1
0
Fork 0
mirror of https://github.com/documize/community.git synced 2025-07-21 06:09:42 +02:00

sync Keycloak users with Documize

This commit is contained in:
Harvey Kandola 2017-03-19 14:25:21 +00:00
parent b2620e80e1
commit 8c062d592a
11 changed files with 178 additions and 55 deletions

View file

@ -111,5 +111,9 @@ export default Ember.Component.extend({
this.get('onSave')(provider, config).then(() => { this.get('onSave')(provider, config).then(() => {
}); });
}, },
onSync() {
this.get('onSync')();
}
} }
}); });

View file

@ -27,6 +27,12 @@ export default Ember.Controller.extend(NotifierMixin, {
this.set('appMeta.authConfig', config); this.set('appMeta.authConfig', config);
}); });
} }
},
onSync() {
return this.get('global').syncExternalUsers().then((response) => {
this.showNotification(response.message);
});
} }
} }
}); });

View file

@ -1 +1 @@
{{auth-settings authProvider=model.authProvider authConfig=model.authConfig onSave=(action 'onSave')}} {{auth-settings authProvider=model.authProvider authConfig=model.authConfig onSave=(action 'onSave') onSync=(action 'onSync')}}

View file

@ -14,6 +14,7 @@ import AuthenticatedRouteMixin from 'ember-simple-auth/mixins/authenticated-rout
export default Ember.Route.extend(AuthenticatedRouteMixin, { export default Ember.Route.extend(AuthenticatedRouteMixin, {
userService: Ember.inject.service('user'), userService: Ember.inject.service('user'),
global: Ember.inject.service('global'),
beforeModel: function () { beforeModel: function () {
if (!this.session.isAdmin) { if (!this.session.isAdmin) {
@ -21,8 +22,14 @@ export default Ember.Route.extend(AuthenticatedRouteMixin, {
} }
}, },
model: function () { model() {
return this.get('userService').getAll(); return new Ember.RSVP.Promise((resolve) => {
this.get('global').syncExternalUsers().then(() => {
this.get('userService').getAll().then((users) =>{
resolve(users);
});
});
});
}, },
activate: function () { activate: function () {

View file

@ -73,5 +73,15 @@ export default Ember.Service.extend({
data: JSON.stringify(config) data: JSON.stringify(config)
}); });
} }
} },
syncExternalUsers() {
if(this.get('sessionService.isGlobalAdmin')) {
return this.get('ajax').request(`users/sync`, {
method: 'GET'
}).then((response) => {
return response;
});
}
},
}); });

View file

@ -48,4 +48,6 @@
{{/if}} {{/if}}
<div class="regular-button button-blue" {{action 'onSave'}}>save</div> <div class="regular-button button-blue" {{action 'onSave'}}>save</div>
<div class="button-gap" />
<div class="regular-button button-green" {{action 'onSync'}}>sync users</div>
</form> </form>

