Merge pull request #77 from Tomar-VRDate/master

version.scim.sdk >1.16.0
Captain-P-Goldfish · Feb 26, 2023 · 555d30b · 555d30b
2 parents 80451e2 + 9443d5b
commit 555d30b
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 7 deletions.
diff --git a/pom.xml b/pom.xml
@@ -42,7 +42,7 @@
 
         <version.keycloak>20.0.1</version.keycloak>
         <version.resteasy-core-spi>4.7.5.Final</version.resteasy-core-spi>
-        <version.scim.sdk>1.13.4</version.scim.sdk>
+        <version.scim.sdk>1.16.0</version.scim.sdk>
 
         <version.sun.javax.activation>1.2.0</version.sun.javax.activation>
         <version.javax.activation>1.1.1</version.javax.activation>

diff --git a/...k-server/src/main/java/de/captaingoldfish/scim/sdk/keycloak/scim/handler/UserHandler.java b/...k-server/src/main/java/de/captaingoldfish/scim/sdk/keycloak/scim/handler/UserHandler.java
@@ -309,9 +309,23 @@ private User modelToUser(UserModel userModel)
     List<Email> emails = getAttributeList(Email.class, AttributeNames.RFC7643.EMAILS, userModel);
 
     Optional.ofNullable(userModel.getEmail()).ifPresent(email -> {
-      // remove emails that are marked as primary in favor of the email property attribute of the user
-      emails.removeIf(MultiComplexNode::isPrimary);
-      emails.add(Email.builder().primary(true).value(email).build());
+      // we are replacing the original email here with the value that is set within the userModel.email field.
+      // why am I doing this?
+      // in some cases emails might be changed directly within the webAdmin interface and the admin would expect
+      // that the email changes accordingly. In order to support this usecase we try to get the original
+      // email build a new object from it and take other the parameters from the original one. And to prevent that
+      // the email is returned twice in the response we are removing it from the original list
+      Email originalPrimaryEmail = emails.stream().filter(Email::isPrimary).findAny().orElse(null);
+      if (originalPrimaryEmail != null)
+      {
+        emails.remove(originalPrimaryEmail);
+        emails.add(Email.builder()
+                        .primary(true)
+                        .display(originalPrimaryEmail.getDisplay().orElse(null))
+                        .value(email)
+                        .type(originalPrimaryEmail.getType().orElse(null))
+                        .build());
+      }
     });
     Name name = Name.builder()
                     .givenName(userModel.getFirstName())

diff --git a/...ver/src/test/java/de/captaingoldfish/scim/sdk/keycloak/scim/handler/GroupHandlerTest.java b/...ver/src/test/java/de/captaingoldfish/scim/sdk/keycloak/scim/handler/GroupHandlerTest.java
@@ -10,6 +10,8 @@
 
 import javax.ws.rs.core.Response;
 
+import org.hamcrest.MatcherAssert;
+import org.hamcrest.Matchers;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
@@ -393,10 +395,13 @@ public void testAdminEventsOnGroupCreatedWithMembers()
     Assertions.assertEquals(5, adminEventList.size());
     // check for created admin event that the group was created
     {
-      AdminEvent adminEvent = adminEventList.get(0);
+      AdminEvent adminEvent = adminEventList.stream()
+                                            .filter(event -> event.getResourceType().equals(ResourceType.GROUP))
+                                            .findAny()
+                                            .get();
       Assertions.assertEquals(getTestClient().getId(), adminEvent.getAuthDetails().getClientId());
       Assertions.assertEquals(getTestUser().getId(), adminEvent.getAuthDetails().getUserId());
-      Assertions.assertEquals("groups/" + createdGroup.getId().get(), adminEvent.getResourcePath());
+      MatcherAssert.assertThat(adminEvent.getResourcePath(), Matchers.endsWith("groups/" + createdGroup.getId().get()));
       Assertions.assertEquals(OperationType.CREATE, adminEvent.getOperationType());
       Assertions.assertEquals(ResourceType.GROUP, adminEvent.getResourceType());
       // equalize the two objects by modifying the meta-attribute. The meta-attribute is not identical because the

diff --git a/...rver/src/test/java/de/captaingoldfish/scim/sdk/keycloak/scim/handler/UserHandlerTest.java b/...rver/src/test/java/de/captaingoldfish/scim/sdk/keycloak/scim/handler/UserHandlerTest.java
@@ -17,7 +17,6 @@
 import org.keycloak.events.admin.OperationType;
 import org.keycloak.models.GroupModel;
 import org.keycloak.models.SubjectCredentialManager;
-import org.keycloak.models.UserCredentialManager;
 import org.keycloak.models.UserCredentialModel;
 import org.keycloak.models.UserModel;
 
@@ -352,6 +351,56 @@ public void testCreateUser()
     }
   }
 
+  /**
+   * this issue recreates: https://github.com/Captain-P-Goldfish/scim-for-keycloak/issues/73 and will make sure
+   * that primary emails with types can be used for filtering
+   */
+  @Test
+  public void testPatchUserWithPrimaryEmailOnTypeFilterInExpression()
+  {
+    ResourceEndpoint resourceEndpoint = ScimConfigurationBridge.getScimResourceEndpoints()
+                                                               .get(getRealmModel().getName());
+    ServiceProvider serviceProvider = resourceEndpoint.getServiceProvider();
+    serviceProvider.setChangePasswordConfig(ChangePasswordConfig.builder().supported(true).build());
+
+    String name = "goldfish";
+
+    User user = User.builder()
+                    .userName(name)
+                    .emails(Arrays.asList(Email.builder().value(name + "@test.de").primary(true).type("work").build(),
+                                          Email.builder().value(name + "[email protected]").type("home").build(),
+                                          Email.builder().value(name + "[email protected]").type("unknown").build()))
+                    .build();
+
+    RequestMock.mockRequest(getScimEndpoint(), getKeycloakSession())
+               .method(HttpMethod.POST)
+               .endpoint(EndpointPaths.USERS);
+    Response response = getScimEndpoint().handleScimRequest(user.toString());
+    User createdUser = JsonHelper.readJsonDocument((String)response.getEntity(), User.class);
+
+    Assertions.assertEquals(HttpStatus.CREATED, response.getStatus());
+
+
+    final String newEmail = "[email protected]";
+    PatchOpRequest patchOpRequest = new PatchOpRequest();
+    patchOpRequest.setOperations(Arrays.asList(PatchRequestOperation.builder()
+                                                                    .op(PatchOp.REPLACE)
+                                                                    .path("emails[type eq \"work\"].value")
+                                                                    .value(newEmail)
+                                                                    .build()));
+    RequestMock.mockRequest(getScimEndpoint(), getKeycloakSession())
+               .method(HttpMethod.PATCH)
+               .endpoint(EndpointPaths.USERS + "/" + createdUser.getId().get());
+    Response patchResponse = getScimEndpoint().handleScimRequest(patchOpRequest.toString());
+    Assertions.assertEquals(HttpStatus.OK, patchResponse.getStatus());
+    User patchedUser = JsonHelper.readJsonDocument((String)patchResponse.getEntity(), User.class);
+
+    Assertions.assertEquals(3, patchedUser.getEmails().size());
+    Email primaryEmail = patchedUser.getEmails().stream().filter(Email::isPrimary).findAny().get();
+    Assertions.assertEquals(newEmail, primaryEmail.getValue().orElse(null));
+    Assertions.assertEquals("work", primaryEmail.getType().orElse(null));
+  }
+
   /**
    * this test must result in an admin-event entry that has an anonymous user and client entered into the table
    */