libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Allow setting a default user profile configuration

Browse source 
Closes #26489

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
This commit is contained in:
Pedro Igor 2024-02-09 14:56:02 -03:00 committed by Marek Posolda
parent 9f262da751
commit e50642ac32
7 changed files with 92 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
quarkus/deployment/src/main/java/org/keycloak/quarkus/deployment/KeycloakProcessor.java
View file

@ -114,7 +114,7 @@ import org.keycloak.transaction.JBossJtaTransactionManagerLookup;
import org.keycloak.url.DefaultHostnameProviderFactory; import org.keycloak.url.DefaultHostnameProviderFactory;
import org.keycloak.url.FixedHostnameProviderFactory; import org.keycloak.url.FixedHostnameProviderFactory;
import org.keycloak.url.RequestHostnameProviderFactory; import org.keycloak.url.RequestHostnameProviderFactory;
import org.keycloak.userprofile.DeclarativeUserProfileProviderFactory; import org.keycloak.userprofile.config.UPConfigUtils;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
import org.keycloak.vault.FilesKeystoreVaultProviderFactory; import org.keycloak.vault.FilesKeystoreVaultProviderFactory;
import org.keycloak.vault.FilesPlainTextVaultProviderFactory; import org.keycloak.vault.FilesPlainTextVaultProviderFactory;
@ -272,7 +272,7 @@ class KeycloakProcessor {
@BuildStep @BuildStep
@Produce(UserProfileBuildItem.class) @Produce(UserProfileBuildItem.class)
UserProfileBuildItem parseDefaultUserProfileConfig() { UserProfileBuildItem parseDefaultUserProfileConfig() {
final UPConfig defaultConfig = DeclarativeUserProfileProviderFactory.parseDefaultConfig(); UPConfig defaultConfig = UPConfigUtils.parseSystemDefaultConfig();
logger.debug("Parsing default configuration for the User Profile provider"); logger.debug("Parsing default configuration for the User Profile provider");
return new UserProfileBuildItem(defaultConfig); return new UserProfileBuildItem(defaultConfig);
} }

32
services/src/main/java/org/keycloak/userprofile/DeclarativeUserProfileProviderFactory.java
View file

@ -20,16 +20,19 @@
package org.keycloak.userprofile; package org.keycloak.userprofile;
import java.io.IOException; import java.io.IOException;
import java.nio.file.Paths;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Optional;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import org.keycloak.Config; import org.keycloak.Config;
import org.keycloak.Config.Scope;
import org.keycloak.authentication.requiredactions.TermsAndConditions; import org.keycloak.authentication.requiredactions.TermsAndConditions;
import org.keycloak.common.Profile; import org.keycloak.common.Profile;
import org.keycloak.component.AmphibianProviderFactory; import org.keycloak.component.AmphibianProviderFactory;
@ -91,7 +94,9 @@ public class DeclarativeUserProfileProviderFactory implements UserProfileProvide
private final Map<UserProfileContext, UserProfileMetadata> contextualMetadataRegistry = new HashMap<>(); private final Map<UserProfileContext, UserProfileMetadata> contextualMetadataRegistry = new HashMap<>();
public static void setDefaultConfig(UPConfig defaultConfig) { public static void setDefaultConfig(UPConfig defaultConfig) {
PARSED_DEFAULT_RAW_CONFIG = defaultConfig; if (PARSED_DEFAULT_RAW_CONFIG == null) {
PARSED_DEFAULT_RAW_CONFIG = defaultConfig;
}
} }
private static boolean editUsernameCondition(AttributeContext c) { private static boolean editUsernameCondition(AttributeContext c) {
@ -206,15 +211,9 @@ public class DeclarativeUserProfileProviderFactory implements UserProfileProvide
return null; return null;
} }
public static UPConfig parseDefaultConfig() {
return UPConfigUtils.parseDefaultConfig();
}
@Override @Override
public void init(Config.Scope config) { public void init(Config.Scope config) {
if (PARSED_DEFAULT_RAW_CONFIG == null) { initDefaultConfiguration(config);
setDefaultConfig(parseDefaultConfig());
}
// make sure registry is clear in case of re-deploy // make sure registry is clear in case of re-deploy
contextualMetadataRegistry.clear(); contextualMetadataRegistry.clear();
@ -485,4 +484,21 @@ public class DeclarativeUserProfileProviderFactory implements UserProfileProvide
return contextualMetadataRegistry; return contextualMetadataRegistry;
} }
private void initDefaultConfiguration(Scope config) {
// The user-defined configuration is always parsed during init and should be avoided as much as possible
// If no user-defined configuration is set, the system default configuration must have been set
// In Quarkus, the system default configuration is set at build time for optimization purposes
UPConfig defaultConfig = Optional.ofNullable(config.get("configFile"))
.map(Paths::get)
.map(UPConfigUtils::parseConfig)
.orElse(PARSED_DEFAULT_RAW_CONFIG);
if (defaultConfig == null) {
// as a fallback parse the system default config
defaultConfig = UPConfigUtils.parseSystemDefaultConfig();
}
PARSED_DEFAULT_RAW_CONFIG = null;
setDefaultConfig(defaultConfig);
}
} }

