keycloak_rails 1.0.0.pre.beta → 1.0.0.pre.beta.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +7 -12
- data/Rakefile +4 -2
- data/lib/app/models/keycloak_rails/concerns/sso_recipient.rb +4 -2
- data/lib/app/models/keycloak_rails/sso.rb +3 -1
- data/lib/generators/keycloak_rails/config/config_generator.rb +2 -2
- data/lib/generators/keycloak_rails/install/install_generator.rb +5 -5
- data/lib/keycloak_rails/client.rb +6 -5
- data/lib/keycloak_rails/controller/helpers.rb +3 -1
- data/lib/keycloak_rails/controller/magic_links.rb +2 -2
- data/lib/keycloak_rails/controller/omniauth.rb +0 -1
- data/lib/keycloak_rails/controller/registrations.rb +4 -3
- data/lib/keycloak_rails/controller/unlocks.rb +0 -1
- data/lib/keycloak_rails/curl.rb +1 -1
- data/lib/keycloak_rails/user.rb +1 -0
- data/lib/keycloak_rails/version.rb +3 -1
- metadata +59 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3ab83f2bbc67c999f4575e3f9949d6569056144634463fc6d186309152343082
|
|
4
|
+
data.tar.gz: 2fb463727955abda0b386031ac6a6b1444a4b5637cbee5dc64966fe5aa41cfe3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d4f85ee2ed8bbfef4022e24a47f1ac6a5e3d39ac6e89807e1362212e046259895d81ab15254cf14af2858677e618ef4a8ce53a6e7bd6bf544eaef2aafc835d16
|
|
7
|
+
data.tar.gz: daac0698880760a92939ac6955d107ec1e5b3ad919d2c2b4e1f8e53d7dec7de95857a4dad5e1405b6763712a3e4c31623bbd4f5d0067c5f0c34b4f8badf8f773
|
data/README.md
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
[](https://badge.fury.io/rb/keycloak_rails)
|
|
2
|
+
[](https://opensource.org/licenses/MIT)
|
|
3
|
+
[](https://github.com/rubocop/rubocop)
|
|
4
|
+
[](https://conventionalcommits.org)
|
|
5
|
+
[](http://github.com/badges/stability-badges)
|
|
6
|
+
|
|
1
7
|
# KeycloakRails
|
|
2
8
|
Keycloak_rails is an api wrapper for open source project [Keycloak](https://www.keycloak.org/)
|
|
3
9
|
|
|
@@ -165,19 +171,8 @@ end
|
|
|
165
171
|
|
|
166
172
|
#### KeycloakRails::Client
|
|
167
173
|
|
|
168
|
-
|
|
169
|
-
## Architecte plan
|
|
170
|
-
|
|
171
|
-
### Engine Strecture
|
|
172
|
-
<img width="573" alt="Screen Shot 2022-11-20 at 1 11 50 AM" src="https://user-images.githubusercontent.com/84993125/202890379-b7f8abe9-105c-4d7d-bdf8-c5768f4111af.png">
|
|
173
|
-
|
|
174
|
-
### Some use cases
|
|
175
|
-
|auth request|redirect|protected route request
|
|
176
|
-
|:-:|:-:|:-:|
|
|
177
|
-
|||
|
|
178
|
-
|
|
179
174
|
## Contributing
|
|
180
|
-
|
|
175
|
+
refer to [CONTRIBUTING.md](https://github.com/Laborocity/keycloak_rails/blob/main/CONTRIBUTING.md) .
|
|
181
176
|
|
|
182
177
|
## License
|
|
183
178
|
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
data/Rakefile
CHANGED
|
@@ -1,12 +1,14 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module KeycloakRails
|
|
2
4
|
module SsoRecipient
|
|
3
5
|
extend ActiveSupport::Concern
|
|
4
6
|
|
|
5
7
|
included do
|
|
6
|
-
has_one :keycloak_rails_sso, as: :recipient, class_name:
|
|
8
|
+
has_one :keycloak_rails_sso, as: :recipient, class_name: '::KeycloakRails::Sso'
|
|
7
9
|
|
|
8
10
|
def sub
|
|
9
|
-
keycloak_rails_sso
|
|
11
|
+
keycloak_rails_sso&.sub
|
|
10
12
|
end
|
|
11
13
|
end
|
|
12
14
|
end
|
|
@@ -3,10 +3,10 @@
|
|
|
3
3
|
module KeycloakRails
|
|
4
4
|
module Generators
|
|
5
5
|
class ConfigGenerator < Rails::Generators::Base
|
|
6
|
-
source_root(
|
|
6
|
+
source_root(__dir__)
|
|
7
7
|
def copy_initializer
|
|
8
8
|
copy_file '../keycloak_rails.rb', 'config/initializers/keycloak_rails.rb'
|
|
9
9
|
end
|
|
10
10
|
end
|
|
11
11
|
end
|
|
12
|
-
end
|
|
12
|
+
end
|
|
@@ -3,15 +3,15 @@
|
|
|
3
3
|
module KeycloakRails
|
|
4
4
|
module Generators
|
|
5
5
|
class InstallGenerator < Rails::Generators::Base
|
|
6
|
-
source_root(
|
|
6
|
+
source_root(__dir__)
|
|
7
7
|
|
|
8
|
-
TABLE_NAME = 'keycloak_rails_sso'
|
|
8
|
+
TABLE_NAME = 'keycloak_rails_sso'
|
|
9
9
|
|
|
10
|
-
desc
|
|
10
|
+
desc 'Generates a name space SSO model to store user subs.'
|
|
11
11
|
|
|
12
12
|
def generate_keycloak_rails_model
|
|
13
|
-
generate :migration, "create_#{TABLE_NAME}",
|
|
13
|
+
generate :migration, "create_#{TABLE_NAME}", 'recipient:references{polymorphic}', 'sub:string:index'
|
|
14
14
|
end
|
|
15
15
|
end
|
|
16
16
|
end
|
|
17
|
-
end
|
|
17
|
+
end
|
|
@@ -16,7 +16,7 @@ module KeycloakRails
|
|
|
16
16
|
attributes: {}, groups: [], enabled: true }.to_json)
|
|
17
17
|
raise StandardError, request[:response] unless request[:status] == :ok
|
|
18
18
|
|
|
19
|
-
set_perm_password(email, password)
|
|
19
|
+
set_perm_password(email, password) unless password.nil? || password.empty?
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
def current_user_has_active_session?
|
|
@@ -51,7 +51,7 @@ module KeycloakRails
|
|
|
51
51
|
def update_user_attributes(user_id, attributes)
|
|
52
52
|
request = @curl.put(path: "/admin/realms/#{KeycloakRails.realm}/users/#{user_id}",
|
|
53
53
|
headers: { 'Authorization': client_token, 'Content-Type': 'application/json' },
|
|
54
|
-
body: attributes.to_json)
|
|
54
|
+
body: attributes.to_json(only: attributes.keys))
|
|
55
55
|
raise StandardError, request[:response] unless request[:status] == :ok
|
|
56
56
|
|
|
57
57
|
request[:response]
|
|
@@ -59,7 +59,7 @@ module KeycloakRails
|
|
|
59
59
|
|
|
60
60
|
def require_set_otp(user_email)
|
|
61
61
|
user = user_by_username(user_email)
|
|
62
|
-
required_actions = user['requiredActions'].push(
|
|
62
|
+
required_actions = user['requiredActions'].push('CONFIGURE_TOTP')
|
|
63
63
|
request = @curl.put(path: "/admin/realms/#{KeycloakRails.realm}/users/#{user['id']}",
|
|
64
64
|
headers: { 'Authorization': client_token, 'Content-Type': 'application/json' },
|
|
65
65
|
body: { "requiredActions": required_actions }.to_json)
|
|
@@ -78,8 +78,9 @@ module KeycloakRails
|
|
|
78
78
|
request[:response]
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
-
def get_magic_link(email:, redirect_uri:, expiration_seconds: 3600, force_create: false, send_email: false,
|
|
82
|
-
|
|
81
|
+
def get_magic_link(email:, redirect_uri:, expiration_seconds: 3600, force_create: false, send_email: false,
|
|
82
|
+
client_id: KeycloakRails.client_id)
|
|
83
|
+
request = @curl.post(path: "/realms/#{KeycloakRails.realm}/magic-link",
|
|
83
84
|
headers: { 'Authorization': client_token, 'Content-Type': 'application/json' },
|
|
84
85
|
body: { "email": email, "client_id": client_id,
|
|
85
86
|
"redirect_uri": redirect_uri, "expiration_seconds": expiration_seconds,
|
|
@@ -18,7 +18,9 @@ module KeycloakRails
|
|
|
18
18
|
end
|
|
19
19
|
|
|
20
20
|
def ensure_active_session(accept_magic_link_handshake: false)
|
|
21
|
-
|
|
21
|
+
return if user_has_active_sso_session?(accept_magic_link_handshake: accept_magic_link_handshake)
|
|
22
|
+
|
|
23
|
+
redirect_to root_path
|
|
22
24
|
end
|
|
23
25
|
|
|
24
26
|
def ensure_no_active_session
|
|
@@ -9,8 +9,8 @@ module KeycloakRails
|
|
|
9
9
|
extend ActiveSupport::Concern
|
|
10
10
|
|
|
11
11
|
included do
|
|
12
|
-
|
|
13
|
-
|
|
12
|
+
def generate_magic_link(url:, email:, expiration_seconds: 3600, force_create: false, send_email: false,
|
|
13
|
+
client_id: KeycloakRails.client_id)
|
|
14
14
|
magic_link_obj = keycloak_client.get_magic_link(email: email,
|
|
15
15
|
redirect_uri: url,
|
|
16
16
|
expiration_seconds: expiration_seconds,
|
|
@@ -8,17 +8,18 @@ module KeycloakRails
|
|
|
8
8
|
extend ActiveSupport::Concern
|
|
9
9
|
|
|
10
10
|
included do
|
|
11
|
-
def create_or_find_sso_user(email:,
|
|
11
|
+
def create_or_find_sso_user(email:, first_name:, last_name:, password_confirmation: nil, set_session: true, password: nil)
|
|
12
12
|
user = keycloak_client.user_by_username(email)
|
|
13
13
|
if user
|
|
14
14
|
{ sso_sub: user['id'], email: email,
|
|
15
15
|
first_name: first_name, last_name: last_name }
|
|
16
16
|
else
|
|
17
|
-
create_sso_user(email: email, password: password, first_name: first_name, last_name: last_name,
|
|
17
|
+
create_sso_user(email: email, password: password, first_name: first_name, last_name: last_name,
|
|
18
|
+
password_confirmation: password_confirmation, set_session: set_session)
|
|
18
19
|
end
|
|
19
20
|
end
|
|
20
21
|
|
|
21
|
-
def create_sso_user(email:,
|
|
22
|
+
def create_sso_user(email:, first_name:, last_name:, password_confirmation: nil, set_session: true, password: nil)
|
|
22
23
|
raise StandardError, 'Passwords must match' if password_confirmation && password != password_confirmation
|
|
23
24
|
|
|
24
25
|
keycloak_client.create_user(email: email,
|
data/lib/keycloak_rails/curl.rb
CHANGED
|
@@ -51,7 +51,7 @@ module KeycloakRails
|
|
|
51
51
|
end
|
|
52
52
|
end
|
|
53
53
|
|
|
54
|
-
def response_to(request, message:
|
|
54
|
+
def response_to(request, message: '', status: :ok)
|
|
55
55
|
{ response: request.body && request.body != '' ? JSON.parse(request.body) : {}, message: message, status: status }
|
|
56
56
|
end
|
|
57
57
|
end
|
data/lib/keycloak_rails/user.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: keycloak_rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.0.pre.beta
|
|
4
|
+
version: 1.0.0.pre.beta.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Omar Luqman
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-12-
|
|
11
|
+
date: 2022-12-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dry-configurable
|
|
@@ -66,6 +66,62 @@ dependencies:
|
|
|
66
66
|
- - ">="
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: 6.0.3
|
|
69
|
+
- !ruby/object:Gem::Dependency
|
|
70
|
+
name: fasterer
|
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
|
72
|
+
requirements:
|
|
73
|
+
- - ">="
|
|
74
|
+
- !ruby/object:Gem::Version
|
|
75
|
+
version: '0'
|
|
76
|
+
type: :development
|
|
77
|
+
prerelease: false
|
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
+
requirements:
|
|
80
|
+
- - ">="
|
|
81
|
+
- !ruby/object:Gem::Version
|
|
82
|
+
version: '0'
|
|
83
|
+
- !ruby/object:Gem::Dependency
|
|
84
|
+
name: overcommit
|
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
|
86
|
+
requirements:
|
|
87
|
+
- - ">="
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: '0'
|
|
90
|
+
type: :development
|
|
91
|
+
prerelease: false
|
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
93
|
+
requirements:
|
|
94
|
+
- - ">="
|
|
95
|
+
- !ruby/object:Gem::Version
|
|
96
|
+
version: '0'
|
|
97
|
+
- !ruby/object:Gem::Dependency
|
|
98
|
+
name: rubocop
|
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
|
100
|
+
requirements:
|
|
101
|
+
- - ">="
|
|
102
|
+
- !ruby/object:Gem::Version
|
|
103
|
+
version: '0'
|
|
104
|
+
type: :development
|
|
105
|
+
prerelease: false
|
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
+
requirements:
|
|
108
|
+
- - ">="
|
|
109
|
+
- !ruby/object:Gem::Version
|
|
110
|
+
version: '0'
|
|
111
|
+
- !ruby/object:Gem::Dependency
|
|
112
|
+
name: rubocop-gitlab-security
|
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
|
114
|
+
requirements:
|
|
115
|
+
- - ">="
|
|
116
|
+
- !ruby/object:Gem::Version
|
|
117
|
+
version: '0'
|
|
118
|
+
type: :development
|
|
119
|
+
prerelease: false
|
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
+
requirements:
|
|
122
|
+
- - ">="
|
|
123
|
+
- !ruby/object:Gem::Version
|
|
124
|
+
version: '0'
|
|
69
125
|
description: A rails wrapper for open source SSO project Keycloak.
|
|
70
126
|
email:
|
|
71
127
|
- oluqman@nucleushealthcare.com
|
|
@@ -108,7 +164,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
108
164
|
requirements:
|
|
109
165
|
- - ">="
|
|
110
166
|
- !ruby/object:Gem::Version
|
|
111
|
-
version:
|
|
167
|
+
version: 2.6.0
|
|
112
168
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
113
169
|
requirements:
|
|
114
170
|
- - ">"
|