Mirror
/
python-keycloak
mirror of https://github.com/marcospereirampj/python-keycloak.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
Browse Source

Fixed new features.

pull/12/head
Marcos Pereira 7 years ago
parent
50c7c3fd33 0554a333da
commit
71c7cd099d
7 changed files with 73 additions and 97 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      README.md
  2. 4
      docs/source/conf.py
  3. 6
      docs/source/index.rst
  4. 9
      keycloak/exceptions.py
  5. 140
      keycloak/keycloak_admin.py
  6. 3
      requirements.txt
  7. 4
      setup.py

4
README.md
View File

@ -42,7 +42,9 @@ The documentation for python-keycloak is available on [readthedocs](http://pytho
## Contributors
* [Agriness Team](http://www.agriness.com/pt/)
* [Marcos Pereira](marcospereira.mpj@gmail.com)
* [Martin Devlin](martin.devlin@pearson.com)
* [Shon T. Urbas](shon.urbas@gmail.com>)
## Usage
@ -75,7 +77,7 @@ token = keycloak_openid.token("user", "password")
rpt = keycloak_openid.entitlement(token['access_token'], "resource_id")
# Instropect RPT
token_rpt_info = keycloak_openid.instropect(keycloak_openid.instropect(token['access_token'], rpt=rpt['rpt'],
token_rpt_info = keycloak_openid.introspect(keycloak_openid.introspect(token['access_token'], rpt=rpt['rpt'],
token_type_hint="requesting_party_token"))
# Introspect Token

4
docs/source/conf.py
View File

@ -60,9 +60,9 @@ author = 'Marcos Pereira'
# built documents.
#
# The short X.Y version.
version = '0.10.2'
version = '0.11.0'
# The full version, including alpha/beta/rc tags.
release = '0.10.2'
release = '0.11.0'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.

6
docs/source/index.rst
View File

@ -43,7 +43,6 @@ python-keycloak depends on:
* Python 3
* `requests <http://docs.python-requests.org/en/master/>`_
* `python-jose <http://python-jose.readthedocs.io/en/latest/>`_
* `simplejson <https://simplejson.readthedocs.io/en/latest/>`_
Tests Dependencies
------------------
@ -67,6 +66,7 @@ Contributors
* `Agriness Team <http://www.agriness.com/pt/>`_
* `Martin Devlin <martin.devlin@pearson.com>`_
* `Shon T. Urbas <shon.urbas@gmail.com>`_
Usage
=====
@ -102,7 +102,7 @@ Main methods::
rpt = keycloak_openid.entitlement(token['access_token'], "resource_id")
# Instropect RPT
token_rpt_info = keycloak_openid.instropect(keycloak_openid.instropect(token['access_token'], rpt=rpt['rpt'],
token_rpt_info = keycloak_openid.introspect(keycloak_openid.introspect(token['access_token'], rpt=rpt['rpt'],
token_type_hint="requesting_party_token"))
# Introspect Token
@ -127,7 +127,7 @@ Main methods::
username='example-admin',
password='secret',
realm_name="example_realm",
verify=True)
verify=True)
# Add user
new_user = keycloak_admin.create_user({"email": "example@example.com",

9
keycloak/exceptions.py
View File

@ -16,7 +16,6 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import requests
from simplejson import JSONDecodeError
class KeycloakError(Exception):
@ -68,20 +67,16 @@ class KeycloakInvalidTokenError(KeycloakOperationError):
pass
def raise_error_from_response(response, error, expected_code=200, skip_exists=False):
def raise_error_from_response(response, error, expected_code=200):
if expected_code == response.status_code:
if expected_code == requests.codes.no_content:
return {}
try:
return response.json()
except JSONDecodeError as e:
except ValueError:
return response.content
if skip_exists and response.status_code == 409:
return {"Already exists"}
try:
message = response.json()['message']
except (KeyError, ValueError):

