mirror of
https://github.com/documize/community.git
synced 2025-07-21 14:19:43 +02:00
keycloak aiurth service JS code refactoring
This commit is contained in:
Harvey Kandola
parent
0f9d673eb5
commit
0fedfb199b
7 changed files with 88 additions and 79 deletions
|
|
@ -19,52 +19,43 @@ export default Ember.Route.extend({
|
||||||
localStorage: Ember.inject.service(),
|
localStorage: Ember.inject.service(),
|
||||||
queryParams: {
|
queryParams: {
|
||||||
mode: {
|
mode: {
|
||||||
refreshModel: false
|
refreshModel: true
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
message: '',
|
||||||
|
|
||||||
beforeModel(transition) {
|
beforeModel(transition) {
|
||||||
this.set('mode', is.not.undefined(transition.queryParams.mode) ? transition.queryParams.mode : 'login');
|
return new Ember.RSVP.Promise((resolve) => {
|
||||||
if (this.get('appMeta.authProvider') !== constants.AuthProvider.Keycloak) {
|
this.set('mode', is.not.undefined(transition.queryParams.mode) ? transition.queryParams.mode : 'reject');
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (this.get('mode') === 'reject') {
|
if (this.get('mode') === 'reject' || this.get('appMeta.authProvider') !== constants.AuthProvider.Keycloak) {
|
||||||
return;
|
resolve();
|
||||||
}
|
|
||||||
|
|
||||||
this.get('kcAuth').boot().then((kc) => {
|
|
||||||
if (!kc.authenticated) {
|
|
||||||
this.get('kcAuth').login().then(() => {
|
|
||||||
}, (reject) => {
|
|
||||||
this.get('localStorage').storeSessionItem('kc-error', reject);
|
|
||||||
this.set('mode', 'reject');
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
|
|
||||||
this.get('kcAuth').fetchProfile(kc).then((profile) => {
|
this.get('kcAuth').fetchProfile().then((profile) => {
|
||||||
let data = this.get('kcAuth').mapProfile(kc, profile);
|
let data = this.get('kcAuth').mapProfile(profile);
|
||||||
this.get("session").authenticate('authenticator:keycloak', data).then(() => {
|
|
||||||
this.get('audit').record("logged-in-keycloak");
|
|
||||||
this.transitionTo('folders');
|
|
||||||
}, (reject) => {
|
|
||||||
this.get('localStorage').storeSessionItem('kc-error', reject);
|
|
||||||
this.set('mode', 'reject');
|
|
||||||
});
|
|
||||||
|
|
||||||
}, (reject) => {
|
this.get("session").authenticate('authenticator:keycloak', data).then(() => {
|
||||||
this.get('localStorage').storeSessionItem('kc-error', reject);
|
this.get('audit').record("logged-in-keycloak");
|
||||||
this.set('mode', 'reject');
|
this.transitionTo('folders');
|
||||||
});
|
}, (reject) => {
|
||||||
}, (reject) => {
|
this.set('message', reject.Error);
|
||||||
this.get('localStorage').storeSessionItem('kc-error', reject);
|
this.set('mode', 'reject');
|
||||||
this.set('mode', 'reject');
|
resolve();
|
||||||
|
});
|
||||||
|
|
||||||
|
}, (reject) => {
|
||||||
|
this.set('mode', 'reject');
|
||||||
|
this.set('message', reject);
|
||||||
|
resolve();
|
||||||
|
});
|
||||||
});
|
});
|
||||||
},
|
},
|
||||||
|
|
||||||
model() {
|
model() {
|
||||||
return {
|
return {
|
||||||
mode: this.get('mode')
|
mode: this.get('mode'),
|
||||||
|
message: this.get('message')
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@
|
||||||
|
|
||||||
{{#if (is-equal model.mode 'reject')}}
|
{{#if (is-equal model.mode 'reject')}}
|
||||||
<div class="sso-box">
|
<div class="sso-box">
|
||||||
<p>Keycloak Authentication Failure</p>
|
<p>Keycloak authentication failure</p>
|
||||||
|
<p>{{model.message}}</p>
|
||||||
</div>
|
</div>
|
||||||
{{/if}}
|
{{/if}}
|
||||||
|
|
|
||||||
|
|
@ -18,30 +18,31 @@ export default Ember.Route.extend({
|
||||||
localStorage: Ember.inject.service(),
|
localStorage: Ember.inject.service(),
|
||||||
showLogin: false,
|
showLogin: false,
|
||||||
|
|
||||||
beforeModel(/*transition*/) {
|
beforeModel(transition) {
|
||||||
let authProvider = this.get('appMeta.authProvider');
|
return new Ember.RSVP.Promise((resolve) => {
|
||||||
|
let authProvider = this.get('appMeta.authProvider');
|
||||||
|
|
||||||
switch (authProvider) {
|
switch (authProvider) {
|
||||||
case constants.AuthProvider.Keycloak:
|
case constants.AuthProvider.Keycloak:
|
||||||
this.set('showLogin', false);
|
this.set('showLogin', false);
|
||||||
|
|
||||||
this.get('kcAuth').boot().then(() => {
|
|
||||||
this.get('kcAuth').login().then(() => {
|
this.get('kcAuth').login().then(() => {
|
||||||
|
this.transitionTo('auth.keycloak', { queryParams: { mode: 'login' }});
|
||||||
|
resolve();
|
||||||
}, (reject) => {
|
}, (reject) => {
|
||||||
this.get('localStorage').storeSessionItem('kc-error', reject);
|
transition.abort();
|
||||||
|
console.log (reject); // eslint-disable-line no-console
|
||||||
this.transitionTo('auth.keycloak', { queryParams: { mode: 'reject' }});
|
this.transitionTo('auth.keycloak', { queryParams: { mode: 'reject' }});
|
||||||
});
|
});
|
||||||
}, (reject) => {
|
|
||||||
this.get('localStorage').storeSessionItem('kc-error', reject);
|
|
||||||
this.transitionTo('auth.keycloak', { queryParams: { mode: 'reject' }});
|
|
||||||
});
|
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
this.set('showLogin', true);
|
this.set('showLogin', true);
|
||||||
break;
|
resolve();
|
||||||
}
|
break;
|
||||||
|
}
|
||||||
|
});
|
||||||
},
|
},
|
||||||
|
|
||||||
model() {
|
model() {
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,7 @@ const {
|
||||||
export default Ember.Service.extend({
|
export default Ember.Service.extend({
|
||||||
ajax: service(),
|
ajax: service(),
|
||||||
localStorage: service(),
|
localStorage: service(),
|
||||||
|
kcAuth: service(),
|
||||||
endpoint: `${config.apiHost}/${config.apiNamespace}`,
|
endpoint: `${config.apiHost}/${config.apiNamespace}`,
|
||||||
orgId: '',
|
orgId: '',
|
||||||
title: '',
|
title: '',
|
||||||
|
|
@ -64,6 +64,7 @@ export default Ember.Service.extend({
|
||||||
|
|
||||||
return this.get('ajax').request('public/meta').then((response) => {
|
return this.get('ajax').request('public/meta').then((response) => {
|
||||||
this.setProperties(response);
|
this.setProperties(response);
|
||||||
|
|
||||||
return response;
|
return response;
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -22,16 +22,26 @@ export default Ember.Service.extend({
|
||||||
ajax: service(),
|
ajax: service(),
|
||||||
appMeta: service(),
|
appMeta: service(),
|
||||||
keycloak: null,
|
keycloak: null,
|
||||||
|
config: {},
|
||||||
init () {
|
|
||||||
this._super(...arguments);
|
|
||||||
this.keycloak = null;
|
|
||||||
},
|
|
||||||
|
|
||||||
boot() {
|
boot() {
|
||||||
this.set('keycloak', new Keycloak(JSON.parse(this.get('appMeta.authConfig'))));
|
|
||||||
|
|
||||||
return new Ember.RSVP.Promise((resolve, reject) => {
|
return new Ember.RSVP.Promise((resolve, reject) => {
|
||||||
|
if (is.not.undefined(this.get('keycloak')) && is.not.null(this.get('keycloak')) ) {
|
||||||
|
resolve(this.get('keycloak'));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
let keycloak = new Keycloak(JSON.parse(this.get('appMeta.authConfig')));
|
||||||
|
this.set('keycloak', keycloak);
|
||||||
|
|
||||||
|
keycloak.onTokenExpired = function () {
|
||||||
|
keycloak.clearToken();
|
||||||
|
};
|
||||||
|
|
||||||
|
keycloak.onAuthRefreshError = function () {
|
||||||
|
keycloak.clearToken();
|
||||||
|
};
|
||||||
|
|
||||||
this.get('keycloak').init().success(() => {
|
this.get('keycloak').init().success(() => {
|
||||||
this.get('audit').record("initialized-keycloak");
|
this.get('audit').record("initialized-keycloak");
|
||||||
resolve(this.get('keycloak'));
|
resolve(this.get('keycloak'));
|
||||||
|
|
@ -42,12 +52,11 @@ export default Ember.Service.extend({
|
||||||
},
|
},
|
||||||
|
|
||||||
login() {
|
login() {
|
||||||
this.set('keycloak', new Keycloak(JSON.parse(this.get('appMeta.authConfig'))));
|
|
||||||
let url = netUtil.getAppUrl(netUtil.getSubdomain()) + '/auth/keycloak?mode=login';
|
|
||||||
|
|
||||||
return new Ember.RSVP.Promise((resolve, reject) => {
|
return new Ember.RSVP.Promise((resolve, reject) => {
|
||||||
this.boot().then(() => {
|
this.boot().then((keycloak) => {
|
||||||
this.get('keycloak').login({redirectUri: url}).success(() => {
|
let url = netUtil.getAppUrl(netUtil.getSubdomain()) + '/auth/keycloak?mode=login';
|
||||||
|
|
||||||
|
keycloak.login({redirectUri: url}).success(() => {
|
||||||
return resolve();
|
return resolve();
|
||||||
}).error(() => {
|
}).error(() => {
|
||||||
return reject(new Error('login failed'));
|
return reject(new Error('login failed'));
|
||||||
|
|
@ -57,37 +66,35 @@ export default Ember.Service.extend({
|
||||||
},
|
},
|
||||||
|
|
||||||
logout() {
|
logout() {
|
||||||
this.set('keycloak', new Keycloak(JSON.parse(this.get('appMeta.authConfig'))));
|
|
||||||
|
|
||||||
return new Ember.RSVP.Promise((resolve, reject) => {
|
return new Ember.RSVP.Promise((resolve, reject) => {
|
||||||
this.boot().then(() => {
|
this.boot().then((keycloak) => {
|
||||||
this.get('keycloak').logout(JSON.parse(this.get('appMeta.authConfig'))).success(() => {
|
keycloak.logout(JSON.parse(this.get('appMeta.authConfig'))).success(() => {
|
||||||
this.get('keycloak').clearToken();
|
this.get('keycloak').clearToken();
|
||||||
resolve();
|
resolve();
|
||||||
}).error((error) => {
|
}).error((error) => {
|
||||||
this.get('keycloak').clearToken();
|
this.get('keycloak').clearToken();
|
||||||
reject(error);
|
reject(error);
|
||||||
});
|
});
|
||||||
}, (error) => {
|
|
||||||
reject(error);
|
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
},
|
},
|
||||||
|
|
||||||
fetchProfile(kc) {
|
fetchProfile() {
|
||||||
return new Ember.RSVP.Promise((resolve, reject) => {
|
return new Ember.RSVP.Promise((resolve, reject) => {
|
||||||
kc.loadUserProfile().success((profile) => {
|
this.boot().then((keycloak) => {
|
||||||
return resolve(profile);
|
keycloak.loadUserProfile().success((profile) => {
|
||||||
}).error((err) => {
|
resolve(profile);
|
||||||
return reject(err);
|
}).error((err) => {
|
||||||
|
reject(err);
|
||||||
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
},
|
},
|
||||||
|
|
||||||
mapProfile(kc, profile) {
|
mapProfile(profile) {
|
||||||
return {
|
return {
|
||||||
domain: '',
|
domain: '',
|
||||||
token: kc.token,
|
token: this.get('keycloak').token,
|
||||||
remoteId: is.null(profile.id) || is.undefined(profile.id) ? profile.email: profile.id,
|
remoteId: is.null(profile.id) || is.undefined(profile.id) ? profile.email: profile.id,
|
||||||
email: is.null(profile.email) || is.undefined(profile.email) ? '': profile.email,
|
email: is.null(profile.email) || is.undefined(profile.email) ? '': profile.email,
|
||||||
username: is.null(profile.username) || is.undefined(profile.username) ? '': profile.username,
|
username: is.null(profile.username) || is.undefined(profile.username) ? '': profile.username,
|
||||||
|
|
|
||||||
|
|
@ -89,7 +89,7 @@ func AuthenticateKeycloak(w http.ResponseWriter, r *http.Request) {
|
||||||
// Decode and verify Keycloak JWT
|
// Decode and verify Keycloak JWT
|
||||||
claims, err := decodeKeycloakJWT(a.Token, pk)
|
claims, err := decodeKeycloakJWT(a.Token, pk)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
writeServerError(w, method, err)
|
util.WriteRequestError(w, err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -146,7 +146,6 @@ func WriteMarshalError(w http.ResponseWriter, err error) {
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
w.WriteHeader(http.StatusBadRequest)
|
||||||
_, err2 := w.Write([]byte("{Error: 'JSON marshal failed'}"))
|
_, err2 := w.Write([]byte("{Error: 'JSON marshal failed'}"))
|
||||||
log.IfErr(err2)
|
log.IfErr(err2)
|
||||||
log.Error("Failed to JSON marshal", err)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// WriteJSON serializes data as JSON to HTTP response.
|
// WriteJSON serializes data as JSON to HTTP response.
|
||||||
|
|
@ -165,6 +164,15 @@ func WriteJSON(w http.ResponseWriter, v interface{}) {
|
||||||
log.IfErr(err)
|
log.IfErr(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// WriteRequestError sends custom error message.
|
||||||
|
func WriteRequestError(w http.ResponseWriter, msg string) {
|
||||||
|
w.Header().Set("Content-Type", "application/json; charset=utf-8")
|
||||||
|
w.WriteHeader(http.StatusBadRequest)
|
||||||
|
|
||||||
|
_, err := w.Write([]byte(fmt.Sprintf("{Error: '%s'}", msg)))
|
||||||
|
log.IfErr(err)
|
||||||
|
}
|
||||||
|
|
||||||
// WriteBadLicense writes 402 when license is invalid
|
// WriteBadLicense writes 402 when license is invalid
|
||||||
func WriteBadLicense(w http.ResponseWriter) {
|
func WriteBadLicense(w http.ResponseWriter) {
|
||||||
w.Header().Set("Content-Type", "application/json; charset=utf-8")
|
w.Header().Set("Content-Type", "application/json; charset=utf-8")
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue