Skip to content

Commit

Permalink
Merge pull request #29 from tidepool-org/tk-keycloak-25-no-homeidp
Browse files Browse the repository at this point in the history 
Update package for Keycloak 25.0.6
  • Loading branch information
@toddkazakov
toddkazakov authored Nov 23, 2024
2 parents 36d5ae0 + 1be3bb0 commit 8f09358
Show file tree
Hide file tree
Showing 25 changed files with 575 additions and 315 deletions.
13 changes: 9 additions & 4 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,20 @@
FROM maven:3.8.6-jdk-11 as build
FROM maven:3.8.5-openjdk-17 as build

COPY . /build
WORKDIR /build

RUN microdnf update \
&& microdnf install --nodocs wget unzip \
&& microdnf clean all \
&& rm -rf /var/cache/yum

RUN unset MAVEN_CONFIG && \
./mvnw versions:set -DnewVersion=LATEST && \
./mvnw install && \
./mvnw clean compile package && \
wget -O keycloak-rest-provider.jar https://github.com/daniel-frak/keycloak-user-migration/releases/download/1.0.0/keycloak-rest-provider-1.0.0.jar && \
wget -O keycloak-metrics-spi.jar https://github.com/aerogear/keycloak-metrics-spi/releases/download/3.0.0/keycloak-metrics-spi-3.0.0.jar && \
wget -O keycloak-home-idp-discovery.jar https://github.com/tidepool-org/keycloak-home-idp-discovery/releases/download/v21.4.0/keycloak-home-idp-discovery.jar
wget -O keycloak-rest-provider.jar https://github.com/daniel-frak/keycloak-user-migration/releases/download/5.0.0/keycloak-rest-provider-5.0.0.jar && \
wget -O keycloak-metrics-spi.jar https://github.com/aerogear/keycloak-metrics-spi/releases/download/6.0.0/keycloak-metrics-spi-6.0.0.jar && \
wget -O keycloak-home-idp-discovery.jar https://github.com/tidepool-org/keycloak-home-idp-discovery/releases/download/v25.0.0-test/keycloak-home-idp-discovery.jar

FROM alpine:latest as release

Expand Down
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
keycloak_version = 21.1.1
keycloak_version = 25.0.6
date = $(shell date -u +"%Y-%m-%dT%H-%M-%S")
image_tag = $(keycloak_version)-$(date)

Expand Down
2 changes: 1 addition & 1 deletion admin/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
<maven.compiler.target>11</maven.compiler.target>

<!-- https://mvnrepository.com/artifact/org.keycloak/keycloak-parent -->
<keycloak.version>21.1.1</keycloak.version>
<keycloak.version>25.0.6</keycloak.version>
<!-- https://mvnrepository.com/artifact/org.apache.maven.plugins/maven-compiler-plugin -->
<maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
</properties>
Expand Down
4 changes: 2 additions & 2 deletions .../main/java/org/tidepool/keycloak/extensions/authenticator/RedirectToRegistrationPage.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@
import org.keycloak.services.Urls;
import org.keycloak.sessions.AuthenticationSessionModel;

import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriBuilder;
import java.net.URI;

final class RedirectToRegistrationPage implements Authenticator {
Expand Down
9 changes: 8 additions & 1 deletion ...main/java/org/tidepool/keycloak/extensions/authenticator/RegistrationTermsFormAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
import java.util.ArrayList;
import java.util.List;

import javax.ws.rs.core.MultivaluedMap;
import jakarta.ws.rs.core.MultivaluedMap;

import org.keycloak.authentication.FormAction;
import org.keycloak.authentication.FormContext;
Expand Down Expand Up @@ -32,6 +32,13 @@ public void close() {

@Override
public void buildPage(FormContext context, LoginFormsProvider form) {
// TEMPORARY: Currently only for Clinician registration which includes TOS/PP
// agreement on clinician registration form. Remove conditional once TOS/PP agreement
// included on personal registration form.
if (RoleBean.hasClinicianRoleFromAuthenticationSession(context.getAuthenticationSession()) ||
RoleBean.hasClinicianRoleFromRealmUser(context.getRealm(), context.getUser())) {
form.setAttribute("termsAcceptanceRequired", true);
}
}

@Override
Expand Down
2 changes: 1 addition & 1 deletion admin/src/main/java/org/tidepool/keycloak/extensions/login/TidepoolLoginFormsProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
import java.net.URI;
import java.util.Locale;

import javax.ws.rs.core.Response;
import jakarta.ws.rs.core.Response;

import org.keycloak.forms.login.freemarker.FreeMarkerLoginFormsProvider;
import org.keycloak.models.KeycloakSession;
Expand Down
4 changes: 1 addition & 3 deletions admin/src/main/java/org/tidepool/keycloak/extensions/model/RoleBean.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,7 @@ public boolean hasClinicianRole() {

public static boolean hasClinicianRoleFromAuthenticationSession(AuthenticationSessionModel authenticationSession) {
if (authenticationSession != null) {
if (ROLES_CLINICIAN_SET.contains(authenticationSession.getAuthNote(AUTH_NOTE_ROLE))) {
return true;
}
return ROLES_CLINICIAN_SET.contains(authenticationSession.getAuthNote(AUTH_NOTE_ROLE));
}
return false;
}
Expand Down
18 changes: 9 additions & 9 deletions admin/src/main/java/org/tidepool/keycloak/extensions/resource/AdminResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,22 +13,22 @@
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.resources.admin.permissions.AdminPermissions;

import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.NotAuthorizedException;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.core.HttpHeaders;

public abstract class AdminResource {

@Context
private HttpHeaders headers;

@Context
private KeycloakSession session;
final private KeycloakSession session;

protected AdminPermissionEvaluator auth;

public AdminResource(KeycloakSession session) {
this.session = session;
}

protected void setup() {
HttpHeaders headers = session.getContext().getRequestHeaders();
String tokenString = AppAuthManager.extractAuthorizationHeaderToken(headers);
if (tokenString == null) throw new NotAuthorizedException("Bearer");
AccessToken token;
Expand Down
26 changes: 14 additions & 12 deletions ...in/java/org/tidepool/keycloak/extensions/resource/RegistrationsRealmResourceProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@

import java.net.URI;

import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriBuilder;

import org.keycloak.authentication.AuthenticationProcessor;
import org.keycloak.common.ClientConnection;
Expand Down Expand Up @@ -58,10 +58,10 @@ public RegistrationsRealmResourceProvider registrations(
/**
* Restart authentication with registration. Allows specification of role
* (clinician or personal) to initiate registration.
*
*
* Mimics LoginActionsService.restartSession, but restarts with registration
* flow.
*
*
* @param authSessionId
* @param clientId
* @param tabId
Expand All @@ -85,7 +85,7 @@ public Response restart(
event.event(EventType.RESTART_AUTHENTICATION);

SessionCodeChecks checks = new SessionCodeChecks(realm, context.getUri(), request,
clientConnection, session, event, authSessionId, null, null, clientId, tabId, null);
clientConnection, session, event, authSessionId, null, null, clientId, tabId, null, LoginActionsService.REGISTRATION_PATH);

AuthenticationSessionModel authenticationSession = checks.initialVerifyAuthSession();
if (authenticationSession == null) {
Expand All @@ -104,7 +104,9 @@ public Response restart(

AuthenticationProcessor.resetFlow(authenticationSession, LoginActionsService.REGISTRATION_PATH);

URI redirectUri = getLastExecutionUrl(flowPath, null, authenticationSession.getClient().getClientId(), tabId);
String clientData = AuthenticationProcessor.getClientData(session, authenticationSession);

URI redirectUri = getLastExecutionUrl(flowPath, null, authenticationSession.getClient().getClientId(), tabId, clientData);

if (role != null) {
redirectUri = UriBuilder.fromUri(redirectUri).queryParam(RoleBean.PARAMETER_ROLE, role).build();
Expand All @@ -113,8 +115,8 @@ public Response restart(
return Response.status(Response.Status.FOUND).location(redirectUri).build();
}

private URI getLastExecutionUrl(String flowPath, String executionId, String clientId, String tabId) {
private URI getLastExecutionUrl(String flowPath, String executionId, String clientId, String tabId, String clientData) {
return new AuthenticationFlowURLHelper(session, session.getContext().getRealm(), session.getContext().getUri())
.getLastExecutionUrl(flowPath, executionId, clientId, tabId);
.getLastExecutionUrl(flowPath, executionId, clientId, tabId, clientData);
}
}
21 changes: 11 additions & 10 deletions admin/src/main/java/org/tidepool/keycloak/extensions/resource/TidepoolAdminResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,16 @@
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.UserRepresentation;

import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.PathParam;
import javax.ws.rs.QueryParam;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import java.util.ArrayList;
import java.util.List;
import java.util.stream.Collectors;
Expand All @@ -26,6 +26,7 @@ public class TidepoolAdminResource extends AdminResource {
private final KeycloakSession session;

public TidepoolAdminResource(KeycloakSession session) {
super(session);
this.session = session;
}

