From 53ee95764e4bbfc0a075d7b91c872590fd376e46 Mon Sep 17 00:00:00 2001 From: Pedro Igor Date: Wed, 4 Jan 2023 19:19:08 -0300 Subject: [PATCH] Do not show username field when updating profile if UPDATE_EMAIL feature is enabled and email as username is enabled Closes #16263 --- .../AbstractUserProfileProvider.java | 12 ++ .../testsuite/pages/VerifyProfilePage.java | 8 ++ .../testsuite/forms/VerifyProfileTest.java | 103 +++++++++++++++++- 3 files changed, 122 insertions(+), 1 deletion(-) diff --git a/services/src/main/java/org/keycloak/userprofile/AbstractUserProfileProvider.java b/services/src/main/java/org/keycloak/userprofile/AbstractUserProfileProvider.java index 56911abb48..88321176ee 100644 --- a/services/src/main/java/org/keycloak/userprofile/AbstractUserProfileProvider.java +++ b/services/src/main/java/org/keycloak/userprofile/AbstractUserProfileProvider.java @@ -79,6 +79,9 @@ public abstract class AbstractUserProfileProvider case ACCOUNT_OLD: case ACCOUNT: case UPDATE_PROFILE: + if (realm.isRegistrationEmailAsUsername()) { + return false; + } return realm.isEditUsernameAllowed(); case UPDATE_EMAIL: return realm.isRegistrationEmailAsUsername(); @@ -99,6 +102,9 @@ public abstract class AbstractUserProfileProvider case IDP_REVIEW: return !realm.isRegistrationEmailAsUsername(); case UPDATE_PROFILE: + if (realm.isRegistrationEmailAsUsername()) { + return false; + } return realm.isEditUsernameAllowed(); case UPDATE_EMAIL: return false; @@ -112,6 +118,12 @@ public abstract class AbstractUserProfileProvider } private static boolean readEmailCondition(AttributeContext c) { + RealmModel realm = c.getSession().getContext().getRealm(); + + if (realm.isRegistrationEmailAsUsername() && !realm.isEditUsernameAllowed()) { + return false; + } + return !Profile.isFeatureEnabled(Profile.Feature.UPDATE_EMAIL) || c.getContext() != UPDATE_PROFILE; } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/VerifyProfilePage.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/VerifyProfilePage.java index b86e31a4e1..e1483ea8e6 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/VerifyProfilePage.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/VerifyProfilePage.java @@ -132,6 +132,14 @@ public class VerifyProfilePage extends AbstractPage { } } + public boolean isEmailPresent() { + try { + return driver.findElement(By.id("email")).isDisplayed(); + } catch (NoSuchElementException nse) { + return false; + } + } + public boolean isUsernameEnabled() { try { return driver.findElement(By.id("username")).isEnabled(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/VerifyProfileTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/VerifyProfileTest.java index 26401474ee..77c97afbfa 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/VerifyProfileTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/VerifyProfileTest.java @@ -272,6 +272,10 @@ public class VerifyProfileTest extends AbstractTestRealmKeycloakTest { + "{\"name\": \"email\", " + VerifyProfileTest.PERMISSIONS_ALL + "}" + "]}"); + RealmRepresentation realm = testRealm().toRepresentation(); + realm.setEditUsernameAllowed(true); + testRealm().update(realm); + loginPage.open(); loginPage.login("login-test5", "password"); @@ -384,6 +388,9 @@ public class VerifyProfileTest extends AbstractTestRealmKeycloakTest { public void testUsernameOnlyIfEditAllowed() { RealmRepresentation realm = testRealm().toRepresentation(); + setUserProfileConfiguration(CONFIGURATION_FOR_USER_EDIT); + updateUser(user5Id, null, "ExistingLast", null); + boolean