refactor: Extract email verification check

sventorben · May 9, 2024 · a6206df · a6206df
1 parent c704ee5
commit a6206df
Show file tree

Hide file tree

Showing 6 changed files with 51 additions and 14 deletions.
diff --git a/...ain/java/de/sventorben/keycloak/authentication/hidpd/discovery/email/DomainExtractor.java b/...ain/java/de/sventorben/keycloak/authentication/hidpd/discovery/email/DomainExtractor.java
@@ -8,7 +8,6 @@
 final class DomainExtractor {
 
     private static final Logger LOG = Logger.getLogger(DomainExtractor.class);
-    private static final String EMAIL_ATTRIBUTE = "email";
 
     private final EmailHomeIdpDiscovererConfig config;
 
@@ -26,11 +25,6 @@ Optional<Domain> extractFrom(UserModel user) {
             LOG.warnf("Could not find user attribute '%s' for user '%s'", config.userAttribute(), user.getId());
             return Optional.empty();
         }
-        if (EMAIL_ATTRIBUTE.equalsIgnoreCase(config.userAttribute()) && !user.isEmailVerified()
-            && !config.forwardUserWithUnverifiedEmail()) {
-            LOG.warnf("Email address of user '%s' is not verified and forwarding not enabled", user.getId());
-            return Optional.empty();
-        }
         return extractFrom(userAttribute);
     }
 

diff --git a/...a/de/sventorben/keycloak/authentication/hidpd/discovery/email/EmailHomeIdpDiscoverer.java b/...a/de/sventorben/keycloak/authentication/hidpd/discovery/email/EmailHomeIdpDiscoverer.java
@@ -18,6 +18,7 @@
 public final class EmailHomeIdpDiscoverer implements HomeIdpDiscoverer {
 
     private static final Logger LOG = Logger.getLogger(EmailHomeIdpDiscoverer.class);
+    private static final String EMAIL_ATTRIBUTE = "email";
     private final Users users;
     private final IdentityProviders identityProviders;
 
@@ -29,7 +30,6 @@ public EmailHomeIdpDiscoverer(Users users, IdentityProviders identityProviders)
 
     @Override
     public List<IdentityProviderModel> discoverForUser(AuthenticationFlowContext context, String username) {
-
         EmailHomeIdpDiscovererConfig config = new EmailHomeIdpDiscovererConfig(context.getAuthenticatorConfig());
         DomainExtractor domainExtractor = new DomainExtractor(config);
 
@@ -48,7 +48,13 @@ public List<IdentityProviderModel> discoverForUser(AuthenticationFlowContext con
         } else {
             LOG.tracef("User found in AuthenticationFlowContext. Extracting domain from stored user '%s'.",
                 user.getId());
-            emailDomain = domainExtractor.extractFrom(user);
+            if (EMAIL_ATTRIBUTE.equalsIgnoreCase(config.userAttribute()) && !user.isEmailVerified()
+                && !config.forwardUserWithUnverifiedEmail()) {
+                LOG.warnf("Email address of user '%s' is not verified and forwarding not enabled", user.getId());
+                emailDomain = Optional.empty();
+            } else {
+                emailDomain = domainExtractor.extractFrom(user);
+            }
         }
 
         if (emailDomain.isPresent()) {

diff --git a/...k/authentication/hidpd/discovery/orgs/domainhint/OrgsDomainDiscovererProviderFactory.java b/...k/authentication/hidpd/discovery/orgs/domainhint/OrgsDomainDiscovererProviderFactory.java
@@ -14,7 +14,7 @@
 
 public final class OrgsDomainDiscovererProviderFactory implements HomeIdpDiscovererFactory, EnvironmentDependentProviderFactory, ServerInfoAwareProviderFactory {
 
-    private static final String PROVIDER_ID = "orgs-domain";
+    static final String PROVIDER_ID = "orgs-domain";
 
     @Override
     public boolean isSupported(Config.Scope config) {

diff --git a/...ation/hidpd/discovery/orgs/domainhint/OrgsDomainHomeIdpDiscoveryAuthenticatorFactory.java b/...ation/hidpd/discovery/orgs/domainhint/OrgsDomainHomeIdpDiscoveryAuthenticatorFactory.java
@@ -26,7 +26,7 @@ public List<ProviderConfigProperty> getProperties() {
 
