Do not send attributes when unlocking the user (#32993)

Closes #31165 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> (cherry picked from commit 0410653e71aa474c7e39128ffcc89f54a6e49f21) Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2026-01-09 23:12:06 -03:30 · 2024-09-17 08:49:02 +02:00 · 2024-09-17 08:49:02 +02:00 · f253f90610
commit f253f90610
parent 9b1df077a0
3 changed files with 16 additions and 7 deletions
--- a/js/apps/admin-ui/src/user/EditUser.tsx
+++ b/js/apps/admin-ui/src/user/EditUser.tsx
@ -318,6 +318,7 @@ export default function EditUser() {
                    user={user}
                    bruteForce={bruteForced}
                    userProfileMetadata={userProfileMetadata}
+                    refresh={refresh}
                    save={save}
                  />
                </PageSection>
--- a/js/apps/admin-ui/src/user/UserForm.tsx
+++ b/js/apps/admin-ui/src/user/UserForm.tsx
@ -53,6 +53,7 @@ export type UserFormProps = {
  bruteForce?: BruteForced;
  userProfileMetadata?: UserProfileMetadata;
  save: (user: UserFormFields) => void;
+  refresh?: () => void;
  onGroupsUpdate?: (groups: GroupRepresentation[]) => void;
 };

@ -66,6 +67,7 @@ export const UserForm = ({
  },
  userProfileMetadata,
  save,
+  refresh,
  onGroupsUpdate,
 }: UserFormProps) => {
  const { adminClient } = useAdminClient();
@ -95,8 +97,11 @@ export const UserForm = ({

  const unLockUser = async () => {
    try {
-      await adminClient.attackDetection.del({ id: user!.id! });
+      await adminClient.users.update({ id: user!.id! }, { enabled: true });
      addAlert(t("unlockSuccess"), AlertVariant.success);
+      if (refresh) {
+        refresh();
+      }
    } catch (error) {
      addError("unlockError", error);
    }
@ -272,9 +277,6 @@ export const UserForm = ({
              onChange={(_event, value) => {
                unLockUser();
                setLocked(value);
-                save({
-                  enabled: !value,
-                });
              }}
              isChecked={locked}
              isDisabled={!locked}
--- a/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java
@ -184,9 +184,15 @@ public class UserResource {

            boolean wasPermanentlyLockedOut = false;
            if (rep.isEnabled() != null && rep.isEnabled()) {
-                UserLoginFailureModel failureModel = session.loginFailures().getUserLoginFailure(realm, user.getId());
-                if (failureModel != null) {
-                    failureModel.clearFailures();
+                if (!user.isEnabled() || session.getProvider(BruteForceProtector.class).isTemporarilyDisabled(session, realm, user)) {
+                    UserLoginFailureModel failureModel = session.loginFailures().getUserLoginFailure(realm, user.getId());
+                    if (failureModel != null) {
+                        session.loginFailures().removeUserLoginFailure(realm, user.getId());
+                        adminEvent.clone(session).resource(ResourceType.USER_LOGIN_FAILURE)
+                                .resourcePath(session.getContext().getUri())
+                                .operation(OperationType.DELETE)
+                                .success();
+                    }
                }
                wasPermanentlyLockedOut = session.getProvider(BruteForceProtector.class).isPermanentlyLockedOut(session, realm, user);
            }