libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Using a common name for token parameter and setting it to action urls when available from query parameters

Browse source 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
This commit is contained in:
Pedro Igor 2024-05-03 13:17:01 -03:00
parent 5359840f10
commit 7553679116
6 changed files with 13 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
server-spi-private/src/main/java/org/keycloak/models/Constants.java
View file

@ -79,7 +79,7 @@ public final class Constants {
public static final String VERIFY_EMAIL_KEY = "VERIFY_EMAIL_KEY"; public static final String VERIFY_EMAIL_KEY = "VERIFY_EMAIL_KEY";
public static final String EXECUTION = "execution"; public static final String EXECUTION = "execution";
public static final String CLIENT_ID = "client_id"; public static final String CLIENT_ID = "client_id";
public static final String ORG_TOKEN = "org_token"; public static final String TOKEN = "token";
public static final String TAB_ID = "tab_id"; public static final String TAB_ID = "tab_id";
public static final String CLIENT_DATA = "client_data"; public static final String CLIENT_DATA = "client_data";

9
services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java
View file

@ -232,15 +232,6 @@ public class AuthenticationProcessor {
return this; return this;
} }
public String getOrgToken() {
return orgToken;
}
public AuthenticationProcessor setOrgToken(String orgToken) {
this.orgToken = orgToken;
return this;
}
public AuthenticationProcessor setForwardedErrorMessage(FormMessage forwardedErrorMessage) { public AuthenticationProcessor setForwardedErrorMessage(FormMessage forwardedErrorMessage) {
this.forwardedErrorMessageStore.setForwardedMessage(forwardedErrorMessage); this.forwardedErrorMessageStore.setForwardedMessage(forwardedErrorMessage);
return this; return this;

12
services/src/main/java/org/keycloak/authentication/FormAuthenticationFlow.java
View file

@ -265,7 +265,7 @@ public class FormAuthenticationFlow implements AuthenticationFlow {
return null; return null;
} }
public URI getActionUrl(String executionId, String code, String token) { public URI getActionUrl(String executionId, String code) {
ClientModel client = processor.getAuthenticationSession().getClient(); ClientModel client = processor.getAuthenticationSession().getClient();
UriBuilder builder = LoginActionsService.registrationFormProcessor(processor.getUriInfo()) UriBuilder builder = LoginActionsService.registrationFormProcessor(processor.getUriInfo())
.queryParam(LoginActionsService.SESSION_CODE, code) .queryParam(LoginActionsService.SESSION_CODE, code)
@ -273,8 +273,12 @@ public class FormAuthenticationFlow implements AuthenticationFlow {
.queryParam(Constants.CLIENT_ID, client.getClientId()) .queryParam(Constants.CLIENT_ID, client.getClientId())
.queryParam(Constants.TAB_ID, processor.getAuthenticationSession().getTabId()) .queryParam(Constants.TAB_ID, processor.getAuthenticationSession().getTabId())
.queryParam(Constants.CLIENT_DATA, AuthenticationProcessor.getClientData(processor.getSession(), processor.getAuthenticationSession())); .queryParam(Constants.CLIENT_DATA, AuthenticationProcessor.getClientData(processor.getSession(), processor.getAuthenticationSession()));
if (token != null) {
builder.queryParam(Constants.ORG_TOKEN, token); MultivaluedMap<String, String> query = processor.getSession().getContext().getUri().getQueryParameters();
List<String> token = query.get(Constants.TOKEN);
if (token != null && !token.isEmpty()) {
builder.queryParam(Constants.TOKEN, token.get(0));
} }
return builder.build(processor.getRealm().getName()); return builder.build(processor.getRealm().getName());
@ -295,7 +299,7 @@ public class FormAuthenticationFlow implements AuthenticationFlow {
String executionId = formExecution.getId(); String executionId = formExecution.getId();
processor.getAuthenticationSession().setAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION, executionId); processor.getAuthenticationSession().setAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION, executionId);
String code = processor.generateCode(); String code = processor.generateCode();
URI actionUrl = getActionUrl(executionId, code, processor.orgToken); URI actionUrl = getActionUrl(executionId, code);
LoginFormsProvider form = processor.getSession().getProvider(LoginFormsProvider.class) LoginFormsProvider form = processor.getSession().getProvider(LoginFormsProvider.class)
.setAuthenticationSession(processor.getAuthenticationSession()) .setAuthenticationSession(processor.getAuthenticationSession())
.setActionUri(actionUrl) .setActionUri(actionUrl)

