libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Added option on realm to allow reset password via email

Browse source
This commit is contained in:
Stian Thorgersen 2013-09-20 12:53:44 +01:00
parent cdce046711
commit 32fcd46e08
10 changed files with 153 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
View file

@ -20,6 +20,7 @@ public class RealmRepresentation {
protected boolean cookieLoginAllowed;
protected boolean registrationAllowed;
protected boolean verifyEmail;
protected boolean resetPasswordAllowed;
protected boolean social;
protected boolean automaticRegistrationAfterSocialLogin;
protected String privateKey;
@ -248,6 +249,14 @@ public class RealmRepresentation {
this.verifyEmail = verifyEmail;
}
public boolean isResetPasswordAllowed() {
return resetPasswordAllowed;
}
public void setResetPasswordAllowed(boolean resetPassword) {
this.resetPasswordAllowed = resetPassword;
}
public boolean isSocial() {
return social;
}

14
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -73,6 +73,7 @@ public class RealmManager {
realm.setCookieLoginAllowed(rep.isCookieLoginAllowed());
realm.setRegistrationAllowed(rep.isRegistrationAllowed());
realm.setVerifyEmail(rep.isVerifyEmail());
realm.setResetPasswordAllowed(rep.isResetPasswordAllowed());
realm.setAutomaticRegistrationAfterSocialLogin(rep.isAutomaticRegistrationAfterSocialLogin());
realm.setSslNotRequired((rep.isSslNotRequired()));
realm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
@ -112,6 +113,7 @@ public class RealmManager {
newRealm.setCookieLoginAllowed(rep.isCookieLoginAllowed());
newRealm.setRegistrationAllowed(rep.isRegistrationAllowed());
newRealm.setVerifyEmail(rep.isVerifyEmail());
newRealm.setResetPasswordAllowed(rep.isResetPasswordAllowed());
newRealm.setAutomaticRegistrationAfterSocialLogin(rep.isAutomaticRegistrationAfterSocialLogin());
if (rep.getPrivateKey() == null || rep.getPublicKey() == null) {
generateRealmKeys(newRealm);
@ -341,11 +343,23 @@ public class RealmManager {
rep.setSslNotRequired(realm.isSslNotRequired());
rep.setCookieLoginAllowed(realm.isCookieLoginAllowed());
rep.setPublicKey(realm.getPublicKeyPem());
rep.setPrivateKey(realm.getPrivateKeyPem());
rep.setRegistrationAllowed(realm.isRegistrationAllowed());
rep.setVerifyEmail(realm.isVerifyEmail());
rep.setResetPasswordAllowed(realm.isResetPasswordAllowed());
rep.setTokenLifespan(realm.getTokenLifespan());
rep.setAccessCodeLifespan(realm.getAccessCodeLifespan());
rep.setAccessCodeLifespanUserAction(realm.getAccessCodeLifespanUserAction());
List<RoleModel> defaultRoles = realm.getDefaultRoles();
if (defaultRoles.size() > 0) {
String[] d = new String[defaultRoles.size()];
for (int i = 0; i < d.length; i++) {
d[i] = defaultRoles.get(i).getName();
}
rep.setDefaultRoles(d);
}
List<RequiredCredentialModel> requiredCredentialModels = realm.getRequiredCredentials();
if (requiredCredentialModels.size() > 0) {
rep.setRequiredCredentials(new HashSet<String>());

4
services/src/main/java/org/keycloak/services/models/RealmModel.java
View file

@ -39,6 +39,10 @@ public interface RealmModel {
void setVerifyEmail(boolean verifyEmail);
boolean isResetPasswordAllowed();
void setResetPasswordAllowed(boolean resetPasswordAllowed);
int getTokenLifespan();
void setTokenLifespan(int tokenLifespan);

11
services/src/main/java/org/keycloak/services/models/picketlink/RealmAdapter.java
View file

@ -177,6 +177,17 @@ public class RealmAdapter implements RealmModel {
updateRealm();
}
@Override
public boolean isResetPasswordAllowed() {
return realm.isResetPasswordAllowed();
}
@Override
public void setResetPasswordAllowed(boolean resetPassword) {
realm.setResetPasswordAllowed(resetPassword);
updateRealm();
}
@Override
public int getTokenLifespan() {
return realm.getTokenLifespan();

9
services/src/main/java/org/keycloak/services/models/picketlink/mappings/RealmData.java
View file

@ -14,6 +14,7 @@ public class RealmData extends AbstractPartition {
private boolean cookieLoginAllowed;
private boolean registrationAllowed;
private boolean verifyEmail;
private boolean resetPasswordAllowed;
private boolean social;
private boolean automaticRegistrationAfterSocialLogin;
private int tokenLifespan;
@ -101,6 +102,14 @@ public class RealmData extends AbstractPartition {
this.verifyEmail = verifyEmail;
}
public boolean isResetPasswordAllowed() {
return resetPasswordAllowed;
}
public void setResetPasswordAllowed(boolean resetPassword) {
this.resetPasswordAllowed = resetPassword;
}
@AttributeProperty
public int getTokenLifespan() {
return tokenLifespan;

10
services/src/main/java/org/keycloak/services/models/picketlink/mappings/RealmEntity.java
View file

