Skip to content

Commit

Permalink
Fix Initial Credentials Causes Update
Browse files Browse the repository at this point in the history
  • Loading branch information
AssahBismarkabah committed Nov 26, 2024
1 parent 3d03500 commit 5207d3c
Show file tree
Hide file tree
Showing 6 changed files with 125 additions and 1 deletion.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]
### Fixed
- Fix Initial Credentials Causes Update [819](https://github.com/adorsys/keycloak-config-cli/issues/819)

## Fixed
- otpPolicyAlgorithm ignored during import [#847](https://github.com/adorsys/keycloak-config-cli/issues/847)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ private void updateUser(UserRepresentation existingUser) {
credentialRepresentation.getUserLabel(), USER_LABEL_FOR_INITIAL_CREDENTIAL
))
.toList();
patchedUser.setCredentials(userCredentials);
patchedUser.setCredentials(userCredentials.isEmpty() ? null : userCredentials);
}

if (!CloneUtil.deepEquals(existingUser, patchedUser, "access")) {
Expand Down
10 changes: 10 additions & 0 deletions src/main/java/de/adorsys/keycloak/config/util/CloneUtil.java
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,10 @@ public static <S, T> boolean deepEquals(S origin, T other, String... ignoredProp
removeIgnoredProperties(originJsonNode, ignoredProperties);
removeIgnoredProperties(otherJsonNode, ignoredProperties);


handleEmptyCredentials(originJsonNode);
handleEmptyCredentials(otherJsonNode);

boolean ret = Objects.equals(originJsonNode, otherJsonNode);
logger.trace("objects.deepEquals: ret: {} | origin: {} | other: {} | ignoredProperties: {}",
ret, originJsonNode, otherJsonNode, ignoredProperties
Expand All @@ -108,6 +112,12 @@ public static <S, T> boolean deepEquals(S origin, T other, String... ignoredProp
return ret;
}

private static void handleEmptyCredentials(JsonNode jsonNode) {
if (jsonNode.has("credentials") && jsonNode.get("credentials").isEmpty()) {
((ObjectNode) jsonNode).remove("credentials");
}
}

private static void removeIgnoredProperties(JsonNode jsonNode, String[] ignoredProperties) {
((ObjectNode) jsonNode).remove(Arrays.asList(ignoredProperties));
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -494,6 +494,38 @@ void shouldUpdateRealmUpdateUserRemoveSubGroup() throws IOException {
assertThat(group2.getName(), is("subgroup2"));
}

@Test
@Order(15)
void shouldNotUpdateUserWhenOnlyInitialPasswordChanges() throws IOException {
doImport("15.0_update_realm_change_clientusers_password.json");

UserRepresentation userBefore = keycloakRepository.getUser(REALM_NAME, "myinitialclientuser");
String modifiedAtBefore = null;
if (userBefore.getAttributes() != null && userBefore.getAttributes().containsKey("modifiedAt")) {
modifiedAtBefore = userBefore.getAttributes().get("modifiedAt").get(0);
}

doImport("15.1_update_realm_change_clientusers_password.json");

UserRepresentation userAfter = keycloakRepository.getUser(REALM_NAME, "myinitialclientuser");
String modifiedAtAfter = null;
if (userAfter.getAttributes() != null && userAfter.getAttributes().containsKey("modifiedAt")) {
modifiedAtAfter = userAfter.getAttributes().get("modifiedAt").get(0);
}

assertThat(modifiedAtAfter, is(modifiedAtBefore));

AccessTokenResponse token = keycloakAuthentication.login(
REALM_NAME,
"moped-client",
"my-special-client-secret",
"myinitialclientuser",
"initialchangedclientuser123"
);

assertThat(token.getToken(), notNullValue());
}

@Test
@Order(50)
void shouldUpdateUserWithEmailAsRegistration() throws IOException {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
{
"enabled": true,
"realm": "realmWithUsers",
"users": [
{
"username": "myinitialclientuser",
"email": "[email protected]",
"enabled": true,
"firstName": "My clientuser's firstname",
"lastName": "My clientuser's lastname",
"attributes": {
"modifiedAt": ["2023-01-01T00:00:00Z"]
},
"credentials": [
{
"type": "password",
"userLabel": "initial",
"value": "initialchangedclientuser123"
}
]
}
],
"clients": [
{
"clientId": "moped-client",
"name": "moped-client",
"description": "Moped-Client",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "my-special-client-secret",
"directAccessGrantsEnabled": true,
"redirectUris": [
"*"
],
"webOrigins": [
"*"
]
}
]
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
{
"enabled": true,
"realm": "realmWithUsers",
"users": [
{
"username": "myinitialclientuser",
"email": "[email protected]",
"enabled": true,
"firstName": "My clientuser's firstname",
"lastName": "My clientuser's lastname",
"attributes": {
"modifiedAt": ["2023-01-01T00:00:00Z"]
},
"credentials": [
{
"type": "password",
"userLabel": "initial",
"value": "newInitialPassword123"
}
]
}
],
"clients": [
{
"clientId": "moped-client",
"name": "moped-client",
"description": "Moped-Client",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "my-special-client-secret",
"directAccessGrantsEnabled": true,
"redirectUris": [
"*"
],
"webOrigins": [
"*"
]
}
]
}

0 comments on commit 5207d3c

Please sign in to comment.