Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[3.x] Oidc tenant name now properly escaped #5872

Merged
merged 2 commits into from
Jan 17, 2023
Merged

[3.x] Oidc tenant name now properly escaped #5872

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ad13a5d
Oidc tenant name now properly escaped
Verdent Jan 17, 2023
580fac1
Trigger pipeline
Verdent Jan 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions ...rs/oidc/src/main/java/io/helidon/security/providers/oidc/TenantAuthenticationHandler.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2022 Oracle and/or its affiliates.
* Copyright (c) 2022, 2023 Oracle and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -294,7 +294,8 @@ private AuthenticationResponse errorResponse(ProviderRequest providerRequest,
String authorizationEndpoint = tenant.authorizationEndpointUri();
String nonce = UUID.randomUUID().toString();
String redirectUri =
encode(redirectUri(providerRequest.env()) + "?" + oidcConfig.tenantParamName() + "=" + tenantId);
encode(redirectUri(providerRequest.env()) + "?"
+ encode(oidcConfig.tenantParamName()) + "=" + encode(tenantId));


StringBuilder queryString = new StringBuilder("?");
Expand Down
25 changes: 24 additions & 1 deletion .../integration/oidc/src/test/java/io/helidon/tests/integration/oidc/CookieBasedLoginIT.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2022 Oracle and/or its affiliates.
* Copyright (c) 2022, 2023 Oracle and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -101,6 +101,29 @@ public void testFallbackToDefaultIfTenantNotFound(WebTarget webTarget) {
}
}

@Test
public void testDefaultTenantUsage(WebTarget webTarget) {
String formUri;

//greet endpoint is protected, and we need to get JWT token out of the Keycloak. We will get redirected to the Keycloak.
try (Response response = client.target(webTarget.getUri()).path("/test")
.request()
.get()) {
assertThat(response.getStatus(), is(Response.Status.OK.getStatusCode()));
//We need to get form URI out of the HTML
formUri = getRequestUri(response.readEntity(String.class));
}

//Sending authentication to the Keycloak and getting redirected back to the running Helidon app.
Entity<Form> form = Entity.form(new Form().param("username", "userone")
.param("password", "12345")
.param("credentialId", ""));
try (Response response = client.target(formUri).request().post(form)) {
assertThat(response.getStatus(), is(Response.Status.OK.getStatusCode()));
assertThat(response.readEntity(String.class), is(EXPECTED_TEST_MESSAGE));
}
}

private String getRequestUri(String html) {
Document document = Jsoup.parse(html);
return document.getElementById("kc-form-login").attr("action");
Expand Down
24 changes: 23 additions & 1 deletion ...s/integration/oidc/src/test/java/io/helidon/tests/integration/oidc/QueryBasedLoginIT.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2022 Oracle and/or its affiliates.
* Copyright (c) 2022, 2023 Oracle and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -128,6 +128,28 @@ void testFallbackToDefaultIfTenantNotFound(WebTarget webTarget) {
assertThat(response.readEntity(String.class), is(EXPECTED_TEST_MESSAGE));
}
}
@Test
public void testDefaultTenantUsage(WebTarget webTarget) {
String formUri;

//greet endpoint is protected, and we need to get JWT token out of the Keycloak. We will get redirected to the Keycloak.
try (Response response = client.target(webTarget.getUri()).path("/test")
.request()
.get()) {
assertThat(response.getStatus(), is(Response.Status.OK.getStatusCode()));
//We need to get form URI out of the HTML
formUri = getRequestUri(response.readEntity(String.class));
}

//Sending authentication to the Keycloak and getting redirected back to the running Helidon app.
Entity<Form> form = Entity.form(new Form().param("username", "userone")
.param("password", "12345")
.param("credentialId", ""));
try (Response response = client.target(formUri).request().post(form)) {
assertThat(response.getStatus(), is(Response.Status.OK.getStatusCode()));
assertThat(response.readEntity(String.class), is(EXPECTED_TEST_MESSAGE));
}
}

private String getRequestUri(String html) {
Document document = Jsoup.parse(html);
Expand Down