Docker/documize
Docker/documize
1
0
Fork 0
mirror of https://github.com/documize/community.git synced 2025-07-19 13:19:43 +02:00
Code Releases Activity

Keycloak enhancements

Browse source 
#90 — hide logout button option for Keycloak users
#91  — control “add space” permission for newly sync’ed Keycloak users
This commit is contained in:
Harvey Kandola 2017-04-16 14:56:00 +01:00
parent 6f98db5c29
commit d9cdedad60
5 changed files with 56 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

8
app/app/components/customize/auth-settings.js
View file

@ -35,7 +35,9 @@ export default Ember.Component.extend(NotifierMixin, {
publicKey: '', publicKey: '',
adminUser: '', adminUser: '',
adminPassword: '', adminPassword: '',
group: '' group: '',
disableLogout: false,
defaultPermissionAddSpace: false
}, },
didReceiveAttrs() { didReceiveAttrs() {
@ -55,6 +57,8 @@ export default Ember.Component.extend(NotifierMixin, {
} else { } else {
config = JSON.parse(config); config = JSON.parse(config);
config.publicKey = encoding.Base64.decode(config.publicKey); config.publicKey = encoding.Base64.decode(config.publicKey);
config.defaultPermissionAddSpace = config.hasOwnProperty('defaultPermissionAddSpace') ? config.defaultPermissionAddSpace : false;
config.disableLogout = config.hasOwnProperty('disableLogout') ? config.disableLogout : true;
} }
this.set('keycloakConfig', config); this.set('keycloakConfig', config);
@ -113,6 +117,8 @@ export default Ember.Component.extend(NotifierMixin, {
config.group = is.undefined(config.group) ? '' : config.group.trim(); config.group = is.undefined(config.group) ? '' : config.group.trim();
config.adminUser = config.adminUser.trim(); config.adminUser = config.adminUser.trim();
config.adminPassword = config.adminPassword.trim(); config.adminPassword = config.adminPassword.trim();
config.defaultPermissionAddSpace = config.hasOwnProperty('defaultPermissionAddSpace') ? config.defaultPermissionAddSpace : true;
config.disableLogout = config.hasOwnProperty('disableLogout') ? config.disableLogout : true;
if (is.endWith(config.url, '/')) { if (is.endWith(config.url, '/')) {
config.url = config.url.substring(0, config.url.length-1); config.url = config.url.substring(0, config.url.length-1);

14
app/app/components/layout/zone-navigation.js
View file

@ -11,6 +11,7 @@
import Ember from 'ember'; import Ember from 'ember';
import netUtil from '../../utils/net'; import netUtil from '../../utils/net';
import constants from '../../utils/constants';
import TooltipMixin from '../../mixins/tooltip'; import TooltipMixin from '../../mixins/tooltip';
const { const {
@ -31,18 +32,25 @@ export default Ember.Component.extend(TooltipMixin, {
}, },
pinned: service(), pinned: service(),
pins: [], pins: [],
enableLogout: true,
init() { init() {
this._super(...arguments); this._super(...arguments);
if (this.get("session.authenticated")) { if (this.get("session.authenticated") && this.get("session.user.id") !== '0') {
this.get("session.session.content.authenticated.user.accounts").forEach((account) => { this.get("session.user.accounts").forEach((account) => {
// TODO: do not mutate account.active here // TODO: do not mutate account.active here
account.active = account.orgId === this.get("appMeta.orgId"); account.active = account.orgId === this.get("appMeta.orgId");
}); });
} }
this.set('pins', this.get('pinned').get('pins')); this.set('pins', this.get('pinned').get('pins'));
if (this.get('appMeta.authProvider') === constants.AuthProvider.Keycloak) {
let config = this.get('appMeta.authConfig');
config = JSON.parse(config);
this.set('enableLogout', !config.disableLogout);
}
}, },
didReceiveAttrs() { didReceiveAttrs() {
@ -88,7 +96,7 @@ export default Ember.Component.extend(TooltipMixin, {
if (this.get('session.isAdmin')) { if (this.get('session.isAdmin')) {
this.addTooltip(document.getElementById("workspace-settings")); this.addTooltip(document.getElementById("workspace-settings"));
} }
if (this.get("session.authenticated")) { if (this.get("session.authenticated") && this.get('enableLogout')) {
this.addTooltip(document.getElementById("workspace-logout")); this.addTooltip(document.getElementById("workspace-logout"));
} else { } else {
this.addTooltip(document.getElementById("workspace-login")); this.addTooltip(document.getElementById("workspace-login"));

