Cannot set unmanagedAttributePolicy without profile attributes

Closes #31153 Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-17 11:25:56 +02:00 · 2024-07-17 11:25:56 +02:00 · e5848bdcf9
commit e5848bdcf9
parent 5526976d1c
4 changed files with 45 additions and 14 deletions
--- a/services/src/main/java/org/keycloak/userprofile/DeclarativeUserProfileProvider.java
+++ b/services/src/main/java/org/keycloak/userprofile/DeclarativeUserProfileProvider.java
@ -248,7 +248,7 @@ public class DeclarativeUserProfileProvider implements UserProfileProvider {
    protected UserProfileMetadata decorateUserProfileForCache(UserProfileMetadata decoratedMetadata, UPConfig parsedConfig) {
        UserProfileContext context = decoratedMetadata.getContext();

-        if (parsedConfig == null) {
+        if (parsedConfig == null || parsedConfig.getAttributes() == null) {
            return decoratedMetadata;
        }

--- a/services/src/main/java/org/keycloak/userprofile/config/UPConfigUtils.java
+++ b/services/src/main/java/org/keycloak/userprofile/config/UPConfigUtils.java
@ -133,8 +133,6 @@ public class UPConfigUtils {
            Set<String> attNamesCache = new HashSet<>();
            config.getAttributes().forEach((attribute) -> validateAttribute(session, attribute, groups, errors, attNamesCache));
            errors.addAll(validateRootAttributes(config));
-        } else {
-            errors.add("UserProfile configuration without 'attributes' section is not allowed");
        }

        return errors;
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/user/profile/UserProfileTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/user/profile/UserProfileTest.java
@ -1315,6 +1315,39 @@ public class UserProfileTest extends AbstractUserProfileTest {
        profile.validate();
    }

+    @Test
+    public void testNullAttributesInConfig() {
+        getTestingClient().server(TEST_REALM_NAME).run((RunOnServer) UserProfileTest::testNullAttributesInConfig);
+    }
+
+    private static void testNullAttributesInConfig(KeycloakSession session) {
+        UserProfileProvider provider = getUserProfileProvider(session);
+        UPConfig config = UPConfigUtils.parseSystemDefaultConfig();
+        config.setAttributes(null);
+        config.setUnmanagedAttributePolicy(UnmanagedAttributePolicy.ENABLED);
+
+        provider.setConfiguration(config);
+
+        Map<String, Object> attributes = new HashMap<>();
+
+        attributes.put(UserModel.USERNAME, "user");
+        attributes.put(UserModel.FIRST_NAME, "John");
+        attributes.put(UserModel.LAST_NAME, "Doe");
+        attributes.put(UserModel.EMAIL, org.keycloak.models.utils.KeycloakModelUtils.generateId() + "@keycloak.org");
+
+        UserProfile profile = provider.create(UserProfileContext.USER_API, attributes);
+
+        profile.validate();
+
+        config.setAttributes(Collections.emptyList());
+        try {
+            provider.setConfiguration(config);
+            Assert.fail("Expected to fail as we are trying to remove required attributes email and username");
+        } catch (ComponentValidationException cve) {
+            //ignore
+        }
+    }
+
    @Test
    public void testCustomAttributeOptional() {
        getTestingClient().server(TEST_REALM_NAME).run((RunOnServer) UserProfileTest::testCustomAttributeOptional);