KEYCLOAK-12742 Authentication -> WebAuthn Policy: Unable to delete the Acceptable AAGUIDS via the provided minus (-) button, once set (#6695)

2020-01-24 11:55:20 +01:00 · 2020-01-24 11:55:20 +01:00 · 24c6e2ba08
commit 24c6e2ba08
parent 303861f7e8
3 changed files with 21 additions and 18 deletions
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
@ -1034,8 +1034,9 @@ public class RealmAdapter implements RealmModel, JpaModel<RealmEntity> {
        if (acceptableAaguids != null && !acceptableAaguids.isEmpty()) {
            String acceptableAaguidsString = String.join(",", acceptableAaguids);
            setAttribute(RealmAttributes.WEBAUTHN_POLICY_ACCEPTABLE_AAGUIDS, acceptableAaguidsString);
+        } else {
+            removeAttribute(RealmAttributes.WEBAUTHN_POLICY_ACCEPTABLE_AAGUIDS);
        }
-
    }

    @Override
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
@ -68,13 +68,7 @@ import javax.ws.rs.BadRequestException;
 import javax.ws.rs.NotFoundException;
 import javax.ws.rs.core.Response;
 import java.io.IOException;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 import java.util.stream.Collectors;

 import static org.hamcrest.Matchers.containsInAnyOrder;
@ -446,10 +440,15 @@ public class RealmTest extends AbstractAdminTest {
    public void updateRealmAttributes() {
        // first change
        RealmRepresentation rep = new RealmRepresentation();
+        List<String> webAuthnPolicyAcceptableAaguids = new ArrayList<>();
+        webAuthnPolicyAcceptableAaguids.add("aaguid1");
+        webAuthnPolicyAcceptableAaguids.add("aaguid2");
+
        rep.setAttributes(new HashMap<>());
        rep.getAttributes().put("foo1", "bar1");
        rep.getAttributes().put("foo2", "bar2");

+        rep.setWebAuthnPolicyAcceptableAaguids(webAuthnPolicyAcceptableAaguids);
        rep.setBruteForceProtected(true);
        rep.setDisplayName("dn1");

@ -457,17 +456,19 @@ public class RealmTest extends AbstractAdminTest {
        assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);

        rep = realm.toRepresentation();
-
        assertEquals("bar1", rep.getAttributes().get("foo1"));
        assertEquals("bar2", rep.getAttributes().get("foo2"));
        assertTrue(rep.isBruteForceProtected());
        assertEquals("dn1", rep.getDisplayName());
+        assertEquals(webAuthnPolicyAcceptableAaguids, rep.getWebAuthnPolicyAcceptableAaguids());

        // second change
+        webAuthnPolicyAcceptableAaguids.clear();
        rep.setBruteForceProtected(false);
        rep.setDisplayName("dn2");
        rep.getAttributes().put("foo1", "bar11");
        rep.getAttributes().remove("foo2");
+        rep.setWebAuthnPolicyAcceptableAaguids(webAuthnPolicyAcceptableAaguids);

        realm.update(rep);
        assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
@ -479,6 +480,7 @@ public class RealmTest extends AbstractAdminTest {

        assertEquals("bar11", rep.getAttributes().get("foo1"));
        assertFalse(rep.getAttributes().containsKey("foo2"));
+        assertTrue(rep.getWebAuthnPolicyAcceptableAaguids().isEmpty());
    }

    @Test
--- a/themes/src/main/resources/theme/base/admin/resources/partials/webauthn-policy.html
+++ b/themes/src/main/resources/theme/base/admin/resources/partials/webauthn-policy.html
@ -125,7 +125,7 @@
            <label for="type" class="col-md-2 control-label">{{:: 'webauthn-acceptable-aaguids' | translate}}</label>
            <div class="col-sm-4">
                <div class="input-group" ng-repeat="(i, acceptableAaguid) in realm.webAuthnPolicyAcceptableAaguids track by $index">
-                    <input class="form-control" ng-model="realm.webAuthnPolicyAcceptableAaguids[i]">
+                    <input id="type" class="form-control" ng-model="realm.webAuthnPolicyAcceptableAaguids[i]">
                    <div class="input-group-btn">
                        <button class="btn btn-default" type="button" data-ng-click="deleteAcceptableAaguid($index)">
                            <span class="fa fa-minus"></span>