Example 31 with EventBuilder
use of org.keycloak.events.EventBuilder in project keycloak by keycloak.
the class IdpEmailVerificationAuthenticator method sendVerifyEmail.
private void sendVerifyEmail(KeycloakSession session, AuthenticationFlowContext context, UserModel existingUser, BrokeredIdentityContext brokerContext) throws UriBuilderException, IllegalArgumentException {
RealmModel realm = session.getContext().getRealm();
UriInfo uriInfo = session.getContext().getUri();
AuthenticationSessionModel authSession = context.getAuthenticationSession();
int validityInSecs = realm.getActionTokenGeneratedByUserLifespan(IdpVerifyAccountLinkActionToken.TOKEN_TYPE);
int absoluteExpirationInSecs = Time.currentTime() + validityInSecs;
EventBuilder event = context.getEvent().clone().event(EventType.SEND_IDENTITY_PROVIDER_LINK).user(existingUser).detail(Details.USERNAME, existingUser.getUsername()).detail(Details.EMAIL, existingUser.getEmail()).detail(Details.CODE_ID, authSession.getParentSession().getId()).removeDetail(Details.AUTH_METHOD).removeDetail(Details.AUTH_TYPE);
String authSessionEncodedId = AuthenticationSessionCompoundId.fromAuthSession(authSession).getEncodedId();
IdpVerifyAccountLinkActionToken token = new IdpVerifyAccountLinkActionToken(existingUser.getId(), existingUser.getEmail(), absoluteExpirationInSecs, authSessionEncodedId, brokerContext.getUsername(), brokerContext.getIdpConfig().getAlias(), authSession.getClient().getClientId());
UriBuilder builder = Urls.actionTokenBuilder(uriInfo.getBaseUri(), token.serialize(session, realm, uriInfo), authSession.getClient().getClientId(), authSession.getTabId());
String link = builder.queryParam(Constants.EXECUTION, context.getExecution().getId()).build(realm.getName()).toString();
long expirationInMinutes = TimeUnit.SECONDS.toMinutes(validityInSecs);
try {
context.getSession().getProvider(EmailTemplateProvider.class).setRealm(realm).setAuthenticationSession(authSession).setUser(existingUser).setAttribute(EmailTemplateProvider.IDENTITY_PROVIDER_BROKER_CONTEXT, brokerContext).sendConfirmIdentityBrokerLink(link, expirationInMinutes);
event.success();
} catch (EmailException e) {
event.error(Errors.EMAIL_SEND_FAILED);
ServicesLogger.LOGGER.confirmBrokerEmailFailed(e);
Response challenge = context.form().setError(Messages.EMAIL_SENT_ERROR).createErrorPage(Response.Status.INTERNAL_SERVER_ERROR);
context.failure(AuthenticationFlowError.INTERNAL_ERROR, challenge);
return;
}
showEmailSentPage(context, brokerContext);
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
Response(javax.ws.rs.core.Response)
AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel)
EventBuilder(org.keycloak.events.EventBuilder)
EmailTemplateProvider(org.keycloak.email.EmailTemplateProvider)
EmailException(org.keycloak.email.EmailException)
IdpVerifyAccountLinkActionToken(org.keycloak.authentication.actiontoken.idpverifyemail.IdpVerifyAccountLinkActionToken)
UriBuilder(javax.ws.rs.core.UriBuilder)
Example 32 with EventBuilder
use of org.keycloak.events.EventBuilder in project keycloak by keycloak.
the class ConsoleVerifyEmail method sendVerifyEmail.
private Response sendVerifyEmail(RequiredActionContext context) throws UriBuilderException, IllegalArgumentException {
KeycloakSession session = context.getSession();
UserModel user = context.getUser();
AuthenticationSessionModel authSession = context.getAuthenticationSession();
EventBuilder event = context.getEvent().clone().event(EventType.SEND_VERIFY_EMAIL).detail(Details.EMAIL, user.getEmail());
String code = SecretGenerator.getInstance().randomString(8);
authSession.setAuthNote(Constants.VERIFY_EMAIL_CODE, code);
RealmModel realm = session.getContext().getRealm();
Map<String, Object> attributes = new HashMap<>();
attributes.put("code", code);
try {
session.getProvider(EmailTemplateProvider.class).setAuthenticationSession(authSession).setRealm(realm).setUser(user).send("emailVerificationSubject", "email-verification-with-code.ftl", attributes);
event.success();
} catch (EmailException e) {
logger.error("Failed to send verification email", e);
event.error(Errors.EMAIL_SEND_FAILED);
}
return challenge(context).text(context.form().getMessage("console-verify-email", user.getEmail()));
}
Also used :
AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel)
EventBuilder(org.keycloak.events.EventBuilder)
HashMap(java.util.HashMap)
EmailException(org.keycloak.email.EmailException)
Example 33 with EventBuilder
use of org.keycloak.events.EventBuilder in project keycloak by keycloak.
the class ConsoleVerifyEmail method processAction.
@Override
public void processAction(RequiredActionContext context) {
EventBuilder event = context.getEvent().clone().event(EventType.VERIFY_EMAIL).detail(Details.EMAIL, context.getUser().getEmail());
String code = context.getAuthenticationSession().getAuthNote(Constants.VERIFY_EMAIL_CODE);
if (code == null) {
requiredActionChallenge(context);
return;
}
MultivaluedMap<String, String> formData = context.getHttpRequest().getDecodedFormParameters();
String emailCode = formData.getFirst(EMAIL_CODE);
if (!code.equals(emailCode)) {
context.challenge(challenge(context).message(Messages.INVALID_CODE));
event.error(Errors.INVALID_CODE);
return;
}
event.success();
context.success();
}
Also used :
EventBuilder(org.keycloak.events.EventBuilder)
Example 34 with EventBuilder
use of org.keycloak.events.EventBuilder in project keycloak by keycloak.
the class ResetCredentialChooseUser method action.
@Override
public void action(AuthenticationFlowContext context) {
EventBuilder event = context.getEvent();
MultivaluedMap<String, String> formData = context.getHttpRequest().getDecodedFormParameters();
String username = formData.getFirst("username");
if (username == null || username.isEmpty()) {
event.error(Errors.USERNAME_MISSING);
Response challenge = context.form().addError(new FormMessage(Validation.FIELD_USERNAME, Messages.MISSING_USERNAME)).createPasswordReset();
context.failureChallenge(AuthenticationFlowError.INVALID_USER, challenge);
return;
}
username = username.trim();
RealmModel realm = context.getRealm();
UserModel user = context.getSession().users().getUserByUsername(realm, username);
if (user == null && realm.isLoginWithEmailAllowed() && username.contains("@")) {
user = context.getSession().users().getUserByEmail(realm, username);
}
context.getAuthenticationSession().setAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME, username);
// a null user will notify further executions, that this was a failure.
if (user == null) {
event.clone().detail(Details.USERNAME, username).error(Errors.USER_NOT_FOUND);
context.clearUser();
} else if (!user.isEnabled()) {
event.clone().detail(Details.USERNAME, username).user(user).error(Errors.USER_DISABLED);
context.clearUser();
} else {
context.setUser(user);
}
context.success();
}
Also used :
Response(javax.ws.rs.core.Response)
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
EventBuilder(org.keycloak.events.EventBuilder)
FormMessage(org.keycloak.models.utils.FormMessage)
Example 35 with EventBuilder
use of org.keycloak.events.EventBuilder in project keycloak by keycloak.
the class ResetCredentialEmail method authenticate.
