keycloak 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/generators/initializer_generator.rb +6 -3
- data/lib/keycloak.rb +183 -81
- data/lib/keycloak/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 664d5f8c6abad5cc3a139175fe7125f9ca41342a
|
|
4
|
+
data.tar.gz: 4e3c751dd137ba1081acf6a4e1c968c762459210
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 947e8843b23edd19b26120fb7f2b505e75e316600eaa4855dbf0c39047e0813c8272e386d2180b9b794d6d95550f2e41b72f18213e18f0141d05ed455c571c16
|
|
7
|
+
data.tar.gz: 174f31ed0058103d9e83f859fb821fa47bf0e21846ac88de822987d8ce582df71d93b302539c3305d3c17047dab441265f33d697c646fa1e8eaac9c2080b8933
|
|
@@ -4,11 +4,14 @@ class InitializerGenerator < Rails::Generators::Base
|
|
|
4
4
|
proxy = ""
|
|
5
5
|
generate_request_exception = true
|
|
6
6
|
"# Set proxy to connect in keycloak server
|
|
7
|
-
Keycloak
|
|
7
|
+
Keycloak.proxy = #{proxy}
|
|
8
8
|
# If true, then all request exception will explode in application (this is the default value)
|
|
9
|
-
Keycloak
|
|
9
|
+
Keycloak.generate_request_exception = #{generate_request_exception}
|
|
10
10
|
# controller that manage the user session
|
|
11
|
-
Keycloak
|
|
11
|
+
Keycloak.keycloak_controller = 'session'
|
|
12
|
+
# internal user for admin tasks
|
|
13
|
+
Keycloak::Internal.admin_user = ''
|
|
14
|
+
Keycloak::Internal.admin_password = ''"
|
|
12
15
|
end
|
|
13
16
|
end
|
|
14
17
|
end
|
data/lib/keycloak.rb
CHANGED
|
@@ -7,16 +7,17 @@ require 'uri'
|
|
|
7
7
|
|
|
8
8
|
module Keycloak
|
|
9
9
|
|
|
10
|
-
|
|
11
|
-
attr_accessor :proxy, :generate_request_exception, :keycloak_controller
|
|
10
|
+
class << self
|
|
11
|
+
attr_accessor :proxy, :generate_request_exception, :keycloak_controller,
|
|
12
|
+
:last_response
|
|
12
13
|
end
|
|
13
14
|
|
|
14
15
|
|
|
15
16
|
def self.explode_exception
|
|
16
|
-
if Keycloak
|
|
17
|
-
Keycloak
|
|
17
|
+
if Keycloak.generate_request_exception == nil
|
|
18
|
+
Keycloak.generate_request_exception = true
|
|
18
19
|
end
|
|
19
|
-
Keycloak
|
|
20
|
+
Keycloak.generate_request_exception
|
|
20
21
|
end
|
|
21
22
|
|
|
22
23
|
module Client
|
|
@@ -39,11 +40,11 @@ module Keycloak
|
|
|
39
40
|
@user, @password = user, password
|
|
40
41
|
|
|
41
42
|
payload = {'client_id' => @client_id,
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
43
|
+
'client_secret' => @secret,
|
|
44
|
+
'username' => @user,
|
|
45
|
+
'password' => @password,
|
|
46
|
+
'grant_type' => 'password'
|
|
47
|
+
}
|
|
47
48
|
|
|
48
49
|
mount_request_token(payload)
|
|
49
50
|
end
|
|
@@ -207,13 +208,13 @@ module Keycloak
|
|
|
207
208
|
KEYCLOACK_CONTROLLER_DEFAULT = 'session'
|
|
208
209
|
|
|
209
210
|
def self.setup_module
|
|
210
|
-
Keycloak
|
|
211
|
-
Keycloak
|
|
211
|
+
Keycloak.proxy ||= ''
|
|
212
|
+
Keycloak.keycloak_controller ||= KEYCLOACK_CONTROLLER_DEFAULT
|
|
212
213
|
get_installation
|
|
213
214
|
end
|
|
214
215
|
|
|
215
216
|
def self.exec_request(proc_request)
|
|
216
|
-
if Keycloak
|
|
217
|
+
if Keycloak.explode_exception
|
|
217
218
|
proc_request.call
|
|
218
219
|
else
|
|
219
220
|
begin
|
|
@@ -225,7 +226,7 @@ module Keycloak
|
|
|
225
226
|
end
|
|
226
227
|
|
|
227
228
|
def self.openid_configuration
|
|
228
|
-
RestClient.proxy = Keycloak
|
|
229
|
+
RestClient.proxy = Keycloak.proxy unless Keycloak.proxy.empty?
