2020-11-16 23:35:08 +01:00
|
|
|
package org.gcube.keycloak.account;
|
|
|
|
|
|
|
|
import java.net.URI;
|
|
|
|
|
|
|
|
import javax.ws.rs.NotAuthorizedException;
|
|
|
|
import javax.ws.rs.POST;
|
|
|
|
import javax.ws.rs.Path;
|
|
|
|
import javax.ws.rs.core.Response;
|
|
|
|
|
2020-12-16 16:26:26 +01:00
|
|
|
import org.gcube.keycloak.avatar.storage.AvatarStorageProvider;
|
2020-11-16 23:35:08 +01:00
|
|
|
import org.gcube.keycloak.event.OrchestratorEventPublisherProviderFactory;
|
|
|
|
import org.jboss.logging.Logger;
|
|
|
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
|
|
|
import org.keycloak.models.KeycloakSession;
|
|
|
|
import org.keycloak.models.RealmModel;
|
2020-12-16 16:26:26 +01:00
|
|
|
import org.keycloak.models.UserModel;
|
2020-11-16 23:35:08 +01:00
|
|
|
import org.keycloak.services.managers.AppAuthManager;
|
|
|
|
import org.keycloak.services.managers.AuthenticationManager;
|
|
|
|
import org.keycloak.services.resources.RealmsResource;
|
|
|
|
|
|
|
|
public class DeleteAccountResource {
|
|
|
|
|
|
|
|
protected static final Logger logger = Logger.getLogger(DeleteAccountResource.class);
|
|
|
|
|
2022-02-11 18:11:48 +01:00
|
|
|
// public static final String STATE_CHECKER_ATTRIBUTE = "state_checker";
|
|
|
|
// public static final String STATE_CHECKER_PARAMETER = "stateChecker";
|
2020-11-16 23:35:08 +01:00
|
|
|
|
|
|
|
private final KeycloakSession session;
|
|
|
|
private final AuthenticationManager.AuthResult auth;
|
|
|
|
|
|
|
|
public DeleteAccountResource(KeycloakSession session) {
|
|
|
|
logger.info("Created new DeleteAccountResource object");
|
|
|
|
this.session = session;
|
|
|
|
auth = new AppAuthManager().authenticateIdentityCookie(session, session.getContext().getRealm());
|
|
|
|
}
|
|
|
|
|
|
|
|
@NoCache
|
|
|
|
@POST()
|
2022-02-16 13:26:13 +01:00
|
|
|
@Path("request-delete")
|
2022-02-11 18:11:48 +01:00
|
|
|
// public Response performDeleteAccount(@FormParam(STATE_CHECKER_PARAMETER) String stateChecker) {
|
|
|
|
public Response performDeleteAccount() {
|
2020-11-16 23:35:08 +01:00
|
|
|
if (auth == null) {
|
|
|
|
logger.debug("Invoked DELETE without authorization");
|
|
|
|
throw new NotAuthorizedException("Cookie");
|
|
|
|
}
|
2022-02-11 18:11:48 +01:00
|
|
|
// String requiredStateChecker = session.getAttribute(STATE_CHECKER_ATTRIBUTE, String.class);
|
|
|
|
// if (!requiredStateChecker.equals(stateChecker)) {
|
|
|
|
// throw new ForbiddenException("State");
|
|
|
|
// }
|
2020-11-16 23:35:08 +01:00
|
|
|
logger.info("Invoked perform delete account");
|
2020-12-16 16:26:26 +01:00
|
|
|
|
|
|
|
logger.debug("Getting realm model from auth session");
|
2020-11-16 23:35:08 +01:00
|
|
|
RealmModel realm = auth.getSession().getRealm();
|
2020-12-16 16:26:26 +01:00
|
|
|
|
|
|
|
logger.debug("Getting user model from auth");
|
|
|
|
UserModel user = auth.getUser();
|
|
|
|
|
|
|
|
try {
|
2021-01-26 18:34:19 +01:00
|
|
|
if (!session.getTransactionManager().isActive()) {
|
|
|
|
logger.debug("Beginning a new transaction on transaction manager");
|
|
|
|
session.getTransactionManager().begin();
|
|
|
|
}
|
|
|
|
|
2021-01-11 16:01:29 +01:00
|
|
|
logger.debug("Finding user model and setting it as not enabled in realm");
|
2022-02-08 11:52:31 +01:00
|
|
|
session.users().getUserById(realm, user.getId()).setEnabled(false);
|
2020-12-16 16:26:26 +01:00
|
|
|
|
|
|
|
if (session.getTransactionManager().isActive()) {
|
2020-12-22 11:34:18 +01:00
|
|
|
logger.debug("Committing the transaction on transaction manager");
|
2020-12-16 16:26:26 +01:00
|
|
|
session.getTransactionManager().commit();
|
|
|
|
}
|
|
|
|
} catch (Exception e) {
|
|
|
|
logger.error("Cannot perform user model modifications", e);
|
|
|
|
}
|
|
|
|
|
2021-01-26 18:34:19 +01:00
|
|
|
logger.debug("Getting the the configured avatar storage provider");
|
2020-12-16 16:26:26 +01:00
|
|
|
AvatarStorageProvider avatarStorageProvider = session.getProvider(AvatarStorageProvider.class);
|
|
|
|
if (avatarStorageProvider != null) {
|
2021-01-26 18:34:19 +01:00
|
|
|
logger.tracev("Configured avatar storage provider type is {0}", avatarStorageProvider.getClass().getName());
|
|
|
|
logger.debug("Deleting user's avatar from the configured storage");
|
2020-12-16 16:26:26 +01:00
|
|
|
avatarStorageProvider.deleteAvatarImage(realm, user);
|
|
|
|
} else {
|
|
|
|
logger.warn("Cannot perform avatar import ince the avatar storage provider is null");
|
|
|
|
}
|
|
|
|
|
2020-11-16 23:35:08 +01:00
|
|
|
logger.debug("Sending delete account event to the orchestrator");
|
|
|
|
new OrchestratorEventPublisherProviderFactory().create(session)
|
2020-12-16 16:26:26 +01:00
|
|
|
.publish(new DeleteAccountEvent(user, realm));
|
2020-11-16 23:35:08 +01:00
|
|
|
|
|
|
|
logger.debug("Forcing logout from all active sessions");
|
|
|
|
session.sessions().removeUserSessions(realm);
|
|
|
|
|
2020-12-16 16:26:26 +01:00
|
|
|
URI auccountLoginUri = RealmsResource.accountUrl(session.getContext().getUri().getBaseUriBuilder())
|
|
|
|
.build(realm.getName());
|
2020-11-16 23:35:08 +01:00
|
|
|
|
|
|
|
logger.debugf("Finally redirecting to the account form login: %s", auccountLoginUri);
|
|
|
|
return Response.status(302).location(auccountLoginUri).build();
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|