feat: Adjust keycloak flow for reset password, make email required

2023-05-31 10:03:35 +02:00 · 2023-05-31 10:03:35 +02:00 · b6ec78ef49
parent 2f6fd7c2bc
commit b6ec78ef49
8 changed files with 113 additions and 76 deletions
--- a/security-c4po-angular/src/app/header/header.component.ts
+++ b/security-c4po-angular/src/app/header/header.component.ts
@ -130,19 +130,13 @@ export class HeaderComponent implements OnInit {
  }

  onClickShowTutorial(): void {
-    console.info('To be implemented..');
-
    this.dialogService.openCustomDialog(
      TutorialDialogComponent,
      {}
    ).onClose.pipe(
      filter((confirm) => !!confirm),
      untilDestroyed(this)
-    ).subscribe({
-      next: () => {
-        console.info('New Settings confirmed');
-      }
-    });
+    ).subscribe();
  }

  onClickSwitchTheme(): void {
--- a/security-c4po-angular/src/assets/i18n/de-DE.json
+++ b/security-c4po-angular/src/assets/i18n/de-DE.json
@ -72,6 +72,10 @@
      "title": "Nachname",
      "placeholder": "Nachname"
    },
+    "eMail": {
+      "title": "E-Mail",
+      "placeholder": "Keine E-Mail bestätigt."
+    },
    "validationMessage": {
      "firstNameRequired": "Vorname ist erforderlich.",
      "lastNameRequired": "Nachname ist erforderlich."
--- a/security-c4po-angular/src/assets/i18n/en-US.json
+++ b/security-c4po-angular/src/assets/i18n/en-US.json
@ -72,6 +72,10 @@
      "title": "Lastname",
      "placeholder": "Lastname"
    },
+    "eMail": {
+      "title": "E-Mail",
+      "placeholder": "No E-Mail verified."
+    },
    "validationMessage": {
      "firstNameRequired": "Firstname is required.",
      "lastNameRequired": "Lastname is required."
--- a/security-c4po-angular/src/shared/models/user.model.ts
+++ b/security-c4po-angular/src/shared/models/user.model.ts
@ -5,7 +5,7 @@ export class User {
  username?: string;
  firstName?: string;
  lastName?: string;
-  mailAddress?: string;
+  email?: string;
  interfaceLang?: string;

  constructor(username?: string,
@ -18,9 +18,9 @@ export class User {
    this.firstName = firstName;
    this.lastName = lastName;
    if (email) {
-      this.mailAddress = email;
+      this.email = email;
    } else {
-      this.mailAddress = null;
+      this.email = null;
    }
    if (interfaceLang) {
      this.interfaceLang = interfaceLang;
--- a/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.html
+++ b/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.html
@ -66,11 +66,23 @@
              </ng-container>
            </nb-form-field>
          </div>
-          <!--ToDo: Email?-->
+          <!--E-Mail-->
+          <nb-form-field class="user-form-field">
+            <label for="eMail" class="label">
+              {{'profile.eMail.title' | translate}}
+            </label>
+            <fa-icon nbPrefix class="prefix-icon" [icon]="fa.faEnvelope"></fa-icon>
+            <input formControlName="eMail"
+                   type="text" required
+                   id="eMail" nbInput
+                   fullWidth
+                   class="form-field untouchable"
+                   placeholder="{{'profile.eMail.placeholder' | translate}}">
+          </nb-form-field>
        </form>
      </div>
    </div>
-    <div fxLayout="row" fxLayoutGap="2rem" fxLayoutAlign="start center">
+    <div fxLayout="row" fxLayoutGap="2rem" fxLayoutAlign="start center" class="options">
      <div class="user-password-change">
        <!--User password change-->
        <label class="password-selection-label">
--- a/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.scss
+++ b/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.scss
@ -3,7 +3,7 @@

 .profile-setting-dialog {
  width: 45.25rem !important;
-  height: 32rem;
+  height: 36rem;

  .dialog-header {
    height: 8vh;
@ -65,47 +65,52 @@
      }
    }

-    .language-settings{
-      padding-top: 2.5rem;
+    .options {
+      //
+      padding-left: 12.5rem;

-      .language-selection-label {
-        font-weight: bold;
-      }
+      .language-settings {
+        padding-top: 2.5rem;

-      .language-radio-buttons {
-        float: left;
-        clear: none;
-        padding-top: 0.5rem;
-        margin-left: 1rem;
-      }
+        .language-selection-label {
+          font-weight: bold;
+        }

-      .languageContainer {
-        padding-top: 1rem;
-        display: flex;
-        max-width: 8rem;
-        min-width: 8rem;
+        .language-radio-buttons {
+          float: left;
+          clear: none;
+          padding-top: 0.5rem;
+          margin-left: 1rem;
+        }

