Prosoft Git

keycloak-uncached

KEYCLOAK-6042 Encode user ID before storing in auth session

12/14/2017 8:10:03 PM
Hynek Mlnarik

Hynek Mlnarik

Commit: e4a91c0

Tree: 102c2c1

Parents: 1b14f9e

Changes

server-spi/src/main/java/org/keycloak/models/ActionTokenKeyModel.java 6(+5 -1)

services/src/main/java/org/keycloak/authentication/actiontoken/DefaultActionTokenKey.java 18(+16 -2)

Details

server-spi/src/main/java/org/keycloak/models/ActionTokenKeyModel.java 6(+5 -1) 

diff --git a/server-spi/src/main/java/org/keycloak/models/ActionTokenKeyModel.java b/server-spi/src/main/java/org/keycloak/models/ActionTokenKeyModel.java
index 2725945..83f0e52 100644
--- a/server-spi/src/main/java/org/keycloak/models/ActionTokenKeyModel.java
+++ b/server-spi/src/main/java/org/keycloak/models/ActionTokenKeyModel.java
@@ -16,6 +16,8 @@
  */
 package org.keycloak.models;
 
+import org.keycloak.common.util.Base64;
+import java.nio.charset.StandardCharsets;
 import java.util.UUID;
 
 /**
@@ -45,6 +47,8 @@ public interface ActionTokenKeyModel {
     UUID getActionVerificationNonce();
 
     default String serializeKey() {
-        return String.format("%s.%d.%s.%s", getUserId(), getExpiration(), getActionVerificationNonce(), getActionId());
+        String userId = getUserId();
+        String encodedUserId = userId == null ? "" : Base64.encodeBytes(userId.getBytes(StandardCharsets.UTF_8));
+        return String.format("%s.%d.%s.%s", encodedUserId, getExpiration(), getActionVerificationNonce(), getActionId());
     }
 }

services/src/main/java/org/keycloak/authentication/actiontoken/DefaultActionTokenKey.java 18(+16 -2) 

diff --git a/services/src/main/java/org/keycloak/authentication/actiontoken/DefaultActionTokenKey.java b/services/src/main/java/org/keycloak/authentication/actiontoken/DefaultActionTokenKey.java
index 9723005..96b817e 100644
--- a/services/src/main/java/org/keycloak/authentication/actiontoken/DefaultActionTokenKey.java
+++ b/services/src/main/java/org/keycloak/authentication/actiontoken/DefaultActionTokenKey.java
@@ -16,11 +16,17 @@
  */
 package org.keycloak.authentication.actiontoken;
 
+import org.keycloak.common.util.Base64;
 import org.keycloak.models.ActionTokenKeyModel;
 import org.keycloak.representations.JsonWebToken;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.util.UUID;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import java.util.regex.Pattern;
 
 /**
  *
@@ -63,16 +69,24 @@ public class DefaultActionTokenKey extends JsonWebToken implements ActionTokenKe
         return actionVerificationNonce;
     }
 
+    private static final Pattern DOT = Pattern.compile("\\.");
+
     public static DefaultActionTokenKey from(String serializedKey) {
         if (serializedKey == null) {
             return null;
         }
-        String[] parsed = serializedKey.split("\\.", 4);
+        String[] parsed = DOT.split(serializedKey, 4);
         if (parsed.length != 4) {
             return null;
         }
 
-        return new DefaultActionTokenKey(parsed[0], parsed[3], Integer.parseInt(parsed[1]), UUID.fromString(parsed[2]));
+        String userId;
+        try {
+            userId = new String(Base64.decode(parsed[0]), StandardCharsets.UTF_8);
+        } catch (IOException ex) {
+            userId = parsed[0];
+        }
+        return new DefaultActionTokenKey(userId, parsed[3], Integer.parseInt(parsed[1]), UUID.fromString(parsed[2]));
     }
 
 }

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github