omniauth-keycloak 1.2.0 → 1.2.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +44 -0
  3. data/Gemfile.lock +2 -2
  4. data/lib/keycloak/version.rb +1 -1
  5. data/lib/omniauth/strategies/keycloak-openid.rb +51 -11
  6. data/spec/omniauth/strategies/keycloak_spec.rb +47 -1
  7. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6f523d3b03c2258b9b49ca70dd94a02e9104de24a6148ee2d0018c9d3301ffe0
4
- data.tar.gz: 820eaba1eb35fce32c80a82293ab58ba1c154e307b191cce0b6a37b5888412d0
3
+ metadata.gz: 8be07c97d1ead033d698f4d6e8770acce8510a7ef668ab151df4fe642baa982d
4
+ data.tar.gz: 5002e62859a28e1b0cd3ffb708ac2618636397432148094d377e0305b568e88b
5
5
  SHA512:
6
- metadata.gz: de576c60d232f49150b0923ec1496c1e6ffdfafdb0fa3a85e3aa17d08952faacfd955a66d292dff352740965599720e645d3866b9d39f364d141bf686445a115
7
- data.tar.gz: cdf8238793033678b6a348b11111d95ea5449b61d50a63fc1b109e302d4a2616fb0e979acbdef33e5709dd0c0eee6481c9225bba57f7dbaae4a9b42688478535
6
+ metadata.gz: f9e06365f46b0e84328d4a51bee5fec151a479811376fb5a92fbf23a411471c5a5a06e8e9ac38daab40f254314ea53382fecb25fc835919237f433d086fb9bd3
7
+ data.tar.gz: a32b6d90b31251d019af5f74b21fca7260d8691cc9afb6c8fe40cd3c50bdf96558f1d381a7251fd3a3f16de4e2dfef8e4f588ee0d643f3c5f66026b90e5954a6
data/CHANGELOG.md ADDED
@@ -0,0 +1,44 @@
1
+ # Changelog
2
+
3
+ ## [v1.2.1](https://github.com/ccrockett/omniauth-keycloak/tree/v1.2.1) (2020-12-19)
4
+
5
+ [Full Changelog](https://github.com/ccrockett/omniauth-keycloak/compare/v1.2.0...v1.2.1)
6
+
7
+ **Closed issues:**
8
+
9
+ - Dynamically load Client and Realm [\#11](https://github.com/ccrockett/omniauth-keycloak/issues/11)
10
+ - cannot load such file -- /Library/Ruby/Gems/2.6.0/gems/omniauth-keycloak-1.2.0/lib/omniauth-keycloak.rb \(LoadError\) [\#8](https://github.com/ccrockett/omniauth-keycloak/issues/8)
11
+ - Release json-jwt version restriction change [\#5](https://github.com/ccrockett/omniauth-keycloak/issues/5)
12
+
13
+ **Merged pull requests:**
14
+
15
+ - Raise errors on setup failure and logging with OmniAuth::Strategy::log method [\#10](https://github.com/ccrockett/omniauth-keycloak/pull/10) ([alexpetrov](https://github.com/alexpetrov))
16
+ - Bump json from 2.1.0 to 2.3.1 [\#9](https://github.com/ccrockett/omniauth-keycloak/pull/9) ([dependabot[bot]](https://github.com/apps/dependabot))
17
+
18
+ ## [v1.2.0](https://github.com/ccrockett/omniauth-keycloak/tree/v1.2.0) (2020-05-28)
19
+
20
+ [Full Changelog](https://github.com/ccrockett/omniauth-keycloak/compare/v1.1.0...v1.2.0)
21
+
22
+ **Merged pull requests:**
23
+
24
+ - Bump rack from 2.2.2 to 2.2.3 [\#7](https://github.com/ccrockett/omniauth-keycloak/pull/7) ([dependabot[bot]](https://github.com/apps/dependabot))
25
+ - Bump activesupport from 6.0.1 to 6.0.3.1 [\#6](https://github.com/ccrockett/omniauth-keycloak/pull/6) ([dependabot[bot]](https://github.com/apps/dependabot))
26
+ - Update rake requirement from ~\> 10.0 to ~\> 13.0 [\#4](https://github.com/ccrockett/omniauth-keycloak/pull/4) ([dependabot[bot]](https://github.com/apps/dependabot))
27
+ - Bump rack from 2.0.7 to 2.0.8 [\#2](https://github.com/ccrockett/omniauth-keycloak/pull/2) ([dependabot[bot]](https://github.com/apps/dependabot))
28
+ - Adding Devise Documentation [\#1](https://github.com/ccrockett/omniauth-keycloak/pull/1) ([masonhensley](https://github.com/masonhensley))
29
+
30
+ ## [v1.1.0](https://github.com/ccrockett/omniauth-keycloak/tree/v1.1.0) (2018-12-16)
31
+
32
+ [Full Changelog](https://github.com/ccrockett/omniauth-keycloak/compare/v1.0.1...v1.1.0)
33
+
34
+ ## [v1.0.1](https://github.com/ccrockett/omniauth-keycloak/tree/v1.0.1) (2018-12-16)
35
+
36
+ [Full Changelog](https://github.com/ccrockett/omniauth-keycloak/compare/v1.0.0...v1.0.1)
37
+
38
+ ## [v1.0.0](https://github.com/ccrockett/omniauth-keycloak/tree/v1.0.0) (2018-12-16)
39
+
40
+ [Full Changelog](https://github.com/ccrockett/omniauth-keycloak/compare/7877c8a75f9e3f342b49bf808fa69965377d60b5...v1.0.0)
41
+
42
+
43
+
44
+ \* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
data/Gemfile.lock CHANGED
@@ -30,7 +30,7 @@ GEM
30
30
  hashie (4.1.0)
31
31
  i18n (1.8.2)
32
32
  concurrent-ruby (~> 1.0)
33
- json (2.1.0)
33
+ json (2.3.1)
34
34
  json-jwt (1.12.0)
35
35
  activesupport (>= 4.2)
36
36
  aes_key_wrap
@@ -53,7 +53,7 @@ GEM
53
53
  oauth2 (~> 1.1)
54
54
  omniauth (~> 1.9)
55
55
  public_suffix (3.0.3)
56
- rack (2.2.2)
56
+ rack (2.2.3)
57
57
  rake (13.0.1)
58
58
  rspec (3.8.0)
59
59
  rspec-core (~> 3.8.0)
data/lib/keycloak/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Omniauth
2
2
  module Keycloak
3
- VERSION = "1.2.0"
3
+ VERSION = "1.2.1"
4
4
  end
5
5
  end
data/lib/omniauth/strategies/keycloak-openid.rb CHANGED
@@ -1,44 +1,84 @@
1
1
  require 'omniauth'
2
2
  require 'omniauth-oauth2'
3
3
  require 'json/jwt'
4
+ require 'uri'
4
5
 
5
6
  module OmniAuth
6
7
  module Strategies
7
8
  class KeycloakOpenId < OmniAuth::Strategies::OAuth2
9
+
10
+ class Error < RuntimeError; end
11
+ class ConfigurationError < Error; end
12
+ class IntegrationError < Error; end
13
+
8
14
  attr_reader :authorize_url
9
15
  attr_reader :token_url
10
16
  attr_reader :cert
11
17
 
12
18
  def setup_phase
13
19
  if @authorize_url.nil? || @token_url.nil?
20
+ prevent_site_option_mistake
21
+
14
22
  realm = options.client_options[:realm].nil? ? options.client_id : options.client_options[:realm]
15
23
  site = options.client_options[:site]
16
- response = Faraday.get "#{options.client_options[:site]}/auth/realms/#{realm}/.well-known/openid-configuration"
24
+
25
+ raise_on_failure = options.client_options.fetch(:raise_on_failure, false)
26
+
27
+ config_url = URI.join(site, "/auth/realms/#{realm}/.well-known/openid-configuration")
28
+
29
+ log :debug, "Going to get Keycloak configuration. URL: #{config_url}"
30
+ response = Faraday.get config_url
17
31
  if (response.status == 200)
18
32
  json = MultiJson.load(response.body)
33
+
19
34
  @certs_endpoint = json["jwks_uri"]
20
35
  @userinfo_endpoint = json["userinfo_endpoint"]
21
- @authorize_url = json["authorization_endpoint"].gsub(site, "")
22
- @token_url = json["token_endpoint"].gsub(site, "")
36
+ @authorize_url = URI(json["authorization_endpoint"]).path
37
+ @token_url = URI(json["token_endpoint"]).path
38
+
39
+ log_config(json)
40
+
23
41
  options.client_options.merge!({
24
42
  authorize_url: @authorize_url,
25
43
  token_url: @token_url
26
- })
44
+ })
45
+ log :debug, "Going to get certificates. URL: #{@certs_endpoint}"
27
46
  certs = Faraday.get @certs_endpoint
28
47
  if (certs.status == 200)
29
48
  json = MultiJson.load(certs.body)
30
49
  @cert = json["keys"][0]
50
+ log :debug, "Successfully got certificate. Certificate length: #{@cert.length}"
31
51
  else
32
- #TODO: Throw Error
33
- puts "Couldn't get Cert"
34
- end
52
+ message = "Coundn't get certificate. URL: #{@certs_endpoint}"
53
+ log :error, message
54
+ raise IntegrationError, message if raise_on_failure
55
+ end
35
56
  else
36
- #TODO: Throw Error
37
- puts response.status
57
+ message = "Keycloak configuration request failed with status: #{response.status}. " \
58
+ "URL: #{config_url}"
59
+ log :error, message
60
+ raise IntegrationError, message if raise_on_failure
38
61
  end
39
62
  end
40
63
  end
41
-
64
+
65
+ def prevent_site_option_mistake
66
+ site = options.client_options[:site]
67
+ return unless site =~ /\/auth$/
68
+
69
+ raise ConfigurationError, "Keycloak site parameter should not include /auth part, only domain. Current value: #{site}"
70
+ end
71
+
72
+ def log_config(config_json)
73
+ log_keycloak_config = options.client_options.fetch(:log_keycloak_config, false)
74
+ log :debug, "Successfully got Keycloak config"
75
