libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-10967 Add JSON body methods for test ldap and smtp connections. Deprecate old form based methods.

Browse source
This commit is contained in:
stianst 2020-03-04 12:55:38 +01:00 committed by Marek Posolda
parent b39b84c5dc
commit 75a772f52b
8 changed files with 169 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

90
core/src/main/java/org/keycloak/representations/idm/TestLdapConnectionRepresentation.java Normal file
View file

@ -0,0 +1,90 @@
package org.keycloak.representations.idm;
public class TestLdapConnectionRepresentation {
private String action;
private String connectionUrl;
private String bindDn;
private String bindCredential;
private String useTruststoreSpi;
private String connectionTimeout;
private String componentId;
private String startTls;
public TestLdapConnectionRepresentation() {
}
public TestLdapConnectionRepresentation(String action, String connectionUrl, String bindDn, String bindCredential, String useTruststoreSpi, String connectionTimeout) {
this.action = action;
this.connectionUrl = connectionUrl;
this.bindDn = bindDn;
this.bindCredential = bindCredential;
this.useTruststoreSpi = useTruststoreSpi;
this.connectionTimeout = connectionTimeout;
}
public String getAction() {
return action;
}
public void setAction(String action) {
this.action = action;
}
public String getConnectionUrl() {
return connectionUrl;
}
public void setConnectionUrl(String connectionUrl) {
this.connectionUrl = connectionUrl;
}
public String getBindDn() {
return bindDn;
}
public void setBindDn(String bindDn) {
this.bindDn = bindDn;
}
public String getBindCredential() {
return bindCredential;
}
public void setBindCredential(String bindCredential) {
this.bindCredential = bindCredential;
}
public String getUseTruststoreSpi() {
return useTruststoreSpi;
}
public void setUseTruststoreSpi(String useTruststoreSpi) {
this.useTruststoreSpi = useTruststoreSpi;
}
public String getConnectionTimeout() {
return connectionTimeout;
}
public void setConnectionTimeout(String connectionTimeout) {
this.connectionTimeout = connectionTimeout;
}
public String getComponentId() {
return componentId;
}
public void setComponentId(String componentId) {
this.componentId = componentId;
}
public String getStartTls() {
return startTls;
}
public void setStartTls(String startTls) {
this.startTls = startTls;
}
}

18
integration/admin-client/src/main/java/org/keycloak/admin/client/resource/RealmResource.java
View file

@ -27,6 +27,7 @@ import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.PartialImportRepresentation; import org.keycloak.representations.idm.PartialImportRepresentation;
import org.keycloak.representations.idm.RealmEventsConfigRepresentation; import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.TestLdapConnectionRepresentation;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE; import javax.ws.rs.DELETE;
@ -208,16 +209,31 @@ public interface RealmResource {
@Path("testLDAPConnection") @Path("testLDAPConnection")
@POST @POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@NoCache @NoCache
@Deprecated
Response testLDAPConnection(@FormParam("action") String action, @FormParam("connectionUrl") String connectionUrl, Response testLDAPConnection(@FormParam("action") String action, @FormParam("connectionUrl") String connectionUrl,
@FormParam("bindDn") String bindDn, @FormParam("bindCredential") String bindCredential, @FormParam("bindDn") String bindDn, @FormParam("bindCredential") String bindCredential,
@FormParam("useTruststoreSpi") String useTruststoreSpi, @FormParam("connectionTimeout") String connectionTimeout); @FormParam("useTruststoreSpi") String useTruststoreSpi, @FormParam("connectionTimeout") String connectionTimeout);
@Path("testLDAPConnection")
@POST
@Consumes(MediaType.APPLICATION_JSON)
@NoCache
Response testLDAPConnection(TestLdapConnectionRepresentation config);
@Path("testSMTPConnection")
@POST
@NoCache
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Deprecated
Response testSMTPConnection(@FormParam("config") String config);
@Path("testSMTPConnection") @Path("testSMTPConnection")
@POST @POST
@NoCache @NoCache
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
Response testSMTPConnection(@FormParam("config") String config); Response testSMTPConnection(Map<String, String> config);
@Path("clear-realm-cache") @Path("clear-realm-cache")
@POST @POST

