Merge pull request #4676 from abstractj/KEYCLOAK-2052
[KEYCLOAK-2052] Allows independently set timeouts for e-mail verification link and rest e.g. forgot password link
This commit is contained in:
commit
1412fed265
20 changed files with 695 additions and 59 deletions
|
@ -454,6 +454,12 @@ public class RealmAdapter implements CachedRealmModel {
|
||||||
updated.setAccessCodeLifespanUserAction(seconds);
|
updated.setAccessCodeLifespanUserAction(seconds);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Map<String, Integer> getUserActionTokenLifespans() {
|
||||||
|
if (isUpdated()) return updated.getUserActionTokenLifespans();
|
||||||
|
return cached.getUserActionTokenLifespans();
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public int getAccessCodeLifespanLogin() {
|
public int getAccessCodeLifespanLogin() {
|
||||||
if (isUpdated()) return updated.getAccessCodeLifespanLogin();
|
if (isUpdated()) return updated.getAccessCodeLifespanLogin();
|
||||||
|
@ -490,6 +496,20 @@ public class RealmAdapter implements CachedRealmModel {
|
||||||
updated.setActionTokenGeneratedByUserLifespan(seconds);
|
updated.setActionTokenGeneratedByUserLifespan(seconds);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public int getActionTokenGeneratedByUserLifespan(String actionTokenId) {
|
||||||
|
if (isUpdated()) return updated.getActionTokenGeneratedByUserLifespan(actionTokenId);
|
||||||
|
return cached.getActionTokenGeneratedByUserLifespan(actionTokenId);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void setActionTokenGeneratedByUserLifespan(String actionTokenId, Integer seconds) {
|
||||||
|
if (seconds != null) {
|
||||||
|
getDelegateForUpdate();
|
||||||
|
updated.setActionTokenGeneratedByUserLifespan(actionTokenId, seconds);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<RequiredCredentialModel> getRequiredCredentials() {
|
public List<RequiredCredentialModel> getRequiredCredentials() {
|
||||||
if (isUpdated()) return updated.getRequiredCredentials();
|
if (isUpdated()) return updated.getRequiredCredentials();
|
||||||
|
|
|
@ -143,6 +143,8 @@ public class CachedRealm extends AbstractExtendableRevisioned {
|
||||||
|
|
||||||
protected Map<String, String> attributes;
|
protected Map<String, String> attributes;
|
||||||
|
|
||||||
|
private Map<String, Integer> userActionTokenLifespans;
|
||||||
|
|
||||||
public CachedRealm(Long revision, RealmModel model) {
|
public CachedRealm(Long revision, RealmModel model) {
|
||||||
super(revision, model.getId());
|
super(revision, model.getId());
|
||||||
name = model.getName();
|
name = model.getName();
|
||||||
|
@ -192,6 +194,7 @@ public class CachedRealm extends AbstractExtendableRevisioned {
|
||||||
emailTheme = model.getEmailTheme();
|
emailTheme = model.getEmailTheme();
|
||||||
|
|
||||||
requiredCredentials = model.getRequiredCredentials();
|
requiredCredentials = model.getRequiredCredentials();
|
||||||
|
userActionTokenLifespans = Collections.unmodifiableMap(new HashMap<>(model.getUserActionTokenLifespans()));
|
||||||
|
|
||||||
this.identityProviders = new ArrayList<>();
|
this.identityProviders = new ArrayList<>();
|
||||||
|
|
||||||
|
@ -407,6 +410,11 @@ public class CachedRealm extends AbstractExtendableRevisioned {
|
||||||
public int getAccessCodeLifespanUserAction() {
|
public int getAccessCodeLifespanUserAction() {
|
||||||
return accessCodeLifespanUserAction;
|
return accessCodeLifespanUserAction;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public Map<String, Integer> getUserActionTokenLifespans() {
|
||||||
|
return userActionTokenLifespans;
|
||||||
|
}
|
||||||
|
|
||||||
public int getAccessCodeLifespanLogin() {
|
public int getAccessCodeLifespanLogin() {
|
||||||
return accessCodeLifespanLogin;
|
return accessCodeLifespanLogin;
|
||||||
}
|
}
|
||||||
|
@ -419,6 +427,18 @@ public class CachedRealm extends AbstractExtendableRevisioned {
|
||||||
return actionTokenGeneratedByUserLifespan;
|
return actionTokenGeneratedByUserLifespan;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method is supposed to return user lifespan based on the action token ID
|
||||||
|
* provided. If nothing is provided, it will return the default lifespan.
|
||||||
|
* @param actionTokenId
|
||||||
|
* @return lifespan
|
||||||
|
*/
|
||||||
|
public int getActionTokenGeneratedByUserLifespan(String actionTokenId) {
|
||||||
|
if (actionTokenId == null || this.userActionTokenLifespans.get(actionTokenId) == null)
|
||||||
|
return getActionTokenGeneratedByUserLifespan();
|
||||||
|
return this.userActionTokenLifespans.get(actionTokenId);
|
||||||
|
}
|
||||||
|
|
||||||
public List<RequiredCredentialModel> getRequiredCredentials() {
|
public List<RequiredCredentialModel> getRequiredCredentials() {
|
||||||
return requiredCredentials;
|
return requiredCredentials;
|
||||||
}
|
}
|
||||||
|
@ -609,5 +629,4 @@ public class CachedRealm extends AbstractExtendableRevisioned {
|
||||||
public Map<String, String> getAttributes() {
|
public Map<String, String> getAttributes() {
|
||||||
return attributes;
|
return attributes;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -473,6 +473,19 @@ public class RealmAdapter implements RealmModel, JpaModel<RealmEntity> {
|
||||||
em.flush();
|
em.flush();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Map<String, Integer> getUserActionTokenLifespans() {
|
||||||
|
|
||||||
|
Map<String, Integer> userActionTokens = new HashMap<>();
|
||||||
|
|
||||||
|
getAttributes().entrySet().stream()
|
||||||
|
.filter(Objects::nonNull)
|
||||||
|
.filter(entry -> entry.getKey().startsWith(RealmAttributes.ACTION_TOKEN_GENERATED_BY_USER_LIFESPAN + "."))
|
||||||
|
.forEach(entry -> userActionTokens.put(entry.getKey().substring(RealmAttributes.ACTION_TOKEN_GENERATED_BY_USER_LIFESPAN.length() + 1), Integer.valueOf(entry.getValue())));
|
||||||
|
|
||||||
|
return Collections.unmodifiableMap(userActionTokens);
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public int getAccessCodeLifespanLogin() {
|
public int getAccessCodeLifespanLogin() {
|
||||||
return realm.getAccessCodeLifespanLogin();
|
return realm.getAccessCodeLifespanLogin();
|
||||||
|
@ -504,6 +517,17 @@ public class RealmAdapter implements RealmModel, JpaModel<RealmEntity> {
|
||||||
setAttribute(RealmAttributes.ACTION_TOKEN_GENERATED_BY_USER_LIFESPAN, actionTokenGeneratedByUserLifespan);
|
setAttribute(RealmAttributes.ACTION_TOKEN_GENERATED_BY_USER_LIFESPAN, actionTokenGeneratedByUserLifespan);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public int getActionTokenGeneratedByUserLifespan(String actionTokenId) {
|
||||||
|
return getAttribute(RealmAttributes.ACTION_TOKEN_GENERATED_BY_USER_LIFESPAN + "." + actionTokenId, getAccessCodeLifespanUserAction());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void setActionTokenGeneratedByUserLifespan(String actionTokenId, Integer actionTokenGeneratedByUserLifespan) {
|
||||||
|
if (actionTokenGeneratedByUserLifespan != null)
|
||||||
|
setAttribute(RealmAttributes.ACTION_TOKEN_GENERATED_BY_USER_LIFESPAN + "." + actionTokenId, actionTokenGeneratedByUserLifespan);
|
||||||
|
}
|
||||||
|
|
||||||
protected RequiredCredentialModel initRequiredCredentialModel(String type) {
|
protected RequiredCredentialModel initRequiredCredentialModel(String type) {
|
||||||
RequiredCredentialModel model = RequiredCredentialModel.BUILT_IN.get(type);
|
RequiredCredentialModel model = RequiredCredentialModel.BUILT_IN.get(type);
|
||||||
if (model == null) {
|
if (model == null) {
|
||||||
|
@ -647,7 +671,7 @@ public class RealmAdapter implements RealmModel, JpaModel<RealmEntity> {
|
||||||
entities.remove(entity);
|
entities.remove(entity);
|
||||||
}
|
}
|
||||||
em.flush();
|
em.flush();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<GroupModel> getDefaultGroups() {
|
public List<GroupModel> getDefaultGroups() {
|
||||||
|
@ -1954,4 +1978,5 @@ public class RealmAdapter implements RealmModel, JpaModel<RealmEntity> {
|
||||||
if (c == null) return null;
|
if (c == null) return null;
|
||||||
return entityToModel(c);
|
return entityToModel(c);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
|
@ -186,6 +186,13 @@ public interface RealmModel extends RoleContainerModel {
|
||||||
|
|
||||||
void setAccessCodeLifespanUserAction(int seconds);
|
void setAccessCodeLifespanUserAction(int seconds);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method will return a map with all the lifespans available
|
||||||
|
* or an empty map, but never null.
