@Test
  public void install2() throws Exception {
    RealmManager manager = realmManager;
    RealmRepresentation rep = AbstractModelTest.loadJson("model/testrealm-demo.json");
    rep.setId("demo");
    RealmModel realm = manager.importRealm(rep);

    Assert.assertEquals(600, realm.getAccessCodeLifespanUserAction());
    verifyRequiredCredentials(realm.getRequiredCredentials(), "password");
  }
Beispiel #2
0
  @Test
  public void install2() throws Exception {
    RealmManager manager = realmManager;
    RealmRepresentation rep = AbstractModelTest.loadJson("testrealm-demo.json");
    RealmModel realm = manager.createRealm("demo", rep.getRealm());
    manager.importRealm(rep, realm);

    Assert.assertFalse(realm.isUpdateProfileOnInitialSocialLogin());
    Assert.assertEquals(600, realm.getAccessCodeLifespanUserAction());
    verifyRequiredCredentials(realm.getRequiredCredentials(), "password");
  }
  /**
   * Send a update account email to the user
   *
   * <p>An email contains a link the user can click to perform a set of required actions. The
   * redirectUri and clientId parameters are optional. The default for the redirect is the account
   * client.
   *
   * @param id User is
   * @param redirectUri Redirect uri
   * @param clientId Client id
   * @param actions required actions the user needs to complete
   * @return
   */
  @Path("{id}/execute-actions-email")
  @PUT
  @Consumes(MediaType.APPLICATION_JSON)
  public Response executeActionsEmail(
      @PathParam("id") String id,
      @QueryParam(OIDCLoginProtocol.REDIRECT_URI_PARAM) String redirectUri,
      @QueryParam(OIDCLoginProtocol.CLIENT_ID_PARAM) String clientId,
      List<String> actions) {
    auth.requireManage();

    UserModel user = session.users().getUserById(id, realm);
    if (user == null) {
      return ErrorResponse.error("User not found", Response.Status.NOT_FOUND);
    }

    if (user.getEmail() == null) {
      return ErrorResponse.error("User email missing", Response.Status.BAD_REQUEST);
    }

    ClientSessionModel clientSession = createClientSession(user, redirectUri, clientId);
    for (String action : actions) {
      clientSession.addRequiredAction(action);
    }
    ClientSessionCode accessCode = new ClientSessionCode(realm, clientSession);
    accessCode.setAction(ClientSessionModel.Action.EXECUTE_ACTIONS.name());

    try {
      UriBuilder builder = Urls.executeActionsBuilder(uriInfo.getBaseUri());
      builder.queryParam("key", accessCode.getCode());

      String link = builder.build(realm.getName()).toString();
      long expiration = TimeUnit.SECONDS.toMinutes(realm.getAccessCodeLifespanUserAction());

      this.session
          .getProvider(EmailTemplateProvider.class)
          .setRealm(realm)
          .setUser(user)
          .sendExecuteActions(link, expiration);

      // audit.user(user).detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID,
      // accessCode.getCodeId()).success();

      adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();

      return Response.ok().build();
    } catch (EmailException e) {
      logger.failedToSendActionsEmail(e);
      return ErrorResponse.error(
          "Failed to send execute actions email", Response.Status.INTERNAL_SERVER_ERROR);
    }
  }
Beispiel #4
0
  public Response processAccessCode(
      String scopeParam,
      String state,
      String redirect,
      ClientModel client,
      UserModel user,
      UserSessionModel session,
      String username,
      boolean rememberMe,
      String authMethod,
      Audit audit) {
    isTotpConfigurationRequired(user);
    isEmailVerificationRequired(user);

    boolean isResource = client instanceof ApplicationModel;
    AccessCodeEntry accessCode =
        tokenManager.createAccessCode(scopeParam, state, redirect, realm, client, user, session);
    accessCode.setUsername(username);
    accessCode.setRememberMe(rememberMe);
    accessCode.setAuthMethod(authMethod);

    log.debugv("processAccessCode: isResource: {0}", isResource);
    log.debugv(
        "processAccessCode: go to oauth page?: {0}",
        (!isResource
            && (accessCode.getRealmRolesRequested().size() > 0
                || accessCode.getResourceRolesRequested().size() > 0)));

    audit.detail(Details.CODE_ID, accessCode.getId());

    Set<RequiredAction> requiredActions = user.getRequiredActions();
    if (!requiredActions.isEmpty()) {
      accessCode.setRequiredActions(new HashSet<UserModel.RequiredAction>(requiredActions));
      accessCode.setExpiration(Time.currentTime() + realm.getAccessCodeLifespanUserAction());

      RequiredAction action = user.getRequiredActions().iterator().next();
      if (action.equals(RequiredAction.VERIFY_EMAIL)) {
        audit
            .clone()
            .event(EventType.SEND_VERIFY_EMAIL)
            .detail(Details.EMAIL, accessCode.getUser().getEmail())
            .success();
      }

      return Flows.forms(providerSession, realm, uriInfo)
          .setAccessCode(accessCode.getId(), accessCode.getCode())
          .setUser(user)
          .createResponse(action);
    }

    if (!isResource
        && (accessCode.getRealmRolesRequested().size() > 0
            || accessCode.getResourceRolesRequested().size() > 0)) {
      accessCode.setExpiration(Time.currentTime() + realm.getAccessCodeLifespanUserAction());
      return Flows.forms(providerSession, realm, uriInfo)
          .setAccessCode(accessCode.getId(), accessCode.getCode())
          .setAccessRequest(
              accessCode.getRealmRolesRequested(), accessCode.getResourceRolesRequested())
          .setClient(client)
          .createOAuthGrant();
    }

    if (redirect != null) {
      audit.success();
      return redirectAccessCode(accessCode, session, state, redirect, rememberMe);
    } else {
      return null;
    }
  }