code formatting patched to be close to original and produce better difs
This commit is contained in:
Vlastimil Elias
parent
b117409531
commit
a49a2f1dc4
19 changed files with 8845 additions and 8834 deletions
|
|
@ -19,15 +19,12 @@ public interface RealmModel extends RoleContainerModel {
|
|||
interface RealmCreationEvent extends ProviderEvent {
|
||||
RealmModel getCreatedRealm();
|
||||
}
|
||||
|
||||
interface ClientCreationEvent extends ProviderEvent {
|
||||
ClientModel getCreatedClient();
|
||||
}
|
||||
|
||||
interface ApplicationCreationEvent extends ClientCreationEvent {
|
||||
ApplicationModel getCreatedApplication();
|
||||
}
|
||||
|
||||
interface OAuthClientCreationEvent extends ClientCreationEvent {
|
||||
OAuthClientModel getCreatedOAuthClient();
|
||||
}
|
||||
|
|
@ -62,36 +59,23 @@ public interface RealmModel extends RoleContainerModel {
|
|||
|
||||
void setRememberMe(boolean rememberMe);
|
||||
|
||||
// --- brute force settings
|
||||
//--- brute force settings
|
||||
boolean isBruteForceProtected();
|
||||
|
||||
void setBruteForceProtected(boolean value);
|
||||
|
||||
int getMaxFailureWaitSeconds();
|
||||
|
||||
void setMaxFailureWaitSeconds(int val);
|
||||
|
||||
int getWaitIncrementSeconds();
|
||||
|
||||
void setWaitIncrementSeconds(int val);
|
||||
|
||||
int getMinimumQuickLoginWaitSeconds();
|
||||
|
||||
void setMinimumQuickLoginWaitSeconds(int val);
|
||||
|
||||
long getQuickLoginCheckMilliSeconds();
|
||||
|
||||
void setQuickLoginCheckMilliSeconds(long val);
|
||||
|
||||
int getMaxDeltaTimeSeconds();
|
||||
|
||||
void setMaxDeltaTimeSeconds(int val);
|
||||
|
||||
int getFailureFactor();
|
||||
|
||||
void setFailureFactor(int failureFactor);
|
||||
//--- end brute force settings
|
||||
|
||||
// --- end brute force settings
|
||||
|
||||
boolean isVerifyEmail();
|
||||
|
||||
|
|
@ -102,11 +86,9 @@ public interface RealmModel extends RoleContainerModel {
|
|||
void setResetPasswordAllowed(boolean resetPasswordAllowed);
|
||||
|
||||
int getSsoSessionIdleTimeout();
|
||||
|
||||
void setSsoSessionIdleTimeout(int seconds);
|
||||
|
||||
int getSsoSessionMaxLifespan();
|
||||
|
||||
void setSsoSessionMaxLifespan(int seconds);
|
||||
|
||||
int getAccessTokenLifespan();
|
||||
|
|
@ -144,11 +126,8 @@ public interface RealmModel extends RoleContainerModel {
|
|||
void setCodeSecret(String codeSecret);
|
||||
|
||||
X509Certificate getCertificate();
|
||||
|
||||
void setCertificate(X509Certificate certificate);
|
||||
|
||||
String getCertificatePem();
|
||||
|
||||
void setCertificatePem(String certificate);
|
||||
|
||||
PrivateKey getPrivateKey();
|
||||
|
|
@ -184,7 +163,6 @@ public interface RealmModel extends RoleContainerModel {
|
|||
boolean removeApplication(String id);
|
||||
|
||||
ApplicationModel getApplicationById(String id);
|
||||
|
||||
ApplicationModel getApplicationByName(String name);
|
||||
|
||||
void updateRequiredCredentials(Set<String> creds);
|
||||
|
|
@ -194,9 +172,7 @@ public interface RealmModel extends RoleContainerModel {
|
|||
OAuthClientModel addOAuthClient(String id, String name);
|
||||
|
||||
OAuthClientModel getOAuthClient(String name);
|
||||
|
||||
OAuthClientModel getOAuthClientById(String id);
|
||||
|
||||
boolean removeOAuthClient(String id);
|
||||
|
||||
List<OAuthClientModel> getOAuthClients();
|
||||
|
|
|
|||
|
|
@ -76,8 +76,7 @@ import static org.keycloak.models.Constants.ACCOUNT_MANAGEMENT_APP;
|
|||
import static org.keycloak.models.UserModel.RequiredAction.UPDATE_PROFILE;
|
||||
|
||||
/**
|
||||
* <p>
|
||||
* </p>
|
||||
* <p></p>
|
||||
*
|
||||
* @author Pedro Igor
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -160,22 +160,19 @@ public class LoginActionsService {
|
|||
return false;
|
||||
} else if (!clientCode.isValid(requiredAction)) {
|
||||
event.error(Errors.INVALID_CODE);
|
||||
response = Flows.forwardToSecurityFailurePage(session, realm, uriInfo,
|
||||
"Invalid code, please login again through your application.");
|
||||
response = Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Invalid code, please login again through your application.");
|
||||
return false;
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
boolean check(String code, ClientSessionModel.Action requiredAction,
|
||||
ClientSessionModel.Action alternativeRequiredAction) {
|
||||
boolean check(String code, ClientSessionModel.Action requiredAction, ClientSessionModel.Action alternativeRequiredAction) {
|
||||
if (!check(code)) {
|
||||
return false;
|
||||
} else if (!(clientCode.isValid(requiredAction) || clientCode.isValid(alternativeRequiredAction))) {
|
||||
event.error(Errors.INVALID_CODE);
|
||||
response = Flows.forwardToSecurityFailurePage(session, realm, uriInfo,
|
||||
"Invalid code, please login again through your application.");
|
||||
response = Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Invalid code, please login again through your application.");
|
||||
return false;
|
||||
} else {
|
||||
return true;
|
||||
|
|
@ -196,8 +193,7 @@ public class LoginActionsService {
|
|||
clientCode = ClientSessionCode.parse(code, session, realm);
|
||||
if (clientCode == null) {
|
||||
event.error(Errors.INVALID_CODE);
|
||||
response = Flows.forwardToSecurityFailurePage(session, realm, uriInfo,
|
||||
"Unknown code, please login again through your application.");
|
||||
response = Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Unknown code, please login again through your application.");
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
|
|
@ -228,8 +224,8 @@ public class LoginActionsService {
|
|||
clientSession.setAction(ClientSessionModel.Action.AUTHENTICATE);
|
||||
}
|
||||
|
||||
LoginFormsProvider forms = Flows.forms(session, realm, clientSession.getClient(), uriInfo).setClientSessionCode(
|
||||
clientSessionCode.getCode());
|
||||
LoginFormsProvider forms = Flows.forms(session, realm, clientSession.getClient(), uriInfo)
|
||||
.setClientSessionCode(clientSessionCode.getCode());
|
||||
|
||||
return forms.createLogin();
|
||||
}
|
||||
|
|
@ -260,7 +256,8 @@ public class LoginActionsService {
|
|||
authManager.expireIdentityCookie(realm, uriInfo, clientConnection);
|
||||
|
||||
return Flows.forms(session, realm, clientSession.getClient(), uriInfo)
|
||||
.setClientSessionCode(clientSessionCode.getCode()).createRegistration();
|
||||
.setClientSessionCode(clientSessionCode.getCode())
|
||||
.createRegistration();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -273,7 +270,8 @@ public class LoginActionsService {
|
|||
@Path("request/login")
|
||||
@POST
|
||||
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
||||
public Response processLogin(@QueryParam("code") String code, final MultivaluedMap<String, String> formData) {
|
||||
public Response processLogin(@QueryParam("code") String code,
|
||||
final MultivaluedMap<String, String> formData) {
|
||||
event.event(EventType.LOGIN);
|
||||
if (!checkSsl()) {
|
||||
event.error(Errors.SSL_REQUIRED);
|
||||
|
|
@ -287,8 +285,7 @@ public class LoginActionsService {
|
|||
ClientSessionCode clientCode = ClientSessionCode.parse(code, session, realm);
|
||||
if (clientCode == null) {
|
||||
event.error(Errors.INVALID_CODE);
|
||||
return Flows.forwardToSecurityFailurePage(session, realm, uriInfo,
|
||||
"Unknown code, please login again through your application.");
|
||||
return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Unknown code, please login again through your application.");
|
||||
}
|
||||
|
||||
ClientSessionModel clientSession = clientCode.getClientSession();
|
||||
|
|
@ -298,7 +295,8 @@ public class LoginActionsService {
|
|||
clientCode.setAction(ClientSessionModel.Action.AUTHENTICATE);
|
||||
event.client(clientSession.getClient()).error(Errors.EXPIRED_CODE);
|
||||
return Flows.forms(this.session, realm, clientSession.getClient(), uriInfo).setError(Messages.EXPIRED_CODE)
|
||||
.setClientSessionCode(clientCode.getCode()).createLogin();
|
||||
.setClientSessionCode(clientCode.getCode())
|
||||
.createLogin();
|
||||
}
|
||||
|
||||
String username = formData.getFirst(AuthenticationManager.FORM_USERNAME);
|
||||
|
|
@ -306,8 +304,11 @@ public class LoginActionsService {
|
|||
String rememberMe = formData.getFirst("rememberMe");
|
||||
boolean remember = rememberMe != null && rememberMe.equalsIgnoreCase("on");
|
||||
|
||||
