KEYCLOAK-1070 JSON representation and export/import for userConsent

core/src/main/java/org/keycloak/representations/idm/UserConsentRepresentation.java

@@ -0,0 +1,28 @@
+package org.keycloak.representations.idm;
+
+import java.util.List;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class UserConsentRepresentation {
+
+    protected List<String> grantedRoles;           // points to roleIds
+    protected List<String> grantedProtocolMappers; // points to protocolMapperIds
+
+    public List<String> getGrantedRoles() {
+        return grantedRoles;
+    }
+
+    public void setGrantedRoles(List<String> grantedRoles) {
+        this.grantedRoles = grantedRoles;
+    }
+
+    public List<String> getGrantedProtocolMappers() {
+        return grantedProtocolMappers;
+    }
+
+    public void setGrantedProtocolMappers(List<String> grantedProtocolMappers) {
+        this.grantedProtocolMappers = grantedProtocolMappers;
+    }
+}

core/src/main/java/org/keycloak/representations/idm/UserRepresentation.java

@@ -27,6 +27,7 @@ public class UserRepresentation {
     protected List<FederatedIdentityRepresentation> federatedIdentities;
     protected List<String> realmRoles;
     protected Map<String, List<String>> clientRoles;
+    protected Map<String, UserConsentRepresentation> clientConsents;
 
     @Deprecated
     protected Map<String, List<String>> applicationRoles;
@@ -176,6 +177,14 @@ public void setClientRoles(Map<String, List<String>> clientRoles) {
         this.clientRoles = clientRoles;
     }
 
+    public Map<String, UserConsentRepresentation> getClientConsents() {
+        return clientConsents;
+    }
+
+    public void setClientConsents(Map<String, UserConsentRepresentation> clientConsents) {
+        this.clientConsents = clientConsents;
+    }
+
     @Deprecated
     public Map<String, List<String>> getApplicationRoles() {
         return applicationRoles;

export-import/export-import-api/src/main/java/org/keycloak/exportimport/util/ExportUtils.java

@@ -8,21 +8,23 @@
 import org.codehaus.jackson.map.SerializationConfig;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.ProtocolMapperModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleContainerModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.models.FederatedIdentityModel;
+import org.keycloak.models.UserConsentModel;
 import org.keycloak.models.UserCredentialValueModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.utils.ModelToRepresentation;
-import org.keycloak.representations.idm.ApplicationRepresentation;
 import org.keycloak.representations.idm.ClientRepresentation;
 import org.keycloak.representations.idm.CredentialRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.RoleRepresentation;
 import org.keycloak.representations.idm.RolesRepresentation;
 import org.keycloak.representations.idm.ScopeMappingRepresentation;
 import org.keycloak.representations.idm.FederatedIdentityRepresentation;
+import org.keycloak.representations.idm.UserConsentRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 
 import java.io.IOException;
@@ -283,6 +285,35 @@ public static UserRepresentation exportUser(KeycloakSession session, RealmModel
         userRep.setCredentials(credReps);
         userRep.setFederationLink(user.getFederationLink());
 
+        // Grants
+        List<UserConsentModel> consents = user.getConsents();
+        Map<String, UserConsentRepresentation> consentReps = new HashMap<String, UserConsentRepresentation>();
+        for (UserConsentModel consent : consents) {
+            String clientId = consent.getClient().getClientId();
+
+            List<String> grantedProtocolMappers = new LinkedList<String>();
+            for (ProtocolMapperModel protocolMapper : consent.getGrantedProtocolMappers()) {
+                grantedProtocolMappers.add(protocolMapper.getId());
+            }
+
+            List<String> grantedRoles = new LinkedList<String>();
+            for (RoleModel role : consent.getGrantedRoles()) {
+                grantedRoles.add(role.getId());
+            }
+
+
+            if (grantedRoles.size() > 0 || grantedProtocolMappers.size() > 0) {
+                UserConsentRepresentation consentRep = new UserConsentRepresentation();
+                if (grantedRoles.size() > 0) consentRep.setGrantedRoles(grantedRoles);
+                if (grantedProtocolMappers.size() > 0) consentRep.setGrantedProtocolMappers(grantedProtocolMappers);
+                consentReps.put(clientId, consentRep);
+            }
+        }
+
+        if (consentReps.size() > 0) {
+            userRep.setClientConsents(consentReps);
+        }
+
         return userRep;
     }
 

forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccessBean.java

@@ -20,7 +20,7 @@ public class AccessBean {
     private List<ClientGrantBean> clientGrants = new LinkedList<ClientGrantBean>();
 
     public AccessBean(RealmModel realm, UserModel user, URI baseUri, String stateChecker) {
-        List<UserConsentModel> grantedConsents = user.getGrantedConsents();
+        List<UserConsentModel> grantedConsents = user.getConsents();
         for (UserConsentModel consent : grantedConsents) {
             ClientModel client = consent.getClient();
 

model/api/src/main/java/org/keycloak/models/UserModel.java

@@ -75,11 +75,11 @@ public interface UserModel {
     String getFederationLink();
     void setFederationLink(String link);
 
-    void addGrantedConsent(UserConsentModel consent);
-    UserConsentModel getGrantedConsentByClient(String clientId);
-    List<UserConsentModel> getGrantedConsents();
-    void updateGrantedConsent(UserConsentModel consent);
-    boolean revokeGrantedConsentForClient(String clientId);
+    void addConsent(UserConsentModel consent);
+    UserConsentModel getConsentByClient(String clientId);
+    List<UserConsentModel> getConsents();
+    void updateConsent(UserConsentModel consent);
+    boolean revokeConsentForClient(String clientId);
 
     public static enum RequiredAction {
         VERIFY_EMAIL, UPDATE_PROFILE, CONFIGURE_TOTP, UPDATE_PASSWORD

model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java

@@ -16,6 +16,7 @@
 import org.keycloak.models.ProtocolMapperModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
+import org.keycloak.models.UserConsentModel;
 import org.keycloak.models.UserCredentialModel;
 import org.keycloak.models.UserCredentialValueModel;
 import org.keycloak.models.UserFederationProviderModel;
@@ -34,6 +35,7 @@
 import org.keycloak.representations.idm.RoleRepresentation;
 import org.keycloak.representations.idm.ScopeMappingRepresentation;
 import org.keycloak.representations.idm.SocialLinkRepresentation;
+import org.keycloak.representations.idm.UserConsentRepresentation;
 import org.keycloak.representations.idm.UserFederationProviderRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.util.UriUtils;
@@ -789,6 +791,35 @@ public static UserModel createUser(KeycloakSession session, RealmModel newRealm,
                 createClientRoleMappings(client, user, entry.getValue());
             }
         }
+        if (userRep.getClientConsents() != null) {
+            for (Map.Entry<String, UserConsentRepresentation> entry : userRep.getClientConsents().entrySet()) {
+                ClientModel client = clientMap.get(entry.getKey());
+                if (client == null) {
+                    throw new RuntimeException("Unable to find client consent mappings for client: " + entry.getKey());
+                }
+
+                UserConsentModel consentModel = new UserConsentModel(newRealm, client.getId());
+
+                UserConsentRepresentation consentRep = entry.getValue();
+                if (consentRep.getGrantedRoles() != null) {
+                    for (String roleId : consentRep.getGrantedRoles()) {
+                        if (newRealm.getRoleById(roleId) == null) {
+                            throw new RuntimeException("Unable to find realm role referenced in consent mappings of user " + user.getUsername() + ". Role ID: " + roleId);
+                        }
+                        consentModel.addGrantedRole(roleId);
+                    }
+                }
+                if (consentRep.getGrantedProtocolMappers() != null) {
+                    for (String mapperId : consentRep.getGrantedProtocolMappers()) {
+                        if (client.getProtocolMapperById(mapperId) == null) {
+                            throw new RuntimeException("Unable to find protocol mapper referenced in consent mappings of user " + user.getUsername() + ". Protocol mapper ID: " + mapperId);
+                        }
+                        consentModel.addGrantedProtocolMapper(mapperId);;
+                    }
+                }
+                user.addConsent(consentModel);
+            }
+        }
         return user;
     }
 