16
app/app/templates/components/customize/auth-settings.hbs
View file

@ -50,6 +50,22 @@
<div class="tip">Used to connect with Keycloak and sync users with Documize</div> <div class="tip">Used to connect with Keycloak and sync users with Documize</div>
{{input id="keycloak-admin-password" type="password" value=keycloakConfig.adminPassword class=(if KeycloakAdminPasswordError 'error')}} {{input id="keycloak-admin-password" type="password" value=keycloakConfig.adminPassword class=(if KeycloakAdminPasswordError 'error')}}
</div> </div>
<div class="input-control">
<label>Disable Logout</label>
<div class="tip">Hide the logout button for Keycloak users</div>
<div class="checkbox">
{{input type="checkbox" checked=keycloakConfig.disableLogout}}
<label for="allowAnonymousAccess">Do not show logout button</label>
</div>
</div>
<div class="input-control">
<label>Grant Add Space Permission</label>
<div class="tip">Determine if Keycloak sync'ed users permission to add new spaces</div>
<div class="checkbox">
{{input type="checkbox" checked=keycloakConfig.defaultPermissionAddSpace}}
<label for="allowAnonymousAccess">Can add spaces</label>
</div>
</div>
{{/if}} {{/if}}
<div class="regular-button button-blue" {{action 'onSave'}}>save</div> <div class="regular-button button-blue" {{action 'onSave'}}>save</div>

2
app/app/templates/components/layout/zone-navigation.hbs
View file

@ -51,6 +51,7 @@
</div> </div>
{{/link-to}} {{/link-to}}
</li> </li>
{{#if enableLogout}}
<li id="workspace-logout" data-tooltip="Logout" data-tooltip-position="right center"> <li id="workspace-logout" data-tooltip="Logout" data-tooltip-position="right center">
{{#link-to 'auth.logout'}} {{#link-to 'auth.logout'}}
<div class="round-button-mono button-white"> <div class="round-button-mono button-white">
@ -58,6 +59,7 @@
</div> </div>
{{/link-to}} {{/link-to}}
</li> </li>
{{/if}}
{{else}} {{else}}
<li id="workspace-login" data-tooltip="Login" data-tooltip-position="right center"> <li id="workspace-login" data-tooltip="Login" data-tooltip-position="right center">
{{#link-to 'auth.login'}} {{#link-to 'auth.login'}}

10
core/api/endpoint/keycloak.go
View file

@ -122,7 +122,7 @@ func AuthenticateKeycloak(w http.ResponseWriter, r *http.Request) {
user.Salt = util.GenerateSalt() user.Salt = util.GenerateSalt()
user.Password = util.GeneratePassword(util.GenerateRandomPassword(), user.Salt) user.Password = util.GeneratePassword(util.GenerateRandomPassword(), user.Salt)
err = addUser(p, &user) err = addUser(p, &user, ac.DefaultPermissionAddSpace)
if err != nil { if err != nil {
writeServerError(w, method, err) writeServerError(w, method, err)
return return
@ -256,7 +256,7 @@ func SyncKeycloak(w http.ResponseWriter, r *http.Request) {
// Insert new users into Documize // Insert new users into Documize
for _, u := range insert { for _, u := range insert {
err = addUser(p, &u) err = addUser(p, &u, c.DefaultPermissionAddSpace)
} }
result.Message = fmt.Sprintf("Keycloak sync'ed %d users, %d new additions", len(kcUsers), len(insert)) result.Message = fmt.Sprintf("Keycloak sync'ed %d users, %d new additions", len(kcUsers), len(insert))
@ -265,7 +265,7 @@ func SyncKeycloak(w http.ResponseWriter, r *http.Request) {
} }
// Helper method to setup user account in Documize using Keycloak provided user data. // Helper method to setup user account in Documize using Keycloak provided user data.
func addUser(p request.Persister, u *entity.User) (err error) { func addUser(p request.Persister, u *entity.User, addSpace bool) (err error) {
// only create account if not dupe // only create account if not dupe
addUser := true addUser := true
addAccount := true addAccount := true
@ -312,7 +312,7 @@ func addUser(p request.Persister, u *entity.User) (err error) {
var a entity.Account var a entity.Account
a.UserID = userID a.UserID = userID
a.OrgID = p.Context.OrgID a.OrgID = p.Context.OrgID
a.Editor = true a.Editor = addSpace
a.Admin = false a.Admin = false
accountID := util.UniqueID() accountID := util.UniqueID()
a.RefID = accountID a.RefID = accountID
@ -490,6 +490,8 @@ type keycloakConfig struct {
AdminUser string `json:"adminUser"` AdminUser string `json:"adminUser"`
AdminPassword string `json:"adminPassword"` AdminPassword string `json:"adminPassword"`
Group string `json:"group"` Group string `json:"group"`
DisableLogout bool `json:"disableLogout"`
DefaultPermissionAddSpace bool `json:"defaultPermissionAddSpace"`
} }
// keycloakAPIAuth is returned when authenticating with Keycloak REST API. // keycloakAPIAuth is returned when authenticating with Keycloak REST API.