Avoid using methods on UserCredentialStoreManager
This commit is contained in:
Alexander Schwartz
Hynek Mlnařík
parent
bc8fd21dc6
commit
6f287e7ded
63 changed files with 258 additions and 274 deletions
|
|
@ -44,11 +44,6 @@ public class SecretQuestionCredentialProvider implements CredentialProvider<Secr
|
|||
this.session = session;
|
||||
}
|
||||
|
||||
private UserCredentialStore getCredentialStore() {
|
||||
return session.userCredentialManager();
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public boolean isValid(RealmModel realm, UserModel user, CredentialInput input) {
|
||||
if (!(input instanceof UserCredentialModel)) {
|
||||
|
|
@ -62,7 +57,7 @@ public class SecretQuestionCredentialProvider implements CredentialProvider<Secr
|
|||
if (challengeResponse == null) {
|
||||
return false;
|
||||
}
|
||||
CredentialModel credentialModel = getCredentialStore().getStoredCredentialById(realm, user, input.getCredentialId());
|
||||
CredentialModel credentialModel = user.getUserCredentialManager().getStoredCredentialById(input.getCredentialId());
|
||||
SecretQuestionCredentialModel sqcm = getCredentialFromModel(credentialModel);
|
||||
return sqcm.getSecretQuestionSecretData().getAnswer().equals(challengeResponse);
|
||||
}
|
||||
|
|
@ -75,7 +70,7 @@ public class SecretQuestionCredentialProvider implements CredentialProvider<Secr
|
|||
@Override
|
||||
public boolean isConfiguredFor(RealmModel realm, UserModel user, String credentialType) {
|
||||
if (!supportsCredentialType(credentialType)) return false;
|
||||
return getCredentialStore().getStoredCredentialsByTypeStream(realm, user, credentialType).count() > 0;
|
||||
return user.getUserCredentialManager().getStoredCredentialsByTypeStream(credentialType).findAny().isPresent();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -83,12 +78,12 @@ public class SecretQuestionCredentialProvider implements CredentialProvider<Secr
|
|||
if (credentialModel.getCreatedDate() == null) {
|
||||
credentialModel.setCreatedDate(Time.currentTimeMillis());
|
||||
}
|
||||
return getCredentialStore().createCredential(realm, user, credentialModel);
|
||||
return user.getUserCredentialManager().createStoredCredential(credentialModel);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean deleteCredential(RealmModel realm, UserModel user, String credentialId) {
|
||||
return getCredentialStore().removeStoredCredential(realm, user, credentialId);
|
||||
return user.getUserCredentialManager().removeStoredCredentialById(credentialId);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ package org.keycloak.models.cache.infinispan;
|
|||
import org.keycloak.credential.CredentialInput;
|
||||
import org.keycloak.credential.CredentialModel;
|
||||
import org.keycloak.models.SingleUserCredentialManager;
|
||||
import org.keycloak.models.UserModel;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.stream.Stream;
|
||||
|
|
@ -107,8 +106,8 @@ public abstract class SingleUserCredentialManagerCacheAdapter implements SingleU
|
|||
}
|
||||
|
||||
@Override
|
||||
public Stream<String> getConfiguredUserStorageCredentialTypesStream(UserModel user) {
|
||||
return singleUserCredentialManager.getConfiguredUserStorageCredentialTypesStream(user);
|
||||
public Stream<String> getConfiguredUserStorageCredentialTypesStream() {
|
||||
return singleUserCredentialManager.getConfiguredUserStorageCredentialTypesStream();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -34,15 +34,9 @@ import java.util.Objects;
|
|||
import java.util.stream.Stream;
|
||||
|
||||
/**
|
||||
* Handling credentials for a given user.
|
||||
* Handling credentials for a given user for the legacy store.
|
||||
*
|
||||
* This serves as a wrapper to specific strategies. The wrapping code implements the logic for {@link CredentialInputUpdater}s
|
||||
* and {@link CredentialInputValidator}s. Storage specific strategies can be added like for example in
|
||||
* org.keycloak.models.map.credential.MapSingleUserCredentialManagerStrategy.
|
||||
*
|
||||
* I tried to extract the federation specific parts to the {@link LegacySingleUserCredentialManagerStrategy} but the control
|
||||
* flow in the existing logic: if <code>model == null || !model.isEnabled()</code>, the code will directly return, while
|
||||
* the behavior of the strategy is to continue if it returns false and it will then try other providers.
|
||||
* Its companion is the MapSingleUserCredentialManagerStrategy that doesn't contain storage related elements.
|
||||
*
|
||||
* @author Alexander Schwartz
|
||||
*/
|
||||
|
|
@ -218,7 +212,7 @@ public class LegacySingleUserCredentialManager extends AbstractStorageManager<Us
|
|||
}
|
||||
|
||||
@Override
|
||||
public Stream<String> getConfiguredUserStorageCredentialTypesStream(UserModel user) {
|
||||
public Stream<String> getConfiguredUserStorageCredentialTypesStream() {
|
||||
return getCredentialProviders(session, CredentialProvider.class).map(CredentialProvider::getType)
|
||||
.filter(credentialType -> UserStorageCredentialConfigured.CONFIGURED == isConfiguredThroughUserStorage(realm, user, credentialType));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -40,8 +40,8 @@ import java.util.stream.Stream;
|
|||
* Handling credentials for a given user.
|
||||
*
|
||||
* This serves as a wrapper to specific strategies. The wrapping code implements the logic for {@link CredentialInputUpdater}s
|
||||
* and {@link CredentialInputValidator}s. Storage specific strategies can be added like for example in
|
||||
* org.keycloak.models.map.credential.MapSingleUserCredentialManagerStrategy.
|
||||
* and {@link CredentialInputValidator}s. Storage specific strategies can be added, like for example, in
|
||||
* {@link MapSingleUserCredentialManagerStrategy}.
|
||||
*
|
||||
* @author Alexander Schwartz
|
||||
*/
|
||||
|
|
@ -162,7 +162,7 @@ public class MapSingleUserCredentialManager implements SingleUserCredentialManag
|
|||
}
|
||||
|
||||
@Override
|
||||
public Stream<String> getConfiguredUserStorageCredentialTypesStream(UserModel user) {
|
||||
public Stream<String> getConfiguredUserStorageCredentialTypesStream() {
|
||||
// TODO ask the store
|
||||
return getCredentialProviders(session, CredentialProvider.class).map(CredentialProvider::getType)
|
||||
.filter(credentialType -> UserStorageCredentialConfigured.CONFIGURED == isConfiguredThroughUserStorage(realm, user, credentialType));
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ import java.util.stream.Collectors;
|
|||
public interface CredentialValidator<T extends CredentialProvider> {
|
||||
T getCredentialProvider(KeycloakSession session);
|
||||
default List<CredentialModel> getCredentials(KeycloakSession session, RealmModel realm, UserModel user) {
|
||||
return session.userCredentialManager().getStoredCredentialsByTypeStream(realm, user, getCredentialProvider(session).getType())
|
||||
return user.getUserCredentialManager().getStoredCredentialsByTypeStream(getCredentialProvider(session).getType())
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
default String getType(KeycloakSession session) {
|
||||
|
|
|
|||
|
|
@ -220,9 +220,9 @@ public class ModelToRepresentation {
|
|||
rep.setEmail(user.getEmail());
|
||||
rep.setEnabled(user.isEnabled());
|
||||
rep.setEmailVerified(user.isEmailVerified());
|
||||
rep.setTotp(session.userCredentialManager().isConfiguredFor(realm, user, OTPCredentialModel.TYPE));
|
||||
rep.setDisableableCredentialTypes(session.userCredentialManager()
|
||||
.getDisableableCredentialTypesStream(realm, user).collect(Collectors.toSet()));
|
||||
rep.setTotp(user.getUserCredentialManager().isConfiguredFor(OTPCredentialModel.TYPE));
|
||||
rep.setDisableableCredentialTypes(user.getUserCredentialManager()
|
||||
.getDisableableCredentialTypesStream().collect(Collectors.toSet()));
|
||||
rep.setFederationLink(user.getFederationLink());
|
||||
rep.setNotBefore(session.users().getNotBeforeOfUser(realm, user));
|
||||
rep.setRequiredActions(user.getRequiredActionsStream().collect(Collectors.toList()));
|
||||
|
|
|
|||
|
|
@ -779,21 +779,21 @@ public class RepresentationToModel {
|
|||
convertDeprecatedCredentialsFormat(userRep);
|
||||
if (userRep.getCredentials() != null) {
|
||||
for (CredentialRepresentation cred : userRep.getCredentials()) {
|
||||
if (cred.getId() != null && session.userCredentialManager().getStoredCredentialById(realm, user, cred.getId()) != null) {
|
||||
if (cred.getId() != null && user.getUserCredentialManager().getStoredCredentialById(cred.getId()) != null) {
|
||||
continue;
|
||||
}
|
||||
if (cred.getValue() != null && !cred.getValue().isEmpty()) {
|
||||
RealmModel origRealm = session.getContext().getRealm();
|
||||
try {
|
||||
session.getContext().setRealm(realm);
|
||||
session.userCredentialManager().updateCredential(realm, user, UserCredentialModel.password(cred.getValue(), false));
|
||||
user.getUserCredentialManager().updateCredential(UserCredentialModel.password(cred.getValue(), false));
|
||||
} catch (ModelException ex) {
|
||||
throw new PasswordPolicyNotMetException(ex.getMessage(), user.getUsername(), ex);
|
||||
} finally {
|
||||
session.getContext().setRealm(origRealm);
|
||||
}
|
||||
} else {
|
||||
session.userCredentialManager().createCredentialThroughProvider(realm, user, toModel(cred));
|
||||
user.getUserCredentialManager().createCredentialThroughProvider(toModel(cred));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ public class HistoryPasswordPolicyProvider implements PasswordPolicyProvider {
|
|||
PasswordPolicy policy = session.getContext().getRealm().getPasswordPolicy();
|
||||
int passwordHistoryPolicyValue = policy.getPolicyConfig(PasswordPolicy.PASSWORD_HISTORY_ID);
|
||||
if (passwordHistoryPolicyValue != -1) {
|
||||
if (session.userCredentialManager().getStoredCredentialsByTypeStream(realm, user, PasswordCredentialModel.TYPE)
|
||||
if (user.getUserCredentialManager().getStoredCredentialsByTypeStream(PasswordCredentialModel.TYPE)
|
||||
.map(PasswordCredentialModel::createFromCredentialModel)
|
||||
.anyMatch(passwordCredential -> {
|
||||
PasswordHashProvider hash = session.getProvider(PasswordHashProvider.class,
|
||||
|
|
@ -63,7 +63,7 @@ public class HistoryPasswordPolicyProvider implements PasswordPolicyProvider {
|
|||
}
|
||||
|
||||
if (passwordHistoryPolicyValue > 0) {
|
||||
if (this.getRecent(session.userCredentialManager().getStoredCredentialsByTypeStream(realm, user, PasswordCredentialModel.PASSWORD_HISTORY),
|
||||
if (this.getRecent(user.getUserCredentialManager().getStoredCredentialsByTypeStream(PasswordCredentialModel.PASSWORD_HISTORY),
|
||||
passwordHistoryPolicyValue - 1)
|
||||
.map(PasswordCredentialModel::createFromCredentialModel)
|
||||
.anyMatch(passwordCredential -> {
|
||||
|
|
|
|||
|
|
@ -100,7 +100,7 @@ public class CredentialHelper {
|
|||
String totpSecret = credentialModel.getOTPSecretData().getValue();
|
||||
|
||||
UserCredentialModel otpUserCredential = new UserCredentialModel("", realm.getOTPPolicy().getType(), totpSecret);
|
||||
boolean userStorageCreated = session.userCredentialManager().updateCredential(realm, user, otpUserCredential);
|
||||
boolean userStorageCreated = user.getUserCredentialManager().updateCredential(otpUserCredential);
|
||||
|
||||
String credentialId = null;
|
||||
if (userStorageCreated) {
|
||||
|
|
@ -112,7 +112,7 @@ public class CredentialHelper {
|
|||
|
||||
//If the type is HOTP, call verify once to consume the OTP used for registration and increase the counter.
|
||||
UserCredentialModel credential = new UserCredentialModel(credentialId, otpCredentialProvider.getType(), totpCode);
|
||||
return session.userCredentialManager().isValid(realm, user, credential);
|
||||
return user.getUserCredentialManager().isValid(credential);
|
||||
}
|
||||
|
||||
public static void deleteOTPCredential(KeycloakSession session, RealmModel realm, UserModel user, String credentialId) {
|
||||
|
|
@ -122,7 +122,7 @@ public class CredentialHelper {
|
|||
// This can usually happened when credential is stored in the userStorage. Propagate to "disable" credential in the userStorage
|
||||
if (!removed) {
|
||||
logger.debug("Removing OTP credential from userStorage");
|
||||
session.userCredentialManager().disableCredentialType(realm, user, OTPCredentialModel.TYPE);
|
||||
user.getUserCredentialManager().disableCredentialType(OTPCredentialModel.TYPE);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ public interface CredentialProvider<T extends CredentialModel> extends Provider
|
|||
T getCredentialFromModel(CredentialModel model);
|
||||
|
||||
default T getDefaultCredential(KeycloakSession session, RealmModel realm, UserModel user) {
|
||||
CredentialModel model = session.userCredentialManager().getStoredCredentialsByTypeStream(realm, user, getType())
|
||||
CredentialModel model = user.getUserCredentialManager().getStoredCredentialsByTypeStream(getType())
|
||||
.findFirst().orElse(null);
|
||||
return model != null ? getCredentialFromModel(model) : null;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ public interface UserCredentialStore extends Provider {
|
|||
CredentialModel getStoredCredentialById(RealmModel realm, UserModel user, String id);
|
||||
|
||||
/**
|
||||
* @deprecated Use {@link #getStoredCredentialsStream(RealmModel, UserModel) getStoredCredentialsStream} instead.
|
||||
* @deprecated Use {@link org.keycloak.models.SingleUserCredentialManager#getStoredCredentialsStream()} instead.
|
||||
*/
|
||||
@Deprecated
|
||||
List<CredentialModel> getStoredCredentials(RealmModel realm, UserModel user);
|
||||
|
|
@ -64,7 +64,7 @@ public interface UserCredentialStore extends Provider {
|
|||
}
|
||||
|
||||
/**
|
||||
* @deprecated Use {@link #getStoredCredentialsByTypeStream(RealmModel, UserModel, String) getStoredCredentialsByTypeStream}
|
||||
* @deprecated Use {@link org.keycloak.models.SingleUserCredentialManager#getStoredCredentialsByTypeStream(String)}
|
||||
* instead.