140
keycloak/keycloak_admin.py
View File

@ -15,12 +15,16 @@
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Unless otherwise stated in the comments, "id", in e.g. user_id, refers to the internal Keycloak server ID, usually a uuid string
# Unless otherwise stated in the comments, "id", in e.g. user_id, refers to the
# internal Keycloak server ID, usually a uuid string
from .urls_patterns import URL_ADMIN_USERS_COUNT, URL_ADMIN_USER, URL_ADMIN_USER_CONSENTS, \
from .urls_patterns import \
URL_ADMIN_USERS_COUNT, URL_ADMIN_USER, URL_ADMIN_USER_CONSENTS, \
URL_ADMIN_SEND_UPDATE_ACCOUNT, URL_ADMIN_RESET_PASSWORD, URL_ADMIN_SEND_VERIFY_EMAIL, URL_ADMIN_GET_SESSIONS, \
URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS, URL_ADMIN_CLIENT, URL_ADMIN_CLIENT_ROLES, URL_ADMIN_REALM_ROLES, URL_ADMIN_USER_CLIENT_ROLES, \
URL_ADMIN_GROUP, URL_ADMIN_GROUPS, URL_ADMIN_GROUP_CHILD, URL_ADMIN_USER_GROUP, URL_ADMIN_USER_PASSWORD, URL_ADMIN_GROUP_PERMISSIONS
URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS, URL_ADMIN_CLIENT, URL_ADMIN_CLIENT_ROLES, URL_ADMIN_REALM_ROLES, \
URL_ADMIN_USER_CLIENT_ROLES, URL_ADMIN_GROUP, URL_ADMIN_GROUPS, URL_ADMIN_GROUP_CHILD, URL_ADMIN_USER_GROUP,\
URL_ADMIN_USER_PASSWORD, URL_ADMIN_GROUP_PERMISSIONS
from .keycloak_openid import KeycloakOpenID
from .exceptions import raise_error_from_response, KeycloakGetError
@ -109,47 +113,21 @@ class KeycloakAdmin:
data_raw = self.connection.raw_get(URL_ADMIN_USERS.format(**params_path), **query)
return raise_error_from_response(data_raw, KeycloakGetError)
def create_user(self, username, email='', firstName='', lastName='', emailVerified=False, enabled=True, password=None, passwordTemp=False, skip_exists=False):
def create_user(self, payload):
"""
Create a new user Username must be unique
UserRepresentation
http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_userrepresentation
:param data: Http response
:param payload: UserRepresentation
:return: UserRepresentation
"""
data={}
data["username"]=username
data["email"]=email
data["firstName"]=firstName
data["lastName"]=lastName
data["emailVerified"]=emailVerified
data["enabled"]=enabled
params_path = {"realm-name": self.realm_name}
exists = self.get_user_id(username=username)
if exists is not None:
return str(exists)
data_raw = self.connection.raw_post(URL_ADMIN_USERS.format(**params_path),
data=json.dumps(data))
create_resp = raise_error_from_response(data_raw, KeycloakGetError, expected_code=201, skip_exists=skip_exists)
if password is not None:
user_id = self.get_user_id(username)
data={}
data["value"]=password
data["type"]="password"
data["temporary"]=passwordTemp
params_path = {"realm-name": self.realm_name, "id": user_id}
data_raw = self.connection.raw_put(URL_ADMIN_USER_PASSWORD.format(**params_path),
data=json.dumps(data))
return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
else:
return create_resp
data=json.dumps(payload))
return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201)
def users_count(self):
"""
@ -161,7 +139,6 @@ class KeycloakAdmin:
data_raw = self.connection.raw_get(URL_ADMIN_USERS_COUNT.format(**params_path))
return raise_error_from_response(data_raw, KeycloakGetError)
def get_user_id(self, username):
"""
Get internal keycloak user id from username
@ -198,40 +175,19 @@ class KeycloakAdmin:
data_raw = self.connection.raw_get(URL_ADMIN_USER.format(**params_path))
return raise_error_from_response(data_raw, KeycloakGetError)
def update_user(self, user_id, username, email='', firstName='', lastName='', emailVerified=False, enabled=True, password=None, passwordTemp=False):
def update_user(self, user_id, payload):
"""
Update the user
:param user_id: User id
:param data: UserRepresentation
:param payload: UserRepresentation
:return: Http response
"""
data={}
data["username"]=username
data["email"]=email
data["firstName"]=firstName
data["lastName"]=lastName
data["emailVerified"]=emailVerified
data["enabled"]=enabled
params_path = {"realm-name": self.realm_name, "id": user_id}
data_raw = self.connection.raw_put(URL_ADMIN_USER.format(**params_path),
data=json.dumps(data))
update_resp = raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
if password is not None:
user_id = self.get_user_id(username)
data={}
data["value"]=password
data["type"]="password"
data["temporary"]=passwordTemp
params_path = {"realm-name": self.realm_name, "id": user_id}
data_raw = self.connection.raw_put(URL_ADMIN_USER_PASSWORD.format(**params_path),
data=json.dumps(data))
return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
else:
return update_resp
data=json.dumps(payload))
return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
def delete_user(self, user_id):
"""
@ -245,6 +201,26 @@ class KeycloakAdmin:
data_raw = self.connection.raw_delete(URL_ADMIN_USER.format(**params_path))
return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
def set_user_password(self, user_id, password, temporary=True):
"""
Set up a password for the user. If temporary is True, the user will have to reset
