diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java index 0d44b94edb..6eaef9d533 100755 --- a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java +++ b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java @@ -83,6 +83,7 @@ import org.keycloak.models.UserConsentModel; import org.keycloak.models.UserCredentialModel; import org.keycloak.models.UserModel; import org.keycloak.models.UserProvider; +import org.keycloak.models.cache.UserCache; import org.keycloak.models.credential.PasswordUserCredentialModel; import org.keycloak.policy.PasswordPolicyNotMetException; import org.keycloak.provider.ProviderConfigProperty; @@ -1681,6 +1682,10 @@ public class RepresentationToModel { } hashedCred.setCreatedDate(cred.getCreatedDate()); session.userCredentialManager().createCredential(realm, user, hashedCred); + UserCache userCache = session.userCache(); + if (userCache != null) { + userCache.evict(realm, user); + } } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java index f535aae85d..08aad3bb65 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java @@ -228,6 +228,34 @@ public class UserTest extends AbstractAdminTest { assertEquals("theSalt", new String(credentialHashed.getSalt())); assertEquals(CredentialRepresentation.PASSWORD, credentialHashed.getType()); } + + @Test + public void updateUserWithHashedCredentials(){ + String userId = createUser("user_hashed_creds", "user_hashed_creds@localhost"); + + CredentialRepresentation hashedPassword = new CredentialRepresentation(); + hashedPassword.setAlgorithm("pbkdf2-sha256"); + hashedPassword.setCreatedDate(1001l); + hashedPassword.setHashIterations(27500); + hashedPassword.setHashedSaltedValue("uskEPZWMr83pl2mzNB95SFXfIabe2UH9ClENVx/rrQqOjFEjL2aAOGpWsFNNF3qoll7Qht2mY5KxIDm3Rnve2w=="); + hashedPassword.setSalt("u1VXYxqVfWOzHpF2bGSLyA=="); + hashedPassword.setType(CredentialRepresentation.PASSWORD); + + UserRepresentation userRepresentation = new UserRepresentation(); + userRepresentation.setCredentials(Collections.singletonList(hashedPassword)); + + realm.users().get(userId).update(userRepresentation); + + String accountUrl = RealmsResource.accountUrl(UriBuilder.fromUri(getAuthServerRoot())).build(REALM_NAME).toString(); + + driver.navigate().to(accountUrl); + + assertEquals("Log In", PageUtils.getPageTitle(driver)); + + loginPage.login("user_hashed_creds", "admin"); + + assertTrue(driver.getTitle().contains("Account Management")); + } @Test public void createUserWithRawCredentials() { @@ -1312,7 +1340,7 @@ public class UserTest extends AbstractAdminTest { // Remove UPDATE_PASSWORD default action updatePasswordReqAction = realm.flows().getRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString()); - updatePasswordReqAction.setDefaultAction(true); + updatePasswordReqAction.setDefaultAction(false); realm.flows().updateRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString(), updatePasswordReqAction); assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(UserModel.RequiredAction.UPDATE_PASSWORD.toString()), updatePasswordReqAction, ResourceType.REQUIRED_ACTION); }