-        .flag {
-          object-fit: contain;
-          margin-top: 0.5rem;
+        .languageContainer {
+          padding-top: 1rem;
+          display: flex;
+          max-width: 8rem;
+          min-width: 8rem;
+
+          .flag {
+            object-fit: contain;
+            margin-top: 0.5rem;
+          }
        }
      }
-    }

-    .user-password-change{
-      padding-top: 2rem;
+      .user-password-change {
+        padding-top: 2rem;

-      .password-selection-label {
-        font-weight: bold;
-      }
+        .password-selection-label {
+          font-weight: bold;
+        }

-      .password-form {
-        padding-top: 1rem;
+        .password-form {
+          padding-top: 1rem;

-        .password-btn {
-          .btn-icon {
-            padding-bottom: 0.15rem;
-            padding-right: 0.5rem;
+          .password-btn {
+            .btn-icon {
+              padding-bottom: 0.15rem;
+              padding-right: 0.5rem;
+            }
          }
        }
      }
--- a/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.ts
+++ b/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.ts
@ -1,4 +1,4 @@
-import {ChangeDetectionStrategy, Component, Input, OnInit, Output} from '@angular/core';
+import {Component, Input, OnInit, Output} from '@angular/core';
 import {NbDialogRef} from '@nebular/theme';
 import * as FA from '@fortawesome/free-solid-svg-icons';
 import {TranslateService} from '@ngx-translate/core';
@ -77,6 +77,7 @@ export class ProfileSettingsComponent implements OnInit {
        this.userNameControl.setValue(user.username);
        this.userFirstNameControl.setValue(user.firstName);
        this.userLastNameControl.setValue(user.lastName);
+        this.userEmailControl.setValue(user.email ? user.email : null);
      },
      error: err => {
        console.error(err);
@ -216,7 +217,7 @@ export class ProfileSettingsComponent implements OnInit {
    user.username = formData.username;
    user.firstName = formData.firstName;
    user.lastName = formData.lastName;
-    user.mailAddress = formData.email;
+    user.email = formData.email;

