keycloak_oauth 0.1.6 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d5372c486b89d09a51766f5ae6420c926f23d26d3f83ed30a9cd8b62c0c100a9
-  data.tar.gz: fcc3d36bbcdcd9d3fda6d51ebfb74e227cbb1f3eb234dfabd98531362c0be8e2
+  metadata.gz: 4c8198edc1a928cd020798264f22e0ebcbbc6a4905aa4ebad578be3404ca92c4
+  data.tar.gz: a4cfff847382aba3b6b2757ca2e53da0dc1d21334ccaf21db2bd7b12083c8816
 SHA512:
-  metadata.gz: ea374a1c1d6fa04d4473cc645be6af6bfe0d9bb3468924a238cae97ee990c339bbd16d99c8c0173c736b48f0cb5d3c8758cae059dd3d12713f872d6a12ca2dfd
-  data.tar.gz: 95eb399aac689d154fb942521da92a557a0b5fc7f035c7798fb48b3c2e3e1c1a44a2548724cfcb5c96d689d8e6b491f75ca028fb6ad3e356174ae76a8b8562da
+  metadata.gz: 2e477873732dd5931bb3769d69831c77dbd9c18329c1c9391361a80e17bf1cdbfbf00847563bdbf32f3fe613121e98c89c8965f31adcefe71736d8d7a9e0cea3
+  data.tar.gz: 68d870d6d136be6e0f170bc1f1361c9325558829d52371f5708fbcd6043ed2e1f38680918fb44d31cf0b399f982c54389ff05e8a7ea071c57bbedf9b314dd8a9

data/app/controllers/keycloak_oauth/callbacks_controller.rb

@@ -7,8 +7,7 @@ module KeycloakOauth
     def oauth2
       authentication_service = KeycloakOauth::AuthenticationService.new(
         authentication_params: authentication_params,
-        session: session,
-        redirect_uri: current_uri_without_params
+        session: session
       )
       authentication_service.authenticate
       map_authenticatable_if_implemented(session)
@@ -19,7 +18,7 @@ module KeycloakOauth
     private
 
     def authentication_params
-      params.permit(:code)
+      params.permit(:code).merge({ redirect_uri: current_uri_without_params })
     end
 
     def map_authenticatable_if_implemented(request)

data/app/services/keycloak_oauth/authentication_service.rb

@@ -1,59 +1,31 @@
-require 'net/http'
-
 module KeycloakOauth
-  class AuthenticationError < StandardError; end
-
   class AuthenticationService
-    GRANT_TYPE = 'authorization_code'.freeze
-    CONTENT_TYPE = 'application/x-www-form-urlencoded'.freeze
     ACCESS_TOKEN_KEY = 'access_token'.freeze
     REFRESH_TOKEN_KEY = 'refresh_token'.freeze
 
-    attr_reader :session
+    attr_reader :session, :authentication_params
 
-    def initialize(authentication_params:, session:, redirect_uri:)
-      @code = authentication_params[:code]
+    def initialize(authentication_params:, session:)
+      @authentication_params = authentication_params
       @session = session
-      @redirect_uri = redirect_uri
     end
 
     def authenticate
-      store_credentials(get_tokens)
+      post_token_service = KeycloakOauth::PostTokenService.new(
+        connection: KeycloakOauth.connection,
+        request_params: authentication_params
+      )
+      post_token_service.perform
+      store_credentials(post_token_service)
     end
 
     private
 
-    attr_reader :code, :redirect_uri
-
-    def get_tokens
-      uri = URI.parse(KeycloakOauth.connection.authentication_endpoint)
-      Net::HTTP.start(uri.host, uri.port, :use_ssl => uri.scheme == 'https') do |http|
-        request = Net::HTTP::Post.new(uri)
-        request.set_content_type(CONTENT_TYPE)
-        request.set_form_data(token_request_params)
-        http.request(request)
-      end
-    end
-
-    def token_request_params
-      {
-        client_id: KeycloakOauth.connection.client_id,
-        client_secret: KeycloakOauth.connection.client_secret,
-        grant_type: GRANT_TYPE,
-        code: code,
-        redirect_uri: redirect_uri
-      }
-    end
-
-    def store_credentials(http_response)
-      response_hash = JSON.parse(http_response.body)
+    def store_credentials(post_token_service)
+      response_hash = post_token_service.parsed_response_body
 
-      if http_response.code_type == Net::HTTPOK
-        session[:access_token] = response_hash[ACCESS_TOKEN_KEY]
-        session[:refresh_token] = response_hash[REFRESH_TOKEN_KEY]
-      else
-        raise KeycloakOauth::AuthenticationError.new(response_hash)
-      end
+      session[:access_token] = response_hash[ACCESS_TOKEN_KEY]
+      session[:refresh_token] = response_hash[REFRESH_TOKEN_KEY]
     end
   end
 end

data/app/services/keycloak_oauth/authorizable_service.rb

@@ -2,23 +2,73 @@ require 'net/http'
 
 module KeycloakOauth
   class AuthorizableError < StandardError; end
+  class NotFoundError < StandardError; end
 
   class AuthorizableService
-    HTTP_SUCCESS_CODES = [Net::HTTPOK, Net::HTTPNoContent]
-    DEFAULT_CONTENT_TYPE = 'application/x-www-form-urlencoded'.freeze
+    HTTP_SUCCESS_CODES = [Net::HTTPOK, Net::HTTPNoContent, Net::HTTPCreated]
+    CONTENT_TYPE_X_WWW_FORM_URLENCODED = 'application/x-www-form-urlencoded'.freeze
+    CONTENT_TYPE_JSON = 'application/json'.freeze
     AUTHORIZATION_HEADER = 'Authorization'.freeze
 
+    attr_reader :http_response, :parsed_response_body
+
+    def perform
+      @http_response = send_request
+      @parsed_response_body ||= parse_response_body(http_response)
+    end
+
+    def self.uri_with_supported_query_params(url, supported_params, given_params)
+      uri = URI.parse(url)
+
+      query_params = supported_params.inject({}) do |acc, query_param|
+        acc[query_param] = given_params[query_param] if given_params[query_param].present?
+        acc
+      end
+
+      log_unsupported_params(given_params.keys - supported_params)
+
+      uri.query = URI.encode_www_form(query_params) if query_params.values.any?
+      uri
+    end
+
     private
 
-    def parsed_response(http_response)
-      response = http_response.body.present? ? JSON.parse(http_response.body) : http_response.body
+    def parse_response_body(http_response)
+      response_body = http_response.body.present? ? JSON.parse(http_response.body) : http_response.body
 
-      return response if HTTP_SUCCESS_CODES.include?(http_response.code_type)
+      return response_body if HTTP_SUCCESS_CODES.include?(http_response.code_type)
 
       # TODO: For now, we assume that the access token is always valid.
       # We do not yet handle the case where a refresh token is passed in and
       # used if the access token has expired.
-      raise KeycloakOauth::AuthorizableError.new(response)
+      raise KeycloakOauth::AuthorizableError.new(error_message_from(response_body))
+    end
+
+    def error_message_from(response)
+      # Keycloak sometimes sends back a hash containing the "errorMessage" key,
+      # other times it returns a hash containing the "error_description key" key
+      # and other times it returns an empty string. There could be more cases,
+      # but for the moment we are only handling these three.
+      case response.class.to_s
+      when 'Hash'
+        if response.has_key?('errorMessage')
+          return response['errorMessage']
+        elsif response.has_key?('error_description')
+          return response['error_description']
+        elsif response.has_key?('error')
+          return response['error']
+        end
+      when 'String'
+        return response
+      else
+        'Unexpected Keycloak error'
+      end
+    end
+
+    def self.log_unsupported_params(query_params)
+      query_params.each do |query_param|
+        Rails.logger.warn { "Unsupported query param was passed in: #{query_param}" }
+      end
     end
   end
 end

data/app/services/keycloak_oauth/get_users_service.rb

@@ -0,0 +1,42 @@
+require 'net/http'
+
+module KeycloakOauth
+  class GetUsersService < KeycloakOauth::AuthorizableService
+    SUPPORTED_QUERY_PARAMS = %i(briefRepresentation email first firstName lastName max search username)
+
+    attr_reader :connection, :options
+
+    def initialize(connection:, access_token:, refresh_token:, options: {})
+      @connection = connection
+      @access_token = access_token
+      @refresh_token = refresh_token
+      @options = options
+    end
+
+    def send_request
+      get_users
+    end
+
+    private
+
+    attr_reader :access_token, :refresh_token
+
+    def get_users
+      uri = build_uri
+
+      Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == 'https') do |http|
+        request = Net::HTTP::Get.new(uri)
+        request[AUTHORIZATION_HEADER] = "Bearer #{access_token}"
+        http.request(request)
+      end
+    end
+
+    def build_uri
+      self.class.uri_with_supported_query_params(
+        connection.users_endpoint,
+        SUPPORTED_QUERY_PARAMS,
+        options
+      )
+    end
+  end
+end

