KEYCLOAK-6043 Use same urls for get and posts in account
This commit is contained in:
stianst
Stian Thorgersen
parent
1a541889f4
commit
a8943fb323
7 changed files with 45 additions and 78 deletions
|
|
@ -70,18 +70,6 @@ public class UrlBean {
|
|||
return Urls.accountSessionsPage(baseQueryURI, realm).toString();
|
||||
}
|
||||
|
||||
public String getSessionsLogoutUrl() {
|
||||
return Urls.accountSessionsLogoutPage(baseQueryURI, realm).toString();
|
||||
}
|
||||
|
||||
public String getRevokeClientUrl() {
|
||||
return Urls.accountRevokeClientPage(baseQueryURI, realm).toString();
|
||||
}
|
||||
|
||||
public String getTotpRemoveUrl() {
|
||||
return Urls.accountTotpRemove(baseQueryURI, realm).toString();
|
||||
}
|
||||
|
||||
public String getLogoutUrl() {
|
||||
return Urls.accountLogout(baseQueryURI, currentURI, realm).toString();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -131,11 +131,6 @@ public class Urls {
|
|||
return accountBase(baseUri).path(AccountFormService.class, "totpPage").build(realmName);
|
||||
}
|
||||
|
||||
public static URI accountTotpRemove(URI baseUri, String realmName) {
|
||||
return accountBase(baseUri).path(AccountFormService.class, "processTotpRemove")
|
||||
.build(realmName);
|
||||
}
|
||||
|
||||
public static URI accountLogPage(URI baseUri, String realmName) {
|
||||
return accountBase(baseUri).path(AccountFormService.class, "logPage").build(realmName);
|
||||
}
|
||||
|
|
@ -144,16 +139,6 @@ public class Urls {
|
|||
return accountBase(baseUri).path(AccountFormService.class, "sessionsPage").build(realmName);
|
||||
}
|
||||
|
||||
public static URI accountSessionsLogoutPage(URI baseUri, String realmName) {
|
||||
return accountBase(baseUri).path(AccountFormService.class, "processSessionsLogout")
|
||||
.build(realmName);
|
||||
}
|
||||
|
||||
public static URI accountRevokeClientPage(URI baseUri, String realmName) {
|
||||
return accountBase(baseUri).path(AccountFormService.class, "processRevokeGrant")
|
||||
.build(realmName);
|
||||
}
|
||||
|
||||
public static URI accountLogout(URI baseUri, URI redirectUri, String realmName) {
|
||||
return realmLogout(baseUri).queryParam("redirect_uri", redirectUri).build(realmName);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -349,28 +349,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
|
|||
}
|
||||
}
|
||||
|
||||
@Path("totp-remove")
|
||||
@POST
|
||||
public Response processTotpRemove(final MultivaluedMap<String, String> formData) {
|
||||
if (auth == null) {
|
||||
return login("totp");
|
||||
}
|
||||
|
||||
auth.require(AccountRoles.MANAGE_ACCOUNT);
|
||||
|
||||
csrfCheck(formData);
|
||||
|
||||
UserModel user = auth.getUser();
|
||||
session.userCredentialManager().disableCredentialType(realm, user, CredentialModel.OTP);
|
||||
|
||||
event.event(EventType.REMOVE_TOTP).client(auth.getClient()).user(auth.getUser()).success();
|
||||
|
||||
setReferrerOnPage();
|
||||
return account.setSuccess(Messages.SUCCESS_TOTP_REMOVED).createResponse(AccountPages.TOTP);
|
||||
}
|
||||
|
||||
|
||||
@Path("sessions-logout")
|
||||
@Path("sessions")
|
||||
@POST
|
||||
public Response processSessionsLogout(final MultivaluedMap<String, String> formData) {
|
||||
if (auth == null) {
|
||||
|
|
@ -401,7 +380,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
|
|||
return Response.seeOther(location).build();
|
||||
}
|
||||
|
||||
@Path("revoke-grant")
|
||||
@Path("applications")
|
||||
@POST
|
||||
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
||||
public Response processRevokeGrant(final MultivaluedMap<String, String> formData) {
|
||||
|
|
@ -473,32 +452,41 @@ public class AccountFormService extends AbstractSecuredLocalService {
|
|||
|
||||
UserModel user = auth.getUser();
|
||||
|
||||
String totp = formData.getFirst("totp");
|
||||
String totpSecret = formData.getFirst("totpSecret");
|
||||
if (action != null && action.equals("Delete")) {
|
||||
session.userCredentialManager().disableCredentialType(realm, user, CredentialModel.OTP);
|
||||
|
||||
event.event(EventType.REMOVE_TOTP).client(auth.getClient()).user(auth.getUser()).success();
|
||||
|
||||
if (Validation.isBlank(totp)) {
|
||||
setReferrerOnPage();
|
||||
return account.setError(Response.Status.BAD_REQUEST, Messages.MISSING_TOTP).createResponse(AccountPages.TOTP);
|
||||
} else if (!CredentialValidation.validOTP(realm, totp, totpSecret)) {
|
||||
return account.setSuccess(Messages.SUCCESS_TOTP_REMOVED).createResponse(AccountPages.TOTP);
|
||||
} else {
|
||||
String totp = formData.getFirst("totp");
|
||||
String totpSecret = formData.getFirst("totpSecret");
|
||||
|
||||
if (Validation.isBlank(totp)) {
|
||||
setReferrerOnPage();
|
||||
return account.setError(Response.Status.BAD_REQUEST, Messages.MISSING_TOTP).createResponse(AccountPages.TOTP);
|
||||
} else if (!CredentialValidation.validOTP(realm, totp, totpSecret)) {
|
||||
setReferrerOnPage();
|
||||
