libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

KEYCLOAK-6043 Use same urls for get and posts in account

Browse source
This commit is contained in:
stianst 2017-12-14 15:52:37 +01:00 committed by Stian Thorgersen
parent 1a541889f4
commit a8943fb323
7 changed files with 45 additions and 78 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
services/src/main/java/org/keycloak/forms/account/freemarker/model/UrlBean.java
View file

@ -70,18 +70,6 @@ public class UrlBean {
return Urls.accountSessionsPage(baseQueryURI, realm).toString(); return Urls.accountSessionsPage(baseQueryURI, realm).toString();
} }
public String getSessionsLogoutUrl() {
return Urls.accountSessionsLogoutPage(baseQueryURI, realm).toString();
}
public String getRevokeClientUrl() {
return Urls.accountRevokeClientPage(baseQueryURI, realm).toString();
}
public String getTotpRemoveUrl() {
return Urls.accountTotpRemove(baseQueryURI, realm).toString();
}
public String getLogoutUrl() { public String getLogoutUrl() {
return Urls.accountLogout(baseQueryURI, currentURI, realm).toString(); return Urls.accountLogout(baseQueryURI, currentURI, realm).toString();
} }

15
services/src/main/java/org/keycloak/services/Urls.java
View file

@ -131,11 +131,6 @@ public class Urls {
return accountBase(baseUri).path(AccountFormService.class, "totpPage").build(realmName); return accountBase(baseUri).path(AccountFormService.class, "totpPage").build(realmName);
} }
public static URI accountTotpRemove(URI baseUri, String realmName) {
return accountBase(baseUri).path(AccountFormService.class, "processTotpRemove")
.build(realmName);
}
public static URI accountLogPage(URI baseUri, String realmName) { public static URI accountLogPage(URI baseUri, String realmName) {
return accountBase(baseUri).path(AccountFormService.class, "logPage").build(realmName); return accountBase(baseUri).path(AccountFormService.class, "logPage").build(realmName);
} }
@ -144,16 +139,6 @@ public class Urls {
return accountBase(baseUri).path(AccountFormService.class, "sessionsPage").build(realmName); return accountBase(baseUri).path(AccountFormService.class, "sessionsPage").build(realmName);
} }
public static URI accountSessionsLogoutPage(URI baseUri, String realmName) {
return accountBase(baseUri).path(AccountFormService.class, "processSessionsLogout")
.build(realmName);
}
public static URI accountRevokeClientPage(URI baseUri, String realmName) {
return accountBase(baseUri).path(AccountFormService.class, "processRevokeGrant")
.build(realmName);
}
public static URI accountLogout(URI baseUri, URI redirectUri, String realmName) { public static URI accountLogout(URI baseUri, URI redirectUri, String realmName) {
return realmLogout(baseUri).queryParam("redirect_uri", redirectUri).build(realmName); return realmLogout(baseUri).queryParam("redirect_uri", redirectUri).build(realmName);
} }

34
services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java
View file

@ -349,28 +349,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
} }
} }
@Path("totp-remove") @Path("sessions")
@POST
public Response processTotpRemove(final MultivaluedMap<String, String> formData) {
if (auth == null) {
return login("totp");
}
auth.require(AccountRoles.MANAGE_ACCOUNT);
csrfCheck(formData);
UserModel user = auth.getUser();
session.userCredentialManager().disableCredentialType(realm, user, CredentialModel.OTP);
event.event(EventType.REMOVE_TOTP).client(auth.getClient()).user(auth.getUser()).success();
setReferrerOnPage();
return account.setSuccess(Messages.SUCCESS_TOTP_REMOVED).createResponse(AccountPages.TOTP);
}
@Path("sessions-logout")
@POST @POST
public Response processSessionsLogout(final MultivaluedMap<String, String> formData) { public Response processSessionsLogout(final MultivaluedMap<String, String> formData) {
if (auth == null) { if (auth == null) {
@ -401,7 +380,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
return Response.seeOther(location).build(); return Response.seeOther(location).build();
} }
@Path("revoke-grant") @Path("applications")
@POST @POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED) @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public Response processRevokeGrant(final MultivaluedMap<String, String> formData) { public Response processRevokeGrant(final MultivaluedMap<String, String> formData) {
@ -473,6 +452,14 @@ public class AccountFormService extends AbstractSecuredLocalService {
UserModel user = auth.getUser(); UserModel user = auth.getUser();
if (action != null && action.equals("Delete")) {
session.userCredentialManager().disableCredentialType(realm, user, CredentialModel.OTP);
event.event(EventType.REMOVE_TOTP).client(auth.getClient()).user(auth.getUser()).success();
setReferrerOnPage();
return account.setSuccess(Messages.SUCCESS_TOTP_REMOVED).createResponse(AccountPages.TOTP);
} else {
String totp = formData.getFirst("totp"); String totp = formData.getFirst("totp");
String totpSecret = formData.getFirst("totpSecret"); String totpSecret = formData.getFirst("totpSecret");
@ -500,6 +487,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
setReferrerOnPage(); setReferrerOnPage();
return account.setSuccess(Messages.SUCCESS_TOTP).createResponse(AccountPages.TOTP); return account.setSuccess(Messages.SUCCESS_TOTP).createResponse(AccountPages.TOTP);
} }
}
/** /**
* Update account password * Update account password

