Initial commit

2 years ago · 191f73670a
4 changed files with 45 additions and 4 deletions
--- a/src/main/java/org/keycloak/social/discord/DiscordIdentityProvider.java
+++ b/src/main/java/org/keycloak/social/discord/DiscordIdentityProvider.java
@ -18,6 +18,11 @@
 package org.keycloak.social.discord;

 import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+
+import twitter4j.JSONObject;
+
 import org.jboss.logging.Logger;
 import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
 import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
@ -30,6 +35,7 @@ import org.keycloak.models.KeycloakSession;
 import org.keycloak.services.ErrorPageException;
 import org.keycloak.services.messages.Messages;

+import javax.json.JsonArray;
 import javax.ws.rs.core.Response;
 import java.util.Set;

@ -47,6 +53,7 @@ public class DiscordIdentityProvider extends AbstractOAuth2IdentityProvider<Disc
    public static final String GROUP_URL = "https://discord.com/api/users/@me/guilds";
    public static final String DEFAULT_SCOPE = "identify email";
    public static final String GUILDS_SCOPE = "guilds";
+    public static final String GUILDS_MEMBER_SCOPE = "guilds.member.read";

    public DiscordIdentityProvider(KeycloakSession session, DiscordIdentityProviderConfig config) {
        super(session, config);
@ -94,6 +101,9 @@ public class DiscordIdentityProvider extends AbstractOAuth2IdentityProvider<Disc
                throw new ErrorPageException(session, Response.Status.FORBIDDEN, Messages.INVALID_REQUESTER);
            }
        }
+        if (getConfig().hasAllowedGuildAttr()) {
+            ((ObjectNode)profile).set("guildAttr", getGuildAttr(accessToken));
+        }
        return extractIdentityFromProfile(null, profile);
    }

@ -113,12 +123,31 @@ public class DiscordIdentityProvider extends AbstractOAuth2IdentityProvider<Disc
        }
    }

+    protected ArrayNode getGuildAttr(String accessToken) {
+        try {
+            ArrayNode allGuildAttr = null;
+            Set<String> allowedGuilds = getConfig().getAllowedGuildsAsSet();
+            for (String guild: allowedGuilds) {
+                String guildAttrUrl = PROFILE_URL + "/" + guild + "/member";
+                allGuildAttr.add(SimpleHttp.doGet(guildAttrUrl, session).header("Authorization", "Bearer " + accessToken).asJson());
+            }
+            return allGuildAttr;
+        } catch (Exception e) {
+            throw new IdentityBrokerException("Could not read guild attributes");
+        }
+
+    }
+
    @Override
    protected String getDefaultScopes() {
+        String DefaultScope = DEFAULT_SCOPE;
+
        if (getConfig().hasAllowedGuilds()) {
-            return DEFAULT_SCOPE + " " + GUILDS_SCOPE;
-        } else {
-            return DEFAULT_SCOPE;
+            DefaultScope = DefaultScope.concat(GUILDS_SCOPE);
+        }
+        if (getConfig().hasAllowedGuildAttr()) {
+            DefaultScope = DefaultScope.concat(GUILDS_MEMBER_SCOPE);
        }
+        return DefaultScope;
    }
 }
--- a/src/main/java/org/keycloak/social/discord/DiscordIdentityProviderConfig.java
+++ b/src/main/java/org/keycloak/social/discord/DiscordIdentityProviderConfig.java
@ -58,6 +58,10 @@ public class DiscordIdentityProviderConfig extends OAuth2IdentityProviderConfig
        return Collections.emptySet();
    }

+    public boolean hasAllowedGuildAttr() {
+        String guildAttr = getConfig().get("allowedGuildAttr");
+        return Boolean.valueOf(guildAttr);
+    }
    public void setPrompt(String prompt) {
        getConfig().put("prompt", prompt);
    }
--- a/src/main/resources/theme-resources/messages/admin-messages_en.properties
+++ b/src/main/resources/theme-resources/messages/admin-messages_en.properties
@ -4,4 +4,5 @@ discord-allowed-guilds=Guild Id(s) to allow federation
 discord.client-id.tooltip=Client Id for the application you created in your discord developer portal.
 discord.client-secret.tooltip=Client Secret for the application that you created in your discord developer portal.
 discord.allowed-guilds.tooltip=If you want to allow federation for specific guild, enter the guild id. Please use a comma as a separator for multiple guilds.
-discord.default-scopes.tooltip=The scopes to be sent when asking for authorization. See discord OAuth2 documentation for possible values. If you do not specify anything, scope defaults to 'identify email' In addition, plus 'guilds' if you enter guild id(s) to allow federation.
+discord.default-scopes.tooltip=The scopes to be sent when asking for authorization. See discord OAuth2 documentation for possible values. If you do not specify anything, scope defaults to 'identify email' In addition, plus 'guilds' if you enter guild id(s) to allow federation.
+discord.guild-attr.tooltip=Read guild member object to JSON, e.g. <guildId>.nick
--- a/src/main/resources/theme-resources/resources/partials/realm-identity-provider-discord-ext.html
+++ b/src/main/resources/theme-resources/resources/partials/realm-identity-provider-discord-ext.html
@ -4,4 +4,11 @@
        <input class="form-control" id="baseUrl" type="text" ng-model="identityProvider.config.allowedGuilds">
    </div>
    <kc-tooltip>{{:: 'discord.allowed-guilds.tooltip' | translate}}</kc-tooltip>
+</div>
+<div class="form-group">
+    <label class="col-md-2 control-label" for="enabled">{{:: 'discord-allow-guilds-attr' | translate}}</label>
+    <div class="col-md-6">
+        <input ng-model="identityProvider.config.allowGuildsAttr" id="allowGuildAttr" onoffswitch on-text="{{:: 'onText' | translate}}" off-text="{{:: 'offText' | translate}}" />
+    </div>
+    <kc-tooltip>{{:: 'discord.guild-attr.tooltip' | translate}}</kc-tooltip>
 </div>