Example 1 with PasswordPolicyNotMetException
use of org.keycloak.policy.PasswordPolicyNotMetException in project keycloak by keycloak.
the class UsersResource method createUser.
/**
* Create a new user
*
* Username must be unique.
*
* @param rep
* @return
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
public Response createUser(final UserRepresentation rep) {
// first check if user has manage rights
try {
auth.users().requireManage();
} catch (ForbiddenException exception) {
if (!canCreateGroupMembers(rep)) {
throw exception;
}
}
String username = rep.getUsername();
if (realm.isRegistrationEmailAsUsername()) {
username = rep.getEmail();
}
if (ObjectUtil.isBlank(username)) {
return ErrorResponse.error("User name is missing", Response.Status.BAD_REQUEST);
}
// Double-check duplicated username and email here due to federation
if (session.users().getUserByUsername(realm, username) != null) {
return ErrorResponse.exists("User exists with same username");
}
if (rep.getEmail() != null && !realm.isDuplicateEmailsAllowed()) {
try {
if (session.users().getUserByEmail(realm, rep.getEmail()) != null) {
return ErrorResponse.exists("User exists with same email");
}
} catch (ModelDuplicateException e) {
return ErrorResponse.exists("User exists with same email");
}
}
UserProfileProvider profileProvider = session.getProvider(UserProfileProvider.class);
UserProfile profile = profileProvider.create(USER_API, rep.toAttributes());
try {
Response response = UserResource.validateUserProfile(profile, null, session);
if (response != null) {
return response;
}
UserModel user = profile.create();
UserResource.updateUserFromRep(profile, user, rep, session, false);
RepresentationToModel.createFederatedIdentities(rep, session, realm, user);
RepresentationToModel.createGroups(rep, realm, user);
RepresentationToModel.createCredentials(rep, session, realm, user, true);
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), user.getId()).representation(rep).success();
if (session.getTransactionManager().isActive()) {
session.getTransactionManager().commit();
}
return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(user.getId()).build()).build();
} catch (ModelDuplicateException e) {
if (session.getTransactionManager().isActive()) {
session.getTransactionManager().setRollbackOnly();
}
return ErrorResponse.exists("User exists with same username or email");
} catch (PasswordPolicyNotMetException e) {
if (session.getTransactionManager().isActive()) {
session.getTransactionManager().setRollbackOnly();
}
return ErrorResponse.error("Password policy not met", Response.Status.BAD_REQUEST);
} catch (ModelException me) {
if (session.getTransactionManager().isActive()) {
session.getTransactionManager().setRollbackOnly();
}
logger.warn("Could not create user", me);
return ErrorResponse.error("Could not create user", Response.Status.BAD_REQUEST);
}
}
Also used :
Response(javax.ws.rs.core.Response)
ErrorResponse(org.keycloak.services.ErrorResponse)
UserModel(org.keycloak.models.UserModel)
ForbiddenException(org.keycloak.services.ForbiddenException)
UserProfile(org.keycloak.userprofile.UserProfile)
ModelException(org.keycloak.models.ModelException)
UserProfileProvider(org.keycloak.userprofile.UserProfileProvider)
ModelDuplicateException(org.keycloak.models.ModelDuplicateException)
PasswordPolicyNotMetException(org.keycloak.policy.PasswordPolicyNotMetException)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Example 2 with PasswordPolicyNotMetException
use of org.keycloak.policy.PasswordPolicyNotMetException in project keycloak by keycloak.
the class RepresentationToModel method createCredentials.
public static void createCredentials(UserRepresentation userRep, KeycloakSession session, RealmModel realm, UserModel user, boolean adminRequest) {
convertDeprecatedCredentialsFormat(userRep);
if (userRep.getCredentials() != null) {
for (CredentialRepresentation cred : userRep.getCredentials()) {
if (cred.getId() != null && session.userCredentialManager().getStoredCredentialById(realm, user, cred.getId()) != null) {
continue;
}
if (cred.getValue() != null && !cred.getValue().isEmpty()) {
RealmModel origRealm = session.getContext().getRealm();
try {
session.getContext().setRealm(realm);
session.userCredentialManager().updateCredential(realm, user, UserCredentialModel.password(cred.getValue(), false));
} catch (ModelException ex) {
throw new PasswordPolicyNotMetException(ex.getMessage(), user.getUsername(), ex);
} finally {
session.getContext().setRealm(origRealm);
}
} else {
session.userCredentialManager().createCredentialThroughProvider(realm, user, toModel(cred));
}
}
}
}
Also used :
CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation)
RealmModel(org.keycloak.models.RealmModel)
ModelException(org.keycloak.models.ModelException)
PasswordPolicyNotMetException(org.keycloak.policy.PasswordPolicyNotMetException)
Example 3 with PasswordPolicyNotMetException
use of org.keycloak.policy.PasswordPolicyNotMetException in project keycloak by keycloak.
the class RealmsAdminResource method importRealm.
/**
* Import a realm
*
* Imports a realm from a full representation of that realm. Realm name must be unique.
*
* @param rep JSON representation of the realm
* @return
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
public Response importRealm(final RealmRepresentation rep) {
RealmManager realmManager = new RealmManager(session);
AdminPermissions.realms(session, auth).requireCreateRealm();
logger.debugv("importRealm: {0}", rep.getRealm());
try {
RealmModel realm = realmManager.importRealm(rep);
grantPermissionsToRealmCreator(realm);
URI location = AdminRoot.realmsUrl(session.getContext().getUri()).path(realm.getName()).build();
logger.debugv("imported realm success, sending back: {0}", location.toString());
return Response.created(location).build();
} catch (ModelDuplicateException e) {
logger.error("Conflict detected", e);
return ErrorResponse.exists("Conflict detected. See logs for details");
} catch (PasswordPolicyNotMetException e) {
logger.error("Password policy not met for user " + e.getUsername(), e);
if (session.getTransactionManager().isActive())
session.getTransactionManager().setRollbackOnly();
return ErrorResponse.error("Password policy not met. See logs for details", Response.Status.BAD_REQUEST);
}
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
ModelDuplicateException(org.keycloak.models.ModelDuplicateException)
RealmManager(org.keycloak.services.managers.RealmManager)
PasswordPolicyNotMetException(org.keycloak.policy.PasswordPolicyNotMetException)
URI(java.net.URI)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Aggregations
PasswordPolicyNotMetException (org.keycloak.policy.PasswordPolicyNotMetException)3
Consumes (javax.ws.rs.Consumes)2
POST (javax.ws.rs.POST)2
ModelDuplicateException (org.keycloak.models.ModelDuplicateException)2
ModelException (org.keycloak.models.ModelException)2
RealmModel (org.keycloak.models.RealmModel)2
URI (java.net.URI)1
Response (javax.ws.rs.core.Response)1
UserModel (org.keycloak.models.UserModel)1
CredentialRepresentation (org.keycloak.representations.idm.CredentialRepresentation)1
ErrorResponse (org.keycloak.services.ErrorResponse)1
ForbiddenException (org.keycloak.services.ForbiddenException)1
RealmManager (org.keycloak.services.managers.RealmManager)1
UserProfile (org.keycloak.userprofile.UserProfile)1
UserProfileProvider (org.keycloak.userprofile.UserProfileProvider)1
