libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Merge pull request #3593 from mposolda/master

Browse source 
KEYCLOAK-3340 Service Account user not renamed when renaming client-id
This commit is contained in:
Marek Posolda 2016-12-02 21:34:28 +01:00 committed by GitHub
commit b1265f6d70
3 changed files with 17 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
services/src/main/java/org/keycloak/services/managers/ClientManager.java
View file

@ -195,6 +195,17 @@ public class ClientManager {
} }
} }
public void clientIdChanged(ClientModel client, String newClientId) {
logger.debugf("Updating clientId from '%s' to '%s'", client.getClientId(), newClientId);
UserModel serviceAccountUser = realmManager.getSession().users().getServiceAccount(client);
if (serviceAccountUser != null) {
String username = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + newClientId;
serviceAccountUser.setUsername(username);
serviceAccountUser.setEmail(username + "@placeholder.org");
}
}
@JsonPropertyOrder({"realm", "realm-public-key", "bearer-only", "auth-server-url", "ssl-required", @JsonPropertyOrder({"realm", "realm-public-key", "bearer-only", "auth-server-url", "ssl-required",
"resource", "public-client", "credentials", "resource", "public-client", "credentials",
"use-resource-role-mappings"}) "use-resource-role-mappings"})

4
services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java
View file

@ -158,6 +158,10 @@ public class ClientResource {
new ClientManager(new RealmManager(session)).enableServiceAccount(client); new ClientManager(new RealmManager(session)).enableServiceAccount(client);
} }
if (!rep.getClientId().equals(client.getClientId())) {
new ClientManager(new RealmManager(session)).clientIdChanged(client, rep.getClientId());
}
RepresentationToModel.updateClient(rep, client); RepresentationToModel.updateClient(rep, client);
if (Profile.isPreviewEnabled()) { if (Profile.isPreviewEnabled()) {

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java
View file

@ -232,14 +232,14 @@ public class ServiceAccountTest extends AbstractKeycloakTest {
RefreshToken refreshToken = oauth.verifyRefreshToken(response.getRefreshToken()); RefreshToken refreshToken = oauth.verifyRefreshToken(response.getRefreshToken());
Assert.assertEquals("updated-client", accessToken.getOtherClaims().get(ServiceAccountConstants.CLIENT_ID)); Assert.assertEquals("updated-client", accessToken.getOtherClaims().get(ServiceAccountConstants.CLIENT_ID));
// Username still same. Client ID changed // Username updated after client ID changed
events.expectClientLogin() events.expectClientLogin()
.client("updated-client") .client("updated-client")
.user(userId) .user(userId)
.session(accessToken.getSessionState()) .session(accessToken.getSessionState())
.detail(Details.TOKEN_ID, accessToken.getId()) .detail(Details.TOKEN_ID, accessToken.getId())
.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId()) .detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.detail(Details.USERNAME, ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "service-account-cl") .detail(Details.USERNAME, ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "updated-client")
.assertEvent(); .assertEvent();