From 7459992e40f75e3e88307ccb0b81151722136310 Mon Sep 17 00:00:00 2001 From: himanshi1099 <143601879+himanshi1099@users.noreply.github.com> Date: Fri, 16 Aug 2024 12:28:27 +0530 Subject: [PATCH] Realm update validation for incorrect timeout values (#32137) closes #31595 Signed-off-by: Himanshi Gupta --- .../services/resources/admin/RealmAdminResource.java | 8 ++++++++ .../org/keycloak/testsuite/admin/realm/RealmTest.java | 10 ++++++++++ 2 files changed, 18 insertions(+) diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java index 933401c6d4..d04db2dad6 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java @@ -439,6 +439,12 @@ public class RealmAdminResource { } } + if (rep.getAccessCodeLifespanLogin() != null && rep.getAccessCodeLifespanUserAction() != null) { + if (rep.getAccessCodeLifespanLogin() < 1 || rep.getAccessCodeLifespanUserAction() < 1) { + throw ErrorResponse.error("AccessCodeLifespanLogin or AccessCodeLifespanUserAction cannot be 0", Status.BAD_REQUEST); + } + } + RepresentationToModel.updateRealm(rep, realm, session); // Refresh periodic sync tasks for configured federationProviders @@ -457,6 +463,8 @@ public class RealmAdminResource { throw ErrorResponse.error(e.getMessage(), Status.INTERNAL_SERVER_ERROR); } catch (ModelException e) { throw ErrorResponse.error(e.getMessage(), Status.BAD_REQUEST); + } catch (org.keycloak.services.ErrorResponseException e) { + throw e; } catch (Exception e) { logger.error(e.getMessage(), e); throw ErrorResponse.error("Failed to update realm", Response.Status.INTERNAL_SERVER_ERROR); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java index 86c56de732..3e7a8c4efb 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java @@ -692,6 +692,16 @@ public class RealmTest extends AbstractAdminTest { assertEquals(Boolean.FALSE, rep.isRegistrationEmailAsUsername()); assertEquals(Boolean.FALSE, rep.isEditUsernameAllowed()); assertEquals(Boolean.FALSE, rep.isUserManagedAccessAllowed()); + + rep.setAccessCodeLifespanLogin(0); + rep.setAccessCodeLifespanUserAction(0); + try { + realm.update(rep); + Assert.fail("Not expected to successfully update the realm"); + } catch (Exception expected) { + // Expected exception + assertEquals("HTTP 400 Bad Request", expected.getMessage()); + } } @Test