AIRAVATA-2342 Detecting UPDATE_PASSWORD required action when login fails

apache · May 11, 2017 · 1a39567 · 1a39567
1 parent 8154eac
commit 1a39567
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 4 deletions.
diff --git a/app/controllers/AccountController.php b/app/controllers/AccountController.php
@@ -112,7 +112,11 @@ public function loginSubmit()
             $password = $_POST['password'];
             $response = Keycloak::authenticate($username, $password);
             if(!isset($response->access_token)){
-                return Redirect::to("login")->with("invalid-credentials", true);
+                if (Keycloak::isUpdatePasswordRequired($username)) {
+                    return Redirect::to("login")->with("update-password-required", true);
+                } else {
+                    return Redirect::to("login")->with("invalid-credentials", true);
+                }
             }
 
             $accessToken = $response->access_token;

diff --git a/app/libraries/Keycloak/Keycloak.php b/app/libraries/Keycloak/Keycloak.php
@@ -381,6 +381,22 @@ public function usernameExists($username){
         }
     }
 
+    // TODO: move this to IamAdminServices
+    public function isUpdatePasswordRequired($username) {
+
+        try{
+            $users = $this->users->getUsers($this->realm, $username);
+            if ($users != null && count($users) == 1) {
+                return in_array("UPDATE_PASSWORD", $users[0]->requiredActions);
+            } else {
+                return false;
+            }
+        }catch (Exception $ex){
+            // Username does not exists
+            return false;
+        }
+    }
+
     public function getAdminAuthzToken() {
 
         $access_token = KeycloakUtil::getAPIAccessToken($this->base_endpoint_url, $this->realm, $this->admin_username, $this->admin_password, $this->verify_peer);

diff --git a/app/views/account/login.blade.php b/app/views/account/login.blade.php
@@ -20,9 +20,11 @@
         @if( Session::has("invalid-credentials") )
         {{ CommonUtilities::print_error_message('Invalid username or password. Please try again.') }}
         @endif
-        <?php
-        Session::forget("invalid-credentials");
-        ?>
+        @if( Session::has("update-password-required") )
+        <div class="alert alert-danger">
+            Your password has expired. Please <a href="{{URL::to('/') }}/forgot-password">reset your password</a>.
+        </div>
+        @endif
 
         <div class="form-group">
             <label class="sr-only" for="username">Username</label>