libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Brute Force Detection is disabled when updating frontenUrl via admin client

Browse source 
Closes #21409

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
This commit is contained in:
Douglas Palmer 2024-01-31 11:50:51 -08:00 committed by Pedro Igor
parent 402c7d9b18
commit d9d41b1a09
2 changed files with 53 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
model/storage-private/src/main/java/org/keycloak/storage/datastore/DefaultExportImportManager.java
View file

@ -59,6 +59,7 @@ import org.keycloak.models.utils.DefaultAuthenticationFlows;
import org.keycloak.models.utils.DefaultKeyProviders;
import org.keycloak.models.utils.DefaultRequiredActions;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.partialimport.PartialImportResults;
import org.keycloak.protocol.oidc.OIDCConfigAttributes;
@ -714,6 +715,7 @@ public class DefaultExportImportManager implements ExportImportManager {
if (rep.getAttributes() != null) {
Set<String> attrsToRemove = new HashSet<>(realm.getAttributes().keySet());
attrsToRemove.removeAll(rep.getAttributes().keySet());
attrsToRemove.removeAll(ModelToRepresentation.REALM_EXCLUDED_ATTRIBUTES);
for (Map.Entry<String, String> entry : rep.getAttributes().entrySet()) {
realm.setAttribute(entry.getKey(), entry.getValue());

51
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
View file

@ -263,6 +263,57 @@ public class RealmTest extends AbstractAdminTest {
assertThat(attributesKeys, CoreMatchers.is(expectedAttributes));
}
/**
* Checks attributes exposed as fields are not deleted on update realm
*/
@Test
public void testFieldNotErased() {
Long dummyLong = Long.valueOf(999);
Integer dummyInt = Integer.valueOf(999);
RealmRepresentation rep = new RealmRepresentation();
rep.setRealm("attributes");
rep.setDisplayName("DISPLAY_NAME");
rep.setDisplayNameHtml("DISPLAY_NAME_HTML");
rep.setDefaultSignatureAlgorithm("HS256");
rep.setBruteForceProtected(true);
rep.setPermanentLockout(true);
rep.setMaxFailureWaitSeconds(dummyInt);
rep.setWaitIncrementSeconds(dummyInt);
rep.setQuickLoginCheckMilliSeconds(dummyLong);
rep.setMinimumQuickLoginWaitSeconds(dummyInt);
rep.setMaxDeltaTimeSeconds(dummyInt);
rep.setFailureFactor(dummyInt);
rep.setActionTokenGeneratedByAdminLifespan(dummyInt);
rep.setActionTokenGeneratedByUserLifespan(dummyInt);
rep.setOfflineSessionMaxLifespanEnabled(true);
rep.setOfflineSessionMaxLifespan(dummyInt);
adminClient.realms().create(rep);
getCleanup().addCleanup(() -> adminClient.realms().realm("attributes").remove());
RealmRepresentation rep2 = new RealmRepresentation();
rep2.setAttributes(Collections.singletonMap("frontendUrl", "http://localhost/frontEnd"));
adminClient.realm("attributes").update(rep2);
rep = adminClient.realm("attributes").toRepresentation();
assertEquals("DISPLAY_NAME", rep.getDisplayName());
assertEquals("DISPLAY_NAME_HTML", rep.getDisplayNameHtml());
assertEquals("HS256", rep.getDefaultSignatureAlgorithm());
assertTrue(rep.isBruteForceProtected());
assertTrue(rep.isPermanentLockout());
assertEquals(dummyInt, rep.getMaxFailureWaitSeconds());
assertEquals(dummyInt, rep.getWaitIncrementSeconds());
assertEquals(dummyLong, rep.getQuickLoginCheckMilliSeconds());
assertEquals(dummyInt, rep.getMinimumQuickLoginWaitSeconds());
assertEquals(dummyInt, rep.getMaxDeltaTimeSeconds());
assertEquals(dummyInt, rep.getFailureFactor());
assertEquals(dummyInt, rep.getActionTokenGeneratedByAdminLifespan());
assertEquals(dummyInt, rep.getActionTokenGeneratedByUserLifespan());
assertTrue(rep.getOfflineSessionMaxLifespanEnabled());
assertEquals(dummyInt, rep.getOfflineSessionMaxLifespan());
}
@Test
public void smtpPasswordSecret() {
RealmRepresentation rep = RealmBuilder.create().testEventListener().testMail().build();