keycloak 3.2.1 → 3.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +27 -27
  3. data/README.md +9 -5
  4. data/README.pt-BR.md +3 -3
  5. data/keycloak.gemspec +7 -7
  6. data/lib/keycloak/version.rb +1 -1
  7. data/lib/keycloak.rb +44 -14
  8. metadata +25 -23
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 63b392f7ae7445fd2bda51f7880df14e9263a08dd50787fb554cf74b09f2518e
4
- data.tar.gz: 4dc43914776becc510b6e13631e822b6c01464a618cb0477464ff396fe98c778
3
+ metadata.gz: d366d68dc864faaeede6c0ec859981bb1d9b6f559140da47ae843f99a4f36b06
4
+ data.tar.gz: 66a2a5c8226d3f92530bdf370ffce5c5112da6acc2060d1c4e3b6196f62e2142
5
5
  SHA512:
6
- metadata.gz: 14cb6e916705ff2bf1013bfc9b58b776cf6bfbba2734f92a7fed3f1a9232de5345d2fea69302941461c2a69d2cea28cfb2a68e8fd473b1c526cc9351a5bdaa3d
7
- data.tar.gz: 5bed97dd414124844fce9c36fcf7b3488ec34ba6ffc42ac15cf77587987404a3556f610ef2b2b7e85186abb8581c13293022676bb3573da61384907b837f9eec
6
+ metadata.gz: f0dec0f4ec59e6f9435d015f664dbd6ce58e3bd40d2a3e27dbeb6b59f16cb5ed49edc090f7a272276ed2536af9fc10772f4acee4bb9b61d50b47bf6b5d9bc621
7
+ data.tar.gz: 4ddb3742850851d8c1fbf66b4a0e29d1e4343e165e56ce7ba868bac655b8836ed22f9d30e2edb23d23a496afcff8e3d91935b518a90864b3d05c2ed1e5007fa5
data/Gemfile.lock CHANGED
@@ -1,57 +1,57 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- keycloak (3.0.0)
5
- json (= 2.3.0)
6
- jwt (= 2.2.1)
7
- rest-client (= 2.1.0)
4
+ keycloak (3.3.0)
5
+ json (~> 2.6)
6
+ jwt (~> 2.4)
7
+ rest-client (~> 2.1)
8
8
 
9
9
  GEM
10
10
  remote: https://rubygems.org/
11
11
  specs:
12
- diff-lcs (1.3)
12
+ diff-lcs (1.5.0)
13
13
  domain_name (0.5.20190701)
14
14
  unf (>= 0.0.5, < 1.0.0)
15
15
  http-accept (1.7.0)
16
- http-cookie (1.0.3)
16
+ http-cookie (1.0.5)
17
17
  domain_name (~> 0.5)
18
- json (2.3.0)
19
- jwt (2.2.1)
20
- mime-types (3.3.1)
18
+ json (2.6.2)
19
+ jwt (2.4.1)
20
+ mime-types (3.4.1)
21
21
  mime-types-data (~> 3.2015)
22
- mime-types-data (3.2019.1009)
22
+ mime-types-data (3.2022.0105)
23
23
  netrc (0.11.0)
24
- rake (13.0.1)
24
+ rake (13.0.6)
25
25
  rest-client (2.1.0)
26
26
  http-accept (>= 1.7.0, < 2.0)
27
27
  http-cookie (>= 1.0.2, < 2.0)
28
28
  mime-types (>= 1.16, < 4.0)
29
29
  netrc (~> 0.8)
30
- rspec (3.7.0)
31
- rspec-core (~> 3.7.0)
32
- rspec-expectations (~> 3.7.0)
33
- rspec-mocks (~> 3.7.0)
34
- rspec-core (3.7.1)
35
- rspec-support (~> 3.7.0)
36
- rspec-expectations (3.7.0)
30
+ rspec (3.11.0)
31
+ rspec-core (~> 3.11.0)
32
+ rspec-expectations (~> 3.11.0)
33
+ rspec-mocks (~> 3.11.0)
34
+ rspec-core (3.11.0)
35
+ rspec-support (~> 3.11.0)
36
+ rspec-expectations (3.11.0)
37
37
  diff-lcs (>= 1.2.0, < 2.0)
38
- rspec-support (~> 3.7.0)
39
- rspec-mocks (3.7.0)
38
+ rspec-support (~> 3.11.0)
39
+ rspec-mocks (3.11.1)
40
40
  diff-lcs (>= 1.2.0, < 2.0)
41
- rspec-support (~> 3.7.0)
42
- rspec-support (3.7.1)
41
+ rspec-support (~> 3.11.0)
42
+ rspec-support (3.11.0)
43
43
  unf (0.1.4)
44
44
  unf_ext
45
- unf_ext (0.0.7.6)
45
+ unf_ext (0.0.8.2)
46
46
 
