Merge pull request #4274 from patriot1burke/master
bad logic will result in NPE
This commit is contained in:
commit
19bdf09e3d
4 changed files with 29 additions and 32 deletions
|
@ -157,32 +157,32 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme
|
||||||
ResourceServer server = root.realmResourceServer();
|
ResourceServer server = root.realmResourceServer();
|
||||||
if (server == null) return;
|
if (server == null) return;
|
||||||
Policy policy = managePermission();
|
Policy policy = managePermission();
|
||||||
if (policy == null) {
|
if (policy != null) {
|
||||||
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
||||||
|
|
||||||
}
|
}
|
||||||
policy = viewPermission();
|
policy = viewPermission();
|
||||||
if (policy == null) {
|
if (policy != null) {
|
||||||
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
||||||
|
|
||||||
}
|
}
|
||||||
policy = mapRolesPermission();
|
policy = mapRolesPermission();
|
||||||
if (policy == null) {
|
if (policy != null) {
|
||||||
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
||||||
|
|
||||||
}
|
}
|
||||||
policy = manageGroupMembershipPermission();
|
policy = manageGroupMembershipPermission();
|
||||||
if (policy == null) {
|
if (policy != null) {
|
||||||
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
||||||
|
|
||||||
}
|
}
|
||||||
policy = adminImpersonatingPermission();
|
policy = adminImpersonatingPermission();
|
||||||
if (policy == null) {
|
if (policy != null) {
|
||||||
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
||||||
|
|
||||||
}
|
}
|
||||||
policy = userImpersonatedPermission();
|
policy = userImpersonatedPermission();
|
||||||
if (policy == null) {
|
if (policy != null) {
|
||||||
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -168,6 +168,10 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer
|
||||||
user.setUsername("child");
|
user.setUsername("child");
|
||||||
user.setEnabled(true);
|
user.setEnabled(true);
|
||||||
childUserId = createUserAndResetPasswordWithAdminClient(realm, user, "password");
|
childUserId = createUserAndResetPasswordWithAdminClient(realm, user, "password");
|
||||||
|
UserRepresentation user2 = new UserRepresentation();
|
||||||
|
user2.setUsername("child2");
|
||||||
|
user2.setEnabled(true);
|
||||||
|
String user2Id = createUserAndResetPasswordWithAdminClient(realm, user2, "password");
|
||||||
|
|
||||||
// have to add a role as undertow default auth manager doesn't like "*". todo we can remove this eventually as undertow fixes this in later versions
|
// have to add a role as undertow default auth manager doesn't like "*". todo we can remove this eventually as undertow fixes this in later versions
|
||||||
realm.roles().create(new RoleRepresentation("user", null, false));
|
realm.roles().create(new RoleRepresentation("user", null, false));
|
||||||
|
@ -175,11 +179,13 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer
|
||||||
List<RoleRepresentation> roles = new LinkedList<>();
|
List<RoleRepresentation> roles = new LinkedList<>();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
realm.users().get(childUserId).roles().realmLevel().add(roles);
|
realm.users().get(childUserId).roles().realmLevel().add(roles);
|
||||||
|
realm.users().get(user2Id).roles().realmLevel().add(roles);
|
||||||
ClientRepresentation brokerService = realm.clients().findByClientId(Constants.BROKER_SERVICE_CLIENT_ID).get(0);
|
ClientRepresentation brokerService = realm.clients().findByClientId(Constants.BROKER_SERVICE_CLIENT_ID).get(0);
|
||||||
role = realm.clients().get(brokerService.getId()).roles().get(Constants.READ_TOKEN_ROLE).toRepresentation();
|
role = realm.clients().get(brokerService.getId()).roles().get(Constants.READ_TOKEN_ROLE).toRepresentation();
|
||||||
roles.clear();
|
roles.clear();
|
||||||
roles.add(role);
|
roles.add(role);
|
||||||
realm.users().get(childUserId).roles().clientLevel(brokerService.getId()).add(roles);
|
realm.users().get(childUserId).roles().clientLevel(brokerService.getId()).add(roles);
|
||||||
|
realm.users().get(user2Id).roles().clientLevel(brokerService.getId()).add(roles);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -192,11 +198,6 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer
|
||||||
BrokerTestTools.createKcOidcBroker(adminClient, CHILD_IDP, PARENT_IDP, suiteContext);
|
BrokerTestTools.createKcOidcBroker(adminClient, CHILD_IDP, PARENT_IDP, suiteContext);
|
||||||
}
|
}
|
||||||
|
|
||||||
// @Test
|
|
||||||
public void testUi() throws Exception {
|
|
||||||
Thread.sleep(1000000000);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testErrorConditions() throws Exception {
|
public void testErrorConditions() throws Exception {
|
||||||
|
@ -388,6 +389,7 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer
|
||||||
String linkUrl = linkBuilder.clone()
|
String linkUrl = linkBuilder.clone()
|
||||||
.queryParam("realm", CHILD_IDP)
|
.queryParam("realm", CHILD_IDP)
|
||||||
.queryParam("provider", PARENT_IDP).build().toString();
|
.queryParam("provider", PARENT_IDP).build().toString();
|
||||||
|
System.out.println("linkUrl: " + linkUrl);
|
||||||
navigateTo(linkUrl);
|
navigateTo(linkUrl);
|
||||||
Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
|
Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
|
||||||
Assert.assertTrue(driver.getPageSource().contains(PARENT_IDP));
|
Assert.assertTrue(driver.getPageSource().contains(PARENT_IDP));
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
*/
|
*/
|
||||||
package org.keycloak.testsuite.adapter.undertow.servlet;
|
package org.keycloak.testsuite.adapter.undertow.servlet;
|
||||||
|
|
||||||
|
import org.junit.Test;
|
||||||
import org.keycloak.testsuite.adapter.servlet.AbstractClientInitiatedAccountLinkTest;
|
import org.keycloak.testsuite.adapter.servlet.AbstractClientInitiatedAccountLinkTest;
|
||||||
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
|
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
|
||||||
|
|
||||||
|
@ -26,4 +27,15 @@ import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
|
||||||
@AppServerContainer("auth-server-undertow")
|
@AppServerContainer("auth-server-undertow")
|
||||||
public class UndertowClientInitiatedAccountLinkTest extends AbstractClientInitiatedAccountLinkTest {
|
public class UndertowClientInitiatedAccountLinkTest extends AbstractClientInitiatedAccountLinkTest {
|
||||||
|
|
||||||
|
//@Test
|
||||||
|
public void testUi() throws Exception {
|
||||||
|
Thread.sleep(1000000000);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
@Test
|
||||||
|
public void testAccountLink() throws Exception {
|
||||||
|
super.testAccountLink();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -84,38 +84,21 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
||||||
}
|
}
|
||||||
public static void setupDemo(KeycloakSession session) {
|
public static void setupDemo(KeycloakSession session) {
|
||||||
RealmModel realm = session.realms().getRealmByName(TEST);
|
RealmModel realm = session.realms().getRealmByName(TEST);
|
||||||
ClientModel client = realm.addClient("sales-pipeline-application");
|
realm.addRole("realm-role");
|
||||||
|
ClientModel client = realm.addClient("sales-application");
|
||||||
RoleModel clientAdmin = client.addRole("admin");
|
RoleModel clientAdmin = client.addRole("admin");
|
||||||
client.addRole("leader-creator");
|
client.addRole("leader-creator");
|
||||||
client.addRole("viewLeads");
|
client.addRole("viewLeads");
|
||||||
ClientModel client2 = realm.addClient("market-analysis-application");
|
|
||||||
RoleModel client2Admin = client2.addRole("admin");
|
|
||||||
client2.addRole("market-manager");
|
|
||||||
client2.addRole("viewMarkets");
|
|
||||||
GroupModel sales = realm.createGroup("sales");
|
GroupModel sales = realm.createGroup("sales");
|
||||||
RoleModel salesAppsAdminRole = realm.addRole("sales-apps-admin");
|
|
||||||
salesAppsAdminRole.addCompositeRole(clientAdmin);
|
|
||||||
salesAppsAdminRole.addCompositeRole(client2Admin);
|
|
||||||
ClientModel realmManagementClient = realm.getClientByClientId("realm-management");
|
|
||||||
RoleModel queryClient = realmManagementClient.getRole(AdminRoles.QUERY_CLIENTS);
|
|
||||||
|
|
||||||
|
|
||||||
UserModel admin = session.users().addUser(realm, "salesManager");
|
UserModel admin = session.users().addUser(realm, "salesManager");
|
||||||
admin.setEnabled(true);
|
admin.setEnabled(true);
|
||||||
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
|
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
|
||||||
admin = session.users().addUser(realm, "sales-group-admin");
|
|
||||||
|
admin = session.users().addUser(realm, "sales-admin");
|
||||||
admin.setEnabled(true);
|
admin.setEnabled(true);
|
||||||
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
|
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
|
||||||
admin = session.users().addUser(realm, "sales-it");
|
|
||||||
admin.setEnabled(true);
|
|
||||||
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
|
|
||||||
admin = session.users().addUser(realm, "sales-pipeline-admin");
|
|
||||||
admin.setEnabled(true);
|
|
||||||
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
|
|
||||||
admin = session.users().addUser(realm, "client-admin");
|
|
||||||
admin.setEnabled(true);
|
|
||||||
admin.grantRole(queryClient);
|
|
||||||
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
|
|
||||||
|
|
||||||
UserModel user = session.users().addUser(realm, "salesman");
|
UserModel user = session.users().addUser(realm, "salesman");
|
||||||
user.setEnabled(true);
|
user.setEnabled(true);
|
||||||
|
|
Loading…
Reference in a new issue