[KEYCLOAK-9896] - Authorization Scope modified improperly when updating Resource

2020-04-23 10:14:13 -03:00 · 2020-04-23 10:14:13 -03:00 · dacbe22d53
commit dacbe22d53
parent 54d24327ad
2 changed files with 51 additions and 5 deletions
--- a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
+++ b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
@ -2567,7 +2567,7 @@ public class RepresentationToModel {
            existing.setIconUri(resource.getIconUri());
            existing.setOwnerManagedAccess(Boolean.TRUE.equals(resource.getOwnerManagedAccess()));
            existing.updateScopes(resource.getScopes().stream()
-                    .map((ScopeRepresentation scope) -> toModel(scope, resourceServer, authorization))
+                    .map((ScopeRepresentation scope) -> toModel(scope, resourceServer, authorization, false))
                    .collect(Collectors.toSet()));
            Map<String, List<String>> attributes = resource.getAttributes();

@ -2602,7 +2602,7 @@ public class RepresentationToModel {
        Set<ScopeRepresentation> scopes = resource.getScopes();

        if (scopes != null) {
-            model.updateScopes(scopes.stream().map((Function<ScopeRepresentation, Scope>) scope -> toModel(scope, resourceServer, authorization)).collect(Collectors.toSet()));
+            model.updateScopes(scopes.stream().map(scope -> toModel(scope, resourceServer, authorization, false)).collect(Collectors.toSet()));
        }

        Map<String, List<String>> attributes = resource.getAttributes();
@ -2619,6 +2619,10 @@ public class RepresentationToModel {
    }

    public static Scope toModel(ScopeRepresentation scope, ResourceServer resourceServer, AuthorizationProvider authorization) {
+        return toModel(scope, resourceServer, authorization, true);
+    }
+    
+    public static Scope toModel(ScopeRepresentation scope, ResourceServer resourceServer, AuthorizationProvider authorization, boolean updateIfExists) {
        StoreFactory storeFactory = authorization.getStoreFactory();
        ScopeStore scopeStore = storeFactory.getScopeStore();
        Scope existing;
@ -2630,9 +2634,11 @@ public class RepresentationToModel {
        }

        if (existing != null) {
+            if (updateIfExists) {
                existing.setName(scope.getName());
                existing.setDisplayName(scope.getDisplayName());
                existing.setIconUri(scope.getIconUri());
+            }
            return existing;
        }

--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ScopeManagementTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ScopeManagementTest.java
@ -21,12 +21,17 @@ package org.keycloak.testsuite.admin.client.authorization;
 import org.junit.Before;
 import org.junit.Test;
 import org.keycloak.admin.client.resource.ResourceScopeResource;
+import org.keycloak.admin.client.resource.ResourcesResource;
+import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.representations.idm.authorization.ScopeRepresentation;

 import javax.ws.rs.NotFoundException;
+import javax.ws.rs.core.Response;

 import static org.junit.Assert.assertEquals;

+import java.util.UUID;
+
 /**
 *
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
@ -57,6 +62,41 @@ public class ScopeManagementTest extends AbstractAuthorizationTest {
        assertEquals("changed", scope.getIconUri());
    }

+    @Test
+    public void testNotUpdateOnResourceUpdate() {
+        ResourceScopeResource scopeResource = createDefaultScope();
+        ScopeRepresentation scope = scopeResource.toRepresentation();
+
+        scope.setName("changed");
+        scope.setDisplayName("changed");
+        scope.setIconUri("changed");
+
+        scopeResource.update(scope);
+
+        scope = scopeResource.toRepresentation();
+
+        assertEquals("changed", scope.getName());
+        assertEquals("changed", scope.getDisplayName());
+        assertEquals("changed", scope.getIconUri());
+
+        ResourcesResource resources = getClientResource().authorization().resources();
+        ResourceRepresentation resource;
+        
+        try (Response response = resources
+                .create(new ResourceRepresentation(UUID.randomUUID().toString(), scope.getName()))) {
+            resource = response.readEntity(ResourceRepresentation.class);
+        }
+
+        resource.getScopes().iterator().next().setDisplayName(null);
+        resources.resource(resource.getId()).update(resource);
+        
+        scope = scopeResource.toRepresentation();
+
+        assertEquals("changed", scope.getName());
+        assertEquals("changed", scope.getDisplayName());
+        assertEquals("changed", scope.getIconUri());
+    }
+
    @Test(expected = NotFoundException.class)
    public void testDelete() {
        ResourceScopeResource scopeResource = createDefaultScope();