keycloak 3.2.2 → 3.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +5 -5
- data/README.md +5 -4
- data/README.pt-BR.md +3 -3
- data/keycloak.gemspec +5 -5
- data/lib/keycloak/version.rb +1 -1
- data/lib/keycloak.rb +44 -14
- metadata +17 -15
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d366d68dc864faaeede6c0ec859981bb1d9b6f559140da47ae843f99a4f36b06
|
|
4
|
+
data.tar.gz: 66a2a5c8226d3f92530bdf370ffce5c5112da6acc2060d1c4e3b6196f62e2142
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f0dec0f4ec59e6f9435d015f664dbd6ce58e3bd40d2a3e27dbeb6b59f16cb5ed49edc090f7a272276ed2536af9fc10772f4acee4bb9b61d50b47bf6b5d9bc621
|
|
7
|
+
data.tar.gz: 4ddb3742850851d8c1fbf66b4a0e29d1e4343e165e56ce7ba868bac655b8836ed22f9d30e2edb23d23a496afcff8e3d91935b518a90864b3d05c2ed1e5007fa5
|
data/Gemfile.lock
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
keycloak (3.
|
|
5
|
-
json (
|
|
6
|
-
jwt (
|
|
7
|
-
rest-client (
|
|
4
|
+
keycloak (3.3.0)
|
|
5
|
+
json (~> 2.6)
|
|
6
|
+
jwt (~> 2.4)
|
|
7
|
+
rest-client (~> 2.1)
|
|
8
8
|
|
|
9
9
|
GEM
|
|
10
10
|
remote: https://rubygems.org/
|
|
@@ -54,4 +54,4 @@ DEPENDENCIES
|
|
|
54
54
|
rspec (~> 3.7)
|
|
55
55
|
|
|
56
56
|
BUNDLED WITH
|
|
57
|
-
2.
|
|
57
|
+
2.5.11
|
data/README.md
CHANGED
|
@@ -8,7 +8,8 @@ Its development was based on version 3.2 of Keycloak, whose documentation can be
|
|
|
8
8
|
|
|
9
9
|
Publication of gem: https://rubygems.org/gems/keycloak
|
|
10
10
|
|
|
11
|
-
|
|
11
|
+
Example: https://github.com/imagov/example-gem-keycloak
|
|
12
|
+
|
|
12
13
|
|
|
13
14
|
## Installation
|
|
14
15
|
|
|
@@ -180,7 +181,7 @@ When the user is already logged in and your application internally tracks the to
|
|
|
180
181
|
|
|
181
182
|
|
|
182
183
|
```ruby
|
|
183
|
-
Keycloak::Client.get_token_introspection(token = '', client_id = '', secret = '',
|
|
184
|
+
Keycloak::Client.get_token_introspection(token = '', client_id = '', secret = '', introspection_endpoint = '')
|
|
184
185
|
```
|
|
185
186
|
|
|
186
187
|
This method returns the information from the `token` session passed as parameter. Among the information returned, the most important is the `active` field, since it informs whether the token session passed in the parameter is active or not. This will help your application control whether the logged-in user session has expired or not. If no token is passed as a parameter, gem will use the last `access_token` stored in the application's cookie.
|
|
@@ -215,14 +216,14 @@ Returns the <b>url</b> for access to the realm user registry of the installation
|
|
|
215
216
|
|
|
216
217
|
|
|
217
218
|
```ruby
|
|
218
|
-
Keycloak::Client.has_role?(user_role, access_token = '', client_id = '', secret = '',
|
|
219
|
+
Keycloak::Client.has_role?(user_role, access_token = '', client_id = '', secret = '', introspection_endpoint = '')
|
|
219
220
|
```
|
|
220
221
|
|
|
221
222
|
The `has_role?` method decodes the JWT `access_token` and verifies that the user who owns the token has the <b>role</b> informed in the `user_role` parameter. If `access_token` is not informed then gem will use the `access_token` of the cookie.
|
|
222
223
|
|
|
223
224
|
|
|
224
225
|
```ruby
|
|
225
|
-
Keycloak::Client.user_signed_in?(access_token = '', client_id = '', secret = '',
|
|
226
|
+
Keycloak::Client.user_signed_in?(access_token = '', client_id = '', secret = '', introspection_endpoint = '')
|
|
226
227
|
```
|
|
227
228
|
|
|
228
229
|
This method checks whether the `access_token` passed in the parameter is still active. To check whether the user is active or not, the gem invokes the `get_token_introspection` method internally. If `access_token` is not informed then gem will use the `access_token` of the cookie.
|
data/README.pt-BR.md
CHANGED
|
@@ -173,7 +173,7 @@ Quando o usuário já estiver logado e a sua aplicação acompanhar internamente
|
|
|
173
173
|
|
|
174
174
|
|
|
175
175
|
```ruby
|
|
176
|
-
Keycloak::Client.get_token_introspection(token = '', client_id = '', secret = '',
|
|
176
|
+
Keycloak::Client.get_token_introspection(token = '', client_id = '', secret = '', introspection_endpoint = '')
|
|
177
177
|
```
|
|
178
178
|
|
|
179
179
|
Esse método retorna a as informações da sessão do `token` passado como parâmetro. Entre as informações retornadas, a mais importante é o campo `active`, pois ele informa se a sessão do token passado no parâmetro é ativo ou não. Isso auxiliará a sua aplicação a controlar se a sessão do usuário logado expirou ou não. Caso nenhum token seja passado como parâmetro, a gem utilizará o último `access_token` armazenado no cookie da aplicação.
|
|
@@ -208,14 +208,14 @@ Retorna a <b>url</b> para acesso ao cadastro de usuários do Reino do arquivo de
|
|
|
208
208
|
|
|
209
209
|
|
|
210
210
|
```ruby
|
|
211
|
-
Keycloak::Client.has_role?(user_role, access_token = '', client_id = '', secret = '',
|
|
211
|
+
Keycloak::Client.has_role?(user_role, access_token = '', client_id = '', secret = '', introspection_endpoint = '')
|
|
212
212
|
```
|
|
213
213
|
|
|
214
214
|
O método `has_role?` decodifica o JWT `access_token` e verifica se o usuário dono do token possui o <b>role</b> informado no parâmetro `user_role`. Caso o `access_token` não seja informado, então a gem utilizará o `access_token` do cookie.
|
|
215
215
|
|
|
216
216
|
|
|
217
217
|
```ruby
|
|
218
|
-
Keycloak::Client.user_signed_in?(access_token = '', client_id = '', secret = '',
|
|
218
|
+
Keycloak::Client.user_signed_in?(access_token = '', client_id = '', secret = '', introspection_endpoint = '')
|
|
219
219
|
```
|
|
220
220
|
|
|
221
221
|
Esse método verifica se o `access_token` passado no parâmetro ainda está ativo. Para verificar se o usuário está ativo ou não, internamente a gem invoca o método `get_token_introspection`. Caso o `access_token` não seja informado, então a gem utilizará o `access_token` do cookie.
