External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity

Make sure unmanaged attributes are populated before updating username when in update email context

Browse Source 
Closes #34930

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
This commit is contained in:
Pedro Igor 2024-11-22 08:18:17 -03:00 committed by GitHub
parent 9768b9ce74
commit 3a9cc8e3bd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 48 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
services/src/main/java/org/keycloak/userprofile/DeclarativeUserProfileProviderFactory.java
View File

@ -232,7 +232,7 @@ public class DeclarativeUserProfileProviderFactory implements UserProfileProvide
addContextualProfileMetadata(configureUserProfile(createAccountProfile(ACCOUNT, readOnlyValidator)));
addContextualProfileMetadata(configureUserProfile(createDefaultProfile(UPDATE_PROFILE, readOnlyValidator)));
if (Profile.isFeatureEnabled(Profile.Feature.UPDATE_EMAIL)) {
addContextualProfileMetadata(configureUserProfile(createUpdateEmailProfile(UPDATE_EMAIL, readOnlyValidator)));
addContextualProfileMetadata(configureUserProfile(createDefaultProfile(UPDATE_EMAIL, readOnlyValidator)));
}
addContextualProfileMetadata(configureUserProfile(createRegistrationUserCreationProfile(readOnlyValidator)));
addContextualProfileMetadata(configureUserProfile(createUserResourceValidation(config)));
@ -424,31 +424,6 @@ public class DeclarativeUserProfileProviderFactory implements UserProfileProvide
return metadata;
}
private UserProfileMetadata createUpdateEmailProfile(UserProfileContext context, AttributeValidatorMetadata readOnlyValidator) {
UserProfileMetadata metadata = new UserProfileMetadata(context);
metadata.addAttribute(UserModel.EMAIL, -1,
DeclarativeUserProfileProviderFactory::editEmailCondition,
DeclarativeUserProfileProviderFactory::readEmailCondition,
new AttributeValidatorMetadata(BlankAttributeValidator.ID, BlankAttributeValidator.createConfig(Messages.MISSING_EMAIL, false)),
new AttributeValidatorMetadata(DuplicateEmailValidator.ID),
new AttributeValidatorMetadata(EmailExistsAsUsernameValidator.ID),
new AttributeValidatorMetadata(EmailValidator.ID, ValidatorConfig.builder().config(EmailValidator.IGNORE_EMPTY_VALUE, true).build()))
.setAttributeDisplayName("${email}");
List<AttributeValidatorMetadata> readonlyValidators = new ArrayList<>();
readonlyValidators.add(createReadOnlyAttributeUnchangedValidator(readOnlyAttributesPattern));
if (readOnlyValidator != null) {
readonlyValidators.add(readOnlyValidator);
}
metadata.addAttribute(READ_ONLY_ATTRIBUTE_KEY, 1000, readonlyValidators);
return metadata;
}
private UserProfileMetadata createUserResourceValidation(Config.Scope config) {
Pattern p = getRegexPatternString(config.getArray(CONFIG_ADMIN_READ_ONLY_ATTRIBUTES));
UserProfileMetadata metadata = new UserProfileMetadata(USER_API);

48
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/user/profile/UserProfileTest.java
View File

@ -2271,7 +2271,53 @@ public class UserProfileTest extends AbstractUserProfileTest {
assertTrue(ve.isAttributeOnError(UserModel.EMAIL));
assertTrue(ve.hasError(LengthValidator.MESSAGE_INVALID_LENGTH));
}
}
RealmModel realm = session.getContext().getRealm();
try {
upConfig = UPConfigUtils.parseSystemDefaultConfig();
upConfig.setUnmanagedAttributePolicy(UnmanagedAttributePolicy.ENABLED);
provider.setConfiguration(upConfig);
realm.setRegistrationEmailAsUsername(true);
attributes.put(UserModel.EMAIL, "new@email.com");
profile = provider.create(UserProfileContext.UPDATE_EMAIL, attributes, user);
profile.update();
assertEquals(attributes.get(UserModel.EMAIL), profile.getAttributes().getFirst(UserModel.EMAIL));
assertEquals(attributes.get(UserModel.EMAIL), profile.getAttributes().getFirst(UserModel.USERNAME));
} finally {
realm.setRegistrationEmailAsUsername(false);
}
try {
realm.setEditUsernameAllowed(false);
attributes.put(UserModel.EMAIL, "other@email.com");
profile = provider.create(UserProfileContext.UPDATE_EMAIL, attributes, user);
profile.update();
assertEquals(attributes.get(UserModel.EMAIL), profile.getAttributes().getFirst(UserModel.EMAIL));
assertEquals("new@email.com", profile.getAttributes().getFirst(UserModel.USERNAME));
} catch (ValidationException ve) {
assertTrue(ve.isAttributeOnError(UserModel.USERNAME));
assertTrue(ve.hasError(Messages.READ_ONLY_USERNAME));
} finally {
realm.setEditUsernameAllowed(true);
}
try {
upConfig = UPConfigUtils.parseSystemDefaultConfig();
upConfig.setUnmanagedAttributePolicy(UnmanagedAttributePolicy.ENABLED);
provider.setConfiguration(upConfig);
realm.setEditUsernameAllowed(false);
realm.setRegistrationEmailAsUsername(true);
attributes.put(UserModel.EMAIL, "other@email.com");
profile = provider.create(UserProfileContext.UPDATE_EMAIL, attributes, user);
profile.update();
assertEquals(attributes.get(UserModel.EMAIL), profile.getAttributes().getFirst(UserModel.EMAIL));
assertEquals(attributes.get(UserModel.EMAIL), profile.getAttributes().getFirst(UserModel.USERNAME));
} finally {
realm.setEditUsernameAllowed(true);
realm.setRegistrationEmailAsUsername(false);
}
}
@Test
public void testMultivalued() {