47
47
  PLATFORMS
48
- ruby
48
+ x86_64-linux
49
49
 
50
50
  DEPENDENCIES
51
- bundler (~> 1.15)
51
+ bundler (~> 2.3)
52
52
  keycloak!
53
53
  rake (~> 13.0)
54
- rspec (~> 3.0)
54
+ rspec (~> 3.7)
55
55
 
56
56
  BUNDLED WITH
57
- 1.16.2
57
+ 2.5.11
data/README.md CHANGED
@@ -8,7 +8,8 @@ Its development was based on version 3.2 of Keycloak, whose documentation can be
8
8
 
9
9
  Publication of gem: https://rubygems.org/gems/keycloak
10
10
 
11
- Exemple: https://github.com/imagov/example-gem-keycloak
11
+ Example: https://github.com/imagov/example-gem-keycloak
12
+
12
13
 
13
14
  ## Installation
14
15
 
@@ -152,7 +153,10 @@ To authenticate the users of your application using a template configured in Key
152
153
  Keycloak::Client.get_token_by_code(code, redirect_uri, client_id = '', secret = '')
153
154
  ```
154
155
 
155
- When using the `Keycloak::Client.url_login_redirect` method to get a `code`, pass it as a parameter in this method so that Keycloak returns a token, thus logging the user in the application. The second parameter (`redirect_uri`) must be passed so that when a token is made available, Keycloak redirects to the url informed.
156
+ When using the `Keycloak::Client.url_login_redirect` method to get a `code`, pass it as a parameter in this method so that Keycloak returns a token, thus logging the user in the application. The second parameter (`redirect_uri`) must be the same one used in the call for `Keycloak::Client.url_login_redirect(redirect_uri, response_type = 'code')`.
157
+
158
+ > If `redirect_uri` are not equal on both calls, `Keycloak::Client.url_login_redirect` and `Keycloak::Client.get_token_by_code` you will receive the following error:
159
+ > `{"error":"invalid_grant","error_description":"Incorrect redirect_uri"}`
156
160
 
157
161
 
158
162
  ```ruby
@@ -177,7 +181,7 @@ When the user is already logged in and your application internally tracks the to
177
181
 
178
182
 
179
183
  ```ruby
180
- Keycloak::Client.get_token_introspection(token = '', client_id = '', secret = '', token_introspection_endpoint = '')
184
+ Keycloak::Client.get_token_introspection(token = '', client_id = '', secret = '', introspection_endpoint = '')
181
185
  ```
182
186
 
183
187
  This method returns the information from the `token` session passed as parameter. Among the information returned, the most important is the `active` field, since it informs whether the token session passed in the parameter is active or not. This will help your application control whether the logged-in user session has expired or not. If no token is passed as a parameter, gem will use the last `access_token` stored in the application's cookie.
@@ -212,14 +216,14 @@ Returns the <b>url</b> for access to the realm user registry of the installation
212
216
 
213
217
 
214
218
  ```ruby
215
- Keycloak::Client.has_role?(user_role, access_token = '', client_id = '', secret = '', token_introspection_endpoint = '')
219
+ Keycloak::Client.has_role?(user_role, access_token = '', client_id = '', secret = '', introspection_endpoint = '')
216
220
  ```
217
221
 
