libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Prevent multiple logout confirmation actions

Browse source 
closes #32435

Signed-off-by: mposolda <mposolda@gmail.com>
This commit is contained in:
mposolda 2024-10-03 12:20:57 +02:00 committed by Marek Posolda
parent 13111daceb
commit c8ca0462a4
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
services/src/main/java/org/keycloak/protocol/oidc/endpoints/LogoutEndpoint.java
View file

@ -339,7 +339,7 @@ public class LogoutEndpoint {
SessionCodeChecks checks = new LogoutSessionCodeChecks(realm, session.getContext().getUri(), request, clientConnection, session, event, code, clientId, tabId); SessionCodeChecks checks = new LogoutSessionCodeChecks(realm, session.getContext().getUri(), request, clientConnection, session, event, code, clientId, tabId);
checks.initialVerify(); checks.initialVerify();
if (!checks.verifyActiveAndValidAction(AuthenticationSessionModel.Action.LOGGING_OUT.name(), ClientSessionCode.ActionType.USER) || !checks.isActionRequest() || !formData.containsKey("confirmLogout")) { if (!checks.verifyActiveAndValidAction(AuthenticationSessionModel.Action.LOGGING_OUT.name(), ClientSessionCode.ActionType.USER) || !checks.isActionRequest()) {
AuthenticationSessionModel logoutSession = checks.getAuthenticationSession(); AuthenticationSessionModel logoutSession = checks.getAuthenticationSession();
String errorMessage = "Failed verification during logout."; String errorMessage = "Failed verification during logout.";
logger.debugf( "%s logoutSessionId=%s, clientId=%s, tabId=%s", logger.debugf( "%s logoutSessionId=%s, clientId=%s, tabId=%s",

2
themes/src/main/resources/theme/base/login/logout-confirm.ftl
View file

@ -6,7 +6,7 @@
<div id="kc-logout-confirm" class="content-area"> <div id="kc-logout-confirm" class="content-area">
<p class="instruction">${msg("logoutConfirmHeader")}</p> <p class="instruction">${msg("logoutConfirmHeader")}</p>
<form class="form-actions" action="${url.logoutConfirmAction}" method="POST"> <form class="form-actions" action="${url.logoutConfirmAction}" onsubmit="confirmLogout.disabled = true; return true;" method="POST">
<input type="hidden" name="session_code" value="${logoutConfirm.code}"> <input type="hidden" name="session_code" value="${logoutConfirm.code}">
<div class="${properties.kcFormGroupClass!}"> <div class="${properties.kcFormGroupClass!}">
<div id="kc-form-options"> <div id="kc-form-options">