Expand Down
2 changes: 0 additions & 2 deletions ...rc/main/java/org/tidepool/keycloak/extensions/resource/TidepoolAdminResourceProvider.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
package org.tidepool.keycloak.extensions.resource;

import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.models.*;
import org.keycloak.services.resource.RealmResourceProvider;

Expand All @@ -15,7 +14,6 @@ public TidepoolAdminResourceProvider(KeycloakSession session) {
@Override
public Object getResource() {
TidepoolAdminResource resource = new TidepoolAdminResource(session);
ResteasyProviderFactory.getInstance().injectProperties(resource);
resource.setup();
return resource;
}
Expand Down
4 changes: 2 additions & 2 deletions admin/src/main/java/org/tidepool/keycloak/extensions/roles/UserRolePromptRequiredAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RoleModel;

import javax.ws.rs.core.Response;
import jakarta.ws.rs.core.Response;
import java.util.*;

@AutoService(RequiredActionFactory.class)
Expand Down Expand Up @@ -89,4 +89,4 @@ public String getDisplayText() {
public void close() {
// NOOP
}
}
}
5 changes: 3 additions & 2 deletions admin/src/main/java/org/tidepool/keycloak/extensions/terms/TidepoolTermsRequiredAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RoleModel;

import javax.ws.rs.core.Response;
import jakarta.ws.rs.core.Response;
import java.util.*;
import java.util.stream.Collectors;

Expand All @@ -23,6 +23,7 @@ public class TidepoolTermsRequiredAction implements RequiredActionProvider, Requ

public static final Map<String, String> FORMS = Map.of(
"patient","patient_terms.ftl",
"clinic", "clinician_terms.ftl",
"clinician", "clinician_terms.ftl"
);

Expand Down Expand Up @@ -114,4 +115,4 @@ public String getDisplayText() {
public void close() {
// NOOP
}
}
}
6 changes: 3 additions & 3 deletions docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,14 +20,14 @@ services:
- 6543:5432

providers:
image: busybox
command: ["/bin/sh", "-c", "cp /local/admin.jar /providers && wget -O /providers/keycloak-home-idp-discovery.jar https://github.com/toddkazakov/keycloak-home-idp-discovery/releases/download/0.3.0/keycloak-home-idp-discovery.jar"]
image: alpine:3.20.3
command: ["/bin/sh", "-c", "apk add ca-certificates && update-ca-certificates && rm -f /providers/* && cp /local/admin.jar /providers && wget -O /providers/keycloak-home-idp-discovery.jar https://github.com/tidepool-org/keycloak-home-idp-discovery/releases/download/v25.0.0-test/keycloak-home-idp-discovery.jar"]
volumes:
- ./admin/target/admin-LATEST.jar:/local/admin.jar
- providers:/providers

keycloak:
image: quay.io/keycloak/keycloak:21.1.1
image: quay.io/keycloak/keycloak:25.0.6
container_name: tp-keycloak
environment:
KC_DB: postgres
Expand Down
2 changes: 1 addition & 1 deletion tidepool-theme/login/login-idp-link-confirm.ftl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
id="username"
class="${properties.kcInputClass!}"
type="text" autocomplete="off"
value="${brokerContext.modelUsername}"
value="${brokerContext.email}"
/>
</div>
</div>
Expand Down
6 changes: 3 additions & 3 deletions tidepool-theme/login/login-idp-link-email.ftl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,14 @@
<#elseif section = "form">
<div class="${properties.kcFormGroupClass!}">
<p id="instruction1" class="instruction">
${msg("emailLinkIdp1", idpDisplayName, brokerContext.username, realm.displayName)}
${msg("emailLinkIdp1", idpDisplayName, brokerContext.email, realm.displayName)}
</p>
<div class="attempted-username instruction">
<input disabled
id="username"
class="${properties.kcInputClass!}"
type="text" autocomplete="off"
value="${brokerContext.username}"
value="${brokerContext.email}"
/>
</div>
<p id="instruction2" class="instruction">
Expand All @@ -23,4 +23,4 @@
</p>
</div>
</#if>
</@layout.registrationLayout>
</@layout.registrationLayout>
2 changes: 1 addition & 1 deletion tidepool-theme/login/login-username.ftl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@
</div>
</#if>
<#elseif section = "socialProviders" >
<#if realm.password && social.providers??>
<#if realm.password && social?? && social.providers?has_content>
<div id="kc-social-providers" class="${properties.kcFormSocialAccountSectionClass!}">
<hr/>
<h4>${msg("identity-provider-login-label")}</h4>
Expand Down
Loading

0 comments on commit 8f09358

Please sign in to comment.