keycloakify 11.9.12 → 11.9.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -145,19 +145,96 @@ function decodeHtmlEntities(htmlStr){
|
|
|
145
145
|
<#return "ABORT: Can't evaluate if " + path?join(".") + " is a hash">
|
|
146
146
|
</#attempt>
|
|
147
147
|
|
|
148
|
+
<#local outSeq = []>
|
|
149
|
+
|
|
148
150
|
<#if isHash>
|
|
149
151
|
<#if path?size gt 10>
|
|
150
152
|
<#return "ABORT: Too many recursive calls, path: " + path?join(".")>
|
|
151
153
|
</#if>
|
|
152
|
-
<#local keys = -1>
|
|
153
154
|
|
|
155
|
+
<#local keys = -1>
|
|
154
156
|
<#attempt>
|
|
155
157
|
<#local keys = object?keys>
|
|
156
158
|
<#recover>
|
|
157
159
|
<#return "ABORT: We can't list keys on object">
|
|
158
160
|
</#attempt>
|
|
159
161
|
|
|
160
|
-
<#
|
|
162
|
+
<#list [1] as _>
|
|
163
|
+
<#if !keys?seq_contains("toString")>
|
|
164
|
+
<#break>
|
|
165
|
+
</#if>
|
|
166
|
+
|
|
167
|
+
<#local stringified = "">
|
|
168
|
+
<#attempt>
|
|
169
|
+
<#local stringified = object?string>
|
|
170
|
+
<#recover>
|
|
171
|
+
<#break>
|
|
172
|
+
</#attempt>
|
|
173
|
+
|
|
174
|
+
<#local stringified = stringified?trim>
|
|
175
|
+
|
|
176
|
+
<#if !stringified?matches(".*@\\s*[0-9a-fA-F]+$")>
|
|
177
|
+
<#break>
|
|
178
|
+
</#if>
|
|
179
|
+
|
|
180
|
+
<#local abort = "ABORT: should not be exposed">
|
|
181
|
+
|
|
182
|
+
<#if stringified?starts_with("java.util.stream.")>
|
|
183
|
+
<#return abort>
|
|
184
|
+
</#if>
|
|
185
|
+
|
|
186
|
+
<#if stringified?starts_with("org.keycloak.")>
|
|
187
|
+
<#list ["models", "services", "authentication", "quarkus.runtime", "transaction", "connections", "utils.ClosingStream"] as namespacePortion>
|
|
188
|
+
<#if stringified?starts_with("org.keycloak." + namespacePortion)>
|
|
189
|
+
<#return abort>
|
|
190
|
+
</#if>
|
|
191
|
+
</#list>
|
|
192
|
+
</#if>
|
|
193
|
+
|
|
194
|
+
<#if stringified?matches("^session\\s*@\\s*[0-9a-fA-F]+$")>
|
|
195
|
+
<#return abort>
|
|
196
|
+
</#if>
|
|
197
|
+
|
|
198
|
+
<#-- Catch realm internal representation -->
|
|
199
|
+
<#list [1] as __>
|
|
200
|
+
|
|
201
|
+
<#if !stringified?matches("^[0-9a-fA-F\\-]{36}@[0-9a-f]+$")>
|
|
202
|
+
<#break>
|
|
203
|
+
</#if>
|
|
204
|
+
|
|
205
|
+
<#if !keys?seq_contains("id") >
|
|
206
|
+
<#break>
|
|
207
|
+
</#if>
|
|
208
|
+
|
|
209
|
+
<#local realmId = "">
|
|
210
|
+
<#attempt>
|
|
211
|
+
<#local realmId = object["id"]>
|
|
212
|
+
<#recover>
|
|
213
|
+
<#break>
|
|
214
|
+
</#attempt>
|
|
215
|
+
|
|
216
|
+
<#local isString = -1>
|
|
217
|
+
<#attempt>
|
|
218
|
+
<#local isString = realmId?is_string>
|
|
219
|
+
<#recover>
|
|
220
|
+
<#break>
|
|
221
|
+
</#attempt>
|
|
222
|
+
|
|
223
|
+
<#if !isString >
|
|
224
|
+
<#break>
|
|
225
|
+
</#if>
|
|
226
|
+
|
|
227
|
+
<#if !stringified?starts_with(realmId + "@")>
|
|
228
|
+
<#break>
|
|
229
|
+
</#if>
|
|
230
|
+
|
|
231
|
+
<#return abort>
|
|
232
|
+
|
|
233
|
+
</#list>
|
|
234
|
+
|
|
235
|
+
<#local outSeq += ["/* class: " + stringified?replace("@\\s*[0-9a-fA-F]+$", "") + "*/"]>
|
|
236
|
+
|
|
237
|
+
</#list>
|
|
161
238
|
|
|
162
239
|
<#list keys as key>
|
|
163
240
|
<#if ["class","declaredConstructors","superclass","declaringClass" ]?seq_contains(key) >
|
|
@@ -200,6 +277,8 @@ function decodeHtmlEntities(htmlStr){
|
|
|
200
277
|
areSamePath(path, ["realm"]) &&
|
|
201
278
|
!["name", "displayName", "displayNameHtml", "internationalizationEnabled", "registrationEmailAsUsername" ]?seq_contains(key)
|
|
202
279
|
) || (
|
|
280
|
+
<#-- NOTE: Should not be necessary anymore since we introduced
|
|
281
|
+
the mechanism to exclude Keycloak's internal -->
|
|
203
282
|
<#-- Fix for StackOverflowError on terms.ftl with incomplete user profiles (e.g., X/Twitter IdP) -->
|
|
204
283
|
<#-- These properties create circular references: realm->masterAdminClient->realm, etc. -->
|
|
205
284
|
<#-- See: https://github.com/keycloakify/keycloakify/issues/658 -->
|
|
@@ -274,6 +353,8 @@ function decodeHtmlEntities(htmlStr){
|
|
|
274
353
|
"userManagedAccessAllowed"
|
|
275
354
|
]?seq_contains(key)
|
|
276
355
|
) || (
|
|
356
|
+
<#-- NOTE: Should not be necessary anymore since we introduced
|
|
357
|
+
the mechanism to exclude Keycloak's internal -->
|
|
277
358
|
["flowContext", "session", "realm"]?seq_contains(key) &&
|
|
278
359
|
areSamePath(path, ["social"])
|
|
279
360
|
)
|