WIP need to create a UserModel object but it's an abstract class (what does that even mean dog help me)

2023-11-24 16:53:02 +01:00 · 2023-11-24 16:53:02 +01:00 · 9db284388b
parent 119b7b4edd
commit 9db284388b
4 changed files with 87 additions and 2 deletions
--- a/src/main/java/com/gruchalski/idp/spi/actions/UserMustBeApprovedAction.java
+++ b/src/main/java/com/gruchalski/idp/spi/actions/UserMustBeApprovedAction.java
@ -0,0 +1,34 @@
+package com.gruchalski.idp.spi.actions;
+
+import org.keycloak.authentication.RequiredActionContext;
+import org.keycloak.authentication.RequiredActionProvider;
+
+public class UserMustBeApprovedAction implements RequiredActionProvider {
+
+    public static String PROVIDER_ID = "USER_MUST_BE_APPROVED";
+
+    @Override
+    public void evaluateTriggers(RequiredActionContext requiredActionContext) {}
+
+    @Override
+    public void requiredActionChallenge(RequiredActionContext requiredActionContext) {
+        if (requiredActionContext
+                .getUser()
+                .getAttributes()
+                .containsKey("x-approved")) {
+            requiredActionContext.success();
+        } else {
+            requiredActionContext
+                .getAuthenticationSession()
+                .setRedirectUri("/errors/approval-required/");
+            requiredActionContext.failure();
+        }
+    }
+
+    @Override
+    public void processAction(RequiredActionContext requiredActionContext) {}
+
+    @Override
+    public void close() {}
+}
+
--- a/src/main/java/com/gruchalski/idp/spi/actions/UserMustBeApprovedActionFactory.java
+++ b/src/main/java/com/gruchalski/idp/spi/actions/UserMustBeApprovedActionFactory.java
@ -0,0 +1,40 @@
+// original author: radek gruchalski
+// https://gruchalski.com/posts/2021-06-06-extending-keycloak-required-action-providers/
+
+package com.gruchalski.idp.spi.actions;
+
+import org.keycloak.Config;
+import org.keycloak.authentication.RequiredActionFactory;
+import org.keycloak.authentication.RequiredActionProvider;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.KeycloakSessionFactory;
+
+public class UserMustBeApprovedActionFactory implements RequiredActionFactory {
+
+    private static final UserMustBeApprovedAction SINGLETON = new UserMustBeApprovedAction();
+
+    @Override
+    public RequiredActionProvider create(KeycloakSession session) {
+        return SINGLETON;
+    }
+
+    @Override
+    public void init(Config.Scope scope) {}
+
+    @Override
+    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {}
+
+    @Override
+    public void close() {}
+
+    @Override
+    public String getId() {
+        return UserMustBeApprovedAction.PROVIDER_ID;
+    }
+
+    @Override
+    public String getDisplayText() {
+        return "User must be approved by an admin.";
+    }
+}
+
--- a/src/main/java/net/micedre/keycloak/registration/RegistrationProfileDomainValidation.java
+++ b/src/main/java/net/micedre/keycloak/registration/RegistrationProfileDomainValidation.java
@ -8,9 +8,12 @@ import org.keycloak.authentication.forms.RegistrationProfile;
 import org.keycloak.events.Details;
 import org.keycloak.events.Errors;
 import org.keycloak.models.AuthenticatorConfigModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
 import org.keycloak.models.utils.FormMessage;
 import org.keycloak.services.messages.Messages;
 import org.keycloak.services.validation.Validation;
+import org.keycloak.storage.adapter.AbstractUserAdapter;

 import jakarta.ws.rs.core.MultivaluedMap;
 import java.util.ArrayList;
@ -82,8 +85,15 @@ public abstract class RegistrationProfileDomainValidation extends RegistrationPr
      boolean emailDomainValid = isEmailValid(email, domainList);

      if (!emailDomainValid) {
-         context.getEvent().detail(Details.EMAIL, email);
-         errors.add(new FormMessage(RegistrationPage.FIELD_EMAIL, Messages.INVALID_EMAIL));
+         // add user to a "waiting" group
+         // show a message saying you need to be approved by admin
+         KeycloakSession session = context.getSession();
+         RealmModel realm = context.getRealm();
+         AbstractUserAdapter user = new AbstractUserAdapter();
+         user.addRequiredAction("USER_MUST_BE_APPROVED");
+         setRequiredActions(context.getSession(), context.getRealm(), user);
+
+         context.success();
      }
      if (errors.size() > 0) {
         context.error(eventError);
--- a/src/main/resources/META-INF/services/org.keycloak.authentication.RequiredActionFactory
+++ b/src/main/resources/META-INF/services/org.keycloak.authentication.RequiredActionFactory
@ -0,0 +1 @@
+com.gruchalski.idp.spi.actions.UserMustBeApprovedActionFactory
				`@ -0,0 +1 @@`
				`com.gruchalski.idp.spi.actions.UserMustBeApprovedActionFactory`