<div dir="ltr"><div><div><div><div>We're using 1.2.0.Final, and we're running our tests on a separate realm as our master realm is reserved for admin tasks only. Not sure if the behavior changes from master to other realms. <br><br></div>In 1.2.0.Final version, both new and existing users have to verify their emails once the feature is turned on. Maybe it's broken in the newer version.<br><br></div>Stian, will the ticket created by you (KEYCLOAK-1696) capture the initial bug mentioned by me as well? Or do I have to report a separate ticket for that?<br><br><br></div>Thanks,<br></div>Lohitha. <br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jul 24, 2015 at 7:47 PM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">The test only checks if new users have to verify email, not that existing users have to verify email. Added <a href="https://issues.jboss.org/browse/KEYCLOAK-1696" rel="noreferrer" target="_blank">https://issues.jboss.org/browse/KEYCLOAK-1696</a><br>
<span class="im HOEnZb"><br>
----- Original Message -----<br>
> From: "Stian Thorgersen" <<a href="mailto:stian@redhat.com">stian@redhat.com</a>><br>
> To: "Bill Burke" <<a href="mailto:bburke@redhat.com">bburke@redhat.com</a>><br>
</span><div class="HOEnZb"><div class="h5">> Cc: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> Sent: Friday, 24 July, 2015 4:10:44 PM<br>
> Subject: Re: [keycloak-user] Users able to retrieve a valid Access Token despite not verifying their email<br>
><br>
> Was just looking at it and can't find anything that would check it, but<br>
> RequiredActionEmailVerificationTest which is supposed to test it is passing<br>
><br>
> ----- Original Message -----<br>
> > From: "Bill Burke" <<a href="mailto:bburke@redhat.com">bburke@redhat.com</a>><br>
> > To: "Stian Thorgersen" <<a href="mailto:stian@redhat.com">stian@redhat.com</a>><br>
> > Cc: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> > Sent: Friday, 24 July, 2015 4:08:06 PM<br>
> > Subject: Re: [keycloak-user] Users able to retrieve a valid Access Token<br>
> > despite not verifying their email<br>
> ><br>
> ><br>
> ><br>
> > On 7/24/2015 9:59 AM, Stian Thorgersen wrote:<br>
> > ><br>
> > ><br>
> > > ----- Original Message -----<br>
> > >> From: "Bill Burke" <<a href="mailto:bburke@redhat.com">bburke@redhat.com</a>><br>
> > >> To: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> > >> Sent: Friday, 24 July, 2015 3:41:51 PM<br>
> > >> Subject: Re: [keycloak-user] Users able to retrieve a valid Access Token<br>
> > >> despite not verifying their email<br>
> > >><br>
> > >> So, setting a verify email required action allows you to replicate the<br>
> > >> problem?<br>
> > >><br>
> > >> What version of Keycloak are you using? Just looking at the code from<br>
> > >> 1.3 and master we don't allow the creation of a token if a required<br>
> > >> action is active.<br>
> > ><br>
> > > The problem is that when a user logs in we check if verify email is<br>
> > > required by the realm, if it is and user hasn't verified email we add the<br>
> > > required action. We don't do this check in the direct grants api.<br>
> > ><br>
> ><br>
> > This check might be gone entirely now.<br>
> ><br>
> > --<br>
> > Bill Burke<br>
> > JBoss, a division of Red Hat<br>
> > <a href="http://bill.burkecentral.com" rel="noreferrer" target="_blank">http://bill.burkecentral.com</a><br>
> ><br>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</div></div></blockquote></div><br></div>