bypass added

.gitignore

@@ -0,0 +1,13 @@
+.idea/
+target/
+pom.xml.tag
+pom.xml.releaseBackup
+pom.xml.versionsBackup
+pom.xml.next
+release.properties
+dependency-reduced-pom.xml
+buildNumber.properties
+.mvn/timing.properties
+
+# Avoid ignoring Maven wrapper jar file (.jar files are usually ignored)
+!/.mvn/wrapper/maven-wrapper.jar

pom.xml

@@ -13,7 +13,7 @@
     <packaging>jar</packaging>
 
     <properties>
-        <keycloak.version>18.0.0</keycloak.version>
+        <keycloak.version>20.0.1</keycloak.version>
     </properties>
 
     <dependencies>

src/main/java/ru/multifactor/keycloak/auth/spi/mf/MultifactorAuthenticator.java

@@ -128,7 +128,7 @@ public static boolean apiRequest(String url, String user, String apiKey, String
       }
       catch(Exception e)
       {
-        result.append("ERR: "+e.getMessage());
+        result.append("API UNREACHABLE");
         return false;
 
       }
@@ -159,15 +159,15 @@ public static boolean apiRequest(String url, String user, String apiKey, String
       return false; 		
     }
 
-    private javax.ws.rs.core.Response createMultifactorForm(AuthenticationFlowContext context, String error) {
+    private javax.ws.rs.core.Response createMultifactorForm(AuthenticationFlowContext context, String url, String error) {
         StringBuilder result=new StringBuilder("");
         LoginFormsProvider form;
-        if(apiRequest(apiURL(context)+"/access/requests", context.getUser().getUsername(), apiKey(context), apiSecret(context), result))
-          form=context.form().setAttribute("request_url",result.toString());
+        if(url!=null)
+          form=context.form().setAttribute("request_url",url);
         else
         {
           form=context.form().setAttribute("request_url","");
-          if (error == null) error=result.toString();
+          if (error == null) error="GENERAL ERROR";
         }
         if (error != null) 
             form.setError(error);
@@ -176,7 +176,11 @@ private javax.ws.rs.core.Response createMultifactorForm(AuthenticationFlowContex
 
     @Override
     public void authenticate(AuthenticationFlowContext context) {
-          context.challenge(createMultifactorForm(context, null));
+          StringBuilder result=new StringBuilder("");
+          if(apiRequest(apiURL(context)+"/access/requests", context.getUser().getUsername(), apiKey(context), apiSecret(context), result))
+          	context.challenge(createMultifactorForm(context, result.toString(), null));
+	  else if(result.toString().equals("API UNREACHABLE") && byPass(context)) context.success();
+          else context.challenge(createMultifactorForm(context, null, result.toString()));
     }
 
     @Override
@@ -187,14 +191,14 @@ public void action(AuthenticationFlowContext context) {
             return;
         }
         if (!formData.containsKey("jwt_token")) {
-            context.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS, createMultifactorForm(context, "missing token"));
+            context.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS, createMultifactorForm(context, null, "missing token"));
             return;
         }
         String token= formData.getFirst("jwt_token");
         StringBuilder result=new StringBuilder("");
         if(!chkToken(token, context.getUser().getUsername(), apiKey(context), apiSecret(context), result))
 	{
-            context.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS, createMultifactorForm(context, result.toString()));
+            context.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS, createMultifactorForm(context, null, result.toString()));
             return;
         }
         context.success();
@@ -218,5 +222,10 @@ private String apiURL(AuthenticationFlowContext context) {
         if (config == null) return "";
         return String.valueOf(config.getConfig().get(PROP_APIURL));
     }
+    private boolean byPass(AuthenticationFlowContext context) {
+        AuthenticatorConfigModel config = context.getAuthenticatorConfig();
+        if (config == null) return true;
+        return Boolean.valueOf(config.getConfig().get(PROP_BYPASS));
 
+    }
 }

src/main/java/ru/multifactor/keycloak/auth/spi/mf/MultifactorAuthenticatorFactory.java

@@ -18,6 +18,8 @@ public class MultifactorAuthenticatorFactory implements AuthenticatorFactory{
     public static final String PROP_KEY = "multifactor.key";
     public static final String PROP_SECRET = "multifactor.secret";
     public static final String PROP_APIURL = "multifactor.apiurl";
+    public static final String PROP_BYPASS = "multifactor.bypass";
+
 
     @Override
     public String getId() {
@@ -72,6 +74,15 @@ public boolean isConfigurable() {
         api_url.setType(ProviderConfigProperty.STRING_TYPE);
         api_url.setHelpText("Multifactor HTTP API URL");
         configProperties.add(api_url);
+
+        ProviderConfigProperty bypass = new ProviderConfigProperty();
+        bypass.setDefaultValue(true);
+        bypass.setName(PROP_BYPASS);
+        bypass.setLabel("Bypass");
+        bypass.setType(ProviderConfigProperty.BOOLEAN_TYPE);
+        bypass.setHelpText("Enable bypass when api unreachable");
+        configProperties.add(bypass);
+
     }
 
     @Override