return account.setError(Response.Status.BAD_REQUEST, Messages.INVALID_TOTP).createResponse(AccountPages.TOTP);
|
||||
}
|
||||
|
||||
UserCredentialModel credentials = new UserCredentialModel();
|
||||
credentials.setType(realm.getOTPPolicy().getType());
|
||||
credentials.setValue(totpSecret);
|
||||
session.userCredentialManager().updateCredential(realm, user, credentials);
|
||||
|
||||
// to update counter
|
||||
UserCredentialModel cred = new UserCredentialModel();
|
||||
cred.setType(realm.getOTPPolicy().getType());
|
||||
cred.setValue(totp);
|
||||
session.userCredentialManager().isValid(realm, user, cred);
|
||||
|
||||
event.event(EventType.UPDATE_TOTP).client(auth.getClient()).user(auth.getUser()).success();
|
||||
|
||||
setReferrerOnPage();
|
||||
return account.setError(Response.Status.BAD_REQUEST, Messages.INVALID_TOTP).createResponse(AccountPages.TOTP);
|
||||
return account.setSuccess(Messages.SUCCESS_TOTP).createResponse(AccountPages.TOTP);
|
||||
}
|
||||
|
||||
UserCredentialModel credentials = new UserCredentialModel();
|
||||
credentials.setType(realm.getOTPPolicy().getType());
|
||||
credentials.setValue(totpSecret);
|
||||
session.userCredentialManager().updateCredential(realm, user, credentials);
|
||||
|
||||
// to update counter
|
||||
UserCredentialModel cred = new UserCredentialModel();
|
||||
cred.setType(realm.getOTPPolicy().getType());
|
||||
cred.setValue(totp);
|
||||
session.userCredentialManager().isValid(realm, user, cred);
|
||||
|
||||
event.event(EventType.UPDATE_TOTP).client(auth.getClient()).user(auth.getUser()).success();
|
||||
|
||||
setReferrerOnPage();
|
||||
return account.setSuccess(Messages.SUCCESS_TOTP).createResponse(AccountPages.TOTP);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -68,6 +68,7 @@ import java.util.Map;
|
|||
import static org.hamcrest.Matchers.containsInAnyOrder;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.hasItems;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||
|
|
@ -215,7 +216,7 @@ public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
|
|||
driver.navigate().to(profilePage.getPath() + "?referrer=test-app&referrer_uri=http://localhost:8180/auth/realms/master/app/auth/test%2Ffkrenu%22%3E%3Cscript%3Ealert%281%29%3C%2fscript%3E");
|
||||
Assert.assertTrue(profilePage.isCurrent());
|
||||
|
||||
Assert.assertFalse(driver.getPageSource().contains("<script>alert"));
|
||||
assertFalse(driver.getPageSource().contains("<script>alert"));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -567,7 +568,7 @@ public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
|
|||
|
||||
profilePage.open();
|
||||
loginPage.login("test-user@localhost", "password");
|
||||
Assert.assertFalse(driver.findElements(By.id("username")).size() > 0);
|
||||
assertFalse(driver.findElements(By.id("username")).size() > 0);
|
||||
|
||||
// Revert
|
||||
setRegistrationEmailAsUsername(false);
|
||||
|
|
@ -767,7 +768,7 @@ public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
|
|||
|
||||
Assert.assertTrue(totpPage.isCurrent());
|
||||
|
||||
Assert.assertFalse(driver.getPageSource().contains("Remove Google"));
|
||||
assertFalse(driver.getPageSource().contains("Remove Google"));
|
||||
|
||||
// Error with false code
|
||||
totpPage.configure(totp.generateTOTP(totpPage.getTotpSecret() + "123"));
|
||||
|
|
@ -785,6 +786,10 @@ public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
|
|||
totpPage.removeTotp();
|
||||
|
||||
events.expectAccount(EventType.REMOVE_TOTP).assertEvent();
|
||||
|
||||
accountPage.logOut();
|
||||
|
||||
assertFalse(errorPage.isCurrent());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<form action="${url.revokeClientUrl}" method="post">
|
||||
<form action="${url.applicationsUrl}" method="post">
|
||||
<input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
|
||||
<input type="hidden" id="referrer" name="referrer" value="${stateChecker}">
|
||||
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@
|
|||
|
||||
</table>
|
||||
|
||||
<form action="${url.sessionsLogoutUrl}" method="post">
|
||||
<form action="${url.sessionsUrl}" method="post">
|
||||
<input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
|
||||
<button id="logout-all-sessions" class="btn btn-default">${msg("doLogOutAllSessions")}</button>
|
||||
</form>
|
||||
|
|
|
|||
|
|
@ -14,8 +14,9 @@
|
|||
<tr>
|
||||
<td class="provider">${msg("mobile")}</td>
|
||||
<td class="action">
|
||||
<form action="${url.totpRemoveUrl}" method="post" class="form-inline">
|
||||
<form action="${url.totpUrl}" method="post" class="form-inline">
|
||||
<input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
|
||||
<input type="hidden" id="submitAction" name="submitAction" value="Delete">
|
||||
<button id="remove-mobile" class="btn btn-default"><i class="pficon pficon-delete"></i></button>
|
||||
</form>
|
||||
</td>
|
||||
|
|
|
|||
Loading…
Reference in a new issue