This is an automated email from the ASF dual-hosted git repository. ykinash pushed a commit to branch DATALAB-2544 in repository https://gitbox.apache.org/repos/asf/incubator-datalab.git
commit 420f5b6fad5e18018790c7e4d04d37e0aa033254 Author: KinashYurii <[email protected]> AuthorDate: Wed Oct 6 11:26:08 2021 +0300 [DATALAB] -- test denied access for users with "auto" in username --- .../datalab/backendapi/service/KeycloakServiceImpl.java | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/services/self-service/src/main/java/com/epam/datalab/backendapi/service/KeycloakServiceImpl.java b/services/self-service/src/main/java/com/epam/datalab/backendapi/service/KeycloakServiceImpl.java index a3672ea..518e14e 100644 --- a/services/self-service/src/main/java/com/epam/datalab/backendapi/service/KeycloakServiceImpl.java +++ b/services/self-service/src/main/java/com/epam/datalab/backendapi/service/KeycloakServiceImpl.java @@ -67,6 +67,9 @@ public class KeycloakServiceImpl implements KeycloakService { public AccessTokenResponse generateAccessToken(String refreshToken) { AccessTokenResponse tokenResponse = refreshToken(refreshToken); final String username = KeycloakUtil.parseToken(tokenResponse.getToken()).getPreferredUsername(); + if (username.contains("auto")) { + throw new DatalabException("can not generate Access token for user with: auto, in username"); + } securityDAO.updateUser(username, tokenResponse); return tokenResponse; } @@ -77,11 +80,18 @@ public class KeycloakServiceImpl implements KeycloakService { } private AccessTokenResponse requestToken(Form requestForm) { + log.info("TEST LOG!!!: access token form : {}", requestForm); + final String credentials = Base64.encodeAsString(String.join(":", conf.getResource(), String.valueOf(conf.getCredentials().get("secret")))); + String url = conf.getAuthServerUrl() + String.format(URI, conf.getRealm()); + String header = "Basic " + credentials; + log.info("TEST LOG!!!: post with: url: {}, cred: {}, header: {} : {}", url, credentials, HttpHeaders.AUTHORIZATION, header); + final Response response = - httpClient.target(conf.getAuthServerUrl() + String.format(URI, conf.getRealm())).request() - .header(HttpHeaders.AUTHORIZATION, "Basic " + credentials) + httpClient.target(url) + .request() + .header(HttpHeaders.AUTHORIZATION, header) .post(Entity.form(requestForm)); if (response.getStatusInfo().getFamily() != Response.Status.Family.SUCCESSFUL) { --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
