oauth2-proxy/providers/keycloak.go

package providers

import (
	"context"
	"net/http"
	"net/url"

	"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
	"github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
	"github.com/oauth2-proxy/oauth2-proxy/pkg/requests"
)

type KeycloakProvider struct {
	*ProviderData
	Group string
}

var _ Provider = (*KeycloakProvider)(nil)

func NewKeycloakProvider(p *ProviderData) *KeycloakProvider {
	p.ProviderName = "Keycloak"
	if p.LoginURL == nil || p.LoginURL.String() == "" {
		p.LoginURL = &url.URL{
			Scheme: "https",
			Host:   "keycloak.org",
			Path:   "/oauth/authorize",
		}
	}
	if p.RedeemURL == nil || p.RedeemURL.String() == "" {
		p.RedeemURL = &url.URL{
			Scheme: "https",
			Host:   "keycloak.org",
			Path:   "/oauth/token",
		}
	}
	if p.ValidateURL == nil || p.ValidateURL.String() == "" {
		p.ValidateURL = &url.URL{
			Scheme: "https",
			Host:   "keycloak.org",
			Path:   "/api/v3/user",
		}
	}
	if p.Scope == "" {
		p.Scope = "api"
	}
	return &KeycloakProvider{ProviderData: p}
}

func (p *KeycloakProvider) SetGroup(group string) {
	p.Group = group
}

func (p *KeycloakProvider) GetEmailAddress(ctx context.Context, s *sessions.SessionState) (string, error) {

	req, err := http.NewRequestWithContext(ctx, "GET", p.ValidateURL.String(), nil)
	req.Header.Set("Authorization", "Bearer "+s.AccessToken)
	if err != nil {
		logger.Printf("failed building request %s", err)
		return "", err
	}
	json, err := requests.Request(req)
	if err != nil {
		logger.Printf("failed making request %s", err)
		return "", err
	}

	if p.Group != "" {
		var groups, err = json.Get("groups").Array()
		if err != nil {
			logger.Printf("groups not found %s", err)
			return "", err
		}

		var found = false
		for i := range groups {
			if groups[i].(string) == p.Group {
				found = true
				break
			}
		}

		if !found {
			logger.Printf("group not found, access denied")
			return "", nil
		}
	}

	return json.Get("email").String()
}
Add keycloak provider 2019-07-28 15:54:39 +02:00			`package providers`

			`import (`
Support context in providers (#519) Co-authored-by: Henry Jenkins <henry@henryjenkins.name> 2020-05-05 17:53:33 +02:00			`"context"`
Add keycloak provider 2019-07-28 15:54:39 +02:00			`"net/http"`
			`"net/url"`

Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:54:36 +02:00			`"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"`
			`"github.com/oauth2-proxy/oauth2-proxy/pkg/logger"`
			`"github.com/oauth2-proxy/oauth2-proxy/pkg/requests"`
Add keycloak provider 2019-07-28 15:54:39 +02:00			`)`

			`type KeycloakProvider struct {`
			`*ProviderData`
			`Group string`
			`}`

Support context in providers (#519) Co-authored-by: Henry Jenkins <henry@henryjenkins.name> 2020-05-05 17:53:33 +02:00			`var _ Provider = (*KeycloakProvider)(nil)`

Add keycloak provider 2019-07-28 15:54:39 +02:00			`func NewKeycloakProvider(p ProviderData) KeycloakProvider {`
			`p.ProviderName = "Keycloak"`
			`if p.LoginURL == nil \|\| p.LoginURL.String() == "" {`
			`p.LoginURL = &url.URL{`
			`Scheme: "https",`
			`Host: "keycloak.org",`
			`Path: "/oauth/authorize",`
			`}`
			`}`
			`if p.RedeemURL == nil \|\| p.RedeemURL.String() == "" {`
			`p.RedeemURL = &url.URL{`
			`Scheme: "https",`
			`Host: "keycloak.org",`
			`Path: "/oauth/token",`
			`}`
			`}`
			`if p.ValidateURL == nil \|\| p.ValidateURL.String() == "" {`
			`p.ValidateURL = &url.URL{`
			`Scheme: "https",`
			`Host: "keycloak.org",`
			`Path: "/api/v3/user",`
			`}`
			`}`
			`if p.Scope == "" {`
			`p.Scope = "api"`
			`}`
			`return &KeycloakProvider{ProviderData: p}`
			`}`

			`func (p *KeycloakProvider) SetGroup(group string) {`
			`p.Group = group`
			`}`

Support context in providers (#519) Co-authored-by: Henry Jenkins <henry@henryjenkins.name> 2020-05-05 17:53:33 +02:00			`func (p KeycloakProvider) GetEmailAddress(ctx context.Context, s sessions.SessionState) (string, error) {`
Add keycloak provider 2019-07-28 15:54:39 +02:00
Support context in providers (#519) Co-authored-by: Henry Jenkins <henry@henryjenkins.name> 2020-05-05 17:53:33 +02:00			`req, err := http.NewRequestWithContext(ctx, "GET", p.ValidateURL.String(), nil)`
Add keycloak provider 2019-07-28 15:54:39 +02:00			`req.Header.Set("Authorization", "Bearer "+s.AccessToken)`
			`if err != nil {`
Get rid of dependencies on bitly/oauth2_proxy/api 2019-07-28 16:46:16 +02:00			`logger.Printf("failed building request %s", err)`
Add keycloak provider 2019-07-28 15:54:39 +02:00			`return "", err`
			`}`
Get rid of dependencies on bitly/oauth2_proxy/api 2019-07-28 16:46:16 +02:00			`json, err := requests.Request(req)`
Add keycloak provider 2019-07-28 15:54:39 +02:00			`if err != nil {`
Get rid of dependencies on bitly/oauth2_proxy/api 2019-07-28 16:46:16 +02:00			`logger.Printf("failed making request %s", err)`
Add keycloak provider 2019-07-28 15:54:39 +02:00			`return "", err`
			`}`

			`if p.Group != "" {`
			`var groups, err = json.Get("groups").Array()`
			`if err != nil {`
Get rid of dependencies on bitly/oauth2_proxy/api 2019-07-28 16:46:16 +02:00			`logger.Printf("groups not found %s", err)`
Add keycloak provider 2019-07-28 15:54:39 +02:00			`return "", err`
			`}`

			`var found = false`
			`for i := range groups {`
			`if groups[i].(string) == p.Group {`
			`found = true`
			`break`
			`}`
			`}`

Add new linters (#486) * add new linters and fix issues * fix deprecated warnings * simplify return * update CHANGELOG * fix staticcheck issues * remove a deprecated linter, minor fixes of variable initialization 2020-04-14 10:36:44 +02:00			`if !found {`
Get rid of dependencies on bitly/oauth2_proxy/api 2019-07-28 16:46:16 +02:00			`logger.Printf("group not found, access denied")`
Add keycloak provider 2019-07-28 15:54:39 +02:00			`return "", nil`
			`}`
			`}`

			`return json.Get("email").String()`
			`}`