From d55a8b0b176443a7d5f91c76ff92b48b675e3e19 Mon Sep 17 00:00:00 2001 From: Alexander Schwartz Date: Mon, 29 Apr 2024 10:44:20 +0200 Subject: [PATCH] Run validation of email addresses only for new and changed email addresses Closes #29133 Signed-off-by: Alexander Schwartz --- .../userprofile/validator/DuplicateEmailValidator.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/services/src/main/java/org/keycloak/userprofile/validator/DuplicateEmailValidator.java b/services/src/main/java/org/keycloak/userprofile/validator/DuplicateEmailValidator.java index 5b8e6cab9b..469f0404c9 100644 --- a/services/src/main/java/org/keycloak/userprofile/validator/DuplicateEmailValidator.java +++ b/services/src/main/java/org/keycloak/userprofile/validator/DuplicateEmailValidator.java @@ -18,6 +18,7 @@ package org.keycloak.userprofile.validator; import jakarta.ws.rs.core.Response; import java.util.List; +import java.util.Objects; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; @@ -62,10 +63,11 @@ public class DuplicateEmailValidator implements SimpleValidator { KeycloakSession session = context.getSession(); RealmModel realm = session.getContext().getRealm(); + UserModel user = UserProfileAttributeValidationContext.from(context).getAttributeContext().getUser(); - if (!realm.isDuplicateEmailsAllowed()) { + // Only check if duplicate email addresses are not allowed, and the user is either new or changed their email address + if (!realm.isDuplicateEmailsAllowed() && (user == null || !Objects.equals(user.getFirstAttribute(inputHint), value))) { UserModel userByEmail = session.users().getUserByEmail(realm, value); - UserModel user = UserProfileAttributeValidationContext.from(context).getAttributeContext().getUser(); // check for duplicated email if (userByEmail != null && (user == null || !userByEmail.getId().equals(user.getId()))) { context.addError(new ValidationError(ID, inputHint, Messages.EMAIL_EXISTS)