Merge pull request #28 from systemli/Add-Support-for-TOTP

✨ Add Support for TOTP
systemli · May 30, 2024 · 32a2e29 · 32a2e29
2 parents 0d07e8a + 476cb92
commit 32a2e29
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 9 deletions.
diff --git a/src/main/java/org/systemli/keycloak/UserliHttpClient.java b/src/main/java/org/systemli/keycloak/UserliHttpClient.java
@@ -60,13 +60,22 @@ public UserliUser getUserById(String id) {
     }
 
     @SneakyThrows
-    public Boolean validate(String email, String password) {
+    public Boolean validate(String email, String password, String credentialType) {
         String url = String.format("%s/api/keycloak/%s/validate/%s", baseUrl, realmDomain, email);
         SimpleHttp.Response response = SimpleHttp.doPost(url, httpClient)
             .auth(keycloakApiToken)
+            .param("credentialType", credentialType)
             .param("password", password)
             .asResponse();
         return response.getStatus() == 200;
     }
 
+    @SneakyThrows
+    public Boolean isConfiguredFor(String email, String credentialType) {
+        String url = String.format("%s/api/keycloak/%s/configured/%s/%s", baseUrl, realmDomain, credentialType, email);
+        return SimpleHttp.doGet(url, httpClient)
+                .auth(keycloakApiToken)
+                .asResponse().getStatus() == 200;
+    }
+
 }
diff --git a/src/main/java/org/systemli/keycloak/UserliUserStorageProvider.java b/src/main/java/org/systemli/keycloak/UserliUserStorageProvider.java
@@ -2,12 +2,14 @@
 
 import org.keycloak.component.ComponentModel;
 import org.keycloak.credential.CredentialInput;
+import org.keycloak.credential.CredentialInputUpdater;
 import org.keycloak.credential.CredentialInputValidator;
 import org.keycloak.models.GroupModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserCredentialModel;
 import org.keycloak.models.UserModel;
+import org.keycloak.models.credential.OTPCredentialModel;
 import org.keycloak.models.credential.PasswordCredentialModel;
 import org.keycloak.storage.StorageId;
 import org.keycloak.storage.UserStorageProvider;
@@ -43,12 +45,16 @@ public void close() {
 
     @Override
     public boolean supportsCredentialType(String credentialType) {
-        return PasswordCredentialModel.TYPE.equals(credentialType);
+        return PasswordCredentialModel.TYPE.equals(credentialType) || OTPCredentialModel.TYPE.equals(credentialType);
     }
 
     @Override
     public boolean isConfiguredFor(RealmModel realm, UserModel user, String credentialType) {
-        return supportsCredentialType(credentialType);
+        return switch (credentialType) {
+            case PasswordCredentialModel.TYPE -> true;
+            case OTPCredentialModel.TYPE -> client.isConfiguredFor(user.getEmail(), credentialType);
+            default -> false;
+        };
     }
 
     @Override
@@ -57,12 +63,7 @@ public boolean isValid(RealmModel realm, UserModel user, CredentialInput credent
             return false;
         }
 
-        String password = credentialInput.getChallengeResponse();
-        if (password == null) {
-            return false;
-        }
-
-        return client.validate(user.getEmail(), password);
+        return client.validate(user.getEmail(), credentialInput.getChallengeResponse(), credentialInput.getType());
     }
 
     @Override