Skip to content

Commit

Permalink
Update DefaultTokenStateManager to remove all session cookies when to…
Browse files Browse the repository at this point in the history
…kens are split
  • Loading branch information
sberyozkin committed Dec 8, 2020
1 parent 19117c7 commit 226694b
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -484,10 +484,15 @@ private void removeCookie(RoutingContext context, TenantConfigContext configCont
if (SESSION_COOKIE_NAME.equals(cookieName)) {
resolver.getTokenStateManager().deleteTokens(context, configContext.oidcConfig, cookie.getValue());
}
removeCookie(cookie, configContext.oidcConfig);
}
}

static void removeCookie(ServerCookie cookie, OidcTenantConfig oidcConfig) {
if (cookie != null) {
cookie.setValue("");
cookie.setMaxAge(0);
Authentication auth = configContext.oidcConfig.getAuthentication();
Authentication auth = oidcConfig.getAuthentication();
if (auth.cookiePath.isPresent()) {
cookie.setPath(auth.cookiePath.get());
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import io.quarkus.oidc.OidcTenantConfig;
import io.quarkus.oidc.TokenStateManager;
import io.vertx.core.http.Cookie;
import io.vertx.core.http.impl.ServerCookie;
import io.vertx.ext.web.RoutingContext;

@ApplicationScoped
Expand Down Expand Up @@ -55,11 +56,11 @@ public AuthorizationCodeTokens getTokens(RoutingContext routingContext, OidcTena
accessToken = tokens[1];
refreshToken = tokens[2];
} else {
Cookie atCookie = routingContext.request().getCookie(getAccessTokenCookieName(oidcConfig.getTenantId().get()));
Cookie atCookie = getAccessTokenCookie(routingContext, oidcConfig);
if (atCookie != null) {
accessToken = atCookie.getValue();
}
Cookie rtCookie = routingContext.request().getCookie(getRefreshTokenCookieName(oidcConfig.getTenantId().get()));
Cookie rtCookie = getRefreshTokenCookie(routingContext, oidcConfig);
if (rtCookie != null) {
refreshToken = rtCookie.getValue();
}
Expand All @@ -71,6 +72,18 @@ public AuthorizationCodeTokens getTokens(RoutingContext routingContext, OidcTena

@Override
public void deleteTokens(RoutingContext routingContext, OidcTenantConfig oidcConfig, String tokenState) {
if (oidcConfig.tokenStateManager.splitTokens) {
CodeAuthenticationMechanism.removeCookie(getAccessTokenCookie(routingContext, oidcConfig), oidcConfig);
CodeAuthenticationMechanism.removeCookie(getRefreshTokenCookie(routingContext, oidcConfig), oidcConfig);
}
}

private static ServerCookie getAccessTokenCookie(RoutingContext routingContext, OidcTenantConfig oidcConfig) {
return (ServerCookie) routingContext.request().getCookie(getAccessTokenCookieName(oidcConfig.getTenantId().get()));
}

private static ServerCookie getRefreshTokenCookie(RoutingContext routingContext, OidcTenantConfig oidcConfig) {
return (ServerCookie) routingContext.request().getCookie(getRefreshTokenCookieName(oidcConfig.getTenantId().get()));
}

private static String getAccessTokenCookieName(String tenantId) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -619,6 +619,27 @@ public void testDefaultSessionManagerSplitTokens() throws IOException, Interrupt
Cookie rtTokenCookie = getSessionRtCookie(page.getWebClient(), "tenant-split-tokens");
checkSingleTokenCookie(rtTokenCookie, "Refresh");

// verify all the cookies are cleared after the session timeout
webClient.getOptions().setRedirectEnabled(false);
webClient.getCache().clear();

await().atLeast(6, TimeUnit.SECONDS)
.pollDelay(Duration.ofSeconds(6))
.until(new Callable<Boolean>() {
@Override
public Boolean call() throws Exception {
WebResponse webResponse = webClient
.loadWebResponse(new WebRequest(URI.create("http://localhost:8081/index.html").toURL()));
assertEquals(302, webResponse.getStatusCode());
assertNull(getSessionCookie(webClient, null));
return true;
}
});

assertNull(getSessionCookie(page.getWebClient(), "tenant-split-tokens"));
assertNull(getSessionAtCookie(page.getWebClient(), "tenant-split-tokens"));
assertNull(getSessionRtCookie(page.getWebClient(), "tenant-split-tokens"));

webClient.getCookieManager().clearCookies();
}
}
Expand Down

0 comments on commit 226694b

Please sign in to comment.