Merge pull request #1195 from mposolda/master
When revoke consent from admin console, logout clientSessions similarly ...
This commit is contained in:
Marek Posolda
commit
e05f60b66e
3 changed files with 21 additions and 14 deletions
|
|
@ -157,6 +157,22 @@ public class AuthenticationManager {
|
|||
|
||||
}
|
||||
|
||||
// Logout all clientSessions of this user and client
|
||||
public static void backchannelUserFromClient(KeycloakSession session, RealmModel realm, UserModel user, ClientModel client, UriInfo uriInfo, HttpHeaders headers) {
|
||||
String clientId = client.getId();
|
||||
|
||||
List<UserSessionModel> userSessions = session.sessions().getUserSessions(realm, user);
|
||||
for (UserSessionModel userSession : userSessions) {
|
||||
List<ClientSessionModel> clientSessions = userSession.getClientSessions();
|
||||
for (ClientSessionModel clientSession : clientSessions) {
|
||||
if (clientSession.getClient().getId().equals(clientId)) {
|
||||
AuthenticationManager.backchannelLogoutClientSession(session, realm, clientSession, userSession, uriInfo, headers);
|
||||
TokenManager.dettachClientSession(session.sessions(), realm, clientSession);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public static Response browserLogout(KeycloakSession session, RealmModel realm, UserSessionModel userSession, UriInfo uriInfo, ClientConnection connection, HttpHeaders headers) {
|
||||
if (userSession == null) return null;
|
||||
UserModel user = userSession.getUser();
|
||||
|
|
|
|||
|
|
@ -517,16 +517,7 @@ public class AccountService {
|
|||
user.revokeConsentForClient(client.getId());
|
||||
|
||||
// Logout clientSessions for this user and client
|
||||
List<UserSessionModel> userSessions = session.sessions().getUserSessions(realm, user);
|
||||
for (UserSessionModel userSession : userSessions) {
|
||||
List<ClientSessionModel> clientSessions = userSession.getClientSessions();
|
||||
for (ClientSessionModel clientSession : clientSessions) {
|
||||
if (clientSession.getClient().getId().equals(clientId)) {
|
||||
AuthenticationManager.backchannelLogoutClientSession(session, realm, clientSession, userSession, uriInfo, headers);
|
||||
TokenManager.dettachClientSession(session.sessions(), realm, clientSession);
|
||||
}
|
||||
}
|
||||
}
|
||||
AuthenticationManager.backchannelUserFromClient(session, realm, user, client, uriInfo, headers);
|
||||
|
||||
event.event(EventType.REVOKE_GRANT).client(auth.getClient()).user(auth.getUser()).detail(Details.REVOKED_CLIENT, client.getClientId()).success();
|
||||
setReferrerOnPage();
|
||||
|
|
|
|||
|
|
@ -77,8 +77,6 @@ public class UsersResource {
|
|||
|
||||
private RealmAuth auth;
|
||||
|
||||
private TokenManager tokenManager;
|
||||
|
||||
@Context
|
||||
protected ClientConnection clientConnection;
|
||||
|
||||
|
|
@ -94,7 +92,6 @@ public class UsersResource {
|
|||
public UsersResource(RealmModel realm, RealmAuth auth, TokenManager tokenManager) {
|
||||
this.auth = auth;
|
||||
this.realm = realm;
|
||||
this.tokenManager = tokenManager;
|
||||
|
||||
auth.init(RealmAuth.Resource.USER);
|
||||
}
|
||||
|
|
@ -357,7 +354,10 @@ public class UsersResource {
|
|||
|
||||
ClientModel client = realm.getClientByClientId(clientId);
|
||||
boolean revoked = user.revokeConsentForClient(client.getId());
|
||||
if (!revoked) {
|
||||
if (revoked) {
|
||||
// Logout clientSessions for this user and client
|
||||
AuthenticationManager.backchannelUserFromClient(session, realm, user, client, uriInfo, headers);
|
||||
} else {
|
||||
throw new NotFoundException("Consent not found for user " + username + " and client " + clientId);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue