org.keycloak.authentication.authenticators.browser.OTPFormAuthenticator の継承関係図

org.keycloak.authentication.authenticators.browser.OTPFormAuthenticator 連携図

公開メンバ関数
void	action (AuthenticationFlowContext context)

void	authenticate (AuthenticationFlowContext context)

void	validateOTP (AuthenticationFlowContext context)

boolean	requiresUser ()

boolean	configuredFor (KeycloakSession session, RealmModel realm, UserModel user)

void	setRequiredActions (KeycloakSession session, RealmModel realm, UserModel user)

void	close ()

boolean	invalidUser (AuthenticationFlowContext context, UserModel user)

boolean	enabledUser (AuthenticationFlowContext context, UserModel user)

boolean	validateUserAndPassword (AuthenticationFlowContext context, MultivaluedMap< String, String > inputData)

boolean	validatePassword (AuthenticationFlowContext context, UserModel user, MultivaluedMap< String, String > inputData)

静的公開変数類
static final String	REGISTRATION_FORM_ACTION = "registration_form"

static final String	ATTEMPTED_USERNAME = "ATTEMPTED_USERNAME"

限定公開メンバ関数
Response	challenge (AuthenticationFlowContext context, String error)

Response	invalidUser (AuthenticationFlowContext context)

Response	disabledUser (AuthenticationFlowContext context)

Response	temporarilyDisabledUser (AuthenticationFlowContext context)

Response	invalidCredentials (AuthenticationFlowContext context)

Response	setDuplicateUserChallenge (AuthenticationFlowContext context, String eventError, String loginFormError, AuthenticationFlowError authenticatorError)

void	runDefaultDummyHash (AuthenticationFlowContext context)

void	dummyHash (AuthenticationFlowContext context)

詳解

著者: Bill Burke

バージョン

Revision: 1

関数詳解

◆ action()

void org.keycloak.authentication.authenticators.browser.OTPFormAuthenticator.action ( AuthenticationFlowContext context )

inline

                                                           {
         validateOTP(context);
     }

◆ authenticate()

void org.keycloak.authentication.authenticators.browser.OTPFormAuthenticator.authenticate ( AuthenticationFlowContext context )

inline

                                                                 {
         Response challengeResponse = challenge(context, null);
         context.challenge(challengeResponse);
     }

◆ challenge()

Response org.keycloak.authentication.authenticators.browser.OTPFormAuthenticator.challenge	(	AuthenticationFlowContext	context,
		String	error
	)

inlineprotected

                                                                                   {
         LoginFormsProvider forms = context.form();
         if (error != null) forms.setError(error);
 
         return forms.createLoginTotp();
     }

◆ close()

void org.keycloak.authentication.authenticators.browser.OTPFormAuthenticator.close ( )

inline

                         {
 
     }

◆ configuredFor()

boolean org.keycloak.authentication.authenticators.browser.OTPFormAuthenticator.configuredFor	(	KeycloakSession	session,
		RealmModel	realm,
		UserModel	user
	)

inline

                                                                                             {
         return session.userCredentialManager().isConfiguredFor(realm, user, realm.getOTPPolicy().getType());
     }

◆ disabledUser()

Response org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.disabledUser ( AuthenticationFlowContext context )

inlineprotectedinherited

                                                                        {
         return context.form()
                 .setError(Messages.ACCOUNT_DISABLED).createLogin();
     }

◆ dummyHash()

void org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.dummyHash ( AuthenticationFlowContext context )

inlineprotectedinherited

                                                                 {
         PasswordPolicy policy = context.getRealm().getPasswordPolicy();
         if (policy == null) {
             runDefaultDummyHash(context);
             return;
         } else {
             PasswordHashProvider hash = context.getSession().getProvider(PasswordHashProvider.class, policy.getHashAlgorithm());
             if (hash == null) {
                 runDefaultDummyHash(context);
                 return;
 
             } else {
                 hash.encode("dummypassword", policy.getHashIterations());
             }
         }
 
