form action refactor

forms/common-themes/src/main/resources/theme/base/login/messages/messages_de.properties

@@ -13,6 +13,7 @@ kerberosNotConfigured=Kerberos Not Configured
 kerberosNotConfiguredTitle=Kerberos Not Configured
 bypassKerberos=Your browser is not set up for Kerberos login.  Please click continue to login in through other means
 kerberosNotSetUp=Kerberos is not set up.  You cannot login.
+recaptchaFailed=Recaptcha Failed
 
 registerWithTitle=Registrierung bei {0}
 registerWithTitleHtml=Registrierung bei <strong>{0}</strong>

forms/common-themes/src/main/resources/theme/base/login/messages/messages_en.properties

@@ -30,6 +30,7 @@ codeSuccessTitle=Success code
 codeErrorTitle=Error code\: {0}
 termsTitle=Terms and Conditions
 termsTitleHtml=Terms and Conditions
+recaptchaFailed=Recaptcha Failed
 
 noAccount=New user?
 username=Username

forms/common-themes/src/main/resources/theme/base/login/messages/messages_it.properties

@@ -13,6 +13,7 @@ bypassKerberos=Your browser is not set up for Kerberos login.  Please click cont
 kerberosNotSetUp=Kerberos is not set up.  You cannot login.
 kerberosNotConfigured=Kerberos Not Configured
 kerberosNotConfiguredTitle=Kerberos Not Configured
+recaptchaFailed=Recaptcha Failed
 
 registerWithTitle=Registrati come {0}
 registerWithTitleHtml=Registrati come <strong>{0}</strong>

forms/common-themes/src/main/resources/theme/base/login/messages/messages_pt_BR.properties

@@ -13,6 +13,7 @@ bypassKerberos=Your browser is not set up for Kerberos login.  Please click cont
 kerberosNotSetUp=Kerberos is not set up.  You cannot login.
 kerberosNotConfigured=Kerberos Not Configured
 kerberosNotConfiguredTitle=Kerberos Not Configured
+recaptchaFailed=Recaptcha Failed
 
 registerWithTitle=Registre-se com {0}
 registerWithTitleHtml=Registre-se com <strong>{0}</strong>

forms/common-themes/src/main/resources/theme/base/login/register.ftl

@@ -107,7 +107,13 @@
                     <input type="text" class="${properties.kcInputClass!}"  id="user.attributes.country" name="user.attributes.country"/>
                 </div>
             </div>
-
+            <#if recaptchaRequired??>
+            <div class="form-group">
+                <div class="${properties.kcInputWrapperClass!}">
+                    <div class="g-recaptcha" data-sitekey="${recaptchaSiteKey}"></div>
+                </div>
+            </div>
+            </#if>
 
             <div class="${properties.kcFormGroupClass!}">
                 <div id="kc-form-options" class="${properties.kcFormOptionsClass!}">

forms/common-themes/src/main/resources/theme/base/login/template.ftl

@@ -21,6 +21,11 @@
             <script src="${url.resourcesPath}/${script}" type="text/javascript"></script>
         </#list>
     </#if>
+    <#if scripts??>
+        <#list scripts as script>
+            <script src="${script}" type="text/javascript"></script>
+        </#list>
+    </#if>
 </head>
 
 <body class="${properties.kcBodyClass!}">

forms/login-api/src/main/java/org/keycloak/login/LoginFormsProvider.java

@@ -63,6 +63,8 @@ public interface LoginFormsProvider extends Provider {
      */
     public LoginFormsProvider setErrors(List<FormMessage> messages);
 
+    LoginFormsProvider addError(FormMessage errorMessage);
+
     public LoginFormsProvider setSuccess(String message, Object ... parameters);
 
     public LoginFormsProvider setUser(UserModel user);

forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginFormsProvider.java

@@ -3,7 +3,6 @@
 import org.jboss.logging.Logger;
 import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
 import org.keycloak.OAuth2Constants;
-import org.keycloak.authentication.AuthenticationProcessor;
 import org.keycloak.email.EmailException;
 import org.keycloak.email.EmailProvider;
 import org.keycloak.freemarker.BrowserSecurityHeaderSetup;
@@ -39,8 +38,8 @@
 import org.keycloak.models.RoleModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.utils.FormMessage;
-import org.keycloak.services.messages.Messages;
 import org.keycloak.services.Urls;
+import org.keycloak.services.messages.Messages;
 
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
@@ -52,6 +51,7 @@
 import java.text.MessageFormat;
 import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
@@ -61,7 +61,7 @@
 /**
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
  */
-    public class FreeMarkerLoginFormsProvider implements LoginFormsProvider {
+public class FreeMarkerLoginFormsProvider implements LoginFormsProvider {
 
     private static final Logger logger = Logger.getLogger(FreeMarkerLoginFormsProvider.class);
 
@@ -445,13 +445,29 @@ public FreeMarkerLoginFormsProvider setError(String message, Object... parameter
 
     @Override
     public LoginFormsProvider setErrors(List<FormMessage> messages) {
+        if (messages == null) return this;
         this.messageType = MessageType.ERROR;
         this.messages = new ArrayList<>(messages);
         return this;
     }
 
     @Override
-    public FreeMarkerLoginFormsProvider setSuccess(String message, Object ... parameters) {
+    public LoginFormsProvider addError(FormMessage errorMessage) {
+        if (this.messageType != MessageType.ERROR) {
+            this.messageType = null;
+            this.messages = null;
+        }
+        if (messages == null) {
+            this.messageType = MessageType.ERROR;
+            this.messages = new LinkedList<>();
+        }
+        this.messages.add(errorMessage);
+        return this;
+
+    }
+
+    @Override
+    public FreeMarkerLoginFormsProvider setSuccess(String message, Object... parameters) {
         setMessage(MessageType.SUCCESS, message, parameters);
         return this;
     }

model/api/src/main/java/org/keycloak/models/utils/DefaultAuthenticationFlows.java

@@ -34,7 +34,9 @@ public static void registrationFlow(RealmModel realm) {
         registrationFormFlow.setProviderId("form-flow");
         registrationFormFlow = realm.addAuthenticationFlow(registrationFormFlow);
 
-        AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
+        AuthenticationExecutionModel execution;
+
+        execution = new AuthenticationExecutionModel();
         execution.setParentFlow(registrationFlow.getId());
         execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
         execution.setAuthenticator("registration-page-form");
@@ -47,7 +49,7 @@ public static void registrationFlow(RealmModel realm) {
         execution = new AuthenticationExecutionModel();
         execution.setParentFlow(registrationFormFlow.getId());
         execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
-        execution.setAuthenticator("username-validation-action");
+        execution.setAuthenticator("registration-user-creation");
         execution.setPriority(20);
         execution.setUserSetupAllowed(false);
         execution.setAutheticatorFlow(false);
@@ -56,31 +58,32 @@ public static void registrationFlow(RealmModel realm) {
         execution = new AuthenticationExecutionModel();
         execution.setParentFlow(registrationFormFlow.getId());
         execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
-        execution.setAuthenticator("profile-validation-action");
-        execution.setPriority(30);
+        execution.setAuthenticator("registration-profile-action");
+        execution.setPriority(40);
         execution.setUserSetupAllowed(false);
         execution.setAutheticatorFlow(false);
         realm.addAuthenticatorExecution(execution);
 
         execution = new AuthenticationExecutionModel();
         execution.setParentFlow(registrationFormFlow.getId());
         execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
-        execution.setAuthenticator("password-validation-action");
-        execution.setPriority(40);
+        execution.setAuthenticator("registration-password-action");
+        execution.setPriority(50);
         execution.setUserSetupAllowed(false);
         execution.setAutheticatorFlow(false);
         realm.addAuthenticatorExecution(execution);
 
         execution = new AuthenticationExecutionModel();
         execution.setParentFlow(registrationFormFlow.getId());
-        execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
-        execution.setAuthenticator("registration-user-creation");
-        execution.setPriority(50);
+        execution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED);
+        execution.setAuthenticator("registration-recaptcha-action");
+        execution.setPriority(60);
         execution.setUserSetupAllowed(false);
         execution.setAutheticatorFlow(false);
         realm.addAuthenticatorExecution(execution);
 
 
+
     }
 
     public static void browserFlow(RealmModel realm) {

model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/ClientSessionAdapter.java

@@ -227,7 +227,8 @@ public UserModel getAuthenticatedUser() {
 
     @Override
     public void setAuthenticatedUser(UserModel user) {
-        entity.setAuthUserId(user.getId());
+        if (user == null) entity.setAuthUserId(null);
+        else entity.setAuthUserId(user.getId());
         update();
 
     }

model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/ClientSessionAdapter.java

@@ -306,6 +306,7 @@ public UserModel getAuthenticatedUser() {
 
     @Override
     public void setAuthenticatedUser(UserModel user) {
-        entity.setUserId(user.getId());
+        if (user == null) entity.setUserId(null);
+        else entity.setUserId(user.getId());
     }
 }

model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/ClientSessionAdapter.java

@@ -193,7 +193,8 @@ public UserModel getAuthenticatedUser() {
 
     @Override
     public void setAuthenticatedUser(UserModel user) {
-        entity.setAuthUserId(user.getId());
+        if (user == null) entity.setAuthUserId(null);
+        else entity.setAuthUserId(user.getId());
 
     }
 }

model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/ClientSessionAdapter.java

@@ -210,7 +210,8 @@ public UserModel getAuthenticatedUser() {
 
     @Override
     public void setAuthenticatedUser(UserModel user) {
-        entity.setAuthUserId(user.getId());
+        if (user == null) entity.setAuthUserId(null);
+        else entity.setAuthUserId(user.getId());
         updateMongoEntity();
 
     }

services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java

@@ -45,7 +45,6 @@ public class AuthenticationProcessor {
     protected EventBuilder event;
     protected HttpRequest request;
     protected String flowId;
-    protected String action;
     /**
      * This could be an error message forwarded from brokering when the broker failed authentication
      * and we want to continue authentication locally.  forwardedErrorMessage can then be displayed by
@@ -151,16 +150,39 @@ public AuthenticationProcessor setFlowId(String flowId) {
         return this;
     }
 
-    public AuthenticationProcessor setAction(String action) {
-        this.action = action;
-        return this;
-    }
-
     public AuthenticationProcessor setForwardedErrorMessage(String forwardedErrorMessage) {
         this.forwardedErrorMessage = forwardedErrorMessage;
         return this;
     }
 
+    public String generateCode() {
+        ClientSessionCode accessCode = new ClientSessionCode(getRealm(), getClientSession());
+        clientSession.setTimestamp(Time.currentTime());
+        return accessCode.getCode();
+    }
+
+    public EventBuilder newEvent() {
+        this.event = new EventBuilder(realm, session, connection);
+        return this.event;
+    }
+
+    public EventBuilder getEvent() {
+        return event;
+    }
+
+    public HttpRequest getRequest() {
+        return request;
+    }
+
+    public void setAutheticatedUser(UserModel user) {
+        UserModel previousUser = clientSession.getAuthenticatedUser();
+        if (previousUser != null && !user.getId().equals(previousUser.getId()))
+            throw new AuthException(Error.USER_CONFLICT);
+        validateUser(user);
+        getClientSession().setAuthenticatedUser(user);
+    }
+
+
     private class Result implements AuthenticatorContext {
         AuthenticatorConfigModel authenticatorConfig;
         AuthenticationExecutionModel execution;
@@ -178,8 +200,7 @@ private Result(AuthenticationExecutionModel execution, Authenticator authenticat
 
         @Override
         public EventBuilder newEvent() {
-            AuthenticationProcessor.this.event = new EventBuilder(realm, session, connection);
-            return AuthenticationProcessor.this.event;
+            return AuthenticationProcessor.this.newEvent();
         }
 
         @Override
@@ -213,11 +234,6 @@ public AuthenticatorConfigModel getAuthenticatorConfig() {
             return authenticatorConfig;
         }
 
-        @Override
-        public String getAction() {
-            return AuthenticationProcessor.this.action;
-        }
-
         @Override
         public Authenticator getAuthenticator() {
             return authenticator;
@@ -288,11 +304,7 @@ public UserModel getUser() {
 
         @Override
         public void setUser(UserModel user) {
-            UserModel previousUser = getUser();
-            if (previousUser != null && !user.getId().equals(previousUser.getId()))
-                throw new AuthException(Error.USER_CONFLICT);
-            validateUser(user);
-            getClientSession().setAuthenticatedUser(user);
+            setAutheticatedUser(user);
         }
 
         @Override
@@ -347,11 +359,10 @@ public String getForwardedErrorMessage() {
 
         @Override
         public String generateAccessCode() {
-            ClientSessionCode accessCode = new ClientSessionCode(getRealm(), getClientSession());
-            clientSession.setTimestamp(Time.currentTime());
-            return accessCode.getCode();
+            return generateCode();
         }
 
+
         @Override
         public Response getChallenge() {
             return challenge;

services/src/main/java/org/keycloak/authentication/AuthenticatorContext.java

@@ -27,17 +27,7 @@ public interface AuthenticatorContext {
 
     void setExecution(AuthenticationExecutionModel execution);
 
-    AuthenticatorConfigModel getAuthenticatorConfig();
-
-    String getAction();
-
-    Authenticator getAuthenticator();
-
-    void setAuthenticator(Authenticator authenticator);
-
-    AuthenticationProcessor.Status getStatus();
-
-    UserModel getUser();
+     UserModel getUser();
 
     void setUser(UserModel user);
 
@@ -55,17 +45,6 @@ public interface AuthenticatorContext {
     HttpRequest getHttpRequest();
     BruteForceProtector getProtector();
 
-    AuthenticationExecutionModel.Requirement getCategoryRequirementFromCurrentFlow(String authenticatorCategory);
-
-    void success();
-    void failure(AuthenticationProcessor.Error error);
-    void failure(AuthenticationProcessor.Error error, Response response);
-    void challenge(Response challenge);
-
-    void forceChallenge(Response challenge);
-
-    void failureChallenge(AuthenticationProcessor.Error error, Response challenge);
-    void attempted();
 
     /**
      * This could be an error message forwarded from brokering when the broker failed authentication
@@ -81,6 +60,27 @@ public interface AuthenticatorContext {
      */
     String generateAccessCode();
 
+    AuthenticatorConfigModel getAuthenticatorConfig();
+
+    Authenticator getAuthenticator();
+
+    void setAuthenticator(Authenticator authenticator);
+
+    AuthenticationProcessor.Status getStatus();
+
+    AuthenticationExecutionModel.Requirement getCategoryRequirementFromCurrentFlow(String authenticatorCategory);
+
+    void success();
+    void failure(AuthenticationProcessor.Error error);
+    void failure(AuthenticationProcessor.Error error, Response response);
+    void challenge(Response challenge);
+
+    void forceChallenge(Response challenge);
+
+    void failureChallenge(AuthenticationProcessor.Error error, Response challenge);
+    void attempted();
+
+
     Response getChallenge();
 
     AuthenticationProcessor.Error getError();