From 29b8294dd6c9332b1d8f88c70165691d4246043a Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Mon, 24 Oct 2022 16:47:16 +0200 Subject: [PATCH] Filter list of supported OTP applications by current policy (#15113) Closes #15112 --- .../models/utils/ModelToRepresentation.java | 7 ++++- .../testsuite/admin/realm/RealmTest.java | 30 +++++++++++++++++++ 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java b/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java index a189c415de..729472fb0c 100755 --- a/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java +++ b/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java @@ -458,9 +458,14 @@ public class ModelToRepresentation { rep.setOtpPolicyType(otpPolicy.getType()); rep.setOtpPolicyLookAheadWindow(otpPolicy.getLookAheadWindow()); - rep.setOtpSupportedApplications(session.getAllProviders(OTPApplicationProvider.class).stream().map(OTPApplicationProvider::getName).collect(Collectors.toList())); rep.setOtpPolicyCodeReusable(otpPolicy.isCodeReusable()); + rep.setOtpSupportedApplications(session.getAllProviders(OTPApplicationProvider.class) + .stream() + .filter(p -> p.supports(otpPolicy)) + .map(OTPApplicationProvider::getName) + .collect(Collectors.toList())); + WebAuthnPolicy webAuthnPolicy = realm.getWebAuthnPolicy(); rep.setWebAuthnPolicyRpEntityName(webAuthnPolicy.getRpEntityName()); rep.setWebAuthnPolicySignatureAlgorithms(webAuthnPolicy.getSignatureAlgorithm()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java index 5345f4797d..5225b562a6 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java @@ -88,6 +88,7 @@ import java.util.stream.Collectors; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.containsInAnyOrder; +import static org.hamcrest.Matchers.hasSize; import static org.hamcrest.Matchers.notNullValue; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; @@ -875,6 +876,35 @@ public class RealmTest extends AbstractAdminTest { } } + @Test + public void testSupportedOTPApplications() { + RealmRepresentation rep = new RealmRepresentation(); + rep.setRealm("new-realm"); + + try { + adminClient.realms().create(rep); + + RealmResource realm = adminClient.realms().realm("new-realm"); + + rep = realm.toRepresentation(); + + List supportedApplications = rep.getOtpSupportedApplications(); + assertThat(supportedApplications, hasSize(2)); + assertThat(supportedApplications, containsInAnyOrder("totpAppGoogleName", "totpAppFreeOTPName")); + + rep.setOtpPolicyDigits(8); + realm.update(rep); + + rep = realm.toRepresentation(); + + supportedApplications = rep.getOtpSupportedApplications(); + assertThat(supportedApplications, hasSize(1)); + assertThat(supportedApplications, containsInAnyOrder("totpAppFreeOTPName")); + } finally { + adminClient.realms().realm(rep.getRealm()).remove(); + } + } + private void setupTestAppAndUser() { testingClient.testApp().clearAdminActions();