|
||||||
|
* @return map with user action token lifespans
|
||||||
|
*/
|
||||||
|
Map<String, Integer> getUserActionTokenLifespans();
|
||||||
|
|
||||||
int getAccessCodeLifespanLogin();
|
int getAccessCodeLifespanLogin();
|
||||||
|
|
||||||
void setAccessCodeLifespanLogin(int seconds);
|
void setAccessCodeLifespanLogin(int seconds);
|
||||||
|
@ -196,6 +203,9 @@ public interface RealmModel extends RoleContainerModel {
|
||||||
int getActionTokenGeneratedByUserLifespan();
|
int getActionTokenGeneratedByUserLifespan();
|
||||||
void setActionTokenGeneratedByUserLifespan(int seconds);
|
void setActionTokenGeneratedByUserLifespan(int seconds);
|
||||||
|
|
||||||
|
int getActionTokenGeneratedByUserLifespan(String actionTokenType);
|
||||||
|
void setActionTokenGeneratedByUserLifespan(String actionTokenType, Integer seconds);
|
||||||
|
|
||||||
List<RequiredCredentialModel> getRequiredCredentials();
|
List<RequiredCredentialModel> getRequiredCredentials();
|
||||||
|
|
||||||
void addRequiredCredential(String cred);
|
void addRequiredCredential(String cred);
|
||||||
|
|
|
@ -116,7 +116,7 @@ public class IdpEmailVerificationAuthenticator extends AbstractIdpAuthenticator
|
||||||
UriInfo uriInfo = session.getContext().getUri();
|
UriInfo uriInfo = session.getContext().getUri();
|
||||||
AuthenticationSessionModel authSession = context.getAuthenticationSession();
|
AuthenticationSessionModel authSession = context.getAuthenticationSession();
|
||||||
|
|
||||||
int validityInSecs = realm.getActionTokenGeneratedByUserLifespan();
|
int validityInSecs = realm.getActionTokenGeneratedByUserLifespan(IdpVerifyAccountLinkActionToken.TOKEN_TYPE);
|
||||||
int absoluteExpirationInSecs = Time.currentTime() + validityInSecs;
|
int absoluteExpirationInSecs = Time.currentTime() + validityInSecs;
|
||||||
|
|
||||||
EventBuilder event = context.getEvent().clone().event(EventType.SEND_IDENTITY_PROVIDER_LINK)
|
EventBuilder event = context.getEvent().clone().event(EventType.SEND_IDENTITY_PROVIDER_LINK)
|
||||||
|
|
|
@ -85,7 +85,7 @@ public class ResetCredentialEmail implements Authenticator, AuthenticatorFactory
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
int validityInSecs = context.getRealm().getActionTokenGeneratedByUserLifespan();
|
int validityInSecs = context.getRealm().getActionTokenGeneratedByUserLifespan(ResetCredentialsActionToken.TOKEN_TYPE);
|
||||||
int absoluteExpirationInSecs = Time.currentTime() + validityInSecs;
|
int absoluteExpirationInSecs = Time.currentTime() + validityInSecs;
|
||||||
|
|
||||||
// We send the secret in the email in a link as a query param.
|
// We send the secret in the email in a link as a query param.
|
||||||
|
|
|
@ -131,7 +131,7 @@ public class VerifyEmail implements RequiredActionProvider, RequiredActionFactor
|
||||||
RealmModel realm = session.getContext().getRealm();
|
RealmModel realm = session.getContext().getRealm();
|
||||||
UriInfo uriInfo = session.getContext().getUri();
|
UriInfo uriInfo = session.getContext().getUri();
|
||||||
|
|
||||||
int validityInSecs = realm.getActionTokenGeneratedByUserLifespan();
|
int validityInSecs = realm.getActionTokenGeneratedByUserLifespan(VerifyEmailActionToken.TOKEN_TYPE);
|
||||||
int absoluteExpirationInSecs = Time.currentTime() + validityInSecs;
|
int absoluteExpirationInSecs = Time.currentTime() + validityInSecs;
|
||||||
|
|
||||||
VerifyEmailActionToken token = new VerifyEmailActionToken(user.getId(), absoluteExpirationInSecs, authSession.getId(), user.getEmail());
|
VerifyEmailActionToken token = new VerifyEmailActionToken(user.getId(), absoluteExpirationInSecs, authSession.getId(), user.getEmail());
|
||||||
|
|
|
@ -56,7 +56,11 @@ public class MailUtils {
|
||||||
assertEquals("text/html; charset=UTF-8", htmlContentType);
|
assertEquals("text/html; charset=UTF-8", htmlContentType);
|
||||||
|
|
||||||
final String htmlBody = (String) multipart.getBodyPart(1).getContent();
|
final String htmlBody = (String) multipart.getBodyPart(1).getContent();
|
||||||
final String htmlChangePwdUrl = getLink(htmlBody);
|
// .replace() accounts for escaping the ampersand
|
||||||
|
// It's not escaped in the html version because html retrieved from a
|
||||||
|
// message bundle is considered safe and it must be unescaped to display
|
||||||
|
// properly.
|
||||||
|
final String htmlChangePwdUrl = MailUtils.getLink(htmlBody).replace("&", "&");
|
||||||
|
|
||||||
assertEquals(htmlChangePwdUrl, textChangePwdUrl);
|
assertEquals(htmlChangePwdUrl, textChangePwdUrl);
|
||||||
|
|
||||||
|
|
|
@ -27,14 +27,12 @@ import org.keycloak.events.Details;
|
||||||
import org.keycloak.events.Errors;
|
import org.keycloak.events.Errors;
|
||||||
import org.keycloak.events.EventType;
|
import org.keycloak.events.EventType;
|
||||||
import org.keycloak.models.Constants;
|
import org.keycloak.models.Constants;
|
||||||
import org.keycloak.models.UserModel;
|
|
||||||
import org.keycloak.representations.idm.EventRepresentation;
|
import org.keycloak.representations.idm.EventRepresentation;
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
import org.keycloak.representations.idm.UserRepresentation;
|
||||||
import org.keycloak.testsuite.AssertEvents;
|
import org.keycloak.testsuite.AssertEvents;
|
||||||
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
|
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
|
||||||
import org.keycloak.testsuite.admin.ApiUtil;
|
import org.keycloak.testsuite.admin.ApiUtil;
|
||||||
import org.keycloak.testsuite.auth.page.AuthRealm;
|
|
||||||
import org.keycloak.testsuite.pages.AppPage;
|
import org.keycloak.testsuite.pages.AppPage;
|
||||||
import org.keycloak.testsuite.pages.AppPage.RequestType;
|
import org.keycloak.testsuite.pages.AppPage.RequestType;
|
||||||
import org.keycloak.testsuite.pages.ProceedPage;
|
import org.keycloak.testsuite.pages.ProceedPage;
|
||||||
|
@ -45,16 +43,19 @@ import org.keycloak.testsuite.pages.RegisterPage;
|
||||||
import org.keycloak.testsuite.pages.VerifyEmailPage;
|
import org.keycloak.testsuite.pages.VerifyEmailPage;
|
||||||
import org.keycloak.testsuite.util.GreenMailRule;
|
import org.keycloak.testsuite.util.GreenMailRule;
|
||||||
import org.keycloak.testsuite.util.MailUtils;
|
import org.keycloak.testsuite.util.MailUtils;
|
||||||
|
import org.keycloak.testsuite.util.UserActionTokenBuilder;
|
||||||
import org.keycloak.testsuite.util.UserBuilder;
|
import org.keycloak.testsuite.util.UserBuilder;
|
||||||
|
|
||||||
import javax.mail.MessagingException;
|
import javax.mail.MessagingException;
|
||||||
import javax.mail.Multipart;
|
import javax.mail.Multipart;
|
||||||
import javax.mail.internet.MimeMessage;
|
import javax.mail.internet.MimeMessage;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.util.Collections;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
import org.hamcrest.Matchers;
|
import org.hamcrest.Matchers;
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
import static org.junit.Assert.assertTrue;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
|
@ -448,6 +449,95 @@ public class RequiredActionEmailVerificationTest extends AbstractTestRealmKeyclo
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void verifyEmailExpiredCodedPerActionLifespan() throws IOException, MessagingException {
|
||||||
|
RealmRepresentation realmRep = testRealm().toRepresentation();
|
||||||
|
Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes()));
|
||||||
|
|
||||||
|
realmRep.setAttributes(UserActionTokenBuilder.create().verifyEmailLifespan(60).build());
|
||||||
|
testRealm().update(realmRep);
|
||||||
|
|
||||||
|
loginPage.open();
|
||||||
|
loginPage.login("test-user@localhost", "password");
|
||||||
|
|
||||||
|
verifyEmailPage.assertCurrent();
|
||||||
|
|
||||||
|
Assert.assertEquals(1, greenMail.getReceivedMessages().length);
|
||||||
|
|
||||||
|
MimeMessage message = greenMail.getLastReceivedMessage();
|
||||||
|
|
||||||
|
String verificationUrl = getPasswordResetEmailLink(message);
|
||||||
|
|
||||||
|
events.poll();
|
||||||
|
|
||||||
|
try {
|
||||||
|
setTimeOffset(70);
|
||||||
|
|
||||||
|
driver.navigate().to(verificationUrl.trim());
|
||||||
|
|
||||||
|
loginPage.assertCurrent();
|
||||||
|
assertEquals("Action expired. Please start again.", loginPage.getError());
|
||||||
|
|
||||||
|
events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR)
|
||||||
|
.error(Errors.EXPIRED_CODE)
|
||||||
|
.client((String)null)
|
||||||
|
.user(testUserId)
|
||||||
|
.session((String)null)
|
||||||
|
.clearDetails()
|
||||||
|
.detail(Details.ACTION, VerifyEmailActionToken.TOKEN_TYPE)
|
||||||
|
.assertEvent();
|
||||||
|
} finally {
|
||||||
|
setTimeOffset(0);
|
||||||
|
realmRep.setAttributes(originalAttributes);
|
||||||
|
testRealm().update(realmRep);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void verifyEmailExpiredCodedPerActionMultipleTimeouts() throws IOException, MessagingException {
|
||||||
|
RealmRepresentation realmRep = testRealm().toRepresentation();
|
||||||
|
Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes()));
|
||||||
|
|
||||||
|
//Make sure that one attribute settings won't affect the other
|
||||||
|
realmRep.setAttributes(UserActionTokenBuilder.create().verifyEmailLifespan(60).resetCredentialsLifespan(300).build());
|
||||||
|
testRealm().update(realmRep);
|
||||||
|
|
||||||
|
loginPage.open();
|
||||||
|
loginPage.login("test-user@localhost", "password");
|
||||||
|
|
||||||
|
verifyEmailPage.assertCurrent();
|
||||||
|
|
||||||
|
Assert.assertEquals(1, greenMail.getReceivedMessages().length);
|
||||||
|
|
||||||
|
MimeMessage message = greenMail.getLastReceivedMessage();
|
||||||
|
|
||||||
|
String verificationUrl = getPasswordResetEmailLink(message);
|
||||||
|
|
||||||
|
events.poll();
|
||||||
|
|
||||||
|
try {
|
||||||
|
setTimeOffset(70);
|
||||||
|
|
||||||
|
driver.navigate().to(verificationUrl.trim());
|
||||||
|
|
||||||
|
loginPage.assertCurrent();
|
||||||
|
assertEquals("Action expired. Please start again.", loginPage.getError());
|
||||||
|
|
||||||
|
events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR)
|
||||||
|
.error(Errors.EXPIRED_CODE)
|
||||||
|
.client((String)null)
|
||||||
|
.user(testUserId)
|
||||||
|
.session((String)null)
|
||||||
|
.clearDetails()
|
||||||
|
.detail(Details.ACTION, VerifyEmailActionToken.TOKEN_TYPE)
|
||||||
|
.assertEvent();
|
||||||
|
} finally {
|
||||||
|
setTimeOffset(0);
|
||||||
|
realmRep.setAttributes(originalAttributes);
|
||||||
|
testRealm().update(realmRep);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void verifyEmailExpiredCodeAndExpiredSession() throws IOException, MessagingException {
|
public void verifyEmailExpiredCodeAndExpiredSession() throws IOException, MessagingException {
|
||||||
loginPage.open();
|
loginPage.open();
|
||||||
|
|
|
@ -47,6 +47,7 @@ import org.keycloak.testsuite.pages.OAuthGrantPage;
|
||||||
import org.keycloak.testsuite.pages.RegisterPage;
|
import org.keycloak.testsuite.pages.RegisterPage;
|
||||||
import org.keycloak.testsuite.pages.VerifyEmailPage;
|
import org.keycloak.testsuite.pages.VerifyEmailPage;
|
||||||
import org.keycloak.testsuite.util.GreenMailRule;
|
import org.keycloak.testsuite.util.GreenMailRule;
|
||||||
|
import org.keycloak.testsuite.util.MailUtils;
|
||||||
import org.keycloak.testsuite.util.OAuthClient;
|
import org.keycloak.testsuite.util.OAuthClient;
|
||||||
import org.keycloak.testsuite.util.UserBuilder;
|
import org.keycloak.testsuite.util.UserBuilder;
|
||||||
|
|
||||||
|
@ -337,7 +338,7 @@ public class BrowserButtonsTest extends AbstractTestRealmKeycloakTest {
|
||||||
// Receive email
|
// Receive email
|
||||||
MimeMessage message = greenMail.getReceivedMessages()[greenMail.getReceivedMessages().length - 1];
|
MimeMessage message = greenMail.getReceivedMessages()[greenMail.getReceivedMessages().length - 1];
|
||||||
|
|
||||||
String changePasswordUrl = ResetPasswordTest.getPasswordResetEmailLink(message);
|
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
|
||||||
|
|
||||||
driver.navigate().to(changePasswordUrl.trim());
|
driver.navigate().to(changePasswordUrl.trim());
|
||||||
|
|
||||||
|
|
|
@ -38,12 +38,13 @@ import org.keycloak.testsuite.pages.VerifyEmailPage;
|
||||||
import org.keycloak.testsuite.util.GreenMailRule;
|
import org.keycloak.testsuite.util.GreenMailRule;
|
||||||
import org.keycloak.testsuite.util.MailUtils;
|
import org.keycloak.testsuite.util.MailUtils;
|
||||||
import org.keycloak.testsuite.util.OAuthClient;
|
import org.keycloak.testsuite.util.OAuthClient;
|
||||||
|
import org.keycloak.testsuite.util.UserActionTokenBuilder;
|
||||||
import org.keycloak.testsuite.util.UserBuilder;
|
import org.keycloak.testsuite.util.UserBuilder;
|
||||||
|
|
||||||
import javax.mail.MessagingException;
|
import javax.mail.MessagingException;
|
||||||
import javax.mail.Multipart;
|
|
||||||
import javax.mail.internet.MimeMessage;
|
import javax.mail.internet.MimeMessage;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.util.Collections;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.concurrent.atomic.AtomicInteger;
|
import java.util.concurrent.atomic.AtomicInteger;
|
||||||
|
@ -131,7 +132,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
|
||||||
|
|
||||||
MimeMessage message = greenMail.getReceivedMessages()[0];
|
MimeMessage message = greenMail.getReceivedMessages()[0];
|
||||||
|
|
||||||
String changePasswordUrl = getPasswordResetEmailLink(message);
|
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
|
||||||
|
|
||||||
driver.navigate().to(changePasswordUrl.trim());
|
driver.navigate().to(changePasswordUrl.trim());
|
||||||
|
|
||||||
|
@ -251,7 +252,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
|
||||||
|
|
||||||
MimeMessage message = greenMail.getReceivedMessages()[greenMail.getReceivedMessages().length - 1];
|
MimeMessage message = greenMail.getReceivedMessages()[greenMail.getReceivedMessages().length - 1];
|
||||||
|
|
||||||
String changePasswordUrl = getPasswordResetEmailLink(message);
|
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
|
||||||
|
|
||||||
driver.navigate().to(changePasswordUrl.trim());
|
driver.navigate().to(changePasswordUrl.trim());
|
||||||
|
|
||||||
|
@ -295,7 +296,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
|
||||||
|
|
||||||
MimeMessage message = greenMail.getReceivedMessages()[greenMail.getReceivedMessages().length - 1];
|
MimeMessage message = greenMail.getReceivedMessages()[greenMail.getReceivedMessages().length - 1];
|
||||||
|
|
||||||
String changePasswordUrl = getPasswordResetEmailLink(message);
|
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
|
||||||
|
|
||||||
driver.navigate().to(changePasswordUrl.trim());
|
driver.navigate().to(changePasswordUrl.trim());
|
||||||
|
|
||||||
|
@ -362,7 +363,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
|
||||||
|
|
||||||
MimeMessage message = greenMail.getReceivedMessages()[0];
|
MimeMessage message = greenMail.getReceivedMessages()[0];
|
||||||
|
|
||||||
String changePasswordUrl = getPasswordResetEmailLink(message);
|
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
setTimeOffset(1800 + 23);
|
setTimeOffset(1800 + 23);
|
||||||
|
@ -399,7 +400,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
|
||||||
|
|
||||||
MimeMessage message = greenMail.getReceivedMessages()[0];
|
MimeMessage message = greenMail.getReceivedMessages()[0];
|
||||||
|
|
||||||
String changePasswordUrl = getPasswordResetEmailLink(message);
|
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
|
||||||
|
|
||||||
setTimeOffset(70);
|
setTimeOffset(70);
|
||||||
|
|
||||||
|
@ -418,6 +419,84 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void resetPasswordExpiredCodeShortPerActionLifespan() throws IOException, MessagingException, InterruptedException {
|
||||||
|
RealmRepresentation realmRep = testRealm().toRepresentation();
|
||||||
|
Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes()));
|
||||||
|
|
||||||
|
realmRep.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).build());
|
||||||
|
testRealm().update(realmRep);
|
||||||
|
|
||||||
|
try {
|
||||||
|
initiateResetPasswordFromResetPasswordPage("login-test");
|
||||||
|
|
||||||
|
events.expectRequiredAction(EventType.SEND_RESET_PASSWORD)
|
||||||
|
.session((String)null)
|
||||||
|
.user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "login@test.com").assertEvent();
|
||||||
|
|
||||||
|
assertEquals(1, greenMail.getReceivedMessages().length);
|
||||||
|
|
||||||
|
MimeMessage message = greenMail.getReceivedMessages()[0];
