Examples with OTPCredentialProvider - org.keycloak.credential.OTPCredentialProvider

Example 1 with OTPCredentialProvider

use of org.keycloak.credential.OTPCredentialProvider in project keycloak by keycloak.

the class UpdateTotp method processAction.

@Override
public void processAction(RequiredActionContext context) {
    EventBuilder event = context.getEvent();
    event.event(EventType.UPDATE_TOTP);
    MultivaluedMap<String, String> formData = context.getHttpRequest().getDecodedFormParameters();
    String challengeResponse = formData.getFirst("totp");
    String totpSecret = formData.getFirst("totpSecret");
    String mode = formData.getFirst("mode");
    String userLabel = formData.getFirst("userLabel");
    OTPPolicy policy = context.getRealm().getOTPPolicy();
    OTPCredentialModel credentialModel = OTPCredentialModel.createFromPolicy(context.getRealm(), totpSecret, userLabel);
    if (Validation.isBlank(challengeResponse)) {
        Response challenge = context.form().setAttribute("mode", mode).addError(new FormMessage(Validation.FIELD_OTP_CODE, Messages.MISSING_TOTP)).createResponse(UserModel.RequiredAction.CONFIGURE_TOTP);
        context.challenge(challenge);
        return;
    } else if (!validateOTPCredential(context, challengeResponse, credentialModel, policy)) {
        Response challenge = context.form().setAttribute("mode", mode).addError(new FormMessage(Validation.FIELD_OTP_CODE, Messages.INVALID_TOTP)).createResponse(UserModel.RequiredAction.CONFIGURE_TOTP);
        context.challenge(challenge);
        return;
    }
    OTPCredentialProvider otpCredentialProvider = (OTPCredentialProvider) context.getSession().getProvider(CredentialProvider.class, "keycloak-otp");
    final Stream<CredentialModel> otpCredentials = (otpCredentialProvider.isConfiguredFor(context.getRealm(), context.getUser())) ? context.getSession().userCredentialManager().getStoredCredentialsByTypeStream(context.getRealm(), context.getUser(), OTPCredentialModel.TYPE) : Stream.empty();
    if (otpCredentials.count() >= 1 && Validation.isBlank(userLabel)) {
        Response challenge = context.form().setAttribute("mode", mode).addError(new FormMessage(Validation.FIELD_OTP_LABEL, Messages.MISSING_TOTP_DEVICE_NAME)).createResponse(UserModel.RequiredAction.CONFIGURE_TOTP);
        context.challenge(challenge);
        return;
    }
    if (!CredentialHelper.createOTPCredential(context.getSession(), context.getRealm(), context.getUser(), challengeResponse, credentialModel)) {
        Response challenge = context.form().setAttribute("mode", mode).addError(new FormMessage(Validation.FIELD_OTP_CODE, Messages.INVALID_TOTP)).createResponse(UserModel.RequiredAction.CONFIGURE_TOTP);
        context.challenge(challenge);
        return;
    }
    context.success();
}

Also used : Response(javax.ws.rs.core.Response) EventBuilder(org.keycloak.events.EventBuilder) CredentialModel(org.keycloak.credential.CredentialModel) OTPCredentialModel(org.keycloak.models.credential.OTPCredentialModel) OTPCredentialProvider(org.keycloak.credential.OTPCredentialProvider) CredentialProvider(org.keycloak.credential.CredentialProvider) OTPCredentialModel(org.keycloak.models.credential.OTPCredentialModel) OTPPolicy(org.keycloak.models.OTPPolicy) FormMessage(org.keycloak.models.utils.FormMessage) OTPCredentialProvider(org.keycloak.credential.OTPCredentialProvider)

Aggregations

Response (javax.ws.rs.core.Response)1 CredentialModel (org.keycloak.credential.CredentialModel)1 CredentialProvider (org.keycloak.credential.CredentialProvider)1 OTPCredentialProvider (org.keycloak.credential.OTPCredentialProvider)1 EventBuilder (org.keycloak.events.EventBuilder)1 OTPPolicy (org.keycloak.models.OTPPolicy)1 OTPCredentialModel (org.keycloak.models.credential.OTPCredentialModel)1 FormMessage (org.keycloak.models.utils.FormMessage)1