Do not send attributes when unlocking the user

Closes #31165

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
This commit is contained in:
Pedro Igor 2024-07-10 18:24:35 -03:00 committed by Marek Posolda
parent 096e335a92
commit 0410653e71
3 changed files with 16 additions and 7 deletions

View file

@ -318,6 +318,7 @@ export default function EditUser() {
user={user}
bruteForce={bruteForced}
userProfileMetadata={userProfileMetadata}
refresh={refresh}
save={save}
/>
</PageSection>

View file

@ -52,6 +52,7 @@ export type UserFormProps = {
bruteForce?: BruteForced;
userProfileMetadata?: UserProfileMetadata;
save: (user: UserFormFields) => void;
refresh?: () => void;
onGroupsUpdate?: (groups: GroupRepresentation[]) => void;
};
@ -65,6 +66,7 @@ export const UserForm = ({
},
userProfileMetadata,
save,
refresh,
onGroupsUpdate,
}: UserFormProps) => {
const { adminClient } = useAdminClient();
@ -94,8 +96,11 @@ export const UserForm = ({
const unLockUser = async () => {
try {
await adminClient.attackDetection.del({ id: user!.id! });
await adminClient.users.update({ id: user!.id! }, { enabled: true });
addAlert(t("unlockSuccess"), AlertVariant.success);
if (refresh) {
refresh();
}
} catch (error) {
addError("unlockError", error);
}
@ -279,9 +284,6 @@ export const UserForm = ({
onChange={(_event, value) => {
unLockUser();
setLocked(value);
save({
enabled: !value,
});
}}
isChecked={locked}
isDisabled={!locked}

View file

@ -186,9 +186,15 @@ public class UserResource {
boolean wasPermanentlyLockedOut = false;
if (rep.isEnabled() != null && rep.isEnabled()) {
if (!user.isEnabled() || session.getProvider(BruteForceProtector.class).isTemporarilyDisabled(session, realm, user)) {
UserLoginFailureModel failureModel = session.loginFailures().getUserLoginFailure(realm, user.getId());
if (failureModel != null) {
failureModel.clearFailures();
session.loginFailures().removeUserLoginFailure(realm, user.getId());
adminEvent.clone(session).resource(ResourceType.USER_LOGIN_FAILURE)
.resourcePath(session.getContext().getUri())
.operation(OperationType.DELETE)
.success();
}
}
wasPermanentlyLockedOut = session.getProvider(BruteForceProtector.class).isPermanentlyLockedOut(session, realm, user);
}