module Keycloak::Internal

Public Class Methods

change_password(user_id, redirect_uri = '', client_id = '', secret = '') click to toggle source
# File lib/keycloak.rb, line 661
def self.change_password(user_id, redirect_uri = '', client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  proc = lambda {|token|
    Keycloak.generic_request(token['access_token'],
                             Keycloak::Admin.full_url("users/#{user_id}/execute-actions-email"),
                             { redirect_uri: redirect_uri, client_id: client_id },
                             ['UPDATE_PASSWORD'],
                             'PUT')
  }

  default_call(proc, client_id, secret)
end
create_simple_user(username, password, email, first_name, last_name, realm_roles_names, client_roles_names, proc = nil, client_id = '', secret = '') click to toggle source
# File lib/keycloak.rb, line 763
def self.create_simple_user(username, password, email, first_name, last_name, realm_roles_names, client_roles_names, proc = nil, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  begin
    username.downcase!
    user = get_user_info(username, true, client_id, secret)
    new_user = false
  rescue Keycloak::UserLoginNotFound
    new_user = true
  rescue
    raise
  end

  proc_default = lambda { |token|
    user_representation = { username: username,
                            email: email,
                            firstName: first_name,
                            lastName: last_name,
                            enabled: true }

    if !new_user || Keycloak.generic_request(token["access_token"],
                                            Keycloak::Admin.full_url("users/"),
                                            nil, user_representation, 'POST')

      user = get_user_info(username, true, client_id, secret) if new_user

      credential_representation = { type: "password",
                                    temporary: false,
                                    value: password }

      if user['federationLink'] != nil || Keycloak.generic_request(token["access_token"],
                                                                   Keycloak::Admin.full_url("users/#{user['id']}/reset-password"),
                                                                   nil, credential_representation, 'PUT')

        client = JSON Keycloak.generic_request(token["access_token"],
                                               Keycloak::Admin.full_url("clients/"),
                                               { clientId: client_id }, nil, 'GET')

        if client_roles_names.count > 0
          roles = []
          client_roles_names.each do |r|
            unless isempty?(r)
              role = JSON Keycloak.generic_request(token["access_token"],
                                                  Keycloak::Admin.full_url("clients/#{client[0]['id']}/roles/#{r}"),
                                                  nil, nil, 'GET')
              roles.push(role)
            end
          end

          if roles.count > 0
            Keycloak.generic_request(token["access_token"],
                                    Keycloak::Admin.full_url("users/#{user['id']}/role-mappings/clients/#{client[0]['id']}"),
                                    nil, roles, 'POST')
          end
        end

        if realm_roles_names.count > 0
          roles = []
          realm_roles_names.each do |r|
            unless isempty?(r)
              role = JSON Keycloak.generic_request(token["access_token"],
                                                  Keycloak::Admin.full_url("roles/#{r}"),
                                                  nil, nil, 'GET')
              roles.push(role)
            end
          end

          if roles.count > 0
            Keycloak.generic_request(token["access_token"],
                                    Keycloak::Admin.full_url("users/#{user['id']}/role-mappings/realm"),
                                    nil, roles, 'POST')
          end
        else
          true
        end
      end
    end
  }

  if default_call(proc_default, client_id, secret)
    proc.call user unless proc.nil?
  end
end
create_starter_user(username, password, email, client_roles_names, proc = nil, client_id = '', secret = '') click to toggle source
# File lib/keycloak.rb, line 848
def self.create_starter_user(username, password, email, client_roles_names, proc = nil, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)
  Keycloak::Internal.create_simple_user(username, password, email, '', '', [], client_roles_names, proc, client_id, secret)
end
exists_name_or_email(value, user_id = '', client_id = '', secret = '') click to toggle source
# File lib/keycloak.rb, line 740
def self.exists_name_or_email(value, user_id = '', client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  begin
    usuario = Keycloak::Internal.get_user_info(value, true, client_id, secret)
    if user_id.empty? || user_id != usuario['id']
      !isempty?(usuario)
    else
      false
    end
  rescue StandardError
    false
  end
end
forgot_password(user_login, redirect_uri = '', client_id = '', secret = '') click to toggle source
# File lib/keycloak.rb, line 676
def self.forgot_password(user_login, redirect_uri = '', client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  user = get_user_info(user_login, true, client_id, secret)
  change_password(user['id'], redirect_uri, client_id, secret)
end
get_client_roles(client_id = '', secret = '') click to toggle source
# File lib/keycloak.rb, line 854
def self.get_client_roles(client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  proc = lambda {|token|
    client = JSON Keycloak::Admin.get_clients({ clientId: client_id }, token['access_token'])

