Ensure events are fully filled before success is called

Closes #42914

Signed-off-by: rmartinc <rmartinc@redhat.com>

services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java

@@ -1069,8 +1069,9 @@ public class AuthenticationManager {
 
         event.event(EventType.LOGIN);
         event.session(userSession);
+        Response response = redirectAfterSuccessfulFlow(session, realm, userSession, clientSessionCtx, request, uriInfo, clientConnection, event, authSession);
         event.success();
-        return redirectAfterSuccessfulFlow(session, realm, userSession, clientSessionCtx, request, uriInfo, clientConnection, event, authSession);
+        return response;
     }
 
     // Return null if action is not required. Or the alias of the requiredAction in case it is required.

services/src/main/java/org/keycloak/services/resources/LoginActionsService.java

@@ -929,8 +929,6 @@ public class LoginActionsService {
                 .detail(Details.IDENTITY_PROVIDER_USERNAME, brokerContext.getUsername())
                 .detail(Details.IDENTITY_PROVIDER_BROKER_SESSION_ID, brokerContext.getBrokerSessionId());
 
-        event.success();
-
         AuthenticationProcessor processor = new AuthenticationProcessor() {
 
             @Override
@@ -967,7 +965,10 @@ public class LoginActionsService {
 
         configureOrganization(brokerContext);
 
-        return processFlow(checks.isActionRequest(), execution, authSession, flowPath, brokerLoginFlow, null, processor);
+        Response response = processFlow(checks.isActionRequest(), execution, authSession, flowPath, brokerLoginFlow, null, processor);
+        event.success();
+
+        return response;
     }
 
     private void configureOrganization(BrokeredIdentityContext brokerContext) {

testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/events/TestEventsListenerProvider.java

@@ -41,12 +41,12 @@ public class TestEventsListenerProvider implements EventListenerProvider {
 
     @Override
     public void onEvent(Event event) {
-        tx.addEvent(event);
+        tx.addEvent(event.clone());
     }
 
     @Override
     public void onEvent(AdminEvent event, boolean includeRepresentation) {
-        tx.addAdminEvent(event, includeRepresentation);
+        tx.addAdminEvent(new AdminEvent(event), includeRepresentation);
     }
 
     @Override

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractFirstBrokerLoginTest.java

@@ -1362,11 +1362,6 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
                 .detail(Details.IDENTITY_PROVIDER_USERNAME, "no-first-name")
                 .assertEvent(getFirstConsumerEvent());
 
-        events.expectAccount(EventType.UPDATE_PROFILE).client("broker-app")
-                .realm(consumerRealmRep).user((String)null)
-                .detail(Details.CONTEXT, UserProfileContext.IDP_REVIEW.name())
-                .assertEvent(getFirstConsumerEvent());
-
         events.expectAccount(EventType.UPDATE_EMAIL).client("broker-app")
                 .realm(consumerRealmRep).user((String)null).session((String) null)
             .detail(Details.CONTEXT, UserProfileContext.IDP_REVIEW.name())
@@ -1375,6 +1370,11 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
             .detail(Details.UPDATED_EMAIL, "new-email@localhost.com")
             .assertEvent(getFirstConsumerEvent());
 
+        events.expectAccount(EventType.UPDATE_PROFILE).client("broker-app")
+                .realm(consumerRealmRep).user((String)null)
+                .detail(Details.CONTEXT, UserProfileContext.IDP_REVIEW.name())
+                .assertEvent(getFirstConsumerEvent());
+
         events.expectAccount(EventType.REGISTER).client("broker-app")
                 .realm(consumerRealmRep).user(Matchers.any(String.class)).session((String) null)
             .detail(Details.IDENTITY_PROVIDER_USERNAME, "no-first-name")

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java

@@ -707,7 +707,7 @@ public class BruteForceTest extends AbstractChangeImportedUserPasswordsTest {
         continueLoginWithInvalidTotp();
         events.clear();
         continueLoginWithInvalidTotp();
-        assertUserDisabledEvent(Errors.INVALID_AUTHENTICATION_SESSION);
+        assertUserDisabledEvent(Errors.USER_TEMPORARILY_DISABLED);
     }
 
     private void checkEmailPresent(String subject) {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/MultipleTabsLoginTest.java

@@ -814,6 +814,11 @@ public class MultipleTabsLoginTest extends AbstractChangeImportedUserPasswordsTe
             loginPage.login("login-test", getPassword("login-test"));
 
             //assert cookie not found
+            events.expect(EventType.LOGIN_ERROR)
+                    .user(new UserRepresentation())
+                    .error(Errors.INVALID_CODE)
+                    .assertEvent();
+
             events.expect(EventType.LOGIN_ERROR)
                     .user(new UserRepresentation())
                     .error(Errors.COOKIE_NOT_FOUND)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RPInitiatedLogoutTest.java

@@ -986,7 +986,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
         errorPage.assertCurrent();
         Assert.assertEquals("Logout failed", errorPage.getError());
 
-        events.expectLogoutError(Errors.LOGOUT_FAILED).assertEvent();
+        events.expectLogoutError(Errors.SESSION_EXPIRED).assertEvent();
     }
 
     @Test