ef-keycloak-connect 1.6.5 → 1.6.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/package.json +1 -1
  2. package/services/keycloakService.js +326 -0
  3. package/services/teamsService.js +1 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "ef-keycloak-connect",
3
- "version": "1.6.5",
3
+ "version": "1.6.6",
4
4
  "description": "Node JS keycloak adapter for authentication and authorization.",
5
5
  "main": "index.js",
6
6
  "scripts": {
package/services/keycloakService.js CHANGED
@@ -1767,6 +1767,41 @@ class KeycloakService extends Keycloak {
1767
1767
 
1768
1768
  }
1769
1769
 
1770
+ async getGroupById( groupId, adminToken ) {
1771
+
1772
+ return new Promise( async ( resolve, reject ) => {
1773
+
1774
+ let URL = `${keycloakConfig[ "auth-server-url" ]}${keycloakConfig[ "USERNAME_ADMIN" ]}/realms/${keycloakConfig[ "realm" ]}/groups/${groupId}/`;
1775
+
1776
+ let config = {
1777
+ method: "get",
1778
+ url: URL,
1779
+ headers: {
1780
+ "Content-Type": "application/json",
1781
+ Authorization: `Bearer ${adminToken}`,
1782
+ }
1783
+ };
1784
+
1785
+ try {
1786
+
1787
+ let tokenResponse = await requestController.httpRequest( config, false );
1788
+ let group = tokenResponse.data;
1789
+ resolve( group );
1790
+
1791
+ } catch ( er ) {
1792
+
1793
+ let error = await errorService.handleError( er );
1794
+
1795
+ reject( {
1796
+
1797
+ error_message: "Error Occured While Fetching Group using GroupId.",
1798
+ error_detail: error
1799
+ } );
1800
+ }
1801
+
1802
+ } );
1803
+ }
1804
+
1770
1805
  async addOrRemoveUserGroup( userId, groups, operation, adminToken ) {
1771
1806
 
1772
1807
 
@@ -2018,6 +2053,10 @@ class KeycloakService extends Keycloak {
2018
2053
 
2019
2054
  updateUserPromise = this.updateUser( finesseLoginResponse.data, keycloakAuthToken.keycloak_User )
2020
2055
  .then( async ( updatedUser ) => {
2056
+
2057
+ //Calling the Introspect function twice so all the asynchronous operations inside updateUser function are done
2058
+ keycloakAuthToken = await this.getKeycloakTokenWithIntrospect( username, password, keycloakConfig[ "realm" ] );
2059
+ keycloakAuthToken = null
2021
2060
  keycloakAuthToken = await this.getKeycloakTokenWithIntrospect( username, password, keycloakConfig[ "realm" ] );
2022
2061
  updateUserPromise = null; // Reset the promise
2023
2062
  } )
@@ -2217,6 +2256,66 @@ class KeycloakService extends Keycloak {
2217
2256
  let userLocationSplit = userLocation.split( "/" );
2218
2257
  let userId = userLocationSplit[ userLocationSplit.length - 1 ];
2219
2258
 
2259
+ if ( userObject.roles.includes( "supervisor" ) ) {
2260
+
2261
+ try {
2262
+
2263
+ let clientId = await this.getClientId( token );
2264
+
2265
+ userObject.supervisedGroups.map( async ( group ) => {
2266
+
2267
+ let groupData = await this.gettingGroupByGroupName( [ group.name ], token );
2268
+
2269
+ if ( groupData.length > 0 ) {
2270
+
2271
+ let groupDetails = await this.getGroupById( groupData[ 0 ].id, token );
2272
+
2273
+ if ( groupDetails.attributes != null ) {
2274
+
2275
+ if ( 'supervisor' in groupDetails.attributes ) {
2276
+
2277
+ let supervisors = groupDetails.attributes[ 'supervisor' ][ 0 ].split( "," );
2278
+
2279
+ if ( !( supervisors.includes( userObject.username ) ) ) {
2280
+
2281
+ groupData[ 0 ].supervisor = [ ` ${groupDetails.attributes[ 'supervisor' ][ 0 ]},${userObject.username}` ];
2282
+ }
2283
+
2284
+
2285
+ } else {
2286
+
2287
+ groupData[ 0 ].supervisor = [ `${userObject.username}` ];
2288
+ }
2289
+ }
2290
+
2291
+ if ( groupData[ 0 ].supervisor ) {
2292
+ await teamsService.addSupervisorToGroup( groupData, token, keycloakConfig );
2293
+ }
2294
+
2295
+ }
2296
+
2297
+ let userBasedPolicy = await this.getPolicy( `${group.name} user based policy`, token, clientId );
2298
+
2299
+ if ( !userBasedPolicy.config.users.includes( userId ) ) {
2300
+
2301
+ //Parsing string quoted array into array.
2302
+ const parsedArray = JSON.parse( userBasedPolicy.config.users.replace( /'/g, '"' ) );
2303
+ delete userBasedPolicy.config;
2304
+ parsedArray.push( userId );
2305
+
2306
+ userBasedPolicy.users = parsedArray;
2307
+ let updatedUserBasedPolicy = await this.updateUserBasedPolicy( userBasedPolicy, token, clientId );
2308
+
2309
+ }
2310
+ } );
2311
+
2312
+ } catch ( er ) {
2313
+
2314
+ reject( er );
2315
+ }
2316
+
2317
+ }
2318
+
2220
2319
  //Get list of all the roles in keycloak realm
2221
2320
  let realmRoles = await this.getRealmRoles( token );
2222
2321
 
@@ -2417,6 +2516,233 @@ class KeycloakService extends Keycloak {
2417
2516
  await this.addOrRemoveUserGroup( keyObj.id, groupsToRemove, 'remove', token );
2418
2517
  }
2419
2518
 
2519
+ try {
2520
+
2521
+ //Remove User From Supervising Group
2522
+ if ( keyObj.permittedResources.Resources.length > 0 ) {
2523
+
2524
+ let clientId;
2525
+
2526
+ try {
2527
+
2528
+ //Checking whether user has been assigned new groups to supervise or removed from some group as supervisor.
2529
+ clientId = await this.getClientId( token );
2530
+
2531
+ } catch ( err ) {
2532
+
2533
+ reject( err );
2534
+ }
2535
+
2536
+ try {
2537
+
2538
+ let permissions = keyObj.permittedResources.Resources;
2539
+
2540
+ let teamsDashboardPermissions = permissions.find( permission => permission.rsname == 'teams' );
2541
+
2542
+ if ( teamsDashboardPermissions && finObj.supervisedGroups.length > 0 ) {
2543
+
2544
+ let userToRemoveFromPolicy;
2545
+ let userToAddInPolicy;
2546
+ let userAttributeToRemove;
2547
+ let userAttributeToAdd;
2548
+
2549
+ let results = teamsDashboardPermissions.scopes.map( scope => {
2550
+ let groupName = scope.split( '-group' );
2551
+ return groupName[ 0 ];
2552
+ } );
2553
+
2554
+ if ( finObj.supervisedGroups ) {
2555
+
2556
+ userToRemoveFromPolicy = results.filter( group => !finObj.supervisedGroups.find( finGroup => finGroup.name == group ) );
2557
+ } else {
2558
+
2559
+ userToRemoveFromPolicy = results;
2560
+ }
2561
+
2562
+ //Checking Supervisors in attributes
2563
+ let teamsData = await this.getUserSupervisedGroups( keyObj.id, keyObj.username );
2564
+
2565
+ try {
2566
+
2567
+ //Removing Username in Supervisor Attribute from non-supervised teams.
2568
+ if ( teamsData.supervisedTeams.length > 0 ) {
2569
+
2570
+ //Filtering out all the non-supervised teams.
2571
+ if ( finObj.supervisedGroups ) {
2572
+
2573
+ userAttributeToRemove = teamsData.supervisedTeams.filter( group => !finObj.supervisedGroups.find( finGroup => finGroup.name == group.teamName ) );
2574
+ } else {
2575
+
2576
+ userAttributeToRemove = teamsData.supervisedTeams
2577
+ }
2578
+
2579
+ if ( userAttributeToRemove.length > 0 ) {
2580
+
2581
+ for ( let group of userAttributeToRemove ) {
2582
+
2583
+ //Fetching non-supervised group
2584
+ let groupData = await this.gettingGroupByGroupName( [ group.teamName ], token );
2585
+
2586
+
2587
+ if ( groupData.length > 0 ) {
2588
+
2589
+ //fetching detailed data of non-supervised group
2590
+ let groupDetails = await this.getGroupById( groupData[ 0 ].id, token );
2591
+
2592
+ if ( groupDetails.attributes != null ) {
2593
+
2594
+ //checking whether supervisor attribute exists in group
2595
+ if ( 'supervisor' in groupDetails.attributes ) {
2596
+
2597
+ let supervisors = groupDetails.attributes[ 'supervisor' ][ 0 ].split( "," );
2598
+
2599
+ //checking if current user is part of non-supervised group as supervisor
2600
+ if ( supervisors.includes( keyObj.username ) ) {
2601
+
2602
+ let remainingSupervisors = supervisors.filter( supervisor => supervisor != ( keyObj.username ) );
2603
+ groupData[ 0 ].supervisor = remainingSupervisors.length > 0 ? [ `${remainingSupervisors.join( ',' )}` ] : [ '' ];
2604
+
2605
+
2606
+ try {
2607
+ //removing user from non-supervised group.
2608
+ let removeSupervisorAttribute = await teamsService.addSupervisorToGroup( groupData, token, keycloakConfig );
2609
+ } catch ( err ) {
2610
+
2611
+ reject( err );
2612
+ }
2613
+ }
2614
+
2615
+ }
2616
+
2617
+ }
2618
+ }
2619
+
2620
+ }
2621
+ }
2622
+
2623
+ }
2624
+
2625
+ //find Permission using Permission Name
2626
+ if ( userToRemoveFromPolicy.length > 0 ) {
2627
+
2628
+ for ( let group of userToRemoveFromPolicy ) {
2629
+
2630
+
2631
