Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix account linking url for frontend. #18815

Merged
merged 1 commit into from
Jan 18, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ public String getAccountLinkingURL(
byte[] check = md.digest(input.getBytes(StandardCharsets.UTF_8));
final String hash = Base64.getUrlEncoder().encodeToString(check);

return UriBuilder.fromUri(oidcInfo.getAuthServerURL())
return UriBuilder.fromUri(oidcInfo.getAuthServerPublicURL())
.path("/realms/{realm}/broker/{provider}/link")
.queryParam("nonce", nonce)
.queryParam("hash", hash)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ public class OIDCInfo {
private final String jwksPublicUri;
private final String jwksUri;
private final String authServerURL;
private final String authServerPublicURL;

public OIDCInfo(
String tokenPublicEndpoint,
Expand All @@ -30,7 +31,8 @@ public OIDCInfo(
String userInfoEndpoint,
String jwksPublicUri,
String jwksUri,
String authServerURL) {
String authServerURL,
String authServerPublicURL) {
this.tokenPublicEndpoint = tokenPublicEndpoint;
this.endSessionPublicEndpoint = endSessionPublicEndpoint;
this.userInfoPublicEndpoint = userInfoPublicEndpoint;
Expand All @@ -39,6 +41,7 @@ public OIDCInfo(
this.jwksUri = jwksUri;

this.authServerURL = authServerURL;
this.authServerPublicURL = authServerPublicURL;
}

/** @return public url to retrieve token */
Expand Down Expand Up @@ -84,4 +87,9 @@ public String getJwksUri() {
public String getAuthServerURL() {
return authServerURL;
}

/** @return public OIDC auth endpoint url. */
public String getAuthServerPublicURL() {
return authServerPublicURL;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,8 @@ public OIDCInfo get() {
userInfoEndpoint,
jwksPublicUri,
jwksUri,
serverAuthUrl);
serverAuthUrl,
serverURL);
} catch (IOException e) {
throw new RuntimeException(
"Exception while retrieving OpenId configuration from endpoint: " + wellKnownEndpoint, e);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,17 @@

import static javax.ws.rs.core.MediaType.APPLICATION_JSON;
import static org.eclipse.che.dto.server.DtoFactory.newDto;
import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.AUTH_SERVER_URL_INTERNAL_SETTING;
import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.REALM_SETTING;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.when;
import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertNotNull;
import static org.testng.Assert.assertTrue;

import com.jayway.restassured.RestAssured;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtParser;
import java.util.HashMap;
import java.util.Map;
Expand Down Expand Up @@ -55,35 +59,63 @@ public class KeycloakServiceClientTest {
@Mock private KeycloakSettings keycloakSettings;
@Mock private JwtParser jwtParser;
@Mock private OIDCInfo oidcInfo;
@Mock private Jws<Claims> jws;
@Mock private Claims claims;

private KeycloakServiceClient keycloakServiceClient;

@SuppressWarnings("unused")
private KeycloakService keycloakService;

private static final String token = "token123";
private static final String clientId = "some-client-id";
private static final String someSessionState = "some-state";
private static final String scope = "test_scope";

@SuppressWarnings("unused")
private final LocalApiExceptionMapper exceptionMapper = new LocalApiExceptionMapper();

@BeforeMethod
public void setUp() throws Exception {
when(oidcInfo.getAuthServerURL())
.thenReturn(RestAssured.baseURI + ":" + RestAssured.port + RestAssured.basePath);
when(oidcInfo.getAuthServerPublicURL()).thenReturn("https://keycloak-che");
when(jwtParser.parseClaimsJws(token)).thenReturn(jws);
when(jws.getBody()).thenReturn(claims);
when(claims.get(anyString(), eq(String.class)))
.thenAnswer(
invocationOnMock -> {
String arg = (String) invocationOnMock.getArguments()[0];
if (arg.equals("azp")) {
return clientId;
}
if (arg.equals("session_state")) {
return someSessionState;
}
return null;
});

keycloakServiceClient = new KeycloakServiceClient(keycloakSettings, oidcInfo, jwtParser);
Map<String, String> conf = new HashMap<>();
Map<String, String> confInternal = new HashMap<>();
confInternal.put(
AUTH_SERVER_URL_INTERNAL_SETTING,
RestAssured.baseURI + ":" + RestAssured.port + RestAssured.basePath);
conf.put(REALM_SETTING, "che");
confInternal.put(REALM_SETTING, "che");
when(keycloakSettings.get()).thenReturn(confInternal);
when(keycloakSettings.get()).thenReturn(conf);
}

@Test
public void shouldReturnPublicAccountLinkingURL() throws Exception {
keycloakService = new KeycloakService(token, scope, token, null);
keycloakServiceClient.getIdentityProviderToken("github");

String accountLinkURL =
keycloakServiceClient.getAccountLinkingURL(
token, "github", "https://some-redirect-link/auth/realms/che/broker/github/endpoint");
assertTrue(
accountLinkURL.matches(
"https://keycloak-che/realms/che/broker/github/link\\?nonce=([0-9a-z-]*)&hash=([0-9A-Za-z-_%]*)&client_id=some-client-id&redirect_uri=https://some-redirect-link/auth/realms/che/broker/github/endpoint"));
}

@Test
public void shouldReturnToken() throws Exception {
String token = "token123";
String scope = "test_scope";
String tokenType = "test_type";
keycloakService = new KeycloakService(token, scope, tokenType, null);
KeycloakTokenResponse response = keycloakServiceClient.getIdentityProviderToken("github");
Expand Down