From 4da0d94b96e662b8dffe281d0a2de812f11cda71 Mon Sep 17 00:00:00 2001 From: Jacek Kowalski <Jacek@jacekk.info> Date: Sun, 10 May 2020 20:40:15 +0000 Subject: [PATCH] Filter potentially dangerous input in GitHub Actions workflows --- src/main/java/org/keycloak/protocol/cas/mappers/UserAttributeMapper.java | 30 +++++++++++++++++++++++------- 1 files changed, 23 insertions(+), 7 deletions(-) diff --git a/src/main/java/org/keycloak/protocol/cas/mappers/UserAttributeMapper.java b/src/main/java/org/keycloak/protocol/cas/mappers/UserAttributeMapper.java index 19173c2..1ec125d 100644 --- a/src/main/java/org/keycloak/protocol/cas/mappers/UserAttributeMapper.java +++ b/src/main/java/org/keycloak/protocol/cas/mappers/UserAttributeMapper.java @@ -1,14 +1,13 @@ package org.keycloak.protocol.cas.mappers; -import org.keycloak.models.ProtocolMapperModel; -import org.keycloak.models.UserModel; -import org.keycloak.models.UserSessionModel; +import org.keycloak.models.*; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.protocol.ProtocolMapperUtils; import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper; import org.keycloak.provider.ProviderConfigProperty; import java.util.ArrayList; +import java.util.Collection; import java.util.List; import java.util.Map; @@ -33,6 +32,12 @@ property.setType(ProviderConfigProperty.BOOLEAN_TYPE); configProperties.add(property); + property = new ProviderConfigProperty(); + property.setName(ProtocolMapperUtils.AGGREGATE_ATTRS); + property.setLabel(ProtocolMapperUtils.AGGREGATE_ATTRS_LABEL); + property.setHelpText(ProtocolMapperUtils.AGGREGATE_ATTRS_HELP_TEXT); + property.setType(ProviderConfigProperty.BOOLEAN_TYPE); + configProperties.add(property); } public static final String PROVIDER_ID = "cas-usermodel-attribute-mapper"; @@ -59,22 +64,33 @@ } @Override - public void setAttribute(Map<String, Object> attributes, ProtocolMapperModel mappingModel, UserSessionModel userSession) { + public void setAttribute(Map<String, Object> attributes, ProtocolMapperModel mappingModel, UserSessionModel userSession, + KeycloakSession session, ClientSessionContext clientSessionCt) { UserModel user = userSession.getUser(); String attributeName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_ATTRIBUTE); - List<String> attributeValue = KeycloakModelUtils.resolveAttribute(user, attributeName); + boolean aggregateAttrs = Boolean.valueOf(mappingModel.getConfig().get(ProtocolMapperUtils.AGGREGATE_ATTRS)); + Collection<String> attributeValue = KeycloakModelUtils.resolveAttribute(user, attributeName, aggregateAttrs); setMappedAttribute(attributes, mappingModel, attributeValue); } public static ProtocolMapperModel create(String name, String userAttribute, String tokenClaimName, String claimType, - boolean consentRequired, String consentText, boolean multivalued) { + boolean multivalued) { + return create(name, userAttribute, tokenClaimName, claimType, multivalued, false); + } + + public static ProtocolMapperModel create(String name, String userAttribute, + String tokenClaimName, String claimType, + boolean multivalued, boolean aggregateAttrs) { ProtocolMapperModel mapper = CASAttributeMapperHelper.createClaimMapper(name, tokenClaimName, - claimType, consentRequired, consentText, PROVIDER_ID); + claimType, PROVIDER_ID); mapper.getConfig().put(ProtocolMapperUtils.USER_ATTRIBUTE, userAttribute); if (multivalued) { mapper.getConfig().put(ProtocolMapperUtils.MULTIVALUED, "true"); } + if (aggregateAttrs) { + mapper.getConfig().put(ProtocolMapperUtils.AGGREGATE_ATTRS, "true"); + } return mapper; } } -- Gitblit v1.9.1