Skip to content
This repository was archived by the owner on Oct 12, 2020. It is now read-only.

Commit c140cef

Browse files
DoccrazyDoccrazy
committedDec 19, 2018
update for KEYCLOAK-7774 KEYCLOAK-8438 KEYCLOAK-9050
·
7.0.04.8.0
1 parent 2b35c92 commit c140cef

File tree

2 files changed

+15
-15
lines changed

2 files changed

+15
-15
lines changed
 

‎src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java

+11-5
Original file line numberDiff line numberDiff line change
@@ -3,13 +3,15 @@
33
import org.apache.http.HttpEntity;
44
import org.jboss.logging.Logger;
55
import org.keycloak.common.util.KeycloakUriBuilder;
6+
import org.keycloak.common.util.Time;
67
import org.keycloak.events.EventBuilder;
78
import org.keycloak.events.EventType;
89
import org.keycloak.forms.login.LoginFormsProvider;
910
import org.keycloak.models.*;
1011
import org.keycloak.protocol.LoginProtocol;
1112
import org.keycloak.protocol.cas.utils.LogoutHelper;
12-
import org.keycloak.services.managers.ClientSessionCode;
13+
import org.keycloak.protocol.oidc.utils.OAuth2Code;
14+
import org.keycloak.protocol.oidc.utils.OAuth2CodeParser;
1315
import org.keycloak.services.managers.ResourceAdminManager;
1416
import org.keycloak.sessions.AuthenticationSessionModel;
1517

@@ -18,6 +20,7 @@
1820
import javax.ws.rs.core.UriInfo;
1921
import java.io.IOException;
2022
import java.net.URI;
23+
import java.util.UUID;
2124

2225
public class CASLoginProtocol implements LoginProtocol {
2326
private static final Logger logger = Logger.getLogger(CASLoginProtocol.class);
@@ -86,14 +89,17 @@ public CASLoginProtocol setEventBuilder(EventBuilder event) {
8689
}
8790

8891
@Override
89-
public Response authenticated(UserSessionModel userSession, ClientSessionContext clientSessionCtx) {
92+
public Response authenticated(AuthenticationSessionModel authSession, UserSessionModel userSession, ClientSessionContext clientSessionCtx) {
9093
AuthenticatedClientSessionModel clientSession = clientSessionCtx.getClientSession();
91-
ClientSessionCode<AuthenticatedClientSessionModel> accessCode = new ClientSessionCode<>(session, realm, clientSession);
9294

93-
String service = clientSession.getRedirectUri();
95+
String service = authSession.getRedirectUri();
9496
//TODO validate service
9597

96-
String code = accessCode.getOrGenerateCode();
98+
OAuth2Code codeData = new OAuth2Code(UUID.randomUUID(),
99+
Time.currentTime() + userSession.getRealm().getAccessCodeLifespan(),
100+
null, null, authSession.getRedirectUri(), null, null);
101+
String code = OAuth2CodeParser.persistCode(session, clientSession, codeData);
102+
97103
KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(service);
98104
uriBuilder.queryParam(TICKET_RESPONSE_PARAM, SERVICE_TICKET_PREFIX + code);
99105

‎src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java

+4-10
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@
33
import org.jboss.logging.Logger;
44
import org.jboss.resteasy.spi.HttpRequest;
55
import org.keycloak.common.ClientConnection;
6-
import org.keycloak.events.Details;
76
import org.keycloak.events.Errors;
87
import org.keycloak.events.EventBuilder;
98
import org.keycloak.models.*;
@@ -12,9 +11,9 @@
1211
import org.keycloak.protocol.cas.mappers.CASAttributeMapper;
1312
import org.keycloak.protocol.cas.representations.CASErrorCode;
1413
import org.keycloak.protocol.cas.utils.CASValidationException;
14+
import org.keycloak.protocol.oidc.utils.OAuth2CodeParser;
1515
import org.keycloak.protocol.oidc.utils.RedirectUtils;
1616
import org.keycloak.services.managers.AuthenticationManager;
17-
import org.keycloak.services.managers.ClientSessionCode;
1817
import org.keycloak.services.util.DefaultClientSessionContext;
1918

2019
import javax.ws.rs.core.Context;
@@ -93,13 +92,8 @@ protected void checkTicket(String ticket, boolean requireReauth) {
9392

9493
String code = ticket.substring(CASLoginProtocol.SERVICE_TICKET_PREFIX.length());
9594

96-
String[] parts = code.split("\\.");
97-
if (parts.length == 4) {
98-
event.detail(Details.CODE_ID, parts[2]);
99-
}
100-
101-
ClientSessionCode.ParseResult<AuthenticatedClientSessionModel> parseResult = ClientSessionCode.parseResult(code, null, session, realm, client, event, AuthenticatedClientSessionModel.class);
102-
if (parseResult.isAuthSessionNotFound() || parseResult.isIllegalHash()) {
95+
OAuth2CodeParser.ParseResult parseResult = OAuth2CodeParser.parseCode(session, code, realm, event);
96+
if (parseResult.isIllegalCode()) {
10397
event.error(Errors.INVALID_CODE);
10498

10599
// Attempt to use same code twice should invalidate existing clientSession
@@ -113,7 +107,7 @@ protected void checkTicket(String ticket, boolean requireReauth) {
113107

114108
clientSession = parseResult.getClientSession();
115109

116-
if (parseResult.isExpiredToken()) {
110+
if (parseResult.isExpiredCode()) {
117111
event.error(Errors.EXPIRED_CODE);
118112
throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST);
119113
}

0 commit comments

Comments
 (0)
This repository has been archived.