finish reg

2015-06-11 21:15:53 -04:00 · 2015-06-11 21:15:53 -04:00 · 392fa21f1e
commit 392fa21f1e
parent fa99b5415d
15 changed files with 418 additions and 282 deletions
--- a/forms/common-themes/src/main/resources/theme/base/login/register.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/login/register.ftl
@ -43,6 +43,7 @@
                </div>
            </div>
            <#if passwordRequired>
            <div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('password',properties.kcFormGroupErrorClass!)}">
                <div class="${properties.kcLabelWrapperClass!}">
                    <label for="password" class="${properties.kcLabelClass!}">${msg("password")}</label>
@ -60,7 +61,7 @@
                    <input type="password" id="password-confirm" class="${properties.kcInputClass!}" name="password-confirm" />
                </div>
            </div>
-
+            </#if>
            <div class="form-group">
                <div class="${properties.kcLabelWrapperClass!}">
                    <label for="user.attributes.street" class="${properties.kcLabelClass!}">${msg("street")}</label>
--- a/forms/login-api/src/main/java/org/keycloak/login/LoginFormsProvider.java
+++ b/forms/login-api/src/main/java/org/keycloak/login/LoginFormsProvider.java
@ -71,6 +71,8 @@ public interface LoginFormsProvider extends Provider {
    public LoginFormsProvider setFormData(MultivaluedMap<String, String> formData);
    LoginFormsProvider setAttribute(String name, Object value);
    public LoginFormsProvider setStatus(Response.Status status);
    LoginFormsProvider setActionUri(URI requestUri);
--- a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/AuthenticatorConfiguredMethod.java
+++ b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/AuthenticatorConfiguredMethod.java
@ -0,0 +1,36 @@
 package org.keycloak.login.freemarker;
 import freemarker.template.TemplateMethodModelEx;
 import freemarker.template.TemplateModelException;
 import org.keycloak.authentication.Authenticator;
 import org.keycloak.authentication.AuthenticatorUtil;
 import org.keycloak.authentication.authenticators.LoginFormPasswordAuthenticatorFactory;
 import org.keycloak.models.AuthenticationExecutionModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.services.Urls;
 import java.net.URI;
 import java.util.List;
 /**
 */
 public class AuthenticatorConfiguredMethod implements TemplateMethodModelEx {
    private final RealmModel realm;
    private final UserModel user;
    private final KeycloakSession session;
    public AuthenticatorConfiguredMethod(RealmModel realm, UserModel user, KeycloakSession session) {
        this.realm = realm;
        this.user = user;
        this.session = session;
    }
    @Override
    public Object exec(List list) throws TemplateModelException {
        String providerId = list.get(0).toString();
        Authenticator authenticator = session.getProvider(Authenticator.class, providerId);
        return authenticator.configuredFor(session, realm, user);
    }
 }
--- a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginFormsProvider.java
+++ b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginFormsProvider.java
@ -3,6 +3,7 @@ package org.keycloak.login.freemarker;
 import org.jboss.logging.Logger;
 import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
 import org.keycloak.OAuth2Constants;
 import org.keycloak.authentication.AuthenticationProcessor;
 import org.keycloak.email.EmailException;
 import org.keycloak.email.EmailProvider;
 import org.keycloak.freemarker.BrowserSecurityHeaderSetup;
@ -85,6 +86,7 @@ import java.util.concurrent.TimeUnit;
    private UserModel user;
    private ClientSessionModel clientSession;
    private final Map<String, Object> attributes = new HashMap<String, Object>();
    public FreeMarkerLoginFormsProvider(KeycloakSession session, FreeMarkerUtil freeMarker) {
        this.session = session;
@ -160,8 +162,6 @@ import java.util.concurrent.TimeUnit;
            uriBuilder.replaceQueryParam(OAuth2Constants.CODE, accessCode);
        }
        Map<String, Object> attributes = new HashMap<String, Object>();
        ThemeProvider themeProvider = session.getProvider(ThemeProvider.class, "extending");
        Theme theme;
        try {
@ -207,6 +207,9 @@ import java.util.concurrent.TimeUnit;
        }
        URI baseUri = uriBuilder.build();
        attributes.put("requiredActionUrl", new RequiredActionUrlFormatterMethod(realm, baseUri));
        if (realm != null && user != null && session != null) {
            attributes.put("authenticatorConfigured", new AuthenticatorConfiguredMethod(realm, user, session));
        }
        if (realm != null) {
            attributes.put("realm", new RealmBean(realm));
@ -275,7 +278,8 @@ import java.util.concurrent.TimeUnit;
    }
    @Override
-    public Response createForm(String form, Map<String, Object> attributes) {
+    public Response createForm(String form, Map<String, Object> extraAttributes) {
        RealmModel realm = session.getContext().getRealm();
        ClientModel client = session.getContext().getClient();
        UriInfo uriInfo = session.getContext().getUri();
@ -350,6 +354,9 @@ import java.util.concurrent.TimeUnit;
                attributes.put("locale", new LocaleBean(realm, locale, b, messagesBundle));
            }
        }
        if (realm != null && user != null && session != null) {
            attributes.put("authenticatorConfigured", new AuthenticatorConfiguredMethod(realm, user, session));
        }
        try {
            String result = freeMarker.processTemplate(attributes, form, theme);
            Response.ResponseBuilder builder = Response.status(status).type(MediaType.TEXT_HTML).entity(result);
@ -393,6 +400,7 @@ import java.util.concurrent.TimeUnit;
        return createResponse(LoginFormsPages.ERROR);
    }
    public Response createOAuthGrant(ClientSessionModel clientSession) {
        this.clientSession = clientSession;
        return createResponse(LoginFormsPages.OAUTH_GRANT);
@ -475,6 +483,12 @@ import java.util.concurrent.TimeUnit;
        return this;
    }
    @Override
    public LoginFormsProvider setAttribute(String name, Object value) {
        this.attributes.put(name, value);
        return this;
    }
    @Override
    public LoginFormsProvider setStatus(Response.Status status) {
        this.status = status;
--- a/services/src/main/java/org/keycloak/authentication/Authenticator.java
+++ b/services/src/main/java/org/keycloak/authentication/Authenticator.java
@ -15,4 +15,5 @@ public interface Authenticator extends Provider {
    boolean configuredFor(KeycloakSession session, RealmModel realm, UserModel user);
    String getRequiredAction();
 }
--- a/services/src/main/java/org/keycloak/authentication/AuthenticatorUtil.java
+++ b/services/src/main/java/org/keycloak/authentication/AuthenticatorUtil.java
@ -0,0 +1,48 @@
 package org.keycloak.authentication;
 import org.keycloak.authentication.authenticators.LoginFormPasswordAuthenticatorFactory;
 import org.keycloak.authentication.authenticators.OTPFormAuthenticatorFactory;
 import org.keycloak.authentication.authenticators.SpnegoAuthenticatorFactory;
 import org.keycloak.models.AuthenticationExecutionModel;
 import org.keycloak.models.AuthenticationFlowModel;
 import org.keycloak.models.AuthenticatorModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.utils.DefaultAuthenticationFlows;
 import org.keycloak.representations.idm.CredentialRepresentation;
 /**
 * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
 * @version $Revision: 1 $
 */
 public class AuthenticatorUtil {
    public static AuthenticationExecutionModel findExecutionByAuthenticator(RealmModel realm, String flowId, String authProviderId) {
        for (AuthenticationExecutionModel model : realm.getAuthenticationExecutions(flowId)) {
            if (model.isAutheticatorFlow()) {
                AuthenticationExecutionModel recurse = findExecutionByAuthenticator(realm, model.getAuthenticator(), authProviderId);
                if (recurse != null) return recurse;
            }
            AuthenticatorModel authenticator = realm.getAuthenticatorById(model.getAuthenticator());
            if (authenticator.getProviderId().equals(authProviderId)) {
                return model;
            }
        }
        return null;
    }
    public static boolean isEnabled(RealmModel realm, String flowId, String authProviderId) {
        AuthenticationExecutionModel execution = findExecutionByAuthenticator(realm, flowId, authProviderId);
        if (execution == null) {
            return false;
        }
        return execution.isEnabled();
    }
    public static boolean isRequired(RealmModel realm, String flowId, String authProviderId) {
        AuthenticationExecutionModel execution = findExecutionByAuthenticator(realm, flowId, authProviderId);
        if (execution == null) {
            return false;
        }
        return execution.isRequired();
    }
 }
--- a/services/src/main/java/org/keycloak/authentication/actions/TermsAndConditions.java
+++ b/services/src/main/java/org/keycloak/authentication/actions/TermsAndConditions.java
@ -95,6 +95,7 @@ public class TermsAndConditions implements RequiredActionProvider, RequiredActio
