Removed `stackeChecker` parameter check against session's attribute

avatar-realm-resource/src/main/java/org/gcube/keycloak/avatar/AvatarResource.java

@@ -2,10 +2,8 @@ package org.gcube.keycloak.avatar;
 
 import java.io.InputStream;
 import java.util.List;
-import java.util.Objects;
 
 import javax.ws.rs.Consumes;
-import javax.ws.rs.ForbiddenException;
 import javax.ws.rs.GET;
 import javax.ws.rs.NotAuthorizedException;
 import javax.ws.rs.POST;
@@ -25,8 +23,8 @@ import org.keycloak.services.resources.RealmsResource;
 
 public class AvatarResource extends AbstractAvatarResource {
 
-    public static final String STATE_CHECKER_ATTRIBUTE = "state_checker";
-    public static final String STATE_CHECKER_PARAMETER = "stateChecker";
+//    public static final String STATE_CHECKER_ATTRIBUTE = "state_checker";
+//    public static final String STATE_CHECKER_PARAMETER = "stateChecker";
 
     public AvatarResource(KeycloakSession session) {
         super(session);
@@ -59,9 +57,9 @@ public class AvatarResource extends AbstractAvatarResource {
             throw new NotAuthorizedException("Bearer");
         }
 
-        if (!isValidStateChecker(input)) {
-            throw new ForbiddenException("State");
-        }
+//        if (!isValidStateChecker(input)) {
+//            throw new ForbiddenException("State");
+//        }
 
         logger.debugf("Uploading new avatar for user %s in realm %s", auth.getUser(), auth.getSession().getRealm());
         Response response = null;
@@ -88,15 +86,15 @@ public class AvatarResource extends AbstractAvatarResource {
         return response;
     }
 
-    private boolean isValidStateChecker(MultipartFormDataInput input) {
-        try {
-            String actualStateChecker = input.getFormDataPart(STATE_CHECKER_PARAMETER, String.class, null);
-            String requiredStateChecker = (String) session.getAttribute(STATE_CHECKER_ATTRIBUTE);
-
-            return Objects.equals(requiredStateChecker, actualStateChecker);
-        } catch (Exception ex) {
-            return false;
-        }
-    }
+//    private boolean isValidStateChecker(MultipartFormDataInput input) {
+//        try {
+//            String actualStateChecker = input.getFormDataPart(STATE_CHECKER_PARAMETER, String.class, null);
+//            String requiredStateChecker = (String) session.getAttribute(STATE_CHECKER_ATTRIBUTE);
+//
+//            return Objects.equals(requiredStateChecker, actualStateChecker);
+//        } catch (Exception ex) {
+//            return false;
+//        }
+//    }
 
 }

delete-account/src/main/java/org/gcube/keycloak/account/DeleteAccountResource.java

@@ -2,8 +2,6 @@ package org.gcube.keycloak.account;
 
 import java.net.URI;
 
-import javax.ws.rs.ForbiddenException;
-import javax.ws.rs.FormParam;
 import javax.ws.rs.NotAuthorizedException;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
@@ -24,8 +22,8 @@ public class DeleteAccountResource {
 
     protected static final Logger logger = Logger.getLogger(DeleteAccountResource.class);
 
-    public static final String STATE_CHECKER_ATTRIBUTE = "state_checker";
-    public static final String STATE_CHECKER_PARAMETER = "stateChecker";
+//    public static final String STATE_CHECKER_ATTRIBUTE = "state_checker";
+//    public static final String STATE_CHECKER_PARAMETER = "stateChecker";
 
     private final KeycloakSession session;
     private final AuthenticationManager.AuthResult auth;
@@ -39,15 +37,16 @@ public class DeleteAccountResource {
     @NoCache
     @POST()
     @Path("delete")
-    public Response performDeleteAccount(@FormParam(STATE_CHECKER_PARAMETER) String stateChecker) {
+//    public Response performDeleteAccount(@FormParam(STATE_CHECKER_PARAMETER) String stateChecker) {
+    public Response performDeleteAccount() {
         if (auth == null) {
             logger.debug("Invoked DELETE without authorization");
             throw new NotAuthorizedException("Cookie");
         }
-        String requiredStateChecker = session.getAttribute(STATE_CHECKER_ATTRIBUTE, String.class);
-        if (!requiredStateChecker.equals(stateChecker)) {
-            throw new ForbiddenException("State");
-        }
+//        String requiredStateChecker = session.getAttribute(STATE_CHECKER_ATTRIBUTE, String.class);
+//        if (!requiredStateChecker.equals(stateChecker)) {
+//            throw new ForbiddenException("State");
+//        }
         logger.info("Invoked perform delete account");
 
         logger.debug("Getting realm model from auth session");