airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From machris...@apache.org
Subject airavata-php-gateway git commit: AIRAVATA-2342 Reverting to using username in API
Date Sat, 25 Mar 2017 17:37:39 GMT
Repository: airavata-php-gateway
Updated Branches:
  refs/heads/keycloak-integration e4c524e89 -> f065beeb7


AIRAVATA-2342 Reverting to using username in API

One difference between the Keycloak API and the WSO2 IS API is that
where WSO2 IS expects the username, Keycloak expects the Keycloak user
id.  This made for a mismatch in how to call the facade for WSO2 IS and
Keycloak.  However, now that I have a way to get the user id from the
username, I was able to revert some changes earlier so that now WSO2 IS
and Keycloak facades support the same methods.


Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/f065beeb
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/f065beeb
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/f065beeb

Branch: refs/heads/keycloak-integration
Commit: f065beeb7f84db9347fe3afdd7d0cac84b5f9e15
Parents: e4c524e
Author: Marcus Christie <machrist@iu.edu>
Authored: Sat Mar 25 13:36:45 2017 -0400
Committer: Marcus Christie <machrist@iu.edu>
Committed: Sat Mar 25 13:36:45 2017 -0400

----------------------------------------------------------------------
 app/controllers/AdminController.php    | 25 +++++++++---------
 app/libraries/Keycloak/Keycloak.php    | 40 +++++++++++++++++++++--------
 app/views/admin/manage-users.blade.php | 24 ++++++++---------
 3 files changed, 51 insertions(+), 38 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/f065beeb/app/controllers/AdminController.php
----------------------------------------------------------------------
diff --git a/app/controllers/AdminController.php b/app/controllers/AdminController.php
index 46caa9a..f52de91 100644
--- a/app/controllers/AdminController.php
+++ b/app/controllers/AdminController.php
@@ -152,7 +152,6 @@ class AdminController extends BaseController {
 		//check if username exists
 		if(Keycloak::usernameExists( Input::get("username")) )
 		{
-			// FIXME: this requires the user id not the username
             Keycloak::updateUserRoles(Input::get("username"), array( "new"=>array( Config::get('wsis::admin-role-name')),
"deleted"=>array() ) );
 			return Redirect::to("admin/dashboard/users?role=" . Config::get('wsis::admin-role-name'))->with("Gateway
Admin has been added.");
 		}
@@ -212,7 +211,7 @@ class AdminController extends BaseController {
 	}
 
     public function addRolesToUser(){
-        $currentRoles = Keycloak::getUserRoles(Input::get("userId"));
+        $currentRoles = Keycloak::getUserRoles(Input::get("username"));
 		if(!is_array($currentRoles))
 			$currentRoles = array($currentRoles);
         $roles["new"] = array_diff(Input::all()["roles"], $currentRoles);
@@ -228,14 +227,14 @@ class AdminController extends BaseController {
             unset($roles["deleted"][$index]);
         }
 
-        $userId = Input::all()["userId"];
-        Keycloak::updateUserRoles($userId, $roles);
-        $newCurrentRoles = Keycloak::getUserRoles($userId);
+        $username = Input::all()["username"];
+        Keycloak::updateUserRoles($username, $roles);
+        $newCurrentRoles = Keycloak::getUserRoles($username);
         if(in_array(Config::get("pga_config.wsis")["admin-role-name"], $newCurrentRoles)
|| in_array(Config::get("pga_config.wsis")["read-only-admin-role-name"], $newCurrentRoles)
                 || in_array(Config::get("pga_config.wsis")["user-role-name"], $newCurrentRoles)){
-            $userProfile = Keycloak::getUserProfile(Input::get("username"));
+            $userProfile = Keycloak::getUserProfile($username);
             $recipients = array($userProfile["email"]);
-            $this->sendAccessGrantedEmailToTheUser(Input::get("username"), $userId, $recipients);
+            $this->sendAccessGrantedEmailToTheUser(Input::get("username"), $recipients);
 
             // remove the initial role when the initial role isn't a privileged
             // role and the admin has now assigned the user to a privileged
@@ -247,12 +246,12 @@ class AdminController extends BaseController {
                 if(in_array($initialRoleName, $newCurrentRoles) && !in_array($initialRoleName,
$roles["new"])) {
                     $userRoles["new"] = array();
                     $userRoles["deleted"] = $initialRoleName;
-                    Keycloak::updateUserRoles( $userId, $userRoles);
+                    Keycloak::updateUserRoles( $username, $userRoles);
                 } else if(in_array($initialRoleName, $newCurrentRoles) && in_array($initialRoleName,
$roles["new"])) {
                     // When initial role added remove all roles except for initial role and
Internal/everyone
                     $userRoles["new"] = array();
                     $userRoles["deleted"] = array_diff($newCurrentRoles, array($initialRoleName,
"Internal/everyone"));
-                    Keycloak::updateUserRoles( $userId, $userRoles);
+                    Keycloak::updateUserRoles( $username, $userRoles);
                 }
             }
         }
@@ -278,13 +277,13 @@ class AdminController extends BaseController {
     public function removeRoleFromUser(){
         $roles["deleted"] = array(Input::all()["roleName"]);
         $roles["new"] = array();
-        $userId = Input::all()["userId"];
-        Keycloak::updateUserRoles($userId, $roles);
+        $username = Input::all()["username"];
+        Keycloak::updateUserRoles($username, $roles);
         return Redirect::to("admin/dashboard/roles")->with( "message", "Role has been
deleted.");
     }
 
 	public function getRoles(){
-		return json_encode((array)Keycloak::getUserRoles(Input::get("userId")));
+		return json_encode((array)Keycloak::getUserRoles(Input::get("username")));
 	}
 
 	public function deleteRole(){
@@ -301,7 +300,7 @@ class AdminController extends BaseController {
 		return View::make("admin/manage-credentials", array("tokens" => $tokens , "pwdTokens"
=> $pwdTokens) );
 	}
 
-	private function sendAccessGrantedEmailToTheUser($username, $userId, $recipients){
+	private function sendAccessGrantedEmailToTheUser($username, $recipients){
 
 		$mail = new PHPMailer;
 

http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/f065beeb/app/libraries/Keycloak/Keycloak.php
----------------------------------------------------------------------
diff --git a/app/libraries/Keycloak/Keycloak.php b/app/libraries/Keycloak/Keycloak.php
index fd2e437..446b7ad 100644
--- a/app/libraries/Keycloak/Keycloak.php
+++ b/app/libraries/Keycloak/Keycloak.php
@@ -129,15 +129,15 @@ class Keycloak {
     /**
      * Function to list users
      *
-     * @return Array of username and user id
+     * @return Array of usernames
      */
     public function listUsers(){
         $users = $this->users->getUsers($this->realm);
-        $user_infos = [];
+        $usernames = [];
         foreach ($users as $user) {
-            $user_infos[] = array("username" => $user->username, "id" => $user->id);
+            $usernames[] = $user->username;
         }
-        return $user_infos;
+        return $usernames;
     }
 
     /**
@@ -165,10 +165,12 @@ class Keycloak {
      *
      * @return array of role names
      */
-    public function getUserRoles( $userid ){
+    public function getUserRoles( $username ){
         try {
+            // get userid from username
+            $user_id = $this->getUserId($username);
             // Get the user's realm roles, then convert to an array of just names
-            $roles = $this->role_mapper->getRealmRoleMappingsForUser($this->realm,
$userid);
+            $roles = $this->role_mapper->getRealmRoleMappingsForUser($this->realm,
$user_id);
             $role_names = [];
             foreach ($roles as $role) {
                 $role_names[] = $role->name;
@@ -182,14 +184,16 @@ class Keycloak {
     /**
      * Function to update role list of user
      *
-     * @param $user_id
+     * @param $username
      * @param $roles, an Array with two entries, "deleted" and "new", each of
      * which has a value of roles to be removed or added respectively
      * @return void
      */
-    public function updateUserRoles( $user_id, $roles){
+    public function updateUserRoles( $username, $roles){
         // Log::debug("updateUserRoles", array($user_id, $roles));
         try {
+            // get userid from username
+            $user_id = $this->getUserId($username);
             // Get all of the roles into an array keyed by role name
             $all_roles = $this->roles->getRoles($this->realm);
             $roles_by_name = [];
@@ -240,12 +244,12 @@ class Keycloak {
 
     /**
      * Function to check whether a user exists with the given userId
-     * @param $user_id
+     * @param $username
      * @return bool
      */
-    public function usernameExists($user_id){
+    public function usernameExists($username){
         try{
-            $users = $this->users->getUsers($this->realm, $user_id);
+            $users = $this->users->getUsers($this->realm, $username);
             return $users != null && count($users) > 0;
         }catch (Exception $ex){
             // Username does not exists
@@ -253,6 +257,20 @@ class Keycloak {
         }
     }
 
+    /**
+     * Get the user's Keycloak user_id from their username
+     */
+    private function getUserId($username) {
+        $users = $this->users->getUsers($this->realm, $username);
+        if (count($users) > 1) {
+            throw new Exception("More than one user has username $username");
+        } else if (count($users) == 0) {
+            throw new Exception("No user found with username $username");
+        } else {
+            return $users[0]->id;
+        }
+    }
+
     private function getOpenIDConnectDiscoveryConfiguration() {
 
         // TODO: cache the result of the request

http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/f065beeb/app/views/admin/manage-users.blade.php
----------------------------------------------------------------------
diff --git a/app/views/admin/manage-users.blade.php b/app/views/admin/manage-users.blade.php
index 15818ae..9f36ca8 100644
--- a/app/views/admin/manage-users.blade.php
+++ b/app/views/admin/manage-users.blade.php
@@ -68,10 +68,10 @@
                     </tr>
                     @foreach( (array)$users as $user)
                     <tr class="user-row">
-                        <td>{{ $user["username"] }}</td>
+                        <td>{{ $user }}</td>
                         <td>
                             <button class="button btn btn-default check-roles" type="button"
-                                    data-username="{{$user["username"]}}" data-userid="{{$user["id"]}}">Check
All Roles
+                                    data-username="{{$user}}">Check All Roles
                             </button>
                             <div class="user-roles"></div>
                         </td>
@@ -113,7 +113,7 @@
                                 @endif
                             @endforeach
                         </select>
-                        <button type="button" class="btn btn-primary add-roles-submit"
data-username="" data-userid="">Add Roles
+                        <button type="button" class="btn btn-primary add-roles-submit"
data-username="">Add Roles
                         </button>
                     </div>
                 </div>
@@ -161,12 +161,12 @@
                 type: "POST",
                 url: $(".base-url").val() + "/admin/remove-role-from-user",
                 data: {
-                    userId: userId,
+                    username: userName,
                     roleName:$(this).attr("roleName")
                 }
             }).complete(function (data) {
                 //getting user's existing roles
-                repopulatePopup( userName, userId );
+                repopulatePopup( userName);
                 $(".success-message").html("<span class='alert alert-success col-md-12'>Role
has been removed</span>");
             });
         }
@@ -174,8 +174,7 @@
 
     function update_users_existing_roles(that){
         userName = $(that).data("username");
-        userId = $(that).data("userid");
-        repopulatePopup( userName, userId );
+        repopulatePopup( userName);
     }
 
     $(".check-roles").click(function () {
@@ -192,8 +191,7 @@
         $(".success-message").html("");
         $(this).attr("disabled", "disabled");
         $(this).html("<img src='" + $(".base-url").val() + "/assets/ajax-loader.gif'/>");
-        userId = $(this).data("userid");
-        username = $(this).data("username");
+        userName = $(this).data("username");
         var rolesToAdd = $(".new-roles-select").val();
         if(rolesToAdd != null){
             $(".roles-list").find(".role-name").each(function () {
@@ -204,8 +202,7 @@
                 url: $(".base-url").val() + "/admin/add-roles-to-user",
                 data: {
                     add: true,
-                    userId: userId,
-                    username: username,
+                    username: userName,
                     roles: rolesToAdd
                 },
                 success : function(data)
@@ -224,21 +221,20 @@
         }
     });
 
-    function repopulatePopup( userName, userId ){
+    function repopulatePopup( username){
 
         $("#check-role-block").modal("show");
         $(".roles-of-user").html("User : " + userName);
         $(".roles-load").removeClass("hide");
         $(".roles-list").addClass("hide");
         $(".add-roles-submit").data("username", userName);
-        $(".add-roles-submit").data("userid", userId);
         $(document).find(".alert-success").remove();
 
         $.ajax({
             type: "POST",
             url: $(".base-url").val() + "/admin/check-roles",
             data: {
-                userId: userId
+                username: userName
             }
         }).complete(function (data) {
             roles = JSON.parse(data.responseText);


Mime
View raw message