Example 31 with CredentialModel
use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.
the class LDAPProvidersIntegrationTest method testUnsynced.
@Test
public void testUnsynced() throws Exception {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
UserStorageProviderModel model = new UserStorageProviderModel(ctx.getLdapModel());
model.getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.UNSYNCED.toString());
appRealm.updateComponent(model);
});
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
UserModel user = session.users().getUserByUsername(appRealm, "johnkeycloak");
Assert.assertNotNull(user);
Assert.assertNotNull(user.getFederationLink());
Assert.assertEquals(user.getFederationLink(), ctx.getLdapModel().getId());
UserCredentialModel cred = UserCredentialModel.password("Candycand1", true);
session.userCredentialManager().updateCredential(appRealm, user, cred);
CredentialModel userCredentialValueModel = session.userCredentialManager().getStoredCredentialsByTypeStream(appRealm, user, PasswordCredentialModel.TYPE).findFirst().orElse(null);
Assert.assertNotNull(userCredentialValueModel);
Assert.assertEquals(PasswordCredentialModel.TYPE, userCredentialValueModel.getType());
Assert.assertTrue(session.userCredentialManager().isValid(appRealm, user, cred));
// LDAP password is still unchanged
try {
LDAPObject ldapUser = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johnkeycloak");
ctx.getLdapProvider().getLdapIdentityStore().validatePassword(ldapUser, "Password1");
} catch (AuthenticationException ex) {
throw new RuntimeException(ex);
}
});
// Test admin REST endpoints
UserResource userResource = ApiUtil.findUserByUsernameId(testRealm(), "johnkeycloak");
// Assert password is stored locally
List<String> storedCredentials = userResource.credentials().stream().map(CredentialRepresentation::getType).collect(Collectors.toList());
Assert.assertTrue(storedCredentials.contains(PasswordCredentialModel.TYPE));
// Assert password is supported in the LDAP too.
List<String> userStorageCredentials = userResource.getConfiguredUserStorageCredentialTypes();
Assert.assertTrue(userStorageCredentials.contains(PasswordCredentialModel.TYPE));
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
UserModel user = session.users().getUserByUsername(appRealm, "johnkeycloak");
// User is deleted just locally
Assert.assertTrue(session.users().removeUser(appRealm, user));
// Assert user not available locally, but will be reimported from LDAP once searched
Assert.assertNull(session.userLocalStorage().getUserByUsername(appRealm, "johnkeycloak"));
Assert.assertNotNull(session.users().getUserByUsername(appRealm, "johnkeycloak"));
});
// Revert
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
ctx.getLdapModel().getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString());
appRealm.updateComponent(ctx.getLdapModel());
Assert.assertEquals(UserStorageProvider.EditMode.WRITABLE.toString(), appRealm.getComponent(ctx.getLdapModel().getId()).getConfig().getFirst(LDAPConstants.EDIT_MODE));
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
CachedUserModel(org.keycloak.models.cache.CachedUserModel)
UserModel(org.keycloak.models.UserModel)
UserCredentialModel(org.keycloak.models.UserCredentialModel)
CredentialModel(org.keycloak.credential.CredentialModel)
PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel)
AuthenticationException(javax.naming.AuthenticationException)
UserResource(org.keycloak.admin.client.resource.UserResource)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
UserStorageProviderModel(org.keycloak.storage.UserStorageProviderModel)
UserCredentialModel(org.keycloak.models.UserCredentialModel)
AbstractAuthTest(org.keycloak.testsuite.AbstractAuthTest)
Test(org.junit.Test)
Example 32 with CredentialModel
use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.
the class WebAuthnDataWrapper method init.
private void init() {
final UserModel user = session.users().getUserByUsername(session.getContext().getRealm(), username);
if (user == null)
return;
final UserCredentialManager userCredentialManager = session.userCredentialManager();
if (userCredentialManager == null)
return;
final CredentialModel credential = userCredentialManager.getStoredCredentialsByTypeStream(session.getContext().getRealm(), user, credentialType).findFirst().orElse(null);
if (credential == null)
return;
this.webAuthnData = createFromCredentialModel(credential).getWebAuthnCredentialData();
}
Also used :
UserModel(org.keycloak.models.UserModel)
UserCredentialManager(org.keycloak.models.UserCredentialManager)
CredentialModel(org.keycloak.credential.CredentialModel)
WebAuthnCredentialModel.createFromCredentialModel(org.keycloak.models.credential.WebAuthnCredentialModel.createFromCredentialModel)
Example 33 with CredentialModel
use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.
the class CredentialModelTest method canDeserializeMinimalJson.