    return [formData, user];
  }
--- a/security-c4po-cfg/cfg/c4po_realm_export.json
+++ b/security-c4po-cfg/cfg/c4po_realm_export.json
@ -29,10 +29,10 @@
  "oauth2DevicePollingInterval" : 5,
  "enabled" : true,
  "sslRequired" : "external",
-  "registrationAllowed" : false,
+  "registrationAllowed" : true,
  "registrationEmailAsUsername" : false,
  "rememberMe" : true,
-  "verifyEmail" : false,
+  "verifyEmail" : true,
  "loginWithEmailAllowed" : true,
  "duplicateEmailsAllowed" : false,
  "resetPasswordAllowed" : true,
@ -382,7 +382,7 @@
  "otpPolicyLookAheadWindow" : 1,
  "otpPolicyPeriod" : 30,
  "otpPolicyCodeReusable" : false,
-  "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName" ],
+  "otpSupportedApplications" : [ "totpAppGoogleName", "totpAppFreeOTPName" ],
  "webAuthnPolicyRpEntityName" : "keycloak",
  "webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
  "webAuthnPolicyRpId" : "",
@ -446,7 +446,7 @@
      "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
    } ],
    "disableableCredentialTypes" : [ ],
-    "requiredActions" : [ ],
+    "requiredActions" : [ "VERIFY_EMAIL" ],
    "realmRoles" : [ "c4po_user", "default-roles-c4po_realm_local" ],
    "notBefore" : 0,
    "groups" : [ ]
@ -1328,7 +1328,24 @@
    "xXSSProtection" : "1; mode=block",
    "strictTransportSecurity" : "max-age=31536000; includeSubDomains"
  },
-  "smtpServer" : { },
+  "smtpServer" : {
+    "replyToDisplayName" : "",
+    "starttls" : "true",
+    "auth" : "true",
+    "envelopeFrom" : "",
+    "ssl" : "false",
+    "password" : "qkeemdzmrktgrrkt",
+    "port" : "587",
+    "replyTo" : "",
+    "host" : "smtp.gmail.com",
+    "from" : "c4poauthentication@gmail.com",
+    "fromDisplayName" : "Security C4PO",
+    "user" : "c4poauthentication@gmail.com"
+  },
+  "loginTheme" : "keycloak",
+  "accountTheme" : "keycloak.v2",
+  "adminTheme" : "keycloak.v2",
+  "emailTheme" : "keycloak",
  "eventsEnabled" : false,
  "eventsListeners" : [ "jboss-logging" ],
  "enabledEventTypes" : [ ],
@ -1362,7 +1379,7 @@
      "subType" : "anonymous",
      "subComponents" : { },
      "config" : {
-        "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper" ]
+        "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "oidc-address-mapper", "saml-user-attribute-mapper" ]
      }
    }, {
      "id" : "cc2d0cd7-3d3f-4b0a-ad95-7118f36bf188",
@ -1394,7 +1411,7 @@
      "subType" : "authenticated",
      "subComponents" : { },
      "config" : {
-        "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "saml-user-property-mapper" ]
+        "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper" ]
      }
    }, {
      "id" : "92230e65-7480-44c3-af2d-72ddee758cbc",
@ -1408,7 +1425,7 @@
      }
    } ],
    "org.keycloak.userprofile.UserProfileProvider" : [ {
-      "id" : "d3115ef0-4137-41c5-9e7f-35ace4f7b43e",
+      "id" : "0e9ff452-7a18-43b0-88e2-8b8863906837",
      "providerId" : "declarative-user-profile",
      "subComponents" : { },
      "config" : { }
@ -1450,7 +1467,7 @@
  "supportedLocales" : [ "de", "en" ],
  "defaultLocale" : "en",
  "authenticationFlows" : [ {
-    "id" : "bb40c574-9008-47b8-bdce-950f92219366",
+    "id" : "726860f4-0dc3-4aae-bec2-1798161b9938",
    "alias" : "Account verification options",
    "description" : "Method with which to verity the existing account",
    "providerId" : "basic-flow",
@ -1472,7 +1489,7 @@
      "userSetupAllowed" : false
    } ]
  }, {
-    "id" : "52866cca-eea7-4e24-ae8a-3e9d3cc10240",
+    "id" : "6ee83dd8-91df-413b-bad6-7f4081dee13f",
    "alias" : "Authentication Options",
    "description" : "Authentication options.",
    "providerId" : "basic-flow",
@ -1501,7 +1518,7 @@
      "userSetupAllowed" : false
    } ]
  }, {
-    "id" : "04f6c37f-e60c-41a4-a8f1-b09e3c3c791f",
+    "id" : "f21a618d-2a44-4d77-88d0-844498d30aad",
    "alias" : "Browser - Conditional OTP",
    "description" : "Flow to determine if the OTP is required for the authentication",
    "providerId" : "basic-flow",
@ -1523,7 +1540,7 @@
      "userSetupAllowed" : false
    } ]
  }, {
-    "id" : "aac0d9a0-7ff3-4a3f-87f5-4a0f8dc4169c",
+    "id" : "6e48d13b-5c0c-486f-b48b-08b4d8bfe33b",
    "alias" : "Direct Grant - Conditional OTP",
    "description" : "Flow to determine if the OTP is required for the authentication",
    "providerId" : "basic-flow",
@ -1545,7 +1562,7 @@
      "userSetupAllowed" : false
    } ]
  }, {
-    "id" : "a5103f9c-2ead-46d2-90dc-b93c8fad52de",
+    "id" : "025ebf51-4ecf-4172-977f-230e1e293009",
    "alias" : "First broker login - Conditional OTP",
    "description" : "Flow to determine if the OTP is required for the authentication",
    "providerId" : "basic-flow",
@ -1567,7 +1584,7 @@
      "userSetupAllowed" : false
    } ]
  }, {
-    "id" : "7f2db66f-d81b-475a-aac0-860d2dff10b0",
+    "id" : "1a3bf246-cc97-4b98-94a1-5923f1ef438c",
    "alias" : "Handle Existing Account",
    "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
    "providerId" : "basic-flow",
@ -1589,7 +1606,7 @@
      "userSetupAllowed" : false
    } ]
  }, {
-    "id" : "5db5c83a-6ff7-41e7-97dd-dc896e7ed538",
+    "id" : "0e7de5d6-d4de-46fa-ba47-97f577b3972c",
    "alias" : "Reset - Conditional OTP",
    "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
    "providerId" : "basic-flow",
@ -1611,7 +1628,7 @@
      "userSetupAllowed" : false
    } ]
  }, {
-    "id" : "cea2f466-e748-4eec-8184-57620f9b6e19",
+    "id" : "a3f5eadf-3818-4028-bb42-453feb75d6c2",
    "alias" : "User creation or linking",
    "description" : "Flow for the existing/non-existing user alternatives",
    "providerId" : "basic-flow",
@ -1634,7 +1651,7 @@
      "userSetupAllowed" : false
    } ]
  }, {
-    "id" : "196ae0cd-faa3-45ed-9f94-5efabeda99b1",
+    "id" : "1dfc83e9-07e9-43dd-8b1a-a4344310b26a",
    "alias" : "Verify Existing Account by Re-authentication",
    "description" : "Reauthentication of existing account",
    "providerId" : "basic-flow",
@ -1656,7 +1673,7 @@
      "userSetupAllowed" : false
    } ]
  }, {
-    "id" : "f26d09df-6c71-469f-a4d3-e97259b0d738",
+    "id" : "5e6a8437-ea5c-4f8c-b728-79ad435e4e5b",
    "alias" : "browser",
    "description" : "browser based authentication",
    "providerId" : "basic-flow",
@ -1692,7 +1709,7 @@
      "userSetupAllowed" : false
    } ]
  }, {
-    "id" : "57839527-0e6b-491e-9509-64759543dc06",
+    "id" : "b303d196-59b3-4cb5-a3bc-25662b4967ff",
    "alias" : "clients",
    "description" : "Base authentication for clients",
    "providerId" : "client-flow",
@ -1728,7 +1745,7 @@
      "userSetupAllowed" : false
    } ]
  }, {
-    "id" : "4932ffe5-396c-4f34-a667-eda30f382396",
+    "id" : "6c64d090-eab6-413c-92e1-3664a5ec7711",
    "alias" : "direct grant",
    "description" : "OpenID Connect Resource Owner Grant",
    "providerId" : "basic-flow",
@ -1757,7 +1774,7 @@
      "userSetupAllowed" : false
    } ]
  }, {
-    "id" : "35410931-d63c-45fe-aa5c-b89b9ecbd803",
+    "id" : "17ef18e9-4073-4942-bfdb-140e7dd35084",
    "alias" : "docker auth",
    "description" : "Used by Docker clients to authenticate against the IDP",
    "providerId" : "basic-flow",
@ -1772,7 +1789,7 @@
      "userSetupAllowed" : false
    } ]
  }, {
-    "id" : "40dbf210-48b5-4e51-bf2e-88eab2b7a9cb",
+    "id" : "2b4fd6f7-d099-4641-83c1-ebd29d2a9042",
    "alias" : "first broker login",
    "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
    "providerId" : "basic-flow",
@ -1795,7 +1812,7 @@
      "userSetupAllowed" : false
    } ]
  }, {
-    "id" : "9420c3e7-92b9-4332-a10c-9614041390a9",
+    "id" : "f0c169f5-d072-4c27-a34d-b53097c19739",
    "alias" : "forms",
    "description" : "Username, password, otp and other auth forms.",
    "providerId" : "basic-flow",
@ -1817,7 +1834,7 @@
      "userSetupAllowed" : false
    } ]
  }, {
-    "id" : "e87c0fc3-710d-447a-88de-966eb4b53178",
+    "id" : "92439034-d7ed-489a-8b32-60f6677df72b",
    "alias" : "http challenge",
    "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
    "providerId" : "basic-flow",
@ -1839,7 +1856,7 @@
      "userSetupAllowed" : false
    } ]
  }, {
-    "id" : "b58bb0f2-c1aa-4a5a-9c18-f7f0b6951bb9",
+    "id" : "eefe2ae9-da3f-4774-85af-b2116819a67b",
    "alias" : "registration",
    "description" : "registration flow",
    "providerId" : "basic-flow",
@ -1855,7 +1872,7 @@
      "userSetupAllowed" : false
    } ]
  }, {
-    "id" : "fa3cdbb3-9d7a-40a6-a76c-d8fc4de447db",
+    "id" : "8df2214f-c826-4695-96d5-99e753304038",
    "alias" : "registration form",
    "description" : "registration form",
    "providerId" : "form-flow",
@ -1891,7 +1908,7 @@
      "userSetupAllowed" : false
    } ]
  }, {
-    "id" : "228942b7-863d-4ae7-8a03-f479e99563da",
+    "id" : "1a236f7e-2173-4dcf-813f-1df08add6668",
    "alias" : "reset credentials",
    "description" : "Reset credentials for a user if they forgot their password or something",
    "providerId" : "basic-flow",
@ -1927,7 +1944,7 @@
      "userSetupAllowed" : false
    } ]
  }, {
-    "id" : "ea9b4826-ba5d-4753-be46-9aa3c4b9d543",
+    "id" : "34ef149a-b270-4232-b423-f6d049258ed2",
    "alias" : "saml ecp",
    "description" : "SAML ECP Profile Authentication Flow",
    "providerId" : "basic-flow",
@ -1943,13 +1960,13 @@
    } ]
  } ],
  "authenticatorConfig" : [ {
-    "id" : "2f53b30a-881f-4407-8ffa-ea9540896bea",
+    "id" : "0da139b2-d851-4744-8347-7696199119dd",
    "alias" : "create unique user config",
    "config" : {
      "require.password.update.after.registration" : "false"
    }
  }, {
-    "id" : "25c05d4a-ea77-4eb2-9fe4-93ebe228d10f",
+    "id" : "933ad90a-e013-4990-9aac-2a3242b5495c",
    "alias" : "review profile config",
    "config" : {
      "update.profile.on.first.login" : "missing"