36
services/src/main/java/org/keycloak/userprofile/config/UPConfigUtils.java
View file

@ -19,9 +19,11 @@ package org.keycloak.userprofile.config;
import static org.keycloak.common.util.ObjectUtil.isBlank; import static org.keycloak.common.util.ObjectUtil.isBlank;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.nio.file.Path;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
@ -293,19 +295,39 @@ public class UPConfigUtils {
return str.substring(0, 1).toUpperCase() + str.substring(1); return str.substring(0, 1).toUpperCase() + str.substring(1);
} }
public static String readDefaultConfig() { public static String readSystemDefaultConfig() {
try (InputStream is = UPConfigUtils.class.getResourceAsStream(SYSTEM_DEFAULT_CONFIG_RESOURCE)) { try (InputStream is = getSystemDefaultConfig()) {
return StreamUtil.readString(is, Charset.defaultCharset()); return StreamUtil.readString(is, Charset.defaultCharset());
} catch (IOException cause) { } catch (IOException cause) {
throw new RuntimeException("Failed to load default user profile config file", cause); throw new RuntimeException("Failed to load default user profile config file", cause);
} }
} }
public static UPConfig parseDefaultConfig() { public static UPConfig parseSystemDefaultConfig() {
try { return parseConfig(getSystemDefaultConfig());
return JsonSerialization.readValue(readDefaultConfig(), UPConfig.class); }
} catch (IOException e) {
throw new RuntimeException("Failed to parse default user profile configuration", e); public static UPConfig parseConfig(Path configPath) {
if (configPath == null) {
throw new IllegalArgumentException("Null configPath");
}
try (InputStream is = new FileInputStream(configPath.toFile())) {
return parseConfig(is);
} catch (IOException ioe) {
throw new RuntimeException("Failed to reaad default user profile configuration: " + configPath, ioe);
} }
} }
private static UPConfig parseConfig(InputStream is) {
try {
return JsonSerialization.readValue(is, UPConfig.class);
} catch (IOException e) {
throw new RuntimeException("Failed to parse default user profile configuration stream", e);
}
}
private static InputStream getSystemDefaultConfig() {
return UPConfigUtils.class.getResourceAsStream(SYSTEM_DEFAULT_CONFIG_RESOURCE);
}
} }

6
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/userprofile/UserProfileAdminTest.java
View file

@ -23,7 +23,7 @@ import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.keycloak.userprofile.config.UPConfigUtils.readDefaultConfig; import static org.keycloak.userprofile.config.UPConfigUtils.readSystemDefaultConfig;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@ -53,12 +53,12 @@ public class UserProfileAdminTest extends AbstractAdminTest {
@Test @Test
public void testDefaultConfigIfNoneSet() { public void testDefaultConfigIfNoneSet() {
JsonTestUtils.assertJsonEquals(readDefaultConfig(), testRealm().users().userProfile().getConfiguration()); JsonTestUtils.assertJsonEquals(readSystemDefaultConfig(), testRealm().users().userProfile().getConfiguration());
} }
@Test @Test
public void testSetDefaultConfig() { public void testSetDefaultConfig() {
UPConfig config = UPConfigUtils.parseDefaultConfig().addOrReplaceAttribute(new UPAttribute("test")); UPConfig config = UPConfigUtils.parseSystemDefaultConfig().addOrReplaceAttribute(new UPAttribute("test"));
UserProfileResource userProfile = testRealm().users().userProfile(); UserProfileResource userProfile = testRealm().users().userProfile();
userProfile.update(config); userProfile.update(config);
getCleanup().addCleanup(() -> testRealm().users().userProfile().update(null)); getCleanup().addCleanup(() -> testRealm().users().userProfile().update(null));

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/user/profile/AbstractUserProfileTest.java
View file

@ -72,7 +72,7 @@ public abstract class AbstractUserProfileTest extends AbstractTestRealmKeycloakT
} }
protected static void setDefaultConfiguration(KeycloakSession session) { protected static void setDefaultConfiguration(KeycloakSession session) {
setConfiguration(session, UPConfigUtils.readDefaultConfig()); setConfiguration(session, UPConfigUtils.readSystemDefaultConfig());
} }
protected static void setConfiguration(KeycloakSession session, String config) { protected static void setConfiguration(KeycloakSession session, String config) {

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/user/profile/CustomUserProfileTest.java
View file

@ -25,7 +25,6 @@ import static org.junit.Assert.fail;
import org.junit.Test; import org.junit.Test;
import org.keycloak.component.ComponentModel; import org.keycloak.component.ComponentModel;
import org.keycloak.component.ComponentValidationException;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.testsuite.arquillian.annotation.SetDefaultProvider; import org.keycloak.testsuite.arquillian.annotation.SetDefaultProvider;
@ -54,7 +53,7 @@ public class CustomUserProfileTest extends AbstractUserProfileTest {
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
assertEquals(CustomUserProfileProvider.class.getName(), provider.getClass().getName()); assertEquals(CustomUserProfileProvider.class.getName(), provider.getClass().getName());
assertTrue(provider instanceof CustomUserProfileProvider); assertTrue(provider instanceof CustomUserProfileProvider);
provider.setConfiguration(UPConfigUtils.parseDefaultConfig()); provider.setConfiguration(UPConfigUtils.parseSystemDefaultConfig());
Optional<ComponentModel> component = getComponentModel(session); Optional<ComponentModel> component = getComponentModel(session);
assertTrue(component.isPresent()); assertTrue(component.isPresent());
assertEquals("custom-user-profile", component.get().getProviderId()); assertEquals("custom-user-profile", component.get().getProviderId());

63
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/user/profile/UserProfileTest.java
View file

@ -29,7 +29,7 @@ import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail; import static org.junit.Assert.fail;
import static org.keycloak.userprofile.config.UPConfigUtils.ROLE_ADMIN; import static org.keycloak.userprofile.config.UPConfigUtils.ROLE_ADMIN;
import static org.keycloak.userprofile.config.UPConfigUtils.ROLE_USER; import static org.keycloak.userprofile.config.UPConfigUtils.ROLE_USER;
import static org.keycloak.userprofile.config.UPConfigUtils.parseDefaultConfig; import static org.keycloak.userprofile.config.UPConfigUtils.parseSystemDefaultConfig;
import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.Response;
import java.util.ArrayList; import java.util.ArrayList;
@ -79,6 +79,7 @@ import org.keycloak.userprofile.UserProfileConstants;
import org.keycloak.userprofile.UserProfileContext; import org.keycloak.userprofile.UserProfileContext;
import org.keycloak.userprofile.UserProfileProvider; import org.keycloak.userprofile.UserProfileProvider;
import org.keycloak.userprofile.ValidationException; import org.keycloak.userprofile.ValidationException;
import org.keycloak.userprofile.config.UPConfigUtils;
import org.keycloak.userprofile.validator.PersonNameProhibitedCharactersValidator; import org.keycloak.userprofile.validator.PersonNameProhibitedCharactersValidator;
import org.keycloak.userprofile.validator.UsernameIDNHomographValidator; import org.keycloak.userprofile.validator.UsernameIDNHomographValidator;
import org.keycloak.validate.ValidationError; import org.keycloak.validate.ValidationError;
@ -113,7 +114,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
@Test @Test
public void testReadOnlyAllowed() throws Exception { public void testReadOnlyAllowed() throws Exception {
// create a user with attribute foo value 123 allowed by the profile now but disallowed later // create a user with attribute foo value 123 allowed by the profile now but disallowed later
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
config.addOrReplaceAttribute(new UPAttribute("foo", new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN)))); config.addOrReplaceAttribute(new UPAttribute("foo", new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN))));
config.getAttribute(UserModel.EMAIL).setPermissions(new UPAttributePermissions(Set.of(ROLE_USER), Set.of(ROLE_ADMIN))); config.getAttribute(UserModel.EMAIL).setPermissions(new UPAttributePermissions(Set.of(ROLE_USER), Set.of(ROLE_ADMIN)));
RealmResource realmRes = testRealm(); RealmResource realmRes = testRealm();
@ -205,7 +206,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
attributes.put(UserModel.EMAIL, org.keycloak.models.utils.KeycloakModelUtils.generateId() + "@keycloak.org"); attributes.put(UserModel.EMAIL, org.keycloak.models.utils.KeycloakModelUtils.generateId() + "@keycloak.org");
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
config.addOrReplaceAttribute(new UPAttribute("address", new UPAttributePermissions(Set.of(), Set.of(ROLE_USER)), new UPAttributeRequired())); config.addOrReplaceAttribute(new UPAttribute("address", new UPAttributePermissions(Set.of(), Set.of(ROLE_USER)), new UPAttributeRequired()));
provider.setConfiguration(config); provider.setConfiguration(config);
@ -246,7 +247,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
attributes.put(UserModel.EMAIL, org.keycloak.models.utils.KeycloakModelUtils.generateId() + "@keycloak.org"); attributes.put(UserModel.EMAIL, org.keycloak.models.utils.KeycloakModelUtils.generateId() + "@keycloak.org");
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
config.addOrReplaceAttribute(new UPAttribute("business.address", new UPAttributePermissions(Set.of(), Set.of(ROLE_USER)), new UPAttributeRequired(Set.of(), Set.of("customer")))); config.addOrReplaceAttribute(new UPAttribute("business.address", new UPAttributePermissions(Set.of(), Set.of(ROLE_USER)), new UPAttributeRequired(Set.of(), Set.of("customer"))));
provider.setConfiguration(config); provider.setConfiguration(config);
@ -372,7 +373,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
UserModel user = session.users().addUser(realm, "profiled-user"); UserModel user = session.users().addUser(realm, "profiled-user");
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
