keycloak-uncached
Changes
forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-default-roles.html 2(+1 -1)
social/facebook/pom.xml 5(+5 -0)
Details
diff --git a/docbook/reference/en/en-US/modules/social-facebook.xml b/docbook/reference/en/en-US/modules/social-facebook.xml
old mode 100644
new mode 100755
index 6e5e832..ddc25d5
--- a/docbook/reference/en/en-US/modules/social-facebook.xml
+++ b/docbook/reference/en/en-US/modules/social-facebook.xml
@@ -18,7 +18,8 @@
</listitem>
<listitem>
<para>
- Once the app has been created click on <literal>Settings</literal> in sidebar on the left. Then click
+ Once the app has been created click on <literal>Settings</literal> in sidebar on the left. You must specify
+ a contact email. Save your changes. Then click
on <literal>Advanced</literal>. Under <literal>Security</literal> make sure
<literal>Client OAuth Login</literal> is enabled. In <literal>Valid OAuth redirect URIs</literal> insert
the <link linkend="social-callbackurl">social callback url</link>. Scroll down and click on the
@@ -28,7 +29,8 @@
<listitem>
<para>
Click <literal>Status & Review</literal> and select <literal>YES</literal> for <literal>Do you want
- to make this app and all its live features available to the general public?</literal>.
+ to make this app and all its live features available to the general public?</literal>. You will
+ not be able to set this until you have provided a contact email in the general settings of this application.
</para>
</listitem>
<listitem>
diff --git a/docbook/reference/en/en-US/modules/social-github.xml b/docbook/reference/en/en-US/modules/social-github.xml
old mode 100644
new mode 100755
index 4315f6d..1890f87
--- a/docbook/reference/en/en-US/modules/social-github.xml
+++ b/docbook/reference/en/en-US/modules/social-github.xml
@@ -1,7 +1,7 @@
<section id="social-github">
<title>GitHub</title>
<para>
- To enable login with Google you first have to create an application in
+ To enable login with GitHub you first have to create an application in
<ulink url="https://github.com/settings/applications">GitHub Settings</ulink>. Then you need to copy
the client id and secret into the Keycloak Admin Console.
</para>
diff --git a/docbook/reference/en/en-US/modules/social-twitter.xml b/docbook/reference/en/en-US/modules/social-twitter.xml
old mode 100644
new mode 100755
index 66f0d83..f6afdc6
--- a/docbook/reference/en/en-US/modules/social-twitter.xml
+++ b/docbook/reference/en/en-US/modules/social-twitter.xml
@@ -22,7 +22,7 @@
</listitem>
<listitem>
<para>
- Now click <literal>Details</literal>. Copy <literal>Consumer key</literal> and <literal>Consumer secret</literal> from the
+ Now click <literal>API Keys</literal> tab. Copy <literal>API key</literal> and <literal>API secret</literal> from the
<ulink url="https://dev.twitter.com/apps">Twitter Developer Console</ulink> into the settings
page in the Keycloak Admin Console as the <literal>Key</literal> and <literal>Secret</literal>. Then click
<literal>Save</literal> in the Keycloak Admin Console to enable login with Twitter.
