From 4da0d94b96e662b8dffe281d0a2de812f11cda71 Mon Sep 17 00:00:00 2001
From: Jacek Kowalski <Jacek@jacekk.info>
Date: Sun, 10 May 2020 20:40:15 +0000
Subject: [PATCH] Filter potentially dangerous input in GitHub Actions workflows
---
src/main/java/org/keycloak/protocol/cas/endpoints/ServiceValidateEndpoint.java | 28 ++++++++--------------------
1 files changed, 8 insertions(+), 20 deletions(-)
diff --git a/src/main/java/org/keycloak/protocol/cas/endpoints/ServiceValidateEndpoint.java b/src/main/java/org/keycloak/protocol/cas/endpoints/ServiceValidateEndpoint.java
index a5a3069..fa56d4f 100644
--- a/src/main/java/org/keycloak/protocol/cas/endpoints/ServiceValidateEndpoint.java
+++ b/src/main/java/org/keycloak/protocol/cas/endpoints/ServiceValidateEndpoint.java
@@ -1,17 +1,15 @@
package org.keycloak.protocol.cas.endpoints;
import org.keycloak.events.EventBuilder;
-import org.keycloak.models.KeycloakSessionFactory;
-import org.keycloak.models.ProtocolMapperModel;
-import org.keycloak.models.RealmModel;
-import org.keycloak.models.UserSessionModel;
+import org.keycloak.models.*;
import org.keycloak.protocol.ProtocolMapper;
import org.keycloak.protocol.cas.mappers.CASAttributeMapper;
-import org.keycloak.protocol.cas.representations.CasServiceResponse;
+import org.keycloak.protocol.cas.representations.CASServiceResponse;
import org.keycloak.protocol.cas.utils.CASValidationException;
import org.keycloak.protocol.cas.utils.ContentTypeHelper;
import org.keycloak.protocol.cas.utils.ServiceResponseHelper;
import org.keycloak.services.managers.ClientSessionCode;
+import org.keycloak.services.util.DefaultClientSessionContext;
import javax.ws.rs.core.*;
import java.util.HashMap;
@@ -29,29 +27,19 @@
@Override
protected Response successResponse() {
UserSessionModel userSession = clientSession.getUserSession();
-
- Set<ProtocolMapperModel> mappings = new ClientSessionCode(session, realm, clientSession).getRequestedProtocolMappers();
- KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
- Map<String, Object> attributes = new HashMap<>();
- for (ProtocolMapperModel mapping : mappings) {
- ProtocolMapper mapper = (ProtocolMapper) sessionFactory.getProviderFactory(ProtocolMapper.class, mapping.getProtocolMapper());
- if (mapper instanceof CASAttributeMapper) {
- ((CASAttributeMapper) mapper).setAttribute(attributes, mapping, userSession);
- }
- }
-
- CasServiceResponse serviceResponse = ServiceResponseHelper.createSuccess(userSession.getUser().getUsername(), attributes);
+ Map<String, Object> attributes = getUserAttributes();
+ CASServiceResponse serviceResponse = ServiceResponseHelper.createSuccess(userSession.getUser().getUsername(), attributes);
return prepare(Response.Status.OK, serviceResponse);
}
@Override
protected Response errorResponse(CASValidationException e) {
- CasServiceResponse serviceResponse = ServiceResponseHelper.createFailure(e.getError(), e.getErrorDescription());
+ CASServiceResponse serviceResponse = ServiceResponseHelper.createFailure(e.getError(), e.getErrorDescription());
return prepare(e.getStatus(), serviceResponse);
}
- private Response prepare(Response.Status status, CasServiceResponse serviceResponse) {
- MediaType responseMediaType = new ContentTypeHelper(request, restRequest, uriInfo).selectResponseType();
+ private Response prepare(Response.Status status, CASServiceResponse serviceResponse) {
+ MediaType responseMediaType = new ContentTypeHelper(request, restRequest, session.getContext().getUri()).selectResponseType();
return ServiceResponseHelper.createResponse(status, responseMediaType, serviceResponse);
}
}
--
Gitblit v1.9.1