@Override public Response finishLogout(UserSessionModel userSession) { String redirectUri = userSession.getNote(CASLoginProtocol.LOGOUT_REDIRECT_URI); event.event(EventType.LOGOUT); event.user(userSession.getUser()).session(userSession).success(); if (redirectUri != null) { return Response.status(302).location(URI.create(redirectUri)).build(); } else { LoginFormsProvider infoPage = session.getProvider(LoginFormsProvider.class).setSuccess("Logout successful"); infoPage.setAttribute("skipLink", true); return infoPage.createInfoPage(); } }
/** * Override the validate password so we transfer password validation result into the authentication flow context. * <p> * TODO: Discuss issue with keycloak development team and send a patch. */ @Override public boolean validatePassword(AuthenticationFlowContext context, UserModel user, MultivaluedMap<String, String> inputData) { List<CredentialInput> credentials = new LinkedList<>(); String password = inputData.getFirst(CredentialRepresentation.PASSWORD); // Patched PasswordUserCredentialModel credentialModel = UserCredentialModel.password(password); AuthenticatorUtil.readScope(context) .ifPresent(s -> credentialModel.setNote(Constants.CUSTOM_SCOPE_NOTE_KEY, s)); credentials.add(credentialModel); if (password != null && !password.isEmpty() && context.getSession().userCredentialManager().isValid(context.getRealm(), user, credentials)) { AuthenticatorUtil.addMainSecretToUserSession(userSecretAdapter, context, user, credentialModel); return true; } else { context.getEvent().user(user); context.getEvent().error(Errors.INVALID_USER_CREDENTIALS); Response challengeResponse = invalidCredentials(context); context.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS, challengeResponse); context.clearUser(); return false; } } }
@Override public void authenticate(AuthenticationFlowContext context) { UserCredentialModel credentialModel = passwordAndScope(context); boolean valid = context.getSession().userCredentialManager().isValid(context.getRealm(), context.getUser(), new CredentialInput[] { credentialModel }); if (!valid) { context.getEvent().user(context.getUser()); context.getEvent().error("invalid_user_credentials"); Response challengeResponse = this.errorResponse(Status.UNAUTHORIZED.getStatusCode(), "invalid_grant", "Invalid user credentials"); context.failure(AuthenticationFlowError.INVALID_USER, challengeResponse); } else { AuthenticatorUtil.addMainSecretToUserSession(userSecretAdapter, context, context.getUser(), credentialModel); context.success(); } }
event.user(userSession.getUser()); event.session(userSession.getId());
@Override public void authenticate(AuthenticationFlowContext context) { context.getEvent().detail(Details.USERNAME, username) .detail(Details.REGISTER_METHOD, "form") .detail(Details.EMAIL, email) ; UserModel user = context.getSession().users().addUser(context.getRealm(), username); user.setEnabled(true); user.setEmail(email); context.getClientSession().setNote(OIDCLoginProtocol.LOGIN_HINT_PARAM, username); context.setUser(user); context.getEvent().user(user); context.getEvent().success(); context.newEvent().event(EventType.LOGIN); context.getEvent().client(context.getClientSession().getClient().getClientId()) .detail(Details.REDIRECT_URI, context.getClientSession().getRedirectUri()) .detail(Details.AUTH_METHOD, context.getClientSession().getAuthMethod()); String authType = context.getClientSession().getNote(Details.AUTH_TYPE); if (authType != null) { context.getEvent().detail(Details.AUTH_TYPE, authType); } context.success(); }