libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

KEYCLOAK-18194 fix migration of default role when realm id contains apostrophe

Browse source
This commit is contained in:
vramik 2021-06-24 16:10:50 +02:00 committed by Hynek Mlnařík
parent f0e777c592
commit 2b9b50d50a
4 changed files with 23 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
model/jpa/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/JpaUpdate13_0_0_MigrateDefaultRoles.java
View file

@ -59,14 +59,15 @@ public class JpaUpdate13_0_0_MigrateDefaultRoles extends CustomKeycloakTask {
// assign the role to the realm
new UpdateStatement(null, null, database.correctObjectName("REALM", Table.class))
.addNewColumnValue("DEFAULT_ROLE", id)
.setWhereClause("REALM.ID = '" + realmId + "'")
.setWhereClause("REALM.ID=?")
.addWhereParameter(realmId)
);
statements.add(
// copy data from REALM_DEFAULT_ROLES to COMPOSITE_ROLE
new RawSqlStatement("INSERT INTO " + compositeRoleTable + " (COMPOSITE, CHILD_ROLE) " +
"SELECT '" + id + "', ROLE_ID FROM " + getTableName("REALM_DEFAULT_ROLES") +
" WHERE REALM_ID = '" + realmId + "'")
" WHERE REALM_ID = '" + database.escapeStringForDatabase(realmId) + "'")
);
statements.add(
// copy data from CLIENT_DEFAULT_ROLES to COMPOSITE_ROLE
@ -74,7 +75,7 @@ public class JpaUpdate13_0_0_MigrateDefaultRoles extends CustomKeycloakTask {
"SELECT '" + id + "', " + clientDefaultRolesTable + ".ROLE_ID FROM " +
clientDefaultRolesTable + " INNER JOIN " + clientTable + " ON " +
clientTable + ".ID = " + clientDefaultRolesTable + ".CLIENT_ID AND " +
clientTable + ".REALM_ID = '" + realmId + "'")
clientTable + ".REALM_ID = '" + database.escapeStringForDatabase(realmId) + "'")
);
}
}

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport255MigrationTest.java
View file

@ -46,6 +46,10 @@ public class JsonFileImport255MigrationTest extends AbstractJsonFileImportMigrat
try {
reps = ImportUtils.getRealmsFromStream(JsonSerialization.mapper, IOUtil.class.getResourceAsStream("/migration-test/migration-realm-2.5.5.Final.json"));
masterRep = reps.remove("master");
//the realm with special characters in its id is intended for db migration test, not json file test
reps.remove("test ' and ; and -- and \"");
} catch (IOException e) {
throw new RuntimeException(e);
}

10
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java
View file

@ -25,6 +25,8 @@ import org.keycloak.testsuite.arquillian.migration.Migration;
import javax.ws.rs.NotFoundException;
import java.util.List;
import org.keycloak.models.RealmModel;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
@ -101,6 +103,14 @@ public class MigrationTest extends AbstractMigrationTest {
@Test
@Migration(versionFrom = "2.")
public void migration2_xTest() throws Exception {
//the realm with special characters in its id was succesfully migrated (no error during migration)
//removing it now as testMigratedData() expects specific clients and roles
//we need to perform the removal via run on server to workaround escaping parameters when using rest call
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealm("test ' and ; and -- and \"");
new RealmManager(session).removeRealm(realm);
});
testMigratedData();
testMigrationTo3_x();
testMigrationTo4_x();

4
testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-2.5.5.Final.json
View file

@ -4631,4 +4631,8 @@
"waitIncrementSeconds" : "60"
},
"keycloakVersion" : "2.5.5.Final"
},
{
"id" : "test ' and ; and -- and \"",
"realm" : "test ' and ; and -- and \""
}]