KEYCLOAK-2290 bulk update of algorithm field during migration from 1.7

2016-01-12 13:04:22 +01:00 · 2016-01-12 13:04:22 +01:00 · 3336d4d7ac
commit 3336d4d7ac
parent ee3a880a55
6 changed files with 71 additions and 8 deletions
--- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.8.0.xml
+++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.8.0.xml
@ -105,6 +105,10 @@
        <addPrimaryKey columnNames="TEMPLATE_ID, NAME" constraintName="PK_CL_TMPL_ATTR" tableName="CLIENT_TEMPLATE_ATTRIBUTES"/>
        <addForeignKeyConstraint baseColumnNames="TEMPLATE_ID" baseTableName="CLIENT_TEMPLATE_ATTRIBUTES" constraintName="FK_CL_TEMPL_ATTR_TEMPL" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>

+        <update tableName="CREDENTIAL">
+            <column name="ALGORITHM" type="VARCHAR(36)" value="pbkdf2" />
+            <where>TYPE in ('password-history', 'password') AND ALGORITHM is NULL</where>
+        </update>

    </changeSet>
 </databaseChangeLog>
--- a/connections/jpa/src/main/java/org/keycloak/connections/jpa/updater/JpaUpdaterProvider.java
+++ b/connections/jpa/src/main/java/org/keycloak/connections/jpa/updater/JpaUpdaterProvider.java
@ -12,7 +12,7 @@ public interface JpaUpdaterProvider extends Provider {

    public String FIRST_VERSION = "1.0.0.Final";

-    public String LAST_VERSION = "1.7.0";
+    public String LAST_VERSION = "1.8.0";

    public String getCurrentVersionSql(String defaultSchema);

--- a/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/DefaultMongoUpdaterProvider.java
+++ b/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/DefaultMongoUpdaterProvider.java
@ -29,7 +29,8 @@ public class DefaultMongoUpdaterProvider implements MongoUpdaterProvider {
            Update1_2_0_CR1.class,
            Update1_3_0.class,
            Update1_4_0.class,
-            Update1_7_0.class
+            Update1_7_0.class,
+            Update1_8_0.class
    };

    @Override
--- a/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_8_0.java
+++ b/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_8_0.java
@ -0,0 +1,44 @@
+package org.keycloak.connections.mongo.updater.impl.updates;
+
+import com.mongodb.BasicDBList;
+import com.mongodb.BasicDBObject;
+import com.mongodb.DBCollection;
+import com.mongodb.WriteResult;
+import org.keycloak.hash.Pbkdf2PasswordHashProvider;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.UserCredentialModel;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class Update1_8_0 extends Update {
+
+    @Override
+    public String getId() {
+        return "1.8.0";
+    }
+
+    @Override
+    public void update(KeycloakSession session) {
+        BasicDBList orArgs = new BasicDBList();
+        orArgs.add(new BasicDBObject("type", UserCredentialModel.PASSWORD));
+        orArgs.add(new BasicDBObject("type", UserCredentialModel.PASSWORD_HISTORY));
+
+        BasicDBObject elemMatch = new BasicDBObject("$or", orArgs);
+        elemMatch.put("algorithm", new BasicDBObject("$exists", false));
+
+        BasicDBObject query = new BasicDBObject("credentials", new BasicDBObject("$elemMatch", elemMatch));
+
+        BasicDBObject update = new BasicDBObject("$set", new BasicDBObject("credentials.$.algorithm", Pbkdf2PasswordHashProvider.ID));
+
+        DBCollection users = db.getCollection("users");
+
+        // Not sure how to do in single query
+        int countModified = 1;
+        while (countModified > 0) {
+            WriteResult wr = users.update(query, update, false, true);
+            countModified = wr.getN();
+            log.debugf("%d credentials modified in current iteration during upgrade to 1.8", countModified);
+        }
+    }
+}
--- a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
@ -2,6 +2,8 @@ package org.keycloak.representations.idm;

 import java.util.*;

+import org.codehaus.jackson.annotate.JsonIgnore;
+
 /**
 * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
 * @version $Revision: 1 $
@ -88,8 +90,6 @@ public class RealmRepresentation {
    private List<IdentityProviderRepresentation> identityProviders;
    private List<IdentityProviderMapperRepresentation> identityProviderMappers;
    private List<ProtocolMapperRepresentation> protocolMappers;
-    @Deprecated
-    private Boolean identityFederationEnabled;
    protected Boolean internationalizationEnabled;
    protected Set<String> supportedLocales;
    protected String defaultLocale;
@ -826,4 +826,10 @@ public class RealmRepresentation {
    public void setClientTemplates(List<ClientTemplateRepresentation> clientTemplates) {
        this.clientTemplates = clientTemplates;
    }
+
+    @JsonIgnore
+    public boolean isIdentityFederationEnabled() {
+        return identityProviders != null && !identityProviders.isEmpty();
+    }
+
 }
--- a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
+++ b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
@ -1,6 +1,7 @@
 package org.keycloak.models.utils;

 import org.keycloak.Config;
+import org.keycloak.hash.Pbkdf2PasswordHashProvider;
 import org.keycloak.models.ClientTemplateModel;
 import org.keycloak.models.Constants;
 import org.keycloak.common.util.Base64;
@ -1253,14 +1254,21 @@ public class RepresentationToModel {
            hashedCred.setValue(cred.getHashedSaltedValue());
            if (cred.getCounter() != null) hashedCred.setCounter(cred.getCounter());
            if (cred.getDigits() != null) hashedCred.setDigits(cred.getDigits());
-            if (cred.getAlgorithm() != null) hashedCred.setAlgorithm(cred.getAlgorithm());
+
+            if (cred.getAlgorithm() != null) {
+                hashedCred.setAlgorithm(cred.getAlgorithm());
+            } else {
+                if (UserCredentialModel.PASSWORD.equals(cred.getType()) || UserCredentialModel.PASSWORD_HISTORY.equals(cred.getType())) {
+                    hashedCred.setAlgorithm(Pbkdf2PasswordHashProvider.ID);
+                } else if (UserCredentialModel.isOtp(cred.getType())) {
+                    hashedCred.setAlgorithm(HmacOTP.HMAC_SHA1);
+                }
+            }
+
            if (cred.getPeriod() != null) hashedCred.setPeriod(cred.getPeriod());
            if (cred.getDigits() == null && UserCredentialModel.isOtp(cred.getType())) {
                hashedCred.setDigits(6);
            }
-            if (cred.getAlgorithm() == null && UserCredentialModel.isOtp(cred.getType())) {
-                hashedCred.setAlgorithm(HmacOTP.HMAC_SHA1);
-            }
            if (cred.getPeriod() == null && UserCredentialModel.TOTP.equals(cred.getType())) {
                hashedCred.setPeriod(30);
            }