AIRAVATA-2342 Reverting to using username in API One difference between the Keycloak API and the WSO2 IS API is that where WSO2 IS expects the username, Keycloak expects the Keycloak user id. This made for a mismatch in how to call the facade for WSO2 IS and Keycloak. However, now that I have a way to get the user id from the username, I was able to revert some changes earlier so that now WSO2 IS and Keycloak facades support the same methods.
Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/f065beeb Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/f065beeb Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/f065beeb Branch: refs/heads/develop Commit: f065beeb7f84db9347fe3afdd7d0cac84b5f9e15 Parents: e4c524e Author: Marcus Christie <[email protected]> Authored: Sat Mar 25 13:36:45 2017 -0400 Committer: Marcus Christie <[email protected]> Committed: Sat Mar 25 13:36:45 2017 -0400 ---------------------------------------------------------------------- app/controllers/AdminController.php | 25 +++++++++--------- app/libraries/Keycloak/Keycloak.php | 40 +++++++++++++++++++++-------- app/views/admin/manage-users.blade.php | 24 ++++++++--------- 3 files changed, 51 insertions(+), 38 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/f065beeb/app/controllers/AdminController.php ---------------------------------------------------------------------- diff --git a/app/controllers/AdminController.php b/app/controllers/AdminController.php index 46caa9a..f52de91 100644 --- a/app/controllers/AdminController.php +++ b/app/controllers/AdminController.php @@ -152,7 +152,6 @@ class AdminController extends BaseController { //check if username exists if(Keycloak::usernameExists( Input::get("username")) ) { - // FIXME: this requires the user id not the username Keycloak::updateUserRoles(Input::get("username"), array( "new"=>array( Config::get('wsis::admin-role-name')), "deleted"=>array() ) ); return Redirect::to("admin/dashboard/users?role=" . Config::get('wsis::admin-role-name'))->with("Gateway Admin has been added."); } @@ -212,7 +211,7 @@ class AdminController extends BaseController { } public function addRolesToUser(){ - $currentRoles = Keycloak::getUserRoles(Input::get("userId")); + $currentRoles = Keycloak::getUserRoles(Input::get("username")); if(!is_array($currentRoles)) $currentRoles = array($currentRoles); $roles["new"] = array_diff(Input::all()["roles"], $currentRoles); @@ -228,14 +227,14 @@ class AdminController extends BaseController { unset($roles["deleted"][$index]); } - $userId = Input::all()["userId"]; - Keycloak::updateUserRoles($userId, $roles); - $newCurrentRoles = Keycloak::getUserRoles($userId); + $username = Input::all()["username"]; + Keycloak::updateUserRoles($username, $roles); + $newCurrentRoles = Keycloak::getUserRoles($username); if(in_array(Config::get("pga_config.wsis")["admin-role-name"], $newCurrentRoles) || in_array(Config::get("pga_config.wsis")["read-only-admin-role-name"], $newCurrentRoles) || in_array(Config::get("pga_config.wsis")["user-role-name"], $newCurrentRoles)){ - $userProfile = Keycloak::getUserProfile(Input::get("username")); + $userProfile = Keycloak::getUserProfile($username); $recipients = array($userProfile["email"]); - $this->sendAccessGrantedEmailToTheUser(Input::get("username"), $userId, $recipients); + $this->sendAccessGrantedEmailToTheUser(Input::get("username"), $recipients); // remove the initial role when the initial role isn't a privileged // role and the admin has now assigned the user to a privileged @@ -247,12 +246,12 @@ class AdminController extends BaseController { if(in_array($initialRoleName, $newCurrentRoles) && !in_array($initialRoleName, $roles["new"])) { $userRoles["new"] = array(); $userRoles["deleted"] = $initialRoleName; - Keycloak::updateUserRoles( $userId, $userRoles); + Keycloak::updateUserRoles( $username, $userRoles); } else if(in_array($initialRoleName, $newCurrentRoles) && in_array($initialRoleName, $roles["new"])) { // When initial role added remove all roles except for initial role and Internal/everyone $userRoles["new"] = array(); $userRoles["deleted"] = array_diff($newCurrentRoles, array($initialRoleName, "Internal/everyone")); - Keycloak::updateUserRoles( $userId, $userRoles); + Keycloak::updateUserRoles( $username, $userRoles); } } } @@ -278,13 +277,13 @@ class AdminController extends BaseController { public function removeRoleFromUser(){ $roles["deleted"] = array(Input::all()["roleName"]); $roles["new"] = array(); - $userId = Input::all()["userId"]; - Keycloak::updateUserRoles($userId, $roles); + $username = Input::all()["username"]; + Keycloak::updateUserRoles($username, $roles); return Redirect::to("admin/dashboard/roles")->with( "message", "Role has been deleted."); } public function getRoles(){ - return json_encode((array)Keycloak::getUserRoles(Input::get("userId"))); + return json_encode((array)Keycloak::getUserRoles(Input::get("username"))); } public function deleteRole(){ @@ -301,7 +300,7 @@ class AdminController extends BaseController { return View::make("admin/manage-credentials", array("tokens" => $tokens , "pwdTokens" => $pwdTokens) ); } - private function sendAccessGrantedEmailToTheUser($username, $userId, $recipients){ + private function sendAccessGrantedEmailToTheUser($username, $recipients){ $mail = new PHPMailer; http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/f065beeb/app/libraries/Keycloak/Keycloak.php ---------------------------------------------------------------------- diff --git a/app/libraries/Keycloak/Keycloak.php b/app/libraries/Keycloak/Keycloak.php index fd2e437..446b7ad 100644 --- a/app/libraries/Keycloak/Keycloak.php +++ b/app/libraries/Keycloak/Keycloak.php @@ -129,15 +129,15 @@ class Keycloak { /** * Function to list users * - * @return Array of username and user id + * @return Array of usernames */ public function listUsers(){ $users = $this->users->getUsers($this->realm); - $user_infos = []; + $usernames = []; foreach ($users as $user) { - $user_infos[] = array("username" => $user->username, "id" => $user->id); + $usernames[] = $user->username; } - return $user_infos; + return $usernames; } /** @@ -165,10 +165,12 @@ class Keycloak { * * @return array of role names */ - public function getUserRoles( $userid ){ + public function getUserRoles( $username ){ try { + // get userid from username + $user_id = $this->getUserId($username); // Get the user's realm roles, then convert to an array of just names - $roles = $this->role_mapper->getRealmRoleMappingsForUser($this->realm, $userid); + $roles = $this->role_mapper->getRealmRoleMappingsForUser($this->realm, $user_id); $role_names = []; foreach ($roles as $role) { $role_names[] = $role->name; @@ -182,14 +184,16 @@ class Keycloak { /** * Function to update role list of user * - * @param $user_id + * @param $username * @param $roles, an Array with two entries, "deleted" and "new", each of * which has a value of roles to be removed or added respectively * @return void */ - public function updateUserRoles( $user_id, $roles){ + public function updateUserRoles( $username, $roles){ // Log::debug("updateUserRoles", array($user_id, $roles)); try { + // get userid from username + $user_id = $this->getUserId($username); // Get all of the roles into an array keyed by role name $all_roles = $this->roles->getRoles($this->realm); $roles_by_name = []; @@ -240,12 +244,12 @@ class Keycloak { /** * Function to check whether a user exists with the given userId - * @param $user_id + * @param $username * @return bool */ - public function usernameExists($user_id){ + public function usernameExists($username){ try{ - $users = $this->users->getUsers($this->realm, $user_id); + $users = $this->users->getUsers($this->realm, $username); return $users != null && count($users) > 0; }catch (Exception $ex){ // Username does not exists @@ -253,6 +257,20 @@ class Keycloak { } } + /** + * Get the user's Keycloak user_id from their username + */ + private function getUserId($username) { + $users = $this->users->getUsers($this->realm, $username); + if (count($users) > 1) { + throw new Exception("More than one user has username $username"); + } else if (count($users) == 0) { + throw new Exception("No user found with username $username"); + } else { + return $users[0]->id; + } + } + private function getOpenIDConnectDiscoveryConfiguration() { // TODO: cache the result of the request http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/f065beeb/app/views/admin/manage-users.blade.php ---------------------------------------------------------------------- diff --git a/app/views/admin/manage-users.blade.php b/app/views/admin/manage-users.blade.php index 15818ae..9f36ca8 100644 --- a/app/views/admin/manage-users.blade.php +++ b/app/views/admin/manage-users.blade.php @@ -68,10 +68,10 @@ </tr> @foreach( (array)$users as $user) <tr class="user-row"> - <td>{{ $user["username"] }}</td> + <td>{{ $user }}</td> <td> <button class="button btn btn-default check-roles" type="button" - data-username="{{$user["username"]}}" data-userid="{{$user["id"]}}">Check All Roles + data-username="{{$user}}">Check All Roles </button> <div class="user-roles"></div> </td> @@ -113,7 +113,7 @@ @endif @endforeach </select> - <button type="button" class="btn btn-primary add-roles-submit" data-username="" data-userid="">Add Roles + <button type="button" class="btn btn-primary add-roles-submit" data-username="">Add Roles </button> </div> </div> @@ -161,12 +161,12 @@ type: "POST", url: $(".base-url").val() + "/admin/remove-role-from-user", data: { - userId: userId, + username: userName, roleName:$(this).attr("roleName") } }).complete(function (data) { //getting user's existing roles - repopulatePopup( userName, userId ); + repopulatePopup( userName); $(".success-message").html("<span class='alert alert-success col-md-12'>Role has been removed</span>"); }); } @@ -174,8 +174,7 @@ function update_users_existing_roles(that){ userName = $(that).data("username"); - userId = $(that).data("userid"); - repopulatePopup( userName, userId ); + repopulatePopup( userName); } $(".check-roles").click(function () { @@ -192,8 +191,7 @@ $(".success-message").html(""); $(this).attr("disabled", "disabled"); $(this).html("<img src='" + $(".base-url").val() + "/assets/ajax-loader.gif'/>"); - userId = $(this).data("userid"); - username = $(this).data("username"); + userName = $(this).data("username"); var rolesToAdd = $(".new-roles-select").val(); if(rolesToAdd != null){ $(".roles-list").find(".role-name").each(function () { @@ -204,8 +202,7 @@ url: $(".base-url").val() + "/admin/add-roles-to-user", data: { add: true, - userId: userId, - username: username, + username: userName, roles: rolesToAdd }, success : function(data) @@ -224,21 +221,20 @@ } }); - function repopulatePopup( userName, userId ){ + function repopulatePopup( username){ $("#check-role-block").modal("show"); $(".roles-of-user").html("User : " + userName); $(".roles-load").removeClass("hide"); $(".roles-list").addClass("hide"); $(".add-roles-submit").data("username", userName); - $(".add-roles-submit").data("userid", userId); $(document).find(".alert-success").remove(); $.ajax({ type: "POST", url: $(".base-url").val() + "/admin/check-roles", data: { - userId: userId + username: userName } }).complete(function (data) { roles = JSON.parse(data.responseText);
