keycloak-hs 1.0.1 → 1.1.0
raw patch · 2 files changed
+26/−24 lines, 2 filesPVP ok
version bump matches the API change (PVP)
API changes (from Hackage documentation)
- Keycloak.Client: getPermString :: PermReq -> [Text]
- Keycloak.Client: postUser :: User -> Token -> Keycloak UserId
- Keycloak.Client: putUser :: UserId -> User -> Token -> Keycloak ()
+ Keycloak.Client: createUser :: User -> Token -> Keycloak UserId
+ Keycloak.Client: updateUser :: UserId -> User -> Token -> Keycloak ()
- Keycloak.Client: getResource :: ResourceId -> Keycloak Resource
+ Keycloak.Client: getResource :: ResourceId -> Token -> Keycloak Resource
Files
- keycloak-hs.cabal +1/−1
- src/Keycloak/Client.hs +25/−23
keycloak-hs.cabal view
@@ -1,6 +1,6 @@ cabal-version: 1.12 name: keycloak-hs-version: 1.0.1+version: 1.1.0 license: BSD3 license-file: LICENSE copyright: 2019 Corentin Dupont
src/Keycloak/Client.hs view
@@ -35,7 +35,7 @@ -- * Permissions --- | Returns true id the resource is authorized under the given scope.+-- | Returns true if the resource is authorized under the given scope. isAuthorized :: ResourceId -> ScopeName -> Token -> Keycloak Bool isAuthorized res scope tok = do r <- try $ checkPermission res scope tok@@ -44,7 +44,7 @@ Left e | (statusCode <$> getErrorStatus e) == Just 403 -> return False Left e -> throwError e --rethrow the error --- | Return the permissions for all resources, under the given scopes.+-- | Return the permissions for the permission requests. getPermissions :: [PermReq] -> Token -> Keycloak [Permission] getPermissions reqs tok = do debug "Get all permissions"@@ -56,15 +56,16 @@ body <- keycloakPost "protocol/openid-connect/token" dat tok case eitherDecode body of Right ret -> do+ debug $ "Keycloak returned perms: " ++ (show ret) return ret Left (err2 :: String) -> do debug $ "Keycloak parse error: " ++ (show err2) throwError $ ParseError $ pack (show err2)--getPermString :: PermReq -> [Text]-getPermString (PermReq (Just (ResourceId id)) []) = [id]-getPermString (PermReq (Just (ResourceId id)) scopes) = map (\(ScopeName s) -> (id <> "#" <> s)) scopes-getPermString (PermReq Nothing scopes) = map (\(ScopeName s) -> ("#" <> s)) scopes+ where+ getPermString :: PermReq -> [Text]+ getPermString (PermReq (Just (ResourceId id)) []) = [id]+ getPermString (PermReq (Just (ResourceId id)) scopes) = map (\(ScopeName s) -> (id <> "#" <> s)) scopes+ getPermString (PermReq Nothing scopes) = map (\(ScopeName s) -> ("#" <> s)) scopes -- | Checks if a scope is permitted on a resource. An HTTP Exception 403 will be thrown if not. checkPermission :: ResourceId -> ScopeName -> Token -> Keycloak ()@@ -80,7 +81,7 @@ -- * Tokens --- | Retrieve the user's token+-- | Retrieve the user's token. This token will be used for every other Keycloak calls. getUserAuthToken :: Username -> Password -> Keycloak Token getUserAuthToken username password = do debug "Get user token"@@ -101,7 +102,7 @@ debug $ "Keycloak parse error: " ++ (show err2) throwError $ ParseError $ pack (show err2) --- | return a Client token+-- | return a Client token. It is useful to create Resources. getClientAuthToken :: Keycloak Token getClientAuthToken = do debug "Get client token"@@ -132,14 +133,11 @@ -- * Resource --- | Create a resource.+-- | Create an authorization resource in Keycloak, under the configured client. createResource :: Resource -> Token -> Keycloak ResourceId createResource r tok = do debug $ convertString $ "Creating resource: " <> (JSON.encode r)- -- The user token might not be suitable because it can use another client (such as "dashboard"). - -- however we need "api-server" as client because it's the resource authorization server.- tok2 <- getClientAuthToken - body <- keycloakPost "authz/protection/resource_set" (toJSON r) tok2+ body <- keycloakPost "authz/protection/resource_set" (toJSON r) tok debug $ convertString $ "Created resource: " ++ convertString body case eitherDecode body of Right ret -> do@@ -156,6 +154,7 @@ keycloakDelete ("authz/protection/resource_set/" <> rid) tok return () +-- | Delete all resources in Keycloak deleteAllResources :: Token -> Keycloak () deleteAllResources tok = do debug "Deleting all Keycloak resources..."@@ -163,10 +162,10 @@ res <- mapM (\rid -> try $ deleteResource rid tok) ids debug $ "Deleted " ++ (show $ L.length $ rights res) ++ " resources out of " ++ (show $ L.length ids) -getResource :: ResourceId -> Keycloak Resource-getResource (ResourceId rid) = do- tok2 <- getClientAuthToken - body <- keycloakGet ("authz/protection/resource_set/" <> rid) tok2+-- | get a single resource+getResource :: ResourceId -> Token -> Keycloak Resource+getResource (ResourceId rid) tok = do+ body <- keycloakGet ("authz/protection/resource_set/" <> rid) tok case eitherDecode body of Right ret -> do return ret@@ -174,6 +173,7 @@ debug $ "Keycloak parse error: " ++ (show err2) throwError $ ParseError $ pack (show err2) +-- | get all resources IDs getAllResourceIds :: Keycloak [ResourceId] getAllResourceIds = do debug "Get all resources"@@ -221,16 +221,16 @@ debug $ "Keycloak parse error: " ++ (show err2) throwError $ ParseError $ pack (show err2) --- | Get a single user, based on his Id-postUser :: User -> Token -> Keycloak UserId-postUser user tok = do+-- | Create a user+createUser :: User -> Token -> Keycloak UserId+createUser user tok = do res <- keycloakAdminPost ("users/") (toJSON user) tok debug $ "Keycloak success: " ++ (show res) return $ UserId $ convertString res -- | Get a single user, based on his Id-putUser :: UserId -> User -> Token -> Keycloak ()-putUser (UserId id) user tok = do+updateUser :: UserId -> User -> Token -> Keycloak ()+updateUser (UserId id) user tok = do keycloakAdminPut ("users/" <> (convertString id)) (toJSON user) tok return () @@ -352,6 +352,8 @@ Left err -> do warn $ "Keycloak HTTP error: " ++ (show err) throwError $ HTTPError err++ -- * Helpers debug, warn, info, err :: (MonadIO m) => String -> m ()