Allow managing the username idn homograph validator

Closes #13346
This commit is contained in:
Pedro Igor 2023-01-25 11:29:05 -03:00
parent eb59fdb772
commit f6602e611b
3 changed files with 47 additions and 2 deletions

View file

@ -328,7 +328,6 @@ public abstract class AbstractUserProfileProvider<U extends UserProfileProvider>
AbstractUserProfileProvider::editUsernameCondition,
AbstractUserProfileProvider::readUsernameCondition,
new AttributeValidatorMetadata(UsernameHasValueValidator.ID),
new AttributeValidatorMetadata(UsernameIDNHomographValidator.ID),
new AttributeValidatorMetadata(DuplicateUsernameValidator.ID),
new AttributeValidatorMetadata(UsernameMutationValidator.ID)).setAttributeDisplayName("${username}");

View file

@ -9,7 +9,8 @@
},
"validations": {
"length": { "min": 3, "max": 255 },
"username-prohibited-characters": {}
"username-prohibited-characters": {},
"up-username-not-idn-homograph": {}
}
},
{

View file

@ -30,6 +30,7 @@ import static org.junit.Assert.fail;
import static org.keycloak.userprofile.config.UPConfigUtils.ROLE_ADMIN;
import static org.keycloak.userprofile.config.UPConfigUtils.ROLE_USER;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
@ -68,6 +69,7 @@ import org.keycloak.userprofile.UserProfileContext;
import org.keycloak.userprofile.UserProfileProvider;
import org.keycloak.userprofile.ValidationException;
import org.keycloak.userprofile.config.UPConfigUtils;
import org.keycloak.userprofile.validator.UsernameIDNHomographValidator;
import org.keycloak.util.JsonSerialization;
import org.keycloak.validate.ValidationError;
import org.keycloak.validate.validators.EmailValidator;
@ -875,6 +877,49 @@ public class UserProfileTest extends AbstractUserProfileTest {
profile.validate();
}
@Test
public void testRemoveDefaultValidationFromUsername() {
getTestingClient().server(TEST_REALM_NAME).run((RunOnServer) UserProfileTest::testRemoveDefaultValidationFromUsername);
}
private static void testRemoveDefaultValidationFromUsername(KeycloakSession session) throws IOException {
DeclarativeUserProfileProvider provider = getDynamicUserProfileProvider(session);
// reset configuration to default
provider.setConfiguration(null);
Map<String, Object> attributes = new HashMap<>();
attributes.put(UserModel.USERNAME, "你好世界");
attributes.put(UserModel.EMAIL, "test@keycloak.org");
attributes.put(UserModel.FIRST_NAME, "Foo");
attributes.put(UserModel.LAST_NAME, "Bar");
UserProfile profile = provider.create(UserProfileContext.UPDATE_PROFILE, attributes);
try {
profile.validate();
fail("Should fail validation");
} catch (ValidationException ve) {
assertTrue(ve.hasError(Messages.INVALID_USERNAME));
}
UPConfig config = UPConfigUtils.readConfig(new ByteArrayInputStream(provider.getConfiguration().getBytes()));
for (UPAttribute attribute : config.getAttributes()) {
if (UserModel.USERNAME.equals(attribute.getName())) {
attribute.getValidations().remove(UsernameIDNHomographValidator.ID);
break;
}
}
provider.setConfiguration(JsonSerialization.writeValueAsString(config));
profile = provider.create(UserProfileContext.UPDATE_PROFILE, attributes);
profile.validate();
}
@Test
public void testOptionalAttributes() {
getTestingClient().server(TEST_REALM_NAME).run((RunOnServer) UserProfileTest::testOptionalAttributes);