libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Merge pull request #676 from stianst/master

Browse source 
Fixes to admin console random logout
This commit is contained in:
Stian Thorgersen 2014-09-09 11:02:19 +02:00
commit 839069ca15
8 changed files with 7 additions and 350 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
forms/common-themes/src/main/resources/theme/admin/base/resources/index.html
View file

@ -17,8 +17,6 @@
<script src="lib/angular/angular-route.js"></script> <script src="lib/angular/angular-route.js"></script>
<script src="lib/angular/ui-bootstrap-tpls-0.11.0.js"></script> <script src="lib/angular/ui-bootstrap-tpls-0.11.0.js"></script>
<script src="lib/jquery/jquery.idletimer.js" type="text/javascript"></script>
<script src="lib/jquery/jquery.idletimeout.js" type="text/javascript"></script>
<script src="lib/angular/select2.js" type="text/javascript"></script> <script src="lib/angular/select2.js" type="text/javascript"></script>
<script src="lib/fileupload/angular-file-upload.min.js"></script> <script src="lib/fileupload/angular-file-upload.min.js"></script>
<script src="lib/filesaver/FileSaver.js"></script> <script src="lib/filesaver/FileSaver.js"></script>
@ -75,28 +73,5 @@
</div> </div>
</div> </div>
<script type="text/javascript">
$.idleTimeout('#idletimeout', '#idletimeout a', {
idleAfter: 300,
pollingInterval: 60,
// keepAliveURL: authUrl + '/admin/keepalive', would need to change this path
serverResponseEquals: '',
failedRequests: 1,
onTimeout: function(){
$(this).slideUp();
logout();
},
onIdle: function(){
$(this).slideDown(); // show the warning bar
},
onCountdown: function( counter ){
$(this).find("span").html( counter ); // update the counter
},
onResume: function(){
$(this).slideUp(); // hide the warning bar
}
});
</script>
</body> </body>
</html> </html>

17
forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js
View file

@ -4,17 +4,9 @@ var consoleBaseUrl = window.location.href;
consoleBaseUrl = consoleBaseUrl.substring(0, consoleBaseUrl.indexOf("/console")); consoleBaseUrl = consoleBaseUrl.substring(0, consoleBaseUrl.indexOf("/console"));
consoleBaseUrl = consoleBaseUrl + "/console"; consoleBaseUrl = consoleBaseUrl + "/console";
var configUrl = consoleBaseUrl + "/config"; var configUrl = consoleBaseUrl + "/config";
var logoutUrl = consoleBaseUrl + "/logout";
var auth = {}; var auth = {};
var logout = function(){ var authUrl = window.location.href.substring(0, window.location.href.indexOf('/admin/'));
console.log('*** LOGOUT');
window.location = logoutUrl;
};
var authUrl = window.location.href;
authUrl = authUrl.substring(0, authUrl.indexOf('/admin/'));
var module = angular.module('keycloak', [ 'keycloak.services', 'keycloak.loaders', 'ui.bootstrap', 'ui.select2', 'angularFileUpload' ]); var module = angular.module('keycloak', [ 'keycloak.services', 'keycloak.loaders', 'ui.bootstrap', 'ui.select2', 'angularFileUpload' ]);
var resourceRequests = 0; var resourceRequests = 0;
@ -803,14 +795,13 @@ module.config(function($httpProvider) {
}); });
module.factory('errorInterceptor', function($q, $window, $rootScope, $location,Notifications) { module.factory('errorInterceptor', function($q, $window, $rootScope, $location, Notifications, Auth) {
return function(promise) { return function(promise) {
return promise.then(function(response) { return promise.then(function(response) {
return response; return response;
}, function(response) { }, function(response) {
if (response.status == 401) { if (response.status == 401) {
console.log('session timeout?'); Auth.authz.logout();
logout();
} else if (response.status == 403) { } else if (response.status == 403) {
Notifications.error("Forbidden"); Notifications.error("Forbidden");
} else if (response.status == 404) { } else if (response.status == 404) {

2
forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js
View file

@ -4,8 +4,6 @@ module.controller('GlobalCtrl', function($scope, $http, Auth, WhoAmI, Current, $
}; };
$scope.authUrl = authUrl; $scope.authUrl = authUrl;
$scope.logout = logout;
$scope.auth = Auth; $scope.auth = Auth;
WhoAmI.get(function (data) { WhoAmI.get(function (data) {

2
forms/common-themes/src/main/resources/theme/admin/base/resources/partials/menu.html
View file

