Ignore custom attributes when processing attributes in verify profile action

Closes #24077
2023-10-19 17:27:54 -03:00 · 2023-10-19 17:27:54 -03:00 · 55a5a8c0eb
commit 55a5a8c0eb
parent 21b2de4a28
2 changed files with 33 additions and 1 deletions
--- a/services/src/main/java/org/keycloak/forms/login/freemarker/model/AbstractUserProfileBean.java
+++ b/services/src/main/java/org/keycloak/forms/login/freemarker/model/AbstractUserProfileBean.java
@ -3,6 +3,7 @@ package org.keycloak.forms.login.freemarker.model;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;

@ -88,7 +89,12 @@ public abstract class AbstractUserProfileBean {
    private List<Attribute> toAttributes(Map<String, List<String>> attributes, boolean writeableOnly) {
        if(attributes == null)
            return null;
-        return attributes.keySet().stream().map(name -> profile.getAttributes().getMetadata(name)).filter((am) -> writeableOnly ? !profile.getAttributes().isReadOnly(am.getName()) : true).map(Attribute::new).sorted().collect(Collectors.toList());
+        return attributes.keySet().stream().map(name -> profile.getAttributes().getMetadata(name))
+                .filter((am) -> writeableOnly ? !profile.getAttributes().isReadOnly(am.getName()) : true)
+                .filter(Objects::nonNull)
+                .map(Attribute::new)
+                .sorted()
+                .collect(Collectors.toList());
    }

    /**
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/VerifyProfileTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/VerifyProfileTest.java
@ -54,6 +54,7 @@ import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.AppPage.RequestType;
 import org.keycloak.testsuite.pages.LoginPage;
 import org.keycloak.testsuite.pages.VerifyProfilePage;
+import org.keycloak.testsuite.runonserver.RunOnServer;
 import org.keycloak.testsuite.util.ClientScopeBuilder;
 import org.keycloak.testsuite.util.KeycloakModelUtils;
 import org.keycloak.testsuite.util.OAuthClient;
@ -383,6 +384,31 @@ public class VerifyProfileTest extends AbstractTestRealmKeycloakTest {
        assertEquals("Last", user.getLastName());
    }

+    @Test
+    public void testIgnoreCustomAttributeWhenUserProfileIsDisabled() {
+        try {
+            disableDynamicUserProfile(testRealm());
+            testingClient.server(TEST_REALM_NAME).run(setEmptyFirstNameAndCustomAttribute());
+            testDefaultProfile();
+        } finally {
+            RealmRepresentation realm = testRealm().toRepresentation();
+            enableDynamicUserProfile(realm);
+            testRealm().update(realm);
+        }
+    }
+
+    private static RunOnServer setEmptyFirstNameAndCustomAttribute() {
+        return session -> {
+            UserModel user = session.users().getUserByUsername(session.getContext().getRealm(), "login-test");
+
+            // need to set directly to the model because user profile does not allow empty values
+            // an empty value should fail validation and force rendering the verify profile page
+            user.setFirstName("");
+            // this attribute does not exist in the default user profile configuration
+            user.setAttribute("test", List.of("test"));
+        };
+    }
+
    @Test
    public void testUsernameOnlyIfEditAllowed() {
        RealmRepresentation realm = testRealm().toRepresentation();