From 17d8394ab6475d1eabba546e17ba01e6a780b2b5 Mon Sep 17 00:00:00 2001 From: mposolda Date: Fri, 2 Dec 2016 17:54:42 +0100 Subject: [PATCH] KEYCLOAK-3340 Service Account user not renamed when renaming client-id --- .../org/keycloak/services/managers/ClientManager.java | 11 +++++++++++ .../services/resources/admin/ClientResource.java | 4 ++++ .../keycloak/testsuite/oauth/ServiceAccountTest.java | 4 ++-- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/services/src/main/java/org/keycloak/services/managers/ClientManager.java b/services/src/main/java/org/keycloak/services/managers/ClientManager.java index 1aa9b7f0f3..fec49c92c5 100644 --- a/services/src/main/java/org/keycloak/services/managers/ClientManager.java +++ b/services/src/main/java/org/keycloak/services/managers/ClientManager.java @@ -195,6 +195,17 @@ public class ClientManager { } } + public void clientIdChanged(ClientModel client, String newClientId) { + logger.debugf("Updating clientId from '%s' to '%s'", client.getClientId(), newClientId); + + UserModel serviceAccountUser = realmManager.getSession().users().getServiceAccount(client); + if (serviceAccountUser != null) { + String username = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + newClientId; + serviceAccountUser.setUsername(username); + serviceAccountUser.setEmail(username + "@placeholder.org"); + } + } + @JsonPropertyOrder({"realm", "realm-public-key", "bearer-only", "auth-server-url", "ssl-required", "resource", "public-client", "credentials", "use-resource-role-mappings"}) diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java index 8928568ac6..1275022646 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java @@ -158,6 +158,10 @@ public class ClientResource { new ClientManager(new RealmManager(session)).enableServiceAccount(client); } + if (!rep.getClientId().equals(client.getClientId())) { + new ClientManager(new RealmManager(session)).clientIdChanged(client, rep.getClientId()); + } + RepresentationToModel.updateClient(rep, client); if (Profile.isPreviewEnabled()) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java index c3b05cbbc2..cfd790727c 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java @@ -232,14 +232,14 @@ public class ServiceAccountTest extends AbstractKeycloakTest { RefreshToken refreshToken = oauth.verifyRefreshToken(response.getRefreshToken()); Assert.assertEquals("updated-client", accessToken.getOtherClaims().get(ServiceAccountConstants.CLIENT_ID)); - // Username still same. Client ID changed + // Username updated after client ID changed events.expectClientLogin() .client("updated-client") .user(userId) .session(accessToken.getSessionState()) .detail(Details.TOKEN_ID, accessToken.getId()) .detail(Details.REFRESH_TOKEN_ID, refreshToken.getId()) - .detail(Details.USERNAME, ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "service-account-cl") + .detail(Details.USERNAME, ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "updated-client") .assertEvent();