Fix MembershipType so that NPE is not thrown when an empty member is found within a group

Closes #25883

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
This commit is contained in:
Stefan Guilhen 2024-02-09 10:45:07 -03:00 committed by Alexander Schwartz
parent 20e535a3f6
commit d3ae075a33
2 changed files with 8 additions and 2 deletions

View file

@ -57,7 +57,7 @@ public enum MembershipType {
Set<LDAPDn> result = new LinkedHashSet<>();
for (String membership : allMemberships) {
LDAPDn childDn = LDAPDn.fromString(membership);
if (childDn.getFirstRdn().getAttrValue(rdnAttr) != null && childDn.isDescendantOf(requiredParentDn)) {
if (childDn.isDescendantOf(requiredParentDn) && childDn.getFirstRdn().getAttrValue(rdnAttr) != null) {
result.add(childDn);
}
}

View file

@ -513,7 +513,13 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
nonExistentLdapUser.setDn(nonExistentDn);
LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, nonExistentLdapUser);
// 4 - Check group members. Just existing user rob should be present
// 4 - Add an empty member to the same LDAP group
LDAPDn emptyDn = LDAPDn.fromString("");
LDAPObject emptyUser = new LDAPObject();
emptyUser.setDn(emptyDn);
LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, emptyUser);
// 5 - Check group members. Just existing user rob should be present
groupMapper.syncDataFromFederationProviderToKeycloak(appRealm);
GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group2");
List<UserModel> groupUsers = session.users().getGroupMembersStream(appRealm, kcGroup2, 0, 5)