From 09c2077472e284905aae96d3481bd26ecada46b5 Mon Sep 17 00:00:00 2001
From: sispeo <42068883+fperot74@users.noreply.github.com>
Date: Fri, 11 Oct 2019 12:44:01 +0200
Subject: [PATCH] [CLOUDTRUST-1801] Support multiple OIDC verifier URL

---
 Gopkg.lock                       | 36 +++++++--------
 Gopkg.toml                       |  4 +-
 README.md                        |  5 ++-
 api/account/api.go               |  6 +--
 api/account/api_test.go          | 75 ++++++++++++++++++++++++++++++--
 cmd/keycloakb/keycloak_bridge.go |  2 +-
 configs/keycloak_bridge.yml      |  2 +-
 pkg/account/component_test.go    |  2 +-
 8 files changed, 101 insertions(+), 31 deletions(-)

diff --git a/Gopkg.lock b/Gopkg.lock
index 5aa7f1d6..0f24e71a 100644
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -18,7 +18,7 @@
   version = "2018.01.18"
 
 [[projects]]
-  digest = "1:a29f27a0e74a248e39b61be9ed5ca3fc6e0450b94802338b15cd00f99489d7cc"
+  digest = "1:2bf3a8c3fd188b74dddfdfed5d982b595266ba192ad525aa9f340f1cc66a7188"
   name = "github.com/cloudtrust/common-service"
   packages = [
     ".",
@@ -34,16 +34,16 @@
     "tracking",
   ]
   pruneopts = "UT"
-  revision = "bb18af383d1e95e6ced6966fb39f04594959df69"
-  version = "v1.0-rc7"
+  revision = "926680e453c4688a250df9cf4b663ba373787c1b"
+  version = "v1.1.0"
 
 [[projects]]
-  digest = "1:87ba1ef01f9c3a60e83b1d28f0d07b605b84d51f27a1d4a0fffa9d96ea1bc78b"
+  digest = "1:e0941b314bcb906a3d485ac6b6ca575f6ab9d0a2cf877201d775c66e48148eb7"
   name = "github.com/cloudtrust/keycloak-client"
   packages = ["."]
   pruneopts = "UT"
-  revision = "d7c35a0d423c989dab1296785c6227572d9eca61"
-  version = "v1.1.0"
+  revision = "b8f0ef8fe71893a8ea84e0334f6a75c346f8167a"
+  version = "v1.1.1"
 
 [[projects]]
   digest = "1:d64c893fc7d2c3d395f421b00d21f0adb8ceffc4d3c90299e732b3985ca16eb4"
@@ -231,12 +231,12 @@
   version = "v1.1.0"
 
 [[projects]]
-  digest = "1:93131d8002d7025da13582877c32d1fc302486775a1b06f62241741006428c5e"
+  digest = "1:bbd3997f0121200f72b64d7a3826eb8a0b910d6a4c19894c9fe2852b9e5eaf3b"
   name = "github.com/pelletier/go-toml"
   packages = ["."]
   pruneopts = "UT"
-  revision = "728039f679cbcd4f6a54e080d2219a4c4928c546"
-  version = "v1.4.0"
+  revision = "8fe62057ea2d46ce44254c98e84e810044dbe197"
+  version = "v1.5.0"
 
 [[projects]]
   digest = "1:cf31692c14422fa27c83a05292eb5cbe0fb2775972e8f1f8446a71549bd8980b"
@@ -368,7 +368,7 @@
     "pbkdf2",
   ]
   pruneopts = "UT"
-  revision = "a832865fa7ada6126f4c6124ac49f71be71bff2a"
+  revision = "af544f31c8ac5794d2134b792e9eb714d9d8f9ce"
 
 [[projects]]
   branch = "master"
@@ -381,7 +381,7 @@
     "publicsuffix",
   ]
   pruneopts = "UT"
-  revision = "c5a3c61f89f3ed696ec36b629ef1b97541165225"
+  revision = "d66e71096ffb9f08f36d9aefcae80ce319de6d68"
 
