Examples with PasswordCredentialModel org.keycloak.models.credential.PasswordCredentialModel used on opensource projects

Search in sources :

Example 6 with PasswordCredentialModel

use of org.keycloak.models.credential.PasswordCredentialModel in project keycloak by keycloak.

the class PasswordHashingTest method testPbkdf2Sha256.

@Test
public void testPbkdf2Sha256() throws Exception {
    setPasswordPolicy("hashAlgorithm(" + Pbkdf2Sha256PasswordHashProviderFactory.ID + ")");
    String username = "testPbkdf2Sha256";
    createUser(username);
    PasswordCredentialModel credential = PasswordCredentialModel.createFromCredentialModel(fetchCredentials(username));
    assertEncoded(credential, "password", credential.getPasswordSecretData().getSalt(), "PBKDF2WithHmacSHA256", 27500);
}
Also used : PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 7 with PasswordCredentialModel

use of org.keycloak.models.credential.PasswordCredentialModel in project keycloak by keycloak.

the class PasswordHashingTest method testPbkdf2Sha512.

@Test
public void testPbkdf2Sha512() throws Exception {
    setPasswordPolicy("hashAlgorithm(" + Pbkdf2Sha512PasswordHashProviderFactory.ID + ")");
    String username = "testPbkdf2Sha512";
    createUser(username);
    PasswordCredentialModel credential = PasswordCredentialModel.createFromCredentialModel(fetchCredentials(username));
    assertEncoded(credential, "password", credential.getPasswordSecretData().getSalt(), "PBKDF2WithHmacSHA512", 30000);
}
Also used : PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 8 with PasswordCredentialModel

use of org.keycloak.models.credential.PasswordCredentialModel in project keycloak by keycloak.

the class PasswordCredentialProvider method createCredential.

@Override
public CredentialModel createCredential(RealmModel realm, UserModel user, PasswordCredentialModel credentialModel) {
    PasswordPolicy policy = realm.getPasswordPolicy();
    int expiredPasswordsPolicyValue = policy.getExpiredPasswords();
    // 1) create new or reset existing password
    CredentialModel createdCredential;
    CredentialModel oldPassword = getPassword(realm, user);
    if (credentialModel.getCreatedDate() == null) {
        credentialModel.setCreatedDate(Time.currentTimeMillis());
    }
    if (oldPassword == null) {
        // no password exists --> create new
        createdCredential = getCredentialStore().createCredential(realm, user, credentialModel);
    } else {
        // password exists --> update existing
        credentialModel.setId(oldPassword.getId());
        getCredentialStore().updateCredential(realm, user, credentialModel);
        createdCredential = credentialModel;
        // 2) add a password history item based on the old password
        if (expiredPasswordsPolicyValue > 1) {
            oldPassword.setId(null);
            oldPassword.setType(PasswordCredentialModel.PASSWORD_HISTORY);
            getCredentialStore().createCredential(realm, user, oldPassword);
        }
    }
    // 3) remove old password history items
    final int passwordHistoryListMaxSize = Math.max(0, expiredPasswordsPolicyValue - 1);
    getCredentialStore().getStoredCredentialsByTypeStream(realm, user, PasswordCredentialModel.PASSWORD_HISTORY).sorted(CredentialModel.comparingByStartDateDesc()).skip(passwordHistoryListMaxSize).collect(Collectors.toList()).forEach(p -> getCredentialStore().removeStoredCredential(realm, user, p.getId()));
    UserCache userCache = session.userCache();
    if (userCache != null) {
        userCache.evict(realm, user);
    }
    return createdCredential;
}
Also used : UserCredentialModel(org.keycloak.models.UserCredentialModel) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) PasswordPolicy(org.keycloak.models.PasswordPolicy) OnUserCache(org.keycloak.models.cache.OnUserCache) UserCache(org.keycloak.models.cache.UserCache)

Example 9 with PasswordCredentialModel

use of org.keycloak.models.credential.PasswordCredentialModel in project keycloak by keycloak.

the class FederatedStorageExportImportTest method testSingleFile.

@Test
public void testSingleFile() {
    ComponentExportImportTest.clearExportImportProperties(testingClient);
    final String userId = "f:1:path";
    testingClient.server().run(session -> {
        RealmModel realm = new RealmManager(session).createRealm(REALM_NAME);
        RoleModel role = realm.addRole("test-role");
        GroupModel group = realm.createGroup("test-group");
        List<String> attrValues = new LinkedList<>();
        attrValues.add("1");
        attrValues.add("2");
        session.userFederatedStorage().setSingleAttribute(realm, userId, "single1", "value1");
        session.userFederatedStorage().setAttribute(realm, userId, "list1", attrValues);
        session.userFederatedStorage().addRequiredAction(realm, userId, "UPDATE_PASSWORD");
        PasswordCredentialModel credential = FederatedStorageExportImportTest.getHashProvider(session, realm.getPasswordPolicy()).encodedCredential("password", realm.getPasswordPolicy().getHashIterations());
        session.userFederatedStorage().createCredential(realm, userId, credential);
        session.userFederatedStorage().grantRole(realm, userId, role);
        session.userFederatedStorage().joinGroup(realm, userId, group);
    });
    final String realmId = testRealmResource().toRepresentation().getId();
    final String groupId = testRealmResource().getGroupByPath("/test-group").getId();
    final String exportFileAbsolutePath = this.exportFileAbsolutePath;
    testingClient.server().run(session -> {
        ExportImportConfig.setProvider(SingleFileExportProviderFactory.PROVIDER_ID);
        ExportImportConfig.setFile(exportFileAbsolutePath);
        ExportImportConfig.setRealmName(REALM_NAME);
        ExportImportConfig.setAction(ExportImportConfig.ACTION_EXPORT);
        new ExportImportManager(session).runExport();
        session.realms().removeRealm(realmId);
    });
    testingClient.server().run(session -> {
        Assert.assertNull(session.realms().getRealmByName(REALM_NAME));
        ExportImportConfig.setAction(ExportImportConfig.ACTION_IMPORT);
        new ExportImportManager(session).runImport();
    });
    testingClient.server().run(session -> {
        RealmModel realm = session.realms().getRealmByName(REALM_NAME);
        Assert.assertNotNull(realm);
        RoleModel role = realm.getRole("test-role");
        GroupModel group = realm.getGroupById(groupId);
        Assert.assertEquals(1, session.userFederatedStorage().getStoredUsersCount(realm));
        MultivaluedHashMap<String, String> attributes = session.userFederatedStorage().getAttributes(realm, userId);
        Assert.assertEquals(3, attributes.size());
        Assert.assertEquals("value1", attributes.getFirst("single1"));
        Assert.assertTrue(attributes.getList("list1").contains("1"));
        Assert.assertTrue(attributes.getList("list1").contains("2"));
        Assert.assertTrue(session.userFederatedStorage().getRequiredActionsStream(realm, userId).collect(Collectors.toSet()).contains("UPDATE_PASSWORD"));
        Assert.assertTrue(session.userFederatedStorage().getRoleMappingsStream(realm, userId).collect(Collectors.toSet()).contains(role));
        Assert.assertTrue(session.userFederatedStorage().getGroupsStream(realm, userId).collect(Collectors.toSet()).contains(group));
        List<CredentialModel> creds = session.userFederatedStorage().getStoredCredentialsStream(realm, userId).collect(Collectors.toList());
        Assert.assertEquals(1, creds.size());
        Assert.assertTrue(FederatedStorageExportImportTest.getHashProvider(session, realm.getPasswordPolicy()).verify("password", PasswordCredentialModel.createFromCredentialModel(creds.get(0))));
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) CredentialModel(org.keycloak.credential.CredentialModel) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) GroupModel(org.keycloak.models.GroupModel) ExportImportManager(org.keycloak.exportimport.ExportImportManager) RoleModel(org.keycloak.models.RoleModel) RealmManager(org.keycloak.services.managers.RealmManager) LinkedList(java.util.LinkedList) AbstractAuthTest(org.keycloak.testsuite.AbstractAuthTest) Test(org.junit.Test)

Example 10 with PasswordCredentialModel

use of org.keycloak.models.credential.PasswordCredentialModel in project keycloak by keycloak.

the class FederatedStorageExportImportTest method testDir.

