keycloak_oauth 0.1.7 → 0.1.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0121cf149dea17f792d3f007cfb5b55247e8e886c9a5d53ded44db08c0b7ebaa
-  data.tar.gz: c9a3cba0eb30bba3684be95b5270df88156d90a90b72889c3c6dc29c5b816bd7
+  metadata.gz: 5b84ab145e8572eebc11e31faff2080a82ec5f157fe5579c7076f32149f4b2b7
+  data.tar.gz: '0308c1a7e95dbd136e1cb1c659d203b355d78faecfefa4bd56d31fc222040245'
 SHA512:
-  metadata.gz: 1db6f2a45c114e3360951aaa73a663364f94425f731c54581b8e0d713117b9cb8efa89dc8826962c58d2b578f581d6202bbb499249085d6d657c2f54cc1df061
-  data.tar.gz: 436dad25dd2d4987adb0abed086d23bc08a50e197d036b37df913414e1fe1bc84fddabc3e56532dadbb5d916050291be7d63266c28e7bac34ee798e2d0be24f1
+  metadata.gz: a9c847ab0c59e5d6c4d28c51bbc5ad8ae515874cd680b312b31e264edc97748e813a319eb83f51c75ee463edaa02a9eba65ad6a444b82c59bc805b1a6eb1cfbf
+  data.tar.gz: fab61c415c9a09a4cc66a6e9986998dfc1db3c126205698938ef4f76c59a3571d1078f74456ab97201f7fa578b323430767fedd5687315a6233404f3610fb01d

data/app/controllers/keycloak_oauth/callbacks_controller.rb

@@ -7,8 +7,7 @@ module KeycloakOauth
     def oauth2
       authentication_service = KeycloakOauth::AuthenticationService.new(
         authentication_params: authentication_params,
-        session: session,
-        redirect_uri: current_uri_without_params
+        session: session
       )
       authentication_service.authenticate
       map_authenticatable_if_implemented(session)
@@ -19,7 +18,7 @@ module KeycloakOauth
     private
 
     def authentication_params
-      params.permit(:code)
+      params.permit(:code).merge({ redirect_uri: current_uri_without_params })
     end
 
     def map_authenticatable_if_implemented(request)

data/app/services/keycloak_oauth/authentication_service.rb

@@ -1,59 +1,31 @@
-require 'net/http'
-
 module KeycloakOauth
-  class AuthenticationError < StandardError; end
-
   class AuthenticationService
-    GRANT_TYPE = 'authorization_code'.freeze
-    CONTENT_TYPE = 'application/x-www-form-urlencoded'.freeze
     ACCESS_TOKEN_KEY = 'access_token'.freeze
     REFRESH_TOKEN_KEY = 'refresh_token'.freeze
 
-    attr_reader :session
+    attr_reader :session, :authentication_params
 
-    def initialize(authentication_params:, session:, redirect_uri:)
-      @code = authentication_params[:code]
+    def initialize(authentication_params:, session:)
+      @authentication_params = authentication_params
       @session = session
-      @redirect_uri = redirect_uri
     end
 
     def authenticate
-      store_credentials(get_tokens)
+      post_token_service = KeycloakOauth::PostTokenService.new(
+        connection: KeycloakOauth.connection,
+        request_params: authentication_params
+      )
+      post_token_service.perform
+      store_credentials(post_token_service)
     end
 
     private
 
-    attr_reader :code, :redirect_uri
-
-    def get_tokens
-      uri = URI.parse(KeycloakOauth.connection.authentication_endpoint)
-      Net::HTTP.start(uri.host, uri.port, :use_ssl => uri.scheme == 'https') do |http|
-        request = Net::HTTP::Post.new(uri)
-        request.set_content_type(CONTENT_TYPE)
-        request.set_form_data(token_request_params)
-        http.request(request)
-      end
-    end
-
-    def token_request_params
-      {
-        client_id: KeycloakOauth.connection.client_id,
-        client_secret: KeycloakOauth.connection.client_secret,
-        grant_type: GRANT_TYPE,
-        code: code,
-        redirect_uri: redirect_uri
-      }
-    end
-
-    def store_credentials(http_response)
-      response_hash = JSON.parse(http_response.body)
+    def store_credentials(post_token_service)
+      response_hash = post_token_service.parsed_response_body
 
