ef-keycloak-connect 1.6.5 → 1.6.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/package.json +1 -1
  2. package/services/errorService.js +16 -8
  3. package/services/keycloakService.js +330 -0
  4. package/services/teamsService.js +1 -3
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "ef-keycloak-connect",
3
- "version": "1.6.5",
3
+ "version": "1.6.7",
4
4
  "description": "Node JS keycloak adapter for authentication and authorization.",
5
5
  "main": "index.js",
6
6
  "scripts": {
package/services/errorService.js CHANGED
@@ -26,20 +26,28 @@ class ErrorService {
26
26
  status: 404,
27
27
  reason: `Hostname Not Found, Keycloak server unaccessable against Keycloak URL. Unable to resolve Hostname, This maybe due to wrong Host URL or DNS server issue`,
28
28
  };
29
+ case 'EHOSTUNREACH':
30
+ return {
31
+ status: 404,
32
+ reason: `Hostname Not Found, Keycloak server unaccessable against Keycloak URL. Unable to resolve Hostname, This maybe due to wrong Host URL or DNS server issue`,
33
+ };
29
34
  default:
30
35
 
31
- if ( typeof ( err.response.data ) === "object" ) {
36
+ if ( err.response ) {
37
+
38
+ if ( typeof ( err.response.data ) === "object" ) {
39
+
40
+ return {
41
+ status: err.response.status,
42
+ reason: err.response.data.error
43
+ }
44
+ }
32
45
 
33
46
  return {
34
47
  status: err.response.status,
35
- reason: err.response.data.error
36
- }
48
+ reason: err.response.data,
49
+ };
37
50
  }
38
-
39
- return {
40
- status: err.response.status,
41
- reason: err.response.data,
42
- };
43
51
  }
44
52
 
45
53
  } else {
package/services/keycloakService.js CHANGED
@@ -1767,6 +1767,41 @@ class KeycloakService extends Keycloak {
1767
1767
 
1768
1768
  }
1769
1769
 
1770
+ async getGroupById( groupId, adminToken ) {
1771
+
1772
+ return new Promise( async ( resolve, reject ) => {
1773
+
1774
+ let URL = `${keycloakConfig[ "auth-server-url" ]}${keycloakConfig[ "USERNAME_ADMIN" ]}/realms/${keycloakConfig[ "realm" ]}/groups/${groupId}/`;
1775
+
1776
+ let config = {
1777
+ method: "get",
1778
+ url: URL,
1779
+ headers: {
1780
+ "Content-Type": "application/json",
1781
+ Authorization: `Bearer ${adminToken}`,
1782
+ }
1783
+ };
1784
+
1785
+ try {
1786
+
1787
+ let tokenResponse = await requestController.httpRequest( config, false );
1788
+ let group = tokenResponse.data;
1789
+ resolve( group );
1790
+
1791
+ } catch ( er ) {
1792
+
1793
+ let error = await errorService.handleError( er );
1794
+
1795
+ reject( {
1796
+
1797
+ error_message: "Error Occured While Fetching Group using GroupId.",
1798
+ error_detail: error
1799
+ } );
1800
+ }
1801
+
1802
+ } );
1803
+ }
1804
+
1770
1805
  async addOrRemoveUserGroup( userId, groups, operation, adminToken ) {
1771
1806
 
1772
1807
 
@@ -2018,6 +2053,10 @@ class KeycloakService extends Keycloak {
2018
2053
 
2019
2054
  updateUserPromise = this.updateUser( finesseLoginResponse.data, keycloakAuthToken.keycloak_User )
2020
2055
  .then( async ( updatedUser ) => {
2056
+
2057
+ //Calling the Introspect function twice so all the asynchronous operations inside updateUser function are done
2058
+ keycloakAuthToken = await this.getKeycloakTokenWithIntrospect( username, password, keycloakConfig[ "realm" ] );
2059
+ keycloakAuthToken = null
2021
2060
  keycloakAuthToken = await this.getKeycloakTokenWithIntrospect( username, password, keycloakConfig[ "realm" ] );
2022
2061
  updateUserPromise = null; // Reset the promise
2023
2062
  } )
@@ -2217,6 +2256,67 @@ class KeycloakService extends Keycloak {
2217
2256
  let userLocationSplit = userLocation.split( "/" );
2218
2257
  let userId = userLocationSplit[ userLocationSplit.length - 1 ];
2219
2258
 
2259
+ if ( userObject.roles.includes( "supervisor" ) ) {
2260
+
2261
+ try {
2262
+
2263
+ let clientId = await this.getClientId( token );
2264
+
2265
+ userObject.supervisedGroups.map( async ( group ) => {
2266
+
2267
+ let groupData = await this.gettingGroupByGroupName( [ group.name ], token );
2268
+
2269
+ if ( groupData.length > 0 ) {
2270
+
2271
+ let groupDetails = await this.getGroupById( groupData[ 0 ].id, token );
2272
+
2273
+ if ( groupDetails.attributes != null ) {
2274
+
2275
+ if ( 'supervisor' in groupDetails.attributes ) {
2276
+
2277
+ let supervisors = groupDetails.attributes[ 'supervisor' ][ 0 ].split( "," );
2278
+
2279
+ if ( !( supervisors.includes( userObject.username ) ) ) {
2280
+
2281
+ groupDetails.attributes.supervisor = [ ` ${groupDetails.attributes[ 'supervisor' ][ 0 ]},${userObject.username}` ];
2282
+ }
2283
+
2284
+ } else {
2285
+
2286
+ groupDetails.attributes.supervisor = [ `${userObject.username}` ];
2287
+ }
2288
+ }
2289
+
2290
+ if ( groupDetails.attributes.supervisor ) {
2291
+
2292
+ groupData[ 0 ] = groupDetails;
2293
+ await teamsService.addSupervisorToGroup( groupData, token, keycloakConfig );
2294
+ }
2295
+
2296
+ }
2297
+
2298
+ let userBasedPolicy = await this.getPolicy( `${group.name} user based policy`, token, clientId );
2299
+
2300
+ if ( !userBasedPolicy.config.users.includes( userId ) ) {
2301
+
2302
+ //Parsing string quoted array into array.
2303
+ const parsedArray = JSON.parse( userBasedPolicy.config.users.replace( /'/g, '"' ) );
2304
+ delete userBasedPolicy.config;
2305
+ parsedArray.push( userId );
2306
+
2307
+ userBasedPolicy.users = parsedArray;
2308
+ let updatedUserBasedPolicy = await this.updateUserBasedPolicy( userBasedPolicy, token, clientId );
2309
+
2310
+ }
2311
+ } );
2312
+
2313
+ } catch ( er ) {
2314
+
2315
+ reject( er );
2316
+ }
2317
+
2318
+ }
2319
+
2220
2320
  //Get list of all the roles in keycloak realm
2221
2321
  let realmRoles = await this.getRealmRoles( token );
2222
2322
 
@@ -2417,6 +2517,236 @@ class KeycloakService extends Keycloak {
2417
2517
  await this.addOrRemoveUserGroup( keyObj.id, groupsToRemove, 'remove', token );
2418
2518
  }
2419
2519
 
2520
+ try {
2521
+
2522
+ //Remove User From Supervising Group
2523
+ if ( keyObj.permittedResources.Resources.length > 0 ) {
2524
+
2525
+ let clientId;
2526
+
2527
+ try {
2528
+
2529
+ //Checking whether user has been assigned new groups to supervise or removed from some group as supervisor.
2530
+ clientId = await this.getClientId( token );
2531
+
2532
+ } catch ( err ) {
2533
+
2534
+ reject( err );
2535
+ }
2536
+
2537
+ try {
2538
+
2539
+ let permissions = keyObj.permittedResources.Resources;
2540
+
2541
+ let teamsDashboardPermissions = permissions.find( permission => permission.rsname == 'teams' );
2542
+
2543
+ if ( teamsDashboardPermissions && finObj.supervisedGroups.length > 0 ) {
2544
+
2545
+ let userToRemoveFromPolicy;
2546
+ let userToAddInPolicy;
2547
+ let userAttributeToRemove;
2548
+ let userAttributeToAdd;
2549
+
2550
+ let results = teamsDashboardPermissions.scopes.map( scope => {
2551
+ let groupName = scope.split( '-group' );
2552
+ return groupName[ 0 ];
2553
+ } );
2554
+
2555
+ if ( finObj.supervisedGroups ) {
2556
+
2557
+ userToRemoveFromPolicy = results.filter( group => !finObj.supervisedGroups.find( finGroup => finGroup.name == group ) );
2558
+ } else {
2559
+
2560
+ userToRemoveFromPolicy = results;
2561
+ }
2562
+
2563
+ //Checking Supervisors in attributes
2564
+ let teamsData = await this.getUserSupervisedGroups( keyObj.id, keyObj.username );
2565
+
2566
+ try {
2567
+
2568
+ //Removing Username in Supervisor Attribute from non-supervised teams.
2569
+ if ( teamsData.supervisedTeams.length > 0 ) {
2570
+
2571
+ //Filtering out all the non-supervised teams.
2572
+ if ( finObj.supervisedGroups ) {
2573
+
2574
+ userAttributeToRemove = teamsData.supervisedTeams.filter( group => !finObj.supervisedGroups.find( finGroup => finGroup.name == group.teamName ) );
2575
+ } else {
2576
+
2577
+ userAttributeToRemove = teamsData.supervisedTeams
2578
+ }
2579
+
2580
+ if ( userAttributeToRemove.length > 0 ) {
2581
+
2582
+ for ( let group of userAttributeToRemove ) {
2583
+
2584
+ //Fetching non-supervised group
2585
+ let groupData = await this.gettingGroupByGroupName( [ group.teamName ], token );
2586
+
2587
+
2588
+ if ( groupData.length > 0 ) {
2589
+
2590
+ //fetching detailed data of non-supervised group
2591
+ let groupDetails = await this.getGroupById( groupData[ 0 ].id, token );
2592
+
2593
+ if ( groupDetails.attributes != null ) {
2594
+
2595
+ //checking whether supervisor attribute exists in group
2596
+ if ( 'supervisor' in groupDetails.attributes ) {
2597
+
2598
+ let supervisors = groupDetails.attributes[ 'supervisor' ][ 0 ].split( "," );
2599
+
2600
+ //checking if current user is part of non-supervised group as supervisor
2601
+ if ( supervisors.includes( keyObj.username ) ) {
2602
+
2603
+ let remainingSupervisors = supervisors.filter( supervisor => supervisor != ( keyObj.username ) );
2604
+ groupDetails.attributes.supervisor = remainingSupervisors.length > 0 ? [ `${remainingSupervisors.join( ',' )}` ] : [ '' ];
2605
+
2606
+
2607
+ try {
2608
+ //removing user from non-supervised group.
2609
+ groupData[ 0 ] = groupDetails;
2610
+ let removeSupervisorAttribute = await teamsService.addSupervisorToGroup( groupData, token, keycloakConfig );
2611
+ } catch ( err ) {
2612
+
2613
+ reject( err );
2614
+ }
2615
+ }
2616
+
2617
+ }
2618
+
2619
+ }
2620
+ }
2621
+
2622
+ }
2623
+ }
2624
+
2625
+ }
2626
+
2627
+ //find Permission using Permission Name
2628
+ if ( userToRemoveFromPolicy.length > 0 ) {
2629
+
2630
+ for ( let group of userToRemoveFromPolicy ) {
2631
+
2632
+
2633
+ let policy = await this.getPolicy( `${group} user based policy`, token, clientId );
2634
+
2635
