Add verify email required action for IdP email verification

Closes keycloak#26418 Signed-off-by: Lex Cao <[email protected]>
tnorimat · Jan 24, 2024 · 142c141 · 142c141
1 parent b99f45e
commit 142c141
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 0 deletions.
diff --git a/.../org/keycloak/authentication/authenticators/broker/IdpEmailVerificationAuthenticator.java b/.../org/keycloak/authentication/authenticators/broker/IdpEmailVerificationAuthenticator.java
@@ -147,6 +147,8 @@ private void sendVerifyEmail(KeycloakSession session, AuthenticationFlowContext
                     .setAttribute(EmailTemplateProvider.IDENTITY_PROVIDER_BROKER_CONTEXT, brokerContext)
                     .sendConfirmIdentityBrokerLink(link, expirationInMinutes);
 
+            authSession.addRequiredAction(UserModel.RequiredAction.VERIFY_EMAIL);
+
             event.success();
         } catch (EmailException e) {
             event.error(Errors.EMAIL_SEND_FAILED);

diff --git a/.../tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractFirstBrokerLoginTest.java b/.../tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractFirstBrokerLoginTest.java
@@ -953,6 +953,44 @@ public void testLinkAccountByEmailVerificationTwice() {
         waitForPage(driver, "your email address has been verified already.", false);
     }
 
+    @Test
+    public void testLinkAccountByEmailVerificationToEmailVerifiedUser() {
+        // set up a user with verified email
+        RealmResource realm = adminClient.realm(bc.consumerRealmName());
+
+        UserResource userResource = realm.users().get(createUser("consumer"));
+        UserRepresentation consumerUser = userResource.toRepresentation();
+
+        consumerUser.setEmail(bc.getUserEmail());
+        consumerUser.setEmailVerified(true);
+        userResource.update(consumerUser);
+        configureSMTPServer();
+
+        // begin login with idp
+        oauth.clientId("broker-app");
+        loginPage.open(bc.consumerRealmName());
+        logInWithBroker(bc);
+
+        // update account profile
+        waitForPage(driver, "update account information", false);
+        updateAccountInformationPage.assertCurrent();
+        updateAccountInformationPage.updateAccountInformation("FirstName", "LastName");
+
+        // idp confirm link
+        waitForPage(driver, "account already exists", false);
+        idpConfirmLinkPage.assertCurrent();
+        assertEquals("User with email [email protected] already exists. How do you want to continue?", idpConfirmLinkPage.getMessage());
+        idpConfirmLinkPage.clickLinkAccount();
+
+        String url = assertEmailAndGetUrl(MailServerConfiguration.FROM, USER_EMAIL,
+                "Someone wants to link your ", false);
+        driver.navigate().to(url);
+
+        assertTrue(driver.getCurrentUrl().startsWith(getConsumerRoot() + "/auth/realms/master/app/"));
+        assertTrue(adminClient.realm(bc.consumerRealmName()).users().get(consumerUser.getId()).toRepresentation().isEmailVerified());
+        assertNumFederatedIdentities(consumerUser.getId(), 1);
+    }
+
 
     /**
      * Refers to in old test suite: org.keycloak.testsuite.broker.AbstractFirstBrokerLoginTest#testLinkAccountByEmailVerificationResendEmail