    public Response invokeRequiredAction(RequiredActionContext context) {
        return context.getSession().getProvider(LoginFormsProvider.class)
                .setClientSessionCode(new ClientSessionCode(context.getRealm(), context.getClientSession()).getCode())
                .setUser(context.getUser())
                .createForm("terms.ftl", new HashMap<String, Object>());
    }
--- a/services/src/main/java/org/keycloak/authentication/authenticators/AbstractFormAuthenticator.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/AbstractFormAuthenticator.java
@ -33,6 +33,7 @@ public class AbstractFormAuthenticator {
        code.setAction(ClientSessionModel.Action.AUTHENTICATE.name());
        URI action = getActionUrl(context, code, LOGIN_FORM_ACTION);
        return context.getSession().getProvider(LoginFormsProvider.class)
                    .setUser(context.getUser())
                    .setActionUri(action)
                    .setClientSessionCode(code.getCode());
    }
--- a/services/src/main/java/org/keycloak/authentication/authenticators/LoginFormPasswordAuthenticator.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/LoginFormPasswordAuthenticator.java
@ -27,7 +27,7 @@ public class LoginFormPasswordAuthenticator extends LoginFormUsernameAuthenticat
    @Override
    public void authenticate(AuthenticatorContext context) {
-        if (!isAction(context, LOGIN_FORM_ACTION)) {
+        if (!isAction(context, LOGIN_FORM_ACTION) && !isAction(context, REGISTRATION_FORM_ACTION)) {
            context.failure(AuthenticationProcessor.Error.INTERNAL_ERROR);
            return;
        }
@ -35,7 +35,7 @@ public class LoginFormPasswordAuthenticator extends LoginFormUsernameAuthenticat
    }
    public void validatePassword(AuthenticatorContext context) {
-        MultivaluedMap<String, String> inputData = context.getHttpRequest().getFormParameters();
+        MultivaluedMap<String, String> inputData = context.getHttpRequest().getDecodedFormParameters();
        List<UserCredentialModel> credentials = new LinkedList<>();
        String password = inputData.getFirst(CredentialRepresentation.PASSWORD);
        if (password == null) {
--- a/services/src/main/java/org/keycloak/authentication/authenticators/LoginFormUsernameAuthenticator.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/LoginFormUsernameAuthenticator.java
@ -51,7 +51,6 @@ public class LoginFormUsernameAuthenticator extends AbstractFormAuthenticator im
                    formData.add("rememberMe", "on");
                }
            }
            if (loginHint != null) formData.add(AuthenticationManager.FORM_USERNAME, loginHint);
            Response challengeResponse = challenge(context, formData);
            context.challenge(challengeResponse);
            return;
--- a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
+++ b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
@ -25,8 +25,11 @@ import org.jboss.logging.Logger;
 import org.jboss.resteasy.spi.HttpRequest;
 import org.keycloak.ClientConnection;
 import org.keycloak.authentication.AuthenticationProcessor;
 import org.keycloak.authentication.AuthenticatorUtil;
 import org.keycloak.authentication.RequiredActionContext;
 import org.keycloak.authentication.RequiredActionProvider;
 import org.keycloak.authentication.authenticators.AbstractFormAuthenticator;
 import org.keycloak.authentication.authenticators.LoginFormPasswordAuthenticatorFactory;
 import org.keycloak.email.EmailException;
 import org.keycloak.email.EmailProvider;
 import org.keycloak.events.Details;
@ -35,6 +38,7 @@ import org.keycloak.events.EventBuilder;
 import org.keycloak.events.EventType;
 import org.keycloak.jose.jws.JWSBuilder;
 import org.keycloak.login.LoginFormsProvider;
 import org.keycloak.models.AuthenticationExecutionModel;
 import org.keycloak.models.AuthenticationFlowModel;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.ClientSessionModel;
@ -49,10 +53,12 @@ import org.keycloak.models.UserCredentialModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.UserModel.RequiredAction;
 import org.keycloak.models.UserSessionModel;
 import org.keycloak.models.utils.DefaultAuthenticationFlows;
 import org.keycloak.models.utils.FormMessage;
 import org.keycloak.models.utils.KeycloakModelUtils;
 import org.keycloak.models.utils.TimeBasedOTP;
 import org.keycloak.protocol.LoginProtocol;
 import org.keycloak.protocol.oidc.OIDCLoginProtocol;
 import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
 import org.keycloak.protocol.oidc.TokenManager;
 import org.keycloak.representations.PasswordToken;
@ -273,6 +279,7 @@ public class LoginActionsService {
        return session.getProvider(LoginFormsProvider.class)
                .setClientSessionCode(clientSessionCode.getCode())
                .setAttribute("passwordRequired", isPasswordRequired())
                .createRegistration();
    }
@ -490,14 +497,13 @@ public class LoginActionsService {
     * Registration
     *
     * @param code
     * @param formData
     * @return
     */
    @Path("request/registration")
    @POST
    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
-    public Response processRegister(@QueryParam("code") String code,
+    public Response processRegister(@QueryParam("code") String code) {
-                                    final MultivaluedMap<String, String> formData) {
+        MultivaluedMap<String, String> formData = request.getDecodedFormParameters();
        event.event(EventType.REGISTER);
        if (!checkSsl()) {
            event.error(Errors.SSL_REQUIRED);
@ -553,20 +559,23 @@ public class LoginActionsService {
        session.getContext().setClient(client);
-        List<String> requiredCredentialTypes = new LinkedList<String>();
+        List<String> requiredCredentialTypes = new LinkedList<>();
-        for (RequiredCredentialModel m : realm.getRequiredCredentials()) {
+        boolean passwordRequired = isPasswordRequired();
-            requiredCredentialTypes.add(m.getType());
+        if (passwordRequired) {
            requiredCredentialTypes.add(CredentialRepresentation.PASSWORD);
        }
        // Validate here, so user is not created if password doesn't validate to passwordPolicy of current realm
        List<FormMessage> errors = Validation.validateRegistrationForm(realm, formData, requiredCredentialTypes, realm.getPasswordPolicy());
        if (errors != null && !errors.isEmpty()) {
            event.error(Errors.INVALID_REGISTRATION);
            return session.getProvider(LoginFormsProvider.class)
                    .setErrors(errors)
                    .setFormData(formData)
                    .setClientSessionCode(clientCode.getCode())
                    .setAttribute("passwordRequired", isPasswordRequired())
                    .createRegistration();
        }
@ -577,6 +586,7 @@ public class LoginActionsService {
                    .setError(Messages.USERNAME_EXISTS)
                    .setFormData(formData)
                    .setClientSessionCode(clientCode.getCode())
                    .setAttribute("passwordRequired", isPasswordRequired())
                    .createRegistration();
        }
@ -587,6 +597,7 @@ public class LoginActionsService {
                    .setError(Messages.EMAIL_EXISTS)
                    .setFormData(formData)
                    .setClientSessionCode(clientCode.getCode())
                    .setAttribute("passwordRequired", isPasswordRequired())
                    .createRegistration();
        }
@ -597,7 +608,7 @@ public class LoginActionsService {
        user.setEmail(email);
-        if (requiredCredentialTypes.contains(CredentialRepresentation.PASSWORD)) {
+        if (passwordRequired) {
            UserCredentialModel credentials = new UserCredentialModel();
            credentials.setType(CredentialRepresentation.PASSWORD);
            credentials.setValue(formData.getFirst("password"));
@ -626,13 +637,35 @@ public class LoginActionsService {
                        .createResponse(UserModel.RequiredAction.UPDATE_PASSWORD);
            }
        }
-
+        clientSession.setNote(OIDCLoginProtocol.LOGIN_HINT_PARAM, username);
        AttributeFormDataProcessor.process(formData, realm, user);
        event.user(user).success();
        event = new EventBuilder(realm, session, clientConnection);
        clientSession.setAuthenticatedUser(user);
        AuthenticationFlowModel flow = realm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW);
        AuthenticationProcessor processor = new AuthenticationProcessor();
        processor.setClientSession(clientSession)
                .setFlowId(flow.getId())
                .setConnection(clientConnection)
                .setEventBuilder(event)
                .setProtector(authManager.getProtector())
                .setRealm(realm)
                .setAction(AbstractFormAuthenticator.REGISTRATION_FORM_ACTION)
                .setSession(session)
                .setUriInfo(uriInfo)
                .setRequest(request);
-        return processLogin(code, formData);
+        try {
            return processor.authenticate();
        } catch (Exception e) {
            return processor.handleBrowserException(e);
        }
    }
    public boolean isPasswordRequired() {