|
||||||
|
|
||||||
|
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
|
||||||
|
|
||||||
|
setTimeOffset(70);
|
||||||
|
|
||||||
|
driver.navigate().to(changePasswordUrl.trim());
|
||||||
|
|
||||||
|
loginPage.assertCurrent();
|
||||||
|
|
||||||
|
assertEquals("Action expired. Please start again.", loginPage.getError());
|
||||||
|
|
||||||
|
events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(userId).session((String) null).clearDetails().detail(Details.ACTION, ResetCredentialsActionToken.TOKEN_TYPE).assertEvent();
|
||||||
|
} finally {
|
||||||
|
setTimeOffset(0);
|
||||||
|
|
||||||
|
realmRep.setAttributes(originalAttributes);
|
||||||
|
testRealm().update(realmRep);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void resetPasswordExpiredCodeShortPerActionMultipleTimeouts() throws IOException, MessagingException, InterruptedException {
|
||||||
|
RealmRepresentation realmRep = testRealm().toRepresentation();
|
||||||
|
Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes()));
|
||||||
|
|
||||||
|
//Make sure that one attribute settings won't affect the other
|
||||||
|
realmRep.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).verifyEmailLifespan(300).build());
|
||||||
|
|
||||||
|
testRealm().update(realmRep);
|
||||||
|
|
||||||
|
try {
|
||||||
|
initiateResetPasswordFromResetPasswordPage("login-test");
|
||||||
|
|
||||||
|
events.expectRequiredAction(EventType.SEND_RESET_PASSWORD)
|
||||||
|
.session((String)null)
|
||||||
|
.user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "login@test.com").assertEvent();
|
||||||
|
|
||||||
|
assertEquals(1, greenMail.getReceivedMessages().length);
|
||||||
|
|
||||||
|
MimeMessage message = greenMail.getReceivedMessages()[0];
|
||||||
|
|
||||||
|
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
|
||||||
|
|
||||||
|
setTimeOffset(70);
|
||||||
|
|
||||||
|
driver.navigate().to(changePasswordUrl.trim());
|
||||||
|
|
||||||
|
loginPage.assertCurrent();
|
||||||
|
|
||||||
|
assertEquals("Action expired. Please start again.", loginPage.getError());
|
||||||
|
|
||||||
|
events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(userId).session((String) null).clearDetails().detail(Details.ACTION, ResetCredentialsActionToken.TOKEN_TYPE).assertEvent();
|
||||||
|
} finally {
|
||||||
|
setTimeOffset(0);
|
||||||
|
|
||||||
|
realmRep.setAttributes(originalAttributes);
|
||||||
|
testRealm().update(realmRep);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// KEYCLOAK-4016
|
// KEYCLOAK-4016
|
||||||
@Test
|
@Test
|
||||||
public void resetPasswordExpiredCodeAndAuthSession() throws IOException, MessagingException, InterruptedException {
|
public void resetPasswordExpiredCodeAndAuthSession() throws IOException, MessagingException, InterruptedException {
|
||||||
|
@ -439,7 +518,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
|
||||||
|
|
||||||
MimeMessage message = greenMail.getReceivedMessages()[0];
|
MimeMessage message = greenMail.getReceivedMessages()[0];
|
||||||
|
|
||||||
String changePasswordUrl = getPasswordResetEmailLink(message).replace("&", "&");
|
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message).replace("&", "&");
|
||||||
|
|
||||||
setTimeOffset(70);
|
setTimeOffset(70);
|
||||||
|
|
||||||
|
@ -463,6 +542,92 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void resetPasswordExpiredCodeAndAuthSessionPerActionLifespan() throws IOException, MessagingException, InterruptedException {
|
||||||
|
RealmRepresentation realmRep = testRealm().toRepresentation();
|
||||||
|
Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes()));
|
||||||
|
|
||||||
|
realmRep.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).build());
|
||||||
|
testRealm().update(realmRep);
|
||||||
|
|
||||||
|
try {
|
||||||
|
initiateResetPasswordFromResetPasswordPage("login-test");
|
||||||
|
|
||||||
|
events.expectRequiredAction(EventType.SEND_RESET_PASSWORD)
|
||||||
|
.session((String)null)
|
||||||
|
.user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "login@test.com").assertEvent();
|
||||||
|
|
||||||
|
assertEquals(1, greenMail.getReceivedMessages().length);
|
||||||
|
|
||||||
|
MimeMessage message = greenMail.getReceivedMessages()[0];
|
||||||
|
|
||||||
|
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message).replace("&", "&");
|
||||||
|
|
||||||
|
setTimeOffset(70);
|
||||||
|
|
||||||
|
log.debug("Going to reset password URI.");
|
||||||
|
driver.navigate().to(oauth.AUTH_SERVER_ROOT + "/realms/test/login-actions/reset-credentials"); // This is necessary to delete KC_RESTART cookie that is restricted to /auth/realms/test path
|
||||||
|
log.debug("Removing cookies.");
|
||||||
|
driver.manage().deleteAllCookies();
|
||||||
|
driver.navigate().to(changePasswordUrl.trim());
|
||||||
|
|
||||||
|
errorPage.assertCurrent();
|
||||||
|
Assert.assertEquals("Action expired.", errorPage.getError());
|
||||||
|
String backToAppLink = errorPage.getBackToApplicationLink();
|
||||||
|
Assert.assertTrue(backToAppLink.endsWith("/app/auth"));
|
||||||
|
|
||||||
|
events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(userId).session((String) null).clearDetails().detail(Details.ACTION, ResetCredentialsActionToken.TOKEN_TYPE).assertEvent();
|
||||||
|
} finally {
|
||||||
|
setTimeOffset(0);
|
||||||
|
|
||||||
|
realmRep.setAttributes(originalAttributes);
|
||||||
|
testRealm().update(realmRep);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void resetPasswordExpiredCodeAndAuthSessionPerActionMultipleTimeouts() throws IOException, MessagingException, InterruptedException {
|
||||||
|
RealmRepresentation realmRep = testRealm().toRepresentation();
|
||||||
|
Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes()));
|
||||||
|
|
||||||
|
//Make sure that one attribute settings won't affect the other
|
||||||
|
realmRep.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).verifyEmailLifespan(300).build());
|
||||||
|
testRealm().update(realmRep);
|
||||||
|
|
||||||
|
try {
|
||||||
|
initiateResetPasswordFromResetPasswordPage("login-test");
|
||||||
|
|
||||||
|
events.expectRequiredAction(EventType.SEND_RESET_PASSWORD)
|
||||||
|
.session((String)null)
|
||||||
|
.user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "login@test.com").assertEvent();
|
||||||
|
|
||||||
|
assertEquals(1, greenMail.getReceivedMessages().length);
|
||||||
|
|
||||||
|
MimeMessage message = greenMail.getReceivedMessages()[0];
|
||||||
|
|
||||||
|
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message).replace("&", "&");
|
||||||
|
|
||||||
|
setTimeOffset(70);
|
||||||
|
|
||||||
|
log.debug("Going to reset password URI.");
|
||||||
|
driver.navigate().to(oauth.AUTH_SERVER_ROOT + "/realms/test/login-actions/reset-credentials"); // This is necessary to delete KC_RESTART cookie that is restricted to /auth/realms/test path
|
||||||
|
log.debug("Removing cookies.");
|
||||||
|
driver.manage().deleteAllCookies();
|
||||||
|
driver.navigate().to(changePasswordUrl.trim());
|
||||||
|
|
||||||
|
errorPage.assertCurrent();
|
||||||
|
Assert.assertEquals("Action expired.", errorPage.getError());
|
||||||
|
String backToAppLink = errorPage.getBackToApplicationLink();
|
||||||
|
Assert.assertTrue(backToAppLink.endsWith("/app/auth"));
|
||||||
|
|
||||||
|
events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(userId).session((String) null).clearDetails().detail(Details.ACTION, ResetCredentialsActionToken.TOKEN_TYPE).assertEvent();
|
||||||
|
} finally {
|
||||||
|
setTimeOffset(0);
|
||||||
|
|
||||||
|
realmRep.setAttributes(originalAttributes);
|
||||||
|
testRealm().update(realmRep);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// KEYCLOAK-5061
|
// KEYCLOAK-5061
|
||||||
@Test
|
@Test
|
||||||
|
@ -495,7 +660,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
|
||||||
|
|
||||||
MimeMessage message = greenMail.getReceivedMessages()[0];
|
MimeMessage message = greenMail.getReceivedMessages()[0];
|
||||||
|
|
||||||
String changePasswordUrl = getPasswordResetEmailLink(message);
|
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
|
||||||
|
|
||||||
setTimeOffset(70);
|
setTimeOffset(70);
|
||||||
|
|
||||||
|
@ -514,6 +679,103 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void resetPasswordExpiredCodeForgotPasswordFlowPerActionLifespan() throws IOException, MessagingException, InterruptedException {
|
||||||
|
RealmRepresentation realmRep = testRealm().toRepresentation();
|
||||||
|
Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes()));
|
||||||
|
|
||||||
|
realmRep.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).build());
|
||||||
|
testRealm().update(realmRep);
|
||||||
|
|
||||||
|
try {
|
||||||
|
// Redirect directly to KC "forgot password" endpoint instead of "authenticate" endpoint
|
||||||
|
String loginUrl = oauth.getLoginFormUrl();
|
||||||
|
String forgotPasswordUrl = loginUrl.replace("/auth?", "/forgot-credentials?"); // Workaround, but works
|
||||||
|
|
||||||
|
driver.navigate().to(forgotPasswordUrl);
|
||||||
|
resetPasswordPage.assertCurrent();
|
||||||
|
resetPasswordPage.changePassword("login-test");
|
||||||
|
|
||||||
|
loginPage.assertCurrent();
|
||||||
|
assertEquals("You should receive an email shortly with further instructions.", loginPage.getSuccessMessage());
|
||||||
|
expectedMessagesCount++;
|
||||||
|
|
||||||
|
events.expectRequiredAction(EventType.SEND_RESET_PASSWORD)
|
||||||
|
.session((String)null)
|
||||||
|
.user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "login@test.com").assertEvent();
|
||||||
|
|
||||||
|
assertEquals(1, greenMail.getReceivedMessages().length);
|
||||||
|
|
||||||
|
MimeMessage message = greenMail.getReceivedMessages()[0];
|
||||||
|
|
||||||
|
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
|
||||||
|
|
||||||
|
setTimeOffset(70);
|
||||||
|
|
||||||
|
driver.navigate().to(changePasswordUrl.trim());
|
||||||
|
|
||||||
|
resetPasswordPage.assertCurrent();
|
||||||
|
|
||||||
|
assertEquals("Action expired. Please start again.", loginPage.getError());
|
||||||
|
|
||||||
|
events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(userId).session((String) null).clearDetails().detail(Details.ACTION, ResetCredentialsActionToken.TOKEN_TYPE).assertEvent();
|
||||||
|
} finally {
|
||||||
|
setTimeOffset(0);
|
||||||
|
|
||||||
|
realmRep.setAttributes(originalAttributes);
|
||||||
|
testRealm().update(realmRep);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void resetPasswordExpiredCodeForgotPasswordFlowPerActionMultipleTimeouts() throws IOException, MessagingException, InterruptedException {
|
||||||
|
RealmRepresentation realmRep = testRealm().toRepresentation();
|
||||||
|
Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes()));
|
||||||
|
|
||||||
|
//Make sure that one attribute settings won't affect the other
|
||||||
|
realmRep.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).verifyEmailLifespan(300).build());
|
||||||
|
testRealm().update(realmRep);
|
||||||
|
|
||||||
|
try {
|
||||||
|
// Redirect directly to KC "forgot password" endpoint instead of "authenticate" endpoint
|
||||||
|
String loginUrl = oauth.getLoginFormUrl();
|
||||||
|
String forgotPasswordUrl = loginUrl.replace("/auth?", "/forgot-credentials?"); // Workaround, but works
|
||||||
|
|
||||||
|
driver.navigate().to(forgotPasswordUrl);
|
||||||
|
resetPasswordPage.assertCurrent();
|
||||||
|
resetPasswordPage.changePassword("login-test");
|
||||||
|
|
||||||
|
loginPage.assertCurrent();
|
||||||
|
assertEquals("You should receive an email shortly with further instructions.", loginPage.getSuccessMessage());
|
||||||
|
expectedMessagesCount++;
|
||||||
|
|
||||||
|
events.expectRequiredAction(EventType.SEND_RESET_PASSWORD)
|
||||||
|
.session((String)null)
|
||||||
|
.user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "login@test.com").assertEvent();
|
||||||
|
|
||||||
|
assertEquals(1, greenMail.getReceivedMessages().length);
|
||||||
|
|
||||||
|
MimeMessage message = greenMail.getReceivedMessages()[0];
|
||||||
|
|
||||||
|
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
|
||||||
|
|
||||||
|
setTimeOffset(70);
|
||||||
|
|
||||||
|
driver.navigate().to(changePasswordUrl.trim());
|
||||||
|
|
||||||
|
resetPasswordPage.assertCurrent();
|
||||||
|
|
||||||
|
assertEquals("Action expired. Please start again.", loginPage.getError());
|
||||||
|
|
||||||
|
events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(userId).session((String) null).clearDetails().detail(Details.ACTION, ResetCredentialsActionToken.TOKEN_TYPE).assertEvent();
|
||||||
|
} finally {
|
||||||
|
setTimeOffset(0);
|
||||||
|
|
||||||
|
realmRep.setAttributes(originalAttributes);
|
||||||
|
testRealm().update(realmRep);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void resetPasswordDisabledUser() throws IOException, MessagingException, InterruptedException {
|
public void resetPasswordDisabledUser() throws IOException, MessagingException, InterruptedException {
|
||||||
UserRepresentation user = findUser("login-test");
|
UserRepresentation user = findUser("login-test");
|
||||||
|
@ -608,7 +870,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
|
||||||
|
|
||||||
MimeMessage message = greenMail.getReceivedMessages()[0];
|
MimeMessage message = greenMail.getReceivedMessages()[0];
|
||||||
|
|
||||||
String changePasswordUrl = getPasswordResetEmailLink(message);
|
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
|
||||||
|
|
||||||
events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).session((String)null).user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "login@test.com").assertEvent();
|
events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).session((String)null).user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "login@test.com").assertEvent();
|
||||||
|
|
||||||
|
@ -701,7 +963,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
|
||||||
|
|
||||||
MimeMessage message = greenMail.getReceivedMessages()[0];
|
MimeMessage message = greenMail.getReceivedMessages()[0];
|
||||||
|
|
||||||
String changePasswordUrl = getPasswordResetEmailLink(message);
|
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
|
||||||
|
|
||||||
log.debug("Going to reset password URI.");
|
log.debug("Going to reset password URI.");
|
||||||
driver.navigate().to(resetUri); // This is necessary to delete KC_RESTART cookie that is restricted to /auth/realms/test path
|
driver.navigate().to(resetUri); // This is necessary to delete KC_RESTART cookie that is restricted to /auth/realms/test path
|
||||||
|
@ -710,8 +972,6 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
|
||||||
log.debug("Going to URI from e-mail.");
|
log.debug("Going to URI from e-mail.");
|
||||||
driver.navigate().to(changePasswordUrl.trim());
|
driver.navigate().to(changePasswordUrl.trim());
|
||||||
|
|
||||||
// System.out.println(driver.getPageSource());
|
|
||||||
|
|
||||||
updatePasswordPage.assertCurrent();
|
updatePasswordPage.assertCurrent();
|
||||||
|
|
||||||
updatePasswordPage.changePassword("resetPassword", "resetPassword");
|
updatePasswordPage.changePassword("resetPassword", "resetPassword");
|
||||||
|
@ -719,32 +979,4 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
|
||||||
infoPage.assertCurrent();
|
infoPage.assertCurrent();
|
||||||
assertEquals("Your account has been updated.", infoPage.getInfo());
|
assertEquals("Your account has been updated.", infoPage.getInfo());
|
||||||
}
|
}
|
||||||
|
|
||||||
public static String getPasswordResetEmailLink(MimeMessage message) throws IOException, MessagingException {
|
|
||||||
Multipart multipart = (Multipart) message.getContent();
|
|
||||||
|
|
||||||
final String textContentType = multipart.getBodyPart(0).getContentType();
|
|
||||||
|
|
||||||
assertEquals("text/plain; charset=UTF-8", textContentType);
|
|
||||||
|
|
||||||
final String textBody = (String) multipart.getBodyPart(0).getContent();
|
|
||||||
final String textChangePwdUrl = MailUtils.getLink(textBody);
|
|
||||||
|
|
||||||
final String htmlContentType = multipart.getBodyPart(1).getContentType();
|
|
||||||
|
|
||||||
assertEquals("text/html; charset=UTF-8", htmlContentType);
|
|
||||||
|
|
||||||
final String htmlBody = (String) multipart.getBodyPart(1).getContent();
|
|
||||||
|
|
||||||
// .replace() accounts for escaping the ampersand
|
|
||||||
// It's not escaped in the html version because html retrieved from a
|
|
||||||
// message bundle is considered safe and it must be unescaped to display
|
|
||||||
// properly.
|
|
||||||
final String htmlChangePwdUrl = MailUtils.getLink(htmlBody).replace("&", "&");
|
|
||||||
|
|
||||||
assertEquals(htmlChangePwdUrl, textChangePwdUrl);
|
|
||||||
|
|
||||||
return htmlChangePwdUrl;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -39,7 +39,6 @@ import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||||
import org.keycloak.testsuite.Assert;
|
import org.keycloak.testsuite.Assert;
|
||||||
import org.keycloak.util.JsonSerialization;
|
import org.keycloak.util.JsonSerialization;
|
||||||
|
|
||||||
import javax.ws.rs.core.Response;
|
|
||||||
import java.io.ByteArrayInputStream;
|
import java.io.ByteArrayInputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.lang.reflect.Method;
|
import java.lang.reflect.Method;
|
||||||
|
@ -251,7 +250,7 @@ public class AssertAdminEvents implements TestRule {
|
||||||
|
|
||||||
// Reflection-based comparing for other types - compare the non-null fields of "expected" representation with the "actual" representation from the event
|
// Reflection-based comparing for other types - compare the non-null fields of "expected" representation with the "actual" representation from the event
|
||||||
for (Method method : Reflections.getAllDeclaredMethods(expectedRep.getClass())) {
|
for (Method method : Reflections.getAllDeclaredMethods(expectedRep.getClass())) {
|
||||||
if (method.getName().startsWith("get") || method.getName().startsWith("is")) {
|
if (method.getParameterCount() == 0 && (method.getName().startsWith("get") || method.getName().startsWith("is"))) {
|
||||||
Object expectedValue = Reflections.invokeMethod(method, expectedRep);
|
Object expectedValue = Reflections.invokeMethod(method, expectedRep);
|
||||||
if (expectedValue != null) {
|
if (expectedValue != null) {
|
||||||
Object actualValue = Reflections.invokeMethod(method, actualRep);
|
Object actualValue = Reflections.invokeMethod(method, actualRep);
|
||||||
|
|
|
@ -0,0 +1,38 @@
|
||||||
|
package org.keycloak.testsuite.util;
|
||||||
|
|
||||||
|
import org.keycloak.authentication.actiontoken.resetcred.ResetCredentialsActionToken;
|
||||||
|
import org.keycloak.authentication.actiontoken.verifyemail.VerifyEmailActionToken;
|
||||||
|
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author <a href="mailto:bruno@abstractj.org">Bruno Oliveira</a>
|
||||||
|
*/
|
||||||
|
public class UserActionTokenBuilder {
|
||||||
|
|
||||||
|
private final Map<String, String> realmAttributes;
|
||||||
|
private static final String ATTR_PREFIX = "actionTokenGeneratedByUserLifespan.";
|
||||||
|
|
||||||
|
private UserActionTokenBuilder(HashMap<String, String> attr) {
|
||||||
|
realmAttributes = attr;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static UserActionTokenBuilder create() {
|
||||||
|
return new UserActionTokenBuilder(new HashMap<>());
|
||||||
|
}
|
||||||
|
|
||||||
|
public UserActionTokenBuilder resetCredentialsLifespan(int lifespan) {
|
||||||
|
realmAttributes.put(ATTR_PREFIX + ResetCredentialsActionToken.TOKEN_TYPE, String.valueOf(lifespan));
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public UserActionTokenBuilder verifyEmailLifespan(int lifespan) {
|
||||||
|
realmAttributes.put(ATTR_PREFIX + VerifyEmailActionToken.TOKEN_TYPE, String.valueOf(lifespan));
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Map<String, String> build() {
|
||||||
|
return realmAttributes;
|
||||||
|
}
|
||||||
|
}
|
|
@ -61,6 +61,18 @@ public class TokenSettings extends RealmSettings {
|
||||||
@FindBy(name = "ssoSessionMaxLifespanUnit")
|
@FindBy(name = "ssoSessionMaxLifespanUnit")
|
||||||
private Select sessionLifespanTimeoutUnit;
|
private Select sessionLifespanTimeoutUnit;
|
||||||
|
|
||||||
|
@FindBy(name = "actionTokenAttributeSelect")
|
||||||
|
private Select actionTokenAttributeSelect;
|
||||||
|
|
||||||
|
@FindBy(name = "actionTokenAttributeUnit")
|
||||||
|
private Select actionTokenAttributeUnit;
|
||||||
|
|
||||||
|
@FindBy(id = "actionTokenAttributeTime")
|
||||||
|
private WebElement actionTokenAttributeTime;
|
||||||
|
|
||||||
|
@FindBy(xpath = "//button[@data-ng-click='resetToDefaultToken(actionTokenId)']")
|
||||||
|
private WebElement resetButton;
|
||||||
|
|
||||||
public void setSessionTimeout(int timeout, TimeUnit unit) {
|
public void setSessionTimeout(int timeout, TimeUnit unit) {
|
||||||
setTimeout(sessionTimeoutUnit, sessionTimeout, timeout, unit);
|
setTimeout(sessionTimeoutUnit, sessionTimeout, timeout, unit);
|
||||||
}
|
}
|
||||||
|
@ -69,6 +81,12 @@ public class TokenSettings extends RealmSettings {
|
||||||
setTimeout(sessionLifespanTimeoutUnit, sessionLifespanTimeout, time, unit);
|
setTimeout(sessionLifespanTimeoutUnit, sessionLifespanTimeout, time, unit);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void setOperation(String tokenType, int time, TimeUnit unit) {
|
||||||
|
waitUntilElement(sessionTimeout).is().present();
|
||||||
|
actionTokenAttributeSelect.selectByValue(tokenType.toLowerCase());
|
||||||
|
setTimeout(actionTokenAttributeUnit, actionTokenAttributeTime, time, unit);
|
||||||
|
}
|
||||||
|
|
||||||
private void setTimeout(Select timeoutElement, WebElement unitElement,
|
private void setTimeout(Select timeoutElement, WebElement unitElement,
|
||||||
int timeout, TimeUnit unit) {
|
int timeout, TimeUnit unit) {
|
||||||
waitUntilElement(sessionTimeout).is().present();
|
waitUntilElement(sessionTimeout).is().present();
|
||||||
|
@ -77,5 +95,25 @@ public class TokenSettings extends RealmSettings {
|
||||||
unitElement.sendKeys(valueOf(timeout));
|
unitElement.sendKeys(valueOf(timeout));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean isOperationEquals(String tokenType, int timeout, TimeUnit unit) {
|
||||||
|
selectOperation(tokenType);
|
||||||
|
|
||||||
|
waitUntilElement(sessionTimeout).is().present();
|
||||||
|
actionTokenAttributeSelect.selectByValue(tokenType.toLowerCase());
|
||||||
|
|
||||||
|
return actionTokenAttributeTime.getAttribute("value").equals(Integer.toString(timeout)) &&
|
||||||
|
actionTokenAttributeUnit.getFirstSelectedOption().getText().equals(capitalize(unit.name().toLowerCase()));
|
||||||
|
}
|
||||||
|
|
||||||
|
public void resetActionToken(String tokenType) {
|
||||||
|
selectOperation(tokenType);
|
||||||
|
waitUntilElement(resetButton).is().visible();
|
||||||
|
resetButton.click();
|
||||||
|
}
|
||||||
|
|
||||||
|
public void selectOperation(String tokenType) {
|
||||||
|
waitUntilElement(sessionTimeout).is().present();
|
||||||
|
actionTokenAttributeSelect.selectByValue(tokenType.toLowerCase());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -71,8 +71,6 @@ public abstract class AbstractConsoleTest extends AbstractAuthTest {
|
||||||
if (!testContext.isAdminLoggedIn()) {
|
if (!testContext.isAdminLoggedIn()) {
|
||||||
loginToMasterRealmAdminConsoleAs(adminUser);
|
loginToMasterRealmAdminConsoleAs(adminUser);
|
||||||
testContext.setAdminLoggedIn(true);
|
testContext.setAdminLoggedIn(true);
|
||||||
} else {
|
|
||||||
// adminConsoleRealmPage.navigateTo();
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -17,13 +17,27 @@
|
||||||
*/
|
*/
|
||||||
package org.keycloak.testsuite.console.realm;
|
package org.keycloak.testsuite.console.realm;
|
||||||
|
|
||||||
|
import org.hamcrest.Matchers;
|
||||||
import org.jboss.arquillian.graphene.page.Page;
|
import org.jboss.arquillian.graphene.page.Page;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
import org.keycloak.authentication.actiontoken.resetcred.ResetCredentialsActionToken;
|
||||||
|
import org.keycloak.authentication.actiontoken.verifyemail.VerifyEmailActionToken;
|
||||||
|
import org.keycloak.models.jpa.entities.RealmAttributes;
|
||||||
|
import org.keycloak.testsuite.auth.page.account.Account;
|
||||||
import org.keycloak.testsuite.console.page.realm.TokenSettings;
|
import org.keycloak.testsuite.console.page.realm.TokenSettings;
|
||||||
|
import org.keycloak.testsuite.console.page.users.UserAttributes;
|
||||||
|
import org.keycloak.testsuite.pages.VerifyEmailPage;
|
||||||
|
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
import java.util.Objects;
|