event.client(clientSession.getClient().getClientId()).detail(Details.REDIRECT_URI, clientSession.getRedirectUri())
|
||||
.detail(Details.RESPONSE_TYPE, "code").detail(Details.AUTH_METHOD, "form").detail(Details.USERNAME, username);
|
||||
event.client(clientSession.getClient().getClientId())
|
||||
.detail(Details.REDIRECT_URI, clientSession.getRedirectUri())
|
||||
.detail(Details.RESPONSE_TYPE, "code")
|
||||
.detail(Details.AUTH_METHOD, "form")
|
||||
.detail(Details.USERNAME, username);
|
||||
|
||||
if (remember) {
|
||||
event.detail(Details.REMEMBER_ME, "true");
|
||||
|
|
@ -326,12 +327,12 @@ public class LoginActionsService {
|
|||
if (formData.containsKey("cancel")) {
|
||||
event.error(Errors.REJECTED_BY_USER);
|
||||
LoginProtocol protocol = session.getProvider(LoginProtocol.class, clientSession.getAuthMethod());
|
||||
protocol.setRealm(realm).setUriInfo(uriInfo);
|
||||
protocol.setRealm(realm)
|
||||
.setUriInfo(uriInfo);
|
||||
return protocol.cancelLogin(clientSession);
|
||||
}
|
||||
|
||||
AuthenticationManager.AuthenticationStatus status = authManager.authenticateForm(session, clientConnection, realm,
|
||||
formData);
|
||||
AuthenticationManager.AuthenticationStatus status = authManager.authenticateForm(session, clientConnection, realm, formData);
|
||||
|
||||
if (remember) {
|
||||
authManager.createRememberMeCookie(realm, username, uriInfo, clientConnection);
|
||||
|
|
@ -347,37 +348,45 @@ public class LoginActionsService {
|
|||
switch (status) {
|
||||
case SUCCESS:
|
||||
case ACTIONS_REQUIRED:
|
||||
UserSessionModel userSession = session.sessions().createUserSession(realm, user, username,
|
||||
clientConnection.getRemoteAddr(), "form", remember);
|
||||
UserSessionModel userSession = session.sessions().createUserSession(realm, user, username, clientConnection.getRemoteAddr(), "form", remember);
|
||||
TokenManager.attachClientSession(userSession, clientSession);
|
||||
event.session(userSession);
|
||||
return authManager.nextActionAfterAuthentication(session, userSession, clientSession, clientConnection, request,
|
||||
uriInfo, event);
|
||||
return authManager.nextActionAfterAuthentication(session, userSession, clientSession, clientConnection, request, uriInfo, event);
|
||||
case ACCOUNT_TEMPORARILY_DISABLED:
|
||||
event.error(Errors.USER_TEMPORARILY_DISABLED);
|
||||
return Flows.forms(this.session, realm, client, uriInfo).setError(Messages.ACCOUNT_TEMPORARILY_DISABLED)
|
||||
.setFormData(formData).setClientSessionCode(clientCode.getCode()).createLogin();
|
||||
return Flows.forms(this.session, realm, client, uriInfo)
|
||||
.setError(Messages.ACCOUNT_TEMPORARILY_DISABLED)
|
||||
.setFormData(formData)
|
||||
.setClientSessionCode(clientCode.getCode())
|
||||
.createLogin();
|
||||
case ACCOUNT_DISABLED:
|
||||
event.error(Errors.USER_DISABLED);
|
||||
return Flows.forms(this.session, realm, client, uriInfo).setError(Messages.ACCOUNT_DISABLED)
|
||||
.setClientSessionCode(clientCode.getCode()).setFormData(formData).createLogin();
|
||||
return Flows.forms(this.session, realm, client, uriInfo)
|
||||
.setError(Messages.ACCOUNT_DISABLED)
|
||||
.setClientSessionCode(clientCode.getCode())
|
||||
.setFormData(formData).createLogin();
|
||||
case MISSING_TOTP:
|
||||
formData.remove(CredentialRepresentation.PASSWORD);
|
||||
|
||||
String passwordToken = new JWSBuilder().jsonContent(new PasswordToken(realm.getName(), user.getId())).rsa256(
|
||||
realm.getPrivateKey());
|
||||
String passwordToken = new JWSBuilder().jsonContent(new PasswordToken(realm.getName(), user.getId())).rsa256(realm.getPrivateKey());
|
||||
formData.add(CredentialRepresentation.PASSWORD_TOKEN, passwordToken);
|
||||
|
||||
return Flows.forms(this.session, realm, client, uriInfo).setFormData(formData)
|
||||
.setClientSessionCode(clientCode.getCode()).createLoginTotp();
|
||||
return Flows.forms(this.session, realm, client, uriInfo)
|
||||
.setFormData(formData)
|
||||
.setClientSessionCode(clientCode.getCode())
|
||||
.createLoginTotp();
|
||||
case INVALID_USER:
|
||||
event.error(Errors.USER_NOT_FOUND);
|
||||
return Flows.forms(this.session, realm, client, uriInfo).setError(Messages.INVALID_USER).setFormData(formData)
|
||||
.setClientSessionCode(clientCode.getCode()).createLogin();
|
||||
return Flows.forms(this.session, realm, client, uriInfo).setError(Messages.INVALID_USER)
|
||||
.setFormData(formData)
|
||||
.setClientSessionCode(clientCode.getCode())
|
||||
.createLogin();
|
||||
default:
|
||||
event.error(Errors.INVALID_USER_CREDENTIALS);
|
||||
return Flows.forms(this.session, realm, client, uriInfo).setError(Messages.INVALID_USER).setFormData(formData)
|
||||
.setClientSessionCode(clientCode.getCode()).createLogin();
|
||||
return Flows.forms(this.session, realm, client, uriInfo).setError(Messages.INVALID_USER)
|
||||
.setFormData(formData)
|
||||
.setClientSessionCode(clientCode.getCode())
|
||||
.createLogin();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -391,7 +400,8 @@ public class LoginActionsService {
|
|||
@Path("request/registration")
|
||||
@POST
|
||||
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
||||
public Response processRegister(@QueryParam("code") String code, final MultivaluedMap<String, String> formData) {
|
||||
public Response processRegister(@QueryParam("code") String code,
|
||||
final MultivaluedMap<String, String> formData) {
|
||||
event.event(EventType.REGISTER);
|
||||
if (!checkSsl()) {
|
||||
event.error(Errors.SSL_REQUIRED);
|
||||
|
|
@ -409,13 +419,11 @@ public class LoginActionsService {
|
|||
ClientSessionCode clientCode = ClientSessionCode.parse(code, session, realm);
|
||||
if (clientCode == null) {
|
||||
event.error(Errors.INVALID_CODE);
|
||||
return Flows.forwardToSecurityFailurePage(session, realm, uriInfo,
|
||||
"Unknown code, please login again through your application.");
|
||||
return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Unknown code, please login again through your application.");
|
||||
}
|
||||
if (!clientCode.isValid(ClientSessionModel.Action.AUTHENTICATE)) {
|
||||
event.error(Errors.INVALID_CODE);
|
||||
return Flows.forwardToSecurityFailurePage(session, realm, uriInfo,
|
||||
"Invalid code, please login again through your application.");
|
||||
return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Invalid code, please login again through your application.");
|
||||
}
|
||||
|
||||
String username = formData.getFirst("username");
|
||||
|
|
@ -425,8 +433,11 @@ public class LoginActionsService {
|
|||
formData.putSingle(AuthenticationManager.FORM_USERNAME, username);
|
||||
}
|
||||
ClientSessionModel clientSession = clientCode.getClientSession();
|
||||
event.client(clientSession.getClient()).detail(Details.REDIRECT_URI, clientSession.getRedirectUri())
|
||||
.detail(Details.RESPONSE_TYPE, "code").detail(Details.USERNAME, username).detail(Details.EMAIL, email)
|
||||
event.client(clientSession.getClient())
|
||||
.detail(Details.REDIRECT_URI, clientSession.getRedirectUri())
|
||||
.detail(Details.RESPONSE_TYPE, "code")
|
||||
.detail(Details.USERNAME, username)
|
||||
.detail(Details.EMAIL, email)
|
||||
.detail(Details.REGISTER_METHOD, "form");
|
||||
|
||||
if (!realm.isEnabled()) {
|
||||
|
|
@ -457,22 +468,31 @@ public class LoginActionsService {
|
|||
|
||||
if (error != null) {
|
||||
event.error(Errors.INVALID_REGISTRATION);
|
||||
return Flows.forms(session, realm, client, uriInfo).setError(error).setFormData(formData)
|
||||
.setClientSessionCode(clientCode.getCode()).createRegistration();
|
||||
return Flows.forms(session, realm, client, uriInfo)
|
||||
.setError(error)
|
||||
.setFormData(formData)
|
||||
.setClientSessionCode(clientCode.getCode())
|
||||
.createRegistration();
|
||||
}
|
||||
|
||||
// Validate that user with this username doesn't exist in realm or any federation provider
|
||||
if (session.users().getUserByUsername(username, realm) != null) {
|
||||
event.error(Errors.USERNAME_IN_USE);
|
||||
return Flows.forms(session, realm, client, uriInfo).setError(Messages.USERNAME_EXISTS).setFormData(formData)
|
||||
.setClientSessionCode(clientCode.getCode()).createRegistration();
|
||||
return Flows.forms(session, realm, client, uriInfo)
|
||||
.setError(Messages.USERNAME_EXISTS)
|
||||
.setFormData(formData)
|
||||
.setClientSessionCode(clientCode.getCode())
|
||||
.createRegistration();
|
||||
}
|
||||
|
||||
// Validate that user with this email doesn't exist in realm or any federation provider
|
||||
if (session.users().getUserByEmail(email, realm) != null) {
|
||||
event.error(Errors.EMAIL_IN_USE);
|
||||
return Flows.forms(session, realm, client, uriInfo).setError(Messages.EMAIL_EXISTS).setFormData(formData)
|
||||
.setClientSessionCode(clientCode.getCode()).createRegistration();
|
||||
return Flows.forms(session, realm, client, uriInfo)
|
||||
.setError(Messages.EMAIL_EXISTS)
|
||||
.setFormData(formData)
|
||||
.setClientSessionCode(clientCode.getCode())
|
||||
.createRegistration();
|
||||
}
|
||||
|
||||
UserModel user = session.users().addUser(realm, username);
|
||||
|
|
@ -500,8 +520,10 @@ public class LoginActionsService {
|
|||
// User already registered, but force him to update password
|
||||
if (!passwordUpdateSuccessful) {
|
||||
user.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
|
||||
return Flows.forms(session, realm, client, uriInfo).setError(passwordUpdateError)
|
||||
.setClientSessionCode(clientCode.getCode()).createResponse(UserModel.RequiredAction.UPDATE_PASSWORD);
|
||||
return Flows.forms(session, realm, client, uriInfo)
|
||||
.setError(passwordUpdateError)
|
||||
.setClientSessionCode(clientCode.getCode())
|
||||
.createResponse(UserModel.RequiredAction.UPDATE_PASSWORD);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -541,8 +563,10 @@ public class LoginActionsService {
|
|||
|
||||
String redirect = clientSession.getRedirectUri();
|
||||
|
||||
event.client(clientSession.getClient()).user(clientSession.getUserSession().getUser())
|
||||
.detail(Details.RESPONSE_TYPE, "code").detail(Details.REDIRECT_URI, redirect);
|
||||
event.client(clientSession.getClient())
|
||||
.user(clientSession.getUserSession().getUser())
|
||||
.detail(Details.RESPONSE_TYPE, "code")
|
||||
.detail(Details.REDIRECT_URI, redirect);
|
||||
|
||||
UserSessionModel userSession = clientSession.getUserSession();
|
||||
if (userSession != null) {
|
||||
|
|
@ -561,7 +585,8 @@ public class LoginActionsService {
|
|||
event.session(userSession);
|
||||
|
||||
LoginProtocol protocol = session.getProvider(LoginProtocol.class, clientSession.getAuthMethod());
|
||||
protocol.setRealm(realm).setUriInfo(uriInfo);
|
||||
protocol.setRealm(realm)
|
||||
.setUriInfo(uriInfo);
|
||||
if (formData.containsKey("cancel")) {
|
||||
event.error(Errors.REJECTED_BY_USER);
|
||||
return protocol.consentDenied(clientSession);
|
||||
|
|
@ -569,14 +594,14 @@ public class LoginActionsService {
|
|||
|
||||
event.success();
|
||||
|
||||
return authManager.redirectAfterSuccessfulFlow(session, realm, userSession, clientSession, request, uriInfo,
|
||||
clientConnection);
|
||||
return authManager.redirectAfterSuccessfulFlow(session, realm, userSession, clientSession, request, uriInfo, clientConnection);
|
||||
}
|
||||
|
||||
@Path("profile")
|
||||
@POST
|
||||
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
||||
public Response updateProfile(@QueryParam("code") String code, final MultivaluedMap<String, String> formData) {
|
||||
public Response updateProfile(@QueryParam("code") String code,
|
||||
final MultivaluedMap<String, String> formData) {
|
||||
event.event(EventType.UPDATE_PROFILE);
|
||||
Checks checks = new Checks();
|
||||
if (!checks.check(code, ClientSessionModel.Action.UPDATE_PROFILE)) {
|
||||
|
|
@ -592,7 +617,8 @@ public class LoginActionsService {
|
|||
String error = Validation.validateUpdateProfileForm(formData);
|
||||
if (error != null) {
|
||||
return Flows.forms(session, realm, null, uriInfo).setUser(user).setError(error)
|
||||
.setClientSessionCode(accessCode.getCode()).createResponse(RequiredAction.UPDATE_PROFILE);
|
||||
.setClientSessionCode(accessCode.getCode())
|
||||
.createResponse(RequiredAction.UPDATE_PROFILE);
|
||||
}
|
||||
|
||||
user.setFirstName(formData.getFirst("firstName"));
|
||||
|
|
@ -609,7 +635,8 @@ public class LoginActionsService {
|
|||
// check for duplicated email
|
||||
if (userByEmail != null && !userByEmail.getId().equals(user.getId())) {
|
||||
return Flows.forms(session, realm, null, uriInfo).setUser(user).setError(Messages.EMAIL_EXISTS)
|
||||
.setClientSessionCode(accessCode.getCode()).createResponse(RequiredAction.UPDATE_PROFILE);
|
||||
.setClientSessionCode(accessCode.getCode())
|
||||
.createResponse(RequiredAction.UPDATE_PROFILE);
|
||||
}
|
||||
|
||||
user.setEmail(email);
|
||||
|
|
@ -620,8 +647,7 @@ public class LoginActionsService {
|
|||
event.clone().event(EventType.UPDATE_PROFILE).success();
|
||||
|
||||
if (emailChanged) {
|
||||
event.clone().event(EventType.UPDATE_EMAIL).detail(Details.PREVIOUS_EMAIL, oldEmail)
|
||||
.detail(Details.UPDATED_EMAIL, email).success();
|
||||
event.clone().event(EventType.UPDATE_EMAIL).detail(Details.PREVIOUS_EMAIL, oldEmail).detail(Details.UPDATED_EMAIL, email).success();
|
||||
}
|
||||
|
||||
return redirectOauth(user, accessCode, clientSession, userSession);
|
||||
|
|
@ -630,7 +656,8 @@ public class LoginActionsService {
|
|||
@Path("totp")
|
||||
@POST
|
||||
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
||||
public Response updateTotp(@QueryParam("code") String code, final MultivaluedMap<String, String> formData) {
|
||||
public Response updateTotp(@QueryParam("code") String code,
|
||||
final MultivaluedMap<String, String> formData) {
|
||||
event.event(EventType.UPDATE_TOTP);
|
||||
Checks checks = new Checks();
|
||||
if (!checks.check(code, ClientSessionModel.Action.CONFIGURE_TOTP)) {
|
||||
|
|
@ -648,10 +675,12 @@ public class LoginActionsService {
|
|||
|
||||
LoginFormsProvider loginForms = Flows.forms(session, realm, null, uriInfo).setUser(user);
|
||||
if (Validation.isEmpty(totp)) {
|
||||
return loginForms.setError(Messages.MISSING_TOTP).setClientSessionCode(accessCode.getCode())
|
||||
return loginForms.setError(Messages.MISSING_TOTP)
|
||||
.setClientSessionCode(accessCode.getCode())
|
||||
.createResponse(RequiredAction.CONFIGURE_TOTP);
|
||||
} else if (!new TimeBasedOTP().validate(totp, totpSecret.getBytes())) {
|
||||
return loginForms.setError(Messages.INVALID_TOTP).setClientSessionCode(accessCode.getCode())
|
||||
return loginForms.setError(Messages.INVALID_TOTP)
|
||||
.setClientSessionCode(accessCode.getCode())
|
||||
.createResponse(RequiredAction.CONFIGURE_TOTP);
|
||||
}
|
||||
|
||||
|
|
@ -690,17 +719,20 @@ public class LoginActionsService {
|
|||
|
||||
LoginFormsProvider loginForms = Flows.forms(session, realm, null, uriInfo).setUser(user);
|
||||
if (Validation.isEmpty(passwordNew)) {
|
||||
return loginForms.setError(Messages.MISSING_PASSWORD).setClientSessionCode(accessCode.getCode())
|
||||
return loginForms.setError(Messages.MISSING_PASSWORD)
|
||||
.setClientSessionCode(accessCode.getCode())
|
||||
.createResponse(RequiredAction.UPDATE_PASSWORD);
|
||||
} else if (!passwordNew.equals(passwordConfirm)) {
|
||||
return loginForms.setError(Messages.NOTMATCH_PASSWORD).setClientSessionCode(accessCode.getCode())
|
||||
return loginForms.setError(Messages.NOTMATCH_PASSWORD)
|
||||
.setClientSessionCode(accessCode.getCode())
|
||||
.createResponse(RequiredAction.UPDATE_PASSWORD);
|
||||
}
|
||||
|
||||
try {
|
||||
session.users().updateCredential(realm, user, UserCredentialModel.password(passwordNew));
|
||||
} catch (Exception ape) {
|
||||
return loginForms.setError(ape.getMessage()).setClientSessionCode(accessCode.getCode())
|
||||
return loginForms.setError(ape.getMessage())
|
||||
.setClientSessionCode(accessCode.getCode())
|
||||
.createResponse(RequiredAction.UPDATE_PASSWORD);
|
||||
}
|
||||
|
||||
|
|
@ -711,8 +743,7 @@ public class LoginActionsService {
|
|||
if (clientSession.getAction().equals(ClientSessionModel.Action.RECOVER_PASSWORD)) {
|
||||
String actionCookieValue = getActionCookie();
|
||||
if (actionCookieValue == null || !actionCookieValue.equals(userSession.getId())) {
|
||||
return Flows.forms(session, realm, clientSession.getClient(), uriInfo).setSuccess("passwordUpdated")
|
||||
.createInfoPage();
|
||||
return Flows.forms(session, realm, clientSession.getClient(), uriInfo).setSuccess("passwordUpdated").createInfoPage();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -743,8 +774,7 @@ public class LoginActionsService {
|
|||
|
||||
String actionCookieValue = getActionCookie();
|
||||
if (actionCookieValue == null || !actionCookieValue.equals(userSession.getId())) {
