[KEYCLOAK-6111] 'Override User-Initiated Action Lifespan' admin GUI can break realm configuration

model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java

@@ -32,6 +32,8 @@ import java.util.*;
 import java.util.function.Predicate;
 import java.util.stream.Collectors;
 
+import static java.util.Objects.nonNull;
+
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
  * @version $Revision: 1 $
@@ -480,6 +482,7 @@ public class RealmAdapter implements RealmModel, JpaModel<RealmEntity> {
 
         getAttributes().entrySet().stream()
                 .filter(Objects::nonNull)
+                .filter(entry -> nonNull(entry.getValue()))
                 .filter(entry -> entry.getKey().startsWith(RealmAttributes.ACTION_TOKEN_GENERATED_BY_USER_LIFESPAN + "."))
                 .forEach(entry -> userActionTokens.put(entry.getKey().substring(RealmAttributes.ACTION_TOKEN_GENERATED_BY_USER_LIFESPAN.length() + 1), Integer.valueOf(entry.getValue())));
 

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/Form.java

@@ -46,7 +46,6 @@ public class Form {
     private WebElement cancel;
 
     public void save() {
-//        guardAjax(save).click();
         clickLink(save);
     }
 
@@ -70,5 +69,11 @@ public class Form {
             // TODO log warning
         }
     }
+    public WebElement saveBtn() {
+        return save;
+    }
 
+    public WebElement cancelBtn() {
+        return cancel;
+    }
 }

testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/realm/TokensTest.java

@@ -35,6 +35,7 @@ import java.util.Objects;
 import java.util.concurrent.TimeUnit;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertThat;
 import static org.junit.Assert.assertTrue;
@@ -140,6 +141,23 @@ public class TokensTest extends AbstractRealmTest {
 
     }
 
+    @Test
+    public void testButtonDisabledForEmptyAttributes() throws InterruptedException {
+        tokenSettingsPage.form().setOperation(VerifyEmailActionToken.TOKEN_TYPE, TIMEOUT, TimeUnit.DAYS);
+        tokenSettingsPage.form().save();
+        assertAlertSuccess();
+
+        loginToTestRealmConsoleAs(testUser);
+        driver.navigate().refresh();
+
+        tokenSettingsPage.navigateTo();
+        tokenSettingsPage.form().selectOperation(VerifyEmailActionToken.TOKEN_TYPE);
+        tokenSettingsPage.form().selectOperation(ResetCredentialsActionToken.TOKEN_TYPE);
+
+        assertFalse("Save button should be disabled", tokenSettingsPage.form().saveBtn().isEnabled());
+        assertFalse("Cancel button should be disabled", tokenSettingsPage.form().cancelBtn().isEnabled());
+    }
+
     @Test
     public void testLifespanActionTokenResetForVerifyEmail() throws InterruptedException {
         tokenSettingsPage.form().setOperation(VerifyEmailActionToken.TOKEN_TYPE, TIMEOUT, TimeUnit.DAYS);

themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js

@@ -1099,6 +1099,12 @@ module.controller('RealmTokenDetailCtrl', function($scope, Realm, realm, $http,
 
     var oldCopy = angular.copy($scope.realm);
     $scope.changed = false;
+    
+    var refresh = function() {
+        Realm.get($scope.realm, function () {
+            $scope.changed = false;
+        });
+    };
 
     $scope.$watch('realm', function() {
         if (!angular.equals($scope.realm, oldCopy)) {
@@ -1108,6 +1114,10 @@ module.controller('RealmTokenDetailCtrl', function($scope, Realm, realm, $http,
 
     $scope.$watch('actionLifespanId', function () {
         $scope.actionTokenAttribute = TimeUnit2.asUnit($scope.realm.attributes['actionTokenGeneratedByUserLifespan.' + $scope.actionLifespanId]);
+        //Refresh and disable the button if attribute is empty
+        if (!$scope.actionTokenAttribute.toSeconds()) {
+            refresh();
+        }
     }, true);
 
     $scope.$watch('actionTokenAttribute', function () {