mirror of
https://github.com/documize/community.git
synced 2025-07-21 14:19:43 +02:00
implemented keycloak RSA PK token checking
This commit is contained in:
Harvey Kandola
parent
8aeb3eaec4
commit
f674631149
6 changed files with 48 additions and 98 deletions
|
|
@ -90,18 +90,18 @@ export default Ember.Component.extend({
|
|||
return;
|
||||
}
|
||||
|
||||
let pk = this.get('keycloakConfig.publicKey');
|
||||
if (is.not.startWith(pk, '-----BEGIN PUBLIC KEY-----')) {
|
||||
pk = '-----BEGIN PUBLIC KEY-----' + pk;
|
||||
}
|
||||
if (is.not.endWith(pk, '-----END PUBLIC KEY-----')) {
|
||||
pk = pk + '-----END PUBLIC KEY-----' ;
|
||||
}
|
||||
// let pk = this.get('keycloakConfig.publicKey');
|
||||
// if (is.not.startWith(pk, '-----BEGIN PUBLIC KEY-----')) {
|
||||
// pk = '-----BEGIN PUBLIC KEY-----' + pk;
|
||||
// }
|
||||
// if (is.not.endWith(pk, '-----END PUBLIC KEY-----')) {
|
||||
// pk = pk + '-----END PUBLIC KEY-----' ;
|
||||
// }
|
||||
|
||||
this.set('keycloakConfig.publicKey', pk);
|
||||
// this.set('keycloakConfig.publicKey', pk);
|
||||
|
||||
config = Ember.copy(this.get('keycloakConfig'));
|
||||
Ember.set(config, 'publicKey', encoding.Base64.encode(pk));
|
||||
Ember.set(config, 'publicKey', encoding.Base64.encode(this.get('keycloakConfig.publicKey')));
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -43,13 +43,7 @@ export default Ember.Route.extend({
|
|||
|
||||
this.get('kcAuth').fetchProfile(kc).then((profile) => {
|
||||
let data = this.get('kcAuth').mapProfile(kc, profile);
|
||||
|
||||
// console.log(kc);
|
||||
// console.log(profile);
|
||||
// console.log(data);
|
||||
|
||||
this.get("session").authenticate('authenticator:keycloak', data).then(() => {
|
||||
debugger;
|
||||
this.get('audit').record("logged-in-keycloak");
|
||||
this.transitionTo('folders');
|
||||
}, (reject) => {
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ import constants from '../../../utils/constants';
|
|||
export default Ember.Route.extend({
|
||||
appMeta: Ember.inject.service(),
|
||||
kcAuth: Ember.inject.service(),
|
||||
showLogin: false,
|
||||
|
||||
beforeModel(/*transition*/) {
|
||||
let authProvider = this.get('appMeta.authProvider');
|
||||
|
|
@ -22,6 +23,8 @@ export default Ember.Route.extend({
|
|||
|
||||
switch (authProvider) {
|
||||
case constants.AuthProvider.Keycloak:
|
||||
this.set('showLogin', false);
|
||||
|
||||
this.get('kcAuth').boot(JSON.parse(authConfig)).then(() => {
|
||||
this.get('kcAuth').login().then(() => {
|
||||
}, (reject) => {
|
||||
|
|
@ -31,10 +34,19 @@ export default Ember.Route.extend({
|
|||
console.log(reject);
|
||||
});
|
||||
|
||||
break;
|
||||
default:
|
||||
this.set('showLogin', true);
|
||||
break;
|
||||
}
|
||||
},
|
||||
|
||||
model() {
|
||||
return {
|
||||
showLogin: this.get('showLogin')
|
||||
};
|
||||
},
|
||||
|
||||
setupController: function (controller, model) {
|
||||
controller.set('model', model);
|
||||
controller.reset();
|
||||
|
|
|
|||
|
|
@ -1,23 +1,25 @@
|
|||
<div class="auth-box">
|
||||
<div class="logo">
|
||||
<img src="/assets/img/logo-color.png" title="Documize" alt="Documize" class="responsive-img" />
|
||||
{{#if model.showLogin}}
|
||||
<div class="auth-box">
|
||||
<div class="logo">
|
||||
<img src="/assets/img/logo-color.png" title="Documize" alt="Documize" class="responsive-img" />
|
||||
</div>
|
||||
<div class="login-form">
|
||||
<form id="login-form" {{action 'login' on="submit"}}>
|
||||
<div class="input-control">
|
||||
<label>Email</label>
|
||||
{{focus-input type="email" value=email id="authEmail"}}
|
||||
</div>
|
||||
<div class="input-control">
|
||||
<label>Password</label>
|
||||
{{input type="password" value=password id="authPassword"}}
|
||||
</div>
|
||||
<div class="clearfix" />
|
||||
<div class="margin-top-10 margin-bottom-20">
|
||||
<button type="submit" class="regular-button button-blue">Sign in</button>
|
||||
