From 13bb03116781ee826d5635b1babe49246a3993ee Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 3 Jan 2023 15:41:09 +0100
Subject: [PATCH] fix: [keycloak status] - handle gracefully if user not found
 in KC
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- As reported by Matúš Mikuláš, Adam Gajdošík, Milan Pikula of SK-CERT
---
 src/Model/Behavior/AuthKeycloakBehavior.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/Model/Behavior/AuthKeycloakBehavior.php b/src/Model/Behavior/AuthKeycloakBehavior.php
index 89a5ece..04d52c2 100644
--- a/src/Model/Behavior/AuthKeycloakBehavior.php
+++ b/src/Model/Behavior/AuthKeycloakBehavior.php
@@ -455,7 +455,17 @@ class AuthKeycloakBehavior extends Behavior
             $user['meta_fields'] = $temp;
             $differences = [];
             $keycloakUser = $keycloakUsersParsed[$username] ?? [];
-            $requireUpdate = $this->checkKeycloakUserRequiresUpdate($keycloakUser, $user, $differences);
+            if (empty($keycloakUser)) {
+                $requireUpdate = true;
+                $differences = [
+                    'user' => [
+                        'keycloak' => 'USER NOT FOUND',
+                        'cerebrate' => $user['username']
+                    ]
+                ];
+            } else {
+                $requireUpdate = $this->checkKeycloakUserRequiresUpdate($keycloakUser, $user, $differences);
+            }
             $status[$user['id']] = [
                 'require_update' => $requireUpdate,
                 'differences' => $differences,