From 7988f026e05cd285b5ffe5457d08e6fbfb7a3df0 Mon Sep 17 00:00:00 2001 From: Garth <244253+xgp@users.noreply.github.com> Date: Tue, 3 Sep 2024 22:19:40 +0200 Subject: [PATCH] Add a PasswordPoliciesBean to the FreeMarker context. Closes #32553 Signed-off-by: Garth <244253+xgp@users.noreply.github.com> --- .../FreeMarkerLoginFormsProvider.java | 2 + .../model/PasswordPoliciesBean.java | 69 +++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 services/src/main/java/org/keycloak/forms/login/freemarker/model/PasswordPoliciesBean.java diff --git a/services/src/main/java/org/keycloak/forms/login/freemarker/FreeMarkerLoginFormsProvider.java b/services/src/main/java/org/keycloak/forms/login/freemarker/FreeMarkerLoginFormsProvider.java index 3902965cdf..142eb314f6 100755 --- a/services/src/main/java/org/keycloak/forms/login/freemarker/FreeMarkerLoginFormsProvider.java +++ b/services/src/main/java/org/keycloak/forms/login/freemarker/FreeMarkerLoginFormsProvider.java @@ -48,6 +48,7 @@ import org.keycloak.forms.login.freemarker.model.LoginBean; import org.keycloak.forms.login.freemarker.model.LogoutConfirmBean; import org.keycloak.forms.login.freemarker.model.OAuthGrantBean; import org.keycloak.forms.login.freemarker.model.OrganizationBean; +import org.keycloak.forms.login.freemarker.model.PasswordPoliciesBean; import org.keycloak.forms.login.freemarker.model.ProfileBean; import org.keycloak.forms.login.freemarker.model.RealmBean; import org.keycloak.forms.login.freemarker.model.RecoveryAuthnCodeInputLoginBean; @@ -548,6 +549,7 @@ public class FreeMarkerLoginFormsProvider implements LoginFormsProvider { attributes.put("org", new OrganizationBean(organization, user)); } } + attributes.put("passwordPolicies", new PasswordPoliciesBean(realm.getPasswordPolicy())); } if (realm != null && user != null && session != null) { attributes.put("authenticatorConfigured", new AuthenticatorConfiguredMethod(realm, user, session)); diff --git a/services/src/main/java/org/keycloak/forms/login/freemarker/model/PasswordPoliciesBean.java b/services/src/main/java/org/keycloak/forms/login/freemarker/model/PasswordPoliciesBean.java new file mode 100644 index 0000000000..05ad2999a0 --- /dev/null +++ b/services/src/main/java/org/keycloak/forms/login/freemarker/model/PasswordPoliciesBean.java @@ -0,0 +1,69 @@ +package org.keycloak.forms.login.freemarker.model; + +import org.keycloak.models.PasswordPolicy; + +public class PasswordPoliciesBean { + private final Integer length; + private final Integer maxLength; + private final Integer lowerCase; + private final Integer upperCase; + private final Integer specialChars; + private final Integer digits; + private final Integer passwordHistory; + private final Integer forceExpiredPasswordChange; + private final boolean notUsername; + private final boolean notEmail; + + public PasswordPoliciesBean(PasswordPolicy policy) { + this.length = policy.getPolicyConfig("length"); + this.maxLength = policy.getPolicyConfig("maxLength"); + this.lowerCase = policy.getPolicyConfig("lowerCase"); + this.upperCase = policy.getPolicyConfig("upperCase"); + this.specialChars = policy.getPolicyConfig("specialChars"); + this.digits = policy.getPolicyConfig("digits"); + this.passwordHistory = policy.getPolicyConfig("passwordHistory"); + this.forceExpiredPasswordChange = policy.getPolicyConfig("forceExpiredPasswordChange"); + this.notUsername = policy.getPolicies().contains("notUsername"); + this.notEmail = policy.getPolicies().contains("notEmail"); + } + + public Integer getLength() { + return length; + } + + public Integer getMaxLength() { + return maxLength; + } + + public Integer getLowerCase() { + return lowerCase; + } + + public Integer getUpperCase() { + return upperCase; + } + + public Integer getSpecialChars() { + return specialChars; + } + + public Integer getDigits() { + return digits; + } + + public Integer getPasswordHistory() { + return passwordHistory; + } + + public Integer getForceExpiredPasswordChange() { + return forceExpiredPasswordChange; + } + + public boolean isNotUsername() { + return notUsername; + } + + public boolean isNotEmail() { + return notEmail; + } +}