From aef17fd40fc3e5ec6ce92cbf1bfea59f90dc5a68 Mon Sep 17 00:00:00 2001 From: Richard Nemeth Date: Fri, 27 May 2022 00:18:45 +0200 Subject: [PATCH] test: initial test for readme --- README.md | 203 +++++++++++++++++++++++++++++-------------- tests/test_readme.py | 53 +++++++++++ 2 files changed, 193 insertions(+), 63 deletions(-) create mode 100644 tests/test_readme.py diff --git a/README.md b/README.md index 85e3d34..018ac14 100644 --- a/README.md +++ b/README.md @@ -60,114 +60,178 @@ The documentation for python-keycloak is available on [readthedocs](http://pytho ## Usage +### Well-known + ```python from keycloak import KeycloakOpenID # Configure client -keycloak_openid = KeycloakOpenID(server_url="http://localhost:8080/auth/", - client_id="example_client", - realm_name="example_realm", - client_secret_key="secret") +keycloak_openid = KeycloakOpenID( + server_url="http://localhost:8080/", + client_id="example_client", + realm_name="example_realm", + client_secret_key="secret", +) # Get WellKnow config_well_known = keycloak_openid.well_known() +``` + +### User authentication +```python # Get Token token = keycloak_openid.token("user", "password") token = keycloak_openid.token("user", "password", totp="012345") +``` + +### User info +```python # Get Userinfo userinfo = keycloak_openid.userinfo(token['access_token']) +``` + +### Token refresh +```python # Refresh token token = keycloak_openid.refresh_token(token['refresh_token']) # Logout keycloak_openid.logout(token['refresh_token']) +``` + +### Certificates +```python # Get Certs certs = keycloak_openid.certs() +``` + +### RPT +```python # Get RPT (Entitlement) token = keycloak_openid.token("user", "password") -rpt = keycloak_openid.entitlement(token['access_token'], "resource_id") +rpt = keycloak_openid.entitlement(token["access_token"], "resource_id") # Instropect RPT -token_rpt_info = keycloak_openid.introspect(keycloak_openid.introspect(token['access_token'], rpt=rpt['rpt'], - token_type_hint="requesting_party_token")) +token_rpt_info = keycloak_openid.introspect( + keycloak_openid.introspect( + token["access_token"], rpt=rpt["rpt"], token_type_hint="requesting_party_token" + ) +) +``` + +### Token inspection +```python # Introspect Token -token_info = keycloak_openid.introspect(token['access_token']) +token_info = keycloak_openid.introspect(token["access_token"]) # Decode Token -KEYCLOAK_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\n" + keycloak_openid.public_key() + "\n-----END PUBLIC KEY-----" +KEYCLOAK_PUBLIC_KEY = ( + "-----BEGIN PUBLIC KEY-----\n" + keycloak_openid.public_key() + "\n-----END PUBLIC KEY-----" +) options = {"verify_signature": True, "verify_aud": True, "verify_exp": True} -token_info = keycloak_openid.decode_token(token['access_token'], key=KEYCLOAK_PUBLIC_KEY, options=options) +token_info = keycloak_openid.decode_token( + token["access_token"], key=KEYCLOAK_PUBLIC_KEY, options=options +) +``` + +### Permissions +```python # Get permissions by token token = keycloak_openid.token("user", "password") keycloak_openid.load_authorization_config("example-authz-config.json") -policies = keycloak_openid.get_policies(token['access_token'], method_token_info='decode', key=KEYCLOAK_PUBLIC_KEY) -permissions = keycloak_openid.get_permissions(token['access_token'], method_token_info='introspect') +policies = keycloak_openid.get_policies( + token["access_token"], method_token_info="decode", key=KEYCLOAK_PUBLIC_KEY +) +permissions = keycloak_openid.get_permissions( + token["access_token"], method_token_info="introspect" +) # Get UMA-permissions by token token = keycloak_openid.token("user", "password") -permissions = keycloak_openid.uma_permissions(token['access_token']) +permissions = keycloak_openid.uma_permissions(token["access_token"]) # Get UMA-permissions by token with specific resource and scope requested token = keycloak_openid.token("user", "password") -permissions = keycloak_openid.uma_permissions(token['access_token'], permissions="Resource#Scope") +permissions = keycloak_openid.uma_permissions(token["access_token"], permissions="Resource#Scope") # Get auth status for a specific resource and scope by token token = keycloak_openid.token("user", "password") -auth_status = keycloak_openid.has_uma_access(token['access_token'], "Resource#Scope") +auth_status = keycloak_openid.has_uma_access(token["access_token"], "Resource#Scope") # KEYCLOAK ADMIN from keycloak