<span class="{{unless invalidCredentials "hide"}} color-red margin-left-20">Invalid credentials</span>
|
||||
</div>
|
||||
{{#link-to 'auth.forgot'}}Forgot your password?{{/link-to}}
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
<div class="login-form">
|
||||
<form id="login-form" {{action 'login' on="submit"}}>
|
||||
<div class="input-control">
|
||||
<label>Email</label>
|
||||
{{focus-input type="email" value=email id="authEmail"}}
|
||||
</div>
|
||||
<div class="input-control">
|
||||
<label>Password</label>
|
||||
{{input type="password" value=password id="authPassword"}}
|
||||
</div>
|
||||
<div class="clearfix" />
|
||||
<div class="margin-top-10 margin-bottom-20">
|
||||
<button type="submit" class="regular-button button-blue">Sign in</button>
|
||||
<span class="{{unless invalidCredentials "hide"}} color-red margin-left-20">Invalid credentials</span>
|
||||
</div>
|
||||
{{#link-to 'auth.forgot'}}Forgot your password?{{/link-to}}
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
{{/if}}
|
||||
|
|
@ -25,7 +25,9 @@ export default Ember.Route.extend(ApplicationRouteMixin, TooltipMixin, {
|
|||
|
||||
beforeModel(transition) {
|
||||
return this.get('appMeta').boot(transition.targetName).then(data => {
|
||||
if (this.get('session.session.authenticator') !== "authenticator:documize" && data.allowAnonymousAccess) {
|
||||
if (this.get('session.session.authenticator') !== "authenticator:documize" &&
|
||||
this.get('session.session.authenticator') !== "authenticator:keycloak" &&
|
||||
data.allowAnonymousAccess) {
|
||||
return this.get('session').authenticate('authenticator:anonymous', data);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,6 @@ import (
|
|||
"github.com/documize/community/core/api/request"
|
||||
"github.com/documize/community/core/api/util"
|
||||
"github.com/documize/community/core/log"
|
||||
// "github.com/documize/community/core/section/provider"
|
||||
"github.com/documize/community/core/utility"
|
||||
"github.com/documize/community/core/web"
|
||||
)
|
||||
|
|
@ -244,62 +243,3 @@ func preAuthorizeStaticAssets(r *http.Request) bool {
|
|||
|
||||
return false
|
||||
}
|
||||
|
||||
// // ValidateAuthToken checks the auth token and returns the corresponding user.
|
||||
// func ValidateAuthToken(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
// // TODO should this go after token validation?
|
||||
// if s := r.URL.Query().Get("section"); s != "" {
|
||||
// if err := provider.Callback(s, w, r); err != nil {
|
||||
// log.Error("section validation failure", err)
|
||||
// w.WriteHeader(http.StatusUnauthorized)
|
||||
// }
|
||||
// return
|
||||
// }
|
||||
|
||||
// method := "ValidateAuthToken"
|
||||
|
||||
// context, claims, err := decodeJWT(findJWT(r))
|
||||
|
||||
// if err != nil {
|
||||
// log.Error("token validation", err)
|
||||
// w.WriteHeader(http.StatusUnauthorized)
|
||||
// return
|
||||
// }
|
||||
|
||||
// request.SetContext(r, context)
|
||||
// p := request.GetPersister(r)
|
||||
|
||||
// org, err := p.GetOrganization(context.OrgID)
|
||||
|
||||
// if err != nil {
|
||||
// log.Error("token validation", err)
|
||||
// w.WriteHeader(http.StatusUnauthorized)
|
||||
// return
|
||||
// }
|
||||
|
||||
// domain := request.GetSubdomainFromHost(r)
|
||||
|
||||
// if org.Domain != domain || claims["domain"] != domain {
|
||||
// log.Error("token validation", err)
|
||||
// w.WriteHeader(http.StatusUnauthorized)
|
||||
// return
|
||||
// }
|
||||
|
||||
// user, err := getSecuredUser(p, context.OrgID, context.UserID)
|
||||
|
||||
// if err != nil {
|
||||
// log.Error("get user error for token validation", err)
|
||||
// w.WriteHeader(http.StatusUnauthorized)
|
||||
// return
|
||||
// }
|
||||
|
||||
// json, err := json.Marshal(user)
|
||||
|
||||
// if err != nil {
|
||||
// writeJSONMarshalError(w, method, "user", err)
|
||||
// return
|
||||
// }
|
||||
|
||||
// writeSuccessBytes(w, json)
|
||||
// }
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue