keycloakify 8.0.0 → 9.0.0-rc.0

package/bin/keycloakify/generateJavaStackFiles/account-v1-java/forms/account/freemarker/model/RealmBean.java

@@ -0,0 +1,75 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.forms.account.freemarker.model;
+
+import java.util.Set;
+import java.util.stream.Collectors;
+import org.keycloak.models.RealmModel;
+
+/**
+ * @author <a href="mailto:gerbermichi@me.com">Michael Gerber</a>
+ */
+public class RealmBean {
+
+  private RealmModel realm;
+
+  public RealmBean(RealmModel realmModel) {
+    realm = realmModel;
+  }
+
+  public String getName() {
+    return realm.getName();
+  }
+
+  public String getDisplayName() {
+    String displayName = realm.getDisplayName();
+    if (displayName != null && displayName.length() > 0) {
+      return displayName;
+    } else {
+      return getName();
+    }
+  }
+
+  public String getDisplayNameHtml() {
+    String displayNameHtml = realm.getDisplayNameHtml();
+    if (displayNameHtml != null && displayNameHtml.length() > 0) {
+      return displayNameHtml;
+    } else {
+      return getDisplayName();
+    }
+  }
+
+  public boolean isInternationalizationEnabled() {
+    return realm.isInternationalizationEnabled();
+  }
+
+  public Set<String> getSupportedLocales() {
+    return realm.getSupportedLocalesStream().collect(Collectors.toSet());
+  }
+
+  public boolean isEditUsernameAllowed() {
+    return realm.isEditUsernameAllowed();
+  }
+
+  public boolean isRegistrationEmailAsUsername() {
+    return realm.isRegistrationEmailAsUsername();
+  }
+
+  public boolean isUserManagedAccessAllowed() {
+    return realm.isUserManagedAccessAllowed();
+  }
+}

package/bin/keycloakify/generateJavaStackFiles/account-v1-java/forms/account/freemarker/model/ReferrerBean.java

@@ -0,0 +1,38 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.forms.account.freemarker.model;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public class ReferrerBean {
+
+  private String[] referrer;
+
+  public ReferrerBean(String[] referrer) {
+    this.referrer = referrer;
+  }
+
+  public String getName() {
+    return referrer[0];
+  }
+
+  public String getUrl() {
+    return referrer[1];
+  }
+}

package/bin/keycloakify/generateJavaStackFiles/account-v1-java/forms/account/freemarker/model/SessionsBean.java

@@ -0,0 +1,93 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.forms.account.freemarker.model;
+
+import java.util.Date;
+import java.util.HashSet;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
+import org.keycloak.common.util.Time;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserSessionModel;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public class SessionsBean {
+
+  private List<UserSessionBean> events;
+  private RealmModel realm;
+
+  public SessionsBean(RealmModel realm, List<UserSessionModel> sessions) {
+    this.events = new LinkedList<>();
+    for (UserSessionModel session : sessions) {
+      this.events.add(new UserSessionBean(realm, session));
+    }
+  }
+
+  public List<UserSessionBean> getSessions() {
+    return events;
+  }
+
+  public static class UserSessionBean {
+
+    private UserSessionModel session;
+    private RealmModel realm;
+
+    public UserSessionBean(RealmModel realm, UserSessionModel session) {
+      this.realm = realm;
+      this.session = session;
+    }
+
+    public String getId() {
+      return session.getId();
+    }
+
+    public String getIpAddress() {
+      return session.getIpAddress();
+    }
+
+    public Date getStarted() {
+      return Time.toDate(session.getStarted());
+    }
+
+    public Date getLastAccess() {
+      return Time.toDate(session.getLastSessionRefresh());
+    }
+
+    public Date getExpires() {
+      int maxLifespan =
+          session.isRememberMe() && realm.getSsoSessionMaxLifespanRememberMe() > 0
+              ? realm.getSsoSessionMaxLifespanRememberMe()
+              : realm.getSsoSessionMaxLifespan();
+      int max = session.getStarted() + maxLifespan;
+      return Time.toDate(max);
+    }
+
+    public Set<String> getClients() {
+      Set<String> clients = new HashSet<>();
+      for (String clientUUID : session.getAuthenticatedClientSessions().keySet()) {
+        ClientModel client = realm.getClientById(clientUUID);
+        clients.add(client.getClientId());
+      }
+      return clients;
+    }
+  }
+}

package/bin/keycloakify/generateJavaStackFiles/account-v1-java/forms/account/freemarker/model/TotpBean.java

@@ -0,0 +1,125 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.forms.account.freemarker.model;
+
+import static org.keycloak.utils.CredentialHelper.createUserStorageCredentialRepresentation;
+
+import jakarta.ws.rs.core.UriBuilder;
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
+import org.keycloak.authentication.otp.OTPApplicationProvider;
+import org.keycloak.credential.CredentialModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.OTPPolicy;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.models.credential.OTPCredentialModel;
+import org.keycloak.models.utils.HmacOTP;
+import org.keycloak.models.utils.RepresentationToModel;
+import org.keycloak.representations.idm.CredentialRepresentation;
+import org.keycloak.utils.TotpUtils;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public class TotpBean {
+
+  private final RealmModel realm;
+  private final String totpSecret;
+  private final String totpSecretEncoded;
+  private final String totpSecretQrCode;
+  private final boolean enabled;
+  private KeycloakSession session;
+  private final UriBuilder uriBuilder;
+  private final List<CredentialModel> otpCredentials;
+  private final List<String> supportedApplications;
+
+  public TotpBean(
+      KeycloakSession session, RealmModel realm, UserModel user, UriBuilder uriBuilder) {
+    this.session = session;
+    this.uriBuilder = uriBuilder;
+    this.enabled = user.credentialManager().isConfiguredFor(OTPCredentialModel.TYPE);
+    if (enabled) {
+      List<CredentialModel> otpCredentials =
+          user.credentialManager()
+              .getStoredCredentialsByTypeStream(OTPCredentialModel.TYPE)
+              .collect(Collectors.toList());
+
+      if (otpCredentials.isEmpty()) {
+        // Credential is configured on userStorage side. Create the "fake" credential similar like
+        // we do for the new account console
+        CredentialRepresentation credential =
+            createUserStorageCredentialRepresentation(OTPCredentialModel.TYPE);
+        this.otpCredentials = Collections.singletonList(RepresentationToModel.toModel(credential));
+      } else {
+        this.otpCredentials = otpCredentials;
+      }
+    } else {
+      this.otpCredentials = Collections.EMPTY_LIST;
+    }
+
+    this.realm = realm;
+    this.totpSecret = HmacOTP.generateSecret(20);
+    this.totpSecretEncoded = TotpUtils.encode(totpSecret);
+    this.totpSecretQrCode = TotpUtils.qrCode(totpSecret, realm, user);
+
+    OTPPolicy otpPolicy = realm.getOTPPolicy();
+    this.supportedApplications =
+        session.getAllProviders(OTPApplicationProvider.class).stream()
+            .filter(p -> p.supports(otpPolicy))
+            .map(OTPApplicationProvider::getName)
+            .collect(Collectors.toList());
+  }
+
+  public boolean isEnabled() {
+    return enabled;
+  }
+
+  public String getTotpSecret() {
+    return totpSecret;
+  }
+
+  public String getTotpSecretEncoded() {
+    return totpSecretEncoded;
+  }
+
+  public String getTotpSecretQrCode() {
+    return totpSecretQrCode;
+  }
+
+  public String getManualUrl() {
+    return uriBuilder.replaceQueryParam("mode", "manual").build().toString();
+  }
+
+  public String getQrUrl() {
+    return uriBuilder.replaceQueryParam("mode", "qr").build().toString();
+  }
+
+  public OTPPolicy getPolicy() {
+    return realm.getOTPPolicy();
+  }
+
+  public List<String> getSupportedApplications() {
+    return supportedApplications;
+  }
+
+  public List<CredentialModel> getOtpCredentials() {
+    return otpCredentials;
+  }
+}

package/bin/keycloakify/generateJavaStackFiles/account-v1-java/forms/account/freemarker/model/UrlBean.java

@@ -0,0 +1,121 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.forms.account.freemarker.model;
+
+import java.io.IOException;
+import java.net.URI;
+import org.jboss.logging.Logger;
+import org.keycloak.models.RealmModel;
+import org.keycloak.services.AccountUrls;
+import org.keycloak.theme.Theme;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public class UrlBean {
+
+  private static final Logger logger = Logger.getLogger(UrlBean.class);
+  private String realm;
+  private Theme theme;
+  private URI baseURI;
+  private URI baseQueryURI;
+  private URI currentURI;
+  private String idTokenHint;
+
+  public UrlBean(
+      RealmModel realm,
+      Theme theme,
+      URI baseURI,
+      URI baseQueryURI,
+      URI currentURI,
+      String idTokenHint) {
+    this.realm = realm.getName();
+    this.theme = theme;
+    this.baseURI = baseURI;
+    this.baseQueryURI = baseQueryURI;
+    this.currentURI = currentURI;
+    this.idTokenHint = idTokenHint;
+  }
+
+  public String getApplicationsUrl() {
+    return AccountUrls.accountApplicationsPage(baseQueryURI, realm).toString();
+  }
+
+  public String getAccountUrl() {
+    return AccountUrls.accountPage(baseQueryURI, realm).toString();
+  }
+
+  public String getPasswordUrl() {
+    return AccountUrls.accountPasswordPage(baseQueryURI, realm).toString();
+  }
+
+  public String getSocialUrl() {
+    return AccountUrls.accountFederatedIdentityPage(baseQueryURI, realm).toString();
+  }
+
+  public String getTotpUrl() {
+    return AccountUrls.accountTotpPage(baseQueryURI, realm).toString();
+  }
+
+  public String getLogUrl() {
+    return AccountUrls.accountLogPage(baseQueryURI, realm).toString();
+  }
+
+  public String getSessionsUrl() {
+    return AccountUrls.accountSessionsPage(baseQueryURI, realm).toString();
+  }
+
+  public String getLogoutUrl() {
+    return AccountUrls.accountLogout(baseQueryURI, currentURI, realm, idTokenHint).toString();
+  }
+
+  public String getResourceUrl() {
+    return AccountUrls.accountResourcesPage(baseQueryURI, realm).toString();
+  }
+
+  public String getResourceDetailUrl(String id) {
+    return AccountUrls.accountResourceDetailPage(id, baseQueryURI, realm).toString();
+  }
+
+  public String getResourceGrant(String id) {
+    return AccountUrls.accountResourceGrant(id, baseQueryURI, realm).toString();
+  }
+
+  public String getResourceShare(String id) {
+    return AccountUrls.accountResourceShare(id, baseQueryURI, realm).toString();
+  }
+
+  public String getResourcesPath() {
+    URI uri = AccountUrls.themeRoot(baseURI);
+    return uri.getPath() + "/" + theme.getType().toString().toLowerCase() + "/" + theme.getName();
+  }
+
+  public String getResourcesCommonPath() {
+    URI uri = AccountUrls.themeRoot(baseURI);
+    String commonPath = "";
+    try {
+      commonPath = theme.getProperties().getProperty("import");
+    } catch (IOException ex) {
+      logger.warn("Failed to load properties", ex);
+    }
+    if (commonPath == null || commonPath.isEmpty()) {
+      commonPath = "/common/keycloak";
+    }
+    return uri.getPath() + "/" + commonPath;
+  }
+}

package/bin/keycloakify/generateJavaStackFiles/account-v1-java/services/AccountUrls.java

@@ -0,0 +1,115 @@
+package org.keycloak.services;
+
+import jakarta.ws.rs.core.UriBuilder;
+import java.net.URI;
+import lombok.extern.jbosslog.JBossLog;
+import org.keycloak.OAuth2Constants;
+import org.keycloak.protocol.oidc.OIDCLoginProtocol;
+import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
+import org.keycloak.services.resources.LoginActionsService;
+import org.keycloak.services.resources.RealmsResource;
+import org.keycloak.services.resources.account.AccountFormService;
+
+@JBossLog
+public class AccountUrls extends Urls {
+
+  private static UriBuilder realmLogout(URI baseUri) {
+    return tokenBase(baseUri).path(OIDCLoginProtocolService.class, "logout");
+  }
+
+  public static UriBuilder accountBase(URI baseUri) {
+    return realmBase(baseUri).path(RealmsResource.class, "getAccountService");
+  }
+
+  private static UriBuilder tokenBase(URI baseUri) {
+    return realmBase(baseUri).path("{realm}/protocol/" + OIDCLoginProtocol.LOGIN_PROTOCOL);
+  }
+
+  public static URI accountApplicationsPage(URI baseUri, String realmName) {
+    return accountBase(baseUri).path(AccountFormService.class, "applicationsPage").build(realmName);
+  }
+
+  public static URI accountPage(URI baseUri, String realmName) {
+    return accountPageBuilder(baseUri).build(realmName);
+  }
+
+  public static UriBuilder accountPageBuilder(URI baseUri) {
+    return accountBase(baseUri).path(AccountFormService.class, "accountPage");
+  }
+
+  public static URI accountPasswordPage(URI baseUri, String realmName) {
+    return accountBase(baseUri).path(AccountFormService.class, "passwordPage").build(realmName);
+  }
+
+  public static URI accountFederatedIdentityPage(URI baseUri, String realmName) {
+    return accountBase(baseUri)
+        .path(AccountFormService.class, "federatedIdentityPage")
+        .build(realmName);
+  }
+
+  public static URI accountFederatedIdentityUpdate(URI baseUri, String realmName) {
+    return accountBase(baseUri)
+        .path(AccountFormService.class, "processFederatedIdentityUpdate")
+        .build(realmName);
+  }
+
+  public static URI accountTotpPage(URI baseUri, String realmName) {
+    return accountBase(baseUri).path(AccountFormService.class, "totpPage").build(realmName);
+  }
+
+  public static URI accountLogPage(URI baseUri, String realmName) {
+    return accountBase(baseUri).path(AccountFormService.class, "logPage").build(realmName);
+  }
+
+  public static URI accountSessionsPage(URI baseUri, String realmName) {
+    return accountBase(baseUri).path(AccountFormService.class, "sessionsPage").build(realmName);
+  }
+
+  public static URI accountLogout(
+      URI baseUri, URI redirectUri, String realmName, String idTokenHint) {
+    return realmLogout(baseUri)
+        .queryParam(OAuth2Constants.POST_LOGOUT_REDIRECT_URI, redirectUri)
+        .queryParam(OAuth2Constants.ID_TOKEN_HINT, idTokenHint)
+        .build(realmName);
+  }
+
+  public static URI accountResourcesPage(URI baseUri, String realmName) {
+    return accountBase(baseUri).path(AccountFormService.class, "resourcesPage").build(realmName);
+  }
+
+  public static URI accountResourceDetailPage(String resourceId, URI baseUri, String realmName) {
+    return accountBase(baseUri)
+        .path(AccountFormService.class, "resourceDetailPage")
+        .build(realmName, resourceId);
+  }
+
+  public static URI accountResourceGrant(String resourceId, URI baseUri, String realmName) {
+    return accountBase(baseUri)
+        .path(AccountFormService.class, "grantPermission")
+        .build(realmName, resourceId);
+  }
+
+  public static URI accountResourceShare(String resourceId, URI baseUri, String realmName) {
+    return accountBase(baseUri)
+        .path(AccountFormService.class, "shareResource")
+        .build(realmName, resourceId);
+  }
+
+  public static URI loginActionUpdatePassword(URI baseUri, String realmName) {
+    return loginActionsBase(baseUri)
+        .path(LoginActionsService.class, "updatePassword")
+        .build(realmName);
+  }
+
+  public static URI loginActionUpdateTotp(URI baseUri, String realmName) {
+    return loginActionsBase(baseUri).path(LoginActionsService.class, "updateTotp").build(realmName);
+  }
+
+  public static URI loginActionEmailVerification(URI baseUri, String realmName) {
+    return loginActionEmailVerificationBuilder(baseUri).build(realmName);
+  }
+
+  public static String localeCookiePath(URI baseUri, String realmName) {
+    return realmBase(baseUri).path(realmName).build().getRawPath();
+  }
+}