KEYCLOAK-808 Issue when DB search is case-sensitive byt LDAP search is not

This commit is contained in:
mposolda 2014-10-31 10:27:55 +01:00
parent 65362be4dd
commit 78a1df693c
2 changed files with 45 additions and 1 deletions

View file

@ -211,6 +211,12 @@ public class LDAPFederationProvider implements UserFederationProvider {
return null;
}
// KEYCLOAK-808: Should we allow case-sensitivity to be configurable?
if (!username.equals(picketlinkUser.getLoginName())) {
logger.warnf("User found in LDAP but with different username. LDAP username: %s, Searched username: %s", username, picketlinkUser.getLoginName());
return null;
}
return importUserFromPicketlink(realm, picketlinkUser);
} catch (IdentityManagementException ie) {
throw convertIDMException(ie);
@ -223,6 +229,11 @@ public class LDAPFederationProvider implements UserFederationProvider {
protected UserModel importUserFromPicketlink(RealmModel realm, User picketlinkUser) {
String email = (picketlinkUser.getEmail() != null && picketlinkUser.getEmail().trim().length() > 0) ? picketlinkUser.getEmail() : null;
if (picketlinkUser.getLoginName() == null) {
throw new ModelException("User returned from LDAP has null username! Check configuration of your LDAP mappings. ID of user from LDAP: " + picketlinkUser.getId());
}
UserModel imported = session.userStorage().addUser(realm, picketlinkUser.getLoginName());
imported.setEnabled(true);
imported.setEmail(email);
@ -247,6 +258,13 @@ public class LDAPFederationProvider implements UserFederationProvider {
if (picketlinkUser == null) {
return null;
}
// KEYCLOAK-808: Should we allow case-sensitivity to be configurable?
if (!email.equals(picketlinkUser.getEmail())) {
logger.warnf("User found in LDAP but with different email. LDAP email: %s, Searched email: %s", email, picketlinkUser.getEmail());
return null;
}
return importUserFromPicketlink(realm, picketlinkUser);
} catch (IdentityManagementException ie) {
throw convertIDMException(ie);

View file

@ -147,6 +147,15 @@ public class FederationProvidersIntegrationTest {
Assert.assertEquals("john@email.org", profilePage.getEmail());
}
@Test
public void loginLdapWithEmail() {
loginPage.open();
loginPage.login("john@email.org", "Password1");
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
}
@Test
public void XdeleteLink() {
loginLdap();
@ -200,6 +209,11 @@ public class FederationProvidersIntegrationTest {
loginPage.open();
loginPage.login("johnkeycloak", "New-password1");
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
// Change password back to previous value
changePasswordPage.open();
changePasswordPage.changePassword("New-password1", "Password1", "Password1");
Assert.assertEquals("Your password has been updated", profilePage.getSuccess());
}
@Test
@ -370,7 +384,7 @@ public class FederationProvidersIntegrationTest {
Assert.assertTrue(session.users().validCredentials(appRealm, user, cred));
// LDAP password is still unchanged
Assert.assertTrue(LDAPUtils.validatePassword(getPartitionManager(session, model), "johnkeycloak", "New-password1"));
Assert.assertTrue(LDAPUtils.validatePassword(getPartitionManager(session, model), "johnkeycloak", "Password1"));
// ATM it's not permitted to delete user in unsynced mode. Should be user deleted just locally instead?
Assert.assertFalse(session.users().removeUser(appRealm, user));
@ -387,6 +401,18 @@ public class FederationProvidersIntegrationTest {
}
}
@Test
public void testCaseSensitiveSearch() {
loginPage.open();
// This should fail for now due to case-sensitivity
loginPage.login("johnKeycloak", "Password1");
Assert.assertEquals("Invalid username or password.", loginPage.getError());
loginPage.login("John@email.org", "Password1");
Assert.assertEquals("Invalid username or password.", loginPage.getError());
}
static PartitionManager getPartitionManager(KeycloakSession keycloakSession, UserFederationProviderModel ldapFedModel) {
PartitionManagerProvider partitionManagerProvider = keycloakSession.getProvider(PartitionManagerProvider.class);
return partitionManagerProvider.getPartitionManager(ldapFedModel);