Search in sources :

Example 31 with CredentialModel

use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.

the class LDAPProvidersIntegrationTest method testUnsynced.

@Test
public void testUnsynced() throws Exception {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        UserStorageProviderModel model = new UserStorageProviderModel(ctx.getLdapModel());
        model.getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.UNSYNCED.toString());
        appRealm.updateComponent(model);
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        UserModel user = session.users().getUserByUsername(appRealm, "johnkeycloak");
        Assert.assertNotNull(user);
        Assert.assertNotNull(user.getFederationLink());
        Assert.assertEquals(user.getFederationLink(), ctx.getLdapModel().getId());
        UserCredentialModel cred = UserCredentialModel.password("Candycand1", true);
        session.userCredentialManager().updateCredential(appRealm, user, cred);
        CredentialModel userCredentialValueModel = session.userCredentialManager().getStoredCredentialsByTypeStream(appRealm, user, PasswordCredentialModel.TYPE).findFirst().orElse(null);
        Assert.assertNotNull(userCredentialValueModel);
        Assert.assertEquals(PasswordCredentialModel.TYPE, userCredentialValueModel.getType());
        Assert.assertTrue(session.userCredentialManager().isValid(appRealm, user, cred));
        // LDAP password is still unchanged
        try {
            LDAPObject ldapUser = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johnkeycloak");
            ctx.getLdapProvider().getLdapIdentityStore().validatePassword(ldapUser, "Password1");
        } catch (AuthenticationException ex) {
            throw new RuntimeException(ex);
        }
    });
    // Test admin REST endpoints
    UserResource userResource = ApiUtil.findUserByUsernameId(testRealm(), "johnkeycloak");
    // Assert password is stored locally
    List<String> storedCredentials = userResource.credentials().stream().map(CredentialRepresentation::getType).collect(Collectors.toList());
    Assert.assertTrue(storedCredentials.contains(PasswordCredentialModel.TYPE));
    // Assert password is supported in the LDAP too.
    List<String> userStorageCredentials = userResource.getConfiguredUserStorageCredentialTypes();
    Assert.assertTrue(userStorageCredentials.contains(PasswordCredentialModel.TYPE));
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        UserModel user = session.users().getUserByUsername(appRealm, "johnkeycloak");
        // User is deleted just locally
        Assert.assertTrue(session.users().removeUser(appRealm, user));
        // Assert user not available locally, but will be reimported from LDAP once searched
        Assert.assertNull(session.userLocalStorage().getUserByUsername(appRealm, "johnkeycloak"));
        Assert.assertNotNull(session.users().getUserByUsername(appRealm, "johnkeycloak"));
    });
    // Revert
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        ctx.getLdapModel().getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString());
        appRealm.updateComponent(ctx.getLdapModel());
        Assert.assertEquals(UserStorageProvider.EditMode.WRITABLE.toString(), appRealm.getComponent(ctx.getLdapModel().getId()).getConfig().getFirst(LDAPConstants.EDIT_MODE));
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) CachedUserModel(org.keycloak.models.cache.CachedUserModel) UserModel(org.keycloak.models.UserModel) UserCredentialModel(org.keycloak.models.UserCredentialModel) CredentialModel(org.keycloak.credential.CredentialModel) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) AuthenticationException(javax.naming.AuthenticationException) UserResource(org.keycloak.admin.client.resource.UserResource) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) UserStorageProviderModel(org.keycloak.storage.UserStorageProviderModel) UserCredentialModel(org.keycloak.models.UserCredentialModel) AbstractAuthTest(org.keycloak.testsuite.AbstractAuthTest) Test(org.junit.Test)

Example 32 with CredentialModel

use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.

the class WebAuthnDataWrapper method init.

private void init() {
    final UserModel user = session.users().getUserByUsername(session.getContext().getRealm(), username);
    if (user == null)
        return;
    final UserCredentialManager userCredentialManager = session.userCredentialManager();
    if (userCredentialManager == null)
        return;
    final CredentialModel credential = userCredentialManager.getStoredCredentialsByTypeStream(session.getContext().getRealm(), user, credentialType).findFirst().orElse(null);
    if (credential == null)
        return;
    this.webAuthnData = createFromCredentialModel(credential).getWebAuthnCredentialData();
}
Also used : UserModel(org.keycloak.models.UserModel) UserCredentialManager(org.keycloak.models.UserCredentialManager) CredentialModel(org.keycloak.credential.CredentialModel) WebAuthnCredentialModel.createFromCredentialModel(org.keycloak.models.credential.WebAuthnCredentialModel.createFromCredentialModel)

Example 33 with CredentialModel

use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.

the class CredentialModelTest method canDeserializeMinimalJson.

@Test
public void canDeserializeMinimalJson() {
    CredentialModel model = new CredentialModel();
    model.setCredentialData("{\"hashIterations\": 10000, \"algorithm\": \"custom\"}");
    model.setSecretData("{\"value\": \"the value\", \"salt\": \"saltValu\"}");
    PasswordCredentialModel decoded = PasswordCredentialModel.createFromCredentialModel(model);
    assertThat(decoded, notNullValue());
    assertThat(decoded.getPasswordCredentialData(), notNullValue());
    assertThat(decoded.getPasswordCredentialData().getAlgorithm(), equalTo("custom"));
    assertThat(decoded.getPasswordCredentialData().getHashIterations(), equalTo(10000));
    assertThat(decoded.getPasswordCredentialData().getAdditionalParameters(), equalTo(Collections.emptyMap()));
    assertThat(decoded.getPasswordSecretData(), notNullValue());
    assertThat(decoded.getPasswordSecretData().getValue(), equalTo("the value"));
    assertThat(decoded.getPasswordSecretData().getSalt(), notNullValue());
    String base64Salt = Base64.getEncoder().encodeToString(decoded.getPasswordSecretData().getSalt());
    assertThat(base64Salt, equalTo("saltValu"));
    assertThat(decoded.getPasswordSecretData().getAdditionalParameters(), equalTo(Collections.emptyMap()));
}
Also used : CredentialModel(org.keycloak.credential.CredentialModel) Test(org.junit.Test)

Example 34 with CredentialModel

use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.

the class UserResource method moveCredentialAfter.

/**
 * Move a credential to a position behind another credential
 * @param credentialId The credential to move
 * @param newPreviousCredentialId The credential that will be the previous element in the list. If set to null, the moved credential will be the first element in the list.
 */
@Path("credentials/{credentialId}/moveAfter/{newPreviousCredentialId}")
@POST
public void moveCredentialAfter(@PathParam("credentialId") final String credentialId, @PathParam("newPreviousCredentialId") final String newPreviousCredentialId) {
    auth.users().requireManage(user);
    CredentialModel credential = session.userCredentialManager().getStoredCredentialById(realm, user, credentialId);
    if (credential == null) {
        // we do this to make sure somebody can't phish ids
        if (auth.users().canQuery())
            throw new NotFoundException("Credential not found");
        else
            throw new ForbiddenException();
    }
    session.userCredentialManager().moveCredentialTo(realm, user, credentialId, newPreviousCredentialId);
}
Also used : ForbiddenException(org.keycloak.services.ForbiddenException) UserCredentialModel(org.keycloak.models.UserCredentialModel) CredentialModel(org.keycloak.credential.CredentialModel) NotFoundException(javax.ws.rs.NotFoundException) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Example 35 with CredentialModel

use of org.keycloak.credential.CredentialModel in project keycloak by keycloak.

the class UserTest method createUserWithHashedCredentials.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void createUserWithHashedCredentials() {
    UserRepresentation user = new UserRepresentation();
    user.setUsername("user_creds");
    user.setEmail("email@localhost");
    PasswordCredentialModel pcm = PasswordCredentialModel.createFromValues("my-algorithm", "theSalt".getBytes(), 22, "ABC");
    CredentialRepresentation hashedPassword = ModelToRepresentation.toRepresentation(pcm);
    hashedPassword.setCreatedDate(1001L);
    hashedPassword.setUserLabel("deviceX");
    hashedPassword.setType(CredentialRepresentation.PASSWORD);
    user.setCredentials(Arrays.asList(hashedPassword));
    createUser(user);
    CredentialModel credentialHashed = fetchCredentials("user_creds");
    PasswordCredentialModel pcmh = PasswordCredentialModel.createFromCredentialModel(credentialHashed);
    assertNotNull("Expecting credential", credentialHashed);
    assertEquals("my-algorithm", pcmh.getPasswordCredentialData().getAlgorithm());
    assertEquals(Long.valueOf(1001), credentialHashed.getCreatedDate());
    assertEquals("deviceX", credentialHashed.getUserLabel());
    assertEquals(22, pcmh.getPasswordCredentialData().getHashIterations());
    assertEquals("ABC", pcmh.getPasswordSecretData().getValue());
    assertEquals("theSalt", new String(pcmh.getPasswordSecretData().getSalt()));
    assertEquals(CredentialRepresentation.PASSWORD, credentialHashed.getType());
}
Also used : CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation) CredentialModel(org.keycloak.credential.CredentialModel) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) OTPCredentialModel(org.keycloak.models.credential.OTPCredentialModel) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Aggregations

CredentialModel (org.keycloak.credential.CredentialModel)36 Test (org.junit.Test)14 OTPCredentialModel (org.keycloak.models.credential.OTPCredentialModel)14 PasswordCredentialModel (org.keycloak.models.credential.PasswordCredentialModel)14 UserCredentialModel (org.keycloak.models.UserCredentialModel)10 RealmModel (org.keycloak.models.RealmModel)8 UserModel (org.keycloak.models.UserModel)7 NotFoundException (javax.ws.rs.NotFoundException)6 Path (javax.ws.rs.Path)5 AbstractAuthTest (org.keycloak.testsuite.AbstractAuthTest)5 CredentialRepresentation (org.keycloak.representations.idm.CredentialRepresentation)4 NoCache (org.jboss.resteasy.annotations.cache.NoCache)3 CredentialProvider (org.keycloak.credential.CredentialProvider)3 CachedUserModel (org.keycloak.models.cache.CachedUserModel)3 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)3 ModelTest (org.keycloak.testsuite.arquillian.annotation.ModelTest)3 LinkedList (java.util.LinkedList)2 AtomicReference (java.util.concurrent.atomic.AtomicReference)2 Consumes (javax.ws.rs.Consumes)2 DELETE (javax.ws.rs.DELETE)2