Prosoft Git

keycloak-uncached

KEYCLOAK-6090 Add missing cors headers with invalid username/password

1/2/2018 9:01:52 AM
stianst

stianst

Commit: ecc08b9

Tree: 4ef3e76

Parents: ec5616b

Changes

services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java 9(+8 -1)

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java 3(+3 -0)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenEndpointCorsTest.java 21(+20 -1)

Details

services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java 9(+8 -1) 

diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
index 0bacf51..ee0ff85 100644
--- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
@@ -19,6 +19,7 @@ package org.keycloak.protocol.oidc.endpoints;
 
 import org.jboss.logging.Logger;
 import org.jboss.resteasy.spi.HttpRequest;
+import org.jboss.resteasy.spi.HttpResponse;
 import org.jboss.resteasy.spi.ResteasyProviderFactory;
 import org.keycloak.OAuth2Constants;
 import org.keycloak.OAuthErrorException;
@@ -127,6 +128,9 @@ public class TokenEndpoint {
     private HttpRequest request;
 
     @Context
+    private HttpResponse httpResponse;
+
+    @Context
     private HttpHeaders headers;
 
     @Context
@@ -499,7 +503,10 @@ public class TokenEndpoint {
                 .setUriInfo(uriInfo)
                 .setRequest(request);
         Response challenge = processor.authenticateOnly();
-        if (challenge != null) return challenge;
+        if (challenge != null) {
+            cors.build(httpResponse);
+            return challenge;
+        }
         processor.evaluateRequiredActionTriggers();
         UserModel user = authSession.getAuthenticatedUser();
         if (user.getRequiredActions() != null && user.getRequiredActions().size() > 0) {

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java 3(+3 -0) 

diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java
index 29dd244..732ba0f 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java
@@ -382,7 +382,10 @@ public class OAuthClient {
                 post.setHeader("Authorization", authorization);
             } else {
                 parameters.add(new BasicNameValuePair("client_id", clientId));
+            }
 
+            if (origin != null) {
+                post.addHeader("Origin", origin);
             }
 
             if (clientSessionState != null) {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenEndpointCorsTest.java 21(+20 -1) 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenEndpointCorsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenEndpointCorsTest.java
index 7fa151f..86ea5c7 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenEndpointCorsTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenEndpointCorsTest.java
@@ -44,7 +44,7 @@ public class TokenEndpointCorsTest extends AbstractKeycloakTest {
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         RealmRepresentation realm = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
-        realm.getClients().add(ClientBuilder.create().redirectUris(VALID_CORS_URL + "/realms/master/app").addWebOrigin(VALID_CORS_URL).id("test-app2").clientId("test-app2").publicClient().build());
+        realm.getClients().add(ClientBuilder.create().redirectUris(VALID_CORS_URL + "/realms/master/app").addWebOrigin(VALID_CORS_URL).id("test-app2").clientId("test-app2").publicClient().directAccessGrants().build());
         testRealms.add(realm);
     }
 
@@ -97,6 +97,25 @@ public class TokenEndpointCorsTest extends AbstractKeycloakTest {
         assertEquals("Session not active", response.getErrorDescription());
     }
 
+    @Test
+    public void accessTokenResourceOwnerCorsRequest() throws Exception {
+        oauth.realm("test");
+        oauth.clientId("test-app2");
+        oauth.origin(VALID_CORS_URL);
+
+        // Token request
+        OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("password", "test-user@localhost", "password");
+
+        assertEquals(200, response.getStatusCode());
+        assertCors(response);
+
+        // Invalid password
+        response = oauth.doGrantAccessTokenRequest("password", "test-user@localhost", "invalid");
+
+        assertEquals(401, response.getStatusCode());
+        assertCors(response);
+    }
+
     private static void assertCors(OAuthClient.AccessTokenResponse response) {
         assertEquals("true", response.getHeaders().get("Access-Control-Allow-Credentials"));
         assertEquals(VALID_CORS_URL, response.getHeaders().get("Access-Control-Allow-Origin"));

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github