fix: accounting for the possibility of null flows from existing realms
closes: #23980 Signed-off-by: Steve Hawkins <shawkins@redhat.com>
This commit is contained in:
Steve Hawkins
Marek Posolda
parent
7695532011
commit
4091baf4c2
5 changed files with 64 additions and 35 deletions
|
|
@ -1288,38 +1288,35 @@ public class DefaultExportImportManager implements ExportImportManager {
|
|||
}
|
||||
public static Map<String, String> importAuthenticationFlows(KeycloakSession session, RealmModel newRealm, RealmRepresentation rep) {
|
||||
Map<String, String> mappedFlows = new HashMap<>();
|
||||
if (rep.getAuthenticationFlows() == null) {
|
||||
// assume this is an old version being imported
|
||||
DefaultAuthenticationFlows.migrateFlows(newRealm);
|
||||
} else {
|
||||
if (rep.getAuthenticatorConfig() != null) {
|
||||
for (AuthenticatorConfigRepresentation configRep : rep.getAuthenticatorConfig()) {
|
||||
if (configRep.getAlias() == null) {
|
||||
// this can happen only during import json files from keycloak 3.4.0 and older
|
||||
throw new IllegalStateException("Provided realm contains authenticator config with null alias. "
|
||||
+ "It should be resolved by adding alias to the authenticator config before exporting the realm.");
|
||||
}
|
||||
AuthenticatorConfigModel model = RepresentationToModel.toModel(configRep);
|
||||
newRealm.addAuthenticatorConfig(model);
|
||||
|
||||
if (rep.getAuthenticatorConfig() != null) {
|
||||
for (AuthenticatorConfigRepresentation configRep : rep.getAuthenticatorConfig()) {
|
||||
if (configRep.getAlias() == null) {
|
||||
// this can happen only during import json files from keycloak 3.4.0 and older
|
||||
throw new IllegalStateException("Provided realm contains authenticator config with null alias. "
|
||||
+ "It should be resolved by adding alias to the authenticator config before exporting the realm.");
|
||||
}
|
||||
AuthenticatorConfigModel model = RepresentationToModel.toModel(configRep);
|
||||
newRealm.addAuthenticatorConfig(model);
|
||||
}
|
||||
if (rep.getAuthenticationFlows() != null) {
|
||||
for (AuthenticationFlowRepresentation flowRep : rep.getAuthenticationFlows()) {
|
||||
AuthenticationFlowModel model = RepresentationToModel.toModel(flowRep);
|
||||
String previousId = model.getId();
|
||||
model = newRealm.addAuthenticationFlow(model);
|
||||
// store the mapped ids so that clients can reference the correct flow when importing the authenticationFlowBindingOverrides
|
||||
mappedFlows.put(previousId, model.getId());
|
||||
}
|
||||
for (AuthenticationFlowRepresentation flowRep : rep.getAuthenticationFlows()) {
|
||||
AuthenticationFlowModel model = newRealm.getFlowByAlias(flowRep.getAlias());
|
||||
for (AuthenticationExecutionExportRepresentation exeRep : flowRep.getAuthenticationExecutions()) {
|
||||
AuthenticationExecutionModel execution = toModel(session, newRealm, model, exeRep);
|
||||
newRealm.addAuthenticatorExecution(execution);
|
||||
}
|
||||
}
|
||||
if (rep.getAuthenticationFlows() != null) {
|
||||
for (AuthenticationFlowRepresentation flowRep : rep.getAuthenticationFlows()) {
|
||||
AuthenticationFlowModel model = RepresentationToModel.toModel(flowRep);
|
||||
String previousId = model.getId();
|
||||
model = newRealm.addAuthenticationFlow(model);
|
||||
// store the mapped ids so that clients can reference the correct flow when importing the authenticationFlowBindingOverrides
|
||||
mappedFlows.put(previousId, model.getId());
|
||||
}
|
||||
for (AuthenticationFlowRepresentation flowRep : rep.getAuthenticationFlows()) {
|
||||
AuthenticationFlowModel model = newRealm.getFlowByAlias(flowRep.getAlias());
|
||||
for (AuthenticationExecutionExportRepresentation exeRep : flowRep.getAuthenticationExecutions()) {
|
||||
AuthenticationExecutionModel execution = toModel(session, newRealm, model, exeRep);
|
||||
newRealm.addAuthenticatorExecution(execution);
|
||||
}
|
||||
}
|
||||
}
|
||||
DefaultAuthenticationFlows.migrateFlows(newRealm);
|
||||
if (rep.getBrowserFlow() == null) {
|
||||
AuthenticationFlowModel defaultFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW);
|
||||
if (defaultFlow != null) {
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ public class AuthenticationMapper {
|
|||
|
||||
final List<String> useAsDefault = Stream.of(realm.getBrowserFlow(), realm.getRegistrationFlow(), realm.getDirectGrantFlow(),
|
||||
realm.getResetCredentialsFlow(), realm.getClientAuthenticationFlow(), realm.getDockerAuthenticationFlow(), realm.getFirstBrokerLoginFlow())
|
||||
.filter(f -> flow.getAlias().equals(f.getAlias())).map(AuthenticationFlowModel::getAlias).collect(Collectors.toList());
|
||||
.filter(f -> f != null && flow.getAlias().equals(f.getAlias())).map(AuthenticationFlowModel::getAlias).collect(Collectors.toList());
|
||||
|
||||
if (!useAsDefault.isEmpty()) {
|
||||
authentication.setUsedBy(new UsedBy(UsedBy.UsedByType.DEFAULT, useAsDefault));
|
||||
|
|
|
|||
|
|
@ -605,13 +605,15 @@ public class DefaultAuthenticationFlows {
|
|||
if (browserFlow == null) {
|
||||
browserFlow = realm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW);
|
||||
}
|
||||
List<AuthenticationExecutionModel> browserExecutions = new LinkedList<>();
|
||||
KeycloakModelUtils.deepFindAuthenticationExecutions(realm, browserFlow, browserExecutions);
|
||||
for (AuthenticationExecutionModel browserExecution : browserExecutions) {
|
||||
if (browserExecution.isAuthenticatorFlow()){
|
||||
if (realm.getAuthenticationExecutionsStream(browserExecution.getFlowId())
|
||||
.anyMatch(e -> e.getAuthenticator().equals("auth-otp-form"))){
|
||||
execution.setRequirement(browserExecution.getRequirement());
|
||||
if (browserFlow != null) {
|
||||
List<AuthenticationExecutionModel> browserExecutions = new LinkedList<>();
|
||||
KeycloakModelUtils.deepFindAuthenticationExecutions(realm, browserFlow, browserExecutions);
|
||||
for (AuthenticationExecutionModel browserExecution : browserExecutions) {
|
||||
if (browserExecution.isAuthenticatorFlow()){
|
||||
if (realm.getAuthenticationExecutionsStream(browserExecution.getFlowId())
|
||||
.anyMatch(e -> e.getAuthenticator().equals("auth-otp-form"))){
|
||||
execution.setRequirement(browserExecution.getRequirement());
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -257,6 +257,13 @@ public class ExportImportTest extends AbstractKeycloakTest {
|
|||
addTestRealmToTestRealmReps("import-without-clients");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testImportFromRealmWithPartialAuthenticationFlows() {
|
||||
// import a realm with no built-in authentication flows
|
||||
importRealmFromFile("/import/partial-authentication-flows-import.json");
|
||||
Assert.assertTrue("Imported realm hasn't been found!", isRealmPresent("partial-authentication-flows-import"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testImportWithNullAuthenticatorConfigAndNoDefaultBrowserFlow() {
|
||||
importRealmFromFile("/import/testrealm-authenticator-config-null.json");
|
||||
|
|
|
|||
|
|
@ -0,0 +1,23 @@
|
|||
{
|
||||
"enabled": true,
|
||||
"realm": "partial-authentication-flows-import",
|
||||
"authenticationFlows": [
|
||||
{
|
||||
"alias": "X.509 browser",
|
||||
"description": "Browser-based authentication",
|
||||
"providerId": "basic-flow",
|
||||
"topLevel": true,
|
||||
"builtIn": false,
|
||||
"authenticationExecutions": [
|
||||
{
|
||||
"requirement": "ALTERNATIVE",
|
||||
"priority": 10,
|
||||
"authenticator": "auth-cookie",
|
||||
"authenticatorFlow": false,
|
||||
"autheticatorFlow": false,
|
||||
"userSetupAllowed": false
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
Loading…
Reference in a new issue