AIRAVATA-2342 Detecting UPDATE_PASSWORD required action when login fails
Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/1a395671 Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/1a395671 Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/1a395671 Branch: refs/heads/develop Commit: 1a3956711af99fd9ad8d8c9e9496e7c7b1ca3c91 Parents: 8154eac Author: Marcus Christie <[email protected]> Authored: Thu May 11 10:49:21 2017 -0400 Committer: Marcus Christie <[email protected]> Committed: Thu May 11 10:49:21 2017 -0400 ---------------------------------------------------------------------- app/controllers/AccountController.php | 6 +++++- app/libraries/Keycloak/Keycloak.php | 16 ++++++++++++++++ app/views/account/login.blade.php | 8 +++++--- 3 files changed, 26 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/1a395671/app/controllers/AccountController.php ---------------------------------------------------------------------- diff --git a/app/controllers/AccountController.php b/app/controllers/AccountController.php index 4b7f7da..8e54d42 100644 --- a/app/controllers/AccountController.php +++ b/app/controllers/AccountController.php @@ -112,7 +112,11 @@ class AccountController extends BaseController $password = $_POST['password']; $response = Keycloak::authenticate($username, $password); if(!isset($response->access_token)){ - return Redirect::to("login")->with("invalid-credentials", true); + if (Keycloak::isUpdatePasswordRequired($username)) { + return Redirect::to("login")->with("update-password-required", true); + } else { + return Redirect::to("login")->with("invalid-credentials", true); + } } $accessToken = $response->access_token; http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/1a395671/app/libraries/Keycloak/Keycloak.php ---------------------------------------------------------------------- diff --git a/app/libraries/Keycloak/Keycloak.php b/app/libraries/Keycloak/Keycloak.php index d6846a7..dfa8f0c 100644 --- a/app/libraries/Keycloak/Keycloak.php +++ b/app/libraries/Keycloak/Keycloak.php @@ -381,6 +381,22 @@ class Keycloak { } } + // TODO: move this to IamAdminServices + public function isUpdatePasswordRequired($username) { + + try{ + $users = $this->users->getUsers($this->realm, $username); + if ($users != null && count($users) == 1) { + return in_array("UPDATE_PASSWORD", $users[0]->requiredActions); + } else { + return false; + } + }catch (Exception $ex){ + // Username does not exists + return false; + } + } + public function getAdminAuthzToken() { $access_token = KeycloakUtil::getAPIAccessToken($this->base_endpoint_url, $this->realm, $this->admin_username, $this->admin_password, $this->verify_peer); http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/1a395671/app/views/account/login.blade.php ---------------------------------------------------------------------- diff --git a/app/views/account/login.blade.php b/app/views/account/login.blade.php index 7ef30cc..bfbb152 100755 --- a/app/views/account/login.blade.php +++ b/app/views/account/login.blade.php @@ -20,9 +20,11 @@ @if( Session::has("invalid-credentials") ) {{ CommonUtilities::print_error_message('Invalid username or password. Please try again.') }} @endif - <?php - Session::forget("invalid-credentials"); - ?> + @if( Session::has("update-password-required") ) + <div class="alert alert-danger"> + Your password has expired. Please <a href="{{URL::to('/') }}/forgot-password">reset your password</a>. + </div> + @endif <div class="form-group"> <label class="sr-only" for="username">Username</label>
