KEYCLOAK-8509 Improvements to session iframe
This commit is contained in:
parent
9be8bef575
commit
aaa33ad883
3 changed files with 57 additions and 37 deletions
|
@ -154,10 +154,14 @@
|
|||
case 'check-sso':
|
||||
if (loginIframe.enable) {
|
||||
setupCheckLoginIframe().success(function() {
|
||||
checkLoginIframe().success(function () {
|
||||
doLogin(false);
|
||||
checkLoginIframe().success(function (unchanged) {
|
||||
if (!unchanged) {
|
||||
doLogin(false);
|
||||
} else {
|
||||
initPromise.setSuccess();
|
||||
}
|
||||
}).error(function () {
|
||||
initPromise.setSuccess();
|
||||
initPromise.setError();
|
||||
});
|
||||
});
|
||||
} else {
|
||||
|
@ -191,12 +195,16 @@
|
|||
|
||||
if (loginIframe.enable) {
|
||||
setupCheckLoginIframe().success(function() {
|
||||
checkLoginIframe().success(function () {
|
||||
kc.onAuthSuccess && kc.onAuthSuccess();
|
||||
initPromise.setSuccess();
|
||||
checkLoginIframe().success(function (unchanged) {
|
||||
if (unchanged) {
|
||||
kc.onAuthSuccess && kc.onAuthSuccess();
|
||||
initPromise.setSuccess();
|
||||
scheduleCheckIframe();
|
||||
} else {
|
||||
initPromise.setSuccess();
|
||||
}
|
||||
}).error(function () {
|
||||
setToken(null, null, null);
|
||||
initPromise.setSuccess();
|
||||
initPromise.setError();
|
||||
});
|
||||
});
|
||||
} else {
|
||||
|
@ -593,6 +601,7 @@
|
|||
|
||||
var tokenResponse = JSON.parse(req.responseText);
|
||||
authSuccess(tokenResponse['access_token'], tokenResponse['refresh_token'], tokenResponse['id_token'], kc.flow === 'standard');
|
||||
scheduleCheckIframe();
|
||||
} else {
|
||||
kc.onAuthError && kc.onAuthError();
|
||||
promise && promise.setError();
|
||||
|
@ -1076,8 +1085,6 @@
|
|||
loginIframe.iframeOrigin = authUrl.substring(0, authUrl.indexOf('/', 8));
|
||||
}
|
||||
promise.setSuccess();
|
||||
|
||||
setTimeout(check, loginIframe.interval * 1000);
|
||||
}
|
||||
|
||||
var src = kc.endpoints.checkSessionIframe();
|
||||
|
@ -1104,31 +1111,38 @@
|
|||
|
||||
for (var i = callbacks.length - 1; i >= 0; --i) {
|
||||
var promise = callbacks[i];
|
||||
if (event.data == 'unchanged') {
|
||||
promise.setSuccess();
|
||||
} else {
|
||||
if (event.data == 'error') {
|
||||
promise.setError();
|
||||
} else {
|
||||
promise.setSuccess(event.data == 'unchanged');
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
window.addEventListener('message', messageCallback, false);
|
||||
|
||||
var check = function() {
|
||||
checkLoginIframe();
|
||||
if (kc.token) {
|
||||
setTimeout(check, loginIframe.interval * 1000);
|
||||
}
|
||||
};
|
||||
|
||||
return promise.promise;
|
||||
}
|
||||
|
||||
function scheduleCheckIframe() {
|
||||
if (loginIframe.enable) {
|
||||
if (kc.token) {
|
||||
setTimeout(function() {
|
||||
checkLoginIframe().success(function(unchanged) {
|
||||
if (unchanged) {
|
||||
scheduleCheckIframe();
|
||||
}
|
||||
});
|
||||
}, loginIframe.interval * 1000);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function checkLoginIframe() {
|
||||
var promise = createPromise(true);
|
||||
|
||||
if (loginIframe.iframe && loginIframe.iframeOrigin ) {
|
||||
var msg = kc.clientId + ' ' + kc.sessionId;
|
||||
var msg = kc.clientId + ' ' + (kc.sessionId ? kc.sessionId : '');
|
||||
loginIframe.callbackList.push(promise);
|
||||
var origin = loginIframe.iframeOrigin;
|
||||
if (loginIframe.callbackList.length == 1) {
|
||||
|
|
|
@ -23,9 +23,20 @@
|
|||
function checkState(clientId, origin, sessionState, callback) {
|
||||
var cookie = getCookie();
|
||||
|
||||
if (!cookie) {
|
||||
callback('changed');
|
||||
} else if (!init) {
|
||||
var checkCookie = function() {
|
||||
if (clientId === init.clientId && origin === init.origin) {
|
||||
var c = cookie.split('/');
|
||||
if (sessionState === c[2]) {
|
||||
callback('unchanged');
|
||||
} else {
|
||||
callback('changed');
|
||||
}
|
||||
} else {
|
||||
callback('error');
|
||||
}
|
||||
}
|
||||
|
||||
if (!init) {
|
||||
var req = new XMLHttpRequest();
|
||||
|
||||
var url = location.href.split("?")[0] + "/init";
|
||||
|
@ -41,9 +52,7 @@
|
|||
clientId: clientId,
|
||||
origin: origin
|
||||
}
|
||||
callback('unchanged');
|
||||
} else if (req.status === 404) {
|
||||
callback('changed');
|
||||
checkCookie();
|
||||
} else {
|
||||
callback('error');
|
||||
}
|
||||
|
@ -51,17 +60,14 @@
|
|||
};
|
||||
|
||||
req.send();
|
||||
} else {
|
||||
if (clientId === init.clientId && origin === init.origin) {
|
||||
var c = cookie.split('/');
|
||||
if (sessionState === c[2]) {
|
||||
callback('unchanged');
|
||||
} else {
|
||||
callback('changed');
|
||||
}
|
||||
} else if (!cookie) {
|
||||
if (sessionState != '') {
|
||||
callback('changed');
|
||||
} else {
|
||||
callback('error');
|
||||
callback('unchanged');
|
||||
}
|
||||
} else {
|
||||
checkCookie();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -76,7 +76,7 @@ public class LoginStatusIframeEndpoint {
|
|||
UriInfo uriInfo = session.getContext().getUri();
|
||||
RealmModel realm = session.getContext().getRealm();
|
||||
ClientModel client = session.realms().getClientByClientId(clientId, realm);
|
||||
if (client != null) {
|
||||
if (client != null && client.isEnabled()) {
|
||||
Set<String> validWebOrigins = WebOriginsUtils.resolveValidWebOrigins(uriInfo, client);
|
||||
validWebOrigins.add(UriUtils.getOrigin(uriInfo.getRequestUri()));
|
||||
if (validWebOrigins.contains("*") || validWebOrigins.contains(origin)) {
|
||||
|
|
Loading…
Reference in a new issue