Avoid running org related code if there are no orgs in a realm

Closes #33424

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
This commit is contained in:
Pedro Igor 2024-10-01 09:47:18 -03:00 committed by Alexander Schwartz
parent ebfb42f9c5
commit ef48a3a360
3 changed files with 47 additions and 23 deletions

View file

@ -338,15 +338,13 @@ public class UserCacheSession implements UserCache, OnCreateComponent, OnUpdateC
protected UserModel cacheUser(RealmModel realm, UserModel delegate, Long revision) { protected UserModel cacheUser(RealmModel realm, UserModel delegate, Long revision) {
int notBefore = getDelegate().getNotBeforeOfUser(realm, delegate); int notBefore = getDelegate().getNotBeforeOfUser(realm, delegate);
if (Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION)) { if (isReadOnlyOrganizationMember(delegate)) {
if (isOrganizationDisabled(session, delegate)) { return new ReadOnlyUserModelDelegate(delegate) {
return new ReadOnlyUserModelDelegate(delegate) { @Override
@Override public boolean isEnabled() {
public boolean isEnabled() { return false;
return false; }
} };
};
}
} }
CachedUser cached; CachedUser cached;
@ -978,10 +976,22 @@ public class UserCacheSession implements UserCache, OnCreateComponent, OnUpdateC
return List.of(); return List.of();
} }
private boolean isOrganizationDisabled(KeycloakSession session, UserModel delegate) { private boolean isReadOnlyOrganizationMember(UserModel delegate) {
// check if provider is enabled and user is managed member of a disabled organization OR provider is disabled and user is managed member if (delegate == null) {
return false;
}
if (!Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION)) {
return false;
}
OrganizationProvider organizationProvider = session.getProvider(OrganizationProvider.class); OrganizationProvider organizationProvider = session.getProvider(OrganizationProvider.class);
if (organizationProvider.count() == 0) {
return false;
}
// check if provider is enabled and user is managed member of a disabled organization OR provider is disabled and user is managed member
return organizationProvider.getByMember(delegate) return organizationProvider.getByMember(delegate)
.anyMatch((org) -> (organizationProvider.isEnabled() && org.isManaged(delegate) && !org.isEnabled()) || .anyMatch((org) -> (organizationProvider.isEnabled() && org.isManaged(delegate) && !org.isEnabled()) ||
(!organizationProvider.isEnabled() && org.isManaged(delegate))); (!organizationProvider.isEnabled() && org.isManaged(delegate)));

View file

@ -114,16 +114,13 @@ public class UserStorageManager extends AbstractStorageManager<UserStorageProvid
*/ */
protected UserModel importValidation(RealmModel realm, UserModel user) { protected UserModel importValidation(RealmModel realm, UserModel user) {
if (Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION) && user != null) { if (isReadOnlyOrganizationMember(user)) {
// check if provider is enabled and user is managed member of a disabled organization OR provider is disabled and user is managed member return new ReadOnlyUserModelDelegate(user) {
if (isOrganizationDisabled(session, user)) { @Override
return new ReadOnlyUserModelDelegate(user) { public boolean isEnabled() {
@Override return false;
public boolean isEnabled() { }
return false; };
}
};
}
} }
if (user == null || user.getFederationLink() == null) return user; if (user == null || user.getFederationLink() == null) return user;
@ -932,10 +929,22 @@ public class UserStorageManager extends AbstractStorageManager<UserStorageProvid
return Collections.emptyList(); return Collections.emptyList();
} }
private boolean isOrganizationDisabled(KeycloakSession session, UserModel delegate) { private boolean isReadOnlyOrganizationMember(UserModel delegate) {
// check if provider is enabled and user is managed member of a disabled organization OR provider is disabled and user is managed member if (delegate == null) {
return false;
}
if (!Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION)) {
return false;
}
OrganizationProvider organizationProvider = session.getProvider(OrganizationProvider.class); OrganizationProvider organizationProvider = session.getProvider(OrganizationProvider.class);
if (organizationProvider.count() == 0) {
return false;
}
// check if provider is enabled and user is managed member of a disabled organization OR provider is disabled and user is managed member
return organizationProvider.getByMember(delegate) return organizationProvider.getByMember(delegate)
.anyMatch((org) -> (organizationProvider.isEnabled() && org.isManaged(delegate) && !org.isEnabled()) || .anyMatch((org) -> (organizationProvider.isEnabled() && org.isManaged(delegate) && !org.isEnabled()) ||
(!organizationProvider.isEnabled() && org.isManaged(delegate))); (!organizationProvider.isEnabled() && org.isManaged(delegate)));

View file

@ -191,6 +191,11 @@ public class Organizations {
} }
OrganizationProvider provider = getProvider(session); OrganizationProvider provider = getProvider(session);
if (provider.count() == 0) {
return null;
}
AuthenticationSessionModel authSession = session.getContext().getAuthenticationSession(); AuthenticationSessionModel authSession = session.getContext().getAuthenticationSession();
if (authSession != null) { if (authSession != null) {