Re: [keycloak-dev] Are we all set?

I've pushed the fix for reduced INFO logging level. I've found few other things during quick testing like: - Users can register with invalid email like "aaa" . Also they can change their email in account management to "aaa". Just keycloak admin console is fine and allows to save just valid email ( - In account management, when I fill firstName, lastName for admin user and won't fill email and then click "Save", it displays me error message "You didn't specify email", which is correct. But firstName and lastName are cleared too. Similar can be reproduced when updating user. Basically Account mgmt form is always reading persistent values from DB and ignores values previously filled by user before failed validation. I guess these are not blocker for release and especially the second one might be risky to fix now? wdyt? Marek On 10.9.2014 15:49, Marek Posolda wrote: > Hi Bill, > > I am on reducing INFO stuff and will commit the fix in few minutes. Will > let you know again once it's done. > > Marek > > On 10.9.2014 15:37, Bill Burke wrote: >> I'll handle the logging stuff if Marek hasn't gotten to it yet. Thanks >> for doing all the issues reported by Marek last night. >> >> i'll run my last tests using IE and EAP 6.3 to make sure we're good on >> those platforms. >> >> On 9/10/2014 9:28 AM, Stian Thorgersen wrote: >>> There's no Safari issue after all! So we're good to go. >>> >>> ----- Original Message ----- >>>> From: "Bill Burke" <bburke(a)redhat.com&gt; >>>> To: "Stian Thorgersen" <stian(a)redhat.com&gt; >>>> Cc: keycloak-dev(a)lists.jboss.org >>>> Sent: Wednesday, 10 September, 2014 3:03:12 PM >>>> Subject: Re: [keycloak-dev] Are we all set? >>>> >>>> I'm charging up my macbook. I'll look into it. >>>> >>>> On 9/10/2014 8:49 AM, Stian Thorgersen wrote: >>>>> Apparently login with keycloak.js doesn't work on Safari >>>>> (https://issues.jboss.org/browse/KEYCLOAK-675). We need to fix >>>>> this before >>>>> releasing :/ >>>>> >>>>> ----- Original Message ----- >>>>>> From: "Stian Thorgersen" <stian(a)redhat.com&gt; >>>>>> To: "Bill Burke" <bburke(a)redhat.com&gt; >>>>>> Cc: keycloak-dev(a)lists.jboss.org >>>>>> Sent: Wednesday, 10 September, 2014 2:11:34 PM >>>>>> Subject: Re: [keycloak-dev] Are we all set? >>>>>> >>>>>> We also need to reduce info level log output from adapters. I did >>>>>> this for >>>>>> the server for rc-2, but completely forgot about adapters. Marek is >>>>>> already >>>>>> working on this, and I guess it shouldn't take very long. >>>>>> >>>>>> ----- Original Message ----- >>>>>>> From: "Stian Thorgersen" <stian(a)redhat.com&gt; >>>>>>> To: "Bill Burke" <bburke(a)redhat.com&gt; >>>>>>> Cc: keycloak-dev(a)lists.jboss.org >>>>>>> Sent: Wednesday, 10 September, 2014 10:37:15 AM >>>>>>> Subject: Re: [keycloak-dev] Are we all set? >>>>>>> >>>>>>> >>>>>>> >>>>>>> ----- Original Message ----- >>>>>>>> From: "Bill Burke" <bburke(a)redhat.com&gt; >>>>>>>> To: "Marek Posolda" <mposolda(a)redhat.com&gt;, "Stian Thorgersen" >>>>>>>> <stian(a)redhat.com&gt; >>>>>>>> Cc: keycloak-dev(a)lists.jboss.org >>>>>>>> Sent: Wednesday, 10 September, 2014 3:09:20 AM >>>>>>>> Subject: Re: [keycloak-dev] Are we all set? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On 9/9/2014 5:47 PM, Marek Posolda wrote: >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> I am sorry to not help more with the release as I needed to work >>>>>>>>> especially on some portal related stuff last weeks (hopefully >>>>>>>>> it's gone >>>>>>>>> now)... >>>>>>>>> >>>>>>>>> Found couple of things: >>>>>>>>> * AccountService is actually broken for me in Chrome due to >>>>>>>>> latest CSRF >>>>>>>>> stuff. In FF it works fine, but in Chrome I can't update >>>>>>>>> account or >>>>>>>>> password. For some reason Chrome is always adding "Origin" >>>>>>>>> header to >>>>>>>>> the >>>>>>>>> update requests (even if they are not ajax requests). So the >>>>>>>>> newly >>>>>>>>> added >>>>>>>>> condition for CSRF in AccountService.init will always fail. I >>>>>>>>> have >>>>>>>>> Chrome 37.0.2062.94 (64-bit) . >>>>>>>>> >>>>>>>> Ok, I thought Origin header wasn't supposed to be sent with >>>>>>>> Browser >>>>>>>> requests. I can probably fix this by allowing same origin. >>>>>>> Added fix to allow same origin. I also added check of 'Referer' >>>>>>> header to >>>>>>> make sure it's same origin as well. >>>>>>> >>>>>>>>> * ServerInfo request >>>>>>>>> (http://localhost:8080/auth/admin/serverinfo) is >>>>>>>>> not available with CORS . I've created JIRA >>>>>>>>> https://issues.jboss.org/browse/KEYCLOAK-670 and send PR >>>>>>>>> https://github.com/keycloak/keycloak/pull/683 for this, which >>>>>>>>> is adding >>>>>>>>> authentication for ServerInfoAdminResource and then it use >>>>>>>>> allowOrigins >>>>>>>>> from the authenticated bearer token. Admin console is already >>>>>>>>> using >>>>>>>>> bearer token for sending ServerInfo requests, so no changes >>>>>>>>> are needed >>>>>>>>> here. I believe that ServerInfoAdminResource should be >>>>>>>>> authenticated >>>>>>>>> (don't know why stuff like available social providers or >>>>>>>>> themes should >>>>>>>>> be publicly available). Let me know if you seeing issues with >>>>>>>>> it. I did >>>>>>>>> not merge PR so far as version in master is already changed to >>>>>>>>> 1.0-Final >>>>>>>>> so not sure what is the state of the release . >>>>>>>>> >>>>>>>> Merge it. >>>>>>>> >>>>>>>>> * Realm public resource >>>>>>>>> (http://localhost:8080/auth/realms/master) is >>>>>>>>> also not available for CORS requests. Not sure if this is an >>>>>>>>> issue or >>>>>>>>> not? Thing is that unauthenticated requests can't use CORS at >>>>>>>>> this >>>>>>>>> moment as I don't know what allowedOrigins to use. Only option >>>>>>>>> is to >>>>>>>>> allow it for all allowedOrigins (send same >>>>>>>>> "Access-Control-Allow-Origin" >>>>>>>>> as original value of "Origin" header from the request) >>>>>>>>> >>>>>>>>> * There is still quite a lot of INFO logging . For example >>>>>>>>> when I send >>>>>>>>> product request from the cors-demo example I have 6 new INFO >>>>>>>>> messages >>>>>>>>> in >>>>>>>>> log (Mainly from org.keycloak.adapters package) >>>>>>>>> >>>>>>>> Ping me on your status tomorrow (Wednesday). I'll complete >>>>>>>> whatever you >>>>>>>> don't finish above. >>>>>>>> >>>>>>>> Thanks. >>>>>>>> >>>>>>>> -- >>>>>>>> Bill Burke >>>>>>>> JBoss, a division of Red Hat >>>>>>>> http://bill.burkecentral.com >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> keycloak-dev mailing list >>>>>>> keycloak-dev(a)lists.jboss.org >>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev >>>>>>> >>>>>> _______________________________________________ >>>>>> keycloak-dev mailing list >>>>>> keycloak-dev(a)lists.jboss.org >>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev >>>>>> >>>> -- >>>> Bill Burke >>>> JBoss, a division of Red Hat >>>> http://bill.burkecentral.com >>>> > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev