KEYCLOAK-8318 Workaround Elytron's double encoding of the query parameters

Co-Authored-By: mhajas <mhajas@redhat.com>
This commit is contained in:
Hynek Mlnarik 2019-07-18 23:48:59 +02:00 committed by Stian Thorgersen
parent 282569df23
commit 67f8622d13
4 changed files with 24 additions and 7 deletions

View file

@ -19,7 +19,6 @@
package org.keycloak.adapters.elytron; package org.keycloak.adapters.elytron;
import io.undertow.server.handlers.CookieImpl; import io.undertow.server.handlers.CookieImpl;
import org.bouncycastle.asn1.cmp.Challenge;
import org.keycloak.KeycloakSecurityContext; import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.AdapterDeploymentContext; import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.AdapterTokenStore; import org.keycloak.adapters.AdapterTokenStore;
@ -31,10 +30,8 @@ import org.keycloak.adapters.spi.AuthenticationError;
import org.keycloak.adapters.spi.LogoutError; import org.keycloak.adapters.spi.LogoutError;
import org.keycloak.enums.TokenStore; import org.keycloak.enums.TokenStore;
import org.wildfly.security.auth.server.SecurityIdentity; import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.http.HttpAuthenticationException;
import org.wildfly.security.http.HttpScope; import org.wildfly.security.http.HttpScope;
import org.wildfly.security.http.HttpServerCookie; import org.wildfly.security.http.HttpServerCookie;
import org.wildfly.security.http.HttpServerMechanismsResponder;
import org.wildfly.security.http.HttpServerRequest; import org.wildfly.security.http.HttpServerRequest;
import org.wildfly.security.http.HttpServerResponse; import org.wildfly.security.http.HttpServerResponse;
import org.wildfly.security.http.Scope; import org.wildfly.security.http.Scope;
@ -201,9 +198,13 @@ class ElytronHttpFacade implements OIDCHttpFacade {
if (query != null) { if (query != null) {
String[] parameters = query.split("&"); String[] parameters = query.split("&");
for (String parameter : parameters) { for (String parameter : parameters) {
String[] keyValue = parameter.split("="); String[] keyValue = parameter.split("=", 2);
if (keyValue[0].equals(param)) { if (keyValue[0].equals(param)) {
return keyValue[1]; try {
return URLDecoder.decode(keyValue[1], "UTF-8");
} catch (IOException e) {
throw new RuntimeException("Failed to decode request URI", e);
}
} }
} }
} }

View file

@ -186,9 +186,13 @@ class ElytronHttpFacade implements HttpFacade {
if (query != null) { if (query != null) {
String[] parameters = query.split("&"); String[] parameters = query.split("&");
for (String parameter : parameters) { for (String parameter : parameters) {
String[] keyValue = parameter.split("="); String[] keyValue = parameter.split("=", 2);
if (keyValue[0].equals(param)) { if (keyValue[0].equals(param)) {
return keyValue[1]; try {
return URLDecoder.decode(keyValue[1], "UTF-8");
} catch (IOException e) {
throw new RuntimeException("Failed to decode request URI", e);
}
} }
} }
} }

View file

@ -145,6 +145,10 @@ public class LoginForm extends Form {
return accountFields.getUsernameLabel(); return accountFields.getUsernameLabel();
} }
public String getUsername() {
return accountFields.getUsername();
}
public String getPasswordLabel() { public String getPasswordLabel() {
return passwordFields.getPasswordLabel(); return passwordFields.getPasswordLabel();
} }

View file

@ -1409,4 +1409,12 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
.clearDetails() .clearDetails()
.assertEvent(); .assertEvent();
} }
@Test
public void testLoginHintFromClientRequest() {
driver.navigate().to(customerPortal + "?login_hint=blah%3d");
waitForPageToLoad();
assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
assertThat(testRealmLoginPage.form().getUsername(), is("blah="));
}
} }