KEYCLOAK-1821 KEYCLOAK-1825 Migration and export/import of clientAuthFlow + resetCredentialsFlow
This commit is contained in:
parent
d818ebdd9e
commit
86f0092622
5 changed files with 53 additions and 3 deletions
|
@ -90,6 +90,7 @@ public class RealmRepresentation {
|
|||
protected String browserFlow;
|
||||
protected String registrationFlow;
|
||||
protected String directGrantFlow;
|
||||
protected String resetCredentialsFlow;
|
||||
protected String clientAuthenticationFlow;
|
||||
|
||||
@Deprecated
|
||||
|
@ -737,6 +738,14 @@ public class RealmRepresentation {
|
|||
this.directGrantFlow = directGrantFlow;
|
||||
}
|
||||
|
||||
public String getResetCredentialsFlow() {
|
||||
return resetCredentialsFlow;
|
||||
}
|
||||
|
||||
public void setResetCredentialsFlow(String resetCredentialsFlow) {
|
||||
this.resetCredentialsFlow = resetCredentialsFlow;
|
||||
}
|
||||
|
||||
public String getClientAuthenticationFlow() {
|
||||
return clientAuthenticationFlow;
|
||||
}
|
||||
|
|
|
@ -31,13 +31,19 @@ public class MigrateTo1_5_0 {
|
|||
realm.setBrowserFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW));
|
||||
realm.setRegistrationFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.REGISTRATION_FLOW));
|
||||
realm.setDirectGrantFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.DIRECT_GRANT_FLOW));
|
||||
realm.setResetCredentialsFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW));
|
||||
|
||||
AuthenticationFlowModel resetFlow = realm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW);
|
||||
if (resetFlow == null) {
|
||||
DefaultAuthenticationFlows.resetCredentialsFlow(realm);
|
||||
} else {
|
||||
realm.setResetCredentialsFlow(resetFlow);
|
||||
}
|
||||
|
||||
AuthenticationFlowModel clientAuthFlow = realm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW);
|
||||
if (clientAuthFlow == null) {
|
||||
DefaultAuthenticationFlows.clientAuthFlow(realm);
|
||||
} else {
|
||||
realm.setClientAuthenticationFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW));
|
||||
realm.setClientAuthenticationFlow(clientAuthFlow);
|
||||
}
|
||||
|
||||
for (ClientModel client : realm.getClients()) {
|
||||
|
|
|
@ -163,6 +163,7 @@ public class ModelToRepresentation {
|
|||
if (realm.getBrowserFlow() != null) rep.setBrowserFlow(realm.getBrowserFlow().getAlias());
|
||||
if (realm.getRegistrationFlow() != null) rep.setRegistrationFlow(realm.getRegistrationFlow().getAlias());
|
||||
if (realm.getDirectGrantFlow() != null) rep.setDirectGrantFlow(realm.getDirectGrantFlow().getAlias());
|
||||
if (realm.getResetCredentialsFlow() != null) rep.setResetCredentialsFlow(realm.getResetCredentialsFlow().getAlias());
|
||||
if (realm.getClientAuthenticationFlow() != null) rep.setClientAuthenticationFlow(realm.getClientAuthenticationFlow().getAlias());
|
||||
|
||||
List<String> defaultRoles = realm.getDefaultRoles();
|
||||
|
|
|
@ -359,8 +359,25 @@ public class RepresentationToModel {
|
|||
} else {
|
||||
newRealm.setDirectGrantFlow(newRealm.getFlowByAlias(rep.getDirectGrantFlow()));
|
||||
}
|
||||
|
||||
// reset credentials + client flow needs to be more defensive as they were added later (in 1.5 )
|
||||
if (rep.getResetCredentialsFlow() == null) {
|
||||
AuthenticationFlowModel resetFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW);
|
||||
if (resetFlow == null) {
|
||||
DefaultAuthenticationFlows.resetCredentialsFlow(newRealm);
|
||||
} else {
|
||||
newRealm.setResetCredentialsFlow(resetFlow);
|
||||
}
|
||||
} else {
|
||||
newRealm.setResetCredentialsFlow(newRealm.getFlowByAlias(rep.getResetCredentialsFlow()));
