libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Make sure changes to user profile metadata is not stored when calling decorators (#31549)

Browse source 
Closes #30476

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
This commit is contained in:
Pedro Igor 2024-07-29 04:03:21 -03:00 committed by GitHub
parent 04bd6653ec
commit 4d8c525644
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 9 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
server-spi/src/main/java/org/keycloak/userprofile/AttributeMetadata.java
View file

@ -52,7 +52,7 @@ public class AttributeMetadata {
private Map<String, Object> annotations; private Map<String, Object> annotations;
private int guiOrder; private int guiOrder;
private boolean multivalued; private boolean multivalued;
AttributeMetadata(String attributeName, int guiOrder) { AttributeMetadata(String attributeName, int guiOrder) {
this(attributeName, guiOrder, ALWAYS_TRUE, ALWAYS_TRUE, ALWAYS_TRUE, ALWAYS_TRUE); this(attributeName, guiOrder, ALWAYS_TRUE, ALWAYS_TRUE, ALWAYS_TRUE, ALWAYS_TRUE);
@ -210,7 +210,7 @@ public class AttributeMetadata {
@Override @Override
public AttributeMetadata clone() { public AttributeMetadata clone() {
AttributeMetadata cloned = new AttributeMetadata(attributeName, guiOrder, selector, writeAllowed, required, readAllowed); AttributeMetadata cloned = new AttributeMetadata(attributeName, guiOrder, selector, new ArrayList<>(writeAllowed), required, new ArrayList<>(readAllowed));
// we clone validators list to allow adding or removing validators. Validators // we clone validators list to allow adding or removing validators. Validators
// itself are not cloned as we do not expect them to be reconfigured. // itself are not cloned as we do not expect them to be reconfigured.
if (validators != null) { if (validators != null) {
@ -227,7 +227,7 @@ public class AttributeMetadata {
cloned.setMultivalued(multivalued); cloned.setMultivalued(multivalued);
return cloned; return cloned;
} }
public String getAttributeDisplayName() { public String getAttributeDisplayName() {
if(attributeDisplayName == null || attributeDisplayName.trim().isEmpty()) if(attributeDisplayName == null || attributeDisplayName.trim().isEmpty())
return attributeName; return attributeName;

2
services/src/main/java/org/keycloak/userprofile/DeclarativeUserProfileProvider.java
View file

@ -189,7 +189,7 @@ public class DeclarativeUserProfileProvider implements UserProfileProvider {
component.setNote(PARSED_CONFIG_COMPONENT_KEY, metadataMap); component.setNote(PARSED_CONFIG_COMPONENT_KEY, metadataMap);
} }
return metadataMap.computeIfAbsent(context, createUserDefinedProfileDecorator(session, decoratedMetadata, component)); return metadataMap.computeIfAbsent(context, createUserDefinedProfileDecorator(session, decoratedMetadata, component)).clone();
} }
@Override @Override

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPUserProfileTest.java
View file

@ -288,6 +288,11 @@ public class LDAPUserProfileTest extends AbstractLDAPTest {
userResource = ApiUtil.findUserByUsernameId(testRealm(), "johnkeycloak"); userResource = ApiUtil.findUserByUsernameId(testRealm(), "johnkeycloak");
userRep = userResource.toRepresentation(true); userRep = userResource.toRepresentation(true);
assertProfileAttributes(userRep, null, true, "username", "email", "firstName", "lastName", "postal_code"); assertProfileAttributes(userRep, null, true, "username", "email", "firstName", "lastName", "postal_code");
// the second provider is not readonly
userResource = ApiUtil.findUserByUsernameId(testRealm(), "anotherjohn");
userRep = userResource.toRepresentation(true);
assertProfileAttributes(userRep, null, false, "username", "email", "firstName", "lastName");
} finally { } finally {
setLDAPWritable(); setLDAPWritable();
} }