KEYCLOAK-27 Basic social flow with automatic registration and non-duplicated username

2013-08-19 18:14:40 +02:00 · 2013-08-19 18:14:40 +02:00 · 932ed10c17
commit 932ed10c17
parent b2544dbe8f
8 changed files with 68 additions and 9 deletions
--- a/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json
+++ b/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json
@ -6,6 +6,7 @@
    "sslNotRequired": true,
    "cookieLoginAllowed": true,
    "registrationAllowed": true,
+    "automaticRegistrationAfterSocialLogin": true,
    "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
    "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
    "requiredCredentials": [ "password" ],
--- a/services/src/main/java/org/keycloak/services/models/picketlink/mappings/RealmEntity.java
+++ b/services/src/main/java/org/keycloak/services/models/picketlink/mappings/RealmEntity.java
@ -37,6 +37,8 @@ public class RealmEntity implements Serializable {
    @AttributeValue
    private boolean social;
    @AttributeValue
+    private boolean automaticRegistrationAfterSocialLogin;
+    @AttributeValue
    private int tokenLifespan;
    @AttributeValue
    private int accessCodeLifespan;
@ -106,6 +108,14 @@ public class RealmEntity implements Serializable {
        this.social = social;
    }

+    public boolean isAutomaticRegistrationAfterSocialLogin() {
+        return automaticRegistrationAfterSocialLogin;
+    }
+
+    public void setAutomaticRegistrationAfterSocialLogin(boolean automaticRegistrationAfterSocialLogin) {
+        this.automaticRegistrationAfterSocialLogin = automaticRegistrationAfterSocialLogin;
+    }
+
    public int getTokenLifespan() {
        return tokenLifespan;
    }
--- a/services/src/main/java/org/keycloak/services/resources/SocialResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/SocialResource.java
@ -46,6 +46,7 @@ import org.keycloak.services.managers.RealmManager;
 import org.keycloak.services.managers.TokenManager;
 import org.keycloak.services.models.RealmModel;
 import org.keycloak.services.models.RoleModel;
+import org.keycloak.services.models.SocialLinkModel;
 import org.keycloak.services.models.UserModel;
 import org.keycloak.services.resources.flows.Flows;
 import org.keycloak.services.resources.flows.OAuthFlows;
@ -134,21 +135,35 @@ public class SocialResource {
                    return oauth.forwardToSecurityFailure("Failed to process social callback");
                }

-                // TODO Lookup user based on attribute for provider id - this is so a user can have a friendly username + link a
-                // user to
-                // multiple social logins
-                UserModel user = realm.getUser(provider.getId() + "." + socialUser.getId());
+                SocialLinkModel socialLink = new SocialLinkModel(provider.getId(), socialUser.getUsername());
+                UserModel user = realm.getUserBySocialLink(socialLink);

                if (user == null) {
                    if (!realm.isRegistrationAllowed()) {
                        return oauth.forwardToSecurityFailure("Registration not allowed");
                    }

-                    user = realm.addUser(provider.getId() + "." + socialUser.getId());
-                    user.setAttribute(provider.getId() + ".id", socialUser.getId());
+                    // Automatically register user into realm with his social username (don't redirect to registration screen)
+                    if (realm.isAutomaticRegistrationAfterSocialLogin()) {

-                    for (RoleModel role : realm.getDefaultRoles()) {
-                        realm.grantRole(user, role);
+                        if (realm.getUser(socialUser.getUsername()) != null) {
+                            // TODO: Username is already in realm. Show message and let user to bind accounts
+                            throw new IllegalStateException("Username " + socialUser.getUsername() +
+                                    " already registered in the realm. TODO: bind accounts...");
+
+                            // TODO: Maybe we should search also by email and bind accounts if user with this email is
+                            // already registered. But actually Keycloak allows duplicate emails
+                        } else {
+                            user = realm.addUser(socialUser.getUsername());
+                        }
+
+                        realm.addSocialLink(user, socialLink);
+
+                        for (RoleModel role : realm.getDefaultRoles()) {
+                            realm.grantRole(user, role);
+                        }
+                    }  else {
+                        // TODO: redirect to registration screen with pre-filled info
                    }
                }

--- a/services/src/test/java/org/keycloak/test/AdapterTest.java
+++ b/services/src/test/java/org/keycloak/test/AdapterTest.java
@ -75,6 +75,7 @@ public class AdapterTest {
        realmModel.setPrivateKeyPem("0234234");
        realmModel.setPublicKeyPem("0234234");
        realmModel.setTokenLifespan(1000);
+        realmModel.setAutomaticRegistrationAfterSocialLogin(true);
        realmModel.addDefaultRole("foo");

        System.out.println(realmModel.getId());
@ -86,6 +87,7 @@ public class AdapterTest {
        Assert.assertEquals(realmModel.getName(), "JUGGLER");
        Assert.assertEquals(realmModel.getPrivateKeyPem(), "0234234");
        Assert.assertEquals(realmModel.getPublicKeyPem(), "0234234");
+        Assert.assertEquals(realmModel.isAutomaticRegistrationAfterSocialLogin(), true);
        Assert.assertEquals(1, realmModel.getDefaultRoles().size());
        Assert.assertEquals("foo", realmModel.getDefaultRoles().get(0).getName());
    }
--- a/social/core/src/main/java/org/keycloak/social/SocialUser.java
+++ b/social/core/src/main/java/org/keycloak/social/SocialUser.java
@ -3,6 +3,7 @@ package org.keycloak.social;
 public class SocialUser {
    
    private String id;
+    private String username;
    private String firstName;
    private String lastName;
    private String email;
@ -19,6 +20,14 @@ public class SocialUser {
        this.id = id;
    }

+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
    public String getFirstName() {
        return firstName;
    }
--- a/social/facebook/src/main/java/org/keycloak/social/facebook/FacebookProvider.java
+++ b/social/facebook/src/main/java/org/keycloak/social/facebook/FacebookProvider.java
@ -82,6 +82,13 @@ public class FacebookProvider implements SocialProvider {
            FacebookUser facebookUser = loadUser(accessToken, client);

            SocialUser socialUser = new SocialUser(facebookUser.getId());
+            socialUser.setUsername(facebookUser.getUsername());
+
+            // This could happen with Facebook testing users
+            if (facebookUser.getUsername() == null || facebookUser.getUsername().length() == 0) {
+                socialUser.setUsername(facebookUser.getId());
+            }
+
            socialUser.setEmail(facebookUser.getEmail());
            socialUser.setLastName(facebookUser.getLastName());
            socialUser.setFirstName(facebookUser.getFirstName());
--- a/social/google/src/main/java/org/keycloak/social/google/GoogleProvider.java
+++ b/social/google/src/main/java/org/keycloak/social/google/GoogleProvider.java
@ -106,6 +106,10 @@ public class GoogleProvider implements SocialProvider {
            Userinfo userInfo = oauth2.userinfo().get().execute();

            SocialUser user = new SocialUser(userInfo.getId());
+
+            // Use email as username for Google
+            user.setUsername(userInfo.getEmail());
+
            user.setFirstName(userInfo.getGivenName());
            user.setLastName(userInfo.getFamilyName());
            user.setEmail(userInfo.getEmail());
--- a/social/twitter/src/main/java/org/keycloak/social/twitter/TwitterProvider.java
+++ b/social/twitter/src/main/java/org/keycloak/social/twitter/TwitterProvider.java
@ -77,7 +77,18 @@ public class TwitterProvider implements SocialProvider {
            twitter4j.User twitterUser = twitter.verifyCredentials();

            SocialUser user = new SocialUser(Long.toString(twitterUser.getId()));
-            user.setFirstName(twitterUser.getName());
+
+            // Use screenName as username for Twitter
+            user.setUsername(twitterUser.getScreenName());
+
+            String twitterName = twitterUser.getName();
+            int spaceIndex = twitterName.lastIndexOf(' ');
+            if (spaceIndex != -1) {
+                user.setFirstName(twitterName.substring(0, spaceIndex));
+                user.setLastName(twitterName.substring(spaceIndex + 1));
+            } else {
+                user.setFirstName(twitterName);
+            }

            return user;
        } catch (Exception e) {