|
data/keycloak.gemspec
CHANGED
|
@@ -6,8 +6,8 @@ require "keycloak/version"
|
|
|
6
6
|
Gem::Specification.new do |spec|
|
|
7
7
|
spec.name = "keycloak"
|
|
8
8
|
spec.version = Keycloak::VERSION
|
|
9
|
-
spec.authors = ["Guilherme Portugues"]
|
|
10
|
-
spec.email = ["g_portugues@hotmail.com"]
|
|
9
|
+
spec.authors = ["Guilherme Portugues", "Leandro Vital Catarin"]
|
|
10
|
+
spec.email = ["g_portugues@hotmail.com", "leavitals@gmail.com"]
|
|
11
11
|
|
|
12
12
|
spec.summary = %q{Add authentication to applications and secure services with Keycloak}
|
|
13
13
|
#spec.description = %q{TODO: Write a longer description or delete this line.}
|
|
@@ -33,7 +33,7 @@ Gem::Specification.new do |spec|
|
|
|
33
33
|
spec.add_development_dependency "bundler", "~> 2.3"
|
|
34
34
|
spec.add_development_dependency "rake", "~> 13.0"
|
|
35
35
|
spec.add_development_dependency "rspec", "~> 3.7"
|
|
36
|
-
spec.add_runtime_dependency "rest-client", "2.1
|
|
37
|
-
spec.add_runtime_dependency "jwt", "2.4
|
|
38
|
-
spec.add_runtime_dependency "json", "2.6
|
|
36
|
+
spec.add_runtime_dependency "rest-client", "~> 2.1"
|
|
37
|
+
spec.add_runtime_dependency "jwt", "~> 2.4"
|
|
38
|
+
spec.add_runtime_dependency "json", "~> 2.6"
|
|
39
39
|
end
|
data/lib/keycloak/version.rb
CHANGED
data/lib/keycloak.rb
CHANGED
|
@@ -15,9 +15,37 @@ module Keycloak
|
|
|
15
15
|
OLD_KEYCLOAK_JSON_FILE = 'keycloak.json'.freeze
|
|
16
16
|
KEYCLOAK_JSON_FILE = 'config/keycloak.json'.freeze
|
|
17
17
|
|
|
18
|
+
class Config
|
|
19
|
+
attr_accessor :proc_cookie_token,
|
|
20
|
+
:proc_external_attributes
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
module Base
|
|
24
|
+
def config
|
|
25
|
+
Thread.current[:keycloak_config] ||= Keycloak::Config.new
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def proc_cookie_token
|
|
29
|
+
config.proc_cookie_token
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def proc_cookie_token=(value)
|
|
33
|
+
config.proc_cookie_token = value
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def proc_external_attributes
|
|
37
|
+
config.proc_external_attributes
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def proc_external_attributes=(value)
|
|
41
|
+
config.proc_external_attributes = value
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
extend Base
|
|
46
|
+
|
|
18
47
|
class << self
|
|
19
48
|
attr_accessor :proxy, :generate_request_exception, :keycloak_controller,
|
|
20
|
-
:proc_cookie_token, :proc_external_attributes,
|
|
21
49
|
:realm, :auth_server_url, :validate_token_when_call_has_role,
|
|
22
50
|
:secret, :resource
|
|
23
51
|
end
|
|
@@ -152,13 +180,13 @@ module Keycloak
|
|
|
152
180
|
mount_request_token(payload)
|
|
153
181
|
end
|
|
154
182
|
|
|
155
|
-
def self.get_token_introspection(token = '', client_id = '', secret = '',
|
|
183
|
+
def self.get_token_introspection(token = '', client_id = '', secret = '', introspection_endpoint = '')
|
|
156
184
|
verify_setup
|
|
157
185
|
|
|
158
186
|
client_id = @client_id if isempty?(client_id)
|
|
159
187
|
secret = @secret if isempty?(secret)
|
|
160
188
|
token = self.token['access_token'] if isempty?(token)
|
|
161
|
-
|
|
189
|
+
introspection_endpoint = @configuration['introspection_endpoint'] if isempty?(introspection_endpoint)
|
|
162
190
|
|
|
163
191
|
payload = { 'token' => token }
|
|
164
192
|
|
|
@@ -169,7 +197,7 @@ module Keycloak
|
|
|
169
197
|
'authorization' => authorization }
|
|
170
198
|
|
|
171
199
|
_request = -> do
|
|
172
|
-
RestClient.post(
|
|
200
|
+
RestClient.post(introspection_endpoint, payload, header){|response, request, result|
|
|
173
201
|
case response.code
|
|
174
202
|
when 200..399
|
|
175
203
|
response.body
|
|
@@ -182,14 +210,16 @@ module Keycloak
|
|
|
182
210
|
exec_request _request
|
|
183
211
|
end
|
|
184
212
|
|
|
185
|
-
def self.url_login_redirect(redirect_uri, response_type = 'code', client_id = '', authorization_endpoint = '')
|
|
213
|
+
def self.url_login_redirect(redirect_uri, response_type = 'code', client_id = '', authorization_endpoint = '', scope: [])
|
|
186
214
|
verify_setup
|
|
187
215
|
|
|
188
216
|
client_id = @client_id if isempty?(client_id)
|
|
189
217
|
authorization_endpoint = @configuration['authorization_endpoint'] if isempty?(authorization_endpoint)
|
|
190
218
|
|
|
191
|
-
|
|
192
|
-
|
|
219
|
+
params = { response_type: response_type, client_id: client_id, redirect_uri: redirect_uri }
|
|
220
|
+
params[:scope] = scope.join(',') if scope.any?
