keycloak logout and auth provider switching

2025-07-19 21:29:42 +02:00 · 2017-03-20 13:54:53 +00:00 · 2017-03-20 13:54:53 +00:00 · 0f9d673eb5
commit 0f9d673eb5
parent 8c062d592a
12 changed files with 78 additions and 45 deletions
--- a/README.md
+++ b/README.md
@ -18,7 +18,7 @@ v0.44.0

 ## Tech stack

- EmberJS (v2.11.2)
+- EmberJS (v2.12.0)
 - Go (v1.8)
 - MySQL (v5.7.10+) or Percona (v5.7.16-10+)

@ -38,7 +38,6 @@ Documize is compatible with Auth0 identity as a service.

 [![JWT Auth for open source projects](https://cdn.auth0.com/oss/badges/a0-badge-dark.png)](https://auth0.com/?utm_source=oss&utm_medium=gp&utm_campaign=oss)

-
 Open Source Identity and Access Management

 ## Word Conversion to HTML
--- a/app/app/authenticators/documize.js
+++ b/app/app/authenticators/documize.js
@ -23,6 +23,7 @@ const {
 export default Base.extend({
 	ajax: service(),
 	appMeta: service(),
+	localStorage: service(),

 	restore(data) {
 		// TODO: verify authentication data
@ -57,6 +58,7 @@ export default Base.extend({
 	},

 	invalidate() {
+		this.get('localStorage').clearAll();		
 		return resolve();
 	}
 });
--- a/app/app/authenticators/keycloak.js
+++ b/app/app/authenticators/keycloak.js
@ -22,6 +22,8 @@ const {
 export default Base.extend({
 	ajax: service(),
 	appMeta: service(),
+	kcAuth: service(),
+	localStorage: service(),

 	restore(data) {
 		// TODO: verify authentication data
@ -46,6 +48,7 @@ export default Base.extend({
 	},

 	invalidate() {
-		return resolve();
+		this.get('localStorage').clearAll();		
+		return this.get('kcAuth').logout();
 	}
 });
--- a/app/app/components/auth-settings.js
+++ b/app/app/components/auth-settings.js
@ -18,9 +18,9 @@ const {
 } = Ember;

 export default Ember.Component.extend({
+	appMeta: Ember.inject.service(),
 	isDocumizeProvider: computed.equal('authProvider', constants.AuthProvider.Documize),
 	isKeycloakProvider: computed.equal('authProvider', constants.AuthProvider.Keycloak),
-
 	KeycloakUrlError: computed.empty('keycloakConfig.url'),
 	KeycloakRealmError: computed.empty('keycloakConfig.realm'),
 	KeycloakClientIdError: computed.empty('keycloakConfig.clientId'),
--- a/app/app/pods/auth/keycloak/route.js
+++ b/app/app/pods/auth/keycloak/route.js
@ -25,11 +25,7 @@ export default Ember.Route.extend({

 	beforeModel(transition) {
 		this.set('mode', is.not.undefined(transition.queryParams.mode) ? transition.queryParams.mode : 'login');
-
-		let authProvider = this.get('appMeta.authProvider');
-		let authConfig = this.get('appMeta.authConfig');
-
-		if (authProvider !== constants.AuthProvider.Keycloak) {
+		if (this.get('appMeta.authProvider') !== constants.AuthProvider.Keycloak) {
 			return;
 		}

@ -37,12 +33,12 @@ export default Ember.Route.extend({
 			return;
 		}

-		this.get('kcAuth').boot(JSON.parse(authConfig)).then((kc) => {
+		this.get('kcAuth').boot().then((kc) => {
 			if (!kc.authenticated) {
 				this.get('kcAuth').login().then(() => {
 				}, (reject) => {
 					this.get('localStorage').storeSessionItem('kc-error', reject);
-					this.transitionTo('auth.keycloak', { queryParams: { mode: 'reject' }});
+					this.set('mode', 'reject');
 				});
 			}

@ -53,16 +49,16 @@ export default Ember.Route.extend({
 					this.transitionTo('folders');
 				}, (reject) => {
 					this.get('localStorage').storeSessionItem('kc-error', reject);
-					this.transitionTo('auth.keycloak', { queryParams: { mode: 'reject' }});
+					this.set('mode', 'reject');
 				});

            }, (reject) => {
 				this.get('localStorage').storeSessionItem('kc-error', reject);
-				this.transitionTo('auth.keycloak', { queryParams: { mode: 'reject' }});
+				this.set('mode', 'reject');
            });
 		}, (reject) => {
 			this.get('localStorage').storeSessionItem('kc-error', reject);
-			this.transitionTo('auth.keycloak', { queryParams: { mode: 'reject' }});
+			this.set('mode', 'reject');
 		});
 	},

--- a/app/app/pods/auth/login/route.js
+++ b/app/app/pods/auth/login/route.js
@ -20,13 +20,12 @@ export default Ember.Route.extend({

 	beforeModel(/*transition*/) {
 		let authProvider = this.get('appMeta.authProvider');
-		let authConfig = this.get('appMeta.authConfig');

 		switch (authProvider) {
 			case constants.AuthProvider.Keycloak:
 				this.set('showLogin', false);

-				this.get('kcAuth').boot(JSON.parse(authConfig)).then(() => {
+				this.get('kcAuth').boot().then(() => {
 					this.get('kcAuth').login().then(() => {
 					}, (reject) => {
 						this.get('localStorage').storeSessionItem('kc-error', reject);
--- a/app/app/pods/auth/logout/route.js
+++ b/app/app/pods/auth/logout/route.js
@ -17,18 +17,19 @@ export default Ember.Route.extend({
 	appMeta: Ember.inject.service(),

 	activate: function () {
-		this.get('session').invalidate();
-		this.audit.record("logged-in");
+		this.audit.record("logged-out");
 		this.audit.stop();

