change reset password

keycloak · Aug 20, 2015 · 1654be0 · 1654be0
1 parent 743ea95
commit 1654be0
Show file tree

Hide file tree

Showing 24 changed files with 231 additions and 222 deletions.
diff --git a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_en.properties b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_en.properties
@@ -81,9 +81,7 @@ emailVerifyInstruction3=to re-send the email.
 
 backToLogin=&laquo; Back to Login
 
-temporaryEmailCode=Temporary Email Code
 emailInstruction=Enter your username or email address and we will send you instructions on how to create a new password.
-validateResetEmailInstruction=You have just been sent an email.  Clicking on the URL in the email will allow you to reset credentials and log in.  Alternatively, you can manually enter in the temporary code provided in the email in the textbox to the left and hit submit.
 
 copyCodeInstruction=Please copy this code and paste it into your application:
 

diff --git a/forms/common-themes/src/main/resources/theme/keycloak/email/html/password-reset.ftl b/forms/common-themes/src/main/resources/theme/keycloak/email/html/password-reset.ftl
@@ -1,5 +1,5 @@
 <html>
 <body>
-${msg("passwordResetBodyHtml",link, linkExpiration, realmName, code)}
+${msg("passwordResetBodyHtml",link, linkExpiration, realmName)}
 </body>
 </html>
diff --git a/forms/common-themes/src/main/resources/theme/keycloak/email/messages/messages_de.properties b/forms/common-themes/src/main/resources/theme/keycloak/email/messages/messages_de.properties
@@ -1,7 +1,7 @@
 emailVerificationSubject=E-Mail verifizieren
 passwordResetSubject=Passwort zur\u00FCckzusetzen
-passwordResetBody=Someone just requested to change your {2} account''s password. If this was you, click on the link below to set a new password or cut and paste the temporary code to the forgot password form.\n\n{0}\n\nTemporary Code: {3}\n\nThis link and code will expire within {1} minutes.\n\nIf you don''t want to reset your password, just ignore this message and nothing will be changed.
-passwordResetBodyHtml=<p>Someone just requested to change your {2} account''s password. If this was you, click on the link below to set a new password  or cut and paste the temporary code to the forgot password form</p><p><a href="{0}">{0}</a></p><p>Temporary code: {3}<p>This link will expire within {1} minutes.</p><p>If you don''t want to reset your password, just ignore this message and nothing will be changed.</p>
+passwordResetBody=Someone just requested to change your {2} account''s password. If this was you, click on the link below to set a new password.\n\n{0}\n\nThis link and code will expire within {1} minutes.\n\nIf you don''t want to reset your password, just ignore this message and nothing will be changed.
+passwordResetBodyHtml=<p>Someone just requested to change your {2} account''s password. If this was you, click on the link below to set a new password.</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you don''t want to reset your password, just ignore this message and nothing will be changed.</p>
 changePasswordSubject=Change password
 changePasswordBody=Your adminstrator has just requested that you change your {2} account''s password. Click on the link below to set a new password\n\n{0}\n\nThis link will expire within {1} minutes.\n\nIf you don''t want to reset your password, just ignore this message and nothing will be changed.
 changePasswordBodyHtml=<p>Your adminstrator has just requested that you change your {2} account''s password. Click on the link below to set a new password</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you don''t want to reset your password, just ignore this message and nothing will be changed.</p>

diff --git a/forms/common-themes/src/main/resources/theme/keycloak/email/messages/messages_en.properties b/forms/common-themes/src/main/resources/theme/keycloak/email/messages/messages_en.properties
@@ -2,8 +2,8 @@ emailVerificationSubject=Verify email
 emailVerificationBody=Someone has created a {2} account with this email address. If this was you, click the link below to verify your email address\n\n{0}\n\nThis link will expire within {1} minutes.\n\nIf you didn''t create this account, just ignore this message.
 emailVerificationBodyHtml=<p>Someone has created a {2} account with this email address. If this was you, click the link below to verify your email address</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you didn''t create this account, just ignore this message.</p>
 passwordResetSubject=Reset password
-passwordResetBody=Someone just requested to change your {2} account''s password. If this was you, click on the link below to set a new password or cut and paste the temporary code to the forgot password form.\n\n{0}\n\nTemporary Code: {3}\n\nThis link and code will expire within {1} minutes.\n\nIf you don''t want to reset your password, just ignore this message and nothing will be changed.
-passwordResetBodyHtml=<p>Someone just requested to change your {2} account''s password. If this was you, click on the link below to set a new password  or cut and paste the temporary code to the forgot password form</p><p><a href="{0}">{0}</a></p><p>Temporary code: {3}<p>This link will expire within {1} minutes.</p><p>If you don''t want to reset your password, just ignore this message and nothing will be changed.</p>
+passwordResetBody=Someone just requested to change your {2} account''s password. If this was you, click on the link below to set a new password.\n\n{0}\n\nThis link and code will expire within {1} minutes.\n\nIf you don''t want to reset your password, just ignore this message and nothing will be changed.
+passwordResetBodyHtml=<p>Someone just requested to change your {2} account''s password. If this was you, click on the link below to set a new password.</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you don''t want to reset your password, just ignore this message and nothing will be changed.</p>
 changePasswordSubject=Change password
 changePasswordBody=Your adminstrator has just requested that you change your {2} account''s password. Click on the link below to set a new password\n\n{0}\n\nThis link will expire within {1} minutes.\n\nIf you don''t want to reset your password, just ignore this message and nothing will be changed.
 changePasswordBodyHtml=<p>Your adminstrator has just requested that you change your {2} account''s password. Click on the link below to set a new password</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you don''t want to reset your password, just ignore this message and nothing will be changed.</p>

diff --git a/.../common-themes/src/main/resources/theme/keycloak/email/messages/messages_pt_BR.properties b/.../common-themes/src/main/resources/theme/keycloak/email/messages/messages_pt_BR.properties
@@ -2,8 +2,8 @@ emailVerificationSubject=Verifica\u00E7\u00E3o de e-mail
 emailVerificationBody=Algu\u00E9m criou uma conta {2} com este endere\u00E7o de e-mail. Se foi voc\u00EA, clique no link abaixo para verificar o seu endere\u00E7o de email\n\n{0}\n\nEste link ir\u00E1 expirar dentro de {1} minutos.\n\nSe n\u00E3o foi voc\u00EA que criou esta conta, basta ignorar esta mensagem.
 emailVerificationBodyHtml=<p>Algu\u00E9m criou uma conta {2} com este endere\u00E7o de e-mail. Se foi voc\u00EA, clique no link abaixo para verificar o seu endere\u00E7o de email</p><p><a href="{0}">{0}</a></p><p>Este link ir\u00E1 expirar dentro de {1} minutos.</p><p>Se n\u00E3o foi voc\u00EA que criou esta conta, basta ignorar esta mensagem.</p>
 passwordResetSubject=Redefini\u00E7\u00E3o de senha
-passwordResetBody=Someone just requested to change your {2} account''s password. If this was you, click on the link below to set a new password or cut and paste the temporary code to the forgot password form.\n\n{0}\n\nTemporary Code: {3}\n\nThis link and code will expire within {1} minutes.\n\nIf you don''t want to reset your password, just ignore this message and nothing will be changed.
-passwordResetBodyHtml=<p>Someone just requested to change your {2} account''s password. If this was you, click on the link below to set a new password  or cut and paste the temporary code to the forgot password form</p><p><a href="{0}">{0}</a></p><p>Temporary code: {3}<p>This link will expire within {1} minutes.</p><p>If you don''t want to reset your password, just ignore this message and nothing will be changed.</p>
+passwordResetBody=Someone just requested to change your {2} account''s password. If this was you, click on the link below to set a new password.\n\n{0}\n\nThis link and code will expire within {1} minutes.\n\nIf you don''t want to reset your password, just ignore this message and nothing will be changed.
+passwordResetBodyHtml=<p>Someone just requested to change your {2} account''s password. If this was you, click on the link below to set a new password.</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you don''t want to reset your password, just ignore this message and nothing will be changed.</p>
 changePasswordSubject=Change password
 changePasswordBody=Your adminstrator has just requested that you change your {2} account''s password. Click on the link below to set a new password\n\n{0}\n\nThis link will expire within {1} minutes.\n\nIf you don''t want to reset your password, just ignore this message and nothing will be changed.
 changePasswordBodyHtml=<p>Your adminstrator has just requested that you change your {2} account''s password. Click on the link below to set a new password</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you don''t want to reset your password, just ignore this message and nothing will be changed.</p>

diff --git a/forms/common-themes/src/main/resources/theme/keycloak/email/text/password-reset.ftl b/forms/common-themes/src/main/resources/theme/keycloak/email/text/password-reset.ftl
@@ -1 +1 @@
-${msg("passwordResetBody",link, linkExpiration, realmName, code)}
+${msg("passwordResetBody",link, linkExpiration, realmName)}
diff --git a/forms/email-api/src/main/java/org/keycloak/email/EmailProvider.java b/forms/email-api/src/main/java/org/keycloak/email/EmailProvider.java
@@ -24,7 +24,7 @@ public interface EmailProvider extends Provider {
      * @param expirationInMinutes
      * @throws EmailException
      */
-    public void sendPasswordReset(String code, String link, long expirationInMinutes) throws EmailException;
+    public void sendPasswordReset(String link, long expirationInMinutes) throws EmailException;
 
     /**
      * Change password email requested by admin

diff --git a/...email-freemarker/src/main/java/org/keycloak/email/freemarker/FreeMarkerEmailProvider.java b/...email-freemarker/src/main/java/org/keycloak/email/freemarker/FreeMarkerEmailProvider.java
@@ -70,11 +70,10 @@ public void sendEvent(Event event) throws EmailException {
     }
 
     @Override
-    public void sendPasswordReset(String code, String link, long expirationInMinutes) throws EmailException {
+    public void sendPasswordReset(String link, long expirationInMinutes) throws EmailException {
         Map<String, Object> attributes = new HashMap<String, Object>();
         attributes.put("link", link);
         attributes.put("linkExpiration", expirationInMinutes);
-        attributes.put("code", code);
 
         String realmName = realm.getName().substring(0, 1).toUpperCase() + realm.getName().substring(1);
         attributes.put("realmName", realmName);

diff --git a/forms/login-api/src/main/java/org/keycloak/login/LoginFormsProvider.java b/forms/login-api/src/main/java/org/keycloak/login/LoginFormsProvider.java
@@ -72,6 +72,14 @@ public interface LoginFormsProvider extends Provider {
 
     LoginFormsProvider addError(FormMessage errorMessage);
 
+    /**
+     * Add a success message to the form
+     *
+     * @param errorMessage
+     * @return
+     */
+    LoginFormsProvider addSuccess(FormMessage errorMessage);
+
     public LoginFormsProvider setSuccess(String message, Object ... parameters);
 
     public LoginFormsProvider setUser(UserModel user);

diff --git a/...-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginFormsProvider.java b/...-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginFormsProvider.java
@@ -473,6 +473,21 @@ public LoginFormsProvider addError(FormMessage errorMessage) {
 
     }
 
+    @Override
+    public LoginFormsProvider addSuccess(FormMessage errorMessage) {
+        if (this.messageType != MessageType.SUCCESS) {
+            this.messageType = null;
+            this.messages = null;
+        }
+        if (messages == null) {
+            this.messageType = MessageType.SUCCESS;
+            this.messages = new LinkedList<>();
+        }
+        this.messages.add(errorMessage);
+        return this;
+
+    }
+
     @Override
     public FreeMarkerLoginFormsProvider setSuccess(String message, Object... parameters) {
         setMessage(MessageType.SUCCESS, message, parameters);

diff --git a/model/api/src/main/java/org/keycloak/models/utils/FormMessage.java b/model/api/src/main/java/org/keycloak/models/utils/FormMessage.java
@@ -34,6 +34,10 @@ public FormMessage(String field, String message, Object... parameters) {
 		this(field, message);
 		this.parameters = parameters;
 	}
+
+    public FormMessage(String message, Object...parameters) {
+        this(null, message, parameters);
+    }
 
