keycloak logout and auth provider switching

2025-07-19 21:29:42 +02:00 · 2017-03-20 13:54:53 +00:00 · 2017-03-20 13:54:53 +00:00 · 0f9d673eb5
commit 0f9d673eb5
parent 8c062d592a
12 changed files with 78 additions and 45 deletions
--- a/README.md
+++ b/README.md
@ -18,7 +18,7 @@ v0.44.0
 ## Tech stack
- EmberJS (v2.11.2)
+- EmberJS (v2.12.0)
 - Go (v1.8)
 - MySQL (v5.7.10+) or Percona (v5.7.16-10+)
@ -38,7 +38,6 @@ Documize is compatible with Auth0 identity as a service.
 [![JWT Auth for open source projects](https://cdn.auth0.com/oss/badges/a0-badge-dark.png)](https://auth0.com/?utm_source=oss&utm_medium=gp&utm_campaign=oss)
 Open Source Identity and Access Management
 ## Word Conversion to HTML
--- a/app/app/authenticators/documize.js
+++ b/app/app/authenticators/documize.js
@ -23,6 +23,7 @@ const {
 export default Base.extend({
 	ajax: service(),
 	appMeta: service(),
 	localStorage: service(),
 	restore(data) {
 		// TODO: verify authentication data
@ -57,6 +58,7 @@ export default Base.extend({
 	},
 	invalidate() {
 		this.get('localStorage').clearAll();		
 		return resolve();
 	}
 });
--- a/app/app/authenticators/keycloak.js
+++ b/app/app/authenticators/keycloak.js
@ -22,6 +22,8 @@ const {
 export default Base.extend({
 	ajax: service(),
 	appMeta: service(),
 	kcAuth: service(),
 	localStorage: service(),
 	restore(data) {
 		// TODO: verify authentication data
@ -46,6 +48,7 @@ export default Base.extend({
 	},
 	invalidate() {
-		return resolve();
+		this.get('localStorage').clearAll();		
 		return this.get('kcAuth').logout();
 	}
 });
--- a/app/app/components/auth-settings.js
+++ b/app/app/components/auth-settings.js
@ -18,9 +18,9 @@ const {
 } = Ember;
 export default Ember.Component.extend({
 	appMeta: Ember.inject.service(),
 	isDocumizeProvider: computed.equal('authProvider', constants.AuthProvider.Documize),
 	isKeycloakProvider: computed.equal('authProvider', constants.AuthProvider.Keycloak),
 	KeycloakUrlError: computed.empty('keycloakConfig.url'),
 	KeycloakRealmError: computed.empty('keycloakConfig.realm'),
 	KeycloakClientIdError: computed.empty('keycloakConfig.clientId'),
--- a/app/app/pods/auth/keycloak/route.js
+++ b/app/app/pods/auth/keycloak/route.js
@ -25,11 +25,7 @@ export default Ember.Route.extend({
 	beforeModel(transition) {
 		this.set('mode', is.not.undefined(transition.queryParams.mode) ? transition.queryParams.mode : 'login');
-
+		if (this.get('appMeta.authProvider') !== constants.AuthProvider.Keycloak) {
 		let authProvider = this.get('appMeta.authProvider');
 		let authConfig = this.get('appMeta.authConfig');
 		if (authProvider !== constants.AuthProvider.Keycloak) {
 			return;
 		}
@ -37,12 +33,12 @@ export default Ember.Route.extend({
 			return;
 		}
-		this.get('kcAuth').boot(JSON.parse(authConfig)).then((kc) => {
+		this.get('kcAuth').boot().then((kc) => {
 			if (!kc.authenticated) {
 				this.get('kcAuth').login().then(() => {
 				}, (reject) => {
 					this.get('localStorage').storeSessionItem('kc-error', reject);
-					this.transitionTo('auth.keycloak', { queryParams: { mode: 'reject' }});
+					this.set('mode', 'reject');
 				});
 			}
@ -53,16 +49,16 @@ export default Ember.Route.extend({
 					this.transitionTo('folders');
 				}, (reject) => {
 					this.get('localStorage').storeSessionItem('kc-error', reject);
-					this.transitionTo('auth.keycloak', { queryParams: { mode: 'reject' }});
+					this.set('mode', 'reject');
 				});
            }, (reject) => {
 				this.get('localStorage').storeSessionItem('kc-error', reject);
-				this.transitionTo('auth.keycloak', { queryParams: { mode: 'reject' }});
+				this.set('mode', 'reject');
            });
 		}, (reject) => {
 			this.get('localStorage').storeSessionItem('kc-error', reject);
-			this.transitionTo('auth.keycloak', { queryParams: { mode: 'reject' }});
+			this.set('mode', 'reject');
 		});
 	},
--- a/app/app/pods/auth/login/route.js
+++ b/app/app/pods/auth/login/route.js
@ -20,13 +20,12 @@ export default Ember.Route.extend({
 	beforeModel(/*transition*/) {
 		let authProvider = this.get('appMeta.authProvider');
 		let authConfig = this.get('appMeta.authConfig');
 		switch (authProvider) {
 			case constants.AuthProvider.Keycloak:
 				this.set('showLogin', false);
-				this.get('kcAuth').boot(JSON.parse(authConfig)).then(() => {
+				this.get('kcAuth').boot().then(() => {
 					this.get('kcAuth').login().then(() => {
 					}, (reject) => {
 						this.get('localStorage').storeSessionItem('kc-error', reject);
--- a/app/app/pods/auth/logout/route.js
+++ b/app/app/pods/auth/logout/route.js
@ -17,10 +17,10 @@ export default Ember.Route.extend({
 	appMeta: Ember.inject.service(),
 	activate: function () {
-		this.get('session').invalidate();
+		this.audit.record("logged-out");
 		this.audit.record("logged-in");
 		this.audit.stop();
 		this.get('session').invalidate().then(() => { 
 			if (config.environment === 'test') {
 				this.transitionTo('auth.login');
 			} else {
@ -30,5 +30,6 @@ export default Ember.Route.extend({
 					this.transitionTo('auth.login');
 				}
 			}
 		});
 	}
 });
--- a/app/app/pods/auth/logout/template.hbs
+++ b/app/app/pods/auth/logout/template.hbs
@ -1 +1,4 @@
-{{outlet}}
+<div class="sso-box">
    <p>Logging out...</p>
    <img src="/assets/img/busy-gray.gif" />
 </div>
--- a/app/app/pods/customize/auth/controller.js
+++ b/app/app/pods/customize/auth/controller.js
@ -15,6 +15,7 @@ import NotifierMixin from "../../../mixins/notifier";
 export default Ember.Controller.extend(NotifierMixin, {
 	global: Ember.inject.service(),
    appMeta: Ember.inject.service(),
 	session: Ember.inject.service(),
 	actions: {
 		onSave(provider, config) {
@ -23,8 +24,15 @@ export default Ember.Controller.extend(NotifierMixin, {
 				return this.get('global').saveAuthConfig(data).then(() => {
 					this.showNotification('Saved');
 					if (provider !== this.get('appMeta.authProvider')) {
 						this.get('session').logout();
 						this.set('appMeta.authProvider', provider);
 						this.set('appMeta.authConfig', config);
 						window.location.href= '/';
 					} else {
 						this.set('appMeta.authProvider', provider);
 						this.set('appMeta.authConfig', config);
 					}
 				});
 			}
 		},
--- a/app/app/services/kc-auth.js
+++ b/app/app/services/kc-auth.js
@ -23,11 +23,16 @@ export default Ember.Service.extend({
 	appMeta: service(),
 	keycloak: null,
-	boot(options) {
+    init () {
-        this.set('keycloak', new Keycloak(options));
+        this._super(...arguments);
        this.keycloak = null;
    },
 	boot() {
        this.set('keycloak', new Keycloak(JSON.parse(this.get('appMeta.authConfig'))));
        return new Ember.RSVP.Promise((resolve, reject) => {
-            this.keycloak.init().success(() => {
+            this.get('keycloak').init().success(() => {
 				this.get('audit').record("initialized-keycloak");
                resolve(this.get('keycloak'));
            }).error((err) => {
@ -37,15 +42,35 @@ export default Ember.Service.extend({
    },
 	login() {
        this.set('keycloak', new Keycloak(JSON.parse(this.get('appMeta.authConfig'))));
 		let url = netUtil.getAppUrl(netUtil.getSubdomain()) + '/auth/keycloak?mode=login';
        return new Ember.RSVP.Promise((resolve, reject) => {
-            if (this.get('keycloak').authenticated) {
+            this.boot().then(() => {
-                return resolve(this.get('keycloak'));
+                this.get('keycloak').login({redirectUri: url}).success(() => {
-            }
+                    return resolve();
                }).error(() => {
                    return reject(new Error('login failed'));
                });            
            });
        });
    },
-            this.get('keycloak').login( {redirectUri: url} );
+    logout() {
-            return reject();
+        this.set('keycloak', new Keycloak(JSON.parse(this.get('appMeta.authConfig'))));
        return new Ember.RSVP.Promise((resolve, reject) => {
            this.boot().then(() => {
                this.get('keycloak').logout(JSON.parse(this.get('appMeta.authConfig'))).success(() => {
                    this.get('keycloak').clearToken();
                    resolve();
                }).error((error) => {
                    this.get('keycloak').clearToken();
                    reject(error);
                });
            }, (error) => {
                reject(error);
            });
        });
    },
--- a/app/app/services/session.js
+++ b/app/app/services/session.js
@ -21,7 +21,9 @@ export default SimpleAuthSession.extend({
 	ajax: service(),
 	appMeta: service(),
 	store: service(),
-
+	localStorage: service(),
 	folderPermissions: null,
 	currentFolder: null,
 	isMac: false,
 	isMobile: false,
 	authenticated: computed('user.id', function () {
@ -55,6 +57,7 @@ export default SimpleAuthSession.extend({
 		}
 	}),
-	folderPermissions: null,
+	logout() {
-	currentFolder: null
+		this.get('localStorage').clearAll();
 	}
 });
--- a/core/api/endpoint/keycloak.go
+++ b/core/api/endpoint/keycloak.go
@ -112,12 +112,6 @@ func AuthenticateKeycloak(w http.ResponseWriter, r *http.Request) {
 	if err == sql.ErrNoRows {
 		log.Info("keycloak add user " + a.Email + " @ " + a.Domain)
 		p.Context.Transaction, err = request.Db.Beginx()
 		if err != nil {
 			writeTransactionError(w, method, err)
 			return
 		}
 		user = entity.User{}
 		user.Firstname = a.Firstname
 		user.Lastname = a.Lastname