From 755367911691ba936274e6d569d408e53f7797c7 Mon Sep 17 00:00:00 2001 From: Pedro Igor Date: Fri, 3 May 2024 13:17:01 -0300 Subject: [PATCH] Using a common name for token parameter and setting it to action urls when available from query parameters Signed-off-by: Pedro Igor --- .../src/main/java/org/keycloak/models/Constants.java | 2 +- .../authentication/AuthenticationProcessor.java | 9 --------- .../authentication/FormAuthenticationFlow.java | 12 ++++++++---- .../forms/RegistrationUserCreation.java | 2 +- .../resource/OrganizationInvitationResource.java | 2 +- .../oidc/endpoints/AuthorizationEndpoint.java | 7 ++----- 6 files changed, 13 insertions(+), 21 deletions(-) diff --git a/server-spi-private/src/main/java/org/keycloak/models/Constants.java b/server-spi-private/src/main/java/org/keycloak/models/Constants.java index 9ba2e4e2af..59e579a356 100755 --- a/server-spi-private/src/main/java/org/keycloak/models/Constants.java +++ b/server-spi-private/src/main/java/org/keycloak/models/Constants.java @@ -79,7 +79,7 @@ public final class Constants { public static final String VERIFY_EMAIL_KEY = "VERIFY_EMAIL_KEY"; public static final String EXECUTION = "execution"; public static final String CLIENT_ID = "client_id"; - public static final String ORG_TOKEN = "org_token"; + public static final String TOKEN = "token"; public static final String TAB_ID = "tab_id"; public static final String CLIENT_DATA = "client_data"; diff --git a/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java b/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java index 40f31a1694..4d2ea890bd 100755 --- a/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java +++ b/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java @@ -232,15 +232,6 @@ public class AuthenticationProcessor { return this; } - public String getOrgToken() { - return orgToken; - } - - public AuthenticationProcessor setOrgToken(String orgToken) { - this.orgToken = orgToken; - return this; - } - public AuthenticationProcessor setForwardedErrorMessage(FormMessage forwardedErrorMessage) { this.forwardedErrorMessageStore.setForwardedMessage(forwardedErrorMessage); return this; diff --git a/services/src/main/java/org/keycloak/authentication/FormAuthenticationFlow.java b/services/src/main/java/org/keycloak/authentication/FormAuthenticationFlow.java index 54bdc216a4..35bd9fbe3a 100755 --- a/services/src/main/java/org/keycloak/authentication/FormAuthenticationFlow.java +++ b/services/src/main/java/org/keycloak/authentication/FormAuthenticationFlow.java @@ -265,7 +265,7 @@ public class FormAuthenticationFlow implements AuthenticationFlow { return null; } - public URI getActionUrl(String executionId, String code, String token) { + public URI getActionUrl(String executionId, String code) { ClientModel client = processor.getAuthenticationSession().getClient(); UriBuilder builder = LoginActionsService.registrationFormProcessor(processor.getUriInfo()) .queryParam(LoginActionsService.SESSION_CODE, code) @@ -273,8 +273,12 @@ public class FormAuthenticationFlow implements AuthenticationFlow { .queryParam(Constants.CLIENT_ID, client.getClientId()) .queryParam(Constants.TAB_ID, processor.getAuthenticationSession().getTabId()) .queryParam(Constants.CLIENT_DATA, AuthenticationProcessor.getClientData(processor.getSession(), processor.getAuthenticationSession())); - if (token != null) { - builder.queryParam(Constants.ORG_TOKEN, token); + + MultivaluedMap query = processor.getSession().getContext().getUri().getQueryParameters(); + List token = query.get(Constants.TOKEN); + + if (token != null && !token.isEmpty()) { + builder.queryParam(Constants.TOKEN, token.get(0)); } return builder.build(processor.getRealm().getName()); @@ -295,7 +299,7 @@ public class FormAuthenticationFlow implements