KEYCLOAK-18194 fix migration of default role when realm id contains apostrophe
This commit is contained in:
parent
f0e777c592
commit
2b9b50d50a
4 changed files with 23 additions and 4 deletions
|
@ -59,14 +59,15 @@ public class JpaUpdate13_0_0_MigrateDefaultRoles extends CustomKeycloakTask {
|
|||
// assign the role to the realm
|
||||
new UpdateStatement(null, null, database.correctObjectName("REALM", Table.class))
|
||||
.addNewColumnValue("DEFAULT_ROLE", id)
|
||||
.setWhereClause("REALM.ID = '" + realmId + "'")
|
||||
.setWhereClause("REALM.ID=?")
|
||||
.addWhereParameter(realmId)
|
||||
);
|
||||
|
||||
statements.add(
|
||||
// copy data from REALM_DEFAULT_ROLES to COMPOSITE_ROLE
|
||||
new RawSqlStatement("INSERT INTO " + compositeRoleTable + " (COMPOSITE, CHILD_ROLE) " +
|
||||
"SELECT '" + id + "', ROLE_ID FROM " + getTableName("REALM_DEFAULT_ROLES") +
|
||||
" WHERE REALM_ID = '" + realmId + "'")
|
||||
" WHERE REALM_ID = '" + database.escapeStringForDatabase(realmId) + "'")
|
||||
);
|
||||
statements.add(
|
||||
// copy data from CLIENT_DEFAULT_ROLES to COMPOSITE_ROLE
|
||||
|
@ -74,7 +75,7 @@ public class JpaUpdate13_0_0_MigrateDefaultRoles extends CustomKeycloakTask {
|
|||
"SELECT '" + id + "', " + clientDefaultRolesTable + ".ROLE_ID FROM " +
|
||||
clientDefaultRolesTable + " INNER JOIN " + clientTable + " ON " +
|
||||
clientTable + ".ID = " + clientDefaultRolesTable + ".CLIENT_ID AND " +
|
||||
clientTable + ".REALM_ID = '" + realmId + "'")
|
||||
clientTable + ".REALM_ID = '" + database.escapeStringForDatabase(realmId) + "'")
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -46,6 +46,10 @@ public class JsonFileImport255MigrationTest extends AbstractJsonFileImportMigrat
|
|||
try {
|
||||
reps = ImportUtils.getRealmsFromStream(JsonSerialization.mapper, IOUtil.class.getResourceAsStream("/migration-test/migration-realm-2.5.5.Final.json"));
|
||||
masterRep = reps.remove("master");
|
||||
|
||||
//the realm with special characters in its id is intended for db migration test, not json file test
|
||||
reps.remove("test ' and ; and -- and \"");
|
||||
|
||||
} catch (IOException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
|
|
|
@ -25,6 +25,8 @@ import org.keycloak.testsuite.arquillian.migration.Migration;
|
|||
|
||||
import javax.ws.rs.NotFoundException;
|
||||
import java.util.List;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
|
||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
|
||||
import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
|
||||
|
@ -101,6 +103,14 @@ public class MigrationTest extends AbstractMigrationTest {
|
|||
@Test
|
||||
@Migration(versionFrom = "2.")
|
||||
public void migration2_xTest() throws Exception {
|
||||
//the realm with special characters in its id was succesfully migrated (no error during migration)
|
||||
//removing it now as testMigratedData() expects specific clients and roles
|
||||
//we need to perform the removal via run on server to workaround escaping parameters when using rest call
|
||||
testingClient.server().run(session -> {
|
||||
RealmModel realm = session.realms().getRealm("test ' and ; and -- and \"");
|
||||
new RealmManager(session).removeRealm(realm);
|
||||
});
|
||||
|
||||
testMigratedData();
|
||||
testMigrationTo3_x();
|
||||
testMigrationTo4_x();
|
||||
|
|
|
@ -4631,4 +4631,8 @@
|
|||
"waitIncrementSeconds" : "60"
|
||||
},
|
||||
"keycloakVersion" : "2.5.5.Final"
|
||||
} ]
|
||||
},
|
||||
{
|
||||
"id" : "test ' and ; and -- and \"",
|
||||
"realm" : "test ' and ; and -- and \""
|
||||
}]
|
||||
|
|
Loading…
Reference in a new issue