2
services/src/main/java/org/keycloak/authentication/forms/RegistrationUserCreation.java
View file

@ -291,7 +291,7 @@ public class RegistrationUserCreation implements FormAction, FormActionFactory {
private boolean validateOrganizationInvitation(ValidationContext context, MultivaluedMap<String, String> formData, String email) { private boolean validateOrganizationInvitation(ValidationContext context, MultivaluedMap<String, String> formData, String email) {
if (Profile.isFeatureEnabled(Feature.ORGANIZATION)) { if (Profile.isFeatureEnabled(Feature.ORGANIZATION)) {
MultivaluedMap<String, String> queryParameters = context.getHttpRequest().getUri().getQueryParameters(); MultivaluedMap<String, String> queryParameters = context.getHttpRequest().getUri().getQueryParameters();
String tokenFromQuery = queryParameters.getFirst(Constants.ORG_TOKEN); String tokenFromQuery = queryParameters.getFirst(Constants.TOKEN);
if (tokenFromQuery == null) { if (tokenFromQuery == null) {
return true; return true;

2
services/src/main/java/org/keycloak/organization/admin/resource/OrganizationInvitationResource.java
View file

@ -119,7 +119,7 @@ public class OrganizationInvitationResource {
return OIDCLoginProtocolService.registrationsUrl(session.getContext().getUri().getBaseUriBuilder()) return OIDCLoginProtocolService.registrationsUrl(session.getContext().getUri().getBaseUriBuilder())
.queryParam(OAuth2Constants.RESPONSE_TYPE, OIDCResponseType.CODE) .queryParam(OAuth2Constants.RESPONSE_TYPE, OIDCResponseType.CODE)
.queryParam(Constants.CLIENT_ID, Constants.ACCOUNT_MANAGEMENT_CLIENT_ID) .queryParam(Constants.CLIENT_ID, Constants.ACCOUNT_MANAGEMENT_CLIENT_ID)
.queryParam(Constants.ORG_TOKEN, createToken(user)) .queryParam(Constants.TOKEN, createToken(user))
.buildFromMap(Map.of("realm", realm.getName(), "protocol", OIDCLoginProtocol.LOGIN_PROTOCOL)).toString(); .buildFromMap(Map.of("realm", realm.getName(), "protocol", OIDCLoginProtocol.LOGIN_PROTOCOL)).toString();
} }

7
services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java
View file

@ -195,7 +195,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
CacheControlUtil.noBackButtonCacheControlHeader(session); CacheControlUtil.noBackButtonCacheControlHeader(session);
switch (action) { switch (action) {
case REGISTER: case REGISTER:
return buildRegister(params.getFirst(Constants.ORG_TOKEN)); return buildRegister();
case FORGOT_CREDENTIALS: case FORGOT_CREDENTIALS:
return buildForgotCredential(); return buildForgotCredential();
case CODE: case CODE:
@ -341,16 +341,13 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
return handleBrowserAuthenticationRequest(authenticationSession, new OIDCLoginProtocol(session, realm, session.getContext().getUri(), headers, event), TokenUtil.hasPrompt(request.getPrompt(), OIDCLoginProtocol.PROMPT_VALUE_NONE), false); return handleBrowserAuthenticationRequest(authenticationSession, new OIDCLoginProtocol(session, realm, session.getContext().getUri(), headers, event), TokenUtil.hasPrompt(request.getPrompt(), OIDCLoginProtocol.PROMPT_VALUE_NONE), false);
} }
private Response buildRegister(String inviteToken) { private Response buildRegister() {
authManager.expireIdentityCookie(session); authManager.expireIdentityCookie(session);
AuthenticationFlowModel flow = realm.getRegistrationFlow(); AuthenticationFlowModel flow = realm.getRegistrationFlow();
String flowId = flow.getId(); String flowId = flow.getId();
AuthenticationProcessor processor = createProcessor(authenticationSession, flowId, LoginActionsService.REGISTRATION_PATH); AuthenticationProcessor processor = createProcessor(authenticationSession, flowId, LoginActionsService.REGISTRATION_PATH);
if (inviteToken != null) {
processor.setOrgToken(inviteToken);
}
authenticationSession.setClientNote(APP_INITIATED_FLOW, LoginActionsService.REGISTRATION_PATH); authenticationSession.setClientNote(APP_INITIATED_FLOW, LoginActionsService.REGISTRATION_PATH);
return processor.authenticate(); return processor.authenticate();