From f253f906101138768a62e9b2dbfba00cea408efd Mon Sep 17 00:00:00 2001 From: Jon Koops Date: Tue, 17 Sep 2024 08:49:02 +0200 Subject: [PATCH] Do not send attributes when unlocking the user (#32993) Closes #31165 Signed-off-by: Pedro Igor (cherry picked from commit 0410653e71aa474c7e39128ffcc89f54a6e49f21) Co-authored-by: Pedro Igor --- js/apps/admin-ui/src/user/EditUser.tsx | 1 + js/apps/admin-ui/src/user/UserForm.tsx | 10 ++++++---- .../services/resources/admin/UserResource.java | 12 +++++++++--- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/js/apps/admin-ui/src/user/EditUser.tsx b/js/apps/admin-ui/src/user/EditUser.tsx index 560d016aaca..6f4732b0819 100644 --- a/js/apps/admin-ui/src/user/EditUser.tsx +++ b/js/apps/admin-ui/src/user/EditUser.tsx @@ -318,6 +318,7 @@ export default function EditUser() { user={user} bruteForce={bruteForced} userProfileMetadata={userProfileMetadata} + refresh={refresh} save={save} /> diff --git a/js/apps/admin-ui/src/user/UserForm.tsx b/js/apps/admin-ui/src/user/UserForm.tsx index 3a60abf4e1e..ea45ee191d8 100644 --- a/js/apps/admin-ui/src/user/UserForm.tsx +++ b/js/apps/admin-ui/src/user/UserForm.tsx @@ -53,6 +53,7 @@ export type UserFormProps = { bruteForce?: BruteForced; userProfileMetadata?: UserProfileMetadata; save: (user: UserFormFields) => void; + refresh?: () => void; onGroupsUpdate?: (groups: GroupRepresentation[]) => void; }; @@ -66,6 +67,7 @@ export const UserForm = ({ }, userProfileMetadata, save, + refresh, onGroupsUpdate, }: UserFormProps) => { const { adminClient } = useAdminClient(); @@ -95,8 +97,11 @@ export const UserForm = ({ const unLockUser = async () => { try { - await adminClient.attackDetection.del({ id: user!.id! }); + await adminClient.users.update({ id: user!.id! }, { enabled: true }); addAlert(t("unlockSuccess"), AlertVariant.success); + if (refresh) { + refresh(); + } } catch (error) { addError("unlockError", error); } @@ -272,9 +277,6 @@ export const UserForm = ({ onChange={(_event, value) => { unLockUser(); setLocked(value); - save({ - enabled: !value, - }); }} isChecked={locked} isDisabled={!locked} diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java index b447ad02cc0..aa594e08f0d 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java @@ -184,9 +184,15 @@ public class UserResource { boolean wasPermanentlyLockedOut = false; if (rep.isEnabled() != null && rep.isEnabled()) { - UserLoginFailureModel failureModel = session.loginFailures().getUserLoginFailure(realm, user.getId()); - if (failureModel != null) { - failureModel.clearFailures(); + if (!user.isEnabled() || session.getProvider(BruteForceProtector.class).isTemporarilyDisabled(session, realm, user)) { + UserLoginFailureModel failureModel = session.loginFailures().getUserLoginFailure(realm, user.getId()); + if (failureModel != null) { + session.loginFailures().removeUserLoginFailure(realm, user.getId()); + adminEvent.clone(session).resource(ResourceType.USER_LOGIN_FAILURE) + .resourcePath(session.getContext().getUri()) + .operation(OperationType.DELETE) + .success(); + } } wasPermanentlyLockedOut = session.getProvider(BruteForceProtector.class).isPermanentlyLockedOut(session, realm, user); }