Java Code Examples for org.keycloak.representations.idm.CredentialRepresentation#setType()

public static void resetUserPassword(UserResource userResource, String newPassword, boolean temporary) {
    CredentialRepresentation newCredential = new CredentialRepresentation();
    newCredential.setType(PASSWORD);
    newCredential.setValue(newPassword);
    newCredential.setTemporary(temporary);
    userResource.resetPassword(newCredential);
}
 

@Test
public void resetUserInvalidPassword() {
    String userId = createUser("user1", "user1@localhost");

    try {
        CredentialRepresentation cred = new CredentialRepresentation();
        cred.setType(CredentialRepresentation.PASSWORD);
        cred.setValue(" ");
        cred.setTemporary(false);
        realm.users().get(userId).resetPassword(cred);
        fail("Expected failure");
    } catch (ClientErrorException e) {
        assertEquals(400, e.getResponse().getStatus());
        e.getResponse().close();
        assertAdminEvents.assertEmpty();
    }
}
 

@Test
public void createUserWithTempolaryCredentials() {
    UserRepresentation user = new UserRepresentation();
    user.setUsername("user_temppw");
    user.setEmail("email.temppw@localhost");

    CredentialRepresentation password = new CredentialRepresentation();
    password.setValue("password");
    password.setType(CredentialRepresentation.PASSWORD);
    password.setTemporary(true);
    user.setCredentials(Arrays.asList(password));

    String userId = createUser(user);

    UserRepresentation userRep = realm.users().get(userId).toRepresentation();
    Assert.assertEquals(1, userRep.getRequiredActions().size());
    Assert.assertEquals(UserModel.RequiredAction.UPDATE_PASSWORD.toString(), userRep.getRequiredActions().get(0));
}
 

@Test
public void failManagePassword() {
    UserResource serviceAccount = adminClient.realm("test").users().get(userId);
    UserRepresentation representation = serviceAccount.toRepresentation();

    CredentialRepresentation password = new CredentialRepresentation();
    password.setValue("password");
    password.setType(CredentialRepresentation.PASSWORD);
    password.setTemporary(false);

    representation.setCredentials(Arrays.asList(password));

    this.expectedException.expect(Matchers.allOf(Matchers.instanceOf(ClientErrorException.class), 
            Matchers.hasProperty("response", Matchers.hasProperty("status", Matchers.is(400)))));
    this.expectedException.reportMissingExceptionWithMessage("Should fail, should not be possible to manage credentials for service accounts");

    serviceAccount.update(representation);
}
 

/**
 * See KEYCLOAK-11003
 */
@Test
public void createUserWithTemporaryPasswordWithAdditionalPasswordUpdateShouldRemoveUpdatePasswordRequiredAction() {

    String userId = createUser();

    CredentialRepresentation credTmp = new CredentialRepresentation();
    credTmp.setType(CredentialRepresentation.PASSWORD);
    credTmp.setValue("temp");
    credTmp.setTemporary(Boolean.TRUE);

    realm.users().get(userId).resetPassword(credTmp);

    CredentialRepresentation credPerm = new CredentialRepresentation();
    credPerm.setType(CredentialRepresentation.PASSWORD);
    credPerm.setValue("perm");
    credPerm.setTemporary(null);

    realm.users().get(userId).resetPassword(credPerm);

    UserRepresentation userRep = realm.users().get(userId).toRepresentation();

    Assert.assertFalse(userRep.getRequiredActions().contains(UserModel.RequiredAction.UPDATE_PASSWORD.name()));
}
 

private void configTestRealmForTokenIntrospection(RealmRepresentation testRealm) {
    ClientRepresentation confApp = KeycloakModelUtils.createClient(testRealm, "confidential-cli");
    confApp.setSecret("secret1");
    confApp.setServiceAccountsEnabled(Boolean.TRUE);

    ClientRepresentation pubApp = KeycloakModelUtils.createClient(testRealm, "public-cli");
    pubApp.setPublicClient(Boolean.TRUE);

    UserRepresentation user = new UserRepresentation();
    user.setUsername("no-permissions");
    CredentialRepresentation credential = new CredentialRepresentation();
    credential.setType("password");
    credential.setValue("password");
    List<CredentialRepresentation> creds = new ArrayList<>();
    creds.add(credential);
    user.setCredentials(creds);
    user.setEnabled(Boolean.TRUE);
    List<String> realmRoles = new ArrayList<>();
    realmRoles.add("user");
    user.setRealmRoles(realmRoles);
    testRealm.getUsers().add(user);
}
 

private String addUserAndResetPassword(String username, String password) {
    // Save user and assert he is saved in the new storage
    UserRepresentation user = new UserRepresentation();
    user.setEnabled(true);
    user.setUsername(username);
    Response response = testRealmResource().users().create(user);
    String userId = ApiUtil.getCreatedId(response);

