Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
KEYCLOAK-15585 OIDC redirect_uri allows dangerous schemes resulting i…
…n potential XSS (cherry picked from commit e86bec8) Conflicts: testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java services/src/main/java/org/keycloak/validation/DefaultClientValidationProvider.java
- Loading branch information
Showing
30 changed files
with
781 additions
and
694 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
88 changes: 0 additions & 88 deletions
88
server-spi-private/src/main/java/org/keycloak/validation/ClientValidationUtil.java
This file was deleted.
Oops, something went wrong.
77 changes: 77 additions & 0 deletions
77
server-spi-private/src/main/java/org/keycloak/validation/DefaultValidationContext.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,77 @@ | ||
| /* | ||
| * Copyright 2020 Red Hat, Inc. and/or its affiliates | ||
| * and other contributors as indicated by the @author tags. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.keycloak.validation; | ||
|
|
||
| import org.keycloak.models.KeycloakSession; | ||
|
|
||
| import java.util.HashSet; | ||
| import java.util.Set; | ||
|
|
||
| /** | ||
| * @author Vaclav Muzikar <vmuzikar@redhat.com> | ||
| */ | ||
| public abstract class DefaultValidationContext<T> implements ValidationContext<T> { | ||
|
|
||
| private final Event event; | ||
| private final KeycloakSession session; | ||
| private final T objectToValidate; | ||
| private final Set<ValidationError> errors; | ||
|
|
||
| public DefaultValidationContext(Event event, KeycloakSession session, T objectToValidate) { | ||
| this.event = event; | ||
| this.session = session; | ||
| this.objectToValidate = objectToValidate; | ||
| this.errors = new HashSet<>(); | ||
| } | ||
|
|
||
| @Override | ||
| public Event getEvent() { | ||
| return event; | ||
| } | ||
|
|
||
| @Override | ||
| public KeycloakSession getSession() { | ||
| return session; | ||
| } | ||
|
|
||
| @Override | ||
| public T getObjectToValidate() { | ||
| return objectToValidate; | ||
| } | ||
|
|
||
| @Override | ||
| public ValidationContext<T> addError(String message) { | ||
| return addError(null, message, null); | ||
| } | ||
|
|
||
| @Override | ||
| public ValidationContext<T> addError(String fieldId, String message) { | ||
| return addError(fieldId, message, null); | ||
| } | ||
|
|
||
| @Override | ||
| public ValidationContext<T> addError(String fieldId, String message, String localizedMessageKey, Object... localizedMessageParams) { | ||
| errors.add(new ValidationError(fieldId, message, localizedMessageKey, localizedMessageParams)); | ||
| return this; | ||
| } | ||
|
|
||
| @Override | ||
| public ValidationResult toResult() { | ||
| return new ValidationResult(new HashSet<>(errors)); | ||
| } | ||
| } |
39 changes: 39 additions & 0 deletions
39
server-spi-private/src/main/java/org/keycloak/validation/ValidationContext.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| /* | ||
| * Copyright 2019 Red Hat, Inc. and/or its affiliates | ||
| * and other contributors as indicated by the @author tags. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
| package org.keycloak.validation; | ||
|
|
||
| import org.keycloak.models.KeycloakSession; | ||
|
|
||
| public interface ValidationContext<T> { | ||
|
|
||
| enum Event { | ||
| CREATE, | ||
| UPDATE | ||
| } | ||
|
|
||
| Event getEvent(); | ||
|
|
||
| KeycloakSession getSession(); | ||
|
|
||
| T getObjectToValidate(); | ||
|
|
||
| ValidationContext<T> addError(String message); | ||
| ValidationContext<T> addError(String fieldId, String message); | ||
| ValidationContext<T> addError(String fieldId, String message, String localizedMessageKey, Object... localizedMessageParams); | ||
|
|
||
| ValidationResult toResult(); | ||
| } |
87 changes: 87 additions & 0 deletions
87
server-spi-private/src/main/java/org/keycloak/validation/ValidationError.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,87 @@ | ||
| /* | ||
| * Copyright 2020 Red Hat, Inc. and/or its affiliates | ||
| * and other contributors as indicated by the @author tags. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.keycloak.validation; | ||
|
|
||
| import java.text.MessageFormat; | ||
| import java.util.Arrays; | ||
| import java.util.Objects; | ||
| import java.util.Properties; | ||
|
|
||
| /** | ||
| * @author Vaclav Muzikar <vmuzikar@redhat.com> | ||
| */ | ||
| public class ValidationError { | ||
| private final String fieldId; | ||
| private final String message; | ||
| private final String localizedMessageKey; | ||
| private final Object[] localizedMessageParameters; | ||
|
|
||
| public ValidationError(String fieldId, String message, String localizedMessageKey, Object[] localizedMessageParameters) { | ||
| if (message == null) { | ||
| throw new IllegalArgumentException("Message must be set"); | ||
| } | ||
|
|
||
| this.fieldId = fieldId; | ||
| this.message = message; | ||
| this.localizedMessageKey = localizedMessageKey; | ||
| this.localizedMessageParameters = localizedMessageParameters; | ||
| } | ||
|
|
||
| public String getFieldId() { | ||
| return fieldId; | ||
| } | ||
|
|
||
| public String getLocalizedMessageKey() { | ||
| return localizedMessageKey; | ||
| } | ||
|
|
||
| public Object[] getLocalizedMessageParams() { | ||
| return localizedMessageParameters; | ||
| } | ||
|
|
||
| public String getMessage() { | ||
| return message; | ||
| } | ||
|
|
||
| public String getLocalizedMessage(Properties messagesBundle) { | ||
| if (getLocalizedMessageKey() != null) { | ||
| return MessageFormat.format(messagesBundle.getProperty(getLocalizedMessageKey(), getMessage()), getLocalizedMessageParams()); | ||
| } | ||
| else { | ||
| return getMessage(); | ||
| } | ||
| } | ||
|
|
||
| @Override | ||
| public boolean equals(Object o) { | ||
| if (this == o) return true; | ||
| if (o == null || getClass() != o.getClass()) return false; | ||
| ValidationError error = (ValidationError) o; | ||
| return Objects.equals(fieldId, error.fieldId) && | ||
| message.equals(error.message) && | ||
| Objects.equals(localizedMessageKey, error.localizedMessageKey) && | ||
| Arrays.equals(localizedMessageParameters, error.localizedMessageParameters); | ||
| } | ||
|
|
||
| @Override | ||
| public int hashCode() { | ||
| int result = Objects.hash(fieldId, message, localizedMessageKey); | ||
| result = 31 * result + Arrays.hashCode(localizedMessageParameters); | ||
| return result; | ||
| } | ||
| } |
Oops, something went wrong.