From 340eb99412c1667128e5f61a4d9ca653e6bc493b Mon Sep 17 00:00:00 2001
From: Peter Zaoral <pzaoral@redhat.com>
Date: Wed, 6 Dec 2023 17:27:44 +0100
Subject: [PATCH] Unable to use < as part of a password (admin-cli) (#24939)

* escaped angle bracket characters in password

Closes #21951

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
---
 .../org/keycloak/client/admin/cli/KcAdmMain.java    | 13 ++++---------
 .../org/keycloak/testsuite/cli/admin/KcAdmTest.java |  8 ++++++++
 .../testsuite/exportimport/ExportImportTest.java    |  4 ++--
 .../tests/base/src/test/resources/testrealm.json    | 12 ++++++++++++
 4 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/integration/client-cli/admin-cli/src/main/java/org/keycloak/client/admin/cli/KcAdmMain.java b/integration/client-cli/admin-cli/src/main/java/org/keycloak/client/admin/cli/KcAdmMain.java
index 107276e635..150ba5b797 100644
--- a/integration/client-cli/admin-cli/src/main/java/org/keycloak/client/admin/cli/KcAdmMain.java
+++ b/integration/client-cli/admin-cli/src/main/java/org/keycloak/client/admin/cli/KcAdmMain.java
@@ -84,19 +84,14 @@ public class KcAdmMain {
             StringBuilder b = new StringBuilder();
             for (String s : args) {
                 // quote if necessary
-                boolean needQuote = false;
-                needQuote = s.indexOf(' ') != -1 || s.indexOf('\"') != -1 || s.indexOf('\'') != -1;
                 b.append(' ');
-                if (needQuote) {
-                    b.append('\'');
-                }
+                s = s.replace("'", "\\'");
+                b.append('\'');
                 b.append(s);
-                if (needQuote) {
-                    b.append('\'');
-                }
+                b.append('\'');
             }
             console.setEcho(false);
-            
+
             console.execute("kcadm" + b.toString());
             
             console.start();
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/admin/KcAdmTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/admin/KcAdmTest.java
index 27441982d6..856cb780a1 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/admin/KcAdmTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/admin/KcAdmTest.java
@@ -283,6 +283,14 @@ public class KcAdmTest extends AbstractAdmCliTest {
         Assert.assertEquals("stderr first line", "Logging into " + serverUrl + " as user admin of realm master", exe.stderrLines().get(0));
     }
 
+    @Test
+    public void testUserLoginWithAngleBrackets() {
+        KcAdmExec exe = KcAdmExec.execute("config credentials --server " + serverUrl + " --realm test --user 'special>>character' --password '<password>'");
+
+        assertExitCodeAndStreamSizes(exe, 0, 0, 1);
+        Assert.assertEquals("stderr first line", "Logging into " + serverUrl + " as user special>>character of realm test", exe.stderrLines().get(0));
+    }
+
     @Test
     public void testUserLoginWithDefaultConfigInteractive() throws IOException {
         /*
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/exportimport/ExportImportTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/exportimport/ExportImportTest.java
index b9477f012a..fdeb52ddeb 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/exportimport/ExportImportTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/exportimport/ExportImportTest.java
@@ -194,10 +194,10 @@ public class ExportImportTest extends AbstractKeycloakTest {
         RealmResource testRealmRealm = adminClient.realm(TEST_REALM);
         ExportImportUtil.assertDataImportedInRealm(adminClient, testingClient, testRealmRealm.toRepresentation());
 
-        // There should be 4 files in target directory (1 realm, 12 users, 5 users per file)
+        // There should be 5 files in target directory (1 realm, 16 users, 5 users per file)
         // (+ additional user service-account-test-app-authz that should not be there ???)
         File[] files = new File(targetDirPath).listFiles();
-        assertEquals(4, files.length);
+        assertEquals(5, files.length);
     }
 
     @Test
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/testrealm.json b/testsuite/integration-arquillian/tests/base/src/test/resources/testrealm.json
index 86a0f505bc..fcbc806125 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/testrealm.json
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/testrealm.json
@@ -164,6 +164,18 @@
           "credentialData" : "{\"digits\":6,\"counter\":0,\"period\":30,\"algorithm\":\"HmacSHA1\",\"subType\":\"totp\"}"
         }
       ]
+    },
+    {
+      "username" : "special>>character",
+      "enabled": true,
+      "email" : "special-character@localhost",
+      "firstName": "Special",
+      "lastName": "Character",
+      "credentials" : [
+        { "type" : "password",
+          "value" : "<password>" }
+      ],
+      "realmRoles": ["user", "offline_access"]
     }
   ],
   "scopeMappings": [