KEYCLOAK-5662 - CachePolicy.MAX_LIFESPAN - Cached LDAP users aren't being refreshed at all

This commit is contained in:
Przemysław Kadej 2017-10-10 10:20:20 +02:00
parent ab8f4720d6
commit e28f402b6b
2 changed files with 118 additions and 2 deletions

View file

@ -288,7 +288,9 @@ public class UserCacheSession implements UserCache {
return null;
}
StorageId storageId = new StorageId(cached.getId());
StorageId storageId = cached.getFederationLink() != null ?
new StorageId(cached.getFederationLink(), cached.getId()) : new StorageId(cached.getId());
if (!storageId.isLocal()) {
ComponentModel component = realm.getComponent(storageId.getProviderId());
UserStorageProviderModel model = new UserStorageProviderModel(component);
@ -336,7 +338,8 @@ public class UserCacheSession implements UserCache {
protected UserModel cacheUser(RealmModel realm, UserModel delegate, Long revision) {
int notBefore = getDelegate().getNotBeforeOfUser(realm, delegate);
StorageId storageId = new StorageId(delegate.getId());
StorageId storageId = delegate.getFederationLink() != null ?
new StorageId(delegate.getFederationLink(), delegate.getId()) : new StorageId(delegate.getId());
CachedUser cached = null;
if (!storageId.isLocal()) {
ComponentModel component = realm.getComponent(storageId.getProviderId());

View file

@ -25,6 +25,7 @@ import static org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.jboss.logging.Logger;
import org.junit.Assert;
import org.junit.Before;
@ -38,6 +39,7 @@ import org.junit.runners.MethodSorters;
import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.Time;
import org.keycloak.component.ComponentModel;
import org.keycloak.credential.CredentialModel;
import org.keycloak.models.Constants;
@ -48,6 +50,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.cache.CachedUserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.AccessToken;
import org.keycloak.services.managers.RealmManager;
@ -193,6 +196,13 @@ public class LDAPProvidersIntegrationTest {
@Before
public void onBefore() {
adminClient = Keycloak.getInstance(AUTH_SERVER_ROOT, MASTER, ADMIN, ADMIN, Constants.ADMIN_CLI_CLIENT_ID);
UserStorageProviderModel model = new UserStorageProviderModel(ldapModel);
model.setCachePolicy(UserStorageProviderModel.CachePolicy.MAX_LIFESPAN);
model.setMaxLifespan(600000); // Lifetime is 10 minutes
KeycloakSession session = keycloakRule.startSession();
RealmModel realm = session.realms().getRealmByName("test");
realm.updateComponent(model);
keycloakRule.stopSession(session, true);
}
@Test
@ -1131,4 +1141,107 @@ public class LDAPProvidersIntegrationTest {
}
}
@Test
public void testLDAPUserRefreshCache() {
KeycloakSession session = keycloakRule.startSession();
try {
RealmModel appRealm = new RealmManager(session).getRealmByName("test");
LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "johndirect", "John", "Direct", "johndirect@email.org", null, "1234");
// Fetch user from LDAP and check that postalCode is filled
UserModel user = session.users().getUserByUsername("johndirect", appRealm);
String postalCode = user.getFirstAttribute("postal_code");
Assert.assertEquals("1234", postalCode);
LDAPTestUtils.removeLDAPUserByUsername(ldapProvider, appRealm, ldapProvider.getLdapIdentityStore().getConfig(), "johndirect");
} finally {
keycloakRule.stopSession(session, true);
}
Time.setOffset(60 * 5); // 5 minutes in future, user should be cached still
session = keycloakRule.startSession();
try {
RealmModel appRealm = new RealmManager(session).getRealmByName("test");
CachedUserModel user = (CachedUserModel) session.users().getUserByUsername("johndirect", appRealm);
String postalCode = user.getFirstAttribute("postal_code");
String email = user.getEmail();
Assert.assertEquals("1234", postalCode);
Assert.assertEquals("johndirect@email.org", email);
} finally {
keycloakRule.stopSession(session, true);
}
Time.setOffset(60 * 20); // 20 minutes into future, cache will be invalidated
session = keycloakRule.startSession();
try {
RealmModel appRealm = new RealmManager(session).getRealmByName("test");
UserModel user = session.users().getUserByUsername("johndirect", appRealm);
Assert.assertNull(user);
} finally {
keycloakRule.stopSession(session, true);
Time.setOffset(0);
}
}
@Test
public void testCacheUser() {
UserStorageProviderModel model = new UserStorageProviderModel(ldapModel);
model.setCachePolicy(UserStorageProviderModel.CachePolicy.NO_CACHE);
KeycloakSession session = keycloakRule.startSession();
RealmModel appRealm = session.realms().getRealmByName("test");
appRealm.updateComponent(model);
String userId = null;
UserModel testedUser = null;
try {
LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "testCacheUser", "John", "Cached", "johndirect@test.com", null, "1234");
// Fetch user from LDAP and check that postalCode is filled
testedUser = session.users().getUserByUsername("testCacheUser", appRealm);
userId = testedUser.getId();
Assert.assertNotNull(userId);
Assert.assertTrue(StringUtils.isNotBlank(userId));
} finally {
keycloakRule.stopSession(session, true);
}
session = keycloakRule.startSession();
appRealm = session.realms().getRealmByName("test");
testedUser = session.users().getUserById(userId, appRealm);
Assert.assertFalse(testedUser instanceof CachedUserModel);
keycloakRule.stopSession(session, false);
// restore default cache policy
onBefore();
session = keycloakRule.startSession();
appRealm = session.realms().getRealmByName("test");
// initial get for cache
testedUser = session.users().getUserById(userId, appRealm);
Assert.assertTrue(testedUser instanceof CachedUserModel);
keycloakRule.stopSession(session, false);
Time.setOffset(60 * 5); // 5 minutes in future, should be cached still
session = keycloakRule.startSession();
appRealm = session.realms().getRealmByName("test");
testedUser = session.users().getUserById(userId, appRealm);
Assert.assertTrue(testedUser instanceof CachedUserModel);
keycloakRule.stopSession(session, false);
Time.setOffset(60 * 10); // 10 minutes into future, cache will be invalidated
session = keycloakRule.startSession();
appRealm = session.realms().getRealmByName("test");
testedUser = session.users().getUserByUsername("thor", appRealm);
Assert.assertFalse(testedUser instanceof CachedUserModel);
keycloakRule.stopSession(session, false);
Time.setOffset(0);
}
}