libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Generate RESTART_AUTHENTICATION event on success

Browse source 
Closes #29385

Signed-off-by: rmartinc <rmartinc@redhat.com>
This commit is contained in:
rmartinc 2024-05-23 09:42:44 +02:00 committed by Marek Posolda
parent 9eb310e5e0
commit b258b459d7
2 changed files with 16 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
View file

@ -236,6 +236,10 @@ public class LoginActionsService {
return checks.getResponse();
}
event.user(authSession.getAuthenticatedUser());
event.detail(Details.USERNAME, authSession.getAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME));
event.detail(Details.AUTH_METHOD, authSession.getProtocol());
String flowPath = authSession.getClientNote(AuthorizationEndpointBase.APP_INITIATED_FLOW);
if (flowPath == null) {
flowPath = AUTHENTICATE_PATH;
@ -256,6 +260,7 @@ public class LoginActionsService {
URI redirectUri = getLastExecutionUrl(flowPath, null, authSession.getClient().getClientId(), authSession.getTabId(), AuthenticationProcessor.getClientData(session, authSession));
logger.debugf("Flow restart requested. Redirecting to %s", redirectUri);
event.success();
return Response.status(Response.Status.FOUND).location(redirectUri).build();
}

12
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/MultiFactorAuthenticationTest.java
View file

@ -33,9 +33,12 @@ import org.keycloak.authentication.authenticators.browser.PasswordFormFactory;
import org.keycloak.authentication.authenticators.browser.UsernameFormFactory;
import org.keycloak.authentication.authenticators.browser.WebAuthnAuthenticatorFactory;
import org.keycloak.events.Details;
import org.keycloak.events.EventType;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.client.KeycloakTestingClient;
@ -285,6 +288,7 @@ public class MultiFactorAuthenticationTest extends AbstractTestRealmKeycloakTest
@Test
public void testUsernameLabelAndResetLogin() {
try {
UserRepresentation user = testRealm().users().search("user-with-one-configured-otp").get(0);
configureBrowserFlowWithAlternativeCredentials();
// The "attempted username" with username not yet available on the login screen
@ -306,6 +310,12 @@ public class MultiFactorAuthenticationTest extends AbstractTestRealmKeycloakTest
// Reset login
selectAuthenticatorPage.clickResetLogin();
events.expect(EventType.RESTART_AUTHENTICATION)
.client(oauth.getClientId())
.user(user.getId())
.detail(Details.USERNAME, "user-with-one-configured-otp")
.detail(Details.AUTH_METHOD, OIDCLoginProtocol.LOGIN_PROTOCOL)
.assertEvent();
// Should be back on the login page
loginUsernameOnlyPage.assertCurrent();
@ -321,7 +331,7 @@ public class MultiFactorAuthenticationTest extends AbstractTestRealmKeycloakTest
// Login
passwordPage.login("password");
events.expectLogin().user(testRealm().users().search("user-with-one-configured-otp").get(0).getId())
events.expectLogin().user(user.getId())
.detail(Details.USERNAME, "otp1@redhat.com").assertEvent();
} finally {
BrowserFlowTest.revertFlows(testRealm(), "browser - alternative");