-      if http_response.code_type == Net::HTTPOK
-        session[:access_token] = response_hash[ACCESS_TOKEN_KEY]
-        session[:refresh_token] = response_hash[REFRESH_TOKEN_KEY]
-      else
-        raise KeycloakOauth::AuthenticationError.new(response_hash)
-      end
+      session[:access_token] = response_hash[ACCESS_TOKEN_KEY]
+      session[:refresh_token] = response_hash[REFRESH_TOKEN_KEY]
     end
   end
 end

data/app/services/keycloak_oauth/authorizable_service.rb

@@ -4,21 +4,47 @@ module KeycloakOauth
   class AuthorizableError < StandardError; end
 
   class AuthorizableService
-    HTTP_SUCCESS_CODES = [Net::HTTPOK, Net::HTTPNoContent]
+    HTTP_SUCCESS_CODES = [Net::HTTPOK, Net::HTTPNoContent, Net::HTTPCreated]
     DEFAULT_CONTENT_TYPE = 'application/x-www-form-urlencoded'.freeze
     AUTHORIZATION_HEADER = 'Authorization'.freeze
 
+    attr_reader :http_response, :parsed_response_body
+
+    def perform
+      @http_response = send_request
+      @parsed_response_body ||= parse_response_body(http_response)
+    end
+
     private
 
-    def parsed_response(http_response)
-      response = http_response.body.present? ? JSON.parse(http_response.body) : http_response.body
+    def parse_response_body(http_response)
+      response_body = http_response.body.present? ? JSON.parse(http_response.body) : http_response.body
 
-      return response if HTTP_SUCCESS_CODES.include?(http_response.code_type)
+      return response_body if HTTP_SUCCESS_CODES.include?(http_response.code_type)
 
       # TODO: For now, we assume that the access token is always valid.
       # We do not yet handle the case where a refresh token is passed in and
       # used if the access token has expired.
-      raise KeycloakOauth::AuthorizableError.new(response)
+      raise KeycloakOauth::AuthorizableError.new(error_message_from(response_body))
+    end
+
+    def error_message_from(response)
+      # Keycloak sometimes sends back a hash containing the "errorMessage" key,
+      # other times it returns a hash containing the "error_description key" key
+      # and other times it returns an empty string. There could be more cases,
+      # but for the moment we are only handling these three.
+      case response.class.to_s
+      when 'Hash'
+        if response.has_key?('errorMessage')
+          return response['errorMessage']
+        elsif response.has_key?('error_description')
+          return response['error_description']
+        end
+      when 'String'
+        return response
+      else
+        'Unexpected Keycloak error'
+      end
     end
   end
 end

data/app/services/keycloak_oauth/logout_service.rb

@@ -6,8 +6,8 @@ module KeycloakOauth
       @session = session
     end
 
-    def logout
-      parsed_response(post_logout)
+    def send_request
+      post_logout
     end
 
     private

data/app/services/keycloak_oauth/post_token_service.rb

@@ -0,0 +1,40 @@
+require 'net/http'
+
+module KeycloakOauth
+  class PostTokenService < KeycloakOauth::AuthorizableService
+    DEFAULT_GRANT_TYPE = 'authorization_code'.freeze
+
+    attr_reader :request_params, :connection
+
+    def initialize(connection:, request_params:)
+      @connection = connection
+      @request_params = request_params
+    end
+
+    def send_request
+      post_token
+    end
+
+    private
+
+    attr_reader :code, :redirect_uri
+
+    def post_token
+      uri = URI.parse(connection.authentication_endpoint)
+      Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == 'https') do |http|
+        request = Net::HTTP::Post.new(uri)
+        request.set_content_type(DEFAULT_CONTENT_TYPE)
+        request.set_form_data(token_request_params)
+        http.request(request)
+      end
+    end
+
+    def token_request_params
+      {
+        client_id: connection.client_id,
+        client_secret: connection.client_secret,
+        grant_type: DEFAULT_GRANT_TYPE
+      }.merge(request_params)
+    end
+  end
+end

data/app/services/keycloak_oauth/post_users_service.rb

@@ -0,0 +1,49 @@
+require 'net/http'
+
+module KeycloakOauth
+  class DuplicationError < StandardError; end
+
+  class PostUsersService < KeycloakOauth::AuthorizableService
+    CONTENT_TYPE = 'application/json'.freeze
+
+    attr_reader :request_params, :connection, :user_params
+
+    def initialize(connection:, access_token:, refresh_token:, user_params:)
+      @connection = connection
+      @access_token = access_token
+      @refresh_token = refresh_token
+      @user_params = user_params
+    end
+
+    def send_request
+      post_users
+    end
+
+    private
+
+    attr_accessor :access_token, :refresh_token
+
+    def post_users
+      uri = URI.parse(connection.post_users_endpoint)
+      Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == 'https') do |http|
+        request = Net::HTTP::Post.new(uri)
+        request.set_content_type(CONTENT_TYPE)
+        request[AUTHORIZATION_HEADER] = "Bearer #{access_token}"
+        request.body = user_params.to_json
+        http.request(request)
+      end
+    end
+
+    def parse_response_body(http_response)
+      super
+    rescue KeycloakOauth::AuthorizableError => exception
+      raise exception unless is_exception_a_duplication?(exception)
+      raise KeycloakOauth::DuplicationError.new(exception)
+    end
+
+    def is_exception_a_duplication?(exception)
+      exception.message == "User exists with same email" ||
+      exception.message == "User exists with same username"
+    end
+  end
+end

data/app/services/keycloak_oauth/user_info_retrieval_service.rb

@@ -9,8 +9,8 @@ module KeycloakOauth
       @refresh_token = refresh_token
     end
 
-    def retrieve
-      @user_information = parsed_response(get_user)
+    def send_request
+      get_user
     end
 
     private

data/lib/keycloak_oauth/connection.rb

@@ -19,13 +19,13 @@ module KeycloakOauth
         access_token: access_token,
         refresh_token: refresh_token
       )
-      service.retrieve
-      service.user_information
+      service.perform
+      service.parsed_response_body
     end
 
     def logout(session:)
       service = KeycloakOauth::LogoutService.new(session)
-      service.logout
+      service.perform
     end
   end
 end

data/lib/keycloak_oauth/endpoints.rb

@@ -20,5 +20,9 @@ module KeycloakOauth
     def logout_endpoint
       "#{auth_url}/realms/#{realm}/protocol/openid-connect/logout"
     end
+
+    def post_users_endpoint
+      "#{auth_url}/admin/realms/#{realm}/users"
+    end
   end
 end

data/lib/keycloak_oauth/version.rb

@@ -1,3 +1,3 @@
 module KeycloakOauth
-  VERSION = "0.1.7"
+  VERSION = "0.1.8"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: keycloak_oauth
 version: !ruby/object:Gem::Version
-  version: 0.1.7
+  version: 0.1.8
 platform: ruby
 authors:
 - simplificator
-autorequire:
+autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-11-04 00:00:00.000000000 Z
+date: 2020-11-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -58,7 +58,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description:
+description: 
 email:
 - dev@simplificator.com
 executables: []
@@ -71,6 +71,8 @@ files:
 - app/services/keycloak_oauth/authentication_service.rb
 - app/services/keycloak_oauth/authorizable_service.rb
 - app/services/keycloak_oauth/logout_service.rb
+- app/services/keycloak_oauth/post_token_service.rb
+- app/services/keycloak_oauth/post_users_service.rb
 - app/services/keycloak_oauth/user_info_retrieval_service.rb
 - config/routes.rb
 - lib/keycloak_oauth.rb
@@ -86,7 +88,7 @@ metadata:
   homepage_uri: https://rubygems.org/gems/keycloak_oauth
   source_code_uri: https://github.com/simplificator/keycloak_oauth
   changelog_uri: https://github.com/simplificator/keycloak_oauth
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -101,8 +103,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.8
-signing_key:
+rubygems_version: 3.1.4
+signing_key: 
 specification_version: 4
 summary: Implementing OAuth with Keycloak in Ruby
 test_files: []