@Test
public void canDeserializeMinimalJson() {
CredentialModel model = new CredentialModel();
model.setCredentialData("{\"hashIterations\": 10000, \"algorithm\": \"custom\"}");
model.setSecretData("{\"value\": \"the value\", \"salt\": \"saltValu\"}");
PasswordCredentialModel decoded = PasswordCredentialModel.createFromCredentialModel(model);
assertThat(decoded, notNullValue());
assertThat(decoded.getPasswordCredentialData(), notNullValue());
assertThat(decoded.getPasswordCredentialData().getAlgorithm(), equalTo("custom"));
assertThat(decoded.getPasswordCredentialData().getHashIterations(), equalTo(10000));
assertThat(decoded.getPasswordCredentialData().getAdditionalParameters(), equalTo(Collections.emptyMap()));
assertThat(decoded.getPasswordSecretData(), notNullValue());
assertThat(decoded.getPasswordSecretData().getValue(), equalTo("the value"));
assertThat(decoded.getPasswordSecretData().getSalt(), notNullValue());
String base64Salt = Base64.getEncoder().encodeToString(decoded.getPasswordSecretData().getSalt());
assertThat(base64Salt, equalTo("saltValu"));
assertThat(decoded.getPasswordSecretData().getAdditionalParameters(), equalTo(Collections.emptyMap()));
}
Also used :
CredentialModel(org.keycloak.credential.CredentialModel)
Test(org.junit.Test)
Example 34 with CredentialModel
use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.
the class UserResource method moveCredentialAfter.
/**
* Move a credential to a position behind another credential
* @param credentialId The credential to move
* @param newPreviousCredentialId The credential that will be the previous element in the list. If set to null, the moved credential will be the first element in the list.
*/
@Path("credentials/{credentialId}/moveAfter/{newPreviousCredentialId}")
@POST
public void moveCredentialAfter(@PathParam("credentialId") final String credentialId, @PathParam("newPreviousCredentialId") final String newPreviousCredentialId) {
auth.users().requireManage(user);
CredentialModel credential = session.userCredentialManager().getStoredCredentialById(realm, user, credentialId);
if (credential == null) {
// we do this to make sure somebody can't phish ids
if (auth.users().canQuery())
throw new NotFoundException("Credential not found");
else
throw new ForbiddenException();
}
session.userCredentialManager().moveCredentialTo(realm, user, credentialId, newPreviousCredentialId);
}
Also used :
ForbiddenException(org.keycloak.services.ForbiddenException)
UserCredentialModel(org.keycloak.models.UserCredentialModel)
CredentialModel(org.keycloak.credential.CredentialModel)
NotFoundException(javax.ws.rs.NotFoundException)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Example 35 with CredentialModel
use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.
the class UserTest method createUserWithHashedCredentials.
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void createUserWithHashedCredentials() {
UserRepresentation user = new UserRepresentation();
user.setUsername("user_creds");
user.setEmail("email@localhost");
PasswordCredentialModel pcm = PasswordCredentialModel.createFromValues("my-algorithm", "theSalt".getBytes(), 22, "ABC");
CredentialRepresentation hashedPassword = ModelToRepresentation.toRepresentation(pcm);
hashedPassword.setCreatedDate(1001L);
hashedPassword.setUserLabel("deviceX");
hashedPassword.setType(CredentialRepresentation.PASSWORD);
user.setCredentials(Arrays.asList(hashedPassword));
createUser(user);
CredentialModel credentialHashed = fetchCredentials("user_creds");
PasswordCredentialModel pcmh = PasswordCredentialModel.createFromCredentialModel(credentialHashed);
assertNotNull("Expecting credential", credentialHashed);
assertEquals("my-algorithm", pcmh.getPasswordCredentialData().getAlgorithm());
assertEquals(Long.valueOf(1001), credentialHashed.getCreatedDate());
assertEquals("deviceX", credentialHashed.getUserLabel());
assertEquals(22, pcmh.getPasswordCredentialData().getHashIterations());
assertEquals("ABC", pcmh.getPasswordSecretData().getValue());
assertEquals("theSalt", new String(pcmh.getPasswordSecretData().getSalt()));
assertEquals(CredentialRepresentation.PASSWORD, credentialHashed.getType());
}
Also used :
CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation)
CredentialModel(org.keycloak.credential.CredentialModel)
PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel)
OTPCredentialModel(org.keycloak.models.credential.OTPCredentialModel)
PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)
Test(org.junit.Test)
Aggregations
CredentialModel (org.keycloak.credential.CredentialModel)36
Test (org.junit.Test)14
OTPCredentialModel (org.keycloak.models.credential.OTPCredentialModel)14
PasswordCredentialModel (org.keycloak.models.credential.PasswordCredentialModel)14
UserCredentialModel (org.keycloak.models.UserCredentialModel)10
RealmModel (org.keycloak.models.RealmModel)8
UserModel (org.keycloak.models.UserModel)7
NotFoundException (javax.ws.rs.NotFoundException)6
Path (javax.ws.rs.Path)5
AbstractAuthTest (org.keycloak.testsuite.AbstractAuthTest)5
CredentialRepresentation (org.keycloak.representations.idm.CredentialRepresentation)4
NoCache (org.jboss.resteasy.annotations.cache.NoCache)3
CredentialProvider (org.keycloak.credential.CredentialProvider)3
CachedUserModel (org.keycloak.models.cache.CachedUserModel)3
UserRepresentation (org.keycloak.representations.idm.UserRepresentation)3
ModelTest (org.keycloak.testsuite.arquillian.annotation.ModelTest)3
LinkedList (java.util.LinkedList)2
AtomicReference (java.util.concurrent.atomic.AtomicReference)2
Consumes (javax.ws.rs.Consumes)2
DELETE (javax.ws.rs.DELETE)2
