KEYCLOAK-9851 Removed properties from realm json attributes that are included as fields

This commit is contained in:
stianst 2020-03-03 15:06:59 +01:00 committed by Marek Posolda
parent 967ff939ec
commit ed97d40939
2 changed files with 81 additions and 2 deletions

View file

@ -55,6 +55,49 @@ import java.util.stream.Collectors;
* @version $Revision: 1 $
*/
public class ModelToRepresentation {
public static Set<String> REALM_EXCLUDED_ATTRIBUTES = new HashSet<>();
static {
REALM_EXCLUDED_ATTRIBUTES.add("displayName");
REALM_EXCLUDED_ATTRIBUTES.add("displayNameHtml");
REALM_EXCLUDED_ATTRIBUTES.add("defaultSignatureAlgorithm");
REALM_EXCLUDED_ATTRIBUTES.add("bruteForceProtected");
REALM_EXCLUDED_ATTRIBUTES.add("permanentLockout");
REALM_EXCLUDED_ATTRIBUTES.add("maxFailureWaitSeconds");
REALM_EXCLUDED_ATTRIBUTES.add("waitIncrementSeconds");
REALM_EXCLUDED_ATTRIBUTES.add("quickLoginCheckMilliSeconds");
REALM_EXCLUDED_ATTRIBUTES.add("minimumQuickLoginWaitSeconds");
REALM_EXCLUDED_ATTRIBUTES.add("maxDeltaTimeSeconds");
REALM_EXCLUDED_ATTRIBUTES.add("failureFactor");
REALM_EXCLUDED_ATTRIBUTES.add("actionTokenGeneratedByAdminLifespan");
REALM_EXCLUDED_ATTRIBUTES.add("actionTokenGeneratedByUserLifespan");
REALM_EXCLUDED_ATTRIBUTES.add("offlineSessionMaxLifespanEnabled");
REALM_EXCLUDED_ATTRIBUTES.add("offlineSessionMaxLifespan");
REALM_EXCLUDED_ATTRIBUTES.add("webAuthnPolicyRpEntityName");
REALM_EXCLUDED_ATTRIBUTES.add("webAuthnPolicySignatureAlgorithms");
REALM_EXCLUDED_ATTRIBUTES.add("webAuthnPolicyRpId");
REALM_EXCLUDED_ATTRIBUTES.add("webAuthnPolicyAttestationConveyancePreference");
REALM_EXCLUDED_ATTRIBUTES.add("webAuthnPolicyAuthenticatorAttachment");
REALM_EXCLUDED_ATTRIBUTES.add("webAuthnPolicyRequireResidentKey");
REALM_EXCLUDED_ATTRIBUTES.add("webAuthnPolicyUserVerificationRequirement");
REALM_EXCLUDED_ATTRIBUTES.add("webAuthnPolicyCreateTimeout");
REALM_EXCLUDED_ATTRIBUTES.add("webAuthnPolicyAvoidSameAuthenticatorRegister");
REALM_EXCLUDED_ATTRIBUTES.add("webAuthnPolicyAcceptableAaguids");
REALM_EXCLUDED_ATTRIBUTES.add("webAuthnPolicyRpEntityNamePasswordless");
REALM_EXCLUDED_ATTRIBUTES.add("webAuthnPolicySignatureAlgorithmsPasswordless");
REALM_EXCLUDED_ATTRIBUTES.add("webAuthnPolicyRpIdPasswordless");
REALM_EXCLUDED_ATTRIBUTES.add("webAuthnPolicyAttestationConveyancePreferencePasswordless");
REALM_EXCLUDED_ATTRIBUTES.add("webAuthnPolicyAuthenticatorAttachmentPasswordless");
REALM_EXCLUDED_ATTRIBUTES.add("webAuthnPolicyRequireResidentKeyPasswordless");
REALM_EXCLUDED_ATTRIBUTES.add("webAuthnPolicyUserVerificationRequirementPasswordless");
REALM_EXCLUDED_ATTRIBUTES.add("webAuthnPolicyCreateTimeoutPasswordless");
REALM_EXCLUDED_ATTRIBUTES.add("webAuthnPolicyAvoidSameAuthenticatorRegisterPasswordless");
REALM_EXCLUDED_ATTRIBUTES.add("webAuthnPolicyAcceptableAaguidsPasswordless");
}
public static void buildGroupPath(StringBuilder sb, GroupModel group) {
if (group.getParent() != null) {
buildGroupPath(sb, group.getParent());
@ -417,8 +460,7 @@ public class ModelToRepresentation {
exportGroups(realm, rep);
}
Map<String, String> attributes = realm.getAttributes();
rep.setAttributes(attributes);
rep.setAttributes(stripRealmAttributesIncludedAsFields(realm.getAttributes()));
if (!internal) {
rep = StripSecretsUtils.strip(rep);
@ -427,6 +469,24 @@ public class ModelToRepresentation {
return rep;
}
public static Map<String, String> stripRealmAttributesIncludedAsFields(Map<String, String> attributes) {
Map<String, String> a = new HashMap<>();
for (Map.Entry<String, String> e : attributes.entrySet()) {
if (REALM_EXCLUDED_ATTRIBUTES.contains(e.getKey())) {
continue;
}
if (e.getKey().startsWith("_browser_header")) {
continue;
}
a.put(e.getKey(), e.getValue());
}
return a;
}
public static void exportGroups(RealmModel realm, RealmRepresentation rep) {
List<GroupRepresentation> groups = toGroupHierarchy(realm, true);
rep.setGroups(groups);

View file

@ -158,6 +158,25 @@ public class RealmTest extends AbstractAdminTest {
Assert.assertNames(adminClient.realms().findAll(), "master", AuthRealm.TEST, REALM_NAME);
}
/**
* Checks attributes exposed as fields are not also included as attributes
*/
@Test
public void excludesFieldsFromAttributes() {
RealmRepresentation rep = new RealmRepresentation();
rep.setRealm("attributes");
adminClient.realms().create(rep);
try {
RealmRepresentation rep2 = adminClient.realm("attributes").toRepresentation();
assertTrue("Attributes was expected to be empty, but was: " + String.join(", ", rep2.getAttributes().keySet()), rep2.getAttributes().isEmpty());
} finally {
adminClient.realm("attributes").remove();
}
}
@Test
public void smtpPasswordSecret() {
RealmRepresentation rep = RealmBuilder.create().testEventListener().testMail().build();