Merge pull request #1567 from patriot1burke/master

refactor recover password
This commit is contained in:
Bill Burke 2015-08-31 10:53:29 -04:00
commit 7492ae2990
22 changed files with 121 additions and 86 deletions

View file

@ -68,7 +68,8 @@ public enum EventType {
IDENTITY_PROVIDER_ACCCOUNT_LINKING_ERROR(false), IDENTITY_PROVIDER_ACCCOUNT_LINKING_ERROR(false),
IMPERSONATE(true), IMPERSONATE(true),
CUSTOM_REQUIRED_ACTION(true), CUSTOM_REQUIRED_ACTION(true),
CUSTOM_REQUIRED_ACTION_ERROR(true); CUSTOM_REQUIRED_ACTION_ERROR(true),
EXECUTE_ACTIONS(true);
private boolean saveByDefault; private boolean saveByDefault;

View file

@ -304,7 +304,7 @@ module.controller('UserTabCtrl', function($scope, $location, Dialog, Notificatio
}; };
}); });
module.controller('UserDetailCtrl', function($scope, realm, user, BruteForceUser, User, UserFederationInstances, UserImpersonation, RequiredActions, $location, Dialog, Notifications) { module.controller('UserDetailCtrl', function($scope, realm, user, BruteForceUser, User, UserExecuteActionsEmail, UserFederationInstances, UserImpersonation, RequiredActions, $location, Dialog, Notifications) {
$scope.realm = realm; $scope.realm = realm;
$scope.create = !user.id; $scope.create = !user.id;
$scope.editUsername = $scope.create || $scope.realm.editUsernameAllowed; $scope.editUsername = $scope.create || $scope.realm.editUsernameAllowed;
@ -389,6 +389,21 @@ module.controller('UserDetailCtrl', function($scope, realm, user, BruteForceUser
} }
}, true); }, true);
$scope.sendExecuteActionsEmail = function() {
if ($scope.changed) {
Dialog.message("Cannot send email", "You must save your current changes before you can send an email");
return;
}
Dialog.confirm('Send Email', 'Are you sure you want to send email to user?', function() {
UserExecuteActionsEmail.update({ realm: realm.realm, userId: user.id }, { }, function() {
Notifications.success("Email sent to user");
}, function() {
Notifications.error("Failed to send email to user");
});
});
};
$scope.save = function() { $scope.save = function() {
convertAttributeValuesToLists(); convertAttributeValuesToLists();
@ -513,15 +528,6 @@ module.controller('UserCredentialsCtrl', function($scope, realm, user, User, Use
}); });
}; };
$scope.resetPasswordEmail = function() {
Dialog.confirm('Reset password email', 'Are you sure you want to send password reset email to user?', function() {
UserCredentials.resetPasswordEmail({ realm: realm.realm, userId: user.id }, { }, function() {
Notifications.success("Password reset email sent to user");
}, function() {
Notifications.error("Failed to send password reset mail to user");
});
});
};
$scope.$watch('user', function() { $scope.$watch('user', function() {
if (!angular.equals($scope.user, user)) { if (!angular.equals($scope.user, user)) {

View file

@ -5,7 +5,7 @@ var module = angular.module('keycloak.services', [ 'ngResource', 'ngRoute' ]);
module.service('Dialog', function($modal) { module.service('Dialog', function($modal) {
var dialog = {}; var dialog = {};
var openDialog = function(title, message, btns) { var openDialog = function(title, message, btns, template) {
var controller = function($scope, $modalInstance, title, message, btns) { var controller = function($scope, $modalInstance, title, message, btns) {
$scope.title = title; $scope.title = title;
$scope.message = message; $scope.message = message;
@ -20,7 +20,7 @@ module.service('Dialog', function($modal) {
}; };
return $modal.open({ return $modal.open({
templateUrl: resourceUrl + '/templates/kc-modal.html', templateUrl: resourceUrl + template,
controller: controller, controller: controller,
resolve: { resolve: {
title: function() { title: function() {
@ -56,7 +56,7 @@ module.service('Dialog', function($modal) {
} }
} }
openDialog(title, msg, btns).then(success); openDialog(title, msg, btns, '/templates/kc-modal.html').then(success);
} }
dialog.confirmGenerateKeys = function(name, type, success) { dialog.confirmGenerateKeys = function(name, type, success) {
@ -73,7 +73,7 @@ module.service('Dialog', function($modal) {
} }
} }
openDialog(title, msg, btns).then(success); openDialog(title, msg, btns, '/templates/kc-modal.html').then(success);
} }
dialog.confirm = function(title, message, success, cancel) { dialog.confirm = function(title, message, success, cancel) {
@ -88,10 +88,21 @@ module.service('Dialog', function($modal) {
} }
} }
openDialog(title, message, btns).then(success, cancel); openDialog(title, message, btns, '/templates/kc-modal.html').then(success, cancel);
} }
return dialog dialog.message = function(title, message, success, cancel) {
var btns = {
ok: {
label: "Ok",
cssClass: 'btn btn-default'
}
}
openDialog(title, message, btns, '/templates/kc-modal-message.html').then(success, cancel);
}
return dialog
}); });
module.service('CopyDialog', function($modal) { module.service('CopyDialog', function($modal) {
@ -427,16 +438,18 @@ module.factory('UserCredentials', function($resource) {
} }
}).update; }).update;
credentials.resetPasswordEmail = $resource(authUrl + '/admin/realms/:realm/users/:userId/reset-password-email', { return credentials;
});
module.factory('UserExecuteActionsEmail', function($resource) {
return $resource(authUrl + '/admin/realms/:realm/users/:userId/execute-actions-email', {
realm : '@realm', realm : '@realm',
userId : '@userId' userId : '@userId'
}, { }, {
update : { update : {
method : 'PUT' method : 'PUT'
} }
}).update; });
return credentials;
}); });
module.factory('RealmRoleMapping', function($resource) { module.factory('RealmRoleMapping', function($resource) {

View file

@ -37,14 +37,7 @@
</div> </div>
</fieldset> </fieldset>
<fieldset class="border-top" data-ng-show="user.email || user.totp"> <fieldset class="border-top" data-ng-show="user.totp">
<div class="form-group" data-ng-show="user.email">
<label class="col-md-2 control-label" for="password">Reset password email</label>
<div class="col-sm-5">
<button class="btn btn-danger" type="submit" data-ng-click="resetPasswordEmail()" tooltip="Send an email to user with a link to reset their password" tooltip-placement="right">Send Email</button>
</div>
</div>
<div class="form-group" data-ng-show="user.totp"> <div class="form-group" data-ng-show="user.totp">
<label class="col-md-2 control-label">Remove totp</label> <label class="col-md-2 control-label">Remove totp</label>
<div class="col-sm-5" data-ng-show="user.totp"> <div class="col-sm-5" data-ng-show="user.totp">

View file

@ -99,6 +99,15 @@
</div> </div>
<kc-tooltip>Require an action when the user logs in. 'Verify email' sends an email to the user to verify their email address. 'Update profile' requires user to enter in new personal information. 'Update password' requires user to enter in a new password. 'Configure TOTP' requires setup of a mobile password generator.</kc-tooltip> <kc-tooltip>Require an action when the user logs in. 'Verify email' sends an email to the user to verify their email address. 'Update profile' requires user to enter in new personal information. 'Update password' requires user to enter in a new password. 'Configure TOTP' requires setup of a mobile password generator.</kc-tooltip>
</div> </div>
<div class="form-group clearfix" data-ng-show="!create && user.email">
<label class="col-md-2 control-label" for="reqActionsEmail">Required Actions Email</label>
<div class="col-md-6">
<button id="reqActionsEmail" class="btn btn-default" data-ng-click="sendExecuteActionsEmail()">Send Email</button>
</div>
<kc-tooltip>Sends an email to user with an embedded link. Clicking on link will allow the user to execute all their required actions. They will not have to login prior to this. For example, set the required action to update password, click this button, and the user will be able to change their password without logging in.</kc-tooltip>
</div>
<div class="form-group clearfix" data-ng-if="realm.internationalizationEnabled"> <div class="form-group clearfix" data-ng-if="realm.internationalizationEnabled">
<label class="col-md-2 control-label" for="locale">Locale</label> <label class="col-md-2 control-label" for="locale">Locale</label>
<div class="col-md-6"> <div class="col-md-6">
@ -113,10 +122,10 @@
</div> </div>
<div class="form-group clearfix"> <div class="form-group clearfix">
<label class="col-md-2 control-label" for="reqActions">Impersonate user</label> <label class="col-md-2 control-label" for="impersonate">Impersonate user</label>
<div class="col-md-6"> <div class="col-md-6">
<button data-ng-show="access.impersonation" class="btn btn-default" data-ng-click="impersonate()">Impersonate</button> <button id="impersonate" data-ng-show="access.impersonation" class="btn btn-default" data-ng-click="impersonate()">Impersonate</button>
</div> </div>
<kc-tooltip>Login as this user. If user is in same realm as you, your current login session will be logged out before you are logged in as this user.</kc-tooltip> <kc-tooltip>Login as this user. If user is in same realm as you, your current login session will be logged out before you are logged in as this user.</kc-tooltip>
</div> </div>

View file

@ -0,0 +1,10 @@
<div class="modal-header">
<button type="button" class="close" ng-click="cancel()">
<span class="pficon pficon-close"></span>
</button>
<h4 class="modal-title">{{title}}</h4>
</div>
<div class="modal-body">{{message}}</div>
<div class="modal-footer">
<button type="button" data-ng-class="btns.ok.cssClass" ng-click="ok()">{{btns.ok.label}}</button>
</div>

View file

@ -1,5 +0,0 @@
<html>
<body>
${msg("changePasswordBodyHtml",link, linkExpiration, realmName)}
</body>
</html>

View file

@ -0,0 +1,5 @@
<html>
<body>
${msg("executeActionsBodyHtml",link, linkExpiration, realmName)}
</body>
</html>

View file

@ -1,10 +1,10 @@
emailVerificationSubject=E-Mail verifizieren emailVerificationSubject=E-Mail verifizieren
passwordResetSubject=Passwort zur\u00FCckzusetzen passwordResetSubject=Passwort zur\u00FCckzusetzen
passwordResetBody=Someone just requested to change your {2} account''s password. If this was you, click on the link below to set a new password.\n\n{0}\n\nThis link and code will expire within {1} minutes.\n\nIf you don''t want to reset your password, just ignore this message and nothing will be changed. passwordResetBody=Someone just requested to change your {2} account''s credentials. If this was you, click on the link below to reset them.\n\n{0}\n\nThis link and code will expire within {1} minutes.\n\nIf you don''t want to reset your credentials, just ignore this message and nothing will be changed.
passwordResetBodyHtml=<p>Someone just requested to change your {2} account''s password. If this was you, click on the link below to set a new password.</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you don''t want to reset your password, just ignore this message and nothing will be changed.</p> passwordResetBodyHtml=<p>Someone just requested to change your {2} account''s credentials. If this was you, click on the link below to reset them.</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you don''t want to reset your credentials, just ignore this message and nothing will be changed.</p>
changePasswordSubject=Change password executeActionsSubject=Update Your Account
changePasswordBody=Your adminstrator has just requested that you change your {2} account''s password. Click on the link below to set a new password\n\n{0}\n\nThis link will expire within {1} minutes.\n\nIf you don''t want to reset your password, just ignore this message and nothing will be changed. executeActionsBody=Your adminstrator has just requested that you update your {2} account. Click on the link below to start this process.\n\n{0}\n\nThis link will expire within {1} minutes.\n\nIf you are unaware that your admin has requested this, just ignore this message and nothing will be changed.
changePasswordBodyHtml=<p>Your adminstrator has just requested that you change your {2} account''s password. Click on the link below to set a new password</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you don''t want to reset your password, just ignore this message and nothing will be changed.</p> executeActionsBodyHtml=<p>Your adminstrator has just requested that you update your {2} account. Click on the link below to start this process.</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you are unaware that your admin has requested this, just ignore this message and nothing will be changed.</p>
emailVerificationBody=Jemand hat ein {2} Konto mit dieser E-Mail Adresse erstellt. Fall das Sie waren, dann klicken Sie auf den Link um die E-Mail Adresse zu verifizieren.\n\n{0}\n\nDieser Link wird in {1} Minuten ablaufen.\n\nFalls Sie dieses Konto nicht erstellt haben, dann k\u00F6nnen sie diese Nachricht ignorieren. emailVerificationBody=Jemand hat ein {2} Konto mit dieser E-Mail Adresse erstellt. Fall das Sie waren, dann klicken Sie auf den Link um die E-Mail Adresse zu verifizieren.\n\n{0}\n\nDieser Link wird in {1} Minuten ablaufen.\n\nFalls Sie dieses Konto nicht erstellt haben, dann k\u00F6nnen sie diese Nachricht ignorieren.
emailVerificationBodyHtml=<p>Jemand hat ein {2} Konto mit dieser E-Mail Adresse erstellt. Fall das Sie waren, dann klicken Sie auf den Link um die E-Mail Adresse zu verifizieren.</p><p><a href="{0}">{0}</a></p><p>Dieser Link wird in {1} Minuten ablaufen.</p><p>Falls Sie dieses Konto nicht erstellt haben, dann k\u00F6nnen sie diese Nachricht ignorieren.</p> emailVerificationBodyHtml=<p>Jemand hat ein {2} Konto mit dieser E-Mail Adresse erstellt. Fall das Sie waren, dann klicken Sie auf den Link um die E-Mail Adresse zu verifizieren.</p><p><a href="{0}">{0}</a></p><p>Dieser Link wird in {1} Minuten ablaufen.</p><p>Falls Sie dieses Konto nicht erstellt haben, dann k\u00F6nnen sie diese Nachricht ignorieren.</p>
eventLoginErrorSubject=Fehlgeschlagene Anmeldung eventLoginErrorSubject=Fehlgeschlagene Anmeldung

