added base_url option, updated dev dependencies

master
Cameron Crockett 2021-12-18 16:58:43 -06:00
parent 09b68aab71
commit c54046348a
No known key found for this signature in database
GPG Key ID: 670E4FB756C84718
6 changed files with 173 additions and 73 deletions

View File

@ -15,15 +15,15 @@ GEM
minitest (>= 5.1) minitest (>= 5.1)
tzinfo (~> 2.0) tzinfo (~> 2.0)
zeitwerk (~> 2.3) zeitwerk (~> 2.3)
addressable (2.5.2) addressable (2.8.0)
public_suffix (>= 2.0.2, < 4.0) public_suffix (>= 2.0.2, < 5.0)
aes_key_wrap (1.1.0) aes_key_wrap (1.1.0)
bindata (2.4.9) bindata (2.4.9)
concurrent-ruby (1.1.8) concurrent-ruby (1.1.8)
crack (0.4.3) crack (0.4.5)
safe_yaml (~> 1.0.0) rexml
diff-lcs (1.3) diff-lcs (1.4.4)
docile (1.3.1) docile (1.4.0)
faraday (1.4.1) faraday (1.4.1)
faraday-excon (~> 1.1) faraday-excon (~> 1.1)
faraday-net_http (~> 1.0) faraday-net_http (~> 1.0)
@ -33,11 +33,10 @@ GEM
faraday-excon (1.1.0) faraday-excon (1.1.0)
faraday-net_http (1.0.1) faraday-net_http (1.0.1)
faraday-net_http_persistent (1.1.0) faraday-net_http_persistent (1.1.0)
hashdiff (0.3.7) hashdiff (1.0.1)
hashie (4.1.0) hashie (4.1.0)
i18n (1.8.10) i18n (1.8.10)
concurrent-ruby (~> 1.0) concurrent-ruby (~> 1.0)
json (2.3.1)
json-jwt (1.13.0) json-jwt (1.13.0)
activesupport (>= 4.2) activesupport (>= 4.2)
aes_key_wrap aes_key_wrap
@ -60,37 +59,38 @@ GEM
omniauth-oauth2 (1.7.1) omniauth-oauth2 (1.7.1)
oauth2 (~> 1.4) oauth2 (~> 1.4)
omniauth (>= 1.9, < 3) omniauth (>= 1.9, < 3)
public_suffix (3.0.3) public_suffix (4.0.6)
rack (2.2.3) rack (2.2.3)
rack-protection (2.1.0) rack-protection (2.1.0)
rack rack
rake (13.0.1) rake (13.0.1)
rspec (3.8.0) rexml (3.2.5)
rspec-core (~> 3.8.0) rspec (3.10.0)
rspec-expectations (~> 3.8.0) rspec-core (~> 3.10.0)
rspec-mocks (~> 3.8.0) rspec-expectations (~> 3.10.0)
rspec-core (3.8.0) rspec-mocks (~> 3.10.0)
rspec-support (~> 3.8.0) rspec-core (3.10.1)
rspec-expectations (3.8.1) rspec-support (~> 3.10.0)
rspec-expectations (3.10.1)
diff-lcs (>= 1.2.0, < 2.0) diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.8.0) rspec-support (~> 3.10.0)
rspec-mocks (3.8.0) rspec-mocks (3.10.2)
diff-lcs (>= 1.2.0, < 2.0) diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.8.0) rspec-support (~> 3.10.0)
rspec-support (3.8.0) rspec-support (3.10.3)
ruby2_keywords (0.0.4) ruby2_keywords (0.0.4)
safe_yaml (1.0.4) simplecov (0.21.2)
simplecov (0.16.1)
docile (~> 1.1) docile (~> 1.1)
json (>= 1.8, < 3) simplecov-html (~> 0.11)
simplecov-html (~> 0.10.0) simplecov_json_formatter (~> 0.1)
simplecov-html (0.10.2) simplecov-html (0.12.3)
simplecov_json_formatter (0.1.3)
tzinfo (2.0.4) tzinfo (2.0.4)
concurrent-ruby (~> 1.0) concurrent-ruby (~> 1.0)
webmock (3.4.2) webmock (3.14.0)
addressable (>= 2.3.6) addressable (>= 2.8.0)
crack (>= 0.3.2) crack (>= 0.3.2)
hashdiff hashdiff (>= 0.4.0, < 2.0.0)
zeitwerk (2.4.2) zeitwerk (2.4.2)
PLATFORMS PLATFORMS
@ -100,9 +100,9 @@ DEPENDENCIES
bundler (~> 2.2) bundler (~> 2.2)
omniauth-keycloak! omniauth-keycloak!
rake (~> 13.0) rake (~> 13.0)
rspec (~> 3.0) rspec (~> 3.10)
simplecov (~> 0.16.1) simplecov (~> 0.21)
webmock (~> 3.4.2) webmock (~> 3.14)
BUNDLED WITH BUNDLED WITH
2.2.17 2.2.31

View File

@ -29,6 +29,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
name: 'keycloak' name: 'keycloak'
end end
``` ```
This will allow a POST request to `auth/keycloak` since the name is set to keycloak
Or using a proc setup with a custom options: Or using a proc setup with a custom options:
@ -50,7 +51,6 @@ Rails.application.config.middleware.use OmniAuth::Builder do
end end
``` ```
This will allow a POST request to `auth/keycloak`
## Devise Usage ## Devise Usage
Adapted from [Devise OmniAuth Instructions](https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview) Adapted from [Devise OmniAuth Instructions](https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview)
@ -93,6 +93,17 @@ end
``` ```
## Configuration
* __Base Url other than /auth__
This gem tries to get the keycloak configuration from `"#{site}/auth/realms/#{realm}/.well-known/openid-configuration"`. If your keycloak server has been setup to use a different "root" url other than `/auth` then you need to pass in the `base_url` option when setting up the gem:
```ruby
Rails.application.config.middleware.use OmniAuth::Builder do
provider :keycloak_openid, 'Example-Client', '19cca35f-dddd-473a-bdd5-03f00d61d884',
client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm', base_url: '/authorize'},
name: 'keycloak'
end
```
## Contributing ## Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/ccrockett/omniauth-keycloak. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct. Bug reports and pull requests are welcome on GitHub at https://github.com/ccrockett/omniauth-keycloak. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.

View File

@ -1,5 +1,5 @@
module Omniauth module Omniauth
module Keycloak module Keycloak
VERSION = "1.3.0" VERSION = "1.4.0"
end end
end end

View File

@ -26,7 +26,7 @@ module OmniAuth
raise_on_failure = options.client_options.fetch(:raise_on_failure, false) raise_on_failure = options.client_options.fetch(:raise_on_failure, false)
config_url = URI.join(site, "/auth/realms/#{realm}/.well-known/openid-configuration") config_url = URI.join(site, "#{auth_url_base}/realms/#{realm}/.well-known/openid-configuration")
log :debug, "Going to get Keycloak configuration. URL: #{config_url}" log :debug, "Going to get Keycloak configuration. URL: #{config_url}"
response = Faraday.get config_url response = Faraday.get config_url
@ -64,6 +64,14 @@ module OmniAuth
end end
end end
def auth_url_base
return '/auth' unless options.client_options[:base_url]
base_url = options.client_options[:base_url]
return base_url if (base_url == '' || base_url[0] == '/')
raise ConfigurationError, "Keycloak base_url option should start with '/'. Current value: #{base_url}"
end
def prevent_site_option_mistake def prevent_site_option_mistake
site = options.client_options[:site] site = options.client_options[:site]
return unless site =~ /\/auth$/ return unless site =~ /\/auth$/

View File

@ -9,8 +9,8 @@ Gem::Specification.new do |spec|
spec.summary = spec.description spec.summary = spec.description
spec.homepage = "https://github.com/ccrockett/omniauth-keycloak" spec.homepage = "https://github.com/ccrockett/omniauth-keycloak"
spec.license = "MIT" spec.license = "MIT"
spec.required_rubygems_version = '>= 1.3.5' spec.required_rubygems_version = '>= 3.1.2'
spec.required_ruby_version = '>= 2.2' spec.required_ruby_version = '>= 2.6'
# Specify which files should be added to the gem when it is released. # Specify which files should be added to the gem when it is released.
# The `git ls-files -z` loads the files in the RubyGem that have been added into git. # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
@ -29,7 +29,7 @@ Gem::Specification.new do |spec|
spec.add_development_dependency "bundler", "~> 2.2" spec.add_development_dependency "bundler", "~> 2.2"
spec.add_development_dependency "rake", "~> 13.0" spec.add_development_dependency "rake", "~> 13.0"
spec.add_development_dependency "rspec", "~> 3.0" spec.add_development_dependency "rspec", "~> 3.10"
spec.add_development_dependency 'simplecov', '~> 0.16.1' spec.add_development_dependency 'simplecov', '~> 0.21'
spec.add_development_dependency 'webmock', '~> 3.4.2' spec.add_development_dependency 'webmock', '~> 3.14'
end end

View File

@ -1,7 +1,9 @@
require 'spec_helper' require 'spec_helper'
RSpec.describe OmniAuth::Strategies::KeycloakOpenId do RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
body = '{"issuer": "http://localhost:8080/auth/realms/example-realm", let(:body) {
{
"issuer": "http://localhost:8080/auth/realms/example-realm",
"authorization_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/auth", "authorization_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/auth",
"token_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token", "token_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token",
