@Override public Error validate(KeycloakSession session, String username, String password) { Pattern pattern = Pattern.compile(regexPattern); Matcher matcher = pattern.matcher(password); if (!matcher.matches()) { return new Error(INVALID_PASSWORD_REGEX_PATTERN, (Object) regexPattern); } return null; }
@Override public Error validate(KeycloakSession session, UserModel user, String password) { if (passwordHistoryPolicyValue != -1) { UserCredentialValueModel cred = getCredentialValueModel(user, UserCredentialModel.PASSWORD); if (cred != null) { if(PasswordHashManager.verify(session, passwordPolicy, password, cred)) { return new Error(INVALID_PASSWORD_HISTORY, passwordHistoryPolicyValue); } } List<UserCredentialValueModel> passwordExpiredCredentials = getCredentialValueModels(user, passwordHistoryPolicyValue - 1, UserCredentialModel.PASSWORD_HISTORY); for (UserCredentialValueModel credential : passwordExpiredCredentials) { if (PasswordHashManager.verify(session, passwordPolicy, password, credential)) { return new Error(INVALID_PASSWORD_HISTORY, passwordHistoryPolicyValue); } } } return null; }
@Override public Error validate(KeycloakSession session, String username, String password) { return password.length() < min ? new Error(INVALID_PASSWORD_MIN_LENGTH_MESSAGE, min) : null; }
@Override public Error validate(KeycloakSession session, String username, String password) { int count = 0; for (char c : password.toCharArray()) { if (!Character.isLetterOrDigit(c)) { count++; } } return count < min ? new Error(INVALID_PASSWORD_MIN_SPECIAL_CHARS_MESSAGE, min) : null; }
@Override public Error validate(KeycloakSession session, String username, String password) { int count = 0; for (char c : password.toCharArray()) { if (Character.isDigit(c)) { count++; } } return count < min ? new Error(INVALID_PASSWORD_MIN_DIGITS_MESSAGE, min) : null; }
@Override public Error validate(KeycloakSession session, String username, String password) { int count = 0; for (char c : password.toCharArray()) { if (Character.isUpperCase(c)) { count++; } } return count < min ? new Error(INVALID_PASSWORD_MIN_UPPER_CASE_CHARS_MESSAGE, min) : null; }
@Override public Error validate(KeycloakSession session, String username, String password) { return username.equals(password) ? new Error(INVALID_PASSWORD_NOT_USERNAME) : null; }
@Override public Error validate(KeycloakSession session, String username, String password) { int count = 0; for (char c : password.toCharArray()) { if (Character.isLowerCase(c)) { count++; } } return count < min ? new Error(INVALID_PASSWORD_MIN_LOWER_CASE_CHARS_MESSAGE, min) : null; }
public void updateCredential(RealmModel realm, UserModel user, UserCredentialModel credential) { if (credential.getType().equals(UserCredentialModel.PASSWORD)) { if (realm.getPasswordPolicy() != null) { PasswordPolicy.Error error = realm.getPasswordPolicy().validate(session, user, credential.getValue()); if (error != null) throw new ModelException(error.getMessage(), error.getParameters()); } } user.updateCredential(credential); }