keycloak-service
公開メンバ関数 | 静的公開メンバ関数 | 静的公開変数類 | 静的非公開変数類 | 全メンバ一覧
org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail クラス
org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail の継承関係図
Inheritance graph
org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail 連携図
Collaboration graph

公開メンバ関数

void authenticate (AuthenticationFlowContext context)
 
void action (AuthenticationFlowContext context)
 
boolean requiresUser ()
 
boolean configuredFor (KeycloakSession session, RealmModel realm, UserModel user)
 
void setRequiredActions (KeycloakSession session, RealmModel realm, UserModel user)
 
String getDisplayType ()
 
String getReferenceCategory ()
 
boolean isConfigurable ()
 
AuthenticationExecutionModel.Requirement [] getRequirementChoices ()
 
boolean isUserSetupAllowed ()
 
String getHelpText ()
 
List< ProviderConfigProperty > getConfigProperties ()
 
void close ()
 
Authenticator create (KeycloakSession session)
 
void init (Config.Scope config)
 
void postInit (KeycloakSessionFactory factory)
 
String getId ()
 

静的公開メンバ関数

static Long getLastChangedTimestamp (KeycloakSession session, RealmModel realm, UserModel user)
 

静的公開変数類

static final String PROVIDER_ID = "reset-credential-email"
 
static final AuthenticationExecutionModel.Requirement [] REQUIREMENT_CHOICES
 

静的非公開変数類

static final Logger logger = Logger.getLogger(ResetCredentialEmail.class)
 

詳解

著者
Bill Burke
バージョン
Revision
1

関数詳解

◆ action()

void org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.action ( AuthenticationFlowContext  context)
inline
130  {
131  context.getUser().setEmailVerified(true);
132  context.success();
133  }

◆ authenticate()

void org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.authenticate ( AuthenticationFlowContext  context)
inline
58  {
59  UserModel user = context.getUser();
60  AuthenticationSessionModel authenticationSession = context.getAuthenticationSession();
61  String username = authenticationSession.getAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME);
62 
63  // we don't want people guessing usernames, so if there was a problem obtaining the user, the user will be null.
64  // just reset login for with a success message
65  if (user == null) {
66  context.forkWithSuccessMessage(new FormMessage(Messages.EMAIL_SENT));
67  return;
68  }
69 
70  String actionTokenUserId = authenticationSession.getAuthNote(DefaultActionTokenKey.ACTION_TOKEN_USER_ID);
71  if (actionTokenUserId != null && Objects.equals(user.getId(), actionTokenUserId)) {
72  logger.debugf("Forget-password triggered when reauthenticating user after authentication via action token. Skipping " + PROVIDER_ID + " screen and using user '%s' ", user.getUsername());
73  context.success();
74  return;
75  }
76 
77 
78  EventBuilder event = context.getEvent();
79  // we don't want people guessing usernames, so if there is a problem, just continuously challenge
80  if (user.getEmail() == null || user.getEmail().trim().length() == 0) {
81  event.user(user)
82  .detail(Details.USERNAME, username)
83  .error(Errors.INVALID_EMAIL);
84 
85  context.forkWithSuccessMessage(new FormMessage(Messages.EMAIL_SENT));
86  return;
87  }
88 
89  int validityInSecs = context.getRealm().getActionTokenGeneratedByUserLifespan(ResetCredentialsActionToken.TOKEN_TYPE);
90  int absoluteExpirationInSecs = Time.currentTime() + validityInSecs;
91 
92  // We send the secret in the email in a link as a query param.
93  String authSessionEncodedId = AuthenticationSessionCompoundId.fromAuthSession(authenticationSession).getEncodedId();
94  ResetCredentialsActionToken token = new ResetCredentialsActionToken(user.getId(), absoluteExpirationInSecs, authSessionEncodedId, authenticationSession.getClient().getClientId());
95  String link = UriBuilder
96  .fromUri(context.getActionTokenUrl(token.serialize(context.getSession(), context.getRealm(), context.getUriInfo())))
97  .build()
98  .toString();
99  long expirationInMinutes = TimeUnit.SECONDS.toMinutes(validityInSecs);
100  try {
101  context.getSession().getProvider(EmailTemplateProvider.class).setRealm(context.getRealm()).setUser(user).setAuthenticationSession(authenticationSession).sendPasswordReset(link, expirationInMinutes);
102 
103  event.clone().event(EventType.SEND_RESET_PASSWORD)
104  .user(user)
105  .detail(Details.USERNAME, username)
106  .detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID, authenticationSession.getParentSession().getId()).success();
107  context.forkWithSuccessMessage(new FormMessage(Messages.EMAIL_SENT));
108  } catch (EmailException e) {
109  event.clone().event(EventType.SEND_RESET_PASSWORD)
110  .detail(Details.USERNAME, username)
111  .user(user)
112  .error(Errors.EMAIL_SEND_FAILED);
113  ServicesLogger.LOGGER.failedToSendPwdResetEmail(e);
114  Response challenge = context.form()
115  .setError(Messages.EMAIL_SENT_ERROR)
116  .createErrorPage(Response.Status.INTERNAL_SERVER_ERROR);
117  context.failure(AuthenticationFlowError.INTERNAL_ERROR, challenge);
118  }
119  }
org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.PROVIDER_ID
static final String PROVIDER_ID
Definition: ResetCredentialEmail.java:55
org.keycloak.services.messages.Messages.EMAIL_SENT
static final String EMAIL_SENT
Definition: Messages.java:91
org.keycloak.services.messages.Messages
Definition: Messages.java:22
org.keycloak.services.ServicesLogger.failedToSendPwdResetEmail
void failedToSendPwdResetEmail(@Cause EmailException e)
org.keycloak.services.ServicesLogger
Definition: ServicesLogger.java:48
org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.logger
static final Logger logger
Definition: ResetCredentialEmail.java:53
org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME
static final String ATTEMPTED_USERNAME
Definition: AbstractUsernameFormAuthenticator.java:52
org.keycloak.services.ServicesLogger.LOGGER
ServicesLogger LOGGER
Definition: ServicesLogger.java:50
org.keycloak.services.messages.Messages.EMAIL_SENT_ERROR
static final String EMAIL_SENT_ERROR
Definition: Messages.java:93

