Search in sources :

Example 6 with CredentialModel

use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.

the class UserTest method createUserWithRawCredentials.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void createUserWithRawCredentials() {
    UserRepresentation user = new UserRepresentation();
    user.setUsername("user_rawpw");
    user.setEmail("email.raw@localhost");
    CredentialRepresentation rawPassword = new CredentialRepresentation();
    rawPassword.setValue("ABCD");
    rawPassword.setType(CredentialRepresentation.PASSWORD);
    user.setCredentials(Arrays.asList(rawPassword));
    createUser(user);
    CredentialModel credential = fetchCredentials("user_rawpw");
    assertNotNull("Expecting credential", credential);
    PasswordCredentialModel pcm = PasswordCredentialModel.createFromCredentialModel(credential);
    assertEquals(PasswordPolicy.HASH_ALGORITHM_DEFAULT, pcm.getPasswordCredentialData().getAlgorithm());
    assertEquals(PasswordPolicy.HASH_ITERATIONS_DEFAULT, pcm.getPasswordCredentialData().getHashIterations());
    assertNotEquals("ABCD", pcm.getPasswordSecretData().getValue());
    assertEquals(CredentialRepresentation.PASSWORD, credential.getType());
}
Also used : CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation) CredentialModel(org.keycloak.credential.CredentialModel) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) OTPCredentialModel(org.keycloak.models.credential.OTPCredentialModel) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Example 7 with CredentialModel

use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.

the class JpaUserFederatedStorageProvider method toModel.

protected CredentialModel toModel(FederatedUserCredentialEntity entity) {
    CredentialModel model = new CredentialModel();
    model.setId(entity.getId());
    model.setType(entity.getType());
    model.setCreatedDate(entity.getCreatedDate());
    model.setUserLabel(entity.getUserLabel());
    // We migrate it to new secretData format on-the-fly
    if (entity.getSalt() != null) {
        String newSecretData = entity.getSecretData().replace("__SALT__", Base64.encodeBytes(entity.getSalt()));
        entity.setSecretData(newSecretData);
        entity.setSalt(null);
    }
    model.setSecretData(entity.getSecretData());
    model.setCredentialData(entity.getCredentialData());
    return model;
}
Also used : CredentialModel(org.keycloak.credential.CredentialModel)

Example 8 with CredentialModel

use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.

the class JpaUserCredentialStore method toModel.

CredentialModel toModel(CredentialEntity entity) {
    CredentialModel model = new CredentialModel();
    model.setId(entity.getId());
    model.setType(entity.getType());
    model.setCreatedDate(entity.getCreatedDate());
    model.setUserLabel(entity.getUserLabel());
    // We migrate it to new secretData format on-the-fly
    if (entity.getSalt() != null) {
        String newSecretData = entity.getSecretData().replace("__SALT__", Base64.encodeBytes(entity.getSalt()));
        entity.setSecretData(newSecretData);
        entity.setSalt(null);
    }
    model.setSecretData(entity.getSecretData());
    model.setCredentialData(entity.getCredentialData());
    return model;
}
Also used : CredentialModel(org.keycloak.credential.CredentialModel)

Example 9 with CredentialModel

use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.

the class PassThroughFederatedUserStorageProvider method updateCredential.

@Override
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input) {
    // testing federated credential attributes
    if (input.getType().equals(PasswordCredentialModel.TYPE)) {
        Optional<CredentialModel> existing = session.userFederatedStorage().getStoredCredentialsByTypeStream(realm, user.getId(), "CLEAR_TEXT_PASSWORD").findFirst();
        if (existing.isPresent()) {
            CredentialModel model = existing.get();
            model.setType("CLEAR_TEXT_PASSWORD");
            model.setSecretData("{\"value\":\"" + input.getChallengeResponse() + "\"}");
            session.userFederatedStorage().updateCredential(realm, user.getId(), model);
        } else {
            CredentialModel model = new CredentialModel();
            model.setType("CLEAR_TEXT_PASSWORD");
            model.setSecretData("{\"value\":\"" + input.getChallengeResponse() + "\"}");
            session.userFederatedStorage().createCredential(realm, user.getId(), model);
        }
        return true;
    }
    return false;
}
Also used : CredentialModel(org.keycloak.credential.CredentialModel) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel)

Example 10 with CredentialModel

use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.

the class BackwardsCompatibilityUserStorage method updateCredential.

