Prosoft Git

keycloak-uncached

Merge pull request #3666 from hmlnarik/KEYCLOAK-4072-User-ID-from-User-Storage-Provider-too-long-for-Offline-User-Session KEYCLOAK-4072

1/13/2017 12:39:45 PM
Bill Burke

Bill Burke

Commit: aa78c9e

Tree: a91369a

Parents: 2f7143e
3e3216f

Changes

model/jpa/src/main/java/org/keycloak/models/jpa/session/PersistentUserSessionEntity.java 3(+3 -0)

model/jpa/src/main/java/org/keycloak/storage/jpa/entity/BrokerLinkEntity.java 3(+3 -0)

model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUser.java 3(+3 -0)

model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserGroupMembershipEntity.java 3(+3 -0)

model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserRequiredActionEntity.java 3(+3 -0)

model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserRoleMappingEntity.java 3(+3 -0)

model/jpa/src/main/java/org/keycloak/storage/jpa/KeyUtils.java 56(+56 -0)

model/jpa/src/test/java/org/keycloak/storage/jpa/KeyUtilsTest.java 53(+53 -0)

Details

model/jpa/src/main/java/org/keycloak/models/jpa/session/PersistentUserSessionEntity.java 3(+3 -0) 

diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/session/PersistentUserSessionEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/session/PersistentUserSessionEntity.java
index af47a13..94aae1e 100644
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/session/PersistentUserSessionEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/session/PersistentUserSessionEntity.java
@@ -17,6 +17,8 @@
 
 package org.keycloak.models.jpa.session;
 
+import org.keycloak.storage.jpa.KeyUtils;
+
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.Id;
@@ -84,6 +86,7 @@ public class PersistentUserSessionEntity {
     }
 
     public void setUserId(String userId) {
+        KeyUtils.assertValidKey(userId);
         this.userId = userId;
     }

model/jpa/src/main/java/org/keycloak/storage/jpa/entity/BrokerLinkEntity.java 3(+3 -0) 

diff --git a/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/BrokerLinkEntity.java b/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/BrokerLinkEntity.java
index 24cddf4..a32acb6 100755
--- a/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/BrokerLinkEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/BrokerLinkEntity.java
@@ -17,6 +17,8 @@
 
 package org.keycloak.storage.jpa.entity;
 
+import org.keycloak.storage.jpa.KeyUtils;
+
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.Id;
@@ -71,6 +73,7 @@ public class BrokerLinkEntity {
     }
 
     public void setUserId(String userId) {
+        KeyUtils.assertValidKey(userId);
         this.userId = userId;
     }

model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUser.java 3(+3 -0) 

diff --git a/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUser.java b/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUser.java
index c74c630..ebc1db0 100644
--- a/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUser.java
+++ b/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUser.java
@@ -16,6 +16,8 @@
  */
 package org.keycloak.storage.jpa.entity;
 
+import org.keycloak.storage.jpa.KeyUtils;
+
 import javax.persistence.Access;
 import javax.persistence.AccessType;
 import javax.persistence.Column;
@@ -58,6 +60,7 @@ public class FederatedUser {
     }
 
     public void setId(String id) {
+        KeyUtils.assertValidKey(id);
         this.id = id;
     }

model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserGroupMembershipEntity.java 3(+3 -0) 

diff --git a/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserGroupMembershipEntity.java b/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserGroupMembershipEntity.java
index ffe130a..2cf6857 100755
--- a/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserGroupMembershipEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserGroupMembershipEntity.java
@@ -17,6 +17,8 @@
 
 package org.keycloak.storage.jpa.entity;
 
+import org.keycloak.storage.jpa.KeyUtils;
+
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.Id;
@@ -74,6 +76,7 @@ public class FederatedUserGroupMembershipEntity {
     }
 
     public void setUserId(String userId) {
+        KeyUtils.assertValidKey(userId);
         this.userId = userId;
     }

model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserRequiredActionEntity.java 3(+3 -0) 

diff --git a/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserRequiredActionEntity.java b/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserRequiredActionEntity.java
index cea6908..d4b4879 100755
--- a/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserRequiredActionEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserRequiredActionEntity.java
@@ -17,6 +17,8 @@
 
 package org.keycloak.storage.jpa.entity;
 
+import org.keycloak.storage.jpa.KeyUtils;
+
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.Id;
@@ -69,6 +71,7 @@ public class FederatedUserRequiredActionEntity {
     }
 
     public void setUserId(String userId) {
+        KeyUtils.assertValidKey(userId);
         this.userId = userId;
     }

model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserRoleMappingEntity.java 3(+3 -0) 

diff --git a/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserRoleMappingEntity.java b/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserRoleMappingEntity.java
index a7c4099..1a2580f 100755
--- a/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserRoleMappingEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserRoleMappingEntity.java
@@ -17,6 +17,8 @@
 
 package org.keycloak.storage.jpa.entity;
 
