An email contains a link the user can click to perform a set of required actions. The redirectUri and clientId parameters are optional. If no redirect is given, then there will be no link back to click after actions have completed. Redirect uri must be a valid uri for the particular clientId.
660 if (
user.getEmail() == null) {
661 return ErrorResponse.error(
"User email missing", Status.BAD_REQUEST);
664 if (!
user.isEnabled()) {
665 throw new WebApplicationException(
666 ErrorResponse.error(
"User is disabled", Status.BAD_REQUEST));
669 if (redirectUri != null && clientId == null) {
670 throw new WebApplicationException(
671 ErrorResponse.error(
"Client id missing", Status.BAD_REQUEST));
674 if (clientId == null) {
675 clientId = Constants.ACCOUNT_MANAGEMENT_CLIENT_ID;
678 ClientModel client =
realm.getClientByClientId(clientId);
679 if (client == null || !client.isEnabled()) {
680 throw new WebApplicationException(
681 ErrorResponse.error(clientId +
" not enabled", Status.BAD_REQUEST));
685 if (redirectUri != null) {
686 redirect = RedirectUtils.verifyRedirectUri(
session.getContext().getUri(), redirectUri,
realm, client);
687 if (redirect == null) {
688 throw new WebApplicationException(
689 ErrorResponse.error(
"Invalid redirect uri.", Status.BAD_REQUEST));
693 if (lifespan == null) {
694 lifespan = realm.getActionTokenGeneratedByAdminLifespan();
696 int expiration = Time.currentTime() + lifespan;
697 ExecuteActionsActionToken token =
new ExecuteActionsActionToken(
user.getId(), expiration, actions, redirectUri, clientId);
700 UriBuilder builder = LoginActionsService.actionTokenProcessor(
session.getContext().getUri());
701 builder.queryParam(
"key", token.serialize(
session, realm,
session.getContext().getUri()));
703 String link = builder.build(realm.getName()).toString();
705 this.
session.getProvider(EmailTemplateProvider.class)
706 .setAttribute(Constants.TEMPLATE_ATTR_REQUIRED_ACTIONS, token.getRequiredActions())
709 .sendExecuteActions(link, TimeUnit.SECONDS.toMinutes(lifespan));
715 return Response.ok().build();
716 }
catch (EmailException e) {
717 ServicesLogger.LOGGER.failedToSendActionsEmail(e);
718 return ErrorResponse.error(
"Failed to send execute actions email", Status.INTERNAL_SERVER_ERROR);
UserPermissionEvaluator users()
RealmModel realm
Definition: UserResource.java:117
AdminEventBuilder operation(OperationType operationType)
Definition: AdminEventBuilder.java:113
KeycloakSession session
Definition: UserResource.java:128
UserModel user
Definition: UserResource.java:122
AdminEventBuilder adminEvent
Definition: UserResource.java:121
AdminEventBuilder resourcePath(String... pathElements)
Definition: AdminEventBuilder.java:171
AdminPermissionEvaluator auth
Definition: UserResource.java:119