libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Applying reviewer comments

Browse source
This commit is contained in:
Daniele Martinoli 2023-07-06 13:48:18 +02:00 committed by Pedro Igor
parent e6d7749cbf
commit 13e2075ceb
4 changed files with 20 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
server-spi-private/src/main/java/org/keycloak/broker/provider/IdentityBrokerException.java
View file

@ -20,7 +20,7 @@ package org.keycloak.broker.provider;
* @author pedroigor
*/
public class IdentityBrokerException extends RuntimeException {
private String messageCode;
public IdentityBrokerException(String message) {
super(message);
}
@ -28,4 +28,13 @@ public class IdentityBrokerException extends RuntimeException {
public IdentityBrokerException(String message, Throwable t) {
super(message, t);
}
public IdentityBrokerException withMessageCode(String messageCode) {
this.messageCode = messageCode;
return this;
}
public String getMessageCode() {
return messageCode;
}
}

31
server-spi-private/src/main/java/org/keycloak/broker/provider/IdentityBrokerUnmatchedEssentialClaimException.java
View file

@ -1,31 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.broker.provider;
/**
* @author dmartino
*/
public class IdentityBrokerUnmatchedEssentialClaimException extends RuntimeException {
public IdentityBrokerUnmatchedEssentialClaimException(String message) {
super(message);
}
public IdentityBrokerUnmatchedEssentialClaimException(String message, Throwable t) {
super(message, t);
}
}

8
services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java
View file

@ -28,7 +28,6 @@ import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.ExchangeExternalToken;
import org.keycloak.broker.provider.ExchangeTokenToIdentityProviderToken;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.IdentityBrokerUnmatchedEssentialClaimException;
import org.keycloak.broker.provider.IdentityProvider;
import org.keycloak.broker.provider.util.IdentityBrokerState;
import org.keycloak.broker.provider.util.SimpleHttp;
@ -519,8 +518,11 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
}
} catch (WebApplicationException e) {
return e.getResponse();
} catch (IdentityBrokerUnmatchedEssentialClaimException e) {
return errorIdentityProviderLogin(Messages.IDENTITY_PROVIDER_UNMATCHED_ESSENTIAL_CLAIM_ERROR);
} catch (IdentityBrokerException e) {
if (e.getMessageCode() != null) {
return errorIdentityProviderLogin(e.getMessageCode());
}
logger.error("Failed to make identity provider oauth callback", e);
} catch (Exception e) {
logger.error("Failed to make identity provider oauth callback", e);
}

9
services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
View file

@ -27,7 +27,6 @@ import org.keycloak.broker.provider.AuthenticationRequest;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.ExchangeExternalToken;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.IdentityBrokerUnmatchedEssentialClaimException;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.SecretGenerator;
@ -413,11 +412,13 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
logger.tracef("Found claim %s with values %s", filterName, claimValues);
if (!claimValues.stream().anyMatch(v->v.matches(filterValue))) {
logger.warnf("Claim %s has values \"%s\" that does not match the expected filter \"%s\"", filterName, claimValues, filterValue);
throw new IdentityBrokerUnmatchedEssentialClaimException(String.format("Unmatched claim value for %s.", filterName));
throw new IdentityBrokerException(String.format("Unmatched claim value for %s.", filterName)).
withMessageCode(Messages.IDENTITY_PROVIDER_UNMATCHED_ESSENTIAL_CLAIM_ERROR);
}
} else {
logger.debugf("Claim %s was not found", filterName);
throw new IdentityBrokerUnmatchedEssentialClaimException(String.format("Claim %s not found", filterName));
throw new IdentityBrokerException(String.format("Claim %s not found", filterName)).
withMessageCode(Messages.IDENTITY_PROVIDER_UNMATCHED_ESSENTIAL_CLAIM_ERROR);
}
}
@ -433,7 +434,7 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
}
return identity;
} catch (IdentityBrokerUnmatchedEssentialClaimException e) {
} catch (IdentityBrokerException e) {
throw e;
} catch (Exception e) {
throw new IdentityBrokerException("Could not fetch attributes from userinfo endpoint.", e);