Search in sources :

Example 26 with EventBuilder

use of org.keycloak.events.EventBuilder in project keycloak by keycloak.

the class ResetCredentialChooseUser method action.

@Override
public void action(AuthenticationFlowContext context) {
    EventBuilder event = context.getEvent();
    MultivaluedMap<String, String> formData = context.getHttpRequest().getDecodedFormParameters();
    String username = formData.getFirst("username");
    if (username == null || username.isEmpty()) {
        event.error(Errors.USERNAME_MISSING);
        Response challenge = context.form().addError(new FormMessage(Validation.FIELD_USERNAME, Messages.MISSING_USERNAME)).createPasswordReset();
        context.failureChallenge(AuthenticationFlowError.INVALID_USER, challenge);
        return;
    }
    username = username.trim();
    RealmModel realm = context.getRealm();
    UserModel user = context.getSession().users().getUserByUsername(realm, username);
    if (user == null && realm.isLoginWithEmailAllowed() && username.contains("@")) {
        user = context.getSession().users().getUserByEmail(realm, username);
    }
    context.getAuthenticationSession().setAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME, username);
    // a null user will notify further executions, that this was a failure.
    if (user == null) {
        event.clone().detail(Details.USERNAME, username).error(Errors.USER_NOT_FOUND);
        context.clearUser();
    } else if (!user.isEnabled()) {
        event.clone().detail(Details.USERNAME, username).user(user).error(Errors.USER_DISABLED);
        context.clearUser();
    } else {
        context.setUser(user);
    }
    context.success();
}
Also used : Response(javax.ws.rs.core.Response) RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) EventBuilder(org.keycloak.events.EventBuilder) FormMessage(org.keycloak.models.utils.FormMessage)

Example 27 with EventBuilder

use of org.keycloak.events.EventBuilder in project keycloak by keycloak.

the class ResetCredentialEmail method authenticate.

@Override
public void authenticate(AuthenticationFlowContext context) {
    UserModel user = context.getUser();
    AuthenticationSessionModel authenticationSession = context.getAuthenticationSession();
    String username = authenticationSession.getAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME);
    // just reset login for with a success message
    if (user == null) {
        context.forkWithSuccessMessage(new FormMessage(Messages.EMAIL_SENT));
        return;
    }
    String actionTokenUserId = authenticationSession.getAuthNote(DefaultActionTokenKey.ACTION_TOKEN_USER_ID);
    if (actionTokenUserId != null && Objects.equals(user.getId(), actionTokenUserId)) {
        logger.debugf("Forget-password triggered when reauthenticating user after authentication via action token. Skipping " + PROVIDER_ID + " screen and using user '%s' ", user.getUsername());
        context.success();
        return;
    }
    EventBuilder event = context.getEvent();
    // we don't want people guessing usernames, so if there is a problem, just continuously challenge
    if (user.getEmail() == null || user.getEmail().trim().length() == 0) {
        event.user(user).detail(Details.USERNAME, username).error(Errors.INVALID_EMAIL);
        context.forkWithSuccessMessage(new FormMessage(Messages.EMAIL_SENT));
        return;
    }
    int validityInSecs = context.getRealm().getActionTokenGeneratedByUserLifespan(ResetCredentialsActionToken.TOKEN_TYPE);
    int absoluteExpirationInSecs = Time.currentTime() + validityInSecs;
    // We send the secret in the email in a link as a query param.
    String authSessionEncodedId = AuthenticationSessionCompoundId.fromAuthSession(authenticationSession).getEncodedId();
    ResetCredentialsActionToken token = new ResetCredentialsActionToken(user.getId(), user.getEmail(), absoluteExpirationInSecs, authSessionEncodedId, authenticationSession.getClient().getClientId());
    String link = UriBuilder.fromUri(context.getActionTokenUrl(token.serialize(context.getSession(), context.getRealm(), context.getUriInfo()))).build().toString();
    long expirationInMinutes = TimeUnit.SECONDS.toMinutes(validityInSecs);
    try {
        context.getSession().getProvider(EmailTemplateProvider.class).setRealm(context.getRealm()).setUser(user).setAuthenticationSession(authenticationSession).sendPasswordReset(link, expirationInMinutes);
        event.clone().event(EventType.SEND_RESET_PASSWORD).user(user).detail(Details.USERNAME, username).detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID, authenticationSession.getParentSession().getId()).success();
        context.forkWithSuccessMessage(new FormMessage(Messages.EMAIL_SENT));
    } catch (EmailException e) {
        event.clone().event(EventType.SEND_RESET_PASSWORD).detail(Details.USERNAME, username).user(user).error(Errors.EMAIL_SEND_FAILED);
        ServicesLogger.LOGGER.failedToSendPwdResetEmail(e);
        Response challenge = context.form().setError(Messages.EMAIL_SENT_ERROR).createErrorPage(Response.Status.INTERNAL_SERVER_ERROR);
        context.failure(AuthenticationFlowError.INTERNAL_ERROR, challenge);
    }
}
Also used : ResetCredentialsActionToken(org.keycloak.authentication.actiontoken.resetcred.ResetCredentialsActionToken) Response(javax.ws.rs.core.Response) AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel) EventBuilder(org.keycloak.events.EventBuilder) EmailException(org.keycloak.email.EmailException) FormMessage(org.keycloak.models.utils.FormMessage)

Aggregations

EventBuilder (org.keycloak.events.EventBuilder)27 RealmModel (org.keycloak.models.RealmModel)14 UserModel (org.keycloak.models.UserModel)9 Response (javax.ws.rs.core.Response)8 Path (javax.ws.rs.Path)7 AuthenticationSessionModel (org.keycloak.sessions.AuthenticationSessionModel)6 List (java.util.List)4 ClientModel (org.keycloak.models.ClientModel)4 KeycloakSession (org.keycloak.models.KeycloakSession)4 UserSessionModel (org.keycloak.models.UserSessionModel)4 HashMap (java.util.HashMap)3 EmailException (org.keycloak.email.EmailException)3 FormMessage (org.keycloak.models.utils.FormMessage)3 ValidationException (org.keycloak.userprofile.ValidationException)3 URI (java.net.URI)2 NotFoundException (javax.ws.rs.NotFoundException)2 POST (javax.ws.rs.POST)2 UriBuilder (javax.ws.rs.core.UriBuilder)2 AuthenticatedClientSessionModel (org.keycloak.models.AuthenticatedClientSessionModel)2 ClientSessionContext (org.keycloak.models.ClientSessionContext)2