Alterations for Social Linking

1. SocialLinkModel socialLink = new SocialLinkModel(provider.getId(), socialUser.getId(), socialUser.getUsername());
2. UserModel user = realm.getUserBySocialLink(socialLink);
3.  
4. // Check if user is already authenticated (this means linking social into existing user account)
5. String userId = requestData.getClientAttribute("userId");
6. if (userId != null) {
7.     UserModel authenticatedUser = realm.getUserById(userId);
8.  
9.     audit.event(EventType.SOCIAL_LINK).user(userId);
10.  
11.     if (user != null) {
12.         audit.error(Errors.SOCIAL_ID_IN_USE);
13.         return oauth.forwardToSecurityFailure("This social account is already linked to other user");
14.     }
15.  
16.     if (!authenticatedUser.isEnabled()) {
17.         audit.error(Errors.USER_DISABLED);
18.         return oauth.forwardToSecurityFailure("User is disabled");
19.     }
20.  
21.     if (!realm.hasRole(authenticatedUser, realm.getApplicationByName(Constants.ACCOUNT_MANAGEMENT_APP).getRole(AccountRoles.MANAGE_ACCOUNT))) {
22.         audit.error(Errors.NOT_ALLOWED);
23.         return oauth.forwardToSecurityFailure("Insufficient permissions to link social account");
24.     }
25.  
26.     if (redirectUri == null) {
27.         audit.error(Errors.INVALID_REDIRECT_URI);
28.         return oauth.forwardToSecurityFailure("Unknown redirectUri");
29.     }
30.  
31.     realm.addSocialLink(authenticatedUser, socialLink);
32.     logger.debug("Social provider " + provider.getId() + " linked with user " + authenticatedUser.getLoginName());
33.  
34.     audit.success();
35.     return Response.status(302).location(UriBuilder.fromUri(redirectUri).build()).build();
36. }
37.  
38.     /* ALTERATIONS BEGIN HERE */
39.  
40.     user = realm.getUserByEmail(socialUser.getEmail());
41.     // Unauthenticated user and inexistent socialLink. Try to find an existing user by email
42.     if (user != null) {
43.         if (!user.isEnabled()) {
44.             audit.error(Errors.USER_DISABLED);
45.             return oauth.forwardToSecurityFailure("User is disabled");
46.         }
47.  
48.         if (!realm.hasRole(user, realm.getApplicationByName(Constants.ACCOUNT_MANAGEMENT_APP).getRole(AccountRoles.MANAGE_ACCOUNT))) {
49.             audit.error(Errors.NOT_ALLOWED);
50.             return oauth.forwardToSecurityFailure("Insufficient permissions to link social account");
51.         }
52.  
53.         realm.addSocialLink(user, socialLink);
54.         logger.debug("Social provider " + provider.getId() + " linked with unauthenticated user " + user.getLoginName());
55.     }
56.  
57.     /* ALTERATIONS END HERE */
58.  
59.     if (user == null) {
60.  
61.         if (!realm.isRegistrationAllowed()) {
62.             audit.error(Errors.REGISTRATION_DISABLED);
63.             return oauth.forwardToSecurityFailure("Registration not allowed");
64.         }
65.  
66.         user = realm.addUser(KeycloakModelUtils.generateId());
67.         user.setEnabled(true);
68.         user.setFirstName(socialUser.getFirstName());
69.         user.setLastName(socialUser.getLastName());
70.         user.setEmail(socialUser.getEmail());
71.  
72.         if (realm.isUpdateProfileOnInitialSocialLogin()) {
73.             user.addRequiredAction(UserModel.RequiredAction.UPDATE_PROFILE);
74.         }
75.  
76.         realm.addSocialLink(user, socialLink);
77.  
78.         audit.clone().user(user).event(EventType.REGISTER)
79.             .detail(Details.REGISTER_METHOD, "social@" + provider.getId())
80.             .detail(Details.EMAIL, socialUser.getEmail())
81.             .removeDetail("auth_method")
82.             .success();
83.     }
84.  
85.     // Rest of the implementation