npm - strapi-plugin-keycloak-realm-users - Versions diffs - 1.0.0 - Mend

strapi-plugin-keycloak-realm-users 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (123) hide show

package/LICENSE +21 -0
package/README.md +485 -0
package/__tests__/constants.test.mjs +207 -0
package/__tests__/mocks/strapi.mjs +182 -0
package/__tests__/services/audit-log.test.mjs +283 -0
package/__tests__/services/keycloak-client.test.mjs +651 -0
package/__tests__/services/permission.test.mjs +374 -0
package/__tests__/services/realm.test.mjs +415 -0
package/__tests__/services/user.test.mjs +487 -0
package/__tests__/utils/errors.test.mjs +109 -0
package/admin/src/components/Initializer.jsx +14 -0
package/admin/src/components/RealmBadge.jsx +17 -0
package/admin/src/constants.js +14 -0
package/admin/src/hooks/useAuditLogs.js +142 -0
package/admin/src/hooks/useKeycloakRoles.js +182 -0
package/admin/src/hooks/useKeycloakUsers.js +477 -0
package/admin/src/hooks/useRealmAdmins.js +249 -0
package/admin/src/hooks/useRealms.js +269 -0
package/admin/src/index.js +46 -0
package/admin/src/pages/App.jsx +21 -0
package/admin/src/pages/AuditPage/index.jsx +213 -0
package/admin/src/pages/RealmsPage/RealmEditPage.jsx +791 -0
package/admin/src/pages/RealmsPage/RealmListPage.jsx +231 -0
package/admin/src/pages/RealmsPage/index.jsx +7 -0
package/admin/src/pages/UsersPage/UserEditPage.jsx +313 -0
package/admin/src/pages/UsersPage/UserListPage.jsx +437 -0
package/admin/src/pages/UsersPage/index.jsx +7 -0
package/admin/src/pluginId.js +2 -0
package/admin/src/translations/en.json +77 -0
package/admin/src/translations/fr.json +77 -0
package/babel.config.cjs +17 -0
package/coverage/clover.xml +422 -0
package/coverage/coverage-final.json +8 -0
package/coverage/lcov-report/base.css +224 -0
package/coverage/lcov-report/block-navigation.js +87 -0
package/coverage/lcov-report/favicon.png +0 -0
package/coverage/lcov-report/index.html +146 -0
package/coverage/lcov-report/prettify.css +1 -0
package/coverage/lcov-report/prettify.js +2 -0
package/coverage/lcov-report/sort-arrow-sprite.png +0 -0
package/coverage/lcov-report/sorter.js +210 -0
package/coverage/lcov-report/src/bootstrap.js.html +346 -0
package/coverage/lcov-report/src/config/index.html +116 -0
package/coverage/lcov-report/src/config/index.js.html +106 -0
package/coverage/lcov-report/src/constants.js.html +850 -0
package/coverage/lcov-report/src/content-types/audit-log/index.html +116 -0
package/coverage/lcov-report/src/content-types/audit-log/index.js.html +94 -0
package/coverage/lcov-report/src/content-types/index.html +116 -0
package/coverage/lcov-report/src/content-types/index.js.html +112 -0
package/coverage/lcov-report/src/content-types/realm-admin/index.html +116 -0
package/coverage/lcov-report/src/content-types/realm-admin/index.js.html +94 -0
package/coverage/lcov-report/src/content-types/realm-config/index.html +116 -0
package/coverage/lcov-report/src/content-types/realm-config/index.js.html +94 -0
package/coverage/lcov-report/src/controllers/audit.js.html +517 -0
package/coverage/lcov-report/src/controllers/index.html +161 -0
package/coverage/lcov-report/src/controllers/index.js.html +112 -0
package/coverage/lcov-report/src/controllers/realm.js.html +1057 -0
package/coverage/lcov-report/src/controllers/user.js.html +1324 -0
package/coverage/lcov-report/src/destroy.js.html +100 -0
package/coverage/lcov-report/src/index.html +116 -0
package/coverage/lcov-report/src/policies/can-access-realm.js.html +163 -0
package/coverage/lcov-report/src/policies/index.html +146 -0
package/coverage/lcov-report/src/policies/index.js.html +106 -0
package/coverage/lcov-report/src/policies/is-authenticated.js.html +100 -0
package/coverage/lcov-report/src/register.js.html +106 -0
package/coverage/lcov-report/src/routes/admin.js.html +844 -0
package/coverage/lcov-report/src/routes/index.html +131 -0
package/coverage/lcov-report/src/routes/index.js.html +109 -0
package/coverage/lcov-report/src/services/audit-log.js.html +673 -0
package/coverage/lcov-report/src/services/index.html +176 -0
package/coverage/lcov-report/src/services/index.js.html +124 -0
package/coverage/lcov-report/src/services/keycloak-client.js.html +2359 -0
package/coverage/lcov-report/src/services/permission.js.html +955 -0
package/coverage/lcov-report/src/services/realm.js.html +1207 -0
package/coverage/lcov-report/src/services/user.js.html +1924 -0
package/coverage/lcov-report/src/utils/errors.js.html +274 -0
package/coverage/lcov-report/src/utils/index.html +116 -0
package/coverage/lcov-report/src/utils/index.js.html +103 -0
package/coverage/lcov.info +804 -0
package/dist/_chunks/App-BaKrvCeS.mjs +1975 -0
package/dist/_chunks/App-DO6syS77.js +1975 -0
package/dist/_chunks/en-Li-XBDe9.mjs +72 -0
package/dist/_chunks/en-aCyfgNfr.js +72 -0
package/dist/_chunks/fr-Cj33Q8jI.js +72 -0
package/dist/_chunks/fr-vLrXph-Z.mjs +72 -0
package/dist/_chunks/index-DwDO4-0C.js +69 -0
package/dist/_chunks/index-jTVd7LdQ.mjs +70 -0
package/dist/admin/index.js +3 -0
package/dist/admin/index.mjs +4 -0
package/dist/server/index.js +3003 -0
package/dist/server/index.mjs +3004 -0
package/jest.config.cjs +50 -0
package/package.json +55 -0
package/server/src/bootstrap.js +87 -0
package/server/src/config/index.js +7 -0
package/server/src/constants.js +255 -0
package/server/src/content-types/audit-log/index.js +3 -0
package/server/src/content-types/audit-log/schema.json +61 -0
package/server/src/content-types/index.js +9 -0
package/server/src/content-types/realm-admin/index.js +3 -0
package/server/src/content-types/realm-admin/schema.json +45 -0
package/server/src/content-types/realm-config/index.js +3 -0
package/server/src/content-types/realm-config/schema.json +56 -0
package/server/src/controllers/audit.js +144 -0
package/server/src/controllers/index.js +9 -0
package/server/src/controllers/realm.js +324 -0
package/server/src/controllers/user.js +413 -0
package/server/src/destroy.js +5 -0
package/server/src/index.js +21 -0
package/server/src/policies/can-access-realm.js +26 -0
package/server/src/policies/index.js +7 -0
package/server/src/policies/is-authenticated.js +5 -0
package/server/src/register.js +7 -0
package/server/src/routes/admin.js +253 -0
package/server/src/routes/index.js +8 -0
package/server/src/services/audit-log.js +196 -0
package/server/src/services/index.js +13 -0
package/server/src/services/keycloak-client.js +758 -0
package/server/src/services/permission.js +290 -0
package/server/src/services/realm.js +374 -0
package/server/src/services/user.js +613 -0
package/server/src/utils/errors.js +63 -0
package/server/src/utils/index.js +6 -0