218
222
  The `has_role?` method decodes the JWT `access_token` and verifies that the user who owns the token has the <b>role</b> informed in the `user_role` parameter. If `access_token` is not informed then gem will use the `access_token` of the cookie.
219
223
 
220
224
 
221
225
  ```ruby
222
- Keycloak::Client.user_signed_in?(access_token = '', client_id = '', secret = '', token_introspection_endpoint = '')
226
+ Keycloak::Client.user_signed_in?(access_token = '', client_id = '', secret = '', introspection_endpoint = '')
223
227
  ```
224
228
 
225
229
  This method checks whether the `access_token` passed in the parameter is still active. To check whether the user is active or not, the gem invokes the `get_token_introspection` method internally. If `access_token` is not informed then gem will use the `access_token` of the cookie.
data/README.pt-BR.md CHANGED
@@ -173,7 +173,7 @@ Quando o usuário já estiver logado e a sua aplicação acompanhar internamente
173
173
 
174
174
 
175
175
  ```ruby
176
- Keycloak::Client.get_token_introspection(token = '', client_id = '', secret = '', token_introspection_endpoint = '')
176
+ Keycloak::Client.get_token_introspection(token = '', client_id = '', secret = '', introspection_endpoint = '')
177
177
  ```
178
178
 
179
179
  Esse método retorna a as informações da sessão do `token` passado como parâmetro. Entre as informações retornadas, a mais importante é o campo `active`, pois ele informa se a sessão do token passado no parâmetro é ativo ou não. Isso auxiliará a sua aplicação a controlar se a sessão do usuário logado expirou ou não. Caso nenhum token seja passado como parâmetro, a gem utilizará o último `access_token` armazenado no cookie da aplicação.
@@ -208,14 +208,14 @@ Retorna a <b>url</b> para acesso ao cadastro de usuários do Reino do arquivo de
208
208
 
209
209
 
210
210
  ```ruby
211
- Keycloak::Client.has_role?(user_role, access_token = '', client_id = '', secret = '', token_introspection_endpoint = '')
211
+ Keycloak::Client.has_role?(user_role, access_token = '', client_id = '', secret = '', introspection_endpoint = '')
212
212
  ```
213
213
 
214
214
  O método `has_role?` decodifica o JWT `access_token` e verifica se o usuário dono do token possui o <b>role</b> informado no parâmetro `user_role`. Caso o `access_token` não seja informado, então a gem utilizará o `access_token` do cookie.
215
215
 
216
216
 
217
217
  ```ruby
218
- Keycloak::Client.user_signed_in?(access_token = '', client_id = '', secret = '', token_introspection_endpoint = '')
218
+ Keycloak::Client.user_signed_in?(access_token = '', client_id = '', secret = '', introspection_endpoint = '')
219
219
  ```
220
220
 
221
221
  Esse método verifica se o `access_token` passado no parâmetro ainda está ativo. Para verificar se o usuário está ativo ou não, internamente a gem invoca o método `get_token_introspection`. Caso o `access_token` não seja informado, então a gem utilizará o `access_token` do cookie.
data/keycloak.gemspec CHANGED
@@ -6,8 +6,8 @@ require "keycloak/version"
6
6
  Gem::Specification.new do |spec|
7
7
  spec.name = "keycloak"
8
8
  spec.version = Keycloak::VERSION
9
- spec.authors = ["Guilherme Portugues"]
10
- spec.email = ["g_portugues@hotmail.com"]
9
+ spec.authors = ["Guilherme Portugues", "Leandro Vital Catarin"]
10
+ spec.email = ["g_portugues@hotmail.com", "leavitals@gmail.com"]
11
11
 
12
12
  spec.summary = %q{Add authentication to applications and secure services with Keycloak}
13
13
  #spec.description = %q{TODO: Write a longer description or delete this line.}
@@ -30,10 +30,10 @@ Gem::Specification.new do |spec|
30
30
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
31
31
  spec.require_paths = ["lib"]
32
32
 
33
- spec.add_development_dependency "bundler", "~> 1.15"
33
+ spec.add_development_dependency "bundler", "~> 2.3"
34
34
  spec.add_development_dependency "rake", "~> 13.0"
35
- spec.add_development_dependency "rspec", "~> 3.0"
36
- spec.add_runtime_dependency "rest-client", "2.1.0"
37
- spec.add_runtime_dependency "jwt", "2.2.1"
38
- spec.add_runtime_dependency "json", "2.3.0"
35
+ spec.add_development_dependency "rspec", "~> 3.7"
36
+ spec.add_runtime_dependency "rest-client", "~> 2.1"
37
+ spec.add_runtime_dependency "jwt", "~> 2.4"
38
+ spec.add_runtime_dependency "json", "~> 2.6"
39
39
  end
data/lib/keycloak/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Keycloak
2
- VERSION = '3.2.1'.freeze
2
+ VERSION = '3.3.0'.freeze
3
3
  end
data/lib/keycloak.rb CHANGED
@@ -15,9 +15,37 @@ module Keycloak
15
15
  OLD_KEYCLOAK_JSON_FILE = 'keycloak.json'.freeze
16
16
  KEYCLOAK_JSON_FILE = 'config/keycloak.json'.freeze
17
17
 
18
+ class Config
19
+ attr_accessor :proc_cookie_token,
20
+ :proc_external_attributes
21
+ end
22
+
23
+ module Base
24
+ def config
25
+ Thread.current[:keycloak_config] ||= Keycloak::Config.new
26
+ end
27
+
28
+ def proc_cookie_token
29
+ config.proc_cookie_token
30
+ end
31
+
32
+ def proc_cookie_token=(value)
33
+ config.proc_cookie_token = value
34
+ end
35
+
36
+ def proc_external_attributes
37
+ config.proc_external_attributes
38
+ end
39
+
40
+ def proc_external_attributes=(value)
41
+ config.proc_external_attributes = value
42
+ end
43
+ end
44
+
45
+ extend Base
46
+
18
47
  class << self
19
48
  attr_accessor :proxy, :generate_request_exception, :keycloak_controller,
20
- :proc_cookie_token, :proc_external_attributes,
21
49
  :realm, :auth_server_url, :validate_token_when_call_has_role,
22
50
  :secret, :resource
23
51
  end
@@ -152,13 +180,13 @@ module Keycloak
152
180
  mount_request_token(payload)
153
181
  end
154
182
 
155
- def self.get_token_introspection(token = '', client_id = '', secret = '', token_introspection_endpoint = '')
183
+ def self.get_token_introspection(token = '', client_id = '', secret = '', introspection_endpoint = '')
156
184
  verify_setup
157
185
 
158
186
  client_id = @client_id if isempty?(client_id)
159
187
  secret = @secret if isempty?(secret)
160
188
  token = self.token['access_token'] if isempty?(token)
161
- token_introspection_endpoint = @configuration['token_introspection_endpoint'] if isempty?(token_introspection_endpoint)
189
+ introspection_endpoint = @configuration['introspection_endpoint'] if isempty?(introspection_endpoint)
162
190
 
163
191
  payload = { 'token' => token }
164
192
 
@@ -169,7 +197,7 @@ module Keycloak
169
197
  'authorization' => authorization }
170
198
 
171
199
  _request = -> do
172
- RestClient.post(token_introspection_endpoint, payload, header){|response, request, result|
200
+ RestClient.post(introspection_endpoint, payload, header){|response, request, result|
173
201
  case response.code
174
202
  when 200..399
175
203
  response.body
@@ -182,14 +210,16 @@ module Keycloak
182
210
  exec_request _request
183
211
  end
184
212
 
185
- def self.url_login_redirect(redirect_uri, response_type = 'code', client_id = '', authorization_endpoint = '')
213
+ def self.url_login_redirect(redirect_uri, response_type = 'code', client_id = '', authorization_endpoint = '', scope: [])
186
214
  verify_setup
187
215
 
188
216
  client_id = @client_id if isempty?(client_id)
189
217
  authorization_endpoint = @configuration['authorization_endpoint'] if isempty?(authorization_endpoint)
190
218
 
191
- p = URI.encode_www_form(response_type: response_type, client_id: client_id, redirect_uri: redirect_uri)
192
- "#{authorization_endpoint}?#{p}"
219
+ params = { response_type: response_type, client_id: client_id, redirect_uri: redirect_uri }
220
+ params[:scope] = scope.join(',') if scope.any?
221
+ encoded_uri = URI.encode_www_form(params)
222
+ "#{authorization_endpoint}?#{encoded_uri}"
193
223
  end
194
224
 
195
225
  def self.logout(redirect_uri = '', refresh_token = '', client_id = '', secret = '', end_session_endpoint = '')
@@ -261,14 +291,14 @@ module Keycloak
261
291
  "#{@auth_server_url}/realms/#{@realm}/account"
262
292
  end
263
293
 
264
- def self.has_role?(user_role, access_token = '', client_id = '', secret = '', token_introspection_endpoint = '')
294
+ def self.has_role?(user_role, access_token = '', client_id = '', secret = '', introspection_endpoint = '')
265
295
  verify_setup
266
296
 
267
297
  client_id = @client_id if isempty?(client_id)
268
298
  secret = @secret if isempty?(secret)
269
- token_introspection_endpoint = @configuration['token_introspection_endpoint'] if isempty?(token_introspection_endpoint)
299
+ introspection_endpoint = @configuration['introspection_endpoint'] if isempty?(introspection_endpoint)
270
300
 
271
- if !Keycloak.validate_token_when_call_has_role || user_signed_in?(access_token, client_id, secret, token_introspection_endpoint)
301
+ if !Keycloak.validate_token_when_call_has_role || user_signed_in?(access_token, client_id, secret, introspection_endpoint)
272
302
  dt = decoded_access_token(access_token)[0]
273
303
  dt = dt['resource_access'][client_id]
274
304
  unless dt.nil?
@@ -280,15 +310,15 @@ module Keycloak
280
310
  false
281
311
  end
282
312
 
283
- def self.user_signed_in?(access_token = '', client_id = '', secret = '', token_introspection_endpoint = '')
313
+ def self.user_signed_in?(access_token = '', client_id = '', secret = '', introspection_endpoint = '')
284
314
  verify_setup
285
315
 
286
316
  client_id = @client_id if isempty?(client_id)
287
317
  secret = @secret if isempty?(secret)
288
- token_introspection_endpoint = @configuration['token_introspection_endpoint'] if isempty?(token_introspection_endpoint)
318
+ introspection_endpoint = @configuration['introspection_endpoint'] if isempty?(introspection_endpoint)
289
319
 
290
320
  begin
291
- JSON(get_token_introspection(access_token, client_id, secret, token_introspection_endpoint))['active'] === true
321
+ JSON(get_token_introspection(access_token, client_id, secret, introspection_endpoint))['active'] === true
292
322
  rescue => e
293
323
  if e.class < Keycloak::KeycloakException
294
324
  raise
@@ -336,7 +366,7 @@ module Keycloak
336
366
  KEYCLOACK_CONTROLLER_DEFAULT = 'session'.freeze
337
367
 
338
368
  def self.get_installation
339
- if File.exists?(Keycloak.installation_file)
369
+ if File.exist?(Keycloak.installation_file)
340
370
  installation = JSON File.read(Keycloak.installation_file)
341
371
  @realm = installation["realm"]
342
372
  @client_id = installation["resource"]
metadata CHANGED
@@ -1,14 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: keycloak
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.2.1
4
+ version: 3.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Guilherme Portugues
8
- autorequire:
8
+ - Leandro Vital Catarin
9
+ autorequire:
9
10
  bindir: exe
10
11
  cert_chain: []
11
- date: 2020-03-06 00:00:00.000000000 Z
12
+ date: 2024-06-21 00:00:00.000000000 Z
12
13
  dependencies:
13
14
  - !ruby/object:Gem::Dependency
14
15
  name: bundler
@@ -16,14 +17,14 @@ dependencies:
16
17
  requirements:
17
18
  - - "~>"
18
19
  - !ruby/object:Gem::Version
19
- version: '1.15'
20
+ version: '2.3'
20
21
  type: :development
21
22
  prerelease: false
22
23
  version_requirements: !ruby/object:Gem::Requirement
23
24
  requirements:
24
25
  - - "~>"
25
26
  - !ruby/object:Gem::Version
26
- version: '1.15'
27
+ version: '2.3'
27
28
  - !ruby/object:Gem::Dependency
28
29
  name: rake
29
30
  requirement: !ruby/object:Gem::Requirement
@@ -44,59 +45,60 @@ dependencies:
44
45
  requirements:
45
46
  - - "~>"
46
47
  - !ruby/object:Gem::Version
47
- version: '3.0'
48
+ version: '3.7'
48
49
  type: :development
49
50
  prerelease: false
50
51
  version_requirements: !ruby/object:Gem::Requirement
51
52
  requirements:
52
53
  - - "~>"
53
54
  - !ruby/object:Gem::Version
54
- version: '3.0'
55
+ version: '3.7'
55
56
  - !ruby/object:Gem::Dependency
56
57
  name: rest-client
57
58
  requirement: !ruby/object:Gem::Requirement
58
59
  requirements:
59
- - - '='
60
+ - - "~>"
60
61
  - !ruby/object:Gem::Version
61
- version: 2.1.0
62
+ version: '2.1'
62
63
  type: :runtime
63
64
  prerelease: false
64
65
  version_requirements: !ruby/object:Gem::Requirement
65
66
  requirements:
66
- - - '='
67
+ - - "~>"
67
68
  - !ruby/object:Gem::Version
68
- version: 2.1.0
69
+ version: '2.1'
69
70
  - !ruby/object:Gem::Dependency
70
71
  name: jwt
71
72
  requirement: !ruby/object:Gem::Requirement
72
73
  requirements:
73
- - - '='
74
+ - - "~>"
74
75
  - !ruby/object:Gem::Version
75
- version: 2.2.1
76
+ version: '2.4'
76
77
  type: :runtime
77
78
  prerelease: false
78
79
  version_requirements: !ruby/object:Gem::Requirement
79
80
  requirements:
80
- - - '='
81
+ - - "~>"
81
82
  - !ruby/object:Gem::Version
82
- version: 2.2.1
83
+ version: '2.4'
83
84
  - !ruby/object:Gem::Dependency
84
85
  name: json
85
86
  requirement: !ruby/object:Gem::Requirement
86
87
  requirements:
87
- - - '='
88
+ - - "~>"
88
89
  - !ruby/object:Gem::Version
89
- version: 2.3.0
90
+ version: '2.6'
90
91
  type: :runtime
91
92
  prerelease: false
92
93
  version_requirements: !ruby/object:Gem::Requirement
93
94
  requirements:
94
- - - '='
95
+ - - "~>"
95
96
  - !ruby/object:Gem::Version
96
- version: 2.3.0
97
- description:
97
+ version: '2.6'
98
+ description:
98
99
  email:
99
100
  - g_portugues@hotmail.com
101
+ - leavitals@gmail.com
100
102
  executables: []
101
103
  extensions: []
102
104
  extra_rdoc_files: []
@@ -124,7 +126,7 @@ homepage: https://github.com/imagov/keycloak.git
124
126
  licenses:
125
127
  - MIT
126
128
  metadata: {}
127
- post_install_message:
129
+ post_install_message:
128
130
  rdoc_options: []
129
131
  require_paths:
130
132
  - lib
@@ -139,8 +141,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
139
141
  - !ruby/object:Gem::Version
140
142
  version: '0'
141
143
  requirements: []
142
- rubygems_version: 3.0.3
143
- signing_key:
144
+ rubygems_version: 3.5.11
145
+ signing_key:
144
146
  specification_version: 4
145
147
  summary: Add authentication to applications and secure services with Keycloak
146
148
  test_files: []