libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Remove notBefore from users

Browse source
This commit is contained in:
Stian Thorgersen 2014-07-07 16:23:53 +01:00
parent 0647590170
commit 38857cf2e6
10 changed files with 1 additions and 66 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
model/api/src/main/java/org/keycloak/models/UserModel.java
View file

@ -58,9 +58,6 @@ public interface UserModel {
void setTotp(boolean totp);
int getNotBefore();
void setNotBefore(int notBefore);
void updateCredential(UserCredentialModel cred);
List<UserCredentialValueModel> getCredentialsDirectly();

9
model/api/src/main/java/org/keycloak/models/entities/UserEntity.java
View file

@ -18,7 +18,6 @@ public class UserEntity extends AbstractIdentifiableEntity {
private boolean emailVerified;
private boolean totp;
private boolean enabled;
private int notBefore;
private String realmId;
@ -86,14 +85,6 @@ public class UserEntity extends AbstractIdentifiableEntity {
this.enabled = enabled;
}
public int getNotBefore() {
return notBefore;
}
public void setNotBefore(int notBefore) {
this.notBefore = notBefore;
}
public String getRealmId() {
return realmId;
}

12
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserAdapter.java vendored
View file

@ -172,18 +172,6 @@ public class UserAdapter implements UserModel {
updated.setTotp(totp);
}
@Override
public int getNotBefore() {
if (updated != null) return updated.getNotBefore();
return cached.getNotBefore();
}
@Override
public void setNotBefore(int notBefore) {
getDelegateForUpdate();
updated.setNotBefore(notBefore);
}
@Override
public void updateCredential(UserCredentialModel cred) {
getDelegateForUpdate();

6
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedUser.java vendored
View file

@ -26,7 +26,6 @@ public class CachedUser {
private String email;
private String emailKey;
private boolean emailVerified;
private int notBefore;
private List<UserCredentialValueModel> credentials = new LinkedList<UserCredentialValueModel>();
private boolean enabled;
private boolean totp;
@ -48,7 +47,6 @@ public class CachedUser {
this.emailKey = realm.getId() + "." + this.email;
}
this.emailVerified = user.isEmailVerified();
this.notBefore = user.getNotBefore();
this.credentials.addAll(user.getCredentialsDirectly());
this.enabled = user.isEnabled();
this.totp = user.isTotp();
@ -91,10 +89,6 @@ public class CachedUser {
return emailVerified;
}
public int getNotBefore() {
return notBefore;
}
public List<UserCredentialValueModel> getCredentials() {
return credentials;
}

10
model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java
View file

@ -173,16 +173,6 @@ public class UserAdapter implements UserModel {
user.setTotp(totp);
}
@Override
public int getNotBefore() {
return user.getNotBefore();
}
@Override
public void setNotBefore(int notBefore) {
user.setNotBefore(notBefore);
}
@Override
public void updateCredential(UserCredentialModel cred) {
CredentialEntity credentialEntity = getCredentialEntity(user, cred.getType());

8
model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java
View file

@ -56,7 +56,6 @@ public class UserEntity {
protected boolean enabled;
protected boolean totp;
protected boolean emailVerified;
protected int notBefore;
// Hack just to workaround the fact that on MS-SQL you can't have unique constraint with multiple NULL values TODO: Find better solution (like unique index with 'where' but that's proprietary)
protected String emailConstraint = KeycloakModelUtils.generateId();
@ -194,11 +193,4 @@ public class UserEntity {
this.authenticationLink = authenticationLink;
}
public int getNotBefore() {
return notBefore;
}
public void setNotBefore(int notBefore) {
this.notBefore = notBefore;
}
}

10
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java
View file

@ -70,16 +70,6 @@ public class UserAdapter extends AbstractMongoAdapter<MongoUserEntity> implement
updateUser();
}
@Override
public int getNotBefore() {
return user.getNotBefore();
}
@Override
public void setNotBefore(int notBefore) {
user.setNotBefore(notBefore);
}
@Override
public String getFirstName() {
return user.getFirstName();

5
services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
View file

@ -205,11 +205,6 @@ public class AuthenticationManager {
return null;
}
if (token.getIssuedAt() < user.getNotBefore()) {
logger.info("Stale cookie");
return null;
}
UserSessionModel session = realm.getUserSession(token.getSessionState());
if (!isSessionValid(realm, session)) {
if (session != null) logout(realm, session, uriInfo);

2
services/src/main/java/org/keycloak/services/managers/TokenManager.java
View file

@ -155,7 +155,7 @@ public class TokenManager {
throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Unmatching clients", "Unmatching clients");
}
if (refreshToken.getIssuedAt() < client.getNotBefore() || refreshToken.getIssuedAt() < user.getNotBefore()) {
if (refreshToken.getIssuedAt() < client.getNotBefore()) {
throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Stale refresh token");
}

2
services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
View file

@ -277,8 +277,6 @@ public class UsersResource {
throw new NotFoundException("User not found");
}
realm.removeUserSessions(user);
// set notBefore so that user will be forced to log in.
user.setNotBefore(Time.currentTime());
new ResourceAdminManager().logoutUser(uriInfo.getRequestUri(), realm, user.getId(), null);
}