-
Notifications
You must be signed in to change notification settings - Fork 262
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[ELY-2340] Add the ability to allow query params in redirect URIs via…
… a new system property
- Loading branch information
Showing
6 changed files
with
250 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
61 changes: 61 additions & 0 deletions
61
http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsBaseTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,61 @@ | ||
| /* | ||
| * JBoss, Home of Professional Open Source. | ||
| * Copyright 2024 Red Hat, Inc., and individual contributors | ||
| * as indicated by the @author tags. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.wildfly.security.http.oidc; | ||
|
|
||
| import static org.junit.Assume.assumeTrue; | ||
|
|
||
| import org.junit.AfterClass; | ||
| import org.junit.BeforeClass; | ||
|
|
||
| import io.restassured.RestAssured; | ||
| import okhttp3.mockwebserver.MockWebServer; | ||
|
|
||
| /** | ||
| * Tests for the {@code wildfly.elytron.oidc.allow.query.params} system property. | ||
| * | ||
| * @author <a href="mailto:fjuma@redhat.com">Farah Juma</a> | ||
| */ | ||
| public class QueryParamsBaseTest extends OidcBaseTest { | ||
|
|
||
| @BeforeClass | ||
| public static void startTestContainers() throws Exception { | ||
| assumeTrue("Docker isn't available, OIDC tests will be skipped", isDockerAvailable()); | ||
| KEYCLOAK_CONTAINER = new KeycloakContainer(); | ||
| KEYCLOAK_CONTAINER.start(); | ||
| sendRealmCreationRequest(KeycloakConfiguration.getRealmRepresentation(TEST_REALM, CLIENT_ID, CLIENT_SECRET, CLIENT_HOST_NAME, CLIENT_PORT, CLIENT_APP, 3, 3, true)); | ||
| client = new MockWebServer(); | ||
| client.start(CLIENT_PORT); | ||
| } | ||
|
|
||
| @AfterClass | ||
| public static void generalCleanup() throws Exception { | ||
| if (KEYCLOAK_CONTAINER != null) { | ||
| RestAssured | ||
| .given() | ||
| .auth().oauth2(KeycloakConfiguration.getAdminAccessToken(KEYCLOAK_CONTAINER.getAuthServerUrl())) | ||
| .when() | ||
| .delete(KEYCLOAK_CONTAINER.getAuthServerUrl() + "/admin/realms/" + TEST_REALM).then().statusCode(204); | ||
| KEYCLOAK_CONTAINER.stop(); | ||
| } | ||
| if (client != null) { | ||
| client.shutdown(); | ||
| } | ||
| } | ||
|
|
||
| } |
75 changes: 75 additions & 0 deletions
75
http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsDisabledTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,75 @@ | ||
| /* | ||
| * JBoss, Home of Professional Open Source. | ||
| * Copyright 2024 Red Hat, Inc., and individual contributors | ||
| * as indicated by the @author tags. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.wildfly.security.http.oidc; | ||
|
|
||
| import static org.junit.Assume.assumeFalse; | ||
| import static org.wildfly.security.http.oidc.Oidc.ALLOW_QUERY_PARAMS_PROPERTY_NAME; | ||
|
|
||
| import org.apache.http.HttpStatus; | ||
| import org.junit.BeforeClass; | ||
| import org.junit.Test; | ||
|
|
||
| /** | ||
| * Tests for disabling query params via the {@code wildfly.elytron.oidc.allow.query.params} system property. | ||
| * | ||
| * @author <a href="mailto:fjuma@redhat.com">Farah Juma</a> | ||
| */ | ||
| public class QueryParamsDisabledTest extends QueryParamsBaseTest { | ||
|
|
||
| @BeforeClass | ||
| public static void beforeClass() { | ||
| assumeFalse("wildfly.elytron.oidc.allow.query.params should default to false", | ||
| Boolean.parseBoolean(System.getProperty(ALLOW_QUERY_PARAMS_PROPERTY_NAME))); | ||
| } | ||
|
|
||
| /** | ||
| * Test successfully logging in without query params included in the URL. | ||
| */ | ||
| @Test | ||
| public void testSuccessfulAuthenticationWithoutQueryParamsWithSystemPropertyDisabled() throws Exception { | ||
| String originalUrl = getClientUrl(); | ||
| String expectedUrlAfterRedirect = originalUrl; | ||
| performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, | ||
| KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, | ||
| expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); | ||
| } | ||
|
|
||
| /** | ||
