Module: Keycloak::Internal

Includes:

Admin

Defined in:

lib/keycloak.rb

Class Method Summary

• .change_password(user_id, redirect_uri = '', client_id = '', secret = '') ⇒ Object
• .create_simple_user(username, password, email, first_name, last_name, realm_roles_names, client_roles_names, proc = nil, client_id = '', secret = '') ⇒ Object
• .create_starter_user(username, password, email, client_roles_names, proc = nil, client_id = '', secret = '') ⇒ Object
• .exists_name_or_email(value, user_id = '', client_id = '', secret = '') ⇒ Object
• .forgot_password(user_login, redirect_uri = '', client_id = '', secret = '') ⇒ Object
• .get_client_roles(client_id = '', secret = '') ⇒ Object
• .get_client_user_roles(user_id, client_id = '', secret = '') ⇒ Object
• .get_groups(query_parameters = nil, client_id = '', secret = '') ⇒ Object
• .get_logged_user_info(client_id = '', secret = '') ⇒ Object
• .get_user_info(user_login, whole_word = false, client_id = '', secret = '') ⇒ Object
• .get_users(query_parameters = nil, client_id = '', secret = '') ⇒ Object
• .has_role?(user_id, user_role, client_id = '', secret = '') ⇒ Boolean
• .logged_federation_user?(client_id = '', secret = '') ⇒ Boolean

Methods included from Admin

add_client_level_roles_to_user, count_users, create_user, delete_client_level_roles_from_user, delete_user, generic_delete, generic_get, generic_post, generic_put, get_all_roles_client, get_client_level_role_for_user_and_app, get_clients, get_effective_client_level_role_composite_user, get_role_mappings, get_roles_client_by_name, get_user, reset_password, revoke_consent_user, update_account_email, update_effective_user_roles, update_user

Class Method Details

.change_password(user_id, redirect_uri = '', client_id = '', secret = '') ⇒ Object

# File 'lib/keycloak.rb', line 602

def self.change_password(user_id, redirect_uri = '', client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if client_id.blank?
  secret = Keycloak::Client.secret if secret.blank?

  proc = lambda {|token|
    Keycloak.generic_request(token["access_token"],
                             Keycloak::Admin.full_url("users/#{user_id}/execute-actions-email"),
                             {:redirect_uri => redirect_uri, :client_id => client_id},
                             ['UPDATE_PASSWORD'],
                             'PUT')
  }

  default_call(proc, client_id, secret)
end

.create_simple_user(username, password, email, first_name, last_name, realm_roles_names, client_roles_names, proc = nil, client_id = '', secret = '') ⇒ Object

# File 'lib/keycloak.rb', line 704

def self.create_simple_user(username, password, email, first_name, last_name, realm_roles_names, client_roles_names, proc = nil, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if client_id.blank?
  secret = Keycloak::Client.secret if secret.blank?

  begin
    username.downcase!
    user = get_user_info(username, true, client_id, secret)
    newUser = false
  rescue Keycloak::UserLoginNotFound
    newUser = true
  rescue
    raise
  end

  proc_default = lambda { |token|
    user_representation = { username: username,
                            email: email,
                            firstName: first_name,
                            lastName: last_name,
                            enabled: true }

    if !newUser || Keycloak.generic_request(token["access_token"],
                                            Keycloak::Admin.full_url("users/"),
                                            nil, user_representation, 'POST')

      user = get_user_info(username, true, client_id, secret) if newUser

      credential_representation = { type: "password",
                                    temporary: false,
                                    value: password }

      if user['federationLink'] != nil || Keycloak.generic_request(token["access_token"],
                                                                   Keycloak::Admin.full_url("users/#{user['id']}/reset-password"),
                                                                   nil, credential_representation, 'PUT')

        client = JSON Keycloak.generic_request(token["access_token"],
                                               Keycloak::Admin.full_url("clients/"),
                                               { clientId: client_id }, nil, 'GET')

        if client_roles_names.count > 0
          roles = []
          client_roles_names.each do |r|
            if r.present?
              role = JSON Keycloak.generic_request(token["access_token"],
                                                  Keycloak::Admin.full_url("clients/#{client[0]['id']}/roles/#{r}"),
                                                  nil, nil, 'GET')
              roles.push(role)
            end
          end

          if roles.count > 0
            Keycloak.generic_request(token["access_token"],
                                    Keycloak::Admin.full_url("users/#{user['id']}/role-mappings/clients/#{client[0]['id']}"),
                                    nil, roles, 'POST')
          end
        end

        if realm_roles_names.count > 0
          roles = []
          realm_roles_names.each do |r|
            if r.present?
              role = JSON Keycloak.generic_request(token["access_token"],
                                                  Keycloak::Admin.full_url("roles/#{r}"),
                                                  nil, nil, 'GET')
              roles.push(role)
            end
          end

          if roles.count > 0
            Keycloak.generic_request(token["access_token"],
                                    Keycloak::Admin.full_url("users/#{user['id']}/role-mappings/realm"),
                                    nil, roles, 'POST')
          end
        else
          true
        end
      end
    end
  }

  if default_call(proc_default, client_id, secret)
    proc.call user unless proc.nil?
  end
end

.create_starter_user(username, password, email, client_roles_names, proc = nil, client_id = '', secret = '') ⇒ Object

# File 'lib/keycloak.rb', line 789

def self.create_starter_user(username, password, email, client_roles_names, proc = nil, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if client_id.blank?
  secret = Keycloak::Client.secret if secret.blank?
  Keycloak::Internal.create_simple_user(username, password, email, '', '', [], client_roles_names, proc, client_id, secret)
end

.exists_name_or_email(value, user_id = '', client_id = '', secret = '') ⇒ Object

# File 'lib/keycloak.rb', line 681

def self.exists_name_or_email(value, user_id = '', client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if client_id.blank?
  secret = Keycloak::Client.secret if secret.blank?

  begin
    usuario = Keycloak::Internal.get_user_info(value, true, client_id, secret)
    if user_id.empty? || user_id != usuario['id']
      usuario.present?
    else
      false
    end
  rescue StandardError
    false
  end
end

.forgot_password(user_login, redirect_uri = '', client_id = '', secret = '') ⇒ Object

# File 'lib/keycloak.rb', line 617

def self.forgot_password(user_login, redirect_uri = '', client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if client_id.blank?
  secret = Keycloak::Client.secret if secret.blank?

  user = get_user_info(user_login, true, client_id, secret)
  change_password(user['id'], redirect_uri, client_id, secret)
end

.get_client_roles(client_id = '', secret = '') ⇒ Object

# File 'lib/keycloak.rb', line 795

def self.get_client_roles(client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if client_id.blank?
  secret = Keycloak::Client.secret if secret.blank?

  proc = lambda {|token|
    client = JSON Keycloak::Admin.get_clients({ clientId: client_id }, token["access_token"])

    Keycloak.generic_request(token["access_token"],
                             Keycloak::Admin.full_url("clients/#{client[0]['id']}/roles"),
                             nil, nil, 'GET')
  }

  default_call(proc, client_id, secret)
end

.get_client_user_roles(user_id, client_id = '', secret = '') ⇒ Object

# File 'lib/keycloak.rb', line 810

def self.get_client_user_roles(user_id, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if client_id.blank?
  secret = Keycloak::Client.secret if secret.blank?

  proc = lambda {|token|
    client = JSON Keycloak::Admin.get_clients({ clientId: client_id }, token["access_token"])
    Keycloak::Admin.get_effective_client_level_role_composite_user(user_id, client[0]['id'], token["access_token"])
  }

  default_call(proc, client_id, secret)
end

.get_groups(query_parameters = nil, client_id = '', secret = '') ⇒ Object

# File 'lib/keycloak.rb', line 591

def self.get_groups(query_parameters = nil, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if client_id.blank?
  secret = Keycloak::Client.secret if secret.blank?

  proc = lambda {|token|
    Keycloak::Admin.get_groups(query_parameters, token["access_token"])
  }

  default_call(proc, client_id, secret)
end

.get_logged_user_info(client_id = '', secret = '') ⇒ Object

# File 'lib/keycloak.rb', line 625

def self.get_logged_user_info(client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if client_id.blank?
  secret = Keycloak::Client.secret if secret.blank?

  proc = lambda {|token|
    userinfo = JSON Keycloak::Client.get_userinfo
    Keycloak.generic_request(token["access_token"],
                             Keycloak::Admin.full_url("users/#{userinfo['sub']}"),
                             nil, nil, 'GET')
  }

  default_call(proc, client_id, secret)
end

.get_user_info(user_login, whole_word = false, client_id = '', secret = '') ⇒ Object

# File 'lib/keycloak.rb', line 639

def self.get_user_info(user_login, whole_word = false, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if client_id.blank?
  secret = Keycloak::Client.secret if secret.blank?

  proc = lambda { |token|
    if user_login.index('@').nil?
      search = {:username => user_login}
    else
      search = {:email => user_login}
    end
    users = JSON Keycloak.generic_request(token["access_token"],
                                          Keycloak::Admin.full_url("users/"),
                                          search, nil, 'GET')
    users[0]
    if users.count.zero?
      raise Keycloak::UserLoginNotFound
    else
      efective_index = -1
      users.each_with_index do |user, i|
        if whole_word
          efective_index = i if user_login == user['username'] || user_login == user['email']
        else
          efective_index = 0
        end
        break if efective_index >= 0
      end

      if efective_index >= 0
        if whole_word
          users[efective_index]
        else
          users
        end
      else
        raise Keycloak::UserLoginNotFound
      end
    end
  }

  default_call(proc, client_id, secret)
end

.get_users(query_parameters = nil, client_id = '', secret = '') ⇒ Object

# File 'lib/keycloak.rb', line 580

def self.get_users(query_parameters = nil, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if client_id.blank?
  secret = Keycloak::Client.secret if secret.blank?

  proc = lambda {|token|
    Keycloak::Admin.get_users(query_parameters, token["access_token"])
  }

  default_call(proc, client_id, secret)
end

.has_role?(user_id, user_role, client_id = '', secret = '') ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/keycloak.rb', line 822

def self.has_role?(user_id, user_role, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if client_id.blank?
  secret = Keycloak::Client.secret if secret.blank?

  roles = JSON get_client_user_roles(user_id, client_id, secret)
  if !roles.nil?
    roles.each do |role|
      return true if role['name'].to_s == user_role.to_s
    end
    false
  else
    false
  end
end

.logged_federation_user?(client_id = '', secret = '') ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/keycloak.rb', line 697

def self.logged_federation_user?(client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if client_id.blank?
  secret = Keycloak::Client.secret if secret.blank?
  info = get_logged_user_info(client_id, secret)
  info['federationLink'] != nil
end