Merge pull request #29 from mposolda/social

KEYCLOAK-42: Typo in RealmModel.importRealm causing that bad required credential type could be imported

services/src/main/java/org/keycloak/services/managers/RealmManager.java

@@ -122,13 +122,13 @@ public class RealmManager {
         }
 
         if (rep.getRequiredApplicationCredentials() != null) {
-            for (String requiredCred : rep.getRequiredCredentials()) {
+            for (String requiredCred : rep.getRequiredApplicationCredentials()) {
                 addResourceRequiredCredential(newRealm, requiredCred);
             }
         }
 
         if (rep.getRequiredOAuthClientCredentials() != null) {
-            for (String requiredCred : rep.getRequiredCredentials()) {
+            for (String requiredCred : rep.getRequiredOAuthClientCredentials()) {
                 addOAuthClientRequiredCredential(newRealm, requiredCred);
             }
         }

services/src/main/java/org/keycloak/services/models/picketlink/ApplicationAdapter.java

@@ -154,6 +154,7 @@ public class ApplicationAdapter implements ApplicationModel {
         ScopeRelationship scope = new ScopeRelationship();
         scope.setClient(((UserAdapter)agent).getUser());
         scope.setScope(((RoleAdapter)role).getRole());
+        getRelationshipManager().add(scope);
     }
 
     @Override

services/src/test/java/org/keycloak/test/ImportTest.java

@@ -87,6 +87,13 @@ public class ImportTest {
         List<RealmModel> realms = identitySession.getRealms(admin);
         Assert.assertEquals(1, realms.size());
 
+        // Test scope relationship
+        ApplicationModel application = realm.getResourceNameMap().get("Application");
+        UserModel oauthClient = realm.getUser("oauthclient");
+        Assert.assertNotNull(application);
+        Assert.assertNotNull(oauthClient);
+        Set<String> appScopes = application.getScope(oauthClient);
+        Assert.assertTrue(appScopes.contains("user"));
     }
 
     @Test
@@ -109,10 +116,15 @@ public class ImportTest {
         RealmModel realm = manager.createRealm("demo", rep.getRealm());
         manager.importRealm(rep, realm);
         realm.addRealmAdmin(admin);
+
+        verifyRequiredCredentials(realm.getRequiredCredentials(), "password");
+        verifyRequiredCredentials(realm.getRequiredApplicationCredentials(), "totp");
+        verifyRequiredCredentials(realm.getRequiredOAuthClientCredentials(), "cert");
     }
 
-
-
-
+    private void verifyRequiredCredentials(List<RequiredCredentialModel> requiredCreds, String expectedType) {
+        Assert.assertEquals(1, requiredCreds.size());
+        Assert.assertEquals(expectedType, requiredCreds.get(0).getType());
+    }
 
 }

services/src/test/resources/testrealm-demo.json

@@ -8,8 +8,8 @@
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "requiredCredentials": [ "password" ],
-    "requiredApplicationCredentials": [ "password" ],
-    "requiredOAuthClientCredentials": [ "password" ],
+    "requiredApplicationCredentials": [ "totp" ],
+    "requiredOAuthClientCredentials": [ "cert" ],
     "users" : [
         {
             "username" : "bburke@redhat.com",
@@ -65,8 +65,9 @@
             "useRealmMappings": true,
             "credentials": [
                 {
-                    "type": "password",
-                    "value": "password"
+                    "type": "totp",
+                    "value": "12345",
+                    "device": "67890"
                 }
             ]
         },
@@ -77,8 +78,9 @@
             "useRealmMappings": true,
             "credentials": [
                 {
-                    "type": "password",
-                    "value": "password"
+                    "type": "totp",
+                    "value": "12345",
+                    "device": "67890"
                 }
             ]
         }

social/core/src/main/java/org/keycloak/social/SocialRequestManager.java

@@ -59,10 +59,11 @@ public class SocialRequestManager {
     }
     
     private void pruneExpired() {
+        long currentTime = System.currentTimeMillis();
         Iterator<Entry<String, Long>> itr = expires.entrySet().iterator();
         while (itr.hasNext()) {
             Entry<String, Long> e = itr.next();
-            if (e.getValue() < System.currentTimeMillis()) {
+            if (e.getValue() < currentTime) {
                 itr.remove();
                 map.remove(e.getKey());
             } else {