Skip to content

Commit

Permalink
fixed authorization based on realm and client roles
Browse files Browse the repository at this point in the history
  • Loading branch information
vzakharchenko committed Jul 23, 2021
1 parent 756d4a9 commit c67fa1e
Show file tree
Hide file tree
Showing 5 changed files with 52 additions and 3 deletions.
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "keycloak-lambda-authorizer",
"version": "1.0.1",
"version": "1.0.2",
"description": "Keycloak Cloud Adapter",
"main": "index.js",
"homepage": "https://github.com/vzakharchenko/keycloak-lambda-authorizer",
Expand Down
24 changes: 24 additions & 0 deletions src/enforcer/ClientRoleEnforcer.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,5 +104,29 @@ describe('ClientRoleEnforcer tests', () => {
throw new Error('invalid test ');
}
});
test('ClientRoleEnforcer Error 5', async () => {
let error = false;
try {


// @ts-ignore
await new ClientRoleEnforcer({}).enforce({
// @ts-ignore
token: {
payload: {
},
},
}, () => {
return {
clientRole: {clientRole: 'clientRole', clientId: 'clientId'}};
});
} catch (e) {
error = true;
expect(e.message).toEqual('Access Denied');
}
if (!error) {
throw new Error('invalid test ');
}
});

});
3 changes: 2 additions & 1 deletion src/enforcer/ClientRoleEnforcer.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@ export class ClientRoleEnforcer implements EnforcerAction {
if (!enforcer.clientRole) {
throw new Error('Client Role is Empty');
}
const resourceAccess = requestContent.token.payload.resource_access[enforcer.clientRole.clientId];
const resourceAccess = requestContent.token.payload.resource_access &&
requestContent.token.payload.resource_access[enforcer.clientRole.clientId];
if (!resourceAccess) {
throw new Error('Access Denied');
}
Expand Down
23 changes: 23 additions & 0 deletions src/enforcer/RealmRoleEnforcer.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,5 +80,28 @@ describe('RealmRoleEnforcer tests', () => {
throw new Error('invalid test ');
}
});
test('RealmRoleEnforcer Error 4', async () => {
let error = false;
try {


// @ts-ignore
await new RealmRoleEnforcer({}).enforce({
// @ts-ignore
token: {
payload: {
},
},
}, () => {
return {realmRole: 'realmRole'};
});
} catch (e) {
error = true;
expect(e.message).toEqual('Access Denied');
}
if (!error) {
throw new Error('invalid test ');
}
});

});
3 changes: 2 additions & 1 deletion src/enforcer/RealmRoleEnforcer.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@ export class RealmRoleEnforcer implements EnforcerAction {
if (!enforcer.realmRole) {
throw new Error('Realm Role is Empty');
}
const role = requestContent.token.payload.realm_access.roles.find(
const role = requestContent.token.payload.realm_access &&
requestContent.token.payload.realm_access.roles.find(
(r:string) => r === enforcer.realmRole,
);
if (!role) {
Expand Down

0 comments on commit c67fa1e

Please sign in to comment.