keycloak 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/generators/initializer_generator.rb +6 -3
- data/lib/keycloak.rb +183 -81
- data/lib/keycloak/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 664d5f8c6abad5cc3a139175fe7125f9ca41342a
|
|
4
|
+
data.tar.gz: 4e3c751dd137ba1081acf6a4e1c968c762459210
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 947e8843b23edd19b26120fb7f2b505e75e316600eaa4855dbf0c39047e0813c8272e386d2180b9b794d6d95550f2e41b72f18213e18f0141d05ed455c571c16
|
|
7
|
+
data.tar.gz: 174f31ed0058103d9e83f859fb821fa47bf0e21846ac88de822987d8ce582df71d93b302539c3305d3c17047dab441265f33d697c646fa1e8eaac9c2080b8933
|
|
@@ -4,11 +4,14 @@ class InitializerGenerator < Rails::Generators::Base
|
|
|
4
4
|
proxy = ""
|
|
5
5
|
generate_request_exception = true
|
|
6
6
|
"# Set proxy to connect in keycloak server
|
|
7
|
-
Keycloak
|
|
7
|
+
Keycloak.proxy = #{proxy}
|
|
8
8
|
# If true, then all request exception will explode in application (this is the default value)
|
|
9
|
-
Keycloak
|
|
9
|
+
Keycloak.generate_request_exception = #{generate_request_exception}
|
|
10
10
|
# controller that manage the user session
|
|
11
|
-
Keycloak
|
|
11
|
+
Keycloak.keycloak_controller = 'session'
|
|
12
|
+
# internal user for admin tasks
|
|
13
|
+
Keycloak::Internal.admin_user = ''
|
|
14
|
+
Keycloak::Internal.admin_password = ''"
|
|
12
15
|
end
|
|
13
16
|
end
|
|
14
17
|
end
|
data/lib/keycloak.rb
CHANGED
|
@@ -7,16 +7,17 @@ require 'uri'
|
|
|
7
7
|
|
|
8
8
|
module Keycloak
|
|
9
9
|
|
|
10
|
-
|
|
11
|
-
attr_accessor :proxy, :generate_request_exception, :keycloak_controller
|
|
10
|
+
class << self
|
|
11
|
+
attr_accessor :proxy, :generate_request_exception, :keycloak_controller,
|
|
12
|
+
:last_response
|
|
12
13
|
end
|
|
13
14
|
|
|
14
15
|
|
|
15
16
|
def self.explode_exception
|
|
16
|
-
if Keycloak
|
|
17
|
-
Keycloak
|
|
17
|
+
if Keycloak.generate_request_exception == nil
|
|
18
|
+
Keycloak.generate_request_exception = true
|
|
18
19
|
end
|
|
19
|
-
Keycloak
|
|
20
|
+
Keycloak.generate_request_exception
|
|
20
21
|
end
|
|
21
22
|
|
|
22
23
|
module Client
|
|
@@ -39,11 +40,11 @@ module Keycloak
|
|
|
39
40
|
@user, @password = user, password
|
|
40
41
|
|
|
41
42
|
payload = {'client_id' => @client_id,
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
43
|
+
'client_secret' => @secret,
|
|
44
|
+
'username' => @user,
|
|
45
|
+
'password' => @password,
|
|
46
|
+
'grant_type' => 'password'
|
|
47
|
+
}
|
|
47
48
|
|
|
48
49
|
mount_request_token(payload)
|
|
49
50
|
end
|
|
@@ -207,13 +208,13 @@ module Keycloak
|
|
|
207
208
|
KEYCLOACK_CONTROLLER_DEFAULT = 'session'
|
|
208
209
|
|
|
209
210
|
def self.setup_module
|
|
210
|
-
Keycloak
|
|
211
|
-
Keycloak
|
|
211
|
+
Keycloak.proxy ||= ''
|
|
212
|
+
Keycloak.keycloak_controller ||= KEYCLOACK_CONTROLLER_DEFAULT
|
|
212
213
|
get_installation
|
|
213
214
|
end
|
|
214
215
|
|
|
215
216
|
def self.exec_request(proc_request)
|
|
216
|
-
if Keycloak
|
|
217
|
+
if Keycloak.explode_exception
|
|
217
218
|
proc_request.call
|
|
218
219
|
else
|
|
219
220
|
begin
|
|
@@ -225,7 +226,7 @@ module Keycloak
|
|
|
225
226
|
end
|
|
226
227
|
|
|
227
228
|
def self.openid_configuration
|
|
228
|
-
RestClient.proxy = Keycloak
|
|
229
|
+
RestClient.proxy = Keycloak.proxy unless Keycloak.proxy.empty?
