External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 23:12:06 -03:30
Code Issues Packages Projects Releases Wiki Activity

Lowercase username and email when fetching values from LDAP object

Browse Source 
Closes #43254

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
This commit is contained in:
Pedro Igor 2025-10-07 11:14:50 -03:00 committed by GitHub
parent ab7939f33a
commit 54289f0130
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPUtils.java
View File

@ -27,6 +27,7 @@ import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.TimeZone;
import java.util.function.Consumer;
@ -185,7 +186,7 @@ public class LDAPUtils {
config.getUsernameLdapAttribute() + ", user DN: " + ldapUser.getDn() + ", attributes from LDAP: " + ldapUser.getAttributes());
}
return ldapUsername;
return Optional.of(ldapUsername).map(String::toLowerCase).orElse(null);
}
public static void checkUuid(LDAPObject ldapUser, LDAPConfig config) {

11
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/UserAttributeLDAPStorageMapper.java
View File

@ -17,6 +17,8 @@
package org.keycloak.storage.ldap.mappers;
import static java.util.Optional.ofNullable;
import org.jboss.logging.Logger;
import org.keycloak.component.ComponentModel;
import org.keycloak.models.KeycloakSession;
@ -46,6 +48,7 @@ import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
@ -293,7 +296,9 @@ public class UserAttributeLDAPStorageMapper extends AbstractLDAPStorageMapper {
@Override
public String getUsername() {
if (UserModel.USERNAME.equals(userModelAttrName)) {
return ldapUser.getAttributeAsString(ldapAttrName);
return ofNullable(ldapUser.getAttributeAsString(ldapAttrName))
.map(String::toLowerCase)
.orElse(null);
}
return super.getUsername();
}
@ -301,7 +306,9 @@ public class UserAttributeLDAPStorageMapper extends AbstractLDAPStorageMapper {
@Override
public String getEmail() {
if (UserModel.EMAIL.equals(userModelAttrName)) {
return ldapUser.getAttributeAsString(ldapAttrName);
return ofNullable(ldapUser.getAttributeAsString(ldapAttrName))
.map(String::toLowerCase)
.orElse(null);
}
return super.getEmail();
}

13
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java
View File

@ -457,6 +457,19 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
Assert.assertEquals("jbrown5@email.org", user5.getEmail());
}
@Test
public void testUsernameAndEmailInLowerCaseFromLDAP() {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
LDAPObject ldapObject = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "JBrown9", "John", "Brown9", "JBrown9@Email.org", null, "1234");
LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), ldapObject, "Password1");
UserModel model = session.users().searchForUserStream(ctx.getRealm(), Map.of(UserModel.USERNAME, "JBrown9")).findAny().orElse(null);
Assert.assertNotNull(model);
assertEquals("jbrown9", model.getUsername());
assertEquals("jbrown9@email.org", model.getEmail());
});
}
@Test
public void deleteFederationLink() throws Exception {
// KEYCLOAK-4789: Login in client, which requires consent