Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): Bump Keycloak from 25.0.6 to 26.0.0 #98

Merged
merged 8 commits into from
Oct 10, 2024
Merged

chore(deps): Bump Keycloak from 25.0.6 to 26.0.0 #98

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
96718f2
chore(deps): Bump Keycloak from 25.0.6 to 26.0.0
hangy Oct 7, 2024
23183a6
fix: Refactor Utils.java to add support for IdentityProviderStoragePr…
hangy Oct 7, 2024
f919703
refactor: Update devcontainer.json to use Java 21 image
hangy Oct 7, 2024
423832f
refactor: Remove deprecated methods in Utils.java
hangy Oct 7, 2024
271949e
Note OFF specific changes as comments
john-gom Oct 10, 2024
9f2ad04
Refresh themes and OFF specific changes
john-gom Oct 10, 2024
19255f8
Move comment to make valid JSON
john-gom Oct 10, 2024
b4e7aa9
Added more notes on Keycloak updates to README
john-gom Oct 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
5 changes: 3 additions & 2 deletions .devcontainer/devcontainer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
{
"name": "Java",
"image": "mcr.microsoft.com/vscode/devcontainers/java:1-21",
"image": "mcr.microsoft.com/devcontainers/java:21",
"runArgs": ["--env-file", ".env"],
"features": {
"ghcr.io/devcontainers/features/java:1": {
"installMaven": "true"
"installMaven": "true",
"version": "21"
},
"ghcr.io/devcontainers/features/docker-in-docker:2": {},
"ghcr.io/devcontainers/features/node:1": {}
Expand Down
2 changes: 1 addition & 1 deletion .env
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
KEYCLOAK_VERSION=25.0.6
KEYCLOAK_VERSION=26.0.0
KEYCLOAK_ADMIN=root
KEYCLOAK_ADMIN_PASSWORD=test
KEYCLOAK_BASE_URL=http://auth.openfoodfacts.localhost:5600
Expand Down
26 changes: 26 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,32 @@ To see how a user logs in you can navigate to: http://localhost:5600/realms/open

We use Playwright to test the Keycloak user interface and styling. We recommend using the "Playwright Test for VSCode" plugin.

# Applying Keycloak Updates

The Keycloak version to be used is specified in the .env file. However, in addition to updating this there are a number of other steps that need to be completed:

## Refresh Themes

We keep a copy of the Keycloak themes in Git so that we can see what has changed between versions. Run `make refresh_themes` to refresh this copy (stored in the `theme` folder).

## Refresh Overridden Templates

We have overridden a small number of standard Keycloak templates where needed. Make sure you refresh these templates from the original Keycloak ones if they have changed and re-apply our overrides if they are still needed. All templates containing overrides will contain a comment like:

```
<!-- OFF specific changes: ...
```

Please try and write a Playwright test to cover any specific overrides, so we know when it is safe to remove them.

## Make sure you have refreshed Playwright

Run `make init` to refresh any Playwright binaries. Note you may need to restart VSCode if you are using the Playwright extension.

## Build

Run `make build` to finally update the container images.

