Debug

cloudtrust · Apr 15, 2019 · 17dc1de · 17dc1de
1 parent 10e3eb7
commit 17dc1de
Show file tree

Hide file tree

Showing 13 changed files with 85 additions and 22 deletions.
diff --git a/cmd/keycloakb/keycloak_bridge.go b/cmd/keycloakb/keycloak_bridge.go
@@ -598,6 +598,7 @@ func main() {
 		// Management
 		var managementSubroute = route.PathPrefix("/management").Subrouter()
 
+		var getRealmsHandler = ConfigureManagementHandler(ComponentName, ComponentID, idGenerator, keycloakClient, tracer, logger)(managementEndpoints.GetRealms)
 		var getRealmHandler = ConfigureManagementHandler(ComponentName, ComponentID, idGenerator, keycloakClient, tracer, logger)(managementEndpoints.GetRealm)
 
 		var getClientsHandler = ConfigureManagementHandler(ComponentName, ComponentID, idGenerator, keycloakClient, tracer, logger)(managementEndpoints.GetClients)
@@ -627,6 +628,7 @@ func main() {
 		var deleteCredentialsForUserHandler = ConfigureManagementHandler(ComponentName, ComponentID, idGenerator, keycloakClient, tracer, logger)(managementEndpoints.DeleteCredentialsForUser)
 
 		//realms
+		managementSubroute.Path("/realms").Methods("GET").Handler(getRealmsHandler)
 		managementSubroute.Path("/realms/{realm}").Methods("GET").Handler(getRealmHandler)
 
 		//clients

diff --git a/pkg/event/mock/component.go b/pkg/event/mock/component.go
diff --git a/pkg/event/mock/instrumenting.go b/pkg/event/mock/instrumenting.go
diff --git a/pkg/event/mock/logging.go b/pkg/event/mock/logging.go
diff --git a/pkg/event/mock/module.go b/pkg/event/mock/module.go
diff --git a/pkg/event/mock/tracing.go b/pkg/event/mock/tracing.go
diff --git a/pkg/event/mock/tracking.go b/pkg/event/mock/tracking.go
diff --git a/pkg/management/component.go b/pkg/management/component.go
@@ -8,6 +8,7 @@ import (
 )
 
 type KeycloakClient interface {
+	GetRealms(accessToken string) ([]kc.RealmRepresentation, error)
 	GetRealm(accessToken string, realmName string) (kc.RealmRepresentation, error)
 	GetClient(accessToken string, realmName, idClient string) (kc.ClientRepresentation, error)
 	GetClients(accessToken string, realmName string, paramKV ...string) ([]kc.ClientRepresentation, error)
@@ -31,6 +32,7 @@ type KeycloakClient interface {
 
 // Component is the event component interface.
 type Component interface {
+	//GetRealms(ctx context.Context) ([]api.RealmRepresentation, error)
 	GetRealm(ctx context.Context, realmName string) (api.RealmRepresentation, error)
 	GetClient(ctx context.Context, realmName, idClient string) (api.ClientRepresentation, error)
 	GetClients(ctx context.Context, realmName string) ([]api.ClientRepresentation, error)

diff --git a/pkg/management/endpoint.go b/pkg/management/endpoint.go
@@ -11,6 +11,7 @@ import (
 
 // Endpoints wraps a service behind a set of endpoints.
 type Endpoints struct {
+	GetRealms                endpoint.Endpoint
 	GetRealm                 endpoint.Endpoint
 	GetClient                endpoint.Endpoint
 	GetClients               endpoint.Endpoint
@@ -35,6 +36,7 @@ type Endpoints struct {
 
 // ManagementComponent is the interface of the component to send a query to Keycloak.
 type ManagementComponent interface {
+	//GetRealms(ctx context.Context) ([]api.RealmRepresentation, error)
 	GetRealm(ctx context.Context, realmName string) (api.RealmRepresentation, error)
 	GetClient(ctx context.Context, realmName, idClient string) (api.ClientRepresentation, error)
 	GetClients(ctx context.Context, realmName string) ([]api.ClientRepresentation, error)
@@ -57,6 +59,13 @@ type ManagementComponent interface {
 	CreateClientRole(ctx context.Context, realmName, clientID string, role api.RoleRepresentation) (string, error)
 }
 
+// MakeRealmsEndpoint makes the Realms endpoint to retrieve all available realms.
+// func MakeGetRealmsEndpoint(managementComponent ManagementComponent) endpoint.Endpoint {
+// 	return func(ctx context.Context, req interface{}) (interface{}, error) {
+// 		return managementComponent.GetRealms(ctx)
+// 	}
+// }
+
 // MakeRealmEndpoint makes the Realm endpoint to retrieve a realm.
 func MakeGetRealmEndpoint(managementComponent ManagementComponent) endpoint.Endpoint {
 	return func(ctx context.Context, req interface{}) (interface{}, error) {

diff --git a/pkg/management/endpoint_test.go b/pkg/management/endpoint_test.go
@@ -14,6 +14,23 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
+func TestGetRealmsEndpoint(t *testing.T) {
+	var mockCtrl = gomock.NewController(t)
+	defer mockCtrl.Finish()
+
+	var mockManagementComponent = mock.NewManagementComponent(mockCtrl)
+
+	var e = MakeGetRealmsEndpoint(mockManagementComponent)
+
+	var ctx = context.Background()
+	var req = make(map[string]string)
+
+	mockManagementComponent.EXPECT().GetRealms(ctx).Return([]api.RealmRepresentation{}, nil).Times(1)
+	var res, err = e(ctx, req)
+	assert.Nil(t, err)
+	assert.NotNil(t, res)
+}
+
 func TestGetRealmEndpoint(t *testing.T) {
 	var mockCtrl = gomock.NewController(t)
 	defer mockCtrl.Finish()

diff --git a/pkg/management/mock/component.go b/pkg/management/mock/component.go
diff --git a/pkg/middleware/authentication.go b/pkg/middleware/authentication.go
@@ -44,6 +44,11 @@ func MakeHTTPOIDCTokenValidationMW(keycloakClient KeycloakClient, logger log.Log
 			}
 
 			var splitToken = strings.Split(authorizationHeader, "Bearer ")
+
+			if len(splitToken) < 2 {
+				splitToken = strings.Split(authorizationHeader, "bearer ")
+			}
+
 			var accessToken = splitToken[1]
 
 			payload, _, err := jwt.Parse(accessToken)
@@ -61,7 +66,7 @@ func MakeHTTPOIDCTokenValidationMW(keycloakClient KeycloakClient, logger log.Log
 			}
 
 			var username = jot.Username
-			var issuer = jot.JWT.Issuer
+			var issuer = jot.Issuer
 			var splitIssuer = strings.Split(issuer, "/auth/realms/")
 			var realm = splitIssuer[1]
 
@@ -82,8 +87,22 @@ func MakeHTTPOIDCTokenValidationMW(keycloakClient KeycloakClient, logger log.Log
 
 // Token is JWT token and the custom fields present in OIDC Token provided by Keycloak.
 type Token struct {
-	*jwt.JWT
-	Username string `json:"preferred_username,omitempty"`
+	hdr            *header
+	Issuer         string   `json:"iss,omitempty"`
+	Subject        string   `json:"sub,omitempty"`
+	Audience       []string `json:"aud,omitempty"`
+	ExpirationTime int64    `json:"exp,omitempty"`
+	NotBefore      int64    `json:"nbf,omitempty"`
+	IssuedAt       int64    `json:"iat,omitempty"`
+	ID             string   `json:"jti,omitempty"`
+	Username       string   `json:"preferred_username,omitempty"`
+}
+
+type header struct {
+	Algorithm   string `json:"alg,omitempty"`
+	KeyID       string `json:"kid,omitempty"`
+	Type        string `json:"typ,omitempty"`
+	ContentType string `json:"cty,omitempty"`
 }
 
 // MakeEndpointTokenForRealmMW makes a Endpoint middleware responsible to ensure
@@ -99,7 +118,7 @@ func MakeEndpointTokenForRealmMW(logger log.Logger) endpoint.Middleware {
 			// Extract the target realm of the request
 			var m = req.(map[string]string)
 			var realmRequested = m["realm"]
-			
+
 			// Assert both realms match
 			if realmAuthorized != realmRequested {
 				//TODO create a specific error to map it on 403

diff --git a/pkg/middleware/mock/management_component.go b/pkg/middleware/mock/management_component.go