sync users wip

2025-07-24 15:49:44 +02:00 · 2017-03-17 19:01:32 +00:00 · 2017-03-17 19:01:32 +00:00 · 945fadaf00
commit 945fadaf00
parent 1c6e1c7bd7
6 changed files with 166 additions and 30 deletions
--- a/core/api/endpoint/keycloak.go
+++ b/core/api/endpoint/keycloak.go
@ -17,14 +17,18 @@ import (
 	"fmt"
 	"io/ioutil"
 	"net/http"
+	"net/url"
 	"strings"

+	"bytes"
+	"errors"
 	"github.com/documize/community/core/api/endpoint/models"
 	"github.com/documize/community/core/api/entity"
 	"github.com/documize/community/core/api/request"
 	"github.com/documize/community/core/api/util"
 	"github.com/documize/community/core/log"
 	"github.com/documize/community/core/utility"
+	"strconv"
 )

 // AuthenticateKeycloak checks Keycloak authentication credentials.
@ -158,6 +162,11 @@ func AuthenticateKeycloak(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	err = SyncUsers(ac)
+	if err != nil {
+		log.Error("su", err)
+	}
+
 	writeSuccessBytes(w, json)
 }

@ -240,6 +249,79 @@ func addUser(p request.Persister, a keycloakAuthRequest) (u entity.User, err err
 	return p.GetUser(userID)
 }

+// SyncUsers gets list of Keycloak users for specified Realm, Client Id
+func SyncUsers(c keycloakConfig) (err error) {
+	form := url.Values{}
+	form.Add("username", c.AdminUser)
+	form.Add("password", c.AdminPassword)
+	form.Add("client_id", "admin-cli")
+	form.Add("grant_type", "password")
+
+	req, err := http.NewRequest("POST",
+		fmt.Sprintf("%s/realms/master/protocol/openid-connect/token", c.URL),
+		bytes.NewBufferString(form.Encode()))
+
+	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+	req.Header.Add("Content-Length", strconv.Itoa(len(form.Encode())))
+
+	client := &http.Client{}
+	res, err := client.Do(req)
+	if err != nil {
+		return err
+	}
+
+	defer res.Body.Close()
+	body, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		return err
+	}
+
+	ka := keycloakAPIAuth{}
+	err = json.Unmarshal(body, &ka)
+	if err != nil {
+		return err
+	}
+
+	if res.StatusCode != http.StatusOK {
+		return errors.New("Keycloak authentication failed " + res.Status)
+	}
+
+	req, err = http.NewRequest("GET",
+		fmt.Sprintf("%s/admin/realms/%s/users?max=500", c.URL, c.Realm),
+		nil)
+
+	req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", ka.AccessToken))
+
+	client = &http.Client{}
+	res, err = client.Do(req)
+	if err != nil {
+		return err
+	}
+
+	defer res.Body.Close()
+	body, err = ioutil.ReadAll(res.Body)
+	if err != nil {
+		return err
+	}
+
+	u := []keycloakUser{}
+	err = json.Unmarshal(body, &u)
+	if err != nil {
+		return err
+	}
+
+	if res.StatusCode != http.StatusOK {
+		return errors.New("Keycloak /users call failed " + res.Status)
+	}
+
+	log.Info(fmt.Sprintf("%d", res.StatusCode))
+
+	fmt.Println(fmt.Sprintf("%d len", len(u)))
+	fmt.Println(u[0].Email)
+
+	return nil
+}
+
 // Data received via Keycloak client library
 type keycloakAuthRequest struct {
 	Domain    string `json:"domain"`
@ -254,8 +336,25 @@ type keycloakAuthRequest struct {

 // Keycloak server configuration
 type keycloakConfig struct {
-	URL       string `json:"url"`
-	Realm     string `json:"realm"`
-	ClientID  string `json:"clientId"`
-	PublicKey string `json:"publicKey"`
+	URL           string `json:"url"`
+	Realm         string `json:"realm"`
+	ClientID      string `json:"clientId"`
+	PublicKey     string `json:"publicKey"`
+	AdminUser     string `json:"adminUser"`
+	AdminPassword string `json:"adminPassword"`
+}
+
+// keycloakAPIAuth is returned when authenticating with Keycloak REST API.
+type keycloakAPIAuth struct {
+	AccessToken string `json:"access_token"`
+}
+
+// keycloakUser details user record returned by Keycloak
+type keycloakUser struct {
+	ID        string `json:"id"`
+	Username  string `json:"username"`
+	Email     string `json:"email"`
+	Firstname string `json:"firstName"`
+	Lastname  string `json:"lastName"`
+	Enabled   bool   `json:"enabled"`
 }