From 4da0d94b96e662b8dffe281d0a2de812f11cda71 Mon Sep 17 00:00:00 2001
From: Jacek Kowalski <Jacek@jacekk.info>
Date: Sun, 10 May 2020 20:40:15 +0000
Subject: [PATCH] Filter potentially dangerous input in GitHub Actions workflows

---
 src/main/java/org/keycloak/protocol/cas/mappers/AbstractCASProtocolMapper.java |   18 +++++++++++++++++-
 1 files changed, 17 insertions(+), 1 deletions(-)

diff --git a/src/main/java/org/keycloak/protocol/cas/mappers/AbstractCASProtocolMapper.java b/src/main/java/org/keycloak/protocol/cas/mappers/AbstractCASProtocolMapper.java
index 8c61a4e..6838f6d 100644
--- a/src/main/java/org/keycloak/protocol/cas/mappers/AbstractCASProtocolMapper.java
+++ b/src/main/java/org/keycloak/protocol/cas/mappers/AbstractCASProtocolMapper.java
@@ -3,10 +3,14 @@
 import org.keycloak.Config;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.KeycloakSessionFactory;
+import org.keycloak.models.ProtocolMapperModel;
 import org.keycloak.protocol.ProtocolMapper;
 import org.keycloak.protocol.cas.CASLoginProtocol;
+import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
 
-public abstract class AbstractCASProtocolMapper implements ProtocolMapper {
+import java.util.Map;
+
+public abstract class AbstractCASProtocolMapper implements ProtocolMapper, CASAttributeMapper {
     public static final String TOKEN_MAPPER_CATEGORY = "Token mapper";
 
     @Override
@@ -35,4 +39,16 @@
     public String getDisplayCategory() {
         return TOKEN_MAPPER_CATEGORY;
     }
+
+    protected void setMappedAttribute(Map<String, Object> attributes, ProtocolMapperModel mappingModel, Object attributeValue) {
+        setPlainAttribute(attributes, mappingModel, OIDCAttributeMapperHelper.mapAttributeValue(mappingModel, attributeValue));
+    }
+
+    protected void setPlainAttribute(Map<String, Object> attributes, ProtocolMapperModel mappingModel, Object attributeValue) {
+        String protocolClaim = mappingModel.getConfig().get(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME);
+        if (protocolClaim == null || attributeValue == null) {
+            return;
+        }
+        attributes.put(protocolClaim, attributeValue);
+    }
 }

--
Gitblit v1.9.1