libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-5907 Use client manager to delete clients in client registration services

Browse source
This commit is contained in:
stianst 2017-12-11 13:13:35 +01:00 committed by Stian Thorgersen
parent b8416dfa3e
commit f939818252
3 changed files with 42 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
services/src/main/java/org/keycloak/services/clientregistration/AbstractClientRegistrationProvider.java
View file

@ -31,6 +31,8 @@ import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.ForbiddenException; import org.keycloak.services.ForbiddenException;
import org.keycloak.services.clientregistration.policy.ClientRegistrationPolicyManager; import org.keycloak.services.clientregistration.policy.ClientRegistrationPolicyManager;
import org.keycloak.services.clientregistration.policy.RegistrationAuth; import org.keycloak.services.clientregistration.policy.RegistrationAuth;
import org.keycloak.services.managers.ClientManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.validation.ValidationMessages; import org.keycloak.services.validation.ValidationMessages;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
@ -67,7 +69,7 @@ public abstract class AbstractClientRegistrationProvider implements ClientRegist
try { try {
RealmModel realm = session.getContext().getRealm(); RealmModel realm = session.getContext().getRealm();
ClientModel clientModel = RepresentationToModel.createClient(session, realm, client, true); ClientModel clientModel = new ClientManager(new RealmManager(session)).createClient(session, realm, client, true);
ClientRegistrationPolicyManager.triggerAfterRegister(context, registrationAuth, clientModel); ClientRegistrationPolicyManager.triggerAfterRegister(context, registrationAuth, clientModel);
@ -153,7 +155,7 @@ public abstract class AbstractClientRegistrationProvider implements ClientRegist
ClientModel client = session.getContext().getRealm().getClientByClientId(clientId); ClientModel client = session.getContext().getRealm().getClientByClientId(clientId);
auth.requireDelete(client); auth.requireDelete(client);
if (session.getContext().getRealm().removeClient(client.getId())) { if (new ClientManager(new RealmManager(session)).removeClient(session.getContext().getRealm(), client)) {
event.client(client.getClientId()).success(); event.client(client.getClientId()).success();
} else { } else {
throw new ForbiddenException(); throw new ForbiddenException();

8
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/registration/KcRegCreateTest.java
View file

@ -74,7 +74,7 @@ public class KcRegCreateTest extends AbstractRegCliTest {
" \"name\": \"My Client App\",\n" + " \"name\": \"My Client App\",\n" +
" \"implicitFlowEnabled\": false,\n" + " \"implicitFlowEnabled\": false,\n" +
" \"publicClient\": true,\n" + " \"publicClient\": true,\n" +
" \"protocol\": \"leycloak-oidc\",\n" + " \"protocol\": \"openid-connect\",\n" +
" \"webOrigins\": [\"http://localhost:8980/myapp\"],\n" + " \"webOrigins\": [\"http://localhost:8980/myapp\"],\n" +
" \"consentRequired\": false,\n" + " \"consentRequired\": false,\n" +
" \"baseUrl\": \"http://localhost:8980/myapp\",\n" + " \"baseUrl\": \"http://localhost:8980/myapp\",\n" +
@ -99,7 +99,7 @@ public class KcRegCreateTest extends AbstractRegCliTest {
Assert.assertEquals("implicitFlowEnabled", false, client.isImplicitFlowEnabled()); Assert.assertEquals("implicitFlowEnabled", false, client.isImplicitFlowEnabled());
Assert.assertEquals("publicClient", true, client.isPublicClient()); Assert.assertEquals("publicClient", true, client.isPublicClient());
// note there is no server-side check if protocol is supported // note there is no server-side check if protocol is supported
Assert.assertEquals("protocol", "leycloak-oidc", client.getProtocol()); Assert.assertEquals("protocol", "openid-connect", client.getProtocol());
Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8980/myapp"), client.getWebOrigins()); Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8980/myapp"), client.getWebOrigins());
Assert.assertEquals("consentRequired", false, client.isConsentRequired()); Assert.assertEquals("consentRequired", false, client.isConsentRequired());
Assert.assertEquals("baseUrl", "http://localhost:8980/myapp", client.getBaseUrl()); Assert.assertEquals("baseUrl", "http://localhost:8980/myapp", client.getBaseUrl());
@ -110,7 +110,7 @@ public class KcRegCreateTest extends AbstractRegCliTest {
// create configuration from file as a template and override clientId and other attributes ... output an object // create configuration from file as a template and override clientId and other attributes ... output an object
exe = execute("create --config '" + configFile.getName() + "' -o -f '" + tmpFile.getName() + exe = execute("create --config '" + configFile.getName() + "' -o -f '" + tmpFile.getName() +
"' -s clientId=my_client2 -s enabled=false -s 'redirectUris=[\"http://localhost:8980/myapp2/*\"]'" + "' -s clientId=my_client2 -s enabled=false -s 'redirectUris=[\"http://localhost:8980/myapp2/*\"]'" +
" -s 'name=My Client App II' -s protocol=keycloak-oidc -s 'webOrigins=[\"http://localhost:8980/myapp2\"]'" + " -s 'name=My Client App II' -s protocol=openid-connect -s 'webOrigins=[\"http://localhost:8980/myapp2\"]'" +
" -s baseUrl=http://localhost:8980/myapp2 -s rootUrl=http://localhost:8980/myapp2"); " -s baseUrl=http://localhost:8980/myapp2 -s rootUrl=http://localhost:8980/myapp2");
assertExitCodeAndStdErrSize(exe, 0, 0); assertExitCodeAndStdErrSize(exe, 0, 0);
@ -124,7 +124,7 @@ public class KcRegCreateTest extends AbstractRegCliTest {
Assert.assertEquals("name", "My Client App II", client2.getName()); Assert.assertEquals("name", "My Client App II", client2.getName());
Assert.assertEquals("implicitFlowEnabled", false, client2.isImplicitFlowEnabled()); Assert.assertEquals("implicitFlowEnabled", false, client2.isImplicitFlowEnabled());
Assert.assertEquals("publicClient", true, client2.isPublicClient()); Assert.assertEquals("publicClient", true, client2.isPublicClient());
Assert.assertEquals("protocol", "keycloak-oidc", client2.getProtocol()); Assert.assertEquals("protocol", "openid-connect", client2.getProtocol());
Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8980/myapp2"), client2.getWebOrigins()); Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8980/myapp2"), client2.getWebOrigins());
Assert.assertEquals("consentRequired", false, client2.isConsentRequired()); Assert.assertEquals("consentRequired", false, client2.isConsentRequired());
Assert.assertEquals("baseUrl", "http://localhost:8980/myapp2", client2.getBaseUrl()); Assert.assertEquals("baseUrl", "http://localhost:8980/myapp2", client2.getBaseUrl());

34
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java
View file

@ -17,13 +17,20 @@
package org.keycloak.testsuite.client; package org.keycloak.testsuite.client;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Test; import org.junit.Test;
import org.keycloak.client.registration.Auth; import org.keycloak.client.registration.Auth;
import org.keycloak.client.registration.ClientRegistration; import org.keycloak.client.registration.ClientRegistration;
import org.keycloak.client.registration.ClientRegistrationException; import org.keycloak.client.registration.ClientRegistrationException;
import org.keycloak.client.registration.HttpErrorException; import org.keycloak.client.registration.HttpErrorException;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants; import org.keycloak.models.Constants;
import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.runonserver.RunOnServerDeployment;
import org.keycloak.testsuite.runonserver.RunOnServerTest;
import javax.ws.rs.NotFoundException; import javax.ws.rs.NotFoundException;
import java.util.Collections; import java.util.Collections;
@ -38,6 +45,11 @@ import static org.junit.Assert.fail;
*/ */
public class ClientRegistrationTest extends AbstractClientRegistrationTest { public class ClientRegistrationTest extends AbstractClientRegistrationTest {
@Deployment
public static WebArchive deploy() {
return RunOnServerDeployment.create(ClientRegistrationTest.class);
}
private static final String CLIENT_ID = "test-client"; private static final String CLIENT_ID = "test-client";
private static final String CLIENT_SECRET = "test-client-secret"; private static final String CLIENT_SECRET = "test-client-secret";
@ -72,6 +84,28 @@ public class ClientRegistrationTest extends AbstractClientRegistrationTest {
registerClient(); registerClient();
} }
// KEYCLOAK-5907
@Test
public void withServiceAccount() throws ClientRegistrationException {
authManageClients();
ClientRepresentation clientRep = buildClient();
clientRep.setServiceAccountsEnabled(true);
ClientRepresentation rep = registerClient(clientRep);
UserRepresentation serviceAccountUser = adminClient.realm("test").clients().get(rep.getId()).getServiceAccountUser();
assertNotNull(serviceAccountUser);
deleteClient(rep);
try {
adminClient.realm("test").users().get(serviceAccountUser.getId()).toRepresentation();
fail("Expected NotFoundException");
} catch (NotFoundException e) {
}
}
@Test @Test
public void registerClientInMasterRealm() throws Exception { public void registerClientInMasterRealm() throws Exception {
ClientRegistration masterReg = ClientRegistration.create().url(suiteContext.getAuthServerInfo().getContextRoot() + "/auth", "master").build(); ClientRegistration masterReg = ClientRegistration.create().url(suiteContext.getAuthServerInfo().getContextRoot() + "/auth", "master").build();