KEYCLOAK-1411

DefaultCacheUserProvider addUser returns UserModel instance which is not cached/managed by the cache

model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/DefaultCacheUserProvider.java

@@ -31,9 +31,9 @@ public class DefaultCacheUserProvider implements CacheUserProvider {
     protected boolean transactionActive;
     protected boolean setRollbackOnly;
 
-    protected Map<String, String> userInvalidations = new HashMap<String, String>();
+    protected Map<String, String> userInvalidations = new HashMap<>();
-    protected Set<String> realmInvalidations = new HashSet<String>();
+    protected Set<String> realmInvalidations = new HashSet<>();
-    protected Map<String, UserModel> managedUsers = new HashMap<String, UserModel>();
+    protected Map<String, UserModel> managedUsers = new HashMap<>();
 
     protected boolean clearAll;
 
@@ -131,6 +131,7 @@ public class DefaultCacheUserProvider implements CacheUserProvider {
         if (cached == null) {
             UserModel model = getDelegate().getUserById(id, realm);
             if (model == null) return null;
+            if (managedUsers.containsKey(id)) return managedUsers.get(id);
             if (userInvalidations.containsKey(id)) return model;
             cached = new CachedUser(realm, model);
             cache.addCachedUser(realm.getId(), cached);
@@ -155,6 +156,7 @@ public class DefaultCacheUserProvider implements CacheUserProvider {
         if (cached == null) {
             UserModel model = getDelegate().getUserByUsername(username, realm);
             if (model == null) return null;
+            if (managedUsers.containsKey(model.getId())) return managedUsers.get(model.getId());
             if (userInvalidations.containsKey(model.getId())) return model;
             cached = new CachedUser(realm, model);
             cache.addCachedUser(realm.getId(), cached);
@@ -181,6 +183,7 @@ public class DefaultCacheUserProvider implements CacheUserProvider {
         if (cached == null) {
             UserModel model = getDelegate().getUserByEmail(email, realm);
             if (model == null) return null;
+            if (managedUsers.containsKey(model.getId())) return managedUsers.get(model.getId());
             if (userInvalidations.containsKey(model.getId())) return model;
             cached = new CachedUser(realm, model);
             cache.addCachedUser(realm.getId(), cached);
@@ -251,12 +254,16 @@ public class DefaultCacheUserProvider implements CacheUserProvider {
 
     @Override
     public UserModel addUser(RealmModel realm, String id, String username, boolean addDefaultRoles) {
-        return getDelegate().addUser(realm, id, username, addDefaultRoles);
+        UserModel user = getDelegate().addUser(realm, id, username, addDefaultRoles);
+        managedUsers.put(user.getId(), user);
+        return user;
     }
 
     @Override
     public UserModel addUser(RealmModel realm, String username) {
-        return getDelegate().addUser(realm, username);
+        UserModel user = getDelegate().addUser(realm, username);
+        managedUsers.put(user.getId(), user);
+        return user;
     }
 
     @Override

testsuite/integration/src/test/java/org/keycloak/testsuite/model/CacheTest.java

@@ -5,11 +5,11 @@ import java.util.List;
 import org.junit.Assert;
 import org.junit.ClassRule;
 import org.junit.Test;
-import org.keycloak.models.ClientModel;
+import org.keycloak.models.*;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.RealmModel;
 import org.keycloak.testsuite.rule.KeycloakRule;
 
+import static org.junit.Assert.assertNotNull;
+
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
  * @version $Revision: 1 $
@@ -26,7 +26,7 @@ public class CacheTest {
             KeycloakSession session = kc.startSession();
             RealmModel realm = session.realms().getRealmByName("test");
             ClientModel testApp = realm.getClientByClientId("test-app");
-            Assert.assertNotNull(testApp);
+            assertNotNull(testApp);
             appId = testApp.getId();
             Assert.assertTrue(testApp.isEnabled());
             kc.stopSession(session, true);
@@ -48,7 +48,7 @@ public class CacheTest {
             Assert.assertTrue(realm instanceof org.keycloak.models.cache.RealmAdapter);
             realm.setAccessCodeLifespanLogin(200);
             ClientModel testApp = realm.getClientByClientId("test-app");
-            Assert.assertNotNull(testApp);
+            assertNotNull(testApp);
             testApp.setEnabled(false);
             kc.stopSession(session, true);
         }
@@ -65,4 +65,27 @@ public class CacheTest {
 
 
     }
+
+    @Test
+    public void testAddUserNotAddedToCache() {
+        KeycloakSession session = kc.startSession();
+        try {
+            RealmModel realm = session.realms().getRealmByName("test");
+
+            UserModel user = session.users().addUser(realm, "testAddUserNotAddedToCache");
+            user.setFirstName("firstName");
+            user.addRequiredAction(UserModel.RequiredAction.CONFIGURE_TOTP);
+
+            UserSessionModel userSession = session.sessions().createUserSession(realm, user, "testAddUserNotAddedToCache", "127.0.0.1", "auth", false, null, null);
+            UserModel user2 = userSession.getUser();
+
+            user.setLastName("lastName");
+
+            assertNotNull(user2.getLastName());
+        } finally {
+            session.getTransaction().commit();
+            session.close();
+        }
+    }
+
 }