User cannot update profile when some invalid attribute invisible to him is present on his profile

[mposolda]

Before reporting an issue

• I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

user-profile

Describe the bug

User cannot update his profile (in "Update profile" required action or in account console) when there is some attribute, which is hidden to him (according to user-profile definition) and which has invalid value according to user-profile validation.

User should not be stucked because attribute is invisible to him and hence he should be allowed to proceed as he cannot update the attribute

Version

nightly

Expected behavior

Allow user to continue login (or update his account in account console) when there is some invisible attribute on him with invalid value (invalid value according to user profile validations)

Actual behavior

User is stucked when updating profile when there is some invisible attribute on him with invalid value (invalid value according to user profile validations)

How to Reproduce?

1. Enable user-profile feature, but don't enable yet user-profile for the realm
2. Create user john with password john
3. Add attribute foo with value abc
4. Add required action Update profile to user john
5. Enable user-profile in the realm
6. Add definition for user-profile attribute foo with length to be between 5 and 15 characters (So attribute foo on user john is invalid now according to this defined validation). Make sure that attribute is visible and editable only for administrator
7. In different browser tab, login as user john. User needs to update his profile. Attribute foo is not shown on the update-profile screen, which is correct.
8. Try to update firstName and lastname and continue login. But I cannot continue login. After confirm update-profile, server returns 200 and it returns me back to the update-profile screen with not any message displayed to the user. So user cannot continue login, which is incorrect behaviour
9. In different browser tab, login as admin console and update attribute foo on user john to have valid value like abcdef.
10. Go back to the browser tab with user login (step 8) and confirm login again. Now it works and user can continue login.

User is not able to update his attributes in account console as well when he has invalid value of some attribute, which is not visible to him.

So it is clear that the issue is caused by the fact that user john has invalid value of attribute foo on his profile. However since it is not attribute editable for him, and he did not updated it in this request, he should be allowed to login.

Anything else?

No response