@ -20,7 +20,7 @@
</a> </a>
<ul class="dropdown-menu"> <ul class="dropdown-menu">
<li><a href="{{authUrl}}/realms/{{auth.user.realm}}/account?referrer=security-admin-console">Manage Account</a></li> <li><a href="{{authUrl}}/realms/{{auth.user.realm}}/account?referrer=security-admin-console">Manage Account</a></li>
<li class="separator"><a href="" ng-click="logout()">Sign Out</a></li> <li class="separator"><a href="" ng-click="auth.authz.logout()">Sign Out</a></li>
</ul> </ul>
</li> </li>
</ul> </ul>

185
forms/common-themes/src/main/resources/theme/common/keycloak/resources/lib/jquery/jquery.idletimeout.js
View file

@ -1,185 +0,0 @@
/*
* jQuery Idle Timeout 1.1
* Copyright (c) 2011 Eric Hynds
*
* http://www.erichynds.com/jquery/a-new-and-improved-jquery-idle-timeout-plugin/
*
* Depends:
* - jQuery 1.4.2+
* - jQuery Idle Timer (by Paul Irish, http://paulirish.com/2009/jquery-idletimer-plugin/)
*
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/licenses/gpl.html
*
*/
(function($, win){
var idleTimeout = {
init: function( element, resume, options ){
var self = this, elem;
this.warning = elem = $(element);
this.resume = $(resume);
this.options = options;
this.countdownOpen = false;
this.failedRequests = options.failedRequests;
this._startTimer();
// expose obj to data cache so peeps can call internal methods
$.data( elem[0], 'idletimout', this );
// start the idle timer
$.idleTimer(options.idleAfter * 1000);
// once the user becomes idle
$(document).bind("idle.idleTimer", function(){
// if the user is idle and a countdown isn't already running
if( $.data(document, 'idleTimer') === 'idle' && !self.countdownOpen ){
self._stopTimer();
self.countdownOpen = true;
self._idle();
}
});
// bind continue link
this.resume.bind("click", function(e){
e.preventDefault();
win.clearInterval(self.countdown); // stop the countdown
self.countdownOpen = false; // stop countdown
self._startTimer(); // start up the timer again
self._keepAlive( false ); // ping server
options.onResume.call( self.warning ); // call the resume callback
});
},
_idle: function(){
var self = this,
options = this.options,
warning = this.warning[0],
counter = options.warningLength;
// fire the onIdle function
options.onIdle.call(warning);
// set inital value in the countdown placeholder
options.onCountdown.call(warning, counter);
// create a timer that runs every second
this.countdown = win.setInterval(function(){
if(--counter === 0){
window.clearInterval(self.countdown);
options.onTimeout.call(warning);
} else {
options.onCountdown.call(warning, counter);
}
}, 1000);
},
_startTimer: function(){
var self = this;
if (this.options.pollingInterval > 0) {
this.timer = win.setTimeout(function () {
self._keepAlive();
}, this.options.pollingInterval * 1000);
}
},
_stopTimer: function(){
// reset the failed requests counter
this.failedRequests = this.options.failedRequests;
win.clearTimeout(this.timer);
},
_keepAlive: function( recurse ){
var self = this,
options = this.options;
if( typeof recurse === "undefined" ){
recurse = true;
}
// if too many requests failed, abort
if( !this.failedRequests ){
console.log('aborting...');
this._stopTimer();
options.onAbort.call( this.warning[0] );
return;
}
$.ajax({
timeout: options.AJAXTimeout,
url: options.keepAliveURL,
error: function(){
console.log('failure for keepalive');
self.failedRequests--;
},
success: function(response){
console.log('success for keepalive');
/* if($.trim(response) !== options.serverResponseEquals){
self.failedRequests--;
}*/
},
complete: function(){
if( recurse ){
self._startTimer();
}
}
});
}
};
// expose
$.idleTimeout = function(element, resume, options){
idleTimeout.init( element, resume, $.extend($.idleTimeout.options, options) );
return this;
};
// options
$.idleTimeout.options = {
// number of seconds after user is idle to show the warning
warningLength: 30,
// url to call to keep the session alive while the user is active
keepAliveURL: "",
// the response from keepAliveURL must equal this text:
serverResponseEquals: "OK",
// user is considered idle after this many seconds. 10 minutes default
idleAfter: 600,
// a polling request will be sent to the server every X seconds
pollingInterval: 60,
// number of failed polling requests until we abort this script
failedRequests: 5,
// the $.ajax timeout in MILLISECONDS!
AJAXTimeout: 250,
/*
Callbacks
"this" refers to the element found by the first selector passed to $.idleTimeout.
*/
// callback to fire when the session times out
onTimeout: $.noop,
// fires when the user becomes idle
onIdle: $.noop,
// fires during each second of warningLength
onCountdown: $.noop,
// fires when the user resumes the session
onResume: $.noop,
// callback to fire when the script is aborted due to too many failed requests
onAbort: $.noop
};
})(jQuery, window);

