public void updateCredential(RealmModel realm, UserModel user, UserCredentialModel credential) { if (credential.getType().equals(UserCredentialModel.PASSWORD)) { if (realm.getPasswordPolicy() != null) { PasswordPolicy.Error error = realm.getPasswordPolicy().validate(user, credential.getValue()); if (error != null) throw new ModelException(error.getMessage(), error.getParameters()); } } user.updateCredential(credential); }
/** * Is the user configured to use this credential type * * @return */ public boolean configuredForCredentialType(String type, RealmModel realm, UserModel user) { UserFederationProvider link = getFederationLink(realm, user); if (link != null) { Set<String> supportedCredentialTypes = link.getSupportedCredentialTypes(user); if (supportedCredentialTypes.contains(type)) return true; } if (UserCredentialModel.isOtp(type)) { if (!user.isOtpEnabled()) return false; } List<UserCredentialValueModel> creds = user.getCredentialsDirectly(); for (UserCredentialValueModel cred : creds) { if (cred.getType().equals(type)) { if (UserCredentialModel.isOtp(type)) { OTPPolicy otpPolicy = realm.getOTPPolicy(); if (!cred.getAlgorithm().equals(otpPolicy.getAlgorithm()) || cred.getDigits() != otpPolicy.getDigits()) { return false; } if (type.equals(UserCredentialModel.TOTP) && cred.getPeriod() != otpPolicy.getPeriod()) { return false; } } return true; } } return false; }
@Override public void preRemove(RealmModel realm, RoleModel role) { for (UserFederationProviderModel federation : realm.getUserFederationProviders()) { UserFederationProvider fed = getFederationProvider(federation); fed.preRemove(realm, role); } session.userStorage().preRemove(realm, role); }
protected UserFederationProvider getFederationLink(RealmModel realm, UserModel user) { if (user.getFederationLink() == null) return null; for (UserFederationProviderModel fed : realm.getUserFederationProviders()) { if (fed.getId().equals(user.getFederationLink())) { return getFederationProvider(fed); } } return null; }
@Override public void config( RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { UserModel user = appRealm.getUser("test-user@localhost"); ApplicationModel accountApp = appRealm .getApplicationNameMap() .get(org.keycloak.models.Constants.ACCOUNT_APPLICATION); for (String r : accountApp.getDefaultRoles()) { accountApp.grantRole(user, accountApp.getRole(r)); } UserModel user2 = appRealm.addUser("test-user-no-access@localhost"); user2.setEnabled(true); UserCredentialModel creds = new UserCredentialModel(); creds.setType(CredentialRepresentation.PASSWORD); creds.setValue("password"); appRealm.updateCredential(user2, creds); }
protected UserModel registerWithFederation(RealmModel realm, UserModel user) { for (UserFederationProviderModel federation : realm.getUserFederationProviders()) { UserFederationProvider fed = getFederationProvider(federation); if (fed.synchronizeRegistrations()) { user.setFederationLink(federation.getId()); UserModel registered = fed.register(realm, user); managedUsers.put(registered.getId(), registered); return registered; } } return user; }
@Override public UserModel getUserByEmail(String email, RealmModel realm) { UserModel user = session.userStorage().getUserByEmail(email.toLowerCase(), realm); if (user != null) { user = validateAndProxyUser(realm, user); if (user != null) return user; } for (UserFederationProviderModel federation : realm.getUserFederationProviders()) { UserFederationProvider fed = getFederationProvider(federation); user = fed.getUserByEmail(realm, email); if (user != null) return user; } return user; }
protected void deleteInvalidUser(RealmModel realm, UserModel user) { KeycloakSession tx = session.getKeycloakSessionFactory().create(); try { tx.getTransaction().begin(); RealmModel realmModel = tx.realms().getRealm(realm.getId()); if (realmModel == null) return; UserModel deletedUser = tx.userStorage().getUserById(user.getId(), realmModel); tx.userStorage().removeUser(realmModel, deletedUser); logger.infof("Removed invalid user '%s'", user.getUsername()); tx.getTransaction().commit(); } finally { tx.close(); } }
public Set<RoleModel> getRealmScopeMappings() { Set<RoleModel> roleMappings = getScopeMappings(); Set<RoleModel> appRoles = new HashSet<RoleModel>(); for (RoleModel role : roleMappings) { RoleContainerModel container = role.getContainer(); if (container instanceof RealmModel) { if (((RealmModel) container).getId().equals(cachedRealm.getId())) { appRoles.add(role); } } } return appRoles; }
@Override public CredentialValidationOutput validCredentials( RealmModel realm, UserCredentialModel... input) { List<UserFederationProviderModel> fedProviderModels = realm.getUserFederationProviders(); List<UserFederationProvider> fedProviders = new ArrayList<UserFederationProvider>(); for (UserFederationProviderModel fedProviderModel : fedProviderModels) { fedProviders.add(getFederationProvider(fedProviderModel)); } CredentialValidationOutput result = null; for (UserCredentialModel cred : input) { UserFederationProvider providerSupportingCreds = null; // Find first provider, which supports required credential type for (UserFederationProvider fedProvider : fedProviders) { if (fedProvider.getSupportedCredentialTypes().contains(cred.getType())) { providerSupportingCreds = fedProvider; break; } } if (providerSupportingCreds == null) { logger.warn("Don't have provider supporting credentials of type " + cred.getType()); return CredentialValidationOutput.failed(); } logger.debug( "Found provider [" + providerSupportingCreds + "] supporting credentials of type " + cred.getType()); CredentialValidationOutput currentResult = providerSupportingCreds.validCredentials(realm, cred); result = (result == null) ? currentResult : result.merge(currentResult); } // For now, validCredentials(realm, input) is not supported for local userProviders return (result != null) ? result : CredentialValidationOutput.failed(); }
void federationLoad(RealmModel realm, Map<String, String> attributes) { for (UserFederationProviderModel federation : realm.getUserFederationProviders()) { UserFederationProvider fed = getFederationProvider(federation); fed.searchByAttributes(attributes, realm, 30); } }
@Override public void setClientId(String clientId) { getDelegateForUpdate(); updated.setClientId(clientId); cacheSession.registerRealmInvalidation(cachedRealm.getId()); }