Search in sources :

Example 16 with FormMessage

use of org.keycloak.models.utils.FormMessage in project keycloak by keycloak.

the class RegistrationPassword method validate.

@Override
public void validate(ValidationContext context) {
    MultivaluedMap<String, String> formData = context.getHttpRequest().getDecodedFormParameters();
    List<FormMessage> errors = new ArrayList<>();
    context.getEvent().detail(Details.REGISTER_METHOD, "form");
    if (Validation.isBlank(formData.getFirst(RegistrationPage.FIELD_PASSWORD))) {
        errors.add(new FormMessage(RegistrationPage.FIELD_PASSWORD, Messages.MISSING_PASSWORD));
    } else if (!formData.getFirst(RegistrationPage.FIELD_PASSWORD).equals(formData.getFirst(RegistrationPage.FIELD_PASSWORD_CONFIRM))) {
        errors.add(new FormMessage(RegistrationPage.FIELD_PASSWORD_CONFIRM, Messages.INVALID_PASSWORD_CONFIRM));
    }
    if (formData.getFirst(RegistrationPage.FIELD_PASSWORD) != null) {
        PolicyError err = context.getSession().getProvider(PasswordPolicyManagerProvider.class).validate(context.getRealm().isRegistrationEmailAsUsername() ? formData.getFirst(RegistrationPage.FIELD_EMAIL) : formData.getFirst(RegistrationPage.FIELD_USERNAME), formData.getFirst(RegistrationPage.FIELD_PASSWORD));
        if (err != null)
            errors.add(new FormMessage(RegistrationPage.FIELD_PASSWORD, err.getMessage(), err.getParameters()));
    }
    if (errors.size() > 0) {
        context.error(Errors.INVALID_REGISTRATION);
        formData.remove(RegistrationPage.FIELD_PASSWORD);
        formData.remove(RegistrationPage.FIELD_PASSWORD_CONFIRM);
        context.validationError(formData, errors);
        return;
    } else {
        context.success();
    }
}
Also used : PasswordPolicyManagerProvider(org.keycloak.policy.PasswordPolicyManagerProvider) ArrayList(java.util.ArrayList) PolicyError(org.keycloak.policy.PolicyError) FormMessage(org.keycloak.models.utils.FormMessage)

Example 17 with FormMessage

use of org.keycloak.models.utils.FormMessage in project keycloak by keycloak.

the class RegistrationRecaptcha method buildPage.

@Override
public void buildPage(FormContext context, LoginFormsProvider form) {
    AuthenticatorConfigModel captchaConfig = context.getAuthenticatorConfig();
    String userLanguageTag = context.getSession().getContext().resolveLocale(context.getUser()).toLanguageTag();
    if (captchaConfig == null || captchaConfig.getConfig() == null || captchaConfig.getConfig().get(SITE_KEY) == null || captchaConfig.getConfig().get(SITE_SECRET) == null) {
        form.addError(new FormMessage(null, Messages.RECAPTCHA_NOT_CONFIGURED));
        return;
    }
    String siteKey = captchaConfig.getConfig().get(SITE_KEY);
    form.setAttribute("recaptchaRequired", true);
    form.setAttribute("recaptchaSiteKey", siteKey);
    form.addScript("https://www." + getRecaptchaDomain(captchaConfig) + "/recaptcha/api.js?hl=" + userLanguageTag);
}
Also used : AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel) FormMessage(org.keycloak.models.utils.FormMessage)

Example 18 with FormMessage

use of org.keycloak.models.utils.FormMessage in project keycloak by keycloak.

the class RegistrationRecaptcha method validate.

@Override
public void validate(ValidationContext context) {
    MultivaluedMap<String, String> formData = context.getHttpRequest().getDecodedFormParameters();
    List<FormMessage> errors = new ArrayList<>();
    boolean success = false;
    context.getEvent().detail(Details.REGISTER_METHOD, "form");
    String captcha = formData.getFirst(G_RECAPTCHA_RESPONSE);
    if (!Validation.isBlank(captcha)) {
        AuthenticatorConfigModel captchaConfig = context.getAuthenticatorConfig();
        String secret = captchaConfig.getConfig().get(SITE_SECRET);
        success = validateRecaptcha(context, success, captcha, secret);
    }
    if (success) {
        context.success();
    } else {
        errors.add(new FormMessage(null, Messages.RECAPTCHA_FAILED));
        formData.remove(G_RECAPTCHA_RESPONSE);
        context.error(Errors.INVALID_REGISTRATION);
        context.validationError(formData, errors);
        context.excludeOtherErrors();
        return;
    }
}
Also used : ArrayList(java.util.ArrayList) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel) FormMessage(org.keycloak.models.utils.FormMessage)

Example 19 with FormMessage

use of org.keycloak.models.utils.FormMessage in project keycloak by keycloak.

the class ResetCredentialChooseUser method action.

@Override
public void action(AuthenticationFlowContext context) {
    EventBuilder event = context.getEvent();
    MultivaluedMap<String, String> formData = context.getHttpRequest().getDecodedFormParameters();
    String username = formData.getFirst("username");
    if (username == null || username.isEmpty()) {
        event.error(Errors.USERNAME_MISSING);
        Response challenge = context.form().addError(new FormMessage(Validation.FIELD_USERNAME, Messages.MISSING_USERNAME)).createPasswordReset();
        context.failureChallenge(AuthenticationFlowError.INVALID_USER, challenge);
        return;
    }
    username = username.trim();
    RealmModel realm = context.getRealm();
    UserModel user = context.getSession().users().getUserByUsername(realm, username);
    if (user == null && realm.isLoginWithEmailAllowed() && username.contains("@")) {
        user = context.getSession().users().getUserByEmail(realm, username);
    }
    context.getAuthenticationSession().setAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME, username);
    // a null user will notify further executions, that this was a failure.
    if (user == null) {
        event.clone().detail(Details.USERNAME, username).error(Errors.USER_NOT_FOUND);
        context.clearUser();
    } else if (!user.isEnabled()) {
        event.clone().detail(Details.USERNAME, username).user(user).error(Errors.USER_DISABLED);
        context.clearUser();
    } else {
        context.setUser(user);
    }
    context.success();
}
Also used : Response(javax.ws.rs.core.Response) RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) EventBuilder(org.keycloak.events.EventBuilder) FormMessage(org.keycloak.models.utils.FormMessage)

Example 20 with FormMessage

use of org.keycloak.models.utils.FormMessage in project keycloak by keycloak.

the class ResetCredentialEmail method authenticate.

@Override
public void authenticate(AuthenticationFlowContext context) {
    UserModel user = context.getUser();
    AuthenticationSessionModel authenticationSession = context.getAuthenticationSession();
    String username = authenticationSession.getAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME);
    // just reset login for with a success message
    if (user == null) {
        context.forkWithSuccessMessage(new FormMessage(Messages.EMAIL_SENT));
        return;
    }
    String actionTokenUserId = authenticationSession.getAuthNote(DefaultActionTokenKey.ACTION_TOKEN_USER_ID);
    if (actionTokenUserId != null && Objects.equals(user.getId(), actionTokenUserId)) {
        logger.debugf("Forget-password triggered when reauthenticating user after authentication via action token. Skipping " + PROVIDER_ID + " screen and using user '%s' ", user.getUsername());
        context.success();
        return;
    }
    EventBuilder event = context.getEvent();
    // we don't want people guessing usernames, so if there is a problem, just continuously challenge
    if (user.getEmail() == null || user.getEmail().trim().length() == 0) {
        event.user(user).detail(Details.USERNAME, username).error(Errors.INVALID_EMAIL);
        context.forkWithSuccessMessage(new FormMessage(Messages.EMAIL_SENT));
        return;
    }
    int validityInSecs = context.getRealm().getActionTokenGeneratedByUserLifespan(ResetCredentialsActionToken.TOKEN_TYPE);
    int absoluteExpirationInSecs = Time.currentTime() + validityInSecs;
    // We send the secret in the email in a link as a query param.
    String authSessionEncodedId = AuthenticationSessionCompoundId.fromAuthSession(authenticationSession).getEncodedId();
    ResetCredentialsActionToken token = new ResetCredentialsActionToken(user.getId(), user.getEmail(), absoluteExpirationInSecs, authSessionEncodedId, authenticationSession.getClient().getClientId());
    String link = UriBuilder.fromUri(context.getActionTokenUrl(token.serialize(context.getSession(), context.getRealm(), context.getUriInfo()))).build().toString();
    long expirationInMinutes = TimeUnit.SECONDS.toMinutes(validityInSecs);
    try {
        context.getSession().getProvider(EmailTemplateProvider.class).setRealm(context.getRealm()).setUser(user).setAuthenticationSession(authenticationSession).sendPasswordReset(link, expirationInMinutes);
        event.clone().event(EventType.SEND_RESET_PASSWORD).user(user).detail(Details.USERNAME, username).detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID, authenticationSession.getParentSession().getId()).success();
        context.forkWithSuccessMessage(new FormMessage(Messages.EMAIL_SENT));
    } catch (EmailException e) {
        event.clone().event(EventType.SEND_RESET_PASSWORD).detail(Details.USERNAME, username).user(user).error(Errors.EMAIL_SEND_FAILED);
        ServicesLogger.LOGGER.failedToSendPwdResetEmail(e);
        Response challenge = context.form().setError(Messages.EMAIL_SENT_ERROR).createErrorPage(Response.Status.INTERNAL_SERVER_ERROR);
        context.failure(AuthenticationFlowError.INTERNAL_ERROR, challenge);
    }
}
Also used : ResetCredentialsActionToken(org.keycloak.authentication.actiontoken.resetcred.ResetCredentialsActionToken) Response(javax.ws.rs.core.Response) AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel) EventBuilder(org.keycloak.events.EventBuilder) EmailException(org.keycloak.email.EmailException) FormMessage(org.keycloak.models.utils.FormMessage)

Aggregations

FormMessage (org.keycloak.models.utils.FormMessage)20 Response (javax.ws.rs.core.Response)5 IOException (java.io.IOException)4 EventBuilder (org.keycloak.events.EventBuilder)4 LoginFormsProvider (org.keycloak.forms.login.LoginFormsProvider)3 UserModel (org.keycloak.models.UserModel)3 AuthenticationSessionModel (org.keycloak.sessions.AuthenticationSessionModel)3 ArrayList (java.util.ArrayList)2 LinkedList (java.util.LinkedList)2 WebApplicationException (javax.ws.rs.WebApplicationException)2 AuthenticatorConfigModel (org.keycloak.models.AuthenticatorConfigModel)2 RealmModel (org.keycloak.models.RealmModel)2 MessageBean (org.keycloak.theme.beans.MessageBean)2 MessagesPerFieldBean (org.keycloak.theme.beans.MessagesPerFieldBean)2 URI (java.net.URI)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 Locale (java.util.Locale)1 Map (java.util.Map)1