View file

@ -28,6 +28,7 @@ import (
"github.com/documize/community/core/api/util" "github.com/documize/community/core/api/util"
"github.com/documize/community/core/log" "github.com/documize/community/core/log"
"github.com/documize/community/core/utility" "github.com/documize/community/core/utility"
"sort"
"strconv" "strconv"
) )
@ -117,7 +118,15 @@ func AuthenticateKeycloak(w http.ResponseWriter, r *http.Request) {
return return
} }
user, err = addUser(p, a) user = entity.User{}
user.Firstname = a.Firstname
user.Lastname = a.Lastname
user.Email = a.Email
user.Initials = utility.MakeInitials(user.Firstname, user.Lastname)
user.Salt = util.GenerateSalt()
user.Password = util.GeneratePassword(util.GenerateRandomPassword(), user.Salt)
err = addUser(p, &user)
if err != nil { if err != nil {
writeServerError(w, method, err) writeServerError(w, method, err)
return return
@ -162,32 +171,100 @@ func AuthenticateKeycloak(w http.ResponseWriter, r *http.Request) {
return return
} }
err = SyncUsers(ac)
if err != nil {
log.Error("su", err)
}
writeSuccessBytes(w, json) writeSuccessBytes(w, json)
} }
// Helper method to setup user account in Documize using Keycloak provided user data. // SyncKeycloak gets list of Keycloak users and inserts new users into Documize
func addUser(p request.Persister, a keycloakAuthRequest) (u entity.User, err error) { // and marks Keycloak disabled users as inactive.
u.Firstname = a.Firstname func SyncKeycloak(w http.ResponseWriter, r *http.Request) {
u.Lastname = a.Lastname p := request.GetPersister(r)
u.Email = a.Email
u.Initials = utility.MakeInitials(a.Firstname, a.Lastname)
u.Salt = util.GenerateSalt()
u.Password = util.GeneratePassword(util.GenerateRandomPassword(), u.Salt)
if !p.Context.Administrator {
writeForbiddenError(w)
return
}
var result struct {
Message string `json:"message"`
}
// Org contains raw auth provider config
org, err := p.GetOrganization(p.Context.OrgID)
if err != nil {
result.Message = "Unable to get organization record"
log.Error(result.Message, err)
util.WriteJSON(w, result)
return
}
// Make Keycloak auth provider config
c := keycloakConfig{}
err = json.Unmarshal([]byte(org.AuthConfig), &c)
if err != nil {
result.Message = "Unable process Keycloak public key"
log.Error(result.Message, err)
util.WriteJSON(w, result)
return
}
// User list from Keycloak
kcUsers, err := KeycloakUsers(c)
if err != nil {
result.Message = "Unable to fetch Keycloak users: " + err.Error()
log.Error(result.Message, err)
util.WriteJSON(w, result)
return
}
// User list from Documize
dmzUsers, err := p.GetUsersForOrganization()
if err != nil {
result.Message = "Unable to fetch Documize users"
log.Error(result.Message, err)
util.WriteJSON(w, result)
return
}
sort.Slice(kcUsers, func(i, j int) bool { return kcUsers[i].Email < kcUsers[j].Email })
sort.Slice(dmzUsers, func(i, j int) bool { return dmzUsers[i].Email < dmzUsers[j].Email })
insert := []entity.User{}
for _, k := range kcUsers {
exists := false
for _, d := range dmzUsers {
if k.Email == d.Email {
exists = true
}
}
if !exists {
insert = append(insert, k)
}
}
// Insert new users into Documize
for _, u := range insert {
err = addUser(p, &u)
}
result.Message = fmt.Sprintf("Keycloak sync'ed %d users, %d new additions", len(kcUsers), len(insert))
log.Info(result.Message)
util.WriteJSON(w, result)
}
// Helper method to setup user account in Documize using Keycloak provided user data.
func addUser(p request.Persister, u *entity.User) (err error) {
// only create account if not dupe // only create account if not dupe
addUser := true addUser := true
addAccount := true addAccount := true
var userID string var userID string
userDupe, err := p.GetUserByEmail(a.Email) userDupe, err := p.GetUserByEmail(u.Email)
if err != nil && err != sql.ErrNoRows { if err != nil && err != sql.ErrNoRows {
return u, err return err
} }
if u.Email == userDupe.Email { if u.Email == userDupe.Email {
@ -197,17 +274,17 @@ func addUser(p request.Persister, a keycloakAuthRequest) (u entity.User, err err
