KEYCLOAK-11003 Remove UPDATE_PASSWORD RequiredAction on non-temporary password reset
We now remove a potentially existing UPDATE_PASSWORD action when explicitly assigning a non-temporary password. Adapted tests to use a temporary password when UpdatePassword required actions were used.
This commit is contained in:
Thomas Darimont
Marek Posolda
parent
74c379c3df
commit
12e53e6f11
5 changed files with 48 additions and 4 deletions
|
|
@ -617,7 +617,12 @@ public class UserResource {
|
||||||
throw new ErrorResponseException(e.getMessage(), MessageFormat.format(messages.getProperty(e.getMessage(), e.getMessage()), e.getParameters()),
|
throw new ErrorResponseException(e.getMessage(), MessageFormat.format(messages.getProperty(e.getMessage(), e.getMessage()), e.getParameters()),
|
||||||
Status.BAD_REQUEST);
|
Status.BAD_REQUEST);
|
||||||
}
|
}
|
||||||
if (cred.isTemporary() != null && cred.isTemporary()) user.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
|
if (cred.isTemporary() != null && cred.isTemporary()) {
|
||||||
|
user.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
|
||||||
|
} else {
|
||||||
|
// Remove a potentially existing UPDATE_PASSWORD action when explicitly assigning a non-temporary password.
|
||||||
|
user.removeRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
|
||||||
|
}
|
||||||
|
|
||||||
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success();
|
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -173,8 +173,20 @@ public class ApiUtil {
|
||||||
* @return ID of the new user
|
* @return ID of the new user
|
||||||
*/
|
*/
|
||||||
public static String createUserAndResetPasswordWithAdminClient(RealmResource realm, UserRepresentation user, String password) {
|
public static String createUserAndResetPasswordWithAdminClient(RealmResource realm, UserRepresentation user, String password) {
|
||||||
|
return createUserAndResetPasswordWithAdminClient(realm, user, password, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a user and sets the password
|
||||||
|
* @param realm
|
||||||
|
* @param user
|
||||||
|
* @param password
|
||||||
|
* @param temporary
|
||||||
|
* @return ID of the new user
|
||||||
|
*/
|
||||||
|
public static String createUserAndResetPasswordWithAdminClient(RealmResource realm, UserRepresentation user, String password, boolean temporary) {
|
||||||
String id = createUserWithAdminClient(realm, user);
|
String id = createUserWithAdminClient(realm, user);
|
||||||
resetUserPassword(realm.users().get(id), password, false);
|
resetUserPassword(realm.users().get(id), password, temporary);
|
||||||
return id;
|
return id;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -194,6 +194,33 @@ public class UserTest extends AbstractAdminTest {
|
||||||
createUser();
|
createUser();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* See KEYCLOAK-11003
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void createUserWithTemporaryPasswordWithAdditionalPasswordUpdateShouldRemoveUpdatePasswordRequiredAction() {
|
||||||
|
|
||||||
|
String userId = createUser();
|
||||||
|
|
||||||
|
CredentialRepresentation credTmp = new CredentialRepresentation();
|
||||||
|
credTmp.setType(CredentialRepresentation.PASSWORD);
|
||||||
|
credTmp.setValue("temp");
|
||||||
|
credTmp.setTemporary(Boolean.TRUE);
|
||||||
|
|
||||||
|
realm.users().get(userId).resetPassword(credTmp);
|
||||||
|
|
||||||
|
CredentialRepresentation credPerm = new CredentialRepresentation();
|
||||||
|
credPerm.setType(CredentialRepresentation.PASSWORD);
|
||||||
|
credPerm.setValue("perm");
|
||||||
|
credPerm.setTemporary(null);
|
||||||
|
|
||||||
|
realm.users().get(userId).resetPassword(credPerm);
|
||||||
|
|
||||||
|
UserRepresentation userRep = realm.users().get(userId).toRepresentation();
|
||||||
|
|
||||||
|
Assert.assertFalse(userRep.getRequiredActions().contains(UserModel.RequiredAction.UPDATE_PASSWORD.name()));
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void createDuplicatedUser1() {
|
public void createDuplicatedUser1() {
|
||||||
createUser();
|
createUser();
|
||||||
|
|
|
||||||
|
|
@ -74,7 +74,7 @@ public class BrowserButtonsTest extends AbstractTestRealmKeycloakTest {
|
||||||
.requiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString())
|
.requiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString())
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
userId = ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
|
userId = ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password", true);
|
||||||
expectedMessagesCount = 0;
|
expectedMessagesCount = 0;
|
||||||
getCleanup().addUserId(userId);
|
getCleanup().addUserId(userId);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -80,7 +80,7 @@ public class MultipleTabsLoginTest extends AbstractTestRealmKeycloakTest {
|
||||||
.requiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString())
|
.requiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString())
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
userId = ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
|
userId = ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password", true);
|
||||||
getCleanup().addUserId(userId);
|
getCleanup().addUserId(userId);
|
||||||
|
|
||||||
oauth.clientId("test-app");
|
oauth.clientId("test-app");
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue