@Test public void install2() throws Exception { RealmManager manager = realmManager; RealmRepresentation rep = AbstractModelTest.loadJson("model/testrealm-demo.json"); rep.setId("demo"); RealmModel realm = manager.importRealm(rep); Assert.assertEquals(600, realm.getAccessCodeLifespanUserAction()); verifyRequiredCredentials(realm.getRequiredCredentials(), "password"); }
@Test public void install2() throws Exception { RealmManager manager = realmManager; RealmRepresentation rep = AbstractModelTest.loadJson("testrealm-demo.json"); RealmModel realm = manager.createRealm("demo", rep.getRealm()); manager.importRealm(rep, realm); Assert.assertFalse(realm.isUpdateProfileOnInitialSocialLogin()); Assert.assertEquals(600, realm.getAccessCodeLifespanUserAction()); verifyRequiredCredentials(realm.getRequiredCredentials(), "password"); }
/** * Send a update account email to the user * * <p>An email contains a link the user can click to perform a set of required actions. The * redirectUri and clientId parameters are optional. The default for the redirect is the account * client. * * @param id User is * @param redirectUri Redirect uri * @param clientId Client id * @param actions required actions the user needs to complete * @return */ @Path("{id}/execute-actions-email") @PUT @Consumes(MediaType.APPLICATION_JSON) public Response executeActionsEmail( @PathParam("id") String id, @QueryParam(OIDCLoginProtocol.REDIRECT_URI_PARAM) String redirectUri, @QueryParam(OIDCLoginProtocol.CLIENT_ID_PARAM) String clientId, List<String> actions) { auth.requireManage(); UserModel user = session.users().getUserById(id, realm); if (user == null) { return ErrorResponse.error("User not found", Response.Status.NOT_FOUND); } if (user.getEmail() == null) { return ErrorResponse.error("User email missing", Response.Status.BAD_REQUEST); } ClientSessionModel clientSession = createClientSession(user, redirectUri, clientId); for (String action : actions) { clientSession.addRequiredAction(action); } ClientSessionCode accessCode = new ClientSessionCode(realm, clientSession); accessCode.setAction(ClientSessionModel.Action.EXECUTE_ACTIONS.name()); try { UriBuilder builder = Urls.executeActionsBuilder(uriInfo.getBaseUri()); builder.queryParam("key", accessCode.getCode()); String link = builder.build(realm.getName()).toString(); long expiration = TimeUnit.SECONDS.toMinutes(realm.getAccessCodeLifespanUserAction()); this.session .getProvider(EmailTemplateProvider.class) .setRealm(realm) .setUser(user) .sendExecuteActions(link, expiration); // audit.user(user).detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID, // accessCode.getCodeId()).success(); adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success(); return Response.ok().build(); } catch (EmailException e) { logger.failedToSendActionsEmail(e); return ErrorResponse.error( "Failed to send execute actions email", Response.Status.INTERNAL_SERVER_ERROR); } }
public Response processAccessCode( String scopeParam, String state, String redirect, ClientModel client, UserModel user, UserSessionModel session, String username, boolean rememberMe, String authMethod, Audit audit) { isTotpConfigurationRequired(user); isEmailVerificationRequired(user); boolean isResource = client instanceof ApplicationModel; AccessCodeEntry accessCode = tokenManager.createAccessCode(scopeParam, state, redirect, realm, client, user, session); accessCode.setUsername(username); accessCode.setRememberMe(rememberMe); accessCode.setAuthMethod(authMethod); log.debugv("processAccessCode: isResource: {0}", isResource); log.debugv( "processAccessCode: go to oauth page?: {0}", (!isResource && (accessCode.getRealmRolesRequested().size() > 0 || accessCode.getResourceRolesRequested().size() > 0))); audit.detail(Details.CODE_ID, accessCode.getId()); Set<RequiredAction> requiredActions = user.getRequiredActions(); if (!requiredActions.isEmpty()) { accessCode.setRequiredActions(new HashSet<UserModel.RequiredAction>(requiredActions)); accessCode.setExpiration(Time.currentTime() + realm.getAccessCodeLifespanUserAction()); RequiredAction action = user.getRequiredActions().iterator().next(); if (action.equals(RequiredAction.VERIFY_EMAIL)) { audit .clone() .event(EventType.SEND_VERIFY_EMAIL) .detail(Details.EMAIL, accessCode.getUser().getEmail()) .success(); } return Flows.forms(providerSession, realm, uriInfo) .setAccessCode(accessCode.getId(), accessCode.getCode()) .setUser(user) .createResponse(action); } if (!isResource && (accessCode.getRealmRolesRequested().size() > 0 || accessCode.getResourceRolesRequested().size() > 0)) { accessCode.setExpiration(Time.currentTime() + realm.getAccessCodeLifespanUserAction()); return Flows.forms(providerSession, realm, uriInfo) .setAccessCode(accessCode.getId(), accessCode.getCode()) .setAccessRequest( accessCode.getRealmRolesRequested(), accessCode.getResourceRolesRequested()) .setClient(client) .createOAuthGrant(); } if (redirect != null) { audit.success(); return redirectAccessCode(accessCode, session, state, redirect, rememberMe); } else { return null; } }