keycloak-oidc-service
公開メンバ関数 | 静的公開メンバ関数 | 静的公開変数類 | 静的非公開変数類 | 全メンバ一覧
org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail クラス
org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail の継承関係図
Inheritance graph
org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail 連携図
Collaboration graph

公開メンバ関数

void authenticate (AuthenticationFlowContext context)
 
void action (AuthenticationFlowContext context)
 
boolean requiresUser ()
 
boolean configuredFor (KeycloakSession session, RealmModel realm, UserModel user)
 
void setRequiredActions (KeycloakSession session, RealmModel realm, UserModel user)
 
String getDisplayType ()
 
String getReferenceCategory ()
 
boolean isConfigurable ()
 
AuthenticationExecutionModel.Requirement [] getRequirementChoices ()
 
boolean isUserSetupAllowed ()
 
String getHelpText ()
 
List< ProviderConfigPropertygetConfigProperties ()
 
void close ()
 
Authenticator create (KeycloakSession session)
 
void init (Config.Scope config)
 
void postInit (KeycloakSessionFactory factory)
 
String getId ()
 
default int order ()
 

静的公開メンバ関数

static Long getLastChangedTimestamp (KeycloakSession session, RealmModel realm, UserModel user)
 

静的公開変数類

static final String PROVIDER_ID = "reset-credential-email"
 
static final AuthenticationExecutionModel.Requirement [] REQUIREMENT_CHOICES
 

静的非公開変数類

static final Logger logger = Logger.getLogger(ResetCredentialEmail.class)
 

詳解

著者
Bill Burke
バージョン
Revision
1

関数詳解

◆ action()

void org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.action ( AuthenticationFlowContext  context)
inline

org.keycloak.authentication.Authenticatorを実装しています。

130  {
131  context.getUser().setEmailVerified(true);
132  context.success();
133  }
org.keycloak.models.UserModel.setEmailVerified
void setEmailVerified(boolean verified)

◆ authenticate()

void org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.authenticate ( AuthenticationFlowContext  context)
inline

