From 02d0fe82bcdea57332def223c66dad69f6929227 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Barto=C5=A1?= Date: Mon, 7 Mar 2022 14:22:56 +0100 Subject: [PATCH] Auth execution 'Condition - User Attribute' missing Closes #9895 --- .../conditional/ConditionalAuthenticator.java | 17 ++++++++++++ .../ConditionalAuthenticatorFactory.java | 24 +++++++++++++++++ .../ConditionalLoaAuthenticatorFactory.java | 5 ---- .../ConditionalRoleAuthenticatorFactory.java | 5 ---- .../ConditionalUserAttributeValue.java | 23 +++++++++++++--- .../ConditionalUserAttributeValueFactory.java | 26 +++++++++++++------ ...nalUserConfiguredAuthenticatorFactory.java | 5 ---- ...ycloak.authentication.AuthenticatorFactory | 1 + ...ycloak.authentication.AuthenticatorFactory | 1 - .../forms/AllowDenyAuthenticatorTest.java | 2 +- .../testsuite/forms/BrowserFlowTest.java | 2 +- 11 files changed, 81 insertions(+), 30 deletions(-) rename {testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/authentication => services/src/main/java/org/keycloak/authentication/authenticators/conditional}/ConditionalUserAttributeValue.java (64%) rename {testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/authentication => services/src/main/java/org/keycloak/authentication/authenticators/conditional}/ConditionalUserAttributeValueFactory.java (80%) diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalAuthenticator.java b/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalAuthenticator.java index 56be711d41..11c1cb0231 100644 --- a/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalAuthenticator.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalAuthenticator.java @@ -1,3 +1,20 @@ +/* + * Copyright 2022 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.keycloak.authentication.authenticators.conditional; import org.keycloak.authentication.Authenticator; diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalAuthenticatorFactory.java b/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalAuthenticatorFactory.java index 1c66fc9c03..23d2357fdb 100644 --- a/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalAuthenticatorFactory.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalAuthenticatorFactory.java @@ -1,3 +1,20 @@ +/* + * Copyright 2022 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.keycloak.authentication.authenticators.conditional; import org.keycloak.OAuth2Constants; @@ -8,6 +25,8 @@ import org.keycloak.models.KeycloakSession; public interface ConditionalAuthenticatorFactory extends AuthenticatorFactory, DisplayTypeAuthenticatorFactory { + String REFERENCE_CATEGORY = "condition"; + @Override default Authenticator create(KeycloakSession session) { return getSingleton(); @@ -20,6 +39,11 @@ public interface ConditionalAuthenticatorFactory extends AuthenticatorFactory, D return create(session); } + @Override + default String getReferenceCategory() { + return REFERENCE_CATEGORY; + } + ConditionalAuthenticator getSingleton(); } diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalLoaAuthenticatorFactory.java b/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalLoaAuthenticatorFactory.java index b84097e203..18197b6f96 100644 --- a/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalLoaAuthenticatorFactory.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalLoaAuthenticatorFactory.java @@ -75,11 +75,6 @@ public class ConditionalLoaAuthenticatorFactory implements ConditionalAuthentica return "Condition - Level of Authentication"; } - @Override - public String getReferenceCategory() { - return "condition"; - } - @Override public boolean isConfigurable() { return true; diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalRoleAuthenticatorFactory.java b/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalRoleAuthenticatorFactory.java index 5bab6e55d1..36a9bd701f 100644 --- a/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalRoleAuthenticatorFactory.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalRoleAuthenticatorFactory.java @@ -40,11 +40,6 @@ public class ConditionalRoleAuthenticatorFactory implements ConditionalAuthentic return "Condition - user role"; } - @Override - public String getReferenceCategory() { - return "condition"; - } - @Override public boolean isConfigurable() { return true; diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/authentication/ConditionalUserAttributeValue.java b/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalUserAttributeValue.java similarity index 64% rename from testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/authentication/ConditionalUserAttributeValue.java rename to services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalUserAttributeValue.java index cea590ef18..1f85d676d0 100644 --- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/authentication/ConditionalUserAttributeValue.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalUserAttributeValue.java @@ -1,9 +1,25 @@ -package org.keycloak.testsuite.authentication; +/* + * Copyright 2022 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.authentication.authenticators.conditional; import org.keycloak.authentication.AuthenticationFlowContext; import org.keycloak.authentication.AuthenticationFlowError; import org.keycloak.authentication.AuthenticationFlowException; -import org.keycloak.authentication.authenticators.conditional.ConditionalAuthenticator; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; @@ -11,7 +27,6 @@ import org.keycloak.models.UserModel; import java.util.Map; import java.util.Objects; - public class ConditionalUserAttributeValue implements ConditionalAuthenticator { static final ConditionalUserAttributeValue SINGLETON = new ConditionalUserAttributeValue(); @@ -26,7 +41,7 @@ public class ConditionalUserAttributeValue implements ConditionalAuthenticator { UserModel user = context.getUser(); if (user == null) { - throw new AuthenticationFlowException("authenticator: " + ConditionalUserAttributeValueFactory.PROVIDER_ID, AuthenticationFlowError.UNKNOWN_USER); + throw new AuthenticationFlowException("Cannot find user for obtaining particular user attributes. Authenticator: " + ConditionalUserAttributeValueFactory.PROVIDER_ID, AuthenticationFlowError.UNKNOWN_USER); } boolean result = user.getAttributeStream(attributeName).anyMatch(attr -> Objects.equals(attr, attributeValue)); diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/authentication/ConditionalUserAttributeValueFactory.java b/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalUserAttributeValueFactory.java similarity index 80% rename from testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/authentication/ConditionalUserAttributeValueFactory.java rename to services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalUserAttributeValueFactory.java index f3fdce8de9..4712cc624d 100644 --- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/authentication/ConditionalUserAttributeValueFactory.