KEYCLOAK-16074 Fix check3pCookiesSupported message callback

johngrimes · Nov 13, 2020 · a766a1d · a766a1d
1 parent b35cd9b
commit a766a1d
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 1 deletion.
diff --git a/adapters/oidc/js/src/main/resources/keycloak.js b/adapters/oidc/js/src/main/resources/keycloak.js
@@ -1315,7 +1315,7 @@
                     }
 
                     if (event.data !== "supported" && event.data !== "unsupported") {
-                        promise.setError();
+                        return;
                     } else if (event.data === "unsupported") {
                         loginIframe.enable = false;
                         if (kc.silentCheckSsoFallback) {

diff --git a/...sts/base/src/main/java/org/keycloak/testsuite/util/javascript/JavascriptTestExecutor.java b/...sts/base/src/main/java/org/keycloak/testsuite/util/javascript/JavascriptTestExecutor.java
@@ -48,6 +48,38 @@ public JavascriptTestExecutor login() {
     public JavascriptTestExecutor login(JavascriptStateValidator validator) {
         return login(null, validator);
     }
+
+    /**
+     * Attaches a MutationObserver that sends a message from iframe to main window with incorrect data when the iframe is loaded
+     */
+    public JavascriptTestExecutor attachCheck3pCookiesIframeMutationObserver() {
+        jsExecutor.executeScript("// Select the node that will be observed for mutations\n" +
+                "    const targetNode = document.body;" +
+                "" +
+                "    // Options for the observer (which mutations to observe)\n" +
+                "    const config = {attributes: true, childList: true, subtree: true};" +
+                "" +
+                "    // Callback function to execute when mutations are observed\n" +
+                "    const callback = function (mutationsList, observer) {" +
+                "        console.log(\"Mutation found\");" +
+                "        var iframeNode = mutationsList[0].addedNodes[0];" +
+        "                if (iframeNode && iframeNode.localName === 'iframe') {" +
+        "                    var s = document.createElement('script');" +
+        "                    s.type = 'text/javascript';" +
+        "                    var code = \"window.parent.postMessage('Evil Message', '*');\";" +
+        "                    s.appendChild(document.createTextNode(code));" +
+        "                    iframeNode.contentDocument.body.appendChild(s);" +
+        "                }" +
+                "    }\n" +
+                "" +
+                "    // Create an observer instance linked to the callback function\n" +
+                "    const observer = new MutationObserver(callback);" +
+                "" +
+                "    // Start observing the target node for configured mutations\n" +
+                "    observer.observe(targetNode, config);");
+
+        return this;
+    }
 
     public JavascriptTestExecutor login(String options, JavascriptStateValidator validator) {
         if (options == null)

diff --git a/...ian/tests/base/src/test/java/org/keycloak/testsuite/javascript/JavascriptAdapterTest.java b/...ian/tests/base/src/test/java/org/keycloak/testsuite/javascript/JavascriptAdapterTest.java
@@ -765,6 +765,12 @@ public void testInitInHead() {
                 .validateOutputField(this::assertInitAuth);
     }
 
+    @Test
+    public void check3pCookiesMessageCallbackTest() {
+        testExecutor.attachCheck3pCookiesIframeMutationObserver()
+                .init(defaultArguments(), this::assertInitNotAuth);
+    }
+
     protected void assertAdapterIsLoggedIn(WebDriver driver1, Object output, WebElement events) {
         assertTrue(testExecutor.isLoggedIn());
     }