KEYCLOAK-2512

This commit is contained in:
Bill Burke 2016-04-01 14:50:26 -04:00
parent 6a3b5cd4c0
commit 4d5ae5dd68
4 changed files with 70 additions and 1 deletions

View file

@ -30,6 +30,7 @@ import org.keycloak.models.IdentityProviderMapperModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ModelException;
import org.keycloak.models.OTPPolicy;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
@ -1716,8 +1717,11 @@ public class RealmAdapter implements RealmModel, JpaModel<RealmEntity> {
@Override
public void removeAuthenticationFlow(AuthenticationFlowModel model) {
if (KeycloakModelUtils.isFlowUsed(this, model)) {
throw new ModelException("Cannot remove authentication flow, it is currently in use");
}
AuthenticationFlowEntity entity = em.find(AuthenticationFlowEntity.class, model.getId());
if (entity == null) return;
em.remove(entity);
em.flush();
}
@ -2063,6 +2067,9 @@ public class RealmAdapter implements RealmModel, JpaModel<RealmEntity> {
if (id == null) return false;
ClientTemplateModel client = getClientTemplateById(id);
if (client == null) return false;
if (KeycloakModelUtils.isClientTemplateUsed(this, client)) {
throw new ModelException("Cannot remove client template, it is currently in use");
}
ClientTemplateEntity clientEntity = null;
Iterator<ClientTemplateEntity> it = realm.getClientTemplates().iterator();

View file

@ -32,6 +32,7 @@ import org.keycloak.models.IdentityProviderMapperModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ModelException;
import org.keycloak.models.OTPPolicy;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
@ -1558,6 +1559,9 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
@Override
public void removeAuthenticationFlow(AuthenticationFlowModel model) {
if (KeycloakModelUtils.isFlowUsed(this, model)) {
throw new ModelException("Cannot remove authentication flow, it is currently in use");
}
AuthenticationFlowEntity toDelete = getFlowEntity(model.getId());
if (toDelete == null) return;
getMongoEntity().getAuthenticationFlows().remove(toDelete);
@ -2032,6 +2036,9 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
ClientTemplateModel client = getClientTemplateById(id);
if (client == null) return false;
if (KeycloakModelUtils.isClientTemplateUsed(this, client)) {
throw new ModelException("Cannot remove client template, it is currently in use");
}
return getMongoStore().removeEntity(MongoClientTemplateEntity.class, id, invocationContext);
}

View file

@ -22,8 +22,10 @@ import org.keycloak.common.util.Base64Url;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientTemplateModel;
import org.keycloak.models.Constants;
import org.keycloak.models.GroupModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.KeycloakSessionTask;
@ -598,4 +600,37 @@ public final class KeycloakModelUtils {
}
}
/**
* Check to see if a flow is currently in use
*
* @param realm
* @param model
* @return
*/
public static boolean isFlowUsed(RealmModel realm, AuthenticationFlowModel model) {
AuthenticationFlowModel realmFlow = null;
if ((realmFlow = realm.getBrowserFlow()) != null && realmFlow.getId().equals(model.getId())) return true;
if ((realmFlow = realm.getRegistrationFlow()) != null && realmFlow.getId().equals(model.getId())) return true;
if ((realmFlow = realm.getClientAuthenticationFlow()) != null && realmFlow.getId().equals(model.getId())) return true;
if ((realmFlow = realm.getDirectGrantFlow()) != null && realmFlow.getId().equals(model.getId())) return true;
if ((realmFlow = realm.getResetCredentialsFlow()) != null && realmFlow.getId().equals(model.getId())) return true;
for (IdentityProviderModel idp : realm.getIdentityProviders()) {
if (model.getId().equals(idp.getFirstBrokerLoginFlowId())) return true;
if (model.getId().equals(idp.getPostBrokerLoginFlowId())) return true;
}
return false;
}
public static boolean isClientTemplateUsed(RealmModel realm, ClientTemplateModel template) {
for (ClientModel client : realm.getClients()) {
if (client.getClientTemplate() != null && client.getClientTemplate().getId().equals(template.getId())) return true;
}
return false;
}
}

View file

@ -21,6 +21,8 @@ import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientTemplateModel;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.utils.ModelToRepresentation;
@ -101,6 +103,24 @@ public class ClientModelTest extends AbstractModelTest {
Assert.assertNotNull(client);
}
@Test
public void testCannotRemoveBoundClientTemplate() {
ClientModel client = realm.addClient("templatized");
ClientTemplateModel template = realm.addClientTemplate("template");
client.setClientTemplate(template);
commit();
realm = realmManager.getRealmByName("original");
try {
realm.removeClientTemplate(template.getId());
Assert.fail();
} catch (ModelException e) {
}
realm.removeClient(client.getId());
realm.removeClientTemplate(template.getId());
commit();
}
public static void assertEquals(ClientModel expected, ClientModel actual) {
Assert.assertEquals(expected.getClientId(), actual.getClientId());