org.keycloak.authentication.Authenticatorを実装しています。

58  {
59  UserModel user = context.getUser();
60  AuthenticationSessionModel authenticationSession = context.getAuthenticationSession();
61  String username = authenticationSession.getAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME);
62 
63  // we don't want people guessing usernames, so if there was a problem obtaining the user, the user will be null.
64  // just reset login for with a success message
65  if (user == null) {
66  context.forkWithSuccessMessage(new FormMessage(Messages.EMAIL_SENT));
67  return;
68  }
69 
70  String actionTokenUserId = authenticationSession.getAuthNote(DefaultActionTokenKey.ACTION_TOKEN_USER_ID);
71  if (actionTokenUserId != null && Objects.equals(user.getId(), actionTokenUserId)) {
72  logger.debugf("Forget-password triggered when reauthenticating user after authentication via action token. Skipping " + PROVIDER_ID + " screen and using user '%s' ", user.getUsername());
73  context.success();
74  return;
75  }
76 
77 
78  EventBuilder event = context.getEvent();
79  // we don't want people guessing usernames, so if there is a problem, just continuously challenge
80  if (user.getEmail() == null || user.getEmail().trim().length() == 0) {
81  event.user(user)
82  .detail(Details.USERNAME, username)
83  .error(Errors.INVALID_EMAIL);
84 
85  context.forkWithSuccessMessage(new FormMessage(Messages.EMAIL_SENT));
86  return;
87  }
88 
89  int validityInSecs = context.getRealm().getActionTokenGeneratedByUserLifespan(ResetCredentialsActionToken.TOKEN_TYPE);
90  int absoluteExpirationInSecs = Time.currentTime() + validityInSecs;
91 
92  // We send the secret in the email in a link as a query param.
93  String authSessionEncodedId = AuthenticationSessionCompoundId.fromAuthSession(authenticationSession).getEncodedId();
94  ResetCredentialsActionToken token = new ResetCredentialsActionToken(user.getId(), absoluteExpirationInSecs, authSessionEncodedId, authenticationSession.getClient().getClientId());
95  String link = UriBuilder
96  .fromUri(context.getActionTokenUrl(token.serialize(context.getSession(), context.getRealm(), context.getUriInfo())))
97  .build()
98  .toString();
99  long expirationInMinutes = TimeUnit.SECONDS.toMinutes(validityInSecs);
100  try {
101  context.getSession().getProvider(EmailTemplateProvider.class).setRealm(context.getRealm()).setUser(user).setAuthenticationSession(authenticationSession).sendPasswordReset(link, expirationInMinutes);
102 
103  event.clone().event(EventType.SEND_RESET_PASSWORD)
104  .user(user)
105  .detail(Details.USERNAME, username)
106  .detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID, authenticationSession.getParentSession().getId()).success();
107  context.forkWithSuccessMessage(new FormMessage(Messages.EMAIL_SENT));
108  } catch (EmailException e) {
109  event.clone().event(EventType.SEND_RESET_PASSWORD)
110  .detail(Details.USERNAME, username)
111  .user(user)
112  .error(Errors.EMAIL_SEND_FAILED);
113  ServicesLogger.LOGGER.failedToSendPwdResetEmail(e);
114  Response challenge = context.form()
115  .setError(Messages.EMAIL_SENT_ERROR)
116  .createErrorPage(Response.Status.INTERNAL_SERVER_ERROR);
117  context.failure(AuthenticationFlowError.INTERNAL_ERROR, challenge);
118  }
119  }
org.keycloak.models.utils.FormMessage
Definition: FormMessage.java:26
org.keycloak.events.EventBuilder.user
EventBuilder user(UserModel user)
Definition: EventBuilder.java:103
org.keycloak.authentication.AuthenticationFlowContext.getAuthenticationSession
AuthenticationSessionModel getAuthenticationSession()
org.keycloak.models.UserModel
Definition: UserModel.java:30
org.keycloak.services.messages.Messages
Definition: Messages.java:22
org.keycloak.authentication.AuthenticationFlowError.INTERNAL_ERROR
INTERNAL_ERROR
Definition: AuthenticationFlowError.java:35
org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.PROVIDER_ID
static final String PROVIDER_ID
Definition: ResetCredentialEmail.java:55
org.keycloak.forms.login.LoginFormsProvider.setError
LoginFormsProvider setError(String message, Object ... parameters)
org.keycloak.events.Errors.INVALID_EMAIL
String INVALID_EMAIL
Definition: Errors.java:75
org.keycloak.events.Details.CODE_ID
String CODE_ID
Definition: Details.java:29
org.keycloak.authentication.AuthenticationFlowError
Definition: AuthenticationFlowError.java:26
org.keycloak.services.ServicesLogger.LOGGER
ServicesLogger LOGGER
Definition: ServicesLogger.java:50
org.keycloak.services.messages.Messages.EMAIL_SENT_ERROR
static final String EMAIL_SENT_ERROR
Definition: Messages.java:93
org.keycloak.services.messages.Messages.EMAIL_SENT
static final String EMAIL_SENT
Definition: Messages.java:91
org.keycloak.forms.login.LoginFormsProvider.createErrorPage
Response createErrorPage(Response.Status status)
org.keycloak.events.EventBuilder.detail
EventBuilder detail(String key, String value)
Definition: EventBuilder.java:133
org.keycloak.services.ServicesLogger
Definition: ServicesLogger.java:48
org.keycloak.services.ServicesLogger.failedToSendPwdResetEmail
void failedToSendPwdResetEmail(@Cause EmailException e)
org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME
static final String ATTEMPTED_USERNAME
Definition: AbstractUsernameFormAuthenticator.java:52
org.keycloak.events.Details
Definition: Details.java:23
org.keycloak.events.Details.EMAIL
String EMAIL
Definition: Details.java:25
org.keycloak.events.Details.USERNAME
String USERNAME
Definition: Details.java:39
org.keycloak.events.Errors.EMAIL_SEND_FAILED
String EMAIL_SEND_FAILED
Definition: Errors.java:74
org.keycloak.events.EventBuilder
Definition: EventBuilder.java:37
org.keycloak.models.KeycloakSession.getProvider
< T extends Provider > T getProvider(Class< T > clazz)
org.keycloak.events.Errors
Definition: Errors.java:23
org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.logger
static final Logger logger
Definition: ResetCredentialEmail.java:53
org.keycloak.events.EventBuilder.error
void error(String error)
Definition: EventBuilder.java:160
org.keycloak.sessions.AuthenticationSessionModel
Definition: AuthenticationSessionModel.java:33
org.keycloak.sessions.AuthenticationSessionModel.getParentSession
RootAuthenticationSessionModel getParentSession()

◆ close()

void org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.close ( )
inline

org.keycloak.provider.Providerを実装しています。

190  {
191 
192  }

◆ configuredFor()

boolean org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.configuredFor ( KeycloakSession  session,
RealmModel  realm,
UserModel  user 
)
inline

org.keycloak.authentication.Authenticatorを実装しています。

141  {
142  return true;
143  }

◆ create()

Authenticator org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.create ( KeycloakSession  session)
inline

org.keycloak.provider.ProviderFactory< T extends Provider >を実装しています。

195  {
196  return this;
197  }

◆ getConfigProperties()

List<ProviderConfigProperty> org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.getConfigProperties ( )
inline

org.keycloak.provider.ConfiguredProviderを実装しています。

185  {
186  return null;
187  }

◆ getDisplayType()

String org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.getDisplayType ( )
inline

org.keycloak.authentication.ConfigurableAuthenticatorFactoryを実装しています。

151  {
152  return "Send Reset Email";
153  }

◆ getHelpText()

