libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

The getAttributes method in UserAttributeLDAPStorageMapper does not work for email or other UserModel properties

Browse source 
Closes https://github.com/keycloak/keycloak/issues/10412
This commit is contained in:
rmartinc 2023-03-24 15:59:33 +01:00 committed by Marek Posolda
parent 5202ba0245
commit 89dfeeec38
2 changed files with 17 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/UserAttributeLDAPStorageMapper.java
View file

@ -383,11 +383,6 @@ public class UserAttributeLDAPStorageMapper extends AbstractLDAPStorageMapper {
public Map<String, List<String>> getAttributes() {
Map<String, List<String>> attrs = new HashMap<>(super.getAttributes());
// Ignore UserModel properties
if (userModelProperties.get(userModelAttrName.toLowerCase()) != null) {
return attrs;
}
Set<String> allLdapAttrValues = ldapUser.getAttributeAsSet(ldapAttrName);
if (allLdapAttrValues != null) {
attrs.put(userModelAttrName, new ArrayList<>(allLdapAttrValues));

20
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPNoCacheTest.java
View file

@ -19,6 +19,7 @@
package org.keycloak.testsuite.federation.ldap;
import java.io.IOException;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
@ -122,6 +123,20 @@ public class LDAPNoCacheTest extends AbstractLDAPTest {
@Page
protected LoginPasswordUpdatePage updatePasswordPage;
private static void checkEmailAddressMultipleVariants(KeycloakTestingClient testingClient, String username, String newEmail) {
testingClient.server().run((KeycloakSession session) -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel realm = ctx.getRealm();
UserModel user = session.users().getUserByUsername(realm, username);
Assert.assertNotNull("User not found", user);
Assert.assertEquals(newEmail, user.getEmail());
Assert.assertEquals(Collections.singletonList(newEmail), user.getAttributes().get(UserModel.EMAIL));
Assert.assertEquals(Collections.singletonList(newEmail), user.getAttributeStream(UserModel.EMAIL).collect(Collectors.toList()));
});
}
// KEYCLOAK-10852
@Test
public void resetPasswordLink() throws IOException, MessagingException {
@ -135,9 +150,8 @@ public class LDAPNoCacheTest extends AbstractLDAPTest {
changeEmailAddressInLDAP(testingClient,"john_new@email.org");
try {
// Search for the user and check email is new address
UserRepresentation john = testRealm().users().search("johnkeycloak").get(0);
Assert.assertEquals("john_new@email.org", john.getEmail());
// Search for the user and check email is new address in the multiple attribute variants
checkEmailAddressMultipleVariants(testingClient, "johnkeycloak", "john_new@email.org");
// Test 1 - Use username on the ResetPassword form. Mail should be sent to new address
triggerForgetPasswordForUser("johnkeycloak", 2, "john_new@email.org");