Module: Keycloak::Internal

Includes:: Admin

Defined in:: lib/keycloak.rb

Class Method Summary collapse

Methods included from Admin

add_client_level_roles_to_user, count_users, create_user, delete_client_level_roles_from_user, delete_user, generic_delete, generic_get, generic_post, generic_put, get_all_roles_client, get_client_level_role_for_user_and_app, get_clients, get_effective_client_level_role_composite_user, get_role_mappings, get_roles_client_by_name, get_user, reset_password, revoke_consent_user, update_account_email, update_effective_user_roles, update_user

Class Method Details

.change_password(user_id, redirect_uri = '') ⇒ `Object`

# File 'lib/keycloak.rb', line 549

def self.change_password(user_id, redirect_uri = '')
  proc = lambda {|token|
    Keycloak.generic_request(token["access_token"],
                             Keycloak::Admin.full_url("users/#{user_id}/execute-actions-email"),
                             {:redirect_uri => redirect_uri, :client_id => Keycloak::Client.client_id},
                             ['UPDATE_PASSWORD'],
                             'PUT')
  }

  default_call(proc)
end

.create_simple_user(username, password, email, first_name, last_name, realm_roles_names, client_roles_names, proc = nil) ⇒ `Object`

# File 'lib/keycloak.rb', line 634

def self.create_simple_user(username, password, email, first_name, last_name, realm_roles_names, client_roles_names, proc = nil)
  begin
    username.downcase!
    user = get_user_info(username, true)
    newUser = false
  rescue Keycloak::UserLoginNotFound
    newUser = true
  rescue
    raise
  end

  proc_default = lambda { |token|
    user_representation = { username: username,
                            email: email,
                            firstName: first_name,
                            lastName: last_name,
                            enabled: true }

    if !newUser || Keycloak.generic_request(token["access_token"],
                                            Keycloak::Admin.full_url("users/"),
                                            nil, user_representation, 'POST')

      user = get_user_info(username, true) if newUser

      credential_representation = { type: "password",
                                    temporary: false,
                                    value: password }

      if user['federationLink'] != nil || Keycloak.generic_request(token["access_token"],
                                                                   Keycloak::Admin.full_url("users/#{user['id']}/reset-password"),
                                                                   nil, credential_representation, 'PUT')

        client = JSON Keycloak.generic_request(token["access_token"],
                                               Keycloak::Admin.full_url("clients/"),
                                               { clientId: Keycloak::Client.client_id }, nil, 'GET')

        if client_roles_names.count > 0
          roles = []
          client_roles_names.each do |r|
            if r.present?
              role = JSON Keycloak.generic_request(token["access_token"],
                                                  Keycloak::Admin.full_url("clients/#{client[0]['id']}/roles/#{r}"),
                                                  nil, nil, 'GET')
              roles.push(role)
            end
          end

          if roles.count > 0
            Keycloak.generic_request(token["access_token"],
                                    Keycloak::Admin.full_url("users/#{user['id']}/role-mappings/clients/#{client[0]['id']}"),
                                    nil, roles, 'POST')
          end
        end

        if realm_roles_names.count > 0
          roles = []
          realm_roles_names.each do |r|
            if r.present?
              role = JSON Keycloak.generic_request(token["access_token"],
                                                  Keycloak::Admin.full_url("roles/#{r}"),
                                                  nil, nil, 'GET')
              roles.push(role)
            end
          end

          if roles.count > 0
            Keycloak.generic_request(token["access_token"],
                                    Keycloak::Admin.full_url("users/#{user['id']}/role-mappings/realm"),
                                    nil, roles, 'POST')
          end
        else
          true
        end
      end
    end
  }

  if default_call(proc_default)
    proc.call user unless proc.nil?
  end
end

.create_starter_user(username, password, email, client_roles_names, proc = nil) ⇒ `Object`



716
717
718

# File 'lib/keycloak.rb', line 716

def self.create_starter_user(username, password, email, client_roles_names, proc = nil)
  Keycloak::Internal.create_simple_user(username, password, email, '', '', [], client_roles_names, proc)
end

.exists_name_or_email(value, user_id = '') ⇒ `Object`

# File 'lib/keycloak.rb', line 616

def self.exists_name_or_email(value, user_id = '')
  begin
    usuario = Keycloak::Internal.get_user_info(value, true)
    if user_id.empty? || user_id != usuario['id']
      usuario.present?
    else
      false
    end
  rescue StandardError
    false
  end
end

.forgot_password(user_login, redirect_uri = '') ⇒ `Object`

# File 'lib/keycloak.rb', line 561

def self.forgot_password(user_login, redirect_uri = '')
  user = get_user_info(user_login, true)
  change_password(user['id'], redirect_uri)
end

.get_client_roles ⇒ `Object`

# File 'lib/keycloak.rb', line 720

def self.get_client_roles
  proc = lambda {|token|
    client = JSON Keycloak::Admin.get_clients({ clientId: Keycloak::Client.client_id }, token["access_token"])

    Keycloak.generic_request(token["access_token"],
                             Keycloak::Admin.full_url("clients/#{client[0]['id']}/roles"),
                             nil, nil, 'GET')
  }

  default_call(proc)
end

.get_client_user_roles(user_id) ⇒ `Object`

# File 'lib/keycloak.rb', line 732

def self.get_client_user_roles(user_id)
  proc = lambda {|token|
    client = JSON Keycloak::Admin.get_clients({ clientId: Keycloak::Client.client_id }, token["access_token"])
    Keycloak::Admin.get_effective_client_level_role_composite_user(user_id, client[0]['id'], token["access_token"])
  }

  default_call(proc)
end

.get_logged_user_info ⇒ `Object`

# File 'lib/keycloak.rb', line 566

def self.get_logged_user_info
  proc = lambda {|token|
    userinfo = JSON Keycloak::Client.get_userinfo
    Keycloak.generic_request(token["access_token"],
                             Keycloak::Admin.full_url("users/#{userinfo['sub']}"),
                             nil, nil, 'GET')
  }

  default_call(proc)
end

.get_user_info(user_login, whole_word = false) ⇒ `Object`

# File 'lib/keycloak.rb', line 577

def self.get_user_info(user_login, whole_word = false)
  proc = lambda { |token|
    if user_login.index('@').nil?
      search = {:username => user_login}
    else
      search = {:email => user_login}
    end
    users = JSON Keycloak.generic_request(token["access_token"],
                                          Keycloak::Admin.full_url("users/"),
                                          search, nil, 'GET')
    users[0]
    if users.count.zero?
      raise Keycloak::UserLoginNotFound
    else
      efective_index = -1
      users.each_with_index do |user, i|
        if whole_word
          efective_index = i if user_login == user['username'] || user_login == user['email']
        else
          efective_index = 0
        end
        break if efective_index >= 0
      end

      if efective_index >= 0
        if whole_word
          users[efective_index]
        else
          users
        end
      else
        raise Keycloak::UserLoginNotFound
      end
    end
  }

  default_call(proc)
end

.get_users(query_parameters = nil) ⇒ `Object`

# File 'lib/keycloak.rb', line 541

def self.get_users(query_parameters = nil)
  proc = lambda {|token|
    Keycloak::Admin.get_users(query_parameters, token["access_token"])
  }

  default_call(proc)
end

.has_role?(user_id, user_role) ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/keycloak.rb', line 741

def self.has_role?(user_id, user_role)
  roles = JSON get_client_user_roles(user_id)
  if !roles.nil?
    roles.each do |role|
      return true if role['name'].to_s == user_role.to_s
    end
    false
  else
    false
  end
end

.logged_federation_user? ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/keycloak.rb', line 629

def self.logged_federation_user?
  info = get_logged_user_info
  info['federationLink'] != nil
end

Module: Keycloak::Internal

Class Method Summary collapse

Methods included from Admin

Class Method Details

.change_password(user_id, redirect_uri = '') ⇒ Object

.create_simple_user(username, password, email, first_name, last_name, realm_roles_names, client_roles_names, proc = nil) ⇒ Object

.create_starter_user(username, password, email, client_roles_names, proc = nil) ⇒ Object

.exists_name_or_email(value, user_id = '') ⇒ Object

.forgot_password(user_login, redirect_uri = '') ⇒ Object

.get_client_roles ⇒ Object

.get_client_user_roles(user_id) ⇒ Object

.get_logged_user_info ⇒ Object

.get_user_info(user_login, whole_word = false) ⇒ Object

.get_users(query_parameters = nil) ⇒ Object

.has_role?(user_id, user_role) ⇒ Boolean

.logged_federation_user? ⇒ Boolean

.change_password(user_id, redirect_uri = '') ⇒ `Object`

.create_simple_user(username, password, email, first_name, last_name, realm_roles_names, client_roles_names, proc = nil) ⇒ `Object`

.create_starter_user(username, password, email, client_roles_names, proc = nil) ⇒ `Object`

.exists_name_or_email(value, user_id = '') ⇒ `Object`

.forgot_password(user_login, redirect_uri = '') ⇒ `Object`

.get_client_roles ⇒ `Object`

.get_client_user_roles(user_id) ⇒ `Object`

.get_logged_user_info ⇒ `Object`

.get_user_info(user_login, whole_word = false) ⇒ `Object`

.get_users(query_parameters = nil) ⇒ `Object`

.has_role?(user_id, user_role) ⇒ `Boolean`

.logged_federation_user? ⇒ `Boolean`