From 66cc392aa7dffbfbdd5ddb4b8573a61e07834dca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niko=20Ko=CC=88bler?= <niko@n-k.de>
Date: Fri, 24 Jan 2025 16:19:34 +0100
Subject: [PATCH] alternative method for password policy validation

---
 .../FlintstonesUserStorageProvider.java       | 32 +++++++++++--------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/flintstones-userprovider/src/main/java/dasniko/keycloak/user/flintstones/FlintstonesUserStorageProvider.java b/flintstones-userprovider/src/main/java/dasniko/keycloak/user/flintstones/FlintstonesUserStorageProvider.java
index 78c3b52..80234e4 100644
--- a/flintstones-userprovider/src/main/java/dasniko/keycloak/user/flintstones/FlintstonesUserStorageProvider.java
+++ b/flintstones-userprovider/src/main/java/dasniko/keycloak/user/flintstones/FlintstonesUserStorageProvider.java
@@ -10,12 +10,11 @@
 import org.keycloak.models.GroupModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.ModelException;
-import org.keycloak.models.PasswordPolicy;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserCredentialModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.credential.PasswordCredentialModel;
-import org.keycloak.policy.PasswordPolicyProvider;
+import org.keycloak.policy.PasswordPolicyManagerProvider;
 import org.keycloak.policy.PolicyError;
 import org.keycloak.storage.StorageId;
 import org.keycloak.storage.UserStorageProvider;
@@ -73,18 +72,25 @@ public boolean updateCredential(RealmModel realm, UserModel user, CredentialInpu
 		}
 
 		if (usePasswordPolicy()) {
-			PasswordPolicy passwordPolicy = realm.getPasswordPolicy();
-			if (passwordPolicy != null) {
-				for (String policy : passwordPolicy.getPolicies()) {
-					PasswordPolicyProvider provider = session.getProvider(PasswordPolicyProvider.class, policy);
-					if (provider != null) {
-						PolicyError policyError = provider.validate(user.getUsername(), cred.getChallengeResponse());
-						if (policyError != null) {
-							throw new ModelException(policyError.getMessage(), policyError.getParameters());
-						}
-					}
-				}
+			PolicyError policyError = session.getProvider(PasswordPolicyManagerProvider.class)
+				.validate(realm, user, cred.getChallengeResponse());
+			if (policyError != null) {
+				throw new ModelException(policyError.getMessage(), policyError.getParameters());
 			}
+
+//			alternatively to above code:
+//			PasswordPolicy passwordPolicy = realm.getPasswordPolicy();
+//			if (passwordPolicy != null) {
+//				for (String policy : passwordPolicy.getPolicies()) {
+//					PasswordPolicyProvider provider = session.getProvider(PasswordPolicyProvider.class, policy);
+//					if (provider != null) {
+//						PolicyError policyError = provider.validate(user.getUsername(), cred.getChallengeResponse());
+//						if (policyError != null) {
+//							throw new ModelException(policyError.getMessage(), policyError.getParameters());
+//						}
+//					}
+//				}
+//			}
 		}
 
 		Credential credential = new Credential("password", cred.getChallengeResponse());