libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Merge pull request #1406 from patriot1burke/master

Browse source 
refactor registration and console pages
This commit is contained in:
Bill Burke 2015-06-19 18:06:12 -04:00
commit 114b687c5c
17 changed files with 1813 additions and 1858 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.4.0.xml
View file

@ -9,7 +9,7 @@
<delete tableName="USER_SESSION"/> <delete tableName="USER_SESSION"/>
<addColumn tableName="CLIENT_SESSION"> <addColumn tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" type="VARCHAR(36)"> <column name="CURRENT_ACTION" type="VARCHAR(36)">
<constraints nullable="false"/> <constraints nullable="true"/>
</column> </column>
</addColumn> </addColumn>
<!-- OAUTH_GRANT, <!-- OAUTH_GRANT,

18
forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js
View file

@ -273,15 +273,6 @@ module.config([ '$routeProvider', function($routeProvider) {
}, },
controller : 'RealmDefaultRolesCtrl' controller : 'RealmDefaultRolesCtrl'
}) })
.when('/realms/:realm/required-credentials', {
templateUrl : resourceUrl + '/partials/realm-credentials.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
}
},
controller : 'RealmRequiredCredentialsCtrl'
})
.when('/realms/:realm/smtp-settings', { .when('/realms/:realm/smtp-settings', {
templateUrl : resourceUrl + '/partials/realm-smtp.html', templateUrl : resourceUrl + '/partials/realm-smtp.html',
resolve : { resolve : {
@ -1063,6 +1054,15 @@ module.config([ '$routeProvider', function($routeProvider) {
}, },
controller : 'RequiredActionsCtrl' controller : 'RequiredActionsCtrl'
}) })
.when('/realms/:realm/authentication/password-policy', {
templateUrl : resourceUrl + '/partials/password-policy.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
}
},
controller : 'RealmPasswordPolicyCtrl'
})
.when('/server-info', { .when('/server-info', {
templateUrl : resourceUrl + '/partials/server-info.html' templateUrl : resourceUrl + '/partials/server-info.html'
}) })

12
forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
View file

@ -371,8 +371,8 @@ module.controller('RealmCacheCtrl', function($scope, Current, Realm, realm, serv
genericRealmUpdate($scope, Current, Realm, realm, serverInfo, $http, $location, Dialog, Notifications, "/realms/" + realm.realm + "/cache-settings"); genericRealmUpdate($scope, Current, Realm, realm, serverInfo, $http, $location, Dialog, Notifications, "/realms/" + realm.realm + "/cache-settings");
}); });
module.controller('RealmRequiredCredentialsCtrl', function($scope, Realm, realm, $http, $location, Dialog, Notifications, PasswordPolicy) { module.controller('RealmPasswordPolicyCtrl', function($scope, Realm, realm, $http, $location, Dialog, Notifications, PasswordPolicy) {
console.log('RealmRequiredCredentialsCtrl'); console.log('RealmPasswordPolicyCtrl');
$scope.realm = realm; $scope.realm = realm;
@ -395,12 +395,6 @@ module.controller('RealmRequiredCredentialsCtrl', function($scope, Realm, realm,
$scope.policy.splice(index, 1); $scope.policy.splice(index, 1);
} }
$scope.userCredentialOptions = {
'multiple' : true,
'simple_tags' : true,
'tags' : ['password', 'totp', 'cert', 'kerberos']
};
$scope.changed = false; $scope.changed = false;
$scope.$watch('realm', function() { $scope.$watch('realm', function() {
@ -420,7 +414,7 @@ module.controller('RealmRequiredCredentialsCtrl', function($scope, Realm, realm,
$scope.changed = false; $scope.changed = false;
Realm.update($scope.realm, function () { Realm.update($scope.realm, function () {
$location.url("/realms/" + realm.realm + "/required-credentials"); $location.url("/realms/" + realm.realm + "/authentication/password-policy");
Notifications.success("Your changes have been saved to the realm."); Notifications.success("Your changes have been saved to the realm.");
oldCopy = angular.copy($scope.realm); oldCopy = angular.copy($scope.realm);
oldPolicy = angular.copy($scope.policy); oldPolicy = angular.copy($scope.policy);

