packages feed

keycloak-hs 1.0.1 → 1.1.0

raw patch · 2 files changed

+26/−24 lines, 2 filesPVP ok

version bump matches the API change (PVP)

API changes (from Hackage documentation)

- Keycloak.Client: getPermString :: PermReq -> [Text]
- Keycloak.Client: postUser :: User -> Token -> Keycloak UserId
- Keycloak.Client: putUser :: UserId -> User -> Token -> Keycloak ()
+ Keycloak.Client: createUser :: User -> Token -> Keycloak UserId
+ Keycloak.Client: updateUser :: UserId -> User -> Token -> Keycloak ()
- Keycloak.Client: getResource :: ResourceId -> Keycloak Resource
+ Keycloak.Client: getResource :: ResourceId -> Token -> Keycloak Resource

Files

keycloak-hs.cabal view
@@ -1,6 +1,6 @@ cabal-version: 1.12 name: keycloak-hs-version: 1.0.1+version: 1.1.0 license: BSD3 license-file: LICENSE copyright: 2019 Corentin Dupont
src/Keycloak/Client.hs view
@@ -35,7 +35,7 @@  -- * Permissions --- | Returns true id the resource is authorized under the given scope.+-- | Returns true if the resource is authorized under the given scope. isAuthorized :: ResourceId -> ScopeName -> Token -> Keycloak Bool isAuthorized res scope tok = do   r <- try $ checkPermission res scope tok@@ -44,7 +44,7 @@     Left e | (statusCode <$> getErrorStatus e) == Just 403 -> return False     Left e -> throwError e --rethrow the error --- | Return the permissions for all resources, under the given scopes.+-- | Return the permissions for the permission requests. getPermissions :: [PermReq] -> Token -> Keycloak [Permission] getPermissions reqs tok = do   debug "Get all permissions"@@ -56,15 +56,16 @@   body <- keycloakPost "protocol/openid-connect/token" dat tok   case eitherDecode body of     Right ret -> do+      debug $ "Keycloak returned perms: " ++ (show ret)       return ret     Left (err2 :: String) -> do       debug $ "Keycloak parse error: " ++ (show err2)        throwError $ ParseError $ pack (show err2)--getPermString :: PermReq -> [Text]-getPermString (PermReq (Just (ResourceId id)) []) = [id]-getPermString (PermReq (Just (ResourceId id)) scopes) = map (\(ScopeName s) -> (id <> "#" <> s)) scopes-getPermString (PermReq Nothing scopes) = map (\(ScopeName s) -> ("#" <> s)) scopes+  where+    getPermString :: PermReq -> [Text]+    getPermString (PermReq (Just (ResourceId id)) []) = [id]+    getPermString (PermReq (Just (ResourceId id)) scopes) = map (\(ScopeName s) -> (id <> "#" <> s)) scopes+    getPermString (PermReq Nothing scopes) = map (\(ScopeName s) -> ("#" <> s)) scopes  -- | Checks if a scope is permitted on a resource. An HTTP Exception 403 will be thrown if not. checkPermission :: ResourceId -> ScopeName -> Token -> Keycloak ()@@ -80,7 +81,7 @@  -- * Tokens --- | Retrieve the user's token+-- | Retrieve the user's token. This token will be used for every other Keycloak calls. getUserAuthToken :: Username -> Password -> Keycloak Token getUserAuthToken username password = do    debug "Get user token"@@ -101,7 +102,7 @@       debug $ "Keycloak parse error: " ++ (show err2)        throwError $ ParseError $ pack (show err2) --- | return a Client token+-- | return a Client token. It is useful to create Resources. getClientAuthToken :: Keycloak Token getClientAuthToken = do   debug "Get client token"@@ -132,14 +133,11 @@  -- * Resource --- | Create a resource.+-- | Create an authorization resource in Keycloak, under the configured client. createResource :: Resource -> Token -> Keycloak ResourceId createResource r tok = do   debug $ convertString $ "Creating resource: " <> (JSON.encode r)-  -- The user token might not be suitable because it can use another client (such as "dashboard"). -  -- however we need "api-server" as client because it's the resource authorization server.-  tok2 <- getClientAuthToken -  body <- keycloakPost "authz/protection/resource_set" (toJSON r) tok2+  body <- keycloakPost "authz/protection/resource_set" (toJSON r) tok   debug $ convertString $ "Created resource: " ++ convertString body   case eitherDecode body of     Right ret -> do@@ -156,6 +154,7 @@   keycloakDelete ("authz/protection/resource_set/" <> rid) tok   return () +-- | Delete all resources in Keycloak deleteAllResources :: Token -> Keycloak () deleteAllResources tok = do   debug "Deleting all Keycloak resources..."@@ -163,10 +162,10 @@   res <- mapM (\rid -> try $ deleteResource rid tok) ids   debug $ "Deleted " ++ (show $ L.length $ rights res) ++ " resources out of " ++ (show $ L.length ids) -getResource :: ResourceId -> Keycloak Resource-getResource (ResourceId rid) = do-  tok2 <- getClientAuthToken -  body <- keycloakGet ("authz/protection/resource_set/" <> rid) tok2+-- | get a single resource+getResource :: ResourceId -> Token -> Keycloak Resource+getResource (ResourceId rid) tok = do+  body <- keycloakGet ("authz/protection/resource_set/" <> rid) tok   case eitherDecode body of     Right ret -> do       return ret@@ -174,6 +173,7 @@       debug $ "Keycloak parse error: " ++ (show err2)        throwError $ ParseError $ pack (show err2) +-- | get all resources IDs getAllResourceIds :: Keycloak [ResourceId] getAllResourceIds = do   debug "Get all resources"@@ -221,16 +221,16 @@       debug $ "Keycloak parse error: " ++ (show err2)        throwError $ ParseError $ pack (show err2) --- | Get a single user, based on his Id-postUser :: User -> Token -> Keycloak UserId-postUser user tok = do+-- | Create a user+createUser :: User -> Token -> Keycloak UserId+createUser user tok = do   res <- keycloakAdminPost ("users/") (toJSON user) tok    debug $ "Keycloak success: " ++ (show res)    return $ UserId $ convertString res  -- | Get a single user, based on his Id-putUser :: UserId -> User -> Token -> Keycloak ()-putUser (UserId id) user tok = do+updateUser :: UserId -> User -> Token -> Keycloak ()+updateUser (UserId id) user tok = do   keycloakAdminPut ("users/" <> (convertString id)) (toJSON user) tok    return () @@ -352,6 +352,8 @@     Left err -> do       warn $ "Keycloak HTTP error: " ++ (show err)       throwError $ HTTPError err++ -- * Helpers  debug, warn, info, err :: (MonadIO m) => String -> m ()