11
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountFormServiceTest.java
View file

@ -68,6 +68,7 @@ import java.util.Map;
import static org.hamcrest.Matchers.containsInAnyOrder; import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.hasItems; import static org.hamcrest.Matchers.hasItems;
import static org.junit.Assert.assertFalse;
/** /**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a> * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@ -215,7 +216,7 @@ public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
driver.navigate().to(profilePage.getPath() + "?referrer=test-app&referrer_uri=http://localhost:8180/auth/realms/master/app/auth/test%2Ffkrenu%22%3E%3Cscript%3Ealert%281%29%3C%2fscript%3E"); driver.navigate().to(profilePage.getPath() + "?referrer=test-app&referrer_uri=http://localhost:8180/auth/realms/master/app/auth/test%2Ffkrenu%22%3E%3Cscript%3Ealert%281%29%3C%2fscript%3E");
Assert.assertTrue(profilePage.isCurrent()); Assert.assertTrue(profilePage.isCurrent());
Assert.assertFalse(driver.getPageSource().contains("<script>alert")); assertFalse(driver.getPageSource().contains("<script>alert"));
} }
@Test @Test
@ -567,7 +568,7 @@ public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
profilePage.open(); profilePage.open();
loginPage.login("test-user@localhost", "password"); loginPage.login("test-user@localhost", "password");
Assert.assertFalse(driver.findElements(By.id("username")).size() > 0); assertFalse(driver.findElements(By.id("username")).size() > 0);
// Revert // Revert
setRegistrationEmailAsUsername(false); setRegistrationEmailAsUsername(false);
@ -767,7 +768,7 @@ public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
Assert.assertTrue(totpPage.isCurrent()); Assert.assertTrue(totpPage.isCurrent());
Assert.assertFalse(driver.getPageSource().contains("Remove Google")); assertFalse(driver.getPageSource().contains("Remove Google"));
// Error with false code // Error with false code
totpPage.configure(totp.generateTOTP(totpPage.getTotpSecret() + "123")); totpPage.configure(totp.generateTOTP(totpPage.getTotpSecret() + "123"));
@ -785,6 +786,10 @@ public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
totpPage.removeTotp(); totpPage.removeTotp();
events.expectAccount(EventType.REMOVE_TOTP).assertEvent(); events.expectAccount(EventType.REMOVE_TOTP).assertEvent();
accountPage.logOut();
assertFalse(errorPage.isCurrent());
} }
@Test @Test

2
themes/src/main/resources/theme/base/account/applications.ftl
View file

@ -7,7 +7,7 @@
</div> </div>
</div> </div>
<form action="${url.revokeClientUrl}" method="post"> <form action="${url.applicationsUrl}" method="post">
<input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}"> <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
<input type="hidden" id="referrer" name="referrer" value="${stateChecker}"> <input type="hidden" id="referrer" name="referrer" value="${stateChecker}">

2
themes/src/main/resources/theme/base/account/sessions.ftl
View file

@ -36,7 +36,7 @@
</table> </table>
<form action="${url.sessionsLogoutUrl}" method="post"> <form action="${url.sessionsUrl}" method="post">
<input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}"> <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
<button id="logout-all-sessions" class="btn btn-default">${msg("doLogOutAllSessions")}</button> <button id="logout-all-sessions" class="btn btn-default">${msg("doLogOutAllSessions")}</button>
</form> </form>

3
themes/src/main/resources/theme/base/account/totp.ftl
View file

@ -14,8 +14,9 @@
<tr> <tr>
<td class="provider">${msg("mobile")}</td> <td class="provider">${msg("mobile")}</td>
<td class="action"> <td class="action">
<form action="${url.totpRemoveUrl}" method="post" class="form-inline"> <form action="${url.totpUrl}" method="post" class="form-inline">
<input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}"> <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
<input type="hidden" id="submitAction" name="submitAction" value="Delete">
<button id="remove-mobile" class="btn btn-default"><i class="pficon pficon-delete"></i></button> <button id="remove-mobile" class="btn btn-default"><i class="pficon pficon-delete"></i></button>
</form> </form>
</td> </td>