SHARE
TWEET

Alterations for Social Linking

a guest Jun 10th, 2014 203 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. SocialLinkModel socialLink = new SocialLinkModel(provider.getId(), socialUser.getId(), socialUser.getUsername());
  2. UserModel user = realm.getUserBySocialLink(socialLink);
  3.  
  4. // Check if user is already authenticated (this means linking social into existing user account)
  5. String userId = requestData.getClientAttribute("userId");
  6. if (userId != null) {
  7.     UserModel authenticatedUser = realm.getUserById(userId);
  8.  
  9.     audit.event(EventType.SOCIAL_LINK).user(userId);
  10.  
  11.     if (user != null) {
  12.         audit.error(Errors.SOCIAL_ID_IN_USE);
  13.         return oauth.forwardToSecurityFailure("This social account is already linked to other user");
  14.     }
  15.  
  16.     if (!authenticatedUser.isEnabled()) {
  17.         audit.error(Errors.USER_DISABLED);
  18.         return oauth.forwardToSecurityFailure("User is disabled");
  19.     }
  20.  
  21.     if (!realm.hasRole(authenticatedUser, realm.getApplicationByName(Constants.ACCOUNT_MANAGEMENT_APP).getRole(AccountRoles.MANAGE_ACCOUNT))) {
  22.         audit.error(Errors.NOT_ALLOWED);
  23.         return oauth.forwardToSecurityFailure("Insufficient permissions to link social account");
  24.     }
  25.  
  26.     if (redirectUri == null) {
  27.         audit.error(Errors.INVALID_REDIRECT_URI);
  28.         return oauth.forwardToSecurityFailure("Unknown redirectUri");
  29.     }
  30.  
  31.     realm.addSocialLink(authenticatedUser, socialLink);
  32.     logger.debug("Social provider " + provider.getId() + " linked with user " + authenticatedUser.getLoginName());
  33.  
  34.     audit.success();
  35.     return Response.status(302).location(UriBuilder.fromUri(redirectUri).build()).build();
  36. }
  37.  
  38.     /* ALTERATIONS BEGIN HERE */
  39.  
  40.     user = realm.getUserByEmail(socialUser.getEmail());
  41.     // Unauthenticated user and inexistent socialLink. Try to find an existing user by email
  42.     if (user != null) {
  43.         if (!user.isEnabled()) {
  44.             audit.error(Errors.USER_DISABLED);
  45.             return oauth.forwardToSecurityFailure("User is disabled");
  46.         }
  47.  
  48.         if (!realm.hasRole(user, realm.getApplicationByName(Constants.ACCOUNT_MANAGEMENT_APP).getRole(AccountRoles.MANAGE_ACCOUNT))) {
  49.             audit.error(Errors.NOT_ALLOWED);
  50.             return oauth.forwardToSecurityFailure("Insufficient permissions to link social account");
  51.         }
  52.  
  53.         realm.addSocialLink(user, socialLink);
  54.         logger.debug("Social provider " + provider.getId() + " linked with unauthenticated user " + user.getLoginName());
  55.     }
  56.  
  57.     /* ALTERATIONS END HERE */
  58.  
  59.     if (user == null) {
  60.  
  61.         if (!realm.isRegistrationAllowed()) {
  62.             audit.error(Errors.REGISTRATION_DISABLED);
  63.             return oauth.forwardToSecurityFailure("Registration not allowed");
  64.         }
  65.  
  66.         user = realm.addUser(KeycloakModelUtils.generateId());
  67.         user.setEnabled(true);
  68.         user.setFirstName(socialUser.getFirstName());
  69.         user.setLastName(socialUser.getLastName());
  70.         user.setEmail(socialUser.getEmail());
  71.  
  72.         if (realm.isUpdateProfileOnInitialSocialLogin()) {
  73.             user.addRequiredAction(UserModel.RequiredAction.UPDATE_PROFILE);
  74.         }
  75.  
  76.         realm.addSocialLink(user, socialLink);
  77.  
  78.         audit.clone().user(user).event(EventType.REGISTER)
  79.             .detail(Details.REGISTER_METHOD, "social@" + provider.getId())
  80.             .detail(Details.EMAIL, socialUser.getEmail())
  81.             .removeDetail("auth_method")
  82.             .success();
  83.     }
  84.  
  85.     // Rest of the implementation
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top