        AuthenticationFlowModel browserFlow = realm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW);
        return AuthenticatorUtil.isRequired(realm, browserFlow.getId(), LoginFormPasswordAuthenticatorFactory.PROVIDER_ID);
    }
    /**
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
@ -160,7 +160,7 @@ public class RequiredActionEmailVerificationTest {
        MimeMessage message = greenMail.getReceivedMessages()[0];
-        Event sendEvent = events.expectRequiredAction(EventType.SEND_VERIFY_EMAIL).user(userId).detail("username", "verifyEmail").detail("email", "email@mail.com").assertEvent();
+        Event sendEvent = events.expectRequiredAction(EventType.SEND_VERIFY_EMAIL).user(userId).detail("username", "verifyemail").detail("email", "email@mail.com").assertEvent();
        String sessionId = sendEvent.getSessionId();
        String mailCodeId = sendEvent.getDetails().get(Details.CODE_ID);
@ -171,9 +171,9 @@ public class RequiredActionEmailVerificationTest {
        Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
-        events.expectRequiredAction(EventType.VERIFY_EMAIL).user(userId).session(sessionId).detail("username", "verifyEmail").detail("email", "email@mail.com").detail(Details.CODE_ID, mailCodeId).assertEvent();
+        events.expectRequiredAction(EventType.VERIFY_EMAIL).user(userId).session(sessionId).detail("username", "verifyemail").detail("email", "email@mail.com").detail(Details.CODE_ID, mailCodeId).assertEvent();
-        events.expectLogin().user(userId).session(sessionId).detail("username", "verifyEmail").detail(Details.CODE_ID, mailCodeId).assertEvent();
+        events.expectLogin().user(userId).session(sessionId).detail("username", "verifyemail").detail(Details.CODE_ID, mailCodeId).assertEvent();
    }
    @Test
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
@ -109,11 +109,11 @@ public class RequiredActionTotpSetupTest {
        totpPage.configure(totp.generate(totpPage.getTotpSecret()));
-        String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setupTotp").assertEvent().getSessionId();
+        String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp").assertEvent().getSessionId();
        Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
-        events.expectLogin().user(userId).session(sessionId).detail(Details.USERNAME, "setupTotp").assertEvent();
+        events.expectLogin().user(userId).session(sessionId).detail(Details.USERNAME, "setuptotp").assertEvent();
    }
    @Test
@ -165,9 +165,9 @@ public class RequiredActionTotpSetupTest {
        // After totp config, user should be on the app page
        Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
-        events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setupTotp2").assertEvent();
+        events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent();
-        Event loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setupTotp2").assertEvent();
+        Event loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent();
        // Logout
        oauth.openLogout();
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java
@ -137,7 +137,7 @@ public class RegisterTest {
            String userId = events.expectRegister("registerPasswordPolicy", "registerPasswordPolicy@email").assertEvent().getUserId();
-            events.expectLogin().user(userId).detail(Details.USERNAME, "registerPasswordPolicy").assertEvent();
+            events.expectLogin().user(userId).detail(Details.USERNAME, "registerpasswordpolicy").assertEvent();
        } finally {
            keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
                @Override
@ -190,7 +190,7 @@ public class RegisterTest {
        Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
        String userId = events.expectRegister("registerUserSuccess", "registerUserSuccess@email").assertEvent().getUserId();
-        events.expectLogin().detail("username", "registerUserSuccess").user(userId).assertEvent();
+        events.expectLogin().detail("username", "registerusersuccess").user(userId).assertEvent();
    }
    @Test
@ -250,7 +250,7 @@ public class RegisterTest {
            Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
            String userId = events.expectRegister("registerUserSuccessE@email", "registerUserSuccessE@email").assertEvent().getUserId();
-            events.expectLogin().detail("username", "registerUserSuccessE@email").user(userId).assertEvent();
+            events.expectLogin().detail("username", "registerusersuccesse@email").user(userId).assertEvent();
        } finally {
            configureRelamRegistrationEmailAsUsername(false);
        }