Prosoft Git

keycloak-uncached

KEYCLOAK-5280

9/11/2017 6:28:45 AM
Stian Thorgersen

Stian Thorgersen

Commit: 96fe460

Tree: 42e2e03

Parents: d7edee8

Changes

services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java 4(+4 -0)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java 13(+13 -0)

Details

services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java 4(+4 -0) 

diff --git a/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java b/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
index 769947a..c12ee5c 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
@@ -283,6 +283,10 @@ public class TokenManager {
         try {
             RefreshToken refreshToken = toRefreshToken(session, realm, encodedRefreshToken);
 
+            if (!(TokenUtil.TOKEN_TYPE_REFRESH.equals(refreshToken.getType()) || TokenUtil.TOKEN_TYPE_OFFLINE.equals(refreshToken.getType()))) {
+                throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Invalid refresh token");
+            }
+
             if (checkExpiration) {
                 if (refreshToken.getExpiration() != 0 && refreshToken.isExpired()) {
                     throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Refresh token expired");

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java 13(+13 -0) 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
index 7e3594f..2d6e2a7 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
@@ -194,6 +194,19 @@ public class RefreshTokenTest extends AbstractKeycloakTest {
 
         setTimeOffset(0);
     }
+    @Test
+    public void refreshTokenWithAccessToken() throws Exception {
+        oauth.doLogin("test-user@localhost", "password");
+
+        String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
+
+        OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "password");
+        String accessTokenString = tokenResponse.getAccessToken();
+
+        OAuthClient.AccessTokenResponse response = oauth.doRefreshTokenRequest(accessTokenString, "password");
+
+        Assert.assertNotEquals(200, response.getStatusCode());
+    }
 
     @Test
     public void refreshTokenReuseTokenWithoutRefreshTokensRevoked() throws Exception {

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github