diff --git a/README.md b/README.md index 6f2b8d7..d4d715b 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,9 @@ The documentation for python-keycloak is available on [readthedocs](http://pytho ## Contributors * [Agriness Team](http://www.agriness.com/pt/) +* [Marcos Pereira](marcospereira.mpj@gmail.com) * [Martin Devlin](martin.devlin@pearson.com) +* [Shon T. Urbas](shon.urbas@gmail.com>) ## Usage @@ -75,7 +77,7 @@ token = keycloak_openid.token("user", "password") rpt = keycloak_openid.entitlement(token['access_token'], "resource_id") # Instropect RPT -token_rpt_info = keycloak_openid.instropect(keycloak_openid.instropect(token['access_token'], rpt=rpt['rpt'], +token_rpt_info = keycloak_openid.introspect(keycloak_openid.introspect(token['access_token'], rpt=rpt['rpt'], token_type_hint="requesting_party_token")) # Introspect Token diff --git a/docs/source/conf.py b/docs/source/conf.py index b5eba8c..1e7cf48 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -60,9 +60,9 @@ author = 'Marcos Pereira' # built documents. # # The short X.Y version. -version = '0.10.2' +version = '0.11.0' # The full version, including alpha/beta/rc tags. -release = '0.10.2' +release = '0.11.0' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/docs/source/index.rst b/docs/source/index.rst index f68dcbb..9ce5594 100644 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -43,7 +43,6 @@ python-keycloak depends on: * Python 3 * `requests `_ * `python-jose `_ -* `simplejson `_ Tests Dependencies ------------------ @@ -67,6 +66,7 @@ Contributors * `Agriness Team `_ * `Martin Devlin `_ +* `Shon T. Urbas `_ Usage ===== @@ -102,7 +102,7 @@ Main methods:: rpt = keycloak_openid.entitlement(token['access_token'], "resource_id") # Instropect RPT - token_rpt_info = keycloak_openid.instropect(keycloak_openid.instropect(token['access_token'], rpt=rpt['rpt'], + token_rpt_info = keycloak_openid.introspect(keycloak_openid.introspect(token['access_token'], rpt=rpt['rpt'], token_type_hint="requesting_party_token")) # Introspect Token @@ -127,7 +127,7 @@ Main methods:: username='example-admin', password='secret', realm_name="example_realm", - verify=True) + verify=True) # Add user new_user = keycloak_admin.create_user({"email": "example@example.com", diff --git a/keycloak/exceptions.py b/keycloak/exceptions.py index 300c5f7..27d8b14 100644 --- a/keycloak/exceptions.py +++ b/keycloak/exceptions.py @@ -16,7 +16,6 @@ # along with this program. If not, see . import requests -from simplejson import JSONDecodeError class KeycloakError(Exception): @@ -68,20 +67,16 @@ class KeycloakInvalidTokenError(KeycloakOperationError): pass -def raise_error_from_response(response, error, expected_code=200, skip_exists=False): +def raise_error_from_response(response, error, expected_code=200): if expected_code == response.status_code: if expected_code == requests.codes.no_content: return {} - try: return response.json() - except JSONDecodeError as e: + except ValueError: return response.content - if skip_exists and response.status_code == 409: - return {"Already exists"} - try: message = response.json()['message'] except (KeyError, ValueError): diff --git a/keycloak/keycloak_admin.py b/keycloak/keycloak_admin.py index 542fd7c..e581fab 100644 --- a/keycloak/keycloak_admin.py +++ b/keycloak/keycloak_admin.py @@ -15,12 +15,16 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see . -# Unless otherwise stated in the comments, "id", in e.g. user_id, refers to the internal Keycloak server ID, usually a uuid string +# Unless otherwise stated in the comments, "id", in e.g. user_id, refers to the +# internal Keycloak server ID, usually a uuid string -from .urls_patterns import URL_ADMIN_USERS_COUNT, URL_ADMIN_USER, URL_ADMIN_USER_CONSENTS, \ +from .urls_patterns import \ + URL_ADMIN_USERS_COUNT, URL_ADMIN_USER, URL_ADMIN_USER_CONSENTS, \ URL_ADMIN_SEND_UPDATE_ACCOUNT, URL_ADMIN_RESET_PASSWORD, URL_ADMIN_SEND_VERIFY_EMAIL, URL_ADMIN_GET_SESSIONS, \ - URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS, URL_ADMIN_CLIENT, URL_ADMIN_CLIENT_ROLES, URL_ADMIN_REALM_ROLES, URL_ADMIN_USER_CLIENT_ROLES, \ - URL_ADMIN_GROUP, URL_ADMIN_GROUPS, URL_ADMIN_GROUP_CHILD, URL_ADMIN_USER_GROUP, URL_ADMIN_USER_PASSWORD, URL_ADMIN_GROUP_PERMISSIONS + URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS, URL_ADMIN_CLIENT, URL_ADMIN_CLIENT_ROLES, URL_ADMIN_REALM_ROLES, \ + URL_ADMIN_USER_CLIENT_ROLES, URL_ADMIN_GROUP, URL_ADMIN_GROUPS, URL_ADMIN_GROUP_CHILD, URL_ADMIN_USER_GROUP,\ + URL_ADMIN_USER_PASSWORD, URL_ADMIN_GROUP_PERMISSIONS + from .keycloak_openid import