@Override
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input) {
    if (!(input instanceof UserCredentialModel))
        return false;
    if (input.getType().equals(UserCredentialModel.PASSWORD)) {
        // Compatibility with 4.8.3 - Using "legacy" type PasswordUserCredentialModel
        if (!(input instanceof PasswordUserCredentialModel)) {
            log.warn("Input is not PasswordUserCredentialModel");
            return false;
        }
        PasswordUserCredentialModel userCredentialModel = (PasswordUserCredentialModel) input;
        // Those are not supposed to be set when calling this method in Keycloak 4.8.3 for password credential
        assertNull(userCredentialModel.getDevice());
        assertNull(userCredentialModel.getAlgorithm());
        PasswordPolicy policy = session.getContext().getRealm().getPasswordPolicy();
        PasswordHashProvider hashProvider = getHashProvider(policy);
        CredentialModel newPassword = new CredentialModel();
        newPassword.setType(CredentialModel.PASSWORD);
        long createdDate = Time.currentTimeMillis();
        newPassword.setCreatedDate(createdDate);
        // Compatibility with 4.8.3 - Using "legacy" signature of the method on hashProvider
        hashProvider.encode(userCredentialModel.getValue(), policy.getHashIterations(), newPassword);
        // Test expected values of credentialModel
        assertEquals(newPassword.getAlgorithm(), policy.getHashAlgorithm());
        assertNotNull(newPassword.getValue());
        assertNotNull(newPassword.getSalt());
        users.get(translateUserName(user.getUsername())).hashedPassword = newPassword;
        UserCache userCache = session.userCache();
        if (userCache != null) {
            userCache.evict(realm, user);
        }
        return true;
    } else if (isOTPType(input.getType())) {
        UserCredentialModel otpCredential = (UserCredentialModel) input;
        // Those are not supposed to be set when calling this method in Keycloak 4.8.3 for password credential
        assertNull(otpCredential.getDevice());
        assertNull(otpCredential.getAlgorithm());
        OTPPolicy otpPolicy = session.getContext().getRealm().getOTPPolicy();
        CredentialModel newOTP = new CredentialModel();
        newOTP.setType(input.getType());
        long createdDate = Time.currentTimeMillis();
        newOTP.setCreatedDate(createdDate);
        newOTP.setValue(otpCredential.getValue());
        newOTP.setCounter(otpPolicy.getInitialCounter());
        newOTP.setDigits(otpPolicy.getDigits());
        newOTP.setAlgorithm(otpPolicy.getAlgorithm());
        newOTP.setPeriod(otpPolicy.getPeriod());
        users.get(translateUserName(user.getUsername())).otp = newOTP;
        return true;
    } else {
        log.infof("Attempt to update unsupported credential of type: %s", input.getType());
        return false;
    }
}
Also used : PasswordUserCredentialModel(org.keycloak.models.credential.PasswordUserCredentialModel) PasswordUserCredentialModel(org.keycloak.models.credential.PasswordUserCredentialModel) UserCredentialModel(org.keycloak.models.UserCredentialModel) CredentialModel(org.keycloak.credential.CredentialModel) PasswordPolicy(org.keycloak.models.PasswordPolicy) OTPPolicy(org.keycloak.models.OTPPolicy) UserCache(org.keycloak.models.cache.UserCache) PasswordUserCredentialModel(org.keycloak.models.credential.PasswordUserCredentialModel) UserCredentialModel(org.keycloak.models.UserCredentialModel) PasswordHashProvider(org.keycloak.credential.hash.PasswordHashProvider)

Aggregations

CredentialModel (org.keycloak.credential.CredentialModel)36 Test (org.junit.Test)14 OTPCredentialModel (org.keycloak.models.credential.OTPCredentialModel)14 PasswordCredentialModel (org.keycloak.models.credential.PasswordCredentialModel)14 UserCredentialModel (org.keycloak.models.UserCredentialModel)10 RealmModel (org.keycloak.models.RealmModel)8 UserModel (org.keycloak.models.UserModel)7 NotFoundException (javax.ws.rs.NotFoundException)6 Path (javax.ws.rs.Path)5 AbstractAuthTest (org.keycloak.testsuite.AbstractAuthTest)5 CredentialRepresentation (org.keycloak.representations.idm.CredentialRepresentation)4 NoCache (org.jboss.resteasy.annotations.cache.NoCache)3 CredentialProvider (org.keycloak.credential.CredentialProvider)3 CachedUserModel (org.keycloak.models.cache.CachedUserModel)3 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)3 ModelTest (org.keycloak.testsuite.arquillian.annotation.ModelTest)3 LinkedList (java.util.LinkedList)2 AtomicReference (java.util.concurrent.atomic.AtomicReference)2 Consumes (javax.ws.rs.Consumes)2 DELETE (javax.ws.rs.DELETE)2