| * Test successfully logging in with query params included in the URL. | ||
| * The query params should not be present upon redirect. | ||
| */ | ||
| @Test | ||
| public void testSuccessfulAuthenticationWithQueryParamsWithSystemPropertyDisabled() throws Exception { | ||
| String queryParams = "?myparam=abc"; | ||
| String originalUrl = getClientUrl() + queryParams; | ||
| String expectedUrlAfterRedirect = getClientUrl(); | ||
| performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, | ||
| KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, | ||
| originalUrl, expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); | ||
|
|
||
| queryParams = "?one=abc&two=def&three=ghi"; | ||
| originalUrl = getClientUrl() + queryParams; | ||
| expectedUrlAfterRedirect = getClientUrl(); | ||
| performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, | ||
| KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, | ||
| expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); | ||
| } | ||
|
|
||
| } | ||
|
|
85 changes: 85 additions & 0 deletions
85
http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsEnabledTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,85 @@ | ||
| /* | ||
| * JBoss, Home of Professional Open Source. | ||
| * Copyright 2024 Red Hat, Inc., and individual contributors | ||
| * as indicated by the @author tags. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.wildfly.security.http.oidc; | ||
|
|
||
| import static org.wildfly.security.http.oidc.Oidc.ALLOW_QUERY_PARAMS_PROPERTY_NAME; | ||
|
|
||
| import org.apache.http.HttpStatus; | ||
| import org.junit.AfterClass; | ||
| import org.junit.BeforeClass; | ||
| import org.junit.Test; | ||
|
|
||
| /** | ||
| * Tests for enabling query params via the {@code wildfly.elytron.oidc.allow.query.params} system property. | ||
| * | ||
| * @author <a href="mailto:fjuma@redhat.com">Farah Juma</a> | ||
| */ | ||
| public class QueryParamsEnabledTest extends QueryParamsBaseTest { | ||
|
|
||
| private static String ALLOW_QUERY_PARAMS_PROPERTY; | ||
|
|
||
| @BeforeClass | ||
| public static void beforeClass() { | ||
| ALLOW_QUERY_PARAMS_PROPERTY = System.setProperty(ALLOW_QUERY_PARAMS_PROPERTY_NAME, "true"); | ||
| } | ||
|
|
||
| @AfterClass | ||
| public static void afterClass() { | ||
| if (ALLOW_QUERY_PARAMS_PROPERTY == null) { | ||
| System.clearProperty(ALLOW_QUERY_PARAMS_PROPERTY_NAME); | ||
| } else { | ||
| System.setProperty(ALLOW_QUERY_PARAMS_PROPERTY_NAME, ALLOW_QUERY_PARAMS_PROPERTY); | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * Test successfully logging in without query params included in the URL. | ||
| */ | ||
| @Test | ||
| public void testSuccessfulAuthenticationWithoutQueryParamsWithSystemPropertyEnabled() throws Exception { | ||
| String originalUrl = getClientUrl(); | ||
| String expectedUrlAfterRedirect = originalUrl; | ||
| performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, | ||
| KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, | ||
| expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); | ||
| } | ||
|
|
||
| /** | ||
| * Test successfully logging in with query params included in the URL. | ||
| * The query params should be present upon redirect. | ||
| */ | ||
| @Test | ||
| public void testSuccessfulAuthenticationWithQueryParamsWithSystemPropertyEnabled() throws Exception { | ||
| String queryParams = "?myparam=abc"; | ||
| String originalUrl = getClientUrl() + queryParams; | ||
| String expectedUrlAfterRedirect = originalUrl; | ||
| performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, | ||
| KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, | ||
| expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); | ||
|
|
||
| queryParams = "?one=abc&two=def&three=ghi"; | ||
| originalUrl = getClientUrl() + queryParams; | ||
| expectedUrlAfterRedirect = originalUrl; | ||
| performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, | ||
| KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, | ||
| expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); | ||
| } | ||
|
|
||
| } | ||
|
|