|
||||
return Flows.forms(session, realm, clientSession.getClient(), uriInfo).setSuccess("emailVerified")
|
||||
.createInfoPage();
|
||||
return Flows.forms(session, realm, clientSession.getClient(), uriInfo).setSuccess("emailVerified").createInfoPage();
|
||||
}
|
||||
|
||||
event = event.clone().removeDetail(Details.EMAIL).event(EventType.LOGIN);
|
||||
|
|
@ -762,8 +792,10 @@ public class LoginActionsService {
|
|||
|
||||
createActionCookie(realm, uriInfo, clientConnection, userSession.getId());
|
||||
|
||||
return Flows.forms(session, realm, null, uriInfo).setClientSessionCode(accessCode.getCode())
|
||||
.setUser(userSession.getUser()).createResponse(RequiredAction.VERIFY_EMAIL);
|
||||
return Flows.forms(session, realm, null, uriInfo)
|
||||
.setClientSessionCode(accessCode.getCode())
|
||||
.setUser(userSession.getUser())
|
||||
.createResponse(RequiredAction.VERIFY_EMAIL);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -777,10 +809,13 @@ public class LoginActionsService {
|
|||
return checks.response;
|
||||
}
|
||||
ClientSessionCode accessCode = checks.clientCode;
|
||||
return Flows.forms(session, realm, null, uriInfo).setClientSessionCode(accessCode.getCode())
|
||||
return Flows.forms(session, realm, null, uriInfo)
|
||||
.setClientSessionCode(accessCode.getCode())
|
||||
.createResponse(RequiredAction.UPDATE_PASSWORD);
|
||||
} else {
|
||||
return Flows.forms(session, realm, null, uriInfo).setClientSessionCode(code).createPasswordReset();
|
||||
return Flows.forms(session, realm, null, uriInfo)
|
||||
.setClientSessionCode(code)
|
||||
.createPasswordReset();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -799,8 +834,7 @@ public class LoginActionsService {
|
|||
ClientSessionCode accessCode = ClientSessionCode.parse(code, session, realm);
|
||||
if (accessCode == null) {
|
||||
event.error(Errors.INVALID_CODE);
|
||||
return Flows.forwardToSecurityFailurePage(session, realm, uriInfo,
|
||||
"Unknown code, please login again through your application.");
|
||||
return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Unknown code, please login again through your application.");
|
||||
}
|
||||
ClientSessionModel clientSession = accessCode.getClientSession();
|
||||
|
||||
|
|
@ -808,14 +842,19 @@ public class LoginActionsService {
|
|||
|
||||
ClientModel client = clientSession.getClient();
|
||||
if (client == null) {
|
||||
return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Unknown login requester.");
|
||||
return Flows.forwardToSecurityFailurePage(session, realm, uriInfo,
|
||||
"Unknown login requester.");
|
||||
}
|
||||
if (!client.isEnabled()) {
|
||||
return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Login requester not enabled.");
|
||||
return Flows.forwardToSecurityFailurePage(session, realm, uriInfo,
|
||||
"Login requester not enabled.");
|
||||
}
|
||||
|
||||
event.client(client.getClientId()).detail(Details.REDIRECT_URI, clientSession.getRedirectUri())
|
||||
.detail(Details.RESPONSE_TYPE, "code").detail(Details.AUTH_METHOD, "form").detail(Details.USERNAME, username);
|
||||
event.client(client.getClientId())
|
||||
.detail(Details.REDIRECT_URI, clientSession.getRedirectUri())
|
||||
.detail(Details.RESPONSE_TYPE, "code")
|
||||
.detail(Details.AUTH_METHOD, "form")
|
||||
.detail(Details.USERNAME, username);
|
||||
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null && username.contains("@")) {
|
||||
|
|
@ -831,8 +870,7 @@ public class LoginActionsService {
|
|||
} else {
|
||||
event.user(user);
|
||||
|
||||
UserSessionModel userSession = session.sessions().createUserSession(realm, user, username,
|
||||
clientConnection.getRemoteAddr(), "form", false);
|
||||
UserSessionModel userSession = session.sessions().createUserSession(realm, user, username, clientConnection.getRemoteAddr(), "form", false);
|
||||
event.session(userSession);
|
||||
TokenManager.attachClientSession(userSession, clientSession);
|
||||
|
||||
|
|
@ -852,14 +890,14 @@ public class LoginActionsService {
|
|||
event.error(Errors.EMAIL_SEND_FAILED);
|
||||
logger.error("Failed to send password reset email", e);
|
||||
return Flows.forms(this.session, realm, client, uriInfo).setError("emailSendError")
|
||||
.setClientSessionCode(accessCode.getCode()).createErrorPage();
|
||||
.setClientSessionCode(accessCode.getCode())
|
||||
.createErrorPage();
|
||||
}
|
||||
|
||||
createActionCookie(realm, uriInfo, clientConnection, userSession.getId());
|
||||
}
|
||||
|
||||
return Flows.forms(session, realm, client, uriInfo).setSuccess("emailSent")
|
||||
.setClientSessionCode(accessCode.getCode()).createPasswordReset();
|
||||
return Flows.forms(session, realm, client, uriInfo).setSuccess("emailSent").setClientSessionCode(accessCode.getCode()).createPasswordReset();
|
||||
}
|
||||
|
||||
private String getActionCookie() {
|
||||
|
|
@ -882,9 +920,12 @@ public class LoginActionsService {
|
|||
}
|
||||
|
||||
private void initEvent(ClientSessionModel clientSession) {
|
||||
event.event(EventType.LOGIN).client(clientSession.getClient()).user(clientSession.getUserSession().getUser())
|
||||
.session(clientSession.getUserSession().getId()).detail(Details.CODE_ID, clientSession.getId())
|
||||
.detail(Details.REDIRECT_URI, clientSession.getRedirectUri()).detail(Details.RESPONSE_TYPE, "code");
|
||||
event.event(EventType.LOGIN).client(clientSession.getClient())
|
||||
.user(clientSession.getUserSession().getUser())
|
||||
.session(clientSession.getUserSession().getId())
|
||||
.detail(Details.CODE_ID, clientSession.getId())
|
||||
.detail(Details.REDIRECT_URI, clientSession.getRedirectUri())
|
||||
.detail(Details.RESPONSE_TYPE, "code");
|
||||
|
||||
UserSessionModel userSession = clientSession.getUserSession();
|
||||
|
||||
|
|
|
|||
|
|
@ -13,11 +13,9 @@ import org.keycloak.services.messages.Messages;
|
|||
public class Validation {
|
||||
|
||||
// Actually allow same emails like angular. See ValidationTest.testEmailValidation()
|
||||
private static final Pattern EMAIL_PATTERN = Pattern
|
||||
.compile("[a-zA-Z0-9!#$%&'*+/=?^_`{|}~.-]+@[a-zA-Z0-9-]+(\\.[a-zA-Z0-9-]+)*");
|
||||
private static final Pattern EMAIL_PATTERN = Pattern.compile("[a-zA-Z0-9!#$%&'*+/=?^_`{|}~.-]+@[a-zA-Z0-9-]+(\\.[a-zA-Z0-9-]+)*");
|
||||
|
||||
public static String validateRegistrationForm(RealmModel realm, MultivaluedMap<String, String> formData,
|
||||
List<String> requiredCredentialTypes) {
|
||||
public static String validateRegistrationForm(RealmModel realm, MultivaluedMap<String, String> formData, List<String> requiredCredentialTypes) {
|
||||
if (isEmpty(formData.getFirst("firstName"))) {
|
||||
return Messages.MISSING_FIRST_NAME;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -79,10 +79,8 @@ public class AdminAPITest {
|
|||
ApplicationModel adminConsole = adminRealm.getApplicationByName(Constants.ADMIN_CONSOLE_APPLICATION);
|
||||
TokenManager tm = new TokenManager();
|
||||
UserModel admin = session.users().getUserByUsername("admin", adminRealm);
|
||||
UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, "admin", null, "form",
|
||||
false);
|
||||
AccessToken token = tm.createClientAccessToken(session, tm.getAccess(null, adminConsole, admin), adminRealm,
|
||||
adminConsole, admin, userSession, null);
|
||||
UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, "admin", null, "form", false);
|
||||
AccessToken token = tm.createClientAccessToken(session, tm.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession, null);
|
||||
return tm.encodeToken(adminRealm, token);
|
||||
} finally {
|
||||
keycloakRule.stopSession(session, true);
|
||||
|
|
@ -140,8 +138,7 @@ public class AdminAPITest {
|
|||
CredentialRepresentation cred = appTarget.path("client-secret").request().get(CredentialRepresentation.class);
|
||||
if (appRep.getSecret() != null)
|
||||
Assert.assertEquals(appRep.getSecret(), cred.getValue());
|
||||
CredentialRepresentation newCred = appTarget.path("client-secret").request()
|
||||
.post(null, CredentialRepresentation.class);
|
||||
CredentialRepresentation newCred = appTarget.path("client-secret").request().post(null, CredentialRepresentation.class);
|
||||
Assert.assertNotEquals(newCred.getValue(), cred.getValue());
|
||||
|
||||
Response appUpdateResponse = appTarget.request().put(Entity.json(appRep));
|
||||
|
|
|
|||
Loading…
Reference in a new issue