Fix issue #2917

Perform shadow user creation (NewUserAuthenticatedEvent) without authorities creation, but rely on event ExternalGroupAuthorizationEvent later. Includes: IT for testing a fix of issue #2917
cloudfoundry · Jun 7, 2024 · c565156 · c565156
1 parent 099174e
commit c565156
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/.../cloudfoundry/identity/uaa/authentication/manager/ExternalLoginAuthenticationManager.java b/.../cloudfoundry/identity/uaa/authentication/manager/ExternalLoginAuthenticationManager.java
@@ -137,7 +137,7 @@ public Authentication authenticate(Authentication request) throws Authentication
             if (!isAddNewShadowUser()) {
                 throw new AccountNotPreCreatedException("The user account must be pre-created. Please contact your system administrator.");
             }
-            publish(new NewUserAuthenticatedEvent(userFromRequest));
+            publish(new NewUserAuthenticatedEvent(userFromRequest.authorities(List.of())));
             try {
                 userFromDb = userDatabase.retrieveUserByName(userFromRequest.getUsername(), getOrigin());
             } catch (UsernameNotFoundException ex) {

diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/user/UaaUser.java b/server/src/main/java/org/cloudfoundry/identity/uaa/user/UaaUser.java
@@ -229,7 +229,7 @@ public UaaUser authorities(Collection<? extends GrantedAuthority> authorities) {
         if (!values.contains(UaaAuthority.UAA_USER)) {
             values.add(UaaAuthority.UAA_USER);
         }
-        return new UaaUser(id, username, getPassword(), email, values, givenName, familyName, created, modified, origin, externalId, verified, zoneId, salt, passwordLastModified);
+        return new UaaUser(new UaaUserPrototype(this).withAuthorities(values));
     }
 
     @Override