    Keycloak.generic_request(token['access_token'],
                             Keycloak::Admin.full_url("clients/#{client[0]['id']}/roles"),
                             nil, nil, 'GET')
  }

  default_call(proc, client_id, secret)
end
get_client_user_roles(user_id, client_id = '', secret = '') click to toggle source
# File lib/keycloak.rb, line 869
def self.get_client_user_roles(user_id, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  proc = lambda {|token|
    client = JSON Keycloak::Admin.get_clients({ clientId: client_id }, token["access_token"])
    Keycloak::Admin.get_effective_client_level_role_composite_user(user_id, client[0]['id'], token["access_token"])
  }

  default_call(proc, client_id, secret)
end
get_groups(query_parameters = nil, client_id = '', secret = '') click to toggle source
# File lib/keycloak.rb, line 628
def self.get_groups(query_parameters = nil, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  proc = lambda { |token|
    Keycloak::Admin.get_groups(query_parameters, token['access_token'])
  }

  default_call(proc, client_id, secret)
end
get_groups_by_role_name(role_name, query_parameters = nil, client_id = '', secret = '') click to toggle source
# File lib/keycloak.rb, line 639
def self.get_groups_by_role_name(role_name, query_parameters = nil, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  proc = lambda do |token|
    Keycloak::Admin.get_groups_by_role_name(role_name, query_parameters, token['access_token'])
  end

  default_call(proc, client_id, secret)
end
get_logged_user_info(client_id = '', secret = '') click to toggle source
# File lib/keycloak.rb, line 684
def self.get_logged_user_info(client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  proc = lambda {|token|
    userinfo = JSON Keycloak::Client.get_userinfo
    Keycloak.generic_request(token['access_token'],
                             Keycloak::Admin.full_url("users/#{userinfo['sub']}"),
                             nil, nil, 'GET')
  }

  default_call(proc, client_id, secret)
end
get_user_info(user_login, whole_word = false, client_id = '', secret = '') click to toggle source
# File lib/keycloak.rb, line 698
def self.get_user_info(user_login, whole_word = false, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  proc = lambda { |token|
    if user_login.index('@').nil?
      search = {:username => user_login}
    else
      search = {:email => user_login}
    end
    users = JSON Keycloak.generic_request(token["access_token"],
                                          Keycloak::Admin.full_url("users/"),
                                          search, nil, 'GET')
    users[0]
    if users.count.zero?
      raise Keycloak::UserLoginNotFound
    else
      efective_index = -1
      users.each_with_index do |user, i|
        if whole_word
          efective_index = i if user_login == user['username'] || user_login == user['email']
        else
          efective_index = 0
        end
        break if efective_index >= 0
      end

      if efective_index >= 0
        if whole_word
          users[efective_index]
        else
          users
        end
      else
        raise Keycloak::UserLoginNotFound
      end
    end
  }

  default_call(proc, client_id, secret)
end
get_users(query_parameters = nil, client_id = '', secret = '') click to toggle source
# File lib/keycloak.rb, line 606
def self.get_users(query_parameters = nil, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  proc = lambda {|token|
    Keycloak::Admin.get_users(query_parameters, token['access_token'])
  }

  default_call(proc, client_id, secret)
end
get_users_by_group(id, query_parameters = nil, client_id = '', secret = '') click to toggle source
# File lib/keycloak.rb, line 650
def self.get_users_by_group(id, query_parameters = nil, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  proc = lambda do |token|
    Keycloak::Admin.get_users_by_group(id, query_parameters, token['access_token'])
  end

  default_call(proc, client_id, secret)
end
get_users_by_role_name(role_name, query_parameters = nil, client_id = '', secret = '') click to toggle source
# File lib/keycloak.rb, line 617
def self.get_users_by_role_name(role_name, query_parameters = nil, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  proc = lambda do |token|
    Keycloak::Admin.get_users_by_role_name(role_name, query_parameters, token['access_token'])
  end

  default_call(proc, client_id, secret)
end
has_role?(user_id, user_role, client_id = '', secret = '') click to toggle source
# File lib/keycloak.rb, line 881
def self.has_role?(user_id, user_role, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  roles = JSON get_client_user_roles(user_id, client_id, secret)
  if !roles.nil?
    roles.each do |role|
      return true if role['name'].to_s == user_role.to_s
    end
    false
  else
    false
  end
end
logged_federation_user?(client_id = '', secret = '') click to toggle source
# File lib/keycloak.rb, line 756
def self.logged_federation_user?(client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)
  info = get_logged_user_info(client_id, secret)
  info['federationLink'] != nil
end

Protected Class Methods

default_call(proc, client_id = '', secret = '') click to toggle source
# File lib/keycloak.rb, line 898
def self.default_call(proc, client_id = '', secret = '')
  begin
    tk = nil
    resp = nil

    Keycloak::Client.get_installation

    client_id = Keycloak::Client.client_id if isempty?(client_id)
    secret = Keycloak::Client.secret if isempty?(secret)

    payload = { 'client_id' => client_id,
                'client_secret' => secret,
                'grant_type' => 'client_credentials' }

    header = {'Content-Type' => 'application/x-www-form-urlencoded'}

    _request = -> do
      RestClient.post(Keycloak::Client.configuration['token_endpoint'], payload, header){|response, request, result|
        case response.code
        when 200..399
          tk = JSON response.body
          resp = proc.call(tk)
        else
          response.return!
        end
      }
    end

    Keycloak::Client.exec_request _request
  ensure
    if tk
      payload = { 'client_id' => client_id,
                  'client_secret' => secret,
                  'refresh_token' => tk["refresh_token"] }

      header = {'Content-Type' => 'application/x-www-form-urlencoded'}
      _request = -> do
        RestClient.post(Keycloak::Client.configuration['end_session_endpoint'], payload, header){|response, request, result|
          case response.code
          when 200..399
            resp if resp.nil?
          else
            response.return!
          end
        }
      end
      Keycloak::Client.exec_request _request
    end
  end
end