libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

KEYCLOAK-15535 Account Log of user login with realm not available details when update profile

Browse source
This commit is contained in:
Denis 2020-10-13 12:23:59 +02:00 committed by Marek Posolda
parent 78754d1127
commit 23bfaef4bb
10 changed files with 85 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
server-spi-private/src/main/java/org/keycloak/events/Details.java
View file

@ -37,6 +37,12 @@ public interface Details {
String IDENTITY_PROVIDER_USERNAME = "identity_provider_identity";
String REGISTER_METHOD = "register_method";
String USERNAME = "username";
String FIRST_NAME = "first_name";
String LAST_NAME = "last_name";
String PREVIOUS_FIRST_NAME = "previous_first_name";
String UPDATED_FIRST_NAME = "updated_first_name";
String PREVIOUS_LAST_NAME = "previous_last_name";
String UPDATED_LAST_NAME = "updated_last_name";
String REMEMBER_ME = "remember_me";
String TOKEN_ID = "token_id";
String REFRESH_TOKEN_ID = "refresh_token_id";

7
services/src/main/java/org/keycloak/authentication/forms/RegistrationUserCreation.java
View file

@ -75,11 +75,14 @@ public class RegistrationUserCreation implements FormAction, FormActionFactory {
UserProfile newProfile = result.getProfile();
String email = newProfile.getAttributes().getFirstAttribute(UserModel.EMAIL);
String username = newProfile.getAttributes().getFirstAttribute(UserModel.USERNAME);
String firstName = newProfile.getAttributes().getFirstAttribute(UserModel.FIRST_NAME);
String lastName = newProfile.getAttributes().getFirstAttribute(UserModel.LAST_NAME);
context.getEvent().detail(Details.EMAIL, email);
String username = newProfile.getAttributes().getFirstAttribute(UserModel.USERNAME);
context.getEvent().detail(Details.USERNAME, username);
context.getEvent().detail(Details.FIRST_NAME, firstName);
context.getEvent().detail(Details.LAST_NAME, lastName);
List<FormMessage> errors = Validation.getFormErrorsFromValidation(result);
if (context.getRealm().isRegistrationEmailAsUsername()) {

13
services/src/main/java/org/keycloak/authentication/requiredactions/UpdateProfile.java
View file

@ -69,6 +69,9 @@ public class UpdateProfile implements RequiredActionProvider, RequiredActionFact
event.event(EventType.UPDATE_PROFILE);
MultivaluedMap<String, String> formData = context.getHttpRequest().getDecodedFormParameters();
UserModel user = context.getUser();
String oldFirstName = user.getFirstName();
String oldLastName = user.getLastName();
String oldEmail = user.getEmail();
UserProfileValidationResult result = forUpdateProfile(user, formData, context.getSession()).validate();
final UserProfile updatedProfile = result.getProfile();
@ -84,11 +87,19 @@ public class UpdateProfile implements RequiredActionProvider, RequiredActionFact
}
String newEmail = updatedProfile.getAttributes().getFirstAttribute(UserModel.EMAIL);
String newFirstName = updatedProfile.getAttributes().getFirstAttribute(UserModel.FIRST_NAME);
String newLastName = updatedProfile.getAttributes().getFirstAttribute(UserModel.LAST_NAME);
UserUpdateHelper.updateUserProfile(context.getRealm(), user, updatedProfile);
if (result.hasAttributeChanged(UserModel.FIRST_NAME)) {
event.detail(Details.PREVIOUS_FIRST_NAME, oldFirstName).detail(Details.UPDATED_FIRST_NAME, newFirstName);
}
if (result.hasAttributeChanged(UserModel.LAST_NAME)) {
event.detail(Details.PREVIOUS_LAST_NAME, oldLastName).detail(Details.UPDATED_LAST_NAME, newLastName);
}
if (result.hasAttributeChanged(UserModel.EMAIL)) {
user.setEmailVerified(false);
event.clone().event(EventType.UPDATE_EMAIL).detail(Details.PREVIOUS_EMAIL, oldEmail).detail(Details.UPDATED_EMAIL, newEmail).success();
event.detail(Details.PREVIOUS_EMAIL, oldEmail).detail(Details.UPDATED_EMAIL, newEmail);
}
context.success();

14
services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java
View file

@ -364,6 +364,9 @@ public class AccountFormService extends AbstractSecuredLocalService {
csrfCheck(formData);
UserModel user = auth.getUser();
String oldFirstName = user.getFirstName();
String oldLastName = user.getLastName();
String oldEmail = user.getEmail();
event.event(EventType.UPDATE_PROFILE).client(auth.getClient()).user(auth.getUser());
@ -386,6 +389,9 @@ public class AccountFormService extends AbstractSecuredLocalService {
UserProfile updatedProfile = result.getProfile();
String newEmail = updatedProfile.getAttributes().getFirstAttribute(UserModel.EMAIL);
String newFirstName = updatedProfile.getAttributes().getFirstAttribute(UserModel.FIRST_NAME);
String newLastName = updatedProfile.getAttributes().getFirstAttribute(UserModel.LAST_NAME);
try {
// backward compatibility with old account console where attributes are not removed if missing
@ -395,9 +401,15 @@ public class AccountFormService extends AbstractSecuredLocalService {
return account.setError(Response.Status.BAD_REQUEST, Messages.READ_ONLY_USER).setProfileFormData(formData).createResponse(AccountPages.ACCOUNT);
}
if (result.hasAttributeChanged(UserModel.FIRST_NAME)) {
event.detail(Details.PREVIOUS_FIRST_NAME, oldFirstName).detail(Details.UPDATED_FIRST_NAME, newFirstName);
}
if (result.hasAttributeChanged(UserModel.LAST_NAME)) {
event.detail(Details.PREVIOUS_LAST_NAME, oldLastName).detail(Details.UPDATED_LAST_NAME, newLastName);
}
if (result.hasAttributeChanged(UserModel.EMAIL)) {
user.setEmailVerified(false);
event.clone().event(EventType.UPDATE_EMAIL).detail(Details.PREVIOUS_EMAIL, oldEmail).detail(Details.UPDATED_EMAIL, newEmail).success();
event.detail(Details.PREVIOUS_EMAIL, oldEmail).detail(Details.UPDATED_EMAIL, newEmail);
}
event.success();

6
services/src/main/java/org/keycloak/services/resources/account/Constants.java
View file

@ -38,6 +38,12 @@ public class Constants {
EXPOSED_LOG_DETAILS.add(Details.UPDATED_EMAIL);
EXPOSED_LOG_DETAILS.add(Details.EMAIL);
EXPOSED_LOG_DETAILS.add(Details.PREVIOUS_EMAIL);
EXPOSED_LOG_DETAILS.add(Details.FIRST_NAME);
EXPOSED_LOG_DETAILS.add(Details.LAST_NAME);
EXPOSED_LOG_DETAILS.add(Details.UPDATED_FIRST_NAME);
EXPOSED_LOG_DETAILS.add(Details.PREVIOUS_FIRST_NAME);
EXPOSED_LOG_DETAILS.add(Details.UPDATED_LAST_NAME);
EXPOSED_LOG_DETAILS.add(Details.PREVIOUS_LAST_NAME);
EXPOSED_LOG_DETAILS.add(Details.USERNAME);
EXPOSED_LOG_DETAILS.add(Details.REMEMBER_ME);
EXPOSED_LOG_DETAILS.add(Details.REGISTER_METHOD);

9
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountFormServiceTest.java
View file

@ -713,8 +713,10 @@ public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
Assert.assertEquals("New last", profilePage.getLastName());
Assert.assertEquals("new@email.com", profilePage.getEmail());
events.expectAccount(EventType.UPDATE_EMAIL).detail(Details.PREVIOUS_EMAIL, "test-user@localhost").detail(Details.UPDATED_EMAIL, "new@email.com").assertEvent();
events.expectAccount(EventType.UPDATE_PROFILE).assertEvent();
events.expectAccount(EventType.UPDATE_PROFILE).detail(Details.PREVIOUS_FIRST_NAME, "Tom").detail(Details.UPDATED_FIRST_NAME, "New first")
.detail(Details.PREVIOUS_LAST_NAME, "Brady").detail(Details.UPDATED_LAST_NAME, "New last")
.detail(Details.PREVIOUS_EMAIL, "test-user@localhost").detail(Details.UPDATED_EMAIL, "new@email.com")
.assertEvent();
// reset user for other tests
profilePage.updateProfile("Tom", "Brady", "test-user@localhost");
@ -755,8 +757,7 @@ public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
Assert.assertEquals("New last", profilePage.getLastName());
Assert.assertEquals("new@email.com", profilePage.getEmail());
events.expectAccount(EventType.UPDATE_EMAIL).detail(Details.PREVIOUS_EMAIL, "test-user@localhost").detail(Details.UPDATED_EMAIL, "new@email.com").assertEvent();
events.expectAccount(EventType.UPDATE_PROFILE).assertEvent();
events.expectAccount(EventType.UPDATE_PROFILE).detail(Details.PREVIOUS_EMAIL, "test-user@localhost").detail(Details.UPDATED_EMAIL, "new@email.com").assertEvent();
user = userResource.toRepresentation();
assertNotNull(user.getAttributes());

20
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/AppInitiatedActionUpdateProfileTest.java
View file

@ -82,8 +82,10 @@ public class AppInitiatedActionUpdateProfileTest extends AbstractAppInitiatedAct
updateProfilePage.update("New first", "New last", "new@email.com", "test-user@localhost");
events.expectRequiredAction(EventType.UPDATE_EMAIL).detail(Details.PREVIOUS_EMAIL, "test-user@localhost").detail(Details.UPDATED_EMAIL, "new@email.com").assertEvent();
events.expectRequiredAction(EventType.UPDATE_PROFILE).assertEvent();
events.expectRequiredAction(EventType.UPDATE_PROFILE).detail(Details.PREVIOUS_FIRST_NAME, "Tom").detail(Details.UPDATED_FIRST_NAME, "New first")
.detail(Details.PREVIOUS_LAST_NAME, "Brady").detail(Details.UPDATED_LAST_NAME, "New last")
.detail(Details.PREVIOUS_EMAIL, "test-user@localhost").detail(Details.UPDATED_EMAIL, "new@email.com")
.assertEvent();
events.expectLogin().assertEvent();
assertKcActionStatus("success");
@ -111,8 +113,11 @@ public class AppInitiatedActionUpdateProfileTest extends AbstractAppInitiatedAct
updateProfilePage.update("New first", "New last", "new@email.com", "test-user@localhost");
events.expectLogin().assertEvent();
events.expectRequiredAction(EventType.UPDATE_EMAIL).detail(Details.PREVIOUS_EMAIL, "test-user@localhost").detail(Details.UPDATED_EMAIL, "new@email.com").assertEvent();
events.expectRequiredAction(EventType.UPDATE_PROFILE).assertEvent();
events.expectRequiredAction(EventType.UPDATE_PROFILE).detail(Details.PREVIOUS_FIRST_NAME, "Tom").detail(Details.UPDATED_FIRST_NAME, "New first")
.detail(Details.PREVIOUS_LAST_NAME, "Brady").detail(Details.UPDATED_LAST_NAME, "New last")
.detail(Details.PREVIOUS_EMAIL, "test-user@localhost").detail(Details.UPDATED_EMAIL, "new@email.com")
.assertEvent();
events.expectLogin().assertEvent();
assertKcActionStatus("success");
@ -159,9 +164,12 @@ public class AppInitiatedActionUpdateProfileTest extends AbstractAppInitiatedAct
events.expectLogin()
.event(EventType.UPDATE_PROFILE)
.detail(Details.PREVIOUS_FIRST_NAME, "John")
.detail(Details.UPDATED_FIRST_NAME, "New first")
.detail(Details.PREVIOUS_LAST_NAME, "Doh")
.detail(Details.UPDATED_LAST_NAME, "New last")
.detail(Details.USERNAME, "john-doh@localhost")
.user(userId)
.session(Matchers.nullValue(String.class))
.user(userId).session(Matchers.nullValue(String.class))
.removeDetail(Details.CONSENT)
.assertEvent();

11
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionMultipleActionsTest.java
View file

@ -96,17 +96,16 @@ public class RequiredActionMultipleActionsTest extends AbstractTestRealmKeycloak
public String updateProfile(String codeId) {
updateProfilePage.update("New first", "New last", "new@email.com", "test-user@localhost");
AssertEvents.ExpectedEvent expectedEvent = events.expectRequiredAction(EventType.UPDATE_EMAIL)
AssertEvents.ExpectedEvent expectedEvent = events.expectRequiredAction(EventType.UPDATE_PROFILE)
.detail(Details.UPDATED_FIRST_NAME, "New first")
.detail(Details.UPDATED_LAST_NAME, "New last")
.detail(Details.PREVIOUS_EMAIL, "test-user@localhost")
.detail(Details.UPDATED_EMAIL, "new@email.com");
if (codeId != null) {
expectedEvent.detail(Details.CODE_ID, codeId);
}
codeId = expectedEvent.assertEvent().getDetails().get(Details.CODE_ID);
events.expectRequiredAction(EventType.UPDATE_PROFILE)
.detail(Details.CODE_ID, codeId)
.assertEvent();
return codeId;
return expectedEvent.assertEvent().getDetails().get(Details.CODE_ID);
}
}

18
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionPriorityTest.java
View file

@ -107,11 +107,13 @@ public class RequiredActionPriorityTest extends AbstractTestRealmKeycloakTest {
// Finally, update profile
updateProfilePage.assertCurrent();
updateProfilePage.update("New first", "New last", "new@email.com", "test-user@localhost");
events.expectRequiredAction(EventType.UPDATE_EMAIL).detail(Details.PREVIOUS_EMAIL, "test-user@localhost")
.detail(Details.UPDATED_EMAIL, "new@email.com").assertEvent();
events.expectRequiredAction(EventType.UPDATE_PROFILE).assertEvent();
events.expectRequiredAction(EventType.UPDATE_PROFILE).detail(Details.UPDATED_FIRST_NAME, "New first")
.detail(Details.UPDATED_LAST_NAME, "New last")
.detail(Details.PREVIOUS_EMAIL, "test-user@localhost")
.detail(Details.UPDATED_EMAIL, "new@email.com")
.assertEvent();
// Logined
// Logged in
appPage.assertCurrent();
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
@ -139,9 +141,11 @@ public class RequiredActionPriorityTest extends AbstractTestRealmKeycloakTest {
// Second, update profile
updateProfilePage.assertCurrent();
updateProfilePage.update("New first", "New last", "new@email.com", "test-user@localhost");
events.expectRequiredAction(EventType.UPDATE_EMAIL).detail(Details.PREVIOUS_EMAIL, "test-user@localhost")
.detail(Details.UPDATED_EMAIL, "new@email.com").assertEvent();
events.expectRequiredAction(EventType.UPDATE_PROFILE).assertEvent();
events.expectRequiredAction(EventType.UPDATE_PROFILE).detail(Details.UPDATED_FIRST_NAME, "New first")
.detail(Details.UPDATED_LAST_NAME, "New last")
.detail(Details.PREVIOUS_EMAIL, "test-user@localhost")
.detail(Details.UPDATED_EMAIL, "new@email.com")
.assertEvent();
// Finally, accept terms
termsPage.assertCurrent();

18
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java
View file

@ -102,9 +102,11 @@ public class RequiredActionUpdateProfileTest extends AbstractTestRealmKeycloakTe
updateProfilePage.update("New first", "New last", "new@email.com", "test-user@localhost");
events.expectRequiredAction(EventType.UPDATE_EMAIL).detail(Details.PREVIOUS_EMAIL, "test-user@localhost").detail(Details.UPDATED_EMAIL, "new@email.com").assertEvent();
events.expectRequiredAction(EventType.UPDATE_PROFILE).assertEvent();
events.expectRequiredAction(EventType.UPDATE_PROFILE).detail(Details.PREVIOUS_FIRST_NAME, "Tom").detail(Details.UPDATED_FIRST_NAME, "New first")
.detail(Details.PREVIOUS_LAST_NAME, "Brady").detail(Details.UPDATED_LAST_NAME, "New last")
.detail(Details.PREVIOUS_EMAIL, "test-user@localhost").detail(Details.UPDATED_EMAIL, "new@email.com")
.detail(Details.PREVIOUS_EMAIL, "test-user@localhost").detail(Details.UPDATED_EMAIL, "new@email.com")
.assertEvent();
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
@ -129,12 +131,9 @@ public class RequiredActionUpdateProfileTest extends AbstractTestRealmKeycloakTe
updateProfilePage.update("New first", "New last", "john-doh@localhost", "new");
events.expectLogin()
.event(EventType.UPDATE_PROFILE)
events.expectLogin().event(EventType.UPDATE_PROFILE).detail(Details.UPDATED_FIRST_NAME, "New first").user(userId).session(Matchers.nullValue(String.class)).removeDetail(Details.CONSENT)
.detail(Details.UPDATED_LAST_NAME, "New last").user(userId).session(Matchers.nullValue(String.class)).removeDetail(Details.CONSENT)
.detail(Details.USERNAME, "john-doh@localhost")
.user(userId)
.session(Matchers.nullValue(String.class))
.removeDetail(Details.CONSENT)
.assertEvent();
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
@ -344,8 +343,7 @@ public class RequiredActionUpdateProfileTest extends AbstractTestRealmKeycloakTe
updateProfilePage.update("New first", "New last", "new@email.com", "test-user@localhost");
events.expectRequiredAction(EventType.UPDATE_EMAIL).detail(Details.PREVIOUS_EMAIL, "test-user@localhost").detail(Details.UPDATED_EMAIL, "new@email.com").assertEvent();
events.expectRequiredAction(EventType.UPDATE_PROFILE).assertEvent();
events.expectRequiredAction(EventType.UPDATE_PROFILE).detail(Details.PREVIOUS_EMAIL, "test-user@localhost").detail(Details.UPDATED_EMAIL, "new@email.com").assertEvent();
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());