KEYCLOAK-12193 Internal error message returned in error response

This commit is contained in:
stianst 2019-12-13 05:25:20 +01:00 committed by Marek Posolda
parent da0e2aaa12
commit ecec20ad59
2 changed files with 56 additions and 10 deletions

View file

@ -1,5 +1,6 @@
package org.keycloak.services.error;
import com.fasterxml.jackson.core.JsonParseException;
import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.Failure;
import org.jboss.resteasy.spi.HttpResponse;
@ -106,17 +107,18 @@ public class KeycloakErrorHandler implements ExceptionMapper<Throwable> {
Failure f = (Failure) throwable;
status = f.getErrorCode();
}
if (throwable instanceof JsonParseException) {
status = Response.Status.BAD_REQUEST.getStatusCode();
}
return status;
}
private String getErrorCode(Throwable throwable) {
String error = throwable.getMessage();
if (error == null) {
return "unknown_error";
if (throwable instanceof WebApplicationException && throwable.getMessage() != null) {
return throwable.getMessage();
}
return error;
return "unknown_error";
}
private RealmModel resolveRealm() {

View file

@ -1,29 +1,36 @@
package org.keycloak.testsuite.error;
import org.apache.commons.io.IOUtils;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.common.util.StreamUtil;
import org.keycloak.representations.idm.ErrorRepresentation;
import org.keycloak.representations.idm.OAuth2ErrorRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.util.JsonSerialization;
import javax.ws.rs.core.Response;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Array;
import java.net.MalformedURLException;
import java.net.URI;
import java.nio.charset.Charset;
import java.util.Collections;
import java.util.List;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.*;
public class UncaughtErrorPageTest extends AbstractKeycloakTest {
@ -61,6 +68,43 @@ public class UncaughtErrorPageTest extends AbstractKeycloakTest {
Assert.assertTrue(responseString.contains("An internal server error has occurred"));
}
@Test
@UncaughtServerErrorExpected
public void uncaughtErrorClientRegistration() throws IOException {
try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
HttpPost post = new HttpPost(suiteContext.getAuthServerInfo().getUriBuilder().path("/auth/realms/master/clients-registrations/openid-connect").build());
post.setEntity(new StringEntity("{ invalid : invalid }"));
post.setHeader("Content-Type", "application/json");
CloseableHttpResponse response = client.execute(post);
assertEquals(400, response.getStatusLine().getStatusCode());
OAuth2ErrorRepresentation error = JsonSerialization.readValue(response.getEntity().getContent(), OAuth2ErrorRepresentation.class);
assertEquals("unknown_error", error.getError());
assertNull(error.getErrorDescription());
}
}
@Test
@UncaughtServerErrorExpected
public void uncaughtErrorAdmin() throws IOException {
try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
String accessToken = adminClient.tokenManager().getAccessTokenString();
HttpPost post = new HttpPost(suiteContext.getAuthServerInfo().getUriBuilder().path("/auth/admin/realms").build());
post.setEntity(new StringEntity("{ invalid : invalid }"));
post.setHeader("Authorization", "bearer " + accessToken);
post.setHeader("Content-Type", "application/json");
CloseableHttpResponse response = client.execute(post);
assertEquals(400, response.getStatusLine().getStatusCode());
OAuth2ErrorRepresentation error = JsonSerialization.readValue(response.getEntity().getContent(), OAuth2ErrorRepresentation.class);
assertEquals("unknown_error", error.getError());
assertNull(error.getErrorDescription());
}
}
@Test
@UncaughtServerErrorExpected
public void uncaughtError() throws MalformedURLException {