Before reporting an issue

• I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

admin/ui

Describe the bug

When re-enabling a due to brute-force temporarily locked user, all the user attributes and properties are being deleted, only the username remains.

Version

25.x / nightly

Regression

• The issue is a regression

Expected behavior

User will be unlocked again, all attributes and properties are preserved.

Actual behavior

User is unlocked again (expected), but all attributes and properties are deleted.

How to Reproduce?

• create a fresh realm
• create a user with default properties and some additional attributes, assign a password
• enable brute-force-protection in the realm with temporary lockout
• try to authenticate with the created user, but with invalid password, until the max login failures are reached and the user is temporarily locked, e.g. with the account console
• in admin-ui, go to the user details, user is temporarily locked
• hit the switch to unlock the user -> two change requests are being sent to the server
• reload the browser to get a new, fresh set of user data, now the email, firstname and lastname on the first page are empty and all the other attributes are also gone!

Anything else?

No response