Beispiel #1
0
 public Response redirectAccessCode(
     AccessCodeEntry accessCode,
     UserSessionModel session,
     String state,
     String redirect,
     boolean rememberMe) {
   String code = accessCode.getCode();
   UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam(OAuth2Constants.CODE, code);
   log.debugv("redirectAccessCode: state: {0}", state);
   if (state != null) redirectUri.queryParam(OAuth2Constants.STATE, state);
   Response.ResponseBuilder location = Response.status(302).location(redirectUri.build());
   Cookie remember =
       request.getHttpHeaders().getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
   rememberMe = rememberMe || remember != null;
   // refresh the cookies!
   authManager.createLoginCookie(realm, accessCode.getUser(), session, uriInfo, rememberMe);
   if (rememberMe) authManager.createRememberMeCookie(realm, uriInfo);
   return location.build();
 }
Beispiel #2
0
  public Response processAccessCode(
      String scopeParam,
      String state,
      String redirect,
      ClientModel client,
      UserModel user,
      UserSessionModel session,
      String username,
      boolean rememberMe,
      String authMethod,
      Audit audit) {
    isTotpConfigurationRequired(user);
    isEmailVerificationRequired(user);

    boolean isResource = client instanceof ApplicationModel;
    AccessCodeEntry accessCode =
        tokenManager.createAccessCode(scopeParam, state, redirect, realm, client, user, session);
    accessCode.setUsername(username);
    accessCode.setRememberMe(rememberMe);
    accessCode.setAuthMethod(authMethod);

    log.debugv("processAccessCode: isResource: {0}", isResource);
    log.debugv(
        "processAccessCode: go to oauth page?: {0}",
        (!isResource
            && (accessCode.getRealmRolesRequested().size() > 0
                || accessCode.getResourceRolesRequested().size() > 0)));

    audit.detail(Details.CODE_ID, accessCode.getId());

    Set<RequiredAction> requiredActions = user.getRequiredActions();
    if (!requiredActions.isEmpty()) {
      accessCode.setRequiredActions(new HashSet<UserModel.RequiredAction>(requiredActions));
      accessCode.setExpiration(Time.currentTime() + realm.getAccessCodeLifespanUserAction());

      RequiredAction action = user.getRequiredActions().iterator().next();
      if (action.equals(RequiredAction.VERIFY_EMAIL)) {
        audit
            .clone()
            .event(EventType.SEND_VERIFY_EMAIL)
            .detail(Details.EMAIL, accessCode.getUser().getEmail())
            .success();
      }

      return Flows.forms(providerSession, realm, uriInfo)
          .setAccessCode(accessCode.getId(), accessCode.getCode())
          .setUser(user)
          .createResponse(action);
    }

    if (!isResource
        && (accessCode.getRealmRolesRequested().size() > 0
            || accessCode.getResourceRolesRequested().size() > 0)) {
      accessCode.setExpiration(Time.currentTime() + realm.getAccessCodeLifespanUserAction());
      return Flows.forms(providerSession, realm, uriInfo)
          .setAccessCode(accessCode.getId(), accessCode.getCode())
          .setAccessRequest(
              accessCode.getRealmRolesRequested(), accessCode.getResourceRolesRequested())
          .setClient(client)
          .createOAuthGrant();
    }

    if (redirect != null) {
      audit.success();
      return redirectAccessCode(accessCode, session, state, redirect, rememberMe);
    } else {
      return null;
    }
  }