View file

@ -2,11 +2,11 @@ emailVerificationSubject=Verify email
emailVerificationBody=Someone has created a {2} account with this email address. If this was you, click the link below to verify your email address\n\n{0}\n\nThis link will expire within {1} minutes.\n\nIf you didn''t create this account, just ignore this message. emailVerificationBody=Someone has created a {2} account with this email address. If this was you, click the link below to verify your email address\n\n{0}\n\nThis link will expire within {1} minutes.\n\nIf you didn''t create this account, just ignore this message.
emailVerificationBodyHtml=<p>Someone has created a {2} account with this email address. If this was you, click the link below to verify your email address</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you didn''t create this account, just ignore this message.</p> emailVerificationBodyHtml=<p>Someone has created a {2} account with this email address. If this was you, click the link below to verify your email address</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you didn''t create this account, just ignore this message.</p>
passwordResetSubject=Reset password passwordResetSubject=Reset password
passwordResetBody=Someone just requested to change your {2} account''s password. If this was you, click on the link below to set a new password.\n\n{0}\n\nThis link and code will expire within {1} minutes.\n\nIf you don''t want to reset your password, just ignore this message and nothing will be changed. passwordResetBody=Someone just requested to change your {2} account''s credentials. If this was you, click on the link below to reset them.\n\n{0}\n\nThis link and code will expire within {1} minutes.\n\nIf you don''t want to reset your credentials, just ignore this message and nothing will be changed.
passwordResetBodyHtml=<p>Someone just requested to change your {2} account''s password. If this was you, click on the link below to set a new password.</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you don''t want to reset your password, just ignore this message and nothing will be changed.</p> passwordResetBodyHtml=<p>Someone just requested to change your {2} account''s credentials. If this was you, click on the link below to reset them.</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you don''t want to reset your credentials, just ignore this message and nothing will be changed.</p>
changePasswordSubject=Change password executeActionsSubject=Update Your Account
changePasswordBody=Your adminstrator has just requested that you change your {2} account''s password. Click on the link below to set a new password\n\n{0}\n\nThis link will expire within {1} minutes.\n\nIf you don''t want to reset your password, just ignore this message and nothing will be changed. executeActionsBody=Your adminstrator has just requested that you update your {2} account. Click on the link below to start this process.\n\n{0}\n\nThis link will expire within {1} minutes.\n\nIf you are unaware that your admin has requested this, just ignore this message and nothing will be changed.
changePasswordBodyHtml=<p>Your adminstrator has just requested that you change your {2} account''s password. Click on the link below to set a new password</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you don''t want to reset your password, just ignore this message and nothing will be changed.</p> executeActionsBodyHtml=<p>Your adminstrator has just requested that you update your {2} account. Click on the link below to start this process.</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you are unaware that your admin has requested this, just ignore this message and nothing will be changed.</p>
eventLoginErrorSubject=Login error eventLoginErrorSubject=Login error
eventLoginErrorBody=A failed login attempt was detected to your account on {0} from {1}. If this was not you, please contact an admin. eventLoginErrorBody=A failed login attempt was detected to your account on {0} from {1}. If this was not you, please contact an admin.
eventLoginErrorBodyHtml=<p>A failed login attempt was detected to your account on {0} from {1}. If this was not you, please contact an admin.</p> eventLoginErrorBodyHtml=<p>A failed login attempt was detected to your account on {0} from {1}. If this was not you, please contact an admin.</p>

View file

@ -2,11 +2,11 @@ emailVerificationSubject=Verifica\u00E7\u00E3o de e-mail
emailVerificationBody=Algu\u00E9m criou uma conta {2} com este endere\u00E7o de e-mail. Se foi voc\u00EA, clique no link abaixo para verificar o seu endere\u00E7o de email\n\n{0}\n\nEste link ir\u00E1 expirar dentro de {1} minutos.\n\nSe n\u00E3o foi voc\u00EA que criou esta conta, basta ignorar esta mensagem. emailVerificationBody=Algu\u00E9m criou uma conta {2} com este endere\u00E7o de e-mail. Se foi voc\u00EA, clique no link abaixo para verificar o seu endere\u00E7o de email\n\n{0}\n\nEste link ir\u00E1 expirar dentro de {1} minutos.\n\nSe n\u00E3o foi voc\u00EA que criou esta conta, basta ignorar esta mensagem.
emailVerificationBodyHtml=<p>Algu\u00E9m criou uma conta {2} com este endere\u00E7o de e-mail. Se foi voc\u00EA, clique no link abaixo para verificar o seu endere\u00E7o de email</p><p><a href="{0}">{0}</a></p><p>Este link ir\u00E1 expirar dentro de {1} minutos.</p><p>Se n\u00E3o foi voc\u00EA que criou esta conta, basta ignorar esta mensagem.</p> emailVerificationBodyHtml=<p>Algu\u00E9m criou uma conta {2} com este endere\u00E7o de e-mail. Se foi voc\u00EA, clique no link abaixo para verificar o seu endere\u00E7o de email</p><p><a href="{0}">{0}</a></p><p>Este link ir\u00E1 expirar dentro de {1} minutos.</p><p>Se n\u00E3o foi voc\u00EA que criou esta conta, basta ignorar esta mensagem.</p>
passwordResetSubject=Redefini\u00E7\u00E3o de senha passwordResetSubject=Redefini\u00E7\u00E3o de senha
passwordResetBody=Someone just requested to change your {2} account''s password. If this was you, click on the link below to set a new password.\n\n{0}\n\nThis link and code will expire within {1} minutes.\n\nIf you don''t want to reset your password, just ignore this message and nothing will be changed. passwordResetBody=Someone just requested to change your {2} account''s credentials. If this was you, click on the link below to reset them.\n\n{0}\n\nThis link and code will expire within {1} minutes.\n\nIf you don''t want to reset your credentials, just ignore this message and nothing will be changed.
passwordResetBodyHtml=<p>Someone just requested to change your {2} account''s password. If this was you, click on the link below to set a new password.</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you don''t want to reset your password, just ignore this message and nothing will be changed.</p> passwordResetBodyHtml=<p>Someone just requested to change your {2} account''s credentials. If this was you, click on the link below to reset them.</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you don''t want to reset your credentials, just ignore this message and nothing will be changed.</p>
changePasswordSubject=Change password executeActionsSubject=Update Your Account
changePasswordBody=Your adminstrator has just requested that you change your {2} account''s password. Click on the link below to set a new password\n\n{0}\n\nThis link will expire within {1} minutes.\n\nIf you don''t want to reset your password, just ignore this message and nothing will be changed. executeActionsBody=Your adminstrator has just requested that you update your {2} account. Click on the link below to start this process.\n\n{0}\n\nThis link will expire within {1} minutes.\n\nIf you are unaware that your admin has requested this, just ignore this message and nothing will be changed.
changePasswordBodyHtml=<p>Your adminstrator has just requested that you change your {2} account''s password. Click on the link below to set a new password</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you don''t want to reset your password, just ignore this message and nothing will be changed.</p> executeActionsBodyHtml=<p>Your adminstrator has just requested that you update your {2} account. Click on the link below to start this process.</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you are unaware that your admin has requested this, just ignore this message and nothing will be changed.</p>
eventLoginErrorSubject=Erro de login eventLoginErrorSubject=Erro de login
eventLoginErrorBody=Uma tentativa de login mal sucedida para a sua conta foi detectada em {0} de {1}. Se n\u00E3o foi voc\u00EA, por favor, entre em contato com um administrador. eventLoginErrorBody=Uma tentativa de login mal sucedida para a sua conta foi detectada em {0} de {1}. Se n\u00E3o foi voc\u00EA, por favor, entre em contato com um administrador.
eventLoginErrorBodyHtml=<p>Uma tentativa de login mal sucedida para a sua conta foi detectada em {0} de {1}. Se n\u00E3o foi voc\u00EA, por favor, entre em contato com um administrador.</p> eventLoginErrorBodyHtml=<p>Uma tentativa de login mal sucedida para a sua conta foi detectada em {0} de {1}. Se n\u00E3o foi voc\u00EA, por favor, entre em contato com um administrador.</p>

View file

@ -1 +0,0 @@
${msg("changePasswordBody",link, linkExpiration, realmName)}

View file

@ -0,0 +1 @@
${msg("executeActionsBody",link, linkExpiration, realmName)}

View file

@ -19,7 +19,6 @@ public interface EmailProvider extends Provider {
/** /**
* Reset password sent from forgot password link on login * Reset password sent from forgot password link on login
* *
* @param code
* @param link * @param link
* @param expirationInMinutes * @param expirationInMinutes
* @throws EmailException * @throws EmailException
@ -33,7 +32,7 @@ public interface EmailProvider extends Provider {
* @param expirationInMinutes * @param expirationInMinutes
* @throws EmailException * @throws EmailException
*/ */
public void sendChangePassword(String link, long expirationInMinutes) throws EmailException; public void sendExecuteActions(String link, long expirationInMinutes) throws EmailException;
public void sendVerifyEmail(String link, long expirationInMinutes) throws EmailException; public void sendVerifyEmail(String link, long expirationInMinutes) throws EmailException;

View file

@ -82,7 +82,7 @@ public class FreeMarkerEmailProvider implements EmailProvider {
} }
@Override @Override
public void sendChangePassword(String link, long expirationInMinutes) throws EmailException { public void sendExecuteActions(String link, long expirationInMinutes) throws EmailException {
Map<String, Object> attributes = new HashMap<String, Object>(); Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put("link", link); attributes.put("link", link);
attributes.put("linkExpiration", expirationInMinutes); attributes.put("linkExpiration", expirationInMinutes);
@ -90,7 +90,7 @@ public class FreeMarkerEmailProvider implements EmailProvider {
String realmName = realm.getName().substring(0, 1).toUpperCase() + realm.getName().substring(1); String realmName = realm.getName().substring(0, 1).toUpperCase() + realm.getName().substring(1);
attributes.put("realmName", realmName); attributes.put("realmName", realmName);
send("changePasswordSubject", "changePassword.ftl", attributes); send("executeActionsSubject", "executeActions.ftl", attributes);
} }

View file

@ -47,12 +47,12 @@ public interface UserResource {
public void resetPassword(CredentialRepresentation credentialRepresentation); public void resetPassword(CredentialRepresentation credentialRepresentation);
@PUT @PUT
@Path("reset-password-email") @Path("execute-actions-email")
public void resetPasswordEmail(); public void executeActionsEmail();
@PUT @PUT
@Path("reset-password-email") @Path("execute-actions-email")
public void resetPasswordEmail(@QueryParam("client_id") String clientId); public void executeActionsEmail(@QueryParam("client_id") String clientId);
@PUT @PUT
@Path("send-verify-email") @Path("send-verify-email")

View file

@ -77,11 +77,12 @@ public interface ClientSessionModel {
UPDATE_PROFILE, UPDATE_PROFILE,
CONFIGURE_TOTP, CONFIGURE_TOTP,
UPDATE_PASSWORD, UPDATE_PASSWORD,
RECOVER_PASSWORD, RECOVER_PASSWORD, // deprecated
AUTHENTICATE, AUTHENTICATE,
SOCIAL_CALLBACK, SOCIAL_CALLBACK,
LOGGED_OUT, LOGGED_OUT,
RESET_CREDENTIALS RESET_CREDENTIALS,
EXECUTE_ACTIONS
} }
public enum ExecutionStatus { public enum ExecutionStatus {

View file

@ -8,6 +8,7 @@ import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.events.Details; import org.keycloak.events.Details;
import org.keycloak.events.EventType; import org.keycloak.events.EventType;
import org.keycloak.login.LoginFormsProvider; import org.keycloak.login.LoginFormsProvider;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.UserCredentialModel; import org.keycloak.models.UserCredentialModel;
@ -35,6 +36,13 @@ public class VerifyEmail implements RequiredActionProvider, RequiredActionFactor
} }
@Override @Override
public void requiredActionChallenge(RequiredActionContext context) { public void requiredActionChallenge(RequiredActionContext context) {
// if this is EXECUTE_ACTIONS we know that the email sent is valid so we can verify it automatically
if (context.getClientSession().getNote(ClientSessionModel.Action.EXECUTE_ACTIONS.name()) != null) {
context.getUser().setEmailVerified(true);
context.success();
return;
}
if (Validation.isBlank(context.getUser().getEmail())) { if (Validation.isBlank(context.getUser().getEmail())) {
context.ignore(); context.ignore();
return; return;

