From b58f35fb4786edb16f9d7bc3cd14a19d0dee649f Mon Sep 17 00:00:00 2001 From: Ricardo Martin Date: Thu, 25 Jan 2024 12:28:16 +0100 Subject: [PATCH] Revert "Enable verify profile required action by default for new realms" (#26495) This reverts commit 7f195acc149a32d5a4168648b41cf3dcdda0d46a. Signed-off-by: rmartinc --- .../quarkus/runtime/KeycloakMain.java | 39 ++-------------- .../models/utils/DefaultRequiredActions.java | 16 +------ .../services/managers/ApplianceBootstrap.java | 5 +-- .../resources/KeycloakApplication.java | 5 ++- .../services/resources/WelcomeResource.java | 18 +------- .../undertow/KeycloakOnUndertow.java | 2 +- ...cloakQuarkusServerDeployableContainer.java | 3 -- .../testsuite/AbstractKeycloakTest.java | 20 +-------- .../admin/IllegalAdminUpgradeTest.java | 9 ---- .../testsuite/admin/ImpersonationTest.java | 14 +----- .../testsuite/admin/PermissionsTest.java | 38 ++++------------ .../authentication/RequiredActionsTest.java | 9 +--- .../event/AdminEventAuthDetailsTest.java | 4 +- .../testsuite/admin/group/GroupTest.java | 8 ++-- .../testsuite/admin/realm/RealmTest.java | 6 +-- .../testsuite/cli/admin/KcAdmSessionTest.java | 2 +- .../federation/storage/UserStorageTest.java | 2 +- .../testsuite/forms/VerifyProfileTest.java | 18 +++++--- .../testsuite/oauth/RefreshTokenTest.java | 12 +---- .../src/test/resources/keycloak-add-user.json | 5 +-- .../keycloak/testsuite/KeycloakServer.java | 2 +- .../theme/keycloak/welcome/index.ftl | 44 +------------------ 22 files changed, 50 insertions(+), 231 deletions(-) diff --git a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/KeycloakMain.java b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/KeycloakMain.java index 6eac1942e8..15e1287b7d 100644 --- a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/KeycloakMain.java +++ b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/KeycloakMain.java @@ -48,8 +48,6 @@ import org.keycloak.quarkus.runtime.cli.command.Start; import org.keycloak.services.ServicesLogger; import org.keycloak.services.managers.ApplianceBootstrap; import org.keycloak.services.resources.KeycloakApplication; -import org.keycloak.utils.EmailValidationUtil; -import org.keycloak.utils.StringUtil; import io.quarkus.runtime.QuarkusApplication; import io.quarkus.runtime.annotations.QuarkusMain; @@ -61,13 +59,8 @@ import io.quarkus.runtime.annotations.QuarkusMain; @ApplicationScoped public class KeycloakMain implements QuarkusApplication { - private static final Logger log = Logger.getLogger(KeycloakMain.class); private static final String KEYCLOAK_ADMIN_ENV_VAR = "KEYCLOAK_ADMIN"; private static final String KEYCLOAK_ADMIN_PASSWORD_ENV_VAR = "KEYCLOAK_ADMIN_PASSWORD"; - private static final String KEYCLOAK_ADMIN_FIRSTNAME_ENV_VAR = "KEYCLOAK_ADMIN_FIRSTNAME"; - private static final String KEYCLOAK_ADMIN_LASTNAME_ENV_VAR = "KEYCLOAK_ADMIN_LASTNAME"; - private static final String KEYCLOAK_ADMIN_EMAIL_ENV_VAR = "KEYCLOAK_ADMIN_EMAIL"; - private static final String KEYCLOAK_ADMIN_DEFAULT_EMAIL_DOMAIN = "keycloak.test"; public static void main(String[] args) { System.setProperty("kc.version", Version.VERSION); @@ -171,43 +164,17 @@ public class KeycloakMain implements QuarkusApplication { private void createAdminUser() { String adminUserName = System.getenv(KEYCLOAK_ADMIN_ENV_VAR); String adminPassword = System.getenv(KEYCLOAK_ADMIN_PASSWORD_ENV_VAR); - String tmpFirstName = System.getenv(KEYCLOAK_ADMIN_FIRSTNAME_ENV_VAR); - String tmpLastName = System.getenv(KEYCLOAK_ADMIN_LASTNAME_ENV_VAR); - String tmpEmail = System.getenv(KEYCLOAK_ADMIN_EMAIL_ENV_VAR); - if (StringUtil.isBlank(adminUserName) || StringUtil.isBlank(adminPassword)) { + if ((adminUserName == null || adminUserName.trim().length() == 0) + || (adminPassword == null || adminPassword.trim().length() == 0)) { return; } - // try to create admin user only with username and password - if (StringUtil.isBlank(tmpFirstName)) { - tmpFirstName = adminUserName; - } - - if (StringUtil.isBlank(tmpLastName)) { - tmpLastName = adminUserName; - } - - if (StringUtil.isBlank(tmpEmail)) { - tmpEmail = adminUserName + "@" + KEYCLOAK_ADMIN_DEFAULT_EMAIL_DOMAIN; - } - - if (!EmailValidationUtil.isValidEmail(tmpEmail)) { - log.errorf("The admin user %s is not created because the associated email is invalid: %s. " - + "Please set a valid email in the KEYCLOAK_ADMIN_EMAIL environment variable.", adminUserName, tmpEmail); - return; - } - - final String adminFirstName = tmpFirstName; - final String adminLastName = tmpLastName; - final String adminEmail = tmpEmail; - KeycloakSessionFactory sessionFactory = KeycloakApplication.getSessionFactory(); try { KeycloakModelUtils.runJobInTransaction(sessionFactory, session -> { - new ApplianceBootstrap(session).createMasterRealmUser(adminUserName, - adminPassword, adminFirstName, adminLastName, adminEmail); + new ApplianceBootstrap(session).createMasterRealmUser(adminUserName, adminPassword); }); } catch (Throwable t) { ServicesLogger.LOGGER.addUserFailed(t, adminUserName, Config.getAdminRealm()); diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/DefaultRequiredActions.java b/server-spi-private/src/main/java/org/keycloak/models/utils/DefaultRequiredActions.java index 3d81d69d36..aa49046c37 100755 --- a/server-spi-private/src/main/java/org/keycloak/models/utils/DefaultRequiredActions.java +++ b/server-spi-private/src/main/java/org/keycloak/models/utils/DefaultRequiredActions.java @@ -81,8 +81,7 @@ public class DefaultRequiredActions { UPDATE_EMAIL(UserModel.RequiredAction.UPDATE_EMAIL.name(), DefaultRequiredActions::addUpdateEmailAction, () -> isFeatureEnabled(Profile.Feature.UPDATE_EMAIL)), CONFIGURE_RECOVERY_AUTHN_CODES(UserModel.RequiredAction.CONFIGURE_RECOVERY_AUTHN_CODES.name(), DefaultRequiredActions::addRecoveryAuthnCodesAction, () -> isFeatureEnabled(Profile.Feature.RECOVERY_CODES)), WEBAUTHN_REGISTER("webauthn-register", DefaultRequiredActions::addWebAuthnRegisterAction, () -> isFeatureEnabled(Profile.Feature.WEB_AUTHN)), - WEBAUTHN_PASSWORDLESS_REGISTER("webauthn-register-passwordless", DefaultRequiredActions::addWebAuthnPasswordlessRegisterAction, () -> isFeatureEnabled(Profile.Feature.WEB_AUTHN)), - VERIFY_USER_PROFILE(UserModel.RequiredAction.VERIFY_PROFILE.name(), DefaultRequiredActions::addVerifyProfile); + WEBAUTHN_PASSWORDLESS_REGISTER("webauthn-register-passwordless", DefaultRequiredActions::addWebAuthnPasswordlessRegisterAction, () -> isFeatureEnabled(Profile.Feature.WEB_AUTHN)); private final String alias; private final Consumer addAction; @@ -183,19 +182,6 @@ public class DefaultRequiredActions { } } - public static void addVerifyProfile(RealmModel realm) { - if (realm.getRequiredActionProviderByAlias(UserModel.RequiredAction.VERIFY_PROFILE.name()) == null) { - RequiredActionProviderModel termsAndConditions = new RequiredActionProviderModel(); - termsAndConditions.setEnabled(true); - termsAndConditions.setAlias(UserModel.RequiredAction.VERIFY_PROFILE.name()); - termsAndConditions.setName("Verify Profile"); - termsAndConditions.setProviderId(UserModel.RequiredAction.VERIFY_PROFILE.name()); - termsAndConditions.setDefaultAction(false); - termsAndConditions.setPriority(90); - realm.addRequiredActionProvider(termsAndConditions); - } - } - public static void addDeleteAccountAction(RealmModel realm) { if (realm.getRequiredActionProviderByAlias("delete_account") == null) { RequiredActionProviderModel deleteAccount = new RequiredActionProviderModel(); diff --git a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java index 6461502b6d..10b6a924ce 100755 --- a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java +++ b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java @@ -92,7 +92,7 @@ public class ApplianceBootstrap { return true; } - public void createMasterRealmUser(String username, String password, String firstName, String lastName, String email) { + public void createMasterRealmUser(String username, String password) { RealmModel realm = session.realms().getRealmByName(Config.getAdminRealm()); session.getContext().setRealm(realm); @@ -103,9 +103,6 @@ public class ApplianceBootstrap { UserModel adminUser = session.users().addUser(realm, username); adminUser.setEnabled(true); - adminUser.setFirstName(firstName); - adminUser.setLastName(lastName); - adminUser.setEmail(email); UserCredentialModel usrCredModel = UserCredentialModel.password(password); adminUser.credentialManager().updateCredential(usrCredModel); diff --git a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java index 195ba5d846..904c82a44c 100644 --- a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java +++ b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java @@ -318,7 +318,10 @@ public class KeycloakApplication extends Application { if (users.getUserByUsername(realm, userRep.getUsername()) != null) { ServicesLogger.LOGGER.notCreatingExistingUser(userRep.getUsername()); } else { - UserModel user = RepresentationToModel.createUser(session, realm, userRep); + UserModel user = users.addUser(realm, userRep.getUsername()); + user.setEnabled(userRep.isEnabled()); + RepresentationToModel.createCredentials(userRep, session, realm, user, false); + RepresentationToModel.createRoleMappings(userRep, user, realm); ServicesLogger.LOGGER.addUserSuccess(userRep.getUsername(), realmRep.getRealm()); } }); diff --git a/services/src/main/java/org/keycloak/services/resources/WelcomeResource.java b/services/src/main/java/org/keycloak/services/resources/WelcomeResource.java index 37ede2fc61..79c999aea7 100755 --- a/services/src/main/java/org/keycloak/services/resources/WelcomeResource.java +++ b/services/src/main/java/org/keycloak/services/resources/WelcomeResource.java @@ -47,7 +47,6 @@ import org.keycloak.services.util.CookieHelper; import org.keycloak.theme.Theme; import org.keycloak.theme.freemarker.FreeMarkerProvider; import org.keycloak.urls.UrlType; -import org.keycloak.utils.EmailValidationUtil; import org.keycloak.utils.MediaType; import java.io.IOException; @@ -114,9 +113,6 @@ public class WelcomeResource { String username = formData.getFirst("username"); String password = formData.getFirst("password"); String passwordConfirmation = formData.getFirst("passwordConfirmation"); - String firstName = formData.getFirst("firstName"); - String lastName = formData.getFirst("lastName"); - String email = formData.getFirst("email"); if (username != null) { username = username.trim(); @@ -134,22 +130,10 @@ public class WelcomeResource { return createWelcomePage(null, "Password and confirmation doesn't match"); } - if (firstName == null || firstName.length() == 0) { - return createWelcomePage(null, "FirstName is missing"); - } - - if (lastName == null || lastName.length() == 0) { - return createWelcomePage(null, "LastName is missing"); - } - - if (!EmailValidationUtil.isValidEmail(email)) { - return createWelcomePage(null, "Email is invalid"); - } - expireCsrfCookie(); ApplianceBootstrap applianceBootstrap = new ApplianceBootstrap(session); - applianceBootstrap.createMasterRealmUser(username, password, firstName, lastName, email); + applianceBootstrap.createMasterRealmUser(username, password); shouldBootstrap.set(false); ServicesLogger.LOGGER.createdInitialAdminUser(username); diff --git a/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java b/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java index 47df08036f..254dc2fe62 100644 --- a/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java +++ b/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java @@ -235,7 +235,7 @@ public class KeycloakOnUndertow implements DeployableContainer response) { - response.set(realm.users().create(UserBuilder.create() - .username("testuser") - .firstName("testuser") - .lastName("testuser") - .email("testuser@keycloak.org") - .build())); + response.set(realm.users().create(UserBuilder.create().username("testuser").build())); } }, Resource.USER, true); UserRepresentation user = adminClient.realms().realm(REALM_NAME).users().search("testuser").get(0); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/RequiredActionsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/RequiredActionsTest.java index ab9dc6ddb0..b5fd9e2451 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/RequiredActionsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/RequiredActionsTest.java @@ -40,12 +40,6 @@ import java.util.Map; */ public class RequiredActionsTest extends AbstractAuthenticationTest { - @Override - protected boolean removeVerifyProfileAtImport() { - // do not remove verify profile action for this test - return false; - } - @Test public void testRequiredActions() { List result = authMgmtResource.getRequiredActions(); @@ -56,7 +50,6 @@ public class RequiredActionsTest extends AbstractAuthenticationTest { addRequiredAction(expected, "UPDATE_PASSWORD", "Update Password", true, false, null); addRequiredAction(expected, "UPDATE_PROFILE", "Update Profile", true, false, null); addRequiredAction(expected, "VERIFY_EMAIL", "Verify Email", true, false, null); - addRequiredAction(expected, "VERIFY_PROFILE", "Verify Profile", true, false, null); addRequiredAction(expected, "delete_account", "Delete Account", false, false, null); addRequiredAction(expected, "update_user_locale", "Update User Locale", true, false, null); addRequiredAction(expected, "webauthn-register", "Webauthn Register", true, false, null); @@ -91,7 +84,7 @@ public class RequiredActionsTest extends AbstractAuthenticationTest { // Dummy RequiredAction is not registered in the realm and WebAuthn actions List result = authMgmtResource.getUnregisteredRequiredActions(); - Assert.assertEquals(1, result.size()); + Assert.assertEquals(2, result.size()); RequiredActionProviderSimpleRepresentation action = result.stream().filter( a -> a.getProviderId().equals(DummyRequiredActionFactory.PROVIDER_ID) ).findFirst().get(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventAuthDetailsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventAuthDetailsTest.java index 47f5cb3f91..9e66515ab3 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventAuthDetailsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventAuthDetailsTest.java @@ -103,9 +103,7 @@ public class AdminEventAuthDetailsTest extends AbstractAuthTest { masterRealmId = masterRealm.toRepresentation().getId(); masterAdminCliUuid = ApiUtil.findClientByClientId(masterRealm, Constants.ADMIN_CLI_CLIENT_ID).toRepresentation().getId(); masterAdminUserId = ApiUtil.findUserByUsername(masterRealm, "admin").getId(); - masterAdminUser2Id = ApiUtil.createUserAndResetPasswordWithAdminClient(masterRealm, - UserBuilder.create().username("admin2").firstName("admin2").lastName("admin2").email("admin2@keycloak.org").build(), - "password"); + masterAdminUser2Id = ApiUtil.createUserAndResetPasswordWithAdminClient(masterRealm, UserBuilder.create().username("admin2").build(), "password"); masterRealm.users().get(masterAdminUser2Id).roles().realmLevel().add(Collections.singletonList(masterRealm.roles().get("admin").toRepresentation())); RealmResource testRealm = adminClient.realm("test"); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java index d498003630..cd3dbe9825 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java @@ -837,7 +837,7 @@ public class GroupTest extends AbstractGroupTest { public void noAdminEndpointAccessWhenNoRoleAssigned() { String userName = "user-" + UUID.randomUUID(); final String realmName = AuthRealm.MASTER; - createUser(realmName, userName, "pwd", userName, userName, userName + "@keycloak.org"); + createUser(realmName, userName, "pwd"); try (Keycloak userClient = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", realmName, userName, "pwd", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) { @@ -862,7 +862,7 @@ public class GroupTest extends AbstractGroupTest { assertThat(adminRole, notNullValue()); assertThat(adminRole.getId(), notNullValue()); - String userId = createUser(realmName, userName, "pwd", userName, userName, userName + "@keycloak.org"); + String userId = createUser(realmName, userName, "pwd"); assertThat(userId, notNullValue()); RoleMappingResource mappings = realm.users().get(userId).roles(); @@ -891,7 +891,7 @@ public class GroupTest extends AbstractGroupTest { assertThat(adminRole, notNullValue()); assertThat(adminRole.getId(), notNullValue()); - String userId = createUser(realmName, userName, "pwd", userName, userName, userName + "@keycloak.org"); + String userId = createUser(realmName, userName, "pwd"); GroupRepresentation group = GroupBuilder.create().name(groupName).build(); try (Response response = realm.groups().add(group)) { String groupId = ApiUtil.getCreatedId(response); @@ -984,7 +984,7 @@ public class GroupTest extends AbstractGroupTest { assertThat(adminRole, notNullValue()); assertThat(adminRole.getId(), notNullValue()); - String userId = createUser(realmName, userName, "pwd", userName, userName, userName + "@keycloak.org"); + String userId = createUser(realmName, userName, "pwd"); GroupRepresentation group = GroupBuilder.create().name(groupName).build(); try (Response response = realm.groups().add(group)) { String groupId = ApiUtil.getCreatedId(response); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java index b173881b12..c43a1bcb39 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java @@ -951,11 +951,7 @@ public class RealmTest extends AbstractAdminTest { oauth.realm(REALM_NAME); oauth.redirectUri(redirectUri); - UserRepresentation userRep = UserBuilder.create().username("testuser") - .firstName("testuser") - .lastName("testuser") - .email("testuser@keycloak.org") - .build(); + UserRepresentation userRep = UserBuilder.create().username("testuser").build(); Response response = realm.users().create(userRep); String userId = ApiUtil.getCreatedId(response); response.close(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/admin/KcAdmSessionTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/admin/KcAdmSessionTest.java index 68e3d3e36d..f080afdf65 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/admin/KcAdmSessionTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/admin/KcAdmSessionTest.java @@ -43,7 +43,7 @@ public class KcAdmSessionTest extends AbstractAdmCliTest { Assert.assertTrue(exe.stderrLines().get(exe.stderrLines().size() - 1).startsWith("Created ")); // create user - exe = execute("create users --config '" + configFile.getName() + "' -r demorealm -s username=testuser -s firstName=testuser -s lastName=testuser -s email=testuser@keycloak.org -s enabled=true -i"); + exe = execute("create users --config '" + configFile.getName() + "' -r demorealm -s username=testuser -s enabled=true -i"); assertExitCodeAndStreamSizes(exe, 0, 1, 0); String userId = exe.stdoutLines().get(0); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java index cef1e2b12d..09f3f2d95b 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java @@ -869,7 +869,7 @@ public class UserStorageTest extends AbstractAuthTest { // Re-create realm RealmRepresentation repOrig = testContext.getTestRealmReps().get(0); - importRealm(repOrig); + adminClient.realms().create(repOrig); } @Test diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/VerifyProfileTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/VerifyProfileTest.java index d66fd71b8e..4e97a0d875 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/VerifyProfileTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/VerifyProfileTest.java @@ -49,6 +49,7 @@ import org.keycloak.models.UserModel; import org.keycloak.representations.idm.AdminEventRepresentation; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.representations.idm.RequiredActionProviderRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.userprofile.config.UPAttribute; import org.keycloak.representations.userprofile.config.UPAttributePermissions; @@ -112,12 +113,6 @@ public class VerifyProfileTest extends AbstractTestRealmKeycloakTest { private static ClientRepresentation client_scope_default; private static ClientRepresentation client_scope_optional; - @Override - protected boolean removeVerifyProfileAtImport() { - // we need the verify profile action enabled as default - return false; - } - @Override public void configureTestRealm(RealmRepresentation testRealm) { UserRepresentation user = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-test").email("login@test.com").enabled(true).password("password").build(); @@ -130,6 +125,17 @@ public class VerifyProfileTest extends AbstractTestRealmKeycloakTest { RealmBuilder.edit(testRealm).user(user).user(user2).user(user3).user(user4).user(user5).user(user6).user(userWithoutEmail); + RequiredActionProviderRepresentation action = new RequiredActionProviderRepresentation(); + action.setAlias(UserModel.RequiredAction.VERIFY_PROFILE.name()); + action.setProviderId(UserModel.RequiredAction.VERIFY_PROFILE.name()); + action.setEnabled(true); + action.setDefaultAction(false); + action.setPriority(10); + + List actions = new ArrayList<>(); + actions.add(action); + testRealm.setRequiredActions(actions); + testRealm.setClientScopes(new ArrayList<>()); testRealm.getClientScopes().add(ClientScopeBuilder.create().name(SCOPE_DEPARTMENT).protocol("openid-connect").build()); testRealm.getClientScopes().add(ClientScopeBuilder.create().name("profile").protocol("openid-connect").build()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java index a6904ce9d1..a508c78f3b 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java @@ -366,17 +366,9 @@ public class RefreshTokenTest extends AbstractKeycloakTest { .build()); realmResource.users() - .create(UserBuilder.create().username("alice") - .firstName("alice") - .lastName("alice") - .email("alice@keycloak.org") - .password("alice").addRoles("offline_access").build()); + .create(UserBuilder.create().username("alice").password("alice").addRoles("offline_access").build()); realmResource.users() - .create(UserBuilder.create().username("bob") - .firstName("bob") - .lastName("bob") - .email("bob@keycloak.org") - .password("bob").addRoles("offline_access").build()); + .create(UserBuilder.create().username("bob").password("bob").addRoles("offline_access").build()); oauth.realm(realmName); oauth.clientId("public-client"); diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/keycloak-add-user.json b/testsuite/integration-arquillian/tests/base/src/test/resources/keycloak-add-user.json index 066fdd4681..b37ad8cec4 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/resources/keycloak-add-user.json +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/keycloak-add-user.json @@ -2,9 +2,6 @@ "realm" : "master", "users" : [ { "username" : "admin", - "firstName" : "admin", - "lastName" : "admin", - "email" : "admin@keycloak.org", "enabled" : true, "credentials" : [ { "type" : "password", @@ -13,4 +10,4 @@ } ], "realmRoles" : [ "admin" ] } ] -} ] +} ] \ No newline at end of file diff --git a/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java b/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java index 350d464966..341ac7dc34 100755 --- a/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java +++ b/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java @@ -396,7 +396,7 @@ public class KeycloakServer { try (KeycloakSession session = sessionFactory.create()) { session.getTransactionManager().begin(); if (new ApplianceBootstrap(session).isNoMasterUser()) { - new ApplianceBootstrap(session).createMasterRealmUser("admin", "admin", "admin", "admin", "admin@keycloak.org"); + new ApplianceBootstrap(session).createMasterRealmUser("admin", "admin"); log.info("Created master user with credentials admin:admin"); } } diff --git a/themes/src/main/resources/theme/keycloak/welcome/index.ftl b/themes/src/main/resources/theme/keycloak/welcome/index.ftl index 572c98606e..2ee671a33b 100755 --- a/themes/src/main/resources/theme/keycloak/welcome/index.ftl +++ b/themes/src/main/resources/theme/keycloak/welcome/index.ftl @@ -80,46 +80,6 @@ - -
-
- -
-
- - - -
-
- -
-
- -
-
- - - -
-
- -
-
- -
-
- - - -
-
-
<#else> -

To create the administrative user open ${localAdminUrl}, or set the environment variables KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD when starting the server. KEYCLOAK_ADMIN_FIRSTNAME, KEYCLOAK_ADMIN_LASTNAME and KEYCLOAK_ADMIN_EMAIL variables can also be set but they are automatically filled (if possible) when missed.

+

To create the administrative user open ${localAdminUrl}, or set the environment variables KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD when starting the server.

@@ -159,4 +119,4 @@ - + \ No newline at end of file