+import org.keycloak.storage.jpa.KeyUtils;
+
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.Id;
@@ -64,6 +66,7 @@ public class FederatedUserRoleMappingEntity {
     }
 
     public void setUserId(String userId) {
+        KeyUtils.assertValidKey(userId);
         this.userId = userId;
     }

model/jpa/src/main/java/org/keycloak/storage/jpa/KeyUtils.java 56(+56 -0) 

diff --git a/model/jpa/src/main/java/org/keycloak/storage/jpa/KeyUtils.java b/model/jpa/src/main/java/org/keycloak/storage/jpa/KeyUtils.java
new file mode 100644
index 0000000..ac2bc25
--- /dev/null
+++ b/model/jpa/src/main/java/org/keycloak/storage/jpa/KeyUtils.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.storage.jpa;
+
+import java.util.regex.Pattern;
+import org.jboss.logging.Logger;
+
+/**
+ *
+ * @author hmlnarik
+ */
+public class KeyUtils {
+
+    private static final Logger LOG = Logger.getLogger(KeyUtils.class);
+
+    public static final Pattern UUID_PATTERN = Pattern.compile("[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}");
+
+    public static final Pattern EXPECTED_KEY_PATTERN = Pattern.compile(
+      UUID_PATTERN.pattern()
+      + "|"
+      + "f:" + UUID_PATTERN.pattern() + ":.*"
+    );
+
+    /**
+     * Returns {@code} true when the key is {@code null} or either a plain UUID or a key formatted as "f:[UUID]:any_string"
+     * @param key String representation of the key
+     * @return 
+     */
+    public static boolean isValidKey(String key) {
+        return key == null || EXPECTED_KEY_PATTERN.matcher(key).matches();
+    }
+
+    /**
+     * Logs an warning when the key is not a valid key
+     * @param key String representation of the key
+     */
+    public static void assertValidKey(String key) throws IllegalArgumentException {
+        if (! isValidKey(key)) {
+            LOG.warnf("The given key is not a valid key per specification, future migration might fail: %s", key);
+        }
+    }
+}

model/jpa/src/test/java/org/keycloak/storage/jpa/KeyUtilsTest.java 53(+53 -0) 

diff --git a/model/jpa/src/test/java/org/keycloak/storage/jpa/KeyUtilsTest.java b/model/jpa/src/test/java/org/keycloak/storage/jpa/KeyUtilsTest.java
new file mode 100644
index 0000000..8dce67b
--- /dev/null
+++ b/model/jpa/src/test/java/org/keycloak/storage/jpa/KeyUtilsTest.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.storage.jpa;
+
+import java.util.UUID;
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+/**
+ *
+ * @author hmlnarik
+ */
+public class KeyUtilsTest {
+
+    @Test
+    public void testValidKeys() {
+        assertTrue(KeyUtils.isValidKey(UUID.randomUUID().toString()));
+        assertTrue(KeyUtils.isValidKey("01234567-1234-1234-aAAa-123456789012"));
+        assertTrue(KeyUtils.isValidKey("01234567-1234-1234-aAAf-123456789012"));
+
+        assertTrue(KeyUtils.isValidKey("f:" + UUID.randomUUID() + ":dsadsada"));
+        assertTrue(KeyUtils.isValidKey("f:01234567-1234-1234-aAAa-123456789012:dsadsada"));
+        assertTrue(KeyUtils.isValidKey("f:a1234567-1234-1234-aAAa-123456789012:dsadsada"));
+    }
+
+    @Test
+    public void testInvalidKeys() {
+        assertFalse(KeyUtils.isValidKey("any string"));
+        assertFalse(KeyUtils.isValidKey("0"));
+        assertFalse(KeyUtils.isValidKey("01234567-1234-1234-aAAg-123456789012a"));
+        assertFalse(KeyUtils.isValidKey("z1234567-1234-1234-aAAa-123456789012"));
+
+        assertFalse(KeyUtils.isValidKey("f:g1234567-1234-1234-aAAa-123456789012:dsadsada"));
+        assertFalse(KeyUtils.isValidKey("g:a1234567-1234-1234-aAAa-123456789012:dsadsada"));
+        assertFalse(KeyUtils.isValidKey("f:a1234567-1234-1234-aAAa-123456789012"));
+    }
+
+}

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github