Merge remote-tracking branch 'upstream/master'

2013-10-24 11:49:13 -02:00 · 2013-10-24 11:49:13 -02:00 · 79bc920a9b
commit 79bc920a9b
parent 4019b6fd5f 2bb3753289
3 changed files with 23 additions and 6 deletions
--- a/examples/js/keycloak.js
+++ b/examples/js/keycloak.js
@ -19,7 +19,9 @@ window.keycloak = (function () {
            }
        }

-        processCallback();
+        if (!processCallback()) {
+            window.location.href = getLoginUrl() + '&prompt=none';
+        }
    }

    kc.login = function () {
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@ -42,10 +42,7 @@ import javax.ws.rs.core.UriInfo;
 import javax.ws.rs.ext.Providers;

 import java.security.PrivateKey;
-import java.util.HashMap;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
+import java.util.*;

 /**
 * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -446,7 +443,7 @@ public class TokenService {
    @GET
    public Response loginPage(final @QueryParam("response_type") String responseType,
            final @QueryParam("redirect_uri") String redirect, final @QueryParam("client_id") String clientId,
-            final @QueryParam("scope") String scopeParam, final @QueryParam("state") String state) {
+            final @QueryParam("scope") String scopeParam, final @QueryParam("state") String state, final @QueryParam("prompt") String prompt) {
        OAuthFlows oauth = Flows.oauth(realm, request, uriInfo, authManager, tokenManager);

        if (!realm.isEnabled()) {
@ -483,6 +480,10 @@ public class TokenService {
            return oauth.processAccessCode(scopeParam, state, redirect, client, user);
        }

+        if (prompt != null && prompt.equals("none")) {
+            return oauth.redirectError(client, "access_denied", state, redirect);
+        }
+
        return Flows.forms(realm, request, uriInfo).forwardToLogin();
    }

--- a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
+++ b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
@ -85,6 +85,20 @@ public class OAuthFlows {
        return location.build();
    }

+    public Response redirectError(UserModel client, String error, String state, String redirect) {
+        Set<String> redirectUris = client.getRedirectUris();
+        if (!redirectUris.isEmpty() && !redirectUris.contains(redirect)) {
+            return forwardToSecurityFailure("Invalid redirect_uri " + redirect);
+        }
+
+        UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam("error", error);
+        if (state != null) {
+            redirectUri.queryParam("state", state);
+        }
+
+        return Response.status(302).location(redirectUri.build()).build();
+    }
+
    public Response processAccessCode(String scopeParam, String state, String redirect, UserModel client, UserModel user) {
        RoleModel resourceRole = realm.getRole(Constants.APPLICATION_ROLE);
        RoleModel identityRequestRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);