Merge pull request #3666 from hmlnarik/KEYCLOAK-4072-User-ID-from-User-Storage-Provider-too-long-for-Offline-User-Session
KEYCLOAK-4072 Add explicit check for key format
This commit is contained in:
commit
aa78c9eaf5
8 changed files with 127 additions and 0 deletions
|
@ -17,6 +17,8 @@
|
|||
|
||||
package org.keycloak.models.jpa.session;
|
||||
|
||||
import org.keycloak.storage.jpa.KeyUtils;
|
||||
|
||||
import javax.persistence.Column;
|
||||
import javax.persistence.Entity;
|
||||
import javax.persistence.Id;
|
||||
|
@ -84,6 +86,7 @@ public class PersistentUserSessionEntity {
|
|||
}
|
||||
|
||||
public void setUserId(String userId) {
|
||||
KeyUtils.assertValidKey(userId);
|
||||
this.userId = userId;
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,56 @@
|
|||
/*
|
||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.keycloak.storage.jpa;
|
||||
|
||||
import java.util.regex.Pattern;
|
||||
import org.jboss.logging.Logger;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author hmlnarik
|
||||
*/
|
||||
public class KeyUtils {
|
||||
|
||||
private static final Logger LOG = Logger.getLogger(KeyUtils.class);
|
||||
|
||||
public static final Pattern UUID_PATTERN = Pattern.compile("[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}");
|
||||
|
||||
public static final Pattern EXPECTED_KEY_PATTERN = Pattern.compile(
|
||||
UUID_PATTERN.pattern()
|
||||
+ "|"
|
||||
+ "f:" + UUID_PATTERN.pattern() + ":.*"
|
||||
);
|
||||
|
||||
/**
|
||||
* Returns {@code} true when the key is {@code null} or either a plain UUID or a key formatted as "f:[UUID]:any_string"
|
||||
* @param key String representation of the key
|
||||
* @return
|
||||
*/
|
||||
public static boolean isValidKey(String key) {
|
||||
return key == null || EXPECTED_KEY_PATTERN.matcher(key).matches();
|
||||
}
|
||||
|
||||
/**
|
||||
* Logs an warning when the key is not a valid key
|
||||
* @param key String representation of the key
|
||||
*/
|
||||
public static void assertValidKey(String key) throws IllegalArgumentException {
|
||||
if (! isValidKey(key)) {
|
||||
LOG.warnf("The given key is not a valid key per specification, future migration might fail: %s", key);
|
||||
}
|
||||
}
|
||||
}
|
|
@ -17,6 +17,8 @@
|
|||
|
||||
package org.keycloak.storage.jpa.entity;
|
||||
|
||||
import org.keycloak.storage.jpa.KeyUtils;
|
||||
|
||||
import javax.persistence.Column;
|
||||
import javax.persistence.Entity;
|
||||
import javax.persistence.Id;
|
||||
|
@ -71,6 +73,7 @@ public class BrokerLinkEntity {
|
|||
}
|
||||
|
||||
public void setUserId(String userId) {
|
||||
KeyUtils.assertValidKey(userId);
|
||||
this.userId = userId;
|
||||
}
|
||||
|
||||
|
|
|
@ -16,6 +16,8 @@
|
|||
*/
|
||||
package org.keycloak.storage.jpa.entity;
|
||||
|
||||
import org.keycloak.storage.jpa.KeyUtils;
|
||||
|
||||
import javax.persistence.Access;
|
||||
import javax.persistence.AccessType;
|
||||
import javax.persistence.Column;
|
||||
|
@ -58,6 +60,7 @@ public class FederatedUser {
|
|||
}
|
||||
|
||||
public void setId(String id) {
|
||||
KeyUtils.assertValidKey(id);
|
||||
this.id = id;
|
||||
}
|
||||
|
||||
|
|
|
@ -17,6 +17,8 @@
|
|||
|
||||
package org.keycloak.storage.jpa.entity;
|
||||
|
||||
import org.keycloak.storage.jpa.KeyUtils;
|
||||
|
||||
import javax.persistence.Column;
|
||||
import javax.persistence.Entity;
|
||||
import javax.persistence.Id;
|
||||
|
@ -74,6 +76,7 @@ public class FederatedUserGroupMembershipEntity {
|
|||
}
|
||||
|
||||
public void setUserId(String userId) {
|
||||
KeyUtils.assertValidKey(userId);
|
||||
this.userId = userId;
|
||||
}
|
||||
|
||||
|
|
|
@ -17,6 +17,8 @@
|
|||
|
||||
package org.keycloak.storage.jpa.entity;
|
||||
|
||||
import org.keycloak.storage.jpa.KeyUtils;
|
||||
|
||||
import javax.persistence.Column;
|
||||
import javax.persistence.Entity;
|
||||
import javax.persistence.Id;
|
||||
|
@ -69,6 +71,7 @@ public class FederatedUserRequiredActionEntity {
|
|||
}
|
||||
|
||||
public void setUserId(String userId) {
|
||||
KeyUtils.assertValidKey(userId);
|
||||
this.userId = userId;
|
||||
}
|
||||
|
||||
|
|
|
@ -17,6 +17,8 @@
|
|||
|
||||
package org.keycloak.storage.jpa.entity;
|
||||
|
||||
import org.keycloak.storage.jpa.KeyUtils;
|
||||
|
||||
import javax.persistence.Column;
|
||||
import javax.persistence.Entity;
|
||||
import javax.persistence.Id;
|
||||
|
@ -64,6 +66,7 @@ public class FederatedUserRoleMappingEntity {
|
|||
}
|
||||
|
||||
public void setUserId(String userId) {
|
||||
KeyUtils.assertValidKey(userId);
|
||||
this.userId = userId;
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,53 @@
|
|||
/*
|
||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.keycloak.storage.jpa;
|
||||
|
||||
import java.util.UUID;
|
||||
import org.junit.Test;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author hmlnarik
|
||||
*/
|
||||
public class KeyUtilsTest {
|
||||
|
||||
@Test
|
||||
public void testValidKeys() {
|
||||
assertTrue(KeyUtils.isValidKey(UUID.randomUUID().toString()));
|
||||
assertTrue(KeyUtils.isValidKey("01234567-1234-1234-aAAa-123456789012"));
|
||||
assertTrue(KeyUtils.isValidKey("01234567-1234-1234-aAAf-123456789012"));
|
||||
|
||||
assertTrue(KeyUtils.isValidKey("f:" + UUID.randomUUID() + ":dsadsada"));
|
||||
assertTrue(KeyUtils.isValidKey("f:01234567-1234-1234-aAAa-123456789012:dsadsada"));
|
||||
assertTrue(KeyUtils.isValidKey("f:a1234567-1234-1234-aAAa-123456789012:dsadsada"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testInvalidKeys() {
|
||||
assertFalse(KeyUtils.isValidKey("any string"));
|
||||
assertFalse(KeyUtils.isValidKey("0"));
|
||||
assertFalse(KeyUtils.isValidKey("01234567-1234-1234-aAAg-123456789012a"));
|
||||
assertFalse(KeyUtils.isValidKey("z1234567-1234-1234-aAAa-123456789012"));
|
||||
|
||||
assertFalse(KeyUtils.isValidKey("f:g1234567-1234-1234-aAAa-123456789012:dsadsada"));
|
||||
assertFalse(KeyUtils.isValidKey("g:a1234567-1234-1234-aAAa-123456789012:dsadsada"));
|
||||
assertFalse(KeyUtils.isValidKey("f:a1234567-1234-1234-aAAa-123456789012"));
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in a new issue