keycloak-admin 1.1.3 → 1.1.5

data/keycloak-admin.gemspec

@@ -19,6 +19,6 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "http-cookie", "~> 1.0", ">= 1.0.3"
   spec.add_dependency "rest-client", "~> 2.0"
-  spec.add_development_dependency "rspec",  "3.12.0"
-  spec.add_development_dependency "byebug", "11.1.3"
+  spec.add_development_dependency "rspec",  "3.13.2"
+  spec.add_development_dependency "byebug", "12.0.0"
 end

data/lib/keycloak-admin/client/group_client.rb

@@ -108,6 +108,23 @@ module KeycloakAdmin
       role_representation
     end
 
+    # Remove a realm-level role from a group by the role name
+    def remove_realm_level_role_name!(group_id, role_name)
+      role_representation = RoleClient.new(@configuration, @realm_client).get(role_name)
+      url = "#{groups_url(group_id)}/role-mappings/realm"
+      execute_http do
+        RestClient::Request.execute(
+          @configuration.rest_client_options.merge(
+            url:,
+            method: :delete,
+            payload: create_payload([role_representation]),
+            headers: headers
+          )
+        )
+      end
+      true
+    end
+
     def groups_url(id=nil)
       if id
         "#{@realm_client.realm_admin_url}/groups/#{id}"

data/lib/keycloak-admin/client/role_mapper_client.rb

@@ -23,10 +23,12 @@ module KeycloakAdmin
     def remove_realm_level(role_representation_list)
       execute_http do
         RestClient::Request.execute(
-          method: :delete, 
-          url: realm_level_url, 
-          payload: create_payload(role_representation_list), 
-          headers: headers
+          @configuration.rest_client_options.merge(
+            method: :delete,
+            url: realm_level_url,
+            payload: create_payload(role_representation_list), 
+            headers: headers
+          )
         )
       end
     end

data/lib/keycloak-admin/client/user_client.rb

@@ -123,6 +123,13 @@ module KeycloakAdmin
       user_id
     end
 
+    def credentials(user_id)
+      response = execute_http do
+        RestClient::Resource.new(credentials_url(user_id), @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |group_as_hash| CredentialRepresentation.from_hash(group_as_hash) }
+    end
+
     def forgot_password(user_id, lifespan=nil)
       execute_actions_email(user_id, ["UPDATE_PASSWORD"], lifespan)
     end
@@ -232,6 +239,11 @@ module KeycloakAdmin
       "#{users_url(user_id)}/groups"
     end
 
+    def credentials_url(user_id)
+      raise ArgumentError.new("user_id must be defined") if user_id.nil?
+      "#{users_url(user_id)}/credentials"
+    end
+
     def impersonation_url(user_id)
       raise ArgumentError.new("user_id must be defined") if user_id.nil?
       "#{users_url(user_id)}/impersonation"

data/lib/keycloak-admin/representation/credential_representation.rb

@@ -1,6 +1,8 @@
 module KeycloakAdmin
   class CredentialRepresentation < Representation
-    attr_accessor :type,
+    attr_accessor :id,
+      :type,
+      :userLabel,
       :device,
       :value,
       :hashedSaltedValue,
@@ -10,7 +12,9 @@ module KeycloakAdmin
       :algorithm,
       :digits,
       :period,
-      :created_date,
+      :createdDate,
+      :credentialData,
+      :secretData,
       :config,
       :temporary
 
@@ -30,10 +34,39 @@ module KeycloakAdmin
     def self.from_hash(hash)
       credential = new
       hash.each do |key, value|
-        property = "@#{key}".to_sym
-        credential.instance_variable_set(property, value)
+        if credential.respond_to?("#{key}=")
+          credential.public_send("#{key}=", value)
+        end
       end
+
+      nested_attributes = safely_parse_nested_json(hash["credentialData"]).merge(safely_parse_nested_json(hash["secretData"]))
+
+      nested_attributes.each do |key, value|
+        if credential.respond_to?("#{key}=")
+          current_value = credential.public_send(key)
+          if current_value.nil?
+            credential.public_send("#{key}=", value)
+          end
+        end
+      end
+
       credential
     end
+
+    class << self
+      private
+
+      def safely_parse_nested_json(json_string)
+        if json_string.nil? || json_string.strip.empty?
+          {}
+        else
+          begin
+            JSON.parse(json_string)
+          rescue JSON::ParserError
+            {}
+          end
+        end
+      end
+    end
   end
 end

data/lib/keycloak-admin/version.rb

@@ -1,3 +1,3 @@
 module KeycloakAdmin
-  VERSION = "1.1.3"
+  VERSION = "1.1.5"
 end

data/spec/client/client_authz_permission_client_spec.rb

@@ -31,7 +31,7 @@ RSpec.describe KeycloakAdmin::ClientAuthzPermissionClient do
       it "does not raise any error" do
         expect {
           @realm.authz_permissions("", type)
-        }.to raise_error
+        }.to raise_error(ArgumentError)
       end
     end
   end

data/spec/client/client_authz_policy_client_spec.rb

@@ -31,7 +31,7 @@ RSpec.describe KeycloakAdmin::ClientAuthzPolicyClient do
       it "does not raise any error" do
         expect {
           @realm.authz_policies("", type)
-        }.to raise_error
+        }.to raise_error(ArgumentError)
       end
     end
   end

data/spec/client/group_client_spec.rb

@@ -255,4 +255,74 @@ RSpec.describe KeycloakAdmin::GroupClient do
       expect { @group_client.delete("test_group_id") }.to raise_error("error")
     end
   end
+
+  describe '#get_realm_level_roles' do
+    let(:realm_name) { 'valid-realm' }
+    before(:each) do
+      @group_client = KeycloakAdmin.realm(realm_name).groups
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '[{"id":"role-id","name":"role-name"}]'
+    end
+
+    it 'gets all realm-level roles for a group' do
+      roles = @group_client.get_realm_level_roles('test-group-id')
+      expect(roles.length).to eq 1
+      expect(roles[0].id).to eq 'role-id'
+      expect(roles[0].name).to eq 'role-name'
+    end
+  end
+
+  describe '#add_realm_level_role_name!' do
+    let(:realm_name) { 'valid-realm' }
+
+    before(:each) do
+      @group_client = KeycloakAdmin.realm(realm_name).groups
+
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:post).and_return ''
+    end
+
+    it 'adds a realm-level role to a group' do
+      role_representation = double
+      allow(role_representation).to receive(:name).and_return 'test-role-name'
+
+      role_client = double
+      allow(role_client).to receive(:get).with('test-role-name').and_return role_representation
+      allow(KeycloakAdmin::RoleClient).to receive(:new).and_return role_client
+
+      result = @group_client.add_realm_level_role_name!('test-group-id', 'test-role-name')
+      expect(result).to eq role_representation
+    end
+  end
+
+  describe '#remove_realm_level_role_name!' do
+    let(:realm_name) { 'valid-realm' }
+
+    before(:each) do
+      @group_client = KeycloakAdmin.realm(realm_name).groups
+
+      stub_token_client
+      allow(RestClient::Request).to receive(:execute).and_return ''
+    end
+
+    it 'deletes a realm-level role from a group' do
+      role_representation = double
+      allow(role_representation).to receive(:name).and_return 'test-role-name'
+
+      role_client = double
+      allow(role_client).to receive(:get).with('test-role-name').and_return role_representation
+      allow(KeycloakAdmin::RoleClient).to receive(:new).and_return role_client
+
+      result = @group_client.remove_realm_level_role_name!('test-group-id', 'test-role-name')
+      expect(result).to be(true)
+      expect(RestClient::Request).to have_received(:execute).with(
+        hash_including(
+          url: "http://auth.service.io/auth/admin/realms/valid-realm/groups/test-group-id/role-mappings/realm",
+          method: :delete,
+          payload: @group_client.send(:create_payload, [role_representation]),
+          headers: @group_client.send(:headers)
+        )
+      )
+    end
+  end
 end

