KEYCLOAK-12268 Show page not found for /account/log if events are disabled for the realm

2020-02-18 20:50:28 +01:00 · 2020-02-18 20:50:28 +01:00 · d8d81ee162
commit d8d81ee162
parent 9a3a358b96
2 changed files with 18 additions and 3 deletions
--- a/services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java
+++ b/services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java
@ -80,6 +80,7 @@ import org.keycloak.util.JsonSerialization;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.FormParam;
 import javax.ws.rs.GET;
+import javax.ws.rs.NotFoundException;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
@ -287,6 +288,10 @@ public class AccountFormService extends AbstractSecuredLocalService {
    @Path("log")
    @GET
    public Response logPage() {
+        if (!realm.isEventsEnabled()) {
+            throw new NotFoundException();
+        }
+
        if (auth != null) {
            List<Event> events = eventStore.createQuery().type(Constants.EXPOSED_LOG_EVENTS).user(auth.getUser().getId()).maxResults(30).getResultList();
            for (Event e : events) {
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountFormServiceTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountFormServiceTest.java
@ -1006,15 +1006,23 @@ public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
        Assert.assertEquals("No access", errorPage.getError());
    }

-    private void setEventsEnabled() {
+    private void setEventsEnabled(boolean eventsEnabled) {
        RealmRepresentation testRealm = testRealm().toRepresentation();
-        testRealm.setEventsEnabled(true);
+        testRealm.setEventsEnabled(eventsEnabled);
        testRealm().update(testRealm);
    }

+
+    @Test
+    public void viewLogNotEnabled() {
+        logPage.open();
+        assertTrue(errorPage.isCurrent());
+        assertEquals("Page not found", errorPage.getError());
+    }
+
    @Test
    public void viewLog() {
-        setEventsEnabled();
+        setEventsEnabled(true);

        List<EventRepresentation> expectedEvents = new LinkedList<>();

@ -1053,6 +1061,8 @@ public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
                Assert.fail("Event not found " + e.getType());
            }
        }
+
+        setEventsEnabled(false);
    }

    @Test