import KeycloakAdmin -keycloak_admin = KeycloakAdmin(server_url="http://localhost:8080/auth/", - username='example-admin', - password='secret', - realm_name="master", - user_realm_name="only_if_other_realm_than_master", - client_secret_key="client-secret", - verify=True) +keycloak_admin = KeycloakAdmin( + server_url="http://localhost:8080/auth/", + username="example-admin", + password="secret", + realm_name="master", + user_realm_name="only_if_other_realm_than_master", + client_secret_key="client-secret", + verify=True, +) # Add user -new_user = keycloak_admin.create_user({"email": "example@example.com", - "username": "example@example.com", - "enabled": True, - "firstName": "Example", - "lastName": "Example"}) +new_user = keycloak_admin.create_user( + { + "email": "example@example.com", + "username": "example@example.com", + "enabled": True, + "firstName": "Example", + "lastName": "Example", + } +) # Add user and raise exception if username already exists # exist_ok currently defaults to True for backwards compatibility reasons -new_user = keycloak_admin.create_user({"email": "example@example.com", - "username": "example@example.com", - "enabled": True, - "firstName": "Example", - "lastName": "Example"}, - exist_ok=False) +new_user = keycloak_admin.create_user( + { + "email": "example@example.com", + "username": "example@example.com", + "enabled": True, + "firstName": "Example", + "lastName": "Example", + }, + exist_ok=False, +) # Add user and set password -new_user = keycloak_admin.create_user({"email": "example@example.com", - "username": "example@example.com", - "enabled": True, - "firstName": "Example", - "lastName": "Example", - "credentials": [{"value": "secret","type": "password",}]}) +new_user = keycloak_admin.create_user( + { + "email": "example@example.com", + "username": "example@example.com", + "enabled": True, + "firstName": "Example", + "lastName": "Example", + "credentials": [ + { + "value": "secret", + "type": "password", + } + ], + } +) # Add user and specify a locale -new_user = keycloak_admin.create_user({"email": "example@example.fr", - "username": "example@example.fr", - "enabled": True, - "firstName": "Example", - "lastName": "Example", - "attributes": { - "locale": ["fr"] - }}) +new_user = keycloak_admin.create_user( + { + "email": "example@example.fr", + "username": "example@example.fr", + "enabled": True, + "firstName": "Example", + "lastName": "Example", + "attributes": {"locale": ["fr"]}, + } +) # User counter count_users = keycloak_admin.users_count() @@ -182,20 +246,23 @@ user_id_keycloak = keycloak_admin.get_user_id("example@example.com") user = keycloak_admin.get_user("user-id-keycloak") # Update User -response = keycloak_admin.update_user(user_id="user-id-keycloak", - payload={'firstName': 'Example Update'}) +response = keycloak_admin.update_user( + user_id="user-id-keycloak", payload={"firstName": "Example Update"} +) # Update User Password -response = keycloak_admin.set_user_password(user_id="user-id-keycloak", password="secret", temporary=True) +response = keycloak_admin.set_user_password( + user_id="user-id-keycloak", password="secret", temporary=True +) # Get User Credentials -credentials = keycloak_admin.get_credentials(user_id='user_id') +credentials = keycloak_admin.get_credentials(user_id="user_id") # Get User Credential by ID -credential = keycloak_admin.get_credential(user_id='user_id', credential_id='credential_id') +credential = keycloak_admin.get_credential(user_id="user_id", credential_id="credential_id") # Delete User Credential -response = keycloak_admin.delete_credential(user_id='user_id', credential_id='credential_id') +response = keycloak_admin.delete_credential(user_id="user_id", credential_id="credential_id") # Delete User response = keycloak_admin.delete_user(user_id="user-id-keycloak") @@ -204,8 +271,9 @@ response = keycloak_admin.delete_user(user_id="user-id-keycloak") consents = keycloak_admin.consents_user(user_id="user-id-keycloak") # Send User Action -response = keycloak_admin.send_update_account(user_id="user-id-keycloak", - payload=json.dumps(['UPDATE_PASSWORD'])) +response = keycloak_admin.send_update_account( + user_id="user-id-keycloak", payload=json.dumps(["UPDATE_PASSWORD"]) +) # Send Verify Email response = keycloak_admin.send_verify_email(user_id="user-id-keycloak") @@ -239,10 +307,14 @@ role = keycloak_admin.get_client_role(client_id="client_id", role_name="role_nam