 [[projects]]
   branch = "master"
@@ -396,11 +396,11 @@
 
 [[projects]]
   branch = "master"
-  digest = "1:1b90e63244513e8514749f45da58e89350d35cb3e12416ce6ed95f41c2a1f177"
+  digest = "1:7c927f17d868be652a4cfe7de23e4292dea5b14d974a1d536e3b7cb7e79fd695"
   name = "golang.org/x/sys"
   packages = ["unix"]
   pruneopts = "UT"
-  revision = "c990c680b611ac1aeb7d8f2af94a825f98d69720"
+  revision = "b09406accb4736d857a32bf9444cd7edae2ffa79"
 
 [[projects]]
   digest = "1:8d8faad6b12a3a4c819a3f9618cb6ee1fa1cfc33253abeeea8b55336721e3405"
@@ -449,8 +449,8 @@
     "urlfetch",
   ]
   pruneopts = "UT"
-  revision = "bddb1f54ecfd64b1350fd2dd897fa11d426632bc"
-  version = "v1.6.4"
+  revision = "971852bfffca25b069c31162ae8f247a3dba083b"
+  version = "v1.6.5"
 
 [[projects]]
   digest = "1:fdc801e94ddbe703f6b4263ee96ed12fc9e1d754369bf9de874c7567ea2c9686"
@@ -488,12 +488,12 @@
   version = "v2.3.1"
 
 [[projects]]
-  digest = "1:4d2e5a73dc1500038e504a8d78b986630e3626dc027bc030ba5c75da257cdb96"
+  digest = "1:59f10c1537d2199d9115d946927fe31165959a95190849c82ff11e05803528b0"
   name = "gopkg.in/yaml.v2"
   packages = ["."]
   pruneopts = "UT"
-  revision = "51d6538a90f86fe93ac480b35f37b2be17fef232"
-  version = "v2.2.2"
+  revision = "f221b8435cfb71e54062f6c6e99e9ade30b124d5"
+  version = "v2.2.4"
 
 [solve-meta]
   analyzer-name = "dep"
diff --git a/Gopkg.toml b/Gopkg.toml
index ea368b80..a70eda78 100644
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -27,11 +27,11 @@
 
 [[constraint]]
   name = "github.com/cloudtrust/common-service"
-  version = "v1.0-rc7"
+  version = "v1.1.0"
 
 [[constraint]]
   name = "github.com/cloudtrust/keycloak-client"
-  version = "v1.1.0"
+  version = "v1.1.1"
 
 [[constraint]]
   name = "github.com/go-kit/kit"
diff --git a/README.md b/README.md
index 7c9f76c0..0e7e52ad 100644
--- a/README.md
+++ b/README.md
@@ -47,8 +47,9 @@ account-http-host-port | HTTP server listening address | 0.0.0.0:8866
 
 Key | Description | Default value
 --- | ----------- | -------------
-keycloak-host-port | Keycloak host:port | "127.0.0.1:8080"
-keycloak-timeout-ms | Keycloak requests timeout in milliseconds | 5000
+keycloak-api-uri | Keycloak protocol:host:port | "http://127.0.0.1:8080"
+keycloak-oidc-uri | Keycloak protocol:host:port (multiple value supported) | "http://127.0.0.1:8080 http://localhost:8080"
+keycloak-timeout | Keycloak requests timeout in milliseconds | 5000
 
 
 ### ENV variables
diff --git a/api/account/api.go b/api/account/api.go
index 748e3cba..590f4921 100644
--- a/api/account/api.go
+++ b/api/account/api.go
@@ -18,7 +18,7 @@ type AccountRepresentation struct {
 