|
||||
*/
|
||||
@Deprecated
|
||||
|
|
@ -79,7 +79,7 @@ public interface UserCredentialStore extends Provider {
|
|||
* @return a non-null {@link Stream} of credentials.
|
||||
*/
|
||||
default Stream<CredentialModel> getStoredCredentialsByTypeStream(RealmModel realm, UserModel user, String type) {
|
||||
List<CredentialModel> result = this.getStoredCredentialsByType(realm, user, type);
|
||||
List<CredentialModel> result = user.getUserCredentialManager().getStoredCredentialsByTypeStream(type).collect(Collectors.toList());
|
||||
return result != null ? result.stream() : Stream.empty();
|
||||
}
|
||||
|
||||
|
|
@ -98,7 +98,7 @@ public interface UserCredentialStore extends Provider {
|
|||
interface Streams extends UserCredentialStore {
|
||||
@Override
|
||||
default List<CredentialModel> getStoredCredentials(RealmModel realm, UserModel user) {
|
||||
return this.getStoredCredentialsStream(realm, user).collect(Collectors.toList());
|
||||
return user.getUserCredentialManager().getStoredCredentialsStream().collect(Collectors.toList());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -106,7 +106,7 @@ public interface UserCredentialStore extends Provider {
|
|||
|
||||
@Override
|
||||
default List<CredentialModel> getStoredCredentialsByType(RealmModel realm, UserModel user, String type) {
|
||||
return this.getStoredCredentialsByTypeStream(realm, user, type).collect(Collectors.toList());
|
||||
return user.getUserCredentialManager().getStoredCredentialsByTypeStream(type).collect(Collectors.toList());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -248,9 +248,10 @@ public interface KeycloakSession {
|
|||
|
||||
/**
|
||||
* Service that allows you to valid and update credentials for a user
|
||||
*
|
||||
* @deprecated Use {@link UserModel#getUserCredentialManager()} instead.
|
||||
* @return
|
||||
*/
|
||||
@Deprecated
|
||||
UserCredentialManager userCredentialManager();
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ package org.keycloak.models;
|
|||
import org.keycloak.credential.CredentialInput;
|
||||
import org.keycloak.credential.CredentialModel;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.stream.Stream;
|
||||
|
||||
|
|
@ -30,6 +31,10 @@ public interface SingleUserCredentialManager {
|
|||
*/
|
||||
boolean isValid(List<CredentialInput> inputs);
|
||||
|
||||
default boolean isValid(CredentialInput... inputs) {
|
||||
return isValid(Arrays.asList(inputs));
|
||||
}
|
||||
|
||||
/**
|
||||
* Updates a credentials of the user.
|
||||
*/
|
||||
|
|
@ -63,7 +68,7 @@ public interface SingleUserCredentialManager {
|
|||
@Deprecated
|
||||
boolean isConfiguredLocally(String type);
|
||||
|
||||
Stream<String> getConfiguredUserStorageCredentialTypesStream(UserModel user);
|
||||
Stream<String> getConfiguredUserStorageCredentialTypesStream();
|
||||
|
||||
CredentialModel createCredentialThroughProvider(CredentialModel model);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,9 +26,13 @@ import java.util.stream.Collectors;
|
|||
import java.util.stream.Stream;
|
||||
|
||||
/**
|
||||
* Manage the credentials for a user.
|
||||
*
|
||||
* @deprecated Instead of this class, use {@link UserModel#getUserCredentialManager()} instead.
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
@Deprecated
|
||||
public interface UserCredentialManager extends UserCredentialStore {
|
||||
|
||||
/**
|
||||
|
|
@ -97,14 +101,13 @@ public interface UserCredentialManager extends UserCredentialStore {
|
|||
* @param realm
|
||||
* @param user
|
||||
* @return
|
||||
* @deprecated Use {@link #getDisableableCredentialTypesStream(RealmModel, UserModel) getDisableableCredentialTypesStream}
|
||||
* instead.
|
||||
* @deprecated Use {@link UserModel#getUserCredentialManager()} and {@link SingleUserCredentialManager#getDisableableCredentialTypesStream()} instead.
|
||||
*/
|
||||
@Deprecated
|
||||
Set<String> getDisableableCredentialTypes(RealmModel realm, UserModel user);
|
||||
|
||||
/**
|
||||
* Obtains the credential types that can be disabled by means of the {@link #disableCredentialType(RealmModel, UserModel, String)}
|
||||
* Obtains the credential types that can be disabled.
|
||||
* method.
|
||||
*
|
||||
* @param realm a reference to the realm.
|
||||
|
|
@ -112,8 +115,7 @@ public interface UserCredentialManager extends UserCredentialStore {
|
|||
* @return a non-null {@link Stream} of credential types.
|
||||
*/
|
||||
default Stream<String> getDisableableCredentialTypesStream(RealmModel realm, UserModel user) {
|
||||
Set<String> result = this.getDisableableCredentialTypes(realm, user);
|
||||
return result != null ? result.stream() : Stream.empty();
|
||||
return user.getUserCredentialManager().getDisableableCredentialTypesStream();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -156,8 +158,7 @@ public interface UserCredentialManager extends UserCredentialStore {
|
|||
* Return credential types, which are provided by the user storage where user is stored. Returned values can contain for example "password", "otp" etc.
|
||||
* This will always return empty list for "local" users, which are not backed by any user storage
|
||||
*
|
||||
* @return
|
||||
* @deprecated Use {@link #getConfiguredUserStorageCredentialTypesStream(RealmModel, UserModel) getConfiguredUserStorageCredentialTypesStream}
|
||||
* @deprecated Use {@link UserModel#getUserCredentialManager()} and then call {@link SingleUserCredentialManager#getConfiguredUserStorageCredentialTypesStream()}
|
||||
* instead.
|
||||
*/
|
||||
@Deprecated
|
||||
|
|
@ -174,8 +175,7 @@ public interface UserCredentialManager extends UserCredentialStore {
|
|||
* @return a non-null {@link Stream} of credential types.
|
||||
*/
|
||||
default Stream<String> getConfiguredUserStorageCredentialTypesStream(RealmModel realm, UserModel user) {
|
||||
List<String> result = this.getConfiguredUserStorageCredentialTypes(realm, user);
|
||||
return result != null ? result.stream() : Stream.empty();
|
||||
return user.getUserCredentialManager().getConfiguredUserStorageCredentialTypesStream();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -188,7 +188,7 @@ public interface UserCredentialManager extends UserCredentialStore {
|
|||
interface Streams extends UserCredentialManager, UserCredentialStore.Streams {
|
||||
@Override
|
||||
default Set<String> getDisableableCredentialTypes(RealmModel realm, UserModel user) {
|
||||
return this.getDisableableCredentialTypesStream(realm, user).collect(Collectors.toSet());
|
||||
return user.getUserCredentialManager().getDisableableCredentialTypesStream().collect(Collectors.toSet());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -196,7 +196,7 @@ public interface UserCredentialManager extends UserCredentialStore {
|
|||
|
||||
@Override
|
||||
default List<String> getConfiguredUserStorageCredentialTypes(RealmModel realm, UserModel user) {
|
||||
return this.getConfiguredUserStorageCredentialTypesStream(realm, user).collect(Collectors.toList());
|
||||
return user.getUserCredentialManager().getConfiguredUserStorageCredentialTypesStream().collect(Collectors.toList());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -80,13 +80,10 @@ class AuthenticationSelectionResolver {
|
|||
if (processor.getAuthenticationSession().getAuthenticatedUser() != null) {
|
||||
authenticationSelectionList =
|
||||
Stream.concat(
|
||||
processor.getSession().userCredentialManager()
|
||||
.getStoredCredentialsStream(processor.getRealm(), processor.getAuthenticationSession().getAuthenticatedUser())
|
||||
processor.getAuthenticationSession().getAuthenticatedUser().getUserCredentialManager().getStoredCredentialsStream()
|
||||
.map(CredentialModel::getType),
|
||||
processor.getSession().userCredentialManager()
|
||||
.getConfiguredUserStorageCredentialTypesStream(
|
||||
processor.getRealm(),
|
||||
processor.getAuthenticationSession().getAuthenticatedUser()))
|
||||
processor.getAuthenticationSession().getAuthenticatedUser().getUserCredentialManager()
|
||||
.getConfiguredUserStorageCredentialTypesStream())
|
||||
.distinct()
|
||||
.filter(typeAuthExecMap::containsKey)
|
||||
.map(credentialType -> new AuthenticationSelectionOption(processor.getSession(), typeAuthExecMap.get(credentialType)))
|
||||
|
|
|
|||
|
|
@ -226,7 +226,7 @@ public abstract class AbstractUsernameFormAuthenticator extends AbstractFormAuth
|
|||
|
||||
if (isDisabledByBruteForce(context, user)) return false;
|
||||
|
||||
if (password != null && !password.isEmpty() && context.getSession().userCredentialManager().isValid(context.getRealm(), user, UserCredentialModel.password(password))) {
|
||||
if (password != null && !password.isEmpty() && user.getUserCredentialManager().isValid(UserCredentialModel.password(password))) {
|
||||
return true;
|
||||
} else {
|
||||
return badPasswordHandler(context, user, clearUser,false);
|
||||
|
|
|
|||
|
|
@ -97,8 +97,7 @@ public class OTPFormAuthenticator extends AbstractUsernameFormAuthenticator impl
|
|||
context.challenge(challengeResponse);
|
||||
return;
|
||||
}
|
||||
boolean valid = context.getSession().userCredentialManager().isValid(context.getRealm(),context.getUser(),
|
||||
new UserCredentialModel(credentialId, getCredentialProvider(context.getSession()).getType(), otp));
|
||||
boolean valid = context.getUser().getUserCredentialManager().isValid(new UserCredentialModel(credentialId, getCredentialProvider(context.getSession()).getType(), otp));
|
||||
if (!valid) {
|
||||
context.getEvent().user(userModel)
|
||||
.error(Errors.INVALID_USER_CREDENTIALS);
|
||||
|
|
@ -131,7 +130,7 @@ public class OTPFormAuthenticator extends AbstractUsernameFormAuthenticator impl
|
|||
|
||||
@Override
|
||||
public boolean configuredFor(KeycloakSession session, RealmModel realm, UserModel user) {
|
||||
return session.userCredentialManager().isConfiguredFor(realm, user, getCredentialProvider(session).getType());
|
||||
return user.getUserCredentialManager().isConfiguredFor(getCredentialProvider(session).getType());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ public class PasswordForm extends UsernamePasswordForm implements CredentialVali
|
|||
|
||||
@Override
|
||||
public boolean configuredFor(KeycloakSession session, RealmModel realm, UserModel user) {
|
||||
return session.userCredentialManager().isConfiguredFor(realm, user, getCredentialProvider(session).getType());
|
||||
return user.getUserCredentialManager().isConfiguredFor(getCredentialProvider(session).getType());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -28,10 +28,7 @@ import static org.keycloak.services.validation.Validation.FIELD_USERNAME;
|
|||
|
||||
public class RecoveryAuthnCodesFormAuthenticator implements Authenticator {
|
||||
|
||||
private final UserCredentialManager userCredentialManager;
|
||||
|
||||
public RecoveryAuthnCodesFormAuthenticator(KeycloakSession keycloakSession) {
|
||||
this.userCredentialManager = keycloakSession.userCredentialManager();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -61,7 +58,7 @@ public class RecoveryAuthnCodesFormAuthenticator implements Authenticator {
|
|||
RealmModel targetRealm = authnFlowContext.getRealm();
|
||||
UserModel authenticatedUser = authnFlowContext.getUser();
|
||||
if (!isDisabledByBruteForce(authnFlowContext, authenticatedUser)) {
|
||||
boolean isValid = this.userCredentialManager.isValid(targetRealm, authenticatedUser,
|
||||
boolean isValid = authenticatedUser.getUserCredentialManager().isValid(
|
||||
UserCredentialModel.buildFromBackupAuthnCode(recoveryAuthnCodeUserInput.replace("-", "")));
|
||||
if (!isValid) {
|
||||
Response responseChallenge = createLoginForm(authnFlowContext, true,
|
||||
|
|
@ -70,14 +67,14 @@ public class RecoveryAuthnCodesFormAuthenticator implements Authenticator {
|
|||
authnFlowContext.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS, responseChallenge);
|
||||
} else {
|
||||
result = true;
|
||||
Optional<CredentialModel> optUserCredentialFound = this.userCredentialManager.getStoredCredentialsByTypeStream(targetRealm,
|
||||
authenticatedUser, RecoveryAuthnCodesCredentialModel.TYPE).findFirst();
|
||||
Optional<CredentialModel> optUserCredentialFound = authenticatedUser.getUserCredentialManager().getStoredCredentialsByTypeStream(
|
||||
RecoveryAuthnCodesCredentialModel.TYPE).findFirst();
|
||||
RecoveryAuthnCodesCredentialModel recoveryCodeCredentialModel = null;
|
||||
if (optUserCredentialFound.isPresent()) {
|
||||
recoveryCodeCredentialModel = RecoveryAuthnCodesCredentialModel
|
||||
.createFromCredentialModel(optUserCredentialFound.get());
|
||||
if (recoveryCodeCredentialModel.allCodesUsed()) {
|
||||
this.userCredentialManager.removeStoredCredential(targetRealm, authenticatedUser,
|
||||
authenticatedUser.getUserCredentialManager().removeStoredCredentialById(
|
||||
recoveryCodeCredentialModel.getId());
|
||||
}
|
||||
}
|
||||
|
|
@ -137,7 +134,7 @@ public class RecoveryAuthnCodesFormAuthenticator implements Authenticator {
|
|||
|
||||
@Override
|
||||
public boolean configuredFor(KeycloakSession session, RealmModel realm, UserModel user) {
|
||||
return session.userCredentialManager().isConfiguredFor(realm, user, RecoveryAuthnCodesCredentialModel.TYPE);
|
||||
return user.getUserCredentialManager().isConfiguredFor(RecoveryAuthnCodesCredentialModel.TYPE);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -215,7 +215,7 @@ public class WebAuthnAuthenticator implements Authenticator, CredentialValidator
|
|||
|
||||
boolean result = false;
|
||||
try {
|
||||
result = session.userCredentialManager().isValid(context.getRealm(), user, cred);
|
||||
result = user.getUserCredentialManager().isValid(cred);
|
||||
} catch (WebAuthnException wae) {
|
||||
setErrorResponse(context, WEBAUTHN_ERROR_AUTH_VERIFICATION, wae.getMessage());
|
||||
return;
|
||||
|
|
@ -243,7 +243,7 @@ public class WebAuthnAuthenticator implements Authenticator, CredentialValidator
|
|||
}
|
||||
|
||||
public boolean configuredFor(KeycloakSession session, RealmModel realm, UserModel user) {
|
||||
return session.userCredentialManager().isConfiguredFor(realm, user, getCredentialType());
|
||||
return user.getUserCredentialManager().isConfiguredFor(getCredentialType());
|
||||
}
|
||||
|
||||
public void setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user) {
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ public class ValidatePassword extends AbstractDirectGrantAuthenticator {
|
|||
@Override
|
||||
public void authenticate(AuthenticationFlowContext context) {
|
||||
String password = retrievePassword(context);
|
||||
boolean valid = context.getSession().userCredentialManager().isValid(context.getRealm(), context.getUser(), UserCredentialModel.password(password));
|
||||
boolean valid = context.getUser().getUserCredentialManager().isValid(UserCredentialModel.password(password));
|
||||
if (!valid) {
|
||||
context.getEvent().user(context.getUser());
|
||||
context.getEvent().error(Errors.INVALID_USER_CREDENTIALS);
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ public class ResetPassword extends AbstractSetRequiredActionAuthenticator {