14
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-credentials.html → forms/common-themes/src/main/resources/theme/base/admin/resources/partials/password-policy.html
View file

@ -1,19 +1,9 @@
<div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2"> <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
<h1>Settings</h1> <h1>Authentication</h1>
<kc-tabs-realm></kc-tabs-realm> <kc-tabs-authentication></kc-tabs-authentication>
<form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageRealm"> <form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageRealm">
<fieldset class="border-top">
<legend><span class="text">Realm Credentials Settings</span> <kc-tooltip>Credential types required for every user. Changing this value may require the user to configure any new credentials the next time they log in.</kc-tooltip></legend>
<div class="form-group">
<label class="col-md-2 control-label" for="user" class="control-label two-lines">Required User Credentials</label>
<div class="col-md-6">
<input id="user" type="text" ui-select2="userCredentialOptions" ng-model="realm.requiredCredentials" placeholder="Type a role and enter">
</div>
</div>
</fieldset>
<fieldset class="border-top"> <fieldset class="border-top">
<legend><span class="text">Realm Password Policy</span> <kc-tooltip>Specify required password format. You can also set how many times a password is hashed before it is stored in database. Multiple Regex patterns, separated by comma, can be added.</kc-tooltip></legend> <legend><span class="text">Realm Password Policy</span> <kc-tooltip>Specify required password format. You can also set how many times a password is hashed before it is stored in database. Multiple Regex patterns, separated by comma, can be added.</kc-tooltip></legend>
<table class="table table-striped table-bordered"> <table class="table table-striped table-bordered">

1
forms/common-themes/src/main/resources/theme/base/admin/resources/templates/kc-tabs-authentication.html
View file

@ -1,4 +1,5 @@
<ul class="nav nav-tabs"> <ul class="nav nav-tabs">
<li ng-class="{active: path[3] == 'flows'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/authentication/flows">Authenticators</a></li> <li ng-class="{active: path[3] == 'flows'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/authentication/flows">Authenticators</a></li>
<li ng-class="{active: path[3] == 'required-actions'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/authentication/required-actions">Required Actions</a></li> <li ng-class="{active: path[3] == 'required-actions'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/authentication/required-actions">Required Actions</a></li>
<li ng-class="{active: path[3] == 'password-policy'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/authentication/password-policy">Password Policy</a></li>
</ul> </ul>

1
forms/common-themes/src/main/resources/theme/base/admin/resources/templates/kc-tabs-realm.html Normal file → Executable file
View file

@ -1,7 +1,6 @@
<ul class="nav nav-tabs"> <ul class="nav nav-tabs">
<li ng-class="{active: !path[2]}"><a href="#/realms/{{realm.realm}}">General</a></li> <li ng-class="{active: !path[2]}"><a href="#/realms/{{realm.realm}}">General</a></li>
<li ng-class="{active: path[2] == 'login-settings'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/login-settings">Login</a></li> <li ng-class="{active: path[2] == 'login-settings'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/login-settings">Login</a></li>
<li ng-class="{active: path[2] == 'required-credentials'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/required-credentials">Credentials</a></li>
<li ng-class="{active: path[2] == 'keys-settings'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li> <li ng-class="{active: path[2] == 'keys-settings'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li>
<li ng-class="{active: path[2] == 'smtp-settings'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/smtp-settings">Email</a></li> <li ng-class="{active: path[2] == 'smtp-settings'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/smtp-settings">Email</a></li>
<li ng-class="{active: path[2] == 'theme-settings'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/theme-settings">Themes</a></li> <li ng-class="{active: path[2] == 'theme-settings'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/theme-settings">Themes</a></li>

9
services/src/main/java/org/keycloak/authentication/authenticators/UsernamePasswordForm.java
View file

@ -41,15 +41,16 @@ public class UsernamePasswordForm extends AbstractFormAuthenticator implements A
context.forceChallenge(response); context.forceChallenge(response);
return; return;
} }
if (!validateUser(context, formData)) { if (!validateForm(context, formData)) {
return;
}
if (!validatePassword(context, formData)) {
return; return;
} }
context.success(); context.success();
} }
protected boolean validateForm(AuthenticatorContext context, MultivaluedMap<String, String> formData) {
return validateUser(context, formData) && validatePassword(context, formData);
}
@Override @Override
public void authenticate(AuthenticatorContext context) { public void authenticate(AuthenticatorContext context) {
if (REGISTRATION_FORM_ACTION.equals(context.getAction()) && context.getUser() != null) { if (REGISTRATION_FORM_ACTION.equals(context.getAction()) && context.getUser() != null) {

