KEYCLOAK-5907 Use client manager to delete clients in client registration services
This commit is contained in:
stianst
Stian Thorgersen
parent
b8416dfa3e
commit
f939818252
3 changed files with 42 additions and 6 deletions
|
|
@ -31,6 +31,8 @@ import org.keycloak.services.ErrorResponseException;
|
|||
import org.keycloak.services.ForbiddenException;
|
||||
import org.keycloak.services.clientregistration.policy.ClientRegistrationPolicyManager;
|
||||
import org.keycloak.services.clientregistration.policy.RegistrationAuth;
|
||||
import org.keycloak.services.managers.ClientManager;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.validation.ValidationMessages;
|
||||
|
||||
import javax.ws.rs.core.Response;
|
||||
|
|
@ -67,7 +69,7 @@ public abstract class AbstractClientRegistrationProvider implements ClientRegist
|
|||
|
||||
try {
|
||||
RealmModel realm = session.getContext().getRealm();
|
||||
ClientModel clientModel = RepresentationToModel.createClient(session, realm, client, true);
|
||||
ClientModel clientModel = new ClientManager(new RealmManager(session)).createClient(session, realm, client, true);
|
||||
|
||||
ClientRegistrationPolicyManager.triggerAfterRegister(context, registrationAuth, clientModel);
|
||||
|
||||
|
|
@ -153,7 +155,7 @@ public abstract class AbstractClientRegistrationProvider implements ClientRegist
|
|||
ClientModel client = session.getContext().getRealm().getClientByClientId(clientId);
|
||||
auth.requireDelete(client);
|
||||
|
||||
if (session.getContext().getRealm().removeClient(client.getId())) {
|
||||
if (new ClientManager(new RealmManager(session)).removeClient(session.getContext().getRealm(), client)) {
|
||||
event.client(client.getClientId()).success();
|
||||
} else {
|
||||
throw new ForbiddenException();
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ public class KcRegCreateTest extends AbstractRegCliTest {
|
|||
" \"name\": \"My Client App\",\n" +
|
||||
" \"implicitFlowEnabled\": false,\n" +
|
||||
" \"publicClient\": true,\n" +
|
||||
" \"protocol\": \"leycloak-oidc\",\n" +
|
||||
" \"protocol\": \"openid-connect\",\n" +
|
||||
" \"webOrigins\": [\"http://localhost:8980/myapp\"],\n" +
|
||||
" \"consentRequired\": false,\n" +
|
||||
" \"baseUrl\": \"http://localhost:8980/myapp\",\n" +
|
||||
|
|
@ -99,7 +99,7 @@ public class KcRegCreateTest extends AbstractRegCliTest {
|
|||
Assert.assertEquals("implicitFlowEnabled", false, client.isImplicitFlowEnabled());
|
||||
Assert.assertEquals("publicClient", true, client.isPublicClient());
|
||||
// note there is no server-side check if protocol is supported
|
||||
Assert.assertEquals("protocol", "leycloak-oidc", client.getProtocol());
|
||||
Assert.assertEquals("protocol", "openid-connect", client.getProtocol());
|
||||
Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8980/myapp"), client.getWebOrigins());
|
||||
Assert.assertEquals("consentRequired", false, client.isConsentRequired());
|
||||
Assert.assertEquals("baseUrl", "http://localhost:8980/myapp", client.getBaseUrl());
|
||||
|
|
@ -110,7 +110,7 @@ public class KcRegCreateTest extends AbstractRegCliTest {
|
|||
// create configuration from file as a template and override clientId and other attributes ... output an object
|
||||
exe = execute("create --config '" + configFile.getName() + "' -o -f '" + tmpFile.getName() +
|
||||
"' -s clientId=my_client2 -s enabled=false -s 'redirectUris=[\"http://localhost:8980/myapp2/*\"]'" +
|
||||