View file

@ -156,8 +156,8 @@ public class Urls {
return loginResetCredentialsBuilder(baseUri).build(realmId); return loginResetCredentialsBuilder(baseUri).build(realmId);
} }
public static UriBuilder recoverPasswordBuilder(URI baseUri) { public static UriBuilder executeActionsBuilder(URI baseUri) {
return loginActionsBase(baseUri).path(LoginActionsService.class, "recoverPassword"); return loginActionsBase(baseUri).path(LoginActionsService.class, "executeActions");
} }
public static UriBuilder loginResetCredentialsBuilder(URI baseUri) { public static UriBuilder loginResetCredentialsBuilder(URI baseUri) {

View file

@ -274,18 +274,13 @@ public class LoginActionsService {
@QueryParam("execution") String execution) { @QueryParam("execution") String execution) {
event.event(EventType.LOGIN); event.event(EventType.LOGIN);
Checks checks = new Checks(); Checks checks = new Checks();
if (!checks.verifyCode(code, ClientSessionModel.Action.AUTHENTICATE.name(), ClientSessionModel.Action.RECOVER_PASSWORD.name())) { if (!checks.verifyCode(code, ClientSessionModel.Action.AUTHENTICATE.name())) {
return checks.response; return checks.response;
} }
event.detail(Details.CODE_ID, code); event.detail(Details.CODE_ID, code);
ClientSessionCode clientSessionCode = checks.clientCode; ClientSessionCode clientSessionCode = checks.clientCode;
ClientSessionModel clientSession = clientSessionCode.getClientSession(); ClientSessionModel clientSession = clientSessionCode.getClientSession();
if (clientSession.getAction().equals(ClientSessionModel.Action.RECOVER_PASSWORD.name())) {
TokenManager.dettachClientSession(session.sessions(), realm, clientSession);
clientSession.setAction(ClientSessionModel.Action.AUTHENTICATE.name());
}
return processAuthentication(execution, clientSession, null); return processAuthentication(execution, clientSession, null);
} }
@ -568,20 +563,21 @@ public class LoginActionsService {
* @param key * @param key
* @return * @return
*/ */
@Path("recover-password") @Path("execute-actions")
@GET @GET
public Response recoverPassword(@QueryParam("key") String key) { public Response executeActions(@QueryParam("key") String key) {
event.event(EventType.RESET_PASSWORD); event.event(EventType.EXECUTE_ACTIONS);
if (key != null) { if (key != null) {
Checks checks = new Checks(); Checks checks = new Checks();
if (!checks.verifyCode(key, ClientSessionModel.Action.RECOVER_PASSWORD.name())) { if (!checks.verifyCode(key, ClientSessionModel.Action.EXECUTE_ACTIONS.name())) {
return checks.response; return checks.response;
} }
ClientSessionModel clientSession = checks.clientCode.getClientSession(); ClientSessionModel clientSession = checks.clientCode.getClientSession();
clientSession.setNote("END_AFTER_REQUIRED_ACTIONS", "true"); clientSession.setNote("END_AFTER_REQUIRED_ACTIONS", "true");
clientSession.setNote(ClientSessionModel.Action.EXECUTE_ACTIONS.name(), "true");
return AuthenticationManager.nextActionAfterAuthentication(session, clientSession.getUserSession(), clientSession, clientConnection, request, uriInfo, event); return AuthenticationManager.nextActionAfterAuthentication(session, clientSession.getUserSession(), clientSession, clientConnection, request, uriInfo, event);
} else { } else {
event.error(Errors.RESET_CREDENTIAL_DISABLED); event.error(Errors.INVALID_CODE);
return ErrorPage.error(session, Messages.INVALID_CODE); return ErrorPage.error(session, Messages.INVALID_CODE);
} }
} }