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalUserAttributeValueFactory.java @@ -1,8 +1,23 @@ -package org.keycloak.testsuite.authentication; +/* + * Copyright 2022 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.authentication.authenticators.conditional; import org.keycloak.Config; -import org.keycloak.authentication.authenticators.conditional.ConditionalAuthenticator; -import org.keycloak.authentication.authenticators.conditional.ConditionalAuthenticatorFactory; import org.keycloak.models.AuthenticationExecutionModel; import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.provider.ProviderConfigProperty; @@ -47,11 +62,6 @@ public class ConditionalUserAttributeValueFactory implements ConditionalAuthenti return "Condition - user attribute"; } - @Override - public String getReferenceCategory() { - return "condition"; - } - @Override public boolean isConfigurable() { return true; diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalUserConfiguredAuthenticatorFactory.java b/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalUserConfiguredAuthenticatorFactory.java index 0d40e1dcf9..0ea228af03 100644 --- a/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalUserConfiguredAuthenticatorFactory.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalUserConfiguredAuthenticatorFactory.java @@ -37,11 +37,6 @@ public class ConditionalUserConfiguredAuthenticatorFactory implements Conditiona return "Condition - user configured"; } - @Override - public String getReferenceCategory() { - return "condition"; - } - @Override public boolean isConfigurable() { return false; diff --git a/services/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticatorFactory b/services/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticatorFactory index 3ade76162d..19e5518c51 100755 --- a/services/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticatorFactory +++ b/services/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticatorFactory @@ -26,6 +26,7 @@ org.keycloak.authentication.authenticators.browser.IdentityProviderAuthenticator org.keycloak.authentication.authenticators.conditional.ConditionalRoleAuthenticatorFactory org.keycloak.authentication.authenticators.conditional.ConditionalUserConfiguredAuthenticatorFactory org.keycloak.authentication.authenticators.conditional.ConditionalLoaAuthenticatorFactory +org.keycloak.authentication.authenticators.conditional.ConditionalUserAttributeValueFactory org.keycloak.authentication.authenticators.directgrant.ValidateOTP org.keycloak.authentication.authenticators.directgrant.ValidatePassword org.keycloak.authentication.authenticators.directgrant.ValidateUsername diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticatorFactory b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticatorFactory index 4347873120..ccdd6f66a2 100755 --- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticatorFactory +++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticatorFactory @@ -22,6 +22,5 @@ org.keycloak.testsuite.forms.ClickThroughAuthenticator org.keycloak.testsuite.authentication.ExpectedParamAuthenticatorFactory org.keycloak.testsuite.authentication.PushButtonAuthenticatorFactory org.keycloak.testsuite.forms.UsernameOnlyAuthenticator -org.keycloak.testsuite.authentication.ConditionalUserAttributeValueFactory org.keycloak.testsuite.authentication.SetUserAttributeAuthenticatorFactory org.keycloak.testsuite.authentication.CustomAuthenticationFlowCallbackFactory \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/AllowDenyAuthenticatorTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/AllowDenyAuthenticatorTest.java index 6882590989..646f2db996 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/AllowDenyAuthenticatorTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/AllowDenyAuthenticatorTest.java @@ -15,7 +15,7 @@ import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; -import org.keycloak.testsuite.authentication.ConditionalUserAttributeValueFactory; +import org.keycloak.authentication.authenticators.conditional.ConditionalUserAttributeValueFactory; import org.keycloak.testsuite.pages.ErrorPage; import org.keycloak.testsuite.pages.LoginUsernameOnlyPage; import org.keycloak.testsuite.pages.PasswordPage; diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BrowserFlowTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BrowserFlowTest.java index 66339c0dba..87a1e932b8 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BrowserFlowTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BrowserFlowTest.java @@ -16,6 +16,7 @@ import org.keycloak.authentication.authenticators.browser.UsernamePasswordFormFa import org.keycloak.authentication.authenticators.browser.WebAuthnAuthenticatorFactory; import org.keycloak.authentication.authenticators.conditional.ConditionalRoleAuthenticatorFactory; import org.keycloak.authentication.authenticators.conditional.ConditionalUserConfiguredAuthenticatorFactory; +import org.keycloak.authentication.authenticators.conditional.ConditionalUserAttributeValueFactory; import org.keycloak.authentication.requiredactions.WebAuthnRegisterFactory; import org.keycloak.common.Profile; import org.keycloak.events.Details; @@ -50,7 +51,6 @@ import org.keycloak.testsuite.util.FlowUtil; import org.keycloak.testsuite.util.OAuthClient; import org.keycloak.testsuite.util.RoleBuilder; import org.keycloak.testsuite.util.URLUtils; -import org.keycloak.testsuite.authentication.ConditionalUserAttributeValueFactory; import org.keycloak.testsuite.authentication.SetUserAttributeAuthenticatorFactory; import org.openqa.selenium.By; import org.openqa.selenium.WebDriver;