String org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.getHelpText ( )
inline

org.keycloak.provider.ConfiguredProviderを実装しています。

180  {
181  return "Send email to user and wait for response.";
182  }

◆ getId()

String org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.getId ( )
inline

org.keycloak.provider.ProviderFactory< T extends Provider >を実装しています。

210  {
211  return PROVIDER_ID;
212  }
org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.PROVIDER_ID
static final String PROVIDER_ID
Definition: ResetCredentialEmail.java:55

◆ getLastChangedTimestamp()

static Long org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.getLastChangedTimestamp ( KeycloakSession  session,
RealmModel  realm,
UserModel  user 
)
inlinestatic
121  {
122  // TODO(hmlnarik): Make this more generic to support non-password credential types
123  PasswordCredentialProvider passwordProvider = (PasswordCredentialProvider) session.getProvider(CredentialProvider.class, PasswordCredentialProviderFactory.PROVIDER_ID);
124  CredentialModel password = passwordProvider.getPassword(realm, user);
125 
126  return password == null ? null : password.getCreatedDate();
127  }
org.keycloak.credential.CredentialModel.getCreatedDate
Long getCreatedDate()
Definition: CredentialModel.java:124
org.keycloak.credential.CredentialProvider
Definition: CredentialProvider.java:25
org.keycloak.credential.PasswordCredentialProvider
Definition: PasswordCredentialProvider.java:43
org.keycloak.credential.PasswordCredentialProviderFactory.PROVIDER_ID
static final String PROVIDER_ID
Definition: PasswordCredentialProviderFactory.java:26
org.keycloak.models.KeycloakSession.getProvider
< T extends Provider > T getProvider(Class< T > clazz)
org.keycloak.credential.PasswordCredentialProviderFactory
Definition: PasswordCredentialProviderFactory.java:25
org.keycloak.credential.PasswordCredentialProvider.getPassword
CredentialModel getPassword(RealmModel realm, UserModel user)
Definition: PasswordCredentialProvider.java:58
org.keycloak.credential.CredentialModel
Definition: CredentialModel.java:29

◆ getReferenceCategory()

String org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.getReferenceCategory ( )
inline

org.keycloak.authentication.ConfigurableAuthenticatorFactoryを実装しています。

156  {
157  return null;
158  }

◆ getRequirementChoices()

AuthenticationExecutionModel.Requirement [] org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.getRequirementChoices ( )
inline

org.keycloak.authentication.ConfigurableAuthenticatorFactoryを実装しています。

170  {
171  return REQUIREMENT_CHOICES;
172  }
org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.REQUIREMENT_CHOICES
static final AuthenticationExecutionModel.Requirement [] REQUIREMENT_CHOICES
Definition: ResetCredentialEmail.java:165

◆ init()

void org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.init ( Config.Scope  config)
inline

org.keycloak.provider.ProviderFactory< T extends Provider >を実装しています。

200  {
201 
202  }

◆ isConfigurable()

boolean org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.isConfigurable ( )
inline

org.keycloak.authentication.ConfigurableAuthenticatorFactoryを実装しています。

161  {
162  return false;
163  }

◆ isUserSetupAllowed()

boolean org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.isUserSetupAllowed ( )
inline

org.keycloak.authentication.ConfigurableAuthenticatorFactoryを実装しています。

175  {
176  return false;
177  }

◆ order()

default int org.keycloak.provider.ProviderFactory< T extends Provider >.order ( )
inlineinherited

org.keycloak.urls.HostnameProviderFactory, org.keycloak.protocol.oidc.ext.OIDCExtProviderFactoryで実装されています。

56  {
57  return 0;
58  }

◆ postInit()

void org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.postInit ( KeycloakSessionFactory  factory)
inline

org.keycloak.provider.ProviderFactory< T extends Provider >を実装しています。

205  {
206 
207  }

◆ requiresUser()

boolean org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.requiresUser ( )
inline

org.keycloak.authentication.Authenticatorを実装しています。

136  {
137  return false;
138  }

◆ setRequiredActions()

void org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.setRequiredActions ( KeycloakSession  session,
RealmModel  realm,
UserModel  user 
)
inline

org.keycloak.authentication.Authenticatorを実装しています。

146  {
147 
148  }

メンバ詳解

◆ logger

final Logger org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.logger = Logger.getLogger(ResetCredentialEmail.class)
staticprivate

◆ PROVIDER_ID

final String org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.PROVIDER_ID = "reset-credential-email"
static

◆ REQUIREMENT_CHOICES

final AuthenticationExecutionModel.Requirement [] org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.REQUIREMENT_CHOICES
static
初期値:
= {
AuthenticationExecutionModel.Requirement.REQUIRED
}
このクラス詳解は次のファイルから抽出されました:
2018年11月18日(日) 14時17分16秒作成 - keycloak-oidc-service / 構成:   doxygen 1.8.13