|
|
229
230
|
full_url = "#{@url}/realms/#{@realm}/.well-known/openid-configuration"
|
|
230
231
|
_request = -> do
|
|
231
232
|
RestClient.get full_url
|
|
@@ -260,7 +261,7 @@ module Keycloak
|
|
|
260
261
|
if @token["id_token"]
|
|
261
262
|
@decoded_id_token = JWT.decode @token["id_token"], @public_key, false, { :algorithm => 'RS256' }
|
|
262
263
|
end
|
|
263
|
-
Keycloak::Admin
|
|
264
|
+
Keycloak::Admin.setup_admin(@auth_server_url, @realm, @token["access_token"])
|
|
264
265
|
@token
|
|
265
266
|
else
|
|
266
267
|
response.return!
|
|
@@ -277,7 +278,7 @@ module Keycloak
|
|
|
277
278
|
module Admin
|
|
278
279
|
|
|
279
280
|
class << self
|
|
280
|
-
attr_reader :access_token, :auth_server_url, :realm
|
|
281
|
+
attr_reader :access_token, :auth_server_url, :realm
|
|
281
282
|
end
|
|
282
283
|
|
|
283
284
|
def self.setup_admin(auth_server_url, realm, access_token)
|
|
@@ -311,13 +312,16 @@ module Keycloak
|
|
|
311
312
|
end
|
|
312
313
|
|
|
313
314
|
def self.revoke_consent_user(id, clientID = nil)
|
|
314
|
-
if
|
|
315
|
+
if clientID.nil?
|
|
315
316
|
clientID = Keycloak::Client.client_id
|
|
316
317
|
end
|
|
317
318
|
generic_delete("users/#{id}/consents/#{clientID}")
|
|
318
319
|
end
|
|
319
320
|
|
|
320
321
|
def self.update_account_email(id, actions, redirectUri = '', clientID = nil)
|
|
322
|
+
if clientID.nil?
|
|
323
|
+
clientID = Keycloak::Client.client_id
|
|
324
|
+
end
|
|
321
325
|
generic_put("users/#{id}/execute-actions-email", {:redirect_uri => redirectUri, :client_id => clientID}, actions)
|
|
322
326
|
end
|
|
323
327
|
|
|
@@ -403,19 +407,19 @@ module Keycloak
|
|
|
403
407
|
# Generics methods
|
|
404
408
|
|
|
405
409
|
def self.generic_get(service, queryParameters = nil)
|
|
406
|
-
generic_request(service, queryParameters, nil, 'GET')
|
|
410
|
+
Keycloak.generic_request(@access_token, full_url(service), queryParameters, nil, 'GET')
|
|
407
411
|
end
|
|
408
412
|
|
|
409
413
|
def self.generic_post(service, queryParameters, bodyParameter)
|
|
410
|
-
generic_request(service, queryParameters, bodyParameter, 'POST')
|
|
414
|
+
Keycloak.generic_request(@access_token, full_url(service), queryParameters, bodyParameter, 'POST')
|
|
411
415
|
end
|
|
412
416
|
|
|
413
417
|
def self.generic_put(service, queryParameters, bodyParameter)
|
|
414
|
-
generic_request(service, queryParameters, bodyParameter, 'PUT')
|
|
418
|
+
Keycloak.generic_request(@access_token, full_url(service), queryParameters, bodyParameter, 'PUT')
|
|
415
419
|
end
|
|
416
420
|
|
|
417
421
|
def self.generic_delete(service, queryParameters = nil, bodyParameter = nil)
|
|
418
|
-
generic_request(service, queryParameters, bodyParameter, 'DELETE')
|
|
422
|
+
Keycloak.generic_request(@access_token, full_url(service), queryParameters, bodyParameter, 'DELETE')
|
|
419
423
|
end
|
|
420
424
|
|
|
421
425
|
private
|
|
@@ -424,86 +428,184 @@ module Keycloak
|
|
|
424
428
|
@auth_server_url + "/admin/realms/#{@realm}/"
|
|
425
429
|
end
|
|
426
430
|
|
|
427
|
-
def self.
|
|
428
|
-
|
|
431
|
+
def self.full_url(service)
|
|
432
|
+
base_url + service
|
|
433
|
+
end
|
|
434
|
+
|
|
435
|
+
end
|
|
429
436
|
|
|
430
|
-
|
|
431
|
-
|
|
437
|
+
module Internal
|
|
438
|
+
include Keycloak::Admin
|
|
432
439
|
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
440
|
+
class << self
|
|
441
|
+
attr_accessor :admin_user, :admin_password
|
|
442
|
+
end
|
|
443
|
+
|
|
444
|
+
def self.forgot_password(userID, redirectURI)
|
|
445
|
+
proc = lambda {|token|
|
|
446
|
+
Keycloak.generic_request(token["access_token"],
|
|
447
|
+
Keycloak::Client.auth_server_url + "/admin/realms/#{Keycloak::Client.realm}/users/#{userID}/execute-actions-email",
|
|
448
|
+
{:redirect_uri => redirectURI, :client_id => Keycloak::Client.client_id},
|
|
449
|
+
['UPDATE_PASSWORD'],
|
|
450
|
+
'PUT')
|
|
451
|
+
}
|
|
452
|
+
|
|
453
|
+
default_call(proc)
|
|
454
|
+
|
|
455
|
+
end
|
|
456
|
+
|
|
457
|
+
def self.get_logged_user_info
|
|
458
|
+
proc = lambda {|token|
|
|
459
|
+
userinfo = Keycloak::Client.get_userinfo
|
|
460
|
+
Keycloak.generic_request(token["access_token"],
|
|
461
|
+
Keycloak::Client.auth_server_url + "/admin/realms/#{Keycloak::Client.realm}/users/#{userinfo['sub']}",
|
|
462
|
+
nil, nil, 'GET')
|
|
463
|
+
}
|
|
464
|
+
|
|
465
|
+
default_call(proc)
|
|
466
|
+
end
|
|
467
|
+
|
|
468
|
+
def self.is_logged_federation_user?
|
|
469
|
+
info = get_logged_user_info
|
|
470
|
+
info['federationLink'] != nil
|
|
471
|
+
end
|
|
472
|
+
|
|
473
|
+
protected
|
|
474
|
+
|
|
475
|
+
def self.default_call(proc)
|
|
476
|
+
begin
|
|
477
|
+
tk = nil
|
|
478
|
+
resp = nil
|
|
479
|
+
|
|
480
|
+
Keycloak::Client.get_installation
|
|
481
|
+
|
|
482
|
+
payload = {'client_id' => Keycloak::Client.client_id,
|
|
483
|
+
'client_secret' => Keycloak::Client.secret,
|
|
484
|
+
'username' => @admin_user,
|
|
485
|
+
'password' => @admin_password,
|
|
486
|
+
'grant_type' => 'password'
|
|
487
|
+
}
|
|
488
|
+
|
|
489
|
+
header = {'Content-Type' => 'application/x-www-form-urlencoded'}
|
|
437
490
|
|
|
438
|
-
case method.upcase
|
|
439
|
-
when 'GET'
|
|
440
491
|
_request = -> do
|
|
441
|
-
RestClient.
|
|
442
|
-
|
|
492
|
+
RestClient.post(Keycloak::Client.configuration['token_endpoint'], payload, header){|response, request, result|
|
|
493
|
+
case response.code
|
|
494
|
+
when 200..399
|
|
495
|
+
tk = JSON response.body
|
|
496
|
+
resp = proc.call(tk)
|
|
497
|
+
else
|
|
498
|
+
response.return!
|
|
499
|
+
end
|
|
443
500
|
}
|
|
444
501
|
end
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
461
|
-
|
|
462
|
-
|
|
463
|
-
header["Content-Type"] = 'application/json'
|
|
464
|
-
parameters = JSON.generate bodyParameter
|
|
465
|
-
RestClient::Request.execute(method: :delete, url: final_url,
|
|
466
|
-
payload: parameters, headers: header){|response, request, result|
|
|
467
|
-
rescue_response(response)
|
|
468
|
-
}
|
|
469
|
-
else
|
|
470
|
-
RestClient.delete(final_url, header){|response, request, result|
|
|
471
|
-
rescue_response(response)
|
|
502
|
+
|
|
503
|
+
Keycloak::Client.exec_request _request
|
|
504
|
+
ensure
|
|
505
|
+
if tk
|
|
506
|
+
payload = {'client_id' => Keycloak::Client.client_id,
|
|
507
|
+
'client_secret' => Keycloak::Client.secret,
|
|
508
|
+
'refresh_token' => tk["refresh_token"]
|
|
509
|
+
}
|
|
510
|
+
|
|
511
|
+
header = {'Content-Type' => 'application/x-www-form-urlencoded'}
|
|
512
|
+
_request = -> do
|
|
513
|
+
RestClient.post(Keycloak::Client.configuration['end_session_endpoint'], payload, header){|response, request, result|
|
|
514
|
+
case response.code
|
|
515
|
+
when 200..399
|
|
516
|
+
resp if resp.nil?
|
|
517
|
+
else
|
|
518
|
+
response.return!
|
|
519
|
+
end
|
|
472
520
|
}
|
|
473
521
|
end
|
|
522
|
+
Keycloak::Client.exec_request _request
|
|
474
523
|
end
|
|
475
|
-
else
|
|
476
|
-
raise
|
|
477
524
|
end
|
|
525
|
+
end
|
|
478
526
|
|
|
479
|
-
|
|
527
|
+
end
|
|
528
|
+
|
|
529
|
+
private
|
|
530
|
+
|
|
531
|
+
def self.generic_request(accessToken, uri, queryParameters, bodyParameter, method)
|
|
532
|
+
final_url = uri
|
|
533
|
+
|
|
534
|
+
header = {'Content-Type' => 'application/x-www-form-urlencoded',
|
|
535
|
+
'Authorization' => "Bearer #{accessToken}"}
|
|
480
536
|
|
|
537
|
+
if queryParameters
|
|
538
|
+
parameters = URI.encode_www_form(queryParameters)
|
|
539
|
+
final_url = final_url << '?' << parameters
|
|
481
540
|
end
|
|
482
541
|
|
|
483
|
-
|
|
484
|
-
|
|
485
|
-
|
|
486
|
-
|
|
487
|
-
|
|
488
|
-
|
|
542
|
+
case method.upcase
|
|
543
|
+
when 'GET'
|
|
544
|
+
_request = -> do
|
|
545
|
+
RestClient.get(final_url, header){|response, request, result|
|
|
546
|
+
rescue_response(response)
|
|
547
|
+
}
|
|
548
|
+
end
|
|
549
|
+
when 'POST', 'PUT'
|
|
550
|
+
header["Content-Type"] = 'application/json'
|
|
551
|
+
parameters = JSON.generate bodyParameter
|
|
552
|
+
_request = -> do
|
|
553
|
+
case method.upcase
|
|
554
|
+
when 'POST'
|
|
555
|
+
RestClient.post(final_url, parameters, header){|response, request, result|
|
|
556
|
+
rescue_response(response)
|
|
557
|
+
}
|
|
489
558
|
else
|
|
490
|
-
|
|
559
|
+
RestClient.put(final_url, parameters, header){|response, request, result|
|
|
560
|
+
rescue_response(response)
|
|
561
|
+
}
|
|
491
562
|
end
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
|
|
563
|
+
end
|
|
564
|
+
when 'DELETE'
|
|
565
|
+
_request = -> do
|
|
566
|
+
if bodyParameter
|
|
567
|
+
header["Content-Type"] = 'application/json'
|
|
568
|
+
parameters = JSON.generate bodyParameter
|
|
569
|
+
RestClient::Request.execute(method: :delete, url: final_url,
|
|
570
|
+
payload: parameters, headers: header){|response, request, result|
|
|
571
|
+
rescue_response(response)
|
|
572
|
+
}
|
|
495
573
|
else
|
|
496
|
-
|
|
497
|
-
|
|
498
|
-
|
|
499
|
-
err.response
|
|
500
|
-
rescue Exception => e
|
|
501
|
-
e.message
|
|
502
|
-
end
|
|
574
|
+
RestClient.delete(final_url, header){|response, request, result|
|
|
575
|
+
rescue_response(response)
|
|
576
|
+
}
|
|
503
577
|
end
|
|
504
578
|
end
|
|
579
|
+
else
|
|
580
|
+
raise
|
|
505
581
|
end
|
|
506
582
|
|
|
507
|
-
|
|
583
|
+
_request.call
|
|
584
|
+
|
|
585
|
+
end
|
|
586
|
+
|
|
587
|
+
def self.rescue_response(response)
|
|
588
|
+
@last_response = response
|
|
589
|
+
case @last_response.code
|
|
590
|
+
when 200..399
|
|
591
|
+
if @last_response.body.empty?
|
|
592
|
+
true
|
|
593
|
+
else
|
|
594
|
+
@last_response.body
|
|
595
|
+
end
|
|
596
|
+
else
|
|
597
|
+
if Keycloak.explode_exception
|
|
598
|
+
@last_response.return!
|
|
599
|
+
else
|
|
600
|
+
begin
|
|
601
|
+
@last_response.return!
|
|
602
|
+
rescue RestClient::ExceptionWithResponse => err
|
|
603
|
+
err.response
|
|
604
|
+
rescue Exception => e
|
|
605
|
+
e.message
|
|
606
|
+
end
|
|
607
|
+
end
|
|
608
|
+
end
|
|
609
|
+
end
|
|
508
610
|
|
|
509
611
|
end
|
data/lib/keycloak/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: keycloak
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Guilherme Portugues
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-08-
|
|
11
|
+
date: 2017-08-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|