@Test
public void install2() throws Exception {
RealmManager manager = realmManager;
RealmRepresentation rep = AbstractModelTest.loadJson("model/testrealm-demo.json");
rep.setId("demo");
RealmModel realm = manager.importRealm(rep);
Assert.assertEquals(600, realm.getAccessCodeLifespanUserAction());
verifyRequiredCredentials(realm.getRequiredCredentials(), "password");
}
@Test
public void install2() throws Exception {
RealmManager manager = realmManager;
RealmRepresentation rep = AbstractModelTest.loadJson("testrealm-demo.json");
RealmModel realm = manager.createRealm("demo", rep.getRealm());
manager.importRealm(rep, realm);
Assert.assertFalse(realm.isUpdateProfileOnInitialSocialLogin());
Assert.assertEquals(600, realm.getAccessCodeLifespanUserAction());
verifyRequiredCredentials(realm.getRequiredCredentials(), "password");
}
/**
* Send a update account email to the user
*
* <p>An email contains a link the user can click to perform a set of required actions. The
* redirectUri and clientId parameters are optional. The default for the redirect is the account
* client.
*
* @param id User is
* @param redirectUri Redirect uri
* @param clientId Client id
* @param actions required actions the user needs to complete
* @return
*/
@Path("{id}/execute-actions-email")
@PUT
@Consumes(MediaType.APPLICATION_JSON)
public Response executeActionsEmail(
@PathParam("id") String id,
@QueryParam(OIDCLoginProtocol.REDIRECT_URI_PARAM) String redirectUri,
@QueryParam(OIDCLoginProtocol.CLIENT_ID_PARAM) String clientId,
List<String> actions) {
auth.requireManage();
UserModel user = session.users().getUserById(id, realm);
if (user == null) {
return ErrorResponse.error("User not found", Response.Status.NOT_FOUND);
}
if (user.getEmail() == null) {
return ErrorResponse.error("User email missing", Response.Status.BAD_REQUEST);
}
ClientSessionModel clientSession = createClientSession(user, redirectUri, clientId);
for (String action : actions) {
clientSession.addRequiredAction(action);
}
ClientSessionCode accessCode = new ClientSessionCode(realm, clientSession);
accessCode.setAction(ClientSessionModel.Action.EXECUTE_ACTIONS.name());
try {
UriBuilder builder = Urls.executeActionsBuilder(uriInfo.getBaseUri());
builder.queryParam("key", accessCode.getCode());
String link = builder.build(realm.getName()).toString();
long expiration = TimeUnit.SECONDS.toMinutes(realm.getAccessCodeLifespanUserAction());
this.session
.getProvider(EmailTemplateProvider.class)
.setRealm(realm)
.setUser(user)
.sendExecuteActions(link, expiration);
// audit.user(user).detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID,
// accessCode.getCodeId()).success();
adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
return Response.ok().build();
} catch (EmailException e) {
logger.failedToSendActionsEmail(e);
return ErrorResponse.error(
"Failed to send execute actions email", Response.Status.INTERNAL_SERVER_ERROR);
}
}
public Response processAccessCode(
String scopeParam,
String state,
String redirect,
ClientModel client,
UserModel user,
UserSessionModel session,
String username,
boolean rememberMe,
String authMethod,
Audit audit) {
isTotpConfigurationRequired(user);
isEmailVerificationRequired(user);
boolean isResource = client instanceof ApplicationModel;
AccessCodeEntry accessCode =
tokenManager.createAccessCode(scopeParam, state, redirect, realm, client, user, session);
accessCode.setUsername(username);
accessCode.setRememberMe(rememberMe);
accessCode.setAuthMethod(authMethod);
log.debugv("processAccessCode: isResource: {0}", isResource);
log.debugv(
"processAccessCode: go to oauth page?: {0}",
(!isResource
&& (accessCode.getRealmRolesRequested().size() > 0
|| accessCode.getResourceRolesRequested().size() > 0)));
audit.detail(Details.CODE_ID, accessCode.getId());
Set<RequiredAction> requiredActions = user.getRequiredActions();
if (!requiredActions.isEmpty()) {
accessCode.setRequiredActions(new HashSet<UserModel.RequiredAction>(requiredActions));
accessCode.setExpiration(Time.currentTime() + realm.getAccessCodeLifespanUserAction());
RequiredAction action = user.getRequiredActions().iterator().next();
if (action.equals(RequiredAction.VERIFY_EMAIL)) {
audit
.clone()
.event(EventType.SEND_VERIFY_EMAIL)
.detail(Details.EMAIL, accessCode.getUser().getEmail())
.success();
}
return Flows.forms(providerSession, realm, uriInfo)
.setAccessCode(accessCode.getId(), accessCode.getCode())
.setUser(user)
.createResponse(action);
}
if (!isResource
&& (accessCode.getRealmRolesRequested().size() > 0
|| accessCode.getResourceRolesRequested().size() > 0)) {
accessCode.setExpiration(Time.currentTime() + realm.getAccessCodeLifespanUserAction());
return Flows.forms(providerSession, realm, uriInfo)
.setAccessCode(accessCode.getId(), accessCode.getCode())
.setAccessRequest(
accessCode.getRealmRolesRequested(), accessCode.getResourceRolesRequested())
.setClient(client)
.createOAuthGrant();
}
if (redirect != null) {
audit.success();
return redirectAccessCode(accessCode, session, state, redirect, rememberMe);
} else {
return null;
}
}