package/server/src/controllers/user.js ADDED Viewed

@@ -0,0 +1,413 @@
+import { PLUGIN_ID, SERVICES, ERROR_MESSAGES } from '../constants.js';
+const userController = ({ strapi }) => ({
+  /**
+   * List users in a realm
+   */
+  async find(ctx) {
+    const user = ctx.state.user;
+    const { realmId } = ctx.params;
+    const { search, page = 1, pageSize = 25 } = ctx.query;
+    if (!user) {
+      return ctx.unauthorized(ERROR_MESSAGES.INSUFFICIENT_PERMISSIONS);
+    }
+    try {
+      const userService = strapi.plugin(PLUGIN_ID).service(SERVICES.USER);
+      const result = await userService.listUsers(
+        realmId,
+        { search, page: parseInt(page, 10), pageSize: parseInt(pageSize, 10) },
+        user
+      );
+      ctx.body = { data: result };
+    } catch (err) {
+      strapi.log.error(`[${PLUGIN_ID}] user.find error:`, err);
+      ctx.throw(400, err.sanitizedMessage || ERROR_MESSAGES.UNKNOWN_ERROR);
+    }
+  },
+  /**
+   * Get a single user
+   */
+  async findOne(ctx) {
+    const user = ctx.state.user;
+    const { realmId, id } = ctx.params;
+    if (!user) {
+      return ctx.unauthorized(ERROR_MESSAGES.INSUFFICIENT_PERMISSIONS);
+    }
+    try {
+      const userService = strapi.plugin(PLUGIN_ID).service(SERVICES.USER);
+      const keycloakUser = await userService.getUser(realmId, id, user);
+      ctx.body = { data: keycloakUser };
+    } catch (err) {
+      strapi.log.error(`[${PLUGIN_ID}] user.findOne error:`, err);
+      ctx.throw(400, err.sanitizedMessage || ERROR_MESSAGES.UNKNOWN_ERROR);
+    }
+  },
+  /**
+   * Create a new user
+   */
+  async create(ctx) {
+    const user = ctx.state.user;
+    const { realmId } = ctx.params;
+    const { data } = ctx.request.body;
+    if (!user) {
+      return ctx.unauthorized(ERROR_MESSAGES.INSUFFICIENT_PERMISSIONS);
+    }
+    try {
+      const userService = strapi.plugin(PLUGIN_ID).service(SERVICES.USER);
+      const keycloakUser = await userService.createUser(realmId, data, user);
+      ctx.body = { data: keycloakUser };
+    } catch (err) {
+      strapi.log.error(`[${PLUGIN_ID}] user.create error:`, err);
+      ctx.throw(400, err.sanitizedMessage || ERROR_MESSAGES.UNKNOWN_ERROR);
+    }
+  },
+  /**
+   * Update a user
+   */
+  async update(ctx) {
+    const user = ctx.state.user;
+    const { realmId, id } = ctx.params;
+    const { data } = ctx.request.body;
+    if (!user) {
+      return ctx.unauthorized(ERROR_MESSAGES.INSUFFICIENT_PERMISSIONS);
+    }
+    try {
+      const userService = strapi.plugin(PLUGIN_ID).service(SERVICES.USER);
+      const keycloakUser = await userService.updateUser(realmId, id, data, user);
+      ctx.body = { data: keycloakUser };
+    } catch (err) {
+      strapi.log.error(`[${PLUGIN_ID}] user.update error:`, err);
+      ctx.throw(400, err.sanitizedMessage || ERROR_MESSAGES.UNKNOWN_ERROR);
+    }
+  },
+  /**
+   * Delete a user
+   */
+  async delete(ctx) {
+    const user = ctx.state.user;
+    const { realmId, id } = ctx.params;
+    if (!user) {
+      return ctx.unauthorized(ERROR_MESSAGES.INSUFFICIENT_PERMISSIONS);
+    }
+    try {
+      const userService = strapi.plugin(PLUGIN_ID).service(SERVICES.USER);
+      await userService.deleteUser(realmId, id, user);
+      ctx.body = { data: { success: true } };
+    } catch (err) {
+      strapi.log.error(`[${PLUGIN_ID}] user.delete error:`, err);
+      ctx.throw(400, err.sanitizedMessage || ERROR_MESSAGES.UNKNOWN_ERROR);
+    }
+  },
+  /**
+   * Reset user password
+   */
+  async resetPassword(ctx) {
+    const user = ctx.state.user;
+    const { realmId, id } = ctx.params;
+    const { data } = ctx.request.body;
+    if (!user) {
+      return ctx.unauthorized(ERROR_MESSAGES.INSUFFICIENT_PERMISSIONS);
+    }
+    try {
+      const { password, temporary = true } = data;
+      if (!password) {
+        return ctx.badRequest('Password is required.');
+      }
+      const userService = strapi.plugin(PLUGIN_ID).service(SERVICES.USER);