@ -37,6 +37,8 @@ public class RealmEntity implements Serializable {
@AttributeValue
private boolean verifyEmail;
@AttributeValue
private boolean resetPasswordAllowed;
@AttributeValue
private boolean social;
@AttributeValue
private boolean automaticRegistrationAfterSocialLogin;
@ -112,6 +114,14 @@ public class RealmEntity implements Serializable {
this.verifyEmail = verifyEmail;
}
public boolean isResetPasswordAllowed() {
return resetPasswordAllowed;
}
public void setResetPasswordAllowed(boolean resetPassword) {
this.resetPasswordAllowed = resetPassword;
}
public boolean isSocial() {
return social;
}

4
services/src/main/java/org/keycloak/services/resources/AccountService.java
View file

@ -347,6 +347,10 @@ public class AccountService {
if (!realm.isEnabled()) {
return oauth.forwardToSecurityFailure("Realm not enabled.");
}
if (!realm.isResetPasswordAllowed()) {
return oauth.forwardToSecurityFailure("Password reset not permitted, contact admin.");
}
UserModel client = realm.getUser(clientId);
if (client == null) {
return oauth.forwardToSecurityFailure("Unknown login requester.");

88
services/src/test/java/org/keycloak/test/ModelTest.java Normal file
View file

@ -0,0 +1,88 @@
package org.keycloak.test;
import java.util.Iterator;
import java.util.List;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.models.KeycloakSession;
import org.keycloak.services.models.KeycloakSessionFactory;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.resources.KeycloakApplication;
public class ModelTest extends AbstractKeycloakServerTest {
private KeycloakSessionFactory factory;
private KeycloakSession identitySession;
private RealmManager manager;
@Before
public void before() throws Exception {
factory = KeycloakApplication.buildSessionFactory();
identitySession = factory.createSession();
identitySession.getTransaction().begin();
manager = new RealmManager(identitySession);
}
@Test
public void importExportRealm() {
RealmModel realm = manager.createRealm("original");
realm.setCookieLoginAllowed(true);
realm.setRegistrationAllowed(true);
realm.setResetPasswordAllowed(true);
realm.setSocial(true);
realm.setSslNotRequired(true);
realm.setVerifyEmail(true);
realm.setTokenLifespan(1000);
realm.setAccessCodeLifespan(1001);
realm.setAccessCodeLifespanUserAction(1002);
realm.setPublicKeyPem("0234234");
realm.setPrivateKeyPem("1234234");
realm.addDefaultRole("default-role");
RealmModel peristed = manager.getRealm(realm.getId());
assertEquals(realm, peristed);
RealmModel copy = importExport(realm, "copy");
assertEquals(realm, copy);
}
public static void assertEquals(RealmModel expected, RealmModel actual) {
Assert.assertEquals(expected.isAutomaticRegistrationAfterSocialLogin(),
actual.isAutomaticRegistrationAfterSocialLogin());
Assert.assertEquals(expected.isCookieLoginAllowed(), actual.isCookieLoginAllowed());
Assert.assertEquals(expected.isRegistrationAllowed(), actual.isRegistrationAllowed());
Assert.assertEquals(expected.isResetPasswordAllowed(), actual.isResetPasswordAllowed());
Assert.assertEquals(expected.isSocial(), actual.isSocial());
Assert.assertEquals(expected.isSslNotRequired(), actual.isSslNotRequired());
Assert.assertEquals(expected.isVerifyEmail(), actual.isVerifyEmail());
Assert.assertEquals(expected.getTokenLifespan(), actual.getTokenLifespan());
Assert.assertEquals(expected.getAccessCodeLifespan(), actual.getAccessCodeLifespan());
Assert.assertEquals(expected.getAccessCodeLifespanUserAction(), actual.getAccessCodeLifespanUserAction());
Assert.assertEquals(expected.getPublicKeyPem(), actual.getPublicKeyPem());
Assert.assertEquals(expected.getPrivateKeyPem(), actual.getPrivateKeyPem());
assertEquals(expected.getDefaultRoles(), actual.getDefaultRoles());
}
public static void assertEquals(List<RoleModel> expected, List<RoleModel> actual) {
Assert.assertEquals(expected.size(), actual.size());
Iterator<RoleModel> exp = expected.iterator();
Iterator<RoleModel> act = actual.iterator();
while (exp.hasNext()) {
Assert.assertEquals(exp.next().getName(), act.next().getName());
}
}
private RealmModel importExport(RealmModel src, String copyName) {
RealmRepresentation representation = manager.toRepresentation(src);
RealmModel copy = manager.createRealm(copyName);
manager.importRealm(representation, copy);
return manager.getRealm(copy.getId());
}
}

3
testsuite/src/test/java/org/keycloak/testsuite/ResetPasswordTest.java
View file

@ -61,12 +61,15 @@ public class ResetPasswordTest extends AbstractDroneTest {
Assert.assertTrue(loginPage.isCurrent());
// TODO Replace with clicking reset password link when added
String url = browser.getCurrentUrl();
url = url.replace("tokens/login", "account/password-reset");
url = url + "&username=bburke@redhat.com";
browser.navigate().to(url);
Assert.assertEquals(1, greenMail.getReceivedMessages().length);
MimeMessage message = greenMail.getReceivedMessages()[0];
String body = (String) message.getContent();

1
testsuite/src/test/resources/testrealm.json
View file

@ -7,6 +7,7 @@
"sslNotRequired": true,
"cookieLoginAllowed": true,
"registrationAllowed": true,
"resetPasswordAllowed": true,
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"requiredCredentials": [ "password" ],