+ //What if no User is remaining in User-Based Policy after removing current user? Thought for later.
2636
+ if ( policy.config.users.includes( keyObj.id ) ) {
2637
+
2638
+ //Parsing string quoted array into array.
2639
+ let parsedArray = JSON.parse( policy.config.users.replace( /'/g, '"' ) );
2640
+ let updatedParsedArray = parsedArray.filter( id => id != keyObj.id );
2641
+
2642
+ delete policy.config;
2643
+ policy.users = updatedParsedArray;
2644
+
2645
+ try {
2646
+ let updatedUserBasedPolicy = await this.updateUserBasedPolicy( policy, token, clientId );
2647
+
2648
+ } catch ( er ) {
2649
+ reject( er );
2650
+ }
2651
+
2652
+ }
2653
+
2654
+ }
2655
+ }
2656
+
2657
+ try {
2658
+
2659
+ //Adding user as supervisor to new Teams.
2660
+ if ( finObj.supervisedGroups ) {
2661
+
2662
+ userToAddInPolicy = finObj.supervisedGroups.filter( group => !results.includes( group.name ) );
2663
+ userAttributeToAdd = finObj.supervisedGroups.filter( group => !teamsData.supervisedTeams.find( keyGroup => group.name == keyGroup.teamName ) );
2664
+
2665
+ if ( userAttributeToAdd.length > 0 ) {
2666
+
2667
+ for ( let group of userAttributeToAdd ) {
2668
+
2669
+ //Add User From Supervisor Attribute in Group.
2670
+ let groupData = await this.gettingGroupByGroupName( [ group.name ], token );
2671
+
2672
+ if ( groupData.length > 0 ) {
2673
+
2674
+ let groupDetails = await this.getGroupById( groupData[ 0 ].id, token );
2675
+
2676
+ if ( groupDetails.attributes != null ) {
2677
+
2678
+ if ( 'supervisor' in groupDetails.attributes ) {
2679
+
2680
+ let supervisors = groupDetails.attributes[ 'supervisor' ][ 0 ].split( "," );
2681
+
2682
+ if ( !( supervisors.includes( finObj.username ) ) ) {
2683
+
2684
+ groupDetails.attributes.supervisor = ( supervisors[ 0 ] != '' ) ? [ ` ${groupDetails.attributes[ 'supervisor' ][ 0 ]},${finObj.username}` ] : [ `${finObj.username}` ];
2685
+ }
2686
+ } else {
2687
+
2688
+ groupDetails.attributes.supervisor = [ `${finObj.username}` ];
2689
+ }
2690
+ }
2691
+
2692
+ if ( groupDetails.attributes.supervisor ) {
2693
+
2694
+ groupData[ 0 ] = groupDetails;
2695
+ await teamsService.addSupervisorToGroup( groupData, token, keycloakConfig );
2696
+ }
2697
+
2698
+ }
2699
+ }
2700
+
2701
+ }
2702
+
2703
+ if ( userToAddInPolicy.length > 0 ) {
2704
+
2705
+ for ( let group of userToAddInPolicy ) {
2706
+
2707
+ let policy = await this.getPolicy( `${group.name} user based policy`, token, clientId );
2708
+
2709
+ //What if no User is remaining in User-Based Policy after removing current user? Thought for later.
2710
+ if ( !policy.config.users.includes( keyObj.id ) ) {
2711
+
2712
+ //Parsing string quoted array into array.
2713
+ let parsedArray = JSON.parse( policy.config.users.replace( /'/g, '"' ) );
2714
+ delete policy.config;
2715
+ parsedArray.push( keyObj.id );
2716
+ policy.users = parsedArray;
2717
+
2718
+ try {
2719
+ let updatedUserBasedPolicy = await this.updateUserBasedPolicy( policy, token, clientId );
2720
+
2721
+ } catch ( er ) {
2722
+ reject( er );
2723
+ }
2724
+
2725
+ }
2726
+
2727
+ }
2728
+ }
2729
+ }
2730
+ } catch ( err ) {
2731
+
2732
+ reject( err );
2733
+ }
2734
+ }
2735
+ catch ( err ) {
2736
+
2737
+ reject( err );
2738
+ }
2739
+ }
2740
+ } catch ( err ) {
2741
+
2742
+ reject( err );
2743
+ }
2744
+ }
2745
+ } catch ( err ) {
2746
+
2747
+ reject( err );
2748
+ }
2749
+
2420
2750
  } catch ( err ) {
2421
2751
 
2422
2752
  reject( err );
package/services/teamsService.js CHANGED
@@ -232,9 +232,7 @@ class TeamsService {
232
232
  },
233
233
  data: {
234
234
  name: group.name,
235
- attributes: {
236
- supervisor: group.supervisors
237
- }
235
+ attributes: group.attributes
238
236
  }
239
237
  };
240
238