" -s 'name=My Client App II' -s protocol=keycloak-oidc -s 'webOrigins=[\"http://localhost:8980/myapp2\"]'" +
|
||||
" -s 'name=My Client App II' -s protocol=openid-connect -s 'webOrigins=[\"http://localhost:8980/myapp2\"]'" +
|
||||
" -s baseUrl=http://localhost:8980/myapp2 -s rootUrl=http://localhost:8980/myapp2");
|
||||
|
||||
assertExitCodeAndStdErrSize(exe, 0, 0);
|
||||
|
|
@ -124,7 +124,7 @@ public class KcRegCreateTest extends AbstractRegCliTest {
|
|||
Assert.assertEquals("name", "My Client App II", client2.getName());
|
||||
Assert.assertEquals("implicitFlowEnabled", false, client2.isImplicitFlowEnabled());
|
||||
Assert.assertEquals("publicClient", true, client2.isPublicClient());
|
||||
Assert.assertEquals("protocol", "keycloak-oidc", client2.getProtocol());
|
||||
Assert.assertEquals("protocol", "openid-connect", client2.getProtocol());
|
||||
Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8980/myapp2"), client2.getWebOrigins());
|
||||
Assert.assertEquals("consentRequired", false, client2.isConsentRequired());
|
||||
Assert.assertEquals("baseUrl", "http://localhost:8980/myapp2", client2.getBaseUrl());
|
||||
|
|
|
|||
|
|
@ -17,13 +17,20 @@
|
|||
|
||||
package org.keycloak.testsuite.client;
|
||||
|
||||
import org.jboss.arquillian.container.test.api.Deployment;
|
||||
import org.jboss.shrinkwrap.api.spec.WebArchive;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.client.registration.Auth;
|
||||
import org.keycloak.client.registration.ClientRegistration;
|
||||
import org.keycloak.client.registration.ClientRegistrationException;
|
||||
import org.keycloak.client.registration.HttpErrorException;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.testsuite.runonserver.RunOnServerDeployment;
|
||||
import org.keycloak.testsuite.runonserver.RunOnServerTest;
|
||||
|
||||
import javax.ws.rs.NotFoundException;
|
||||
import java.util.Collections;
|
||||
|
|
@ -38,6 +45,11 @@ import static org.junit.Assert.fail;
|
|||
*/
|
||||
public class ClientRegistrationTest extends AbstractClientRegistrationTest {
|
||||
|
||||
@Deployment
|
||||
public static WebArchive deploy() {
|
||||
return RunOnServerDeployment.create(ClientRegistrationTest.class);
|
||||
}
|
||||
|
||||
private static final String CLIENT_ID = "test-client";
|
||||
private static final String CLIENT_SECRET = "test-client-secret";
|
||||
|
||||
|
|
@ -72,6 +84,28 @@ public class ClientRegistrationTest extends AbstractClientRegistrationTest {
|
|||
registerClient();
|
||||
}
|
||||
|
||||
// KEYCLOAK-5907
|
||||
@Test
|
||||
public void withServiceAccount() throws ClientRegistrationException {
|
||||
authManageClients();
|
||||
ClientRepresentation clientRep = buildClient();
|
||||
clientRep.setServiceAccountsEnabled(true);
|
||||
|
||||
ClientRepresentation rep = registerClient(clientRep);
|
||||
|
||||
UserRepresentation serviceAccountUser = adminClient.realm("test").clients().get(rep.getId()).getServiceAccountUser();
|
||||
|
||||
assertNotNull(serviceAccountUser);
|
||||
|
||||
deleteClient(rep);
|
||||
|
||||
try {
|
||||
adminClient.realm("test").users().get(serviceAccountUser.getId()).toRepresentation();
|
||||
fail("Expected NotFoundException");
|
||||
} catch (NotFoundException e) {
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void registerClientInMasterRealm() throws Exception {
|
||||
ClientRegistration masterReg = ClientRegistration.create().url(suiteContext.getAuthServerInfo().getContextRoot() + "/auth", "master").build();
|
||||
|
|
|
|||
Loading…
Reference in a new issue