+ log :debug, "Keycloak config: #{config_json}" if log_keycloak_config
76
+ log :debug, "Certs endpoint: #{@certs_endpoint}"
77
+ log :debug, "Userinfo endpoint: #{@userinfo_endpoint}"
78
+ log :debug, "Authorize url: #{@authorize_url}"
79
+ log :debug, "Token url: #{@token_url}"
80
+ end
81
+
42
82
  def build_access_token
43
83
  verifier = request.params["code"]
44
84
  client.auth_code.get_token(verifier,
@@ -74,4 +114,4 @@ module OmniAuth
74
114
  OmniAuth.config.add_camelization('keycloak_openid', 'KeycloakOpenId')
75
115
  end
76
116
  end
77
- end
117
+ end
data/spec/omniauth/strategies/keycloak_spec.rb CHANGED
@@ -33,7 +33,7 @@ RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
33
33
  stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
34
34
  .to_return(status: 404, body: "", headers: {})
35
35
  OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
36
- client_options: {site: 'http://localhost:8080', realm: 'example-realm'})
36
+ client_options: {site: 'http://localhost:8080/', realm: 'example-realm'})
37
37
  end
38
38
 
39
39
  it 'should have the correct keycloak token url' do
@@ -46,4 +46,50 @@ RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
46
46
  expect(subject.authorize_url).to eq('/auth/realms/example-realm/protocol/openid-connect/auth')
47
47
  end
48
48
  end
49
+
50
+ describe 'errors processing' do
51
+ context 'when site contains /auth part' do
52
+ subject do
53
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
54
+ client_options: {site: 'http://localhost:8080/auth', realm: 'example-realm', raise_on_failure: true})
55
+ end
56
+
57
+ it 'raises Configuration Error' do
58
+ expect{ subject.setup_phase }
59
+ .to raise_error(OmniAuth::Strategies::KeycloakOpenId::ConfigurationError)
60
+ end
61
+ end
62
+
63
+ context 'when raise_on_failure option is true' do
64
+ context 'when openid configuration endpoint returns error response' do
65
+ subject do
66
+ stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
67
+ .to_return(status: 404, body: "", headers: {})
68
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
69
+ client_options: {site: 'http://localhost:8080', realm: 'example-realm', raise_on_failure: true})
70
+ end
71
+
72
+ it 'raises Integration Error' do
73
+ expect{ subject.setup_phase }
74
+ .to raise_error(OmniAuth::Strategies::KeycloakOpenId::IntegrationError)
75
+ end
76
+ end
77
+
78
+ context 'when certificates endpoint returns error response' do
79
+ subject do
80
+ stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
81
+ .to_return(status: 200, body: body, headers: {})
82
+ stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
83
+ .to_return(status: 404, body: "", headers: {})
84
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
85
+ client_options: {site: 'http://localhost:8080', realm: 'example-realm', raise_on_failure: true})
86
+ end
87
+
88
+ it 'raises Integration Error' do
89
+ expect{ subject.setup_phase }
90
+ .to raise_error(OmniAuth::Strategies::KeycloakOpenId::IntegrationError)
91
+ end
92
+ end
93
+ end
94
+ end
49
95
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-keycloak
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Cameron Crockett
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-05-28 00:00:00.000000000 Z
11
+ date: 2020-12-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth
@@ -133,6 +133,7 @@ files:
133
133
  - ".rspec"
134
134
  - ".travis.yml"
135
135
  - ".vscode/settings.json"
136
+ - CHANGELOG.md
136
137
  - CODE_OF_CONDUCT.md
137
138
  - Gemfile
138
139
  - Gemfile.lock
@@ -166,7 +167,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
166
167
  - !ruby/object:Gem::Version
167
168
  version: 1.3.5
168
169
  requirements: []
169
- rubygems_version: 3.0.3
170
+ rubygems_version: 3.1.2
170
171
  signing_key:
171
172
  specification_version: 4
172
173
  summary: Omniauth strategy for Keycloak