|
|
229
230
|
full_url = "#{@url}/realms/#{@realm}/.well-known/openid-configuration"
|
|
230
231
|
_request = -> do
|
|
231
232
|
RestClient.get full_url
|
|
@@ -260,7 +261,7 @@ module Keycloak
|
|
|
260
261
|
if @token["id_token"]
|
|
261
262
|
@decoded_id_token = JWT.decode @token["id_token"], @public_key, false, { :algorithm => 'RS256' }
|
|
262
263
|
end
|
|
263
|
-
Keycloak::Admin
|
|
264
|
+
Keycloak::Admin.setup_admin(@auth_server_url, @realm, @token["access_token"])
|
|
264
265
|
@token
|
|
265
266
|
else
|
|
266
267
|
response.return!
|
|
@@ -277,7 +278,7 @@ module Keycloak
|
|
|
277
278
|
module Admin
|
|
278
279
|
|
|
279
280
|
class << self
|
|
280
|
-
attr_reader :access_token, :auth_server_url, :realm
|
|
281
|
+
attr_reader :access_token, :auth_server_url, :realm
|
|
281
282
|
end
|
|
282
283
|
|
|
283
284
|
def self.setup_admin(auth_server_url, realm, access_token)
|
|
@@ -311,13 +312,16 @@ module Keycloak
|
|
|
311
312
|
end
|
|
312
313
|
|
|
313
314
|
def self.revoke_consent_user(id, clientID = nil)
|
|
314
|
-
if
|
|
315
|
+
if clientID.nil?
|
|
315
316
|
clientID = Keycloak::Client.client_id
|
|
316
317
|
end
|
|
317
318
|
generic_delete("users/#{id}/consents/#{clientID}")
|
|
318
319
|
end
|
|
319
320
|
|
|
320
321
|
def self.update_account_email(id, actions, redirectUri = '', clientID = nil)
|
|
322
|
+
if clientID.nil?
|
|
323
|
+
clientID = Keycloak::Client.client_id
|
|
324
|
+
end
|
|
321
325
|
generic_put("users/#{id}/execute-actions-email", {:redirect_uri => redirectUri, :client_id => clientID}, actions)
|
|
322
326
|
end
|
|
323
327
|
|
|
@@ -403,19 +407,19 @@ module Keycloak
|
|
|
403
407
|
# Generics methods
|
|
404
408
|
|
|
405
409
|
def self.generic_get(service, queryParameters = nil)
|
|
406
|
-
generic_request(service, queryParameters, nil, 'GET')
|
|
410
|
+
Keycloak.generic_request(@access_token, full_url(service), queryParameters, nil, 'GET')
|
|
407
411
|
end
|
|
408
412
|
|
|
409
413
|
def self.generic_post(service, queryParameters, bodyParameter)
|
|
410
|
-
generic_request(service, queryParameters, bodyParameter, 'POST')
|
|
414
|
+
Keycloak.generic_request(@access_token, full_url(service), queryParameters, bodyParameter, 'POST')
|
|
411
415
|
end
|
|
412
416
|
|
|
413
417
|
def self.generic_put(service, queryParameters, bodyParameter)
|
|
414
|
-
generic_request(service, queryParameters, bodyParameter, 'PUT')
|
|
418
|
+
Keycloak.generic_request(@access_token, full_url(service), queryParameters, bodyParameter, 'PUT')
|
|
415
419
|
end
|
|
416
420
|
|
|
417
421
|
def self.generic_delete(service, queryParameters = nil, bodyParameter = nil)
|
|
418
|
-
generic_request(service, queryParameters, bodyParameter, 'DELETE')
|
|
422
|
+
Keycloak.generic_request(@access_token, full_url(service), queryParameters, bodyParameter, 'DELETE')
|
|
419
423
|
end
|
|
420
424
|
|
|
421
425
|
private
|
|
@@ -424,86 +428,184 @@ module Keycloak
|
|
|
424
428
|
@auth_server_url + "/admin/realms/#{@realm}/"
|
|
425
429
|
end
|
|
426
430
|
|
|
427
|
-
def self.
