Update federated links when identity provider alias is changed

keycloak · Mar 18, 2015 · 24f1860 · 24f1860
1 parent 8c4f45f
commit 24f1860
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 20 deletions.
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/MongoUserProvider.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/MongoUserProvider.java
@@ -230,26 +230,12 @@ public Set<FederatedIdentityModel> getFederatedIdentities(UserModel userModel, R
         return result;
     }
 
-    private FederatedIdentityEntity findSocialLink(UserModel userModel, String socialProvider, RealmModel realm) {
-        UserModel user = getUserById(userModel.getId(), realm);
-        MongoUserEntity userEntity = ((UserAdapter) user).getUser();
-        List<FederatedIdentityEntity> linkEntities = userEntity.getFederatedIdentities();
-        if (linkEntities == null) {
-            return null;
-        }
-
-        for (FederatedIdentityEntity federatedIdentityEntity : linkEntities) {
-            if (federatedIdentityEntity.getIdentityProvider().equals(socialProvider)) {
-                return federatedIdentityEntity;
-            }
-        }
-        return null;
-    }
-
-
     @Override
     public FederatedIdentityModel getFederatedIdentity(UserModel user, String socialProvider, RealmModel realm) {
-        FederatedIdentityEntity federatedIdentityEntity = findSocialLink(user, socialProvider, realm);
+        user = getUserById(user.getId(), realm);
+        MongoUserEntity userEntity = ((UserAdapter) user).getUser();
+        FederatedIdentityEntity federatedIdentityEntity = findFederatedIdentityLink(userEntity, socialProvider);
+
         return federatedIdentityEntity != null ? new FederatedIdentityModel(federatedIdentityEntity.getIdentityProvider(), federatedIdentityEntity.getUserId(),
                 federatedIdentityEntity.getUserName(), federatedIdentityEntity.getToken()) : null;
     }

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java
@@ -6,10 +6,12 @@
 import org.keycloak.broker.provider.IdentityProviderFactory;
 import org.keycloak.models.ClientIdentityProviderMappingModel;
 import org.keycloak.models.ClientModel;
+import org.keycloak.models.FederatedIdentityModel;
 import org.keycloak.models.IdentityProviderModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.ModelDuplicateException;
 import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
 import org.keycloak.models.utils.ModelToRepresentation;
 import org.keycloak.models.utils.RepresentationToModel;
 import org.keycloak.provider.ProviderFactory;
@@ -80,11 +82,12 @@ public Response update(IdentityProviderRepresentation providerRep) {
 
             if (oldProviderId != null && !oldProviderId.equals(newProviderId)) {
 
-                // User changed the ID (alias) of identity provider. We must update all clients
-                logger.info("Changing identityProviderMapping in all clients. oldProviderId=" + oldProviderId + ", newProviderId=" + newProviderId);
+                // Admin changed the ID (alias) of identity provider. We must update all clients and users
+                logger.debug("Changing providerId in all clients and linked users. oldProviderId=" + oldProviderId + ", newProviderId=" + newProviderId);
 
                 updateClientsAfterProviderAliasChange(this.realm.getApplications(), oldProviderId, newProviderId);
                 updateClientsAfterProviderAliasChange(this.realm.getOAuthClients(), oldProviderId, newProviderId);
+                updateUsersAfterProviderAliasChange(this.session.users().getUsers(this.realm), oldProviderId, newProviderId);
             }
 
             return Response.noContent().build();
@@ -124,6 +127,22 @@ private void updateClientsAfterProviderAliasChange(List<? extends ClientModel> c
         }
     }
 
+    private void updateUsersAfterProviderAliasChange(List<UserModel> users, String oldProviderId, String newProviderId) {
+        for (UserModel user : users) {
+            FederatedIdentityModel federatedIdentity = this.session.users().getFederatedIdentity(user, oldProviderId, this.realm);
+            if (federatedIdentity != null) {
+                // Remove old link first
+                this.session.users().removeFederatedIdentity(this.realm, user, oldProviderId);
+
+                // And create new
+                FederatedIdentityModel newFederatedIdentity = new FederatedIdentityModel(newProviderId, federatedIdentity.getUserId(), federatedIdentity.getUserName(),
+                        federatedIdentity.getToken());
+                this.session.users().addFederatedIdentity(this.realm, user, newFederatedIdentity);
+            }
+        }
+    }
+
+
     private IdentityProviderFactory getIdentityProviderFactory() {
         List<ProviderFactory> allProviders = new ArrayList<ProviderFactory>();