data/app/services/keycloak_oauth/logout_service.rb

@@ -6,8 +6,8 @@ module KeycloakOauth
       @session = session
     end
 
-    def logout
-      parsed_response(post_logout)
+    def send_request
+      post_logout
     end
 
     private
@@ -16,9 +16,9 @@ module KeycloakOauth
 
     def post_logout
       uri = URI.parse(KeycloakOauth.connection.logout_endpoint)
-      Net::HTTP.start(uri.host, uri.port) do |http|
+      Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == 'https') do |http|
         request = Net::HTTP::Post.new(uri)
-        request.set_content_type(DEFAULT_CONTENT_TYPE)
+        request.set_content_type(CONTENT_TYPE_X_WWW_FORM_URLENCODED)
         request.set_form_data(logout_request_params)
         request[AUTHORIZATION_HEADER] = "Bearer #{access_token}"
         http.request(request)

data/app/services/keycloak_oauth/post_token_service.rb

@@ -0,0 +1,43 @@
+require 'net/http'
+
+module KeycloakOauth
+  class PostTokenService < KeycloakOauth::AuthorizableService
+    DEFAULT_GRANT_TYPE = 'authorization_code'.freeze
+
+    attr_reader :request_params, :connection
+
+    def initialize(connection:, access_token: nil, refresh_token: nil, request_params:)
+      @connection = connection
+      @access_token = access_token
+      @refresh_token = refresh_token
+      @request_params = request_params
+    end
+
+    def send_request
+      post_token
+    end
+
+    private
+
+    attr_reader :code, :redirect_uri, :access_token, :refresh_token
+
+    def post_token
+      uri = URI.parse(connection.authentication_endpoint)
+      Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == 'https') do |http|
+        request = Net::HTTP::Post.new(uri)
+        request[AUTHORIZATION_HEADER] = "Bearer #{access_token}" if access_token.present?
+        request.set_content_type(CONTENT_TYPE_X_WWW_FORM_URLENCODED)
+        request.set_form_data(token_request_params)
+        http.request(request)
+      end
+    end
+
+    def token_request_params
+      {
+        client_id: connection.client_id,
+        client_secret: connection.client_secret,
+        grant_type: DEFAULT_GRANT_TYPE
+      }.merge(request_params)
+    end
+  end
+end

data/app/services/keycloak_oauth/post_users_service.rb

@@ -0,0 +1,47 @@
+require 'net/http'
+
+module KeycloakOauth
+  class DuplicationError < StandardError; end
+
+  class PostUsersService < KeycloakOauth::AuthorizableService
+    attr_reader :request_params, :connection, :user_params
+
+    def initialize(connection:, access_token:, refresh_token:, user_params:)
+      @connection = connection
+      @access_token = access_token
+      @refresh_token = refresh_token
+      @user_params = user_params
+    end
+
+    def send_request
+      post_users
+    end
+
+    private
+
+    attr_accessor :access_token, :refresh_token
+
+    def post_users
+      uri = URI.parse(connection.users_endpoint)
+      Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == 'https') do |http|
+        request = Net::HTTP::Post.new(uri)
+        request.set_content_type(CONTENT_TYPE_JSON)
+        request[AUTHORIZATION_HEADER] = "Bearer #{access_token}"
+        request.body = user_params.to_json
+        http.request(request)
+      end
+    end
+
+    def parse_response_body(http_response)
+      super
+    rescue KeycloakOauth::AuthorizableError => exception
+      raise exception unless is_exception_a_duplication?(exception)
+      raise KeycloakOauth::DuplicationError.new(exception)
+    end
+
+    def is_exception_a_duplication?(exception)
+      exception.message == "User exists with same email" ||
+      exception.message == "User exists with same username"
+    end
+  end
+end

