libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Merge pull request #1205 from stianst/master

Browse source 
KEYCLOAK-1248 Fix direct grants only switch
This commit is contained in:
Stian Thorgersen 2015-04-30 14:41:55 +02:00
commit fd91d46b5b
12 changed files with 44 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
core/src/main/java/org/keycloak/representations/idm/ClientRepresentation.java
View file

@ -144,7 +144,7 @@ public class ClientRepresentation {
this.consentRequired = consentRequired; this.consentRequired = consentRequired;
} }
public Boolean getDirectGrantsOnly() { public Boolean isDirectGrantsOnly() {
return directGrantsOnly; return directGrantsOnly;
} }

2
forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js
View file

@ -792,7 +792,7 @@ module.controller('ClientDetailCtrl', function($scope, realm, client, serverInfo
$scope.client.attributes['saml.signature.algorithm'] = $scope.signatureAlgorithm; $scope.client.attributes['saml.signature.algorithm'] = $scope.signatureAlgorithm;
$scope.client.attributes['saml_name_id_format'] = $scope.nameIdFormat; $scope.client.attributes['saml_name_id_format'] = $scope.nameIdFormat;
if ($scope.client.protocol != 'saml' && !$scope.client.bearerOnly && (!$scope.client.redirectUris || $scope.client.redirectUris.length == 0)) { if ($scope.client.protocol != 'saml' && !$scope.client.bearerOnly && !$scope.client.directGrantsOnly && (!$scope.client.redirectUris || $scope.client.redirectUris.length == 0)) {
Notifications.error("You must specify at least one redirect uri"); Notifications.error("You must specify at least one redirect uri");
} else { } else {
if ($scope.create) { if ($scope.create) {

4
forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
View file

@ -871,7 +871,11 @@ module.controller('RealmIdentityProviderCtrl', function($scope, $filter, $upload
}; };
$scope.cancel = function() { $scope.cancel = function() {
if ($scope.newIdentityProvider) {
$location.url("/realms/" + realm.realm + "/identity-provider-settings");
} else {
$route.reload(); $route.reload();
}
}; };

14
forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/users.js
View file

@ -384,7 +384,7 @@ module.controller('UserFederationCtrl', function($scope, $location, realm, UserF
}); });
module.controller('GenericUserFederationCtrl', function($scope, $location, Notifications, Dialog, realm, instance, providerFactory, UserFederationInstances, UserFederationSync) { module.controller('GenericUserFederationCtrl', function($scope, $location, Notifications, $route, Dialog, realm, instance, providerFactory, UserFederationInstances, UserFederationSync) {
console.log('GenericUserFederationCtrl'); console.log('GenericUserFederationCtrl');
$scope.create = !instance.providerName; $scope.create = !instance.providerName;
@ -453,9 +453,13 @@ module.controller('GenericUserFederationCtrl', function($scope, $location, Notif
$scope.save = function() { $scope.save = function() {
$scope.changed = false; $scope.changed = false;
if ($scope.create) { if ($scope.create) {
UserFederationInstances.save({realm: realm.realm}, $scope.instance, function () { UserFederationInstances.save({realm: realm.realm}, $scope.instance, function (data, headers) {
$scope.changed = false; $scope.changed = false;
$location.url("/realms/" + realm.realm + "/user-federation");
var l = headers().location;
var id = l.substring(l.lastIndexOf("/") + 1);
$location.url("/realms/" + realm.realm + "/user-federation/providers/" + $scope.instance.providerName + "/" + id);
Notifications.success("The provider has been created."); Notifications.success("The provider has been created.");
}); });
} else { } else {
@ -463,11 +467,9 @@ module.controller('GenericUserFederationCtrl', function($scope, $location, Notif
instance: instance.id instance: instance.id
}, },
$scope.instance, function () { $scope.instance, function () {
$scope.changed = false; $route.reload();
$location.url("/realms/" + realm.realm + "/user-federation");
Notifications.success("The provider has been updated."); Notifications.success("The provider has been updated.");
}); });
} }
}; };

