libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Realm update validation for incorrect timeout values (#32137)

Browse source 
closes #31595

Signed-off-by: Himanshi Gupta <higupta@redhat.com>
This commit is contained in:
himanshi1099 2024-08-16 12:28:27 +05:30 committed by GitHub
parent 43de7d6121
commit 7459992e40
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
View file

@ -439,6 +439,12 @@ public class RealmAdminResource {
} }
} }
if (rep.getAccessCodeLifespanLogin() != null && rep.getAccessCodeLifespanUserAction() != null) {
if (rep.getAccessCodeLifespanLogin() < 1 || rep.getAccessCodeLifespanUserAction() < 1) {
throw ErrorResponse.error("AccessCodeLifespanLogin or AccessCodeLifespanUserAction cannot be 0", Status.BAD_REQUEST);
}
}
RepresentationToModel.updateRealm(rep, realm, session); RepresentationToModel.updateRealm(rep, realm, session);
// Refresh periodic sync tasks for configured federationProviders // Refresh periodic sync tasks for configured federationProviders
@ -457,6 +463,8 @@ public class RealmAdminResource {
throw ErrorResponse.error(e.getMessage(), Status.INTERNAL_SERVER_ERROR); throw ErrorResponse.error(e.getMessage(), Status.INTERNAL_SERVER_ERROR);
} catch (ModelException e) { } catch (ModelException e) {
throw ErrorResponse.error(e.getMessage(), Status.BAD_REQUEST); throw ErrorResponse.error(e.getMessage(), Status.BAD_REQUEST);
} catch (org.keycloak.services.ErrorResponseException e) {
throw e;
} catch (Exception e) { } catch (Exception e) {
logger.error(e.getMessage(), e); logger.error(e.getMessage(), e);
throw ErrorResponse.error("Failed to update realm", Response.Status.INTERNAL_SERVER_ERROR); throw ErrorResponse.error("Failed to update realm", Response.Status.INTERNAL_SERVER_ERROR);

10
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
View file

@ -692,6 +692,16 @@ public class RealmTest extends AbstractAdminTest {
assertEquals(Boolean.FALSE, rep.isRegistrationEmailAsUsername()); assertEquals(Boolean.FALSE, rep.isRegistrationEmailAsUsername());
assertEquals(Boolean.FALSE, rep.isEditUsernameAllowed()); assertEquals(Boolean.FALSE, rep.isEditUsernameAllowed());
assertEquals(Boolean.FALSE, rep.isUserManagedAccessAllowed()); assertEquals(Boolean.FALSE, rep.isUserManagedAccessAllowed());
rep.setAccessCodeLifespanLogin(0);
rep.setAccessCodeLifespanUserAction(0);
try {
realm.update(rep);
Assert.fail("Not expected to successfully update the realm");
} catch (Exception expected) {
// Expected exception
assertEquals("HTTP 400 Bad Request", expected.getMessage());
}
} }
@Test @Test