config.addOrReplaceAttribute(new UPAttribute("address", new UPAttributePermissions(Set.of(), Set.of(ROLE_USER)), new UPAttributeRequired())); config.addOrReplaceAttribute(new UPAttribute("address", new UPAttributePermissions(Set.of(), Set.of(ROLE_USER)), new UPAttributeRequired()));
provider.setConfiguration(config); provider.setConfiguration(config);
@ -409,7 +410,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
user.setEmail(org.keycloak.models.utils.KeycloakModelUtils.generateId() + "@keycloak.org"); user.setEmail(org.keycloak.models.utils.KeycloakModelUtils.generateId() + "@keycloak.org");
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
config.addOrReplaceAttribute(new UPAttribute("address", new UPAttributePermissions(Set.of(), Set.of(ROLE_USER)), new UPAttributeRequired())); config.addOrReplaceAttribute(new UPAttribute("address", new UPAttributePermissions(Set.of(), Set.of(ROLE_USER)), new UPAttributeRequired()));
provider.setConfiguration(config); provider.setConfiguration(config);
@ -452,7 +453,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
RealmModel realm = session.getContext().getRealm(); RealmModel realm = session.getContext().getRealm();
UserModel user = session.users().addUser(realm, org.keycloak.models.utils.KeycloakModelUtils.generateId()); UserModel user = session.users().addUser(realm, org.keycloak.models.utils.KeycloakModelUtils.generateId());
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
UPGroup companyAddress = new UPGroup("companyaddress"); UPGroup companyAddress = new UPGroup("companyaddress");
companyAddress.setDisplayHeader("header"); companyAddress.setDisplayHeader("header");
companyAddress.setDisplayDescription("description"); companyAddress.setDisplayDescription("description");
@ -569,7 +570,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
attributes.put("department", Arrays.asList("sales")); attributes.put("department", Arrays.asList("sales"));
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
config.addOrReplaceAttribute(new UPAttribute("department", new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN)))); config.addOrReplaceAttribute(new UPAttribute("department", new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN))));
provider.setConfiguration(config); provider.setConfiguration(config);
@ -621,7 +622,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
attributes.put(UserModel.EMAIL, "readonly@foo.bar"); attributes.put(UserModel.EMAIL, "readonly@foo.bar");
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
config.addOrReplaceAttribute(new UPAttribute("email", new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN)))); config.addOrReplaceAttribute(new UPAttribute("email", new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN))));
// configure email r/o for user // configure email r/o for user
@ -670,7 +671,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
attributes.put(UserModel.EMAIL, "canchange@foo.bar"); attributes.put(UserModel.EMAIL, "canchange@foo.bar");
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
config.getAttribute("email").getPermissions().setEdit(Set.of(ROLE_USER, ROLE_ADMIN)); config.getAttribute("email").getPermissions().setEdit(Set.of(ROLE_USER, ROLE_ADMIN));
@ -715,7 +716,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
attributes.put("phone", Arrays.asList("fixed-phone")); attributes.put("phone", Arrays.asList("fixed-phone"));
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
config.addOrReplaceAttribute(new UPAttribute("department", new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN)))); config.addOrReplaceAttribute(new UPAttribute("department", new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN))));
config.addOrReplaceAttribute(new UPAttribute("phone", new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN)))); config.addOrReplaceAttribute(new UPAttribute("phone", new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN))));
config.addOrReplaceAttribute(new UPAttribute("address", new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN)))); config.addOrReplaceAttribute(new UPAttribute("address", new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN))));
@ -869,7 +870,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
} }
private static void testCustomValidationForUsername(KeycloakSession session) { private static void testCustomValidationForUsername(KeycloakSession session) {
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
