Examples with OTPPolicy org.keycloak.models.OTPPolicy used on opensource projects

Search in sources :

Example 6 with OTPPolicy

use of org.keycloak.models.OTPPolicy in project keycloak by keycloak.

the class AccountFormService method processTotpUpdate.

/**
 * Update the TOTP for this account.
 * <p>
 * form parameters:
 * <p>
 * totp - otp generated by authenticator
 * totpSecret - totp secret to register
 *
 * @return
 */
@Path("totp")
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public Response processTotpUpdate() {
    MultivaluedMap<String, String> formData = request.getDecodedFormParameters();
    if (auth == null) {
        return login("totp");
    }
    auth.require(AccountRoles.MANAGE_ACCOUNT);
    account.setAttribute("mode", session.getContext().getUri().getQueryParameters().getFirst("mode"));
    String action = formData.getFirst("submitAction");
    if (action != null && action.equals("Cancel")) {
        setReferrerOnPage();
        return account.createResponse(AccountPages.TOTP);
    }
    csrfCheck(formData);
    UserModel user = auth.getUser();
    if (action != null && action.equals("Delete")) {
        String credentialId = formData.getFirst("credentialId");
        if (credentialId == null) {
            setReferrerOnPage();
            return account.setError(Status.OK, Messages.UNEXPECTED_ERROR_HANDLING_REQUEST).createResponse(AccountPages.TOTP);
        }
        CredentialHelper.deleteOTPCredential(session, realm, user, credentialId);
        event.event(EventType.REMOVE_TOTP).client(auth.getClient()).user(auth.getUser()).success();
        setReferrerOnPage();
        return account.setSuccess(Messages.SUCCESS_TOTP_REMOVED).createResponse(AccountPages.TOTP);
    } else {
        String challengeResponse = formData.getFirst("totp");
        String totpSecret = formData.getFirst("totpSecret");
        String userLabel = formData.getFirst("userLabel");
        OTPPolicy policy = realm.getOTPPolicy();
        OTPCredentialModel credentialModel = OTPCredentialModel.createFromPolicy(realm, totpSecret, userLabel);
        if (Validation.isBlank(challengeResponse)) {
            setReferrerOnPage();
            return account.setError(Status.OK, Messages.MISSING_TOTP).createResponse(AccountPages.TOTP);
        } else if (!CredentialValidation.validOTP(challengeResponse, credentialModel, policy.getLookAheadWindow())) {
            setReferrerOnPage();
            return account.setError(Status.OK, Messages.INVALID_TOTP).createResponse(AccountPages.TOTP);
        }
        if (!CredentialHelper.createOTPCredential(session, realm, user, challengeResponse, credentialModel)) {
            setReferrerOnPage();
            return account.setError(Status.OK, Messages.INVALID_TOTP).createResponse(AccountPages.TOTP);
        }
        event.event(EventType.UPDATE_TOTP).client(auth.getClient()).user(auth.getUser()).success();
        setReferrerOnPage();
        return account.setSuccess(Messages.SUCCESS_TOTP).createResponse(AccountPages.TOTP);
    }
}
Also used : UserModel(org.keycloak.models.UserModel) OTPCredentialModel(org.keycloak.models.credential.OTPCredentialModel) OTPPolicy(org.keycloak.models.OTPPolicy) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes)

Example 7 with OTPPolicy

use of org.keycloak.models.OTPPolicy in project keycloak by keycloak.

the class BasicAuthOTPAuthenticator method onAuthenticate.

@Override
protected boolean onAuthenticate(AuthenticationFlowContext context, String[] challenge) {
    String username = challenge[0];
    String password = challenge[1];
    OTPPolicy otpPolicy = context.getRealm().getOTPPolicy();
    int otpLength = otpPolicy.getDigits();
    if (password.length() < otpLength) {
        return false;
    }
    password = password.substring(0, password.length() - otpLength);
    if (checkUsernameAndPassword(context, username, password)) {
        String otp = challenge[1].substring(password.length(), challenge[1].length());
        if (checkOtp(context, otp)) {
            return true;
        }
    }
    return false;
}
Also used : OTPPolicy(org.keycloak.models.OTPPolicy)

Example 8 with OTPPolicy

use of org.keycloak.models.OTPPolicy in project keycloak by keycloak.

the class LoginHotpTest method before.

@Before
public void before() throws MalformedURLException {
    RealmRepresentation testRealm = testRealm().toRepresentation();
    policy = new OTPPolicy();
    policy.setAlgorithm(testRealm.getOtpPolicyAlgorithm());
    policy.setDigits(testRealm.getOtpPolicyDigits());
    policy.setInitialCounter(testRealm.getOtpPolicyInitialCounter());
    policy.setLookAheadWindow(testRealm.getOtpPolicyLookAheadWindow());
    policy.setPeriod(testRealm.getOtpPolicyLookAheadWindow());
    policy.setType(testRealm.getOtpPolicyType());
    otp = new HmacOTP(policy.getDigits(), policy.getAlgorithm(), policy.getLookAheadWindow());
}
Also used : HmacOTP(org.keycloak.models.utils.HmacOTP) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) OTPPolicy(org.keycloak.models.OTPPolicy) Before(org.junit.Before)

Example 9 with OTPPolicy

use of org.keycloak.models.OTPPolicy in project keycloak by keycloak.

the class OTPCredentialProvider method isValid.

@Override
public boolean isValid(RealmModel realm, UserModel user, CredentialInput credentialInput) {
    if (!(credentialInput instanceof UserCredentialModel)) {
        logger.debug("Expected instance of UserCredentialModel for CredentialInput");
        return false;
    }
    String challengeResponse = credentialInput.getChallengeResponse();
    if (challengeResponse == null) {
        return false;
    }
    if (ObjectUtil.isBlank(credentialInput.getCredentialId())) {
        logger.debugf("CredentialId is null when validating credential of user %s", user.getUsername());
        return false;
    }
    CredentialModel credential = getCredentialStore().getStoredCredentialById(realm, user, credentialInput.getCredentialId());
    OTPCredentialModel otpCredentialModel = OTPCredentialModel.createFromCredentialModel(credential);
    OTPSecretData secretData = otpCredentialModel.getOTPSecretData();
    OTPCredentialData credentialData = otpCredentialModel.getOTPCredentialData();
    OTPPolicy policy = realm.getOTPPolicy();
    if (OTPCredentialModel.HOTP.equals(credentialData.getSubType())) {
        HmacOTP validator = new HmacOTP(credentialData.getDigits(), credentialData.getAlgorithm(), policy.getLookAheadWindow());
        int counter = validator.validateHOTP(challengeResponse, secretData.getValue(), credentialData.getCounter());
        if (counter < 0) {
            return false;
        }
        otpCredentialModel.updateCounter(counter);
        getCredentialStore().updateCredential(realm, user, otpCredentialModel);
        return true;
    } else if (OTPCredentialModel.TOTP.equals(credentialData.getSubType())) {
        TimeBasedOTP validator = new TimeBasedOTP(credentialData.getAlgorithm(), credentialData.getDigits(), credentialData.getPeriod(), policy.getLookAheadWindow());
        return validator.validateTOTP(challengeResponse, secretData.getValue().getBytes(StandardCharsets.UTF_8));
    }
    return false;
}
Also used : OTPSecretData(org.keycloak.models.credential.dto.OTPSecretData) HmacOTP(org.keycloak.models.utils.HmacOTP) UserCredentialModel(org.keycloak.models.UserCredentialModel) OTPCredentialModel(org.keycloak.models.credential.OTPCredentialModel) TimeBasedOTP(org.keycloak.models.utils.TimeBasedOTP) OTPCredentialData(org.keycloak.models.credential.dto.OTPCredentialData) OTPCredentialModel(org.keycloak.models.credential.OTPCredentialModel) OTPPolicy(org.keycloak.models.OTPPolicy) UserCredentialModel(org.keycloak.models.UserCredentialModel)

Aggregations

OTPPolicy (org.keycloak.models.OTPPolicy)9 OTPCredentialModel (org.keycloak.models.credential.OTPCredentialModel)4 CredentialModel (org.keycloak.credential.CredentialModel)2 EventBuilder (org.keycloak.events.EventBuilder)2 UserCredentialModel (org.keycloak.models.UserCredentialModel)2 HmacOTP (org.keycloak.models.utils.HmacOTP)2 Consumes (javax.ws.rs.Consumes)1 POST (javax.ws.rs.POST)1 Path (javax.ws.rs.Path)1 Response (javax.ws.rs.core.Response)1 Before (org.junit.Before)1 CredentialProvider (org.keycloak.credential.CredentialProvider)1 OTPCredentialProvider (org.keycloak.credential.OTPCredentialProvider)1 PasswordHashProvider (org.keycloak.credential.hash.PasswordHashProvider)1 PasswordPolicy (org.keycloak.models.PasswordPolicy)1 UserModel (org.keycloak.models.UserModel)1 UserCache (org.keycloak.models.cache.UserCache)1 PasswordUserCredentialModel (org.keycloak.models.credential.PasswordUserCredentialModel)1 OTPCredentialData (org.keycloak.models.credential.dto.OTPCredentialData)1 OTPSecretData (org.keycloak.models.credential.dto.OTPSecretData)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial