Details
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
index 2314742..810f3d7 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@@ -686,7 +686,11 @@ public class UsersResource {
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
- throw new NotFoundException("User not found");
+ return Flows.errors().error("User not found", Response.Status.NOT_FOUND);
+ }
+
+ if (!user.isEnabled()) {
+ return Flows.errors().error("User is disabled", Response.Status.BAD_REQUEST);
}
if (user.getEmail() == null) {
diff --git a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
index b970471..3815317 100755
--- a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
+++ b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
@@ -816,6 +816,8 @@ public class LoginActionsService {
if (user == null) {
event.error(Errors.USER_NOT_FOUND);
+ } else if(!user.isEnabled()) {
+ event.user(user).error(Errors.USER_DISABLED);
} else {
UserSessionModel userSession = session.sessions().createUserSession(realm, user, username, clientConnection.getRemoteAddr(), "form", false);
event.session(userSession);
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
index 774d683..a5c25c8 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
@@ -222,6 +222,42 @@ public class ResetPasswordTest {
}
@Test
+ public void resetPasswordDisabledUser() throws IOException, MessagingException, InterruptedException {
+ keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
+ @Override
+ public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
+ session.users().getUserByUsername("login-test", appRealm).setEnabled(false);
+ }
+ });
+
+ try {
+ loginPage.open();
+ loginPage.resetPassword();
+
+ resetPasswordPage.assertCurrent();
+
+ resetPasswordPage.changePassword("login-test");
+
+ resetPasswordPage.assertCurrent();
+
+ Assert.assertEquals("You should receive an email shortly with further instructions.", resetPasswordPage.getSuccessMessage());
+
+ Thread.sleep(1000);
+
+ Assert.assertEquals(0, greenMail.getReceivedMessages().length);
+
+ events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).session((String) null).user(userId).detail(Details.USERNAME, "login-test").removeDetail(Details.CODE_ID).error("user_disabled").assertEvent();
+ } finally {
+ keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
+ @Override
+ public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
+ session.users().getUserByUsername("login-test", appRealm).setEnabled(true);
+ }
+ });
+ }
+ }
+
+ @Test
public void resetPasswordWithPasswordPolicy() throws IOException, MessagingException {
keycloakRule.update(new KeycloakRule.KeycloakSetup() {
@Override
