All pubic brokers are shown during authentication rather than only those associated with the current organization

Closes #31246 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-12 10:03:41 -03:00 · 2024-07-12 10:03:41 -03:00 · c33585a5f4
commit c33585a5f4
parent 1df60461a9
2 changed files with 35 additions and 0 deletions
--- a/services/src/main/java/org/keycloak/organization/forms/login/freemarker/model/OrganizationAwareIdentityProviderBean.java
+++ b/services/src/main/java/org/keycloak/organization/forms/login/freemarker/model/OrganizationAwareIdentityProviderBean.java
@ -74,6 +74,12 @@ public class OrganizationAwareIdentityProviderBean extends IdentityProviderBean
            return false;
        }

+        OrganizationModel organization = (OrganizationModel) session.getAttribute(OrganizationModel.class.getName());
+
+        if (organization != null && !organization.getId().equals(model.getOrganizationId())) {
+            return false;
+        }
+
        return Boolean.parseBoolean(model.getConfig().getOrDefault(OrganizationModel.BROKER_PUBLIC, Boolean.FALSE.toString()));
    }

--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/organization/broker/AbstractBrokerSelfRegistrationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/organization/broker/AbstractBrokerSelfRegistrationTest.java
@ -432,6 +432,35 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
        Assert.assertTrue(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
    }

+    @Test
+    public void testOnlyShowBrokersAssociatedWithResolvedOrganization() {
+        String org0Name = "org-0";
+        OrganizationResource org0 = testRealm().organizations().get(createOrganization(org0Name).getId());
+        IdentityProviderRepresentation org0Broker = org0.identityProviders().getIdentityProviders().get(0);
+        org0Broker.getConfig().remove(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE);
+        org0Broker.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.TRUE.toString());
+        testRealm().identityProviders().get(org0Broker.getAlias()).update(org0Broker);
+        String org1Name = "org-1";
+        OrganizationResource org1 = testRealm().organizations().get(createOrganization(org1Name).getId());
+        IdentityProviderRepresentation org1Broker = org1.identityProviders().getIdentityProviders().get(0);
+        org1Broker.getConfig().remove(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE);
+        org1Broker.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.TRUE.toString());
+        testRealm().identityProviders().get(org1Broker.getAlias()).update(org1Broker);
+
+        oauth.clientId("broker-app");
+        loginPage.open(bc.consumerRealmName());
+        loginPage.loginUsername("user@org-0.org");
+        Assert.assertTrue(driver.getPageSource().contains("Your email domain matches the " + org0Name + " organization but you don't have an account yet."));
+        Assert.assertTrue(loginPage.isSocialButtonPresent(org0Broker.getAlias()));
+        Assert.assertFalse(loginPage.isSocialButtonPresent(org1Broker.getAlias()));
+
+        loginPage.open(bc.consumerRealmName());
+        loginPage.loginUsername("user@org-1.org");
+        Assert.assertTrue(driver.getPageSource().contains("Your email domain matches the " + org1Name + " organization but you don't have an account yet."));
+        Assert.assertTrue(loginPage.isSocialButtonPresent(org1Broker.getAlias()));
+        Assert.assertFalse(loginPage.isSocialButtonPresent(org0Broker.getAlias()));
+    }
+
    @Test
    public void testLoginUsingBrokerWithoutDomain() {
        OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());