AuthenticationFlow { String executionId = formExecution.getId(); processor.getAuthenticationSession().setAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION, executionId); String code = processor.generateCode(); - URI actionUrl = getActionUrl(executionId, code, processor.orgToken); + URI actionUrl = getActionUrl(executionId, code); LoginFormsProvider form = processor.getSession().getProvider(LoginFormsProvider.class) .setAuthenticationSession(processor.getAuthenticationSession()) .setActionUri(actionUrl) diff --git a/services/src/main/java/org/keycloak/authentication/forms/RegistrationUserCreation.java b/services/src/main/java/org/keycloak/authentication/forms/RegistrationUserCreation.java index a5c6e21aa4..bebc6c978d 100755 --- a/services/src/main/java/org/keycloak/authentication/forms/RegistrationUserCreation.java +++ b/services/src/main/java/org/keycloak/authentication/forms/RegistrationUserCreation.java @@ -291,7 +291,7 @@ public class RegistrationUserCreation implements FormAction, FormActionFactory { private boolean validateOrganizationInvitation(ValidationContext context, MultivaluedMap formData, String email) { if (Profile.isFeatureEnabled(Feature.ORGANIZATION)) { MultivaluedMap queryParameters = context.getHttpRequest().getUri().getQueryParameters(); - String tokenFromQuery = queryParameters.getFirst(Constants.ORG_TOKEN); + String tokenFromQuery = queryParameters.getFirst(Constants.TOKEN); if (tokenFromQuery == null) { return true; diff --git a/services/src/main/java/org/keycloak/organization/admin/resource/OrganizationInvitationResource.java b/services/src/main/java/org/keycloak/organization/admin/resource/OrganizationInvitationResource.java index 6b6e5d321f..426e2c6575 100644 --- a/services/src/main/java/org/keycloak/organization/admin/resource/OrganizationInvitationResource.java +++ b/services/src/main/java/org/keycloak/organization/admin/resource/OrganizationInvitationResource.java @@ -119,7 +119,7 @@ public class OrganizationInvitationResource { return OIDCLoginProtocolService.registrationsUrl(session.getContext().getUri().getBaseUriBuilder()) .queryParam(OAuth2Constants.RESPONSE_TYPE, OIDCResponseType.CODE) .queryParam(Constants.CLIENT_ID, Constants.ACCOUNT_MANAGEMENT_CLIENT_ID) - .queryParam(Constants.ORG_TOKEN, createToken(user)) + .queryParam(Constants.TOKEN, createToken(user)) .buildFromMap(Map.of("realm", realm.getName(), "protocol", OIDCLoginProtocol.LOGIN_PROTOCOL)).toString(); } diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java index 49f21afbc0..da79e31c95 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java @@ -195,7 +195,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase { CacheControlUtil.noBackButtonCacheControlHeader(session); switch (action) { case REGISTER: - return buildRegister(params.getFirst(Constants.ORG_TOKEN)); + return buildRegister(); case FORGOT_CREDENTIALS: return buildForgotCredential(); case CODE: @@ -341,16 +341,13 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase { return handleBrowserAuthenticationRequest(authenticationSession, new OIDCLoginProtocol(session, realm, session.getContext().getUri(), headers, event), TokenUtil.hasPrompt(request.getPrompt(), OIDCLoginProtocol.PROMPT_VALUE_NONE), false); } - private Response buildRegister(String inviteToken) { + private Response buildRegister() { authManager.expireIdentityCookie(session); AuthenticationFlowModel flow = realm.getRegistrationFlow(); String flowId = flow.getId(); AuthenticationProcessor processor = createProcessor(authenticationSession, flowId, LoginActionsService.REGISTRATION_PATH); - if (inviteToken != null) { - processor.setOrgToken(inviteToken); - } authenticationSession.setClientNote(APP_INITIATED_FLOW, LoginActionsService.REGISTRATION_PATH); return processor.authenticate();