@Override
public void authenticate(AuthenticationFlowContext context) {
UserModel user = context.getUser();
AuthenticationSessionModel authenticationSession = context.getAuthenticationSession();
String username = authenticationSession.getAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME);
// just reset login for with a success message
if (user == null) {
context.forkWithSuccessMessage(new FormMessage(Messages.EMAIL_SENT));
return;
}
String actionTokenUserId = authenticationSession.getAuthNote(DefaultActionTokenKey.ACTION_TOKEN_USER_ID);
if (actionTokenUserId != null && Objects.equals(user.getId(), actionTokenUserId)) {
logger.debugf("Forget-password triggered when reauthenticating user after authentication via action token. Skipping " + PROVIDER_ID + " screen and using user '%s' ", user.getUsername());
context.success();
return;
}
EventBuilder event = context.getEvent();
// we don't want people guessing usernames, so if there is a problem, just continuously challenge
if (user.getEmail() == null || user.getEmail().trim().length() == 0) {
event.user(user).detail(Details.USERNAME, username).error(Errors.INVALID_EMAIL);
context.forkWithSuccessMessage(new FormMessage(Messages.EMAIL_SENT));
return;
}
int validityInSecs = context.getRealm().getActionTokenGeneratedByUserLifespan(ResetCredentialsActionToken.TOKEN_TYPE);
int absoluteExpirationInSecs = Time.currentTime() + validityInSecs;
// We send the secret in the email in a link as a query param.
String authSessionEncodedId = AuthenticationSessionCompoundId.fromAuthSession(authenticationSession).getEncodedId();
ResetCredentialsActionToken token = new ResetCredentialsActionToken(user.getId(), user.getEmail(), absoluteExpirationInSecs, authSessionEncodedId, authenticationSession.getClient().getClientId());
String link = UriBuilder.fromUri(context.getActionTokenUrl(token.serialize(context.getSession(), context.getRealm(), context.getUriInfo()))).build().toString();
long expirationInMinutes = TimeUnit.SECONDS.toMinutes(validityInSecs);
try {
context.getSession().getProvider(EmailTemplateProvider.class).setRealm(context.getRealm()).setUser(user).setAuthenticationSession(authenticationSession).sendPasswordReset(link, expirationInMinutes);
event.clone().event(EventType.SEND_RESET_PASSWORD).user(user).detail(Details.USERNAME, username).detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID, authenticationSession.getParentSession().getId()).success();
context.forkWithSuccessMessage(new FormMessage(Messages.EMAIL_SENT));
} catch (EmailException e) {
event.clone().event(EventType.SEND_RESET_PASSWORD).detail(Details.USERNAME, username).user(user).error(Errors.EMAIL_SEND_FAILED);
ServicesLogger.LOGGER.failedToSendPwdResetEmail(e);
Response challenge = context.form().setError(Messages.EMAIL_SENT_ERROR).createErrorPage(Response.Status.INTERNAL_SERVER_ERROR);
context.failure(AuthenticationFlowError.INTERNAL_ERROR, challenge);
}
}
Also used :
ResetCredentialsActionToken(org.keycloak.authentication.actiontoken.resetcred.ResetCredentialsActionToken)
Response(javax.ws.rs.core.Response)
AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel)
EventBuilder(org.keycloak.events.EventBuilder)
EmailException(org.keycloak.email.EmailException)
FormMessage(org.keycloak.models.utils.FormMessage)
Aggregations
EventBuilder (org.keycloak.events.EventBuilder)41
RealmModel (org.keycloak.models.RealmModel)20
UserModel (org.keycloak.models.UserModel)13
AuthenticationSessionModel (org.keycloak.sessions.AuthenticationSessionModel)12
Response (javax.ws.rs.core.Response)11
Path (javax.ws.rs.Path)8
ClientModel (org.keycloak.models.ClientModel)7
KeycloakSession (org.keycloak.models.KeycloakSession)7
UserSessionModel (org.keycloak.models.UserSessionModel)6
FormMessage (org.keycloak.models.utils.FormMessage)6
ClientConnection (org.keycloak.common.ClientConnection)5
ClientSessionContext (org.keycloak.models.ClientSessionContext)5
AccessToken (org.keycloak.representations.AccessToken)5
HashMap (java.util.HashMap)4
List (java.util.List)4
LoginFormsProvider (org.keycloak.forms.login.LoginFormsProvider)4
IRadiusUserInfoGetter (com.github.vzakharchenko.radius.radius.holder.IRadiusUserInfoGetter)3
EmailException (org.keycloak.email.EmailException)3
KeycloakContext (org.keycloak.models.KeycloakContext)3
TokenManager (org.keycloak.protocol.oidc.TokenManager)3
