implemented keycloak RSA PK token checking

2025-08-02 20:15:26 +02:00 · 2017-03-17 11:02:04 +00:00 · 2017-03-17 11:02:04 +00:00 · f674631149
commit f674631149
parent 8aeb3eaec4
6 changed files with 48 additions and 98 deletions
--- a/app/app/components/auth-settings.js
+++ b/app/app/components/auth-settings.js
@ -90,18 +90,18 @@ export default Ember.Component.extend({
 						return;
 					}

-					let pk = this.get('keycloakConfig.publicKey');
-					if (is.not.startWith(pk, '-----BEGIN PUBLIC KEY-----')) {
-						pk = '-----BEGIN PUBLIC KEY-----' + pk;
-					}
-					if (is.not.endWith(pk, '-----END PUBLIC KEY-----')) {
-						pk = pk + '-----END PUBLIC KEY-----' ;
-					}
+					// let pk = this.get('keycloakConfig.publicKey');
+					// if (is.not.startWith(pk, '-----BEGIN PUBLIC KEY-----')) {
+					// 	pk = '-----BEGIN PUBLIC KEY-----' + pk;
+					// }
+					// if (is.not.endWith(pk, '-----END PUBLIC KEY-----')) {
+					// 	pk = pk + '-----END PUBLIC KEY-----' ;
+					// }

-					this.set('keycloakConfig.publicKey', pk);
+					// this.set('keycloakConfig.publicKey', pk);

 					config = Ember.copy(this.get('keycloakConfig'));
-					Ember.set(config, 'publicKey', encoding.Base64.encode(pk));
+					Ember.set(config, 'publicKey', encoding.Base64.encode(this.get('keycloakConfig.publicKey')));
 					break;
 			}

--- a/app/app/pods/auth/keycloak/route.js
+++ b/app/app/pods/auth/keycloak/route.js
@ -43,13 +43,7 @@ export default Ember.Route.extend({

 			this.get('kcAuth').fetchProfile(kc).then((profile) => {
 				let data = this.get('kcAuth').mapProfile(kc, profile);
-
-				// console.log(kc);
-				// console.log(profile);
-				// console.log(data);
-
 				this.get("session").authenticate('authenticator:keycloak', data).then(() => {
-					debugger;
 					this.get('audit').record("logged-in-keycloak");
 					this.transitionTo('folders');
 				}, (reject) => {
--- a/app/app/pods/auth/login/route.js
+++ b/app/app/pods/auth/login/route.js
@ -15,6 +15,7 @@ import constants from '../../../utils/constants';
 export default Ember.Route.extend({
    appMeta: Ember.inject.service(),
 	kcAuth: Ember.inject.service(),
+	showLogin: false,

 	beforeModel(/*transition*/) {
 		let authProvider = this.get('appMeta.authProvider');
@ -22,6 +23,8 @@ export default Ember.Route.extend({

 		switch (authProvider) {
 			case constants.AuthProvider.Keycloak:
+				this.set('showLogin', false);
+
 				this.get('kcAuth').boot(JSON.parse(authConfig)).then(() => {
 					this.get('kcAuth').login().then(() => {
 					}, (reject) => {
@ -31,10 +34,19 @@ export default Ember.Route.extend({
 					console.log(reject);
 				});

+				break;
+			default:
+				this.set('showLogin', true);
 				break;
 		}
 	},

+	model() {
+		return  {
+			showLogin: this.get('showLogin')
+		};
+	},
+
 	setupController: function (controller, model) {
 		controller.set('model', model);
 		controller.reset();
--- a/app/app/pods/auth/login/template.hbs
+++ b/app/app/pods/auth/login/template.hbs
@ -1,23 +1,25 @@
-<div class="auth-box">
-    <div class="logo">
-        <img src="/assets/img/logo-color.png" title="Documize" alt="Documize" class="responsive-img" />
+{{#if model.showLogin}}
+    <div class="auth-box">
+        <div class="logo">
+            <img src="/assets/img/logo-color.png" title="Documize" alt="Documize" class="responsive-img" />
+        </div>
+        <div class="login-form">
+            <form id="login-form" {{action 'login' on="submit"}}>
+                <div class="input-control">
+                    <label>Email</label>
+                    {{focus-input type="email" value=email id="authEmail"}}
+                </div>
+                <div class="input-control">
+                    <label>Password</label>
+                    {{input type="password" value=password id="authPassword"}}
+                </div>
+                <div class="clearfix" />
+                <div class="margin-top-10 margin-bottom-20">
+                    <button type="submit" class="regular-button button-blue">Sign in</button>
+                    <span class="{{unless invalidCredentials "hide"}} color-red margin-left-20">Invalid credentials</span>
+                </div>
+                {{#link-to 'auth.forgot'}}Forgot your password?{{/link-to}}
+            </form>
+        </div>
    </div>
-    <div class="login-form">
-        <form id="login-form" {{action 'login' on="submit"}}>
-            <div class="input-control">
-                <label>Email</label>
-                {{focus-input type="email" value=email id="authEmail"}}
-            </div>
-            <div class="input-control">
-                <label>Password</label>
-                {{input type="password" value=password id="authPassword"}}
-            </div>
-            <div class="clearfix" />
-            <div class="margin-top-10 margin-bottom-20">
-                <button type="submit" class="regular-button button-blue">Sign in</button>
-                <span class="{{unless invalidCredentials "hide"}} color-red margin-left-20">Invalid credentials</span>
-            </div>
-            {{#link-to 'auth.forgot'}}Forgot your password?{{/link-to}}
-        </form>
-    </div>
-</div>
+{{/if}}
--- a/app/app/routes/application.js
+++ b/app/app/routes/application.js
@ -25,7 +25,9 @@ export default Ember.Route.extend(ApplicationRouteMixin, TooltipMixin, {

 	beforeModel(transition) {
 		return this.get('appMeta').boot(transition.targetName).then(data => {
-			if (this.get('session.session.authenticator') !== "authenticator:documize" && data.allowAnonymousAccess) {
+			if (this.get('session.session.authenticator') !== "authenticator:documize" &&
+				this.get('session.session.authenticator') !== "authenticator:keycloak" && 
+				data.allowAnonymousAccess) {
 				return this.get('session').authenticate('authenticator:anonymous', data);
 			}