UPAttribute attribute = new UPAttribute(UserModel.USERNAME); UPAttribute attribute = new UPAttribute(UserModel.USERNAME);
Map<String, Object> validatorConfig = new HashMap<>(); Map<String, Object> validatorConfig = new HashMap<>();
@ -968,7 +969,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
private static void testHomographValidator(KeycloakSession session) { private static void testHomographValidator(KeycloakSession session) {
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
UPAttribute attribute = config.getAttribute(UserModel.LAST_NAME); UPAttribute attribute = config.getAttribute(UserModel.LAST_NAME);
attribute.addValidation(UsernameIDNHomographValidator.ID, Map.of(UsernameIDNHomographValidator.CFG_ERROR_MESSAGE, "error-something")); attribute.addValidation(UsernameIDNHomographValidator.ID, Map.of(UsernameIDNHomographValidator.CFG_ERROR_MESSAGE, "error-something"));
@ -1002,7 +1003,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
private static void testOptionalAttributes(KeycloakSession session) { private static void testOptionalAttributes(KeycloakSession session) {
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
UPAttribute attribute = new UPAttribute(); UPAttribute attribute = new UPAttribute();
attribute.setName(UserModel.FIRST_NAME); attribute.setName(UserModel.FIRST_NAME);
Map<String, Object> validatorConfig = new HashMap<>(); Map<String, Object> validatorConfig = new HashMap<>();
@ -1057,7 +1058,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
@ModelTest(realmName = "test") @ModelTest(realmName = "test")
public void testPersonNameProhibitedCharsValidator(KeycloakSession session) { public void testPersonNameProhibitedCharsValidator(KeycloakSession session) {
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
UPAttribute lastNameAttr = config.getAttribute(UserModel.LAST_NAME); UPAttribute lastNameAttr = config.getAttribute(UserModel.LAST_NAME);
Map<String, Object> origValidatorCfg = lastNameAttr.getValidations().get(PersonNameProhibitedCharactersValidator.ID); Map<String, Object> origValidatorCfg = lastNameAttr.getValidations().get(PersonNameProhibitedCharactersValidator.ID);
@ -1117,7 +1118,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
private static void testCustomAttributeRequired(KeycloakSession session) { private static void testCustomAttributeRequired(KeycloakSession session) {
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
UPAttribute attribute = new UPAttribute(); UPAttribute attribute = new UPAttribute();
attribute.setName(ATT_ADDRESS); attribute.setName(ATT_ADDRESS);
@ -1183,7 +1184,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
private static void testCustomAttributeOptional(KeycloakSession session) { private static void testCustomAttributeOptional(KeycloakSession session) {
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
UPAttribute attribute = new UPAttribute(); UPAttribute attribute = new UPAttribute();
attribute.setName(ATT_ADDRESS); attribute.setName(ATT_ADDRESS);
@ -1235,7 +1236,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
private static void testRequiredIfUser(KeycloakSession session) { private static void testRequiredIfUser(KeycloakSession session) {
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
config.addOrReplaceAttribute(new UPAttribute(ATT_ADDRESS, new UPAttributePermissions(Set.of(), Set.of(ROLE_USER)), new UPAttributeRequired(Set.of(ROLE_USER), Set.of()))); config.addOrReplaceAttribute(new UPAttribute(ATT_ADDRESS, new UPAttributePermissions(Set.of(), Set.of(ROLE_USER)), new UPAttributeRequired(Set.of(ROLE_USER), Set.of())));
provider.setConfiguration(config); provider.setConfiguration(config);
@ -1283,7 +1284,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
private static void testRequiredIfAdmin(KeycloakSession session) { private static void testRequiredIfAdmin(KeycloakSession session) {
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
config.addOrReplaceAttribute(new UPAttribute(ATT_ADDRESS, new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN)), new UPAttributeRequired(Set.of(ROLE_ADMIN), Set.of()))); config.addOrReplaceAttribute(new UPAttribute(ATT_ADDRESS, new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN)), new UPAttributeRequired(Set.of(ROLE_ADMIN), Set.of())));
provider.setConfiguration(config); provider.setConfiguration(config);
@ -1328,7 +1329,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
