libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

[KEYCLOAK-5135] - Wrong comparison when checking for duplicate resources during creation

Browse source
This commit is contained in:
Pedro Igor 2017-07-04 10:16:55 -03:00
parent 1e6f099eb0
commit adffe16cb8
2 changed files with 36 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
View file

@ -76,6 +76,7 @@ import org.keycloak.models.ScopeContainerModel;
import org.keycloak.models.UserConsentModel; import org.keycloak.models.UserConsentModel;
import org.keycloak.models.UserCredentialModel; import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider;
import org.keycloak.provider.ProviderConfigProperty; import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.idm.ApplicationRepresentation; import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation; import org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation;
@ -2245,10 +2246,10 @@ public class RepresentationToModel {
existing.setType(resource.getType()); existing.setType(resource.getType());
existing.setUri(resource.getUri()); existing.setUri(resource.getUri());
existing.setIconUri(resource.getIconUri()); existing.setIconUri(resource.getIconUri());
existing.updateScopes(resource.getScopes().stream() existing.updateScopes(resource.getScopes().stream()
.map((ScopeRepresentation scope) -> toModel(scope, resourceServer, authorization)) .map((ScopeRepresentation scope) -> toModel(scope, resourceServer, authorization))
.collect(Collectors.toSet())); .collect(Collectors.toSet()));
return existing; return existing;
} }
@ -2259,11 +2260,30 @@ public class RepresentationToModel {
owner.setId(resourceServer.getClientId()); owner.setId(resourceServer.getClientId());
} }
if (owner.getId() == null) { String ownerId = owner.getId();
if (ownerId == null) {
throw new RuntimeException("No owner specified for resource [" + resource.getName() + "]."); throw new RuntimeException("No owner specified for resource [" + resource.getName() + "].");
} }
Resource model = resourceStore.create(resource.getName(), resourceServer, owner.getId()); if (!resourceServer.getClientId().equals(ownerId)) {
RealmModel realm = authorization.getRealm();
KeycloakSession keycloakSession = authorization.getKeycloakSession();
UserProvider users = keycloakSession.users();
UserModel ownerModel = users.getUserById(ownerId, realm);
if (ownerModel == null) {
ownerModel = users.getUserByUsername(ownerId, realm);
}
if (ownerModel == null) {
throw new RuntimeException("Owner must be a valid username or user identifier. If the resource server, the client id or null.");
}
owner.setId(ownerModel.getId());
}
Resource model = resourceStore.create(resource.getName(), resourceServer, ownerId);
model.setType(resource.getType()); model.setType(resource.getType());
model.setUri(resource.getUri()); model.setUri(resource.getUri());

41
services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java
View file

@ -101,39 +101,24 @@ public class ResourceSetService {
Resource existingResource = storeFactory.getResourceStore().findByName(resource.getName(), this.resourceServer.getId()); Resource existingResource = storeFactory.getResourceStore().findByName(resource.getName(), this.resourceServer.getId());
ResourceOwnerRepresentation owner = resource.getOwner(); ResourceOwnerRepresentation owner = resource.getOwner();
if (existingResource != null && existingResource.getResourceServer().getId().equals(this.resourceServer.getId()) if (owner == null) {
&& existingResource.getOwner().equals(owner)) { owner = new ResourceOwnerRepresentation();
owner.setId(resourceServer.getClientId());
}
String ownerId = owner.getId();
if (ownerId == null) {
return ErrorResponse.error("You must specify the resource owner.", Status.BAD_REQUEST);
}
if (existingResource != null && existingResource.getOwner().equals(ownerId)) {
return ErrorResponse.exists("Resource with name [" + resource.getName() + "] already exists."); return ErrorResponse.exists("Resource with name [" + resource.getName() + "] already exists.");
} }
if (owner != null) {
String ownerId = owner.getId();
if (ownerId != null) {
if (!resourceServer.getClientId().equals(ownerId)) {
RealmModel realm = authorization.getRealm();
KeycloakSession keycloakSession = authorization.getKeycloakSession();
UserProvider users = keycloakSession.users();
UserModel ownerModel = users.getUserById(ownerId, realm);
if (ownerModel == null) {
ownerModel = users.getUserByUsername(ownerId, realm);
}
if (ownerModel == null) {
return ErrorResponse.error("Owner must be a valid username or user identifier. If the resource server, the client id or null.", Status.BAD_REQUEST);
}
owner.setId(ownerModel.getId());
}
}
}
Resource model = toModel(resource, this.resourceServer, authorization);
ResourceRepresentation representation = new ResourceRepresentation(); ResourceRepresentation representation = new ResourceRepresentation();
representation.setId(model.getId()); representation.setId(toModel(resource, this.resourceServer, authorization).getId());
return Response.status(Status.CREATED).entity(representation).build(); return Response.status(Status.CREATED).entity(representation).build();
} }