Esempio n. 1
0
 /**
  * Initiated by admin, not the user on login
  *
  * @param key
  * @return
  */
 @Path("execute-actions")
 @GET
 public Response executeActions(@QueryParam("key") String key) {
   event.event(EventType.EXECUTE_ACTIONS);
   if (key != null) {
     Checks checks = new Checks();
     if (!checks.verifyCode(key, ClientSessionModel.Action.EXECUTE_ACTIONS.name())) {
       return checks.response;
     }
     ClientSessionModel clientSession = checks.clientCode.getClientSession();
     clientSession.setNote(AuthenticationManager.END_AFTER_REQUIRED_ACTIONS, "true");
     clientSession.setNote(ClientSessionModel.Action.EXECUTE_ACTIONS.name(), "true");
     return AuthenticationManager.nextActionAfterAuthentication(
         session,
         clientSession.getUserSession(),
         clientSession,
         clientConnection,
         request,
         uriInfo,
         event);
   } else {
     event.error(Errors.INVALID_CODE);
     return ErrorPage.error(session, Messages.INVALID_CODE);
   }
 }
Esempio n. 2
0
  @Path("email-verification")
  @GET
  public Response emailVerification(
      @QueryParam("code") String code, @QueryParam("key") String key) {
    event.event(EventType.VERIFY_EMAIL);
    if (key != null) {
      Checks checks = new Checks();
      if (!checks.verifyCode(key, ClientSessionModel.Action.VERIFY_EMAIL.name())) {
        return checks.response;
      }
      ClientSessionCode accessCode = checks.clientCode;
      ClientSessionModel clientSession = accessCode.getClientSession();
      UserSessionModel userSession = clientSession.getUserSession();
      UserModel user = userSession.getUser();
      initEvent(clientSession);
      user.setEmailVerified(true);

      user.removeRequiredAction(RequiredAction.VERIFY_EMAIL);

      event.event(EventType.VERIFY_EMAIL).detail(Details.EMAIL, user.getEmail()).success();

      String actionCookieValue = getActionCookie();
      if (actionCookieValue == null || !actionCookieValue.equals(userSession.getId())) {
        session.sessions().removeClientSession(realm, clientSession);
        return session
            .getProvider(LoginFormsProvider.class)
            .setSuccess(Messages.EMAIL_VERIFIED)
            .createInfoPage();
      }

      event = event.clone().removeDetail(Details.EMAIL).event(EventType.LOGIN);

      return AuthenticationManager.nextActionAfterAuthentication(
          session, userSession, clientSession, clientConnection, request, uriInfo, event);
    } else {
      Checks checks = new Checks();
      if (!checks.verifyCode(code, ClientSessionModel.Action.VERIFY_EMAIL.name())) {
        return checks.response;
      }
      ClientSessionCode accessCode = checks.clientCode;
      ClientSessionModel clientSession = accessCode.getClientSession();
      UserSessionModel userSession = clientSession.getUserSession();
      initEvent(clientSession);

      createActionCookie(realm, uriInfo, clientConnection, userSession.getId());

      return session
          .getProvider(LoginFormsProvider.class)
          .setClientSessionCode(accessCode.getCode())
          .setUser(userSession.getUser())
          .createResponse(RequiredAction.VERIFY_EMAIL);
    }
  }
Esempio n. 3
0
  public Response processRequireAction(final String code, String action) {
    event.event(EventType.CUSTOM_REQUIRED_ACTION);
    event.detail(Details.CUSTOM_REQUIRED_ACTION, action);
    if (action == null) {
      logger.error("required action query param was null");
      event.error(Errors.INVALID_CODE);
      throw new WebApplicationException(ErrorPage.error(session, Messages.INVALID_CODE));
    }

    RequiredActionFactory factory =
        (RequiredActionFactory)
            session
                .getKeycloakSessionFactory()
                .getProviderFactory(RequiredActionProvider.class, action);
    if (factory == null) {
      logger.error("required action provider was null");
      event.error(Errors.INVALID_CODE);
      throw new WebApplicationException(ErrorPage.error(session, Messages.INVALID_CODE));
    }
    RequiredActionProvider provider = factory.create(session);
    Checks checks = new Checks();
    if (!checks.verifyCode(code, action)) {
      return checks.response;
    }
    final ClientSessionCode clientCode = checks.clientCode;
    final ClientSessionModel clientSession = clientCode.getClientSession();

    if (clientSession.getUserSession() == null) {
      logger.error("user session was null");
      event.error(Errors.USER_SESSION_NOT_FOUND);
      throw new WebApplicationException(ErrorPage.error(session, Messages.SESSION_NOT_ACTIVE));
    }

    initEvent(clientSession);
    event.event(EventType.CUSTOM_REQUIRED_ACTION);

    RequiredActionContextResult context =
        new RequiredActionContextResult(
            clientSession.getUserSession(),
            clientSession,
            realm,
            event,
            session,
            request,
            clientSession.getUserSession().getUser(),
            factory) {
          @Override
          public String generateAccessCode(String action) {
            String clientSessionAction = clientSession.getAction();
            if (action.equals(clientSessionAction)) {
              clientSession.setTimestamp(Time.currentTime());
              return code;
            }
            ClientSessionCode code = new ClientSessionCode(getRealm(), getClientSession());
            code.setAction(action);
            return code.getCode();
          }

          @Override
          public void ignore() {
            throw new RuntimeException("Cannot call ignore within processAction()");
          }
        };
    provider.processAction(context);
    if (context.getStatus() == RequiredActionContext.Status.SUCCESS) {
      event.clone().success();
      // do both
      clientSession.removeRequiredAction(factory.getId());
      clientSession.getUserSession().getUser().removeRequiredAction(factory.getId());
      event.event(EventType.LOGIN);
      return AuthenticationManager.nextActionAfterAuthentication(
          session,
          clientSession.getUserSession(),
          clientSession,
          clientConnection,
          request,
          uriInfo,
          event);
    }
    if (context.getStatus() == RequiredActionContext.Status.CHALLENGE) {
      return context.getChallenge();
    }
    if (context.getStatus() == RequiredActionContext.Status.FAILURE) {
      LoginProtocol protocol =
          context
              .getSession()
              .getProvider(LoginProtocol.class, context.getClientSession().getAuthMethod());
      protocol
          .setRealm(context.getRealm())
          .setHttpHeaders(context.getHttpRequest().getHttpHeaders())
          .setUriInfo(context.getUriInfo());
      event.detail(Details.CUSTOM_REQUIRED_ACTION, action).error(Errors.REJECTED_BY_USER);
      return protocol.consentDenied(context.getClientSession());
    }

    throw new RuntimeException("Unreachable");
  }