diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java index ad7feec906..0d7c8902e7 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java @@ -173,7 +173,7 @@ public class UsersResource { } } - updateUserFromRep(user, rep, attrsToRemove, realm, session); + updateUserFromRep(user, rep, attrsToRemove, realm, session, true); adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success(); if (session.getTransaction().isActive()) { @@ -212,7 +212,7 @@ public class UsersResource { try { UserModel user = session.users().addUser(realm, rep.getUsername()); Set emptySet = Collections.emptySet(); - updateUserFromRep(user, rep, emptySet, realm, session); + updateUserFromRep(user, rep, emptySet, realm, session, false); adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, user.getId()).representation(rep).success(); @@ -229,7 +229,7 @@ public class UsersResource { } } - public static void updateUserFromRep(UserModel user, UserRepresentation rep, Set attrsToRemove, RealmModel realm, KeycloakSession session) { + public static void updateUserFromRep(UserModel user, UserRepresentation rep, Set attrsToRemove, RealmModel realm, KeycloakSession session, boolean removeMissingRequiredActions) { if (rep.getUsername() != null && realm.isEditUsernameAllowed()) { user.setUsername(rep.getUsername()); } @@ -251,7 +251,7 @@ public class UsersResource { for (String action : allActions) { if (reqActions.contains(action)) { user.addRequiredAction(action); - } else { + } else if (removeMissingRequiredActions) { user.removeRequiredAction(action); } } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/UserTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/UserTest.java index b38b362a14..8919fb2e28 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/UserTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/UserTest.java @@ -42,6 +42,7 @@ import javax.ws.rs.core.UriBuilder; import java.io.IOException; import java.util.ArrayList; +import java.util.Collections; import java.util.LinkedList; import java.util.List; @@ -81,6 +82,7 @@ public class UserTest extends AbstractClientTest { UserRepresentation user = new UserRepresentation(); user.setUsername(username); user.setEmail(email); + user.setRequiredActions(Collections.emptyList()); user.setEnabled(true); Response response = realm.users().create(user); @@ -663,6 +665,27 @@ public class UserTest extends AbstractClientTest { } } + @Test + public void testDefaultRequiredActionAdded() { + // Add UPDATE_PASSWORD as default required action + RequiredActionProviderRepresentation updatePasswordReqAction = realm.flows().getRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString()); + updatePasswordReqAction.setDefaultAction(true); + realm.flows().updateRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString(), updatePasswordReqAction); + + // Create user + String userId = createUser("user1", "user1@localhost"); + + UserRepresentation userRep = realm.users().get(userId).toRepresentation(); + Assert.assertEquals(1, userRep.getRequiredActions().size()); + Assert.assertEquals(UserModel.RequiredAction.UPDATE_PASSWORD.toString(), userRep.getRequiredActions().get(0)); + + // Remove UPDATE_PASSWORD default action + updatePasswordReqAction = realm.flows().getRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString()); + updatePasswordReqAction.setDefaultAction(true); + realm.flows().updateRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString(), updatePasswordReqAction); + } + + private void switchEditUsernameAllowedOn() { RealmRepresentation rep = realm.toRepresentation(); rep.setEditUsernameAllowed(true);