientSessionModel getClientSession() {
|
||||||
|
return clientSession;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static ParseResult parseResult(String code, KeycloakSession session, RealmModel realm) {
|
public static ParseResult parseResult(String code, KeycloakSession session, RealmModel realm) {
|
||||||
|
|
@ -89,19 +94,19 @@ public class ClientSessionCode {
|
||||||
String[] parts = code.split("\\.");
|
String[] parts = code.split("\\.");
|
||||||
String id = parts[1];
|
String id = parts[1];
|
||||||
|
|
||||||
ClientSessionModel clientSession = session.sessions().getClientSession(realm, id);
|
result.clientSession = session.sessions().getClientSession(realm, id);
|
||||||
if (clientSession == null) {
|
if (result.clientSession == null) {
|
||||||
result.clientSessionNotFound = true;
|
result.clientSessionNotFound = true;
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
String hash = createHash(realm, clientSession);
|
String hash = createHash(realm, result.clientSession);
|
||||||
if (!hash.equals(parts[0])) {
|
if (!hash.equals(parts[0])) {
|
||||||
result.illegalHash = true;
|
result.illegalHash = true;
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
result.code = new ClientSessionCode(realm, clientSession);
|
result.code = new ClientSessionCode(realm, result.clientSession);
|
||||||
return result;
|
return result;
|
||||||
} catch (RuntimeException e) {
|
} catch (RuntimeException e) {
|
||||||
result.illegalHash = true;
|
result.illegalHash = true;
|
||||||
|
|
|
||||||
|
|
@ -151,6 +151,8 @@ public class Messages {
|
||||||
|
|
||||||
public static final String INVALID_CODE = "invalidCodeMessage";
|
public static final String INVALID_CODE = "invalidCodeMessage";
|
||||||
|
|
||||||
|
public static final String STALE_VERIFY_EMAIL_LINK = "staleEmailVerificationLink";
|
||||||
|
|
||||||
public static final String IDENTITY_PROVIDER_UNEXPECTED_ERROR = "identityProviderUnexpectedErrorMessage";
|
public static final String IDENTITY_PROVIDER_UNEXPECTED_ERROR = "identityProviderUnexpectedErrorMessage";
|
||||||
|
|
||||||
public static final String IDENTITY_PROVIDER_NOT_FOUND = "identityProviderNotFoundMessage";
|
public static final String IDENTITY_PROVIDER_NOT_FOUND = "identityProviderNotFoundMessage";
|
||||||
|
|
|
||||||
|
|
@ -169,6 +169,7 @@ public class LoginActionsService {
|
||||||
private class Checks {
|
private class Checks {
|
||||||
ClientSessionCode clientCode;
|
ClientSessionCode clientCode;
|
||||||
Response response;
|
Response response;
|
||||||
|
ClientSessionCode.ParseResult result;
|
||||||
|
|
||||||
boolean verifyCode(String code, String requiredAction, ClientSessionCode.ActionType actionType) {
|
boolean verifyCode(String code, String requiredAction, ClientSessionCode.ActionType actionType) {
|
||||||
if (!verifyCode(code)) {
|
if (!verifyCode(code)) {
|
||||||
|
|
@ -213,7 +214,7 @@ public class LoginActionsService {
|
||||||
response = ErrorPage.error(session, Messages.REALM_NOT_ENABLED);
|
response = ErrorPage.error(session, Messages.REALM_NOT_ENABLED);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
ClientSessionCode.ParseResult result = ClientSessionCode.parseResult(code, session, realm);
|
result = ClientSessionCode.parseResult(code, session, realm);
|
||||||
clientCode = result.getCode();
|
clientCode = result.getCode();
|
||||||
if (clientCode == null) {
|
if (clientCode == null) {
|
||||||
if (result.isClientSessionNotFound()) { // timeout
|
if (result.isClientSessionNotFound()) { // timeout
|
||||||
|
|
@ -654,6 +655,9 @@ public class LoginActionsService {
|
||||||
if (key != null) {
|
if (key != null) {
|
||||||
Checks checks = new Checks();
|
Checks checks = new Checks();
|
||||||
if (!checks.verifyCode(code, ClientSessionModel.Action.REQUIRED_ACTIONS.name(), ClientSessionCode.ActionType.USER)) {
|
if (!checks.verifyCode(code, ClientSessionModel.Action.REQUIRED_ACTIONS.name(), ClientSessionCode.ActionType.USER)) {
|
||||||
|
if (checks.clientCode == null && checks.result.isClientSessionNotFound() || checks.result.isIllegalHash()) {
|
||||||
|
return ErrorPage.error(session, Messages.STALE_VERIFY_EMAIL_LINK);
|
||||||
|
}
|
||||||
return checks.response;
|
return checks.response;
|
||||||
}
|
}
|
||||||
ClientSessionCode accessCode = checks.clientCode;
|
ClientSessionCode accessCode = checks.clientCode;
|
||||||
|
|
@ -661,7 +665,7 @@ public class LoginActionsService {
|
||||||
if (!ClientSessionModel.Action.VERIFY_EMAIL.name().equals(clientSession.getNote(AuthenticationManager.CURRENT_REQUIRED_ACTION))) {
|
if (!ClientSessionModel.Action.VERIFY_EMAIL.name().equals(clientSession.getNote(AuthenticationManager.CURRENT_REQUIRED_ACTION))) {
|
||||||
logger.reqdActionDoesNotMatch();
|
logger.reqdActionDoesNotMatch();
|
||||||
event.error(Errors.INVALID_CODE);
|
event.error(Errors.INVALID_CODE);
|
||||||
throw new WebApplicationException(ErrorPage.error(session, Messages.INVALID_CODE));
|
throw new WebApplicationException(ErrorPage.error(session, Messages.STALE_VERIFY_EMAIL_LINK));
|
||||||
}
|
}
|
||||||
|
|
||||||
UserSessionModel userSession = clientSession.getUserSession();
|
UserSessionModel userSession = clientSession.getUserSession();
|
||||||
|
|
|
||||||
1
themes/src/main/resources/theme/base/login/messages/messages_en.properties
Normal file → Executable file
1
themes/src/main/resources/theme/base/login/messages/messages_en.properties
Normal file → Executable file
|
|
@ -205,6 +205,7 @@ identityProviderLinkSuccess=Your account was successfully linked with {0} accoun
|
||||||
realmSupportsNoCredentialsMessage=Realm does not support any credential type.
|
realmSupportsNoCredentialsMessage=Realm does not support any credential type.
|
||||||
identityProviderNotUniqueMessage=Realm supports multiple identity providers. Could not determine which identity provider should be used to authenticate with.
|
identityProviderNotUniqueMessage=Realm supports multiple identity providers. Could not determine which identity provider should be used to authenticate with.
|
||||||
emailVerifiedMessage=Your email address has been verified.
|
emailVerifiedMessage=Your email address has been verified.
|
||||||
|
staleEmailVerificationLink=The link you clicked is a old stale link and is no longer valid. Maybe you have already verified your email?
|
||||||
|
|
||||||
locale_ca=Catal\u00E0
|
locale_ca=Catal\u00E0
|
||||||
locale_de=Deutsch
|
locale_de=Deutsch
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue