keycloak 3.2.2 → 3.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +5 -5
- data/README.md +5 -4
- data/README.pt-BR.md +3 -3
- data/keycloak.gemspec +5 -5
- data/lib/keycloak/version.rb +1 -1
- data/lib/keycloak.rb +44 -14
- metadata +17 -15
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d366d68dc864faaeede6c0ec859981bb1d9b6f559140da47ae843f99a4f36b06
|
|
4
|
+
data.tar.gz: 66a2a5c8226d3f92530bdf370ffce5c5112da6acc2060d1c4e3b6196f62e2142
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f0dec0f4ec59e6f9435d015f664dbd6ce58e3bd40d2a3e27dbeb6b59f16cb5ed49edc090f7a272276ed2536af9fc10772f4acee4bb9b61d50b47bf6b5d9bc621
|
|
7
|
+
data.tar.gz: 4ddb3742850851d8c1fbf66b4a0e29d1e4343e165e56ce7ba868bac655b8836ed22f9d30e2edb23d23a496afcff8e3d91935b518a90864b3d05c2ed1e5007fa5
|
data/Gemfile.lock
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
keycloak (3.
|
|
5
|
-
json (
|
|
6
|
-
jwt (
|
|
7
|
-
rest-client (
|
|
4
|
+
keycloak (3.3.0)
|
|
5
|
+
json (~> 2.6)
|
|
6
|
+
jwt (~> 2.4)
|
|
7
|
+
rest-client (~> 2.1)
|
|
8
8
|
|
|
9
9
|
GEM
|
|
10
10
|
remote: https://rubygems.org/
|
|
@@ -54,4 +54,4 @@ DEPENDENCIES
|
|
|
54
54
|
rspec (~> 3.7)
|
|
55
55
|
|
|
56
56
|
BUNDLED WITH
|
|
57
|
-
2.
|
|
57
|
+
2.5.11
|
data/README.md
CHANGED
|
@@ -8,7 +8,8 @@ Its development was based on version 3.2 of Keycloak, whose documentation can be
|
|
|
8
8
|
|
|
9
9
|
Publication of gem: https://rubygems.org/gems/keycloak
|
|
10
10
|
|
|
11
|
-
|
|
11
|
+
Example: https://github.com/imagov/example-gem-keycloak
|
|
12
|
+
|
|
12
13
|
|
|
13
14
|
## Installation
|
|
14
15
|
|
|
@@ -180,7 +181,7 @@ When the user is already logged in and your application internally tracks the to
|
|
|
180
181
|
|
|
181
182
|
|
|
182
183
|
```ruby
|
|
183
|
-
Keycloak::Client.get_token_introspection(token = '', client_id = '', secret = '',
|
|
184
|
+
Keycloak::Client.get_token_introspection(token = '', client_id = '', secret = '', introspection_endpoint = '')
|
|
184
185
|
```
|
|
185
186
|
|
|
186
187
|
This method returns the information from the `token` session passed as parameter. Among the information returned, the most important is the `active` field, since it informs whether the token session passed in the parameter is active or not. This will help your application control whether the logged-in user session has expired or not. If no token is passed as a parameter, gem will use the last `access_token` stored in the application's cookie.
|
|
@@ -215,14 +216,14 @@ Returns the <b>url</b> for access to the realm user registry of the installation
|
|
|
215
216
|
|
|
216
217
|
|
|
217
218
|
```ruby
|
|
218
|
-
Keycloak::Client.has_role?(user_role, access_token = '', client_id = '', secret = '',
|
|
219
|
+
Keycloak::Client.has_role?(user_role, access_token = '', client_id = '', secret = '', introspection_endpoint = '')
|
|
219
220
|
```
|
|
220
221
|
|
|
221
222
|
The `has_role?` method decodes the JWT `access_token` and verifies that the user who owns the token has the <b>role</b> informed in the `user_role` parameter. If `access_token` is not informed then gem will use the `access_token` of the cookie.
|
|
222
223
|
|
|
223
224
|
|
|
224
225
|
```ruby
|
|
225
|
-
Keycloak::Client.user_signed_in?(access_token = '', client_id = '', secret = '',
|
|
226
|
+
Keycloak::Client.user_signed_in?(access_token = '', client_id = '', secret = '', introspection_endpoint = '')
|
|
226
227
|
```
|
|
227
228
|
|
|
228
229
|
This method checks whether the `access_token` passed in the parameter is still active. To check whether the user is active or not, the gem invokes the `get_token_introspection` method internally. If `access_token` is not informed then gem will use the `access_token` of the cookie.
|
data/README.pt-BR.md
CHANGED
|
@@ -173,7 +173,7 @@ Quando o usuário já estiver logado e a sua aplicação acompanhar internamente
|
|
|
173
173
|
|
|
174
174
|
|
|
175
175
|
```ruby
|
|
176
|
-
Keycloak::Client.get_token_introspection(token = '', client_id = '', secret = '',
|
|
176
|
+
Keycloak::Client.get_token_introspection(token = '', client_id = '', secret = '', introspection_endpoint = '')
|
|
177
177
|
```
|
|
178
178
|
|
|
179
179
|
Esse método retorna a as informações da sessão do `token` passado como parâmetro. Entre as informações retornadas, a mais importante é o campo `active`, pois ele informa se a sessão do token passado no parâmetro é ativo ou não. Isso auxiliará a sua aplicação a controlar se a sessão do usuário logado expirou ou não. Caso nenhum token seja passado como parâmetro, a gem utilizará o último `access_token` armazenado no cookie da aplicação.
|
|
@@ -208,14 +208,14 @@ Retorna a <b>url</b> para acesso ao cadastro de usuários do Reino do arquivo de
|
|
|
208
208
|
|
|
209
209
|
|
|
210
210
|
```ruby
|
|
211
|
-
Keycloak::Client.has_role?(user_role, access_token = '', client_id = '', secret = '',
|
|
211
|
+
Keycloak::Client.has_role?(user_role, access_token = '', client_id = '', secret = '', introspection_endpoint = '')
|
|
212
212
|
```
|
|
213
213
|
|
|
214
214
|
O método `has_role?` decodifica o JWT `access_token` e verifica se o usuário dono do token possui o <b>role</b> informado no parâmetro `user_role`. Caso o `access_token` não seja informado, então a gem utilizará o `access_token` do cookie.
|
|
215
215
|
|
|
216
216
|
|
|
217
217
|
```ruby
|
|
218
|
-
Keycloak::Client.user_signed_in?(access_token = '', client_id = '', secret = '',
|
|
218
|
+
Keycloak::Client.user_signed_in?(access_token = '', client_id = '', secret = '', introspection_endpoint = '')
|
|
219
219
|
```
|
|
220
220
|
|
|
221
221
|
Esse método verifica se o `access_token` passado no parâmetro ainda está ativo. Para verificar se o usuário está ativo ou não, internamente a gem invoca o método `get_token_introspection`. Caso o `access_token` não seja informado, então a gem utilizará o `access_token` do cookie.
|
data/keycloak.gemspec
CHANGED
|
@@ -6,8 +6,8 @@ require "keycloak/version"
|
|
|
6
6
|
Gem::Specification.new do |spec|
|
|
7
7
|
spec.name = "keycloak"
|
|
8
8
|
spec.version = Keycloak::VERSION
|
|
9
|
-
spec.authors = ["Guilherme Portugues"]
|
|
10
|
-
spec.email = ["g_portugues@hotmail.com"]
|
|
9
|
+
spec.authors = ["Guilherme Portugues", "Leandro Vital Catarin"]
|
|
10
|
+
spec.email = ["g_portugues@hotmail.com", "leavitals@gmail.com"]
|
|
11
11
|
|
|
12
12
|
spec.summary = %q{Add authentication to applications and secure services with Keycloak}
|
|
13
13
|
#spec.description = %q{TODO: Write a longer description or delete this line.}
|
|
@@ -33,7 +33,7 @@ Gem::Specification.new do |spec|
|
|
|
33
33
|
spec.add_development_dependency "bundler", "~> 2.3"
|
|
34
34
|
spec.add_development_dependency "rake", "~> 13.0"
|
|
35
35
|
spec.add_development_dependency "rspec", "~> 3.7"
|
|
36
|
-
spec.add_runtime_dependency "rest-client", "2.1
|
|
37
|
-
spec.add_runtime_dependency "jwt", "2.4
|
|
38
|
-
spec.add_runtime_dependency "json", "2.6
|
|
36
|
+
spec.add_runtime_dependency "rest-client", "~> 2.1"
|
|
37
|
+
spec.add_runtime_dependency "jwt", "~> 2.4"
|
|
38
|
+
spec.add_runtime_dependency "json", "~> 2.6"
|
|
39
39
|
end
|
data/lib/keycloak/version.rb
CHANGED
data/lib/keycloak.rb
CHANGED
|
@@ -15,9 +15,37 @@ module Keycloak
|
|
|
15
15
|
OLD_KEYCLOAK_JSON_FILE = 'keycloak.json'.freeze
|
|
16
16
|
KEYCLOAK_JSON_FILE = 'config/keycloak.json'.freeze
|
|
17
17
|
|
|
18
|
+
class Config
|
|
19
|
+
attr_accessor :proc_cookie_token,
|
|
20
|
+
:proc_external_attributes
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
module Base
|
|
24
|
+
def config
|
|
25
|
+
Thread.current[:keycloak_config] ||= Keycloak::Config.new
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def proc_cookie_token
|
|
29
|
+
config.proc_cookie_token
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def proc_cookie_token=(value)
|
|
33
|
+
config.proc_cookie_token = value
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def proc_external_attributes
|
|
37
|
+
config.proc_external_attributes
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def proc_external_attributes=(value)
|
|
41
|
+
config.proc_external_attributes = value
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
extend Base
|
|
46
|
+
|
|
18
47
|
class << self
|
|
19
48
|
attr_accessor :proxy, :generate_request_exception, :keycloak_controller,
|
|
20
|
-
:proc_cookie_token, :proc_external_attributes,
|
|
21
49
|
:realm, :auth_server_url, :validate_token_when_call_has_role,
|
|
22
50
|
:secret, :resource
|
|
23
51
|
end
|
|
@@ -152,13 +180,13 @@ module Keycloak
|
|
|
152
180
|
mount_request_token(payload)
|
|
153
181
|
end
|
|
154
182
|
|
|
155
|
-
def self.get_token_introspection(token = '', client_id = '', secret = '',
|
|
183
|
+
def self.get_token_introspection(token = '', client_id = '', secret = '', introspection_endpoint = '')
|
|
156
184
|
verify_setup
|
|
157
185
|
|
|
158
186
|
client_id = @client_id if isempty?(client_id)
|
|
159
187
|
secret = @secret if isempty?(secret)
|
|
160
188
|
token = self.token['access_token'] if isempty?(token)
|
|
161
|
-
|
|
189
|
+
introspection_endpoint = @configuration['introspection_endpoint'] if isempty?(introspection_endpoint)
|
|
162
190
|
|
|
163
191
|
payload = { 'token' => token }
|
|
164
192
|
|
|
@@ -169,7 +197,7 @@ module Keycloak
|
|
|
169
197
|
'authorization' => authorization }
|
|
170
198
|
|
|
171
199
|
_request = -> do
|
|
172
|
-
RestClient.post(
|
|
200
|
+
RestClient.post(introspection_endpoint, payload, header){|response, request, result|
|
|
173
201
|
case response.code
|
|
174
202
|
when 200..399
|
|
175
203
|
response.body
|
|
@@ -182,14 +210,16 @@ module Keycloak
|
|
|
182
210
|
exec_request _request
|
|
183
211
|
end
|
|
184
212
|
|
|
185
|
-
def self.url_login_redirect(redirect_uri, response_type = 'code', client_id = '', authorization_endpoint = '')
|
|
213
|
+
def self.url_login_redirect(redirect_uri, response_type = 'code', client_id = '', authorization_endpoint = '', scope: [])
|
|
186
214
|
verify_setup
|
|
187
215
|
|
|
188
216
|
client_id = @client_id if isempty?(client_id)
|
|
189
217
|
authorization_endpoint = @configuration['authorization_endpoint'] if isempty?(authorization_endpoint)
|
|
190
218
|
|
|
191
|
-
|
|
192
|
-
|
|
219
|
+
params = { response_type: response_type, client_id: client_id, redirect_uri: redirect_uri }
|
|
220
|
+
params[:scope] = scope.join(',') if scope.any?
