You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/06/16 20:36:11 UTC
[08/50] [abbrv] airavata-php-gateway git commit: AIRAVATA-2342 Add
retrieval of Keycloak user profile
AIRAVATA-2342 Add retrieval of Keycloak user profile
Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/dd00dd4a
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/dd00dd4a
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/dd00dd4a
Branch: refs/heads/develop
Commit: dd00dd4a7496b1eb776a7addb25b32b7a3180f69
Parents: 68cfa16
Author: Marcus Christie <ma...@iu.edu>
Authored: Thu Mar 23 15:57:20 2017 -0400
Committer: Marcus Christie <ma...@iu.edu>
Committed: Thu Mar 23 15:57:20 2017 -0400
----------------------------------------------------------------------
app/controllers/AccountController.php | 9 +++++----
app/controllers/AdminController.php | 7 ++++---
app/libraries/Keycloak/API/Users.php | 30 +++++++++++++++++++++++++++++-
app/libraries/Keycloak/Keycloak.php | 13 +++++++++++++
app/libraries/SharingUtilities.php | 2 +-
5 files changed, 52 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/dd00dd4a/app/controllers/AccountController.php
----------------------------------------------------------------------
diff --git a/app/controllers/AccountController.php b/app/controllers/AccountController.php
index 1f69fcf..86f3259 100644
--- a/app/controllers/AccountController.php
+++ b/app/controllers/AccountController.php
@@ -59,7 +59,7 @@ class AccountController extends BaseController
/*add user to the initial role */
$initialRoleName = CommonUtilities::getInitialRoleName();
- $allRoles = WSIS::getAllRoles();
+ $allRoles = Keycloak::getAllRoles();
if(! in_array( $initialRoleName, $allRoles)){
WSIS::addRole( $initialRoleName);
}
@@ -74,7 +74,8 @@ class AccountController extends BaseController
$userRoles["new"] = array("gateway-provider", "admin");
}
$userRoles["deleted"] = array();
- WSIS::updateUserRoles( $username, $userRoles);
+ // FIXME: this requires the $user_id, not the $username
+ Keycloak::updateUserRoles( $username, $userRoles);
CommonUtilities::print_success_message('Account confirmation request was sent to your email account');
return View::make('home');
@@ -113,7 +114,7 @@ class AccountController extends BaseController
$refreshToken = $response->refresh_token;
$expirationTime = time() + $response->expires_in - 5; //5 seconds safe margin
- $userProfile = WSIS::getUserProfileFromOAuthToken($accessToken);
+ $userProfile = Keycloak::getUserProfileFromOAuthToken($accessToken);
$username = $userProfile['username'];
$userRoles = $userProfile['roles'];
@@ -412,7 +413,7 @@ class AccountController extends BaseController
$mail->isHTML(true);
$mail->Subject = "New User Account Was Created Successfully";
- $userProfile = WSIS::getUserProfile($username);
+ $userProfile = Keycloak::getUserProfile($username);
$wsisConfig = Config::get('pga_config.wsis');
if( $wsisConfig['tenant-domain'] == "")
$username = $username;
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/dd00dd4a/app/controllers/AdminController.php
----------------------------------------------------------------------
diff --git a/app/controllers/AdminController.php b/app/controllers/AdminController.php
index b2f95d7..e1a4ea5 100644
--- a/app/controllers/AdminController.php
+++ b/app/controllers/AdminController.php
@@ -152,7 +152,8 @@ class AdminController extends BaseController {
//check if username exists
if(WSIS::usernameExists( Input::get("username")) )
{
- WSIS::updateUserRoles(Input::get("username"), array( "new"=>array( Config::get('wsis::admin-role-name')), "deleted"=>array() ) );
+ // FIXME: this requires the user id not the username
+ Keycloak::updateUserRoles(Input::get("username"), array( "new"=>array( Config::get('wsis::admin-role-name')), "deleted"=>array() ) );
return Redirect::to("admin/dashboard/users?role=" . Config::get('wsis::admin-role-name'))->with("Gateway Admin has been added.");
}
else
@@ -234,7 +235,7 @@ class AdminController extends BaseController {
|| in_array(Config::get("pga_config.wsis")["user-role-name"], $newCurrentRoles)){
$userProfile = Keycloak::getUserProfile($userId);
$recipients = array($userProfile["email"]);
- $this->sendAccessGrantedEmailToTheUser(Input::get("username"), $recipients);
+ $this->sendAccessGrantedEmailToTheUser(Input::get("username"), $userId, $recipients);
// remove the initial role when the initial role isn't a privileged
// role and the admin has now assigned the user to a privileged
@@ -326,7 +327,7 @@ class AdminController extends BaseController {
$mail->isHTML(true);
$mail->Subject = "Your user account (".$username.") privileges changed!";
- $userProfile = WSIS::getUserProfile($userId);
+ $userProfile = Keycloak::getUserProfile($userId);
$wsisConfig = Config::get('pga_config.wsis');
if( $wsisConfig['tenant-domain'] == "")
$username = $username;
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/dd00dd4a/app/libraries/Keycloak/API/Users.php
----------------------------------------------------------------------
diff --git a/app/libraries/Keycloak/API/Users.php b/app/libraries/Keycloak/API/Users.php
index ac99995..c1c8aca 100644
--- a/app/libraries/Keycloak/API/Users.php
+++ b/app/libraries/Keycloak/API/Users.php
@@ -37,7 +37,35 @@ class Users {
$url = $url . '?username=' . rawurlencode($username);
}
// Log::debug("getUsers url", array($url));
- $r = curl_init($this->base_endpoint_url . '/admin/realms/' . rawurlencode($realm) . '/users');
+ $r = curl_init($url);
+ curl_setopt($r, CURLOPT_RETURNTRANSFER, 1);
+ curl_setopt($r, CURLOPT_ENCODING, 1);
+ curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
+ curl_setopt($r, CURLOPT_HTTPHEADER, array(
+ "Authorization: Bearer " . $access_token
+ ));
+
+ $response = curl_exec($r);
+ if ($response == false) {
+ die("curl_exec() failed. Error: " . curl_error($r));
+ }
+ $result = json_decode($response);
+ // Log::debug("getUsers result", array($result));
+ return $result;
+ }
+
+ /**
+ * Get representation of a user
+ * GET /admin/realms/{realm}/users/{id}
+ * Returns a UserRepresentation
+ */
+ public function getUser($realm, $user_id) {
+
+ // get access token for admin API
+ $access_token = $this->getAPIAccessToken();
+ $url = $this->base_endpoint_url . '/admin/realms/' . rawurlencode($realm) . '/users/' . rawurlencode($user_id);
+ // Log::debug("getUser url", array($url));
+ $r = curl_init($url);
curl_setopt($r, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($r, CURLOPT_ENCODING, 1);
curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/dd00dd4a/app/libraries/Keycloak/Keycloak.php
----------------------------------------------------------------------
diff --git a/app/libraries/Keycloak/Keycloak.php b/app/libraries/Keycloak/Keycloak.php
index a6d618b..56e2680 100644
--- a/app/libraries/Keycloak/Keycloak.php
+++ b/app/libraries/Keycloak/Keycloak.php
@@ -219,6 +219,19 @@ class Keycloak {
}
}
+ /**
+ * Function to get the user profile of a user
+ * @param $user_id
+ */
+ public function getUserProfile($user_id){
+ $user = $this->users->getUser($this->realm, $user_id);
+ $result = [];
+ $result["email"] = $user->email;
+ $result["firstname"] = $user->firstName;
+ $result["lastname"] = $user->lastName;
+ return $result;
+ }
+
private function getOpenIDConnectDiscoveryConfiguration() {
// TODO: cache the result of the request
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/dd00dd4a/app/libraries/SharingUtilities.php
----------------------------------------------------------------------
diff --git a/app/libraries/SharingUtilities.php b/app/libraries/SharingUtilities.php
index b689b24..aea9675 100755
--- a/app/libraries/SharingUtilities.php
+++ b/app/libraries/SharingUtilities.php
@@ -92,7 +92,7 @@ class SharingUtilities {
});
$profiles = array();
foreach ($uids as $uid) {
- $profiles[$uid] = WSIS::getUserProfile($uid);
+ $profiles[$uid] = Keycloak::getUserProfile($uid);
}
return $profiles;
}