Prevent updating IdP via organization API not linked with the organization

Closes #28833 Signed-off-by: vramik <vramik@redhat.com>
2024-04-18 11:55:45 +02:00 · 2024-04-18 11:55:45 +02:00 · 860f3b7320
commit 860f3b7320
parent 0d60e58029
2 changed files with 21 additions and 1 deletions
--- a/services/src/main/java/org/keycloak/organization/admin/resource/OrganizationIdentityProviderResource.java
+++ b/services/src/main/java/org/keycloak/organization/admin/resource/OrganizationIdentityProviderResource.java
@ -134,7 +134,7 @@ public class OrganizationIdentityProviderResource {
    public Response update(IdentityProviderRepresentation rep) {
        IdentityProviderModel identityProvider = getIdentityProviderModel();

-        if (!rep.getAlias().equals(identityProvider.getAlias())) {
+        if (!rep.getAlias().equals(identityProvider.getAlias()) || (rep.getInternalId() != null && !Objects.equals(rep.getInternalId(), identityProvider.getInternalId()))) {
            throw ErrorResponse.error("Identity provider not assigned to the organization.", Status.NOT_FOUND);
        }

--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/organization/admin/OrganizationIdentityProviderTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/organization/admin/OrganizationIdentityProviderTest.java
@ -125,6 +125,26 @@ public class OrganizationIdentityProviderTest extends AbstractOrganizationTest {
        }
    }

+    @Test
+    public void tryUpdateIdPWithValidAliasInvalidInternalId() {
+        OrganizationRepresentation orgRep = createOrganization();
+        OrganizationResource orgResource = testRealm().organizations().get(orgRep.getId());
+
+        OrganizationIdentityProviderResource orgIdPResource = orgResource.identityProvider();
+
+        IdentityProviderRepresentation idpRepresentation = createRep("some-broker", "oidc");
+        //create IdP in realm not bound to Org and get created internalId
+        testRealm().identityProviders().create(idpRepresentation).close();
+        String internalId = testRealm().identityProviders().get("some-broker").toRepresentation().getInternalId();
+
+        IdentityProviderRepresentation orgIdPRep = orgIdPResource.toRepresentation();
+        orgIdPRep.setInternalId(internalId);
+
+        try (Response response = orgIdPResource.update(orgIdPRep)) {
+            assertThat(response.getStatus(), equalTo(Response.Status.NOT_FOUND.getStatusCode()));
+        }
+    }
+
    private IdentityProviderRepresentation createRep(String alias, String providerId) {
        IdentityProviderRepresentation idp = new IdentityProviderRepresentation();