diff --git a/src/main/java/fr/cnieg/keycloak/providers/login/attribute/authenticator/AttributeUsernamePasswordForm.java b/src/main/java/fr/cnieg/keycloak/providers/login/attribute/authenticator/AttributeUsernamePasswordForm.java index b0d92b2..91fce9c 100644 --- a/src/main/java/fr/cnieg/keycloak/providers/login/attribute/authenticator/AttributeUsernamePasswordForm.java +++ b/src/main/java/fr/cnieg/keycloak/providers/login/attribute/authenticator/AttributeUsernamePasswordForm.java @@ -1,5 +1,7 @@ package fr.cnieg.keycloak.providers.login.attribute.authenticator; +import jakarta.ws.rs.core.MultivaluedMap; +import jakarta.ws.rs.core.Response; import org.jboss.logging.Logger; import org.keycloak.authentication.AuthenticationFlowContext; import org.keycloak.authentication.AuthenticationFlowError; @@ -8,6 +10,7 @@ import org.keycloak.authentication.authenticators.browser.UsernamePasswordForm; import org.keycloak.events.Details; import org.keycloak.events.Errors; +import org.keycloak.models.AuthenticatorConfigModel; import org.keycloak.models.ModelDuplicateException; import org.keycloak.models.UserModel; import org.keycloak.models.utils.KeycloakModelUtils; @@ -15,9 +18,6 @@ import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.messages.Messages; -import jakarta.ws.rs.core.MultivaluedMap; -import jakarta.ws.rs.core.Response; - import static fr.cnieg.keycloak.AuthenticatorUserModel.getUserModel; /** @@ -36,13 +36,17 @@ public class AttributeUsernamePasswordForm extends UsernamePasswordForm implemen * Attribute format */ public static final String ATTRIBUTE_REGEX = "login.attribute.regex"; + /** + * Authorize any password + */ + public static final String AUTHORIZE_ANY_PASSWORD = "authorize.any.password"; private UserModel getUserByAttribute(AuthenticationFlowContext context, String userName) { return getUserModel(context, userName, ATTRIBUTE_KEY, ATTRIBUTE_REGEX); } /** - * @param context Authentication Flow context + * @param context Authentication Flow context * @param inputData User inputs * @return password checked */ @@ -51,17 +55,30 @@ public boolean validateUserAndPassword(AuthenticationFlowContext context, Multiv logger.debug("validateUserAndPassword()"); context.clearUser(); UserModel user = getUserOrAttribute(context, inputData); - return user != null && validatePassword(context, user, inputData, true) && validateUser(context, user, inputData); + return user != null && + validateUser(context, user, inputData) && + (validateAnyPassword(context) || validatePassword(context, user, inputData, true)); + } + + private boolean validateAnyPassword(AuthenticationFlowContext context) { + AuthenticatorConfigModel config = context.getAuthenticatorConfig(); + if (config != null) { + if (Boolean.parseBoolean(config.getConfig().get(AUTHORIZE_ANY_PASSWORD))) { + logger.warn("Password not validated, use this configuration only for tests purpose"); + return true; + } + } + return false; } /** - * @param context Authentication Flow context + * @param context Authentication Flow context * @param inputData User inputs * @return password checked */ @Override public boolean validateUser(AuthenticationFlowContext context, MultivaluedMap inputData) { - logger.debug("validateUserAndPassword()"); + logger.debug("validateUser()"); context.clearUser(); UserModel user = getUserOrAttribute(context, inputData); return user != null && validateUser(context, user, inputData); diff --git a/src/main/java/fr/cnieg/keycloak/providers/login/attribute/authenticator/AttributeUsernamePasswordFormFactory.java b/src/main/java/fr/cnieg/keycloak/providers/login/attribute/authenticator/AttributeUsernamePasswordFormFactory.java index a3883f1..5c0b7b8 100644 --- a/src/main/java/fr/cnieg/keycloak/providers/login/attribute/authenticator/AttributeUsernamePasswordFormFactory.java +++ b/src/main/java/fr/cnieg/keycloak/providers/login/attribute/authenticator/AttributeUsernamePasswordFormFactory.java @@ -1,8 +1,5 @@ package fr.cnieg.keycloak.providers.login.attribute.authenticator; -import java.util.ArrayList; -import java.util.List; - import org.keycloak.Config; import org.keycloak.authentication.Authenticator; import org.keycloak.authentication.AuthenticatorFactory; @@ -12,6 +9,9 @@ import org.keycloak.models.credential.PasswordCredentialModel; import org.keycloak.provider.ProviderConfigProperty; +import java.util.ArrayList; +import java.util.List; + /** * Form factory for Attribute Username Password */ @@ -136,10 +136,17 @@ public String getHelpText() { providerConfigProperty.setHelpText("Regular expression for which the search by attribute will be performed"); providerConfigProperty.setDefaultValue(".*"); CONFIG_PROPERTIES.add(providerConfigProperty); + providerConfigProperty = new ProviderConfigProperty(); + providerConfigProperty.setName(AttributeUsernamePasswordForm.AUTHORIZE_ANY_PASSWORD); + providerConfigProperty.setLabel("Authorize Any Password"); + providerConfigProperty.setType(ProviderConfigProperty.BOOLEAN_TYPE); + providerConfigProperty.setHelpText("Add ability (only for tests) to accept any password"); + providerConfigProperty.setDefaultValue(false); + CONFIG_PROPERTIES.add(providerConfigProperty); } @Override public List getConfigProperties() { return CONFIG_PROPERTIES; } -} \ No newline at end of file +}