Example 1 with OTPPolicy
use of org.keycloak.models.OTPPolicy in project keycloak by keycloak.
the class MapOTPPolicyEntity method toModel.
static OTPPolicy toModel(MapOTPPolicyEntity entity) {
if (entity == null)
return null;
OTPPolicy model = new OTPPolicy();
Integer otpPolicyDigits = entity.getOtpPolicyDigits();
model.setDigits(otpPolicyDigits == null ? 0 : otpPolicyDigits);
model.setAlgorithm(entity.getOtpPolicyAlgorithm());
Integer otpPolicyInitialCounter = entity.getOtpPolicyInitialCounter();
model.setInitialCounter(otpPolicyInitialCounter == null ? 0 : otpPolicyInitialCounter);
Integer otpPolicyLookAheadWindow = entity.getOtpPolicyLookAheadWindow();
model.setLookAheadWindow(otpPolicyLookAheadWindow == null ? 0 : otpPolicyLookAheadWindow);
model.setType(entity.getOtpPolicyType());
Integer otpPolicyPeriod = entity.getOtpPolicyPeriod();
model.setPeriod(otpPolicyPeriod == null ? 0 : otpPolicyPeriod);
return model;
}
Also used :
OTPPolicy(org.keycloak.models.OTPPolicy)
Example 2 with OTPPolicy
use of org.keycloak.models.OTPPolicy in project keycloak by keycloak.
the class UpdateTotp method processAction.
@Override
public void processAction(RequiredActionContext context) {
EventBuilder event = context.getEvent();
event.event(EventType.UPDATE_TOTP);
MultivaluedMap<String, String> formData = context.getHttpRequest().getDecodedFormParameters();
String challengeResponse = formData.getFirst("totp");
String totpSecret = formData.getFirst("totpSecret");
String mode = formData.getFirst("mode");
String userLabel = formData.getFirst("userLabel");
OTPPolicy policy = context.getRealm().getOTPPolicy();
OTPCredentialModel credentialModel = OTPCredentialModel.createFromPolicy(context.getRealm(), totpSecret, userLabel);
if (Validation.isBlank(challengeResponse)) {
Response challenge = context.form().setAttribute("mode", mode).addError(new FormMessage(Validation.FIELD_OTP_CODE, Messages.MISSING_TOTP)).createResponse(UserModel.RequiredAction.CONFIGURE_TOTP);
context.challenge(challenge);
return;
} else if (!validateOTPCredential(context, challengeResponse, credentialModel, policy)) {
Response challenge = context.form().setAttribute("mode", mode).addError(new FormMessage(Validation.FIELD_OTP_CODE, Messages.INVALID_TOTP)).createResponse(UserModel.RequiredAction.CONFIGURE_TOTP);
context.challenge(challenge);
return;
}
OTPCredentialProvider otpCredentialProvider = (OTPCredentialProvider) context.getSession().getProvider(CredentialProvider.class, "keycloak-otp");
final Stream<CredentialModel> otpCredentials = (otpCredentialProvider.isConfiguredFor(context.getRealm(), context.getUser())) ? context.getSession().userCredentialManager().getStoredCredentialsByTypeStream(context.getRealm(), context.getUser(), OTPCredentialModel.TYPE) : Stream.empty();
if (otpCredentials.count() >= 1 && Validation.isBlank(userLabel)) {
Response challenge = context.form().setAttribute("mode", mode).addError(new FormMessage(Validation.FIELD_OTP_LABEL, Messages.MISSING_TOTP_DEVICE_NAME)).createResponse(UserModel.RequiredAction.CONFIGURE_TOTP);
context.challenge(challenge);
return;
}
if (!CredentialHelper.createOTPCredential(context.getSession(), context.getRealm(), context.getUser(), challengeResponse, credentialModel)) {
Response challenge = context.form().setAttribute("mode", mode).addError(new FormMessage(Validation.FIELD_OTP_CODE, Messages.INVALID_TOTP)).createResponse(UserModel.RequiredAction.CONFIGURE_TOTP);
context.challenge(challenge);
return;
}
context.success();
}
Also used :
Response(javax.ws.rs.core.Response)
EventBuilder(org.keycloak.events.EventBuilder)
CredentialModel(org.keycloak.credential.CredentialModel)
OTPCredentialModel(org.keycloak.models.credential.OTPCredentialModel)
OTPCredentialProvider(org.keycloak.credential.OTPCredentialProvider)
CredentialProvider(org.keycloak.credential.CredentialProvider)
OTPCredentialModel(org.keycloak.models.credential.OTPCredentialModel)
OTPPolicy(org.keycloak.models.OTPPolicy)
FormMessage(org.keycloak.models.utils.FormMessage)
OTPCredentialProvider(org.keycloak.credential.OTPCredentialProvider)
Example 3 with OTPPolicy
use of org.keycloak.models.OTPPolicy in project keycloak by keycloak.
the class BackwardsCompatibilityUserStorage method updateCredential.
@Override
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input) {
if (!(input instanceof UserCredentialModel))
return false;
if (input.getType().equals(UserCredentialModel.PASSWORD)) {
// Compatibility with 4.8.3 - Using "legacy" type PasswordUserCredentialModel
if (!(input instanceof PasswordUserCredentialModel)) {
log.warn("Input is not PasswordUserCredentialModel");
return false;
}
PasswordUserCredentialModel userCredentialModel = (PasswordUserCredentialModel) input;
// Those are not supposed to be set when calling this method in Keycloak 4.8.3 for password credential
assertNull(userCredentialModel.getDevice());
assertNull(userCredentialModel.getAlgorithm());
PasswordPolicy policy = session.getContext().getRealm().getPasswordPolicy();
PasswordHashProvider hashProvider = getHashProvider(policy);
CredentialModel newPassword = new CredentialModel();
newPassword.setType(CredentialModel.PASSWORD);
long createdDate = Time.currentTimeMillis();
newPassword.setCreatedDate(createdDate);
// Compatibility with 4.8.3 - Using "legacy" signature of the method on hashProvider
hashProvider.encode(userCredentialModel.getValue(), policy.getHashIterations(), newPassword);
// Test expected values of credentialModel
assertEquals(newPassword.getAlgorithm(), policy.getHashAlgorithm());
assertNotNull(newPassword.getValue());
assertNotNull(newPassword.getSalt());
users.get(translateUserName(user.getUsername())).hashedPassword = newPassword;
UserCache userCache = session.userCache();
if (userCache != null) {
userCache.evict(realm, user);
}
return true;
} else if (isOTPType(input.getType())) {
UserCredentialModel otpCredential = (UserCredentialModel) input;
// Those are not supposed to be set when calling this method in Keycloak 4.8.3 for password credential
assertNull(otpCredential.getDevice());
assertNull(otpCredential.getAlgorithm());
OTPPolicy otpPolicy = session.getContext().getRealm().getOTPPolicy();
CredentialModel newOTP = new CredentialModel();
newOTP.setType(input.getType());
long createdDate = Time.currentTimeMillis();
newOTP.setCreatedDate(createdDate);
newOTP.setValue(otpCredential.getValue());
newOTP.setCounter(otpPolicy.getInitialCounter());
newOTP.setDigits(otpPolicy.getDigits());
newOTP.setAlgorithm(otpPolicy.getAlgorithm());
newOTP.setPeriod(otpPolicy.getPeriod());
users.get(translateUserName(user.getUsername())).otp = newOTP;
return true;
} else {
log.infof("Attempt to update unsupported credential of type: %s", input.getType());
return false;
}
}
Also used :
PasswordUserCredentialModel(org.keycloak.models.credential.PasswordUserCredentialModel)
PasswordUserCredentialModel(org.keycloak.models.credential.PasswordUserCredentialModel)
UserCredentialModel(org.keycloak.models.UserCredentialModel)
CredentialModel(org.keycloak.credential.CredentialModel)
PasswordPolicy(org.keycloak.models.PasswordPolicy)
OTPPolicy(org.keycloak.models.OTPPolicy)
UserCache(org.keycloak.models.cache.UserCache)
PasswordUserCredentialModel(org.keycloak.models.credential.PasswordUserCredentialModel)
UserCredentialModel(org.keycloak.models.UserCredentialModel)
PasswordHashProvider(org.keycloak.credential.hash.PasswordHashProvider)
Example 4 with OTPPolicy
use of org.keycloak.models.OTPPolicy in project keycloak by keycloak.
