Merge pull request #633 from patriot1burke/master

social fixes

docbook/reference/en/en-US/modules/social-facebook.xml

@@ -18,7 +18,8 @@
         </listitem>
         <listitem>
             <para>
-                Once the app has been created click on <literal>Settings</literal> in sidebar on the left. Then click
+                Once the app has been created click on <literal>Settings</literal> in sidebar on the left. You must specify
+                a contact email.  Save your changes.  Then click
                 on <literal>Advanced</literal>. Under <literal>Security</literal> make sure
                 <literal>Client OAuth Login</literal> is enabled. In <literal>Valid OAuth redirect URIs</literal> insert
                 the <link linkend="social-callbackurl">social callback url</link>. Scroll down and click on the
@@ -28,7 +29,8 @@
         <listitem>
             <para>
                 Click <literal>Status &amp; Review</literal> and select <literal>YES</literal> for <literal>Do you want
-                to make this app and all its live features available to the general public?</literal>.
+                to make this app and all its live features available to the general public?</literal>.  You will
+                not be able to set this until you have provided a contact email in the general settings of this application.
             </para>
         </listitem>
         <listitem>

docbook/reference/en/en-US/modules/social-github.xml

@@ -1,7 +1,7 @@
 <section id="social-github">
     <title>GitHub</title>
     <para>
-        To enable login with Google you first have to create an application in
+        To enable login with GitHub you first have to create an application in
         <ulink url="https://github.com/settings/applications">GitHub Settings</ulink>. Then you need to copy
         the client id and secret into the Keycloak Admin Console.
     </para>

docbook/reference/en/en-US/modules/social-twitter.xml

@@ -22,7 +22,7 @@
         </listitem>
         <listitem>
             <para>
-                Now click <literal>Details</literal>. Copy <literal>Consumer key</literal> and <literal>Consumer secret</literal> from the
+                Now click <literal>API Keys</literal> tab. Copy <literal>API key</literal> and <literal>API secret</literal> from the
                 <ulink url="https://dev.twitter.com/apps">Twitter Developer Console</ulink> into the settings
                 page in the Keycloak Admin Console as the <literal>Key</literal> and <literal>Secret</literal>. Then click
                 <literal>Save</literal> in the Keycloak Admin Console to enable login with Twitter.

forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-default-roles.html

@@ -6,7 +6,7 @@
     </ul>
     <h2></h2>
     <div id="content">
-        <h2><span>{{realm.realm}}</span> Default Roles <span tooltip-placement="right" tooltip="Role mappings to assign to newly created users." class="fa fa-info-circle"></span></h2>
+        <h2><span>{{realm.realm}}</span> Default Roles <span tooltip-placement="right" tooltip="Role mappings to assign to newly created users.  This includes registration, social login, and users created in the admin console." class="fa fa-info-circle"></span></h2>
         <form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageRealm">
             <fieldset>
                 <legend><span class="text">Realm Default Roles</span> </legend>

services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java

@@ -4,6 +4,8 @@ import org.jboss.logging.Logger;
 import org.jboss.resteasy.annotations.cache.NoCache;
 import org.jboss.resteasy.spi.BadRequestException;
 import org.jboss.resteasy.spi.NotFoundException;
+import org.keycloak.ClientConnection;
+import org.keycloak.audit.Details;
 import org.keycloak.email.EmailException;
 import org.keycloak.email.EmailProvider;
 import org.keycloak.models.ApplicationModel;
@@ -72,6 +74,9 @@ public class UsersResource {
 
     private TokenManager tokenManager;
 
+    @Context
+    protected ClientConnection clientConnection;
+
     @Context
     protected UriInfo uriInfo;
 
@@ -828,7 +833,10 @@ public class UsersResource {
             return Flows.errors().error("AccountProvider management not enabled", Response.Status.INTERNAL_SERVER_ERROR);
         }
 
-        AccessCode accessCode = tokenManager.createAccessCode(scope, state, redirect, session, realm, client, user, null);
+        UserSessionModel userSession = session.sessions().createUserSession(realm, user, username, clientConnection.getRemoteAddr(), "form", false);
+        //audit.session(userSession);
+
+        AccessCode accessCode = tokenManager.createAccessCode(null, state, redirect, session, realm, client, user, userSession);
         accessCode.setRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
 
         try {
@@ -838,8 +846,9 @@ public class UsersResource {
             String link = builder.build(realm.getName()).toString();
             long expiration = TimeUnit.SECONDS.toMinutes(realm.getAccessCodeLifespanUserAction());
 
-            session.getProvider(EmailProvider.class).setRealm(realm).setUser(user).sendPasswordReset(link, expiration);
+            this.session.getProvider(EmailProvider.class).setRealm(realm).setUser(user).sendPasswordReset(link, expiration);
 
+            //audit.user(user).detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID, accessCode.getCodeId()).success();
             return Response.ok().build();
         } catch (EmailException e) {
             logger.error("Failed to send password reset email", e);

social/facebook/pom.xml

@@ -25,5 +25,10 @@
             <artifactId>jackson-mapper-asl</artifactId>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.jboss.logging</groupId>
+            <artifactId>jboss-logging</artifactId>
+            <scope>provided</scope>
+        </dependency>
     </dependencies>
 </project>

social/facebook/src/main/java/org/keycloak/social/facebook/FacebookProvider.java

@@ -1,6 +1,7 @@
 package org.keycloak.social.facebook;
 
 import org.codehaus.jackson.JsonNode;
+import org.jboss.logging.Logger;
 import org.keycloak.social.AbstractOAuth2Provider;
 import org.keycloak.social.SocialProviderException;
 import org.keycloak.social.SocialUser;
@@ -10,6 +11,7 @@ import org.keycloak.social.utils.SimpleHttp;
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
  */
 public class FacebookProvider extends AbstractOAuth2Provider {
+    protected static final Logger logger = Logger.getLogger(FacebookProvider.class);
 
     private static final String ID = "facebook";
     private static final String NAME = "Facebook";
@@ -50,10 +52,20 @@ public class FacebookProvider extends AbstractOAuth2Provider {
         try {
             JsonNode profile = SimpleHttp.doGet(PROFILE_URL).header("Authorization", "Bearer " + accessToken).asJson();
 
-            SocialUser user = new SocialUser(profile.get("id").getTextValue(), profile.get("username").getTextValue());
+
+            JsonNode id = profile.get("id");
+            JsonNode username = profile.get("username");
+            JsonNode email = profile.get("email");
+
+            //logger.info("email is null: " + email == null);
+            //logger.info("username is null: " + username == null);
+
+            if (username == null) username = email == null ? id : email;
+
+            SocialUser user = new SocialUser(id.getTextValue(), username.getTextValue());
             user.setName(profile.has("first_name") ? profile.get("first_name").getTextValue() : null,
                     profile.has("last_name") ? profile.get("last_name").getTextValue() : null);
-            user.setEmail(profile.has("email") ? profile.get("email").getTextValue() : null);
+            user.setEmail(profile.has("email") ? email.getTextValue() : null);
 
             return user;
         } catch (Exception e) {