/**
   * Update the TOTP for this account.
   *
   * <p>form parameters:
   *
   * <p>totp - otp generated by authenticator totpSecret - totp secret to register
   *
   * @param formData
   * @return
   */
  @Path("totp")
  @POST
  @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
  public Response processTotpUpdate(final MultivaluedMap<String, String> formData) {
    if (auth == null) {
      return login("totp");
    }

    require(AccountRoles.MANAGE_ACCOUNT);

    String action = formData.getFirst("submitAction");
    if (action != null && action.equals("Cancel")) {
      setReferrerOnPage();
      return account.createResponse(AccountPages.TOTP);
    }

    csrfCheck(formData);

    UserModel user = auth.getUser();

    String totp = formData.getFirst("totp");
    String totpSecret = formData.getFirst("totpSecret");

    if (Validation.isBlank(totp)) {
      setReferrerOnPage();
      return account.setError(Messages.MISSING_TOTP).createResponse(AccountPages.TOTP);
    } else if (!CredentialValidation.validOTP(realm, totp, totpSecret)) {
      setReferrerOnPage();
      return account.setError(Messages.INVALID_TOTP).createResponse(AccountPages.TOTP);
    }

    UserCredentialModel credentials = new UserCredentialModel();
    credentials.setType(realm.getOTPPolicy().getType());
    credentials.setValue(totpSecret);
    session.users().updateCredential(realm, user, credentials);

    user.setOtpEnabled(true);

    // to update counter
    UserCredentialModel cred = new UserCredentialModel();
    cred.setType(realm.getOTPPolicy().getType());
    cred.setValue(totp);
    session.users().validCredentials(realm, user, cred);

    event.event(EventType.UPDATE_TOTP).client(auth.getClient()).user(auth.getUser()).success();

    setReferrerOnPage();
    return account.setSuccess(Messages.SUCCESS_TOTP).createResponse(AccountPages.TOTP);
  }
  public static UserModel addLocalUser(
      KeycloakSession session, RealmModel realm, String username, String email, String password) {
    UserModel user = session.userStorage().addUser(realm, username);
    user.setEmail(email);
    user.setEnabled(true);

    UserCredentialModel creds = new UserCredentialModel();
    creds.setType(CredentialRepresentation.PASSWORD);
    creds.setValue(password);

    session.userCredentialManager().updateCredential(realm, user, creds);
    return user;
  }
            @Override
            public void config(
                RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
              UserModel user = manager.getSession().users().addUser(appRealm, "login-test");
              user.setEmail("*****@*****.**");
              user.setEnabled(true);

              userId = user.getId();

              UserCredentialModel creds = new UserCredentialModel();
              creds.setType(CredentialRepresentation.PASSWORD);
              creds.setValue("password");

              user.updateCredential(creds);
              appRealm.setEventsListeners(Collections.singleton("dummy"));
            }
Exemple #4
0
            @Override
            public void config(
                RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
              UserModel user = appRealm.getUser("test-user@localhost");
              ApplicationModel accountApp =
                  appRealm
                      .getApplicationNameMap()
                      .get(org.keycloak.models.Constants.ACCOUNT_APPLICATION);
              for (String r : accountApp.getDefaultRoles()) {
                accountApp.grantRole(user, accountApp.getRole(r));
              }

              UserModel user2 = appRealm.addUser("test-user-no-access@localhost");
              user2.setEnabled(true);
              UserCredentialModel creds = new UserCredentialModel();
              creds.setType(CredentialRepresentation.PASSWORD);
              creds.setValue("password");
              appRealm.updateCredential(user2, creds);
            }
Exemple #5
0
            @Override
            public void config(
                RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
              UserModel user =
                  manager.getSession().users().getUserByUsername("test-user@localhost", appRealm);

              ClientModel accountApp =
                  appRealm
                      .getClientNameMap()
                      .get(org.keycloak.models.Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);

              UserModel user2 =
                  manager.getSession().users().addUser(appRealm, "test-user-no-access@localhost");
              user2.setEnabled(true);
              user2.setEmail("test-user-no-access@localhost");
              for (String r : accountApp.getDefaultRoles()) {
                user2.deleteRoleMapping(accountApp.getRole(r));
              }
              UserCredentialModel creds = new UserCredentialModel();
              creds.setType(CredentialRepresentation.PASSWORD);
              creds.setValue("password");
              user2.updateCredential(creds);
            }