KEYCLOAK-1927
This commit is contained in:
Sebastian Rose
parent
4c554b4af6
commit
173c112f8e
2 changed files with 51 additions and 12 deletions
|
|
@ -120,6 +120,16 @@ public class OIDCLoginProtocolService {
|
|||
return endpoint.register();
|
||||
}
|
||||
|
||||
/**
|
||||
* Forgot-Credentials endpoint
|
||||
*/
|
||||
@Path("forgot-credentials")
|
||||
public Object forgotCredentialsPage() {
|
||||
AuthorizationEndpoint endpoint = new AuthorizationEndpoint(authManager, realm, event);
|
||||
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
||||
return endpoint.forgotCredentials();
|
||||
}
|
||||
|
||||
/**
|
||||
* Token endpoint
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ public class AuthorizationEndpoint {
|
|||
public static final String CODE_AUTH_TYPE = "code";
|
||||
|
||||
private enum Action {
|
||||
REGISTER, CODE
|
||||
REGISTER, CODE, FORGOT_CREDENTIALS
|
||||
}
|
||||
|
||||
@Context
|
||||
|
|
@ -118,6 +118,8 @@ public class AuthorizationEndpoint {
|
|||
switch (action) {
|
||||
case REGISTER:
|
||||
return buildRegister();
|
||||
case FORGOT_CREDENTIALS:
|
||||
return buildForgotCredential();
|
||||
case CODE:
|
||||
return buildAuthorizationCodeAuthorizationResponse();
|
||||
}
|
||||
|
|
@ -145,6 +147,17 @@ public class AuthorizationEndpoint {
|
|||
return this;
|
||||
}
|
||||
|
||||
public AuthorizationEndpoint forgotCredentials() {
|
||||
event.event(EventType.RESET_PASSWORD);
|
||||
action = Action.FORGOT_CREDENTIALS;
|
||||
|
||||
if (!realm.isResetPasswordAllowed()) {
|
||||
throw new ErrorPageException(session, Messages.RESET_CREDENTIAL_NOT_ALLOWED);
|
||||
}
|
||||
|
||||
return this;
|
||||
}
|
||||
|
||||
private void checkSsl() {
|
||||
if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
|
||||
event.error(Errors.SSL_REQUIRED);
|
||||
|
|
@ -266,17 +279,7 @@ public class AuthorizationEndpoint {
|
|||
|
||||
AuthenticationFlowModel flow = realm.getBrowserFlow();
|
||||
String flowId = flow.getId();
|
||||
AuthenticationProcessor processor = new AuthenticationProcessor();
|
||||
processor.setClientSession(clientSession)
|
||||
.setFlowPath(LoginActionsService.AUTHENTICATE_PATH)
|
||||
.setFlowId(flowId)
|
||||
.setConnection(clientConnection)
|
||||
.setEventBuilder(event)
|
||||
.setProtector(authManager.getProtector())
|
||||
.setRealm(realm)
|
||||
.setSession(session)
|
||||
.setUriInfo(uriInfo)
|
||||
.setRequest(request);
|
||||
AuthenticationProcessor processor = createProcessor(flowId, LoginActionsService.AUTHENTICATE_PATH);
|
||||
|
||||
Response challenge = null;
|
||||
try {
|
||||
|
|
@ -312,6 +315,32 @@ public class AuthorizationEndpoint {
|
|||
.createRegistration();
|
||||
}
|
||||
|
||||
private Response buildForgotCredential() {
|
||||
authManager.expireIdentityCookie(realm, uriInfo, clientConnection);
|
||||
|
||||
AuthenticationFlowModel flow = realm.getResetCredentialsFlow();
|
||||
String flowId = flow.getId();
|
||||
|
||||
AuthenticationProcessor processor = createProcessor(flowId, LoginActionsService.RESET_CREDENTIALS_PATH);
|
||||
|
||||
return processor.authenticate();
|
||||
}
|
||||
|
||||
private AuthenticationProcessor createProcessor(String flowId, String flowPath) {
|
||||
AuthenticationProcessor processor = new AuthenticationProcessor();
|
||||
processor.setClientSession(clientSession)
|
||||
.setFlowPath(flowPath)
|
||||
.setFlowId(flowId)
|
||||
.setConnection(clientConnection)
|
||||
.setEventBuilder(event)
|
||||
.setProtector(authManager.getProtector())
|
||||
.setRealm(realm)
|
||||
.setSession(session)
|
||||
.setUriInfo(uriInfo)
|
||||
.setRequest(request);
|
||||
return processor;
|
||||
}
|
||||
|
||||
private Response buildRedirectToIdentityProvider(String providerId, String accessCode) {
|
||||
logger.debug("Automatically redirect to identity provider: " + providerId);
|
||||
return Response.temporaryRedirect(
|
||||
|
|
|
|||
Loading…
Reference in a new issue