     }

◆ enabledUser()

boolean org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.enabledUser	(	AuthenticationFlowContext	context,
		UserModel	user
	)

inlineinherited

                                                                                   {
         if (!user.isEnabled()) {
             context.getEvent().user(user);
             context.getEvent().error(Errors.USER_DISABLED);
             Response challengeResponse = disabledUser(context);
             // this is not a failure so don't call failureChallenge.
             //context.failureChallenge(AuthenticationFlowError.USER_DISABLED, challengeResponse);
             context.forceChallenge(challengeResponse);
             return false;
         }
         if (isTemporarilyDisabledByBruteForce(context, user)) return false;
         return true;
     }

◆ invalidCredentials()

Response org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.invalidCredentials ( AuthenticationFlowContext context )

inlineprotectedinherited

                                                                              {
         return context.form()
                 .setError(Messages.INVALID_USER).createLogin();
     }

◆ invalidUser() [1/2]

Response org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.invalidUser ( AuthenticationFlowContext context )

inlineprotectedinherited

                                                                       {
         return context.form()
                 .setError(Messages.INVALID_USER)
                 .createLogin();
     }

◆ invalidUser() [2/2]

boolean org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.invalidUser	(	AuthenticationFlowContext	context,
		UserModel	user
	)

inlineinherited

                                                                                   {
         if (user == null) {
             dummyHash(context);
             context.getEvent().error(Errors.USER_NOT_FOUND);
             Response challengeResponse = invalidUser(context);
             context.failureChallenge(AuthenticationFlowError.INVALID_USER, challengeResponse);
             return true;
         }
         return false;
     }

◆ requiresUser()

boolean org.keycloak.authentication.authenticators.browser.OTPFormAuthenticator.requiresUser ( )

inline

                                   {
         return true;
     }

◆ runDefaultDummyHash()

void org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.runDefaultDummyHash ( AuthenticationFlowContext context )

inlineprotectedinherited

                                                                           {
         PasswordHashProvider hash = context.getSession().getProvider(PasswordHashProvider.class, PasswordPolicy.HASH_ALGORITHM_DEFAULT);
         hash.encode("dummypassword", PasswordPolicy.HASH_ITERATIONS_DEFAULT);
     }

◆ setDuplicateUserChallenge()

Response org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.setDuplicateUserChallenge	(	AuthenticationFlowContext	context,
		String	eventError,
		String	loginFormError,
		AuthenticationFlowError	authenticatorError
	)

inlineprotectedinherited

                                                                                                                                                                           {
         context.getEvent().error(eventError);
         Response challengeResponse = context.form()
                 .setError(loginFormError).createLogin();
         context.failureChallenge(authenticatorError, challengeResponse);
         return challengeResponse;
     }

◆ setRequiredActions()

void org.keycloak.authentication.authenticators.browser.OTPFormAuthenticator.setRequiredActions	(	KeycloakSession	session,
		RealmModel	realm,
		UserModel	user
	)

inline

                                                                                               {
         if (!user.getRequiredActions().contains(UserModel.RequiredAction.CONFIGURE_TOTP.name())) {
             user.addRequiredAction(UserModel.RequiredAction.CONFIGURE_TOTP.name());
         }
 
     }

◆ temporarilyDisabledUser()

Response org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.temporarilyDisabledUser ( AuthenticationFlowContext context )

inlineprotectedinherited

                                                                                   {
         return context.form()
                 .setError(Messages.INVALID_USER).createLogin();
     }

◆ validateOTP()

void org.keycloak.authentication.authenticators.browser.OTPFormAuthenticator.validateOTP ( AuthenticationFlowContext context )

inline

                                                                {
         MultivaluedMap<String, String> inputData = context.getHttpRequest().getDecodedFormParameters();
         if (inputData.containsKey("cancel")) {
             context.resetFlow();
             return;
         }
         String password = inputData.getFirst(CredentialRepresentation.TOTP);
         if (password == null) {
             Response challengeResponse = challenge(context, null);
             context.challenge(challengeResponse);
             return;
         }
         boolean valid = context.getSession().userCredentialManager().isValid(context.getRealm(), context.getUser(),
                 UserCredentialModel.otp(context.getRealm().getOTPPolicy().getType(), password));
         if (!valid) {
             context.getEvent().user(context.getUser())
                     .error(Errors.INVALID_USER_CREDENTIALS);
             Response challengeResponse = challenge(context, Messages.INVALID_TOTP);
             context.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS, challengeResponse);
             return;
         }
         context.success();
     }

◆ validatePassword()

boolean org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.validatePassword	(	AuthenticationFlowContext	context,
		UserModel	user,
		MultivaluedMap< String, String >	inputData
	)

inlineinherited

                                                                                                                                  {
         List<CredentialInput> credentials = new LinkedList<>();
         String password = inputData.getFirst(CredentialRepresentation.PASSWORD);
         credentials.add(UserCredentialModel.password(password));
 
         if (isTemporarilyDisabledByBruteForce(context, user)) return false;
 
         if (password != null && !password.isEmpty() && context.getSession().userCredentialManager().isValid(context.getRealm(), user, credentials)) {
             return true;
         } else {
             context.getEvent().user(user);
             context.getEvent().error(Errors.INVALID_USER_CREDENTIALS);
             Response challengeResponse = invalidCredentials(context);
             context.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS, challengeResponse);
             context.clearUser();
             return false;
         }
     }

◆ validateUserAndPassword()

boolean org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.validateUserAndPassword	(	AuthenticationFlowContext	context,
		MultivaluedMap< String, String >	inputData
	)

inlineinherited

                                                                                                                         {
         String username = inputData.getFirst(AuthenticationManager.FORM_USERNAME);
         if (username == null) {
             context.getEvent().error(Errors.USER_NOT_FOUND);
             Response challengeResponse = invalidUser(context);
             context.failureChallenge(AuthenticationFlowError.INVALID_USER, challengeResponse);
             return false;
         }
 
         // remove leading and trailing whitespace
         username = username.trim();
 
         context.getEvent().detail(Details.USERNAME, username);
         context.getAuthenticationSession().setAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME, username);
 
         UserModel user = null;
         try {
             user = KeycloakModelUtils.findUserByNameOrEmail(context.getSession(), context.getRealm(), username);
         } catch (ModelDuplicateException mde) {
             ServicesLogger.LOGGER.modelDuplicateException(mde);
 
             // Could happen during federation import
             if (mde.getDuplicateFieldName() != null && mde.getDuplicateFieldName().equals(UserModel.EMAIL)) {
                 setDuplicateUserChallenge(context, Errors.EMAIL_IN_USE, Messages.EMAIL_EXISTS, AuthenticationFlowError.INVALID_USER);
             } else {
                 setDuplicateUserChallenge(context, Errors.USERNAME_IN_USE, Messages.USERNAME_EXISTS, AuthenticationFlowError.INVALID_USER);
             }
 
             return false;
         }
 
         if (invalidUser(context, user)) {
             return false;
         }
 
         if (!validatePassword(context, user, inputData)) {
             return false;
         }
 
         if (!enabledUser(context, user)) {
             return false;
         }
 
         String rememberMe = inputData.getFirst("rememberMe");
         boolean remember = rememberMe != null && rememberMe.equalsIgnoreCase("on");
         if (remember) {
             context.getAuthenticationSession().setAuthNote(Details.REMEMBER_ME, "true");
             context.getEvent().detail(Details.REMEMBER_ME, "true");
         } else {
             context.getAuthenticationSession().removeAuthNote(Details.REMEMBER_ME);
         }
         context.setUser(user);
         return true;
     }

メンバ詳解

◆ ATTEMPTED_USERNAME

final String org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME = "ATTEMPTED_USERNAME"

staticinherited

◆ REGISTRATION_FORM_ACTION

final String org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.REGISTRATION_FORM_ACTION = "registration_form"

staticinherited

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/authentication/authenticators/browser/OTPFormAuthenticator.java

公開メンバ関数

静的公開変数類

限定公開メンバ関数

詳解

関数詳解

◆ action()

◆ authenticate()

◆ challenge()

◆ close()

◆ configuredFor()

◆ disabledUser()

◆ dummyHash()

◆ enabledUser()

◆ invalidCredentials()

◆ invalidUser() [1/2]

◆ invalidUser() [2/2]

◆ requiresUser()

◆ runDefaultDummyHash()

◆ setDuplicateUserChallenge()

◆ setRequiredActions()

◆ temporarilyDisabledUser()

◆ validateOTP()

◆ validatePassword()

◆ validateUserAndPassword()

メンバ詳解

◆ ATTEMPTED_USERNAME

◆ REGISTRATION_FORM_ACTION