◆ close()

void org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.close ( )
inline
190  {
191 
192  }

◆ configuredFor()

boolean org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.configuredFor ( KeycloakSession  session,
RealmModel  realm,
UserModel  user 
)
inline
141  {
142  return true;
143  }

◆ create()

Authenticator org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.create ( KeycloakSession  session)
inline
195  {
196  return this;
197  }

◆ getConfigProperties()

List<ProviderConfigProperty> org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.getConfigProperties ( )
inline
185  {
186  return null;
187  }

◆ getDisplayType()

String org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.getDisplayType ( )
inline
151  {
152  return "Send Reset Email";
153  }

◆ getHelpText()

String org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.getHelpText ( )
inline
180  {
181  return "Send email to user and wait for response.";
182  }

◆ getId()

String org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.getId ( )
inline
210  {
211  return PROVIDER_ID;
212  }
org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.PROVIDER_ID
static final String PROVIDER_ID
Definition: ResetCredentialEmail.java:55

◆ getLastChangedTimestamp()

static Long org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.getLastChangedTimestamp ( KeycloakSession  session,
RealmModel  realm,
UserModel  user 
)
inlinestatic
121  {
122  // TODO(hmlnarik): Make this more generic to support non-password credential types
123  PasswordCredentialProvider passwordProvider = (PasswordCredentialProvider) session.getProvider(CredentialProvider.class, PasswordCredentialProviderFactory.PROVIDER_ID);
124  CredentialModel password = passwordProvider.getPassword(realm, user);
125 
126  return password == null ? null : password.getCreatedDate();
127  }
org.keycloak.credential.PasswordCredentialProviderFactory
Definition: PasswordCredentialProviderFactory.java:25
org.keycloak.credential.PasswordCredentialProviderFactory.PROVIDER_ID
static final String PROVIDER_ID
Definition: PasswordCredentialProviderFactory.java:26
org.keycloak.credential.PasswordCredentialProvider
Definition: PasswordCredentialProvider.java:43
org.keycloak.credential.PasswordCredentialProvider.getPassword
CredentialModel getPassword(RealmModel realm, UserModel user)
Definition: PasswordCredentialProvider.java:58

◆ getReferenceCategory()

String org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.getReferenceCategory ( )
inline
156  {
157  return null;
158  }

◆ getRequirementChoices()

AuthenticationExecutionModel.Requirement [] org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.getRequirementChoices ( )
inline
170  {
171  return REQUIREMENT_CHOICES;
172  }
org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.REQUIREMENT_CHOICES
static final AuthenticationExecutionModel.Requirement [] REQUIREMENT_CHOICES
Definition: ResetCredentialEmail.java:165

◆ init()

void org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.init ( Config.Scope  config)
inline
200  {
201 
202  }

◆ isConfigurable()

boolean org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.isConfigurable ( )
inline
161  {
162  return false;
163  }

◆ isUserSetupAllowed()

boolean org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.isUserSetupAllowed ( )
inline
175  {
176  return false;
177  }

◆ postInit()

void org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.postInit ( KeycloakSessionFactory  factory)
inline
205  {
206 
207  }

◆ requiresUser()

boolean org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.requiresUser ( )
inline
136  {
137  return false;
138  }

◆ setRequiredActions()

void org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.setRequiredActions ( KeycloakSession  session,
RealmModel  realm,
UserModel  user 
)
inline
146  {
147 
148  }

メンバ詳解

◆ logger

final Logger org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.logger = Logger.getLogger(ResetCredentialEmail.class)
staticprivate

◆ PROVIDER_ID

final String org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.PROVIDER_ID = "reset-credential-email"
static

◆ REQUIREMENT_CHOICES

final AuthenticationExecutionModel.Requirement [] org.keycloak.authentication.authenticators.resetcred.ResetCredentialEmail.REQUIREMENT_CHOICES
static
初期値:
= {
AuthenticationExecutionModel.Requirement.REQUIRED
}
このクラス詳解は次のファイルから抽出されました:
2018年11月18日(日) 14時00分04秒作成 - keycloak-service / 構成:   doxygen 1.8.13