feat: Keycloak support for email 2fa (#21)

keycloak/Dockerfile

@@ -1,9 +1,16 @@
+# Build repos that are not delpoyed (because these are feature branches)
+FROM maven:3.9.4-eclipse-temurin-17 AS java
+RUN git clone https://github.com/Aam-Digital/keycloak-2fa-email-authenticator.git email-auth
+RUN cd email-auth && mvn package
+
 # Inspired by https://www.keycloak.org/server/containers
-FROM quay.io/keycloak/keycloak:19.0.1 as builder
+FROM quay.io/keycloak/keycloak:22.0.5 AS builder
 ARG KC_DB=postgres
-RUN curl -L https://github.com/aerogear/keycloak-metrics-spi/releases/download/3.0.0/keycloak-metrics-spi-3.0.0.jar > /opt/keycloak/providers/keycloak-metrics-spi.jar
+ADD --chown=keycloak:keycloak https://github.com/aerogear/keycloak-metrics-spi/releases/download/3.0.0/keycloak-metrics-spi-3.0.0.jar /opt/keycloak/providers/keycloak-metrics-spi.jar
+ADD --chown=keycloak:keycloak https://github.com/wouterh-dev/keycloak-spi-trusted-device/releases/download/v0.0.1-22/keycloak-spi-trusted-device-0.0.1-22.jar /opt/keycloak/providers/keycloak-trusted-device.jar
+COPY --from=java email-auth/target/keycloak-2fa-email-authenticator-1.0.0.0-SNAPSHOT.jar /opt/keycloak/providers/keycloak-2fa-email-authenticator.jar
 RUN /opt/keycloak/bin/kc.sh build
 
-FROM quay.io/keycloak/keycloak:19.0.1
+FROM quay.io/keycloak/keycloak:22.0.5
 COPY --from=builder /opt/keycloak/lib/quarkus/ /opt/keycloak/lib/quarkus/
-COPY --from=builder /opt/keycloak/providers/keycloak-metrics-spi.jar /opt/keycloak/providers/
+COPY --from=builder /opt/keycloak/providers /opt/keycloak/providers/

keycloak/aam-theme/email/html/code-email.ftl

@@ -0,0 +1,8 @@
+<html>
+<body>
+<h1 style="color: #ff9800">Aam Digital - ${realmName}</h1>
+${kcSanitize(msg("emailCodeBodyHtml", ttl))}
+<h2>${code}</h2>
+${kcSanitize(msg("emailFooterHtml"))?no_esc}
+</body>
+</html>

keycloak/aam-theme/email/html/executeActions.ftl

@@ -14,10 +14,6 @@ ${kcSanitize(msg("passwordResetBodyHtml", link, user.username, realmName, linkEx
 <#else>
 ${kcSanitize(msg("executeActionsBodyHtml", link, linkExpiration, realmName, requiredActionsText, linkExpirationFormatter(linkExpiration)))?no_esc}
 </#if>
-<br/>
-<p>If you have any problems or questions, don’t hesitate to get in touch with us at <a href="mailto:[email protected]">[email protected]</a>.</p>
-<br/>
-<p> Best regards,</p>
-<p>Your Aam Digital Team</p>
+${kcSanitize(msg("emailFooterHtml"))?no_esc}
 </body>
 </html>

keycloak/aam-theme/email/messages/messages_en.properties

@@ -2,3 +2,8 @@ emailVerificationBody=Your email has been linked to the Aam Digital user: {1}. T
 emailVerificationBodyHtml=<p>Your email has been linked to the Aam Digital user: <b>{1}</b>. To verify your email, click the link below. After verifying your email, you will be forwarded to the Aam Digital application.</p><p><a href="{0}">Verify email</a></p><p>This link will expire within {3}.</p><p>Please keep in mind that your account gives access to personal information of your project''s participants that should be handled with care. <b>Don''t share your access with anyone.</b></p><p>After verifying your email, you can open the Application with the link below.</p><p><a href="https://{2}.aam-digital.com">Open Aam Digital</a></p>
 passwordResetBody=Someone just requested to change the password for your Aam Digital account with the name: {1}. If this was you, click on the link below to reset it.\n\n{0}\n\nThis link and code will expire within {3}.\n\nIf you don''t want to reset your password, just ignore this message and nothing will be changed.
 passwordResetBodyHtml=<p>Someone just requested to change the password for your Aam Digital account with the name: <b>{1}</b>. If this was you, click on the link below to reset it.</p><p><a href="{0}">Reset password</a></p><p>This link will expire within {3}.</p><p>If you don''t want to reset your password, just ignore this message and nothing will be changed.</p>
+emailFooter=\n\nIf you have any problems or questions, don''t hesitate to get in touch with us at [email protected] .\n\n   Best regards, \n\nYour Aam Digital Team
+emailFooterHtml=<br/><p>If you have any problems or questions, don''t hesitate to get in touch with us at <a href="mailto:[email protected]">[email protected]</a>.</p><br/><p> Best regards,</p><p>Your Aam Digital Team</p>
+emailCodeSubject={0} access code
+emailCodeBody=Access Code: {0} \n\nThis code will expire within {1} seconds.
+emailCodeBodyHtml=Enter the code below. \n\nThis code will expire within {0} seconds.

keycloak/aam-theme/email/text/code-email.ftl

@@ -0,0 +1,4 @@
+<#ftl output_format="plainText">
+Aam Digital - ${realmName}\n\n
+${msg("emailCodeBody", code, ttl)}
+${msg("emailFooter")}

keycloak/aam-theme/email/text/executeActions.ftl

@@ -10,7 +10,4 @@ ${msg("passwordResetBody",link, user.username, linkExpirationFormatter(linkExpir
 <#else>
 ${msg("executeActionsBody",link, linkExpiration, realmName, requiredActionsText, linkExpirationFormatter(linkExpiration))}
 </#if>
-\n\n
-If you have any problems or questions, don’t hesitate to get in touch with us at [email protected] .\n\n
-   Best regards,\n\n
-Your Aam Digital Team
+${msg("emailFooter")}

keycloak/aam-theme/login/messages/messages_en.properties

@@ -0,0 +1 @@
+resendCode=Resend code

keycloak/aam-theme/login/resources/css/styles.css

@@ -1,5 +1,5 @@
 .login-pf body {
-    background: #fff3e0;
+    background: white;
 }
 
 .card-pf {

keycloak/client_config.json

@@ -88,7 +88,8 @@
     }
   ],
   "defaultClientScopes": [
-    "email"
+    "email",
+    "openid"
   ],
   "optionalClientScopes": [],
   "access": {