libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Merge pull request #4706 from stianst/KEYCLOAK-5383

Browse source 
KEYCLOAK-5383 Fix creating password in LDAP through admin create user…
This commit is contained in:
Marek Posolda 2017-11-20 09:17:45 +01:00 committed by GitHub
commit 8e53ccf5ab
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 65 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
View file

@ -77,6 +77,7 @@ import org.keycloak.models.UserConsentModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider;
import org.keycloak.models.credential.PasswordUserCredentialModel;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation;
@ -1444,7 +1445,7 @@ public class RepresentationToModel {
user.addRequiredAction(UserModel.RequiredAction.valueOf(requiredAction.toUpperCase()));
}
}
createCredentials(userRep, session, newRealm, user);
createCredentials(userRep, session, newRealm, user, false);
if (userRep.getFederatedIdentities() != null) {
for (FederatedIdentityRepresentation identity : userRep.getFederatedIdentities()) {
FederatedIdentityModel mappingModel = new FederatedIdentityModel(identity.getIdentityProvider(), identity.getUserId(), identity.getUserName());
@ -1485,18 +1486,19 @@ public class RepresentationToModel {
return user;
}
public static void createCredentials(UserRepresentation userRep, KeycloakSession session, RealmModel realm, UserModel user) {
public static void createCredentials(UserRepresentation userRep, KeycloakSession session, RealmModel realm, UserModel user, boolean adminRequest) {
if (userRep.getCredentials() != null) {
for (CredentialRepresentation cred : userRep.getCredentials()) {
updateCredential(session, realm, user, cred);
updateCredential(session, realm, user, cred, adminRequest);
}
}
}
// Detect if it is "plain-text" or "hashed" representation and update model according to it
private static void updateCredential(KeycloakSession session, RealmModel realm, UserModel user, CredentialRepresentation cred) {
private static void updateCredential(KeycloakSession session, RealmModel realm, UserModel user, CredentialRepresentation cred, boolean adminRequest) {
if (cred.getValue() != null) {
UserCredentialModel plainTextCred = convertCredential(cred);
PasswordUserCredentialModel plainTextCred = convertCredential(cred);
plainTextCred.setAdminRequest(adminRequest);
session.userCredentialManager().updateCredential(realm, user, plainTextCred);
} else {
CredentialModel hashedCred = new CredentialModel();
@ -1542,8 +1544,8 @@ public class RepresentationToModel {
}
}
public static UserCredentialModel convertCredential(CredentialRepresentation cred) {
UserCredentialModel credential = new UserCredentialModel();
public static PasswordUserCredentialModel convertCredential(CredentialRepresentation cred) {
PasswordUserCredentialModel credential = new PasswordUserCredentialModel();
credential.setType(cred.getType());
credential.setValue(cred.getValue());
return credential;

2
services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
View file

@ -435,7 +435,7 @@ public class KeycloakApplication extends Application {
} else {
UserModel user = session.users().addUser(realm, userRep.getUsername());
user.setEnabled(userRep.isEnabled());
RepresentationToModel.createCredentials(userRep, session, realm, user);
RepresentationToModel.createCredentials(userRep, session, realm, user, false);
RepresentationToModel.createRoleMappings(userRep, user, realm);
}

2
services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
View file

@ -116,7 +116,7 @@ public class UsersResource {
Set<String> emptySet = Collections.emptySet();
UserResource.updateUserFromRep(user, rep, emptySet, realm, session, false);
RepresentationToModel.createCredentials(rep, session, realm, user);
RepresentationToModel.createCredentials(rep, session, realm, user, true);
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, user.getId()).representation(rep).success();
if (session.getTransactionManager().isActive()) {

54
testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPProvidersIntegrationNoImportTest.java
View file

@ -27,9 +27,12 @@ import org.junit.rules.RuleChain;
import org.junit.rules.TestRule;
import org.junit.runners.MethodSorters;
import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.component.ComponentModel;
import org.keycloak.credential.CredentialModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.LDAPConstants;
import org.keycloak.models.ModelException;
@ -39,6 +42,8 @@ import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.storage.ReadOnlyException;
import org.keycloak.storage.StorageId;
@ -54,6 +59,7 @@ import org.keycloak.storage.ldap.mappers.HardcodedLDAPRoleStorageMapper;
import org.keycloak.storage.ldap.mappers.HardcodedLDAPRoleStorageMapperFactory;
import org.keycloak.storage.ldap.mappers.LDAPStorageMapper;
import org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper;
import org.keycloak.testsuite.ApiUtil;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.federation.storage.ldap.LDAPTestUtils;
import org.keycloak.testsuite.pages.AccountPasswordPage;
@ -67,9 +73,14 @@ import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
import org.openqa.selenium.WebDriver;
import javax.ws.rs.core.Response;
import java.util.LinkedList;
import java.util.List;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.MASTER;
import static org.junit.Assert.assertEquals;
import static org.keycloak.models.AdminRoles.ADMIN;
import static org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@ -885,4 +896,47 @@ public class LDAPProvidersIntegrationNoImportTest {
}
}
// KEYCLOAK-5383
@Test
public void addUserThroughAdmin() {
Keycloak adminClient = Keycloak.getInstance(AUTH_SERVER_ROOT, MASTER, ADMIN, ADMIN, Constants.ADMIN_CLI_CLIENT_ID);
RealmResource realm = adminClient.realm("test");
UserRepresentation user = new UserRepresentation();
user.setUsername("addUserThroughAdmin");
user.setEnabled(true);
user.setCredentials(new LinkedList<>());
CredentialRepresentation cred = new CredentialRepresentation();
cred.setType(CredentialRepresentation.PASSWORD);
cred.setValue("password");
user.getCredentials().add(cred);
Response response = realm.users().create(user);
String userId = ApiUtil.getCreatedId(response);
loginPage.open();
loginPage.login("addUserThroughAdmin", "password");
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
oauth.openLogout();
cred.setValue("password2");
realm.users().get(userId).resetPassword(cred);
loginPage.open();
loginPage.login("addUserThroughAdmin", "password2");
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
oauth.openLogout();
adminClient.close();
}
}