diff --git a/api/management/swagger-api_management.yaml b/api/management/swagger-api_management.yaml index fa4d2927e..c26d501ed 100644 --- a/api/management/swagger-api_management.yaml +++ b/api/management/swagger-api_management.yaml @@ -446,40 +446,6 @@ paths: text/plain: schema: type: string - /realms/{realm}/users/{userID}/send-verify-email: - put: - tags: - - Users - summary: > - Send an email-verification email to the user. - It contains a link the user can click to verify its email address. - The redirectUri and clientId parameters are optional. The default for the redirect is the account client. - parameters: - - name: realm - in: path - description: realm name (not id!) - required: true - schema: - type: string - - name: userID - in: path - description: User id - required: true - schema: - type: string - - name: client_id - in: query - schema: - type: string - allowEmptyValue: true - - name: redirect_uri - in: query - schema: - type: string - allowEmptyValue: true - responses: - 200: - description: successful operation /realms/{realm}/users/{userID}/execute-actions-email: put: tags: diff --git a/cmd/keycloakb/keycloak_bridge.go b/cmd/keycloakb/keycloak_bridge.go index 415d7a2bb..9982d29d1 100644 --- a/cmd/keycloakb/keycloak_bridge.go +++ b/cmd/keycloakb/keycloak_bridge.go @@ -472,7 +472,6 @@ func main() { GetClientRoleForUser: prepareEndpoint(management.MakeGetClientRolesForUserEndpoint(keycloakComponent), "get_client_roles_for_user_endpoint", influxMetrics, managementLogger, tracer, rateLimit["management"]), AddClientRoleToUser: prepareEndpoint(management.MakeAddClientRolesToUserEndpoint(keycloakComponent), "get_client_roles_for_user_endpoint", influxMetrics, managementLogger, tracer, rateLimit["management"]), ResetPassword: prepareEndpoint(management.MakeResetPasswordEndpoint(keycloakComponent), "reset_password_endpoint", influxMetrics, managementLogger, tracer, rateLimit["management"]), - SendVerifyEmail: prepareEndpoint(management.MakeSendVerifyEmailEndpoint(keycloakComponent), "send_verify_email_endpoint", influxMetrics, managementLogger, tracer, rateLimit["management"]), ExecuteActionsEmail: prepareEndpoint(management.MakeExecuteActionsEmailEndpoint(keycloakComponent), "execute_actions_email_endpoint", influxMetrics, managementLogger, tracer, rateLimit["management"]), SendReminderEmail: prepareEndpoint(management.MakeSendReminderEmailEndpoint(keycloakComponent), "send_reminder_email_endpoint", influxMetrics, managementLogger, tracer, rateLimit["management"]), SendNewEnrolmentCode: prepareEndpoint(management.MakeSendNewEnrolmentCodeEndpoint(keycloakComponent), "send_new_enrolment_code_endpoint", influxMetrics, managementLogger, tracer, rateLimit["management"]), @@ -644,7 +643,6 @@ func main() { var getGroupsHandler = configureManagementHandler(keycloakb.ComponentName, ComponentID, idGenerator, keycloakClient, audienceRequired, tracer, logger)(managementEndpoints.GetGroups) var resetPasswordHandler = configureManagementHandler(keycloakb.ComponentName, ComponentID, idGenerator, keycloakClient, audienceRequired, tracer, logger)(managementEndpoints.ResetPassword) - var sendVerifyEmailHandler = configureManagementHandler(keycloakb.ComponentName, ComponentID, idGenerator, keycloakClient, audienceRequired, tracer, logger)(managementEndpoints.SendVerifyEmail) var executeActionsEmailHandler = configureManagementHandler(keycloakb.ComponentName, ComponentID, idGenerator, keycloakClient, audienceRequired, tracer, logger)(managementEndpoints.ExecuteActionsEmail) var sendNewEnrolmentCodeHandler = configureManagementHandler(keycloakb.ComponentName, ComponentID, idGenerator, keycloakClient, audienceRequired, tracer, logger)(managementEndpoints.SendNewEnrolmentCode) var sendReminderEmailHandler = configureManagementHandler(keycloakb.ComponentName, ComponentID, idGenerator, keycloakClient, audienceRequired, tracer, logger)(managementEndpoints.SendReminderEmail) @@ -682,7 +680,6 @@ func main() { managementSubroute.Path("/realms/{realm}/users/{userID}/role-mappings/clients/{clientID}").Methods("POST").Handler(addClientRoleToUserHandler) managementSubroute.Path("/realms/{realm}/users/{userID}/reset-password").Methods("PUT").Handler(resetPasswordHandler) - managementSubroute.Path("/realms/{realm}/users/{userID}/send-verify-email").Methods("PUT").Handler(sendVerifyEmailHandler) managementSubroute.Path("/realms/{realm}/users/{userID}/execute-actions-email").Methods("PUT").Handler(executeActionsEmailHandler) managementSubroute.Path("/realms/{realm}/users/{userID}/send-new-enrolment-code").Methods("POST").Handler(sendNewEnrolmentCodeHandler) managementSubroute.Path("/realms/{realm}/users/{userID}/send-reminder-email").Methods("POST").Handler(sendReminderEmailHandler) diff --git a/configs/authorization.json b/configs/authorization.json index 94d7e0174..191a4f2e7 100644 --- a/configs/authorization.json +++ b/configs/authorization.json @@ -58,13 +58,6 @@ "l3_support_manager": {} } }, - "SendVerifyEmail": { - "master": { - "integrator_manager": {}, - "l2_support_manager": {}, - "l3_support_manager": {} - } - }, "ExecuteActionsEmail": { "master": { "integrator_manager": {}, @@ -214,14 +207,6 @@ "end_user": {} } }, - "SendVerifyEmail": { - "master": { - "integrator_agent": {} - }, - "DEP": { - "end_user": {} - } - }, "ExecuteActionsEmail": { "master": { "integrator_agent": {} @@ -351,11 +336,6 @@ "*": {} } }, - "SendVerifyEmail": { - "DEP": { - "*": {} - } - }, "ExecuteActionsEmail": { "DEP": { "*": {} @@ -467,11 +447,6 @@ "l2_support_agent": {} } }, - "SendVerifyEmail": { - "master": { - "l2_support_agent": {} - } - }, "ExecuteActionsEmail": { "master": { "l2_support_agent": {} @@ -600,11 +575,6 @@ "l3_support_agent": {} } }, - "SendVerifyEmail": { - "master": { - "l3_support_agent": {} - } - }, "ExecuteActionsEmail": { "master": { "l3_support_agent": {} @@ -736,11 +706,6 @@ "*": {} } }, - "SendVerifyEmail": { - "DEP": { - "*": {} - } - }, "ExecuteActionsEmail": { "DEP": { "*": {} @@ -879,12 +844,6 @@ "end_user": {} } }, - "SendVerifyEmail": { - "DEP": { - "l1_support_agent": {}, - "end_user": {} - } - }, "ExecuteActionsEmail": { "DEP": { "l1_support_agent": {}, @@ -981,11 +940,6 @@ "end_user": {} } }, - "SendVerifyEmail": { - "DEP": { - "end_user": {} - } - }, "ExecuteActionsEmail": { "DEP": { "end_user": {} @@ -1036,11 +990,6 @@ "end_user": {} } }, - "SendVerifyEmail": { - "DEP": { - "end_user": {} - } - }, "SendReminderEmail": { "DEP": { "end_user": {} diff --git a/pkg/management/authorization.go b/pkg/management/authorization.go index 75479bd1e..89fe7fdce 100644 --- a/pkg/management/authorization.go +++ b/pkg/management/authorization.go @@ -26,7 +26,6 @@ const ( GetClientRolesForUser = "GetClientRolesForUser" AddClientRolesToUser = "AddClientRolesToUser" ResetPassword = "ResetPassword" - SendVerifyEmail = "SendVerifyEmail" ExecuteActionsEmail = "ExecuteActionsEmail" SendNewEnrolmentCode = "SendNewEnrolmentCode" SendReminderEmail = "SendReminderEmail" @@ -241,17 +240,6 @@ func (c *authorizationComponentMW) ResetPassword(ctx context.Context, realmName return c.next.ResetPassword(ctx, realmName, userID, password) } -func (c *authorizationComponentMW) SendVerifyEmail(ctx context.Context, realmName string, userID string, paramKV ...string) error { - var action = SendVerifyEmail - var targetRealm = realmName - - if err := c.authManager.CheckAuthorizationOnTargetUser(ctx, action, targetRealm, userID); err != nil { - return err - } - - return c.next.SendVerifyEmail(ctx, realmName, userID, paramKV...) -} - func (c *authorizationComponentMW) ExecuteActionsEmail(ctx context.Context, realmName string, userID string, actions []api.RequiredAction, paramKV ...string) error { var action = ExecuteActionsEmail var targetRealm = realmName diff --git a/pkg/management/authorization_test.go b/pkg/management/authorization_test.go index 88295d52e..25d9f84d4 100644 --- a/pkg/management/authorization_test.go +++ b/pkg/management/authorization_test.go @@ -127,9 +127,6 @@ func TestDeny(t *testing.T) { _, err = authorizationMW.ResetPassword(ctx, realmName, userID, password) assert.Equal(t, security.ForbiddenError{}, err) - err = authorizationMW.SendVerifyEmail(ctx, realmName, userID) - assert.Equal(t, security.ForbiddenError{}, err) - err = authorizationMW.ExecuteActionsEmail(ctx, realmName, userID, []api.RequiredAction{}) assert.Equal(t, security.ForbiddenError{}, err) @@ -242,7 +239,6 @@ func TestAllowed(t *testing.T) { "GetClientRolesForUser": {"*": {"*": {} }}, "AddClientRolesToUser": {"*": {"*": {} }}, "ResetPassword": {"*": {"*": {} }}, - "SendVerifyEmail": {"*": {"*": {} }}, "ExecuteActionsEmail": {"*": {"*": {} }}, "SendNewEnrolmentCode": {"*": {"*": {} }}, "SendReminderEmail": {"*": {"*": {} }}, @@ -333,10 +329,6 @@ func TestAllowed(t *testing.T) { _, err = authorizationMW.ResetPassword(ctx, realmName, userID, password) assert.Nil(t, err) - mockManagementComponent.EXPECT().SendVerifyEmail(ctx, realmName, userID).Return(nil).Times(1) - err = authorizationMW.SendVerifyEmail(ctx, realmName, userID) - assert.Nil(t, err) - mockManagementComponent.EXPECT().ExecuteActionsEmail(ctx, realmName, userID, []api.RequiredAction{}).Return(nil).Times(1) err = authorizationMW.ExecuteActionsEmail(ctx, realmName, userID, []api.RequiredAction{}) assert.Nil(t, err) diff --git a/pkg/management/component.go b/pkg/management/component.go index 7002637eb..27249f999 100644 --- a/pkg/management/component.go +++ b/pkg/management/component.go @@ -37,7 +37,6 @@ type KeycloakClient interface { AddClientRolesToUserRoleMapping(accessToken string, realmName, userID, clientID string, roles []kc.RoleRepresentation) error GetRealmLevelRoleMappings(accessToken string, realmName, userID string) ([]kc.RoleRepresentation, error) ResetPassword(accessToken string, realmName string, userID string, cred kc.CredentialRepresentation) error - SendVerifyEmail(accessToken string, realmName string, userID string, paramKV ...string) error ExecuteActionsEmail(accessToken string, realmName string, userID string, actions []string, paramKV ...string) error SendNewEnrolmentCode(accessToken string, realmName string, userID string) (kc.SmsCodeRepresentation, error) SendReminderEmail(accessToken string, realmName string, userID string, paramKV ...string) error @@ -76,7 +75,6 @@ type Component interface { GetClientRolesForUser(ctx context.Context, realmName, userID, clientID string) ([]api.RoleRepresentation, error) AddClientRolesToUser(ctx context.Context, realmName, userID, clientID string, roles []api.RoleRepresentation) error ResetPassword(ctx context.Context, realmName string, userID string, password api.PasswordRepresentation) (string, error) - SendVerifyEmail(ctx context.Context, realmName string, userID string, paramKV ...string) error ExecuteActionsEmail(ctx context.Context, realmName string, userID string, actions []api.RequiredAction, paramKV ...string) error SendNewEnrolmentCode(ctx context.Context, realmName string, userID string) (string, error) SendReminderEmail(ctx context.Context, realmName string, userID string, paramKV ...string) error @@ -573,18 +571,6 @@ func (c *component) ResetPassword(ctx context.Context, realmName string, userID return pwd, nil } -func (c *component) SendVerifyEmail(ctx context.Context, realmName string, userID string, paramKV ...string) error { - var accessToken = ctx.Value(cs.CtContextAccessToken).(string) - - err := c.keycloakClient.SendVerifyEmail(accessToken, realmName, userID, paramKV...) - - if err != nil { - c.logger.Warn(ctx, "err", err.Error()) - } - - return err -} - func (c *component) ExecuteActionsEmail(ctx context.Context, realmName string, userID string, requiredActions []api.RequiredAction, paramKV ...string) error { var accessToken = ctx.Value(cs.CtContextAccessToken).(string) diff --git a/pkg/management/component_test.go b/pkg/management/component_test.go index be096c11d..c541358fc 100644 --- a/pkg/management/component_test.go +++ b/pkg/management/component_test.go @@ -1509,49 +1509,6 @@ func TestResetPassword(t *testing.T) { } -func TestSendVerifyEmail(t *testing.T) { - var mockCtrl = gomock.NewController(t) - defer mockCtrl.Finish() - var mockKeycloakClient = mock.NewKeycloakClient(mockCtrl) - var mockEventDBModule = mock.NewEventDBModule(mockCtrl) - var mockConfigurationDBModule = mock.NewConfigurationDBModule(mockCtrl) - var mockLogger = log.NewNopLogger() - - var managementComponent = NewComponent(mockKeycloakClient, mockEventDBModule, mockConfigurationDBModule, mockLogger) - - var accessToken = "TOKEN==" - var realmName = "master" - var userID = "1245-7854-8963" - - var key1 = "key1" - var value1 = "value1" - var key2 = "key2" - var value2 = "value2" - - // Send email - { - - mockKeycloakClient.EXPECT().SendVerifyEmail(accessToken, realmName, userID, key1, value1, key2, value2).Return(nil).Times(1) - - var ctx = context.WithValue(context.Background(), cs.CtContextAccessToken, accessToken) - - err := managementComponent.SendVerifyEmail(ctx, "master", userID, key1, value1, key2, value2) - - assert.Nil(t, err) - } - - // Error - { - mockKeycloakClient.EXPECT().SendVerifyEmail(accessToken, realmName, userID).Return(fmt.Errorf("Invalid input")).Times(1) - - var ctx = context.WithValue(context.Background(), cs.CtContextAccessToken, accessToken) - - err := managementComponent.SendVerifyEmail(ctx, "master", userID) - - assert.NotNil(t, err) - } -} - func TestExecuteActionsEmail(t *testing.T) { var mockCtrl = gomock.NewController(t) defer mockCtrl.Finish() diff --git a/pkg/management/endpoint.go b/pkg/management/endpoint.go index a76531bca..49442a9bd 100644 --- a/pkg/management/endpoint.go +++ b/pkg/management/endpoint.go @@ -32,7 +32,6 @@ type Endpoints struct { GetClientRoleForUser endpoint.Endpoint AddClientRoleToUser endpoint.Endpoint ResetPassword endpoint.Endpoint - SendVerifyEmail endpoint.Endpoint ExecuteActionsEmail endpoint.Endpoint SendNewEnrolmentCode endpoint.Endpoint SendReminderEmail endpoint.Endpoint @@ -66,7 +65,6 @@ type ManagementComponent interface { GetClientRolesForUser(ctx context.Context, realmName, userID, clientID string) ([]api.RoleRepresentation, error) AddClientRolesToUser(ctx context.Context, realmName, userID, clientID string, roles []api.RoleRepresentation) error ResetPassword(ctx context.Context, realmName string, userID string, password api.PasswordRepresentation) (string, error) - SendVerifyEmail(ctx context.Context, realmName string, userID string, paramKV ...string) error ExecuteActionsEmail(ctx context.Context, realmName string, userID string, actions []api.RequiredAction, paramKV ...string) error SendNewEnrolmentCode(ctx context.Context, realmName string, userID string) (string, error) SendReminderEmail(ctx context.Context, realmName string, userID string, paramKV ...string) error @@ -304,22 +302,6 @@ func MakeResetPasswordEndpoint(managementComponent ManagementComponent) cs.Endpo } } -// MakeSendVerifyEmailEndpoint creates an endpoint for SendVerifyEmail -func MakeSendVerifyEmailEndpoint(managementComponent ManagementComponent) cs.Endpoint { - return func(ctx context.Context, req interface{}) (interface{}, error) { - var m = req.(map[string]string) - - var paramKV []string - for _, key := range []string{"client_id", "redirect_uri"} { - if m[key] != "" { - paramKV = append(paramKV, key, m[key]) - } - } - - return nil, managementComponent.SendVerifyEmail(ctx, m["realm"], m["userID"], paramKV...) - } -} - // MakeExecuteActionsEmailEndpoint creates an endpoint for ExecuteActionsEmail func MakeExecuteActionsEmailEndpoint(managementComponent ManagementComponent) cs.Endpoint { return func(ctx context.Context, req interface{}) (interface{}, error) { diff --git a/pkg/management/endpoint_test.go b/pkg/management/endpoint_test.go index ccfd2173c..30c2cd47c 100644 --- a/pkg/management/endpoint_test.go +++ b/pkg/management/endpoint_test.go @@ -488,49 +488,6 @@ func TestResetPasswordEndpoint(t *testing.T) { } } -func TestSendVerifyEmailEndpoint(t *testing.T) { - var mockCtrl = gomock.NewController(t) - defer mockCtrl.Finish() - - var mockManagementComponent = mock.NewManagementComponent(mockCtrl) - - var e = MakeSendVerifyEmailEndpoint(mockManagementComponent) - - // No error - Without param - { - var realm = "master" - var userID = "123-456-789" - var ctx = context.Background() - var req = make(map[string]string) - req["realm"] = realm - req["userID"] = userID - - mockManagementComponent.EXPECT().SendVerifyEmail(ctx, realm, userID).Return(nil).Times(1) - var res, err = e(ctx, req) - assert.Nil(t, err) - assert.Nil(t, res) - } - - // No error - With params - { - var realm = "master" - var userID = "123-456-789" - var ctx = context.Background() - var req = make(map[string]string) - req["realm"] = realm - req["userID"] = userID - req["client_id"] = "123789" - req["redirect_uri"] = "http://redirect.com" - req["toto"] = "tutu" // Check this param is not transmitted - - mockManagementComponent.EXPECT().SendVerifyEmail(ctx, realm, userID, "client_id", req["client_id"], "redirect_uri", req["redirect_uri"]).Return(nil).Times(1) - var res, err = e(ctx, req) - assert.Nil(t, err) - assert.Nil(t, res) - - } -} - func TestExecuteActionsEmailEndpoint(t *testing.T) { var mockCtrl = gomock.NewController(t) defer mockCtrl.Finish()