role_id = keycloak_admin.get_client_role_id(client_id="client_id", role_name="test") # Create client role -keycloak_admin.create_client_role(client_role_id='client_id', payload={'name': 'roleName', 'clientRole': True}) +keycloak_admin.create_client_role( + client_role_id="client_id", payload={"name": "roleName", "clientRole": True} +) # Assign client role to user. Note that BOTH role_name and role_id appear to be required. -keycloak_admin.assign_client_role(client_id="client_id", user_id="user_id", role_id="role_id", role_name="test") +keycloak_admin.assign_client_role( + client_id="client_id", user_id="user_id", role_id="role_id", role_name="test" +) # Retrieve client roles of a user. keycloak_admin.get_client_roles_of_user(user_id="user_id", client_id="client_id") @@ -254,8 +326,12 @@ keycloak_admin.get_available_client_roles_of_user(user_id="user_id", client_id=" keycloak_admin.get_composite_client_roles_of_user(user_id="user_id", client_id="client_id") # Delete client roles of a user. -keycloak_admin.delete_client_roles_of_user(client_id="client_id", user_id="user_id", roles={"id": "role-id"}) -keycloak_admin.delete_client_roles_of_user(client_id="client_id", user_id="user_id", roles=[{"id": "role-id_1"}, {"id": "role-id_2"}]) +keycloak_admin.delete_client_roles_of_user( + client_id="client_id", user_id="user_id", roles={"id": "role-id"} +) +keycloak_admin.delete_client_roles_of_user( + client_id="client_id", user_id="user_id", roles=[{"id": "role-id_1"}, {"id": "role-id_2"}] +) # Get all client authorization resources client_resources = get_client_authz_resources(client_id="client_id") @@ -276,10 +352,10 @@ group = keycloak_admin.create_group({"name": "Example Group"}) groups = keycloak_admin.get_groups() # Get group -group = keycloak_admin.get_group(group_id='group_id') +group = keycloak_admin.get_group(group_id="group_id") # Get group by name -group = keycloak_admin.get_group_by_path(path='/group/subgroup', search_in_subgroups=True) +group = keycloak_admin.get_group_by_path(path="/group/subgroup", search_in_subgroups=True) # Function to trigger user sync from provider sync_users(storage_id="storage_di", action="action") @@ -291,7 +367,9 @@ role_id = keycloak_admin.get_client_role_id(client_id=client_id, role_name="test realm_roles = keycloak_admin.get_roles() # Assign client role to user. Note that BOTH role_name and role_id appear to be required. -keycloak_admin.assign_client_role(client_id=client_id, user_id=user_id, role_id=role_id, role_name="test") +keycloak_admin.assign_client_role( + client_id=client_id, user_id=user_id, role_id=role_id, role_name="test" +) # Assign realm roles to user keycloak_admin.assign_realm_roles(user_id=user_id, roles=realm_roles) @@ -302,5 +380,4 @@ idps = keycloak_admin.get_idps() # Create a new Realm keycloak_admin.create_realm(payload={"realm": "demo"}, skip_exists=False) - ``` diff --git a/tests/test_readme.py b/tests/test_readme.py new file mode 100644 index 0000000..fada1a9 --- /dev/null +++ b/tests/test_readme.py @@ -0,0 +1,53 @@ +import pytest + +from keycloak.keycloak_admin import KeycloakAdmin + + +def find_code_blocks(readme_text): + code_blocks = list() + start_index = readme_text.find("```python") + if start_index == -1: + return list() + code_block_full = readme_text[start_index + 9 :] # noqa: E203 + end_index = code_block_full.find("```") + code_block = code_block_full[:end_index] + code_blocks.append(code_block) + code_blocks.extend(find_code_blocks(code_block_full[end_index + 3 :])) # noqa: E203 + return code_blocks + + +# @pytest.mark.skip() +def test_readme(admin: KeycloakAdmin): + admin.create_realm(payload={"realm": "example_realm", "enabled": True}) + admin.realm_name = "example_realm" + admin.create_client( + payload={ + "name": "example_client", + "enabled": True, + "protocol": "openid-connect", + "publicClient": False, + "redirectUris": ["http://localhost/*"], + "webOrigins": ["+"], + "clientId": "example_client", + "secret": "secret", + "clientAuthenticatorType": "client-secret", + } + ) + admin.create_user( + payload={ + "username": "user", + "email": "user@test.test", + "enabled": True, + "credentials": [{"type": "password", "value": "password"}], + } + ) + + with open("README.md", "r") as fp: + readme = fp.read() + code_blocks = find_code_blocks(readme) + for code in code_blocks: + print("=" * 50) + print(code) + exec(code) + print("OK") + print("=" * 50)