Skip to content

Commit

Permalink
formatting run
Browse files Browse the repository at this point in the history
  • Loading branch information
xgp committed Apr 9, 2024
1 parent 43be354 commit e6d9c41
Show file tree
Hide file tree
Showing 10 changed files with 102 additions and 128 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -29,18 +29,16 @@ public class ActiveOrganizationAuthenticator implements Authenticator {
private static final String ERROR_FORM = "error.ftl";

public ActiveOrganizationAuthenticator(KeycloakSession session) {
this.provider = session.getProvider(OrganizationProvider.class);
this.provider = session.getProvider(OrganizationProvider.class);
}

@Override
public void authenticate(AuthenticationFlowContext context) {
if (requestHasAccountHintParam(context)) {
evaluateAuthenticationWithAccountHint(context);
}
else if (shouldChallengeForOrganizationSelection(context)) {
} else if (shouldChallengeForOrganizationSelection(context)) {
tryOrganizationSelectionChallenge(context);
}
else {
} else {
context.success();
}
}
Expand Down Expand Up @@ -77,7 +75,8 @@ private String getOrganizationIdFromAccountHint(AuthenticationFlowContext contex
}
}

private void evaluateAuthenticationChallenge(AuthenticationFlowContext context, String organizationId) {
private void evaluateAuthenticationChallenge(
AuthenticationFlowContext context, String organizationId) {
if (hasMembership(context, organizationId)) {
updateActiveOrganizationAttributeAndSucceedChallenge(context, organizationId);
} else {
Expand All @@ -86,7 +85,8 @@ private void evaluateAuthenticationChallenge(AuthenticationFlowContext context,
}

private boolean hasMembership(AuthenticationFlowContext context, String organizationId) {
if (provider.getUserOrganizationsStream(context.getRealm(), context.getUser())
if (provider
.getUserOrganizationsStream(context.getRealm(), context.getUser())
.noneMatch(org -> org.getId().equals(organizationId))) {
log.errorf("User isn't a member of this organization");
return false;
Expand All @@ -95,11 +95,10 @@ private boolean hasMembership(AuthenticationFlowContext context, String organiza
}

private void updateActiveOrganizationAttributeAndSucceedChallenge(
AuthenticationFlowContext context,
String organizationIdFromHint
) {
AuthenticationFlowContext context, String organizationIdFromHint) {
log.debugf("Authentication Challenge Success");
context.getUser()
context
.getUser()
.setAttribute(ACTIVE_ORGANIZATION, Collections.singletonList(organizationIdFromHint));
context.success();
}
Expand All @@ -122,18 +121,17 @@ private boolean shouldChallengeForOrganizationSelection(AuthenticationFlowContex
}

private void tryOrganizationSelectionChallenge(AuthenticationFlowContext context) {
List<OrganizationModel> organizations = provider
.getUserOrganizationsStream(context.getRealm(), context.getUser()).toList();
List<OrganizationModel> organizations =
provider.getUserOrganizationsStream(context.getRealm(), context.getUser()).toList();

if (organizations.isEmpty()) {
log.warnf("Select organization challenge couldn't be performed because the user has no organization.");
log.warnf(
"Select organization challenge couldn't be performed because the user has no organization.");
failChallenge(context, "noOrganizationError");
}
else if (organizations.size() == 1) {
} else if (organizations.size() == 1) {
log.infof("User has 1 organization, skip organization selection challenge.");
updateActiveOrganizationAttributeAndSucceedChallenge(context, organizations.get(0).getId());
}
else {
} else {
LoginFormsProvider loginForm = context.form();
loginForm.setAttribute("organizations", organizations);
context.challenge(loginForm.createForm("select-organization.ftl"));
Expand All @@ -160,14 +158,14 @@ public boolean requiresUser() {
}

@Override
public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel,
UserModel userModel) {
public boolean configuredFor(
KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
return true;
}

@Override
public void setRequiredActions(KeycloakSession keycloakSession, RealmModel realmModel,
UserModel userModel) {}
public void setRequiredActions(
KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {}

@Override
public void close() {}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,8 @@ public class ActiveOrganizationAuthenticatorFactory implements AuthenticatorFact
public static final String PROVIDER_HELP_TEXT = "Select the current Organization on Login";

private static final AuthenticationExecutionModel.Requirement[] REQUIREMENT_CHOICES = {
AuthenticationExecutionModel.Requirement.REQUIRED,
AuthenticationExecutionModel.Requirement.DISABLED
AuthenticationExecutionModel.Requirement.REQUIRED,
AuthenticationExecutionModel.Requirement.DISABLED
};

@Override
Expand Down Expand Up @@ -101,12 +101,12 @@ public void postInit(KeycloakSessionFactory factory) {
} else if (event instanceof PostMigrationEvent) {
log.debug("PostMigrationEvent");
if (KC_ORGS_SKIP_MIGRATION == null) {
log.info("initializing active organization user profile attribute following migration");
log.info(
"initializing active organization user profile attribute following migration");
KeycloakModelUtils.runJobInTransaction(factory, this::postMigrationCreateAuthFlow);
}
}
}
);
});
}

@Override
Expand All @@ -121,8 +121,7 @@ private void postMigrationCreateAuthFlow(KeycloakSession session) {
realm -> {
createOrgBrowserFlow(realm);
createOrgDirectGrantFlow(realm);
}
);
});
}

private void createOrgBrowserFlow(RealmModel realm) {
Expand Down Expand Up @@ -285,7 +284,8 @@ private void conditionalOtp(String parentFlowId, RealmModel realm, String alias,
conditionalOTP.setTopLevel(false);
conditionalOTP.setBuiltIn(true);
conditionalOTP.setAlias(alias);
conditionalOTP.setDescription("Flow to determine if the OTP is required for the authentication");
conditionalOTP.setDescription(
"Flow to determine if the OTP is required for the authentication");
conditionalOTP.setProviderId(AuthenticationFlow.BASIC_FLOW);
conditionalOTP = realm.addAuthenticationFlow(conditionalOTP);
AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
package io.phasetwo.service.datastore;

import static io.phasetwo.service.Orgs.ORG_OWNER_CONFIG_KEY;
import static org.keycloak.models.utils.StripSecretsUtils.stripForExport;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.phasetwo.service.datastore.representation.KeycloakOrgsRealmRepresentation;
Expand All @@ -14,6 +17,13 @@
import jakarta.ws.rs.NotAuthorizedException;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.MediaType;
import java.io.IOException;
import java.io.InputStream;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import lombok.extern.jbosslog.JBossLog;
import org.keycloak.common.util.CollectionUtil;
import org.keycloak.exportimport.ExportAdapter;
Expand All @@ -37,17 +47,6 @@
import org.keycloak.storage.datastore.DefaultExportImportManager;
import org.keycloak.util.JsonSerialization;

import java.io.IOException;
import java.io.InputStream;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;

import static io.phasetwo.service.Orgs.ORG_OWNER_CONFIG_KEY;
import static org.keycloak.models.utils.StripSecretsUtils.stripForExport;

@JBossLog
public class KeycloakOrgsExportImportManager extends DefaultExportImportManager {
private final KeycloakSession session;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,15 +57,15 @@ public ActiveOrganizationMapper() {
@Override
protected Map<String, Object> getOrganizationClaim(
KeycloakSession session, RealmModel realm, UserModel user, ProtocolMapperModel mappingModel) {
ActiveOrganization activeOrganizationUtil = ActiveOrganization.fromContext(session, realm, user);
ActiveOrganization activeOrganizationUtil =
ActiveOrganization.fromContext(session, realm, user);

if (!activeOrganizationUtil.isValid()) {
return Maps.newHashMap();
}

String inputProperties = mappingModel.getConfig().get(INCLUDED_ORGANIZATION_PROPERTIES);
List<String> properties = Arrays.asList(inputProperties.replaceAll("\\s", "")
.split(","));
List<String> properties = Arrays.asList(inputProperties.replaceAll("\\s", "").split(","));

Map<String, Object> claim = Maps.newHashMap();
if (properties.contains(ID)) {
Expand Down
11 changes: 5 additions & 6 deletions src/main/java/io/phasetwo/service/resource/MembersResource.java
Original file line number Diff line number Diff line change
Expand Up @@ -69,19 +69,18 @@ public Response removeMember(@PathParam("userId") String userId) {

if (!organization.hasMembership(member)) throw new NotFoundException();

ActiveOrganization activeOrganizationUtil = ActiveOrganization
.fromContext(session, realm, member);
if (activeOrganizationUtil.isValid() &&
activeOrganizationUtil.isCurrentActiveOrganization(organization.getId())) {
ActiveOrganization activeOrganizationUtil =
ActiveOrganization.fromContext(session, realm, member);
if (activeOrganizationUtil.isValid()
&& activeOrganizationUtil.isCurrentActiveOrganization(organization.getId())) {
member.setAttribute(ACTIVE_ORGANIZATION, new ArrayList<>());

EventBuilder event = new EventBuilder(realm, session, connection);
event
.event(UPDATE_PROFILE)
.user(user)
.detail(
"removed_active_organization_id",
activeOrganizationUtil.getOrganization().getId())
"removed_active_organization_id", activeOrganizationUtil.getOrganization().getId())
.success();
}

Expand Down
4 changes: 2 additions & 2 deletions src/main/java/io/phasetwo/service/resource/UserResource.java
Original file line number Diff line number Diff line change
Expand Up @@ -108,8 +108,8 @@ public Response switchActiveOrganization(@Valid SwitchOrganization body) {
@Path("/active-organization")
@Produces(MediaType.APPLICATION_JSON)
public Organization getActiveOrganization() {
ActiveOrganization activeOrganizationUtil = ActiveOrganization
.fromContext(session, realm, auth.getUser());
ActiveOrganization activeOrganizationUtil =
ActiveOrganization.fromContext(session, realm, auth.getUser());

if (!activeOrganizationUtil.isValid()) {
throw new NotAuthorizedException("Action not allowed.");
Expand Down
12 changes: 6 additions & 6 deletions src/main/java/io/phasetwo/service/util/ActiveOrganization.java
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,7 @@ public class ActiveOrganization {
private final RealmModel realm;
private final UserModel user;
private final OrganizationProvider organizationProvider;
@Getter()
private final OrganizationModel organization;
@Getter() private final OrganizationModel organization;

public static ActiveOrganization fromContext(
KeycloakSession session, RealmModel realm, UserModel user) {
Expand All @@ -32,8 +31,10 @@ private ActiveOrganization(KeycloakSession session, RealmModel realm, UserModel
this.realm = realm;
this.user = user;
this.organizationProvider = session.getProvider(OrganizationProvider.class);
this.organization = userHasActiveOrganizationAttribute() ?
initializeActiveOrganization() : initializeDefaultActiveOrganization();
this.organization =
userHasActiveOrganizationAttribute()
? initializeActiveOrganization()
: initializeDefaultActiveOrganization();
clearOutdatedActiveOrganizationAttribute();
}

Expand All @@ -54,8 +55,7 @@ private OrganizationModel initializeDefaultActiveOrganization() {
private void clearOutdatedActiveOrganizationAttribute() {
if (!userHasOrganization() && userHasActiveOrganizationAttribute()) {
user.setAttribute(ACTIVE_ORGANIZATION, new ArrayList<>());
}
else if (organizationProvider
} else if (organizationProvider
.getUserOrganizationsStream(realm, user)
.noneMatch(org -> org.getId().equals(getActiveOrganizationIdFromAttribute()))) {
log.warnf("%s doesn't belong to this organization", user.getUsername());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,8 @@

public class AbstractCypressOrganizationTest {

protected static final boolean RUN_CYPRESS = Boolean.parseBoolean(System.getProperty("include.cypress", "false"));
protected static final boolean RUN_CYPRESS =
Boolean.parseBoolean(System.getProperty("include.cypress", "false"));

public static final String KEYCLOAK_IMAGE =
String.format(
Expand All @@ -46,12 +47,12 @@ public class AbstractCypressOrganizationTest {
public static final String ADMIN_CLI = "admin-cli";

static final String[] deps = {
"dnsjava:dnsjava",
"org.wildfly.client:wildfly-client-config",
"org.jboss.resteasy:resteasy-client",
"org.jboss.resteasy:resteasy-client-api",
"org.keycloak:keycloak-admin-client",
"io.phasetwo.keycloak:keycloak-events"
"dnsjava:dnsjava",
"org.wildfly.client:wildfly-client-config",
"org.jboss.resteasy:resteasy-client",
"org.jboss.resteasy:resteasy-client-api",
"org.keycloak:keycloak-admin-client",
"io.phasetwo.keycloak:keycloak-events"
};

static List<File> getDeps() {
Expand Down Expand Up @@ -90,7 +91,7 @@ static List<File> getDep(String pkg) {
@BeforeAll
public static void beforeAll() {
if (!RUN_CYPRESS) {
return; //do nothing
return; // do nothing
}

Testcontainers.exposeHostPorts(WEBHOOK_SERVER_PORT);
Expand Down Expand Up @@ -239,24 +240,21 @@ protected void createPublicClient(String clientId) {
attributes.put("oidc.ciba.grant.enabled", false);
body.putIfAbsent("attributes", attributes);

Response response =
getAdminRootRequest().body(body).post("clients").andReturn();
Response response = getAdminRootRequest().body(body).post("clients").andReturn();
assertThat(response.getStatusCode(), is(Status.CREATED.getStatusCode()));
}

private String getClientId(String clientName) throws JsonProcessingException {
// get clients
Response response =
getAdminRootRequest().when().get("clients?first=0&max=20").andReturn();
Response response = getAdminRootRequest().when().get("clients?first=0&max=20").andReturn();
assertThat(response.getStatusCode(), is(Status.OK.getStatusCode()));

return getElementId(response, "clientId", clientName);
}

private String getElementId(Response response, String targetKey, String targetValue)
throws JsonProcessingException {
ArrayNode clientArrayNode =
(ArrayNode) objectMapper().readTree(response.getBody().asString());
ArrayNode clientArrayNode = (ArrayNode) objectMapper().readTree(response.getBody().asString());
String id = "";
for (JsonNode clientJsonNode : clientArrayNode) {
if (clientJsonNode.get(targetKey).asText().equals(targetValue)) {
Expand All @@ -271,38 +269,25 @@ private String getElementId(Response response, String targetKey, String targetVa

private RequestSpecification getAdminRootRequest() {
return given()
.baseUri(container.getAuthServerUrl())
.basePath("/admin/realms/" + REALM + "/")
.contentType("application/json")
.auth()
.oauth2(keycloak.tokenManager().getAccessTokenString());
.baseUri(container.getAuthServerUrl())
.basePath("/admin/realms/" + REALM + "/")
.contentType("application/json")
.auth()
.oauth2(keycloak.tokenManager().getAccessTokenString());
}

protected void configureSelectOrgFlows() throws JsonProcessingException {
ObjectMapper mapper = objectMapper();
RequestSpecification root = getAdminRootRequest();

Response response = root
.when()
.get()
.then()
.extract()
.response();
Response response = root.when().get().then().extract().response();
assertThat(response.getStatusCode(), is(Status.OK.getStatusCode()));

JsonNode realm = mapper.readTree(response.getBody().asString());
((ObjectNode) realm).put("browserFlow", ORG_BROWSER_AUTH_FLOW_ALIAS);
((ObjectNode) realm).put("directGrantFlow", ORG_DIRECT_GRANT_AUTH_FLOW_ALIAS);

response = root
.and()
.body(realm)
.when()
.put()
.then()
.extract()
.response();
response = root.and().body(realm).when().put().then().extract().response();
assertThat(response.getStatusCode(), is(Status.NO_CONTENT.getStatusCode()));
}

}
Loading

0 comments on commit e6d9c41

Please sign in to comment.