JdbcUserFederationProvider

1. package com.imetrik.saas.server.services.insuranceWebUIBackend.dao.federation;
2.  
3. import com.imetrik.global.common.util.PasswordHasher;
4. import lombok.Getter;
5. import org.keycloak.models.*;
6. import org.skife.jdbi.v2.DBI;
7.  
8. import java.util.*;
9.  
10. /**
11.  * User: Remi
12.  * Date: 2015-10-05
13.  * Time: 12:20 PM
14.  */
15. public class JdbcUserFederationProvider implements UserFederationProvider {
16.     protected static final Set<String> supportedCredentialTypes = new HashSet<String>();
17.  
18.     @Getter
19.     private KeycloakSession session;
20.     @Getter
21.     private UserFederationProviderModel model;
22.     @Getter
23.     private DBI dbi;
24.  
25.     static {
26.         supportedCredentialTypes.add(UserCredentialModel.PASSWORD);
27.     }
28.  
29.     public JdbcUserFederationProvider(KeycloakSession session, UserFederationProviderModel model, DBI dbi) {
30.         this.session = session;
31.         this.model = model;
32.         this.dbi = dbi;
33.     }
34.  
35.     @Override
36.     public UserModel validateAndProxy(RealmModel realm, UserModel local) {
37.         return local;
38.     }
39.  
40.     @Override
41.     public boolean synchronizeRegistrations() {
42.         return false;
43.     }
44.  
45.     @Override
46.     public UserModel register(RealmModel realm, UserModel user) {
47.         throw new IllegalStateException("Registration not supported");
48.     }
49.  
50.     @Override
51.     public boolean removeUser(RealmModel realm, UserModel user) {
52.         throw new IllegalStateException("Remove not supported");
53.     }
54.  
55.     //This method is called if the user doesn't exist in keycloak
56.     @Override
57.     public UserModel getUserByUsername(RealmModel realm, String username) {
58.         Map<String,Object> map = getDbi().withHandle(handle -> handle.createQuery("SELECT * FROM users WHERE username = :username").bind("username",username).first());
59.         if (map != null) {
60.             UserModel userModel = session.userStorage().addUser(realm, username);
61.  
62.             //How to update the email field ?
63.             userModel.setEmail((String) map.get("email"));
64.  
65.             return userModel;
66.         }
67.         return null;
68.     }
69.  
70.     @Override
71.     public UserModel getUserByEmail(RealmModel realm, String email) {
72.         Map<String,Object> map = getDbi().withHandle(handle -> handle.createQuery("SELECT * FROM users WHERE email = :email").bind("email",email).first());
73.         if (map != null) {
74.             UserModel userModel = session.userStorage().addUser(realm, (String) map.get("username"));
75.  
76.             //How to update the email field ?
77.             userModel.setEmail(email);
78.  
79.             return userModel;
80.         }
81.         return null;
82.     }
83.  
84.     @Override
85.     public List<UserModel> searchByAttributes(Map<String, String> attributes, RealmModel realm, int maxResults) {
86.         return Collections.emptyList();
87.     }
88.  
89.     @Override
90.     public void preRemove(RealmModel realm) {
91.         //nothing to do
92.     }
93.  
94.     @Override
95.     public void preRemove(RealmModel realm, RoleModel role) {
96.         //nothing to do
97.     }
98.  
99.     //Because we are importing over time in keycloak, we don't care about the origin
100.     @Override
101.     public boolean isValid(RealmModel realm, UserModel local) {
102.         return true;
103.     }
104.  
105.     @Override
106.     public Set<String> getSupportedCredentialTypes(UserModel user) {
107.         return supportedCredentialTypes;
108.     }
109.  
110.     @Override
111.     public Set<String> getSupportedCredentialTypes() {
112.         return supportedCredentialTypes;
113.     }
114.  
115.     @Override
116.     public boolean validCredentials(RealmModel realm, UserModel user, List<UserCredentialModel> input) {
117.         return validCredentials(realm, user, input.toArray(new UserCredentialModel[input.size()]));
118.     }
119.  
120.     @Override
121.     public boolean validCredentials(RealmModel realm, UserModel user, UserCredentialModel... input) {
122.         for (UserCredentialModel cred : input) {
123.             if (cred.getType().equals(UserCredentialModel.PASSWORD)) {
124.                 String hashedPassword = getDbi().withHandle(handle -> handle.createQuery("SELECT password FROM users WHERE username = :username").bind("username", user.getUsername()).mapTo(String.class).first());
125.  
126.                 if (PasswordHasher.hashPassword(cred.getValue(), user.getUsername()).equals(hashedPassword)) {
127.                     //User has valid password in the old system, so we will update his password in keycloak
128.                     //is this the right way to do it ?
129.                     user.updateCredential(cred);
130.                     user.setFederationLink(null); //no more federated
131.                 }
132.  
133.             } else {
134.                 return false; // invalid cred type
135.             }
136.         }
137.         return false;
138.     }
139.  
140.     @Override
141.     public CredentialValidationOutput validCredentials(RealmModel realm, UserCredentialModel credential) {
142.         return CredentialValidationOutput.failed();
143.     }
144.  
145.     @Override
146.     public void close() {
147.         //nothing to do
148.     }
149. }