 // CredentialRepresentation struct
 type CredentialRepresentation struct {
-	Id             *string `json:"id,omitempty"`
+	ID             *string `json:"id,omitempty"`
 	Type           *string `json:"type,omitempty"`
 	UserLabel      *string `json:"userLabel,omitempty"`
 	CreatedDate    *int64  `json:"createdDate,omitempty"`
@@ -41,7 +41,7 @@ type LabelBody struct {
 // ConvertCredential creates an API credential from a KC credential
 func ConvertCredential(credKc *kc.CredentialRepresentation) CredentialRepresentation {
 	var cred CredentialRepresentation
-	cred.Id = credKc.Id
+	cred.ID = credKc.Id
 	cred.Type = credKc.Type
 	cred.UserLabel = credKc.UserLabel
 	cred.CreatedDate = credKc.CreatedDate
@@ -139,7 +139,7 @@ func (updatePwd UpdatePasswordBody) Validate() error {
 
 // Validate is a validator for CredentialRepresentation
 func (credential CredentialRepresentation) Validate() error {
-	if credential.Id != nil && !matchesRegExp(*credential.Id, RegExpID) {
+	if credential.ID != nil && !matchesRegExp(*credential.ID, RegExpID) {
 		return errors.New("Invalid Id")
 	}
 
diff --git a/api/account/api_test.go b/api/account/api_test.go
index 1a264a23..0d3fe17e 100644
--- a/api/account/api_test.go
+++ b/api/account/api_test.go
@@ -18,7 +18,7 @@ func TestConvertCredential(t *testing.T) {
 	credKc.CredentialData = nil
 
 	assert.Equal(t, credKc.Type, ConvertCredential(&credKc).Type)
-	assert.Equal(t, credKc.Id, ConvertCredential(&credKc).Id)
+	assert.Equal(t, credKc.Id, ConvertCredential(&credKc).ID)
 	assert.Nil(t, ConvertCredential(&credKc).CredentialData)
 
 	credKc.CredentialData = &configKc
@@ -26,6 +26,53 @@ func TestConvertCredential(t *testing.T) {
 	assert.Equal(t, "{}", *ConvertCredential(&credKc).CredentialData)
 }
 
+func TestConvertToAPIAccount(t *testing.T) {
+	var kcUser = kc.UserRepresentation{}
+	assert.Nil(t, nil, ConvertToAPIAccount(kcUser))
+
+	var attributes = make(map[string][]string)
+	kcUser = kc.UserRepresentation{Attributes: &attributes}
+	assert.Nil(t, nil, ConvertToAPIAccount(kcUser).PhoneNumber)
+
+	attributes["phoneNumber"] = []string{"+41221234567"}
+	kcUser = kc.UserRepresentation{Attributes: &attributes}
+	assert.Equal(t, "+41221234567", *ConvertToAPIAccount(kcUser).PhoneNumber)
+}
+
+func TestConvertToKCUser(t *testing.T) {
+	var apiUser = AccountRepresentation{}
+	assert.Nil(t, ConvertToKCUser(apiUser).Attributes)
+
+	var phoneNumber = "+41221234567"
+	apiUser = AccountRepresentation{PhoneNumber: &phoneNumber}
+	var kcUser = ConvertToKCUser(apiUser)
+	var kcAttributes = *kcUser.Attributes
+	assert.Equal(t, phoneNumber, kcAttributes["phoneNumber"][0])
+}
+
+func TestValidateAccountRepresentation(t *testing.T) {
+	var invalidName = ""
+	var invalidEmail = "bobby-at-mail.com"
+	var invalidPhone = "+412212345AB"
+	var accounts []AccountRepresentation
+
+	for i := 0; i < 5; i++ {
+		accounts = append(accounts, createValidAccountRepresentation())
+	}
+
+	assert.Nil(t, accounts[0].Validate())
+
+	accounts[0].Username = &invalidName
+	accounts[1].FirstName = &invalidName
+	accounts[2].LastName = &invalidName
+	accounts[3].Email = &invalidEmail
+	accounts[4].PhoneNumber = &invalidPhone
+
+	for _, account := range accounts {
+		assert.NotNil(t, account.Validate())
+	}
+}
+
 func TestValidateUpdatePasswordRepresentation(t *testing.T) {
 	{
 		password := createValidUpdatePasswordBody()
@@ -64,7 +111,7 @@ func TestValidateCredentialRepresentation(t *testing.T) {
 
 	{
 		credential := createValidCredentialRepresentation()
-		credential.Id = &value
+		credential.ID = &value
 		assert.NotNil(t, credential.Validate())
 	}
 
@@ -74,6 +121,28 @@ func TestValidateCredentialRepresentation(t *testing.T) {
 		assert.NotNil(t, credential.Validate())
 	}
 
+	{
+		tooLong := "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" // 36 characters
+		tooLong = tooLong + tooLong + tooLong             // 108 characters
+		tooLong = tooLong + tooLong + tooLong             // 324 characters
+		credential := createValidCredentialRepresentation()
+		credential.UserLabel = &tooLong
+		assert.NotNil(t, credential.Validate())
+	}
+}
+
+func createValidAccountRepresentation() AccountRepresentation {
+	var validName = "Bobby"
+	var validEmail = "bobby@mail.com"
+	var validPhone = "+41221234567"
+
+	return AccountRepresentation{
+		Username:    &validName,
+		FirstName:   &validName,
+		LastName:    &validName,
+		Email:       &validEmail,
+		PhoneNumber: &validPhone,
+	}
 }
 
 func createValidUpdatePasswordBody() UpdatePasswordBody {
@@ -93,7 +162,7 @@ func createValidCredentialRepresentation() CredentialRepresentation {
 	credData := "{}"
 
 	return CredentialRepresentation{
-		Id:             &id,
+		ID:             &id,
 		Type:           &credType,
 		CredentialData: &credData,
 		UserLabel:      &userLabel,
diff --git a/cmd/keycloakb/keycloak_bridge.go b/cmd/keycloakb/keycloak_bridge.go
index 2bf445b9..e318d799 100644
--- a/cmd/keycloakb/keycloak_bridge.go
+++ b/cmd/keycloakb/keycloak_bridge.go
@@ -706,7 +706,7 @@ func config(logger log.Logger) *viper.Viper {
 
 	// Keycloak default.
 	v.SetDefault("keycloak-api-uri", "http://127.0.0.1:8080")
-	v.SetDefault("keycloak-oidc-uri", "http://127.0.0.1:8080")
+	v.SetDefault("keycloak-oidc-uri", "http://127.0.0.1:8080 http://localhost:8080")
 	v.SetDefault("keycloak-timeout", "5s")
 
 	// Storage events in DB (read/write)
diff --git a/configs/keycloak_bridge.yml b/configs/keycloak_bridge.yml
index e4d563f1..83203623 100644
--- a/configs/keycloak_bridge.yml
+++ b/configs/keycloak_bridge.yml
@@ -39,7 +39,7 @@ event-basic-auth-token: "superpasswordverylongandstrong"
 
 # Keycloak configs
 keycloak-api-uri: http://localhost:8080
-keycloak-oidc-uri: http://localhost:8080
+keycloak-oidc-uri: http://localhost:8080 http://127.0.0.1:8080
 keycloak-timeout: 5s
 
 # DB Audit RW
diff --git a/pkg/account/component_test.go b/pkg/account/component_test.go
index e7a08023..80dcd5d5 100644
--- a/pkg/account/component_test.go
+++ b/pkg/account/component_test.go
@@ -432,7 +432,7 @@ func TestGetCredentials(t *testing.T) {
 		apiCredsRep, err := component.GetCredentials(ctx)
 
 		var expectedAPICredRep = account_api.CredentialRepresentation{
-			Id: &id,
+			ID: &id,
 		}
 
 		var expectedAPICredsRep []account_api.CredentialRepresentation