Update Email Action does not properly update username if username=email is active

[sonOfRa]

Before reporting an issue

• I have searched existing issues
• I have reproduced the issue with the latest release

Area

user-profile

Describe the bug

When a realm has the username=email flag active, and a user has to complete the update-email action, their username is not updated.

The user is then able to log in with both their old email as well as their new email.

Whether or not the realm has the "Verify Email" flag active does not impact this behaviour.

Version

20.0.3

Expected behavior

The user's username should also be set to their newly set email address.

Actual behavior

The user's username remains as the old email, which allows them to still log in with the old email, as well as disallowing new users to be created with that email address.

How to Reproduce?

1. Launch Keycloak 20.0.3 with features=update-email
2. Create a new realm
   2.1 Enable Email as username
   2.2 Enable Login with email
   2.3 Enable Edit username
   2.4 Enable the Update Email Required Action
3. Create a new user
   3.1 Set a password for the user
   3.2 Set the "update email" action for the user
4. Login to the account console as that user
5. Enter a new email address for the user
6. Observe that the email is changed, but the username is not

Anything else?

In the admin console, it is now visible that the user has their old email as a username, but the new email as an email. When the user is then saved (for example by going to the Attributes Tab, and pressing "Save" without changing any attributes), the user's username will actually be overwritten by the newly set email.

[sonOfRa]

This is actually fixed by #15583. For some reason I thought this was included in 20.0.3, so I opened it as a new issue. Cherry-picking the change from the editUsernameCondition method makes the update email action work as expected.