+      await userService.resetPassword(realmId, id, password, temporary, user);
+      ctx.body = { data: { success: true } };
+    } catch (err) {
+      strapi.log.error(`[${PLUGIN_ID}] user.resetPassword error:`, err);
+      ctx.throw(400, err.sanitizedMessage || ERROR_MESSAGES.UNKNOWN_ERROR);
+    }
+  },
+  /**
+   * Enable a user
+   */
+  async enable(ctx) {
+    const user = ctx.state.user;
+    const { realmId, id } = ctx.params;
+    if (!user) {
+      return ctx.unauthorized(ERROR_MESSAGES.INSUFFICIENT_PERMISSIONS);
+    }
+    try {
+      const userService = strapi.plugin(PLUGIN_ID).service(SERVICES.USER);
+      await userService.enableUser(realmId, id, user);
+      ctx.body = { data: { success: true } };
+    } catch (err) {
+      strapi.log.error(`[${PLUGIN_ID}] user.enable error:`, err);
+      ctx.throw(400, err.sanitizedMessage || ERROR_MESSAGES.UNKNOWN_ERROR);
+    }
+  },
+  /**
+   * Disable a user
+   */
+  async disable(ctx) {
+    const user = ctx.state.user;
+    const { realmId, id } = ctx.params;
+    if (!user) {
+      return ctx.unauthorized(ERROR_MESSAGES.INSUFFICIENT_PERMISSIONS);
+    }
+    try {
+      const userService = strapi.plugin(PLUGIN_ID).service(SERVICES.USER);
+      await userService.disableUser(realmId, id, user);
+      ctx.body = { data: { success: true } };
+    } catch (err) {
+      strapi.log.error(`[${PLUGIN_ID}] user.disable error:`, err);
+      ctx.throw(400, err.sanitizedMessage || ERROR_MESSAGES.UNKNOWN_ERROR);
+    }
+  },
+  /**
+   * Send verification email
+   */
+  async sendVerifyEmail(ctx) {
+    const user = ctx.state.user;
+    const { realmId, id } = ctx.params;
+    if (!user) {
+      return ctx.unauthorized(ERROR_MESSAGES.INSUFFICIENT_PERMISSIONS);
+    }
+    try {
+      const userService = strapi.plugin(PLUGIN_ID).service(SERVICES.USER);
+      await userService.sendVerificationEmail(realmId, id, user);
+      ctx.body = { data: { success: true } };
+    } catch (err) {
+      strapi.log.error(`[${PLUGIN_ID}] user.sendVerifyEmail error:`, err);
+      ctx.throw(400, err.sanitizedMessage || ERROR_MESSAGES.UNKNOWN_ERROR);
+    }
+  },
+  /**
+   * Send password reset email
+   */
+  async sendResetPasswordEmail(ctx) {
+    const user = ctx.state.user;
+    const { realmId, id } = ctx.params;
+    if (!user) {
+      return ctx.unauthorized(ERROR_MESSAGES.INSUFFICIENT_PERMISSIONS);
+    }
+    try {
+      const userService = strapi.plugin(PLUGIN_ID).service(SERVICES.USER);
+      await userService.sendResetPasswordEmail(realmId, id, user);
+      ctx.body = { data: { success: true } };
+    } catch (err) {
+      strapi.log.error(`[${PLUGIN_ID}] user.sendResetPasswordEmail error:`, err);
+      ctx.throw(400, err.sanitizedMessage || ERROR_MESSAGES.UNKNOWN_ERROR);
+    }
+  },
+  /**
+   * Get realm roles
+   */
+  async getRoles(ctx) {
+    const user = ctx.state.user;
+    const { realmId } = ctx.params;
+    if (!user) {
+      return ctx.unauthorized(ERROR_MESSAGES.INSUFFICIENT_PERMISSIONS);
+    }
+    try {
+      const userService = strapi.plugin(PLUGIN_ID).service(SERVICES.USER);
+      const roles = await userService.getRoles(realmId, user);
+      ctx.body = { data: roles };
+    } catch (err) {
+      strapi.log.error(`[${PLUGIN_ID}] user.getRoles error:`, err);
+      ctx.throw(400, err.sanitizedMessage || ERROR_MESSAGES.UNKNOWN_ERROR);
+    }
+  },
+  /**
+   * Get user's roles
+   */
+  async getUserRoles(ctx) {
+    const user = ctx.state.user;
+    const { realmId, id } = ctx.params;
+    if (!user) {
+      return ctx.unauthorized(ERROR_MESSAGES.INSUFFICIENT_PERMISSIONS);
+    }
+    try {
+      const userService = strapi.plugin(PLUGIN_ID).service(SERVICES.USER);
+      const roles = await userService.getUserRoles(realmId, id, user);
+      ctx.body = { data: roles };
+    } catch (err) {
+      strapi.log.error(`[${PLUGIN_ID}] user.getUserRoles error:`, err);
+      ctx.throw(400, err.sanitizedMessage || ERROR_MESSAGES.UNKNOWN_ERROR);
+    }
+  },
+  /**
+   * Assign roles to user
+   */
+  async assignRoles(ctx) {
+    const user = ctx.state.user;
+    const { realmId, id } = ctx.params;
+    const { data } = ctx.request.body;
+    if (!user) {
+      return ctx.unauthorized(ERROR_MESSAGES.INSUFFICIENT_PERMISSIONS);
+    }
+    try {
+      const { roles } = data;
+      if (!roles || !Array.isArray(roles)) {
+        return ctx.badRequest('Roles array is required.');
+      }
+      const userService = strapi.plugin(PLUGIN_ID).service(SERVICES.USER);
+      await userService.assignRoles(realmId, id, roles, user);
+      ctx.body = { data: { success: true } };
+    } catch (err) {
+      strapi.log.error(`[${PLUGIN_ID}] user.assignRoles error:`, err);
+      ctx.throw(400, err.sanitizedMessage || ERROR_MESSAGES.UNKNOWN_ERROR);
+    }
+  },
+  /**
+   * Remove roles from user
+   */
+  async removeRoles(ctx) {
+    const user = ctx.state.user;
+    const { realmId, id } = ctx.params;
+    const { data } = ctx.request.body;
+    if (!user) {
+      return ctx.unauthorized(ERROR_MESSAGES.INSUFFICIENT_PERMISSIONS);
+    }
+    try {
+      const { roles } = data;
+      if (!roles || !Array.isArray(roles)) {
+        return ctx.badRequest('Roles array is required.');
+      }
+      const userService = strapi.plugin(PLUGIN_ID).service(SERVICES.USER);
+      await userService.removeRoles(realmId, id, roles, user);
+      ctx.body = { data: { success: true } };
+    } catch (err) {
+      strapi.log.error(`[${PLUGIN_ID}] user.removeRoles error:`, err);
+      ctx.throw(400, err.sanitizedMessage || ERROR_MESSAGES.UNKNOWN_ERROR);
+    }
+  },
+  /**
+   * Bulk import users
+   */
+  async bulkImport(ctx) {
+    const user = ctx.state.user;
+    const { realmId } = ctx.params;
+    const { data } = ctx.request.body;
+    if (!user) {
+      return ctx.unauthorized(ERROR_MESSAGES.INSUFFICIENT_PERMISSIONS);
+    }
+    try {
+      const { users } = data;
+      if (!users || !Array.isArray(users)) {
+        return ctx.badRequest('Users array is required.');
+      }
+      const userService = strapi.plugin(PLUGIN_ID).service(SERVICES.USER);
+      const result = await userService.bulkImport(realmId, users, user);
+      ctx.body = { data: result };
+    } catch (err) {
+      strapi.log.error(`[${PLUGIN_ID}] user.bulkImport error:`, err);
+      ctx.throw(400, err.sanitizedMessage || ERROR_MESSAGES.UNKNOWN_ERROR);
+    }
+  },
+  /**
+   * Export users
+   */
+  async exportUsers(ctx) {
+    const user = ctx.state.user;
+    const { realmId } = ctx.params;
+    const { format = 'json' } = ctx.query;
+    if (!user) {
+      return ctx.unauthorized(ERROR_MESSAGES.INSUFFICIENT_PERMISSIONS);
+    }
+    try {
+      const userService = strapi.plugin(PLUGIN_ID).service(SERVICES.USER);
+      const users = await userService.exportUsers(realmId, user);
+      if (format === 'csv') {
+        // Convert to CSV
+        const headers = ['id', 'username', 'email', 'firstName', 'lastName', 'enabled', 'emailVerified'];
+        const csvRows = [headers.join(',')];
+        for (const u of users) {
+          const row = headers.map((h) => {
+            const val = u[h];
+            if (val === undefined || val === null) return '';
+            if (typeof val === 'string' && val.includes(',')) return `"${val}"`;
+            return String(val);
+          });
+          csvRows.push(row.join(','));
+        }
+        ctx.set('Content-Type', 'text/csv');
+        ctx.set('Content-Disposition', `attachment; filename="keycloak-users-${realmId}.csv"`);
+        ctx.body = csvRows.join('\n');
+      } else {
+        ctx.body = { data: users };
+      }
+    } catch (err) {
+      strapi.log.error(`[${PLUGIN_ID}] user.exportUsers error:`, err);
+      ctx.throw(400, err.sanitizedMessage || ERROR_MESSAGES.UNKNOWN_ERROR);
+    }
+  },
+});
+export default userController;

package/server/src/destroy.js ADDED Viewed

@@ -0,0 +1,5 @@
+const destroy = ({ strapi }) => {
+  // Cleanup if needed
+};
+export default destroy;

package/server/src/index.js ADDED Viewed

@@ -0,0 +1,21 @@
+import bootstrap from './bootstrap.js';
+import register from './register.js';
+import destroy from './destroy.js';
+import config from './config/index.js';
+import contentTypes from './content-types/index.js';
+import controllers from './controllers/index.js';
+import services from './services/index.js';
+import policies from './policies/index.js';
+import routes from './routes/index.js';
+export default {
+  bootstrap,
+  register,
+  destroy,
+  config,
+  contentTypes,
+  controllers,
+  services,
+  policies,
+  routes,
+};

package/server/src/policies/can-access-realm.js ADDED Viewed

@@ -0,0 +1,26 @@
+import { PLUGIN_ID, SERVICES } from '../constants.js';
+const canAccessRealm = async (policyContext, config, { strapi }) => {
+  const { realmId, id } = policyContext.params;
+  const user = policyContext.state.user;
+  // Determine which parameter holds the realm ID
+  const targetRealmId = realmId || id;
+  if (!user || !targetRealmId) {
+    return false;
+  }
+  const permissionService = strapi.plugin(PLUGIN_ID).service(SERVICES.PERMISSION);
+  // Super admins can access all realms
+  if (permissionService.isSuperAdmin(user)) {
+    return true;
+  }
+  // Check specific permission
+  const permission = config?.permission || 'canRead';
+  return permissionService.canAccessRealm(user, targetRealmId, permission);
+};
+export default canAccessRealm;

package/server/src/policies/index.js ADDED Viewed

@@ -0,0 +1,7 @@
+import isAuthenticated from './is-authenticated.js';
+import canAccessRealm from './can-access-realm.js';
+export default {
+  'is-authenticated': isAuthenticated,
+  'can-access-realm': canAccessRealm,
+};

package/server/src/policies/is-authenticated.js ADDED Viewed

@@ -0,0 +1,5 @@
+const isAuthenticated = (policyContext) => {
+  return Boolean(policyContext.state.user);
+};
+export default isAuthenticated;

package/server/src/register.js ADDED Viewed

@@ -0,0 +1,7 @@
+import { PLUGIN_ID } from './constants.js';
+const register = ({ strapi }) => {
+  strapi.log.info(`[${PLUGIN_ID}] Plugin registered successfully`);
+};
+export default register;