diff --git a/pom.xml b/pom.xml
index 3a725b7..a1960c6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -60,6 +60,12 @@
provided
${keycloak.version}
+
+ com.google.auto.service
+ auto-service
+ 1.0
+ true
+
diff --git a/src/main/java/com/github/thomasdarimont/keycloak/auth/RegistrationProfileDomainValidation.java b/src/main/java/com/github/thomasdarimont/keycloak/auth/RegistrationProfileDomainValidation.java
index 2971e91..61eeb0b 100644
--- a/src/main/java/com/github/thomasdarimont/keycloak/auth/RegistrationProfileDomainValidation.java
+++ b/src/main/java/com/github/thomasdarimont/keycloak/auth/RegistrationProfileDomainValidation.java
@@ -12,10 +12,12 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.FormMessage;
+import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.validation.Validation;
import jakarta.ws.rs.core.MultivaluedMap;
+import java.util.Arrays;
import java.util.ArrayList;
import java.util.List;
//
@@ -26,7 +28,10 @@ import org.keycloak.events.Errors;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.utils.FormMessage;
-public abstract class RegistrationProfileDomainValidation extends RegistrationUserCreation {
+import com.google.auto.service.AutoService;
+
+@AutoService(FormActionFactory.class)
+public class RegistrationProfileDomainValidation extends RegistrationUserCreation {
protected static final Logger logger = Logger.getLogger(RegistrationProfileDomainValidation.class);
protected static final String DEFAULT_DOMAIN_LIST = "example.org";
@@ -108,8 +113,62 @@ public abstract class RegistrationProfileDomainValidation extends RegistrationUs
}
}
- public abstract String[] getDomainList(AuthenticatorConfigModel mailDomainConfig);
+ public String[] getDomainList(AuthenticatorConfigModel mailDomainConfig) {
+ return mailDomainConfig.getConfig().getOrDefault(domainListConfigName, DEFAULT_DOMAIN_LIST).split(DOMAIN_LIST_SEPARATOR);
+ }
+
+ public boolean isEmailValid(String email, String[] domains) {
+ for (String domain : domains) {
+ if (email.endsWith("@" + domain) || email.equals(domain) || globmatches(email, "*@" + domain)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+
+ public static final String PROVIDER_ID = "registration-mail-check-action";
+
+ private static final List CONFIG_PROPERTIES = new ArrayList<>();
+
+ public static String domainListConfigName = "validDomains";
+
+ static {
+ ProviderConfigProperty property;
+ property = new ProviderConfigProperty();
+ property.setName(domainListConfigName);
+ property.setLabel("Valid domains for emails");
+ property.setType(ProviderConfigProperty.STRING_TYPE);
+ property.setHelpText("List mail domains authorized to register, separated by '##'");
+ CONFIG_PROPERTIES.add(property);
+ }
+
+ @Override
+ public String getDisplayType() {
+ return "Profile Validation with email domain check";
+ }
+
+ @Override
+ public String getId() {
+ return PROVIDER_ID;
+ }
+
+ @Override
+ public String getHelpText() {
+ return "Adds validation of domain emails for registration";
+ }
+
+ @Override
+ public List getConfigProperties() {
+ return CONFIG_PROPERTIES;
+ }
+
+ @Override
+ public void buildPage(FormContext context, LoginFormsProvider form) {
+ List authorizedMailDomains = Arrays.asList(
+ context.getAuthenticatorConfig().getConfig().getOrDefault(domainListConfigName,DEFAULT_DOMAIN_LIST).split(DOMAIN_LIST_SEPARATOR));
+ form.setAttribute("authorizedMailDomains", authorizedMailDomains);
+ }
- public abstract boolean isEmailValid(String email, String[] domains);
}
diff --git a/src/main/resources/META-INF/services/org.keycloak.authentication.FormActionFactory b/src/main/resources/META-INF/services/org.keycloak.authentication.FormActionFactory
index 157dcfe..0133c03 100644
--- a/src/main/resources/META-INF/services/org.keycloak.authentication.FormActionFactory
+++ b/src/main/resources/META-INF/services/org.keycloak.authentication.FormActionFactory
@@ -1,3 +1,3 @@
-com.thomasdarimont.keycloak.auth.CustomRegistrationUserCreation
-com.thomasdarimont.keycloak.auth.RegistrationProfileWithDomainBlock
-com.thomasdarimont.keycloak.auth.RegistrationProfileWithMailDomainCheck
+com.github.thomasdarimont.keycloak.auth.RegistrationProfileDomainValidation
+com.github.thomasdarimont.keycloak.auth.RegistrationProfileWithDomainBlock
+com.github.thomasdarimont.keycloak.auth.RegistrationProfileWithMailDomainCheck