use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.
the class UserTest method createUserWithRawCredentials.
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void createUserWithRawCredentials() {
UserRepresentation user = new UserRepresentation();
user.setUsername("user_rawpw");
user.setEmail("email.raw@localhost");
CredentialRepresentation rawPassword = new CredentialRepresentation();
rawPassword.setValue("ABCD");
rawPassword.setType(CredentialRepresentation.PASSWORD);
user.setCredentials(Arrays.asList(rawPassword));
createUser(user);
CredentialModel credential = fetchCredentials("user_rawpw");
assertNotNull("Expecting credential", credential);
PasswordCredentialModel pcm = PasswordCredentialModel.createFromCredentialModel(credential);
assertEquals(PasswordPolicy.HASH_ALGORITHM_DEFAULT, pcm.getPasswordCredentialData().getAlgorithm());
assertEquals(PasswordPolicy.HASH_ITERATIONS_DEFAULT, pcm.getPasswordCredentialData().getHashIterations());
assertNotEquals("ABCD", pcm.getPasswordSecretData().getValue());
assertEquals(CredentialRepresentation.PASSWORD, credential.getType());
}
use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.
the class JpaUserFederatedStorageProvider method toModel.
protected CredentialModel toModel(FederatedUserCredentialEntity entity) {
CredentialModel model = new CredentialModel();
model.setId(entity.getId());
model.setType(entity.getType());
model.setCreatedDate(entity.getCreatedDate());
model.setUserLabel(entity.getUserLabel());
// We migrate it to new secretData format on-the-fly
if (entity.getSalt() != null) {
String newSecretData = entity.getSecretData().replace("__SALT__", Base64.encodeBytes(entity.getSalt()));
entity.setSecretData(newSecretData);
entity.setSalt(null);
}
model.setSecretData(entity.getSecretData());
model.setCredentialData(entity.getCredentialData());
return model;
}
use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.
the class JpaUserCredentialStore method toModel.
CredentialModel toModel(CredentialEntity entity) {
CredentialModel model = new CredentialModel();
model.setId(entity.getId());
model.setType(entity.getType());
model.setCreatedDate(entity.getCreatedDate());
model.setUserLabel(entity.getUserLabel());
// We migrate it to new secretData format on-the-fly
if (entity.getSalt() != null) {
String newSecretData = entity.getSecretData().replace("__SALT__", Base64.encodeBytes(entity.getSalt()));
entity.setSecretData(newSecretData);
entity.setSalt(null);
}
model.setSecretData(entity.getSecretData());
model.setCredentialData(entity.getCredentialData());
return model;
}
use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.
the class PassThroughFederatedUserStorageProvider method updateCredential.
@Override
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input) {
// testing federated credential attributes
if (input.getType().equals(PasswordCredentialModel.TYPE)) {
Optional<CredentialModel> existing = session.userFederatedStorage().getStoredCredentialsByTypeStream(realm, user.getId(), "CLEAR_TEXT_PASSWORD").findFirst();
if (existing.isPresent()) {
CredentialModel model = existing.get();
model.setType("CLEAR_TEXT_PASSWORD");
model.setSecretData("{\"value\":\"" + input.getChallengeResponse() + "\"}");
session.userFederatedStorage().updateCredential(realm, user.getId(), model);
} else {
CredentialModel model = new CredentialModel();
model.setType("CLEAR_TEXT_PASSWORD");
model.setSecretData("{\"value\":\"" + input.getChallengeResponse() + "\"}");
session.userFederatedStorage().createCredential(realm, user.getId(), model);
}
return true;
}
return false;
}
use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.
the class BackwardsCompatibilityUserStorage method updateCredential.
@Override
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input) {
if (!(input instanceof UserCredentialModel))
return false;
if (input.getType().equals(UserCredentialModel.PASSWORD)) {
// Compatibility with 4.8.3 - Using "legacy" type PasswordUserCredentialModel
if (!(input instanceof PasswordUserCredentialModel)) {
log.warn("Input is not PasswordUserCredentialModel");
return false;
}
PasswordUserCredentialModel userCredentialModel = (PasswordUserCredentialModel) input;
// Those are not supposed to be set when calling this method in Keycloak 4.8.3 for password credential
assertNull(userCredentialModel.getDevice());
assertNull(userCredentialModel.getAlgorithm());
PasswordPolicy policy = session.getContext().getRealm().getPasswordPolicy();
PasswordHashProvider hashProvider = getHashProvider(policy);
CredentialModel newPassword = new CredentialModel();
newPassword.setType(CredentialModel.PASSWORD);
long createdDate = Time.currentTimeMillis();
newPassword.setCreatedDate(createdDate);
// Compatibility with 4.8.3 - Using "legacy" signature of the method on hashProvider
hashProvider.encode(userCredentialModel.getValue(), policy.getHashIterations(), newPassword);
// Test expected values of credentialModel
assertEquals(newPassword.getAlgorithm(), policy.getHashAlgorithm());
assertNotNull(newPassword.getValue());
assertNotNull(newPassword.getSalt());
users.get(translateUserName(user.getUsername())).hashedPassword = newPassword;
UserCache userCache = session.userCache();
if (userCache != null) {
userCache.evict(realm, user);
}
return true;
} else if (isOTPType(input.getType())) {
UserCredentialModel otpCredential = (UserCredentialModel) input;
// Those are not supposed to be set when calling this method in Keycloak 4.8.3 for password credential
assertNull(otpCredential.getDevice());
assertNull(otpCredential.getAlgorithm());
OTPPolicy otpPolicy = session.getContext().getRealm().getOTPPolicy();
CredentialModel newOTP = new CredentialModel();
newOTP.setType(input.getType());
long createdDate = Time.currentTimeMillis();
newOTP.setCreatedDate(createdDate);
newOTP.setValue(otpCredential.getValue());
newOTP.setCounter(otpPolicy.getInitialCounter());
newOTP.setDigits(otpPolicy.getDigits());
newOTP.setAlgorithm(otpPolicy.getAlgorithm());
newOTP.setPeriod(otpPolicy.getPeriod());
users.get(translateUserName(user.getUsername())).otp = newOTP;
return true;
} else {
log.infof("Attempt to update unsupported credential of type: %s", input.getType());
return false;
}
}
Aggregations