Update client scopes in Client Update Request in DCR

Fix ClientScopesClientRegistrationPolicy.beforeUpdate because it was modifying the original clientRepresentation.
Add updateClientScopes method to set client scopes in Client Update Request in DCR.

Closes #24361

Signed-off-by: graziang <g.graziano94@gmail.com>
This commit is contained in:
graziang 2024-02-27 14:40:39 +01:00 committed by Marek Posolda
parent d3c5dbb3fe
commit 082f9ec15b
4 changed files with 67 additions and 30 deletions

View file

@ -464,28 +464,7 @@ public class RepresentationToModel {
addClientScopeToClient(realm, client, clientTemplateName, true); addClientScopeToClient(realm, client, clientTemplateName, true);
} }
if (resourceRep.getDefaultClientScopes() != null || resourceRep.getOptionalClientScopes() != null) { updateClientScopes(resourceRep, client);
// First remove all default/built in client scopes
for (ClientScopeModel clientScope : client.getClientScopes(true).values()) {
client.removeClientScope(clientScope);
}
// First remove all default/built in client scopes
for (ClientScopeModel clientScope : client.getClientScopes(false).values()) {
client.removeClientScope(clientScope);
}
}
if (resourceRep.getDefaultClientScopes() != null) {
for (String clientScopeName : resourceRep.getDefaultClientScopes()) {
addClientScopeToClient(realm, client, clientScopeName, true);
}
}
if (resourceRep.getOptionalClientScopes() != null) {
for (String clientScopeName : resourceRep.getOptionalClientScopes()) {
addClientScopeToClient(realm, client, clientScopeName, false);
}
}
if (resourceRep.isFullScopeAllowed() != null) { if (resourceRep.isFullScopeAllowed() != null) {
client.setFullScopeAllowed(resourceRep.isFullScopeAllowed()); client.setFullScopeAllowed(resourceRep.isFullScopeAllowed());
@ -656,6 +635,31 @@ public class RepresentationToModel {
} }
} }
} }
public static void updateClientScopes(ClientRepresentation resourceRep, ClientModel client) {
if (resourceRep.getDefaultClientScopes() != null || resourceRep.getOptionalClientScopes() != null) {
// First remove all default/built in client scopes
for (ClientScopeModel clientScope : client.getClientScopes(true).values()) {
client.removeClientScope(clientScope);
}
// First remove all default/built in client scopes
for (ClientScopeModel clientScope : client.getClientScopes(false).values()) {
client.removeClientScope(clientScope);
}
}
if (resourceRep.getDefaultClientScopes() != null) {
for (String clientScopeName : resourceRep.getDefaultClientScopes()) {
addClientScopeToClient(client.getRealm(), client, clientScopeName, true);
}
}
if (resourceRep.getOptionalClientScopes() != null) {
for (String clientScopeName : resourceRep.getOptionalClientScopes()) {
addClientScopeToClient(client.getRealm(), client, clientScopeName, false);
}
}
}
private static String generateProtocolNameKey(String protocol, String name) { private static String generateProtocolNameKey(String protocol, String name) {
return String.format("%s%%%s", protocol, name); return String.format("%s%%%s", protocol, name);

View file

@ -161,6 +161,7 @@ public abstract class AbstractClientRegistrationProvider implements ClientRegist
RepresentationToModel.updateClient(rep, client, session); RepresentationToModel.updateClient(rep, client, session);
RepresentationToModel.updateClientProtocolMappers(rep, client); RepresentationToModel.updateClientProtocolMappers(rep, client);
RepresentationToModel.updateClientScopes(rep, client);
if (rep.getDefaultRoles() != null) { if (rep.getDefaultRoles() != null) {
updateDefaultRoles(client, rep.getDefaultRoles()); updateDefaultRoles(client, rep.getDefaultRoles());

View file

@ -68,16 +68,19 @@ public class ClientScopesClientRegistrationPolicy implements ClientRegistrationP
@Override @Override
public void beforeUpdate(ClientRegistrationContext context, ClientModel clientModel) throws ClientRegistrationPolicyException { public void beforeUpdate(ClientRegistrationContext context, ClientModel clientModel) throws ClientRegistrationPolicyException {
List<String> requestedDefaultScopeNames = context.getClient().getDefaultClientScopes(); List<String> requestedDefaultScopeNames = new LinkedList<>();
List<String> requestedOptionalScopeNames = context.getClient().getOptionalClientScopes(); List<String> requestedOptionalScopeNames = new LinkedList<>();
if(context.getClient().getDefaultClientScopes() != null) {
requestedDefaultScopeNames.addAll(context.getClient().getDefaultClientScopes());
}
if(context.getClient().getOptionalClientScopes() != null) {
requestedOptionalScopeNames.addAll(context.getClient().getOptionalClientScopes());
}
// Allow scopes, which were already presented before // Allow scopes, which were already presented before
if (requestedDefaultScopeNames != null) { requestedDefaultScopeNames.removeAll(clientModel.getClientScopes(true).keySet());
requestedDefaultScopeNames.removeAll(clientModel.getClientScopes(true).keySet()); requestedOptionalScopeNames.removeAll(clientModel.getClientScopes(false).keySet());
}
if (requestedOptionalScopeNames != null) {
requestedOptionalScopeNames.removeAll(clientModel.getClientScopes(false).keySet());
}
List<String> allowedDefaultScopeNames = getAllowedScopeNames(realm, true); List<String> allowedDefaultScopeNames = getAllowedScopeNames(realm, true);
List<String> allowedOptionalScopeNames = getAllowedScopeNames(realm, false); List<String> allowedOptionalScopeNames = getAllowedScopeNames(realm, false);

View file

@ -242,6 +242,35 @@ public class ClientRegistrationTest extends AbstractClientRegistrationTest {
assertThat(updatedClient.getDefaultRoles(), Matchers.arrayContainingInAnyOrder("test-default-role1","test-default-role2")); assertThat(updatedClient.getDefaultRoles(), Matchers.arrayContainingInAnyOrder("test-default-role1","test-default-role2"));
} }
@Test
public void updateClientScopes() throws ClientRegistrationException {
authManageClients();
ClientRepresentation client = buildClient();
ArrayList<String> optionalClientScopes = new ArrayList<>(List.of("address"));
client.setOptionalClientScopes(optionalClientScopes);
ClientRepresentation createdClient = registerClient(client);
Set<String> requestedClientScopes = new HashSet<>(optionalClientScopes);
Set<String> registeredClientScopes = new HashSet<>(createdClient.getOptionalClientScopes());
assertEquals(requestedClientScopes, registeredClientScopes);
assertTrue(createdClient.getDefaultClientScopes().isEmpty());
authManageClients();
ClientRepresentation obtainedClient = reg.get(CLIENT_ID);
registeredClientScopes = new HashSet<>(obtainedClient.getOptionalClientScopes());
assertEquals(requestedClientScopes, registeredClientScopes);
assertTrue(obtainedClient.getDefaultClientScopes().isEmpty());
optionalClientScopes = new ArrayList<>(List.of("address", "phone"));
client.setOptionalClientScopes(optionalClientScopes);
ClientRepresentation updatedClient = reg.update(client);
requestedClientScopes = new HashSet<>(optionalClientScopes);
registeredClientScopes = new HashSet<>(updatedClient.getOptionalClientScopes());
assertEquals(requestedClientScopes, registeredClientScopes);
assertTrue(updatedClient.getDefaultClientScopes().isEmpty());
}
@Test @Test
public void testInvalidUrlClientValidation() { public void testInvalidUrlClientValidation() {
testClientUriValidation("Root URL is not a valid URL", testClientUriValidation("Root URL is not a valid URL",