|
|||
}
|
||||
|
||||
protected boolean configuredFor(AuthenticationFlowContext context) {
|
||||
return context.getSession().userCredentialManager().isConfiguredFor(context.getRealm(), context.getUser(), PasswordCredentialModel.TYPE);
|
||||
return context.getUser().getUserCredentialManager().isConfiguredFor(PasswordCredentialModel.TYPE);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -93,7 +93,7 @@ public class RegistrationPassword implements FormAction, FormActionFactory {
|
|||
String password = formData.getFirst(RegistrationPage.FIELD_PASSWORD);
|
||||
UserModel user = context.getUser();
|
||||
try {
|
||||
context.getSession().userCredentialManager().updateCredential(context.getRealm(), user, UserCredentialModel.password(formData.getFirst("password"), false));
|
||||
user.getUserCredentialManager().updateCredential(UserCredentialModel.password(formData.getFirst("password"), false));
|
||||
} catch (Exception me) {
|
||||
user.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -83,7 +83,7 @@ public class ConsoleUpdatePassword extends UpdatePassword implements RequiredAct
|
|||
}
|
||||
|
||||
try {
|
||||
context.getSession().userCredentialManager().updateCredential(context.getRealm(), context.getUser(), UserCredentialModel.password(passwordNew, false));
|
||||
context.getUser().getUserCredentialManager().updateCredential(UserCredentialModel.password(passwordNew, false));
|
||||
context.success();
|
||||
} catch (ModelException me) {
|
||||
errorEvent.detail(Details.REASON, me.getMessage()).error(Errors.PASSWORD_REJECTED);
|
||||
|
|
|
|||
|
|
@ -139,7 +139,7 @@ public class UpdatePassword implements RequiredActionProvider, RequiredActionFac
|
|||
}
|
||||
|
||||
try {
|
||||
session.userCredentialManager().updateCredential(realm, user, UserCredentialModel.password(passwordNew, false));
|
||||
user.getUserCredentialManager().updateCredential(UserCredentialModel.password(passwordNew, false));
|
||||
context.success();
|
||||
} catch (ModelException me) {
|
||||
errorEvent.detail(Details.REASON, me.getMessage()).error(Errors.PASSWORD_REJECTED);
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ public class UpdateTotp implements RequiredActionProvider, RequiredActionFactory
|
|||
}
|
||||
OTPCredentialProvider otpCredentialProvider = (OTPCredentialProvider) context.getSession().getProvider(CredentialProvider.class, "keycloak-otp");
|
||||
final Stream<CredentialModel> otpCredentials = (otpCredentialProvider.isConfiguredFor(context.getRealm(), context.getUser()))
|
||||
? context.getSession().userCredentialManager().getStoredCredentialsByTypeStream(context.getRealm(), context.getUser(), OTPCredentialModel.TYPE)
|
||||
? context.getUser().getUserCredentialManager().getStoredCredentialsByTypeStream(OTPCredentialModel.TYPE)
|
||||
: Stream.empty();
|
||||
if (otpCredentials.count() >= 1 && Validation.isBlank(userLabel)) {
|
||||
Response challenge = context.form()
|
||||
|
|
|
|||
|
|
@ -132,7 +132,7 @@ public class WebAuthnRegister implements RequiredActionProvider, CredentialRegis
|
|||
|
||||
String excludeCredentialIds = "";
|
||||
if (avoidSameAuthenticatorRegister) {
|
||||
excludeCredentialIds = session.userCredentialManager().getStoredCredentialsByTypeStream(context.getRealm(), userModel, getCredentialType())
|
||||
excludeCredentialIds = userModel.getUserCredentialManager().getStoredCredentialsByTypeStream(getCredentialType())
|
||||
.map(credentialModel -> {
|
||||
WebAuthnCredentialModel credModel = WebAuthnCredentialModel.createFromCredentialModel(credentialModel);
|
||||
return Base64Url.encodeBase64ToBase64Url(credModel.getWebAuthnCredentialData().getCredentialId());
|
||||
|
|
|
|||
|
|
@ -42,26 +42,6 @@ public class OTPCredentialProvider implements CredentialProvider<OTPCredentialMo
|
|||
|
||||
protected KeycloakSession session;
|
||||
|
||||
/*protected List<CredentialModel> getCachedCredentials(UserModel user, String type) {
|
||||
if (!(user instanceof CachedUserModel)) return null;
|
||||
CachedUserModel cached = (CachedUserModel)user;
|
||||
if (cached.isMarkedForEviction()) return null;
|
||||
List<CredentialModel> rtn = (List<CredentialModel>)cached.getCachedWith().get(getType());
|
||||
if (rtn == null) return Collections.EMPTY_LIST;
|
||||
return rtn;
|
||||
}*/
|
||||
|
||||
private UserCredentialStore getCredentialStore() {
|
||||
return session.userCredentialManager();
|
||||
}
|
||||
|
||||
/*@Override
|
||||
public void onCache(RealmModel realm, CachedUserModel user, UserModel delegate) {
|
||||
List<CredentialModel> creds = getCredentialStore().getStoredCredentialsByType(realm, user, getType());
|
||||
user.getCachedWith().put(getType(), creds);
|
||||
|
||||
}*/
|
||||
|
||||
public OTPCredentialProvider(KeycloakSession session) {
|
||||
this.session = session;
|
||||
}
|
||||
|
|
@ -71,12 +51,12 @@ public class OTPCredentialProvider implements CredentialProvider<OTPCredentialMo
|
|||
if (credentialModel.getCreatedDate() == null) {
|
||||
credentialModel.setCreatedDate(Time.currentTimeMillis());
|
||||
}
|
||||
return getCredentialStore().createCredential(realm, user, credentialModel);
|
||||
return user.getUserCredentialManager().createStoredCredential(credentialModel);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean deleteCredential(RealmModel realm, UserModel user, String credentialId) {
|
||||
return getCredentialStore().removeStoredCredential(realm, user, credentialId);
|
||||
return user.getUserCredentialManager().removeStoredCredentialById(credentialId);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -92,7 +72,7 @@ public class OTPCredentialProvider implements CredentialProvider<OTPCredentialMo
|
|||
@Override
|
||||
public boolean isConfiguredFor(RealmModel realm, UserModel user, String credentialType) {
|
||||
if (!supportsCredentialType(credentialType)) return false;
|
||||
return getCredentialStore().getStoredCredentialsByTypeStream(realm, user, credentialType).count() > 0;
|
||||
return user.getUserCredentialManager().getStoredCredentialsByTypeStream(credentialType).findAny().isPresent();
|
||||
}
|
||||
|
||||
public boolean isConfiguredFor(RealmModel realm, UserModel user){
|
||||
|
|
@ -115,7 +95,7 @@ public class OTPCredentialProvider implements CredentialProvider<OTPCredentialMo
|
|||
return false;
|
||||
}
|
||||
|
||||
CredentialModel credential = getCredentialStore().getStoredCredentialById(realm, user, credentialInput.getCredentialId());
|
||||
CredentialModel credential = user.getUserCredentialManager().getStoredCredentialById(credentialInput.getCredentialId());
|
||||
OTPCredentialModel otpCredentialModel = OTPCredentialModel.createFromCredentialModel(credential);
|
||||
OTPSecretData secretData = otpCredentialModel.getOTPSecretData();
|
||||
OTPCredentialData credentialData = otpCredentialModel.getOTPCredentialData();
|
||||
|
|
@ -127,7 +107,7 @@ public class OTPCredentialProvider implements CredentialProvider<OTPCredentialMo
|
|||
return false;
|
||||
}
|
||||
otpCredentialModel.updateCounter(counter);
|
||||
getCredentialStore().updateCredential(realm, user, otpCredentialModel);
|
||||
user.getUserCredentialManager().updateStoredCredential(otpCredentialModel);
|
||||
return true;
|
||||
} else if (OTPCredentialModel.TOTP.equals(credentialData.getSubType())) {
|
||||
TimeBasedOTP validator = new TimeBasedOTP(credentialData.getAlgorithm(), credentialData.getDigits(), credentialData.getPeriod(), policy.getLookAheadWindow());
|
||||
|
|
|
|||
|
|
@ -48,12 +48,8 @@ public class PasswordCredentialProvider implements CredentialProvider<PasswordCr
|
|||
this.session = session;
|
||||
}
|
||||
|
||||
protected UserCredentialStore getCredentialStore() {
|
||||
return session.userCredentialManager();
|
||||
}
|
||||
|
||||
public PasswordCredentialModel getPassword(RealmModel realm, UserModel user) {
|
||||
List<CredentialModel> passwords = getCredentialStore().getStoredCredentialsByTypeStream(realm, user, getType()).collect(Collectors.toList());
|
||||
List<CredentialModel> passwords = user.getUserCredentialManager().getStoredCredentialsByTypeStream(getType()).collect(Collectors.toList());
|
||||
if (passwords.isEmpty()) return null;
|
||||
return PasswordCredentialModel.createFromCredentialModel(passwords.get(0));
|
||||
}
|
||||
|
|
@ -87,34 +83,34 @@ public class PasswordCredentialProvider implements CredentialProvider<PasswordCr
|
|||
credentialModel.setCreatedDate(Time.currentTimeMillis());
|
||||
}
|
||||
if (oldPassword == null) { // no password exists --> create new
|
||||
createdCredential = getCredentialStore().createCredential(realm, user, credentialModel);
|
||||
createdCredential = user.getUserCredentialManager().createStoredCredential(credentialModel);
|
||||
} else { // password exists --> update existing
|
||||
credentialModel.setId(oldPassword.getId());
|
||||
getCredentialStore().updateCredential(realm, user, credentialModel);
|
||||
user.getUserCredentialManager().updateStoredCredential(credentialModel);
|
||||
createdCredential = credentialModel;
|
||||
|
||||
// 2) add a password history item based on the old password
|
||||
if (expiredPasswordsPolicyValue > 1) {
|
||||
oldPassword.setId(null);
|
||||
oldPassword.setType(PasswordCredentialModel.PASSWORD_HISTORY);
|
||||
getCredentialStore().createCredential(realm, user, oldPassword);
|
||||
user.getUserCredentialManager().createStoredCredential(oldPassword);
|
||||
}
|
||||
}
|
||||
|
||||
// 3) remove old password history items
|
||||
final int passwordHistoryListMaxSize = Math.max(0, expiredPasswordsPolicyValue - 1);
|
||||
getCredentialStore().getStoredCredentialsByTypeStream(realm, user, PasswordCredentialModel.PASSWORD_HISTORY)
|
||||
user.getUserCredentialManager().getStoredCredentialsByTypeStream(PasswordCredentialModel.PASSWORD_HISTORY)
|
||||
.sorted(CredentialModel.comparingByStartDateDesc())
|
||||
.skip(passwordHistoryListMaxSize)
|
||||
.collect(Collectors.toList())
|
||||
.forEach(p -> getCredentialStore().removeStoredCredential(realm, user, p.getId()));
|
||||
.forEach(p -> user.getUserCredentialManager().removeStoredCredentialById(p.getId()));
|
||||
|
||||
return createdCredential;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean deleteCredential(RealmModel realm, UserModel user, String credentialId) {
|
||||
return getCredentialStore().removeStoredCredential(realm, user, credentialId);
|
||||
return user.getUserCredentialManager().removeStoredCredentialById(credentialId);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -198,7 +194,7 @@ public class PasswordCredentialProvider implements CredentialProvider<PasswordCr
|
|||
newPassword.setId(password.getId());
|
||||
newPassword.setCreatedDate(password.getCreatedDate());
|
||||
newPassword.setUserLabel(password.getUserLabel());
|
||||
getCredentialStore().updateCredential(realm, user, newPassword);
|
||||
user.getUserCredentialManager().updateStoredCredential(newPassword);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
|
@ -219,7 +215,7 @@ public class PasswordCredentialProvider implements CredentialProvider<PasswordCr
|
|||
|
||||
// Check if we are creating or updating password
|
||||
UserModel user = metadataContext.getUser();
|
||||
if (user != null && session.userCredentialManager().isConfiguredFor(session.getContext().getRealm(), user, getType())) {
|
||||
if (user != null && user.getUserCredentialManager().isConfiguredFor(getType())) {
|
||||
metadataBuilder.updateAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString());
|
||||
} else {
|
||||
metadataBuilder.createAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString());
|
||||
|
|
|
|||
|
|
@ -39,15 +39,15 @@ public class RecoveryAuthnCodesCredentialProvider
|
|||
public CredentialModel createCredential(RealmModel realm, UserModel user,
|
||||
RecoveryAuthnCodesCredentialModel credentialModel) {
|
||||
|
||||
session.userCredentialManager().getStoredCredentialsByTypeStream(realm, user, getType()).findFirst()
|
||||
user.getUserCredentialManager().getStoredCredentialsByTypeStream(getType()).findFirst()
|
||||
.ifPresent(model -> deleteCredential(realm, user, model.getId()));
|
||||
|
||||
return session.userCredentialManager().createCredential(realm, user, credentialModel);
|
||||
return user.getUserCredentialManager().createStoredCredential(credentialModel);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean deleteCredential(RealmModel realm, UserModel user, String credentialId) {
|
||||
return session.userCredentialManager().removeStoredCredential(realm, user, credentialId);
|
||||
return user.getUserCredentialManager().removeStoredCredentialById(credentialId);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -95,14 +95,13 @@ public class RecoveryAuthnCodesCredentialProvider
|
|||
|
||||
@Override
|
||||
public boolean isConfiguredFor(RealmModel realm, UserModel user, String credentialType) {
|
||||
return session.userCredentialManager().getStoredCredentialsByTypeStream(realm, user, credentialType).anyMatch(Objects::nonNull);
|
||||
return user.getUserCredentialManager().getStoredCredentialsByTypeStream(credentialType).anyMatch(Objects::nonNull);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isValid(RealmModel realm, UserModel user, CredentialInput credentialInput) {
|
||||
String rawInputRecoveryAuthnCode = credentialInput.getChallengeResponse();
|
||||
Optional<CredentialModel> credential = session.userCredentialManager()
|
||||
.getStoredCredentialsByTypeStream(realm, user, getType()).findFirst();
|
||||
Optional<CredentialModel> credential = user.getUserCredentialManager().getStoredCredentialsByTypeStream(getType()).findFirst();
|
||||
if (credential.isPresent()) {
|
||||
RecoveryAuthnCodesCredentialModel credentialModel = RecoveryAuthnCodesCredentialModel
|
||||
.createFromCredentialModel(credential.get());
|
||||
|
|
@ -112,7 +111,7 @@ public class RecoveryAuthnCodesCredentialProvider
|
|||
String nextRecoveryCode = nextRecoveryAuthnCode.get().getEncodedHashedValue();
|
||||
if (RecoveryAuthnCodesUtils.verifyRecoveryCodeInput(rawInputRecoveryAuthnCode, nextRecoveryCode)) {
|
||||
credentialModel.removeRecoveryAuthnCode();
|
||||
session.userCredentialManager().updateCredential(realm, user, credentialModel);
|
||||
user.getUserCredentialManager().updateStoredCredential(credentialModel);
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -24,12 +24,9 @@ import org.keycloak.models.UserCredentialManager;
|
|||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.cache.CachedUserModel;
|
||||
import org.keycloak.models.cache.OnUserCache;
|
||||
import org.keycloak.storage.DatastoreProvider;
|
||||
import org.keycloak.storage.StorageId;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.stream.Stream;
|
||||
|
||||
/**
|
||||
|
|
@ -48,77 +45,90 @@ public class UserCredentialStoreManager
|
|||
@Override
|
||||
@Deprecated // Keep this up to and including Keycloak 19, the use methods on user.getUserCredentialManager() instead
|
||||
public void updateCredential(RealmModel realm, UserModel user, CredentialModel cred) {
|
||||
// TODO: no longer used in non-legacy code, can be removed
|
||||
user.getUserCredentialManager().updateStoredCredential(cred);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Deprecated // Keep this up to and including Keycloak 19, the use methods on user.getUserCredentialManager() instead
|
||||
public CredentialModel createCredential(RealmModel realm, UserModel user, CredentialModel cred) {
|
||||
// TODO: no longer used in non-legacy code, can be removed
|
||||
return user.getUserCredentialManager().createStoredCredential(cred);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Deprecated // Keep this up to and including Keycloak 19, the use methods on user.getUserCredentialManager() instead
|
||||
public boolean removeStoredCredential(RealmModel realm, UserModel user, String id) {
|
||||
// TODO: no longer used in non-legacy code, can be removed
|
||||
return user.getUserCredentialManager().removeStoredCredentialById(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Deprecated // Keep this up to and including Keycloak 19, the use methods on user.getUserCredentialManager() instead
|
||||
public CredentialModel getStoredCredentialById(RealmModel realm, UserModel user, String id) {
|
||||
// TODO: no longer used in non-legacy code, can be removed
|
||||
return user.getUserCredentialManager().getStoredCredentialById(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Deprecated // Keep this up to and including Keycloak 19, the use methods on user.getUserCredentialManager() instead
|
||||
public Stream<CredentialModel> getStoredCredentialsStream(RealmModel realm, UserModel user) {
|
||||
// TODO: no longer used in non-legacy code, can be removed
|
||||
return user.getUserCredentialManager().getStoredCredentialsStream();
|
||||
}
|
||||
|
||||
@Override
|
||||
@Deprecated // Keep this up to and including Keycloak 19, the use methods on user.getUserCredentialManager() instead
|
||||
public Stream<CredentialModel> getStoredCredentialsByTypeStream(RealmModel realm, UserModel user, String type) {
|
||||
// TODO: no longer used in non-legacy code, can be removed
|
||||
return user.getUserCredentialManager().getStoredCredentialsByTypeStream(type);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Deprecated // Keep this up to and including Keycloak 19, the use methods on user.getUserCredentialManager() instead
|
||||
public CredentialModel getStoredCredentialByNameAndType(RealmModel realm, UserModel user, String name, String type) {
|
||||
// TODO: no longer used in non-legacy code, can be removed
|
||||
return user.getUserCredentialManager().getStoredCredentialByNameAndType(name, type);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Deprecated // Keep this up to and including Keycloak 19, the use methods on user.getUserCredentialManager() instead
|
||||
public boolean moveCredentialTo(RealmModel realm, UserModel user, String id, String newPreviousCredentialId){
|
||||
// TODO: no longer used, can be removed
|
||||
return user.getUserCredentialManager().moveStoredCredentialTo(id, newPreviousCredentialId);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Deprecated // Keep this up to and including Keycloak 19, the use methods on user.getUserCredentialManager() instead
|
||||
public boolean isValid(RealmModel realm, UserModel user, CredentialInput... inputs) {
|
||||
// TODO: no longer used, can be removed
|
||||
return isValid(realm, user, Arrays.asList(inputs));
|
||||
}
|
||||
|
||||
@Override
|
||||
@Deprecated // Keep this up to and including Keycloak 19, the use methods on user.getUserCredentialManager() instead
|
||||
public CredentialModel createCredentialThroughProvider(RealmModel realm, UserModel user, CredentialModel model){
|
||||
// TODO: no longer used, can be removed
|
||||
return user.getUserCredentialManager().createCredentialThroughProvider(model);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Deprecated // Keep this up to and including Keycloak 19, the use methods on user.getUserCredentialManager() instead
|
||||
public void updateCredentialLabel(RealmModel realm, UserModel user, String credentialId, String userLabel){
|
||||
// TODO: no longer used, can be removed
|
||||
user.getUserCredentialManager().updateCredentialLabel(credentialId, userLabel);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Deprecated // Keep this up to and including Keycloak 19, the use methods on user.getUserCredentialManager() instead
|
||||
public boolean isValid(RealmModel realm, UserModel user, List<CredentialInput> inputs) {
|
||||
// TODO: no longer used, can be removed
|
||||
return user.getUserCredentialManager().isValid(inputs);
|
||||
}
|
||||
|
||||
@Deprecated // Keep this up to and including Keycloak 19, then inline
|
||||
public static <T> Stream<T> getCredentialProviders(KeycloakSession session, Class<T> type) {
|
||||
// TODO: no longer used, can be removed
|
||||
return session.getKeycloakSessionFactory().getProviderFactoriesStream(CredentialProvider.class)
|
||||
.filter(f -> Types.supports(type, f, CredentialProviderFactory.class))
|
||||
.map(f -> (T) session.getProvider(CredentialProvider.class, f.getId()));
|
||||
|
|
@ -127,24 +137,28 @@ public class UserCredentialStoreManager
|
|||
@Override
|
||||
@Deprecated // Keep this up to and including Keycloak 19, the use methods on user.getUserCredentialManager() instead
|
||||
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input) {
|
||||
// TODO: no longer used, can be removed
|
||||
return user.getUserCredentialManager().updateCredential(input);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Deprecated // Keep this up to and including Keycloak 19, the use methods on user.getUserCredentialManager() instead
|
||||
public void disableCredentialType(RealmModel realm, UserModel user, String credentialType) {
|
||||
// TODO: no longer used, can be removed
|
||||
user.getUserCredentialManager().disableCredentialType(credentialType);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Deprecated // Keep this up to and including Keycloak 19, the use methods on user.getUserCredentialManager() instead
|
||||
public Stream<String> getDisableableCredentialTypesStream(RealmModel realm, UserModel user) {
|
||||
// TODO: no longer used, can be removed
|
||||
return user.getUserCredentialManager().getDisableableCredentialTypesStream();
|
||||
}
|
||||
|
||||
@Override
|
||||
@Deprecated // Keep this up to and including Keycloak 19, the use methods on user.getUserCredentialManager() instead
|
||||
public boolean isConfiguredFor(RealmModel realm, UserModel user, String type) {
|
||||
// TODO: no longer used, can be removed
|
||||
return user.getUserCredentialManager().isConfiguredFor(type);
|
||||
}
|
||||
|
||||
|
|
@ -165,13 +179,15 @@ public class UserCredentialStoreManager
|
|||
@Override
|
||||
@Deprecated // Keep this up to and including Keycloak 19, then remove it together with the OnUserCache class
|
||||
public void onCache(RealmModel realm, CachedUserModel user, UserModel delegate) {
|
||||
// TODO: only called from legacy code (infinispan), can be removed
|
||||
getCredentialProviders(session, OnUserCache.class).forEach(validator -> validator.onCache(realm, user, delegate));
|
||||
}
|
||||
|
||||
@Override
|
||||
@Deprecated // Keep this up to and including Keycloak 19, the use methods on user.getUserCredentialManager() instead
|
||||
public Stream<String> getConfiguredUserStorageCredentialTypesStream(RealmModel realm, UserModel user) {
|
||||
return user.getUserCredentialManager().getConfiguredUserStorageCredentialTypesStream(user);
|
||||
// TODO: no longer used, can be removed
|
||||
return user.getUserCredentialManager().getConfiguredUserStorageCredentialTypesStream();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -65,23 +65,19 @@ public class WebAuthnCredentialProvider implements CredentialProvider<WebAuthnCr
|
|||
attestationStatementConverter = new AttestationStatementConverter(objectConverter);
|
||||
}
|
||||
|
||||
private UserCredentialStore getCredentialStore() {
|
||||
return session.userCredentialManager();
|
||||
}
|
||||
|
||||
@Override
|
||||
public CredentialModel createCredential(RealmModel realm, UserModel user, WebAuthnCredentialModel credentialModel) {
|
||||
if (credentialModel.getCreatedDate() == null) {
|
||||
credentialModel.setCreatedDate(Time.currentTimeMillis());
|
||||
}
|
||||
|
||||
return getCredentialStore().createCredential(realm, user, credentialModel);
|
||||
return user.getUserCredentialManager().createStoredCredential(credentialModel);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean deleteCredential(RealmModel realm, UserModel user, String credentialId) {
|
||||
logger.debugv("Delete WebAuthn credential. username = {0}, credentialId = {1}", user.getUsername(), credentialId);
|
||||
return getCredentialStore().removeStoredCredential(realm, user, credentialId);
|
||||
return user.getUserCredentialManager().removeStoredCredentialById(credentialId);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -174,7 +170,7 @@ public class WebAuthnCredentialProvider implements CredentialProvider<WebAuthnCr
|
|||
@Override
|
||||
public boolean isConfiguredFor(RealmModel realm, UserModel user, String credentialType) {
|
||||
if (!supportsCredentialType(credentialType)) return false;
|
||||
return session.userCredentialManager().getStoredCredentialsByTypeStream(realm, user, credentialType).count() > 0;
|
||||
return user.getUserCredentialManager().getStoredCredentialsByTypeStream(credentialType).count() > 0;
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -212,7 +208,7 @@ public class WebAuthnCredentialProvider implements CredentialProvider<WebAuthnCr
|
|||
|
||||
logger.debugv("response.getAuthenticatorData().getFlags() = {0}", authenticationData.getAuthenticatorData().getFlags());
|
||||
|
||||
CredentialModel credModel = getCredentialStore().getStoredCredentialById(realm, user, auth.getCredentialDBId());
|
||||
CredentialModel credModel = user.getUserCredentialManager().getStoredCredentialById(auth.getCredentialDBId());
|
||||
WebAuthnCredentialModel webAuthnCredModel = getCredentialFromModel(credModel);
|
||||
|
||||
// update authenticator counter
|
||||
|
|
@ -221,7 +217,7 @@ public class WebAuthnCredentialProvider implements CredentialProvider<WebAuthnCr
|
|||
long count = auth.getCount();
|
||||
if (count > 0) {
|
||||
webAuthnCredModel.updateCounter(count + 1);
|
||||
getCredentialStore().updateCredential(realm, user, webAuthnCredModel);
|
||||
user.getUserCredentialManager().updateStoredCredential(webAuthnCredModel);
|
||||
}
|
||||
|
||||
logger.debugf("Successfully validated WebAuthn credential for user %s", user.getUsername());
|
||||
|
|
@ -246,7 +242,7 @@ public class WebAuthnCredentialProvider implements CredentialProvider<WebAuthnCr
|
|||
|
||||
|
||||
private List<WebAuthnCredentialModelInput> getWebAuthnCredentialModelList(RealmModel realm, UserModel user) {
|
||||
return session.userCredentialManager().getStoredCredentialsByTypeStream(realm, user, getType())
|
||||
return user.getUserCredentialManager().getStoredCredentialsByTypeStream(getType())
|
||||
.map(this::getCredentialInputFromCredentialModel)
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -498,7 +498,7 @@ public class ExportUtils {
|
|||
|
||||
// Credentials - extra security, do not export credentials if service accounts
|
||||
if (internal) {
|
||||
List<CredentialRepresentation> credReps = session.userCredentialManager().getStoredCredentialsStream(realm, user)
|
||||
List<CredentialRepresentation> credReps = user.getUserCredentialManager().getStoredCredentialsStream()
|
||||
.map(ExportUtils::exportCredential).collect(Collectors.toList());
|
||||
userRep.setCredentials(credReps);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -51,10 +51,9 @@ public class TotpBean {
|
|||
|
||||
public TotpBean(KeycloakSession session, RealmModel realm, UserModel user, UriBuilder uriBuilder) {
|
||||
this.uriBuilder = uriBuilder;
|
||||
this.enabled = session.userCredentialManager().isConfiguredFor(realm, user, OTPCredentialModel.TYPE);
|
||||
this.enabled = user.getUserCredentialManager().isConfiguredFor(OTPCredentialModel.TYPE);
|
||||
if (enabled) {
|
||||
List<CredentialModel> otpCredentials = session.userCredentialManager()
|
||||
.getStoredCredentialsByTypeStream(realm, user, OTPCredentialModel.TYPE).collect(Collectors.toList());
|
||||
List<CredentialModel> otpCredentials = user.getUserCredentialManager().getStoredCredentialsByTypeStream(OTPCredentialModel.TYPE).collect(Collectors.toList());
|
||||
|
||||
if (otpCredentials.isEmpty()) {
|
||||
// Credential is configured on userStorage side. Create the "fake" credential similar like we do for the new account console
|
||||
|
|
|
|||
|
|
@ -11,10 +11,7 @@ public class RecoveryAuthnCodeInputLoginBean {
|
|||
private final int codeNumber;
|
||||
|
||||
public RecoveryAuthnCodeInputLoginBean(KeycloakSession session, RealmModel realm, UserModel user) {
|
||||
CredentialModel credentialModel = session.userCredentialManager()
|
||||
.getStoredCredentialsByTypeStream(realm,
|
||||
user,
|
||||
RecoveryAuthnCodesCredentialModel.TYPE)
|
||||
CredentialModel credentialModel = user.getUserCredentialManager().getStoredCredentialsByTypeStream(RecoveryAuthnCodesCredentialModel.TYPE)
|
||||
.findFirst().get();
|
||||
|
||||
RecoveryAuthnCodesCredentialModel recoveryCodeCredentialModel = RecoveryAuthnCodesCredentialModel.createFromCredentialModel(credentialModel);
|
||||
|
|
|
|||
|
|
@ -48,9 +48,9 @@ public class TotpBean {
|
|||
public TotpBean(KeycloakSession session, RealmModel realm, UserModel user, UriBuilder uriBuilder) {
|
||||
this.realm = realm;
|
||||
this.uriBuilder = uriBuilder;
|
||||
this.enabled = session.userCredentialManager().isConfiguredFor(realm, user, OTPCredentialModel.TYPE);
|
||||
this.enabled = user.getUserCredentialManager().isConfiguredFor(OTPCredentialModel.TYPE);
|
||||
if (enabled) {
|
||||
otpCredentials = session.userCredentialManager().getStoredCredentialsByTypeStream(realm, user, OTPCredentialModel.TYPE)
|
||||
otpCredentials = user.getUserCredentialManager().getStoredCredentialsByTypeStream(OTPCredentialModel.TYPE)
|
||||
.collect(Collectors.toList());
|
||||
} else {
|
||||
otpCredentials = Collections.EMPTY_LIST;
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ public class TotpLoginBean {
|
|||
|
||||
public TotpLoginBean(KeycloakSession session, RealmModel realm, UserModel user, String selectedCredentialId) {
|
||||
|
||||
this.userOtpCredentials = session.userCredentialManager().getStoredCredentialsByTypeStream(realm, user, OTPCredentialModel.TYPE)
|
||||
this.userOtpCredentials = user.getUserCredentialManager().getStoredCredentialsByTypeStream(OTPCredentialModel.TYPE)
|
||||
.map(OTPCredential::new)
|
||||
.collect(Collectors.toList());
|
||||
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ public class WebAuthnAuthenticatorsBean {
|
|||
|
||||
public WebAuthnAuthenticatorsBean(KeycloakSession session, RealmModel realm, UserModel user, String credentialType) {
|
||||
// should consider multiple credentials in the future, but only single credential supported now.
|
||||
this.authenticators = session.userCredentialManager().getStoredCredentialsByTypeStream(realm, user, credentialType)
|
||||
this.authenticators = user.getUserCredentialManager().getStoredCredentialsByTypeStream(credentialType)
|
||||
.map(WebAuthnCredentialModel::createFromCredentialModel)
|
||||
.map(webAuthnCredential -> {
|
||||
String credentialId = Base64Url.encodeBase64ToBase64Url(webAuthnCredential.getWebAuthnCredentialData().getCredentialId());
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ public class HttpBasicAuthenticator implements Authenticator {
|
|||
|
||||
if (user != null) {
|
||||
final String password = usernameAndPassword[1];
|
||||
final boolean valid = context.getSession().userCredentialManager().isValid(realm, user, UserCredentialModel.password(password));
|
||||
final boolean valid = user.getUserCredentialManager().isValid(UserCredentialModel.password(password));
|
||||
|
||||
if (valid) {
|
||||
if (isTemporarilyDisabledByBruteForce(context, user)) {
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ public class ApplianceBootstrap {
|
|||
adminUser.setEnabled(true);
|
||||
|
||||
UserCredentialModel usrCredModel = UserCredentialModel.password(password);
|
||||
session.userCredentialManager().updateCredential(realm, adminUser, usrCredModel);
|
||||
adminUser.getUserCredentialManager().updateCredential(usrCredModel);
|
||||
|
||||
RoleModel adminRole = realm.getRole(AdminRoles.ADMIN);
|
||||
adminUser.grantRole(adminRole);
|
||||
|
|
|
|||
|
|
@ -140,7 +140,7 @@ public class AccountConsole {
|
|||
boolean isTotpConfigured = false;
|
||||
boolean deleteAccountAllowed = false;
|
||||
if (user != null) {
|
||||
isTotpConfigured = session.userCredentialManager().isConfiguredFor(realm, user, realm.getOTPPolicy().getType());
|
||||
isTotpConfigured = user.getUserCredentialManager().isConfiguredFor(realm.getOTPPolicy().getType());
|
||||
RoleModel deleteAccountRole = realm.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).getRole(AccountRoles.DELETE_ACCOUNT);
|
||||
deleteAccountAllowed = deleteAccountRole != null && user.hasRole(deleteAccountRole) && realm.getRequiredActionProviderByAlias(DeleteAccount.PROVIDER_ID).isEnabled();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,12 +5,13 @@ import org.jboss.logging.Logger;
|
|||
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||
import org.keycloak.authentication.Authenticator;
|
||||
import org.keycloak.authentication.AuthenticatorFactory;
|
||||
import org.keycloak.common.util.reflections.Types;
|
||||
import org.keycloak.credential.CredentialMetadata;
|
||||
import org.keycloak.credential.CredentialModel;
|
||||
import org.keycloak.credential.CredentialProvider;
|
||||
import org.keycloak.credential.CredentialProviderFactory;
|
||||
import org.keycloak.credential.CredentialTypeMetadata;
|
||||
import org.keycloak.credential.CredentialTypeMetadataContext;
|
||||
import org.keycloak.credential.UserCredentialStoreManager;
|
||||
import org.keycloak.models.AccountRoles;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticationFlowModel;
|
||||
|
|
@ -168,11 +169,13 @@ public class AccountCredentialResource {
|
|||
|
||||
boolean includeUserCredentials = userCredentials == null || userCredentials;
|
||||
|
||||
List<CredentialProvider> credentialProviders = UserCredentialStoreManager.getCredentialProviders(session, CredentialProvider.class)
|
||||
List<CredentialProvider> credentialProviders = session.getKeycloakSessionFactory().getProviderFactoriesStream(CredentialProvider.class)
|
||||
.filter(f -> Types.supports(CredentialProvider.class, f, CredentialProviderFactory.class))
|
||||
.map(f -> session.getProvider(CredentialProvider.class, f.getId()))
|
||||
.collect(Collectors.toList());
|
||||
Set<String> enabledCredentialTypes = getEnabledCredentialTypes(credentialProviders);
|
||||
|
||||
Stream<CredentialModel> modelsStream = includeUserCredentials ? session.userCredentialManager().getStoredCredentialsStream(realm, user) : Stream.empty();
|
||||
Stream<CredentialModel> modelsStream = includeUserCredentials ? user.getUserCredentialManager().getStoredCredentialsStream() : Stream.empty();
|
||||
List<CredentialModel> models = modelsStream.collect(Collectors.toList());
|
||||
|
||||
Function<CredentialProvider, CredentialContainer> toCredentialContainer = (credentialProvider) -> {
|
||||
|
|
@ -201,7 +204,7 @@ public class AccountCredentialResource {
|
|||
userCredentialMetadataModels = credentialMetadataList.stream().map(ModelToRepresentation::toRepresentation).collect(Collectors.toList());
|
||||
|
||||
if (userCredentialMetadataModels.isEmpty() &&
|
||||
session.userCredentialManager().isConfiguredFor(realm, user, credentialProvider.getType())) {
|
||||
user.getUserCredentialManager().isConfiguredFor(credentialProvider.getType())) {
|
||||
// In case user is federated in the userStorage, he may have credential configured on the userStorage side. We're
|
||||
// creating "dummy" credential representing the credential provided by userStorage
|
||||
CredentialMetadataRepresentation metadataRepresentation = new CredentialMetadataRepresentation();
|
||||
|
|
@ -276,11 +279,11 @@ public class AccountCredentialResource {
|
|||
@NoCache
|
||||
public void removeCredential(final @PathParam("credentialId") String credentialId) {
|
||||
auth.require(AccountRoles.MANAGE_ACCOUNT);
|
||||
CredentialModel credential = session.userCredentialManager().getStoredCredentialById(realm, user, credentialId);
|
||||
CredentialModel credential = user.getUserCredentialManager().getStoredCredentialById(credentialId);
|
||||
if (credential == null) {
|
||||
throw new NotFoundException("Credential not found");
|
||||
}
|
||||
session.userCredentialManager().removeStoredCredential(realm, user, credentialId);
|
||||
user.getUserCredentialManager().removeStoredCredentialById(credentialId);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -296,14 +299,14 @@ public class AccountCredentialResource {
|
|||
@NoCache
|
||||
public void setLabel(final @PathParam("credentialId") String credentialId, String userLabel) {
|
||||
auth.require(AccountRoles.MANAGE_ACCOUNT);
|
||||
CredentialModel credential = session.userCredentialManager().getStoredCredentialById(realm, user, credentialId);
|
||||
CredentialModel credential = user.getUserCredentialManager().getStoredCredentialById(credentialId);
|
||||
if (credential == null) {
|
||||
throw new NotFoundException("Credential not found");
|
||||
}
|
||||
|
||||
try {
|
||||
String label = JsonSerialization.readValue(userLabel, String.class);
|
||||
session.userCredentialManager().updateCredentialLabel(realm, user, credentialId, label);
|
||||
user.getUserCredentialManager().updateCredentialLabel(credentialId, label);
|
||||
} catch (IOException ioe) {
|
||||
throw new ErrorResponseException(ErrorResponse.error(Messages.INVALID_REQUEST, Response.Status.BAD_REQUEST));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -600,7 +600,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
|
|||
}
|
||||
|
||||
UserCredentialModel cred = UserCredentialModel.password(password);
|
||||
if (!session.userCredentialManager().isValid(realm, user, cred)) {
|
||||
if (!user.getUserCredentialManager().isValid(cred)) {
|
||||
setReferrerOnPage();
|
||||
errorEvent.error(Errors.INVALID_USER_CREDENTIALS);
|
||||
return account.setError(Status.OK, Messages.INVALID_PASSWORD_EXISTING).createResponse(AccountPages.PASSWORD);
|
||||
|
|
@ -620,7 +620,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
|
|||
}
|
||||
|
||||
try {
|
||||
session.userCredentialManager().updateCredential(realm, user, UserCredentialModel.password(passwordNew, false));
|
||||
user.getUserCredentialManager().updateCredential(UserCredentialModel.password(passwordNew, false));
|
||||
} catch (ReadOnlyException mre) {
|
||||
setReferrerOnPage();
|
||||
errorEvent.error(Errors.NOT_ALLOWED);
|
||||
|
|
@ -1028,7 +1028,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
|
|||
}
|
||||
|
||||
public static boolean isPasswordSet(KeycloakSession session, RealmModel realm, UserModel user) {
|
||||
return session.userCredentialManager().isConfiguredFor(realm, user, PasswordCredentialModel.TYPE);
|
||||
return user.getUserCredentialManager().isConfiguredFor(PasswordCredentialModel.TYPE);
|
||||
}
|
||||
|
||||
private String[] getReferrer() {
|
||||
|
|
|
|||
|
|
@ -245,7 +245,7 @@ public class LinkedAccountsResource {
|
|||
}
|
||||
|
||||
private boolean isPasswordSet() {
|
||||
return session.userCredentialManager().isConfiguredFor(realm, user, PasswordCredentialModel.TYPE);
|
||||
return user.getUserCredentialManager().isConfiguredFor(PasswordCredentialModel.TYPE);
|
||||
}
|
||||
|
||||
private boolean isValidProvider(String providerId) {
|
||||
|
|
|
|||
|
|
@ -7,16 +7,27 @@ import org.keycloak.models.credential.PasswordCredentialModel;
|
|||
|
||||
public class PasswordUtil {
|
||||
|
||||
private KeycloakSession session;
|
||||
private UserModel user;
|
||||
private final UserModel user;
|
||||
|
||||
@Deprecated
|
||||
public PasswordUtil(KeycloakSession session, UserModel user) {
|
||||
this.session = session;
|
||||
this.user = user;
|
||||
}
|
||||
|
||||
public PasswordUtil(UserModel user) {
|
||||
this.user = user;
|
||||
}
|
||||
|
||||
/**
|
||||
* @deprecated Instead, use {@link #isConfigured()}
|
||||
*/
|
||||
@Deprecated
|
||||
public boolean isConfigured(KeycloakSession session, RealmModel realm, UserModel user) {
|
||||
return session.userCredentialManager().isConfiguredFor(realm, user, PasswordCredentialModel.TYPE);
|
||||
return user.getUserCredentialManager().isConfiguredFor(PasswordCredentialModel.TYPE);
|
||||
}
|
||||
|
||||
public boolean isConfigured() {
|
||||
return user.getUserCredentialManager().isConfiguredFor(PasswordCredentialModel.TYPE);
|
||||
}
|
||||
|
||||
public void update() {
|
||||
|
|
|
|||
|
|
@ -587,7 +587,7 @@ public class UserResource {
|
|||
auth.users().requireManage(user);
|
||||
if (credentialTypes == null) return;
|
||||
for (String type : credentialTypes) {
|
||||
session.userCredentialManager().disableCredentialType(realm, user, type);
|
||||
user.getUserCredentialManager().disableCredentialType(type);
|
||||
|
||||
}
|
||||
}
|
||||
|
|
@ -610,7 +610,7 @@ public class UserResource {
|
|||
}
|
||||
|
||||
try {
|
||||
session.userCredentialManager().updateCredential(realm, user, UserCredentialModel.password(cred.getValue(), false));
|
||||
user.getUserCredentialManager().updateCredential(UserCredentialModel.password(cred.getValue(), false));
|
||||
} catch (IllegalStateException ise) {
|
||||
throw new BadRequestException("Resetting to N old passwords is not allowed.");
|
||||
} catch (ReadOnlyException mre) {
|
||||
|
|
@ -638,7 +638,7 @@ public class UserResource {
|
|||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Stream<CredentialRepresentation> credentials(){
|
||||
auth.users().requireManage(user);
|
||||
return session.userCredentialManager().getStoredCredentialsStream(realm, user)
|
||||
return user.getUserCredentialManager().getStoredCredentialsStream()
|
||||
.map(ModelToRepresentation::toRepresentation)
|
||||
.peek(credentialRepresentation -> credentialRepresentation.setSecretData(null));
|
||||
}
|
||||
|
|
@ -658,7 +658,7 @@ public class UserResource {
|
|||
// This has "requireManage" due the compatibility with "credentials()" endpoint. Strictly said, it is reading endpoint, not writing,
|
||||
// so may be revisited if to rather use "requireView" here in the future.
|
||||
auth.users().requireManage(user);
|
||||
return session.userCredentialManager().getConfiguredUserStorageCredentialTypesStream(realm, user);
|
||||
return user.getUserCredentialManager().getConfiguredUserStorageCredentialTypesStream();
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -671,13 +671,13 @@ public class UserResource {
|
|||
@NoCache
|
||||
public void removeCredential(final @PathParam("credentialId") String credentialId) {
|
||||
auth.users().requireManage(user);
|
||||
CredentialModel credential = session.userCredentialManager().getStoredCredentialById(realm, user, credentialId);
|
||||
CredentialModel credential = user.getUserCredentialManager().getStoredCredentialById(credentialId);
|
||||
if (credential == null) {
|
||||
// we do this to make sure somebody can't phish ids
|
||||
if (auth.users().canQuery()) throw new NotFoundException("Credential not found");
|
||||
else throw new ForbiddenException();
|
||||
}
|
||||
session.userCredentialManager().removeStoredCredential(realm, user, credentialId);
|
||||
user.getUserCredentialManager().removeStoredCredentialById(credentialId);
|
||||
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success();
|
||||
}
|
||||
|
||||
|
|
@ -689,13 +689,13 @@ public class UserResource {
|
|||
@Path("credentials/{credentialId}/userLabel")
|
||||
public void setCredentialUserLabel(final @PathParam("credentialId") String credentialId, String userLabel) {
|
||||
auth.users().requireManage(user);
|
||||
CredentialModel credential = session.userCredentialManager().getStoredCredentialById(realm, user, credentialId);
|
||||
CredentialModel credential = user.getUserCredentialManager().getStoredCredentialById(credentialId);
|
||||
if (credential == null) {
|
||||
// we do this to make sure somebody can't phish ids
|
||||
if (auth.users().canQuery()) throw new NotFoundException("Credential not found");
|
||||
else throw new ForbiddenException();
|
||||
}
|
||||
session.userCredentialManager().updateCredentialLabel(realm, user, credentialId, userLabel);
|
||||
user.getUserCredentialManager().updateCredentialLabel(credentialId, userLabel);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -717,13 +717,13 @@ public class UserResource {
|
|||
@POST
|
||||
public void moveCredentialAfter(final @PathParam("credentialId") String credentialId, final @PathParam("newPreviousCredentialId") String newPreviousCredentialId){
|
||||
auth.users().requireManage(user);
|
||||
CredentialModel credential = session.userCredentialManager().getStoredCredentialById(realm, user, credentialId);
|
||||
CredentialModel credential = user.getUserCredentialManager().getStoredCredentialById(credentialId);
|
||||
if (credential == null) {
|
||||
// we do this to make sure somebody can't phish ids
|
||||
if (auth.users().canQuery()) throw new NotFoundException("Credential not found");
|
||||
else throw new ForbiddenException();
|
||||
}
|
||||
session.userCredentialManager().moveCredentialTo(realm, user, credentialId, newPreviousCredentialId);
|
||||
user.getUserCredentialManager().moveStoredCredentialTo(credentialId, newPreviousCredentialId);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -631,7 +631,7 @@ public class TestingResourceProvider implements RealmResourceProvider {
|
|||
if (realm == null) return false;
|
||||
UserProvider userProvider = session.getProvider(UserProvider.class);
|
||||
UserModel user = userProvider.getUserByUsername(realm, userName);
|
||||
return session.userCredentialManager().isValid(realm, user, UserCredentialModel.password(password));
|
||||
return user.getUserCredentialManager().isValid(UserCredentialModel.password(password));
|
||||
}
|
||||
|
||||
@GET
|
||||
|
|
|
|||
|
|
@ -56,8 +56,7 @@ public class RunHelpers {
|
|||
return (FetchOnServer) session -> {
|
||||
RealmModel realm = session.getContext().getRealm();
|
||||
UserModel user = session.users().getUserByUsername(realm, username);
|
||||
List<CredentialModel> storedCredentialsByType = session.userCredentialManager()
|
||||
.getStoredCredentialsByTypeStream(realm, user, CredentialRepresentation.PASSWORD)
|
||||
List<CredentialModel> storedCredentialsByType = user.getUserCredentialManager().getStoredCredentialsByTypeStream(CredentialRepresentation.PASSWORD)
|
||||
.collect(Collectors.toList());
|
||||
System.out.println(storedCredentialsByType.size());
|
||||
return storedCredentialsByType.get(0);
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ public class LDAPTestUtils {
|
|||
|
||||
UserCredentialModel creds = UserCredentialModel.password(password);
|
||||
|
||||
session.userCredentialManager().updateCredential(realm, user, creds);
|
||||
user.getUserCredentialManager().updateCredential(creds);
|
||||
return user;
|
||||
}
|
||||
|
||||
|
|
@ -83,7 +83,7 @@ public class LDAPTestUtils {
|
|||
if (password == null) {
|
||||
return;
|
||||
}
|
||||
session.userCredentialManager().updateCredential(appRealm, user, (UserCredentialModel) UserCredentialModel.password(username));
|
||||
user.getUserCredentialManager().updateCredential((UserCredentialModel) UserCredentialModel.password(username));
|
||||
}
|
||||
|
||||
public static LDAPObject addLDAPUser(LDAPStorageProvider ldapProvider, RealmModel realm, final String username,
|
||||
|
|
|
|||
|
|
@ -487,8 +487,7 @@ public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
|
|||
RealmModel realm = session.getContext().getRealm();
|
||||
UserModel user = session.users().getUserById(realm, uId);
|
||||
assertThat(user, Matchers.notNullValue());
|
||||
List<CredentialModel> storedCredentials = session.userCredentialManager()
|
||||
.getStoredCredentialsStream(realm, user).collect(Collectors.toList());
|
||||
List<CredentialModel> storedCredentials = user.getUserCredentialManager().getStoredCredentialsStream().collect(Collectors.toList());
|
||||
assertThat(storedCredentials, Matchers.hasSize(expectedNumberOfStoredCredentials));
|
||||
});
|
||||
}
|
||||
|
|
|
|||
|
|
@ -115,11 +115,11 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
|||
|
||||
UserModel admin = session.users().addUser(realm, "salesManager");
|
||||
admin.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
|
||||
admin.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
|
||||
admin = session.users().addUser(realm, "sales-admin");
|
||||
admin.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
|
||||
admin.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
|
||||
UserModel user = session.users().addUser(realm, "salesman");
|
||||
user.setEnabled(true);
|
||||
|
|
@ -217,32 +217,32 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
|||
|
||||
UserModel nomapAdmin = session.users().addUser(realm, "nomap-admin");
|
||||
nomapAdmin.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, nomapAdmin, UserCredentialModel.password("password"));
|
||||
nomapAdmin.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
nomapAdmin.grantRole(adminRole);
|
||||
|
||||
UserModel anotherAdmin = session.users().addUser(realm, "anotherAdmin");
|
||||
anotherAdmin.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, anotherAdmin, UserCredentialModel.password("password"));
|
||||
anotherAdmin.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
anotherAdmin.grantRole(adminRole);
|
||||
|
||||
UserModel authorizedUser = session.users().addUser(realm, "authorized");
|
||||
authorizedUser.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, authorizedUser, UserCredentialModel.password("password"));
|
||||
authorizedUser.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
authorizedUser.grantRole(mapperRole);
|
||||
authorizedUser.grantRole(managerRole);
|
||||
|
||||
UserModel authorizedComposite = session.users().addUser(realm, "authorizedComposite");
|
||||
authorizedComposite.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, authorizedComposite, UserCredentialModel.password("password"));
|
||||
authorizedComposite.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
authorizedComposite.grantRole(compositeRole);
|
||||
|
||||
UserModel unauthorizedUser = session.users().addUser(realm, "unauthorized");
|
||||
unauthorizedUser.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, unauthorizedUser, UserCredentialModel.password("password"));
|
||||
unauthorizedUser.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
|
||||
UserModel unauthorizedMapper = session.users().addUser(realm, "unauthorizedMapper");
|
||||
unauthorizedMapper.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, unauthorizedMapper, UserCredentialModel.password("password"));
|
||||
unauthorizedMapper.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
unauthorizedMapper.grantRole(managerRole);
|
||||
|
||||
UserModel user1 = session.users().addUser(realm, "user1");
|
||||
|
|
@ -260,11 +260,11 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
|||
groupManager.grantRole(queryUsersRole);
|
||||
groupManager.setEnabled(true);
|
||||
groupManager.grantRole(mapperRole);
|
||||
session.userCredentialManager().updateCredential(realm, groupManager, UserCredentialModel.password("password"));
|
||||
groupManager.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
|
||||
UserModel groupManagerNoMapper = session.users().addUser(realm, "noMapperGroupManager");
|
||||
groupManagerNoMapper.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, groupManagerNoMapper, UserCredentialModel.password("password"));
|
||||
groupManagerNoMapper.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
groupManagerNoMapper.grantRole(queryGroupsRole);
|
||||
groupManagerNoMapper.grantRole(queryUsersRole);
|
||||
|
||||
|
|
@ -282,7 +282,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
|||
clientMapper.setEnabled(true);
|
||||
clientMapper.grantRole(managerRole);
|
||||
clientMapper.grantRole(queryUsersRole);
|
||||
session.userCredentialManager().updateCredential(realm, clientMapper, UserCredentialModel.password("password"));
|
||||
clientMapper.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
Policy clientMapperPolicy = permissions.clients().mapRolesPermission(client);
|
||||
UserPolicyRepresentation userRep = new UserPolicyRepresentation();
|
||||
userRep.setName("userClientMapper");
|
||||
|
|
@ -293,7 +293,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
|||
UserModel clientManager = session.users().addUser(realm, "clientManager");
|
||||
clientManager.setEnabled(true);
|
||||
clientManager.grantRole(queryClientsRole);
|
||||
session.userCredentialManager().updateCredential(realm, clientManager, UserCredentialModel.password("password"));
|
||||
clientManager.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
|
||||
Policy clientManagerPolicy = permissions.clients().managePermission(client);
|
||||
userRep = new UserPolicyRepresentation();
|
||||
|
|
@ -306,7 +306,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
|||
UserModel clientConfigurer = session.users().addUser(realm, "clientConfigurer");
|
||||
clientConfigurer.setEnabled(true);
|
||||
clientConfigurer.grantRole(queryClientsRole);
|
||||
session.userCredentialManager().updateCredential(realm, clientConfigurer, UserCredentialModel.password("password"));
|
||||
clientConfigurer.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
|
||||
Policy clientConfigurePolicy = permissions.clients().configurePermission(client);
|
||||
userRep = new UserPolicyRepresentation();
|
||||
|
|
@ -320,7 +320,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
|||
groupViewer.grantRole(queryGroupsRole);
|
||||
groupViewer.grantRole(queryUsersRole);
|
||||
groupViewer.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, groupViewer, UserCredentialModel.password("password"));
|
||||
groupViewer.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
|
||||
UserPolicyRepresentation groupViewMembersRep = new UserPolicyRepresentation();
|
||||
groupViewMembersRep.setName("groupMemberViewers");
|
||||
|
|
@ -778,7 +778,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
|||
UserModel realmUser = session.users().addUser(realm, "realm-admin");
|
||||
realmUser.grantRole(realmAdminRole);
|
||||
realmUser.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, realmUser, UserCredentialModel.password("password"));
|
||||
realmUser.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
}
|
||||
|
||||
// KEYCLOAK-5152
|
||||
|
|
@ -977,12 +977,12 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
|||
|
||||
GroupModel customerAGroup = session.groups().createGroup(realm, "Customer A");
|
||||
UserModel customerAManager = session.users().addUser(realm, "customer-a-manager");
|
||||
session.userCredentialManager().updateCredential(realm, customerAManager, UserCredentialModel.password("password"));
|
||||
customerAManager.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
ClientModel realmAdminClient = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
|
||||
customerAManager.grantRole(realmAdminClient.getRole(AdminRoles.QUERY_USERS));
|
||||
customerAManager.setEnabled(true);
|
||||
UserModel regularAdminUser = session.users().addUser(realm, "regular-admin-user");
|
||||
session.userCredentialManager().updateCredential(realm, regularAdminUser, UserCredentialModel.password("password"));
|
||||
regularAdminUser.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
regularAdminUser.grantRole(realmAdminClient.getRole(AdminRoles.VIEW_USERS));
|
||||
regularAdminUser.setEnabled(true);
|
||||
|
||||
|
|
@ -1073,7 +1073,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
|||
|
||||
ClientModel realmAdminClient = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
|
||||
UserModel regularAdminUser = session.users().addUser(realm, "regular-admin-user");
|
||||
session.userCredentialManager().updateCredential(realm, regularAdminUser, UserCredentialModel.password("password"));
|
||||
regularAdminUser.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