4
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html
View file

@ -158,7 +158,7 @@
<kc-tooltip>The name ID format to use for the subject.</kc-tooltip> <kc-tooltip>The name ID format to use for the subject.</kc-tooltip>
</div> </div>
<div class="form-group clearfix block" data-ng-show="!client.bearerOnly"> <div class="form-group clearfix block" data-ng-hide="client.bearerOnly || client.directGrantsOnly">
<label class="col-md-2 control-label" for="newRedirectUri"><span class="required" data-ng-show="protocol != 'saml'">*</span> Valid Redirect URIs</label> <label class="col-md-2 control-label" for="newRedirectUri"><span class="required" data-ng-show="protocol != 'saml'">*</span> Valid Redirect URIs</label>
<div class="col-sm-6"> <div class="col-sm-6">
@ -204,7 +204,7 @@
<kc-tooltip>If configured, this URL will be used for every binding to both the SP's Assertion Consumer and Single Logout Services. This can be individually overiden for each binding and service in the Fine Grain SAML Endpoint Configuration.</kc-tooltip> <kc-tooltip>If configured, this URL will be used for every binding to both the SP's Assertion Consumer and Single Logout Services. This can be individually overiden for each binding and service in the Fine Grain SAML Endpoint Configuration.</kc-tooltip>
</div> </div>
<div class="form-group" data-ng-show="!client.bearerOnly && !create && protocol == 'openid-connect'"> <div class="form-group" data-ng-show="!client.bearerOnly && !create && protocol == 'openid-connect'">
<label class="col-md-2 control-label" for="newWebOrigin">Web Origin</label> <label class="col-md-2 control-label" for="newWebOrigin">Web Origins</label>
<div class="col-sm-6"> <div class="col-sm-6">
<div class="input-group" ng-repeat="(i, webOrigin) in client.webOrigins track by $index"> <div class="input-group" ng-repeat="(i, webOrigin) in client.webOrigins track by $index">

2
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-list.html
View file

@ -19,8 +19,8 @@
</div> </div>
<div class="pull-right" data-ng-show="access.manageRealm"> <div class="pull-right" data-ng-show="access.manageRealm">
<a class="btn btn-primary" href="#/import/client/{{realm.realm}}" data-ng-show="importButton">Import</a>
<a class="btn btn-primary" href="#/create/client/{{realm.realm}}">Create</a> <a class="btn btn-primary" href="#/create/client/{{realm.realm}}">Create</a>
<a class="btn btn-primary" href="#/import/client/{{realm.realm}}" data-ng-show="importButton">Import</a>
</div> </div>
</div> </div>
</th> </th>

7
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html
View file

@ -92,10 +92,13 @@
</div> </div>
</fieldset> </fieldset>
<div class="pull-right form-actions"> <div class="form-group">
<button kc-save>Save</button> <div class="col-md-10 col-md-offset-2">
<button kc-save data-ng-show="changed">Save</button>
<button kc-cancel data-ng-click="cancel()" data-ng-show="changed">Cancel</button>
<button kc-delete data-ng-click="remove()" data-ng-show="!newIdentityProvider">Delete</button> <button kc-delete data-ng-click="remove()" data-ng-show="!newIdentityProvider">Delete</button>
</div> </div>
</div>
</form> </form>
</div> </div>

2
forms/common-themes/src/main/resources/theme/base/admin/resources/templates/kc-tabs-user.html
View file

@ -4,5 +4,5 @@
<li ng-class="{active: path[4] == 'role-mappings'}" ><a href="#/realms/{{realm.realm}}/users/{{user.username}}/role-mappings">Role Mappings</a></li> <li ng-class="{active: path[4] == 'role-mappings'}" ><a href="#/realms/{{realm.realm}}/users/{{user.username}}/role-mappings">Role Mappings</a></li>
<li ng-class="{active: path[4] == 'consents'}"><a href="#/realms/{{realm.realm}}/users/{{user.username}}/consents">Consents</a></li> <li ng-class="{active: path[4] == 'consents'}"><a href="#/realms/{{realm.realm}}/users/{{user.username}}/consents">Consents</a></li>
<li ng-class="{active: path[4] == 'sessions'}" ><a href="#/realms/{{realm.realm}}/users/{{user.username}}/sessions">Sessions</a></li> <li ng-class="{active: path[4] == 'sessions'}" ><a href="#/realms/{{realm.realm}}/users/{{user.username}}/sessions">Sessions</a></li>
<li ng-class="{active: path[4] == 'federated-identity'}" data-ng-show="realm.identityFederationEnabled"><a href="#/realms/{{realm.realm}}/users/{{user.username}}/federated-identity">Federated Identities</a></li> <li ng-class="{active: path[4] == 'federated-identity'}" data-ng-show="user.federatedIdentities && user.federatedIdentities.length > 0"><a href="#/realms/{{realm.realm}}/users/{{user.username}}/federated-identity">Identity Provider Links</a></li>
</ul> </ul>

1
model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
View file

@ -238,6 +238,7 @@ public class ModelToRepresentation {
rep.setFullScopeAllowed(clientModel.isFullScopeAllowed()); rep.setFullScopeAllowed(clientModel.isFullScopeAllowed());
rep.setBearerOnly(clientModel.isBearerOnly()); rep.setBearerOnly(clientModel.isBearerOnly());
rep.setConsentRequired(clientModel.isConsentRequired()); rep.setConsentRequired(clientModel.isConsentRequired());
rep.setDirectGrantsOnly(clientModel.isDirectGrantsOnly());
rep.setSurrogateAuthRequired(clientModel.isSurrogateAuthRequired()); rep.setSurrogateAuthRequired(clientModel.isSurrogateAuthRequired());
rep.setBaseUrl(clientModel.getBaseUrl()); rep.setBaseUrl(clientModel.getBaseUrl());
rep.setNotBefore(clientModel.getNotBefore()); rep.setNotBefore(clientModel.getNotBefore());

