keycloak-uncached
Changes
pom.xml 2(+1 -1)
Details
pom.xml 2(+1 -1)
diff --git a/pom.xml b/pom.xml
index 445508e..d6a86f6 100755
--- a/pom.xml
+++ b/pom.xml
@@ -16,7 +16,7 @@
<jackson.version>1.9.9</jackson.version>
<keycloak.apache.httpcomponents.version>4.2.1</keycloak.apache.httpcomponents.version>
<resteasy.version>2.3.7.Final</resteasy.version>
- <resteasy.version.latest>3.0.8.Final</resteasy.version.latest>
+ <resteasy.version.latest>3.0.9.Final</resteasy.version.latest>
<undertow.version>1.0.15.Final</undertow.version>
<picketlink.version>2.7.0.Beta1</picketlink.version>
<picketbox.ldap.version>1.0.2.Final</picketbox.ldap.version>
diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java
index 3c918cf..4ceb9f3 100755
--- a/services/src/main/java/org/keycloak/services/resources/AccountService.java
+++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java
@@ -436,13 +436,15 @@ public class AccountService {
@Path("totp-remove")
@GET
- public Response processTotpRemove() {
+ public Response processTotpRemove(@QueryParam("stateChecker") String stateChecker) {
if (auth == null) {
return login("totp");
}
require(AccountRoles.MANAGE_ACCOUNT);
+ csrfCheck(stateChecker);
+
UserModel user = auth.getUser();
user.setTotp(false);