Examples with PasswordCredentialModel org.keycloak.models.credential.PasswordCredentialModel used on opensource projects

Search in sources :

Example 11 with PasswordCredentialModel

use of org.keycloak.models.credential.PasswordCredentialModel in project keycloak by keycloak.

the class CredentialModelBackwardsCompatibilityTest method testCredentialModelPassword.

@Test
public void testCredentialModelPassword() {
    byte[] salt = { 1, 2, 3 };
    CredentialModel password = PasswordCredentialModel.createFromValues("foo", salt, 1000, "pass");
    Assert.assertEquals("pass", password.getValue());
    Assert.assertTrue(Arrays.areEqual(salt, password.getSalt()));
    Assert.assertEquals(1000, password.getHashIterations());
    Assert.assertEquals("foo", password.getAlgorithm());
    // Change something and assert it is changed
    password.setValue("789789");
    Assert.assertEquals("789789", password.getValue());
    // Test clone
    PasswordCredentialModel cloned = PasswordCredentialModel.createFromCredentialModel(password);
    Assert.assertEquals("789789", cloned.getPasswordSecretData().getValue());
    Assert.assertEquals(1000, cloned.getPasswordCredentialData().getHashIterations());
    Assert.assertEquals(1000, cloned.getPasswordCredentialData().getHashIterations());
    Assert.assertEquals("foo", cloned.getPasswordCredentialData().getAlgorithm());
}
Also used : CredentialModel(org.keycloak.credential.CredentialModel) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) OTPCredentialModel(org.keycloak.models.credential.OTPCredentialModel) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) Test(org.junit.Test)

Example 12 with PasswordCredentialModel

use of org.keycloak.models.credential.PasswordCredentialModel in project keycloak by keycloak.

the class PasswordHashProvider method encode.

/**
 * @deprecated Exists due the backwards compatibility. It is recommended to use {@link #encodedCredential(String, int)}}
 */
@Deprecated
default void encode(String rawPassword, int iterations, CredentialModel credential) {
    PasswordCredentialModel passwordCred = encodedCredential(rawPassword, iterations);
    credential.setCredentialData(passwordCred.getCredentialData());
    credential.setSecretData(passwordCred.getSecretData());
}
Also used : PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel)

Example 13 with PasswordCredentialModel

use of org.keycloak.models.credential.PasswordCredentialModel in project keycloak by keycloak.

the class PasswordCredentialProvider method isValid.

@Override
public boolean isValid(RealmModel realm, UserModel user, CredentialInput input) {
    if (!(input instanceof UserCredentialModel)) {
        logger.debug("Expected instance of UserCredentialModel for CredentialInput");
        return false;
    }
    if (input.getChallengeResponse() == null) {
        logger.debugv("Input password was null for user {0} ", user.getUsername());
        return false;
    }
    PasswordCredentialModel password = getPassword(realm, user);
    if (password == null) {
        logger.debugv("No password cached or stored for user {0} ", user.getUsername());
        return false;
    }
    PasswordHashProvider hash = session.getProvider(PasswordHashProvider.class, password.getPasswordCredentialData().getAlgorithm());
    if (hash == null) {
        logger.debugv("PasswordHashProvider {0} not found for user {1} ", password.getPasswordCredentialData().getAlgorithm(), user.getUsername());
        return false;
    }
    if (!hash.verify(input.getChallengeResponse(), password)) {
        logger.debugv("Failed password validation for user {0} ", user.getUsername());
        return false;
    }
    PasswordPolicy policy = realm.getPasswordPolicy();
    if (policy == null) {
        return true;
    }
    hash = getHashProvider(policy);
    if (hash == null) {
        return true;
    }
    if (hash.policyCheck(policy, password)) {
        return true;
    }
    PasswordCredentialModel newPassword = hash.encodedCredential(input.getChallengeResponse(), policy.getHashIterations());
    newPassword.setId(password.getId());
    newPassword.setCreatedDate(password.getCreatedDate());
    newPassword.setUserLabel(password.getUserLabel());
    getCredentialStore().updateCredential(realm, user, newPassword);
    UserCache userCache = session.userCache();
    if (userCache != null) {
        userCache.evict(realm, user);
    }
    return true;
}
Also used : PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) PasswordPolicy(org.keycloak.models.PasswordPolicy) OnUserCache(org.keycloak.models.cache.OnUserCache) UserCache(org.keycloak.models.cache.UserCache) UserCredentialModel(org.keycloak.models.UserCredentialModel) PasswordHashProvider(org.keycloak.credential.hash.PasswordHashProvider)

