/
user.go
317 lines (239 loc) · 11.3 KB
/
user.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
package gokeycloak
import (
"context"
"net/http"
"github.com/pkg/errors"
)
// -----
// Users
// -----
// CreateUser creates the given user in the given realm and returns it's userID
// Note: Keycloak has not documented what members of the User object are actually being accepted, when creating a user.
// Things like RealmRoles must be attached using followup calls to the respective functions.
func (g *GoKeycloak) CreateUser(ctx context.Context, token, realm string, user User) (int, string, error) {
const errMessage = "could not create user"
resp, err := g.GetRequestWithBearerAuth(ctx, token).
SetBody(user).
Post(g.getAdminRealmURL(realm, "users"))
if err := checkForError(resp, err, errMessage); err != nil {
return resp.StatusCode(), "", err
}
return resp.StatusCode(), getID(resp), nil
}
// DeleteUser delete a given user
func (g *GoKeycloak) DeleteUser(ctx context.Context, token, realm, userID string) (int, error) {
const errMessage = "could not delete user"
resp, err := g.GetRequestWithBearerAuth(ctx, token).
Delete(g.getAdminRealmURL(realm, "users", userID))
return resp.StatusCode(), checkForError(resp, err, errMessage)
}
// GetUserByID fetches a user from the given realm with the given userID
func (g *GoKeycloak) GetUserByID(ctx context.Context, accessToken, realm, userID string) (int, *User, error) {
const errMessage = "could not get user by id"
if userID == "" {
return http.StatusBadRequest, nil, errors.Wrap(errors.New("userID shall not be empty"), errMessage)
}
var result User
resp, err := g.GetRequestWithBearerAuth(ctx, accessToken).
SetResult(&result).
Get(g.getAdminRealmURL(realm, "users", userID))
if err := checkForError(resp, err, errMessage); err != nil {
return resp.StatusCode(), nil, err
}
return resp.StatusCode(), &result, nil
}
// GetUserCount gets the user count in the realm
func (g *GoKeycloak) GetUserCount(ctx context.Context, token string, realm string, params GetUsersParams) (int, int, error) {
const errMessage = "could not get user count"
var result int
queryParams, err := GetQueryParams(params)
if err != nil {
return http.StatusBadRequest, 0, errors.Wrap(err, errMessage)
}
resp, err := g.GetRequestWithBearerAuth(ctx, token).
SetResult(&result).
SetQueryParams(queryParams).
Get(g.getAdminRealmURL(realm, "users", "count"))
if err := checkForError(resp, err, errMessage); err != nil {
return resp.StatusCode(), -1, errors.Wrap(err, errMessage)
}
return resp.StatusCode(), result, nil
}
// GetUserGroups get all groups for user
func (g *GoKeycloak) GetUserGroups(ctx context.Context, token, realm, userID string, params GetGroupsParams) (int, []*Group, error) {
const errMessage = "could not get user groups"
var result []*Group
queryParams, err := GetQueryParams(params)
if err != nil {
return http.StatusBadRequest, nil, errors.Wrap(err, errMessage)
}
resp, err := g.GetRequestWithBearerAuth(ctx, token).
SetResult(&result).
SetQueryParams(queryParams).
Get(g.getAdminRealmURL(realm, "users", userID, "groups"))
if err := checkForError(resp, err, errMessage); err != nil {
return resp.StatusCode(), nil, err
}
return resp.StatusCode(), result, nil
}
// GetUsers get all users in realm
func (g *GoKeycloak) GetUsers(ctx context.Context, token, realm string, params GetUsersParams) (int, []*User, error) {
const errMessage = "could not get users"
var result []*User
queryParams, err := GetQueryParams(params)
if err != nil {
return http.StatusBadRequest, nil, errors.Wrap(err, errMessage)
}
resp, err := g.GetRequestWithBearerAuth(ctx, token).
SetResult(&result).
SetQueryParams(queryParams).
Get(g.getAdminRealmURL(realm, "users"))
if err := checkForError(resp, err, errMessage); err != nil {
return resp.StatusCode(), nil, err
}
return resp.StatusCode(), result, nil
}
// GetUsersByRoleName returns all users have a given role
func (g *GoKeycloak) GetUsersByRoleName(ctx context.Context, token, realm, roleName string, params GetUsersByRoleParams) (int, []*User, error) {
const errMessage = "could not get users by role name"
var result []*User
queryParams, err := GetQueryParams(params)
if err != nil {
return http.StatusBadRequest, nil, errors.Wrap(err, errMessage)
}
resp, err := g.GetRequestWithBearerAuth(ctx, token).
SetResult(&result).
SetQueryParams(queryParams).
Get(g.getAdminRealmURL(realm, "roles", roleName, "users"))
if err := checkForError(resp, err, errMessage); err != nil {
return resp.StatusCode(), nil, err
}
return resp.StatusCode(), result, nil
}
// GetUsersByClientRoleName returns all users have a given client role
func (g *GoKeycloak) GetUsersByClientRoleName(ctx context.Context, token, realm, idOfClient, roleName string, params GetUsersByRoleParams) (int, []*User, error) {
const errMessage = "could not get users by client role name"
var result []*User
queryParams, err := GetQueryParams(params)
if err != nil {
return http.StatusBadRequest, nil, err
}
resp, err := g.GetRequestWithBearerAuth(ctx, token).
SetResult(&result).
SetQueryParams(queryParams).
Get(g.getAdminRealmURL(realm, "clients", idOfClient, "roles", roleName, "users"))
if err := checkForError(resp, err, errMessage); err != nil {
return resp.StatusCode(), nil, err
}
return resp.StatusCode(), result, nil
}
// SetPassword sets a new password for the user with the given id. Needs elevated privileges
func (g *GoKeycloak) SetPassword(ctx context.Context, token, userID, realm, password string, temporary bool) (int, error) {
const errMessage = "could not set password"
requestBody := SetPasswordRequest{Password: &password, Temporary: &temporary, Type: StringP("password")}
resp, err := g.GetRequestWithBearerAuth(ctx, token).
SetBody(requestBody).
Put(g.getAdminRealmURL(realm, "users", userID, "reset-password"))
return resp.StatusCode(), checkForError(resp, err, errMessage)
}
// UpdateUser updates a given user
func (g *GoKeycloak) UpdateUser(ctx context.Context, token, realm string, user User) (int, error) {
const errMessage = "could not update user"
resp, err := g.GetRequestWithBearerAuth(ctx, token).
SetBody(user).
Put(g.getAdminRealmURL(realm, "users", PString(user.ID)))
return resp.StatusCode(), checkForError(resp, err, errMessage)
}
// AddUserToGroup puts given user to given group
func (g *GoKeycloak) AddUserToGroup(ctx context.Context, token, realm, userID, groupID string) (int, error) {
const errMessage = "could not add user to group"
resp, err := g.GetRequestWithBearerAuth(ctx, token).
Put(g.getAdminRealmURL(realm, "users", userID, "groups", groupID))
return resp.StatusCode(), checkForError(resp, err, errMessage)
}
// DeleteUserFromGroup deletes given user from given group
func (g *GoKeycloak) DeleteUserFromGroup(ctx context.Context, token, realm, userID, groupID string) (int, error) {
const errMessage = "could not delete user from group"
resp, err := g.GetRequestWithBearerAuth(ctx, token).
Delete(g.getAdminRealmURL(realm, "users", userID, "groups", groupID))
return resp.StatusCode(), checkForError(resp, err, errMessage)
}
// GetUserSessions returns user sessions associated with the user
func (g *GoKeycloak) GetUserSessions(ctx context.Context, token, realm, userID string) (int, []*UserSessionRepresentation, error) {
const errMessage = "could not get user sessions"
var res []*UserSessionRepresentation
resp, err := g.GetRequestWithBearerAuth(ctx, token).
SetResult(&res).
