implemented keycloak RSA PK token checking

app/app/components/auth-settings.js

@@ -90,18 +90,18 @@ export default Ember.Component.extend({
 						return;
 					}
 
-					let pk = this.get('keycloakConfig.publicKey');
+					// let pk = this.get('keycloakConfig.publicKey');
-					if (is.not.startWith(pk, '-----BEGIN PUBLIC KEY-----')) {
+					// if (is.not.startWith(pk, '-----BEGIN PUBLIC KEY-----')) {
-						pk = '-----BEGIN PUBLIC KEY-----' + pk;
+					// 	pk = '-----BEGIN PUBLIC KEY-----' + pk;
-					}
+					// }
-					if (is.not.endWith(pk, '-----END PUBLIC KEY-----')) {
+					// if (is.not.endWith(pk, '-----END PUBLIC KEY-----')) {
-						pk = pk + '-----END PUBLIC KEY-----' ;
+					// 	pk = pk + '-----END PUBLIC KEY-----' ;
-					}
+					// }
 
-					this.set('keycloakConfig.publicKey', pk);
+					// this.set('keycloakConfig.publicKey', pk);
 
 					config = Ember.copy(this.get('keycloakConfig'));
-					Ember.set(config, 'publicKey', encoding.Base64.encode(pk));
+					Ember.set(config, 'publicKey', encoding.Base64.encode(this.get('keycloakConfig.publicKey')));
 					break;
 			}
 

app/app/pods/auth/keycloak/route.js

@@ -43,13 +43,7 @@ export default Ember.Route.extend({
 
 			this.get('kcAuth').fetchProfile(kc).then((profile) => {
 				let data = this.get('kcAuth').mapProfile(kc, profile);
-
-				// console.log(kc);
-				// console.log(profile);
-				// console.log(data);
-
 				this.get("session").authenticate('authenticator:keycloak', data).then(() => {
-					debugger;
 					this.get('audit').record("logged-in-keycloak");
 					this.transitionTo('folders');
 				}, (reject) => {

app/app/pods/auth/login/route.js

@@ -15,6 +15,7 @@ import constants from '../../../utils/constants';
 export default Ember.Route.extend({
     appMeta: Ember.inject.service(),
 	kcAuth: Ember.inject.service(),
+	showLogin: false,
 
 	beforeModel(/*transition*/) {
 		let authProvider = this.get('appMeta.authProvider');
@@ -22,6 +23,8 @@ export default Ember.Route.extend({
 
 		switch (authProvider) {
 			case constants.AuthProvider.Keycloak:
+				this.set('showLogin', false);
+
 				this.get('kcAuth').boot(JSON.parse(authConfig)).then(() => {
 					this.get('kcAuth').login().then(() => {
 					}, (reject) => {
@@ -31,10 +34,19 @@ export default Ember.Route.extend({
 					console.log(reject);
 				});
 
+				break;
+			default:
+				this.set('showLogin', true);
 				break;
 		}
 	},
 
+	model() {
+		return  {
+			showLogin: this.get('showLogin')
+		};
+	},
+
 	setupController: function (controller, model) {
 		controller.set('model', model);
 		controller.reset();

app/app/pods/auth/login/template.hbs

@@ -1,4 +1,5 @@
-<div class="auth-box">
+{{#if model.showLogin}}
+    <div class="auth-box">
         <div class="logo">
             <img src="/assets/img/logo-color.png" title="Documize" alt="Documize" class="responsive-img" />
         </div>
@@ -20,4 +21,5 @@
                 {{#link-to 'auth.forgot'}}Forgot your password?{{/link-to}}
             </form>
         </div>
-</div>
+    </div>
+{{/if}}

app/app/routes/application.js

@@ -25,7 +25,9 @@ export default Ember.Route.extend(ApplicationRouteMixin, TooltipMixin, {
 
 	beforeModel(transition) {
 		return this.get('appMeta').boot(transition.targetName).then(data => {
-			if (this.get('session.session.authenticator') !== "authenticator:documize" && data.allowAnonymousAccess) {
+			if (this.get('session.session.authenticator') !== "authenticator:documize" &&
+				this.get('session.session.authenticator') !== "authenticator:keycloak" && 
+				data.allowAnonymousAccess) {
 				return this.get('session').authenticate('authenticator:anonymous', data);
 			}
 

core/api/endpoint/authentication_endpoint.go

@@ -24,7 +24,6 @@ import (
 	"github.com/documize/community/core/api/request"
 	"github.com/documize/community/core/api/util"
 	"github.com/documize/community/core/log"
-	// "github.com/documize/community/core/section/provider"
 	"github.com/documize/community/core/utility"
 	"github.com/documize/community/core/web"
 )
@@ -244,62 +243,3 @@ func preAuthorizeStaticAssets(r *http.Request) bool {
 
 	return false
 }
-
-// // ValidateAuthToken checks the auth token and returns the corresponding user.
-// func ValidateAuthToken(w http.ResponseWriter, r *http.Request) {
-
-// 	// TODO should this go after token validation?
-// 	if s := r.URL.Query().Get("section"); s != "" {
-// 		if err := provider.Callback(s, w, r); err != nil {
-// 			log.Error("section validation failure", err)
-// 			w.WriteHeader(http.StatusUnauthorized)
-// 		}
-// 		return
-// 	}
-
-// 	method := "ValidateAuthToken"
-
-// 	context, claims, err := decodeJWT(findJWT(r))
-
-// 	if err != nil {
-// 		log.Error("token validation", err)
-// 		w.WriteHeader(http.StatusUnauthorized)
-// 		return
-// 	}
-
-// 	request.SetContext(r, context)
-// 	p := request.GetPersister(r)
-
-// 	org, err := p.GetOrganization(context.OrgID)
-
-// 	if err != nil {
-// 		log.Error("token validation", err)
-// 		w.WriteHeader(http.StatusUnauthorized)
-// 		return
-// 	}
-
-// 	domain := request.GetSubdomainFromHost(r)
-
-// 	if org.Domain != domain || claims["domain"] != domain {
-// 		log.Error("token validation", err)
-// 		w.WriteHeader(http.StatusUnauthorized)
-// 		return
-// 	}
-
-// 	user, err := getSecuredUser(p, context.OrgID, context.UserID)
-
-// 	if err != nil {
-// 		log.Error("get user error for token validation", err)
-// 		w.WriteHeader(http.StatusUnauthorized)
-// 		return
-// 	}
-
-// 	json, err := json.Marshal(user)
-
-// 	if err != nil {
-// 		writeJSONMarshalError(w, method, "user", err)
-// 		return
-// 	}
-
-// 	writeSuccessBytes(w, json)
-// }