Filter list of supported OTP applications by current policy (#15113)

Closes #15112
2022-10-24 16:47:16 +02:00 · 2022-10-24 16:47:16 +02:00 · 29b8294dd6
commit 29b8294dd6
parent 71d9b16717
2 changed files with 36 additions and 1 deletions
--- a/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
+++ b/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
@ -458,9 +458,14 @@ public class ModelToRepresentation {
        rep.setOtpPolicyType(otpPolicy.getType());
        rep.setOtpPolicyLookAheadWindow(otpPolicy.getLookAheadWindow());

-        rep.setOtpSupportedApplications(session.getAllProviders(OTPApplicationProvider.class).stream().map(OTPApplicationProvider::getName).collect(Collectors.toList()));
        rep.setOtpPolicyCodeReusable(otpPolicy.isCodeReusable());

+        rep.setOtpSupportedApplications(session.getAllProviders(OTPApplicationProvider.class)
+                .stream()
+                .filter(p -> p.supports(otpPolicy))
+                .map(OTPApplicationProvider::getName)
+                .collect(Collectors.toList()));
+
        WebAuthnPolicy webAuthnPolicy = realm.getWebAuthnPolicy();
        rep.setWebAuthnPolicyRpEntityName(webAuthnPolicy.getRpEntityName());
        rep.setWebAuthnPolicySignatureAlgorithms(webAuthnPolicy.getSignatureAlgorithm());
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
@ -88,6 +88,7 @@ import java.util.stream.Collectors;

 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.containsInAnyOrder;
+import static org.hamcrest.Matchers.hasSize;
 import static org.hamcrest.Matchers.notNullValue;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
@ -875,6 +876,35 @@ public class RealmTest extends AbstractAdminTest {
        }
    }

+    @Test
+    public void testSupportedOTPApplications() {
+        RealmRepresentation rep = new RealmRepresentation();
+        rep.setRealm("new-realm");
+
+        try {
+            adminClient.realms().create(rep);
+
+            RealmResource realm = adminClient.realms().realm("new-realm");
+
+            rep = realm.toRepresentation();
+
+            List<String> supportedApplications = rep.getOtpSupportedApplications();
+            assertThat(supportedApplications, hasSize(2));
+            assertThat(supportedApplications, containsInAnyOrder("totpAppGoogleName", "totpAppFreeOTPName"));
+
+            rep.setOtpPolicyDigits(8);
+            realm.update(rep);
+
+            rep = realm.toRepresentation();
+
+            supportedApplications = rep.getOtpSupportedApplications();
+            assertThat(supportedApplications, hasSize(1));
+            assertThat(supportedApplications, containsInAnyOrder("totpAppFreeOTPName"));
+        } finally {
+            adminClient.realms().realm(rep.getRealm()).remove();
+        }
+    }
+
    private void setupTestAppAndUser() {
        testingClient.testApp().clearAdminActions();