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-default-roles.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-default-roles.html
index a7d28d3..a13e544 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-default-roles.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-default-roles.html
@@ -6,7 +6,7 @@
</ul>
<h2></h2>
<div id="content">
- <h2><span>{{realm.realm}}</span> Default Roles <span tooltip-placement="right" tooltip="Role mappings to assign to newly created users." class="fa fa-info-circle"></span></h2>
+ <h2><span>{{realm.realm}}</span> Default Roles <span tooltip-placement="right" tooltip="Role mappings to assign to newly created users. This includes registration, social login, and users created in the admin console." class="fa fa-info-circle"></span></h2>
<form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageRealm">
<fieldset>
<legend><span class="text">Realm Default Roles</span> </legend>
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
index 628ef9a..dd3f1a8 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@@ -4,6 +4,8 @@ import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.BadRequestException;
import org.jboss.resteasy.spi.NotFoundException;
+import org.keycloak.ClientConnection;
+import org.keycloak.audit.Details;
import org.keycloak.email.EmailException;
import org.keycloak.email.EmailProvider;
import org.keycloak.models.ApplicationModel;
@@ -73,6 +75,9 @@ public class UsersResource {
private TokenManager tokenManager;
@Context
+ protected ClientConnection clientConnection;
+
+ @Context
protected UriInfo uriInfo;
@Context
@@ -828,7 +833,10 @@ public class UsersResource {
return Flows.errors().error("AccountProvider management not enabled", Response.Status.INTERNAL_SERVER_ERROR);
}
- AccessCode accessCode = tokenManager.createAccessCode(scope, state, redirect, session, realm, client, user, null);
+ UserSessionModel userSession = session.sessions().createUserSession(realm, user, username, clientConnection.getRemoteAddr(), "form", false);
+ //audit.session(userSession);
+
+ AccessCode accessCode = tokenManager.createAccessCode(null, state, redirect, session, realm, client, user, userSession);
accessCode.setRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
try {
@@ -838,8 +846,9 @@ public class UsersResource {
String link = builder.build(realm.getName()).toString();
long expiration = TimeUnit.SECONDS.toMinutes(realm.getAccessCodeLifespanUserAction());
- session.getProvider(EmailProvider.class).setRealm(realm).setUser(user).sendPasswordReset(link, expiration);
+ this.session.getProvider(EmailProvider.class).setRealm(realm).setUser(user).sendPasswordReset(link, expiration);
+ //audit.user(user).detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID, accessCode.getCodeId()).success();
return Response.ok().build();
} catch (EmailException e) {
logger.error("Failed to send password reset email", e);
social/facebook/pom.xml 5(+5 -0)
diff --git a/social/facebook/pom.xml b/social/facebook/pom.xml
index 8d55bc0..39b076f 100755
--- a/social/facebook/pom.xml
+++ b/social/facebook/pom.xml
@@ -25,5 +25,10 @@
<artifactId>jackson-mapper-asl</artifactId>
<scope>provided</scope>
</dependency>
+ <dependency>
+ <groupId>org.jboss.logging</groupId>
+ <artifactId>jboss-logging</artifactId>
+ <scope>provided</scope>
+ </dependency>
</dependencies>
</project>
diff --git a/social/facebook/src/main/java/org/keycloak/social/facebook/FacebookProvider.java b/social/facebook/src/main/java/org/keycloak/social/facebook/FacebookProvider.java
index 4f15fbb..f8b5ded 100755
--- a/social/facebook/src/main/java/org/keycloak/social/facebook/FacebookProvider.java
+++ b/social/facebook/src/main/java/org/keycloak/social/facebook/FacebookProvider.java
@@ -1,6 +1,7 @@
package org.keycloak.social.facebook;
import org.codehaus.jackson.JsonNode;
+import org.jboss.logging.Logger;
import org.keycloak.social.AbstractOAuth2Provider;
import org.keycloak.social.SocialProviderException;
import org.keycloak.social.SocialUser;
@@ -10,6 +11,7 @@ import org.keycloak.social.utils.SimpleHttp;
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class FacebookProvider extends AbstractOAuth2Provider {
+ protected static final Logger logger = Logger.getLogger(FacebookProvider.class);
private static final String ID = "facebook";
private static final String NAME = "Facebook";
@@ -50,10 +52,20 @@ public class FacebookProvider extends AbstractOAuth2Provider {
try {
JsonNode profile = SimpleHttp.doGet(PROFILE_URL).header("Authorization", "Bearer " + accessToken).asJson();
- SocialUser user = new SocialUser(profile.get("id").getTextValue(), profile.get("username").getTextValue());
+
+ JsonNode id = profile.get("id");
+ JsonNode username = profile.get("username");
+ JsonNode email = profile.get("email");
+
+ //logger.info("email is null: " + email == null);
+ //logger.info("username is null: " + username == null);
+
+ if (username == null) username = email == null ? id : email;
+
+ SocialUser user = new SocialUser(id.getTextValue(), username.getTextValue());
user.setName(profile.has("first_name") ? profile.get("first_name").getTextValue() : null,
profile.has("last_name") ? profile.get("last_name").getTextValue() : null);
- user.setEmail(profile.has("email") ? profile.get("email").getTextValue() : null);
+ user.setEmail(profile.has("email") ? email.getTextValue() : null);
return user;
} catch (Exception e) {