AIRAVATA-2342 Add retrieval of Keycloak user profile
Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/dd00dd4a Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/dd00dd4a Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/dd00dd4a Branch: refs/heads/develop Commit: dd00dd4a7496b1eb776a7addb25b32b7a3180f69 Parents: 68cfa16 Author: Marcus Christie <[email protected]> Authored: Thu Mar 23 15:57:20 2017 -0400 Committer: Marcus Christie <[email protected]> Committed: Thu Mar 23 15:57:20 2017 -0400 ---------------------------------------------------------------------- app/controllers/AccountController.php | 9 +++++---- app/controllers/AdminController.php | 7 ++++--- app/libraries/Keycloak/API/Users.php | 30 +++++++++++++++++++++++++++++- app/libraries/Keycloak/Keycloak.php | 13 +++++++++++++ app/libraries/SharingUtilities.php | 2 +- 5 files changed, 52 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/dd00dd4a/app/controllers/AccountController.php ---------------------------------------------------------------------- diff --git a/app/controllers/AccountController.php b/app/controllers/AccountController.php index 1f69fcf..86f3259 100644 --- a/app/controllers/AccountController.php +++ b/app/controllers/AccountController.php @@ -59,7 +59,7 @@ class AccountController extends BaseController /*add user to the initial role */ $initialRoleName = CommonUtilities::getInitialRoleName(); - $allRoles = WSIS::getAllRoles(); + $allRoles = Keycloak::getAllRoles(); if(! in_array( $initialRoleName, $allRoles)){ WSIS::addRole( $initialRoleName); } @@ -74,7 +74,8 @@ class AccountController extends BaseController $userRoles["new"] = array("gateway-provider", "admin"); } $userRoles["deleted"] = array(); - WSIS::updateUserRoles( $username, $userRoles); + // FIXME: this requires the $user_id, not the $username + Keycloak::updateUserRoles( $username, $userRoles); CommonUtilities::print_success_message('Account confirmation request was sent to your email account'); return View::make('home'); @@ -113,7 +114,7 @@ class AccountController extends BaseController $refreshToken = $response->refresh_token; $expirationTime = time() + $response->expires_in - 5; //5 seconds safe margin - $userProfile = WSIS::getUserProfileFromOAuthToken($accessToken); + $userProfile = Keycloak::getUserProfileFromOAuthToken($accessToken); $username = $userProfile['username']; $userRoles = $userProfile['roles']; @@ -412,7 +413,7 @@ class AccountController extends BaseController $mail->isHTML(true); $mail->Subject = "New User Account Was Created Successfully"; - $userProfile = WSIS::getUserProfile($username); + $userProfile = Keycloak::getUserProfile($username); $wsisConfig = Config::get('pga_config.wsis'); if( $wsisConfig['tenant-domain'] == "") $username = $username; http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/dd00dd4a/app/controllers/AdminController.php ---------------------------------------------------------------------- diff --git a/app/controllers/AdminController.php b/app/controllers/AdminController.php index b2f95d7..e1a4ea5 100644 --- a/app/controllers/AdminController.php +++ b/app/controllers/AdminController.php @@ -152,7 +152,8 @@ class AdminController extends BaseController { //check if username exists if(WSIS::usernameExists( Input::get("username")) ) { - WSIS::updateUserRoles(Input::get("username"), array( "new"=>array( Config::get('wsis::admin-role-name')), "deleted"=>array() ) ); + // FIXME: this requires the user id not the username + Keycloak::updateUserRoles(Input::get("username"), array( "new"=>array( Config::get('wsis::admin-role-name')), "deleted"=>array() ) ); return Redirect::to("admin/dashboard/users?role=" . Config::get('wsis::admin-role-name'))->with("Gateway Admin has been added."); } else @@ -234,7 +235,7 @@ class AdminController extends BaseController { || in_array(Config::get("pga_config.wsis")["user-role-name"], $newCurrentRoles)){ $userProfile = Keycloak::getUserProfile($userId); $recipients = array($userProfile["email"]); - $this->sendAccessGrantedEmailToTheUser(Input::get("username"), $recipients); + $this->sendAccessGrantedEmailToTheUser(Input::get("username"), $userId, $recipients); // remove the initial role when the initial role isn't a privileged // role and the admin has now assigned the user to a privileged @@ -326,7 +327,7 @@ class AdminController extends BaseController { $mail->isHTML(true); $mail->Subject = "Your user account (".$username.") privileges changed!"; - $userProfile = WSIS::getUserProfile($userId); + $userProfile = Keycloak::getUserProfile($userId); $wsisConfig = Config::get('pga_config.wsis'); if( $wsisConfig['tenant-domain'] == "") $username = $username; http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/dd00dd4a/app/libraries/Keycloak/API/Users.php ---------------------------------------------------------------------- diff --git a/app/libraries/Keycloak/API/Users.php b/app/libraries/Keycloak/API/Users.php index ac99995..c1c8aca 100644 --- a/app/libraries/Keycloak/API/Users.php +++ b/app/libraries/Keycloak/API/Users.php @@ -37,7 +37,35 @@ class Users { $url = $url . '?username=' . rawurlencode($username); } // Log::debug("getUsers url", array($url)); - $r = curl_init($this->base_endpoint_url . '/admin/realms/' . rawurlencode($realm) . '/users'); + $r = curl_init($url); + curl_setopt($r, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($r, CURLOPT_ENCODING, 1); + curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer); + curl_setopt($r, CURLOPT_HTTPHEADER, array( + "Authorization: Bearer " . $access_token + )); + + $response = curl_exec($r); + if ($response == false) { + die("curl_exec() failed. Error: " . curl_error($r)); + } + $result = json_decode($response); + // Log::debug("getUsers result", array($result)); + return $result; + } + + /** + * Get representation of a user + * GET /admin/realms/{realm}/users/{id} + * Returns a UserRepresentation + */ + public function getUser($realm, $user_id) { + + // get access token for admin API + $access_token = $this->getAPIAccessToken(); + $url = $this->base_endpoint_url . '/admin/realms/' . rawurlencode($realm) . '/users/' . rawurlencode($user_id); + // Log::debug("getUser url", array($url)); + $r = curl_init($url); curl_setopt($r, CURLOPT_RETURNTRANSFER, 1); curl_setopt($r, CURLOPT_ENCODING, 1); curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer); http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/dd00dd4a/app/libraries/Keycloak/Keycloak.php ---------------------------------------------------------------------- diff --git a/app/libraries/Keycloak/Keycloak.php b/app/libraries/Keycloak/Keycloak.php index a6d618b..56e2680 100644 --- a/app/libraries/Keycloak/Keycloak.php +++ b/app/libraries/Keycloak/Keycloak.php @@ -219,6 +219,19 @@ class Keycloak { } } + /** + * Function to get the user profile of a user + * @param $user_id + */ + public function getUserProfile($user_id){ + $user = $this->users->getUser($this->realm, $user_id); + $result = []; + $result["email"] = $user->email; + $result["firstname"] = $user->firstName; + $result["lastname"] = $user->lastName; + return $result; + } + private function getOpenIDConnectDiscoveryConfiguration() { // TODO: cache the result of the request http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/dd00dd4a/app/libraries/SharingUtilities.php ---------------------------------------------------------------------- diff --git a/app/libraries/SharingUtilities.php b/app/libraries/SharingUtilities.php index b689b24..aea9675 100755 --- a/app/libraries/SharingUtilities.php +++ b/app/libraries/SharingUtilities.php @@ -92,7 +92,7 @@ class SharingUtilities { }); $profiles = array(); foreach ($uids as $uid) { - $profiles[$uid] = WSIS::getUserProfile($uid); + $profiles[$uid] = Keycloak::getUserProfile($uid); } return $profiles; }
