Merge pull request #1153 from stianst/master

KEYCLOAK-1061 Add back to application link to error page

core/src/main/java/org/keycloak/util/UriUtils.java

@@ -18,7 +18,8 @@ public class UriUtils {
 
     public static String getOrigin(String uri) {
         String u = uri.toString();
-        return u.substring(0, u.indexOf('/', 8));
+        int e = u.indexOf('/', 8);
+        return e != -1 ? u.substring(0, u.indexOf('/', 8)) : u;
     }
 
     public static boolean isOrigin(String url) {

forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html

@@ -178,12 +178,11 @@
                     <span tooltip-placement="right" tooltip="Valid URI pattern a browser can redirect to after a successful login or logout.  Simple wildcards are allowed i.e. 'http://example.com/*'.  Relative path can be specified too i.e. /my/relative/path/*.  Relative paths will generate a redirect URI using the request's host and port.  For SAML, you must set valid URI patterns if you are relying on the consumer service URL embedded with the login request." class="fa fa-info-circle"></span>
                 </div>
                 <div class="form-group" data-ng-show="!client.bearerOnly && !create">
-                    <label class="col-sm-2 control-label" for="baseUrl">Default Redirect URL</label>
+                    <label class="col-sm-2 control-label" for="baseUrl">Base URL</label>
                     <div class="col-sm-6">
-                        <input class="form-control" type="text" name="baseUrl" id="baseUrl"
-                               data-ng-model="client.baseUrl">
+                        <input class="form-control" type="text" name="baseUrl" id="baseUrl" data-ng-model="client.baseUrl">
                     </div>
-                    <span tooltip-placement="right" tooltip="Default URL to use when the auth server needs to redirect back to the client.  This URL will also be used when the auth server needs to link to the client for any reason." class="fa fa-info-circle"></span>
+                    <span tooltip-placement="right" tooltip="Default URL to use when the auth server needs to redirect or link back to the client." class="fa fa-info-circle"></span>
                 </div>
                 <div class="form-group" data-ng-hide="create || protocol == 'saml'">
                     <label class="col-sm-2 control-label" for="adminUrl">Admin URL</label>

forms/common-themes/src/main/resources/theme/base/login/error.ftl

@@ -7,6 +7,9 @@
     <#elseif section = "form">
         <div id="kc-error-message">
             <p class="instruction">${message.summary}</p>
+            <#if client?? && client.baseUrl?has_content>
+                <p><a href="${client.baseUrl}">${msg("backToApplication")}</a></p>
+            </#if>
         </div>
     </#if>
 </@layout.registrationLayout>

forms/common-themes/src/main/resources/theme/base/login/messages/messages_en.properties

@@ -157,8 +157,7 @@ couldNotSendAuthenticationRequestMessage=Could not send authentication request t
 unexpectedErrorHandlingRequestMessage=Unexpected error when handling authentication request to identity provider [{0}].
 invalidAccessCodeMessage=Invalid access code.
 sessionNotActiveMessage=Session not active.
-unknownCodeMessage=Unknown code, please login again through your application.
-invalidCodeMessage=Invalid code, please login again through your application.
+invalidCodeMessage=An error occurred, please login again through your application.
 identityProviderUnexpectedErrorMessage=Unexpected error when authenticating with identity provider
 identityProviderNotFoundMessage=Could not find an identity provider with the identifier [{0}].
 realmSupportsNoCredentialsMessage=Realm [{0}] does not support any credential type.

model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java

@@ -36,6 +36,7 @@ import org.keycloak.representations.idm.ScopeMappingRepresentation;
 import org.keycloak.representations.idm.SocialLinkRepresentation;
 import org.keycloak.representations.idm.UserFederationProviderRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
+import org.keycloak.util.UriUtils;
 
 import java.io.IOException;
 import java.net.URI;
@@ -526,7 +527,7 @@ public class RepresentationToModel {
         client.setManagementUrl(resourceRep.getAdminUrl());
         if (resourceRep.isSurrogateAuthRequired() != null)
             client.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired());
-        client.setBaseUrl(resourceRep.getBaseUrl());
+        if (resourceRep.getBaseUrl() != null) client.setBaseUrl(resourceRep.getBaseUrl());
         if (resourceRep.isBearerOnly() != null) client.setBearerOnly(resourceRep.isBearerOnly());
         if (resourceRep.isConsentRequired() != null) client.setConsentRequired(resourceRep.isConsentRequired());
         if (resourceRep.isPublicClient() != null) client.setPublicClient(resourceRep.isPublicClient());
@@ -576,12 +577,8 @@ public class RepresentationToModel {
                 Set<String> origins = new HashSet<String>();
                 for (String redirectUri : resourceRep.getRedirectUris()) {
                     logger.debugv("add redirect-uri to origin: {0}", redirectUri);
-                    if (redirectUri.startsWith("http:")) {
-                        URI uri = URI.create(redirectUri);
-                        String origin = uri.getScheme() + "://" + uri.getHost();
-                        if (uri.getPort() != -1) {
-                            origin += ":" + uri.getPort();
-                        }
+                    if (redirectUri.startsWith("http")) {
+                        String origin = UriUtils.getOrigin(redirectUri);
                         logger.debugv("adding default client origin: {0}" , origin);
                         origins.add(origin);
                     }

services/src/main/java/org/keycloak/services/messages/Messages.java

@@ -134,8 +134,6 @@ public class Messages {
 
     public static final String SESSION_NOT_ACTIVE = "sessionNotActiveMessage";
 
-    public static final String UNKNOWN_CODE = "unknownCodeMessage";
-
     public static final String INVALID_CODE = "invalidCodeMessage";
 
     public static final String IDENTITY_PROVIDER_UNEXPECTED_ERROR = "identityProviderUnexpectedErrorMessage";

services/src/main/java/org/keycloak/services/resources/LoginActionsService.java

@@ -195,7 +195,7 @@ public class LoginActionsService {
             clientCode = ClientSessionCode.parse(code, session, realm);
             if (clientCode == null) {
                 event.error(Errors.INVALID_CODE);
-                response = ErrorPage.error(session, Messages.UNKNOWN_CODE);
+                response = ErrorPage.error(session, Messages.INVALID_CODE);
                 return false;
             }
             session.getContext().setClient(clientCode.getClientSession().getClient());
@@ -288,7 +288,7 @@ public class LoginActionsService {
         ClientSessionCode clientCode = ClientSessionCode.parse(code, session, realm);
         if (clientCode == null) {
             event.error(Errors.INVALID_CODE);
-            return ErrorPage.error(session, Messages.UNKNOWN_CODE);
+            return ErrorPage.error(session, Messages.INVALID_CODE);
         }
 
         ClientSessionModel clientSession = clientCode.getClientSession();
@@ -428,7 +428,7 @@ public class LoginActionsService {
         ClientSessionCode clientCode = ClientSessionCode.parse(code, session, realm);
         if (clientCode == null) {
             event.error(Errors.INVALID_CODE);
-            return ErrorPage.error(session, Messages.UNKNOWN_CODE);
+            return ErrorPage.error(session, Messages.INVALID_CODE);
         }
         if (!clientCode.isValid(ClientSessionModel.Action.AUTHENTICATE)) {
             event.error(Errors.INVALID_CODE);
@@ -865,7 +865,7 @@ public class LoginActionsService {
         ClientSessionCode accessCode = ClientSessionCode.parse(code, session, realm);
         if (accessCode == null) {
             event.error(Errors.INVALID_CODE);
-            return ErrorPage.error(session, Messages.UNKNOWN_CODE);
+            return ErrorPage.error(session, Messages.INVALID_CODE);
         }
         ClientSessionModel clientSession = accessCode.getClientSession();
 

testsuite/integration/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java

@@ -155,7 +155,7 @@ public class ResetPasswordTest {
         events.expect(EventType.RESET_PASSWORD_ERROR).client((String) null).user((String) null).error("invalid_code").clearDetails().assertEvent();
 
         assertTrue(errorPage.isCurrent());
-        assertEquals("Unknown code, please login again through your application.", errorPage.getError());
+        assertEquals("An error occurred, please login again through your application.", errorPage.getError());
     }
 
     @Test
@@ -354,7 +354,7 @@ public class ResetPasswordTest {
 
             errorPage.assertCurrent();
 
-            assertEquals("Invalid code, please login again through your application.", errorPage.getError());
+            assertEquals("An error occurred, please login again through your application.", errorPage.getError());
 
             events.expectRequiredAction(EventType.RESET_PASSWORD).error("invalid_code").client((String) null).user((String) null).session((String) null).clearDetails().assertEvent();
         } finally {