|
||||
}
|
||||
if (rep.getClientAuthenticationFlow() == null) {
|
||||
newRealm.setClientAuthenticationFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW));
|
||||
AuthenticationFlowModel clientFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW);
|
||||
if (clientFlow == null) {
|
||||
DefaultAuthenticationFlows.clientAuthFlow(newRealm);
|
||||
} else {
|
||||
newRealm.setClientAuthenticationFlow(clientFlow);
|
||||
}
|
||||
} else {
|
||||
newRealm.setClientAuthenticationFlow(newRealm.getFlowByAlias(rep.getClientAuthenticationFlow()));
|
||||
}
|
||||
|
@ -571,6 +588,9 @@ public class RepresentationToModel {
|
|||
if (rep.getDirectGrantFlow() != null) {
|
||||
realm.setDirectGrantFlow(realm.getFlowByAlias(rep.getDirectGrantFlow()));
|
||||
}
|
||||
if (rep.getResetCredentialsFlow() != null) {
|
||||
realm.setResetCredentialsFlow(realm.getFlowByAlias(rep.getResetCredentialsFlow()));
|
||||
}
|
||||
if (rep.getClientAuthenticationFlow() != null) {
|
||||
realm.setClientAuthenticationFlow(realm.getFlowByAlias(rep.getClientAuthenticationFlow()));
|
||||
}
|
||||
|
|
|
@ -7,6 +7,8 @@ import org.junit.runners.MethodSorters;
|
|||
import org.keycloak.constants.KerberosConstants;
|
||||
import org.keycloak.federation.ldap.mappers.FullNameLDAPFederationMapper;
|
||||
import org.keycloak.federation.ldap.mappers.FullNameLDAPFederationMapperFactory;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticationFlowModel;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.FederatedIdentityModel;
|
||||
|
@ -23,6 +25,7 @@ import org.keycloak.models.UserFederationProvider;
|
|||
import org.keycloak.models.UserFederationProviderFactory;
|
||||
import org.keycloak.models.UserFederationProviderModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.utils.DefaultAuthenticationFlows;
|
||||
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||
import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
|
||||
import org.keycloak.protocol.oidc.mappers.UserSessionNoteMapper;
|
||||
|
@ -275,6 +278,17 @@ public class ImportTest extends AbstractModelTest {
|
|||
UserFederationProviderFactory factory = (UserFederationProviderFactory)session.getKeycloakSessionFactory().getProviderFactory(UserFederationProvider.class, "dummy");
|
||||
Assert.assertNull(factory.getInstance(session, null).getUserByUsername(realm, "wburke"));
|
||||
|
||||
// Test builtin authentication flows
|
||||
AuthenticationFlowModel clientFlow = realm.getClientAuthenticationFlow();
|
||||
Assert.assertEquals(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW, clientFlow.getAlias());
|
||||
Assert.assertNotNull(realm.getAuthenticationFlowById(clientFlow.getId()));
|
||||
Assert.assertTrue(realm.getAuthenticationExecutions(clientFlow.getId()).size() > 0);
|
||||
|
||||
AuthenticationFlowModel resetFlow = realm.getResetCredentialsFlow();
|
||||
Assert.assertEquals(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW, resetFlow.getAlias());
|
||||
Assert.assertNotNull(realm.getAuthenticationFlowById(resetFlow.getId()));
|
||||
Assert.assertTrue(realm.getAuthenticationExecutions(resetFlow.getId()).size() > 0);
|
||||
|
||||
// Test protocol mappers. Default application has all the builtin protocol mappers. OtherApp just gss credential
|
||||
Assert.assertNotNull(application.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, "username"));
|
||||
Assert.assertNotNull(application.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, "email"));
|
||||
|
|
Loading…
Reference in a new issue