Merge pull request #4274 from patriot1burke/master

bad logic will result in NPE
This commit is contained in:
Bill Burke 2017-06-29 21:36:12 -04:00 committed by GitHub
commit 19bdf09e3d
4 changed files with 29 additions and 32 deletions

View file

@ -157,32 +157,32 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme
ResourceServer server = root.realmResourceServer(); ResourceServer server = root.realmResourceServer();
if (server == null) return; if (server == null) return;
Policy policy = managePermission(); Policy policy = managePermission();
if (policy == null) { if (policy != null) {
authz.getStoreFactory().getPolicyStore().delete(policy.getId()); authz.getStoreFactory().getPolicyStore().delete(policy.getId());
} }
policy = viewPermission(); policy = viewPermission();
if (policy == null) { if (policy != null) {
authz.getStoreFactory().getPolicyStore().delete(policy.getId()); authz.getStoreFactory().getPolicyStore().delete(policy.getId());
} }
policy = mapRolesPermission(); policy = mapRolesPermission();
if (policy == null) { if (policy != null) {
authz.getStoreFactory().getPolicyStore().delete(policy.getId()); authz.getStoreFactory().getPolicyStore().delete(policy.getId());
} }
policy = manageGroupMembershipPermission(); policy = manageGroupMembershipPermission();
if (policy == null) { if (policy != null) {
authz.getStoreFactory().getPolicyStore().delete(policy.getId()); authz.getStoreFactory().getPolicyStore().delete(policy.getId());
} }
policy = adminImpersonatingPermission(); policy = adminImpersonatingPermission();
if (policy == null) { if (policy != null) {
authz.getStoreFactory().getPolicyStore().delete(policy.getId()); authz.getStoreFactory().getPolicyStore().delete(policy.getId());
} }
policy = userImpersonatedPermission(); policy = userImpersonatedPermission();
if (policy == null) { if (policy != null) {
authz.getStoreFactory().getPolicyStore().delete(policy.getId()); authz.getStoreFactory().getPolicyStore().delete(policy.getId());
} }

View file

@ -168,6 +168,10 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer
user.setUsername("child"); user.setUsername("child");
user.setEnabled(true); user.setEnabled(true);
childUserId = createUserAndResetPasswordWithAdminClient(realm, user, "password"); childUserId = createUserAndResetPasswordWithAdminClient(realm, user, "password");
UserRepresentation user2 = new UserRepresentation();
user2.setUsername("child2");
user2.setEnabled(true);
String user2Id = createUserAndResetPasswordWithAdminClient(realm, user2, "password");
// have to add a role as undertow default auth manager doesn't like "*". todo we can remove this eventually as undertow fixes this in later versions // have to add a role as undertow default auth manager doesn't like "*". todo we can remove this eventually as undertow fixes this in later versions
realm.roles().create(new RoleRepresentation("user", null, false)); realm.roles().create(new RoleRepresentation("user", null, false));
@ -175,11 +179,13 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer
List<RoleRepresentation> roles = new LinkedList<>(); List<RoleRepresentation> roles = new LinkedList<>();
roles.add(role); roles.add(role);
realm.users().get(childUserId).roles().realmLevel().add(roles); realm.users().get(childUserId).roles().realmLevel().add(roles);
realm.users().get(user2Id).roles().realmLevel().add(roles);
ClientRepresentation brokerService = realm.clients().findByClientId(Constants.BROKER_SERVICE_CLIENT_ID).get(0); ClientRepresentation brokerService = realm.clients().findByClientId(Constants.BROKER_SERVICE_CLIENT_ID).get(0);
role = realm.clients().get(brokerService.getId()).roles().get(Constants.READ_TOKEN_ROLE).toRepresentation(); role = realm.clients().get(brokerService.getId()).roles().get(Constants.READ_TOKEN_ROLE).toRepresentation();
roles.clear(); roles.clear();
roles.add(role); roles.add(role);
realm.users().get(childUserId).roles().clientLevel(brokerService.getId()).add(roles); realm.users().get(childUserId).roles().clientLevel(brokerService.getId()).add(roles);
realm.users().get(user2Id).roles().clientLevel(brokerService.getId()).add(roles);
} }
@ -192,11 +198,6 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer
BrokerTestTools.createKcOidcBroker(adminClient, CHILD_IDP, PARENT_IDP, suiteContext); BrokerTestTools.createKcOidcBroker(adminClient, CHILD_IDP, PARENT_IDP, suiteContext);
} }
// @Test
public void testUi() throws Exception {
Thread.sleep(1000000000);
}
@Test @Test
public void testErrorConditions() throws Exception { public void testErrorConditions() throws Exception {
@ -388,6 +389,7 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer
String linkUrl = linkBuilder.clone() String linkUrl = linkBuilder.clone()
.queryParam("realm", CHILD_IDP) .queryParam("realm", CHILD_IDP)
.queryParam("provider", PARENT_IDP).build().toString(); .queryParam("provider", PARENT_IDP).build().toString();
System.out.println("linkUrl: " + linkUrl);
navigateTo(linkUrl); navigateTo(linkUrl);
Assert.assertTrue(loginPage.isCurrent(CHILD_IDP)); Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
Assert.assertTrue(driver.getPageSource().contains(PARENT_IDP)); Assert.assertTrue(driver.getPageSource().contains(PARENT_IDP));

View file

@ -16,6 +16,7 @@
*/ */
package org.keycloak.testsuite.adapter.undertow.servlet; package org.keycloak.testsuite.adapter.undertow.servlet;
import org.junit.Test;
import org.keycloak.testsuite.adapter.servlet.AbstractClientInitiatedAccountLinkTest; import org.keycloak.testsuite.adapter.servlet.AbstractClientInitiatedAccountLinkTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
@ -26,4 +27,15 @@ import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
@AppServerContainer("auth-server-undertow") @AppServerContainer("auth-server-undertow")
public class UndertowClientInitiatedAccountLinkTest extends AbstractClientInitiatedAccountLinkTest { public class UndertowClientInitiatedAccountLinkTest extends AbstractClientInitiatedAccountLinkTest {
//@Test
public void testUi() throws Exception {
Thread.sleep(1000000000);
}
@Override
@Test
public void testAccountLink() throws Exception {
super.testAccountLink();
}
} }

View file

@ -84,38 +84,21 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
} }
public static void setupDemo(KeycloakSession session) { public static void setupDemo(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName(TEST); RealmModel realm = session.realms().getRealmByName(TEST);
ClientModel client = realm.addClient("sales-pipeline-application"); realm.addRole("realm-role");
ClientModel client = realm.addClient("sales-application");
RoleModel clientAdmin = client.addRole("admin"); RoleModel clientAdmin = client.addRole("admin");
client.addRole("leader-creator"); client.addRole("leader-creator");
client.addRole("viewLeads"); client.addRole("viewLeads");
ClientModel client2 = realm.addClient("market-analysis-application");
RoleModel client2Admin = client2.addRole("admin");
client2.addRole("market-manager");
client2.addRole("viewMarkets");
GroupModel sales = realm.createGroup("sales"); GroupModel sales = realm.createGroup("sales");
RoleModel salesAppsAdminRole = realm.addRole("sales-apps-admin");
salesAppsAdminRole.addCompositeRole(clientAdmin);
salesAppsAdminRole.addCompositeRole(client2Admin);
ClientModel realmManagementClient = realm.getClientByClientId("realm-management");
RoleModel queryClient = realmManagementClient.getRole(AdminRoles.QUERY_CLIENTS);
UserModel admin = session.users().addUser(realm, "salesManager"); UserModel admin = session.users().addUser(realm, "salesManager");
admin.setEnabled(true); admin.setEnabled(true);
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password")); session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
admin = session.users().addUser(realm, "sales-group-admin");
admin = session.users().addUser(realm, "sales-admin");
admin.setEnabled(true); admin.setEnabled(true);
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password")); session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
admin = session.users().addUser(realm, "sales-it");
admin.setEnabled(true);
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
admin = session.users().addUser(realm, "sales-pipeline-admin");
admin.setEnabled(true);
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
admin = session.users().addUser(realm, "client-admin");
admin.setEnabled(true);
admin.grantRole(queryClient);
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
UserModel user = session.users().addUser(realm, "salesman"); UserModel user = session.users().addUser(realm, "salesman");
user.setEnabled(true); user.setEnabled(true);