KEYCLOAK-4789 Can't remove userStorage when linked users have consent
This commit is contained in:
parent
cf7f28d97e
commit
8000baeb1f
5 changed files with 34 additions and 2 deletions
|
@ -427,6 +427,18 @@ public class JpaUserProvider implements UserProvider, UserCredentialStore {
|
|||
.setParameter("realmId", realm.getId())
|
||||
.setParameter("link", storageProviderId)
|
||||
.executeUpdate();
|
||||
num = em.createNamedQuery("deleteUserConsentProtMappersByRealmAndLink")
|
||||
.setParameter("realmId", realm.getId())
|
||||
.setParameter("link", storageProviderId)
|
||||
.executeUpdate();
|
||||
num = em.createNamedQuery("deleteUserConsentRolesByRealmAndLink")
|
||||
.setParameter("realmId", realm.getId())
|
||||
.setParameter("link", storageProviderId)
|
||||
.executeUpdate();
|
||||
num = em.createNamedQuery("deleteUserConsentsByRealmAndLink")
|
||||
.setParameter("realmId", realm.getId())
|
||||
.setParameter("link", storageProviderId)
|
||||
.executeUpdate();
|
||||
num = em.createNamedQuery("deleteUsersByRealmAndLink")
|
||||
.setParameter("realmId", realm.getId())
|
||||
.setParameter("link", storageProviderId)
|
||||
|
|
|
@ -45,6 +45,7 @@ import java.util.Collection;
|
|||
@NamedQuery(name="userConsentByUserAndClient", query="select consent from UserConsentEntity consent where consent.user.id = :userId and consent.clientId = :clientId"),
|
||||
@NamedQuery(name="userConsentsByUser", query="select consent from UserConsentEntity consent where consent.user.id = :userId"),
|
||||
@NamedQuery(name="deleteUserConsentsByRealm", query="delete from UserConsentEntity consent where consent.user IN (select user from UserEntity user where user.realmId = :realmId)"),
|
||||
@NamedQuery(name="deleteUserConsentsByRealmAndLink", query="delete from UserConsentEntity consent where consent.user IN (select u from UserEntity u where u.realmId=:realmId and u.federationLink=:link)"),
|
||||
@NamedQuery(name="deleteUserConsentsByUser", query="delete from UserConsentEntity consent where consent.user = :user"),
|
||||
@NamedQuery(name="deleteUserConsentsByClient", query="delete from UserConsentEntity consent where consent.clientId = :clientId"),
|
||||
})
|
||||
|
|
|
@ -36,6 +36,7 @@ import java.io.Serializable;
|
|||
@NamedQuery(name="deleteUserConsentProtMappersByRealm", query=
|
||||
"delete from UserConsentProtocolMapperEntity csm where csm.userConsent IN (select consent from UserConsentEntity consent where consent.user IN (select user from UserEntity user where user.realmId = :realmId))"),
|
||||
@NamedQuery(name="deleteUserConsentProtMappersByUser", query="delete from UserConsentProtocolMapperEntity csm where csm.userConsent IN (select consent from UserConsentEntity consent where consent.user = :user)"),
|
||||
@NamedQuery(name="deleteUserConsentProtMappersByRealmAndLink", query="delete from UserConsentProtocolMapperEntity csm where csm.userConsent IN (select consent from UserConsentEntity consent where consent.user IN (select u from UserEntity u where u.realmId=:realmId and u.federationLink=:link))"),
|
||||
@NamedQuery(name="deleteUserConsentProtMappersByProtocolMapper", query="delete from UserConsentProtocolMapperEntity csm where csm.protocolMapperId = :protocolMapperId)"),
|
||||
@NamedQuery(name="deleteUserConsentProtMappersByClient", query="delete from UserConsentProtocolMapperEntity csm where csm.userConsent IN (select consent from UserConsentEntity consent where consent.clientId = :clientId))"),
|
||||
})
|
||||
|
|
|
@ -34,6 +34,7 @@ import java.io.Serializable;
|
|||
*/
|
||||
@NamedQueries({
|
||||
@NamedQuery(name="deleteUserConsentRolesByRealm", query="delete from UserConsentRoleEntity grantedRole where grantedRole.userConsent IN (select consent from UserConsentEntity consent where consent.user IN (select user from UserEntity user where user.realmId = :realmId))"),
|
||||
@NamedQuery(name="deleteUserConsentRolesByRealmAndLink", query="delete from UserConsentRoleEntity grantedRole where grantedRole.userConsent IN (select consent from UserConsentEntity consent where consent.user IN (select u from UserEntity u where u.realmId=:realmId and u.federationLink=:link))"),
|
||||
@NamedQuery(name="deleteUserConsentRolesByUser", query="delete from UserConsentRoleEntity grantedRole where grantedRole.userConsent IN (select consent from UserConsentEntity consent where consent.user = :user)"),
|
||||
@NamedQuery(name="deleteUserConsentRolesByRole", query="delete from UserConsentRoleEntity grantedRole where grantedRole.roleId = :roleId)"),
|
||||
@NamedQuery(name="deleteUserConsentRolesByClient", query="delete from UserConsentRoleEntity grantedRole where grantedRole.userConsent IN (select consent from UserConsentEntity consent where consent.clientId = :clientId)"),
|
||||
|
|
|
@ -63,6 +63,7 @@ import org.keycloak.testsuite.pages.AccountPasswordPage;
|
|||
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
|
||||
import org.keycloak.testsuite.pages.AppPage;
|
||||
import org.keycloak.testsuite.pages.LoginPage;
|
||||
import org.keycloak.testsuite.pages.OAuthGrantPage;
|
||||
import org.keycloak.testsuite.pages.RegisterPage;
|
||||
import org.keycloak.testsuite.rule.KeycloakRule;
|
||||
import org.keycloak.testsuite.rule.LDAPRule;
|
||||
|
@ -153,6 +154,9 @@ public class LDAPProvidersIntegrationTest {
|
|||
@WebResource
|
||||
protected AccountPasswordPage changePasswordPage;
|
||||
|
||||
@WebResource
|
||||
protected OAuthGrantPage grantPage;
|
||||
|
||||
// @Test
|
||||
// @Ignore
|
||||
// public void runit() throws Exception {
|
||||
|
@ -316,8 +320,18 @@ public class LDAPProvidersIntegrationTest {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void deleteFederationLink() {
|
||||
loginLdap();
|
||||
public void deleteFederationLink() throws Exception {
|
||||
// KEYCLOAK-4789: Login in client, which requires consent
|
||||
oauth.clientId("third-party");
|
||||
loginPage.open();
|
||||
loginPage.login("johnkeycloak", "Password1");
|
||||
|
||||
grantPage.assertCurrent();
|
||||
grantPage.accept();
|
||||
|
||||
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
||||
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
|
||||
|
||||
{
|
||||
KeycloakSession session = keycloakRule.startSession();
|
||||
try {
|
||||
|
@ -349,6 +363,9 @@ public class LDAPProvidersIntegrationTest {
|
|||
keycloakRule.stopSession(session, true);
|
||||
}
|
||||
}
|
||||
|
||||
oauth.clientId("test-app");
|
||||
|
||||
loginLdap();
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue