/** * Update the TOTP for this account. * * <p>form parameters: * * <p>totp - otp generated by authenticator totpSecret - totp secret to register * * @param formData * @return */ @Path("totp") @POST @Consumes(MediaType.APPLICATION_FORM_URLENCODED) public Response processTotpUpdate(final MultivaluedMap<String, String> formData) { if (auth == null) { return login("totp"); } require(AccountRoles.MANAGE_ACCOUNT); String action = formData.getFirst("submitAction"); if (action != null && action.equals("Cancel")) { setReferrerOnPage(); return account.createResponse(AccountPages.TOTP); } csrfCheck(formData); UserModel user = auth.getUser(); String totp = formData.getFirst("totp"); String totpSecret = formData.getFirst("totpSecret"); if (Validation.isBlank(totp)) { setReferrerOnPage(); return account.setError(Messages.MISSING_TOTP).createResponse(AccountPages.TOTP); } else if (!CredentialValidation.validOTP(realm, totp, totpSecret)) { setReferrerOnPage(); return account.setError(Messages.INVALID_TOTP).createResponse(AccountPages.TOTP); } UserCredentialModel credentials = new UserCredentialModel(); credentials.setType(realm.getOTPPolicy().getType()); credentials.setValue(totpSecret); session.users().updateCredential(realm, user, credentials); user.setOtpEnabled(true); // to update counter UserCredentialModel cred = new UserCredentialModel(); cred.setType(realm.getOTPPolicy().getType()); cred.setValue(totp); session.users().validCredentials(realm, user, cred); event.event(EventType.UPDATE_TOTP).client(auth.getClient()).user(auth.getUser()).success(); setReferrerOnPage(); return account.setSuccess(Messages.SUCCESS_TOTP).createResponse(AccountPages.TOTP); }
private Response forwardToPage(String path, AccountPages page) { if (auth != null) { try { require(AccountRoles.MANAGE_ACCOUNT); } catch (ForbiddenException e) { return session .getProvider(LoginFormsProvider.class) .setError(Messages.NO_ACCESS) .createErrorPage(); } setReferrerOnPage(); return account.createResponse(page); } else { return login(path); } }
/** * Update account password * * <p>Form params: * * <p>password - old password password-new pasword-confirm * * @param formData * @return */ @Path("password") @POST @Consumes(MediaType.APPLICATION_FORM_URLENCODED) public Response processPasswordUpdate(final MultivaluedMap<String, String> formData) { if (auth == null) { return login("password"); } require(AccountRoles.MANAGE_ACCOUNT); String action = formData.getFirst("submitAction"); if (action != null && action.equals("Cancel")) { setReferrerOnPage(); return account.createResponse(AccountPages.PASSWORD); } csrfCheck(formData); UserModel user = auth.getUser(); boolean requireCurrent = isPasswordSet(user); account.setPasswordSet(requireCurrent); String password = formData.getFirst("password"); String passwordNew = formData.getFirst("password-new"); String passwordConfirm = formData.getFirst("password-confirm"); if (requireCurrent) { if (Validation.isBlank(password)) { setReferrerOnPage(); return account.setError(Messages.MISSING_PASSWORD).createResponse(AccountPages.PASSWORD); } UserCredentialModel cred = UserCredentialModel.password(password); if (!session.users().validCredentials(realm, user, cred)) { setReferrerOnPage(); return account .setError(Messages.INVALID_PASSWORD_EXISTING) .createResponse(AccountPages.PASSWORD); } } if (Validation.isEmpty(passwordNew)) { setReferrerOnPage(); return account.setError(Messages.MISSING_PASSWORD).createResponse(AccountPages.PASSWORD); } if (!passwordNew.equals(passwordConfirm)) { setReferrerOnPage(); return account .setError(Messages.INVALID_PASSWORD_CONFIRM) .createResponse(AccountPages.PASSWORD); } try { session.users().updateCredential(realm, user, UserCredentialModel.password(passwordNew)); } catch (ModelReadOnlyException mre) { setReferrerOnPage(); return account.setError(Messages.READ_ONLY_PASSWORD).createResponse(AccountPages.PASSWORD); } catch (ModelException me) { logger.error("Failed to update password", me); setReferrerOnPage(); return account .setError(me.getMessage(), me.getParameters()) .createResponse(AccountPages.PASSWORD); } catch (Exception ape) { logger.error("Failed to update password", ape); setReferrerOnPage(); return account.setError(ape.getMessage()).createResponse(AccountPages.PASSWORD); } List<UserSessionModel> sessions = session.sessions().getUserSessions(realm, user); for (UserSessionModel s : sessions) { if (!s.getId().equals(auth.getSession().getId())) { AuthenticationManager.backchannelLogout( session, realm, s, uriInfo, clientConnection, headers, true); } } event.event(EventType.UPDATE_PASSWORD).client(auth.getClient()).user(auth.getUser()).success(); setReferrerOnPage(); return account .setPasswordSet(true) .setSuccess(Messages.ACCOUNT_PASSWORD_UPDATED) .createResponse(AccountPages.PASSWORD); }
/** * Update account information. * * <p>Form params: * * <p>firstName lastName email * * @param formData * @return */ @Path("/") @POST @Consumes(MediaType.APPLICATION_FORM_URLENCODED) public Response processAccountUpdate(final MultivaluedMap<String, String> formData) { if (auth == null) { return login(null); } require(AccountRoles.MANAGE_ACCOUNT); String action = formData.getFirst("submitAction"); if (action != null && action.equals("Cancel")) { setReferrerOnPage(); return account.createResponse(AccountPages.ACCOUNT); } csrfCheck(formData); UserModel user = auth.getUser(); List<FormMessage> errors = Validation.validateUpdateProfileForm(realm, formData); if (errors != null && !errors.isEmpty()) { setReferrerOnPage(); return account .setErrors(errors) .setProfileFormData(formData) .createResponse(AccountPages.ACCOUNT); } try { if (realm.isEditUsernameAllowed()) { String username = formData.getFirst("username"); UserModel existing = session.users().getUserByUsername(username, realm); if (existing != null && !existing.getId().equals(user.getId())) { throw new ModelDuplicateException(Messages.USERNAME_EXISTS); } user.setUsername(username); } user.setFirstName(formData.getFirst("firstName")); user.setLastName(formData.getFirst("lastName")); String email = formData.getFirst("email"); String oldEmail = user.getEmail(); boolean emailChanged = oldEmail != null ? !oldEmail.equals(email) : email != null; if (emailChanged) { UserModel existing = session.users().getUserByEmail(email, realm); if (existing != null && !existing.getId().equals(user.getId())) { throw new ModelDuplicateException(Messages.EMAIL_EXISTS); } } user.setEmail(email); AttributeFormDataProcessor.process(formData, realm, user); event.event(EventType.UPDATE_PROFILE).client(auth.getClient()).user(auth.getUser()).success(); if (emailChanged) { user.setEmailVerified(false); event .clone() .event(EventType.UPDATE_EMAIL) .detail(Details.PREVIOUS_EMAIL, oldEmail) .detail(Details.UPDATED_EMAIL, email) .success(); } setReferrerOnPage(); return account.setSuccess(Messages.ACCOUNT_UPDATED).createResponse(AccountPages.ACCOUNT); } catch (ModelReadOnlyException roe) { setReferrerOnPage(); return account .setError(Messages.READ_ONLY_USER) .setProfileFormData(formData) .createResponse(AccountPages.ACCOUNT); } catch (ModelDuplicateException mde) { setReferrerOnPage(); return account .setError(mde.getMessage()) .setProfileFormData(formData) .createResponse(AccountPages.ACCOUNT); } }