2023-12-08 14:23:25 +00:00
|
|
|
package com.github.thomasdarimont.keycloak.auth;
|
|
|
|
//
|
2023-09-14 23:41:35 +00:00
|
|
|
import org.jboss.logging.Logger;
|
2023-04-19 01:29:40 +00:00
|
|
|
import org.keycloak.authentication.FormAction;
|
|
|
|
import org.keycloak.authentication.ValidationContext;
|
|
|
|
import org.keycloak.authentication.forms.RegistrationPage;
|
|
|
|
import org.keycloak.authentication.forms.RegistrationProfile;
|
|
|
|
import org.keycloak.events.Details;
|
|
|
|
import org.keycloak.events.Errors;
|
|
|
|
import org.keycloak.models.AuthenticatorConfigModel;
|
2023-11-24 15:53:02 +00:00
|
|
|
import org.keycloak.models.KeycloakSession;
|
|
|
|
import org.keycloak.models.RealmModel;
|
2023-12-08 14:23:25 +00:00
|
|
|
import org.keycloak.models.UserModel;
|
2023-04-19 01:29:40 +00:00
|
|
|
import org.keycloak.models.utils.FormMessage;
|
|
|
|
import org.keycloak.services.messages.Messages;
|
|
|
|
import org.keycloak.services.validation.Validation;
|
|
|
|
|
2023-09-14 23:41:35 +00:00
|
|
|
import jakarta.ws.rs.core.MultivaluedMap;
|
2023-04-19 01:29:40 +00:00
|
|
|
import java.util.ArrayList;
|
|
|
|
import java.util.List;
|
2023-12-08 14:23:25 +00:00
|
|
|
//
|
|
|
|
import org.keycloak.authentication.FormActionFactory;
|
|
|
|
import org.keycloak.authentication.FormContext;
|
|
|
|
import org.keycloak.authentication.forms.RegistrationUserCreation;
|
|
|
|
import org.keycloak.events.Errors;
|
|
|
|
import org.keycloak.forms.login.LoginFormsProvider;
|
|
|
|
import org.keycloak.models.utils.FormMessage;
|
2023-04-19 01:29:40 +00:00
|
|
|
|
2023-12-08 14:37:09 +00:00
|
|
|
public abstract class RegistrationProfileDomainValidation extends RegistrationUserCreation {
|
2023-09-14 23:41:35 +00:00
|
|
|
protected static final Logger logger = Logger.getLogger(RegistrationProfileDomainValidation.class);
|
2023-04-19 01:29:40 +00:00
|
|
|
|
|
|
|
protected static final String DEFAULT_DOMAIN_LIST = "example.org";
|
|
|
|
protected static final String DOMAIN_LIST_SEPARATOR = "##";
|
|
|
|
|
|
|
|
@Override
|
2023-09-14 23:41:35 +00:00
|
|
|
public boolean isConfigurable() {
|
2023-04-19 01:29:40 +00:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
protected static final boolean globmatches(String text, String glob) {
|
|
|
|
if (text.length() > 200) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
String rest = null;
|
|
|
|
int pos = glob.indexOf('*');
|
|
|
|
if (pos != -1) {
|
|
|
|
rest = glob.substring(pos + 1);
|
|
|
|
glob = glob.substring(0, pos);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (glob.length() > text.length())
|
|
|
|
return false;
|
|
|
|
|
|
|
|
// handle the part up to the first *
|
|
|
|
for (int i = 0; i < glob.length(); i++)
|
|
|
|
if (glob.charAt(i) != '?'
|
|
|
|
&& !glob.substring(i, i + 1).equalsIgnoreCase(text.substring(i, i + 1)))
|
|
|
|
return false;
|
|
|
|
|
|
|
|
// recurse for the part after the first *, if any
|
|
|
|
if (rest == null) {
|
|
|
|
return glob.length() == text.length();
|
|
|
|
} else {
|
|
|
|
for (int i = glob.length(); i <= text.length(); i++) {
|
|
|
|
if (globmatches(text.substring(i), rest))
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public void validate(ValidationContext context) {
|
|
|
|
MultivaluedMap<String, String> formData = context.getHttpRequest().getDecodedFormParameters();
|
|
|
|
|
|
|
|
List<FormMessage> errors = new ArrayList<>();
|
|
|
|
String email = formData.getFirst(Validation.FIELD_EMAIL);
|
|
|
|
|
|
|
|
AuthenticatorConfigModel mailDomainConfig = context.getAuthenticatorConfig();
|
|
|
|
String eventError = Errors.INVALID_REGISTRATION;
|
|
|
|
|
|
|
|
if(email == null){
|
|
|
|
context.getEvent().detail(Details.EMAIL, email);
|
|
|
|
errors.add(new FormMessage(RegistrationPage.FIELD_EMAIL, Messages.INVALID_EMAIL));
|
|
|
|
context.error(eventError);
|
|
|
|
context.validationError(formData, errors);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2023-09-14 23:41:35 +00:00
|
|
|
String[] domainList = getDomainList(mailDomainConfig);
|
|
|
|
|
2023-04-19 01:29:40 +00:00
|
|
|
boolean emailDomainValid = isEmailValid(email, domainList);
|
|
|
|
|
|
|
|
if (!emailDomainValid) {
|
2023-12-08 14:23:25 +00:00
|
|
|
super.success(context);
|
2023-11-24 15:53:02 +00:00
|
|
|
KeycloakSession session = context.getSession();
|
|
|
|
RealmModel realm = context.getRealm();
|
2023-12-08 14:23:25 +00:00
|
|
|
UserModel user = context.getUser();
|
2023-11-24 15:53:02 +00:00
|
|
|
user.addRequiredAction("USER_MUST_BE_APPROVED");
|
2023-12-08 14:23:25 +00:00
|
|
|
setRequiredActions(session, realm, user);
|
2023-11-24 15:53:02 +00:00
|
|
|
|
2023-04-19 01:29:40 +00:00
|
|
|
}
|
|
|
|
if (errors.size() > 0) {
|
|
|
|
context.error(eventError);
|
|
|
|
context.validationError(formData, errors);
|
|
|
|
} else {
|
|
|
|
context.success();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-09-14 23:41:35 +00:00
|
|
|
public abstract String[] getDomainList(AuthenticatorConfigModel mailDomainConfig);
|
|
|
|
|
2023-04-19 01:29:40 +00:00
|
|
|
public abstract boolean isEmailValid(String email, String[] domains);
|
|
|
|
}
|
|
|
|
|