    Assert.assertEquals(backwardsCompProviderId, new StorageId(userId).getProviderId());

    // Update his password
    CredentialRepresentation passwordRep = new CredentialRepresentation();
    passwordRep.setType(CredentialModel.PASSWORD);
    passwordRep.setValue(password);
    passwordRep.setTemporary(false);

    testRealmResource().users().get(userId).resetPassword(passwordRep);

    return userId;
}
 

private static UserRepresentation createUser(String username, String... realmRoles) {
    UserRepresentation user = new UserRepresentation();

    user.setUsername(username);
    user.setEnabled(true);
    user.setCredentials(new ArrayList<>());
    user.setRealmRoles(Arrays.asList(realmRoles));

    CredentialRepresentation credential = new CredentialRepresentation();

    credential.setType(CredentialRepresentation.PASSWORD);
    credential.setValue(username);
    credential.setTemporary(false);

    user.getCredentials().add(credential);

    return user;
}
 

private static UserRepresentation createUser(String username, String... realmRoles) {
    UserRepresentation user = new UserRepresentation();

    user.setUsername(username);
    user.setEnabled(true);
    user.setCredentials(new ArrayList<>());
    user.setRealmRoles(Arrays.asList(realmRoles));

    CredentialRepresentation credential = new CredentialRepresentation();

    credential.setType(CredentialRepresentation.PASSWORD);
    credential.setValue(username);
    credential.setTemporary(false);

    user.getCredentials().add(credential);

    return user;
}
 

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void createUserWithRawCredentials() {
    UserRepresentation user = new UserRepresentation();
    user.setUsername("user_rawpw");
    user.setEmail("email.raw@localhost");

    CredentialRepresentation rawPassword = new CredentialRepresentation();
    rawPassword.setValue("ABCD");
    rawPassword.setType(CredentialRepresentation.PASSWORD);
    user.setCredentials(Arrays.asList(rawPassword));

    createUser(user);

    CredentialModel credential = fetchCredentials("user_rawpw");
    assertNotNull("Expecting credential", credential);
    PasswordCredentialModel pcm = PasswordCredentialModel.createFromCredentialModel(credential);
    assertEquals(PasswordPolicy.HASH_ALGORITHM_DEFAULT, pcm.getPasswordCredentialData().getAlgorithm());
    assertEquals(PasswordPolicy.HASH_ITERATIONS_DEFAULT, pcm.getPasswordCredentialData().getHashIterations());
    assertNotEquals("ABCD", pcm.getPasswordSecretData().getValue());
    assertEquals(CredentialRepresentation.PASSWORD, credential.getType());
}
 

private static UserRepresentation createUser(String username, String... realmRoles) {
    UserRepresentation user = new UserRepresentation();

    user.setUsername(username);
    user.setEnabled(true);
    user.setCredentials(new ArrayList<>());
    user.setRealmRoles(Arrays.asList(realmRoles));
    user.setEmail(username + "@gmail.com");

    CredentialRepresentation credential = new CredentialRepresentation();

    credential.setType(CredentialRepresentation.PASSWORD);
    credential.setValue(username);
    credential.setTemporary(false);

    user.getCredentials().add(credential);

    return user;
}
 

/**
 * Create "dummy" representation of the credential. Typically used when credential is provided by userStorage and we don't know further
 * details about the credential besides the type
 *
 * @param credentialProviderType
 * @return dummy credential
 */
public static CredentialRepresentation createUserStorageCredentialRepresentation(String credentialProviderType) {
    CredentialRepresentation credential = new CredentialRepresentation();
    credential.setId(credentialProviderType + "-id");
    credential.setType(credentialProviderType);
    credential.setCreatedDate(-1L);
    credential.setPriority(0);
    return credential;
}
 

@Test
public void testSelfRegisteredUser() {
    // enable self-registration
    RealmResource realmResource = adminClient.realm(REALM);
    RealmRepresentation realmRepresentation = realmResource.toRepresentation();
    realmRepresentation.setRegistrationAllowed(true);
    realmResource.update(realmRepresentation);
    
    // enable terms
    setRequiredActionEnabled(REALM, RequiredActions.TERMS_AND_CONDITIONS, true, true);
    
