AccountCredentialResource.java
Home
/
services /
src /
main /
java /
org /
keycloak /
services /
resources /
account /
AccountCredentialResource.java
package org.keycloak.services.resources.account;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.CredentialProvider;
import org.keycloak.credential.PasswordCredentialProvider;
import org.keycloak.credential.PasswordCredentialProviderFactory;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.ErrorResponse;
import org.keycloak.utils.MediaType;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.keycloak.models.ModelException;
import org.keycloak.services.messages.Messages;
public class AccountCredentialResource {
private final KeycloakSession session;
private final EventBuilder event;
private final UserModel user;
private final RealmModel realm;
public AccountCredentialResource(KeycloakSession session, EventBuilder event, UserModel user) {
this.session = session;
this.event = event;
this.user = user;
realm = session.getContext().getRealm();
}
@GET
@Path("password")
@Produces(MediaType.APPLICATION_JSON)
public PasswordDetails passwordDetails() {
PasswordCredentialProvider passwordProvider = (PasswordCredentialProvider) session.getProvider(CredentialProvider.class, PasswordCredentialProviderFactory.PROVIDER_ID);
CredentialModel password = passwordProvider.getPassword(realm, user);
PasswordDetails details = new PasswordDetails();
if (password != null) {
details.setRegistered(true);
details.setLastUpdate(password.getCreatedDate());
} else {
details.setRegistered(false);
}
return details;
}
@POST
@Path("password")
@Consumes(MediaType.APPLICATION_JSON)
public Response passwordUpdate(PasswordUpdate update) {
event.event(EventType.UPDATE_PASSWORD);
UserCredentialModel cred = UserCredentialModel.password(update.getCurrentPassword());
if (!session.userCredentialManager().isValid(realm, user, cred)) {
event.error(org.keycloak.events.Errors.INVALID_USER_CREDENTIALS);
return ErrorResponse.error(Messages.INVALID_PASSWORD_EXISTING, Response.Status.BAD_REQUEST);
}
if (update.getNewPassword() == null) {
return ErrorResponse.error(Messages.INVALID_PASSWORD_EXISTING, Response.Status.BAD_REQUEST);
}
String confirmation = update.getConfirmation();
if ((confirmation != null) && !update.getNewPassword().equals(confirmation)) {
return ErrorResponse.error(Messages.NOTMATCH_PASSWORD, Response.Status.BAD_REQUEST);
}
try {
session.userCredentialManager().updateCredential(realm, user, UserCredentialModel.password(update.getNewPassword(), false));
} catch (ModelException e) {
return ErrorResponse.error(e.getMessage(), e.getParameters(), Response.Status.BAD_REQUEST);
}
return Response.ok().build();
}
public static class PasswordDetails {
private boolean registered;
private long lastUpdate;
public boolean isRegistered() {
return registered;
}
public void setRegistered(boolean registered) {
this.registered = registered;
}
public long getLastUpdate() {
return lastUpdate;
}
public void setLastUpdate(long lastUpdate) {
this.lastUpdate = lastUpdate;
}
}
public static class PasswordUpdate {
private String currentPassword;
private String newPassword;
private String confirmation;
public String getCurrentPassword() {
return currentPassword;
}
public void setCurrentPassword(String currentPassword) {
this.currentPassword = currentPassword;
}
public String getNewPassword() {
return newPassword;
}
public void setNewPassword(String newPassword) {
this.newPassword = newPassword;
}
public String getConfirmation() {
return confirmation;
}
public void setConfirmation(String confirmation) {
this.confirmation = confirmation;
}
}
}