Prosoft Git

keycloak-memoizeit

fix holes

8/15/2015 11:39:33 AM
Bill Burke

Bill Burke

Commit: 374a2ad

Tree: f23af52

Parents: 25bb0ad

Changes

events/api/src/main/java/org/keycloak/events/Errors.java 1(+1 -0)

forms/common-themes/src/main/resources/theme/base/login/messages/messages_de.properties 1(+1 -0)

forms/common-themes/src/main/resources/theme/base/login/messages/messages_en.properties 1(+1 -0)

forms/common-themes/src/main/resources/theme/base/login/messages/messages_it.properties 2(+2 -0)

forms/common-themes/src/main/resources/theme/base/login/messages/messages_pt_BR.properties 1(+1 -0)

services/src/main/java/org/keycloak/services/messages/Messages.java 1(+1 -0)

services/src/main/java/org/keycloak/services/resources/LoginActionsService.java 48(+30 -18)

Details

events/api/src/main/java/org/keycloak/events/Errors.java 1(+1 -0) 

diff --git a/events/api/src/main/java/org/keycloak/events/Errors.java b/events/api/src/main/java/org/keycloak/events/Errors.java
index dce5e75..d7ca253 100755
--- a/events/api/src/main/java/org/keycloak/events/Errors.java
+++ b/events/api/src/main/java/org/keycloak/events/Errors.java
@@ -38,6 +38,7 @@ public interface Errors {
     String EXPIRED_CODE = "expired_code";
 
     String REGISTRATION_DISABLED = "registration_disabled";
+    String RESET_CREDENTIAL_DISABLED = "reset_credential_disabled";
 
     String REJECTED_BY_USER = "rejected_by_user";

forms/common-themes/src/main/resources/theme/base/login/messages/messages_de.properties 1(+1 -0) 

diff --git a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_de.properties b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_de.properties
index 2355647..d02ca8f 100755
--- a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_de.properties
+++ b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_de.properties
@@ -163,6 +163,7 @@ invalidRedirectUriMessage=Ung\u00FCltige redirect uri.
 unsupportedNameIdFormatMessage=Nicht unterst\u00FCtztes NameIDFormat.
 invlidRequesterMessage=Ung\u00FCltiger requester.
 registrationNotAllowedMessage=Registrierung nicht erlaubt.
+resetCredentialNotAllowedMessage=Reset Credential not allowed
 
 permissionNotApprovedMessage=Berechtigung nicht best\u00E4tigt.
 noRelayStateInResponseMessage=Kein relay state in der Antwort von dem Identity Provider [{0}].

forms/common-themes/src/main/resources/theme/base/login/messages/messages_en.properties 1(+1 -0) 

diff --git a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_en.properties b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_en.properties
index 387b5be..bc10220 100755
--- a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_en.properties
+++ b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_en.properties
@@ -168,6 +168,7 @@ invalidRedirectUriMessage=Invalid redirect uri
 unsupportedNameIdFormatMessage=Unsupported NameIDFormat
 invlidRequesterMessage=Invalid requester
 registrationNotAllowedMessage=Registration not allowed
+resetCredentialNotAllowedMessage=Reset Credential not allowed
 
 permissionNotApprovedMessage=Permission not approved.
 noRelayStateInResponseMessage=No relay state in response from identity provider [{0}].

forms/common-themes/src/main/resources/theme/base/login/messages/messages_it.properties 2(+2 -0) 

diff --git a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_it.properties b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_it.properties
index 739526a..0860397 100755
--- a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_it.properties
+++ b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_it.properties
@@ -160,6 +160,8 @@ invalidRedirectUriMessage=Redirect uri non valido
 unsupportedNameIdFormatMessage=NameIDFormat non supportato
 invlidRequesterMessage=Richiedente non valido
 registrationNotAllowedMessage=Registrazione non permessa
+resetCredentialNotAllowedMessage=Reset Credential not allowed
+
 
 permissionNotApprovedMessage=Permesso non approvato.
 noRelayStateInResponseMessage=Nessun relay state in risposta dall''identity provider [{0}].

forms/common-themes/src/main/resources/theme/base/login/messages/messages_pt_BR.properties 1(+1 -0) 

diff --git a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_pt_BR.properties b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_pt_BR.properties
index 77f5f04..2b730c9 100755
--- a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_pt_BR.properties
+++ b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_pt_BR.properties
@@ -165,6 +165,7 @@ invalidRedirectUriMessage=URI de redirecionamento inv\u00E1lido
 unsupportedNameIdFormatMessage=NameIDFormat n\u00E3o suportado
 invlidRequesterMessage=Solicitante inv\u00E1lido
 registrationNotAllowedMessage=Registro n\u00E3o permitido.
+resetCredentialNotAllowedMessage=Reset Credential not allowed
 
 permissionNotApprovedMessage=Permiss\u00E3o n\u00E3o aprovada.
 noRelayStateInResponseMessage=Sem estado de retransmiss\u00E3o na resposta do provedor de identidade [{0}].

services/src/main/java/org/keycloak/services/messages/Messages.java 1(+1 -0) 

diff --git a/services/src/main/java/org/keycloak/services/messages/Messages.java b/services/src/main/java/org/keycloak/services/messages/Messages.java
index 80914db..d092d16 100755
--- a/services/src/main/java/org/keycloak/services/messages/Messages.java
+++ b/services/src/main/java/org/keycloak/services/messages/Messages.java
@@ -111,6 +111,7 @@ public class Messages {
     public static final String UNSUPPORTED_NAME_ID_FORMAT = "unsupportedNameIdFormatMessage";
 
     public static final String REGISTRATION_NOT_ALLOWED = "registrationNotAllowedMessage";
+    public static final String RESET_CREDENTIAL_NOT_ALLOWED = "resetCredentialNotAllowedMessage";
 
     public static final String PERMISSION_NOT_APPROVED = "permissionNotApprovedMessage";

services/src/main/java/org/keycloak/services/resources/LoginActionsService.java 48(+30 -18) 

diff --git a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
index e65d0de..0abca72 100755
--- a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
+++ b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
@@ -158,8 +158,8 @@ public class LoginActionsService {
         ClientSessionCode clientCode;
         Response response;
 
-        boolean verifyCode(AuthenticationFlowModel flow, String code, String requiredAction) {
-            if (!verifyCode(flow, code)) {
+        boolean verifyCode(String code, String requiredAction) {
+            if (!verifyCode(code)) {
                 return false;
             } else if (!clientCode.isValidAction(requiredAction)) {
                 event.client(clientCode.getClientSession().getClient());
@@ -181,8 +181,8 @@ public class LoginActionsService {
             }
         }
 
-        boolean verifyCode(AuthenticationFlowModel flow, String code, String requiredAction, String alternativeRequiredAction) {
-            if (!verifyCode(flow, code)) {
+        boolean verifyCode(String code, String requiredAction, String alternativeRequiredAction) {
+            if (!verifyCode(code)) {
                 return false;
             } else if (!(clientCode.isValidAction(requiredAction) || clientCode.isValidAction(alternativeRequiredAction))) {
                 event.client(clientCode.getClientSession().getClient());
@@ -207,7 +207,7 @@ public class LoginActionsService {
             }
         }
 
-        public boolean verifyCode(AuthenticationFlowModel flow, String code) {
+        public boolean verifyCode(String code) {
             if (!checkSsl()) {
                 event.error(Errors.SSL_REQUIRED);
                 response = ErrorPage.error(session, Messages.HTTPS_REQUIRED);
@@ -226,7 +226,7 @@ public class LoginActionsService {
                         ClientSessionModel clientSession = RestartLoginCookie.restartSession(session, realm, code);
                         if (clientSession != null) {
                             event.clone().detail(Details.RESTART_AFTER_TIMEOUT, "true").error(Errors.EXPIRED_CODE);
-                            response = processFlow(null, clientSession, flow, Messages.LOGIN_TIMEOUT);
+                            response = processFlow(null, clientSession, realm.getBrowserFlow(), Messages.LOGIN_TIMEOUT);
                             return false;
                         }
                     } catch (Exception e) {
@@ -274,7 +274,7 @@ public class LoginActionsService {
                                  @QueryParam("execution") String execution) {
         event.event(EventType.LOGIN);
         Checks checks = new Checks();
-        if (!checks.verifyCode(realm.getBrowserFlow(), code, ClientSessionModel.Action.AUTHENTICATE.name(), ClientSessionModel.Action.RECOVER_PASSWORD.name())) {
+        if (!checks.verifyCode(code, ClientSessionModel.Action.AUTHENTICATE.name(), ClientSessionModel.Action.RECOVER_PASSWORD.name())) {
             return checks.response;
         }
         event.detail(Details.CODE_ID, code);
@@ -329,7 +329,7 @@ public class LoginActionsService {
                                      @QueryParam("execution") String execution) {
         event.event(EventType.LOGIN);
         Checks checks = new Checks();
-        if (!checks.verifyCode(realm.getBrowserFlow(), code, ClientSessionModel.Action.AUTHENTICATE.name())) {
+        if (!checks.verifyCode(code, ClientSessionModel.Action.AUTHENTICATE.name())) {
             return checks.response;
         }
         final ClientSessionCode clientCode = checks.clientCode;
@@ -360,7 +360,7 @@ public class LoginActionsService {
         }
 