+ let policy = await this.getPolicy( `${group} user based policy`, token, clientId );
2632
+
2633
+ //What if no User is remaining in User-Based Policy after removing current user? Thought for later.
2634
+ if ( policy.config.users.includes( keyObj.id ) ) {
2635
+
2636
+ //Parsing string quoted array into array.
2637
+ let parsedArray = JSON.parse( policy.config.users.replace( /'/g, '"' ) );
2638
+ let updatedParsedArray = parsedArray.filter( id => id != keyObj.id );
2639
+
2640
+ delete policy.config;
2641
+ policy.users = updatedParsedArray;
2642
+
2643
+ try {
2644
+ let updatedUserBasedPolicy = await this.updateUserBasedPolicy( policy, token, clientId );
2645
+
2646
+ } catch ( er ) {
2647
+ reject( er );
2648
+ }
2649
+
2650
+ }
2651
+
2652
+ }
2653
+ }
2654
+
2655
+ try {
2656
+
2657
+ //Adding user as supervisor to new Teams.
2658
+ if ( finObj.supervisedGroups ) {
2659
+
2660
+ userToAddInPolicy = finObj.supervisedGroups.filter( group => !results.includes( group.name ) );
2661
+ userAttributeToAdd = finObj.supervisedGroups.filter( group => !teamsData.supervisedTeams.find( keyGroup => group.name == keyGroup.teamName ) );
2662
+
2663
+ if ( userAttributeToAdd.length > 0 ) {
2664
+
2665
+ for ( let group of userAttributeToAdd ) {
2666
+
2667
+ //Add User From Supervisor Attribute in Group.
2668
+ let groupData = await this.gettingGroupByGroupName( [ group.name ], token );
2669
+
2670
+ if ( groupData.length > 0 ) {
2671
+
2672
+ let groupDetails = await this.getGroupById( groupData[ 0 ].id, token );
2673
+
2674
+ if ( groupDetails.attributes != null ) {
2675
+
2676
+ if ( 'supervisor' in groupDetails.attributes ) {
2677
+
2678
+ let supervisors = groupDetails.attributes[ 'supervisor' ][ 0 ].split( "," );
2679
+
2680
+ if ( !( supervisors.includes( finObj.username ) ) ) {
2681
+
2682
+ groupData[ 0 ].supervisor = ( supervisors[ 0 ] != '' ) ? [ ` ${groupDetails.attributes[ 'supervisor' ][ 0 ]},${finObj.username}` ] : [ `${finObj.username}` ];
2683
+ }
2684
+ } else {
2685
+
2686
+ groupData[ 0 ].supervisor = [ `${finObj.username}` ];
2687
+ }
2688
+ }
2689
+
2690
+ if ( groupData[ 0 ].supervisor ) {
2691
+ await teamsService.addSupervisorToGroup( groupData, token, keycloakConfig );
2692
+ }
2693
+
2694
+ }
2695
+ }
2696
+
2697
+ }
2698
+
2699
+ if ( userToAddInPolicy.length > 0 ) {
2700
+
2701
+ for ( let group of userToAddInPolicy ) {
2702
+
2703
+ let policy = await this.getPolicy( `${group.name} user based policy`, token, clientId );
2704
+
2705
+ //What if no User is remaining in User-Based Policy after removing current user? Thought for later.
2706
+ if ( !policy.config.users.includes( keyObj.id ) ) {
2707
+
2708
+ //Parsing string quoted array into array.
2709
+ let parsedArray = JSON.parse( policy.config.users.replace( /'/g, '"' ) );
2710
+ delete policy.config;
2711
+ parsedArray.push( keyObj.id );
2712
+ policy.users = parsedArray;
2713
+
2714
+ try {
2715
+ let updatedUserBasedPolicy = await this.updateUserBasedPolicy( policy, token, clientId );
2716
+
2717
+ } catch ( er ) {
2718
+ reject( er );
2719
+ }
2720
+
2721
+ }
2722
+
2723
+ }
2724
+ }
2725
+ }
2726
+ } catch ( err ) {
2727
+
2728
+ reject( err );
2729
+ }
2730
+ }
2731
+ catch ( err ) {
2732
+
2733
+ reject( err );
2734
+ }
2735
+ }
2736
+ } catch ( err ) {
2737
+
2738
+ reject( err );
2739
+ }
2740
+ }
2741
+ } catch ( err ) {
2742
+
2743
+ reject( err );
2744
+ }
2745
+
2420
2746
  } catch ( err ) {
2421
2747
 
2422
2748
  reject( err );
package/services/teamsService.js CHANGED
@@ -233,7 +233,7 @@ class TeamsService {
233
233
  data: {
234
234
  name: group.name,
235
235
  attributes: {
236
- supervisor: group.supervisors
236
+ supervisor: group.supervisor
237
237
  }
238
238
  }
239
239
  };