    // self-register
    CredentialRepresentation mrBurnsPassword = new CredentialRepresentation();
    mrBurnsPassword.setType(CredentialRepresentation.PASSWORD);
    mrBurnsPassword.setValue("Excellent.");
    
    List<CredentialRepresentation> credentials = new ArrayList<CredentialRepresentation>();
    credentials.add(mrBurnsPassword);
    
    UserRepresentation mrBurns = new UserRepresentation();
    mrBurns.setUsername("mrburns");
    mrBurns.setFirstName("Montgomery");
    mrBurns.setLastName("Burns");
    mrBurns.setEmail("[email protected]");
    mrBurns.setCredentials(credentials);
    
    testRealmAdminConsolePage.navigateTo();
    testRealmLoginPage.form().register();
    
    registrationPage.register(mrBurns);
    
    // test t&c
    Assert.assertTrue(termsAndConditionsPage.isCurrent());
    
    // disable terms
    setRequiredActionEnabled(REALM, RequiredActions.TERMS_AND_CONDITIONS, false, false);
}
 

public static void configureUser(final RealmRepresentation dockerRealm, final String username, final String password) {
    final UserRepresentation dockerUser = new UserRepresentation();
    dockerUser.setUsername(username);
    dockerUser.setEnabled(true);
    dockerUser.setEmail("[email protected]");
    dockerUser.setFirstName("docker");
    dockerUser.setLastName("user");

    final CredentialRepresentation dockerUserCreds = new CredentialRepresentation();
    dockerUserCreds.setType(CredentialRepresentation.PASSWORD);
    dockerUserCreds.setValue(password);
    dockerUser.setCredentials(Collections.singletonList(dockerUserCreds));

    dockerRealm.setUsers(Collections.singletonList(dockerUser));
}
 

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void updateUserWithRawCredentials() {
    UserRepresentation user = new UserRepresentation();
    user.setUsername("user_rawpw");
    user.setEmail("email.raw@localhost");

    CredentialRepresentation rawPassword = new CredentialRepresentation();
    rawPassword.setValue("ABCD");
    rawPassword.setType(CredentialRepresentation.PASSWORD);
    user.setCredentials(Arrays.asList(rawPassword));

    String id = createUser(user);

    PasswordCredentialModel credential = PasswordCredentialModel
            .createFromCredentialModel(fetchCredentials("user_rawpw"));
    assertNotNull("Expecting credential", credential);
    assertEquals(PasswordPolicy.HASH_ALGORITHM_DEFAULT, credential.getPasswordCredentialData().getAlgorithm());
    assertEquals(PasswordPolicy.HASH_ITERATIONS_DEFAULT, credential.getPasswordCredentialData().getHashIterations());
    assertNotEquals("ABCD", credential.getPasswordSecretData().getValue());
    assertEquals(CredentialRepresentation.PASSWORD, credential.getType());

    UserResource userResource = realm.users().get(id);
    UserRepresentation userRep = userResource.toRepresentation();

    CredentialRepresentation rawPasswordForUpdate = new CredentialRepresentation();
    rawPasswordForUpdate.setValue("EFGH");
    rawPasswordForUpdate.setType(CredentialRepresentation.PASSWORD);
    userRep.setCredentials(Arrays.asList(rawPasswordForUpdate));

    updateUser(userResource, userRep);

    PasswordCredentialModel updatedCredential = PasswordCredentialModel
            .createFromCredentialModel(fetchCredentials("user_rawpw"));
    assertNotNull("Expecting credential", updatedCredential);
    assertEquals(PasswordPolicy.HASH_ALGORITHM_DEFAULT, updatedCredential.getPasswordCredentialData().getAlgorithm());
    assertEquals(PasswordPolicy.HASH_ITERATIONS_DEFAULT, updatedCredential.getPasswordCredentialData().getHashIterations());
    assertNotEquals("EFGH", updatedCredential.getPasswordSecretData().getValue());
    assertEquals(CredentialRepresentation.PASSWORD, updatedCredential.getType());
}
 

public void resetUserPassword(UserResource userResource, String newPassword) {
    CredentialRepresentation newCredential = new CredentialRepresentation();
    newCredential.setType(PASSWORD);
    newCredential.setValue(newPassword);
    newCredential.setTemporary(false);
    userResource.resetPassword(newCredential);
}
 

@Override
public UserRepresentation createUser(UsersResource users, UserRepresentation user) {
    // Add some additional attributes to user
    if (CREATE_OBJECTS) {
        Map<String, List<String>> attrs = new HashMap<>();
        attrs.put("attr1", Collections.singletonList("val1"));
        attrs.put("attr2", Collections.singletonList("val2"));
        user.setAttributes(attrs);
    }

    UserRepresentation userRep = super.createUser(users, user);

    // Add password
    if (CREATE_OBJECTS) {
        CredentialRepresentation password = new CredentialRepresentation();
        password.setType(CredentialRepresentation.PASSWORD);
        password.setValue("password");
        password.setTemporary(false);
        users.get(userRep.getId()).resetPassword(password);
    }

    // Add social link
    if (CREATE_SOCIAL_LINKS) {
        createSocialLink("facebook", users, userRep.getId());
    }

    return userRep;
}
 

@Override
public void configureTestRealm(RealmRepresentation testRealm) {
    ClientRepresentation confApp = KeycloakModelUtils.createClient(testRealm, "confidential-cli");
    confApp.setSecret("secret1");
    confApp.setServiceAccountsEnabled(Boolean.TRUE);

    ClientRepresentation pubApp = KeycloakModelUtils.createClient(testRealm, "public-cli");
    pubApp.setPublicClient(Boolean.TRUE);

    ClientRepresentation samlApp = KeycloakModelUtils.createClient(testRealm, "saml-client");
    samlApp.setSecret("secret2");
    samlApp.setServiceAccountsEnabled(Boolean.TRUE);
    samlApp.setProtocol("saml");

    UserRepresentation user = new UserRepresentation();
    user.setUsername("no-permissions");
    CredentialRepresentation credential = new CredentialRepresentation();
    credential.setType("password");
    credential.setValue("password");
    List<CredentialRepresentation> creds = new ArrayList<>();
    creds.add(credential);
    user.setCredentials(creds);
    user.setEnabled(Boolean.TRUE);
    List<String> realmRoles = new ArrayList<>();
    realmRoles.add("user");
    user.setRealmRoles(realmRoles);
    testRealm.getUsers().add(user);
}
 

@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    RealmRepresentation rep = new RealmRepresentation();
    rep.setEnabled(true);
    rep.setId(REALM_NAME);
    rep.setRealm(REALM_NAME);
    rep.setUsers(new LinkedList<UserRepresentation>());

    LinkedList<CredentialRepresentation> credentials = new LinkedList<>();
    CredentialRepresentation password = new CredentialRepresentation();
    password.setType(CredentialRepresentation.PASSWORD);
    password.setValue("password");
    credentials.add(password);

    UserRepresentation user = new UserRepresentation();
    user.setEnabled(true);
    user.setUsername("manage-clients");
    user.setCredentials(credentials);
    user.setClientRoles(Collections.singletonMap(Constants.REALM_MANAGEMENT_CLIENT_ID, Collections.singletonList(AdminRoles.MANAGE_CLIENTS)));

    rep.getUsers().add(user);

    UserRepresentation user2 = new UserRepresentation();
    user2.setEnabled(true);
    user2.setUsername("create-clients");
    user2.setCredentials(credentials);
    user2.setClientRoles(Collections.singletonMap(Constants.REALM_MANAGEMENT_CLIENT_ID, Collections.singletonList(AdminRoles.CREATE_CLIENT)));

    rep.getUsers().add(user2);

    UserRepresentation user3 = new UserRepresentation();
    user3.setEnabled(true);
    user3.setUsername("no-access");
    user3.setCredentials(credentials);

    rep.getUsers().add(user3);

    UserRepresentation appUser = new UserRepresentation();
    appUser.setEnabled(true);
    appUser.setUsername("test-user");
    appUser.setEmail("test-user@localhost");
    appUser.setCredentials(credentials);

    rep.getUsers().add(appUser);

    testRealms.add(rep);
}
 

@Test
public void resetUserPassword() {
    String userId = createUser("user1", "user1@localhost");

    CredentialRepresentation cred = new CredentialRepresentation();
    cred.setType(CredentialRepresentation.PASSWORD);
    cred.setValue("password");
    cred.setTemporary(false);

    realm.users().get(userId).resetPassword(cred);
    assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResetPasswordPath(userId), ResourceType.USER);

    String accountUrl = RealmsResource.accountUrl(UriBuilder.fromUri(getAuthServerRoot())).build(REALM_NAME).toString();

    driver.navigate().to(accountUrl);

    assertEquals("Log In", PageUtils.getPageTitle(driver));

    loginPage.login("user1", "password");

    assertTrue(driver.getTitle().contains("Account Management"));
}