KeycloakOpenID from .exceptions import raise_error_from_response, KeycloakGetError @@ -109,47 +113,21 @@ class KeycloakAdmin: data_raw = self.connection.raw_get(URL_ADMIN_USERS.format(**params_path), **query) return raise_error_from_response(data_raw, KeycloakGetError) - def create_user(self, username, email='', firstName='', lastName='', emailVerified=False, enabled=True, password=None, passwordTemp=False, skip_exists=False): + def create_user(self, payload): """ Create a new user Username must be unique UserRepresentation http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_userrepresentation - :param data: Http response + :param payload: UserRepresentation + :return: UserRepresentation """ - data={} - data["username"]=username - data["email"]=email - data["firstName"]=firstName - data["lastName"]=lastName - data["emailVerified"]=emailVerified - data["enabled"]=enabled params_path = {"realm-name": self.realm_name} - - exists = self.get_user_id(username=username) - - if exists is not None: - return str(exists) - data_raw = self.connection.raw_post(URL_ADMIN_USERS.format(**params_path), - data=json.dumps(data)) - create_resp = raise_error_from_response(data_raw, KeycloakGetError, expected_code=201, skip_exists=skip_exists) - - if password is not None: - user_id = self.get_user_id(username) - data={} - data["value"]=password - data["type"]="password" - data["temporary"]=passwordTemp - - params_path = {"realm-name": self.realm_name, "id": user_id} - data_raw = self.connection.raw_put(URL_ADMIN_USER_PASSWORD.format(**params_path), - data=json.dumps(data)) - return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204) - else: - return create_resp + data=json.dumps(payload)) + return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201) def users_count(self): """ @@ -161,7 +139,6 @@ class KeycloakAdmin: data_raw = self.connection.raw_get(URL_ADMIN_USERS_COUNT.format(**params_path)) return raise_error_from_response(data_raw, KeycloakGetError) - def get_user_id(self, username): """ Get internal keycloak user id from username @@ -198,40 +175,19 @@ class KeycloakAdmin: data_raw = self.connection.raw_get(URL_ADMIN_USER.format(**params_path)) return raise_error_from_response(data_raw, KeycloakGetError) - def update_user(self, user_id, username, email='', firstName='', lastName='', emailVerified=False, enabled=True, password=None, passwordTemp=False): + def update_user(self, user_id, payload): """ Update the user :param user_id: User id - :param data: UserRepresentation + :param payload: UserRepresentation :return: Http response """ - data={} - data["username"]=username - data["email"]=email - data["firstName"]=firstName - data["lastName"]=lastName - data["emailVerified"]=emailVerified - data["enabled"]=enabled params_path = {"realm-name": self.realm_name, "id": user_id} data_raw = self.connection.raw_put(URL_ADMIN_USER.format(**params_path), - data=json.dumps(data)) - update_resp = raise_error_from_response(data_raw, KeycloakGetError, expected_code=204) - - if password is not None: - user_id = self.get_user_id(username) - data={} - data["value"]=password - data["type"]="password" - data["temporary"]=passwordTemp - - params_path = {"realm-name": self.realm_name, "id": user_id} - data_raw = self.connection.raw_put(URL_ADMIN_USER_PASSWORD.format(**params_path), - data=json.dumps(data)) - return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204) - else: - return update_resp + data=json.dumps(payload)) + return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204) def delete_user(self, user_id): """ @@ -245,6 +201,26 @@ class KeycloakAdmin: data_raw = self.connection.raw_delete(URL_ADMIN_USER.format(**params_path)) return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204) + def set_user_password(self, user_id, password, temporary=True): + """ + Set up a password for the user. If temporary is True, the user will have to reset + the temporary password next time they log in. + + http://www.keycloak.org/docs-api/3.2/rest-api/#_users_resource + http://www.keycloak.org/docs-api/3.2/rest-api/#_credentialrepresentation + + :param user_id: User id + :param password: New password + :param temporary: True if password is temporary + + :return: + """ + payload = {"type": "password", "temporary": temporary, "value": password} + params_path = {"realm-name": self.realm_name, "id": user_id} + data_raw = self.connection.raw_put(URL_ADMIN_USER_PASSWORD.format(**params_path), + data=json.dumps(payload)) + return raise_error_from_response(data_raw, KeycloakGetError, expected_code=200) + def consents_user(self, user_id): """ Get consents granted by the user @@ -362,25 +338,27 @@ class KeycloakAdmin: :return: GroupID (string) """ if parent is not None: - params_path = {"realm-name": self.realm_name, "id": parent} - data_raw = self.connection.raw_get(URL_ADMIN_GROUP.format(**params_path)) - res = raise_error_from_response(data_raw, KeycloakGetError) - data_content = [] - data_content.append(res) + params_path = {"realm-name": self.realm_name, "id": parent} + data_raw = self.connection.raw_get(URL_ADMIN_GROUP.format(**params_path)) + res = raise_error_from_response(data_raw, KeycloakGetError) + data_content = [] + data_content.append(res) else: - params_path = {"realm-name": self.realm_name} - data_raw = self.connection.raw_get(URL_ADMIN_GROUPS.format(**params_path)) - data_content = raise_error_from_response(data_raw, KeycloakGetError) + params_path = {"realm-name": self.realm_name} + data_raw = self.connection.raw_get(URL_ADMIN_GROUPS.format(**params_path)) + data_content = raise_error_from_response(data_raw, KeycloakGetError) for group in data_content: - thisgroupname = json.dumps(group["name"]).strip('"') - thisgrouppath = json.dumps(group["path"]).strip('"') - if (thisgroupname == name and name is not None) or (thisgrouppath == path and path is not None): - return json.dumps(group["id"]).strip('"') - for subgroup in group["subGroups"]: - thisgrouppath = json.dumps(subgroup["path"]).strip('"') - if (thisgrouppath == path and path is not None) or (thisgrouppath == name and name is not None): - return json.dumps(subgroup["id"]).strip('"') + thisgroupname = json.dumps(group["name"]).strip('"') + thisgrouppath = json.dumps(group["path"]).strip('"') + if (thisgroupname == name and name is not None) or (thisgrouppath == path and path is not None): + return json.dumps(group["id"]).strip('"') + for subgroup in group["subGroups"]: + thisgrouppath = json.dumps(subgroup["path"]).strip('"') + + if (thisgrouppath == path and path is not None) or (thisgrouppath == name and name is not None): + return json.dumps(subgroup["id"]).strip('"') + return None def create_group(self, name=None, client_roles={}, realm_roles=[], sub_groups=[], path=None, parent=None, skip_exists=False): @@ -539,7 +517,8 @@ class KeycloakAdmin: data_raw = self.connection.raw_get(URL_ADMIN_CLIENT.format(**params_path)) return raise_error_from_response(data_raw, KeycloakGetError) - def create_client(self, name, client_id, redirect_uris, protocol="openid-connect", public_client=True, direct_access_grants=True, skip_exists=False): + def create_client(self, name, client_id, redirect_uris, protocol="openid-connect", public_client=True, + direct_access_grants=True): """ Create a client @@ -563,7 +542,7 @@ class KeycloakAdmin: params_path = {"realm-name": self.realm_name} data_raw = self.connection.raw_post(URL_ADMIN_CLIENTS.format(**params_path), data=json.dumps(data)) - return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201, skip_exists=skip_exists) + return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201) def delete_client(self, client_id): """ @@ -671,7 +650,8 @@ class KeycloakAdmin: """ Assign a client role to a user - :param client_id: id of client (not client-id), user_id: id of user, client_id: id of client containing role, role_id: client role id, role_name: client role name) + :param client_id: id of client (not client-id), user_id: id of user, client_id: id of client containing role, + role_id: client role id, role_name: client role name) """ payload=[{}] diff --git a/requirements.txt b/requirements.txt index bc7067a..61caa61 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,3 @@ -requests==2.18.3 +requests==2.18.4 httmock==1.2.5 python-jose==1.3.2 -simplejson \ No newline at end of file diff --git a/setup.py b/setup.py index ed1df7f..7746d82 100644 --- a/setup.py +++ b/setup.py @@ -4,7 +4,7 @@ from setuptools import setup setup( name='python-keycloak', - version='0.10.2', + version='0.11.0', url='https://bitbucket.org/agriness/python-keycloak', license='GNU General Public License - V3', author='Marcos Pereira', @@ -12,7 +12,7 @@ setup( keywords='keycloak openid', description=u'python-keycloak is a Python package providing access to the Keycloak API.', packages=['keycloak', 'keycloak.authorization', 'keycloak.tests'], - install_requires=['requests==2.18.3', 'httmock==1.2.5', 'python-jose==1.3.2', 'simplejson'], + install_requires=['requests==2.18.4', 'httmock==1.2.5', 'python-jose==1.3.2', 'simplejson'], classifiers=[ 'Programming Language :: Python :: 3', 'License :: OSI Approved :: GNU General Public License v3 (GPLv3)',