|
|
221
|
+
encoded_uri = URI.encode_www_form(params)
|
|
222
|
+
"#{authorization_endpoint}?#{encoded_uri}"
|
|
193
223
|
end
|
|
194
224
|
|
|
195
225
|
def self.logout(redirect_uri = '', refresh_token = '', client_id = '', secret = '', end_session_endpoint = '')
|
|
@@ -261,14 +291,14 @@ module Keycloak
|
|
|
261
291
|
"#{@auth_server_url}/realms/#{@realm}/account"
|
|
262
292
|
end
|
|
263
293
|
|
|
264
|
-
def self.has_role?(user_role, access_token = '', client_id = '', secret = '',
|
|
294
|
+
def self.has_role?(user_role, access_token = '', client_id = '', secret = '', introspection_endpoint = '')
|
|
265
295
|
verify_setup
|
|
266
296
|
|
|
267
297
|
client_id = @client_id if isempty?(client_id)
|
|
268
298
|
secret = @secret if isempty?(secret)
|
|
269
|
-
|
|
299
|
+
introspection_endpoint = @configuration['introspection_endpoint'] if isempty?(introspection_endpoint)
|
|
270
300
|
|
|
271
|
-
if !Keycloak.validate_token_when_call_has_role || user_signed_in?(access_token, client_id, secret,
|
|
301
|
+
if !Keycloak.validate_token_when_call_has_role || user_signed_in?(access_token, client_id, secret, introspection_endpoint)
|
|
272
302
|
dt = decoded_access_token(access_token)[0]
|
|
273
303
|
dt = dt['resource_access'][client_id]
|
|
274
304
|
unless dt.nil?
|
|
@@ -280,15 +310,15 @@ module Keycloak
|
|
|
280
310
|
false
|
|
281
311
|
end
|
|
282
312
|
|
|
283
|
-
def self.user_signed_in?(access_token = '', client_id = '', secret = '',
|
|
313
|
+
def self.user_signed_in?(access_token = '', client_id = '', secret = '', introspection_endpoint = '')
|
|
284
314
|
verify_setup
|
|
285
315
|
|
|
286
316
|
client_id = @client_id if isempty?(client_id)
|
|
287
317
|
secret = @secret if isempty?(secret)
|
|
288
|
-
|
|
318
|
+
introspection_endpoint = @configuration['introspection_endpoint'] if isempty?(introspection_endpoint)
|
|
289
319
|
|
|
290
320
|
begin
|
|
291
|
-
JSON(get_token_introspection(access_token, client_id, secret,
|
|
321
|
+
JSON(get_token_introspection(access_token, client_id, secret, introspection_endpoint))['active'] === true
|
|
292
322
|
rescue => e
|
|
293
323
|
if e.class < Keycloak::KeycloakException
|
|
294
324
|
raise
|
|
@@ -336,7 +366,7 @@ module Keycloak
|
|
|
336
366
|
KEYCLOACK_CONTROLLER_DEFAULT = 'session'.freeze
|
|
337
367
|
|
|
338
368
|
def self.get_installation
|
|
339
|
-
if File.
|
|
369
|
+
if File.exist?(Keycloak.installation_file)
|
|
340
370
|
installation = JSON File.read(Keycloak.installation_file)
|
|
341
371
|
@realm = installation["realm"]
|
|
342
372
|
@client_id = installation["resource"]
|
metadata
CHANGED
|
@@ -1,14 +1,15 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: keycloak
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Guilherme Portugues
|
|
8
|
+
- Leandro Vital Catarin
|
|
8
9
|
autorequire:
|
|
9
10
|
bindir: exe
|
|
10
11
|
cert_chain: []
|
|
11
|
-
date:
|
|
12
|
+
date: 2024-06-21 00:00:00.000000000 Z
|
|
12
13
|
dependencies:
|
|
13
14
|
- !ruby/object:Gem::Dependency
|
|
14
15
|
name: bundler
|
|
@@ -56,47 +57,48 @@ dependencies:
|
|
|
56
57
|
name: rest-client
|
|
57
58
|
requirement: !ruby/object:Gem::Requirement
|
|
58
59
|
requirements:
|
|
59
|
-
- -
|
|
60
|
+
- - "~>"
|
|
60
61
|
- !ruby/object:Gem::Version
|
|
61
|
-
version: 2.1
|
|
62
|
+
version: '2.1'
|
|
62
63
|
type: :runtime
|
|
63
64
|
prerelease: false
|
|
64
65
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
66
|
requirements:
|
|
66
|
-
- -
|
|
67
|
+
- - "~>"
|
|
67
68
|
- !ruby/object:Gem::Version
|
|
68
|
-
version: 2.1
|
|
69
|
+
version: '2.1'
|
|
69
70
|
- !ruby/object:Gem::Dependency
|
|
70
71
|
name: jwt
|
|
71
72
|
requirement: !ruby/object:Gem::Requirement
|
|
72
73
|
requirements:
|
|
73
|
-
- -
|
|
74
|
+
- - "~>"
|
|
74
75
|
- !ruby/object:Gem::Version
|
|
75
|
-
version: 2.4
|
|
76
|
+
version: '2.4'
|
|
76
77
|
type: :runtime
|
|
77
78
|
prerelease: false
|
|
78
79
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
80
|
requirements:
|
|
80
|
-
- -
|
|
81
|
+
- - "~>"
|
|
81
82
|
- !ruby/object:Gem::Version
|
|
82
|
-
version: 2.4
|
|
83
|
+
version: '2.4'
|
|
83
84
|
- !ruby/object:Gem::Dependency
|
|
84
85
|
name: json
|
|
85
86
|
requirement: !ruby/object:Gem::Requirement
|
|
86
87
|
requirements:
|
|
87
|
-
- -
|
|
88
|
+
- - "~>"
|
|
88
89
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: 2.6
|
|
90
|
+
version: '2.6'
|
|
90
91
|
type: :runtime
|
|
91
92
|
prerelease: false
|
|
92
93
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
94
|
requirements:
|
|
94
|
-
- -
|
|
95
|
+
- - "~>"
|
|
95
96
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: 2.6
|
|
97
|
+
version: '2.6'
|
|
97
98
|
description:
|
|
98
99
|
email:
|
|
99
100
|
- g_portugues@hotmail.com
|
|
101
|
+
- leavitals@gmail.com
|
|
100
102
|
executables: []
|
|
101
103
|
extensions: []
|
|
102
104
|
extra_rdoc_files: []
|
|
@@ -139,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
139
141
|
- !ruby/object:Gem::Version
|
|
140
142
|
version: '0'
|
|
141
143
|
requirements: []
|
|
142
|
-
rubygems_version: 3.
|
|
144
|
+
rubygems_version: 3.5.11
|
|
143
145
|
signing_key:
|
|
144
146
|
specification_version: 4
|
|
145
147
|
summary: Add authentication to applications and secure services with Keycloak
|