Example 14 with PasswordCredentialModel

use of org.keycloak.models.credential.PasswordCredentialModel in project keycloak by keycloak.

the class PasswordCredentialProvider method getPassword.

public PasswordCredentialModel getPassword(RealmModel realm, UserModel user) {
    List<CredentialModel> passwords = null;
    if (user instanceof CachedUserModel && !((CachedUserModel) user).isMarkedForEviction()) {
        CachedUserModel cached = (CachedUserModel) user;
        passwords = (List<CredentialModel>) cached.getCachedWith().get(PASSWORD_CACHE_KEY);
    }
    // if the model was marked for eviction while passwords were initialized, override it from credentialStore
    if (!(user instanceof CachedUserModel) || ((CachedUserModel) user).isMarkedForEviction()) {
        passwords = getCredentialStore().getStoredCredentialsByTypeStream(realm, user, getType()).collect(Collectors.toList());
    }
    if (passwords == null || passwords.isEmpty())
        return null;
    return PasswordCredentialModel.createFromCredentialModel(passwords.get(0));
}
Also used : UserCredentialModel(org.keycloak.models.UserCredentialModel) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) CachedUserModel(org.keycloak.models.cache.CachedUserModel)

Example 15 with PasswordCredentialModel

use of org.keycloak.models.credential.PasswordCredentialModel in project keycloak by keycloak.

the class PasswordCredentialProvider method createCredential.

public boolean createCredential(RealmModel realm, UserModel user, String password) {
    PasswordPolicy policy = realm.getPasswordPolicy();
    PolicyError error = session.getProvider(PasswordPolicyManagerProvider.class).validate(realm, user, password);
    if (error != null)
        throw new ModelException(error.getMessage(), error.getParameters());
    PasswordHashProvider hash = getHashProvider(policy);
    if (hash == null) {
        return false;
    }
    PasswordCredentialModel credentialModel = hash.encodedCredential(password, policy.getHashIterations());
    credentialModel.setCreatedDate(Time.currentTimeMillis());
    createCredential(realm, user, credentialModel);
    return true;
}
Also used : ModelException(org.keycloak.models.ModelException) PasswordPolicyManagerProvider(org.keycloak.policy.PasswordPolicyManagerProvider) PasswordPolicy(org.keycloak.models.PasswordPolicy) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) PolicyError(org.keycloak.policy.PolicyError) PasswordHashProvider(org.keycloak.credential.hash.PasswordHashProvider)

Aggregations

PasswordCredentialModel (org.keycloak.models.credential.PasswordCredentialModel)23 Test (org.junit.Test)17 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)8 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)7 CredentialModel (org.keycloak.credential.CredentialModel)6 CredentialRepresentation (org.keycloak.representations.idm.CredentialRepresentation)6 OTPCredentialModel (org.keycloak.models.credential.OTPCredentialModel)4 PasswordHashProvider (org.keycloak.credential.hash.PasswordHashProvider)3 PasswordPolicy (org.keycloak.models.PasswordPolicy)3 UserCredentialModel (org.keycloak.models.UserCredentialModel)3 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)3 FileInputStream (java.io.FileInputStream)2 LinkedList (java.util.LinkedList)2 UserResource (org.keycloak.admin.client.resource.UserResource)2 ExportImportManager (org.keycloak.exportimport.ExportImportManager)2 GroupModel (org.keycloak.models.GroupModel)2 RealmModel (org.keycloak.models.RealmModel)2 RoleModel (org.keycloak.models.RoleModel)2 OnUserCache (org.keycloak.models.cache.OnUserCache)2 UserCache (org.keycloak.models.cache.UserCache)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial