/**
* Initiated by admin, not the user on login
*
* @param key
* @return
*/
@Path("execute-actions")
@GET
public Response executeActions(@QueryParam("key") String key) {
event.event(EventType.EXECUTE_ACTIONS);
if (key != null) {
Checks checks = new Checks();
if (!checks.verifyCode(key, ClientSessionModel.Action.EXECUTE_ACTIONS.name())) {
return checks.response;
}
ClientSessionModel clientSession = checks.clientCode.getClientSession();
clientSession.setNote(AuthenticationManager.END_AFTER_REQUIRED_ACTIONS, "true");
clientSession.setNote(ClientSessionModel.Action.EXECUTE_ACTIONS.name(), "true");
return AuthenticationManager.nextActionAfterAuthentication(
session,
clientSession.getUserSession(),
clientSession,
clientConnection,
request,
uriInfo,
event);
} else {
event.error(Errors.INVALID_CODE);
return ErrorPage.error(session, Messages.INVALID_CODE);
}
}
@Path("email-verification")
@GET
public Response emailVerification(
@QueryParam("code") String code, @QueryParam("key") String key) {
event.event(EventType.VERIFY_EMAIL);
if (key != null) {
Checks checks = new Checks();
if (!checks.verifyCode(key, ClientSessionModel.Action.VERIFY_EMAIL.name())) {
return checks.response;
}
ClientSessionCode accessCode = checks.clientCode;
ClientSessionModel clientSession = accessCode.getClientSession();
UserSessionModel userSession = clientSession.getUserSession();
UserModel user = userSession.getUser();
initEvent(clientSession);
user.setEmailVerified(true);
user.removeRequiredAction(RequiredAction.VERIFY_EMAIL);
event.event(EventType.VERIFY_EMAIL).detail(Details.EMAIL, user.getEmail()).success();
String actionCookieValue = getActionCookie();
if (actionCookieValue == null || !actionCookieValue.equals(userSession.getId())) {
session.sessions().removeClientSession(realm, clientSession);
return session
.getProvider(LoginFormsProvider.class)
.setSuccess(Messages.EMAIL_VERIFIED)
.createInfoPage();
}
event = event.clone().removeDetail(Details.EMAIL).event(EventType.LOGIN);
return AuthenticationManager.nextActionAfterAuthentication(
session, userSession, clientSession, clientConnection, request, uriInfo, event);
} else {
Checks checks = new Checks();
if (!checks.verifyCode(code, ClientSessionModel.Action.VERIFY_EMAIL.name())) {
return checks.response;
}
ClientSessionCode accessCode = checks.clientCode;
ClientSessionModel clientSession = accessCode.getClientSession();
UserSessionModel userSession = clientSession.getUserSession();
initEvent(clientSession);
createActionCookie(realm, uriInfo, clientConnection, userSession.getId());
return session
.getProvider(LoginFormsProvider.class)
.setClientSessionCode(accessCode.getCode())
.setUser(userSession.getUser())
.createResponse(RequiredAction.VERIFY_EMAIL);
}
}
public Response processRequireAction(final String code, String action) {
event.event(EventType.CUSTOM_REQUIRED_ACTION);
event.detail(Details.CUSTOM_REQUIRED_ACTION, action);
if (action == null) {
logger.error("required action query param was null");
event.error(Errors.INVALID_CODE);
throw new WebApplicationException(ErrorPage.error(session, Messages.INVALID_CODE));
}
RequiredActionFactory factory =
(RequiredActionFactory)
session
.getKeycloakSessionFactory()
.getProviderFactory(RequiredActionProvider.class, action);
if (factory == null) {
logger.error("required action provider was null");
event.error(Errors.INVALID_CODE);
throw new WebApplicationException(ErrorPage.error(session, Messages.INVALID_CODE));
}
RequiredActionProvider provider = factory.create(session);
Checks checks = new Checks();
if (!checks.verifyCode(code, action)) {
return checks.response;
}
final ClientSessionCode clientCode = checks.clientCode;
final ClientSessionModel clientSession = clientCode.getClientSession();
if (clientSession.getUserSession() == null) {
logger.error("user session was null");
event.error(Errors.USER_SESSION_NOT_FOUND);
throw new WebApplicationException(ErrorPage.error(session, Messages.SESSION_NOT_ACTIVE));
}
initEvent(clientSession);
event.event(EventType.CUSTOM_REQUIRED_ACTION);
RequiredActionContextResult context =
new RequiredActionContextResult(
clientSession.getUserSession(),
clientSession,
realm,
event,
session,
request,
clientSession.getUserSession().getUser(),
factory) {
@Override
public String generateAccessCode(String action) {
String clientSessionAction = clientSession.getAction();
if (action.equals(clientSessionAction)) {
clientSession.setTimestamp(Time.currentTime());
return code;
}
ClientSessionCode code = new ClientSessionCode(getRealm(), getClientSession());
code.setAction(action);
return code.getCode();
}
@Override
public void ignore() {
throw new RuntimeException("Cannot call ignore within processAction()");
}
};
provider.processAction(context);
if (context.getStatus() == RequiredActionContext.Status.SUCCESS) {
event.clone().success();
// do both
clientSession.removeRequiredAction(factory.getId());
clientSession.getUserSession().getUser().removeRequiredAction(factory.getId());
event.event(EventType.LOGIN);
return AuthenticationManager.nextActionAfterAuthentication(
session,
clientSession.getUserSession(),
clientSession,
clientConnection,
request,
uriInfo,
event);
}
if (context.getStatus() == RequiredActionContext.Status.CHALLENGE) {
return context.getChallenge();
}
if (context.getStatus() == RequiredActionContext.Status.FAILURE) {
LoginProtocol protocol =
context
.getSession()
.getProvider(LoginProtocol.class, context.getClientSession().getAuthMethod());
protocol
.setRealm(context.getRealm())
.setHttpHeaders(context.getHttpRequest().getHttpHeaders())
.setUriInfo(context.getUriInfo());
event.detail(Details.CUSTOM_REQUIRED_ACTION, action).error(Errors.REJECTED_BY_USER);
return protocol.consentDenied(context.getClientSession());
}
throw new RuntimeException("Unreachable");
}