Skip to content

Emit explicit DISABLE/ENABLE events on user enabled-flag transitions (#48855) #48856

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
thomasdarimont wants to merge 1 commit into
base: main
Choose a base branch
from
+93 −1
Open

Emit explicit DISABLE/ENABLE events on user enabled-flag transitions (#48855) #48856

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions server-spi-private/src/main/java/org/keycloak/events/EventType.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,11 @@ public enum EventType implements EnumWithStableIndex {

JWT_AUTHORIZATION_GRANT(70, true),
JWT_AUTHORIZATION_GRANT_ERROR(0x10000 + JWT_AUTHORIZATION_GRANT.getStableIndex(), true),

USER_DISABLED(71, true),
USER_DISABLED_ERROR(0x10000 + USER_DISABLED.getStableIndex(), false),
USER_ENABLED(72, true),
USER_ENABLED_ERROR(0x10000 + USER_ENABLED.getStableIndex(), false),
;

private final int stableIndex;
Expand Down
4 changes: 3 additions & 1 deletion server-spi-private/src/main/java/org/keycloak/events/admin/OperationType.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,9 @@ public enum OperationType implements EnumWithStableIndex {
CREATE(0),
UPDATE(1),
DELETE(2),
ACTION(3);
ACTION(3),
DISABLE(4),
ENABLE(5);

private final int stableIndex;
private static final Map<Integer, OperationType> BY_ID = EnumWithStableIndex.getReverseIndex(values());
Expand Down
11 changes: 11 additions & 0 deletions services/src/main/java/org/keycloak/services/resources/admin/UserResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,8 @@ public Response updateUser(final UserRepresentation rep) {
auth.users().requireManage(user);
try {

boolean previousEnabled = user.isEnabled();

boolean wasPermanentlyLockedOut = false;
if (rep.isEnabled() != null && rep.isEnabled()) {
if (!user.isEnabled() || session.getProvider(BruteForceProtector.class).isTemporarilyDisabled(session, realm, user)) {
Expand Down Expand Up @@ -240,6 +242,15 @@ public Response updateUser(final UserRepresentation rep) {

adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(rep).success();

if (rep.isEnabled() != null && rep.isEnabled() != previousEnabled) {
OperationType transition = user.isEnabled() ? OperationType.ENABLE : OperationType.DISABLE;
adminEvent.clone(session)
.operation(transition)
.resourcePath(session.getContext().getUri())
.representation(rep)
.success();
}

if (session.getTransactionManager().isActive()) {
session.getTransactionManager().commit();
}
Expand Down
74 changes: 74 additions & 0 deletions tests/base/src/test/java/org/keycloak/tests/admin/user/UserUpdateTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -335,6 +335,80 @@ public void testAccessUserFromOtherRealm() {
}
}

@Test
public void updateUserDisableEmitsDisableEvent() {
String id = createUser();

UserResource user = managedRealm.admin().users().get(id);
UserRepresentation rep = new UserRepresentation();
rep.setEnabled(false);

user.update(rep);

AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.UPDATE,
AdminEventPaths.userResourcePath(id), rep, ResourceType.USER);
AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.DISABLE,
AdminEventPaths.userResourcePath(id), rep, ResourceType.USER);
Assertions.assertNull(adminEvents.poll());

assertFalse(managedRealm.admin().users().get(id).toRepresentation().isEnabled());
}

@Test
public void updateUserEnableEmitsEnableEvent() {
String id = createUser();
UserResource user = managedRealm.admin().users().get(id);

UserRepresentation disable = new UserRepresentation();
disable.setEnabled(false);
user.update(disable);
// drain UPDATE + DISABLE from the prior call
adminEvents.poll();
adminEvents.poll();

UserRepresentation enable = new UserRepresentation();
enable.setEnabled(true);
user.update(enable);

AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.UPDATE,
AdminEventPaths.userResourcePath(id), enable, ResourceType.USER);
AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.ENABLE,
AdminEventPaths.userResourcePath(id), enable, ResourceType.USER);
Assertions.assertNull(adminEvents.poll());

assertTrue(managedRealm.admin().users().get(id).toRepresentation().isEnabled());
}

@Test
public void updateUserNonEnabledChangeEmitsNoTransitionEvent() {
String id = createUser();
UserResource user = managedRealm.admin().users().get(id);

UserRepresentation rep = new UserRepresentation();
rep.setFirstName("Updated");

user.update(rep);

AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.UPDATE,
AdminEventPaths.userResourcePath(id), rep, ResourceType.USER);
Assertions.assertNull(adminEvents.poll());
}

@Test
public void updateUserSameEnabledStateEmitsNoTransitionEvent() {
String id = createUser();
UserResource user = managedRealm.admin().users().get(id);

UserRepresentation rep = new UserRepresentation();
rep.setEnabled(true); // user is already enabled

user.update(rep);

AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.UPDATE,
AdminEventPaths.userResourcePath(id), rep, ResourceType.USER);
Assertions.assertNull(adminEvents.poll());
}

private void enableBruteForce(boolean enable) {
RealmRepresentation rep = managedRealm.admin().toRepresentation();
managedRealm.cleanup().add(r -> r.update(rep));
Expand Down
Loading