View file

@ -834,10 +834,10 @@ public class UsersResource {
* @param clientId client id * @param clientId client id
* @return * @return
*/ */
@Path("{id}/reset-password-email") @Path("{id}/execute-actions-email")
@PUT @PUT
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
public Response resetPasswordEmail(@PathParam("id") String id, @QueryParam(OIDCLoginProtocol.REDIRECT_URI_PARAM) String redirectUri, @QueryParam(OIDCLoginProtocol.CLIENT_ID_PARAM) String clientId) { public Response executeActionsEmail(@PathParam("id") String id, @QueryParam(OIDCLoginProtocol.REDIRECT_URI_PARAM) String redirectUri, @QueryParam(OIDCLoginProtocol.CLIENT_ID_PARAM) String clientId) {
auth.requireManage(); auth.requireManage();
UserModel user = session.users().getUserById(id, realm); UserModel user = session.users().getUserById(id, realm);
@ -851,17 +851,16 @@ public class UsersResource {
ClientSessionModel clientSession = createClientSession(user, redirectUri, clientId); ClientSessionModel clientSession = createClientSession(user, redirectUri, clientId);
ClientSessionCode accessCode = new ClientSessionCode(realm, clientSession); ClientSessionCode accessCode = new ClientSessionCode(realm, clientSession);
accessCode.setAction(ClientSessionModel.Action.RECOVER_PASSWORD.name()); accessCode.setAction(ClientSessionModel.Action.EXECUTE_ACTIONS.name());
try { try {
user.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD); UriBuilder builder = Urls.executeActionsBuilder(uriInfo.getBaseUri());
UriBuilder builder = Urls.recoverPasswordBuilder(uriInfo.getBaseUri());
builder.queryParam("key", accessCode.getCode()); builder.queryParam("key", accessCode.getCode());
String link = builder.build(realm.getName()).toString(); String link = builder.build(realm.getName()).toString();
long expiration = TimeUnit.SECONDS.toMinutes(realm.getAccessCodeLifespanUserAction()); long expiration = TimeUnit.SECONDS.toMinutes(realm.getAccessCodeLifespanUserAction());
this.session.getProvider(EmailProvider.class).setRealm(realm).setUser(user).sendChangePassword(link, expiration); this.session.getProvider(EmailProvider.class).setRealm(realm).setUser(user).sendExecuteActions(link, expiration);
//audit.user(user).detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID, accessCode.getCodeId()).success(); //audit.user(user).detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID, accessCode.getCodeId()).success();
@ -869,8 +868,8 @@ public class UsersResource {
return Response.ok().build(); return Response.ok().build();
} catch (EmailException e) { } catch (EmailException e) {
logger.error("Failed to send password reset email", e); logger.error("Failed to send execute actions email", e);
return ErrorResponse.error("Failed to send email", Response.Status.INTERNAL_SERVER_ERROR); return ErrorResponse.error("Failed to send execute actions email", Response.Status.INTERNAL_SERVER_ERROR);
} }
} }

View file

@ -361,7 +361,7 @@ public class UserTest extends AbstractClientTest {
UserResource user = realm.users().get(id); UserResource user = realm.users().get(id);
try { try {
user.resetPasswordEmail(); user.executeActionsEmail();
fail("Expected failure"); fail("Expected failure");
} catch (ClientErrorException e) { } catch (ClientErrorException e) {
assertEquals(400, e.getResponse().getStatus()); assertEquals(400, e.getResponse().getStatus());
@ -374,7 +374,7 @@ public class UserTest extends AbstractClientTest {
userRep.setEmail("user1@localhost"); userRep.setEmail("user1@localhost");
userRep.setEnabled(false); userRep.setEnabled(false);
user.update(userRep); user.update(userRep);
user.resetPasswordEmail(); user.executeActionsEmail();
fail("Expected failure"); fail("Expected failure");
} catch (ClientErrorException e) { } catch (ClientErrorException e) {
assertEquals(400, e.getResponse().getStatus()); assertEquals(400, e.getResponse().getStatus());
@ -385,7 +385,7 @@ public class UserTest extends AbstractClientTest {
try { try {
userRep.setEnabled(true); userRep.setEnabled(true);
user.update(userRep); user.update(userRep);
user.resetPasswordEmail("invalidClientId"); user.executeActionsEmail("invalidClientId");
fail("Expected failure"); fail("Expected failure");
} catch (ClientErrorException e) { } catch (ClientErrorException e) {
assertEquals(400, e.getResponse().getStatus()); assertEquals(400, e.getResponse().getStatus());