32
services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
View file

@ -66,6 +66,7 @@ import org.keycloak.representations.idm.ManagementPermissionReference;
import org.keycloak.representations.idm.PartialImportRepresentation; import org.keycloak.representations.idm.PartialImportRepresentation;
import org.keycloak.representations.idm.RealmEventsConfigRepresentation; import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.TestLdapConnectionRepresentation;
import org.keycloak.services.ErrorResponse; import org.keycloak.services.ErrorResponse;
import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.LDAPConnectionTestManager; import org.keycloak.services.managers.LDAPConnectionTestManager;
@ -926,6 +927,8 @@ public class RealmAdminResource {
@Path("testLDAPConnection") @Path("testLDAPConnection")
@POST @POST
@NoCache @NoCache
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Deprecated
public Response testLDAPConnection(@FormParam("action") String action, @FormParam("connectionUrl") String connectionUrl, public Response testLDAPConnection(@FormParam("action") String action, @FormParam("connectionUrl") String connectionUrl,
@FormParam("bindDn") String bindDn, @FormParam("bindCredential") String bindCredential, @FormParam("bindDn") String bindDn, @FormParam("bindCredential") String bindCredential,
@FormParam("useTruststoreSpi") String useTruststoreSpi, @FormParam("connectionTimeout") String connectionTimeout, @FormParam("useTruststoreSpi") String useTruststoreSpi, @FormParam("connectionTimeout") String connectionTimeout,
@ -940,6 +943,26 @@ public class RealmAdminResource {
return result ? Response.noContent().build() : ErrorResponse.error("LDAP test error", Response.Status.BAD_REQUEST); return result ? Response.noContent().build() : ErrorResponse.error("LDAP test error", Response.Status.BAD_REQUEST);
} }
/**
* Test LDAP connection
* @return
*/
@Path("testLDAPConnection")
@POST
@NoCache
@Consumes(MediaType.APPLICATION_JSON)
public Response testLDAPConnection(TestLdapConnectionRepresentation config) {
return testLDAPConnection(
config.getAction(),
config.getConnectionUrl(),
config.getBindDn(),
config.getBindCredential(),
config.getUseTruststoreSpi(),
config.getConnectionTimeout(),
config.getComponentId(),
config.getStartTls());
}
/** /**
* Test SMTP connection with current logged in user * Test SMTP connection with current logged in user
* *
@ -950,10 +973,19 @@ public class RealmAdminResource {
@Path("testSMTPConnection") @Path("testSMTPConnection")
@POST @POST
@NoCache @NoCache
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Deprecated
public Response testSMTPConnection(final @FormParam("config") String config) throws Exception { public Response testSMTPConnection(final @FormParam("config") String config) throws Exception {
Map<String, String> settings = readValue(config, new TypeReference<Map<String, String>>() { Map<String, String> settings = readValue(config, new TypeReference<Map<String, String>>() {
}); });
return testSMTPConnection(settings);
}
@Path("testSMTPConnection")
@POST
@NoCache
@Consumes(MediaType.APPLICATION_JSON)
public Response testSMTPConnection(Map<String, String> settings) throws Exception {
try { try {
UserModel user = auth.adminAuth().getUser(); UserModel user = auth.adminAuth().getUser();
if (user.getEmail() == null) { if (user.getEmail() == null) {

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/SMTPConnectionTest.java
View file

@ -67,10 +67,9 @@ public class SMTPConnectionTest extends AbstractKeycloakTest {
realm.users().get(user.getId()).update(user); realm.users().get(user.getId()).update(user);
} }
private String settings(String host, String port, String from, String auth, String ssl, String starttls, private Map<String, String> settings(String host, String port, String from, String auth, String ssl, String starttls,
String username, String password) throws Exception { String username, String password) throws Exception {
Map<String, String> config = smtpMap(host, port, from, auth, ssl, starttls, username, password, "", ""); return smtpMap(host, port, from, auth, ssl, starttls, username, password, "", "");
return writeValueAsPrettyString(config);
} }
private Map<String, String> smtpMap(String host, String port, String from, String auth, String ssl, String starttls, private Map<String, String> smtpMap(String host, String port, String from, String auth, String ssl, String starttls,

31
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationLdapConnectionTest.java
View file