||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
|
|
||||||
|
import static org.junit.Assert.assertEquals;
|
||||||
|
import static org.junit.Assert.assertNull;
|
||||||
|
import static org.junit.Assert.assertThat;
|
||||||
|
import static org.junit.Assert.assertTrue;
|
||||||
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith;
|
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith;
|
||||||
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWithLoginUrlOf;
|
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWithLoginUrlOf;
|
||||||
|
|
||||||
|
@ -36,13 +50,20 @@ public class TokensTest extends AbstractRealmTest {
|
||||||
@Page
|
@Page
|
||||||
private TokenSettings tokenSettingsPage;
|
private TokenSettings tokenSettingsPage;
|
||||||
|
|
||||||
|
@Page
|
||||||
|
private UserAttributes userAttributesPage;
|
||||||
|
|
||||||
|
@Page
|
||||||
|
protected VerifyEmailPage verifyEmailPage;
|
||||||
|
|
||||||
|
@Page
|
||||||
|
private Account testRealmAccountPage;
|
||||||
|
|
||||||
private static final int TIMEOUT = 1;
|
private static final int TIMEOUT = 1;
|
||||||
private static final TimeUnit TIME_UNIT = TimeUnit.MINUTES;
|
private static final TimeUnit TIME_UNIT = TimeUnit.MINUTES;
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void beforeTokensTest() {
|
public void beforeTokensTest() {
|
||||||
// configure().realmSettings();
|
|
||||||
// tabs().tokens();
|
|
||||||
tokenSettingsPage.navigateTo();
|
tokenSettingsPage.navigateTo();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -78,10 +99,92 @@ public class TokensTest extends AbstractRealmTest {
|
||||||
assertCurrentUrlStartsWithLoginUrlOf(testRealmPage); // assert logged out (lifespan exceeded)
|
assertCurrentUrlStartsWithLoginUrlOf(testRealmPage); // assert logged out (lifespan exceeded)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testLifespanOfVerifyEmailActionTokenPropagated() throws InterruptedException {
|
||||||
|
tokenSettingsPage.form().setOperation(VerifyEmailActionToken.TOKEN_TYPE, TIMEOUT, TimeUnit.DAYS);
|
||||||
|
tokenSettingsPage.form().save();
|
||||||
|
assertAlertSuccess();
|
||||||
|
|
||||||
|
loginToTestRealmConsoleAs(testUser);
|
||||||
|
driver.navigate().refresh();
|
||||||
|
|
||||||
|
tokenSettingsPage.navigateTo();
|
||||||
|
tokenSettingsPage.form().selectOperation(VerifyEmailActionToken.TOKEN_TYPE);
|
||||||
|
|
||||||
|
assertTrue("User action token for verify e-mail expected",
|
||||||
|
tokenSettingsPage.form().isOperationEquals(VerifyEmailActionToken.TOKEN_TYPE, TIMEOUT, TimeUnit.DAYS));
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testLifespanActionTokenPropagatedForVerifyEmailAndResetPassword() throws InterruptedException {
|
||||||
|
tokenSettingsPage.form().setOperation(VerifyEmailActionToken.TOKEN_TYPE, TIMEOUT, TimeUnit.DAYS);
|
||||||
|
tokenSettingsPage.form().setOperation(ResetCredentialsActionToken.TOKEN_TYPE, TIMEOUT, TimeUnit.HOURS);
|
||||||
|
tokenSettingsPage.form().save();
|
||||||
|
assertAlertSuccess();
|
||||||
|
|
||||||
|
loginToTestRealmConsoleAs(testUser);
|
||||||
|
driver.navigate().refresh();
|
||||||
|
|
||||||
|
tokenSettingsPage.navigateTo();
|
||||||
|
assertTrue("User action token for verify e-mail expected",
|
||||||
|
tokenSettingsPage.form().isOperationEquals(VerifyEmailActionToken.TOKEN_TYPE, TIMEOUT, TimeUnit.DAYS));
|
||||||
|
|
||||||
|
assertTrue("User action token for reset credentials expected",
|
||||||
|
tokenSettingsPage.form().isOperationEquals(ResetCredentialsActionToken.TOKEN_TYPE, TIMEOUT, TimeUnit.HOURS));
|
||||||
|
|
||||||
|
//Verify if values were properly propagated
|
||||||
|
Map<String, Integer> userActionTokens = getUserActionTokens();
|
||||||
|
|
||||||
|
assertThat("Action Token attributes list should contain 2 items", userActionTokens.entrySet(), Matchers.hasSize(2));
|
||||||
|
assertThat(userActionTokens, Matchers.hasEntry(VerifyEmailActionToken.TOKEN_TYPE, Long.toString(TimeUnit.DAYS.toSeconds(TIMEOUT))));
|
||||||
|
assertThat(userActionTokens, Matchers.hasEntry(ResetCredentialsActionToken.TOKEN_TYPE, Long.toString(TimeUnit.HOURS.toSeconds(TIMEOUT))));
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testLifespanActionTokenResetForVerifyEmail() throws InterruptedException {
|
||||||
|
tokenSettingsPage.form().setOperation(VerifyEmailActionToken.TOKEN_TYPE, TIMEOUT, TimeUnit.DAYS);
|
||||||
|
tokenSettingsPage.form().setOperation(ResetCredentialsActionToken.TOKEN_TYPE, TIMEOUT, TimeUnit.HOURS);
|
||||||
|
tokenSettingsPage.form().save();
|
||||||
|
assertAlertSuccess();
|
||||||
|
|
||||||
|
loginToTestRealmConsoleAs(testUser);
|
||||||
|
driver.navigate().refresh();
|
||||||
|
|
||||||
|
tokenSettingsPage.navigateTo();
|
||||||
|
assertTrue("User action token for verify e-mail expected",
|
||||||
|
tokenSettingsPage.form().isOperationEquals(VerifyEmailActionToken.TOKEN_TYPE, TIMEOUT, TimeUnit.DAYS));
|
||||||
|
|
||||||
|
assertTrue("User action token for reset credentials expected",
|
||||||
|
tokenSettingsPage.form().isOperationEquals(ResetCredentialsActionToken.TOKEN_TYPE, TIMEOUT, TimeUnit.HOURS));
|
||||||
|
|
||||||
|
//Remove VerifyEmailActionToken and reset attribute
|
||||||
|
tokenSettingsPage.form().resetActionToken(VerifyEmailActionToken.TOKEN_TYPE);
|
||||||
|
tokenSettingsPage.form().save();
|
||||||
|
|
||||||
|
//Verify if values were properly propagated
|
||||||
|
Map<String, Integer> userActionTokens = getUserActionTokens();
|
||||||
|
|
||||||
|
assertTrue("Action Token attributes list should contain 1 item", userActionTokens.size() == 1);
|
||||||
|
assertNull("VerifyEmailActionToken should not exist", userActionTokens.get(VerifyEmailActionToken.TOKEN_TYPE));
|
||||||
|
assertEquals("ResetCredentialsActionToken expected to be propagated",
|
||||||
|
userActionTokens.get(ResetCredentialsActionToken.TOKEN_TYPE).longValue(), TimeUnit.HOURS.toSeconds(TIMEOUT));
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
private Map<String, Integer> getUserActionTokens() {
|
||||||
|
Map<String, Integer> userActionTokens = new HashMap<>();
|
||||||
|
adminClient.realm(testRealmPage.getAuthRealm()).toRepresentation().getAttributes().entrySet().stream()
|
||||||
|
.filter(Objects::nonNull)
|
||||||
|
.filter(entry -> entry.getKey().startsWith(RealmAttributes.ACTION_TOKEN_GENERATED_BY_USER_LIFESPAN + "."))
|
||||||
|
.forEach(entry -> userActionTokens.put(entry.getKey().substring(RealmAttributes.ACTION_TOKEN_GENERATED_BY_USER_LIFESPAN.length() + 1), Integer.valueOf(entry.getValue())));
|
||||||
|
return userActionTokens;
|
||||||
|
}
|
||||||
|
|
||||||
private void waitForTimeout (int timeout) throws InterruptedException {
|
private void waitForTimeout (int timeout) throws InterruptedException {
|
||||||
log.info("Wait for timeout: " + timeout + " " + TIME_UNIT);
|
log.info("Wait for timeout: " + timeout + " " + TIME_UNIT);
|
||||||
TIME_UNIT.sleep(timeout);
|
TIME_UNIT.sleep(timeout);
|
||||||
log.info("Timeout reached");
|
log.info("Timeout reached");
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -114,6 +114,15 @@ action-token-generated-by-admin-lifespan=Default Admin-Initiated Action Lifespan
|
||||||
action-token-generated-by-admin-lifespan.tooltip=Maximum time before an action permit sent to a user by admin is expired. This value is recommended to be long to allow admins send e-mails for users that are currently offline. The default timeout can be overridden right before issuing the token.
|
action-token-generated-by-admin-lifespan.tooltip=Maximum time before an action permit sent to a user by admin is expired. This value is recommended to be long to allow admins send e-mails for users that are currently offline. The default timeout can be overridden right before issuing the token.
|
||||||
action-token-generated-by-user-lifespan=User-Initiated Action Lifespan
|
action-token-generated-by-user-lifespan=User-Initiated Action Lifespan
|
||||||
action-token-generated-by-user-lifespan.tooltip=Maximum time before an action permit sent by a user (e.g. forgot password e-mail) is expired. This value is recommended to be short because it is expected that the user would react to self-created action quickly.