p.Context.Transaction, err = request.Db.Beginx() p.Context.Transaction, err = request.Db.Beginx()
if err != nil { if err != nil {
return u, err return err
} }
if addUser { if addUser {
userID = util.UniqueID() userID = util.UniqueID()
u.RefID = userID u.RefID = userID
err = p.AddUser(u) err = p.AddUser(*u)
if err != nil { if err != nil {
log.IfErr(p.Context.Transaction.Rollback()) log.IfErr(p.Context.Transaction.Rollback())
return u, err return err
} }
} else { } else {
attachUserAccounts(p, p.Context.OrgID, &userDupe) attachUserAccounts(p, p.Context.OrgID, &userDupe)
@ -234,23 +311,22 @@ func addUser(p request.Persister, a keycloakAuthRequest) (u entity.User, err err
err = p.AddAccount(a) err = p.AddAccount(a)
if err != nil { if err != nil {
log.IfErr(p.Context.Transaction.Rollback()) log.IfErr(p.Context.Transaction.Rollback())
return u, err return err
} }
} }
log.IfErr(p.Context.Transaction.Commit()) log.IfErr(p.Context.Transaction.Commit())
// If we did not add user or give them access (account) then we error back nu, err := p.GetUser(userID)
if !addUser && !addAccount { u = &nu
log.IfErr(p.Context.Transaction.Rollback())
return u, err
}
return p.GetUser(userID) return err
} }
// SyncUsers gets list of Keycloak users for specified Realm, Client Id // KeycloakUsers gets list of Keycloak users for specified Realm, Client Id
func SyncUsers(c keycloakConfig) (err error) { func KeycloakUsers(c keycloakConfig) (users []entity.User, err error) {
users = []entity.User{}
form := url.Values{} form := url.Values{}
form.Add("username", c.AdminUser) form.Add("username", c.AdminUser)
form.Add("password", c.AdminPassword) form.Add("password", c.AdminPassword)
@ -267,59 +343,65 @@ func SyncUsers(c keycloakConfig) (err error) {
client := &http.Client{} client := &http.Client{}
res, err := client.Do(req) res, err := client.Do(req)
if err != nil { if err != nil {
return err return users, err
} }
defer res.Body.Close() defer res.Body.Close()
body, err := ioutil.ReadAll(res.Body) body, err := ioutil.ReadAll(res.Body)
if err != nil { if err != nil {
return err return users, err
} }
ka := keycloakAPIAuth{} ka := keycloakAPIAuth{}
err = json.Unmarshal(body, &ka) err = json.Unmarshal(body, &ka)
if err != nil { if err != nil {
return err return users, err
} }
if res.StatusCode != http.StatusOK { if res.StatusCode != http.StatusOK {
return errors.New("Keycloak authentication failed " + res.Status) return users, errors.New("Keycloak authentication failed " + res.Status)
} }
req, err = http.NewRequest("GET", req, err = http.NewRequest("GET", fmt.Sprintf("%s/admin/realms/%s/users?max=500", c.URL, c.Realm), nil)
fmt.Sprintf("%s/admin/realms/%s/users?max=500", c.URL, c.Realm),
nil)
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", ka.AccessToken)) req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", ka.AccessToken))
client = &http.Client{} client = &http.Client{}
res, err = client.Do(req) res, err = client.Do(req)
if err != nil { if err != nil {
return err return users, err
} }
defer res.Body.Close() defer res.Body.Close()
body, err = ioutil.ReadAll(res.Body) body, err = ioutil.ReadAll(res.Body)
if err != nil { if err != nil {
return err return users, err
} }
u := []keycloakUser{} kcUsers := []keycloakUser{}
err = json.Unmarshal(body, &u) err = json.Unmarshal(body, &kcUsers)
if err != nil { if err != nil {
return err return users, err
} }
if res.StatusCode != http.StatusOK { if res.StatusCode != http.StatusOK {
return errors.New("Keycloak /users call failed " + res.Status) return users, errors.New("Keycloak /users call failed " + res.Status)
} }
log.Info(fmt.Sprintf("%d", res.StatusCode)) for _, kc := range kcUsers {
u := entity.User{}
u.Email = kc.Email
u.Firstname = kc.Firstname
u.Lastname = kc.Lastname
u.Initials = utility.MakeInitials(u.Firstname, u.Lastname)
u.Active = kc.Enabled
u.Editor = false
fmt.Println(fmt.Sprintf("%d len", len(u))) users = append(users, u)
fmt.Println(u[0].Email) }
return nil return users, nil
} }
// Data received via Keycloak client library // Data received via Keycloak client library