data/spec/client/role_mapper_client_spec.rb

@@ -65,4 +65,49 @@ RSpec.describe KeycloakAdmin::RoleMapperClient do
       @role_mapper_client.save_realm_level(role_list)
     end
   end
+
+  describe "#remove_realm_level" do
+    let(:realm_name) { "valid-realm" }
+    let(:user_id)    { "test_user" }
+    let(:role_list) { [
+      KeycloakAdmin::RoleRepresentation.from_hash(
+        "id" => "d9e3376b-f602-4086-8eee-89fea73c73ea"
+      )
+    ] }
+    let(:expected_url) { "http://auth.service.io/auth/admin/realms/valid-realm/users/test_user/role-mappings/realm" }
+
+    before(:each) do
+      @role_mapper_client = KeycloakAdmin.realm(realm_name).user(user_id).role_mapper
+
+      stub_token_client
+    end
+
+    it "removes realm-level role mappings" do
+      expect(RestClient::Request).to receive(:execute).with(
+        hash_including(
+          method: :delete,
+          url: expected_url,
+          payload: role_list.to_json
+        )
+      )
+
+      @role_mapper_client.remove_realm_level(role_list)
+    end
+
+    it "passes rest client options" do
+      rest_client_options = {timeout: 10}
+      allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
+      
+      expect(RestClient::Request).to receive(:execute).with(
+        hash_including(
+          method: :delete,
+          url: expected_url,
+          payload: role_list.to_json,
+          timeout: 10
+        )
+      )
+
+      @role_mapper_client.remove_realm_level(role_list)
+    end
+  end
 end

data/spec/client/user_client_spec.rb

@@ -370,4 +370,49 @@ RSpec.describe KeycloakAdmin::TokenClient do
       end
     end
   end
+
+  describe '#credentials' do
+    let(:realm_name) { "valid-realm" }
+
+    before(:each) do
+      @user_client = KeycloakAdmin.realm(realm_name).users
+      stub_token_client
+      json_payload = <<-'payload'
+        [
+          {
+            "id": "2ff4b4d0-fd72-4c6e-9684-02ab337687c2",
+            "type": "password",
+            "userLabel": "My password",
+            "createdDate": 1767604673211,
+            "credentialData": "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}"
+          },
+          {
+            "id": "34389672-9356-4154-9ed6-6c212b869010",
+            "type": "otp",
+            "userLabel": "Smartphone",
+            "createdDate": 1767605202060,
+            "credentialData": "{\"subType\":\"totp\",\"digits\":6,\"counter\":0,\"period\":30,\"algorithm\":\"HmacSHA1\"}"
+          }
+        ]
+      payload
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return json_payload
+    end
+
+    context 'when user_id is defined' do
+      let(:user_id) { '95985b21-d884-4bbd-b852-cb8cd365afc2' }
+      it 'returns list of credentials' do
+        response = @user_client.credentials(user_id)
+        expect(response.size).to eq 2
+        expect(response[0].id).to eq "2ff4b4d0-fd72-4c6e-9684-02ab337687c2"
+        expect(response[1].id).to eq "34389672-9356-4154-9ed6-6c212b869010"
+      end
+    end
+
+    context 'when user_id is not defined' do
+      let(:user_id) { nil }
+      it 'raise argument error' do
+        expect { @user_client.credentials(user_id) }.to raise_error(ArgumentError)
+      end
+    end
+  end
 end

data/spec/integration/client_authorization_spec.rb

@@ -1,7 +1,7 @@
 RSpec.describe 'ClientAuthorization' do
 
-  before do
-    skip unless ENV["GITHUB_ACTIONS"]
+  before(:each) do
+    skip("This test requires to be run in a Github action.")  unless ENV["GITHUB_ACTIONS"]
 
     KeycloakAdmin.configure do |config|
       config.use_service_account = false
@@ -14,14 +14,12 @@ RSpec.describe 'ClientAuthorization' do
     end
   end
 
-  after do
+  after(:each) do
     configure
   end
 
   describe "ClientAuthorization Suite" do
     it do
-      skip unless ENV["GITHUB_ACTIONS"]
-
       realm_name = "dummy"
 
       client = KeycloakAdmin.realm(realm_name).clients.find_by_client_id("dummy-client")

data/spec/representation/credential_representation_spec.rb

@@ -0,0 +1,68 @@
+
+RSpec.describe KeycloakAdmin::CredentialRepresentation do
+  describe ".from_json" do
+    it "parses a password" do
+      json_payload = <<-'payload'
+        {
+          "id": "2ff4b4d0-fd72-4c6e-9684-02ab337687c2",
+          "type": "password",
+          "userLabel": "My password",
+          "createdDate": 1767604673211,
+          "credentialData": "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}"
+        }
+      payload
+
+      credential = described_class.from_json(json_payload)
+      expect(credential).to be
+      expect(credential).to be_a described_class
+      expect(credential.id).to eq "2ff4b4d0-fd72-4c6e-9684-02ab337687c2"
+      expect(credential.type).to eq "password"
+      expect(credential.createdDate).to eq 1767604673211
+      expect(credential.credentialData).to eq "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}"
+      expect(credential.userLabel).to eq "My password"
+      expect(credential.device).to be_nil
+      expect(credential.value).to be_nil
+      expect(credential.hashedSaltedValue).to be_nil
+      expect(credential.salt).to be_nil
+      expect(credential.hashIterations).to eq 5
+      expect(credential.counter).to be_nil
+      expect(credential.algorithm).to eq "argon2"
+      expect(credential.digits).to be_nil
+      expect(credential.period).to be_nil
+      expect(credential.config).to be_nil
+      expect(credential.temporary).to be_nil
+    end
+
+    it "parses an otp" do
+      json_payload = <<-'payload'
+        {
+          "id": "34389672-9356-4154-9ed6-6c212b869010",
+          "type": "otp",
+          "userLabel": "Smartphone",
+          "createdDate": 1767605202060,
+          "credentialData": "{\"subType\":\"totp\",\"digits\":6,\"counter\":0,\"period\":30,\"algorithm\":\"HmacSHA1\"}"
+        }
+      payload
+
+      credential = described_class.from_json(json_payload)
+      expect(credential).to be
+      expect(credential).to be_a described_class
+      expect(credential.id).to eq "34389672-9356-4154-9ed6-6c212b869010"
+      expect(credential.type).to eq "otp"
+      expect(credential.createdDate).to eq 1767605202060
+      expect(credential.credentialData).to eq "{\"subType\":\"totp\",\"digits\":6,\"counter\":0,\"period\":30,\"algorithm\":\"HmacSHA1\"}"
+      expect(credential.userLabel).to eq "Smartphone"
+      expect(credential.device).to be_nil
+      expect(credential.value).to be_nil
+      expect(credential.hashedSaltedValue).to be_nil
+      expect(credential.salt).to be_nil
+      expect(credential.hashIterations).to be_nil
+      expect(credential.counter).to eq 0
+      expect(credential.algorithm).to eq "HmacSHA1"
+      expect(credential.digits).to eq 6
+      expect(credential.period).to eq 30
+      expect(credential.config).to be_nil
+      expect(credential.temporary).to be_nil
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: keycloak-admin
 version: !ruby/object:Gem::Version
-  version: 1.1.3
+  version: 1.1.5
 platform: ruby
 authors:
 - Lorent Lempereur
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-07-12 00:00:00.000000000 Z
+date: 2026-01-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: http-cookie
@@ -50,28 +50,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.12.0
+        version: 3.13.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.12.0
+        version: 3.13.2
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 11.1.3
+        version: 12.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 11.1.3
+        version: 12.0.0
 description: Keycloak Admin REST API client written in Ruby
 email:
 - lorent.lempereur.dev@gmail.com
@@ -160,6 +160,7 @@ files:
 - spec/representation/client_authz_resource_representation_spec.rb
 - spec/representation/client_authz_scope_representation_spec.rb
 - spec/representation/client_representation_spec.rb
+- spec/representation/credential_representation_spec.rb
 - spec/representation/group_representation_spec.rb
 - spec/representation/identity_provider_mapper_representation_spec.rb
 - spec/representation/identity_provider_representation_spec.rb
@@ -190,7 +191,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.11
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: Keycloak Admin REST API client written in Ruby