116
forms/common-themes/src/main/resources/theme/common/keycloak/resources/lib/jquery/jquery.idletimer.js
View file

@ -1,116 +0,0 @@
(function($){
$.idleTimer = function f(newTimeout){
//$.idleTimer.tId = -1 //timeout ID
var idle = false, //indicates if the user is idle
enabled = true, //indicates if the idle timer is enabled
timeout = 30000, //the amount of time (ms) before the user is considered idle
events = 'mousemove keydown DOMMouseScroll mousewheel mousedown', // activity is one of these events
//f.olddate = undefined, // olddate used for getElapsedTime. stored on the function
/* (intentionally not documented)
* Toggles the idle state and fires an appropriate event.
* @return {void}
*/
toggleIdleState = function(){
//toggle the state
idle = !idle;
// reset timeout counter
f.olddate = +new Date;
//fire appropriate event
$(document).trigger( $.data(document,'idleTimer', idle ? "idle" : "active" ) + '.idleTimer');
},
/**
* Stops the idle timer. This removes appropriate event handlers
* and cancels any pending timeouts.
* @return {void}
* @method stop
* @static
*/
stop = function(){
//set to disabled
enabled = false;
//clear any pending timeouts
clearTimeout($.idleTimer.tId);
//detach the event handlers
$(document).unbind('.idleTimer');
},
/* (intentionally not documented)
* Handles a user event indicating that the user isn't idle.
* @param {Event} event A DOM2-normalized event object.
* @return {void}
*/
handleUserEvent = function(){
//clear any existing timeout
clearTimeout($.idleTimer.tId);
//if the idle timer is enabled
if (enabled){
//if it's idle, that means the user is no longer idle
if (idle){
toggleIdleState();
}
//set a new timeout
$.idleTimer.tId = setTimeout(toggleIdleState, timeout);
}
};
/**
* Starts the idle timer. This adds appropriate event handlers
* and starts the first timeout.
* @param {int} newTimeout (Optional) A new value for the timeout period in ms.
* @return {void}
* @method $.idleTimer
* @static
*/
f.olddate = f.olddate || +new Date;
//assign a new timeout if necessary
if (typeof newTimeout == "number"){
timeout = newTimeout;
} else if (newTimeout === 'destroy') {
stop();
return this;
} else if (newTimeout === 'getElapsedTime'){
return (+new Date) - f.olddate;
}
//assign appropriate event handlers
$(document).bind($.trim((events+' ').split(' ').join('.idleTimer ')),handleUserEvent);
//set a timeout to toggle state
$.idleTimer.tId = setTimeout(toggleIdleState, timeout);
// assume the user is active for the first x seconds.
$.data(document,'idleTimer',"active");
}; // end of $.idleTimer()
})(jQuery);

5
services/src/main/java/org/keycloak/services/managers/TokenManager.java
View file

@ -98,10 +98,7 @@ public class TokenManager {
accessToken.setRealmAccess(refreshToken.getRealmAccess()); accessToken.setRealmAccess(refreshToken.getRealmAccess());
accessToken.setResourceAccess(refreshToken.getResourceAccess()); accessToken.setResourceAccess(refreshToken.getResourceAccess());
// only refresh session if next token refresh will be after idle timeout userSession.setLastSessionRefresh(currentTime);
if (currentTime + realm.getAccessTokenLifespan() > userSession.getLastSessionRefresh() + realm.getSsoSessionIdleTimeout()) {
userSession.setLastSessionRefresh(currentTime);
}
return accessToken; return accessToken;
} }

5
testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
View file

@ -241,10 +241,7 @@ public class RefreshTokenTest {
session.getTransaction().commit(); session.getTransaction().commit();
session.close(); session.close();
// should not update last refresh because the access token interval is way less than idle timeout Assert.assertNotEquals(last, next);
Assert.assertEquals(last, next);
session = keycloakRule.startSession(); session = keycloakRule.startSession();
realm = session.realms().getRealmByName("test"); realm = session.realms().getRealmByName("test");