libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

[KEYCLOAK-9896] - Authorization Scope modified improperly when updating Resource

Browse source
This commit is contained in:
Pedro Igor 2020-04-23 10:14:13 -03:00 committed by Stian Thorgersen
parent 54d24327ad
commit dacbe22d53
2 changed files with 51 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
View file

@ -2567,7 +2567,7 @@ public class RepresentationToModel {
existing.setIconUri(resource.getIconUri()); existing.setIconUri(resource.getIconUri());
existing.setOwnerManagedAccess(Boolean.TRUE.equals(resource.getOwnerManagedAccess())); existing.setOwnerManagedAccess(Boolean.TRUE.equals(resource.getOwnerManagedAccess()));
existing.updateScopes(resource.getScopes().stream() existing.updateScopes(resource.getScopes().stream()
.map((ScopeRepresentation scope) -> toModel(scope, resourceServer, authorization)) .map((ScopeRepresentation scope) -> toModel(scope, resourceServer, authorization, false))
.collect(Collectors.toSet())); .collect(Collectors.toSet()));
Map<String, List<String>> attributes = resource.getAttributes(); Map<String, List<String>> attributes = resource.getAttributes();
@ -2602,7 +2602,7 @@ public class RepresentationToModel {
Set<ScopeRepresentation> scopes = resource.getScopes(); Set<ScopeRepresentation> scopes = resource.getScopes();
if (scopes != null) { if (scopes != null) {
model.updateScopes(scopes.stream().map((Function<ScopeRepresentation, Scope>) scope -> toModel(scope, resourceServer, authorization)).collect(Collectors.toSet())); model.updateScopes(scopes.stream().map(scope -> toModel(scope, resourceServer, authorization, false)).collect(Collectors.toSet()));
} }
Map<String, List<String>> attributes = resource.getAttributes(); Map<String, List<String>> attributes = resource.getAttributes();
@ -2619,6 +2619,10 @@ public class RepresentationToModel {
} }
public static Scope toModel(ScopeRepresentation scope, ResourceServer resourceServer, AuthorizationProvider authorization) { public static Scope toModel(ScopeRepresentation scope, ResourceServer resourceServer, AuthorizationProvider authorization) {
return toModel(scope, resourceServer, authorization, true);
}
public static Scope toModel(ScopeRepresentation scope, ResourceServer resourceServer, AuthorizationProvider authorization, boolean updateIfExists) {
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
ScopeStore scopeStore = storeFactory.getScopeStore(); ScopeStore scopeStore = storeFactory.getScopeStore();
Scope existing; Scope existing;
@ -2630,9 +2634,11 @@ public class RepresentationToModel {
} }
if (existing != null) { if (existing != null) {
if (updateIfExists) {
existing.setName(scope.getName()); existing.setName(scope.getName());
existing.setDisplayName(scope.getDisplayName()); existing.setDisplayName(scope.getDisplayName());
existing.setIconUri(scope.getIconUri()); existing.setIconUri(scope.getIconUri());
}
return existing; return existing;
} }

40
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ScopeManagementTest.java
View file

@ -21,12 +21,17 @@ package org.keycloak.testsuite.admin.client.authorization;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.resource.ResourceScopeResource; import org.keycloak.admin.client.resource.ResourceScopeResource;
import org.keycloak.admin.client.resource.ResourcesResource;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import javax.ws.rs.NotFoundException; import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import java.util.UUID;
/** /**
* *
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a> * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
@ -57,6 +62,41 @@ public class ScopeManagementTest extends AbstractAuthorizationTest {
assertEquals("changed", scope.getIconUri()); assertEquals("changed", scope.getIconUri());
} }
@Test
public void testNotUpdateOnResourceUpdate() {
ResourceScopeResource scopeResource = createDefaultScope();
ScopeRepresentation scope = scopeResource.toRepresentation();
scope.setName("changed");
scope.setDisplayName("changed");
scope.setIconUri("changed");
scopeResource.update(scope);
scope = scopeResource.toRepresentation();
assertEquals("changed", scope.getName());
assertEquals("changed", scope.getDisplayName());
assertEquals("changed", scope.getIconUri());
ResourcesResource resources = getClientResource().authorization().resources();
ResourceRepresentation resource;
try (Response response = resources
.create(new ResourceRepresentation(UUID.randomUUID().toString(), scope.getName()))) {
resource = response.readEntity(ResourceRepresentation.class);
}
resource.getScopes().iterator().next().setDisplayName(null);
resources.resource(resource.getId()).update(resource);
scope = scopeResource.toRepresentation();
assertEquals("changed", scope.getName());
assertEquals("changed", scope.getDisplayName());
assertEquals("changed", scope.getIconUri());
}
@Test(expected = NotFoundException.class) @Test(expected = NotFoundException.class)
public void testDelete() { public void testDelete() {
ResourceScopeResource scopeResource = createDefaultScope(); ResourceScopeResource scopeResource = createDefaultScope();