2
model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
View file

@ -531,6 +531,7 @@ public class RepresentationToModel {
if (resourceRep.getBaseUrl() != null) client.setBaseUrl(resourceRep.getBaseUrl()); if (resourceRep.getBaseUrl() != null) client.setBaseUrl(resourceRep.getBaseUrl());
if (resourceRep.isBearerOnly() != null) client.setBearerOnly(resourceRep.isBearerOnly()); if (resourceRep.isBearerOnly() != null) client.setBearerOnly(resourceRep.isBearerOnly());
if (resourceRep.isConsentRequired() != null) client.setConsentRequired(resourceRep.isConsentRequired()); if (resourceRep.isConsentRequired() != null) client.setConsentRequired(resourceRep.isConsentRequired());
if (resourceRep.isDirectGrantsOnly() != null) client.setDirectGrantsOnly(resourceRep.isDirectGrantsOnly());
if (resourceRep.isPublicClient() != null) client.setPublicClient(resourceRep.isPublicClient()); if (resourceRep.isPublicClient() != null) client.setPublicClient(resourceRep.isPublicClient());
if (resourceRep.isFrontchannelLogout() != null) client.setFrontchannelLogout(resourceRep.isFrontchannelLogout()); if (resourceRep.isFrontchannelLogout() != null) client.setFrontchannelLogout(resourceRep.isFrontchannelLogout());
if (resourceRep.getProtocol() != null) client.setProtocol(resourceRep.getProtocol()); if (resourceRep.getProtocol() != null) client.setProtocol(resourceRep.getProtocol());
@ -619,6 +620,7 @@ public class RepresentationToModel {
if (rep.isEnabled() != null) resource.setEnabled(rep.isEnabled()); if (rep.isEnabled() != null) resource.setEnabled(rep.isEnabled());
if (rep.isBearerOnly() != null) resource.setBearerOnly(rep.isBearerOnly()); if (rep.isBearerOnly() != null) resource.setBearerOnly(rep.isBearerOnly());
if (rep.isConsentRequired() != null) resource.setConsentRequired(rep.isConsentRequired()); if (rep.isConsentRequired() != null) resource.setConsentRequired(rep.isConsentRequired());
if (rep.isDirectGrantsOnly() != null) resource.setDirectGrantsOnly(rep.isDirectGrantsOnly());
if (rep.isPublicClient() != null) resource.setPublicClient(rep.isPublicClient()); if (rep.isPublicClient() != null) resource.setPublicClient(rep.isPublicClient());
if (rep.isFullScopeAllowed() != null) resource.setFullScopeAllowed(rep.isFullScopeAllowed()); if (rep.isFullScopeAllowed() != null) resource.setFullScopeAllowed(rep.isFullScopeAllowed());
if (rep.isFrontchannelLogout() != null) resource.setFrontchannelLogout(rep.isFrontchannelLogout()); if (rep.isFrontchannelLogout() != null) resource.setFrontchannelLogout(rep.isFrontchannelLogout());

16
services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
View file

@ -59,6 +59,7 @@ import javax.ws.rs.core.UriInfo;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.LinkedList;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
@ -217,7 +218,20 @@ public class UsersResource {
throw new NotFoundException("User not found"); throw new NotFoundException("User not found");
} }
return ModelToRepresentation.toRepresentation(user); UserRepresentation rep = ModelToRepresentation.toRepresentation(user);
if (realm.isIdentityFederationEnabled()) {
Set<FederatedIdentityModel> identities = session.users().getFederatedIdentities(user, realm);
if (!identities.isEmpty()) {
List<FederatedIdentityRepresentation> reps = new LinkedList<>();
for (FederatedIdentityModel m : identities) {
reps.add(ModelToRepresentation.toRepresentation(m));
}
rep.setFederatedIdentities(reps);
}
}
return rep;
} }
/** /**

2
testsuite/integration/src/test/resources/META-INF/keycloak-server.json
View file

@ -43,7 +43,7 @@
"theme": { "theme": {
"default": "keycloak", "default": "keycloak",
"staticMaxAge": 2592000, "staticMaxAge": "${keycloak.theme.staticMaxAge:2592000}",
"cacheTemplates": "${keycloak.theme.cacheTemplates:true}", "cacheTemplates": "${keycloak.theme.cacheTemplates:true}",
"cacheThemes": "${keycloak.theme.cacheThemes:true}", "cacheThemes": "${keycloak.theme.cacheThemes:true}",
"folder": { "folder": {