// Email required for users by default, but not for admins // Email required for users by default, but not for admins
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
provider.setConfiguration(config); provider.setConfiguration(config);
UPAttribute emailOrigConfig = config.getAttribute(UserModel.EMAIL); UPAttribute emailOrigConfig = config.getAttribute(UserModel.EMAIL);
Assert.assertEquals(emailOrigConfig.getRequired().getRoles(), Set.of(ROLE_USER)); // Should be required only for users by default Assert.assertEquals(emailOrigConfig.getRequired().getRoles(), Set.of(ROLE_USER)); // Should be required only for users by default
@ -1432,7 +1433,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
private static void testNoValidationsIfUserReadOnly(KeycloakSession session) { private static void testNoValidationsIfUserReadOnly(KeycloakSession session) {
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
config.addOrReplaceAttribute(new UPAttribute(ATT_ADDRESS, new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN)), new UPAttributeRequired())); config.addOrReplaceAttribute(new UPAttribute(ATT_ADDRESS, new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN)), new UPAttributeRequired()));
provider.setConfiguration(config); provider.setConfiguration(config);
@ -1465,7 +1466,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
private static void testNoValidationsIfAdminReadOnly(KeycloakSession session) { private static void testNoValidationsIfAdminReadOnly(KeycloakSession session) {
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
config.addOrReplaceAttribute(new UPAttribute(ATT_ADDRESS, new UPAttributePermissions(Set.of(), Set.of(ROLE_USER)), new UPAttributeRequired())); config.addOrReplaceAttribute(new UPAttribute(ATT_ADDRESS, new UPAttributePermissions(Set.of(), Set.of(ROLE_USER)), new UPAttributeRequired()));
provider.setConfiguration(config); provider.setConfiguration(config);
@ -1494,7 +1495,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
private static void testIgnoreReadOnlyAttribute(KeycloakSession session) { private static void testIgnoreReadOnlyAttribute(KeycloakSession session) {
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
config.addOrReplaceAttribute(new UPAttribute(ATT_ADDRESS, new UPAttributePermissions(Set.of(ROLE_ADMIN), Set.of(ROLE_USER)), new UPAttributeRequired(Set.of(ROLE_USER), Set.of()))); config.addOrReplaceAttribute(new UPAttribute(ATT_ADDRESS, new UPAttributePermissions(Set.of(ROLE_ADMIN), Set.of(ROLE_USER)), new UPAttributeRequired(Set.of(ROLE_USER), Set.of())));
config.addOrReplaceAttribute(new UPAttribute(UserModel.FIRST_NAME, new UPAttributePermissions(Set.of(ROLE_ADMIN), Set.of(ROLE_USER)), new UPAttributeRequired(Set.of(ROLE_USER), Set.of()))); config.addOrReplaceAttribute(new UPAttribute(UserModel.FIRST_NAME, new UPAttributePermissions(Set.of(ROLE_ADMIN), Set.of(ROLE_USER)), new UPAttributeRequired(Set.of(ROLE_USER), Set.of())));
provider.setConfiguration(config); provider.setConfiguration(config);
@ -1570,7 +1571,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
private static void testRequiredByClientScope(KeycloakSession session) { private static void testRequiredByClientScope(KeycloakSession session) {
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
config.addOrReplaceAttribute(new UPAttribute(ATT_ADDRESS, new UPAttributePermissions(Set.of(), Set.of(ROLE_USER)), new UPAttributeRequired(Set.of(), Set.of("client-a")))); config.addOrReplaceAttribute(new UPAttribute(ATT_ADDRESS, new UPAttributePermissions(Set.of(), Set.of(ROLE_USER)), new UPAttributeRequired(Set.of(), Set.of("client-a"))));
provider.setConfiguration(config); provider.setConfiguration(config);
@ -1639,7 +1640,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
session.getContext().setRealm(realm); session.getContext().setRealm(realm);
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
config.addOrReplaceAttribute(new UPAttribute(ATT_ADDRESS, new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN, ROLE_USER)), new UPAttributeRequired(Set.of(ROLE_ADMIN, ROLE_USER), Set.of("some-optional-scope")))); config.addOrReplaceAttribute(new UPAttribute(ATT_ADDRESS, new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN, ROLE_USER)), new UPAttributeRequired(Set.of(ROLE_ADMIN, ROLE_USER), Set.of("some-optional-scope"))));
provider.setConfiguration(config); provider.setConfiguration(config);
