[KEYCLOAK-18693] - Declarative profile validating read-only attribute if it exists

This commit is contained in:
Pedro Igor 2021-07-08 11:04:43 -03:00
parent dce163d3e2
commit 4099833be8
5 changed files with 34 additions and 1 deletions

View file

@ -124,6 +124,10 @@ public final class AttributeMetadata {
return readAllowed.test(context);
}
public boolean canEdit(AttributeContext context) {
return writeAllowed.test(context);
}
/**
* Check if attribute is required based on it's predicate, it is handled as required if predicate is null
* @param context to evaluate requirement of the attribute from

View file

@ -43,6 +43,6 @@ public class DeclarativeAttributes extends DefaultAttributes {
@Override
protected boolean isIncludeAttributeIfNotProvided(AttributeMetadata metadata) {
return !metadata.canView(createAttributeContext(metadata));
return !metadata.canEdit(createAttributeContext(metadata));
}
}

View file

@ -273,6 +273,33 @@ public class RequiredActionUpdateProfileWithUserProfileTest extends RequiredActi
assertEquals("First", user.getFirstName());
assertEquals("Last", user.getLastName());
}
@Test
public void testRequiredReadOnlyExistingAttribute() {
updateUserByUsername(USERNAME1, "first", "last", "foo");
setUserProfileConfiguration("{\"attributes\": ["
+ "{\"name\": \"firstName\"," + PERMISSIONS_ALL + ", \"required\": {}},"
+ "{\"name\": \"lastName\"," + PERMISSIONS_ALL + "},"
+ "{\"name\": \"department\"," + PERMISSIONS_ADMIN_EDITABLE + ", \"required\":{}}"
+ "]}");
loginPage.open();
loginPage.login(USERNAME1, PASSWORD);
updateProfilePage.assertCurrent();
Assert.assertEquals("last", updateProfilePage.getLastName());
Assert.assertFalse(updateProfilePage.isDepartmentEnabled());
//update of the other attributes must be successful in this case
updateProfilePage.update("First", "Last", USERNAME1, USERNAME1);
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
UserRepresentation user = getUserByUsername(USERNAME1);
assertEquals("First", user.getFirstName());
assertEquals("Last", user.getLastName());
}
@Test
public void testAttributeNotVisible() {

View file

@ -388,3 +388,4 @@ error-invalid-uri=Invalid URL.
error-invalid-uri-scheme=Invalid URL scheme.
error-invalid-uri-fragment=Invalid URL fragment.
error-user-attribute-required=Please specify attribute {0}.
error-user-attribute-read-only=The field {0} is read only.

View file

@ -219,6 +219,7 @@ error-invalid-uri=Invalid URL.
error-invalid-uri-scheme=Invalid URL scheme.
error-invalid-uri-fragment=Invalid URL fragment.
error-user-attribute-required=Please specify this field.
error-user-attribute-read-only=This field is read only.
invalidPasswordExistingMessage=Invalid existing password.
invalidPasswordBlacklistedMessage=Invalid password: password is blacklisted.