|
|
428
|
-
|
|
431
|
+
def self.full_url(service)
|
|
432
|
+
base_url + service
|
|
433
|
+
end
|
|
434
|
+
|
|
435
|
+
end
|
|
429
436
|
|
|
430
|
-
|
|
431
|
-
|
|
437
|
+
module Internal
|
|
438
|
+
include Keycloak::Admin
|
|
432
439
|
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
440
|
+
class << self
|
|
441
|
+
attr_accessor :admin_user, :admin_password
|
|
442
|
+
end
|
|
443
|
+
|
|
444
|
+
def self.forgot_password(userID, redirectURI)
|
|
445
|
+
proc = lambda {|token|
|
|
446
|
+
Keycloak.generic_request(token["access_token"],
|
|
447
|
+
Keycloak::Client.auth_server_url + "/admin/realms/#{Keycloak::Client.realm}/users/#{userID}/execute-actions-email",
|
|
448
|
+
{:redirect_uri => redirectURI, :client_id => Keycloak::Client.client_id},
|
|
449
|
+
['UPDATE_PASSWORD'],
|
|
450
|
+
'PUT')
|
|
451
|
+
}
|
|
452
|
+
|
|
453
|
+
default_call(proc)
|
|
454
|
+
|
|
455
|
+
end
|
|
456
|
+
|
|
457
|
+
def self.get_logged_user_info
|
|
458
|
+
proc = lambda {|token|
|
|
459
|
+
userinfo = Keycloak::Client.get_userinfo
|
|
460
|
+
Keycloak.generic_request(token["access_token"],
|
|
461
|
+
Keycloak::Client.auth_server_url + "/admin/realms/#{Keycloak::Client.realm}/users/#{userinfo['sub']}",
|
|
462
|
+
nil, nil, 'GET')
|
|
463
|
+
}
|
|
464
|
+
|
|
465
|
+
default_call(proc)
|
|
466
|
+
end
|
|
467
|
+
|
|
468
|
+
def self.is_logged_federation_user?
|
|
469
|
+
info = get_logged_user_info
|
|
470
|
+
info['federationLink'] != nil
|
|
471
|
+
end
|
|
472
|
+
|
|
473
|
+
protected
|
|
474
|
+
|
|
475
|
+
def self.default_call(proc)
|
|
476
|
+
begin
|
|
477
|
+
tk = nil
|
|
478
|
+
resp = nil
|
|
479
|
+
|
|
480
|
+
Keycloak::Client.get_installation
|
|
481
|
+
|
|
482
|
+
payload = {'client_id' => Keycloak::Client.client_id,
|
|
483
|
+
'client_secret' => Keycloak::Client.secret,
|
|
484
|
+
'username' => @admin_user,
|
|
485
|
+
'password' => @admin_password,
|
|
486
|
+
'grant_type' => 'password'
|
|
487
|
+
}
|
|
488
|
+
|
|
489
|
+
header = {'Content-Type' => 'application/x-www-form-urlencoded'}
|
|
437
490
|
|
|
438
|
-
case method.upcase
|
|
439
|
-
when 'GET'
|
|
440
491
|
_request = -> do
|
|
441
|
-
RestClient.
|
|
442
|
-
|
|
492
|
+
RestClient.post(Keycloak::Client.configuration['token_endpoint'], payload, header){|response, request, result|
|
|
493
|
+
case response.code
|
|
494
|
+
when 200..399
|
|
495
|
+
tk = JSON response.body
|
|
496
|
+
resp = proc.call(tk)
|
|
497
|
+
else
|
|
498
|
+
response.return!
|
|
499
|
+
end
|
|
443
500
|
}
|
|
444
501
|
end
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
461
|
-
|
|
462
|
-
|
|
463
|
-
header["Content-Type"] = 'application/json'
|
|
464
|
-
parameters = JSON.generate bodyParameter
|
|
465
|
-
RestClient::Request.execute(method: :delete, url: final_url,
|
|
466
|
-
payload: parameters, headers: header){|response, request, result|
|
|
467
|
-
rescue_response(response)
|
|
468
|
-
}
|
|
469
|
-
else
|
|
470
|
-
RestClient.delete(final_url, header){|response, request, result|
|
|
471
|
-
rescue_response(response)
|
|
502
|
+
|
|
503
|
+
Keycloak::Client.exec_request _request
|
|
504
|
+
ensure
|
|
505
|
+
if tk
|
|
506
|
+
payload = {'client_id' => Keycloak::Client.client_id,
|
|
507
|
+
'client_secret' => Keycloak::Client.secret,
|
|
508
|
+
'refresh_token' => tk["refresh_token"]
|
|
509
|
+
}
|
|
510
|
+
|
|
511
|
+
header = {'Content-Type' => 'application/x-www-form-urlencoded'}
|
|
512
|
+
_request = -> do
|
|
513
|
+
RestClient.post(Keycloak::Client.configuration['end_session_endpoint'], payload, header){|response, request, result|
|
|
514
|
+
case response.code
|
|
515
|
+
when 200..399
|
|
516
|
+
resp if resp.nil?
|
|
517
|
+
else
|
|
518
|
+
response.return!
|
|
519
|
+
end
|
|
472
520
|
}
|
|
473
521
|
end
|
|
522
|
+
Keycloak::Client.exec_request _request
|
|
474
523
|
end
|
|
475
|
-
else
|
|
476
|
-
raise
|
|
477
524
|
end
|
|
525
|
+
end
|
|
478
526
|
|
|
479
|
-
|
|
527
|
+
end
|
|
528
|
+
|
|
529
|
+
private
|
|
530
|
+
|
|
531
|
+
def self.generic_request(accessToken, uri, queryParameters, bodyParameter, method)
|
|
532
|
+
final_url = uri
|
|
533
|
+
|
|
534
|
+
header = {'Content-Type' => 'application/x-www-form-urlencoded',
|
|
535
|
+
'Authorization' => "Bearer #{accessToken}"}
|
|
480
536
|
|
|
537
|
+
if queryParameters
|
|
538
|
+
parameters = URI.encode_www_form(queryParameters)
|
|
539
|
+
final_url = final_url << '?' << parameters
|
|
481
540
|
end
|
|
482
541
|
|
|
483
|
-
|
|
484
|
-
|
|
485
|
-
|
|
486
|
-
|
|
487
|
-
|
|
488
|
-
|
|
542
|
+
case method.upcase
|
|
543
|
+
when 'GET'
|
|
544
|
+
_request = -> do
|
|
545
|
+
RestClient.get(final_url, header){|response, request, result|
|
|
546
|
+
rescue_response(response)
|
|
547
|
+
}
|
|
548
|
+
end
|
|
549
|
+
when 'POST', 'PUT'
|
|
550
|
+
header["Content-Type"] = 'application/json'
|
|
551
|
+
parameters = JSON.generate bodyParameter
|
|
552
|
+
_request = -> do
|
|
553
|
+
case method.upcase
|
|
554
|
+
when 'POST'
|
|
555
|
+
RestClient.post(final_url, parameters, header){|response, request, result|
|
|
556
|
+
rescue_response(response)
|
|
557
|
+
}
|
|
489
558
|
else
|
|
490
|
-
|
|
559
|
+
RestClient.put(final_url, parameters, header){|response, request, result|
|
|
560
|
+
rescue_response(response)
|
|
561
|
+
}
|
|
491
562
|
end
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
|
|
563
|
+
end
|
|
564
|
+
when 'DELETE'
|
|
565
|
+
_request = -> do
|
|
566
|
+
if bodyParameter
|
|
567
|
+
header["Content-Type"] = 'application/json'
|
|
568
|
+
parameters = JSON.generate bodyParameter
|
|
569
|
+
RestClient::Request.execute(method: :delete, url: final_url,
|
|
570
|
+
payload: parameters, headers: header){|response, request, result|
|
|
571
|
+
rescue_response(response)
|
|
572
|
+
}
|
|
495
573
|
else
|
|
496
|
-
|
|
497
|
-
|
|
498
|
-
|
|
499
|
-
err.response
|
|
500
|
-
rescue Exception => e
|
|
501
|
-
e.message
|
|
502
|
-
end
|
|
574
|
+
RestClient.delete(final_url, header){|response, request, result|
|
|
575
|
+
rescue_response(response)
|
|
576
|
+
}
|
|
503
577
|
end
|
|
504
578
|
end
|
|
579
|
+
else
|
|
580
|
+
raise
|
|
505
581
|
end
|
|
506
582
|
|
|
507
|
-
|
|
583
|
+
_request.call
|
|
584
|
+
|
|
585
|
+
end
|
|
586
|
+
|
|
587
|
+
def self.rescue_response(response)
|
|
588
|
+
@last_response = response
|
|
589
|
+
case @last_response.code
|
|
590
|
+
when 200..399
|
|
591
|
+
if @last_response.body.empty?
|
|
592
|
+
true
|
|
593
|
+
else
|
|
594
|
+
@last_response.body
|
|
595
|
+
end
|
|
596
|
+
else
|
|
597
|
+
if Keycloak.explode_exception
|
|
598
|
+
@last_response.return!
|
|
599
|
+
else
|
|
600
|
+
begin
|
|
601
|
+
@last_response.return!
|
|
602
|
+
rescue RestClient::ExceptionWithResponse => err
|
|
603
|
+
err.response
|
|
604
|
+
rescue Exception => e
|
|
605
|
+
e.message
|
|
606
|
+
end
|
|
607
|
+
end
|
|
608
|
+
end
|
|
609
|
+
end
|
|
508
610
|
|
|
509
611
|
end
|
data/lib/keycloak/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: keycloak
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Guilherme Portugues
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-08-
|
|
11
|
+
date: 2017-08-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|