From b4c940fe3f03041b49515153330de38bc9ad49b6 Mon Sep 17 00:00:00 2001
From: Pedro Igor <pigor.craveiro@gmail.com>
Date: Tue, 20 Jul 2021 19:19:07 -0300
Subject: [PATCH] [KEYCLOAK-18860] - Return attributes defined in user profile
 from user api

---
 .../resources/admin/UserResource.java         | 10 +--
 .../testsuite/admin/DeclarativeUserTest.java  | 76 +++++++++++++++++++
 2 files changed, 79 insertions(+), 7 deletions(-)
 create mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java
index 49f9c082b3..c803354d25 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java
@@ -286,14 +286,10 @@ public class UserResource {
         UserProfileProvider provider = session.getProvider(UserProfileProvider.class);
         UserProfile profile = provider.create(USER_API, user);
 
-        if (rep.getAttributes() != null) {
-            Map<String, List<String>> allowedAttributes = profile.getAttributes().getReadable(false);
+        Map<String, List<String>> attributes = profile.getAttributes().getReadable(false);
 
-            for (String attributeName : rep.getAttributes().keySet()) {
-                if (!allowedAttributes.containsKey(attributeName)) {
-                    rep.getAttributes().remove(attributeName);
-                }
-            }
+        if (!attributes.isEmpty()) {
+            rep.setAttributes(attributes);
         }
 
         return rep;
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java
new file mode 100644
index 0000000000..cda82e5e33
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java
@@ -0,0 +1,76 @@
+package org.keycloak.testsuite.admin;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.keycloak.testsuite.forms.VerifyProfileTest.PERMISSIONS_ALL;
+import static org.keycloak.testsuite.forms.VerifyProfileTest.enableDynamicUserProfile;
+import static org.keycloak.testsuite.forms.VerifyProfileTest.setUserProfileConfiguration;
+import static org.keycloak.userprofile.DeclarativeUserProfileProvider.REALM_USER_PROFILE_ENABLED;
+
+import javax.ws.rs.core.Response;
+
+import java.util.List;
+import java.util.Map;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.keycloak.events.admin.OperationType;
+import org.keycloak.events.admin.ResourceType;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
+import org.keycloak.testsuite.util.AdminEventPaths;
+
+/**
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+public class DeclarativeUserTest extends AbstractAdminTest {
+
+    @Before
+    public void onBefore() {
+        RealmRepresentation realmRep = this.realm.toRepresentation();
+        enableDynamicUserProfile(realmRep);
+        this.realm.update(realmRep);
+        setUserProfileConfiguration(this.realm, "{\"attributes\": ["
+                + "{\"name\": \"username\", " + PERMISSIONS_ALL + "},"
+                + "{\"name\": \"firstName\", " + PERMISSIONS_ALL + "},"
+                + "{\"name\": \"email\", " + PERMISSIONS_ALL + "},"
+                + "{\"name\": \"lastName\", " + PERMISSIONS_ALL + "},"
+                + "{\"name\": \"aName\", " + PERMISSIONS_ALL + "},"
+                + "{\"name\": \"custom-a\", " + PERMISSIONS_ALL + "},"
+                + "{\"name\": \"attr1\", " + PERMISSIONS_ALL + "},"
+                + "{\"name\": \"attr2\", " + PERMISSIONS_ALL + "}]}");
+    }
+
+    @Test
+    public void testReturnAllConfiguredAttributesEvenIfNotSet() {
+        UserRepresentation user1 = new UserRepresentation();
+        user1.setUsername("user1");
+        user1.singleAttribute("attr1", "value1user1");
+        user1.singleAttribute("attr2", "value2user1");
+        String user1Id = createUser(user1);
+
+        user1 = realm.users().get(user1Id).toRepresentation();
+        Map<String, List<String>> attributes = user1.getAttributes();
+        assertEquals(4, attributes.size());
+        List<String> attr1 = attributes.get("attr1");
+        assertEquals(1, attr1.size());
+        assertEquals("value1user1", attr1.get(0));
+        List<String> attr2 = attributes.get("attr2");
+        assertEquals(1, attr2.size());
+        assertEquals("value2user1", attr2.get(0));
+        List<String> attrCustomA = attributes.get("custom-a");
+        assertTrue(attrCustomA.isEmpty());
+        assertTrue(attributes.containsKey("custom-a"));
+        assertTrue(attributes.containsKey("aName"));
+    }
+
+    private String createUser(UserRepresentation userRep) {
+        Response response = realm.users().create(userRep);
+        String createdId = ApiUtil.getCreatedId(response);
+        response.close();
+        getCleanup().addUserId(createdId);
+        return createdId;
+    }
+}