-
Notifications
You must be signed in to change notification settings - Fork 10
/
users.go
198 lines (166 loc) · 10.5 KB
/
users.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
package api
import (
"errors"
"github.com/cloudtrust/keycloak-client/v2"
"gopkg.in/h2non/gentleman.v2/plugins/body"
"gopkg.in/h2non/gentleman.v2/plugins/query"
"gopkg.in/h2non/gentleman.v2/plugins/url"
)
const (
userPath = "/auth/admin/realms/:realm/users"
adminRootPath = "/auth/realms/:realmReq/api/admin"
adminExtensionAPIPath = adminRootPath + "/realms/:realm"
usersAdminExtensionAPIPath = adminExtensionAPIPath + "/users"
sendEmailAdminExtensionAPIPath = adminExtensionAPIPath + "/send-email"
sendEmailUsersAdminExtensionAPIPath = usersAdminExtensionAPIPath + "/:userId/send-email"
userCountPath = userPath + "/count"
userIDPath = userPath + "/:id"
userGroupsPath = userIDPath + "/groups"
userGroupIDPath = userGroupsPath + "/:groupId"
executeActionsEmailPath = usersAdminExtensionAPIPath + "/:id/execute-actions-email"
sendReminderEmailPath = "/auth/realms/:realm/onboarding/sendReminderEmail"
smsAPI = "/auth/realms/:realm/smsApi"
sendSmsCode = smsAPI + "/sendNewCode"
sendSmsConsentCode = smsAPI + "/users/:userId/consent"
checkSmsConsentCode = sendSmsConsentCode + "/:consent"
sendSMSPath = smsAPI + "/sendSms"
userFederationPath = userIDPath + "/federated-identity"
shadowUser = userFederationPath + "/:provider"
expiredToUAcceptancePath = adminRootPath + "/expired-tou-acceptance"
getSupportInfoPath = adminRootPath + "/support-infos"
generateTrustIDAuthToken = "/auth/realms/:realmReq/trustid-auth-token/realms/:realm/users/:userId/generate"
)
// GetUsers returns a list of users, filtered according to the query parameters.
// Parameters: email, first (paging offset, int), firstName, lastName, username,
// max (maximum result size, default = 100),
// search (string contained in username, firstname, lastname or email. by default,
// value is searched with a like -%value%- but you can introduce your own % symbol
// or you can use =value to search an exact value)
func (c *Client) GetUsers(accessToken string, reqRealmName, targetRealmName string, paramKV ...string) (keycloak.UsersPageRepresentation, error) {
var resp keycloak.UsersPageRepresentation
if len(paramKV)%2 != 0 {
return resp, errors.New(keycloak.MsgErrInvalidParam + "." + keycloak.EvenParams)
}
var plugins = append(createQueryPlugins(paramKV...), url.Path(usersAdminExtensionAPIPath), url.Param("realmReq", reqRealmName), url.Param("realm", targetRealmName))
var err = c.get(accessToken, &resp, plugins...)
return resp, err
}
// CreateUser creates the user from its UserRepresentation. The username must be unique.
func (c *Client) CreateUser(accessToken string, reqRealmName, targetRealmName string, user keycloak.UserRepresentation) (string, error) {
return c.post(accessToken, nil, url.Path(usersAdminExtensionAPIPath), url.Param("realmReq", reqRealmName), url.Param("realm", targetRealmName), body.JSON(user))
}
// CountUsers returns the number of users in the realm.
func (c *Client) CountUsers(accessToken string, realmName string) (int, error) {
var resp = 0
var err = c.get(accessToken, &resp, url.Path(userCountPath), url.Param("realm", realmName))
return resp, err
}
// GetUser gets the represention of the user.
func (c *Client) GetUser(accessToken string, realmName, userID string) (keycloak.UserRepresentation, error) {
var resp = keycloak.UserRepresentation{}
var err = c.get(accessToken, &resp, url.Path(userIDPath), url.Param("realm", realmName), url.Param("id", userID))
return resp, err
}
// GetGroupsOfUser gets the groups of the user.
func (c *Client) GetGroupsOfUser(accessToken string, realmName, userID string) ([]keycloak.GroupRepresentation, error) {
var resp = []keycloak.GroupRepresentation{}
var err = c.get(accessToken, &resp, url.Path(userGroupsPath), url.Param("realm", realmName), url.Param("id", userID))
return resp, err
}
// AddGroupToUser adds a group to the groups of the user.
func (c *Client) AddGroupToUser(accessToken string, realmName, userID, groupID string) error {
return c.put(accessToken, url.Path(userGroupIDPath), url.Param("realm", realmName), url.Param("id", userID), url.Param("groupId", groupID))
}
// DeleteGroupFromUser adds a group to the groups of the user.
func (c *Client) DeleteGroupFromUser(accessToken string, realmName, userID, groupID string) error {
return c.delete(accessToken, url.Path(userGroupIDPath), url.Param("realm", realmName), url.Param("id", userID), url.Param("groupId", groupID))
}
// UpdateUser updates the user.
func (c *Client) UpdateUser(accessToken string, realmName, userID string, user keycloak.UserRepresentation) error {
return c.put(accessToken, url.Path(userIDPath), url.Param("realm", realmName), url.Param("id", userID), body.JSON(user))
}
// DeleteUser deletes the user.
func (c *Client) DeleteUser(accessToken string, realmName, userID string) error {
return c.delete(accessToken, url.Path(userIDPath), url.Param("realm", realmName), url.Param("id", userID))
}
// ExecuteActionsEmail sends an update account email to the user. An email contains a link the user can click to perform a set of required actions.
func (c *Client) ExecuteActionsEmail(accessToken string, reqRealmName string, targetRealmName string, userID string, actions []string, paramKV ...string) error {
if len(paramKV)%2 != 0 {
return errors.New(keycloak.MsgErrInvalidParam + "." + keycloak.EvenParams)
}
var plugins = append(createQueryPlugins(paramKV...), url.Path(executeActionsEmailPath), url.Param("realmReq", reqRealmName),
url.Param("realm", targetRealmName), url.Param("id", userID), body.JSON(actions))
return c.put(accessToken, plugins...)
}
// SendSmsCode sends a SMS code and return it
func (c *Client) SendSmsCode(accessToken string, realmName string, userID string) (keycloak.SmsCodeRepresentation, error) {
var paramKV []string
paramKV = append(paramKV, "userid", userID)
var plugins = append(createQueryPlugins(paramKV...), url.Path(sendSmsCode), url.Param("realm", realmName))
var resp = keycloak.SmsCodeRepresentation{}
_, err := c.post(accessToken, &resp, plugins...)
return resp, err
}
// SendReminderEmail sends a reminder email to a user
func (c *Client) SendReminderEmail(accessToken string, realmName string, userID string, paramKV ...string) error {
if len(paramKV)%2 != 0 {
return errors.New(keycloak.MsgErrInvalidParam + "." + keycloak.EvenParams)
}
var newParamKV = append(paramKV, "userid", userID)
var plugins = append(createQueryPlugins(newParamKV...), url.Path(sendReminderEmailPath), url.Param("realm", realmName))
_, err := c.post(accessToken, nil, plugins...)
return err
}
// GetFederatedIdentities gets the federated identities of a user in the given realm
func (c *Client) GetFederatedIdentities(accessToken string, realmName string, userID string) ([]keycloak.FederatedIdentityRepresentation, error) {
var res []keycloak.FederatedIdentityRepresentation
var err = c.get(accessToken, &res, url.Path(userFederationPath), url.Param("realm", realmName), url.Param("id", userID))
return res, err
}
// LinkShadowUser links shadow user to a realm in the context of brokering
func (c *Client) LinkShadowUser(accessToken string, reqRealmName string, userID string, provider string, fedIDKC keycloak.FederatedIdentityRepresentation) error {
_, err := c.post(accessToken, nil, url.Path(shadowUser), url.Param("realm", reqRealmName), url.Param("id", userID), url.Param("provider", provider), body.JSON(fedIDKC))
return err
}
// SendEmail sends an email to a user
func (c *Client) SendEmail(accessToken string, reqRealmName string, realmName string, emailRep keycloak.EmailRepresentation) error {
_, err := c.post(accessToken, nil, url.Path(sendEmailAdminExtensionAPIPath), url.Param("realmReq", reqRealmName), url.Param("realm", realmName), body.JSON(emailRep))
return err
}
// SendEmailToUser sends an email to the user specified by the UserID
func (c *Client) SendEmailToUser(accessToken string, reqRealmName string, realmName string, userID string, emailRep keycloak.EmailRepresentation) error {
_, err := c.post(accessToken, nil, url.Path(sendEmailUsersAdminExtensionAPIPath), url.Param("realmReq", reqRealmName), url.Param("realm", realmName), url.Param("userId", userID), body.JSON(emailRep))
return err
}
// SendSMS sends an SMS to a user
func (c *Client) SendSMS(accessToken string, realmName string, smsRep keycloak.SMSRepresentation) error {
_, err := c.post(accessToken, nil, url.Path(sendSMSPath), url.Param("realm", realmName), body.JSON(smsRep))
return err
}
// CheckConsentCodeSMS checks a consent code previously sent by SMS to a user
func (c *Client) CheckConsentCodeSMS(accessToken string, realmName string, userID string, consentCode string) error {
return c.get(accessToken, nil, url.Path(checkSmsConsentCode), url.Param("realm", realmName), url.Param("userId", userID), url.Param("consent", consentCode))
}
// SendConsentCodeSMS sends an SMS to a user with a consent code
func (c *Client) SendConsentCodeSMS(accessToken string, realmName string, userID string) error {
_, err := c.post(accessToken, nil, url.Path(sendSmsConsentCode), url.Param("realm", realmName), url.Param("userId", userID))
return err
}
// GetExpiredTermsOfUseAcceptance gets the list of users created for a
// long time (configured in Keycloak) who declined the terms of use
func (c *Client) GetExpiredTermsOfUseAcceptance(accessToken string) ([]keycloak.DeletableUserRepresentation, error) {
var deletableUsers []keycloak.DeletableUserRepresentation
err := c.get(accessToken, &deletableUsers, url.Path(expiredToUAcceptancePath), url.Param("realmReq", "master"))
return deletableUsers, err
}
// GetSupportInfo gets the list of accounts matching a given email address
func (c *Client) GetSupportInfo(accessToken string, email string) ([]keycloak.EmailInfoRepresentation, error) {
var emailInfos []keycloak.EmailInfoRepresentation
err := c.get(accessToken, &emailInfos, url.Path(getSupportInfoPath), url.Param("realmReq", "master"), query.Add("email", email))
return emailInfos, err
}
func (c *Client) GenerateTrustIDAuthToken(accessToken string, reqRealmName string, realmName string, userID string) (string, error) {
var token keycloak.TrustIDAuthTokenRepresentation
err := c.get(accessToken, &token, url.Path(generateTrustIDAuthToken), url.Param("realmReq", reqRealmName), url.Param("realm", realmName), url.Param("userId", userID))
return *token.Token, err
}