@ -1707,7 +1708,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
private static void testConfigurationInvalidScope(KeycloakSession session) { private static void testConfigurationInvalidScope(KeycloakSession session) {
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
config.addOrReplaceAttribute(new UPAttribute(ATT_ADDRESS, new UPAttributePermissions(Set.of(), Set.of(ROLE_USER)), config.addOrReplaceAttribute(new UPAttribute(ATT_ADDRESS, new UPAttributePermissions(Set.of(), Set.of(ROLE_USER)),
new UPAttributeRequired(Set.of(), Set.of("invalid")), new UPAttributeSelector(Set.of("invalid")))); new UPAttributeRequired(Set.of(), Set.of("invalid")), new UPAttributeSelector(Set.of("invalid"))));
@ -1767,7 +1768,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
attributes.put("foo", Arrays.asList("foo")); attributes.put("foo", Arrays.asList("foo"));
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
config.removeAttribute(UserModel.FIRST_NAME); config.removeAttribute(UserModel.FIRST_NAME);
config.removeAttribute(UserModel.LAST_NAME); config.removeAttribute(UserModel.LAST_NAME);
config.addOrReplaceAttribute(new UPAttribute("test-attribute", new UPAttributePermissions(Set.of(), Set.of(ROLE_USER, ROLE_ADMIN)))); config.addOrReplaceAttribute(new UPAttribute("test-attribute", new UPAttributePermissions(Set.of(), Set.of(ROLE_USER, ROLE_ADMIN))));
@ -1849,7 +1850,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
attributes.put("test-attribute", List.of("")); attributes.put("test-attribute", List.of(""));
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
config.addOrReplaceAttribute(new UPAttribute("test-attribute", new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN, ROLE_USER)))); config.addOrReplaceAttribute(new UPAttribute("test-attribute", new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN, ROLE_USER))));
config.addOrReplaceAttribute(new UPAttribute(UserModel.FIRST_NAME, new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN, ROLE_USER)))); config.addOrReplaceAttribute(new UPAttribute(UserModel.FIRST_NAME, new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN, ROLE_USER))));
config.addOrReplaceAttribute(new UPAttribute(UserModel.LAST_NAME, new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN, ROLE_USER)))); config.addOrReplaceAttribute(new UPAttribute(UserModel.LAST_NAME, new UPAttributePermissions(Set.of(), Set.of(ROLE_ADMIN, ROLE_USER))));
@ -1888,7 +1889,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
} }
private static void testRemoveOptionalAttributesFromDefaultConfigIfNotSet(KeycloakSession session) { private static void testRemoveOptionalAttributesFromDefaultConfigIfNotSet(KeycloakSession session) {
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
config.addOrReplaceAttribute(new UPAttribute("foo")); config.addOrReplaceAttribute(new UPAttribute("foo"));
config.removeAttribute(UserModel.FIRST_NAME); config.removeAttribute(UserModel.FIRST_NAME);
config.removeAttribute(UserModel.LAST_NAME); config.removeAttribute(UserModel.LAST_NAME);
@ -1926,7 +1927,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
} }
private static void testUnmanagedPolicy(KeycloakSession session) { private static void testUnmanagedPolicy(KeycloakSession session) {
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
config.addOrReplaceAttribute(new UPAttribute("bar", new UPAttributePermissions(Set.of(), Set.of(ROLE_USER, ROLE_ADMIN)))); config.addOrReplaceAttribute(new UPAttribute("bar", new UPAttributePermissions(Set.of(), Set.of(ROLE_USER, ROLE_ADMIN))));
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
provider.setConfiguration(config); provider.setConfiguration(config);
@ -1980,7 +1981,7 @@ public class UserProfileTest extends AbstractUserProfileTest {
} }
private static void testOptionalRootAttributesAsUnmanagedAttribute(KeycloakSession session) { private static void testOptionalRootAttributesAsUnmanagedAttribute(KeycloakSession session) {
UPConfig config = parseDefaultConfig(); UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
UserProfileProvider provider = getUserProfileProvider(session); UserProfileProvider provider = getUserProfileProvider(session);
provider.setConfiguration(config); provider.setConfiguration(config);
Map<String, String> rawAttributes = new HashMap<>(); Map<String, String> rawAttributes = new HashMap<>();