Merge pull request keycloak#4112 from r0nin/master

KEYCLOAK-4521: consider offline sessions if no active user session exists
chexxor · May 5, 2017 · 5e16546 · 5e16546
2 parents 2e66cd1 + d5c643e
commit 5e16546
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 1 deletion.
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java
@@ -141,6 +141,15 @@ private Response issueUserInfo(String tokenString) {
 
         UserSessionModel userSession = session.sessions().getUserSession(realm, token.getSessionState());
         ClientSessionModel clientSession = session.sessions().getClientSession(token.getClientSession());
+        if( userSession == null ) {
+            userSession = session.sessions().getOfflineUserSession(realm, token.getSessionState());
+            if( AuthenticationManager.isOfflineSessionValid(realm, userSession)) {
+                clientSession = session.sessions().getOfflineClientSession(realm, token.getClientSession());
+            } else {
+                userSession = null;
+                clientSession = null;
+            }
+        }
 
         if (userSession == null) {
             event.error(Errors.USER_SESSION_NOT_FOUND);

diff --git a/...gration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/UserInfoTest.java b/...gration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/UserInfoTest.java
@@ -249,6 +249,24 @@ public void testSessionExpired() throws Exception {
         }
     }
 
+    @Test
+    public void testSessionExpiredOfflineAccess() throws Exception {
+        Client client = ClientBuilder.newClient();
+
+        try {
+            AccessTokenResponse accessTokenResponse = executeGrantAccessTokenRequest(client, true);
+
+            testingClient.testing().removeUserSessions("test");
+
+            Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getToken());
+
+            testSuccessfulUserInfoResponse(response);
+            response.close();
+        } finally {
+            client.close();
+        }
+    }
+
     @Test
     public void testUnsuccessfulUserInfoRequest() throws Exception {
         Client client = ClientBuilder.newClient();
@@ -274,15 +292,22 @@ public void testUnsuccessfulUserInfoRequest() throws Exception {
     }
 
     private AccessTokenResponse executeGrantAccessTokenRequest(Client client) {
+        return executeGrantAccessTokenRequest(client, false);
+    }
+
+    private AccessTokenResponse executeGrantAccessTokenRequest(Client client, boolean requestOfflineToken) {
         UriBuilder builder = UriBuilder.fromUri(AUTH_SERVER_ROOT);
-        URI grantUri = OIDCLoginProtocolService.tokenUrl(builder).build("test");
+            URI grantUri = OIDCLoginProtocolService.tokenUrl(builder).build("test");
         WebTarget grantTarget = client.target(grantUri);
 
         String header = BasicAuthHelper.createHeader("test-app", "password");
         Form form = new Form();
         form.param(OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD)
                 .param("username", "test-user@localhost")
                 .param("password", "password");
+        if( requestOfflineToken) {
+            form.param("scope", "offline_access");
+        }
 
         Response response = grantTarget.request()
                 .header(HttpHeaders.AUTHORIZATION, header)