Skip to content

Commit

Permalink
Reapply "Prevent login page cookie issues with a descriptive error me…
Browse files Browse the repository at this point in the history
…ssage"

This reverts commit 9fa84b3.
  • Loading branch information
ahus1 committed Oct 14, 2024
1 parent f692295 commit a5a8daf
Show file tree
Hide file tree
Showing 5 changed files with 57 additions and 4 deletions.
43 changes: 42 additions & 1 deletion benchmark/src/main/java/org/keycloak/benchmark/Config.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package org.keycloak.benchmark;

import java.net.URI;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.List;
Expand Down Expand Up @@ -190,7 +191,7 @@ public class Config {
String serversProp = System.getProperty("server-url");
if (serversProp == null) {
String serversEnv = System.getenv("KC_SERVER_URL");
serverUris = serversEnv != null ? serversEnv : "http://localhost:8080/auth";
serverUris = serversEnv != null ? serversEnv : "http://0.0.0.0:8080";
} else {
serverUris = serversProp;
}
Expand All @@ -199,6 +200,46 @@ public class Config {
serverUrisList = Arrays.asList(serverUris.split(" "));
}

public static void preventLocalhostServerUris() {
serverUrisList.stream().forEach(s -> {
URI uri = URI.create(s);
if (uri.getScheme().equals("http") && isLocalhostSecureContext(uri)) {
throw new RuntimeException("""
Gatling won't send secure cookies to localhost addresses. Due to this, it is incompatible of running tests against with Keycloak 26.
See https://github.com/keycloak/keycloak-benchmark/issues/945 for more information.
As a workaround, use a different IP address on your current host, or use http://0.0.0.0
""");
}
});
}

public static boolean isLocalhostSecureContext(URI uri) {
String host = uri.getHost();
if (host == null) {
return false;
}

// The host matches a CIDR notation of ::1/128
if (host.equals("[::1]") || host.equals("[0000:0000:0000:0000:0000:0000:0000:0001]")) {
return true;
}

// The host matches a CIDR notation of 127.0.0.0/8
if (host.matches("127.\\d{1,3}.\\d{1,3}.\\d{1,3}")) {
return true;
}

if (host.equals("localhost") || host.equals("localhost.")) {
return true;
}

if (host.endsWith(".localhost") || host.endsWith(".localhost.")) {
return true;
}

return false;
}

public static String toStringPopulationConfig() {
return String.format(
" realms: %s\n"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,9 +1,12 @@
package keycloak.scenario.authentication

import keycloak.scenario.{CommonSimulation, KeycloakScenarioBuilder}
import org.keycloak.benchmark.Config

class AuthorizationCode extends CommonSimulation {

Config.preventLocalhostServerUris()

setUp("Authentication - Authorization Code Username/Password", new KeycloakScenarioBuilder()
.openLoginPage(true)
.loginUsernamePassword()
Expand Down
Original file line number Diff line number Diff line change
@@ -1,9 +1,12 @@
package keycloak.scenario.authentication

import keycloak.scenario.{CommonSimulation, KeycloakScenarioBuilder}
import org.keycloak.benchmark.Config

class LoginUserPassword extends CommonSimulation {

Config.preventLocalhostServerUris()

setUp("Authentication - Login Username/Password", new KeycloakScenarioBuilder()
.openLoginPage(true)
.loginUsernamePassword())
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ To start running tests, execute:
./kcb.sh
----

By default, tests expect Keycloak to run on \http://localhost:8080/auth, and the default scenario is `keycloak.scenarion.authentication.ClientSecret`.
By default, tests expect Keycloak to run on \http://0.0.0.0:8080, and the default scenario is `keycloak.scenarion.authentication.ClientSecret`.

To use a different server URL, realm and scenario:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,12 @@ See xref:scenario-overview.adoc[] for a list of all scenarios.

See the source code at link:{github-files}/benchmark/src/main/scala/keycloak/scenario/authentication/AuthorizationCode.scala[AuthorizationCode.scala] for details.

[WARNING]
====
Due to the circumstances described in issue https://github.com/keycloak/keycloak-benchmark/issues/945[#945], this scenario will not work with a non-TLS localhost URLs like `+http://localhost+`, `+http://127.0.0.1+` or similar.
Instead, use IP addresses of other interfaces, or `+http://0.0.0.0+`, or run Keycloak with a TLS certificate.
====

== Running an example scenario

=== Prerequisites
Expand All @@ -35,13 +41,13 @@ See xref:configuration.adoc[] for additional CLI options.
----
bin/kcb.sh \
--scenario=keycloak.scenario.authentication.AuthorizationCode \
--server-url=http://localhost:8080/ \
--server-url=http://0.0.0.0:8080/ \
--realm-name=realm-0 \
--username=user-0 \
--user-password=user-0-password \
--client-id=client-0 \
--client-secret=client-0-secret \
--client-redirect-uri=http://localhost:8080 \
--client-redirect-uri=http://0.0.0.0:8080 \
--log-http-on-failure
----

Expand Down

0 comments on commit a5a8daf

Please sign in to comment.