@ -19,6 +19,7 @@ package org.keycloak.testsuite.admin;
import org.junit.ClassRule; import org.junit.ClassRule;
import org.junit.Test; import org.junit.Test;
import org.keycloak.representations.idm.TestLdapConnectionRepresentation;
import org.keycloak.services.managers.LDAPConnectionTestManager; import org.keycloak.services.managers.LDAPConnectionTestManager;
import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.arquillian.annotation.EnableVault; import org.keycloak.testsuite.arquillian.annotation.EnableVault;
@ -41,50 +42,58 @@ public class UserFederationLdapConnectionTest extends AbstractAdminTest {
@Test @Test
public void testLdapConnections1() { public void testLdapConnections1() {
// Unknown action // Unknown action
Response response = realm.testLDAPConnection("unknown", "ldap://localhost:10389", "foo", "bar", "false", null); Response response = realm.testLDAPConnection(new TestLdapConnectionRepresentation("unknown", "ldap://localhost:10389", "foo", "bar", "false", null));
assertStatus(response, 400); assertStatus(response, 400);
// Bad host // Bad host
response = realm.testLDAPConnection(LDAPConnectionTestManager.TEST_CONNECTION, "ldap://localhostt:10389", "foo", "bar", "false", null); response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPConnectionTestManager.TEST_CONNECTION, "ldap://localhostt:10389", "foo", "bar", "false", null));
assertStatus(response, 400); assertStatus(response, 400);
// Connection success // Connection success
response = realm.testLDAPConnection(LDAPConnectionTestManager.TEST_CONNECTION, "ldap://localhost:10389", "foo", "bar", "false", null); response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPConnectionTestManager.TEST_CONNECTION, "ldap://localhost:10389", "foo", "bar", "false", null));
assertStatus(response, 204); assertStatus(response, 204);
// Bad authentication // Bad authentication
response = realm.testLDAPConnection(LDAPConnectionTestManager.TEST_AUTHENTICATION, "ldap://localhost:10389", "foo", "bar", "false", "10000"); response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPConnectionTestManager.TEST_AUTHENTICATION, "ldap://localhost:10389", "foo", "bar", "false", "10000"));
assertStatus(response, 400); assertStatus(response, 400);
// Authentication success // Authentication success
response = realm.testLDAPConnection(LDAPConnectionTestManager.TEST_AUTHENTICATION, "ldap://localhost:10389", "uid=admin,ou=system", "secret", "false", null); response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPConnectionTestManager.TEST_AUTHENTICATION, "ldap://localhost:10389", "uid=admin,ou=system", "secret", "false", null));
assertStatus(response, 204); assertStatus(response, 204);
// Authentication success with bindCredential from Vault // Authentication success with bindCredential from Vault
response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPConnectionTestManager.TEST_AUTHENTICATION, "ldap://localhost:10389", "uid=admin,ou=system", "${vault.ldap_bindCredential}", "false", null));
assertStatus(response, 204);
response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPConnectionTestManager.TEST_AUTHENTICATION, "ldap://localhost:10389", "uid=admin,ou=system", "${vault.ldap_bindCredential}", "false", null));
assertStatus(response, 204);
// Deprecated form based
response = realm.testLDAPConnection(LDAPConnectionTestManager.TEST_AUTHENTICATION, "ldap://localhost:10389", "uid=admin,ou=system", "${vault.ldap_bindCredential}", "false", null); response = realm.testLDAPConnection(LDAPConnectionTestManager.TEST_AUTHENTICATION, "ldap://localhost:10389", "uid=admin,ou=system", "${vault.ldap_bindCredential}", "false", null);
assertStatus(response, 204); assertStatus(response, 204);
} }
@Test @Test
public void testLdapConnectionsSsl() { public void testLdapConnectionsSsl() {
Response response = realm.testLDAPConnection(LDAPConnectionTestManager.TEST_CONNECTION, "ldaps://localhost:10636", "foo", "bar", "false", null); Response response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPConnectionTestManager.TEST_CONNECTION, "ldaps://localhost:10636", "foo", "bar", "false", null));
assertStatus(response, 204); assertStatus(response, 204);
response = realm.testLDAPConnection(LDAPConnectionTestManager.TEST_CONNECTION, "ldaps://localhostt:10636", "foo", "bar", "false", null); response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPConnectionTestManager.TEST_CONNECTION, "ldaps://localhostt:10636", "foo", "bar", "false", null));
assertStatus(response, 400); assertStatus(response, 400);
response = realm.testLDAPConnection(LDAPConnectionTestManager.TEST_AUTHENTICATION, "ldaps://localhost:10636", "foo", "bar", "false", null); response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPConnectionTestManager.TEST_AUTHENTICATION, "ldaps://localhost:10636", "foo", "bar", "false", null));
assertStatus(response, 400); assertStatus(response, 400);
response = realm.testLDAPConnection(LDAPConnectionTestManager.TEST_AUTHENTICATION, "ldaps://localhost:10636", "uid=admin,ou=system", "secret", "true", null); response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPConnectionTestManager.TEST_AUTHENTICATION, "ldaps://localhost:10636", "uid=admin,ou=system", "secret", "true", null));
assertStatus(response, 204); assertStatus(response, 204);
response = realm.testLDAPConnection(LDAPConnectionTestManager.TEST_AUTHENTICATION, "ldaps://localhost:10636", "uid=admin,ou=system", "secret", "true", "10000"); response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPConnectionTestManager.TEST_AUTHENTICATION, "ldaps://localhost:10636", "uid=admin,ou=system", "secret", "true", "10000"));
assertStatus(response, 204); assertStatus(response, 204);
// Authentication success with bindCredential from Vault // Authentication success with bindCredential from Vault
response = realm.testLDAPConnection(LDAPConnectionTestManager.TEST_AUTHENTICATION, "ldaps://localhost:10636", "uid=admin,ou=system", "${vault.ldap_bindCredential}", "true", null); response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPConnectionTestManager.TEST_AUTHENTICATION, "ldaps://localhost:10636", "uid=admin,ou=system", "${vault.ldap_bindCredential}", "true", null));
assertStatus(response, 204); assertStatus(response, 204);
} }

