KEYCLOAK-2557

Cannot login with email if another user is using this email as username

server-spi/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java

@@ -254,18 +254,21 @@ public final class KeycloakModelUtils {
     }
 
     /**
-     * Try to find user by given username. If it fails, then fallback to find him by email
+     * Try to find user by username or email
      *
      * @param realm    realm
      * @param username username or email of user
      * @return found user
      */
     public static UserModel findUserByNameOrEmail(KeycloakSession session, RealmModel realm, String username) {
-        UserModel user = session.users().getUserByUsername(username, realm);
+        if (username.indexOf('@') != -1) {
-        if (user == null && username.contains("@")) {
+            UserModel user = session.users().getUserByEmail(username, realm);
-            user = session.users().getUserByEmail(username, realm);
+            if (user != null) {
+                return user;
+            }
         }
-        return user;
+
+        return session.users().getUserByUsername(username, realm);
     }
 
     /**

testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java

@@ -25,6 +25,7 @@ import org.keycloak.events.Details;
 import org.keycloak.events.Event;
 import org.keycloak.events.EventType;
 import org.keycloak.models.BrowserSecurityHeaders;
+import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.PasswordPolicy;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserCredentialModel;
@@ -64,17 +65,13 @@ public class LoginTest {
 
         @Override
         public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
-            UserCredentialModel creds = new UserCredentialModel();
-            creds.setType(CredentialRepresentation.PASSWORD);
-            creds.setValue("password");
-
             UserModel user = manager.getSession().users().addUser(appRealm, "login-test");
             user.setEmail("login@test.com");
             user.setEnabled(true);
 
             userId = user.getId();
 
-            user.updateCredential(creds);
+            user.updateCredential(UserCredentialModel.password("password"));
 
             UserModel user2 = manager.getSession().users().addUser(appRealm, "login-test2");
             user2.setEmail("login2@test.com");
@@ -82,7 +79,7 @@ public class LoginTest {
 
             user2Id = user2.getId();
 
-            user2.updateCredential(creds);
+            user2.updateCredential(UserCredentialModel.password("password"));
         }
     });
 
@@ -303,11 +300,31 @@ public class LoginTest {
                 .assertEvent();
     }
 
+    @Test
+    // KEYCLOAK-2557
+    public void loginUserWithEmailAsUsername() {
+        KeycloakSession session = keycloakRule.startSession();
+
+        UserModel user = session.users().addUser(session.realms().getRealmByName("test"), "login@test.com");
+        user.setEnabled(true);
+        user.updateCredential(UserCredentialModel.password("password"));
+
+        keycloakRule.stopSession(session, true);
+
+        loginPage.open();
+        loginPage.login("login@test.com", "password");
+        
+        Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
+        Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
+
+        events.expectLogin().user(userId).detail(Details.USERNAME, "login@test.com").assertEvent();
+    }
+
     @Test
     public void loginSuccess() {
         loginPage.open();
         loginPage.login("login-test", "password");
-        
+
         Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
         Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));