libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-6042 Encode user ID before storing in auth session

Browse source
This commit is contained in:
Hynek Mlnarik 2017-12-14 23:10:03 +01:00 committed by Hynek Mlnařík
parent 1b14f9e73e
commit e4a91c0706
2 changed files with 21 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
server-spi/src/main/java/org/keycloak/models/ActionTokenKeyModel.java
View file

@ -16,6 +16,8 @@
*/ */
package org.keycloak.models; package org.keycloak.models;
import org.keycloak.common.util.Base64;
import java.nio.charset.StandardCharsets;
import java.util.UUID; import java.util.UUID;
/** /**
@ -45,6 +47,8 @@ public interface ActionTokenKeyModel {
UUID getActionVerificationNonce(); UUID getActionVerificationNonce();
default String serializeKey() { default String serializeKey() {
return String.format("%s.%d.%s.%s", getUserId(), getExpiration(), getActionVerificationNonce(), getActionId()); String userId = getUserId();
String encodedUserId = userId == null ? "" : Base64.encodeBytes(userId.getBytes(StandardCharsets.UTF_8));
return String.format("%s.%d.%s.%s", encodedUserId, getExpiration(), getActionVerificationNonce(), getActionId());
} }
} }

18
services/src/main/java/org/keycloak/authentication/actiontoken/DefaultActionTokenKey.java
View file

@ -16,11 +16,17 @@
*/ */
package org.keycloak.authentication.actiontoken; package org.keycloak.authentication.actiontoken;
import org.keycloak.common.util.Base64;
import org.keycloak.models.ActionTokenKeyModel; import org.keycloak.models.ActionTokenKeyModel;
import org.keycloak.representations.JsonWebToken; import org.keycloak.representations.JsonWebToken;
import com.fasterxml.jackson.annotation.JsonIgnore; import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonProperty;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.UUID; import java.util.UUID;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
/** /**
* *
@ -63,16 +69,24 @@ public class DefaultActionTokenKey extends JsonWebToken implements ActionTokenKe
return actionVerificationNonce; return actionVerificationNonce;
} }
private static final Pattern DOT = Pattern.compile("\\.");
public static DefaultActionTokenKey from(String serializedKey) { public static DefaultActionTokenKey from(String serializedKey) {
if (serializedKey == null) { if (serializedKey == null) {
return null; return null;
} }
String[] parsed = serializedKey.split("\\.", 4); String[] parsed = DOT.split(serializedKey, 4);
if (parsed.length != 4) { if (parsed.length != 4) {
return null; return null;
} }
return new DefaultActionTokenKey(parsed[0], parsed[3], Integer.parseInt(parsed[1]), UUID.fromString(parsed[2])); String userId;
try {
userId = new String(Base64.decode(parsed[0]), StandardCharsets.UTF_8);
} catch (IOException ex) {
userId = parsed[0];
}
return new DefaultActionTokenKey(userId, parsed[3], Integer.parseInt(parsed[1]), UUID.fromString(parsed[2]));
} }
} }