Example 1 with ResetCredentialsActionToken
use of org.keycloak.authentication.actiontoken.resetcred.ResetCredentialsActionToken in project keycloak by keycloak.
the class ResetCredentialEmail method authenticate.
@Override
public void authenticate(AuthenticationFlowContext context) {
UserModel user = context.getUser();
AuthenticationSessionModel authenticationSession = context.getAuthenticationSession();
String username = authenticationSession.getAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME);
// just reset login for with a success message
if (user == null) {
context.forkWithSuccessMessage(new FormMessage(Messages.EMAIL_SENT));
return;
}
String actionTokenUserId = authenticationSession.getAuthNote(DefaultActionTokenKey.ACTION_TOKEN_USER_ID);
if (actionTokenUserId != null && Objects.equals(user.getId(), actionTokenUserId)) {
logger.debugf("Forget-password triggered when reauthenticating user after authentication via action token. Skipping " + PROVIDER_ID + " screen and using user '%s' ", user.getUsername());
context.success();
return;
}
EventBuilder event = context.getEvent();
// we don't want people guessing usernames, so if there is a problem, just continuously challenge
if (user.getEmail() == null || user.getEmail().trim().length() == 0) {
event.user(user).detail(Details.USERNAME, username).error(Errors.INVALID_EMAIL);
context.forkWithSuccessMessage(new FormMessage(Messages.EMAIL_SENT));
return;
}
int validityInSecs = context.getRealm().getActionTokenGeneratedByUserLifespan(ResetCredentialsActionToken.TOKEN_TYPE);
int absoluteExpirationInSecs = Time.currentTime() + validityInSecs;
// We send the secret in the email in a link as a query param.
String authSessionEncodedId = AuthenticationSessionCompoundId.fromAuthSession(authenticationSession).getEncodedId();
ResetCredentialsActionToken token = new ResetCredentialsActionToken(user.getId(), user.getEmail(), absoluteExpirationInSecs, authSessionEncodedId, authenticationSession.getClient().getClientId());
String link = UriBuilder.fromUri(context.getActionTokenUrl(token.serialize(context.getSession(), context.getRealm(), context.getUriInfo()))).build().toString();
long expirationInMinutes = TimeUnit.SECONDS.toMinutes(validityInSecs);
try {
context.getSession().getProvider(EmailTemplateProvider.class).setRealm(context.getRealm()).setUser(user).setAuthenticationSession(authenticationSession).sendPasswordReset(link, expirationInMinutes);
event.clone().event(EventType.SEND_RESET_PASSWORD).user(user).detail(Details.USERNAME, username).detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID, authenticationSession.getParentSession().getId()).success();
context.forkWithSuccessMessage(new FormMessage(Messages.EMAIL_SENT));
} catch (EmailException e) {
event.clone().event(EventType.SEND_RESET_PASSWORD).detail(Details.USERNAME, username).user(user).error(Errors.EMAIL_SEND_FAILED);
ServicesLogger.LOGGER.failedToSendPwdResetEmail(e);
Response challenge = context.form().setError(Messages.EMAIL_SENT_ERROR).createErrorPage(Response.Status.INTERNAL_SERVER_ERROR);
context.failure(AuthenticationFlowError.INTERNAL_ERROR, challenge);
}
}
Also used :
ResetCredentialsActionToken(org.keycloak.authentication.actiontoken.resetcred.ResetCredentialsActionToken)
Response(javax.ws.rs.core.Response)
AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel)
EventBuilder(org.keycloak.events.EventBuilder)
EmailException(org.keycloak.email.EmailException)
FormMessage(org.keycloak.models.utils.FormMessage)
Aggregations
Response (javax.ws.rs.core.Response)1
ResetCredentialsActionToken (org.keycloak.authentication.actiontoken.resetcred.ResetCredentialsActionToken)1
EmailException (org.keycloak.email.EmailException)1
EventBuilder (org.keycloak.events.EventBuilder)1
FormMessage (org.keycloak.models.utils.FormMessage)1
AuthenticationSessionModel (org.keycloak.sessions.AuthenticationSessionModel)1
