Removed `stackeChecker` parameter check against session's attribute
This commit is contained in:
parent
cd3e7b0674
commit
5f43c1f3e5
|
@ -2,10 +2,8 @@ package org.gcube.keycloak.avatar;
|
||||||
|
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Objects;
|
|
||||||
|
|
||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
import javax.ws.rs.ForbiddenException;
|
|
||||||
import javax.ws.rs.GET;
|
import javax.ws.rs.GET;
|
||||||
import javax.ws.rs.NotAuthorizedException;
|
import javax.ws.rs.NotAuthorizedException;
|
||||||
import javax.ws.rs.POST;
|
import javax.ws.rs.POST;
|
||||||
|
@ -25,8 +23,8 @@ import org.keycloak.services.resources.RealmsResource;
|
||||||
|
|
||||||
public class AvatarResource extends AbstractAvatarResource {
|
public class AvatarResource extends AbstractAvatarResource {
|
||||||
|
|
||||||
public static final String STATE_CHECKER_ATTRIBUTE = "state_checker";
|
// public static final String STATE_CHECKER_ATTRIBUTE = "state_checker";
|
||||||
public static final String STATE_CHECKER_PARAMETER = "stateChecker";
|
// public static final String STATE_CHECKER_PARAMETER = "stateChecker";
|
||||||
|
|
||||||
public AvatarResource(KeycloakSession session) {
|
public AvatarResource(KeycloakSession session) {
|
||||||
super(session);
|
super(session);
|
||||||
|
@ -59,9 +57,9 @@ public class AvatarResource extends AbstractAvatarResource {
|
||||||
throw new NotAuthorizedException("Bearer");
|
throw new NotAuthorizedException("Bearer");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!isValidStateChecker(input)) {
|
// if (!isValidStateChecker(input)) {
|
||||||
throw new ForbiddenException("State");
|
// throw new ForbiddenException("State");
|
||||||
}
|
// }
|
||||||
|
|
||||||
logger.debugf("Uploading new avatar for user %s in realm %s", auth.getUser(), auth.getSession().getRealm());
|
logger.debugf("Uploading new avatar for user %s in realm %s", auth.getUser(), auth.getSession().getRealm());
|
||||||
Response response = null;
|
Response response = null;
|
||||||
|
@ -88,15 +86,15 @@ public class AvatarResource extends AbstractAvatarResource {
|
||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean isValidStateChecker(MultipartFormDataInput input) {
|
// private boolean isValidStateChecker(MultipartFormDataInput input) {
|
||||||
try {
|
// try {
|
||||||
String actualStateChecker = input.getFormDataPart(STATE_CHECKER_PARAMETER, String.class, null);
|
// String actualStateChecker = input.getFormDataPart(STATE_CHECKER_PARAMETER, String.class, null);
|
||||||
String requiredStateChecker = (String) session.getAttribute(STATE_CHECKER_ATTRIBUTE);
|
// String requiredStateChecker = (String) session.getAttribute(STATE_CHECKER_ATTRIBUTE);
|
||||||
|
//
|
||||||
return Objects.equals(requiredStateChecker, actualStateChecker);
|
// return Objects.equals(requiredStateChecker, actualStateChecker);
|
||||||
} catch (Exception ex) {
|
// } catch (Exception ex) {
|
||||||
return false;
|
// return false;
|
||||||
}
|
// }
|
||||||
}
|
// }
|
||||||
|
|
||||||
}
|
}
|
|
@ -2,8 +2,6 @@ package org.gcube.keycloak.account;
|
||||||
|
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
|
|
||||||
import javax.ws.rs.ForbiddenException;
|
|
||||||
import javax.ws.rs.FormParam;
|
|
||||||
import javax.ws.rs.NotAuthorizedException;
|
import javax.ws.rs.NotAuthorizedException;
|
||||||
import javax.ws.rs.POST;
|
import javax.ws.rs.POST;
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
|
@ -24,8 +22,8 @@ public class DeleteAccountResource {
|
||||||
|
|
||||||
protected static final Logger logger = Logger.getLogger(DeleteAccountResource.class);
|
protected static final Logger logger = Logger.getLogger(DeleteAccountResource.class);
|
||||||
|
|
||||||
public static final String STATE_CHECKER_ATTRIBUTE = "state_checker";
|
// public static final String STATE_CHECKER_ATTRIBUTE = "state_checker";
|
||||||
public static final String STATE_CHECKER_PARAMETER = "stateChecker";
|
// public static final String STATE_CHECKER_PARAMETER = "stateChecker";
|
||||||
|
|
||||||
private final KeycloakSession session;
|
private final KeycloakSession session;
|
||||||
private final AuthenticationManager.AuthResult auth;
|
private final AuthenticationManager.AuthResult auth;
|
||||||
|
@ -39,15 +37,16 @@ public class DeleteAccountResource {
|
||||||
@NoCache
|
@NoCache
|
||||||
@POST()
|
@POST()
|
||||||
@Path("delete")
|
@Path("delete")
|
||||||
public Response performDeleteAccount(@FormParam(STATE_CHECKER_PARAMETER) String stateChecker) {
|
// public Response performDeleteAccount(@FormParam(STATE_CHECKER_PARAMETER) String stateChecker) {
|
||||||
|
public Response performDeleteAccount() {
|
||||||
if (auth == null) {
|
if (auth == null) {
|
||||||
logger.debug("Invoked DELETE without authorization");
|
logger.debug("Invoked DELETE without authorization");
|
||||||
throw new NotAuthorizedException("Cookie");
|
throw new NotAuthorizedException("Cookie");
|
||||||
}
|
}
|
||||||
String requiredStateChecker = session.getAttribute(STATE_CHECKER_ATTRIBUTE, String.class);
|
// String requiredStateChecker = session.getAttribute(STATE_CHECKER_ATTRIBUTE, String.class);
|
||||||
if (!requiredStateChecker.equals(stateChecker)) {
|
// if (!requiredStateChecker.equals(stateChecker)) {
|
||||||
throw new ForbiddenException("State");
|
// throw new ForbiddenException("State");
|
||||||
}
|
// }
|
||||||
logger.info("Invoked perform delete account");
|
logger.info("Invoked perform delete account");
|
||||||
|
|
||||||
logger.debug("Getting realm model from auth session");
|
logger.debug("Getting realm model from auth session");
|
||||||
|
|
Loading…
Reference in New Issue