search

p2-inc / keycloak-events

Useful Keycloak event listener implementations and utilities.
https://phasetwo.io
Other
168 stars 35 forks source link

Error while sending RESET_PASSWORD event #22

Closed paulwer closed 1 year ago

paulwer commented 1 year ago 
WARN  [org.keycloak.events] (executor-thread-23) type=RESET_PASSWORD_ERROR, realmId=e427102e-e35c-4776-a367-eb4b4d180776, clientId=account-console, userId=null, ipAddress=xxx.xxx.xxx.xxx, error=expired_code, code_id=8b817936-f48c-49ca-b2f5-3d61e5e02064" (ip was masked)

WARN  [io.phasetwo.keycloak.events.RunnableTransaction] (executor-thread-23) Error running Runnable: java.lang.NullPointerException: Cannot invoke "org.keycloak.models.RealmModel.getId()" because "realm" is null"

this error is also issued, when reseting the password:

WARN [org.keycloak.services] (executor-thread-2) KC-SERVICES0013: Failed authentication: java.lang.NullPointerException: Cannot invoke "org.keycloak.email.EmailTemplateProvider.setRealm(org.keycloak.models.RealmModel)" because the return value of "org.keycloak.models.KeycloakSession.getProvider(java.lang.Class)" is null

an other error regarding the EmailTemplateProvider accurs, when using sendSmtpTestEmail endpoint

java.lang.NullPointerException: Cannot invoke "org.keycloak.email.EmailTemplateProvider.sendSmtpTestEmail(java.util.Map, org.keycloak.models.UserModel)" because the return value of "org.keycloak.models.KeycloakSession.getProvider(java.lang.Class)" is null
   at org.keycloak.services.resources.admin.RealmAdminResource.testSMTPConnection(RealmAdminResource.java:938 undefined)
   at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77 undefined)
   at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43 undefined)
   at java.base/java.lang.reflect.Method.invoke(Method.java:568 undefined)
   at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170 undefined)
   at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130 undefined)
   at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660 undefined)
   at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524 undefined)
   at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474 undefined)
   at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364 undefined)
   at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476 undefined)
   at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434 undefined)
   at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192 undefined)
   at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:152 undefined)
   at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:183 undefined)
   at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141 undefined)
   at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32 undefined)
   at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492 undefined)
   at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261 undefined)
   at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161 undefined)
   at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364 undefined)
   at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164 undefined)
   at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247 undefined)
   at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73 undefined)
   at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151 undefined)
   at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82 undefined)
   at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42 undefined)
   at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284 undefined)
   at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173 undefined)
   at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140 undefined)
   at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:84 undefined)
   at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:71 undefined)
   at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284 undefined)
   at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173 undefined)
   at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140 undefined)
   at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:430 undefined)
   at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:408 undefined)
   at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284 undefined)
   at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173 undefined)
   at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140 undefined)
   at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$0(QuarkusRequestFilter.java:82 undefined)
   at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576 undefined)
   at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449 undefined)
   at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478 undefined)
   at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29 undefined)
   at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29 undefined)
   at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30 undefined)
   at java.base/java.lang.Thread.run(Thread.java:833 undefined)

we are using the docker image

xgp commented 1 year ago

Are you running it with the spi args?

    --spi-email-template-provider=freemarker-plus-mustache \
    --spi-email-template-freemarker-plus-mustache-enabled=true
xgp commented 1 year ago

Are these stack traces? Can you format them so they are readable?

paulwer commented 1 year ago

@xgp i tried both, running with and without these flags only the last with stack-trace. do you nee the other ones as well?

xgp commented 1 year ago

@paulwer Thank you! Send me the full command you use to run the image, and which (if any) email theme you have selected, and I'll try to reproduce here.

paulwer commented 1 year ago

@xgp Here is the dockerfile. The instance is running in google cloud run. (import of the google cloud mysql socket factory as an additional provider). it is also using a customized login theme => https://github.com/lukin/keywind

FROM quay.io/phasetwo/phasetwo-keycloak:latest as builder

ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
ENV KC_FEATURES=preview,token-exchange
ENV KC_DB=mysql

# This is needed in order to use com.google.cloud.sql.mysql.SocketFactory
# More at https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/blob/main/docs/jdbc-mysql.md
ENV KC_DB_KIND=mysql
ENV KC_DB_DIALECT=org.hibernate.dialect.MySQL8Dialect
COPY mysql-socket-factory-1.8.1-jar-with-dependencies.jar /opt/keycloak/providers/

# Install custom theme
COPY /keywind/out/keywind.jar /opt/keycloak/providers/keywind-theme.jar

# Install custom providers
# RUN curl -sL https://github.com/aerogear/keycloak-metrics-spi/releases/download/2.5.3/keycloak-metrics-spi-2.5.3.jar -o /opt/keycloak/providers/keycloak-metrics-spi-2.5.3.jar

RUN /opt/keycloak/bin/kc.sh build --transaction-xa-enabled=false

FROM quay.io/phasetwo/phasetwo-keycloak:latest

# Install socket for mysql
COPY mysql-socket-factory-1.8.1-jar-with-dependencies.jar /opt/keycloak/providers/

COPY --from=builder /opt/keycloak /opt/keycloak
WORKDIR /opt/keycloak
# for demonstration purposes only, please make sure to use proper certificates in production instead
# RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
# change these values to point to a running mysql instance
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
ENV KC_FEATURES=preview,token-exchange

ENV KEYCLOAK_ADMIN=admin
ENV KEYCLOAK_ADMIN_PASSWORD=admin

ENV KC_DB=mysql
ENV KC_DB_KIND=mysql
ENV KC_DB_DIALECT=org.hibernate.dialect.MySQL8Dialect
ENV KC_TRANSACTION_XA_ENABLED=false

# ENV KC_DB_URL="jdbc:mysql:///keycloak?cloudSqlInstance=<INSTANCE_CONNECTION_NAME>&socketFactory=com.google.cloud.sql.mysql.SocketFactory"
# ENV KC_DB_USERNAME=<MYSQL_USERNAME>
# ENV KC_DB_PASSWORD=<MYSQL_USER_PASSWORD>

ENV KC_HOSTNAME_STRICT=false
ENV KC_HTTPS_CLIENT_AUTH=request
ENV KC_HTTPS_PORT=8443
ENV KC_HTTPS_PROTOCOLS=TLSv1.3,TLSv1.2
ENV KC_HTTP_ENABLED=true
ENV KC_HTTP_PORT=8080
ENV KC_PROXY=edge
ENV PROXY_ADDRESS_FORWARDING=true

ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", "--optimized", "--spi-email-template-provider=freemarker-plus-mustache", "--spi-email-template-freemarker-plus-mustache-enabled=true"]

i tried the test-email with the following theme-providers: Attribute, base, keycloak, mustache

xgp commented 1 year ago

Thanks for the context. A similar issue was filed and I think I found what is happening. I think the missing piece is that you need to use the spi flags in the build command as well. E.g.

RUN /opt/keycloak/bin/kc.sh build --transaction-xa-enabled=false --spi-email-template-provider=freemarker-plus-mustache --spi-email-template-freemarker-plus-mustache-enabled=true --spi-theme-cache-themes=false

I tested that successfully with something very close to your example.

paulwer commented 1 year ago

thank you very much. i will try it out tomorrow. i suggest adding this as known issues within the Readme.md and a requirement for the build process.

paulwer commented 1 year ago

@xgp worked, thank you very much