"token_introspection_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token/introspect", "token_introspection_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token/introspect",
@ -24,12 +26,14 @@ RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
"claims_parameter_supported": false, "claims_parameter_supported": false,
"scopes_supported": ["openid", "offline_access"], "scopes_supported": ["openid", "offline_access"],
"request_parameter_supported": true, "request_parameter_supported": true,
"request_uri_parameter_supported": true}' "request_uri_parameter_supported": true
}
}
context 'client options' do context 'client options' do
subject do subject do
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration") stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
.to_return(status: 200, body: body, headers: {}) .to_return(status: 200, body: JSON.generate(body), headers: {})
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs") stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
.to_return(status: 404, body: "", headers: {}) .to_return(status: 404, body: "", headers: {})
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec', OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
@ -47,6 +51,83 @@ RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
end end
end end
describe 'client base_url option set' do
context 'to blank string' do
let(:new_body_endpoints) {
{
"authorization_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/auth",
"token_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/token",
"jwks_uri": "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs"
}
}
subject do
stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")
.to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})
stub_request(:get, "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs")
.to_return(status: 404, body: "", headers: {})
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: ''})
end
it 'should have the correct keycloak token url' do
subject.setup_phase
expect(subject.token_url).to eq('/realms/example-realm/protocol/openid-connect/token')
end
it 'should have the correct keycloak authorization url' do
subject.setup_phase
expect(subject.authorize_url).to eq('/realms/example-realm/protocol/openid-connect/auth')
end
end
context 'to invalid string' do
subject do
stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")
.to_return(status: 200, body: JSON.generate(body), headers: {})
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
.to_return(status: 404, body: "", headers: {})
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: 'test'})
end
it 'raises Configuration Error' do
expect{ subject.setup_phase }
.to raise_error(OmniAuth::Strategies::KeycloakOpenId::ConfigurationError)
end
end
context 'to /authorize' do
let(:new_body_endpoints) {
{
"authorization_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/auth",
"token_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/token",
"jwks_uri": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs"
}
}
subject do
stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/.well-known/openid-configuration")
.to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})
stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs")
.to_return(status: 404, body: "", headers: {})
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: '/authorize'})
end
it 'should have the correct keycloak token url' do
subject.setup_phase
expect(subject.token_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/token')
end
it 'should have the correct keycloak authorization url' do
subject.setup_phase
expect(subject.authorize_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/auth')
end
end
end
context 'client setup with a proc' do context 'client setup with a proc' do
subject do subject do
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', setup: proc { throw :setup_proc_was_called }) OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', setup: proc { throw :setup_proc_was_called })
@ -88,7 +169,7 @@ RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
context 'when certificates endpoint returns error response' do context 'when certificates endpoint returns error response' do
subject do subject do
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration") stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
.to_return(status: 200, body: body, headers: {}) .to_return(status: 200, body: JSON.generate(body), headers: {})
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs") stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
.to_return(status: 404, body: "", headers: {}) .to_return(status: 404, body: "", headers: {})
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec', OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',