the class OTPCredentialModel method createFromPolicy.
public static OTPCredentialModel createFromPolicy(RealmModel realm, String secretValue, String userLabel) {
OTPPolicy policy = realm.getOTPPolicy();
OTPCredentialModel credentialModel = new OTPCredentialModel(secretValue, policy.getType(), policy.getDigits(), policy.getInitialCounter(), policy.getPeriod(), policy.getAlgorithm());
credentialModel.fillCredentialModelFields();
credentialModel.setUserLabel(userLabel);
return credentialModel;
}
Also used :
OTPPolicy(org.keycloak.models.OTPPolicy)
Example 5 with OTPPolicy
use of org.keycloak.models.OTPPolicy in project keycloak by keycloak.
the class ConsoleUpdateTotp method processAction.
@Override
public void processAction(RequiredActionContext context) {
EventBuilder event = context.getEvent();
event.event(EventType.UPDATE_TOTP);
MultivaluedMap<String, String> formData = context.getHttpRequest().getDecodedFormParameters();
String challengeResponse = formData.getFirst("totp");
String totpSecret = context.getAuthenticationSession().getAuthNote("totpSecret");
String userLabel = formData.getFirst("userLabel");
OTPPolicy policy = context.getRealm().getOTPPolicy();
OTPCredentialModel credentialModel = OTPCredentialModel.createFromPolicy(context.getRealm(), totpSecret, userLabel);
if (Validation.isBlank(challengeResponse)) {
context.challenge(challenge(context).message(Messages.MISSING_TOTP));
return;
} else if (!CredentialValidation.validOTP(challengeResponse, credentialModel, policy.getLookAheadWindow())) {
context.challenge(challenge(context).message(Messages.INVALID_TOTP));
return;
}
if (!CredentialHelper.createOTPCredential(context.getSession(), context.getRealm(), context.getUser(), challengeResponse, credentialModel)) {
context.challenge(challenge(context).message(Messages.INVALID_TOTP));
return;
}
context.getAuthenticationSession().removeAuthNote("totpSecret");
context.success();
}
Also used :
EventBuilder(org.keycloak.events.EventBuilder)
OTPCredentialModel(org.keycloak.models.credential.OTPCredentialModel)
OTPPolicy(org.keycloak.models.OTPPolicy)
Aggregations
OTPPolicy (org.keycloak.models.OTPPolicy)9
OTPCredentialModel (org.keycloak.models.credential.OTPCredentialModel)4
CredentialModel (org.keycloak.credential.CredentialModel)2
EventBuilder (org.keycloak.events.EventBuilder)2
UserCredentialModel (org.keycloak.models.UserCredentialModel)2
HmacOTP (org.keycloak.models.utils.HmacOTP)2
Consumes (javax.ws.rs.Consumes)1
POST (javax.ws.rs.POST)1
Path (javax.ws.rs.Path)1
Response (javax.ws.rs.core.Response)1
Before (org.junit.Before)1
CredentialProvider (org.keycloak.credential.CredentialProvider)1
OTPCredentialProvider (org.keycloak.credential.OTPCredentialProvider)1
PasswordHashProvider (org.keycloak.credential.hash.PasswordHashProvider)1
PasswordPolicy (org.keycloak.models.PasswordPolicy)1
UserModel (org.keycloak.models.UserModel)1
UserCache (org.keycloak.models.cache.UserCache)1
PasswordUserCredentialModel (org.keycloak.models.credential.PasswordUserCredentialModel)1
OTPCredentialData (org.keycloak.models.credential.dto.OTPCredentialData)1
OTPSecretData (org.keycloak.models.credential.dto.OTPSecretData)1
