From 4da0d94b96e662b8dffe281d0a2de812f11cda71 Mon Sep 17 00:00:00 2001
From: Jacek Kowalski <Jacek@jacekk.info>
Date: Sun, 10 May 2020 20:40:15 +0000
Subject: [PATCH] Filter potentially dangerous input in GitHub Actions workflows
---
src/main/java/org/keycloak/protocol/cas/mappers/UserAttributeMapper.java | 30 +++++++++++++++++++++++-------
1 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/src/main/java/org/keycloak/protocol/cas/mappers/UserAttributeMapper.java b/src/main/java/org/keycloak/protocol/cas/mappers/UserAttributeMapper.java
index 19173c2..1ec125d 100644
--- a/src/main/java/org/keycloak/protocol/cas/mappers/UserAttributeMapper.java
+++ b/src/main/java/org/keycloak/protocol/cas/mappers/UserAttributeMapper.java
@@ -1,14 +1,13 @@
package org.keycloak.protocol.cas.mappers;
-import org.keycloak.models.ProtocolMapperModel;
-import org.keycloak.models.UserModel;
-import org.keycloak.models.UserSessionModel;
+import org.keycloak.models.*;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
import org.keycloak.provider.ProviderConfigProperty;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.List;
import java.util.Map;
@@ -33,6 +32,12 @@
property.setType(ProviderConfigProperty.BOOLEAN_TYPE);
configProperties.add(property);
+ property = new ProviderConfigProperty();
+ property.setName(ProtocolMapperUtils.AGGREGATE_ATTRS);
+ property.setLabel(ProtocolMapperUtils.AGGREGATE_ATTRS_LABEL);
+ property.setHelpText(ProtocolMapperUtils.AGGREGATE_ATTRS_HELP_TEXT);
+ property.setType(ProviderConfigProperty.BOOLEAN_TYPE);
+ configProperties.add(property);
}
public static final String PROVIDER_ID = "cas-usermodel-attribute-mapper";
@@ -59,22 +64,33 @@
}
@Override
- public void setAttribute(Map<String, Object> attributes, ProtocolMapperModel mappingModel, UserSessionModel userSession) {
+ public void setAttribute(Map<String, Object> attributes, ProtocolMapperModel mappingModel, UserSessionModel userSession,
+ KeycloakSession session, ClientSessionContext clientSessionCt) {
UserModel user = userSession.getUser();
String attributeName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_ATTRIBUTE);
- List<String> attributeValue = KeycloakModelUtils.resolveAttribute(user, attributeName);
+ boolean aggregateAttrs = Boolean.valueOf(mappingModel.getConfig().get(ProtocolMapperUtils.AGGREGATE_ATTRS));
+ Collection<String> attributeValue = KeycloakModelUtils.resolveAttribute(user, attributeName, aggregateAttrs);
setMappedAttribute(attributes, mappingModel, attributeValue);
}
public static ProtocolMapperModel create(String name, String userAttribute,
String tokenClaimName, String claimType,
- boolean consentRequired, String consentText, boolean multivalued) {
+ boolean multivalued) {
+ return create(name, userAttribute, tokenClaimName, claimType, multivalued, false);
+ }
+
+ public static ProtocolMapperModel create(String name, String userAttribute,
+ String tokenClaimName, String claimType,
+ boolean multivalued, boolean aggregateAttrs) {
ProtocolMapperModel mapper = CASAttributeMapperHelper.createClaimMapper(name, tokenClaimName,
- claimType, consentRequired, consentText, PROVIDER_ID);
+ claimType, PROVIDER_ID);
mapper.getConfig().put(ProtocolMapperUtils.USER_ATTRIBUTE, userAttribute);
if (multivalued) {
mapper.getConfig().put(ProtocolMapperUtils.MULTIVALUED, "true");
}
+ if (aggregateAttrs) {
+ mapper.getConfig().put(ProtocolMapperUtils.AGGREGATE_ATTRS, "true");
+ }
return mapper;
}
}
--
Gitblit v1.9.1