Examples with PasswordPolicy org.keycloak.models.PasswordPolicy used on opensource projects

Search in sources :

Example 6 with PasswordPolicy

use of org.keycloak.models.PasswordPolicy in project keycloak by keycloak.

the class PasswordCredentialProvider method createCredential.

@Override
public CredentialModel createCredential(RealmModel realm, UserModel user, PasswordCredentialModel credentialModel) {
    PasswordPolicy policy = realm.getPasswordPolicy();
    int expiredPasswordsPolicyValue = policy.getExpiredPasswords();
    // 1) create new or reset existing password
    CredentialModel createdCredential;
    CredentialModel oldPassword = getPassword(realm, user);
    if (credentialModel.getCreatedDate() == null) {
        credentialModel.setCreatedDate(Time.currentTimeMillis());
    }
    if (oldPassword == null) {
        // no password exists --> create new
        createdCredential = getCredentialStore().createCredential(realm, user, credentialModel);
    } else {
        // password exists --> update existing
        credentialModel.setId(oldPassword.getId());
        getCredentialStore().updateCredential(realm, user, credentialModel);
        createdCredential = credentialModel;
        // 2) add a password history item based on the old password
        if (expiredPasswordsPolicyValue > 1) {
            oldPassword.setId(null);
            oldPassword.setType(PasswordCredentialModel.PASSWORD_HISTORY);
            getCredentialStore().createCredential(realm, user, oldPassword);
        }
    }
    // 3) remove old password history items
    final int passwordHistoryListMaxSize = Math.max(0, expiredPasswordsPolicyValue - 1);
    getCredentialStore().getStoredCredentialsByTypeStream(realm, user, PasswordCredentialModel.PASSWORD_HISTORY).sorted(CredentialModel.comparingByStartDateDesc()).skip(passwordHistoryListMaxSize).collect(Collectors.toList()).forEach(p -> getCredentialStore().removeStoredCredential(realm, user, p.getId()));
    UserCache userCache = session.userCache();
    if (userCache != null) {
        userCache.evict(realm, user);
    }
    return createdCredential;
}
Also used : UserCredentialModel(org.keycloak.models.UserCredentialModel) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) PasswordPolicy(org.keycloak.models.PasswordPolicy) OnUserCache(org.keycloak.models.cache.OnUserCache) UserCache(org.keycloak.models.cache.UserCache)

Example 7 with PasswordPolicy

use of org.keycloak.models.PasswordPolicy in project keycloak by keycloak.

the class PasswordCredentialProvider method isValid.

@Override
public boolean isValid(RealmModel realm, UserModel user, CredentialInput input) {
    if (!(input instanceof UserCredentialModel)) {
        logger.debug("Expected instance of UserCredentialModel for CredentialInput");
        return false;
    }
    if (input.getChallengeResponse() == null) {
        logger.debugv("Input password was null for user {0} ", user.getUsername());
        return false;
    }
    PasswordCredentialModel password = getPassword(realm, user);
    if (password == null) {
        logger.debugv("No password cached or stored for user {0} ", user.getUsername());
        return false;
    }
    PasswordHashProvider hash = session.getProvider(PasswordHashProvider.class, password.getPasswordCredentialData().getAlgorithm());
    if (hash == null) {
        logger.debugv("PasswordHashProvider {0} not found for user {1} ", password.getPasswordCredentialData().getAlgorithm(), user.getUsername());
        return false;
    }
    if (!hash.verify(input.getChallengeResponse(), password)) {
        logger.debugv("Failed password validation for user {0} ", user.getUsername());
        return false;
    }
    PasswordPolicy policy = realm.getPasswordPolicy();
    if (policy == null) {
        return true;
    }
    hash = getHashProvider(policy);
    if (hash == null) {
        return true;
    }
    if (hash.policyCheck(policy, password)) {
        return true;
    }
    PasswordCredentialModel newPassword = hash.encodedCredential(input.getChallengeResponse(), policy.getHashIterations());
    newPassword.setId(password.getId());
    newPassword.setCreatedDate(password.getCreatedDate());
    newPassword.setUserLabel(password.getUserLabel());
    getCredentialStore().updateCredential(realm, user, newPassword);
    UserCache userCache = session.userCache();
    if (userCache != null) {
        userCache.evict(realm, user);
    }
    return true;
}
Also used : PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) PasswordPolicy(org.keycloak.models.PasswordPolicy) OnUserCache(org.keycloak.models.cache.OnUserCache) UserCache(org.keycloak.models.cache.UserCache) UserCredentialModel(org.keycloak.models.UserCredentialModel) PasswordHashProvider(org.keycloak.credential.hash.PasswordHashProvider)

Example 8 with PasswordPolicy

use of org.keycloak.models.PasswordPolicy in project keycloak by keycloak.

the class PasswordCredentialProvider method createCredential.

public boolean createCredential(RealmModel realm, UserModel user, String password) {
    PasswordPolicy policy = realm.getPasswordPolicy();
    PolicyError error = session.getProvider(PasswordPolicyManagerProvider.class).validate(realm, user, password);
    if (error != null)
        throw new ModelException(error.getMessage(), error.getParameters());
    PasswordHashProvider hash = getHashProvider(policy);
    if (hash == null) {
        return false;
    }
    PasswordCredentialModel credentialModel = hash.encodedCredential(password, policy.getHashIterations());
    credentialModel.setCreatedDate(Time.currentTimeMillis());
    createCredential(realm, user, credentialModel);
    return true;
}
Also used : ModelException(org.keycloak.models.ModelException) PasswordPolicyManagerProvider(org.keycloak.policy.PasswordPolicyManagerProvider) PasswordPolicy(org.keycloak.models.PasswordPolicy) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) PolicyError(org.keycloak.policy.PolicyError) PasswordHashProvider(org.keycloak.credential.hash.PasswordHashProvider)

Aggregations

PasswordPolicy (org.keycloak.models.PasswordPolicy)8 PasswordHashProvider (org.keycloak.credential.hash.PasswordHashProvider)5 UserCredentialModel (org.keycloak.models.UserCredentialModel)4 UserCache (org.keycloak.models.cache.UserCache)3 PasswordCredentialModel (org.keycloak.models.credential.PasswordCredentialModel)3 CredentialModel (org.keycloak.credential.CredentialModel)2 ModelException (org.keycloak.models.ModelException)2 OnUserCache (org.keycloak.models.cache.OnUserCache)2 PasswordUserCredentialModel (org.keycloak.models.credential.PasswordUserCredentialModel)2 PasswordPolicyManagerProvider (org.keycloak.policy.PasswordPolicyManagerProvider)2 LinkedList (java.util.LinkedList)1 Test (org.junit.Test)1 OTPPolicy (org.keycloak.models.OTPPolicy)1 RealmModel (org.keycloak.models.RealmModel)1 TimeBasedOTP (org.keycloak.models.utils.TimeBasedOTP)1 PolicyError (org.keycloak.policy.PolicyError)1 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial