Do not send attributes when unlocking the user

Closes #31165 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-10 18:24:35 -03:00 · 2024-07-10 18:24:35 -03:00 · 0410653e71
commit 0410653e71
parent 096e335a92
3 changed files with 16 additions and 7 deletions
--- a/js/apps/admin-ui/src/user/EditUser.tsx
+++ b/js/apps/admin-ui/src/user/EditUser.tsx
@ -318,6 +318,7 @@ export default function EditUser() {
                    user={user}
                    bruteForce={bruteForced}
                    userProfileMetadata={userProfileMetadata}
+                    refresh={refresh}
                    save={save}
                  />
                </PageSection>
--- a/js/apps/admin-ui/src/user/UserForm.tsx
+++ b/js/apps/admin-ui/src/user/UserForm.tsx
@ -52,6 +52,7 @@ export type UserFormProps = {
  bruteForce?: BruteForced;
  userProfileMetadata?: UserProfileMetadata;
  save: (user: UserFormFields) => void;
+  refresh?: () => void;
  onGroupsUpdate?: (groups: GroupRepresentation[]) => void;
 };

@ -65,6 +66,7 @@ export const UserForm = ({
  },
  userProfileMetadata,
  save,
+  refresh,
  onGroupsUpdate,
 }: UserFormProps) => {
  const { adminClient } = useAdminClient();
@ -94,8 +96,11 @@ export const UserForm = ({

  const unLockUser = async () => {
    try {
-      await adminClient.attackDetection.del({ id: user!.id! });
+      await adminClient.users.update({ id: user!.id! }, { enabled: true });
      addAlert(t("unlockSuccess"), AlertVariant.success);
+      if (refresh) {
+        refresh();
+      }
    } catch (error) {
      addError("unlockError", error);
    }
@ -279,9 +284,6 @@ export const UserForm = ({
              onChange={(_event, value) => {
                unLockUser();
                setLocked(value);
-                save({
-                  enabled: !value,
-                });
              }}
              isChecked={locked}
              isDisabled={!locked}
--- a/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java
@ -186,9 +186,15 @@ public class UserResource {

            boolean wasPermanentlyLockedOut = false;
            if (rep.isEnabled() != null && rep.isEnabled()) {
-                UserLoginFailureModel failureModel = session.loginFailures().getUserLoginFailure(realm, user.getId());
-                if (failureModel != null) {
-                    failureModel.clearFailures();
+                if (!user.isEnabled() || session.getProvider(BruteForceProtector.class).isTemporarilyDisabled(session, realm, user)) {
+                    UserLoginFailureModel failureModel = session.loginFailures().getUserLoginFailure(realm, user.getId());
+                    if (failureModel != null) {
+                        session.loginFailures().removeUserLoginFailure(realm, user.getId());
+                        adminEvent.clone(session).resource(ResourceType.USER_LOGIN_FAILURE)
+                                .resourcePath(session.getContext().getUri())
+                                .operation(OperationType.DELETE)
+                                .success();
+                    }
                }
                wasPermanentlyLockedOut = session.getProvider(BruteForceProtector.class).isPermanentlyLockedOut(session, realm, user);
            }