libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-4091 Prevent NPE with disabled cache

Browse source
This commit is contained in:
Hynek Mlnarik 2017-01-06 10:00:11 +01:00
parent fb6a8da863
commit 377fbced4a
7 changed files with 42 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java
View file

@ -637,7 +637,10 @@ public class LDAPStorageProvider implements UserStorageProvider,
logger.warnf("User with username [%s] aready exists and is linked to provider [%s] but is not valid. Stale LDAP_ID on local user is: %s", logger.warnf("User with username [%s] aready exists and is linked to provider [%s] but is not valid. Stale LDAP_ID on local user is: %s",
username, model.getName(), user.getFirstAttribute(LDAPConstants.LDAP_ID)); username, model.getName(), user.getFirstAttribute(LDAPConstants.LDAP_ID));
logger.warn("Will re-create user"); logger.warn("Will re-create user");
session.userCache().evict(realm, user); UserCache userCache = session.userCache();
if (userCache != null) {
userCache.evict(realm, user);
}
new UserManager(session).removeUser(realm, user, session.userLocalStorage()); new UserManager(session).removeUser(realm, user, session.userLocalStorage());
} }
} }

6
federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java
View file

@ -34,6 +34,7 @@ import org.keycloak.models.LDAPConstants;
import org.keycloak.models.ModelException; import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.models.cache.UserCache;
import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.provider.ProviderConfigProperty; import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.provider.ProviderConfigurationBuilder; import org.keycloak.provider.ProviderConfigurationBuilder;
@ -532,7 +533,10 @@ public class LDAPStorageProviderFactory implements UserStorageProviderFactory<LD
if (username != null) { if (username != null) {
UserModel existing = session.userLocalStorage().getUserByUsername(username, currentRealm); UserModel existing = session.userLocalStorage().getUserByUsername(username, currentRealm);
if (existing != null) { if (existing != null) {
session.userCache().evict(currentRealm, existing); UserCache userCache = session.userCache();
if (userCache != null) {
userCache.evict(currentRealm, existing);
}
session.userLocalStorage().removeUser(currentRealm, existing); session.userLocalStorage().removeUser(currentRealm, existing);
} }
} }

6
server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo1_4_0.java
View file

@ -24,6 +24,7 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.LDAPConstants; import org.keycloak.models.LDAPConstants;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.models.cache.UserCache;
import org.keycloak.models.utils.DefaultAuthenticationFlows; import org.keycloak.models.utils.DefaultAuthenticationFlows;
import org.keycloak.models.utils.DefaultRequiredActions; import org.keycloak.models.utils.DefaultRequiredActions;
import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.models.utils.KeycloakModelUtils;
@ -81,7 +82,10 @@ public class MigrateTo1_4_0 implements Migration {
email = KeycloakModelUtils.toLowerCaseSafe(email); email = KeycloakModelUtils.toLowerCaseSafe(email);
if (email != null && !email.equals(user.getEmail())) { if (email != null && !email.equals(user.getEmail())) {
user.setEmail(email); user.setEmail(email);
session.userCache().evict(realm, user); UserCache userCache = session.userCache();
if (userCache != null) {
userCache.evict(realm, user);
}
} }
} }
} }

11
services/src/main/java/org/keycloak/credential/OTPCredentialProvider.java
View file

@ -25,6 +25,7 @@ import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.models.cache.CachedUserModel; import org.keycloak.models.cache.CachedUserModel;
import org.keycloak.models.cache.OnUserCache; import org.keycloak.models.cache.OnUserCache;
import org.keycloak.models.cache.UserCache;
import org.keycloak.models.utils.HmacOTP; import org.keycloak.models.utils.HmacOTP;
import org.keycloak.models.utils.TimeBasedOTP; import org.keycloak.models.utils.TimeBasedOTP;
@ -102,7 +103,10 @@ public class OTPCredentialProvider implements CredentialProvider, CredentialInpu
} else { } else {
getCredentialStore().updateCredential(realm, user, model); getCredentialStore().updateCredential(realm, user, model);
} }
session.userCache().evict(realm, user); UserCache userCache = session.userCache();
if (userCache != null) {
userCache.evict(realm, user);
}
return true; return true;
@ -138,7 +142,10 @@ public class OTPCredentialProvider implements CredentialProvider, CredentialInpu
} }
if (disableTOTP || disableHOTP) { if (disableTOTP || disableHOTP) {
session.userCache().evict(realm, user); UserCache userCache = session.userCache();
if (userCache != null) {
userCache.evict(realm, user);
}
} }
} }

11
services/src/main/java/org/keycloak/credential/PasswordCredentialProvider.java
View file

@ -27,6 +27,7 @@ import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.models.cache.CachedUserModel; import org.keycloak.models.cache.CachedUserModel;
import org.keycloak.models.cache.OnUserCache; import org.keycloak.models.cache.OnUserCache;
import org.keycloak.models.cache.UserCache;
import org.keycloak.policy.PasswordPolicyManagerProvider; import org.keycloak.policy.PasswordPolicyManagerProvider;
import org.keycloak.policy.PolicyError; import org.keycloak.policy.PolicyError;
@ -96,7 +97,10 @@ public class PasswordCredentialProvider implements CredentialProvider, Credentia
newPassword.setCreatedDate(createdDate); newPassword.setCreatedDate(createdDate);
hash.encode(cred.getValue(), policy, newPassword); hash.encode(cred.getValue(), policy, newPassword);
getCredentialStore().createCredential(realm, user, newPassword); getCredentialStore().createCredential(realm, user, newPassword);
session.userCache().evict(realm, user); UserCache userCache = session.userCache();
if (userCache != null) {
userCache.evict(realm, user);
}
return true; return true;
} }
@ -205,7 +209,10 @@ public class PasswordCredentialProvider implements CredentialProvider, Credentia
hash.encode(cred.getValue(), policy, password); hash.encode(cred.getValue(), policy, password);
getCredentialStore().updateCredential(realm, user, password); getCredentialStore().updateCredential(realm, user, password);
session.userCache().evict(realm, user); UserCache userCache = session.userCache();
if (userCache != null) {
userCache.evict(realm, user);
}
return true; return true;
} }

6
services/src/main/java/org/keycloak/storage/UserStorageManager.java
View file

@ -35,6 +35,7 @@ import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider; import org.keycloak.models.UserProvider;
import org.keycloak.models.cache.CachedUserModel; import org.keycloak.models.cache.CachedUserModel;
import org.keycloak.models.cache.OnUserCache; import org.keycloak.models.cache.OnUserCache;
import org.keycloak.models.cache.UserCache;
import org.keycloak.storage.federated.UserFederatedStorageProvider; import org.keycloak.storage.federated.UserFederatedStorageProvider;
import org.keycloak.storage.user.ImportedUserValidation; import org.keycloak.storage.user.ImportedUserValidation;
import org.keycloak.storage.user.UserBulkUpdateProvider; import org.keycloak.storage.user.UserBulkUpdateProvider;
@ -260,7 +261,10 @@ public class UserStorageManager implements UserProvider, OnUserCache {
protected void deleteInvalidUser(final RealmModel realm, final UserModel user) { protected void deleteInvalidUser(final RealmModel realm, final UserModel user) {
String userId = user.getId(); String userId = user.getId();
String userName = user.getUsername(); String userName = user.getUsername();
session.userCache().evict(realm, user); UserCache userCache = session.userCache();
if (userCache != null) {
userCache.evict(realm, user);
}
runJobInTransaction(session.getKeycloakSessionFactory(), new KeycloakSessionTask() { runJobInTransaction(session.getKeycloakSessionFactory(), new KeycloakSessionTask() {
@Override @Override

6
testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPSyncTest.java
View file

@ -36,6 +36,7 @@ import org.keycloak.models.LDAPConstants;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider; import org.keycloak.models.UserProvider;
import org.keycloak.models.cache.UserCache;
import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.RealmManager;
import org.keycloak.storage.UserStorageProviderModel; import org.keycloak.storage.UserStorageProviderModel;
@ -315,7 +316,10 @@ public class LDAPSyncTest {
// Remove all users from model // Remove all users from model
for (UserModel user : session.userLocalStorage().getUsers(testRealm, true)) { for (UserModel user : session.userLocalStorage().getUsers(testRealm, true)) {
System.out.println("trying to delete user: " + user.getUsername()); System.out.println("trying to delete user: " + user.getUsername());
session.userCache().evict(testRealm, user); UserCache userCache = session.userCache();
if (userCache != null) {
userCache.evict(testRealm, user);
}
session.userLocalStorage().removeUser(testRealm, user); session.userLocalStorage().removeUser(testRealm, user);
} }