From f56285424a8bc50a025b572c341351f6e0c95f58 Mon Sep 17 00:00:00 2001
From: Javier Pena <javiprendo@gmail.com>
Date: Wed, 21 Nov 2018 14:07:17 +0100
Subject: [PATCH] Update auth-spi.adoc

Some fixes and minimal methods to follow the example
---
 server_development/topics/auth-spi.adoc | 25 ++++++++++++++++++++++---
 1 file changed, 22 insertions(+), 3 deletions(-)

diff --git a/server_development/topics/auth-spi.adoc b/server_development/topics/auth-spi.adoc
index 1ea4322858..a81aa8d2f0 100644
--- a/server_development/topics/auth-spi.adoc
+++ b/server_development/topics/auth-spi.adoc
@@ -168,9 +168,9 @@ In our case we are storing this information, hashed, within a UserCredentialValu
 
 [source,java]
 ----
-    @Override
+  @Override
     public boolean configuredFor(KeycloakSession session, RealmModel realm, UserModel user) {
-        return session.users().configuredForCredentialType("secret_question", realm, user);
+        return session.userCredentialManager().isConfiguredFor(realm, user, "SECRET_QUESTION");
     }
 ----            
 
@@ -204,9 +204,18 @@ Its sole purpose is to render the page or to continue the flow.
            context.success();
            return;
         }
-        Response challenge = loginForm(context).createForm("secret_question.ftl");
+        Response challenge = context.form().createForm("secret-question.ftl");
         context.challenge(challenge);
     }
+    
+    protected boolean hasCookie(AuthenticationFlowContext context) {
+        Cookie cookie = context.getHttpRequest().getHttpHeaders().getCookies().get("SECRET_QUESTION_ANSWERED");
+        boolean result = cookie != null;
+        if (result) {
+            System.out.println("Bypassing secret question because cookie is set");
+        }
+        return result;
+    }
 ----            
 
 The hasCookie() method checks to see if there is already a cookie set on the browser which indicates that the secret question has already been answered.
@@ -243,6 +252,15 @@ The flow will end up invoking the action() method of our Authenticator implement
         setCookie(context);
         context.success();
     }
+    
+    protected boolean validateAnswer(AuthenticationFlowContext context) {
+        MultivaluedMap<String, String> formData = context.getHttpRequest().getDecodedFormParameters();
+        String secret = formData.getFirst("secret_answer");
+        UserCredentialModel input = new UserCredentialModel();
+        input.setType("SECRET_QUESTION");
+        input.setValue(secret);
+        return context.getSession().userCredentialManager().isValid(context.getRealm(), context.getUser(), input);
+    }
 ----            
 
 If the answer is not valid, we rebuild the HTML Form with an additional error message.
@@ -392,6 +410,7 @@ Let's take a bigger look at secret-question.ftl  Here's a small code snippet:
                     <input id="totp" name="secret_answer" type="text" class="${properties.kcInputClass!}" />
                 </div>
             </div>
+        </form>
 ----            
 
 Any piece of text enclosed in `${}` corresponds to an attribute or template funtion.