40
services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
View file

@ -358,37 +358,24 @@ public class LoginActionsService {
@POST @POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED) @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public Response processRegister(@QueryParam("code") String code) { public Response processRegister(@QueryParam("code") String code) {
MultivaluedMap<String, String> formData = request.getDecodedFormParameters();
event.event(EventType.REGISTER); event.event(EventType.REGISTER);
if (!checkSsl()) { Checks checks = new Checks();
event.error(Errors.SSL_REQUIRED); if (!checks.check(code, ClientSessionModel.Action.AUTHENTICATE.name())) {
return ErrorPage.error(session, Messages.HTTPS_REQUIRED); return checks.response;
}
if (!realm.isEnabled()) {
event.error(Errors.REALM_DISABLED);
return ErrorPage.error(session, Messages.REALM_NOT_ENABLED);
} }
if (!realm.isRegistrationAllowed()) { if (!realm.isRegistrationAllowed()) {
event.error(Errors.REGISTRATION_DISABLED); event.error(Errors.REGISTRATION_DISABLED);
return ErrorPage.error(session, Messages.REGISTRATION_NOT_ALLOWED); return ErrorPage.error(session, Messages.REGISTRATION_NOT_ALLOWED);
} }
ClientSessionCode clientCode = ClientSessionCode.parse(code, session, realm);
if (clientCode == null) {
event.error(Errors.INVALID_CODE);
return ErrorPage.error(session, Messages.INVALID_CODE);
}
if (!clientCode.isValid(ClientSessionModel.Action.AUTHENTICATE.name())) {
event.error(Errors.INVALID_CODE);
return ErrorPage.error(session, Messages.INVALID_CODE);
}
MultivaluedMap<String, String> formData = request.getDecodedFormParameters();
String username = formData.getFirst(Validation.FIELD_USERNAME); String username = formData.getFirst(Validation.FIELD_USERNAME);
String email = formData.getFirst(Validation.FIELD_EMAIL); String email = formData.getFirst(Validation.FIELD_EMAIL);
if (realm.isRegistrationEmailAsUsername()) { if (realm.isRegistrationEmailAsUsername()) {
username = email; username = email;
formData.putSingle(AuthenticationManager.FORM_USERNAME, username); formData.putSingle(AuthenticationManager.FORM_USERNAME, username);
} }
ClientSessionCode clientCode = checks.clientCode;
ClientSessionModel clientSession = clientCode.getClientSession(); ClientSessionModel clientSession = clientCode.getClientSession();
event.client(clientSession.getClient()) event.client(clientSession.getClient())
.detail(Details.REDIRECT_URI, clientSession.getRedirectUri()) .detail(Details.REDIRECT_URI, clientSession.getRedirectUri())
@ -397,23 +384,6 @@ public class LoginActionsService {
.detail(Details.EMAIL, email) .detail(Details.EMAIL, email)
.detail(Details.REGISTER_METHOD, "form"); .detail(Details.REGISTER_METHOD, "form");
if (!realm.isEnabled()) {
event.error(Errors.REALM_DISABLED);
return ErrorPage.error(session, Messages.REALM_NOT_ENABLED);
}
ClientModel client = clientSession.getClient();
if (client == null) {
event.error(Errors.CLIENT_NOT_FOUND);
return ErrorPage.error(session, Messages.UNKNOWN_LOGIN_REQUESTER);
}
if (!client.isEnabled()) {
event.error(Errors.CLIENT_DISABLED);
return ErrorPage.error(session, Messages.LOGIN_REQUESTER_NOT_ENABLED);
}
session.getContext().setClient(client);
List<String> requiredCredentialTypes = new LinkedList<>(); List<String> requiredCredentialTypes = new LinkedList<>();
boolean passwordRequired = isPasswordRequired(); boolean passwordRequired = isPasswordRequired();
if (passwordRequired) { if (passwordRequired) {