Get(g.getAdminRealmURL(realm, "users", userID, "sessions"))
if err := checkForError(resp, err, errMessage); err != nil {
return resp.StatusCode(), nil, err
}
return resp.StatusCode(), res, nil
}
// GetUserOfflineSessionsForClient returns offline sessions associated with the user and client
func (g *GoKeycloak) GetUserOfflineSessionsForClient(ctx context.Context, token, realm, userID, idOfClient string) (int, []*UserSessionRepresentation, error) {
const errMessage = "could not get user offline sessions for client"
var res []*UserSessionRepresentation
resp, err := g.GetRequestWithBearerAuth(ctx, token).
SetResult(&res).
Get(g.getAdminRealmURL(realm, "users", userID, "offline-sessions", idOfClient))
if err := checkForError(resp, err, errMessage); err != nil {
return resp.StatusCode(), nil, err
}
return resp.StatusCode(), res, nil
}
// AddClientRolesToUser adds client-level role mappings
func (g *GoKeycloak) AddClientRolesToUser(ctx context.Context, token, realm, idOfClient, userID string, roles []Role) (int, error) {
const errMessage = "could not add client role to user"
resp, err := g.GetRequestWithBearerAuth(ctx, token).
SetBody(roles).
Post(g.getAdminRealmURL(realm, "users", userID, "role-mappings", "clients", idOfClient))
return resp.StatusCode(), checkForError(resp, err, errMessage)
}
// AddClientRoleToUser adds client-level role mappings
//
// Deprecated: replaced by AddClientRolesToUser
func (g *GoKeycloak) AddClientRoleToUser(ctx context.Context, token, realm, idOfClient, userID string, roles []Role) (int, error) {
return g.AddClientRolesToUser(ctx, token, realm, idOfClient, userID, roles)
}
// DeleteClientRolesFromUser adds client-level role mappings
func (g *GoKeycloak) DeleteClientRolesFromUser(ctx context.Context, token, realm, idOfClient, userID string, roles []Role) (int, error) {
const errMessage = "could not delete client role from user"
resp, err := g.GetRequestWithBearerAuth(ctx, token).
SetBody(roles).
Delete(g.getAdminRealmURL(realm, "users", userID, "role-mappings", "clients", idOfClient))
return resp.StatusCode(), checkForError(resp, err, errMessage)
}
// DeleteClientRoleFromUser adds client-level role mappings
//
// Deprecated: replaced by DeleteClientRolesFrom
func (g *GoKeycloak) DeleteClientRoleFromUser(ctx context.Context, token, realm, idOfClient, userID string, roles []Role) (int, error) {
return g.DeleteClientRolesFromUser(ctx, token, realm, idOfClient, userID, roles)
}
// GetUserFederatedIdentities gets all user federated identities
func (g *GoKeycloak) GetUserFederatedIdentities(ctx context.Context, token, realm, userID string) (int, []*FederatedIdentityRepresentation, error) {
const errMessage = "could not get user federated identities"
var res []*FederatedIdentityRepresentation
resp, err := g.GetRequestWithBearerAuth(ctx, token).
SetResult(&res).
Get(g.getAdminRealmURL(realm, "users", userID, "federated-identity"))
if err := checkForError(resp, err, errMessage); err != nil {
return resp.StatusCode(), nil, err
}
return resp.StatusCode(), res, err
}
// CreateUserFederatedIdentity creates an user federated identity
func (g *GoKeycloak) CreateUserFederatedIdentity(ctx context.Context, token, realm, userID, providerID string, federatedIdentityRep FederatedIdentityRepresentation) (int, error) {
const errMessage = "could not create user federeated identity"
resp, err := g.GetRequestWithBearerAuth(ctx, token).
SetBody(federatedIdentityRep).
Post(g.getAdminRealmURL(realm, "users", userID, "federated-identity", providerID))
return resp.StatusCode(), checkForError(resp, err, errMessage)
}
// DeleteUserFederatedIdentity deletes an user federated identity
func (g *GoKeycloak) DeleteUserFederatedIdentity(ctx context.Context, token, realm, userID, providerID string) (int, error) {
const errMessage = "could not delete user federeated identity"
resp, err := g.GetRequestWithBearerAuth(ctx, token).
Delete(g.getAdminRealmURL(realm, "users", userID, "federated-identity", providerID))
return resp.StatusCode(), checkForError(resp, err, errMessage)
}