 	/**
      * Create message without parameters.

diff --git a/services/src/main/java/org/keycloak/authentication/AbstractAuthenticationFlowContext.java b/services/src/main/java/org/keycloak/authentication/AbstractAuthenticationFlowContext.java
@@ -10,6 +10,7 @@
 import org.keycloak.models.AuthenticatorConfigModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
+import org.keycloak.models.utils.FormMessage;
 import org.keycloak.services.managers.BruteForceProtector;
 
 /**
@@ -79,11 +80,19 @@ public interface AbstractAuthenticationFlowContext {
     AuthenticatorConfigModel getAuthenticatorConfig();
 
     /**
-     * This could be an error message forwarded from brokering when the broker failed authentication
+     * This could be an error message forwarded from another authenticator that is restarting or continuing the flo.  For example
+     * the brokering API sends this when the broker failed authentication
      * and we want to continue authentication locally.  forwardedErrorMessage can then be displayed by
      * whatever form is challenging.
      */
-    String getForwardedErrorMessage();
+    FormMessage getForwardedErrorMessage();
+
+    /**
+     * This could be an success message forwarded from another authenticator that is restarting or continuing the flow.  For example
+     * a reset password sends an email, then resets the flow with a success message.  forwardedSuccessMessage can then be displayed by
+     * whatever form is challenging.
+     */
+    FormMessage getForwardedSuccessMessage();
 
     /**
      * Generates access code and updates clientsession timestamp

diff --git a/services/src/main/java/org/keycloak/authentication/AuthenticationFlowContext.java b/services/src/main/java/org/keycloak/authentication/AuthenticationFlowContext.java
@@ -4,6 +4,8 @@
 import org.keycloak.models.ClientSessionModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.UserSessionModel;
+import org.keycloak.models.utils.FormMessage;
+
 import java.net.URI;
 
 /**
@@ -70,9 +72,34 @@ public interface AuthenticationFlowContext extends AbstractAuthenticationFlowCon
     void cancelLogin();
 
     /**
-     * Abort the current flow and restart it using the realm's browser login
+     * Fork the current flow.  The client session will be cloned and set to point at the realm's browser login flow.  The Response will be the result
+     * of this fork.  The previous flow will still be set at the current execution.  This is used by reset password when it sends an email.
+     * It sends an email linking to the current flow and redirects the browser to a new browser login flow.
+     *
+     *
      *
      * @return
      */
-    void resetBrowserLogin();
+    void fork();
+
+    /**
+     * Fork the current flow.  The client session will be cloned and set to point at the realm's browser login flow.  The Response will be the result
+     * of this fork.  The previous flow will still be set at the current execution.  This is used by reset password when it sends an email.
+     * It sends an email linking to the current flow and redirects the browser to a new browser login flow.
+     *
+     * This method will set up a success message that will be displayed in the first page of the new flow
+     *
+     * @param message Corresponds to raw text or a message property defined in a message bundle
+     */
+    void forkWithSuccessMessage(FormMessage message);
+    /**
+     * Fork the current flow.  The client session will be cloned and set to point at the realm's browser login flow.  The Response will be the result
+     * of this fork.  The previous flow will still be set at the current execution.  This is used by reset password when it sends an email.
+     * It sends an email linking to the current flow and redirects the browser to a new browser login flow.
+     *
+     * This method will set up an error message that will be displayed in the first page of the new flow
+     *
+     * @param message Corresponds to raw text or a message property defined in a message bundle
+     */
+    void forkWithErrorMessage(FormMessage message);
 }
diff --git a/services/src/main/java/org/keycloak/authentication/AuthenticationFlowError.java b/services/src/main/java/org/keycloak/authentication/AuthenticationFlowError.java
@@ -17,7 +17,7 @@ public enum AuthenticationFlowError {
     USER_TEMPORARILY_DISABLED,
     INTERNAL_ERROR,
     UNKNOWN_USER,
-    RESET_TO_BROWSER_LOGIN,
+    FORK_FLOW,
     UNKNOWN_CLIENT,
     CLIENT_NOT_FOUND,
     CLIENT_DISABLED,