From 2b9b50d50a0abd7065ec9aa22bc71dc6540258d7 Mon Sep 17 00:00:00 2001 From: vramik Date: Thu, 24 Jun 2021 16:10:50 +0200 Subject: [PATCH] KEYCLOAK-18194 fix migration of default role when realm id contains apostrophe --- .../custom/JpaUpdate13_0_0_MigrateDefaultRoles.java | 7 ++++--- .../migration/JsonFileImport255MigrationTest.java | 4 ++++ .../keycloak/testsuite/migration/MigrationTest.java | 10 ++++++++++ .../migration-test/migration-realm-2.5.5.Final.json | 6 +++++- 4 files changed, 23 insertions(+), 4 deletions(-) diff --git a/model/jpa/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/JpaUpdate13_0_0_MigrateDefaultRoles.java b/model/jpa/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/JpaUpdate13_0_0_MigrateDefaultRoles.java index 81860723ec..a61c88b649 100644 --- a/model/jpa/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/JpaUpdate13_0_0_MigrateDefaultRoles.java +++ b/model/jpa/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/JpaUpdate13_0_0_MigrateDefaultRoles.java @@ -59,14 +59,15 @@ public class JpaUpdate13_0_0_MigrateDefaultRoles extends CustomKeycloakTask { // assign the role to the realm new UpdateStatement(null, null, database.correctObjectName("REALM", Table.class)) .addNewColumnValue("DEFAULT_ROLE", id) - .setWhereClause("REALM.ID = '" + realmId + "'") + .setWhereClause("REALM.ID=?") + .addWhereParameter(realmId) ); statements.add( // copy data from REALM_DEFAULT_ROLES to COMPOSITE_ROLE new RawSqlStatement("INSERT INTO " + compositeRoleTable + " (COMPOSITE, CHILD_ROLE) " + "SELECT '" + id + "', ROLE_ID FROM " + getTableName("REALM_DEFAULT_ROLES") + - " WHERE REALM_ID = '" + realmId + "'") + " WHERE REALM_ID = '" + database.escapeStringForDatabase(realmId) + "'") ); statements.add( // copy data from CLIENT_DEFAULT_ROLES to COMPOSITE_ROLE @@ -74,7 +75,7 @@ public class JpaUpdate13_0_0_MigrateDefaultRoles extends CustomKeycloakTask { "SELECT '" + id + "', " + clientDefaultRolesTable + ".ROLE_ID FROM " + clientDefaultRolesTable + " INNER JOIN " + clientTable + " ON " + clientTable + ".ID = " + clientDefaultRolesTable + ".CLIENT_ID AND " + - clientTable + ".REALM_ID = '" + realmId + "'") + clientTable + ".REALM_ID = '" + database.escapeStringForDatabase(realmId) + "'") ); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport255MigrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport255MigrationTest.java index 6c0ef7c003..852a24530b 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport255MigrationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport255MigrationTest.java @@ -46,6 +46,10 @@ public class JsonFileImport255MigrationTest extends AbstractJsonFileImportMigrat try { reps = ImportUtils.getRealmsFromStream(JsonSerialization.mapper, IOUtil.class.getResourceAsStream("/migration-test/migration-realm-2.5.5.Final.json")); masterRep = reps.remove("master"); + + //the realm with special characters in its id is intended for db migration test, not json file test + reps.remove("test ' and ; and -- and \""); + } catch (IOException e) { throw new RuntimeException(e); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java index 53ee876e94..6e858d7e75 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java @@ -25,6 +25,8 @@ import org.keycloak.testsuite.arquillian.migration.Migration; import javax.ws.rs.NotFoundException; import java.util.List; +import org.keycloak.models.RealmModel; +import org.keycloak.services.managers.RealmManager; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer; import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER; @@ -101,6 +103,14 @@ public class MigrationTest extends AbstractMigrationTest { @Test @Migration(versionFrom = "2.") public void migration2_xTest() throws Exception { + //the realm with special characters in its id was succesfully migrated (no error during migration) + //removing it now as testMigratedData() expects specific clients and roles + //we need to perform the removal via run on server to workaround escaping parameters when using rest call + testingClient.server().run(session -> { + RealmModel realm = session.realms().getRealm("test ' and ; and -- and \""); + new RealmManager(session).removeRealm(realm); + }); + testMigratedData(); testMigrationTo3_x(); testMigrationTo4_x(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-2.5.5.Final.json b/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-2.5.5.Final.json index b41107b3ca..8a8ab2e1bc 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-2.5.5.Final.json +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-2.5.5.Final.json @@ -4631,4 +4631,8 @@ "waitIncrementSeconds" : "60" }, "keycloakVersion" : "2.5.5.Final" -} ] +}, +{ + "id" : "test ' and ; and -- and \"", + "realm" : "test ' and ; and -- and \"" +}]