model/api/src/main/java/org/keycloak/models/utils/UserModelDelegate.java

@@ -188,27 +188,27 @@ public void setFederationLink(String link) {
     }
 
     @Override
-    public void addGrantedConsent(UserConsentModel consent) {
-        delegate.addGrantedConsent(consent);
+    public void addConsent(UserConsentModel consent) {
+        delegate.addConsent(consent);
     }
 
     @Override
-    public UserConsentModel getGrantedConsentByClient(String clientId) {
-        return delegate.getGrantedConsentByClient(clientId);
+    public UserConsentModel getConsentByClient(String clientId) {
+        return delegate.getConsentByClient(clientId);
     }
 
     @Override
-    public List<UserConsentModel> getGrantedConsents() {
-        return delegate.getGrantedConsents();
+    public List<UserConsentModel> getConsents() {
+        return delegate.getConsents();
     }
 
     @Override
-    public void updateGrantedConsent(UserConsentModel consent) {
-        delegate.updateGrantedConsent(consent);
+    public void updateConsent(UserConsentModel consent) {
+        delegate.updateConsent(consent);
     }
 
     @Override
-    public boolean revokeGrantedConsentForClient(String clientId) {
-        return delegate.revokeGrantedConsentForClient(clientId);
+    public boolean revokeConsentForClient(String clientId) {
+        return delegate.revokeConsentForClient(clientId);
     }
 }

model/file/src/main/java/org/keycloak/models/file/adapter/ClientAdapter.java

@@ -277,7 +277,8 @@ public ProtocolMapperModel addProtocolMapper(ProtocolMapperModel model) {
             throw new RuntimeException("protocol mapper name must be unique per protocol");
         }
         ProtocolMapperEntity entity = new ProtocolMapperEntity();
-        entity.setId(KeycloakModelUtils.generateId());
+        String id = model.getId() != null ? model.getId() : KeycloakModelUtils.generateId();
+        entity.setId(id);
         entity.setProtocol(model.getProtocol());
         entity.setName(model.getName());
         entity.setProtocolMapper(model.getProtocolMapper());

model/file/src/main/java/org/keycloak/models/file/adapter/UserAdapter.java

@@ -432,29 +432,29 @@ public void setFederationLink(String link) {
     }
 
     @Override
-    public void addGrantedConsent(UserConsentModel consent) {
+    public void addConsent(UserConsentModel consent) {
         // TODO
     }
 
     @Override
-    public UserConsentModel getGrantedConsentByClient(String clientId) {
+    public UserConsentModel getConsentByClient(String clientId) {
         // TODO
         return null;
     }
 
     @Override
-    public List<UserConsentModel> getGrantedConsents() {
+    public List<UserConsentModel> getConsents() {
         // TODO
         return null;
     }
 
     @Override
-    public void updateGrantedConsent(UserConsentModel consent) {
+    public void updateConsent(UserConsentModel consent) {
         // TODO
     }
 
     @Override
-    public boolean revokeGrantedConsentForClient(String clientId) {
+    public boolean revokeConsentForClient(String clientId) {
         // TODO
         return false;
     }

model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserAdapter.java

@@ -277,34 +277,34 @@ public void deleteRoleMapping(RoleModel role) {
     }
 
     @Override
-    public void addGrantedConsent(UserConsentModel consent) {
+    public void addConsent(UserConsentModel consent) {
         getDelegateForUpdate();
-        updated.addGrantedConsent(consent);
+        updated.addConsent(consent);
     }
 
     @Override
-    public UserConsentModel getGrantedConsentByClient(String clientId) {
+    public UserConsentModel getConsentByClient(String clientId) {
         // TODO: caching?
         getDelegateForUpdate();
-        return updated.getGrantedConsentByClient(clientId);
+        return updated.getConsentByClient(clientId);
     }
 
     @Override
-    public List<UserConsentModel> getGrantedConsents() {
+    public List<UserConsentModel> getConsents() {
         // TODO: caching?
         getDelegateForUpdate();
-        return updated.getGrantedConsents();
+        return updated.getConsents();
     }
 
     @Override
-    public void updateGrantedConsent(UserConsentModel consent) {
+    public void updateConsent(UserConsentModel consent) {
         getDelegateForUpdate();
-        updated.updateGrantedConsent(consent);
+        updated.updateConsent(consent);
     }
 
     @Override
-    public boolean revokeGrantedConsentForClient(String clientId) {
+    public boolean revokeConsentForClient(String clientId) {
         getDelegateForUpdate();
-        return updated.revokeGrantedConsentForClient(clientId);
+        return updated.revokeConsentForClient(clientId);
     }
 }

model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java

@@ -378,7 +378,7 @@ public ProtocolMapperModel addProtocolMapper(ProtocolMapperModel model) {
         if (getProtocolMapperByName(model.getProtocol(), model.getName()) != null) {
             throw new RuntimeException("protocol mapper name must be unique per protocol");
         }
-        String id = KeycloakModelUtils.generateId();
+        String id = model.getId() != null ? model.getId() : KeycloakModelUtils.generateId();
         ProtocolMapperEntity entity = new ProtocolMapperEntity();
         entity.setId(id);
         entity.setName(model.getName());

model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java

@@ -480,7 +480,7 @@ public void setFederationLink(String link) {
     }
 
     @Override
-    public void addGrantedConsent(UserConsentModel consent) {
+    public void addConsent(UserConsentModel consent) {
         String clientId = consent.getClient().getId();
 
         UserConsentEntity consentEntity = getGrantedConsentEntity(clientId);
@@ -499,13 +499,13 @@ public void addGrantedConsent(UserConsentModel consent) {
     }
 
     @Override
-    public UserConsentModel getGrantedConsentByClient(String clientId) {
+    public UserConsentModel getConsentByClient(String clientId) {
         UserConsentEntity entity = getGrantedConsentEntity(clientId);
         return toConsentModel(entity);
     }
 
     @Override
-    public List<UserConsentModel> getGrantedConsents() {
+    public List<UserConsentModel> getConsents() {
         TypedQuery<UserConsentEntity> query = em.createNamedQuery("userConsentsByUser", UserConsentEntity.class);
         query.setParameter("userId", getId());
         List<UserConsentEntity> results = query.getResultList();
@@ -519,7 +519,7 @@ public List<UserConsentModel> getGrantedConsents() {
     }
 
     @Override
-    public void updateGrantedConsent(UserConsentModel consent) {
+    public void updateConsent(UserConsentModel consent) {
         String clientId = consent.getClient().getId();
 
         UserConsentEntity consentEntity = getGrantedConsentEntity(clientId);
@@ -531,7 +531,7 @@ public void updateGrantedConsent(UserConsentModel consent) {
     }
 
     @Override
-    public boolean revokeGrantedConsentForClient(String clientId) {
+    public boolean revokeConsentForClient(String clientId) {
         UserConsentEntity consentEntity = getGrantedConsentEntity(clientId);
         if (consentEntity == null) return false;
 

model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java

@@ -305,7 +305,8 @@ public ProtocolMapperModel addProtocolMapper(ProtocolMapperModel model) {
             throw new RuntimeException("protocol mapper name must be unique per protocol");
         }
         ProtocolMapperEntity entity = new ProtocolMapperEntity();
-        entity.setId(KeycloakModelUtils.generateId());
+        String id = model.getId() != null ? model.getId() : KeycloakModelUtils.generateId();
+        entity.setId(id);
         entity.setProtocol(model.getProtocol());
         entity.setName(model.getName());
         entity.setProtocolMapper(model.getProtocolMapper());