libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Strip secret of user when creating from admin API

Browse source 
Closes #14843
This commit is contained in:
Lex Cao 2022-11-05 18:00:46 +08:00 committed by Marek Posolda
parent 67f32b434b
commit dd03137ea7
2 changed files with 25 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
View file

@ -32,6 +32,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.models.utils.StripSecretsUtils;
import org.keycloak.policy.PasswordPolicyNotMetException;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.ErrorResponse;
@ -159,7 +160,7 @@ public class UsersResource {
RepresentationToModel.createGroups(rep, realm, user);
RepresentationToModel.createCredentials(rep, session, realm, user, true);
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), user.getId()).representation(rep).success();
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), user.getId()).representation(StripSecretsUtils.strip(rep)).success();
if (session.getTransactionManager().isActive()) {
session.getTransactionManager().commit();

23
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java
View file

@ -48,6 +48,7 @@ import org.keycloak.models.credential.OTPCredentialModel;
import org.keycloak.models.credential.PasswordCredentialModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.StripSecretsUtils;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
@ -182,6 +183,8 @@ public class UserTest extends AbstractAdminTest {
createdId = ApiUtil.getCreatedId(response);
}
StripSecretsUtils.strip(userRep);
if (assertAdminEvent) {
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(createdId), userRep,
ResourceType.USER);
@ -3113,4 +3116,24 @@ public class UserTest extends AbstractAdminTest {
assertEquals(subGroupName, obtainedGroups.get(1).getName());
}
}
@Test
public void expectNoPasswordShownWhenCreatingUserWithPassword() throws IOException {
CredentialRepresentation credential = new CredentialRepresentation();
credential.setType(CredentialRepresentation.PASSWORD);
credential.setValue("password");
UserRepresentation user = new UserRepresentation();
user.setUsername("test");
user.setCredentials(Collections.singletonList(credential));
user.setEnabled(true);
createUser(user, false);
String actualRepresentation = assertAdminEvents.poll().getRepresentation();
assertEquals(
JsonSerialization.writeValueAsString(user),
actualRepresentation
);
}
}