|
action-token-generated-by-user-lifespan.tooltip=Maximum time before an action permit sent by a user (e.g. forgot password e-mail) is expired. This value is recommended to be short because it is expected that the user would react to self-created action quickly.
|
||||||
|
|
||||||
|
action-token-generated-by-user.execute-actions=Execute Actions
|
||||||
|
action-token-generated-by-user.idp-verify-account-via-email=IdP Account E-mail Verification
|
||||||
|
action-token-generated-by-user.reset-credentials=Forgot Password
|
||||||
|
action-token-generated-by-user.verify-email=E-mail Verification
|
||||||
|
action-token-generated-by-user.tooltip=Override default settings of maximum time before an action permit sent by a user (e.g. forgot password e-mail) is expired for specific action. This value is recommended to be short because it is expected that the user would react to self-created action quickly.
|
||||||
|
action-token-generated-by-user.reset=Reset
|
||||||
|
action-token-generated-by-user.operation=Override User-Initiated Action Lifespan
|
||||||
|
|
||||||
client-login-timeout=Client login timeout
|
client-login-timeout=Client login timeout
|
||||||
client-login-timeout.tooltip=Max time an client has to finish the access token protocol. This should normally be 1 minute.
|
client-login-timeout.tooltip=Max time an client has to finish the access token protocol. This should normally be 1 minute.
|
||||||
login-timeout=Login timeout
|
login-timeout=Login timeout
|
||||||
|
|
|
@ -195,6 +195,9 @@ module.config([ '$routeProvider', function($routeProvider) {
|
||||||
.when('/realms/:realm/token-settings', {
|
.when('/realms/:realm/token-settings', {
|
||||||
templateUrl : resourceUrl + '/partials/realm-tokens.html',
|
templateUrl : resourceUrl + '/partials/realm-tokens.html',
|
||||||
resolve : {
|
resolve : {
|
||||||
|
serverInfo : function(ServerInfoLoader) {
|
||||||
|
return ServerInfoLoader();
|
||||||
|
},
|
||||||
realm : function(RealmLoader) {
|
realm : function(RealmLoader) {
|
||||||
return RealmLoader();
|
return RealmLoader();
|
||||||
}
|
}
|
||||||
|
|
|
@ -1065,8 +1065,10 @@ module.controller('RealmIdentityProviderExportCtrl', function(realm, identityPro
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
module.controller('RealmTokenDetailCtrl', function($scope, Realm, realm, $http, $location, $route, Dialog, Notifications, TimeUnit, TimeUnit2) {
|
module.controller('RealmTokenDetailCtrl', function($scope, Realm, realm, $http, $location, $route, Dialog, Notifications, TimeUnit, TimeUnit2, serverInfo) {
|
||||||
$scope.realm = realm;
|
$scope.realm = realm;
|
||||||
|
$scope.serverInfo = serverInfo;
|
||||||
|
$scope.actionTokenProviders = $scope.serverInfo.providers.actionTokenHandler.providers;
|
||||||
|
|
||||||
$scope.realm.accessTokenLifespan = TimeUnit2.asUnit(realm.accessTokenLifespan);
|
$scope.realm.accessTokenLifespan = TimeUnit2.asUnit(realm.accessTokenLifespan);
|
||||||
$scope.realm.accessTokenLifespanForImplicitFlow = TimeUnit2.asUnit(realm.accessTokenLifespanForImplicitFlow);
|
$scope.realm.accessTokenLifespanForImplicitFlow = TimeUnit2.asUnit(realm.accessTokenLifespanForImplicitFlow);
|
||||||
|
@ -1078,6 +1080,7 @@ module.controller('RealmTokenDetailCtrl', function($scope, Realm, realm, $http,
|
||||||
$scope.realm.accessCodeLifespanUserAction = TimeUnit2.asUnit(realm.accessCodeLifespanUserAction);
|
$scope.realm.accessCodeLifespanUserAction = TimeUnit2.asUnit(realm.accessCodeLifespanUserAction);
|
||||||
$scope.realm.actionTokenGeneratedByAdminLifespan = TimeUnit2.asUnit(realm.actionTokenGeneratedByAdminLifespan);
|
$scope.realm.actionTokenGeneratedByAdminLifespan = TimeUnit2.asUnit(realm.actionTokenGeneratedByAdminLifespan);
|
||||||
$scope.realm.actionTokenGeneratedByUserLifespan = TimeUnit2.asUnit(realm.actionTokenGeneratedByUserLifespan);
|
$scope.realm.actionTokenGeneratedByUserLifespan = TimeUnit2.asUnit(realm.actionTokenGeneratedByUserLifespan);
|
||||||
|
$scope.realm.attributes = realm.attributes
|
||||||
|
|
||||||
var oldCopy = angular.copy($scope.realm);
|
var oldCopy = angular.copy($scope.realm);
|
||||||
$scope.changed = false;
|
$scope.changed = false;
|
||||||
|
@ -1088,6 +1091,17 @@ module.controller('RealmTokenDetailCtrl', function($scope, Realm, realm, $http,
|
||||||
}
|
}
|
||||||
}, true);
|
}, true);
|
||||||
|
|
||||||
|
$scope.$watch('actionLifespanId', function () {
|
||||||
|
$scope.actionTokenAttribute = TimeUnit2.asUnit($scope.realm.attributes['actionTokenGeneratedByUserLifespan.' + $scope.actionLifespanId]);
|
||||||
|
}, true);
|
||||||
|
|
||||||
|
$scope.$watch('actionTokenAttribute', function () {
|
||||||
|
if ($scope.actionLifespanId != null && $scope.actionTokenAttribute != null) {
|
||||||
|
$scope.changed = true;
|
||||||
|
$scope.realm.attributes['actionTokenGeneratedByUserLifespan.' + $scope.actionLifespanId] = $scope.actionTokenAttribute.toSeconds();
|
||||||
|
}
|
||||||
|
}, true);
|
||||||
|
|
||||||
$scope.changeRevokeRefreshToken = function() {
|
$scope.changeRevokeRefreshToken = function() {
|
||||||
|
|
||||||
};
|
};
|
||||||
|
@ -1110,6 +1124,13 @@ module.controller('RealmTokenDetailCtrl', function($scope, Realm, realm, $http,
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
|
$scope.resetToDefaultToken = function (actionTokenId) {
|
||||||
|
$scope.actionTokenAttribute = {};
|
||||||
|
delete $scope.realm.attributes['actionTokenGeneratedByUserLifespan.' + $scope.actionLifespanId];
|
||||||
|
//Only for UI effects, resets to the original state
|
||||||
|
$scope.actionTokenAttribute.unit = 'Minutes';
|
||||||
|
}
|
||||||
|
|
||||||
$scope.reset = function() {
|
$scope.reset = function() {
|
||||||
$route.reload();
|
$route.reload();
|
||||||
};
|
};
|
||||||
|
|
|
@ -187,6 +187,32 @@
|
||||||
</kc-tooltip>
|
</kc-tooltip>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<div class="form-group">
|
||||||
|
<label class="col-md-2 control-label" for="actionTokenAttributeSelect" class="two-lines">
|
||||||
|
{{:: 'action-token-generated-by-user.operation' | translate }} </label>
|
||||||
|
<div class="form-inline col-md-6 time-selector">
|
||||||
|
<select class="form-control" name="actionTokenAttributeSelect" id="actionTokenAttributeSelect"
|
||||||
|
ng-model="actionLifespanId">
|
||||||
|
<option value="" disabled selected>{{:: 'select-one.placeholder' | translate}}</option>
|
||||||
|
<option ng-repeat="(actionTokenId, value) in actionTokenProviders" value="{{actionTokenId}}">
|
||||||
|
{{:: 'action-token-generated-by-user.' + actionTokenId | translate }}
|
||||||
|
</option>
|
||||||
|
</select>
|
||||||
|
<input class="form-control" type="number" min="1" max="31536000" data-ng-model="actionTokenAttribute.time"
|
||||||
|
id="actionTokenAttributeTime" name="actionTokenAttributeTime">
|
||||||
|
<select class="form-control" name="actionTokenAttributeUnit"
|
||||||
|
data-ng-model="actionTokenAttribute.unit">
|
||||||
|
<option value="Minutes" ng-selected="true">{{:: 'minutes' | translate}}</option>
|
||||||
|
<option value="Hours">{{:: 'hours' | translate}}</option>
|
||||||
|
<option value="Days">{{:: 'days' | translate}}</option>
|
||||||
|
</select>
|
||||||
|
<button data-ng-click="resetToDefaultToken(actionTokenId)">{{:: 'action-token-generated-by-user.reset' | translate}}</button>
|
||||||
|
</div>
|
||||||
|
<kc-tooltip>
|
||||||
|
{{:: 'action-token-generated-by-user.tooltip' | translate}}
|
||||||
|
</kc-tooltip>
|
||||||
|
</div>
|
||||||
|
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<div class="col-md-10 col-md-offset-2" data-ng-show="access.manageRealm">
|
<div class="col-md-10 col-md-offset-2" data-ng-show="access.manageRealm">
|
||||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||||
|
|
Loading…
Reference in a new issue