From 38857cf2e6a8b8c796e9cce0a52950df962b8a05 Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Mon, 7 Jul 2014 16:23:53 +0100 Subject: [PATCH] Remove notBefore from users --- .../src/main/java/org/keycloak/models/UserModel.java | 3 --- .../org/keycloak/models/entities/UserEntity.java | 9 --------- .../java/org/keycloak/models/cache/UserAdapter.java | 12 ------------ .../keycloak/models/cache/entities/CachedUser.java | 6 ------ .../java/org/keycloak/models/jpa/UserAdapter.java | 10 ---------- .../org/keycloak/models/jpa/entities/UserEntity.java | 8 -------- .../models/mongo/keycloak/adapters/UserAdapter.java | 10 ---------- .../services/managers/AuthenticationManager.java | 5 ----- .../org/keycloak/services/managers/TokenManager.java | 2 +- .../services/resources/admin/UsersResource.java | 2 -- 10 files changed, 1 insertion(+), 66 deletions(-) diff --git a/model/api/src/main/java/org/keycloak/models/UserModel.java b/model/api/src/main/java/org/keycloak/models/UserModel.java index 08c02a3f3e..621148e09e 100755 --- a/model/api/src/main/java/org/keycloak/models/UserModel.java +++ b/model/api/src/main/java/org/keycloak/models/UserModel.java @@ -58,9 +58,6 @@ public interface UserModel { void setTotp(boolean totp); - int getNotBefore(); - void setNotBefore(int notBefore); - void updateCredential(UserCredentialModel cred); List getCredentialsDirectly(); diff --git a/model/api/src/main/java/org/keycloak/models/entities/UserEntity.java b/model/api/src/main/java/org/keycloak/models/entities/UserEntity.java index d1bd1578fc..2297eed38b 100644 --- a/model/api/src/main/java/org/keycloak/models/entities/UserEntity.java +++ b/model/api/src/main/java/org/keycloak/models/entities/UserEntity.java @@ -18,7 +18,6 @@ public class UserEntity extends AbstractIdentifiableEntity { private boolean emailVerified; private boolean totp; private boolean enabled; - private int notBefore; private String realmId; @@ -86,14 +85,6 @@ public class UserEntity extends AbstractIdentifiableEntity { this.enabled = enabled; } - public int getNotBefore() { - return notBefore; - } - - public void setNotBefore(int notBefore) { - this.notBefore = notBefore; - } - public String getRealmId() { return realmId; } diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserAdapter.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserAdapter.java index b586df5a7a..b48e1c5d37 100755 --- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserAdapter.java +++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserAdapter.java @@ -172,18 +172,6 @@ public class UserAdapter implements UserModel { updated.setTotp(totp); } - @Override - public int getNotBefore() { - if (updated != null) return updated.getNotBefore(); - return cached.getNotBefore(); - } - - @Override - public void setNotBefore(int notBefore) { - getDelegateForUpdate(); - updated.setNotBefore(notBefore); - } - @Override public void updateCredential(UserCredentialModel cred) { getDelegateForUpdate(); diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedUser.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedUser.java index bc2a338ce3..ee0318f662 100755 --- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedUser.java +++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedUser.java @@ -26,7 +26,6 @@ public class CachedUser { private String email; private String emailKey; private boolean emailVerified; - private int notBefore; private List credentials = new LinkedList(); private boolean enabled; private boolean totp; @@ -48,7 +47,6 @@ public class CachedUser { this.emailKey = realm.getId() + "." + this.email; } this.emailVerified = user.isEmailVerified(); - this.notBefore = user.getNotBefore(); this.credentials.addAll(user.getCredentialsDirectly()); this.enabled = user.isEnabled(); this.totp = user.isTotp(); @@ -91,10 +89,6 @@ public class CachedUser { return emailVerified; } - public int getNotBefore() { - return notBefore; - } - public List getCredentials() { return credentials; } diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java index 8e613bb585..290428430c 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java @@ -173,16 +173,6 @@ public class UserAdapter implements UserModel { user.setTotp(totp); } - @Override - public int getNotBefore() { - return user.getNotBefore(); - } - - @Override - public void setNotBefore(int notBefore) { - user.setNotBefore(notBefore); - } - @Override public void updateCredential(UserCredentialModel cred) { CredentialEntity credentialEntity = getCredentialEntity(user, cred.getType()); diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java index 075fc8709c..75389c94df 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java @@ -56,7 +56,6 @@ public class UserEntity { protected boolean enabled; protected boolean totp; protected boolean emailVerified; - protected int notBefore; // Hack just to workaround the fact that on MS-SQL you can't have unique constraint with multiple NULL values TODO: Find better solution (like unique index with 'where' but that's proprietary) protected String emailConstraint = KeycloakModelUtils.generateId(); @@ -194,11 +193,4 @@ public class UserEntity { this.authenticationLink = authenticationLink; } - public int getNotBefore() { - return notBefore; - } - - public void setNotBefore(int notBefore) { - this.notBefore = notBefore; - } } diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java index 003a7e61b0..0a1ba68d8d 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java @@ -70,16 +70,6 @@ public class UserAdapter extends AbstractMongoAdapter implement updateUser(); } - @Override - public int getNotBefore() { - return user.getNotBefore(); - } - - @Override - public void setNotBefore(int notBefore) { - user.setNotBefore(notBefore); - } - @Override public String getFirstName() { return user.getFirstName(); diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java index 2246803bb8..96aab65529 100755 --- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java @@ -205,11 +205,6 @@ public class AuthenticationManager { return null; } - if (token.getIssuedAt() < user.getNotBefore()) { - logger.info("Stale cookie"); - return null; - } - UserSessionModel session = realm.getUserSession(token.getSessionState()); if (!isSessionValid(realm, session)) { if (session != null) logout(realm, session, uriInfo); diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java index 5b3c0000e6..73270e9128 100755 --- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java +++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java @@ -155,7 +155,7 @@ public class TokenManager { throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Unmatching clients", "Unmatching clients"); } - if (refreshToken.getIssuedAt() < client.getNotBefore() || refreshToken.getIssuedAt() < user.getNotBefore()) { + if (refreshToken.getIssuedAt() < client.getNotBefore()) { throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Stale refresh token"); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java index bb4a4d81e7..5b503a5ffa 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java @@ -277,8 +277,6 @@ public class UsersResource { throw new NotFoundException("User not found"); } realm.removeUserSessions(user); - // set notBefore so that user will be forced to log in. - user.setNotBefore(Time.currentTime()); new ResourceAdminManager().logoutUser(uriInfo.getRequestUri(), realm, user.getId(), null); }