9
themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
View file

@ -1665,15 +1665,8 @@ module.controller('RealmSMTPSettingsCtrl', function($scope, Current, Realm, real
$scope.changed = false; $scope.changed = false;
}; };
var initSMTPTest = function() {
return {
realm: $scope.realm.realm,
config: JSON.stringify(realm.smtpServer)
};
};
$scope.testConnection = function() { $scope.testConnection = function() {
RealmSMTPConnectionTester.send(initSMTPTest(), function() { RealmSMTPConnectionTester.save({realm: realm.realm}, realm.smtpServer, function() {
Notifications.success("SMTP connection successful. E-mail was sent!"); Notifications.success("SMTP connection successful. E-mail was sent!");
}, function(errorResponse) { }, function(errorResponse) {
if (error.data.errorMessage) { if (error.data.errorMessage) {

15
themes/src/main/resources/theme/base/admin/resources/js/controllers/users.js
View file

@ -1661,20 +1661,19 @@ module.controller('LDAPUserStorageCtrl', function($scope, $location, Notificatio
var initConnectionTest = function(testAction, ldapConfig) { var initConnectionTest = function(testAction, ldapConfig) {
return { return {
action: testAction, action: testAction,
realm: $scope.realm.realm, connectionUrl: ldapConfig.connectionUrl && ldapConfig.connectionUrl[0],
connectionUrl: ldapConfig.connectionUrl, bindDn: ldapConfig.bindDn && ldapConfig.bindDn[0],
bindDn: ldapConfig.bindDn, bindCredential: ldapConfig.bindCredential && ldapConfig.bindCredential[0],
bindCredential: ldapConfig.bindCredential, useTruststoreSpi: ldapConfig.useTruststoreSpi && ldapConfig.useTruststoreSpi[0],
useTruststoreSpi: ldapConfig.useTruststoreSpi, connectionTimeout: ldapConfig.connectionTimeout && ldapConfig.connectionTimeout[0],
connectionTimeout: ldapConfig.connectionTimeout, startTls: ldapConfig.startTls && ldapConfig.startTls[0],
startTls: ldapConfig.startTls,
componentId: instance.id componentId: instance.id
}; };
}; };
$scope.testConnection = function() { $scope.testConnection = function() {
console.log('LDAPCtrl: testConnection'); console.log('LDAPCtrl: testConnection');
RealmLDAPConnectionTester.save(initConnectionTest("testConnection", $scope.instance.config), function() { RealmLDAPConnectionTester.save({realm: realm.realm}, initConnectionTest("testConnection", $scope.instance.config), function() {
Notifications.success("LDAP connection successful."); Notifications.success("LDAP connection successful.");
}, function() { }, function() {
Notifications.error("Error when trying to connect to LDAP. See server.log for details."); Notifications.error("Error when trying to connect to LDAP. See server.log for details.");

16
themes/src/main/resources/theme/base/admin/resources/js/services.js
View file

@ -429,28 +429,12 @@ module.factory('RegisterRequiredAction', function($resource) {
module.factory('RealmLDAPConnectionTester', function($resource, $httpParamSerializer) { module.factory('RealmLDAPConnectionTester', function($resource, $httpParamSerializer) {
return $resource(authUrl + '/admin/realms/:realm/testLDAPConnection', { return $resource(authUrl + '/admin/realms/:realm/testLDAPConnection', {
realm : '@realm' realm : '@realm'
}, {
save: {
method: 'POST',
headers : { 'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8' },
transformRequest: function (data) {
return $httpParamSerializer(data)
}
}
}); });
}); });
module.factory('RealmSMTPConnectionTester', function($resource, $httpParamSerializer) { module.factory('RealmSMTPConnectionTester', function($resource, $httpParamSerializer) {
return $resource(authUrl + '/admin/realms/:realm/testSMTPConnection', { return $resource(authUrl + '/admin/realms/:realm/testSMTPConnection', {
realm : '@realm' realm : '@realm'
}, {
send: {
method: 'POST',
headers : { 'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8' },
transformRequest: function (data) {
return $httpParamSerializer(data)
}
}
}); });
}); });