# Major Workstreams

## First Release
Expand Down
31 changes: 30 additions & 1 deletion build-scripts/messages_xx.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -431,6 +431,7 @@ requiredAction.UPDATE_PROFILE=*requiredAction.UPDATE_PROFILE*
requiredAction.VERIFY_EMAIL=*requiredAction.VERIFY_EMAIL*
requiredAction.CONFIGURE_RECOVERY_AUTHN_CODES=*requiredAction.CONFIGURE_RECOVERY_AUTHN_CODES*
requiredAction.webauthn-register-passwordless=*requiredAction.webauthn-register-passwordless*
requiredAction.webauthn-register=*requiredAction.webauthn-register*
invalidTokenRequiredActions=*invalidTokenRequiredActions*
doX509Login=*doX509Login*
clientCertificate=*clientCertificate*
Expand Down Expand Up @@ -533,6 +534,7 @@ error-invalid-multivalued-size=*error-invalid-multivalued-size 0={0}, 1={1}, 2={
organization.confirm-membership.title=*organization.confirm-membership.title kc.org.name={kc.org.name}*
organization.confirm-membership=*organization.confirm-membership 0={0}*
organization.member.register.title=*organization.member.register.title kc.org.name={kc.org.name}*
organization.select=*organization.select*
doLogOutAllSessions=*doLogOutAllSessions*
doRemove=*doRemove*
doAdd=*doAdd*
Expand Down Expand Up @@ -921,6 +923,18 @@ eventUpdatePasswordBodyHtml=*eventUpdatePasswordBodyHtml 0={0}, 1={1}*
eventUpdateTotpSubject=*eventUpdateTotpSubject*
eventUpdateTotpBody=*eventUpdateTotpBody 0={0}, 1={1}*
eventUpdateTotpBodyHtml=*eventUpdateTotpBodyHtml 0={0}, 1={1}*
eventUpdateCredentialSubject=*eventUpdateCredentialSubject*
eventUpdateCredentialBody=*eventUpdateCredentialBody 0={0}, 1={1}, 2={2}*
eventUpdateCredentialBodyHtml=*eventUpdateCredentialBodyHtml 0={0}, 1={1}, 2={2}*
eventRemoveCredentialSubject=*eventRemoveCredentialSubject*
eventRemoveCredentialBody=*eventRemoveCredentialBody 0={0}, 1={1}, 2={2}*
eventRemoveCredentialBodyHtml=*eventRemoveCredentialBodyHtml 0={0}, 1={1}, 2={2}*
eventUserDisabledByTemporaryLockoutSubject=*eventUserDisabledByTemporaryLockoutSubject*
eventUserDisabledByTemporaryLockoutBody=*eventUserDisabledByTemporaryLockoutBody 0={0}*
eventUserDisabledByTemporaryLockoutHtml=*eventUserDisabledByTemporaryLockoutHtml 0={0}*
eventUserDisabledByPermanentLockoutSubject=*eventUserDisabledByPermanentLockoutSubject*
eventUserDisabledByPermanentLockoutBody=*eventUserDisabledByPermanentLockoutBody 0={0}*
eventUserDisabledByPermanentLockoutHtml=*eventUserDisabledByPermanentLockoutHtml 0={0}*
requiredAction.CONFIGURE_TOTP=*requiredAction.CONFIGURE_TOTP*
requiredAction.TERMS_AND_CONDITIONS=*requiredAction.TERMS_AND_CONDITIONS*
requiredAction.UPDATE_PASSWORD=*requiredAction.UPDATE_PASSWORD*
Expand Down Expand Up @@ -1076,4 +1090,19 @@ verifiableCredentialsDescription=*verifiableCredentialsDescription*
verifiableCredentialsIssuerAlert=*verifiableCredentialsIssuerAlert*
verifiableCredentialsConfigAlert=*verifiableCredentialsConfigAlert*
verifiableCredentialsOfferAlert=*verifiableCredentialsOfferAlert*
verifiableCredentialsSelectionDefault=*verifiableCredentialsSelectionDefault*
verifiableCredentialsSelectionDefault=*verifiableCredentialsSelectionDefault*
profileScopeConsentText=*profileScopeConsentText*
emailScopeConsentText=*emailScopeConsentText*
addressScopeConsentText=*addressScopeConsentText*
phoneScopeConsentText=*phoneScopeConsentText*
offlineAccessScopeConsentText=*offlineAccessScopeConsentText*
samlRoleListScopeConsentText=*samlRoleListScopeConsentText*
rolesScopeConsentText=*rolesScopeConsentText*
organizations=*organizations*
organizationDescription=*organizationDescription*
emptyUserOrganizations=*emptyUserOrganizations*
emptyUserOrganizationsInstructions=*emptyUserOrganizationsInstructions*
searchOrganization=*searchOrganization*
organizationList=*organizationList*
domains=*domains*
refresh=*refresh*
19 changes: 19 additions & 0 deletions src/test/java/openfoodfacts/github/keycloak/events/Utils.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import org.keycloak.models.GroupProvider;
import org.keycloak.models.IdentityProviderMapperModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.IdentityProviderStorageProvider;
import org.keycloak.models.KeyManager;
import org.keycloak.models.KeycloakContext;
import org.keycloak.models.KeycloakSession;
Expand Down Expand Up @@ -1120,65 +1121,77 @@ public RequiredActionProviderModel getRequiredActionProviderByAlias(final String
}

@Override
@Deprecated
public Stream<IdentityProviderModel> getIdentityProvidersStream() {
throw new UnsupportedOperationException("Unimplemented method 'getIdentityProvidersStream'");
}

@Override
@Deprecated
public IdentityProviderModel getIdentityProviderByAlias(final String alias) {
throw new UnsupportedOperationException("Unimplemented method 'getIdentityProviderByAlias'");
}

@Override
@Deprecated
public void addIdentityProvider(final IdentityProviderModel identityProvider) {
throw new UnsupportedOperationException("Unimplemented method 'addIdentityProvider'");
}

@Override
@Deprecated
public void removeIdentityProviderByAlias(final String alias) {
throw new UnsupportedOperationException("Unimplemented method 'removeIdentityProviderByAlias'");
}

@Override
@Deprecated
public void updateIdentityProvider(final IdentityProviderModel identityProvider) {
throw new UnsupportedOperationException("Unimplemented method 'updateIdentityProvider'");
}

@Override
@Deprecated
public Stream<IdentityProviderMapperModel> getIdentityProviderMappersStream() {
throw new UnsupportedOperationException(
"Unimplemented method 'getIdentityProviderMappersStream'");
}

@Override
@Deprecated
public Stream<IdentityProviderMapperModel> getIdentityProviderMappersByAliasStream(
final String brokerAlias) {
throw new UnsupportedOperationException(
"Unimplemented method 'getIdentityProviderMappersByAliasStream'");
}

@Override
@Deprecated
public IdentityProviderMapperModel addIdentityProviderMapper(
final IdentityProviderMapperModel model) {
throw new UnsupportedOperationException("Unimplemented method 'addIdentityProviderMapper'");
}

@Override
@Deprecated
public void removeIdentityProviderMapper(final IdentityProviderMapperModel mapping) {
throw new UnsupportedOperationException("Unimplemented method 'removeIdentityProviderMapper'");
}

@Override
@Deprecated
public void updateIdentityProviderMapper(final IdentityProviderMapperModel mapping) {
throw new UnsupportedOperationException("Unimplemented method 'updateIdentityProviderMapper'");
}

@Override
@Deprecated
public IdentityProviderMapperModel getIdentityProviderMapperById(final String id) {
throw new UnsupportedOperationException("Unimplemented method 'getIdentityProviderMapperById'");
}

@Override
@Deprecated
public IdentityProviderMapperModel getIdentityProviderMapperByName(final String brokerAlias,
final String name) {
throw new UnsupportedOperationException(
Expand Down Expand Up @@ -1362,6 +1375,7 @@ public void setDefaultRole(final RoleModel role) {
}

@Override
@Deprecated
public boolean isIdentityFederationEnabled() {
throw new UnsupportedOperationException("Unimplemented method 'isIdentityFederationEnabled'");
}
Expand Down Expand Up @@ -2168,6 +2182,11 @@ public boolean isClosed() {
throw new UnsupportedOperationException("Unimplemented method 'isClosed'");
}

@Override
public IdentityProviderStorageProvider identityProviders() {
throw new UnsupportedOperationException("Unimplemented method 'identityProviders'");
}

};
}

Expand Down
2 changes: 1 addition & 1 deletion theme/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,5 @@ Note that the messages in the theme/off/common/messages folder are refreshed aut

Only the messages in the src/messages folder should be translated with Crowdin.

The basic theme templates are used wherever possible, but currently user-profile-commons.ftl is overridden to sort country codes correctly.
See the root [README](../README.md) for details of specific templates that have been overridden that need to be checked when applying Keycloak updates.

37 changes: 7 additions & 30 deletions theme/base/account/messages/messages_ca.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,11 @@ doSignOut=Surt
doLogIn=Entra
doLink=Enllaça
noAccessMessage=Accés no permès

personalInfoSidebarTitle=Informació personal
accountSecuritySidebarTitle=Seguretat del compte
signingInSidebarTitle=Identificació
deviceActivitySidebarTitle=Activitat dels dispositius
linkedAccountsSidebarTitle=Comptes enllaçats

editAccountHtmlTitle=Edita el compte
personalInfoHtmlTitle=Informació personal
federatedIdentitiesHtmlTitle=Identitats federades
Expand All @@ -25,7 +23,6 @@ accountManagementTitle=Gestor de comptes del Keycloak
authenticatorTitle=Autenticador
applicationsHtmlTitle=Aplicacions
linkedAccountsHtmlTitle=Comptes enllaçats

accountManagementWelcomeMessage=Us donem la benvinguda al gestor de comptes del Keycloak
personalInfoIntroMessage=Gestioneu la vostra informació bàsica
accountSecurityTitle=Seguretat del compte
Expand All @@ -38,7 +35,6 @@ updatePasswordMessageTitle=Assegureu-vos d''establir una contrasenya forta
updatePasswordMessage=Una contrasenya forta conté una combinació de números, lletres i símbols. És difícil d''endevinar, no es pareix a una paraula real, i només s''utilitza per a aquest compte.
personalSubTitle=La vostra informació personal
personalSubMessage=Gestioneu la vostra informació bàsica.

authenticatorCode=Codi d''un sol ús
email=Correu electrònic
firstName=Nom
Expand All @@ -65,15 +61,13 @@ gender=Gènere
birthday=Natalici
zoneinfo=Fus horari
gssDelegationCredential=Credencial de delegació GSS

profileScopeConsentText=Perfil d''usuari
emailScopeConsentText=Correu electrònic
profileScopeConsentText=Perfil d'usuari
emailScopeConsentText=Adreça de correu electrònic
addressScopeConsentText=Adreça
phoneScopeConsentText=Número de telèfon
offlineAccessScopeConsentText=Accés fora de línia
samlRoleListScopeConsentText=Els meus rols
rolesScopeConsentText=Rols d''usuari

rolesScopeConsentText=Rols d'usuari
role_admin=Administrador
role_realm-admin=Administrador del domini
role_create-realm=Crea un domini
Expand Down Expand Up @@ -108,10 +102,8 @@ client_broker=Agent

requiredFields=Camps obligatoris
allFieldsRequired=Tots els camps són obligatoris

backToApplication=&laquo; Torna a l''aplicació
backTo=Torna a {0}

date=Data
event=Esdeveniment
ip=IP
Expand All @@ -122,14 +114,12 @@ started=Iniciat
lastAccess=Últim accés
expires=Caduca
applications=Aplicacions

account=Compte
federatedIdentity=Identitat federada
authenticator=Autenticador
device-activity=Activitat dels dispositius
sessions=Sessions
log=Registre

application=Aplicació
availableRoles=Rols disponibles
grantedPermissions=Permisos concedits
Expand All @@ -140,39 +130,32 @@ inResource=a
fullAccess=Accés total
offlineToken=Codi d''autorització fora de línia
revoke=Revoca el permís

configureAuthenticators=Autenticadors configurats
mobile=Mòbil
totpStep1=Instal·leu una de les aplicacions següents al vostre mòbil:
totpStep2=Obriu l''aplicació i escanegeu el codi de barres:
totpStep3=Introduïu el codi d''un sol ús proveït per l''aplicació i feu clic a Desa per a finalitzar la configuració.
totpStep3DeviceName=Introduïu un nom de dispositiu per a ajudar-vos a gestionar els vostres dispositius OTP.

totpManualStep2=Obriu l''aplicació i introduïu la clau:
totpManualStep3=Utilitzeu els valors de configuració següents si l''aplicació permet establir-los:
totpUnableToScan=No podeu escanejar?
totpScanBarcode=Voleu escanejar el codi de barres?

totp.totp=Basat en temps
totp.hotp=Basat en comptador

totpType=Tipus
totpAlgorithm=Algoritme
totpDigits=Dígits
totpInterval=Interval
totpCounter=Comptador
totpDeviceName=Nom del dispositiu

totpAppFreeOTPName=FreeOTP
totpAppGoogleName=Google Authenticator
totpAppMicrosoftAuthenticatorName=Microsoft Authenticator

irreversibleAction=Aquesta acció és irreversible
deletingImplies=La supressió del vostre compte implica:
errasingData=Suprimir totes les vostres dades
loggingOutImmediately=Desconnectar-vos immediatament
accountUnusable=Qualsevol ús posterior de l''aplicació no serà possible amb aquest compte

missingUsernameMessage=Indiqueu el vostre nom d''usuari.
missingFirstNameMessage=Indiqueu el vostre nom.
invalidEmailMessage=L''adreça de correu electrònic no és vàlida.
Expand All @@ -182,28 +165,21 @@ missingPasswordMessage=Indiqueu la contrasenya.
notMatchPasswordMessage=Les contrasenyes no coincideixen.
invalidUserMessage=L''usuari no és vàlid.
updateReadOnlyAttributesRejectedMessage=S''ha rebutjat l''actualització d''un atribut de només lectura.

missingTotpMessage=Indiqueu el codi d''autenticació.
missingTotpDeviceNameMessage=Indiqueu el nom de dispositiu.
invalidPasswordExistingMessage=La contrasenya actual no és correcta.
invalidPasswordConfirmMessage=La confirmació de contrasenya no coincideix.
invalidTotpMessage=El codi d''autenticació no és vàlid.

usernameExistsMessage=El nom d''usuari ja existeix.
emailExistsMessage=El correu electrònic ja existeix.

readOnlyUserMessage=No podeu actualitzar el vostre compte perquè és de només lectura.
readOnlyUsernameMessage=No podeu actualitzar el vostre nom d''usuari perquè és de només lectura.
readOnlyPasswordMessage=No podeu actualitzar la vostra contrasenya perquè és de només lectura.

successTotpMessage=S''ha configurat l''aplicació d''autenticació mòbil.
successTotpRemovedMessage=S''ha eliminat l''aplicació d''autenticació mòbil.

successGrantRevokedMessage=S''ha revocat el permís correctament.

accountUpdatedMessage=S''ha actualitzat el vostre compte.
accountPasswordUpdatedMessage=S''ha actualitzat la vostra contrasenya.

missingIdentityProviderMessage=No s''ha indicat el proveïdor d''identitat.
invalidFederatedIdentityActionMessage=Acció no vàlida o no indicada.
identityProviderNotFoundMessage=No s''ha trobat un proveïdor d''identitat.
Expand All @@ -215,9 +191,7 @@ identityProviderAlreadyLinkedMessage=La identitat federada retornada per {0} ja
staleCodeAccountMessage=La pàgina ha caducat. Proveu-ho de nou.
consentDenied=Consentiment rebutjat.
access-denied-when-idp-auth=S''ha denegat l''accés mentre s''autenticava amb {0}

accountDisabledMessage=El compte està inhabilitat, contacteu amb l''administrador.

accountTemporarilyDisabledMessage=El compte està temporalment inhabilitat, contacteu amb l''administrador o intenteu-ho de nou més tard.
invalidPasswordMinLengthMessage=La contrasenya no és vàlida: la llargària mínima és {0}.
invalidPasswordMaxLengthMessage=La contrasenya no és vàlida: la llargària màxima és {0}.
Expand Down Expand Up @@ -359,7 +333,6 @@ openshift.scope.user_info=Informació d''usuari
openshift.scope.user_check-access=Informació d''accessos d''usuari
openshift.scope.user_full=Accés total
openshift.scope.list-projects=Llista els projectes

error-invalid-value=El valor no és vàlid.
error-invalid-blank=Especifiqueu un valor.
error-empty=Especifiqueu un valor.
Expand All @@ -380,3 +353,7 @@ error-invalid-date=La data no és vàlida.
error-user-attribute-read-only=El camp {0} és només de lectura.
error-username-invalid-character=El nom d''usuari conté un caràcter no vàlid.
error-person-name-invalid-character=El nom conté un caràcter no vàlid.
organizationScopeConsentText=Organització
invalidPasswordNotContainsUsernameMessage=La contrasenya no és vàlida: no pot contenir el nom d'usuari.
accountManagementBaseThemeCannotBeUsedDirectly=El tema de compte base només conté traduccions per a la consola de compte. Per a mostrar la consola de compte, heu d'establir el pare del vostre tema a un altre tema de compte, o proveir el vostre fitxer intdex.ftl.
federatedIdentityBoundOrganization=No podeu suprimir l'enllaç a un proveïdor d'identitat sense una organització.
1 change: 1 addition & 0 deletions theme/base/account/messages/messages_de.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -356,3 +356,4 @@ error-invalid-length-too-long=Das Attribut {0} darf eine maximale Länge von {2}
error-number-out-of-range=Das Attribut {0} muss eine Zahl zwischen {1} und {2} sein.
error-invalid-uri=Ungültige URL.
error-invalid-uri-fragment=Ungültiges URL-Fragment.
federatedIdentityBoundOrganization=Sie können den Link nicht zu einem Identity Provider entfernen, der mit einer Organization verbunden ist.
Loading