|
|
221
|
+
encoded_uri = URI.encode_www_form(params)
|
|
222
|
+
"#{authorization_endpoint}?#{encoded_uri}"
|
|
193
223
|
end
|
|
194
224
|
|
|
195
225
|
def self.logout(redirect_uri = '', refresh_token = '', client_id = '', secret = '', end_session_endpoint = '')
|
|
@@ -261,14 +291,14 @@ module Keycloak
|
|
|
261
291
|
"#{@auth_server_url}/realms/#{@realm}/account"
|
|
262
292
|
end
|
|
263
293
|
|
|
264
|
-
def self.has_role?(user_role, access_token = '', client_id = '', secret = '',
|
|
294
|
+
def self.has_role?(user_role, access_token = '', client_id = '', secret = '', introspection_endpoint = '')
|
|
265
295
|
verify_setup
|
|
266
296
|
|
|
267
297
|
client_id = @client_id if isempty?(client_id)
|
|
268
298
|
secret = @secret if isempty?(secret)
|
|
269
|
-
|
|
299
|
+
introspection_endpoint = @configuration['introspection_endpoint'] if isempty?(introspection_endpoint)
|
|
270
300
|
|
|
271
|
-
if !Keycloak.validate_token_when_call_has_role || user_signed_in?(access_token, client_id, secret,
|
|
301
|
+
if !Keycloak.validate_token_when_call_has_role || user_signed_in?(access_token, client_id, secret, introspection_endpoint)
|
|
272
302
|
dt = decoded_access_token(access_token)[0]
|
|
273
303
|
dt = dt['resource_access'][client_id]
|
|
274
304
|
unless dt.nil?
|
|
@@ -280,15 +310,15 @@ module Keycloak
|
|
|
280
310
|
false
|
|
281
311
|
end
|
|
282
312
|
|
|
283
|
-
def self.user_signed_in?(access_token = '', client_id = '', secret = '',
|
|
313
|
+
def self.user_signed_in?(access_token = '', client_id = '', secret = '', introspection_endpoint = '')
|
|
284
314
|
verify_setup
|
|
285
315
|
|
|
286
316
|
client_id = @client_id if isempty?(client_id)
|
|
287
317
|
secret = @secret if isempty?(secret)
|
|
288
|
-
|
|
318
|
+
introspection_endpoint = @configuration['introspection_endpoint'] if isempty?(introspection_endpoint)
|
|
289
319
|
|
|
290
320
|
begin
|
|
291
|
-
JSON(get_token_introspection(access_token, client_id, secret,
|
|
321
|
+
JSON(get_token_introspection(access_token, client_id, secret, introspection_endpoint))['active'] === true
|
|
292
322
|
rescue => e
|
|
293
323
|
if e.class < Keycloak::KeycloakException
|
|
294
324
|
raise
|
|
@@ -336,7 +366,7 @@ module Keycloak
|
|
|
336
366
|
KEYCLOACK_CONTROLLER_DEFAULT = 'session'.freeze
|
|
337
367
|
|
|
338
368
|
def self.get_installation
|
|
339
|
-
if File.
|
|
369
|
+
if File.exist?(Keycloak.installation_file)
|
|
340
370
|
installation = JSON File.read(Keycloak.installation_file)
|
|
341
371
|
@realm = installation["realm"]
|
|
342
372
|
@client_id = installation["resource"]
|
metadata
CHANGED
|
@@ -1,14 +1,15 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: keycloak
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Guilherme Portugues
|
|
8
|
+
- Leandro Vital Catarin
|
|
8
9
|
autorequire:
|
|
9
10
|
bindir: exe
|
|
10
11
|
cert_chain: []
|
|
11
|
-
date:
|
|
12
|
+
date: 2024-06-21 00:00:00.000000000 Z
|
|
12
13
|
dependencies:
|
|
13
14
|
- !ruby/object:Gem::Dependency
|
|
14
15
|
name: bundler
|
|
@@ -56,47 +57,48 @@ dependencies:
|
|
|
56
57
|
name: rest-client
|
|
57
58
|
requirement: !ruby/object:Gem::Requirement
|
|
58
59
|
requirements:
|
|
59
|
-
- -
|
|
60
|
+
- - "~>"
|
|
60
61
|
- !ruby/object:Gem::Version
|
|
61
|
-
version: 2.1
|
|
62
|
+
version: '2.1'
|
|
62
63
|
type: :runtime
|
|
63
64
|
prerelease: false
|
|
64
65
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
66
|
requirements:
|
|
66
|
-
- -
|
|
67
|
+
- - "~>"
|
|
67
68
|
- !ruby/object:Gem::Version
|
|
68
|
-
version: 2.1
|
|
69
|
+
version: '2.1'
|
|
69
70
|
- !ruby/object:Gem::Dependency
|
|
70
71
|
name: jwt
|
|
71
72
|
requirement: !ruby/object:Gem::Requirement
|
|
72
73
|
requirements:
|
|
73
|
-
- -
|
|
74
|
+
- - "~>"
|
|
74
75
|
- !ruby/object:Gem::Version
|
|
75
|
-
version: 2.4
|
|
76
|
+
version: '2.4'
|
|
76
77
|
type: :runtime
|
|
77
78
|
prerelease: false
|
|
78
79
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
80
|
requirements:
|
|
80
|
-
- -
|
|
81
|
+
- - "~>"
|
|
81
82
|
- !ruby/object:Gem::Version
|
|
82
|
-
version: 2.4
|
|
83
|
+
version: '2.4'
|
|
83
84
|
- !ruby/object:Gem::Dependency
|
|
84
85
|
name: json
|
|
85
86
|
requirement: !ruby/object:Gem::Requirement
|
|
86
87
|
requirements:
|
|
87
|
-
- -
|
|
88
|
+
- - "~>"
|
|
88
89
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: 2.6
|
|
90
|
+
version: '2.6'
|
|
90
91
|
type: :runtime
|
|
91
92
|
prerelease: false
|
|
92
93
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
94
|
requirements:
|
|
94
|
-
- -
|
|
95
|
+
- - "~>"
|
|
95
96
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: 2.6
|
|
97
|
+
version: '2.6'
|
|
97
98
|
description:
|
|
98
99
|
email:
|
|
99
100
|
- g_portugues@hotmail.com
|
|
101
|
+
- leavitals@gmail.com
|
|
100
102
|
executables: []
|
|
101
103
|
extensions: []
|
|
102
104
|
extra_rdoc_files: []
|
|
@@ -139,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
139
141
|
- !ruby/object:Gem::Version
|
|
140
142
|
version: '0'
|
|
141
143
|
requirements: []
|
|
142
|
-
rubygems_version: 3.
|
|
144
|
+
rubygems_version: 3.5.11
|
|
143
145
|
signing_key:
|
|
144
146
|
specification_version: 4
|
|
145
147
|
summary: Add authentication to applications and secure services with Keycloak
|