Merge pull request #1554 from patriot1burke/master

adapter fixes

forms/common-themes/src/main/resources/theme/base/login/validate-reset-email.ftl

@@ -1,31 +0,0 @@
-<#import "template.ftl" as layout>
-<@layout.registrationLayout displayInfo=true; section>
-    <#if section = "title">
-        ${msg("emailForgotTitle")}
-    <#elseif section = "header">
-        ${msg("emailForgotTitle")}
-    <#elseif section = "form">
-        <form id="kc-reset-password-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
-            <div class="${properties.kcFormGroupClass!}">
-                <div class="${properties.kcLabelWrapperClass!}">
-                    <label for="otp" class="${properties.kcLabelClass!}">${msg("temporaryEmailCode")}</label>
-                </div>
-                <div class="${properties.kcInputWrapperClass!}">
-                    <input type="text" id="key" name="key" class="${properties.kcInputClass!}" />
-                </div>
-            </div>
-
-            <div class="${properties.kcFormGroupClass!}">
-                <div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
-
-                </div>
-                <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
-                    <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" name="login" id="kc-submit" type="submit" value="${msg("doSubmit")}"/>
-                    <input class="${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonLargeClass!}" name="cancel" id="kc-cancel" type="submit" value="${msg("backToLogin")}"/>
-                </div>
-            </div>
-        </form>
-    <#elseif section = "info" >
-        ${msg("validateResetEmailInstruction")}
-    </#if>
-</@layout.registrationLayout>

integration/adapter-core/src/main/java/org/keycloak/adapters/AuthenticatedActionsHandler.java

@@ -90,8 +90,7 @@ public class AuthenticatedActionsHandler {
             if (allowedOrigins == null || (!allowedOrigins.contains("*") && !allowedOrigins.contains(origin))) {
                 if (allowedOrigins == null) {
                     log.debugv("allowedOrigins was null in token");
-                }
+                } else {
-                if (!allowedOrigins.contains("*") && !allowedOrigins.contains(origin)) {
                     log.debugv("allowedOrigins did not contain origin");
 
                 }

integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java

@@ -52,10 +52,6 @@ public abstract class RequestAuthenticator {
             completeAuthentication(bearer, "KEYCLOAK");
             log.debug("Bearer AUTHENTICATED");
             return AuthOutcome.AUTHENTICATED;
-        } else if (deployment.isBearerOnly()) {
-            challenge = bearer.getChallenge();
-            log.debug("NOT_ATTEMPTED: bearer only");
-            return AuthOutcome.NOT_ATTEMPTED;
         }
 
         if (deployment.isEnableBasicAuth()) {
@@ -76,6 +72,12 @@ public abstract class RequestAuthenticator {
             }
         }
 
+        if (deployment.isBearerOnly()) {
+            challenge = bearer.getChallenge();
+            log.debug("NOT_ATTEMPTED: bearer only");
+            return AuthOutcome.NOT_ATTEMPTED;
+        }
+
         if (log.isTraceEnabled()) {
             log.trace("try oauth");
         }

testsuite/integration/src/test/resources/adapter-test/customer-db-keycloak.json

@@ -5,6 +5,7 @@
   "auth-server-url": "http://localhost:8081/auth",
   "ssl-required" : "external",
   "bearer-only" : true,
+  "enable-basic-auth": true,
   "enable-cors" : true
 
 }

testsuite/integration/src/test/resources/jaxrs-test/jaxrs-keycloak-basicauth.json

@@ -5,6 +5,7 @@
     "auth-server-url": "http://localhost:8081/auth",
     "ssl-required" : "external",
     "enable-basic-auth": true,
+    "bearer-only": true,
     "credentials": {
       "secret": "password"
 	}