regularAdminUser.grantRole(realmAdminClient.getRole(AdminRoles.QUERY_CLIENTS));
|
||||
regularAdminUser.setEnabled(true);
|
||||
|
||||
|
|
@ -1253,7 +1253,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
|||
|
||||
ClientModel realmAdminClient = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
|
||||
UserModel regularAdminUser = session.users().addUser(realm, "regular-admin-user");
|
||||
session.userCredentialManager().updateCredential(realm, regularAdminUser, UserCredentialModel.password("password"));
|
||||
regularAdminUser.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
regularAdminUser.grantRole(realmAdminClient.getRole(AdminRoles.QUERY_CLIENTS));
|
||||
regularAdminUser.setEnabled(true);
|
||||
|
||||
|
|
|
|||
|
|
@ -82,27 +82,27 @@ public class IllegalAdminUpgradeTest extends AbstractKeycloakTest {
|
|||
UserModel realmUser = session.users().addUser(realm, "userAdmin");
|
||||
realmUser.grantRole(realmManageUsers);
|
||||
realmUser.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, realmUser, UserCredentialModel.password("password"));
|
||||
realmUser.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
|
||||
UserModel masterUser = session.users().addUser(master, "userAdmin");
|
||||
masterUser.grantRole(masterManageUsers);
|
||||
masterUser.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(master, masterUser, UserCredentialModel.password("password"));
|
||||
masterUser.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
|
||||
UserModel masterAdmin = session.users().addUser(master, "masterAdmin");
|
||||
masterAdmin.grantRole(masterMasterManageUSers);
|
||||
masterAdmin.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(master, masterAdmin, UserCredentialModel.password("password"));
|
||||
masterAdmin.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
|
||||
UserModel user = session.users().addUser(master, "user");
|
||||
user.grantRole(masterManageUsers);
|
||||
user.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(master, user, UserCredentialModel.password("password"));
|
||||
user.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
|
||||
user = session.users().addUser(realm, "user");
|
||||
user.grantRole(realmManageUsers);
|
||||
user.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, user, UserCredentialModel.password("password"));
|
||||
user.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
}
|
||||
|
||||
//@Test
|
||||
|
|
|
|||
|
|
@ -778,7 +778,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
|
|||
}
|
||||
try {
|
||||
UserCredentialModel cred = UserCredentialModel.password("PoopyPoop1", true);
|
||||
session.userCredentialManager().updateCredential(appRealm, user, cred);
|
||||
user.getUserCredentialManager().updateCredential(cred);
|
||||
Assert.fail("should fail");
|
||||
} catch (ReadOnlyException e) {
|
||||
|
||||
|
|
@ -953,13 +953,12 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
|
|||
Assert.assertEquals(user.getFederationLink(), ctx.getLdapModel().getId());
|
||||
|
||||
UserCredentialModel cred = UserCredentialModel.password("Candycand1", true);
|
||||
session.userCredentialManager().updateCredential(appRealm, user, cred);
|
||||
CredentialModel userCredentialValueModel = session.userCredentialManager()
|
||||
.getStoredCredentialsByTypeStream(appRealm, user, PasswordCredentialModel.TYPE)
|
||||
user.getUserCredentialManager().updateCredential(cred);
|
||||
CredentialModel userCredentialValueModel = user.getUserCredentialManager().getStoredCredentialsByTypeStream(PasswordCredentialModel.TYPE)
|
||||
.findFirst().orElse(null);
|
||||
Assert.assertNotNull(userCredentialValueModel);
|
||||
Assert.assertEquals(PasswordCredentialModel.TYPE, userCredentialValueModel.getType());
|
||||
Assert.assertTrue(session.userCredentialManager().isValid(appRealm, user, cred));
|
||||
Assert.assertTrue(user.getUserCredentialManager().isValid(cred));
|
||||
|
||||
// LDAP password is still unchanged
|
||||
try {
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ public class LDAPUserMultipleCredentialTest extends AbstractLDAPTest {
|
|||
LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), user2, "some-other-password");
|
||||
UserModel userWithOtp = session.users().getUserByUsername(appRealm, "test-user-with-otp");
|
||||
OTPCredentialModel otpCredential = OTPCredentialModel.createHOTP("DJmQfC73VGFhw7D4QJ8A", 6, 0, "HmacSHA1");
|
||||
session.userCredentialManager().createCredential(appRealm, userWithOtp, otpCredential);
|
||||
userWithOtp.getUserCredentialManager().createStoredCredential(otpCredential);
|
||||
});
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -292,8 +292,7 @@ public class BackwardsCompatibilityUserStorageTest extends AbstractAuthTest {
|
|||
testingClient.server().run(session -> {
|
||||
RealmModel realm1 = session.realms().getRealmByName("test");
|
||||
UserModel user1 = session.users().getUserByUsername(realm1, "otp1");
|
||||
Assert.assertEquals(0, session.userCredentialManager()
|
||||
.getStoredCredentialsStream(realm1, user1).count());
|
||||
Assert.assertEquals(0, user1.getUserCredentialManager().getStoredCredentialsStream().count());
|
||||
});
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -14,9 +14,11 @@ import org.keycloak.admin.client.resource.UserResource;
|
|||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.common.util.MultivaluedHashMap;
|
||||
import org.keycloak.common.util.ObjectUtil;
|
||||
import org.keycloak.common.util.reflections.Types;
|
||||
import org.keycloak.credential.CredentialAuthentication;
|
||||
import org.keycloak.credential.CredentialModel;
|
||||
import org.keycloak.credential.UserCredentialStoreManager;
|
||||
import org.keycloak.credential.CredentialProvider;
|
||||
import org.keycloak.credential.CredentialProviderFactory;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
|
|
@ -229,7 +231,9 @@ public class UserStorageTest extends AbstractAuthTest {
|
|||
@Test
|
||||
@ModelTest
|
||||
public void testCast(KeycloakSession session) throws Exception {
|
||||
UserCredentialStoreManager.getCredentialProviders(session, CredentialAuthentication.class).collect(Collectors.toList());
|
||||
session.getKeycloakSessionFactory().getProviderFactoriesStream(CredentialProvider.class)
|
||||
.filter(f -> Types.supports(CredentialAuthentication.class, f, CredentialProviderFactory.class))
|
||||
.map(f -> (CredentialAuthentication) session.getProvider(CredentialProvider.class, f.getId())).collect(Collectors.toList());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -883,19 +887,19 @@ public class UserStorageTest extends AbstractAuthTest {
|
|||
UserModel user = currentSession.users().getUserByUsername(realm, "thor");
|
||||
Assert.assertFalse(StorageId.isLocalStorage(user));
|
||||
|
||||
Stream<CredentialModel> credentials = currentSession.userCredentialManager().getStoredCredentialsStream(realm, user);
|
||||
Stream<CredentialModel> credentials = user.getUserCredentialManager().getStoredCredentialsStream();
|
||||
org.keycloak.testsuite.Assert.assertEquals(0, credentials.count());
|
||||
|
||||
// Create password
|
||||
CredentialModel passwordCred = PasswordCredentialModel.createFromValues("my-algorithm", "theSalt".getBytes(), 22, "ABC");
|
||||
passwordCred = currentSession.userCredentialManager().createCredential(realm, user, passwordCred);
|
||||
passwordCred = user.getUserCredentialManager().createStoredCredential(passwordCred);
|
||||
passwordId.set(passwordCred.getId());
|
||||
|
||||
// Create Password and 2 OTP credentials (password was already created)
|
||||
CredentialModel otp1 = OTPCredentialModel.createFromPolicy(realm, "secret1");
|
||||
CredentialModel otp2 = OTPCredentialModel.createFromPolicy(realm, "secret2");
|
||||
otp1 = currentSession.userCredentialManager().createCredential(realm, user, otp1);
|
||||
otp2 = currentSession.userCredentialManager().createCredential(realm, user, otp2);
|
||||
otp1 = user.getUserCredentialManager().createStoredCredential(otp1);
|
||||
otp2 = user.getUserCredentialManager().createStoredCredential(otp2);
|
||||
otp1Id.set(otp1.getId());
|
||||
otp2Id.set(otp2.getId());
|
||||
});
|
||||
|
|
@ -906,18 +910,18 @@ public class UserStorageTest extends AbstractAuthTest {
|
|||
UserModel user = currentSession.users().getUserByUsername(realm, "thor");
|
||||
|
||||
// Assert priorities: password, otp1, otp2
|
||||
List<CredentialModel> list = currentSession.userCredentialManager().getStoredCredentialsStream(realm, user)
|
||||
List<CredentialModel> list = user.getUserCredentialManager().getStoredCredentialsStream()
|
||||
.collect(Collectors.toList());
|
||||
assertOrder(list, passwordId.get(), otp1Id.get(), otp2Id.get());
|
||||
|
||||
// Assert can't move password when newPreviousCredential not found
|
||||
assertFalse(currentSession.userCredentialManager().moveCredentialTo(realm, user, passwordId.get(), "not-known"));
|
||||
assertFalse(user.getUserCredentialManager().moveStoredCredentialTo(passwordId.get(), "not-known"));
|
||||
|
||||
// Assert can't move credential when not found
|
||||
assertFalse(currentSession.userCredentialManager().moveCredentialTo(realm, user, "not-known", otp2Id.get()));
|
||||
assertFalse(user.getUserCredentialManager().moveStoredCredentialTo("not-known", otp2Id.get()));
|
||||
|
||||
// Move otp2 up
|
||||
assertTrue(currentSession.userCredentialManager().moveCredentialTo(realm, user, otp2Id.get(), passwordId.get()));
|
||||
assertTrue(user.getUserCredentialManager().moveStoredCredentialTo(otp2Id.get(), passwordId.get()));
|
||||
});
|
||||
|
||||
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
|
||||
|
|
@ -925,12 +929,12 @@ public class UserStorageTest extends AbstractAuthTest {
|
|||
UserModel user = currentSession.users().getUserByUsername(realm, "thor");
|
||||
|
||||
// Assert priorities: password, otp2, otp1
|
||||
List<CredentialModel> list = currentSession.userCredentialManager().getStoredCredentialsStream(realm, user)
|
||||
List<CredentialModel> list = user.getUserCredentialManager().getStoredCredentialsStream()
|
||||
.collect(Collectors.toList());
|
||||
assertOrder(list, passwordId.get(), otp2Id.get(), otp1Id.get());
|
||||
|
||||
// Move otp2 to the top
|
||||
org.keycloak.testsuite.Assert.assertTrue(currentSession.userCredentialManager().moveCredentialTo(realm, user, otp2Id.get(), null));
|
||||
org.keycloak.testsuite.Assert.assertTrue(user.getUserCredentialManager().moveStoredCredentialTo(otp2Id.get(), null));
|
||||
});
|
||||
|
||||
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
|
||||
|
|
@ -938,12 +942,12 @@ public class UserStorageTest extends AbstractAuthTest {
|
|||
UserModel user = currentSession.users().getUserByUsername(realm, "thor");
|
||||
|
||||
// Assert priorities: otp2, password, otp1
|
||||
List<CredentialModel> list = currentSession.userCredentialManager().getStoredCredentialsStream(realm, user)
|
||||
List<CredentialModel> list = user.getUserCredentialManager().getStoredCredentialsStream()
|
||||
.collect(Collectors.toList());
|
||||
assertOrder(list, otp2Id.get(), passwordId.get(), otp1Id.get());
|
||||
|
||||
// Move password down
|
||||
assertTrue(currentSession.userCredentialManager().moveCredentialTo(realm, user, passwordId.get(), otp1Id.get()));
|
||||
assertTrue(user.getUserCredentialManager().moveStoredCredentialTo(passwordId.get(), otp1Id.get()));
|
||||
});
|
||||
|
||||
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
|
||||
|
|
@ -951,12 +955,12 @@ public class UserStorageTest extends AbstractAuthTest {
|
|||
UserModel user = currentSession.users().getUserByUsername(realm, "thor");
|
||||
|
||||
// Assert priorities: otp2, otp1, password
|
||||
List<CredentialModel> list = currentSession.userCredentialManager().getStoredCredentialsStream(realm, user)
|
||||
List<CredentialModel> list = user.getUserCredentialManager().getStoredCredentialsStream()
|
||||
.collect(Collectors.toList());
|
||||
assertOrder(list, otp2Id.get(), otp1Id.get(), passwordId.get());
|
||||
|
||||
// Remove otp2 down two positions
|
||||
assertTrue(currentSession.userCredentialManager().moveCredentialTo(realm, user, otp2Id.get(), passwordId.get()));
|
||||
assertTrue(user.getUserCredentialManager().moveStoredCredentialTo(otp2Id.get(), passwordId.get()));
|
||||
});
|
||||
|
||||
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
|
||||
|
|
@ -964,12 +968,12 @@ public class UserStorageTest extends AbstractAuthTest {
|
|||
UserModel user = currentSession.users().getUserByUsername(realm, "thor");
|
||||
|
||||
// Assert priorities: otp2, otp1, password
|
||||
List<CredentialModel> list = currentSession.userCredentialManager().getStoredCredentialsStream(realm, user)
|
||||
List<CredentialModel> list = user.getUserCredentialManager().getStoredCredentialsStream()
|
||||
.collect(Collectors.toList());
|
||||
assertOrder(list, otp1Id.get(), passwordId.get(), otp2Id.get());
|
||||
|
||||
// Remove password
|
||||
assertTrue(currentSession.userCredentialManager().removeStoredCredential(realm, user, passwordId.get()));
|
||||
assertTrue(user.getUserCredentialManager().removeStoredCredentialById(passwordId.get()));
|
||||
});
|
||||
|
||||
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
|
||||
|
|
@ -977,7 +981,7 @@ public class UserStorageTest extends AbstractAuthTest {
|
|||
UserModel user = currentSession.users().getUserByUsername(realm, "thor");
|
||||
|
||||
// Assert priorities: otp2, password
|
||||
List<CredentialModel> list = currentSession.userCredentialManager().getStoredCredentialsStream(realm, user)
|
||||
List<CredentialModel> list = user.getUserCredentialManager().getStoredCredentialsStream()
|
||||
.collect(Collectors.toList());
|
||||
assertOrder(list, otp1Id.get(), otp2Id.get());
|
||||
});
|
||||
|
|
@ -993,7 +997,7 @@ public class UserStorageTest extends AbstractAuthTest {
|
|||
Assert.assertFalse(StorageId.isLocalStorage(user));
|
||||
|
||||
