keycloak-uncached
Changes
connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/DefaultMongoUpdaterProvider.java 3(+2 -1)
Details
diff --git a/connections/jpa/src/main/java/org/keycloak/connections/jpa/updater/JpaUpdaterProvider.java b/connections/jpa/src/main/java/org/keycloak/connections/jpa/updater/JpaUpdaterProvider.java
index a5429e4..255bec4 100755
--- a/connections/jpa/src/main/java/org/keycloak/connections/jpa/updater/JpaUpdaterProvider.java
+++ b/connections/jpa/src/main/java/org/keycloak/connections/jpa/updater/JpaUpdaterProvider.java
@@ -12,7 +12,7 @@ public interface JpaUpdaterProvider extends Provider {
public String FIRST_VERSION = "1.0.0.Final";
- public String LAST_VERSION = "1.7.0";
+ public String LAST_VERSION = "1.8.0";
public String getCurrentVersionSql(String defaultSchema);
diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.8.0.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.8.0.xml
index d0893a3..5771c12 100755
--- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.8.0.xml
+++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.8.0.xml
@@ -105,6 +105,10 @@
<addPrimaryKey columnNames="TEMPLATE_ID, NAME" constraintName="PK_CL_TMPL_ATTR" tableName="CLIENT_TEMPLATE_ATTRIBUTES"/>
<addForeignKeyConstraint baseColumnNames="TEMPLATE_ID" baseTableName="CLIENT_TEMPLATE_ATTRIBUTES" constraintName="FK_CL_TEMPL_ATTR_TEMPL" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
+ <update tableName="CREDENTIAL">
+ <column name="ALGORITHM" type="VARCHAR(36)" value="pbkdf2" />
+ <where>TYPE in ('password-history', 'password') AND ALGORITHM is NULL</where>
+ </update>
</changeSet>
</databaseChangeLog>
\ No newline at end of file
diff --git a/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/DefaultMongoUpdaterProvider.java b/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/DefaultMongoUpdaterProvider.java
index e66e16d..7c0cd48 100644
--- a/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/DefaultMongoUpdaterProvider.java
+++ b/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/DefaultMongoUpdaterProvider.java
@@ -29,7 +29,8 @@ public class DefaultMongoUpdaterProvider implements MongoUpdaterProvider {
Update1_2_0_CR1.class,
Update1_3_0.class,
Update1_4_0.class,
- Update1_7_0.class
+ Update1_7_0.class,
+ Update1_8_0.class
};
@Override
diff --git a/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_8_0.java b/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_8_0.java
new file mode 100644
index 0000000..25c5835
--- /dev/null
+++ b/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_8_0.java
@@ -0,0 +1,44 @@
+package org.keycloak.connections.mongo.updater.impl.updates;
+
+import com.mongodb.BasicDBList;
+import com.mongodb.BasicDBObject;
+import com.mongodb.DBCollection;
+import com.mongodb.WriteResult;
+import org.keycloak.hash.Pbkdf2PasswordHashProvider;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.UserCredentialModel;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class Update1_8_0 extends Update {
+
+ @Override
+ public String getId() {
+ return "1.8.0";
+ }
+
+ @Override
+ public void update(KeycloakSession session) {
+ BasicDBList orArgs = new BasicDBList();
+ orArgs.add(new BasicDBObject("type", UserCredentialModel.PASSWORD));
+ orArgs.add(new BasicDBObject("type", UserCredentialModel.PASSWORD_HISTORY));
+
+ BasicDBObject elemMatch = new BasicDBObject("$or", orArgs);
+ elemMatch.put("algorithm", new BasicDBObject("$exists", false));
+
+ BasicDBObject query = new BasicDBObject("credentials", new BasicDBObject("$elemMatch", elemMatch));
+
+ BasicDBObject update = new BasicDBObject("$set", new BasicDBObject("credentials.$.algorithm", Pbkdf2PasswordHashProvider.ID));
+
+ DBCollection users = db.getCollection("users");
+
+ // Not sure how to do in single query
+ int countModified = 1;
+ while (countModified > 0) {
+ WriteResult wr = users.update(query, update, false, true);
+ countModified = wr.getN();
+ log.debugf("%d credentials modified in current iteration during upgrade to 1.8", countModified);
+ }
+ }
+}
diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
index ed5fd93..2c83d3f 100755
--- a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
@@ -2,6 +2,8 @@ package org.keycloak.representations.idm;
import java.util.*;
+import org.codehaus.jackson.annotate.JsonIgnore;
+
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
@@ -88,8 +90,6 @@ public class RealmRepresentation {
private List<IdentityProviderRepresentation> identityProviders;
private List<IdentityProviderMapperRepresentation> identityProviderMappers;
private List<ProtocolMapperRepresentation> protocolMappers;
- @Deprecated
- private Boolean identityFederationEnabled;
protected Boolean internationalizationEnabled;
protected Set<String> supportedLocales;
protected String defaultLocale;
@@ -826,4 +826,10 @@ public class RealmRepresentation {
public void setClientTemplates(List<ClientTemplateRepresentation> clientTemplates) {
this.clientTemplates = clientTemplates;
}
+
+ @JsonIgnore
+ public boolean isIdentityFederationEnabled() {
+ return identityProviders != null && !identityProviders.isEmpty();
+ }
+
}
diff --git a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
index 87394a1..612daba 100755
--- a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
+++ b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
@@ -1,6 +1,7 @@
package org.keycloak.models.utils;
import org.keycloak.Config;
+import org.keycloak.hash.Pbkdf2PasswordHashProvider;
import org.keycloak.models.ClientTemplateModel;
import org.keycloak.models.Constants;
import org.keycloak.common.util.Base64;
@@ -1253,14 +1254,21 @@ public class RepresentationToModel {
hashedCred.setValue(cred.getHashedSaltedValue());
if (cred.getCounter() != null) hashedCred.setCounter(cred.getCounter());
if (cred.getDigits() != null) hashedCred.setDigits(cred.getDigits());
- if (cred.getAlgorithm() != null) hashedCred.setAlgorithm(cred.getAlgorithm());
+
+ if (cred.getAlgorithm() != null) {
+ hashedCred.setAlgorithm(cred.getAlgorithm());
+ } else {
+ if (UserCredentialModel.PASSWORD.equals(cred.getType()) || UserCredentialModel.PASSWORD_HISTORY.equals(cred.getType())) {
+ hashedCred.setAlgorithm(Pbkdf2PasswordHashProvider.ID);
+ } else if (UserCredentialModel.isOtp(cred.getType())) {
+ hashedCred.setAlgorithm(HmacOTP.HMAC_SHA1);
+ }
+ }
+
if (cred.getPeriod() != null) hashedCred.setPeriod(cred.getPeriod());
if (cred.getDigits() == null && UserCredentialModel.isOtp(cred.getType())) {
hashedCred.setDigits(6);
}
- if (cred.getAlgorithm() == null && UserCredentialModel.isOtp(cred.getType())) {
- hashedCred.setAlgorithm(HmacOTP.HMAC_SHA1);
- }
if (cred.getPeriod() == null && UserCredentialModel.TOTP.equals(cred.getType())) {
hashedCred.setPeriod(30);
}