[KEYCLOAK-14611] Incorrect error message shown on duplicated email registration

2020-07-13 16:56:52 -07:00 · 2020-07-13 16:56:52 -07:00 · 6d5495141d
commit 6d5495141d
parent 969b09f530
3 changed files with 58 additions and 7 deletions
--- a/services/src/main/java/org/keycloak/authentication/forms/RegistrationProfile.java
+++ b/services/src/main/java/org/keycloak/authentication/forms/RegistrationProfile.java
@ -28,6 +28,7 @@ import org.keycloak.forms.login.LoginFormsProvider;
 import org.keycloak.models.AuthenticationExecutionModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.KeycloakSessionFactory;
+import org.keycloak.models.ModelDuplicateException;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.utils.FormMessage;
@ -83,11 +84,21 @@ public class RegistrationProfile implements FormAction, FormActionFactory {
            emailValid = false;
        }

-        if (emailValid && !context.getRealm().isDuplicateEmailsAllowed() && context.getSession().users().getUserByEmail(email, context.getRealm()) != null) {
-            eventError = Errors.EMAIL_IN_USE;
-            formData.remove(Validation.FIELD_EMAIL);
-            context.getEvent().detail(Details.EMAIL, email);
-            errors.add(new FormMessage(RegistrationPage.FIELD_EMAIL, Messages.EMAIL_EXISTS));
+        if (emailValid && !context.getRealm().isDuplicateEmailsAllowed()) {
+            boolean duplicateEmail = false;
+            try {
+               if(context.getSession().users().getUserByEmail(email, context.getRealm()) != null) {
+                   duplicateEmail = true;
+               }
+            } catch (ModelDuplicateException e) {
+                duplicateEmail = true;
+            }
+            if (duplicateEmail) {
+                eventError = Errors.EMAIL_IN_USE;
+                formData.remove(Validation.FIELD_EMAIL);
+                context.getEvent().detail(Details.EMAIL, email);
+                errors.add(new FormMessage(RegistrationPage.FIELD_EMAIL, Messages.EMAIL_EXISTS));
+            }
        }

        if (errors.size() > 0) {
--- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@ -121,8 +121,14 @@ public class UsersResource {
        if (session.users().getUserByUsername(username, realm) != null) {
            return ErrorResponse.exists("User exists with same username");
        }
-        if (rep.getEmail() != null && !realm.isDuplicateEmailsAllowed() && session.users().getUserByEmail(rep.getEmail(), realm) != null) {
-            return ErrorResponse.exists("User exists with same email");
+        if (rep.getEmail() != null && !realm.isDuplicateEmailsAllowed()) {
+            try {
+                if(session.users().getUserByEmail(rep.getEmail(), realm) != null) {
+                    return ErrorResponse.exists("User exists with same email");
+                }
+            } catch (ModelDuplicateException e) {
+                return ErrorResponse.exists("User exists with same email");
+            }
        }

        try {
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java
@ -246,6 +246,40 @@ public class UserTest extends AbstractAdminTest {
        user.setEmail("user1@localhost");
        Response response = realm.users().create(user);
        assertEquals(409, response.getStatus());
+        assertAdminEvents.assertEmpty();
+
+        ErrorRepresentation error = response.readEntity(ErrorRepresentation.class);
+        Assert.assertEquals("User exists with same email", error.getErrorMessage());
+
+        response.close();
+    }
+
+    //KEYCLOAK-14611
+    @Test
+    public void createDuplicateEmailWithExistingDuplicates() {
+        //Allow duplicate emails
+        RealmRepresentation rep = realm.toRepresentation();
+        rep.setDuplicateEmailsAllowed(true);
+        realm.update(rep);
+
+        //Create 2 users with the same email
+        UserRepresentation user = new UserRepresentation();
+        user.setEmail("user1@localhost");
+        user.setUsername("user1");
+        createUser(user, false);
+        user.setUsername("user2");
+        createUser(user, false);
+
+        //Disallow duplicate emails
+        rep.setDuplicateEmailsAllowed(false);
+        realm.update(rep);
+
+        //Create a third user with the same email
+        user.setUsername("user3");
+        Response response = realm.users().create(user);
+        assertEquals(409, response.getStatus());
+        ErrorRepresentation error = response.readEntity(ErrorRepresentation.class);
+        Assert.assertEquals("User exists with same email", error.getErrorMessage());
        response.close();
    }