/** * Update the TOTP for this account. * * <p>form parameters: * * <p>totp - otp generated by authenticator totpSecret - totp secret to register * * @param formData * @return */ @Path("totp") @POST @Consumes(MediaType.APPLICATION_FORM_URLENCODED) public Response processTotpUpdate(final MultivaluedMap<String, String> formData) { if (auth == null) { return login("totp"); } require(AccountRoles.MANAGE_ACCOUNT); String action = formData.getFirst("submitAction"); if (action != null && action.equals("Cancel")) { setReferrerOnPage(); return account.createResponse(AccountPages.TOTP); } csrfCheck(formData); UserModel user = auth.getUser(); String totp = formData.getFirst("totp"); String totpSecret = formData.getFirst("totpSecret"); if (Validation.isBlank(totp)) { setReferrerOnPage(); return account.setError(Messages.MISSING_TOTP).createResponse(AccountPages.TOTP); } else if (!CredentialValidation.validOTP(realm, totp, totpSecret)) { setReferrerOnPage(); return account.setError(Messages.INVALID_TOTP).createResponse(AccountPages.TOTP); } UserCredentialModel credentials = new UserCredentialModel(); credentials.setType(realm.getOTPPolicy().getType()); credentials.setValue(totpSecret); session.users().updateCredential(realm, user, credentials); user.setOtpEnabled(true); // to update counter UserCredentialModel cred = new UserCredentialModel(); cred.setType(realm.getOTPPolicy().getType()); cred.setValue(totp); session.users().validCredentials(realm, user, cred); event.event(EventType.UPDATE_TOTP).client(auth.getClient()).user(auth.getUser()).success(); setReferrerOnPage(); return account.setSuccess(Messages.SUCCESS_TOTP).createResponse(AccountPages.TOTP); }
public static UserModel addLocalUser( KeycloakSession session, RealmModel realm, String username, String email, String password) { UserModel user = session.userStorage().addUser(realm, username); user.setEmail(email); user.setEnabled(true); UserCredentialModel creds = new UserCredentialModel(); creds.setType(CredentialRepresentation.PASSWORD); creds.setValue(password); session.userCredentialManager().updateCredential(realm, user, creds); return user; }
@Override public void config( RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { UserModel user = manager.getSession().users().addUser(appRealm, "login-test"); user.setEmail("*****@*****.**"); user.setEnabled(true); userId = user.getId(); UserCredentialModel creds = new UserCredentialModel(); creds.setType(CredentialRepresentation.PASSWORD); creds.setValue("password"); user.updateCredential(creds); appRealm.setEventsListeners(Collections.singleton("dummy")); }
@Override public void config( RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { UserModel user = appRealm.getUser("test-user@localhost"); ApplicationModel accountApp = appRealm .getApplicationNameMap() .get(org.keycloak.models.Constants.ACCOUNT_APPLICATION); for (String r : accountApp.getDefaultRoles()) { accountApp.grantRole(user, accountApp.getRole(r)); } UserModel user2 = appRealm.addUser("test-user-no-access@localhost"); user2.setEnabled(true); UserCredentialModel creds = new UserCredentialModel(); creds.setType(CredentialRepresentation.PASSWORD); creds.setValue("password"); appRealm.updateCredential(user2, creds); }
@Override public void config( RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { UserModel user = manager.getSession().users().getUserByUsername("test-user@localhost", appRealm); ClientModel accountApp = appRealm .getClientNameMap() .get(org.keycloak.models.Constants.ACCOUNT_MANAGEMENT_CLIENT_ID); UserModel user2 = manager.getSession().users().addUser(appRealm, "test-user-no-access@localhost"); user2.setEnabled(true); user2.setEmail("test-user-no-access@localhost"); for (String r : accountApp.getDefaultRoles()) { user2.deleteRoleMapping(accountApp.getRole(r)); } UserCredentialModel creds = new UserCredentialModel(); creds.setType(CredentialRepresentation.PASSWORD); creds.setValue("password"); user2.updateCredential(creds); }