[KEYCLOAK-883] - Refactoring to services endpoints and exposing them …

…through admin client.

core/src/main/java/org/keycloak/representations/idm/IdentityProviderRepresentation.java

@@ -26,6 +26,7 @@
 public class IdentityProviderRepresentation {
 
     protected String id;
+    protected String internalId;
     protected String providerId;
     protected String name;
     protected boolean enabled = true;
@@ -34,6 +35,14 @@ public class IdentityProviderRepresentation {
     protected String groupName;
     protected Map<String, String> config = new HashMap<String, String>();
 
+    public String getInternalId() {
+        return this.internalId;
+    }
+
+    public void setInternalId(String internalId) {
+        this.internalId = internalId;
+    }
+
     public String getId() {
         return this.id;
     }

forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js

@@ -160,7 +160,25 @@ module.config([ '$routeProvider', function($routeProvider) {
                     return {};
                 },
                 providerFactory : function(IdentityProviderFactoryLoader) {
-                    return IdentityProviderFactoryLoader();
+                    return {};
+                }
+            },
+            controller : 'RealmIdentityProviderCtrl'
+        })
+        .when('/create/identity-provider/:realm/:provider_id', {
+            templateUrl : function(params){ return 'partials/realm-identity-provider-' + params.provider_id + '.html'; },
+            resolve : {
+                realm : function(RealmLoader) {
+                    return RealmLoader();
+                },
+                serverInfo : function(ServerInfoLoader) {
+                    return ServerInfoLoader();
+                },
+                instance : function(IdentityProviderLoader) {
+                    return {};
+                },
+                providerFactory : function(IdentityProviderFactoryLoader) {
+                    return new IdentityProviderFactoryLoader();
                 }
             },
             controller : 'RealmIdentityProviderCtrl'

forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js

@@ -722,7 +722,7 @@ module.controller('RealmIdentityProviderCtrl', function($scope, $filter, $upload
     $scope.callbackUrl = $location.absUrl().replace(/\/admin.*/, "/broker/") + realm.realm + "/" ;
 
     $scope.addProvider = function(provider) {
-        $location.url("/realms/" + realm.realm + "/identity-provider-settings/provider/" + provider.id + "/" + provider.id);
+        $location.url("/create/identity-provider/" + realm.realm + "/" + provider.id);
     };
 
     $scope.remove = function() {
@@ -746,7 +746,8 @@ module.controller('RealmIdentityProviderCtrl', function($scope, $filter, $upload
             });
         } else {
             IdentityProvider.update({
-                realm: $scope.realm.realm
+                realm: $scope.realm.realm,
+                id: $scope.identityProvider.internalId
             }, $scope.identityProvider, function () {
                 $location.url("/realms/" + realm.realm + "/identity-provider-settings");
                 Notifications.success("The " + $scope.identityProvider.name + " provider has been update.");

integration/admin-client/src/main/java/org/keycloak/admin/client/resource/IdentityProviderResource.java

@@ -0,0 +1,27 @@
+package org.keycloak.admin.client.resource;
+
+import org.keycloak.representations.idm.IdentityProviderRepresentation;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.GET;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+
+/**
+ * @author pedroigor
+ */
+public interface IdentityProviderResource {
+
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    IdentityProviderRepresentation toRepresentation();
+
+    @PUT
+    @Consumes(MediaType.APPLICATION_JSON)
+    void update(IdentityProviderRepresentation identityProviderRepresentation);
+
+    @DELETE
+    void remove();
+}

integration/admin-client/src/main/java/org/keycloak/admin/client/resource/IdentityProvidersResource.java

@@ -0,0 +1,29 @@
+package org.keycloak.admin.client.resource;
+
+import org.keycloak.representations.idm.IdentityProviderRepresentation;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+import java.util.List;
+
+/**
+ * @author pedroigor
+ */
+public interface IdentityProvidersResource {
+
+    @Path("{id}")
+    IdentityProviderResource get(@PathParam("id") String id);
+
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    List<IdentityProviderRepresentation> findAll();
+
+    @POST
+    @Consumes(MediaType.APPLICATION_JSON)
+    void create(IdentityProviderRepresentation identityProvider);
+}

integration/admin-client/src/main/java/org/keycloak/admin/client/resource/RealmResource.java

@@ -35,6 +35,9 @@ public interface RealmResource {
     @Path("roles")
     public RolesResource roles();
 
+    @Path("identity-provider")
+    IdentityProvidersResource identityProviders();
+
     @DELETE
     public void remove();
 

model/api/src/main/java/org/keycloak/models/AdminRoles.java

@@ -19,13 +19,15 @@ public class AdminRoles {
     public static String VIEW_APPLICATIONS = "view-applications";
     public static String VIEW_CLIENTS = "view-clients";
     public static String VIEW_EVENTS = "view-events";
+    public static String VIEW_IDENTITY_PROVIDERS = "view-identity-providers";
 
     public static String MANAGE_REALM = "manage-realm";
     public static String MANAGE_USERS = "manage-users";
     public static String MANAGE_APPLICATIONS = "manage-applications";
+    public static String MANAGE_IDENTITY_PROVIDERS = "manage-identity-providers";
     public static String MANAGE_CLIENTS = "manage-clients";
     public static String MANAGE_EVENTS = "manage-events";
 
-    public static String[] ALL_REALM_ROLES = {VIEW_REALM, VIEW_USERS, VIEW_APPLICATIONS, VIEW_CLIENTS, VIEW_EVENTS, MANAGE_REALM, MANAGE_USERS, MANAGE_APPLICATIONS, MANAGE_CLIENTS, MANAGE_EVENTS};
+    public static String[] ALL_REALM_ROLES = {VIEW_REALM, VIEW_USERS, VIEW_APPLICATIONS, VIEW_CLIENTS, VIEW_EVENTS, VIEW_IDENTITY_PROVIDERS, MANAGE_REALM, MANAGE_USERS, MANAGE_APPLICATIONS, MANAGE_CLIENTS, MANAGE_EVENTS, MANAGE_IDENTITY_PROVIDERS};
 
 }

model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java

@@ -146,16 +146,7 @@ public static RealmRepresentation toRepresentation(RealmModel realm, boolean int
         }
 
         for (IdentityProviderModel provider : realm.getIdentityProviders()) {
-            IdentityProviderRepresentation providerRep = new IdentityProviderRepresentation();
-
-            providerRep.setProviderId(provider.getProviderId());
-            providerRep.setId(provider.getId());
-            providerRep.setName(provider.getName());
-            providerRep.setEnabled(provider.isEnabled());
-            providerRep.setUpdateProfileFirstLogin(provider.isUpdateProfileFirstLogin());
-            providerRep.setConfig(provider.getConfig());
-
-            rep.addIdentityProvider(providerRep);
+            rep.addIdentityProvider(toRepresentation(provider));
         }
 
         return rep;
@@ -306,4 +297,19 @@ public static UserFederationProviderRepresentation toRepresentation(UserFederati
         rep.setLastSync(model.getLastSync());
         return rep;
     }
+
+    public static IdentityProviderRepresentation toRepresentation(IdentityProviderModel identityProviderModel) {
+        IdentityProviderRepresentation providerRep = new IdentityProviderRepresentation();
+
+        providerRep.setInternalId(identityProviderModel.getInternalId());
+        providerRep.setProviderId(identityProviderModel.getProviderId());
+        providerRep.setId(identityProviderModel.getId());
+        providerRep.setName(identityProviderModel.getName());
+        providerRep.setEnabled(identityProviderModel.isEnabled());
+        providerRep.setStoreToken(identityProviderModel.isStoreToken());
+        providerRep.setUpdateProfileFirstLogin(identityProviderModel.isUpdateProfileFirstLogin());
+        providerRep.setConfig(identityProviderModel.getConfig());
+
+        return providerRep;
+    }
 }

model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java

@@ -744,19 +744,24 @@ public static void createApplicationRoleMappings(ApplicationModel applicationMod
 
     private static void importIdentityProviders(RealmRepresentation rep, RealmModel newRealm) {
         if (rep.getIdentityProviders() != null) {
-            for (IdentityProviderRepresentation identityProviderRepresentation : rep.getIdentityProviders()) {
-                IdentityProviderModel identityProviderModel = new IdentityProviderModel();
-
-                identityProviderModel.setId(identityProviderRepresentation.getId());
-                identityProviderModel.setProviderId(identityProviderRepresentation.getProviderId());
-                identityProviderModel.setName(identityProviderRepresentation.getName());
-                identityProviderModel.setEnabled(identityProviderRepresentation.isEnabled());
-                identityProviderModel.setUpdateProfileFirstLogin(identityProviderRepresentation.isUpdateProfileFirstLogin());
-                identityProviderModel.setStoreToken(identityProviderRepresentation.isStoreToken());
-                identityProviderModel.setConfig(identityProviderRepresentation.getConfig());
-
-                newRealm.addIdentityProvider(identityProviderModel);
+            for (IdentityProviderRepresentation representation : rep.getIdentityProviders()) {
+                newRealm.addIdentityProvider(toModel(representation));
             }
         }
     }
+
+    public static IdentityProviderModel toModel(IdentityProviderRepresentation representation) {
+        IdentityProviderModel identityProviderModel = new IdentityProviderModel();
+
+        identityProviderModel.setInternalId(representation.getInternalId());
+        identityProviderModel.setId(representation.getId());
+        identityProviderModel.setProviderId(representation.getProviderId());
+        identityProviderModel.setName(representation.getName());
+        identityProviderModel.setEnabled(representation.isEnabled());
+        identityProviderModel.setUpdateProfileFirstLogin(representation.isUpdateProfileFirstLogin());
+        identityProviderModel.setStoreToken(representation.isStoreToken());
+        identityProviderModel.setConfig(representation.getConfig());
+
+        return identityProviderModel;
+    }
 }

services/src/main/java/org/keycloak/services/resources/AuthenticationBrokerResource.java

@@ -204,6 +204,10 @@ private Response getToken(String realmName, String providerId, boolean forceRetr
             if (identityProviderConfig.isStoreToken()) {
                 FederatedIdentityModel identity = this.session.users().getFederatedIdentity(authResult.getUser(), providerId, realm);
 
+                if (identity == null) {
+                    return corsResponse(Flows.errors().error("User [" + authResult.getUser().getId() + "] is not associated with identity provider [" + providerId + "].", Response.Status.FORBIDDEN), clientModel);
+                }
+
                 return corsResponse(identityProvider.retrieveToken(identity), clientModel);
             }
 
@@ -229,17 +233,19 @@ private Response handleResponse(String realmName, String providerId) {
         RealmManager realmManager = new RealmManager(session);
         RealmModel realm = realmManager.getRealmByName(realmName);
 
+        IdentityProviderModel identityProviderConfig = getIdentityProviderConfig(realm, providerId);
+
         try {
-            IdentityProvider provider = getIdentityProvider(realm, providerId);
+            IdentityProvider identityProvider = getIdentityProvider(realm, providerId);
 
-            if (provider == null) {
-                return Flows.forms(session, realm, null, uriInfo).setError("Social provider not found").createErrorPage();
+            if (identityProvider == null) {
+                return Flows.forms(session, realm, null, uriInfo).setError("Social identityProvider not found").createErrorPage();
             }
 
-            String relayState = provider.getRelayState(createAuthenticationRequest(providerId, null, realm, null));
+            String relayState = identityProvider.getRelayState(createAuthenticationRequest(providerId, null, realm, null));
 
             if (relayState == null) {
-                return redirectToErrorPage(realm, "No relay state from identity provider.");
+                return redirectToErrorPage(realm, "No relay state from identity identityProvider.");
             }
 
             ClientSessionCode clientCode = isValidAuthorizationCode(relayState, realm);
@@ -256,7 +262,7 @@ private Response handleResponse(String realmName, String providerId) {
                 return response;
             }
 
-            AuthenticationResponse authenticationResponse = provider.handleResponse(createAuthenticationRequest(providerId, null, realm, clientSession));
+            AuthenticationResponse authenticationResponse = identityProvider.handleResponse(createAuthenticationRequest(providerId, null, realm, clientSession));
 
             response = authenticationResponse.getResponse();
 
@@ -266,14 +272,16 @@ private Response handleResponse(String realmName, String providerId) {
 
             FederatedIdentity identity = authenticationResponse.getUser();
 
+            if (!identityProviderConfig.isStoreToken()) {
+                identity.setToken(null);
+            }
+
             return performLocalAuthentication(realm, providerId, identity, clientCode);
         } catch (Exception e) {
             if (session.getTransaction().isActive()) {
                 session.getTransaction().rollback();
             }
 
-            IdentityProviderModel identityProviderConfig = getIdentityProviderConfig(realm, providerId);
-
             return Flows.forms(session, realm, null, uriInfo).setError("Authentication failed. Could not authenticate against Identity Provider [" + identityProviderConfig.getName() + "].").createErrorPage();
         } finally {
             if (session.getTransaction().isActive()) {