Merge pull request #4274 from patriot1burke/master
bad logic will result in NPE
This commit is contained in:
commit
19bdf09e3d
4 changed files with 29 additions and 32 deletions
|
@ -157,32 +157,32 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme
|
|||
ResourceServer server = root.realmResourceServer();
|
||||
if (server == null) return;
|
||||
Policy policy = managePermission();
|
||||
if (policy == null) {
|
||||
if (policy != null) {
|
||||
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
||||
|
||||
}
|
||||
policy = viewPermission();
|
||||
if (policy == null) {
|
||||
if (policy != null) {
|
||||
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
||||
|
||||
}
|
||||
policy = mapRolesPermission();
|
||||
if (policy == null) {
|
||||
if (policy != null) {
|
||||
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
||||
|
||||
}
|
||||
policy = manageGroupMembershipPermission();
|
||||
if (policy == null) {
|
||||
if (policy != null) {
|
||||
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
||||
|
||||
}
|
||||
policy = adminImpersonatingPermission();
|
||||
if (policy == null) {
|
||||
if (policy != null) {
|
||||
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
||||
|
||||
}
|
||||
policy = userImpersonatedPermission();
|
||||
if (policy == null) {
|
||||
if (policy != null) {
|
||||
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
||||
|
||||
}
|
||||
|
|
|
@ -168,6 +168,10 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer
|
|||
user.setUsername("child");
|
||||
user.setEnabled(true);
|
||||
childUserId = createUserAndResetPasswordWithAdminClient(realm, user, "password");
|
||||
UserRepresentation user2 = new UserRepresentation();
|
||||
user2.setUsername("child2");
|
||||
user2.setEnabled(true);
|
||||
String user2Id = createUserAndResetPasswordWithAdminClient(realm, user2, "password");
|
||||
|
||||
// have to add a role as undertow default auth manager doesn't like "*". todo we can remove this eventually as undertow fixes this in later versions
|
||||
realm.roles().create(new RoleRepresentation("user", null, false));
|
||||
|
@ -175,11 +179,13 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer
|
|||
List<RoleRepresentation> roles = new LinkedList<>();
|
||||
roles.add(role);
|
||||
realm.users().get(childUserId).roles().realmLevel().add(roles);
|
||||
realm.users().get(user2Id).roles().realmLevel().add(roles);
|
||||
ClientRepresentation brokerService = realm.clients().findByClientId(Constants.BROKER_SERVICE_CLIENT_ID).get(0);
|
||||
role = realm.clients().get(brokerService.getId()).roles().get(Constants.READ_TOKEN_ROLE).toRepresentation();
|
||||
roles.clear();
|
||||
roles.add(role);
|
||||
realm.users().get(childUserId).roles().clientLevel(brokerService.getId()).add(roles);
|
||||
realm.users().get(user2Id).roles().clientLevel(brokerService.getId()).add(roles);
|
||||
|
||||
}
|
||||
|
||||
|
@ -192,11 +198,6 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer
|
|||
BrokerTestTools.createKcOidcBroker(adminClient, CHILD_IDP, PARENT_IDP, suiteContext);
|
||||
}
|
||||
|
||||
// @Test
|
||||
public void testUi() throws Exception {
|
||||
Thread.sleep(1000000000);
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testErrorConditions() throws Exception {
|
||||
|
@ -388,6 +389,7 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer
|
|||
String linkUrl = linkBuilder.clone()
|
||||
.queryParam("realm", CHILD_IDP)
|
||||
.queryParam("provider", PARENT_IDP).build().toString();
|
||||
System.out.println("linkUrl: " + linkUrl);
|
||||
navigateTo(linkUrl);
|
||||
Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
|
||||
Assert.assertTrue(driver.getPageSource().contains(PARENT_IDP));
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
*/
|
||||
package org.keycloak.testsuite.adapter.undertow.servlet;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.keycloak.testsuite.adapter.servlet.AbstractClientInitiatedAccountLinkTest;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
|
||||
|
||||
|
@ -26,4 +27,15 @@ import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
|
|||
@AppServerContainer("auth-server-undertow")
|
||||
public class UndertowClientInitiatedAccountLinkTest extends AbstractClientInitiatedAccountLinkTest {
|
||||
|
||||
//@Test
|
||||
public void testUi() throws Exception {
|
||||
Thread.sleep(1000000000);
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
@Test
|
||||
public void testAccountLink() throws Exception {
|
||||
super.testAccountLink();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -84,38 +84,21 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
|||
}
|
||||
public static void setupDemo(KeycloakSession session) {
|
||||
RealmModel realm = session.realms().getRealmByName(TEST);
|
||||
ClientModel client = realm.addClient("sales-pipeline-application");
|
||||
realm.addRole("realm-role");
|
||||
ClientModel client = realm.addClient("sales-application");
|
||||
RoleModel clientAdmin = client.addRole("admin");
|
||||
client.addRole("leader-creator");
|
||||
client.addRole("viewLeads");
|
||||
ClientModel client2 = realm.addClient("market-analysis-application");
|
||||
RoleModel client2Admin = client2.addRole("admin");
|
||||
client2.addRole("market-manager");
|
||||
client2.addRole("viewMarkets");
|
||||
GroupModel sales = realm.createGroup("sales");
|
||||
RoleModel salesAppsAdminRole = realm.addRole("sales-apps-admin");
|
||||
salesAppsAdminRole.addCompositeRole(clientAdmin);
|
||||
salesAppsAdminRole.addCompositeRole(client2Admin);
|
||||
ClientModel realmManagementClient = realm.getClientByClientId("realm-management");
|
||||
RoleModel queryClient = realmManagementClient.getRole(AdminRoles.QUERY_CLIENTS);
|
||||
|
||||
|
||||
UserModel admin = session.users().addUser(realm, "salesManager");
|
||||
admin.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
|
||||
admin = session.users().addUser(realm, "sales-group-admin");
|
||||
|
||||
admin = session.users().addUser(realm, "sales-admin");
|
||||
admin.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
|
||||
admin = session.users().addUser(realm, "sales-it");
|
||||
admin.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
|
||||
admin = session.users().addUser(realm, "sales-pipeline-admin");
|
||||
admin.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
|
||||
admin = session.users().addUser(realm, "client-admin");
|
||||
admin.setEnabled(true);
|
||||
admin.grantRole(queryClient);
|
||||
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
|
||||
|
||||
UserModel user = session.users().addUser(realm, "salesman");
|
||||
user.setEnabled(true);
|
||||
|
|
Loading…
Reference in a new issue