libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

KEYCLOAK-7562 Fix ClientInitiatedAccountLinkTest#testErrorConditions

Browse source
This commit is contained in:
mposolda 2018-08-01 11:17:36 +02:00 committed by Marek Posolda
parent f99299ee39
commit 29da7d3d90
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
View file

@ -45,6 +45,7 @@ import org.keycloak.models.AccountRoles;
import org.keycloak.models.AuthenticatedClientSessionModel; import org.keycloak.models.AuthenticatedClientSessionModel;
import org.keycloak.models.AuthenticationFlowModel; import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.ClientModel; import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionContext;
import org.keycloak.models.Constants; import org.keycloak.models.Constants;
import org.keycloak.models.FederatedIdentityModel; import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.IdentityProviderMapperModel; import org.keycloak.models.IdentityProviderMapperModel;
@ -80,6 +81,7 @@ import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.account.AccountFormService; import org.keycloak.services.resources.account.AccountFormService;
import org.keycloak.services.util.BrowserHistoryHelper; import org.keycloak.services.util.BrowserHistoryHelper;
import org.keycloak.services.util.CacheControlUtil; import org.keycloak.services.util.CacheControlUtil;
import org.keycloak.services.util.DefaultClientSessionContext;
import org.keycloak.services.validation.Validation; import org.keycloak.services.validation.Validation;
import org.keycloak.sessions.AuthenticationSessionModel; import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.sessions.RootAuthenticationSessionModel; import org.keycloak.sessions.RootAuthenticationSessionModel;
@ -262,7 +264,10 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
ClientModel accountService = this.realmModel.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID); ClientModel accountService = this.realmModel.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
if (!accountService.getId().equals(client.getId())) { if (!accountService.getId().equals(client.getId())) {
RoleModel manageAccountRole = accountService.getRole(AccountRoles.MANAGE_ACCOUNT); RoleModel manageAccountRole = accountService.getRole(AccountRoles.MANAGE_ACCOUNT);
Set<RoleModel> userAccountRoles = cookieResult.getUser().getClientRoleMappings(accountService);
// Ensure user has role and client has "role scope" for this role
ClientSessionContext ctx = DefaultClientSessionContext.fromClientSessionScopeParameter(clientSession);
Set<RoleModel> userAccountRoles = ctx.getRoles();
if (!userAccountRoles.contains(manageAccountRole)) { if (!userAccountRoles.contains(manageAccountRole)) {
RoleModel linkRole = accountService.getRole(AccountRoles.MANAGE_ACCOUNT_LINKS); RoleModel linkRole = accountService.getRole(AccountRoles.MANAGE_ACCOUNT_LINKS);

1
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/ClientInitiatedAccountLinkTest.java
View file

@ -205,7 +205,6 @@ public class ClientInitiatedAccountLinkTest extends AbstractServletsAdapterTest
@Test @Test
@Ignore("KEYCLOAK-7562")
public void testErrorConditions() throws Exception { public void testErrorConditions() throws Exception {
RealmResource realm = adminClient.realms().realm(CHILD_IDP); RealmResource realm = adminClient.realms().realm(CHILD_IDP);