the temporary password next time they log in.
http://www.keycloak.org/docs-api/3.2/rest-api/#_users_resource
http://www.keycloak.org/docs-api/3.2/rest-api/#_credentialrepresentation
:param user_id: User id
:param password: New password
:param temporary: True if password is temporary
:return:
"""
payload = {"type": "password", "temporary": temporary, "value": password}
params_path = {"realm-name": self.realm_name, "id": user_id}
data_raw = self.connection.raw_put(URL_ADMIN_USER_PASSWORD.format(**params_path),
data=json.dumps(payload))
return raise_error_from_response(data_raw, KeycloakGetError, expected_code=200)
def consents_user(self, user_id):
"""
Get consents granted by the user
@ -362,25 +338,27 @@ class KeycloakAdmin:
:return: GroupID (string)
"""
if parent is not None:
params_path = {"realm-name": self.realm_name, "id": parent}
data_raw = self.connection.raw_get(URL_ADMIN_GROUP.format(**params_path))
res = raise_error_from_response(data_raw, KeycloakGetError)
data_content = []
data_content.append(res)
params_path = {"realm-name": self.realm_name, "id": parent}
data_raw = self.connection.raw_get(URL_ADMIN_GROUP.format(**params_path))
res = raise_error_from_response(data_raw, KeycloakGetError)
data_content = []
data_content.append(res)
else:
params_path = {"realm-name": self.realm_name}
data_raw = self.connection.raw_get(URL_ADMIN_GROUPS.format(**params_path))
data_content = raise_error_from_response(data_raw, KeycloakGetError)
params_path = {"realm-name": self.realm_name}
data_raw = self.connection.raw_get(URL_ADMIN_GROUPS.format(**params_path))
data_content = raise_error_from_response(data_raw, KeycloakGetError)
for group in data_content:
thisgroupname = json.dumps(group["name"]).strip('"')
thisgrouppath = json.dumps(group["path"]).strip('"')
if (thisgroupname == name and name is not None) or (thisgrouppath == path and path is not None):
return json.dumps(group["id"]).strip('"')
for subgroup in group["subGroups"]:
thisgrouppath = json.dumps(subgroup["path"]).strip('"')
if (thisgrouppath == path and path is not None) or (thisgrouppath == name and name is not None):
return json.dumps(subgroup["id"]).strip('"')
thisgroupname = json.dumps(group["name"]).strip('"')
thisgrouppath = json.dumps(group["path"]).strip('"')
if (thisgroupname == name and name is not None) or (thisgrouppath == path and path is not None):
return json.dumps(group["id"]).strip('"')
for subgroup in group["subGroups"]:
thisgrouppath = json.dumps(subgroup["path"]).strip('"')
if (thisgrouppath == path and path is not None) or (thisgrouppath == name and name is not None):
return json.dumps(subgroup["id"]).strip('"')
return None
def create_group(self, name=None, client_roles={}, realm_roles=[], sub_groups=[], path=None, parent=None, skip_exists=False):
@ -539,7 +517,8 @@ class KeycloakAdmin:
data_raw = self.connection.raw_get(URL_ADMIN_CLIENT.format(**params_path))
return raise_error_from_response(data_raw, KeycloakGetError)
def create_client(self, name, client_id, redirect_uris, protocol="openid-connect", public_client=True, direct_access_grants=True, skip_exists=False):
def create_client(self, name, client_id, redirect_uris, protocol="openid-connect", public_client=True,
direct_access_grants=True):
"""
Create a client
@ -563,7 +542,7 @@ class KeycloakAdmin:
params_path = {"realm-name": self.realm_name}
data_raw = self.connection.raw_post(URL_ADMIN_CLIENTS.format(**params_path),
data=json.dumps(data))
return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201, skip_exists=skip_exists)
return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201)
def delete_client(self, client_id):
"""
@ -671,7 +650,8 @@ class KeycloakAdmin:
"""
Assign a client role to a user
:param client_id: id of client (not client-id), user_id: id of user, client_id: id of client containing role, role_id: client role id, role_name: client role name)
:param client_id: id of client (not client-id), user_id: id of user, client_id: id of client containing role,
role_id: client role id, role_name: client role name)
"""
payload=[{}]

3
requirements.txt
View File

@ -1,4 +1,3 @@
requests==2.18.3
requests==2.18.4
httmock==1.2.5
python-jose==1.3.2
simplejson

4
setup.py
View File

@ -4,7 +4,7 @@ from setuptools import setup
setup(
name='python-keycloak',
version='0.10.2',
version='0.11.0',
url='https://bitbucket.org/agriness/python-keycloak',
license='GNU General Public License - V3',
author='Marcos Pereira',
@ -12,7 +12,7 @@ setup(
keywords='keycloak openid',
description=u'python-keycloak is a Python package providing access to the Keycloak API.',
packages=['keycloak', 'keycloak.authorization', 'keycloak.tests'],
install_requires=['requests==2.18.3', 'httmock==1.2.5', 'python-jose==1.3.2', 'simplejson'],
install_requires=['requests==2.18.4', 'httmock==1.2.5', 'python-jose==1.3.2', 'simplejson'],
classifiers=[
'Programming Language :: Python :: 3',
'License :: OSI Approved :: GNU General Public License v3 (GPLv3)',

Write Preview
Loading…
Cancel
Save