From cbe3c9435abc6e728dadb7e05ddbea7ceb5712fa Mon Sep 17 00:00:00 2001 From: John Gomersall Date: Fri, 20 Dec 2024 17:05:29 +0000 Subject: [PATCH] Sanitise name according to Keycloak regex Signed-off-by: John Gomersall --- scripts/migrate_users_to_keycloak.pl | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/scripts/migrate_users_to_keycloak.pl b/scripts/migrate_users_to_keycloak.pl index 705fb8f75306e..bf5c69166b97b 100755 --- a/scripts/migrate_users_to_keycloak.pl +++ b/scripts/migrate_users_to_keycloak.pl @@ -131,13 +131,17 @@ ($user_file, $anonymize) my $credential = $anonymize ? {} : convert_scrypt_password_to_keycloak_credentials($user_ref->{'encrypted_password'}) // {}; my $userid = $user_ref->{userid}; + my $name = ($anonymize ? $userid : $user_ref->{name}); + # Inverted expression from: https://github.com/keycloak/keycloak/blob/2eae68010877c6807b6a454c2d54e0d1852ed1c0/services/src/main/java/org/keycloak/userprofile/validator/PersonNameProhibitedCharactersValidator.java#L42C63-L42C114 + $name =~ s/[<>&"$%!#?ยง;*~\/\\|^=\[\]{}()\x00-\x1F\x7F]+//g; + my $keycloak_user_ref = { enabled => $JSON::PP::true, username => $userid, credentials => [$credential], attributes => { # Truncate name more than 255 because of UTF-8 encoding. Could do this more precisely... - name => substr(($anonymize ? $userid : $user_ref->{name}), 0, 128), + name => substr($name, 0, 128), locale => $user_ref->{initial_lc}, country => $user_ref->{initial_cc}, registered => 'registered', # The prevents welcome emails from being sent