Merge pull request #4823 from patriot1burke/master

KEYCLOAK-5724
2017-12-08 20:03:05 -05:00 · 2017-12-08 20:03:05 -05:00 · c9b218db71
commit c9b218db71
parent 03e43f8964 7c031505e2
4 changed files with 101 additions and 19 deletions
--- a/server-spi-private/src/main/java/org/keycloak/migration/MigrationModelManager.java
+++ b/server-spi-private/src/main/java/org/keycloak/migration/MigrationModelManager.java
@ -37,6 +37,7 @@ import org.keycloak.migration.migrators.MigrateTo3_1_0;
 import org.keycloak.migration.migrators.MigrateTo3_2_0;
 import org.keycloak.migration.migrators.MigrateTo3_4_0;
 import org.keycloak.migration.migrators.MigrateTo3_4_1;
+import org.keycloak.migration.migrators.MigrateTo3_4_2;
 import org.keycloak.migration.migrators.Migration;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
@ -68,7 +69,8 @@ public class MigrationModelManager {
            new MigrateTo3_1_0(),
            new MigrateTo3_2_0(),
            new MigrateTo3_4_0(),
-            new MigrateTo3_4_1()
+            new MigrateTo3_4_1(),
+            new MigrateTo3_4_2()
    };

    public static void migrate(KeycloakSession session) {
--- a/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo3_4_2.java
+++ b/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo3_4_2.java
@ -0,0 +1,79 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.migration.migrators;
+
+
+import org.keycloak.migration.ModelVersion;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.Constants;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.RoleModel;
+import org.keycloak.representations.idm.RealmRepresentation;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:bruno@abstractj.org">Bruno Oliveira</a>
+ */
+public class MigrateTo3_4_2 implements Migration {
+
+    public static final ModelVersion VERSION = new ModelVersion("3.4.2");
+
+    @Override
+    public void migrate(KeycloakSession session) {
+        session.realms().getRealms().stream().forEach(
+                r -> {
+                    migrateRealm(r);
+                }
+        );
+    }
+
+    @Override
+    public void migrateImport(KeycloakSession session, RealmModel realm, RealmRepresentation rep, boolean skipUserDependent) {
+        migrateRealm(realm);
+    }
+
+    protected void migrateRealm(RealmModel realm) {
+        // this is a fix for migration that should have been done in 3_2_0
+        ClientModel cli = realm.getClientByClientId(Constants.ADMIN_CLI_CLIENT_ID);
+        clearScope(cli);
+        ClientModel console = realm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
+        clearScope(console);
+
+    }
+
+    private void clearScope(ClientModel cli) {
+        if (cli.isFullScopeAllowed()) cli.setFullScopeAllowed(false);
+        Set<RoleModel> scope = cli.getScopeMappings();
+        if (scope.size() > 0) {
+            for (RoleModel role : scope) cli.deleteScopeMapping(role);
+        }
+    }
+
+    @Override
+    public ModelVersion getVersion() {
+        return VERSION;
+    }
+
+}
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@ -151,15 +151,6 @@ public class RealmManager {
        adminConsole.addRedirectUri(baseUrl + "/*");
        adminConsole.setFullScopeAllowed(false);
        adminConsole.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
-
-        RoleModel adminRole;
-        if (realm.getName().equals(Config.getAdminRealm())) {
-            adminRole = realm.getRole(AdminRoles.ADMIN);
-        } else {
-            String realmAdminApplicationClientId = getRealmAdminClientId(realm);
-            ClientModel realmAdminApp = realm.getClientByClientId(realmAdminApplicationClientId);
-            adminRole = realmAdminApp.getRole(AdminRoles.REALM_ADMIN);
-        }
    }

    protected void setupAdminConsoleLocaleMapper(RealmModel realm) {
@ -185,15 +176,6 @@ public class RealmManager {
            adminCli.setStandardFlowEnabled(false);
            adminCli.setDirectAccessGrantsEnabled(true);
            adminCli.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
-
-            RoleModel adminRole;
-            if (realm.getName().equals(Config.getAdminRealm())) {
-                adminRole = realm.getRole(AdminRoles.ADMIN);
-            } else {
-                String realmAdminApplicationClientId = getRealmAdminClientId(realm);
-                ClientModel realmAdminApp = realm.getClientByClientId(realmAdminApplicationClientId);
-                adminRole = realmAdminApp.getRole(AdminRoles.REALM_ADMIN);
-            }
        }

    }
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/AbstractMigrationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/AbstractMigrationTest.java
@ -34,6 +34,7 @@ import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
 import org.keycloak.representations.idm.ClientRepresentation;
 import org.keycloak.representations.idm.ClientTemplateRepresentation;
 import org.keycloak.representations.idm.ComponentRepresentation;
+import org.keycloak.representations.idm.MappingsRepresentation;
 import org.keycloak.representations.idm.ProtocolMapperRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
@ -180,6 +181,23 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest {
        }
    }

+    protected void testMigrationTo3_4_2() {
+        testCliConsoleScopeSize(this.masterRealm);
+        testCliConsoleScopeSize(this.migrationRealm);
+    }
+
+    private void testCliConsoleScopeSize(RealmResource realm) {
+        ClientRepresentation cli = realm.clients().findByClientId(Constants.ADMIN_CLI_CLIENT_ID).get(0);
+        ClientRepresentation console = realm.clients().findByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID).get(0);
+        MappingsRepresentation scopeMappings = realm.clients().get(console.getId()).getScopeMappings().getAll();
+        Assert.assertNull(scopeMappings.getClientMappings());
+        Assert.assertNull(scopeMappings.getRealmMappings());
+
+        scopeMappings = realm.clients().get(cli.getId()).getScopeMappings().getAll();
+        Assert.assertNull(scopeMappings.getClientMappings());
+        Assert.assertNull(scopeMappings.getRealmMappings());
+    }
+
    protected void testDockerAuthenticationFlow(RealmResource... realms) {
        for (RealmResource realm : realms) {
            AuthenticationFlowRepresentation flow = null;
@ -420,6 +438,7 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest {
        testMigrationTo3_2_0();
        testMigrationTo3_4_0();
        testMigrationTo3_4_1();
+        testMigrationTo3_4_2();
    }