use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.
the class LDAPProvidersIntegrationTest method testUnsynced.
@Test
public void testUnsynced() throws Exception {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
UserStorageProviderModel model = new UserStorageProviderModel(ctx.getLdapModel());
model.getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.UNSYNCED.toString());
appRealm.updateComponent(model);
});
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
UserModel user = session.users().getUserByUsername(appRealm, "johnkeycloak");
Assert.assertNotNull(user);
Assert.assertNotNull(user.getFederationLink());
Assert.assertEquals(user.getFederationLink(), ctx.getLdapModel().getId());
UserCredentialModel cred = UserCredentialModel.password("Candycand1", true);
session.userCredentialManager().updateCredential(appRealm, user, cred);
CredentialModel userCredentialValueModel = session.userCredentialManager().getStoredCredentialsByTypeStream(appRealm, user, PasswordCredentialModel.TYPE).findFirst().orElse(null);
Assert.assertNotNull(userCredentialValueModel);
Assert.assertEquals(PasswordCredentialModel.TYPE, userCredentialValueModel.getType());
Assert.assertTrue(session.userCredentialManager().isValid(appRealm, user, cred));
// LDAP password is still unchanged
try {
LDAPObject ldapUser = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johnkeycloak");
ctx.getLdapProvider().getLdapIdentityStore().validatePassword(ldapUser, "Password1");
} catch (AuthenticationException ex) {
throw new RuntimeException(ex);
}
});
// Test admin REST endpoints
UserResource userResource = ApiUtil.findUserByUsernameId(testRealm(), "johnkeycloak");
// Assert password is stored locally
List<String> storedCredentials = userResource.credentials().stream().map(CredentialRepresentation::getType).collect(Collectors.toList());
Assert.assertTrue(storedCredentials.contains(PasswordCredentialModel.TYPE));
// Assert password is supported in the LDAP too.
List<String> userStorageCredentials = userResource.getConfiguredUserStorageCredentialTypes();
Assert.assertTrue(userStorageCredentials.contains(PasswordCredentialModel.TYPE));
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
UserModel user = session.users().getUserByUsername(appRealm, "johnkeycloak");
// User is deleted just locally
Assert.assertTrue(session.users().removeUser(appRealm, user));
// Assert user not available locally, but will be reimported from LDAP once searched
Assert.assertNull(session.userLocalStorage().getUserByUsername(appRealm, "johnkeycloak"));
Assert.assertNotNull(session.users().getUserByUsername(appRealm, "johnkeycloak"));
});
// Revert
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
ctx.getLdapModel().getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString());
appRealm.updateComponent(ctx.getLdapModel());
Assert.assertEquals(UserStorageProvider.EditMode.WRITABLE.toString(), appRealm.getComponent(ctx.getLdapModel().getId()).getConfig().getFirst(LDAPConstants.EDIT_MODE));
});
}
use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.
the class WebAuthnDataWrapper method init.
private void init() {
final UserModel user = session.users().getUserByUsername(session.getContext().getRealm(), username);
if (user == null)
return;
final UserCredentialManager userCredentialManager = session.userCredentialManager();
if (userCredentialManager == null)
return;
final CredentialModel credential = userCredentialManager.getStoredCredentialsByTypeStream(session.getContext().getRealm(), user, credentialType).findFirst().orElse(null);
if (credential == null)
return;
this.webAuthnData = createFromCredentialModel(credential).getWebAuthnCredentialData();
}
use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.
the class CredentialModelTest method canDeserializeMinimalJson.
@Test
public void canDeserializeMinimalJson() {
CredentialModel model = new CredentialModel();
model.setCredentialData("{\"hashIterations\": 10000, \"algorithm\": \"custom\"}");
model.setSecretData("{\"value\": \"the value\", \"salt\": \"saltValu\"}");
PasswordCredentialModel decoded = PasswordCredentialModel.createFromCredentialModel(model);
assertThat(decoded, notNullValue());
assertThat(decoded.getPasswordCredentialData(), notNullValue());
assertThat(decoded.getPasswordCredentialData().getAlgorithm(), equalTo("custom"));
assertThat(decoded.getPasswordCredentialData().getHashIterations(), equalTo(10000));
assertThat(decoded.getPasswordCredentialData().getAdditionalParameters(), equalTo(Collections.emptyMap()));
assertThat(decoded.getPasswordSecretData(), notNullValue());
assertThat(decoded.getPasswordSecretData().getValue(), equalTo("the value"));
assertThat(decoded.getPasswordSecretData().getSalt(), notNullValue());
String base64Salt = Base64.getEncoder().encodeToString(decoded.getPasswordSecretData().getSalt());
assertThat(base64Salt, equalTo("saltValu"));
assertThat(decoded.getPasswordSecretData().getAdditionalParameters(), equalTo(Collections.emptyMap()));
}
use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.
the class UserResource method moveCredentialAfter.
/**
* Move a credential to a position behind another credential
* @param credentialId The credential to move
* @param newPreviousCredentialId The credential that will be the previous element in the list. If set to null, the moved credential will be the first element in the list.
*/
@Path("credentials/{credentialId}/moveAfter/{newPreviousCredentialId}")
@POST
public void moveCredentialAfter(@PathParam("credentialId") final String credentialId, @PathParam("newPreviousCredentialId") final String newPreviousCredentialId) {
auth.users().requireManage(user);
CredentialModel credential = session.userCredentialManager().getStoredCredentialById(realm, user, credentialId);
if (credential == null) {
// we do this to make sure somebody can't phish ids
if (auth.users().canQuery())
throw new NotFoundException("Credential not found");
else
throw new ForbiddenException();
}
session.userCredentialManager().moveCredentialTo(realm, user, credentialId, newPreviousCredentialId);
}
use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.
the class UserTest method createUserWithHashedCredentials.
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void createUserWithHashedCredentials() {
UserRepresentation user = new UserRepresentation();
user.setUsername("user_creds");
user.setEmail("email@localhost");
PasswordCredentialModel pcm = PasswordCredentialModel.createFromValues("my-algorithm", "theSalt".getBytes(), 22, "ABC");
CredentialRepresentation hashedPassword = ModelToRepresentation.toRepresentation(pcm);
hashedPassword.setCreatedDate(1001L);
hashedPassword.setUserLabel("deviceX");
hashedPassword.setType(CredentialRepresentation.PASSWORD);
user.setCredentials(Arrays.asList(hashedPassword));
createUser(user);
CredentialModel credentialHashed = fetchCredentials("user_creds");
PasswordCredentialModel pcmh = PasswordCredentialModel.createFromCredentialModel(credentialHashed);
assertNotNull("Expecting credential", credentialHashed);
assertEquals("my-algorithm", pcmh.getPasswordCredentialData().getAlgorithm());
assertEquals(Long.valueOf(1001), credentialHashed.getCreatedDate());
assertEquals("deviceX", credentialHashed.getUserLabel());
assertEquals(22, pcmh.getPasswordCredentialData().getHashIterations());
assertEquals("ABC", pcmh.getPasswordSecretData().getValue());
assertEquals("theSalt", new String(pcmh.getPasswordSecretData().getSalt()));
assertEquals(CredentialRepresentation.PASSWORD, credentialHashed.getType());
}
Aggregations