Merge pull request #3593 from mposolda/master

KEYCLOAK-3340 Service Account user not renamed when renaming client-id
2016-12-02 21:34:28 +01:00 · 2016-12-02 21:34:28 +01:00 · b1265f6d70
commit b1265f6d70
parent e6a20aa44b 17d8394ab6
3 changed files with 17 additions and 2 deletions
--- a/services/src/main/java/org/keycloak/services/managers/ClientManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/ClientManager.java
@ -195,6 +195,17 @@ public class ClientManager {
        }
    }

+    public void clientIdChanged(ClientModel client, String newClientId) {
+        logger.debugf("Updating clientId from '%s' to '%s'", client.getClientId(), newClientId);
+
+        UserModel serviceAccountUser = realmManager.getSession().users().getServiceAccount(client);
+        if (serviceAccountUser != null) {
+            String username = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + newClientId;
+            serviceAccountUser.setUsername(username);
+            serviceAccountUser.setEmail(username + "@placeholder.org");
+        }
+    }
+
    @JsonPropertyOrder({"realm", "realm-public-key", "bearer-only", "auth-server-url", "ssl-required",
            "resource", "public-client", "credentials",
            "use-resource-role-mappings"})
--- a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java
@ -158,6 +158,10 @@ public class ClientResource {
            new ClientManager(new RealmManager(session)).enableServiceAccount(client);
        }

+        if (!rep.getClientId().equals(client.getClientId())) {
+            new ClientManager(new RealmManager(session)).clientIdChanged(client, rep.getClientId());
+        }
+
        RepresentationToModel.updateClient(rep, client);

        if (Profile.isPreviewEnabled()) {
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java
@ -232,14 +232,14 @@ public class ServiceAccountTest extends AbstractKeycloakTest {
        RefreshToken refreshToken = oauth.verifyRefreshToken(response.getRefreshToken());
        Assert.assertEquals("updated-client", accessToken.getOtherClaims().get(ServiceAccountConstants.CLIENT_ID));

-        // Username still same. Client ID changed
+        // Username updated after client ID changed
        events.expectClientLogin()
                .client("updated-client")
                .user(userId)
                .session(accessToken.getSessionState())
                .detail(Details.TOKEN_ID, accessToken.getId())
                .detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
-                .detail(Details.USERNAME, ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "service-account-cl")
+                .detail(Details.USERNAME, ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "updated-client")
                .assertEvent();