Details
diff --git a/services/src/main/java/org/keycloak/forms/account/freemarker/model/UrlBean.java b/services/src/main/java/org/keycloak/forms/account/freemarker/model/UrlBean.java
index 9ea898b..a67db6e 100755
--- a/services/src/main/java/org/keycloak/forms/account/freemarker/model/UrlBean.java
+++ b/services/src/main/java/org/keycloak/forms/account/freemarker/model/UrlBean.java
@@ -70,18 +70,6 @@ public class UrlBean {
return Urls.accountSessionsPage(baseQueryURI, realm).toString();
}
- public String getSessionsLogoutUrl() {
- return Urls.accountSessionsLogoutPage(baseQueryURI, realm).toString();
- }
-
- public String getRevokeClientUrl() {
- return Urls.accountRevokeClientPage(baseQueryURI, realm).toString();
- }
-
- public String getTotpRemoveUrl() {
- return Urls.accountTotpRemove(baseQueryURI, realm).toString();
- }
-
public String getLogoutUrl() {
return Urls.accountLogout(baseQueryURI, currentURI, realm).toString();
}
diff --git a/services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java b/services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java
index 2d7e34a..f9d48bc 100755
--- a/services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java
+++ b/services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java
@@ -349,28 +349,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
}
}
- @Path("totp-remove")
- @POST
- public Response processTotpRemove(final MultivaluedMap<String, String> formData) {
- if (auth == null) {
- return login("totp");
- }
-
- auth.require(AccountRoles.MANAGE_ACCOUNT);
-
- csrfCheck(formData);
-
- UserModel user = auth.getUser();
- session.userCredentialManager().disableCredentialType(realm, user, CredentialModel.OTP);
-
- event.event(EventType.REMOVE_TOTP).client(auth.getClient()).user(auth.getUser()).success();
-
- setReferrerOnPage();
- return account.setSuccess(Messages.SUCCESS_TOTP_REMOVED).createResponse(AccountPages.TOTP);
- }
-
-
- @Path("sessions-logout")
+ @Path("sessions")
@POST
public Response processSessionsLogout(final MultivaluedMap<String, String> formData) {
if (auth == null) {
@@ -401,7 +380,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
return Response.seeOther(location).build();
}
- @Path("revoke-grant")
+ @Path("applications")
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public Response processRevokeGrant(final MultivaluedMap<String, String> formData) {
@@ -473,32 +452,41 @@ public class AccountFormService extends AbstractSecuredLocalService {
UserModel user = auth.getUser();
- String totp = formData.getFirst("totp");
- String totpSecret = formData.getFirst("totpSecret");
+ if (action != null && action.equals("Delete")) {
+ session.userCredentialManager().disableCredentialType(realm, user, CredentialModel.OTP);
+
+ event.event(EventType.REMOVE_TOTP).client(auth.getClient()).user(auth.getUser()).success();
- if (Validation.isBlank(totp)) {
- setReferrerOnPage();
- return account.setError(Response.Status.BAD_REQUEST, Messages.MISSING_TOTP).createResponse(AccountPages.TOTP);
- } else if (!CredentialValidation.validOTP(realm, totp, totpSecret)) {
setReferrerOnPage();
- return account.setError(Response.Status.BAD_REQUEST, Messages.INVALID_TOTP).createResponse(AccountPages.TOTP);
- }
+ return account.setSuccess(Messages.SUCCESS_TOTP_REMOVED).createResponse(AccountPages.TOTP);
+ } else {
+ String totp = formData.getFirst("totp");
+ String totpSecret = formData.getFirst("totpSecret");
- UserCredentialModel credentials = new UserCredentialModel();
- credentials.setType(realm.getOTPPolicy().getType());
- credentials.setValue(totpSecret);
- session.userCredentialManager().updateCredential(realm, user, credentials);
+ if (Validation.isBlank(totp)) {
+ setReferrerOnPage();
+ return account.setError(Response.Status.BAD_REQUEST, Messages.MISSING_TOTP).createResponse(AccountPages.TOTP);
+ } else if (!CredentialValidation.validOTP(realm, totp, totpSecret)) {
+ setReferrerOnPage();
+ return account.setError(Response.Status.BAD_REQUEST, Messages.INVALID_TOTP).createResponse(AccountPages.TOTP);
+ }
- // to update counter
- UserCredentialModel cred = new UserCredentialModel();
- cred.setType(realm.getOTPPolicy().getType());
- cred.setValue(totp);
- session.userCredentialManager().isValid(realm, user, cred);
+ UserCredentialModel credentials = new UserCredentialModel();
+ credentials.setType(realm.getOTPPolicy().getType());
+ credentials.setValue(totpSecret);
+ session.userCredentialManager().updateCredential(realm, user, credentials);
- event.event(EventType.UPDATE_TOTP).client(auth.getClient()).user(auth.getUser()).success();
+ // to update counter
+ UserCredentialModel cred = new UserCredentialModel();
+ cred.setType(realm.getOTPPolicy().getType());
+ cred.setValue(totp);
+ session.userCredentialManager().isValid(realm, user, cred);
- setReferrerOnPage();
- return account.setSuccess(Messages.SUCCESS_TOTP).createResponse(AccountPages.TOTP);
+ event.event(EventType.UPDATE_TOTP).client(auth.getClient()).user(auth.getUser()).success();
+
+ setReferrerOnPage();
+ return account.setSuccess(Messages.SUCCESS_TOTP).createResponse(AccountPages.TOTP);
+ }
}
/**
diff --git a/services/src/main/java/org/keycloak/services/Urls.java b/services/src/main/java/org/keycloak/services/Urls.java
index 844e823..5530b60 100755
--- a/services/src/main/java/org/keycloak/services/Urls.java
+++ b/services/src/main/java/org/keycloak/services/Urls.java
@@ -131,11 +131,6 @@ public class Urls {
return accountBase(baseUri).path(AccountFormService.class, "totpPage").build(realmName);
}
- public static URI accountTotpRemove(URI baseUri, String realmName) {
- return accountBase(baseUri).path(AccountFormService.class, "processTotpRemove")
- .build(realmName);
- }
-
public static URI accountLogPage(URI baseUri, String realmName) {
return accountBase(baseUri).path(AccountFormService.class, "logPage").build(realmName);
}
@@ -144,16 +139,6 @@ public class Urls {
return accountBase(baseUri).path(AccountFormService.class, "sessionsPage").build(realmName);
}
- public static URI accountSessionsLogoutPage(URI baseUri, String realmName) {
- return accountBase(baseUri).path(AccountFormService.class, "processSessionsLogout")
- .build(realmName);
- }
-
- public static URI accountRevokeClientPage(URI baseUri, String realmName) {
- return accountBase(baseUri).path(AccountFormService.class, "processRevokeGrant")
- .build(realmName);
- }
-
public static URI accountLogout(URI baseUri, URI redirectUri, String realmName) {
return realmLogout(baseUri).queryParam("redirect_uri", redirectUri).build(realmName);
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountFormServiceTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountFormServiceTest.java
index bf5f68a..abe91d4 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountFormServiceTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountFormServiceTest.java
@@ -68,6 +68,7 @@ import java.util.Map;
import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.hasItems;
+import static org.junit.Assert.assertFalse;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@@ -215,7 +216,7 @@ public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
driver.navigate().to(profilePage.getPath() + "?referrer=test-app&referrer_uri=http://localhost:8180/auth/realms/master/app/auth/test%2Ffkrenu%22%3E%3Cscript%3Ealert%281%29%3C%2fscript%3E");
Assert.assertTrue(profilePage.isCurrent());
- Assert.assertFalse(driver.getPageSource().contains("<script>alert"));
+ assertFalse(driver.getPageSource().contains("<script>alert"));
}
@Test
@@ -567,7 +568,7 @@ public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
profilePage.open();
loginPage.login("test-user@localhost", "password");
- Assert.assertFalse(driver.findElements(By.id("username")).size() > 0);
+ assertFalse(driver.findElements(By.id("username")).size() > 0);
// Revert
setRegistrationEmailAsUsername(false);
@@ -767,7 +768,7 @@ public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
Assert.assertTrue(totpPage.isCurrent());
- Assert.assertFalse(driver.getPageSource().contains("Remove Google"));
+ assertFalse(driver.getPageSource().contains("Remove Google"));
// Error with false code
totpPage.configure(totp.generateTOTP(totpPage.getTotpSecret() + "123"));
@@ -785,6 +786,10 @@ public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
totpPage.removeTotp();
events.expectAccount(EventType.REMOVE_TOTP).assertEvent();
+
+ accountPage.logOut();
+
+ assertFalse(errorPage.isCurrent());
}
@Test
diff --git a/themes/src/main/resources/theme/base/account/applications.ftl b/themes/src/main/resources/theme/base/account/applications.ftl
index 50c2b04..046df99 100755
--- a/themes/src/main/resources/theme/base/account/applications.ftl
+++ b/themes/src/main/resources/theme/base/account/applications.ftl
@@ -7,7 +7,7 @@
</div>
</div>
- <form action="${url.revokeClientUrl}" method="post">
+ <form action="${url.applicationsUrl}" method="post">
<input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
<input type="hidden" id="referrer" name="referrer" value="${stateChecker}">
diff --git a/themes/src/main/resources/theme/base/account/sessions.ftl b/themes/src/main/resources/theme/base/account/sessions.ftl
index bf888dd..89dbf65 100755
--- a/themes/src/main/resources/theme/base/account/sessions.ftl
+++ b/themes/src/main/resources/theme/base/account/sessions.ftl
@@ -36,7 +36,7 @@
</table>
- <form action="${url.sessionsLogoutUrl}" method="post">
+ <form action="${url.sessionsUrl}" method="post">
<input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
<button id="logout-all-sessions" class="btn btn-default">${msg("doLogOutAllSessions")}</button>
</form>
diff --git a/themes/src/main/resources/theme/base/account/totp.ftl b/themes/src/main/resources/theme/base/account/totp.ftl
index 1e03bfb..7115938 100755
--- a/themes/src/main/resources/theme/base/account/totp.ftl
+++ b/themes/src/main/resources/theme/base/account/totp.ftl
@@ -14,8 +14,9 @@
<tr>
<td class="provider">${msg("mobile")}</td>
<td class="action">
- <form action="${url.totpRemoveUrl}" method="post" class="form-inline">
+ <form action="${url.totpUrl}" method="post" class="form-inline">
<input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
+ <input type="hidden" id="submitAction" name="submitAction" value="Delete">
<button id="remove-mobile" class="btn btn-default"><i class="pficon pficon-delete"></i></button>
</form>
</td>