View file

@ -202,6 +202,7 @@ func init() {
log.IfErr(Add(RoutePrefixPrivate, "users/{userID}", []string{"GET", "OPTIONS"}, nil, GetUser)) log.IfErr(Add(RoutePrefixPrivate, "users/{userID}", []string{"GET", "OPTIONS"}, nil, GetUser))
log.IfErr(Add(RoutePrefixPrivate, "users/{userID}", []string{"PUT", "OPTIONS"}, nil, UpdateUser)) log.IfErr(Add(RoutePrefixPrivate, "users/{userID}", []string{"PUT", "OPTIONS"}, nil, UpdateUser))
log.IfErr(Add(RoutePrefixPrivate, "users/{userID}", []string{"DELETE", "OPTIONS"}, nil, DeleteUser)) log.IfErr(Add(RoutePrefixPrivate, "users/{userID}", []string{"DELETE", "OPTIONS"}, nil, DeleteUser))
log.IfErr(Add(RoutePrefixPrivate, "users/sync", []string{"GET", "OPTIONS"}, nil, SyncKeycloak))
// Search // Search
log.IfErr(Add(RoutePrefixPrivate, "search", []string{"GET", "OPTIONS"}, nil, SearchDocuments)) log.IfErr(Add(RoutePrefixPrivate, "search", []string{"GET", "OPTIONS"}, nil, SearchDocuments))

View file

@ -64,6 +64,17 @@ func (user *User) Fullname() string {
return fmt.Sprintf("%s %s", user.Firstname, user.Lastname) return fmt.Sprintf("%s %s", user.Firstname, user.Lastname)
} }
// GetAccount returns matching org account using orgID
func (user *User) GetAccount(orgID string) (a Account, found bool) {
for _, a := range user.Accounts {
if a.OrgID == orgID {
return a, true
}
}
return a, false
}
// Organization defines a company that uses this app. // Organization defines a company that uses this app.
type Organization struct { type Organization struct {
BaseEntity BaseEntity

View file

@ -38,7 +38,7 @@ var dbPtr **sqlx.DB
func Check(Db *sqlx.DB, connectionString string) bool { func Check(Db *sqlx.DB, connectionString string) bool {
dbPtr = &Db dbPtr = &Db
log.Info("Running database checks, this may take a while...") log.Info("Database checks: started")
csBits := strings.Split(connectionString, "/") csBits := strings.Split(connectionString, "/")
if len(csBits) > 1 { if len(csBits) > 1 {
@ -73,8 +73,8 @@ func Check(Db *sqlx.DB, connectionString string) bool {
// MySQL and Percona share same version scheme (e..g 5.7.10). // MySQL and Percona share same version scheme (e..g 5.7.10).
// MariaDB starts at 10.2.x // MariaDB starts at 10.2.x
sqlVariant := GetSQLVariant(dbComment) sqlVariant := GetSQLVariant(dbComment)
log.Info("SQL variant: " + sqlVariant) log.Info("Database checks: SQL variant " + sqlVariant)
log.Info("SQL version: " + version) log.Info("Database checks: SQL version " + version)
verNums, err := GetSQLVersion(version) verNums, err := GetSQLVersion(version)
if err != nil { if err != nil {

View file

@ -211,7 +211,7 @@ func Migrate(ConfigTableExists bool) error {
if err != nil { if err != nil {
return migrateEnd(tx, err, amLeader) return migrateEnd(tx, err, amLeader)
} }
log.Info("Database checks: last previously applied file was " + lastMigration) log.Info("Database checks: last applied " + lastMigration)
} }
mig, err := migrations(lastMigration) mig, err := migrations(lastMigration)
@ -220,7 +220,7 @@ func Migrate(ConfigTableExists bool) error {
} }
if len(mig) == 0 { if len(mig) == 0 {
log.Info("Database checks: no updates to perform") log.Info("Database checks: no updates required")
return migrateEnd(tx, nil, amLeader) // no migrations to perform return migrateEnd(tx, nil, amLeader) // no migrations to perform
} }
@ -233,7 +233,7 @@ func Migrate(ConfigTableExists bool) error {
targetMigration := string(mig[len(mig)-1]) targetMigration := string(mig[len(mig)-1])
for targetMigration != lastMigration { for targetMigration != lastMigration {
time.Sleep(time.Second) time.Sleep(time.Second)
log.Info("Waiting for database migration process to complete") log.Info("Waiting for database migration completion")
tx.Rollback() // ignore error tx.Rollback() // ignore error
tx, err := (*dbPtr).Beginx() // need this in order to see the changed situation since last tx tx, err := (*dbPtr).Beginx() // need this in order to see the changed situation since last tx
if err != nil { if err != nil {