12454 allowed creating users with a given ID

Signed-off-by: Sebastian Schuster <[email protected]>

model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java

@@ -139,7 +139,11 @@ public UserModel addUser(RealmModel realm, String id, String username, boolean a
 
     @Override
     public UserModel addUser(RealmModel realm, String username) {
-        return addUser(realm, KeycloakModelUtils.generateId(), username.toLowerCase(), true, true);
+        String id = (String)session.getAttribute(UserModel.CREATE_ID_OVERRIDE);
+        if (id == null) {
+            id = KeycloakModelUtils.generateId();
+        }
+        return addUser(realm, id, username.toLowerCase(), true, true);
     }
 
     @Override

server-spi/src/main/java/org/keycloak/models/UserModel.java

@@ -45,6 +45,7 @@ public interface UserModel extends RoleMapperModel {
     String INCLUDE_SERVICE_ACCOUNT = "keycloak.session.realm.users.query.include_service_account";
     String GROUPS = "keycloak.session.realm.users.query.groups";
     String SEARCH = "keycloak.session.realm.users.query.search";
+    String CREATE_ID_OVERRIDE = "keycloak.session.realm.users.create.id";
     String EXACT = "keycloak.session.realm.users.query.exact";
     String DISABLED_REASON = "disabledReason";
 

services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java

@@ -148,6 +148,10 @@ public Response createUser(final UserRepresentation rep) {
                 return response;
             }
 
+            if (rep.getId() != null) {
+                session.setAttribute(UserModel.CREATE_ID_OVERRIDE, rep.getId());
+            }
+
             UserModel user = profile.create();
 
             UserResource.updateUserFromRep(profile, user, rep, session, false);
@@ -159,7 +163,7 @@ public Response createUser(final UserRepresentation rep) {
 
             return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(user.getId()).build()).build();
         } catch (ModelDuplicateException e) {
-            throw ErrorResponse.exists("User exists with same username or email");
+            throw ErrorResponse.exists("User exists with same username or email or id");
         } catch (PasswordPolicyNotMetException e) {
             logger.warn("Password policy not met for user " + e.getUsername(), e);
             Properties messages = AdminRoot.getMessages(session, realm, auth.adminAuth().getToken().getLocale());

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java

@@ -269,6 +269,21 @@ public void verifyCreateUser() {
         createUser();
     }
 
+    @Test
+    public void createUserWithId() {
+        String id = "01234567-89ab-cdef-0123-456789abcdef";
+        UserRepresentation user = createUserRepresentation(id,"user_with_id", null, null, null, null, true);
+        String createdId = createUser(user);
+        Assert.assertEquals(id, createdId);
+        user.setUsername("user2_with_id");
+        try (Response response = realm.users().create(user)) {
+            assertEquals(409, response.getStatus());
+            assertAdminEvents.assertEmpty();
+            ErrorRepresentation error = response.readEntity(ErrorRepresentation.class);
+            Assert.assertEquals("User exists with same username or email or id", error.getErrorMessage());
+        }
+    }
+
     /**
      * See KEYCLOAK-11003
      */
@@ -389,7 +404,7 @@ public void createDuplicateEmailWithExistingDuplicates() {
         try (Response response = realm.users().create(user)) {
             assertEquals(409, response.getStatus());
             ErrorRepresentation error = response.readEntity(ErrorRepresentation.class);
-            Assert.assertEquals("User exists with same username or email", error.getErrorMessage());
+            Assert.assertEquals("User exists with same username or email or id", error.getErrorMessage());
             assertAdminEvents.assertEmpty();
         }
     }