r = realm.isEditUsernameAllowed(); try { setUserProfileConfiguration(null); @@ -392,9 +399,11 @@ public class VerifyProfileTest extends AbstractTestRealmKeycloakTest { testRealm().update(realm); loginPage.open(); - loginPage.login("login-test", "password"); + loginPage.login("login-test5", "password"); + verifyProfilePage.assertCurrent(); assertFalse(verifyProfilePage.isUsernamePresent()); + assertTrue(verifyProfilePage.isEmailPresent()); realm.setEditUsernameAllowed(true); testRealm().update(realm); @@ -407,6 +416,98 @@ public class VerifyProfileTest extends AbstractTestRealmKeycloakTest { } } + @Test + public void testUsernameOnlyIfEmailAsUsernameIsDisabled() { + RealmRepresentation realm = testRealm().toRepresentation(); + + setUserProfileConfiguration(CONFIGURATION_FOR_USER_EDIT); + updateUser(user5Id, null, "ExistingLast", null); + + try { + setUserProfileConfiguration(null); + + realm.setEditUsernameAllowed(true); + realm.setRegistrationEmailAsUsername(true); + testRealm().update(realm); + + loginPage.open(); + loginPage.login("login-test5", "password"); + + verifyProfilePage.assertCurrent(); + assertFalse(verifyProfilePage.isUsernamePresent()); + assertTrue(verifyProfilePage.isEmailPresent()); + + realm.setEditUsernameAllowed(false); + realm.setRegistrationEmailAsUsername(true); + testRealm().update(realm); + + driver.navigate().refresh(); + verifyProfilePage.assertCurrent(); + assertFalse(verifyProfilePage.isUsernamePresent()); + assertFalse(verifyProfilePage.isEmailPresent()); + + realm.setEditUsernameAllowed(true); + realm.setRegistrationEmailAsUsername(false); + testRealm().update(realm); + + driver.navigate().refresh(); + verifyProfilePage.assertCurrent(); + assertTrue(verifyProfilePage.isUsernamePresent()); + assertTrue(verifyProfilePage.isEmailPresent()); + } finally { + realm.setEditUsernameAllowed(false); + realm.setRegistrationEmailAsUsername(false); + testRealm().update(realm); + } + } + + @Test + @EnableFeature(Profile.Feature.UPDATE_EMAIL) + public void testUsernameOnlyIfEmailAsUsernameIsDisabledWithUpdateEmailFeature() throws Exception { + reconnectAdminClient(); + RealmRepresentation realm = testRealm().toRepresentation(); + + setUserProfileConfiguration(CONFIGURATION_FOR_USER_EDIT); + updateUser(user5Id, null, "ExistingLast", null); + + try { + setUserProfileConfiguration(null); + + realm.setEditUsernameAllowed(true); + realm.setRegistrationEmailAsUsername(true); + testRealm().update(realm); + + loginPage.open(); + loginPage.login("login-test5", "password"); + + verifyProfilePage.assertCurrent(); + assertFalse(verifyProfilePage.isUsernamePresent()); + assertFalse(verifyProfilePage.isEmailPresent()); + + realm.setEditUsernameAllowed(false); + realm.setRegistrationEmailAsUsername(true); + testRealm().update(realm); + + driver.navigate().refresh(); + verifyProfilePage.assertCurrent(); + assertFalse(verifyProfilePage.isUsernamePresent()); + assertFalse(verifyProfilePage.isEmailPresent()); + + realm.setEditUsernameAllowed(true); + realm.setRegistrationEmailAsUsername(false); + testRealm().update(realm); + + driver.navigate().refresh(); + verifyProfilePage.assertCurrent(); + assertTrue(verifyProfilePage.isUsernamePresent()); + assertFalse(verifyProfilePage.isEmailPresent()); + } finally { + realm.setEditUsernameAllowed(false); + realm.setRegistrationEmailAsUsername(false); + testRealm().update(realm); + } + } + @Test public void testOptionalAttribute() { setUserProfileConfiguration("{\"attributes\": ["