Examples with ExecuteActionsActionToken - org.keycloak.authentication.actiontoken.execactions.ExecuteActionsActionToken

Example 1 with ExecuteActionsActionToken

use of org.keycloak.authentication.actiontoken.execactions.ExecuteActionsActionToken in project keycloak by keycloak.

the class UserResource method executeActionsEmail.

/**
 * Send a update account email to the user
 *
 * An email contains a link the user can click to perform a set of required actions.
 * The redirectUri and clientId parameters are optional. If no redirect is given, then there will
 * be no link back to click after actions have completed.  Redirect uri must be a valid uri for the
 * particular clientId.
 *
 * @param redirectUri Redirect uri
 * @param clientId Client id
 * @param lifespan Number of seconds after which the generated token expires
 * @param actions required actions the user needs to complete
 * @return
 */
@Path("execute-actions-email")
@PUT
@Consumes(MediaType.APPLICATION_JSON)
public Response executeActionsEmail(@QueryParam(OIDCLoginProtocol.REDIRECT_URI_PARAM) String redirectUri, @QueryParam(OIDCLoginProtocol.CLIENT_ID_PARAM) String clientId, @QueryParam("lifespan") Integer lifespan, List<String> actions) {
    auth.users().requireManage(user);
    if (user.getEmail() == null) {
        return ErrorResponse.error("User email missing", Status.BAD_REQUEST);
    }
    if (!user.isEnabled()) {
        throw new WebApplicationException(ErrorResponse.error("User is disabled", Status.BAD_REQUEST));
    }
    if (redirectUri != null && clientId == null) {
        throw new WebApplicationException(ErrorResponse.error("Client id missing", Status.BAD_REQUEST));
    }
    if (clientId == null) {
        clientId = Constants.ACCOUNT_MANAGEMENT_CLIENT_ID;
    }
    ClientModel client = realm.getClientByClientId(clientId);
    if (client == null) {
        logger.debugf("Client %s doesn't exist", clientId);
        throw new WebApplicationException(ErrorResponse.error("Client doesn't exist", Status.BAD_REQUEST));
    }
    if (!client.isEnabled()) {
        logger.debugf("Client %s is not enabled", clientId);
        throw new WebApplicationException(ErrorResponse.error("Client is not enabled", Status.BAD_REQUEST));
    }
    String redirect;
    if (redirectUri != null) {
        redirect = RedirectUtils.verifyRedirectUri(session, redirectUri, client);
        if (redirect == null) {
            throw new WebApplicationException(ErrorResponse.error("Invalid redirect uri.", Status.BAD_REQUEST));
        }
    }
    if (lifespan == null) {
        lifespan = realm.getActionTokenGeneratedByAdminLifespan();
    }
    int expiration = Time.currentTime() + lifespan;
    ExecuteActionsActionToken token = new ExecuteActionsActionToken(user.getId(), user.getEmail(), expiration, actions, redirectUri, clientId);
    try {
        UriBuilder builder = LoginActionsService.actionTokenProcessor(session.getContext().getUri());
        builder.queryParam("key", token.serialize(session, realm, session.getContext().getUri()));
        String link = builder.build(realm.getName()).toString();
        this.session.getProvider(EmailTemplateProvider.class).setAttribute(Constants.TEMPLATE_ATTR_REQUIRED_ACTIONS, token.getRequiredActions()).setRealm(realm).setUser(user).sendExecuteActions(link, TimeUnit.SECONDS.toMinutes(lifespan));
        // audit.user(user).detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID, accessCode.getCodeId()).success();
        adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success();
        return Response.noContent().build();
    } catch (EmailException e) {
        ServicesLogger.LOGGER.failedToSendActionsEmail(e);
        return ErrorResponse.error("Failed to send execute actions email", Status.INTERNAL_SERVER_ERROR);
    }
}

Also used : ClientModel(org.keycloak.models.ClientModel) WebApplicationException(javax.ws.rs.WebApplicationException) EmailException(org.keycloak.email.EmailException) ExecuteActionsActionToken(org.keycloak.authentication.actiontoken.execactions.ExecuteActionsActionToken) UriBuilder(javax.ws.rs.core.UriBuilder) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) PUT(javax.ws.rs.PUT)

Aggregations

Consumes (javax.ws.rs.Consumes)1 PUT (javax.ws.rs.PUT)1 Path (javax.ws.rs.Path)1 WebApplicationException (javax.ws.rs.WebApplicationException)1 UriBuilder (javax.ws.rs.core.UriBuilder)1 ExecuteActionsActionToken (org.keycloak.authentication.actiontoken.execactions.ExecuteActionsActionToken)1 EmailException (org.keycloak.email.EmailException)1 ClientModel (org.keycloak.models.ClientModel)1