Search in sources :

Example 21 with ValidationException

use of org.keycloak.userprofile.ValidationException in project keycloak by keycloak.

the class UserProfileTest method testRequiredByClientScope.

private static void testRequiredByClientScope(KeycloakSession session) throws IOException {
    DeclarativeUserProfileProvider provider = getDynamicUserProfileProvider(session);
    ComponentModel component = provider.getComponentModel();
    assertNotNull(component);
    UPConfig config = new UPConfig();
    UPAttribute attribute = new UPAttribute();
    attribute.setName(ATT_ADDRESS);
    UPAttributeRequired requirements = new UPAttributeRequired();
    requirements.setScopes(Collections.singleton("client-a"));
    attribute.setRequired(requirements);
    UPAttributePermissions permissions = new UPAttributePermissions();
    permissions.setEdit(Collections.singleton("user"));
    attribute.setPermissions(permissions);
    config.addAttribute(attribute);
    provider.setConfiguration(JsonSerialization.writeValueAsString(config));
    Map<String, Object> attributes = new HashMap<>();
    attributes.put(UserModel.USERNAME, "user");
    attributes.put(UserModel.EMAIL, "user@email.test");
    // client with default scopes for which is attribute NOT configured as required
    configureAuthenticationSession(session, "client-b", null);
    // no fail on User API nor Account console as they do not have scopes
    UserProfile profile = provider.create(UserProfileContext.USER_API, attributes);
    profile.validate();
    profile = provider.create(UserProfileContext.ACCOUNT, attributes);
    profile.validate();
    profile = provider.create(UserProfileContext.ACCOUNT_OLD, attributes);
    profile.validate();
    // no fail on auth flow scopes when scope is not required
    profile = provider.create(UserProfileContext.REGISTRATION_PROFILE, attributes);
    profile.validate();
    profile = provider.create(UserProfileContext.REGISTRATION_USER_CREATION, attributes);
    profile.validate();
    profile = provider.create(UserProfileContext.UPDATE_PROFILE, attributes);
    profile.validate();
    profile = provider.create(UserProfileContext.IDP_REVIEW, attributes);
    profile.validate();
    // client with default scope for which is attribute configured as required
    configureAuthenticationSession(session, "client-a", null);
    // no fail on User API nor Account console as they do not have scopes
    profile = provider.create(UserProfileContext.USER_API, attributes);
    profile.validate();
    profile = provider.create(UserProfileContext.ACCOUNT, attributes);
    profile.validate();
    profile = provider.create(UserProfileContext.ACCOUNT_OLD, attributes);
    profile.validate();
    // fail on auth flow scopes when scope is required
    try {
        profile = provider.create(UserProfileContext.UPDATE_PROFILE, attributes);
        profile.validate();
        fail("Should fail validation");
    } catch (ValidationException ve) {
        assertTrue(ve.isAttributeOnError(ATT_ADDRESS));
    }
    try {
        profile = provider.create(UserProfileContext.REGISTRATION_PROFILE, attributes);
        profile.validate();
        fail("Should fail validation");
    } catch (ValidationException ve) {
        assertTrue(ve.isAttributeOnError(ATT_ADDRESS));
    }
    try {
        profile = provider.create(UserProfileContext.IDP_REVIEW, attributes);
        profile.validate();
        fail("Should fail validation");
    } catch (ValidationException ve) {
        assertTrue(ve.isAttributeOnError(ATT_ADDRESS));
    }
}
Also used : UPAttributePermissions(org.keycloak.userprofile.config.UPAttributePermissions) ComponentValidationException(org.keycloak.component.ComponentValidationException) ValidationException(org.keycloak.userprofile.ValidationException) UserProfile(org.keycloak.userprofile.UserProfile) HashMap(java.util.HashMap) DeclarativeUserProfileProvider(org.keycloak.userprofile.DeclarativeUserProfileProvider) UPConfig(org.keycloak.userprofile.config.UPConfig) ComponentModel(org.keycloak.component.ComponentModel) UPAttributeRequired(org.keycloak.userprofile.config.UPAttributeRequired) UPAttribute(org.keycloak.userprofile.config.UPAttribute)

Example 22 with ValidationException

use of org.keycloak.userprofile.ValidationException in project keycloak by keycloak.

the class UserProfileTest method testRequiredIfAdmin.

private static void testRequiredIfAdmin(KeycloakSession session) throws IOException {
    DeclarativeUserProfileProvider provider = getDynamicUserProfileProvider(session);
    ComponentModel component = provider.getComponentModel();
    assertNotNull(component);
    UPConfig config = new UPConfig();
    UPAttribute attribute = new UPAttribute();
    attribute.setName(ATT_ADDRESS);
    UPAttributeRequired requirements = new UPAttributeRequired();
    requirements.setRoles(Collections.singleton(ROLE_ADMIN));
    attribute.setRequired(requirements);
    UPAttributePermissions permissions = new UPAttributePermissions();
    permissions.setEdit(Collections.singleton(UPConfigUtils.ROLE_ADMIN));
    attribute.setPermissions(permissions);
    config.addAttribute(attribute);
    provider.setConfiguration(JsonSerialization.writeValueAsString(config));
    Map<String, Object> attributes = new HashMap<>();
    attributes.put(UserModel.USERNAME, "user");
    // NO fail on common contexts
    UserProfile profile = provider.create(UserProfileContext.UPDATE_PROFILE, attributes);
    profile.validate();
    profile = provider.create(UserProfileContext.ACCOUNT, attributes);
    profile.validate();
    profile = provider.create(UserProfileContext.REGISTRATION_PROFILE, attributes);
    profile.validate();
    // fail on User API
    try {
        profile = provider.create(UserProfileContext.USER_API, attributes);
        profile.validate();
        fail("Should fail validation");
    } catch (ValidationException ve) {
        assertTrue(ve.isAttributeOnError(ATT_ADDRESS));
    }
}
Also used : UPAttributePermissions(org.keycloak.userprofile.config.UPAttributePermissions) ComponentValidationException(org.keycloak.component.ComponentValidationException) ValidationException(org.keycloak.userprofile.ValidationException) UserProfile(org.keycloak.userprofile.UserProfile) HashMap(java.util.HashMap) DeclarativeUserProfileProvider(org.keycloak.userprofile.DeclarativeUserProfileProvider) UPConfig(org.keycloak.userprofile.config.UPConfig) ComponentModel(org.keycloak.component.ComponentModel) UPAttributeRequired(org.keycloak.userprofile.config.UPAttributeRequired) UPAttribute(org.keycloak.userprofile.config.UPAttribute)

Example 23 with ValidationException

use of org.keycloak.userprofile.ValidationException in project keycloak by keycloak.

the class UserProfileTest method testOptionalAttributes.

private static void testOptionalAttributes(KeycloakSession session) throws IOException {
    DeclarativeUserProfileProvider provider = getDynamicUserProfileProvider(session);
    ComponentModel component = provider.getComponentModel();
    assertNotNull(component);
    UPConfig config = new UPConfig();
    UPAttribute attribute = new UPAttribute();
    attribute.setName(UserModel.FIRST_NAME);
    Map<String, Object> validatorConfig = new HashMap<>();
    validatorConfig.put(LengthValidator.KEY_MAX, 4);
    attribute.addValidation(LengthValidator.ID, validatorConfig);
    config.addAttribute(attribute);
    attribute = new UPAttribute();
    attribute.setName(UserModel.LAST_NAME);
    attribute.addValidation(LengthValidator.ID, validatorConfig);
    config.addAttribute(attribute);
    provider.setConfiguration(JsonSerialization.writeValueAsString(config));
    Map<String, Object> attributes = new HashMap<>();
    attributes.put(UserModel.USERNAME, "user");
    // not present attributes are OK
    UserProfile profile = provider.create(UserProfileContext.UPDATE_PROFILE, attributes);
    profile.validate();
    // empty attributes are OK
    attributes.put(UserModel.FIRST_NAME, "");
    attributes.put(UserModel.LAST_NAME, "");
    profile = provider.create(UserProfileContext.UPDATE_PROFILE, attributes);
    profile.validate();
    // filled attributes are OK
    attributes.put(UserModel.FIRST_NAME, "John");
    attributes.put(UserModel.LAST_NAME, "Doe");
    profile = provider.create(UserProfileContext.UPDATE_PROFILE, attributes);
    profile.validate();
    // fails due to additional length validation so it is executed correctly
    attributes.put(UserModel.FIRST_NAME, "JohnTooLong");
    attributes.put(UserModel.LAST_NAME, "DoeTooLong");
    profile = provider.create(UserProfileContext.UPDATE_PROFILE, attributes);
    try {
        profile.validate();
        fail("Should fail validation");
    } catch (ValidationException ve) {
        assertTrue(ve.isAttributeOnError(UserModel.FIRST_NAME));
        assertTrue(ve.isAttributeOnError(UserModel.LAST_NAME));
    }
}
Also used : ComponentValidationException(org.keycloak.component.ComponentValidationException) ValidationException(org.keycloak.userprofile.ValidationException) UserProfile(org.keycloak.userprofile.UserProfile) HashMap(java.util.HashMap) DeclarativeUserProfileProvider(org.keycloak.userprofile.DeclarativeUserProfileProvider) UPConfig(org.keycloak.userprofile.config.UPConfig) ComponentModel(org.keycloak.component.ComponentModel) UPAttribute(org.keycloak.userprofile.config.UPAttribute)

Example 24 with ValidationException

use of org.keycloak.userprofile.ValidationException in project keycloak by keycloak.

the class UserProfileTest method failValidationWhenEmptyAttributes.

private static void failValidationWhenEmptyAttributes(KeycloakSession session) {
    Map<String, Object> attributes = new HashMap<>();
    UserProfileProvider provider = session.getProvider(UserProfileProvider.class);
    provider.setConfiguration(null);
    UserProfile profile;
    try {
        profile = provider.create(UserProfileContext.UPDATE_PROFILE, attributes);
        profile.validate();
        Assert.fail("Should fail validation");
    } catch (ValidationException ve) {
        // username is mandatory
        assertTrue(ve.isAttributeOnError(UserModel.USERNAME));
    }
    RealmModel realm = session.getContext().getRealm();
    try {
        attributes.clear();
        attributes.put(UserModel.EMAIL, "profile-user@keycloak.org");
        profile = provider.create(UserProfileContext.UPDATE_PROFILE, attributes);
        profile.validate();
        Assert.fail("Should fail validation");
    } catch (ValidationException ve) {
        // username is mandatory
        assertTrue(ve.isAttributeOnError(UserModel.USERNAME));
    }
    try {
        realm.setRegistrationEmailAsUsername(true);
        attributes.clear();
        attributes.put(UserModel.FIRST_NAME, "Joe");
        attributes.put(UserModel.LAST_NAME, "Doe");
        attributes.put(UserModel.EMAIL, "profile-user@keycloak.org");
        profile = provider.create(UserProfileContext.UPDATE_PROFILE, attributes);
        profile.validate();
    } catch (ValidationException ve) {
        Assert.fail("Should be OK email as username");
    } finally {
        // we should probably avoid this kind of logic and make the test reset the realm to original state
        realm.setRegistrationEmailAsUsername(false);
    }
    attributes.clear();
    attributes.put(UserModel.USERNAME, "profile-user");
    attributes.put(UserModel.FIRST_NAME, "Joe");
    attributes.put(UserModel.LAST_NAME, "Doe");
    provider.create(UserProfileContext.UPDATE_PROFILE, attributes).validate();
}
Also used : RealmModel(org.keycloak.models.RealmModel) ComponentValidationException(org.keycloak.component.ComponentValidationException) ValidationException(org.keycloak.userprofile.ValidationException) UserProfile(org.keycloak.userprofile.UserProfile) HashMap(java.util.HashMap) DeclarativeUserProfileProvider(org.keycloak.userprofile.DeclarativeUserProfileProvider) UserProfileProvider(org.keycloak.userprofile.UserProfileProvider)

Example 25 with ValidationException

use of org.keycloak.userprofile.ValidationException in project keycloak by keycloak.

the class IdpReviewProfileAuthenticator method requiresUpdateProfilePage.

protected boolean requiresUpdateProfilePage(AuthenticationFlowContext context, SerializedBrokeredIdentityContext userCtx, BrokeredIdentityContext brokerContext) {
    String enforceUpdateProfile = context.getAuthenticationSession().getAuthNote(ENFORCE_UPDATE_PROFILE);
    if (Boolean.parseBoolean(enforceUpdateProfile)) {
        return true;
    }
    String updateProfileFirstLogin;
    AuthenticatorConfigModel authenticatorConfig = context.getAuthenticatorConfig();
    if (authenticatorConfig == null || !authenticatorConfig.getConfig().containsKey(IdpReviewProfileAuthenticatorFactory.UPDATE_PROFILE_ON_FIRST_LOGIN)) {
        updateProfileFirstLogin = IdentityProviderRepresentation.UPFLM_MISSING;
    } else {
        updateProfileFirstLogin = authenticatorConfig.getConfig().get(IdpReviewProfileAuthenticatorFactory.UPDATE_PROFILE_ON_FIRST_LOGIN);
    }
    if (IdentityProviderRepresentation.UPFLM_MISSING.equals(updateProfileFirstLogin)) {
        try {
            UserProfileProvider profileProvider = context.getSession().getProvider(UserProfileProvider.class);
            profileProvider.create(UserProfileContext.IDP_REVIEW, userCtx.getAttributes()).validate();
            return false;
        } catch (ValidationException pve) {
            return true;
        }
    } else {
        return IdentityProviderRepresentation.UPFLM_ON.equals(updateProfileFirstLogin);
    }
}
Also used : ValidationException(org.keycloak.userprofile.ValidationException) UserProfileProvider(org.keycloak.userprofile.UserProfileProvider) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)

Aggregations

ValidationException (org.keycloak.userprofile.ValidationException)25 UserProfile (org.keycloak.userprofile.UserProfile)24 ComponentValidationException (org.keycloak.component.ComponentValidationException)16 DeclarativeUserProfileProvider (org.keycloak.userprofile.DeclarativeUserProfileProvider)16 UserProfileProvider (org.keycloak.userprofile.UserProfileProvider)15 HashMap (java.util.HashMap)14 UPAttribute (org.keycloak.userprofile.config.UPAttribute)10 UPConfig (org.keycloak.userprofile.config.UPConfig)10 ComponentModel (org.keycloak.component.ComponentModel)9 List (java.util.List)7 UPAttributePermissions (org.keycloak.userprofile.config.UPAttributePermissions)7 UPAttributeRequired (org.keycloak.userprofile.config.UPAttributeRequired)7 UserModel (org.keycloak.models.UserModel)6 EventBuilder (org.keycloak.events.EventBuilder)3 RealmModel (org.keycloak.models.RealmModel)3 EventAuditingAttributeChangeListener (org.keycloak.userprofile.EventAuditingAttributeChangeListener)3 ArrayList (java.util.ArrayList)2 Consumes (javax.ws.rs.Consumes)2 POST (javax.ws.rs.POST)2 Path (javax.ws.rs.Path)2