Examples with KeycloakUriInfo - org.keycloak.models.KeycloakUriInfo

Example 6 with KeycloakUriInfo

use of org.keycloak.models.KeycloakUriInfo in project keycloak by keycloak.

the class RedirectUtils method verifyRedirectUri.

public static String verifyRedirectUri(KeycloakSession session, String rootUrl, String redirectUri, Set<String> validRedirects, boolean requireRedirectUri) {
    KeycloakUriInfo uriInfo = session.getContext().getUri();
    RealmModel realm = session.getContext().getRealm();
    if (redirectUri != null) {
        try {
            URI uri = URI.create(redirectUri);
            redirectUri = uri.normalize().toString();
        } catch (IllegalArgumentException cause) {
            logger.debug("Invalid redirect uri", cause);
            return null;
        } catch (Exception cause) {
            logger.debug("Unexpected error when parsing redirect uri", cause);
            return null;
        }
    }
    if (redirectUri == null) {
        if (!requireRedirectUri) {
            redirectUri = getSingleValidRedirectUri(validRedirects);
        }
        if (redirectUri == null) {
            logger.debug("No Redirect URI parameter specified");
            return null;
        }
    } else if (validRedirects.isEmpty()) {
        logger.debug("No Redirect URIs supplied");
        redirectUri = null;
    } else {
        redirectUri = lowerCaseHostname(redirectUri);
        String r = redirectUri;
        Set<String> resolveValidRedirects = resolveValidRedirects(session, rootUrl, validRedirects);
        boolean valid = matchesRedirects(resolveValidRedirects, r);
        if (!valid && (r.startsWith(Constants.INSTALLED_APP_URL) || r.startsWith(Constants.INSTALLED_APP_LOOPBACK)) && r.indexOf(':', Constants.INSTALLED_APP_URL.length()) >= 0) {
            int i = r.indexOf(':', Constants.INSTALLED_APP_URL.length());
            StringBuilder sb = new StringBuilder();
            sb.append(r.substring(0, i));
            i = r.indexOf('/', i);
            if (i >= 0) {
                sb.append(r.substring(i));
            }
            r = sb.toString();
            valid = matchesRedirects(resolveValidRedirects, r);
        }
        if (valid && redirectUri.startsWith("/")) {
            redirectUri = relativeToAbsoluteURI(session, rootUrl, redirectUri);
        }
        redirectUri = valid ? redirectUri : null;
    }
    if (Constants.INSTALLED_APP_URN.equals(redirectUri)) {
        return Urls.realmInstalledAppUrnCallback(uriInfo.getBaseUri(), realm.getName()).toString();
    } else {
        return redirectUri;
    }
}

Also used : RealmModel(org.keycloak.models.RealmModel) Set(java.util.Set) HashSet(java.util.HashSet) KeycloakUriInfo(org.keycloak.models.KeycloakUriInfo) URI(java.net.URI)

Aggregations

KeycloakUriInfo (org.keycloak.models.KeycloakUriInfo)6 RealmModel (org.keycloak.models.RealmModel)3 URI (java.net.URI)2 UriBuilder (javax.ws.rs.core.UriBuilder)2 KeycloakContext (org.keycloak.models.KeycloakContext)2 OAuth2DeviceTokenStoreProvider (org.keycloak.models.OAuth2DeviceTokenStoreProvider)2 IOException (java.io.IOException)1 HashSet (java.util.HashSet)1 Locale (java.util.Locale)1 Set (java.util.Set)1 Response (javax.ws.rs.core.Response)1 UriInfo (javax.ws.rs.core.UriInfo)1 HttpRequest (org.jboss.resteasy.spi.HttpRequest)1 EmailException (org.keycloak.email.EmailException)1 UrlBean (org.keycloak.forms.login.freemarker.model.UrlBean)1 LinkExpirationFormatterMethod (org.keycloak.theme.beans.LinkExpirationFormatterMethod)1