             @Override
             public String getProviderId() {
-                return PROVIDER_ID;
+                return OrgsDomainDiscovererProviderFactory.PROVIDER_ID;
             }
         });
     }

diff --git a/.../keycloak/authentication/hidpd/discovery/orgs/email/OrgsEmailHomeIdpDiscovererConfig.java b/.../keycloak/authentication/hidpd/discovery/orgs/email/OrgsEmailHomeIdpDiscovererConfig.java
@@ -0,0 +1,40 @@
+package de.sventorben.keycloak.authentication.hidpd.discovery.orgs.email;
+
+import org.keycloak.models.AuthenticatorConfigModel;
+import org.keycloak.provider.ProviderConfigProperty;
+import org.keycloak.provider.ProviderConfigurationBuilder;
+
+import java.util.List;
+import java.util.Optional;
+
+import static org.keycloak.provider.ProviderConfigProperty.BOOLEAN_TYPE;
+import static org.keycloak.provider.ProviderConfigProperty.STRING_TYPE;
+
+final class OrgsEmailHomeIdpDiscovererConfig {
+
+    private static final String FORWARD_UNVERIFIED_ATTRIBUTE = "forwardUnverifiedEmail";
+
+    private static final ProviderConfigProperty FORWARD_UNVERIFIED_PROPERTY = new ProviderConfigProperty(
+        FORWARD_UNVERIFIED_ATTRIBUTE,
+        "Forward users with unverified email",
+        "If 'User attribute' is set to 'email', whether to forward existing user if user's email is not verified.",
+        BOOLEAN_TYPE,
+        false,
+        false);
+
+    static final List<ProviderConfigProperty> CONFIG_PROPERTIES = ProviderConfigurationBuilder.create()
+        .property(FORWARD_UNVERIFIED_PROPERTY)
+        .build();
+    private final AuthenticatorConfigModel authenticatorConfigModel;
+
+    public OrgsEmailHomeIdpDiscovererConfig(AuthenticatorConfigModel authenticatorConfigModel) {
+        this.authenticatorConfigModel = authenticatorConfigModel;
+    }
+
+    boolean forwardUserWithUnverifiedEmail() {
+        return Optional.ofNullable(authenticatorConfigModel)
+            .map(it -> Boolean.parseBoolean(it.getConfig().getOrDefault(FORWARD_UNVERIFIED_ATTRIBUTE, "false")))
+            .orElse(false);
+    }
+
+}
diff --git a/...hentication/hidpd/discovery/orgs/email/OrgsEmailHomeIdpDiscoveryAuthenticatorFactory.java b/...hentication/hidpd/discovery/orgs/email/OrgsEmailHomeIdpDiscoveryAuthenticatorFactory.java
@@ -1,15 +1,12 @@
 package de.sventorben.keycloak.authentication.hidpd.discovery.orgs.email;
 
 import de.sventorben.keycloak.authentication.hidpd.AbstractHomeIdpDiscoveryAuthenticatorFactory;
-import de.sventorben.keycloak.authentication.hidpd.OperationalInfo;
 import org.keycloak.Config;
 import org.keycloak.common.Profile;
 import org.keycloak.provider.EnvironmentDependentProviderFactory;
 import org.keycloak.provider.ProviderConfigProperty;
 
-import java.util.Collections;
 import java.util.List;
-import java.util.Map;
 
 public final class OrgsEmailHomeIdpDiscoveryAuthenticatorFactory extends AbstractHomeIdpDiscoveryAuthenticatorFactory implements EnvironmentDependentProviderFactory {
 
@@ -24,7 +21,7 @@ public OrgsEmailHomeIdpDiscoveryAuthenticatorFactory() {
         super(new DiscovererConfig() {
             @Override
             public List<ProviderConfigProperty> getProperties() {
-                return Collections.emptyList();
+                return OrgsEmailHomeIdpDiscovererConfig.CONFIG_PROPERTIES;
             }
 
             @Override