Merge remote-tracking branch 'IQSS/develop' into FTFix

Author: qqmyers

.github/workflows/container_maintenance.yml

@@ -173,7 +173,7 @@ jobs:
         with:
           platforms: ${{ env.PLATFORMS }}
       - name: Setup Trivy binary for vulnerability scanning
-        uses: aquasecurity/[email protected].3
+        uses: aquasecurity/[email protected].4
         with:
           version: v0.63.0
 

.github/workflows/deploy_beta_testing.yml

@@ -50,7 +50,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Download war artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: built-app
           path: ./

.github/workflows/maven_unit_test.yml

@@ -112,7 +112,7 @@ jobs:
                   cache: maven
 
             # Get the build output from the unit test job
-            - uses: actions/download-artifact@v4
+            - uses: actions/download-artifact@v5
               with:
                   name: java-artifacts
             - run: |
@@ -145,7 +145,7 @@ jobs:
                 cache: maven
 
           # Get the build output from the integration test job
-          - uses: actions/download-artifact@v4
+          - uses: actions/download-artifact@v5
             with:
                 name: java-reportdir
           - run: tar -xvf java-reportdir.tar

conf/keycloak/Dockerfile

@@ -14,10 +14,10 @@ RUN mvn clean package
 # ------------------------------------------
 # Stage 2: Build Keycloak Image
 # ------------------------------------------
-FROM quay.io/keycloak/keycloak:26.1.4
+FROM quay.io/keycloak/keycloak:26.3.2
 
 # Add the Oracle JDBC jars
-ARG ORACLE_JDBC_VERSION=23.7.0.25.01
+ARG ORACLE_JDBC_VERSION=23.8.0.25.04
 ADD --chown=keycloak:keycloak https://repo1.maven.org/maven2/com/oracle/database/jdbc/ojdbc11/${ORACLE_JDBC_VERSION}/ojdbc11-${ORACLE_JDBC_VERSION}.jar /opt/keycloak/providers/ojdbc11.jar
 ADD --chown=keycloak:keycloak https://repo1.maven.org/maven2/com/oracle/database/nls/orai18n/${ORACLE_JDBC_VERSION}/orai18n-${ORACLE_JDBC_VERSION}.jar /opt/keycloak/providers/orai18n.jar
 
@@ -29,7 +29,7 @@ COPY --from=builder /app/target/keycloak-dv-builtin-users-authenticator-1.0-SNAP
 
 # Copy additional configurations
 COPY ./builtin-users-spi/conf/quarkus.properties /opt/keycloak/conf/
-COPY ./test-realm.json /opt/keycloak/data/import/
+COPY ./test-realm-include-spi.json /opt/keycloak/data/import/
 
 # Set the Keycloak command
 ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]

conf/keycloak/builtin-users-spi/pom.xml

@@ -100,7 +100,7 @@
     </build>
 
     <properties>
-        <keycloak.version>26.1.4</keycloak.version>
+        <keycloak.version>26.3.2</keycloak.version>
         <java.version>17</java.version>
         <jakarta.persistence.version>3.2.0</jakarta.persistence.version>
         <mindrot.jbcrypt.version>0.4</mindrot.jbcrypt.version>

conf/keycloak/builtin-users-spi/src/main/java/edu/harvard/iq/keycloak/auth/spi/adapters/DataverseUserAdapter.java

@@ -1,6 +1,7 @@
 package edu.harvard.iq.keycloak.auth.spi.adapters;
 
 import edu.harvard.iq.keycloak.auth.spi.models.DataverseUser;
+import edu.harvard.iq.keycloak.auth.spi.providers.DataverseUserStorageProviderFactory;
 import org.keycloak.component.ComponentModel;
 import org.keycloak.models.GroupModel;
 import org.keycloak.models.KeycloakSession;
@@ -15,10 +16,13 @@ public class DataverseUserAdapter extends AbstractUserAdapterFederatedStorage {
     protected DataverseUser dataverseUser;
     protected String keycloakId;
 
+    private static final String ATTRIBUTE_NAME_IDP = "idp";
+
     public DataverseUserAdapter(KeycloakSession session, RealmModel realm, ComponentModel model, DataverseUser dataverseUser) {
         super(session, realm, model);
         this.dataverseUser = dataverseUser;
         keycloakId = StorageId.keycloakId(model, dataverseUser.getBuiltinUser().getId().toString());
+        this.setSingleAttribute(ATTRIBUTE_NAME_IDP, DataverseUserStorageProviderFactory.PROVIDER_ID);
     }
 
     @Override

conf/keycloak/builtin-users-spi/src/main/java/edu/harvard/iq/keycloak/auth/spi/services/DataverseUserService.java

@@ -27,11 +27,16 @@ public DataverseUser getUserById(String id) {
 
         DataverseBuiltinUser builtinUser = em.find(DataverseBuiltinUser.class, persistenceId);
         if (builtinUser == null) {
-            logger.debugf("User not found for external ID: %s", persistenceId);
+            logger.debugf("Builtin user not found for external ID: %s", persistenceId);
             return null;
         }
 
-        DataverseAuthenticatedUser authenticatedUser = getAuthenticatedUserByUsername(builtinUser.getUsername());
+        String username = builtinUser.getUsername();
+        DataverseAuthenticatedUser authenticatedUser = getAuthenticatedUserByUsername(username);
+        if (authenticatedUser == null) {
+            logger.debugf("Authenticated user not found by username: %s", username);
+            return null;
+        }
 
         return new DataverseUser(authenticatedUser, builtinUser);
     }
@@ -43,11 +48,15 @@ public DataverseUser getUserByUsername(String username) {
                 .getResultList();
 
         if (users.isEmpty()) {
-            logger.debugf("User not found by username: %s", username);
+            logger.debugf("Builtin user not found by username: %s", username);
             return null;
         }
 
         DataverseAuthenticatedUser authenticatedUser = getAuthenticatedUserByUsername(username);
+        if (authenticatedUser == null) {
+            logger.debugf("Authenticated user not found by username: %s", username);
+            return null;
+        }
 
         return new DataverseUser(authenticatedUser, users.get(0));
     }
@@ -59,7 +68,7 @@ public DataverseUser getUserByEmail(String email) {
                 .getResultList();
 
         if (authUsers.isEmpty()) {
-            logger.debugf("User not found by email: %s", email);
+            logger.debugf("Authenticated user not found by email: %s", email);
             return null;
         }
 
@@ -68,6 +77,11 @@ public DataverseUser getUserByEmail(String email) {
                 .setParameter("username", username)
                 .getResultList();
 
+        if (builtinUsers.isEmpty()) {
+            logger.debugf("Builtin user not found by username: %s", username);
+            return null;
+        }
+
         return new DataverseUser(authUsers.get(0), builtinUsers.get(0));
     }
 

conf/keycloak/docker-compose.yml

@@ -3,7 +3,7 @@ version: "3.9"
 services:
 
   keycloak:
-    image: 'quay.io/keycloak/keycloak:26.1.4'
+    image: 'quay.io/keycloak/keycloak:26.3.2'
     command:
       - "start-dev"
       - "--import-realm"

conf/keycloak/run-keycloak.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-DOCKER_IMAGE="quay.io/keycloak/keycloak:26.1.4"
+DOCKER_IMAGE="quay.io/keycloak/keycloak:26.3.2"
 KEYCLOAK_USER="kcadmin"
 KEYCLOAK_PASSWORD="kcpassword"
 KEYCLOAK_PORT=8090