data/app/services/keycloak_oauth/put_execute_actions_email_service.rb

@@ -0,0 +1,57 @@
+require 'net/http'
+
+module KeycloakOauth
+  class PutExecuteActionsEmailService < KeycloakOauth::AuthorizableService
+    SUPPORTED_QUERY_PARAMS = %i(client_id lifespan redirect_uri)
+
+    attr_reader :connection, :user_id, :actions, :options
+
+    def initialize(connection: KeycloakOauth.connection, access_token:, refresh_token:, user_id:, actions:, options: {})
+      @connection = connection
+      @access_token = access_token
+      @refresh_token = refresh_token
+      @user_id = user_id
+      @actions = actions
+      @options = options
+    end
+
+    def send_request
+      put_execute_actions_email
+    end
+
+    private
+
+    attr_accessor :access_token, :refresh_token
+
+    def put_execute_actions_email
+      uri = build_uri
+
+      Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == 'https') do |http|
+        request = Net::HTTP::Put.new(uri)
+        request.set_content_type(CONTENT_TYPE_JSON)
+        request[AUTHORIZATION_HEADER] = "Bearer #{access_token}"
+        request.body = actions.to_json
+        http.request(request)
+      end
+    end
+
+    def build_uri
+      self.class.uri_with_supported_query_params(
+        connection.put_execute_actions_email_endpoint(user_id),
+        SUPPORTED_QUERY_PARAMS,
+        options
+      )
+    end
+
+    def parse_response_body(http_response)
+      super
+    rescue KeycloakOauth::AuthorizableError => exception
+      raise exception unless not_found_error?(exception)
+      raise KeycloakOauth::NotFoundError.new(exception)
+    end
+
+    def not_found_error?(exception)
+      exception.message == "User not found"
+    end
+  end
+end

data/app/services/keycloak_oauth/user_info_retrieval_service.rb

@@ -9,8 +9,8 @@ module KeycloakOauth
       @refresh_token = refresh_token
     end
 
-    def retrieve
-      @user_information = parsed_response(get_user)
+    def send_request
+      get_user
     end
 
     private
@@ -21,7 +21,7 @@ module KeycloakOauth
       uri = URI.parse(KeycloakOauth.connection.user_info_endpoint)
       Net::HTTP.start(uri.host, uri.port, :use_ssl => uri.scheme == 'https') do |http|
         request = Net::HTTP::Get.new(uri)
-        request.set_content_type(DEFAULT_CONTENT_TYPE)
+        request.set_content_type(CONTENT_TYPE_X_WWW_FORM_URLENCODED)
         request[AUTHORIZATION_HEADER] = "Bearer #{access_token}"
         http.request(request)
       end

data/lib/keycloak_oauth/connection.rb

@@ -19,13 +19,13 @@ module KeycloakOauth
         access_token: access_token,
         refresh_token: refresh_token
       )
-      service.retrieve
-      service.user_information
+      service.perform
+      service.parsed_response_body
     end
 
     def logout(session:)
       service = KeycloakOauth::LogoutService.new(session)
-      service.logout
+      service.perform
     end
   end
 end

data/lib/keycloak_oauth/endpoints.rb

@@ -20,5 +20,13 @@ module KeycloakOauth
     def logout_endpoint
       "#{auth_url}/realms/#{realm}/protocol/openid-connect/logout"
     end
+
+    def users_endpoint
+      "#{auth_url}/admin/realms/#{realm}/users"
+    end
+
+    def put_execute_actions_email_endpoint(user_id)
+      "#{auth_url}/admin/realms/#{realm}/users/#{user_id}/execute-actions-email"
+    end
   end
 end

data/lib/keycloak_oauth/version.rb

@@ -1,3 +1,3 @@
 module KeycloakOauth
-  VERSION = "0.1.6"
+  VERSION = "1.0.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: keycloak_oauth
 version: !ruby/object:Gem::Version
-  version: 0.1.6
+  version: 1.0.0
 platform: ruby
 authors:
 - simplificator
-autorequire:
+autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-11-04 00:00:00.000000000 Z
+date: 2021-07-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -58,7 +58,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description:
+description: 
 email:
 - dev@simplificator.com
 executables: []
@@ -70,7 +70,11 @@ files:
 - app/controllers/keycloak_oauth/callbacks_controller.rb
 - app/services/keycloak_oauth/authentication_service.rb
 - app/services/keycloak_oauth/authorizable_service.rb
+- app/services/keycloak_oauth/get_users_service.rb
 - app/services/keycloak_oauth/logout_service.rb
+- app/services/keycloak_oauth/post_token_service.rb
+- app/services/keycloak_oauth/post_users_service.rb
+- app/services/keycloak_oauth/put_execute_actions_email_service.rb
 - app/services/keycloak_oauth/user_info_retrieval_service.rb
 - config/routes.rb
 - lib/keycloak_oauth.rb
@@ -86,7 +90,7 @@ metadata:
   homepage_uri: https://rubygems.org/gems/keycloak_oauth
   source_code_uri: https://github.com/simplificator/keycloak_oauth
   changelog_uri: https://github.com/simplificator/keycloak_oauth
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -94,15 +98,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.0
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.8
-signing_key:
+rubygems_version: 3.1.6
+signing_key: 
 specification_version: 4
 summary: Implementing OAuth with Keycloak in Ruby
 test_files: []