-		if (config.environment === 'test') {
-			this.transitionTo('auth.login');
-		} else {
-			if (this.get("appMeta.allowAnonymousAccess")) {
-				this.transitionTo('folders');
-			} else {
+		this.get('session').invalidate().then(() => { 
+			if (config.environment === 'test') {
 				this.transitionTo('auth.login');
+			} else {
+				if (this.get("appMeta.allowAnonymousAccess")) {
+					this.transitionTo('folders');
+				} else {
+					this.transitionTo('auth.login');
+				}
 			}
-		}
+		});
 	}
 });
--- a/app/app/pods/auth/logout/template.hbs
+++ b/app/app/pods/auth/logout/template.hbs
@ -1 +1,4 @@
-{{outlet}}
+<div class="sso-box">
+    <p>Logging out...</p>
+    <img src="/assets/img/busy-gray.gif" />
+</div>
--- a/app/app/pods/customize/auth/controller.js
+++ b/app/app/pods/customize/auth/controller.js
@ -15,6 +15,7 @@ import NotifierMixin from "../../../mixins/notifier";
 export default Ember.Controller.extend(NotifierMixin, {
 	global: Ember.inject.service(),
    appMeta: Ember.inject.service(),
+	session: Ember.inject.service(),

 	actions: {
 		onSave(provider, config) {
@ -23,8 +24,15 @@ export default Ember.Controller.extend(NotifierMixin, {

 				return this.get('global').saveAuthConfig(data).then(() => {
 					this.showNotification('Saved');
-                    this.set('appMeta.authProvider', provider);
-                    this.set('appMeta.authConfig', config);
+					if (provider !== this.get('appMeta.authProvider')) {
+						this.get('session').logout();
+						this.set('appMeta.authProvider', provider);
+						this.set('appMeta.authConfig', config);
+						window.location.href= '/';
+					} else {
+						this.set('appMeta.authProvider', provider);
+						this.set('appMeta.authConfig', config);
+					}
 				});
 			}
 		},
--- a/app/app/services/kc-auth.js
+++ b/app/app/services/kc-auth.js
@ -23,11 +23,16 @@ export default Ember.Service.extend({
 	appMeta: service(),
 	keycloak: null,

-	boot(options) {
-        this.set('keycloak', new Keycloak(options));
+    init () {
+        this._super(...arguments);
+        this.keycloak = null;
+    },
+
+	boot() {
+        this.set('keycloak', new Keycloak(JSON.parse(this.get('appMeta.authConfig'))));

        return new Ember.RSVP.Promise((resolve, reject) => {
-            this.keycloak.init().success(() => {
+            this.get('keycloak').init().success(() => {
 				this.get('audit').record("initialized-keycloak");
                resolve(this.get('keycloak'));
            }).error((err) => {
@ -37,15 +42,35 @@ export default Ember.Service.extend({
    },

 	login() {
+        this.set('keycloak', new Keycloak(JSON.parse(this.get('appMeta.authConfig'))));
 		let url = netUtil.getAppUrl(netUtil.getSubdomain()) + '/auth/keycloak?mode=login';

        return new Ember.RSVP.Promise((resolve, reject) => {
-            if (this.get('keycloak').authenticated) {
-                return resolve(this.get('keycloak'));
-            }
+            this.boot().then(() => {
+                this.get('keycloak').login({redirectUri: url}).success(() => {
+                    return resolve();
+                }).error(() => {
+                    return reject(new Error('login failed'));
+                });            
+            });
+        });
+    },

-            this.get('keycloak').login( {redirectUri: url} );
-            return reject();
+    logout() {
+        this.set('keycloak', new Keycloak(JSON.parse(this.get('appMeta.authConfig'))));
+
+        return new Ember.RSVP.Promise((resolve, reject) => {
+            this.boot().then(() => {
+                this.get('keycloak').logout(JSON.parse(this.get('appMeta.authConfig'))).success(() => {
+                    this.get('keycloak').clearToken();
+                    resolve();
+                }).error((error) => {
+                    this.get('keycloak').clearToken();
+                    reject(error);
+                });
+            }, (error) => {
+                reject(error);
+            });
        });
    },

--- a/app/app/services/session.js
+++ b/app/app/services/session.js
@ -21,7 +21,9 @@ export default SimpleAuthSession.extend({
 	ajax: service(),
 	appMeta: service(),
 	store: service(),
-
+	localStorage: service(),
+	folderPermissions: null,
+	currentFolder: null,
 	isMac: false,
 	isMobile: false,
 	authenticated: computed('user.id', function () {
@ -55,6 +57,7 @@ export default SimpleAuthSession.extend({
 		}
 	}),

-	folderPermissions: null,
-	currentFolder: null
+	logout() {
+		this.get('localStorage').clearAll();
+	}
 });
--- a/core/api/endpoint/keycloak.go
+++ b/core/api/endpoint/keycloak.go
@ -112,12 +112,6 @@ func AuthenticateKeycloak(w http.ResponseWriter, r *http.Request) {
 	if err == sql.ErrNoRows {
 		log.Info("keycloak add user " + a.Email + " @ " + a.Domain)

-		p.Context.Transaction, err = request.Db.Beginx()
-		if err != nil {
-			writeTransactionError(w, method, err)
-			return
-		}
-
 		user = entity.User{}
 		user.Firstname = a.Firstname
 		user.Lastname = a.Lastname