@Test
public void testDir() {
    ComponentExportImportTest.clearExportImportProperties(testingClient);
    final String userId = "f:1:path";
    testingClient.server().run(session -> {
        RealmModel realm = new RealmManager(session).createRealm(REALM_NAME);
        RoleModel role = realm.addRole("test-role");
        GroupModel group = realm.createGroup("test-group");
        List<String> attrValues = new LinkedList<>();
        attrValues.add("1");
        attrValues.add("2");
        session.userFederatedStorage().setSingleAttribute(realm, userId, "single1", "value1");
        session.userFederatedStorage().setAttribute(realm, userId, "list1", attrValues);
        session.userFederatedStorage().addRequiredAction(realm, userId, "UPDATE_PASSWORD");
        PasswordCredentialModel credential = FederatedStorageExportImportTest.getHashProvider(session, realm.getPasswordPolicy()).encodedCredential("password", realm.getPasswordPolicy().getHashIterations());
        session.userFederatedStorage().createCredential(realm, userId, credential);
        session.userFederatedStorage().grantRole(realm, userId, role);
        session.userFederatedStorage().joinGroup(realm, userId, group);
        session.userFederatedStorage().setNotBeforeForUser(realm, userId, 50);
    });
    final String realmId = testRealmResource().toRepresentation().getId();
    final String groupId = testRealmResource().getGroupByPath("/test-group").getId();
    final String exportDirAbsolutePath = this.exportDirAbsolutePath;
    testingClient.server().run(session -> {
        ExportImportConfig.setProvider(DirExportProviderFactory.PROVIDER_ID);
        ExportImportConfig.setDir(exportDirAbsolutePath);
        ExportImportConfig.setRealmName(REALM_NAME);
        ExportImportConfig.setAction(ExportImportConfig.ACTION_EXPORT);
        new ExportImportManager(session).runExport();
        session.realms().removeRealm(realmId);
    });
    testingClient.server().run(session -> {
        Assert.assertNull(session.realms().getRealmByName(REALM_NAME));
        ExportImportConfig.setAction(ExportImportConfig.ACTION_IMPORT);
        new ExportImportManager(session).runImport();
    });
    testingClient.server().run(session -> {
        RealmModel realm = session.realms().getRealmByName(REALM_NAME);
        Assert.assertNotNull(realm);
        RoleModel role = realm.getRole("test-role");
        GroupModel group = realm.getGroupById(groupId);
        Assert.assertEquals(1, session.userFederatedStorage().getStoredUsersCount(realm));
        MultivaluedHashMap<String, String> attributes = session.userFederatedStorage().getAttributes(realm, userId);
        Assert.assertEquals(3, attributes.size());
        Assert.assertEquals("value1", attributes.getFirst("single1"));
        Assert.assertTrue(attributes.getList("list1").contains("1"));
        Assert.assertTrue(attributes.getList("list1").contains("2"));
        Assert.assertTrue(session.userFederatedStorage().getRequiredActionsStream(realm, userId).collect(Collectors.toSet()).contains("UPDATE_PASSWORD"));
        Assert.assertTrue(session.userFederatedStorage().getRoleMappingsStream(realm, userId).collect(Collectors.toSet()).contains(role));
        Assert.assertTrue(session.userFederatedStorage().getGroupsStream(realm, userId).collect(Collectors.toSet()).contains(group));
        Assert.assertEquals(50, session.userFederatedStorage().getNotBeforeOfUser(realm, userId));
        List<CredentialModel> creds = session.userFederatedStorage().getStoredCredentialsStream(realm, userId).collect(Collectors.toList());
        Assert.assertEquals(1, creds.size());
        Assert.assertTrue(FederatedStorageExportImportTest.getHashProvider(session, realm.getPasswordPolicy()).verify("password", PasswordCredentialModel.createFromCredentialModel(creds.get(0))));
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) CredentialModel(org.keycloak.credential.CredentialModel) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) GroupModel(org.keycloak.models.GroupModel) ExportImportManager(org.keycloak.exportimport.ExportImportManager) RoleModel(org.keycloak.models.RoleModel) RealmManager(org.keycloak.services.managers.RealmManager) LinkedList(java.util.LinkedList) AbstractAuthTest(org.keycloak.testsuite.AbstractAuthTest) Test(org.junit.Test)

Aggregations

PasswordCredentialModel (org.keycloak.models.credential.PasswordCredentialModel)23 Test (org.junit.Test)17 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)8 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)7 CredentialModel (org.keycloak.credential.CredentialModel)6 CredentialRepresentation (org.keycloak.representations.idm.CredentialRepresentation)6 OTPCredentialModel (org.keycloak.models.credential.OTPCredentialModel)4 PasswordHashProvider (org.keycloak.credential.hash.PasswordHashProvider)3 PasswordPolicy (org.keycloak.models.PasswordPolicy)3 UserCredentialModel (org.keycloak.models.UserCredentialModel)3 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)3 FileInputStream (java.io.FileInputStream)2 LinkedList (java.util.LinkedList)2 UserResource (org.keycloak.admin.client.resource.UserResource)2 ExportImportManager (org.keycloak.exportimport.ExportImportManager)2 GroupModel (org.keycloak.models.GroupModel)2 RealmModel (org.keycloak.models.RealmModel)2 RoleModel (org.keycloak.models.RoleModel)2 OnUserCache (org.keycloak.models.cache.OnUserCache)2 UserCache (org.keycloak.models.cache.UserCache)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial