From ce1a19fdbee609e2f20618285e166f217ea44c61 Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Fri, 24 Jul 2015 09:05:51 +0200
Subject: [PATCH] KEYCLOAK-1693 Added test and possibility to create users with
 dot in username

---
 .../federation/ldap/idm/model/LDAPDn.java     | 22 ++++++++++++++++++-
 .../FederationProvidersIntegrationTest.java   | 18 +++++++++++++++
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java
index dfccec7442..f1cd3414d8 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java
@@ -66,13 +66,33 @@ public class LDAPDn {
     }
 
     public void addFirst(String rdnName, String rdnValue) {
+        rdnValue = escape(rdnValue);
         entries.addFirst(new Entry(rdnName, rdnValue));
     }
 
-    public void addLast(String rdnName, String rdnValue) {
+    private void addLast(String rdnName, String rdnValue) {
         entries.addLast(new Entry(rdnName, rdnValue));
     }
 
+    // Need to escape "john,dot" to be "john\,dot"
+    private String escape(String rdnValue) {
+        if (rdnValue.contains(",")) {
+            StringBuilder result = new StringBuilder();
+            boolean first = true;
+            for (String split : rdnValue.split(",")) {
+                if (!first) {
+                    result.append("\\,");
+                } else {
+                    first = false;
+                }
+                result.append(split);
+            }
+            return result.toString();
+        } else {
+            return rdnValue;
+        }
+    }
+
 
     private static class Entry {
         private final String attrName;
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java
index 2caed441de..cd5bb5b273 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java
@@ -351,6 +351,24 @@ public class FederationProvidersIntegrationTest {
         }
     }
 
+    @Test
+    public void testDotInUsername() {
+        // Add LDAP user with same email like existing model user
+        keycloakRule.update(new KeycloakRule.KeycloakSetup() {
+
+            @Override
+            public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
+                LDAPFederationProvider ldapFedProvider = FederationTestUtils.getLdapProvider(session, ldapModel);
+                LDAPObject johnDot = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "john,dot", "John", "Dot", "johndot@email.org", null, "12387");
+                ldapFedProvider.getLdapIdentityStore().updatePassword(johnDot, "Password1");
+            }
+
+        });
+
+        // Try to import the duplicated LDAP user into Keycloak
+        loginSuccessAndLogout("john,dot", "Password1");
+    }
+
     @Test
     public void testDirectLDAPUpdate() {
         KeycloakSession session = keycloakRule.startSession();