Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SocialLinkModel socialLink = new SocialLinkModel(provider.getId(), socialUser.getId(), socialUser.getUsername());
- UserModel user = realm.getUserBySocialLink(socialLink);
- // Check if user is already authenticated (this means linking social into existing user account)
- String userId = requestData.getClientAttribute("userId");
- if (userId != null) {
- UserModel authenticatedUser = realm.getUserById(userId);
- audit.event(EventType.SOCIAL_LINK).user(userId);
- if (user != null) {
- audit.error(Errors.SOCIAL_ID_IN_USE);
- return oauth.forwardToSecurityFailure("This social account is already linked to other user");
- }
- if (!authenticatedUser.isEnabled()) {
- audit.error(Errors.USER_DISABLED);
- return oauth.forwardToSecurityFailure("User is disabled");
- }
- if (!realm.hasRole(authenticatedUser, realm.getApplicationByName(Constants.ACCOUNT_MANAGEMENT_APP).getRole(AccountRoles.MANAGE_ACCOUNT))) {
- audit.error(Errors.NOT_ALLOWED);
- return oauth.forwardToSecurityFailure("Insufficient permissions to link social account");
- }
- if (redirectUri == null) {
- audit.error(Errors.INVALID_REDIRECT_URI);
- return oauth.forwardToSecurityFailure("Unknown redirectUri");
- }
- realm.addSocialLink(authenticatedUser, socialLink);
- logger.debug("Social provider " + provider.getId() + " linked with user " + authenticatedUser.getLoginName());
- audit.success();
- return Response.status(302).location(UriBuilder.fromUri(redirectUri).build()).build();
- }
- /* ALTERATIONS BEGIN HERE */
- user = realm.getUserByEmail(socialUser.getEmail());
- // Unauthenticated user and inexistent socialLink. Try to find an existing user by email
- if (user != null) {
- if (!user.isEnabled()) {
- audit.error(Errors.USER_DISABLED);
- return oauth.forwardToSecurityFailure("User is disabled");
- }
- if (!realm.hasRole(user, realm.getApplicationByName(Constants.ACCOUNT_MANAGEMENT_APP).getRole(AccountRoles.MANAGE_ACCOUNT))) {
- audit.error(Errors.NOT_ALLOWED);
- return oauth.forwardToSecurityFailure("Insufficient permissions to link social account");
- }
- realm.addSocialLink(user, socialLink);
- logger.debug("Social provider " + provider.getId() + " linked with unauthenticated user " + user.getLoginName());
- }
- /* ALTERATIONS END HERE */
- if (user == null) {
- if (!realm.isRegistrationAllowed()) {
- audit.error(Errors.REGISTRATION_DISABLED);
- return oauth.forwardToSecurityFailure("Registration not allowed");
- }
- user = realm.addUser(KeycloakModelUtils.generateId());
- user.setEnabled(true);
- user.setFirstName(socialUser.getFirstName());
- user.setLastName(socialUser.getLastName());
- user.setEmail(socialUser.getEmail());
- if (realm.isUpdateProfileOnInitialSocialLogin()) {
- user.addRequiredAction(UserModel.RequiredAction.UPDATE_PROFILE);
- }
- realm.addSocialLink(user, socialLink);
- audit.clone().user(user).event(EventType.REGISTER)
- .detail(Details.REGISTER_METHOD, "social@" + provider.getId())
- .detail(Details.EMAIL, socialUser.getEmail())
- .removeDetail("auth_method")
- .success();
- }
- // Rest of the implementation
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement