Module: Keycloak::Internal

Includes:
Admin
Defined in:
lib/keycloak.rb

Class Method Summary collapse

Methods included from Admin

add_client_level_roles_to_user, count_users, create_user, delete_client_level_roles_from_user, delete_user, generic_delete, generic_get, generic_post, generic_put, get_all_roles_client, get_client_level_role_for_user_and_app, get_clients, get_effective_client_level_role_composite_user, get_role_mappings, get_roles_client_by_name, get_user, get_users_client_by_role_name, reset_password, revoke_consent_user, update_account_email, update_effective_user_roles, update_user

Class Method Details

.change_password(user_id, redirect_uri = '', client_id = '', secret = '') ⇒ Object


661
662
663
664
665
666
667
668
669
670
671
672
673
674
# File 'lib/keycloak.rb', line 661

def self.change_password(user_id, redirect_uri = '', client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  proc = lambda {|token|
    Keycloak.generic_request(token['access_token'],
                             Keycloak::Admin.full_url("users/#{user_id}/execute-actions-email"),
                             { redirect_uri: redirect_uri, client_id: client_id },
                             ['UPDATE_PASSWORD'],
                             'PUT')
  }

  default_call(proc, client_id, secret)
end

.create_simple_user(username, password, email, first_name, last_name, realm_roles_names, client_roles_names, proc = nil, client_id = '', secret = '') ⇒ Object


763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
# File 'lib/keycloak.rb', line 763

def self.create_simple_user(username, password, email, first_name, last_name, realm_roles_names, client_roles_names, proc = nil, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  begin
    username.downcase!
    user = (username, true, client_id, secret)
    new_user = false
  rescue Keycloak::UserLoginNotFound
    new_user = true
  rescue
    raise
  end

  proc_default = lambda { |token|
    user_representation = { username: username,
                            email: email,
                            firstName: first_name,
                            lastName: last_name,
                            enabled: true }

    if !new_user || Keycloak.generic_request(token["access_token"],
                                            Keycloak::Admin.full_url("users/"),
                                            nil, user_representation, 'POST')

      user = (username, true, client_id, secret) if new_user

      credential_representation = { type: "password",
                                    temporary: false,
                                    value: password }

      if user['federationLink'] != nil || Keycloak.generic_request(token["access_token"],
                                                                   Keycloak::Admin.full_url("users/#{user['id']}/reset-password"),
                                                                   nil, credential_representation, 'PUT')

        client = JSON Keycloak.generic_request(token["access_token"],
                                               Keycloak::Admin.full_url("clients/"),
                                               { clientId: client_id }, nil, 'GET')

        if client_roles_names.count > 0
          roles = []
          client_roles_names.each do |r|
            unless isempty?(r)
              role = JSON Keycloak.generic_request(token["access_token"],
                                                  Keycloak::Admin.full_url("clients/#{client[0]['id']}/roles/#{r}"),
                                                  nil, nil, 'GET')
              roles.push(role)
            end
          end

          if roles.count > 0
            Keycloak.generic_request(token["access_token"],
                                    Keycloak::Admin.full_url("users/#{user['id']}/role-mappings/clients/#{client[0]['id']}"),
                                    nil, roles, 'POST')
          end
        end

        if realm_roles_names.count > 0
          roles = []
          realm_roles_names.each do |r|
            unless isempty?(r)
              role = JSON Keycloak.generic_request(token["access_token"],
                                                  Keycloak::Admin.full_url("roles/#{r}"),
                                                  nil, nil, 'GET')
              roles.push(role)
            end
          end

          if roles.count > 0
            Keycloak.generic_request(token["access_token"],
                                    Keycloak::Admin.full_url("users/#{user['id']}/role-mappings/realm"),
                                    nil, roles, 'POST')
          end
        else
          true
        end
      end
    end
  }

  if default_call(proc_default, client_id, secret)
    proc.call user unless proc.nil?
  end
end

.create_starter_user(username, password, email, client_roles_names, proc = nil, client_id = '', secret = '') ⇒ Object


848
849
850
851
852
# File 'lib/keycloak.rb', line 848

def self.create_starter_user(username, password, email, client_roles_names, proc = nil, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)
  Keycloak::Internal.create_simple_user(username, password, email, '', '', [], client_roles_names, proc, client_id, secret)
end

.exists_name_or_email(value, user_id = '', client_id = '', secret = '') ⇒ Object


740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
# File 'lib/keycloak.rb', line 740

def self.exists_name_or_email(value, user_id = '', client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  begin
    usuario = Keycloak::Internal.(value, true, client_id, secret)
    if user_id.empty? || user_id != usuario['id']
      !isempty?(usuario)
    else
      false
    end
  rescue StandardError
    false
  end
end

.forgot_password(user_login, redirect_uri = '', client_id = '', secret = '') ⇒ Object


676
677
678
679
680
681
682
# File 'lib/keycloak.rb', line 676

def self.forgot_password(, redirect_uri = '', client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  user = (, true, client_id, secret)
  change_password(user['id'], redirect_uri, client_id, secret)
end

.get_client_roles(client_id = '', secret = '') ⇒ Object


854
855
856
857
858
859
860
861
862
863
864
865
866
867
# File 'lib/keycloak.rb', line 854

def self.get_client_roles(client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  proc = lambda {|token|
    client = JSON Keycloak::Admin.get_clients({ clientId: client_id }, token['access_token'])

    Keycloak.generic_request(token['access_token'],
                             Keycloak::Admin.full_url("clients/#{client[0]['id']}/roles"),
                             nil, nil, 'GET')
  }

  default_call(proc, client_id, secret)
end

.get_client_user_roles(user_id, client_id = '', secret = '') ⇒ Object


869
870
871
872
873
874
875
876
877
878
879
# File 'lib/keycloak.rb', line 869

def self.get_client_user_roles(user_id, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  proc = lambda {|token|
    client = JSON Keycloak::Admin.get_clients({ clientId: client_id }, token["access_token"])
    Keycloak::Admin.get_effective_client_level_role_composite_user(user_id, client[0]['id'], token["access_token"])
  }

  default_call(proc, client_id, secret)
end

.get_groups(query_parameters = nil, client_id = '', secret = '') ⇒ Object


628
629
630
631
632
633
634
635
636
637
# File 'lib/keycloak.rb', line 628

def self.get_groups(query_parameters = nil, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  proc = lambda { |token|
    Keycloak::Admin.get_groups(query_parameters, token['access_token'])
  }

  default_call(proc, client_id, secret)
end

.get_groups_by_role_name(role_name, query_parameters = nil, client_id = '', secret = '') ⇒ Object


639
640
641
642
643
644
645
646
647
648
# File 'lib/keycloak.rb', line 639

def self.get_groups_by_role_name(role_name, query_parameters = nil, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  proc = lambda do |token|
    Keycloak::Admin.get_groups_by_role_name(role_name, query_parameters, token['access_token'])
  end

  default_call(proc, client_id, secret)
end

.get_logged_user_info(client_id = '', secret = '') ⇒ Object


684
685
686
687
688
689
690
691
692
693
694
695
696
# File 'lib/keycloak.rb', line 684

def self.(client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  proc = lambda {|token|
    userinfo = JSON Keycloak::Client.get_userinfo
    Keycloak.generic_request(token['access_token'],
                             Keycloak::Admin.full_url("users/#{userinfo['sub']}"),
                             nil, nil, 'GET')
  }

  default_call(proc, client_id, secret)
end

.get_user_info(user_login, whole_word = false, client_id = '', secret = '') ⇒ Object


698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
# File 'lib/keycloak.rb', line 698

def self.(, whole_word = false, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  proc = lambda { |token|
    if .index('@').nil?
      search = {:username => }
    else
      search = {:email => }
    end
    users = JSON Keycloak.generic_request(token["access_token"],
                                          Keycloak::Admin.full_url("users/"),
                                          search, nil, 'GET')
    users[0]
    if users.count.zero?
      raise Keycloak::UserLoginNotFound
    else
      efective_index = -1
      users.each_with_index do |user, i|
        if whole_word
          efective_index = i if  == user['username'] ||  == user['email']
        else
          efective_index = 0
        end
        break if efective_index >= 0
      end

      if efective_index >= 0
        if whole_word
          users[efective_index]
        else
          users
        end
      else
        raise Keycloak::UserLoginNotFound
      end
    end
  }

  default_call(proc, client_id, secret)
end

.get_users(query_parameters = nil, client_id = '', secret = '') ⇒ Object


606
607
608
609
610
611
612
613
614
615
# File 'lib/keycloak.rb', line 606

def self.get_users(query_parameters = nil, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  proc = lambda {|token|
    Keycloak::Admin.get_users(query_parameters, token['access_token'])
  }

  default_call(proc, client_id, secret)
end

.get_users_by_group(id, query_parameters = nil, client_id = '', secret = '') ⇒ Object


650
651
652
653
654
655
656
657
658
659
# File 'lib/keycloak.rb', line 650

def self.get_users_by_group(id, query_parameters = nil, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  proc = lambda do |token|
    Keycloak::Admin.get_users_by_group(id, query_parameters, token['access_token'])
  end

  default_call(proc, client_id, secret)
end

.get_users_by_role_name(role_name, query_parameters = nil, client_id = '', secret = '') ⇒ Object


617
618
619
620
621
622
623
624
625
626
# File 'lib/keycloak.rb', line 617

def self.get_users_by_role_name(role_name, query_parameters = nil, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  proc = lambda do |token|
    Keycloak::Admin.get_users_by_role_name(role_name, query_parameters, token['access_token'])
  end

  default_call(proc, client_id, secret)
end

.has_role?(user_id, user_role, client_id = '', secret = '') ⇒ Boolean

Returns:

  • (Boolean)

881
882
883
884
885
886
887
888
889
890
891
892
893
894
# File 'lib/keycloak.rb', line 881

def self.has_role?(user_id, user_role, client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)

  roles = JSON get_client_user_roles(user_id, client_id, secret)
  if !roles.nil?
    roles.each do |role|
      return true if role['name'].to_s == user_role.to_s
    end
    false
  else
    false
  end
end

.logged_federation_user?(client_id = '', secret = '') ⇒ Boolean

Returns:

  • (Boolean)

756
757
758
759
760
761
# File 'lib/keycloak.rb', line 756

def self.logged_federation_user?(client_id = '', secret = '')
  client_id = Keycloak::Client.client_id if isempty?(client_id)
  secret = Keycloak::Client.secret if isempty?(secret)
  info = (client_id, secret)
  info['federationLink'] != nil
end