CredentialModel otp1 = OTPCredentialModel.createFromPolicy(realm, "secret1");
|
||||
session.userCredentialManager().createCredential(realm, user, otp1);
|
||||
user.getUserCredentialManager().createStoredCredential(otp1);
|
||||
});
|
||||
|
||||
UserResource user1 = ApiUtil.findUserByUsernameId(testRealmResource(), "thor");
|
||||
|
|
|
|||
|
|
@ -242,7 +242,7 @@ public class PasswordHashingTest extends AbstractTestRealmKeycloakTest {
|
|||
return testingClient.server("test").fetch(session -> {
|
||||
RealmModel realm = session.getContext().getRealm();
|
||||
UserModel user = session.users().getUserByUsername(realm, username);
|
||||
return session.userCredentialManager().getStoredCredentialsByTypeStream(realm, user, CredentialRepresentation.PASSWORD)
|
||||
return user.getUserCredentialManager().getStoredCredentialsByTypeStream(CredentialRepresentation.PASSWORD)
|
||||
.findFirst().orElse(null);
|
||||
}, CredentialModel.class);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -120,7 +120,7 @@ public class RecoveryAuthnCodesAuthenticatorTest extends AbstractTestRealmKeyclo
|
|||
generatedRecoveryAuthnCodes,
|
||||
System.currentTimeMillis(),
|
||||
null);
|
||||
session.userCredentialManager().createCredential(realm, user, recoveryAuthnCodesCred);
|
||||
user.getUserCredentialManager().createStoredCredential(recoveryAuthnCodesCred);
|
||||
});
|
||||
passwordPage.clickTryAnotherWayLink();
|
||||
selectAuthenticatorPage.assertCurrent();
|
||||
|
|
@ -194,7 +194,7 @@ public class RecoveryAuthnCodesAuthenticatorTest extends AbstractTestRealmKeyclo
|
|||
generatedRecoveryAuthnCodes,
|
||||
System.currentTimeMillis(),
|
||||
null);
|
||||
session.userCredentialManager().createCredential(realm, user, recoveryAuthnCodesCred);
|
||||
user.getUserCredentialManager().createStoredCredential(recoveryAuthnCodesCred);
|
||||
});
|
||||
passwordPage.clickTryAnotherWayLink();
|
||||
selectAuthenticatorPage.assertCurrent();
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ public class CredentialModelTest extends AbstractTestRealmKeycloakTest {
|
|||
RealmModel realm = currentSession.realms().getRealmByName("test");
|
||||
|
||||
UserModel user = currentSession.users().getUserByUsername(realm, "test-user@localhost");
|
||||
List<CredentialModel> list = currentSession.userCredentialManager().getStoredCredentialsStream(realm, user)
|
||||
List<CredentialModel> list = user.getUserCredentialManager().getStoredCredentialsStream()
|
||||
.collect(Collectors.toList());
|
||||
Assert.assertEquals(1, list.size());
|
||||
passwordId.set(list.get(0).getId());
|
||||
|
|
@ -50,8 +50,8 @@ public class CredentialModelTest extends AbstractTestRealmKeycloakTest {
|
|||
// Create 2 OTP credentials (password was already created)
|
||||
CredentialModel otp1 = OTPCredentialModel.createFromPolicy(realm, "secret1");
|
||||
CredentialModel otp2 = OTPCredentialModel.createFromPolicy(realm, "secret2");
|
||||
otp1 = currentSession.userCredentialManager().createCredential(realm, user, otp1);
|
||||
otp2 = currentSession.userCredentialManager().createCredential(realm, user, otp2);
|
||||
otp1 = user.getUserCredentialManager().createStoredCredential(otp1);
|
||||
otp2 = user.getUserCredentialManager().createStoredCredential(otp2);
|
||||
otp1Id.set(otp1.getId());
|
||||
otp2Id.set(otp2.getId());
|
||||
});
|
||||
|
|
@ -62,18 +62,18 @@ public class CredentialModelTest extends AbstractTestRealmKeycloakTest {
|
|||
UserModel user = currentSession.users().getUserByUsername(realm, "test-user@localhost");
|
||||
|
||||
// Assert priorities: password, otp1, otp2
|
||||
List<CredentialModel> list = currentSession.userCredentialManager().getStoredCredentialsStream(realm, user)
|
||||
List<CredentialModel> list = user.getUserCredentialManager().getStoredCredentialsStream()
|
||||
.collect(Collectors.toList());
|
||||
assertOrder(list, passwordId.get(), otp1Id.get(), otp2Id.get());
|
||||
|
||||
// Assert can't move password when newPreviousCredential not found
|
||||
Assert.assertFalse(currentSession.userCredentialManager().moveCredentialTo(realm, user, passwordId.get(), "not-known"));
|
||||
Assert.assertFalse(user.getUserCredentialManager().moveStoredCredentialTo(passwordId.get(), "not-known"));
|
||||
|
||||
// Assert can't move credential when not found
|
||||
Assert.assertFalse(currentSession.userCredentialManager().moveCredentialTo(realm, user, "not-known", otp2Id.get()));
|
||||
Assert.assertFalse(user.getUserCredentialManager().moveStoredCredentialTo("not-known", otp2Id.get()));
|
||||
|
||||
// Move otp2 up 1 position
|
||||
Assert.assertTrue(currentSession.userCredentialManager().moveCredentialTo(realm, user, otp2Id.get(), passwordId.get()));
|
||||
Assert.assertTrue(user.getUserCredentialManager().moveStoredCredentialTo(otp2Id.get(), passwordId.get()));
|
||||
});
|
||||
|
||||
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
|
||||
|
|
@ -81,12 +81,12 @@ public class CredentialModelTest extends AbstractTestRealmKeycloakTest {
|
|||
UserModel user = currentSession.users().getUserByUsername(realm, "test-user@localhost");
|
||||
|
||||
// Assert priorities: password, otp2, otp1
|
||||
List<CredentialModel> list = currentSession.userCredentialManager().getStoredCredentialsStream(realm, user)
|
||||
List<CredentialModel> list = user.getUserCredentialManager().getStoredCredentialsStream()
|
||||
.collect(Collectors.toList());
|
||||
assertOrder(list, passwordId.get(), otp2Id.get(), otp1Id.get());
|
||||
|
||||
// Move otp2 to the top
|
||||
Assert.assertTrue(currentSession.userCredentialManager().moveCredentialTo(realm, user, otp2Id.get(), null));
|
||||
Assert.assertTrue(user.getUserCredentialManager().moveStoredCredentialTo(otp2Id.get(), null));
|
||||
});
|
||||
|
||||
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
|
||||
|
|
@ -94,12 +94,12 @@ public class CredentialModelTest extends AbstractTestRealmKeycloakTest {
|
|||
UserModel user = currentSession.users().getUserByUsername(realm, "test-user@localhost");
|
||||
|
||||
// Assert priorities: otp2, password, otp1
|
||||
List<CredentialModel> list = currentSession.userCredentialManager().getStoredCredentialsStream(realm, user)
|
||||
List<CredentialModel> list = user.getUserCredentialManager().getStoredCredentialsStream()
|
||||
.collect(Collectors.toList());
|
||||
assertOrder(list, otp2Id.get(), passwordId.get(), otp1Id.get());
|
||||
|
||||
// Move password down
|
||||
Assert.assertTrue(currentSession.userCredentialManager().moveCredentialTo(realm, user, passwordId.get(), otp1Id.get()));
|
||||
Assert.assertTrue(user.getUserCredentialManager().moveStoredCredentialTo(passwordId.get(), otp1Id.get()));
|
||||
});
|
||||
|
||||
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
|
||||
|
|
@ -107,12 +107,12 @@ public class CredentialModelTest extends AbstractTestRealmKeycloakTest {
|
|||
UserModel user = currentSession.users().getUserByUsername(realm, "test-user@localhost");
|
||||
|
||||
// Assert priorities: otp2, otp1, password
|
||||
List<CredentialModel> list = currentSession.userCredentialManager().getStoredCredentialsStream(realm, user)
|
||||
List<CredentialModel> list = user.getUserCredentialManager().getStoredCredentialsStream()
|
||||
.collect(Collectors.toList());
|
||||
assertOrder(list, otp2Id.get(), otp1Id.get(), passwordId.get());
|
||||
|
||||
// Remove otp2 down two positions
|
||||
Assert.assertTrue(currentSession.userCredentialManager().moveCredentialTo(realm, user, otp2Id.get(), passwordId.get()));
|
||||
Assert.assertTrue(user.getUserCredentialManager().moveStoredCredentialTo(otp2Id.get(), passwordId.get()));
|
||||
});
|
||||
|
||||
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
|
||||
|
|
@ -120,12 +120,12 @@ public class CredentialModelTest extends AbstractTestRealmKeycloakTest {
|
|||
UserModel user = currentSession.users().getUserByUsername(realm, "test-user@localhost");
|
||||
|
||||
// Assert priorities: otp2, otp1, password
|
||||
List<CredentialModel> list = currentSession.userCredentialManager().getStoredCredentialsStream(realm, user)
|
||||
List<CredentialModel> list = user.getUserCredentialManager().getStoredCredentialsStream()
|
||||
.collect(Collectors.toList());
|
||||
assertOrder(list, otp1Id.get(), passwordId.get(), otp2Id.get());
|
||||
|
||||
// Remove password
|
||||
Assert.assertTrue(currentSession.userCredentialManager().removeStoredCredential(realm, user, passwordId.get()));
|
||||
Assert.assertTrue(user.getUserCredentialManager().removeStoredCredentialById(passwordId.get()));
|
||||
});
|
||||
|
||||
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
|
||||
|
|
@ -133,7 +133,7 @@ public class CredentialModelTest extends AbstractTestRealmKeycloakTest {
|
|||
UserModel user = currentSession.users().getUserByUsername(realm, "test-user@localhost");
|
||||
|
||||
// Assert priorities: otp2, password
|
||||
List<CredentialModel> list = currentSession.userCredentialManager().getStoredCredentialsStream(realm, user)
|
||||
List<CredentialModel> list = user.getUserCredentialManager().getStoredCredentialsStream()
|
||||
.collect(Collectors.toList());
|
||||
assertOrder(list, otp1Id.get(), otp2Id.get());
|
||||
});
|
||||
|
|
|
|||
|
|
@ -88,13 +88,13 @@ public class MultipleRealmsTest extends AbstractTestRealmKeycloakTest {
|
|||
Assert.assertNotEquals(r1user1.getId(), r2user1.getId());
|
||||
|
||||
// Test password
|
||||
currentSession.userCredentialManager().updateCredential(realm1, r1user1, UserCredentialModel.password("pass1"));
|
||||
currentSession.userCredentialManager().updateCredential(realm2, r2user1, UserCredentialModel.password("pass2"));
|
||||
r1user1.getUserCredentialManager().updateCredential(UserCredentialModel.password("pass1"));
|
||||
r2user1.getUserCredentialManager().updateCredential(UserCredentialModel.password("pass2"));
|
||||
|
||||
Assert.assertTrue(currentSession.userCredentialManager().isValid(realm1, r1user1, UserCredentialModel.password("pass1")));
|
||||
Assert.assertFalse(currentSession.userCredentialManager().isValid(realm1, r1user1, UserCredentialModel.password("pass2")));
|
||||
Assert.assertFalse(currentSession.userCredentialManager().isValid(realm2, r2user1, UserCredentialModel.password("pass1")));
|
||||
Assert.assertTrue(currentSession.userCredentialManager().isValid(realm2, r2user1, UserCredentialModel.password("pass2")));
|
||||
Assert.assertTrue(r1user1.getUserCredentialManager().isValid(UserCredentialModel.password("pass1")));
|
||||
Assert.assertFalse(r1user1.getUserCredentialManager().isValid(UserCredentialModel.password("pass2")));
|
||||
Assert.assertFalse(r2user1.getUserCredentialManager().isValid(UserCredentialModel.password("pass1")));
|
||||
Assert.assertTrue(r2user1.getUserCredentialManager().isValid(UserCredentialModel.password("pass2")));
|
||||
|
||||
// Test searching
|
||||
Assert.assertEquals(2, currentSession.users().searchForUserStream(realm1, "user").count());
|
||||
|
|
|
|||
|
|
@ -224,13 +224,13 @@ public class ClientTokenExchangeSAML2Test extends AbstractKeycloakTest {
|
|||
|
||||
UserModel user = session.users().addUser(realm, "user");
|
||||
user.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, user, UserCredentialModel.password("password"));
|
||||
user.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
user.grantRole(exampleRole);
|
||||
user.grantRole(impersonateRole);
|
||||
|
||||
UserModel bad = session.users().addUser(realm, "bad-impersonator");
|
||||
bad.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, bad, UserCredentialModel.password("password"));
|
||||
bad.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -704,7 +704,7 @@ public class ClientTokenExchangeSAML2Test extends AbstractKeycloakTest {
|
|||
|
||||
UserModel impersonatedUser = session.users().addUser(realm, "impersonated-user");
|
||||
impersonatedUser.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, impersonatedUser, UserCredentialModel.password("password"));
|
||||
impersonatedUser.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
impersonatedUser.grantRole(exampleRole);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -237,13 +237,13 @@ public class ClientTokenExchangeTest extends AbstractKeycloakTest {
|
|||
|
||||
UserModel user = session.users().addUser(realm, "user");
|
||||
user.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, user, UserCredentialModel.password("password"));
|
||||
user.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
user.grantRole(exampleRole);
|
||||
user.grantRole(impersonateRole);
|
||||
|
||||
UserModel bad = session.users().addUser(realm, "bad-impersonator");
|
||||
bad.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, bad, UserCredentialModel.password("password"));
|
||||
bad.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
}
|
||||
|
||||
public static void setUpUserImpersonatePermissions(KeycloakSession session) {
|
||||
|
|
@ -863,7 +863,7 @@ public class ClientTokenExchangeTest extends AbstractKeycloakTest {
|
|||
|
||||
UserModel impersonatedUser = session.users().addUser(realm, "impersonated-user");
|
||||
impersonatedUser.setEnabled(true);
|
||||
session.userCredentialManager().updateCredential(realm, impersonatedUser, UserCredentialModel.password("password"));
|
||||
impersonatedUser.getUserCredentialManager().updateCredential(UserCredentialModel.password("password"));
|
||||
impersonatedUser.grantRole(exampleRole);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -77,7 +77,7 @@ public class UserCommands {
|
|||
user.setEnabled(true);
|
||||
user.setEmail(username + "@keycloak.org");
|
||||
UserCredentialModel passwordCred = UserCredentialModel.password(password);
|
||||
session.userCredentialManager().updateCredential(realm, user, passwordCred);
|
||||
user.getUserCredentialManager().updateCredential(passwordCred);
|
||||
|
||||
for (RoleModel role : roles) {
|
||||
user.grantRole(role);
|
||||
|
|
|
|||
Loading…
Reference in a new issue