         Checks checks = new Checks();
-        if (!checks.verifyCode(realm.getRegistrationFlow(), code, ClientSessionModel.Action.AUTHENTICATE.name())) {
+        if (!checks.verifyCode(code, ClientSessionModel.Action.AUTHENTICATE.name())) {
             return checks.response;
         }
         event.detail(Details.CODE_ID, code);
@@ -385,8 +385,12 @@ public class LoginActionsService {
     public Response processRegister(@QueryParam("code") String code,
                                     @QueryParam("execution") String execution) {
         event.event(EventType.REGISTER);
+        if (!realm.isRegistrationAllowed()) {
+            event.error(Errors.REGISTRATION_DISABLED);
+            return ErrorPage.error(session, Messages.REGISTRATION_NOT_ALLOWED);
+        }
         Checks checks = new Checks();
-        if (!checks.verifyCode(realm.getRegistrationFlow(), code, ClientSessionModel.Action.AUTHENTICATE.name())) {
+        if (!checks.verifyCode(code, ClientSessionModel.Action.AUTHENTICATE.name())) {
             return checks.response;
         }
         if (!realm.isRegistrationAllowed()) {
@@ -487,7 +491,7 @@ public class LoginActionsService {
                                   final MultivaluedMap<String, String> formData) {
         event.event(EventType.UPDATE_PROFILE);
         Checks checks = new Checks();
-        if (!checks.verifyCode(realm.getBrowserFlow(), code, ClientSessionModel.Action.UPDATE_PROFILE.name())) {
+        if (!checks.verifyCode(code, ClientSessionModel.Action.UPDATE_PROFILE.name())) {
             return checks.response;
         }
         ClientSessionCode accessCode = checks.clientCode;
@@ -549,7 +553,7 @@ public class LoginActionsService {
                                final MultivaluedMap<String, String> formData) {
         event.event(EventType.UPDATE_TOTP);
         Checks checks = new Checks();
-        if (!checks.verifyCode(realm.getBrowserFlow(), code, ClientSessionModel.Action.CONFIGURE_TOTP.name())) {
+        if (!checks.verifyCode(code, ClientSessionModel.Action.CONFIGURE_TOTP.name())) {
             return checks.response;
         }
         ClientSessionCode accessCode = checks.clientCode;
@@ -601,7 +605,7 @@ public class LoginActionsService {
                                    final MultivaluedMap<String, String> formData) {
         event.event(EventType.UPDATE_PASSWORD);
         Checks checks = new Checks();
-        if (!checks.verifyCode(realm.getBrowserFlow(), code, ClientSessionModel.Action.UPDATE_PASSWORD.name(), ClientSessionModel.Action.RECOVER_PASSWORD.name())) {
+        if (!checks.verifyCode(code, ClientSessionModel.Action.UPDATE_PASSWORD.name(), ClientSessionModel.Action.RECOVER_PASSWORD.name())) {
             return checks.response;
         }
         ClientSessionCode accessCode = checks.clientCode;
@@ -664,7 +668,7 @@ public class LoginActionsService {
         event.event(EventType.VERIFY_EMAIL);
         if (key != null) {
             Checks checks = new Checks();
-            if (!checks.verifyCode(realm.getBrowserFlow(), key, ClientSessionModel.Action.VERIFY_EMAIL.name())) {
+            if (!checks.verifyCode(key, ClientSessionModel.Action.VERIFY_EMAIL.name())) {
                 return checks.response;
             }
             ClientSessionCode accessCode = checks.clientCode;
@@ -691,7 +695,7 @@ public class LoginActionsService {
             return AuthenticationManager.nextActionAfterAuthentication(session, userSession, clientSession, clientConnection, request, uriInfo, event);
         } else {
             Checks checks = new Checks();
-            if (!checks.verifyCode(realm.getBrowserFlow(), code, ClientSessionModel.Action.VERIFY_EMAIL.name())) {
+            if (!checks.verifyCode(code, ClientSessionModel.Action.VERIFY_EMAIL.name())) {
                 return checks.response;
             }
             ClientSessionCode accessCode = checks.clientCode;
@@ -712,9 +716,13 @@ public class LoginActionsService {
     @GET
     public Response passwordReset(@QueryParam("code") String code, @QueryParam("key") String key) {
         event.event(EventType.RESET_PASSWORD);
+        if (!realm.isResetPasswordAllowed()) {
+            event.error(Errors.RESET_CREDENTIAL_DISABLED);
+            return ErrorPage.error(session, Messages.RESET_CREDENTIAL_NOT_ALLOWED);
+        }
         if (key != null) {
             Checks checks = new Checks();
-            if (!checks.verifyCode(realm.getBrowserFlow(), key, ClientSessionModel.Action.RECOVER_PASSWORD.name())) {
+            if (!checks.verifyCode(key, ClientSessionModel.Action.RECOVER_PASSWORD.name())) {
                 return checks.response;
             }
             ClientSessionCode accessCode = checks.clientCode;
@@ -734,8 +742,12 @@ public class LoginActionsService {
     public Response sendPasswordReset(@QueryParam("code") String code,
                                       final MultivaluedMap<String, String> formData) {
         event.event(EventType.SEND_RESET_PASSWORD);
+        if (!realm.isResetPasswordAllowed()) {
+            event.error(Errors.RESET_CREDENTIAL_DISABLED);
+            return ErrorPage.error(session, Messages.RESET_CREDENTIAL_NOT_ALLOWED);
+        }
         Checks checks = new Checks();
-        if (!checks.verifyCode(realm.getBrowserFlow(), code)) {
+        if (!checks.verifyCode(code)) {
             return checks.response;
         }
         final ClientSessionCode accessCode = checks.clientCode;
@@ -870,7 +882,7 @@ public class LoginActionsService {
         }
         RequiredActionProvider provider = factory.create(session);
         Checks checks = new Checks();
-        if (!checks.verifyCode(realm.getBrowserFlow(), code, action)) {
+        if (!checks.verifyCode(code, action)) {
             return checks.response;
         }
         final ClientSessionCode clientCode = checks.clientCode;

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github