From e54dc5169bb5b9936df323ac2b894ecb9d6048e5 Mon Sep 17 00:00:00 2001 From: Dominic Moffat Date: Mon, 3 Feb 2025 21:08:17 +0000 Subject: [PATCH] adds organisation interface for kc26 --- keycloak-dev/bin/Activate.ps1 | 247 ++++++++++++++++++++++ keycloak-dev/bin/activate | 69 ++++++ keycloak-dev/bin/activate.csh | 26 +++ keycloak-dev/bin/activate.fish | 69 ++++++ keycloak-dev/bin/httpx | 8 + keycloak-dev/bin/normalizer | 8 + keycloak-dev/bin/pip | 8 + keycloak-dev/bin/pip3 | 8 + keycloak-dev/bin/pip3.10 | 8 + keycloak-dev/bin/python | 1 + keycloak-dev/bin/python3 | 1 + keycloak-dev/bin/python3.10 | 1 + keycloak-dev/lib64 | 1 + keycloak-dev/pyvenv.cfg | 3 + keycloak-dev/share/doc/jwcrypto/LICENSE | 165 +++++++++++++++ keycloak-dev/share/doc/jwcrypto/README.md | 48 +++++ src/keycloak/keycloak_admin.py | 132 ++++++++++++ src/keycloak/urls_patterns.py | 13 ++ tests/test_orgs.py | 74 +++++++ 19 files changed, 890 insertions(+) create mode 100644 keycloak-dev/bin/Activate.ps1 create mode 100644 keycloak-dev/bin/activate create mode 100644 keycloak-dev/bin/activate.csh create mode 100644 keycloak-dev/bin/activate.fish create mode 100755 keycloak-dev/bin/httpx create mode 100755 keycloak-dev/bin/normalizer create mode 100755 keycloak-dev/bin/pip create mode 100755 keycloak-dev/bin/pip3 create mode 100755 keycloak-dev/bin/pip3.10 create mode 120000 keycloak-dev/bin/python create mode 120000 keycloak-dev/bin/python3 create mode 120000 keycloak-dev/bin/python3.10 create mode 120000 keycloak-dev/lib64 create mode 100644 keycloak-dev/pyvenv.cfg create mode 100644 keycloak-dev/share/doc/jwcrypto/LICENSE create mode 100644 keycloak-dev/share/doc/jwcrypto/README.md create mode 100644 tests/test_orgs.py diff --git a/keycloak-dev/bin/Activate.ps1 b/keycloak-dev/bin/Activate.ps1 new file mode 100644 index 0000000..b49d77b --- /dev/null +++ b/keycloak-dev/bin/Activate.ps1 @@ -0,0 +1,247 @@ +<# +.Synopsis +Activate a Python virtual environment for the current PowerShell session. + +.Description +Pushes the python executable for a virtual environment to the front of the +$Env:PATH environment variable and sets the prompt to signify that you are +in a Python virtual environment. Makes use of the command line switches as +well as the `pyvenv.cfg` file values present in the virtual environment. + +.Parameter VenvDir +Path to the directory that contains the virtual environment to activate. The +default value for this is the parent of the directory that the Activate.ps1 +script is located within. + +.Parameter Prompt +The prompt prefix to display when this virtual environment is activated. By +default, this prompt is the name of the virtual environment folder (VenvDir) +surrounded by parentheses and followed by a single space (ie. '(.venv) '). + +.Example +Activate.ps1 +Activates the Python virtual environment that contains the Activate.ps1 script. + +.Example +Activate.ps1 -Verbose +Activates the Python virtual environment that contains the Activate.ps1 script, +and shows extra information about the activation as it executes. + +.Example +Activate.ps1 -VenvDir C:\Users\MyUser\Common\.venv +Activates the Python virtual environment located in the specified location. + +.Example +Activate.ps1 -Prompt "MyPython" +Activates the Python virtual environment that contains the Activate.ps1 script, +and prefixes the current prompt with the specified string (surrounded in +parentheses) while the virtual environment is active. + +.Notes +On Windows, it may be required to enable this Activate.ps1 script by setting the +execution policy for the user. You can do this by issuing the following PowerShell +command: + +PS C:\> Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser + +For more information on Execution Policies: +https://go.microsoft.com/fwlink/?LinkID=135170 + +#> +Param( + [Parameter(Mandatory = $false)] + [String] + $VenvDir, + [Parameter(Mandatory = $false)] + [String] + $Prompt +) + +<# Function declarations --------------------------------------------------- #> + +<# +.Synopsis +Remove all shell session elements added by the Activate script, including the +addition of the virtual environment's Python executable from the beginning of +the PATH variable. + +.Parameter NonDestructive +If present, do not remove this function from the global namespace for the +session. + +#> +function global:deactivate ([switch]$NonDestructive) { + # Revert to original values + + # The prior prompt: + if (Test-Path -Path Function:_OLD_VIRTUAL_PROMPT) { + Copy-Item -Path Function:_OLD_VIRTUAL_PROMPT -Destination Function:prompt + Remove-Item -Path Function:_OLD_VIRTUAL_PROMPT + } + + # The prior PYTHONHOME: + if (Test-Path -Path Env:_OLD_VIRTUAL_PYTHONHOME) { + Copy-Item -Path Env:_OLD_VIRTUAL_PYTHONHOME -Destination Env:PYTHONHOME + Remove-Item -Path Env:_OLD_VIRTUAL_PYTHONHOME + } + + # The prior PATH: + if (Test-Path -Path Env:_OLD_VIRTUAL_PATH) { + Copy-Item -Path Env:_OLD_VIRTUAL_PATH -Destination Env:PATH + Remove-Item -Path Env:_OLD_VIRTUAL_PATH + } + + # Just remove the VIRTUAL_ENV altogether: + if (Test-Path -Path Env:VIRTUAL_ENV) { + Remove-Item -Path env:VIRTUAL_ENV + } + + # Just remove VIRTUAL_ENV_PROMPT altogether. + if (Test-Path -Path Env:VIRTUAL_ENV_PROMPT) { + Remove-Item -Path env:VIRTUAL_ENV_PROMPT + } + + # Just remove the _PYTHON_VENV_PROMPT_PREFIX altogether: + if (Get-Variable -Name "_PYTHON_VENV_PROMPT_PREFIX" -ErrorAction SilentlyContinue) { + Remove-Variable -Name _PYTHON_VENV_PROMPT_PREFIX -Scope Global -Force + } + + # Leave deactivate function in the global namespace if requested: + if (-not $NonDestructive) { + Remove-Item -Path function:deactivate + } +} + +<# +.Description +Get-PyVenvConfig parses the values from the pyvenv.cfg file located in the +given folder, and returns them in a map. + +For each line in the pyvenv.cfg file, if that line can be parsed into exactly +two strings separated by `=` (with any amount of whitespace surrounding the =) +then it is considered a `key = value` line. The left hand string is the key, +the right hand is the value. + +If the value starts with a `'` or a `"` then the first and last character is +stripped from the value before being captured. + +.Parameter ConfigDir +Path to the directory that contains the `pyvenv.cfg` file. +#> +function Get-PyVenvConfig( + [String] + $ConfigDir +) { + Write-Verbose "Given ConfigDir=$ConfigDir, obtain values in pyvenv.cfg" + + # Ensure the file exists, and issue a warning if it doesn't (but still allow the function to continue). + $pyvenvConfigPath = Join-Path -Resolve -Path $ConfigDir -ChildPath 'pyvenv.cfg' -ErrorAction Continue + + # An empty map will be returned if no config file is found. + $pyvenvConfig = @{ } + + if ($pyvenvConfigPath) { + + Write-Verbose "File exists, parse `key = value` lines" + $pyvenvConfigContent = Get-Content -Path $pyvenvConfigPath + + $pyvenvConfigContent | ForEach-Object { + $keyval = $PSItem -split "\s*=\s*", 2 + if ($keyval[0] -and $keyval[1]) { + $val = $keyval[1] + + # Remove extraneous quotations around a string value. + if ("'""".Contains($val.Substring(0, 1))) { + $val = $val.Substring(1, $val.Length - 2) + } + + $pyvenvConfig[$keyval[0]] = $val + Write-Verbose "Adding Key: '$($keyval[0])'='$val'" + } + } + } + return $pyvenvConfig +} + + +<# Begin Activate script --------------------------------------------------- #> + +# Determine the containing directory of this script +$VenvExecPath = Split-Path -Parent $MyInvocation.MyCommand.Definition +$VenvExecDir = Get-Item -Path $VenvExecPath + +Write-Verbose "Activation script is located in path: '$VenvExecPath'" +Write-Verbose "VenvExecDir Fullname: '$($VenvExecDir.FullName)" +Write-Verbose "VenvExecDir Name: '$($VenvExecDir.Name)" + +# Set values required in priority: CmdLine, ConfigFile, Default +# First, get the location of the virtual environment, it might not be +# VenvExecDir if specified on the command line. +if ($VenvDir) { + Write-Verbose "VenvDir given as parameter, using '$VenvDir' to determine values" +} +else { + Write-Verbose "VenvDir not given as a parameter, using parent directory name as VenvDir." + $VenvDir = $VenvExecDir.Parent.FullName.TrimEnd("\\/") + Write-Verbose "VenvDir=$VenvDir" +} + +# Next, read the `pyvenv.cfg` file to determine any required value such +# as `prompt`. +$pyvenvCfg = Get-PyVenvConfig -ConfigDir $VenvDir + +# Next, set the prompt from the command line, or the config file, or +# just use the name of the virtual environment folder. +if ($Prompt) { + Write-Verbose "Prompt specified as argument, using '$Prompt'" +} +else { + Write-Verbose "Prompt not specified as argument to script, checking pyvenv.cfg value" + if ($pyvenvCfg -and $pyvenvCfg['prompt']) { + Write-Verbose " Setting based on value in pyvenv.cfg='$($pyvenvCfg['prompt'])'" + $Prompt = $pyvenvCfg['prompt']; + } + else { + Write-Verbose " Setting prompt based on parent's directory's name. (Is the directory name passed to venv module when creating the virtual environment)" + Write-Verbose " Got leaf-name of $VenvDir='$(Split-Path -Path $venvDir -Leaf)'" + $Prompt = Split-Path -Path $venvDir -Leaf + } +} + +Write-Verbose "Prompt = '$Prompt'" +Write-Verbose "VenvDir='$VenvDir'" + +# Deactivate any currently active virtual environment, but leave the +# deactivate function in place. +deactivate -nondestructive + +# Now set the environment variable VIRTUAL_ENV, used by many tools to determine +# that there is an activated venv. +$env:VIRTUAL_ENV = $VenvDir + +if (-not $Env:VIRTUAL_ENV_DISABLE_PROMPT) { + + Write-Verbose "Setting prompt to '$Prompt'" + + # Set the prompt to include the env name + # Make sure _OLD_VIRTUAL_PROMPT is global + function global:_OLD_VIRTUAL_PROMPT { "" } + Copy-Item -Path function:prompt -Destination function:_OLD_VIRTUAL_PROMPT + New-Variable -Name _PYTHON_VENV_PROMPT_PREFIX -Description "Python virtual environment prompt prefix" -Scope Global -Option ReadOnly -Visibility Public -Value $Prompt + + function global:prompt { + Write-Host -NoNewline -ForegroundColor Green "($_PYTHON_VENV_PROMPT_PREFIX) " + _OLD_VIRTUAL_PROMPT + } + $env:VIRTUAL_ENV_PROMPT = $Prompt +} + +# Clear PYTHONHOME +if (Test-Path -Path Env:PYTHONHOME) { + Copy-Item -Path Env:PYTHONHOME -Destination Env:_OLD_VIRTUAL_PYTHONHOME + Remove-Item -Path Env:PYTHONHOME +} + +# Add the venv to the PATH +Copy-Item -Path Env:PATH -Destination Env:_OLD_VIRTUAL_PATH +$Env:PATH = "$VenvExecDir$([System.IO.Path]::PathSeparator)$Env:PATH" diff --git a/keycloak-dev/bin/activate b/keycloak-dev/bin/activate new file mode 100644 index 0000000..71072ec --- /dev/null +++ b/keycloak-dev/bin/activate @@ -0,0 +1,69 @@ +# This file must be used with "source bin/activate" *from bash* +# you cannot run it directly + +deactivate () { + # reset old environment variables + if [ -n "${_OLD_VIRTUAL_PATH:-}" ] ; then + PATH="${_OLD_VIRTUAL_PATH:-}" + export PATH + unset _OLD_VIRTUAL_PATH + fi + if [ -n "${_OLD_VIRTUAL_PYTHONHOME:-}" ] ; then + PYTHONHOME="${_OLD_VIRTUAL_PYTHONHOME:-}" + export PYTHONHOME + unset _OLD_VIRTUAL_PYTHONHOME + fi + + # This should detect bash and zsh, which have a hash command that must + # be called to get it to forget past commands. Without forgetting + # past commands the $PATH changes we made may not be respected + if [ -n "${BASH:-}" -o -n "${ZSH_VERSION:-}" ] ; then + hash -r 2> /dev/null + fi + + if [ -n "${_OLD_VIRTUAL_PS1:-}" ] ; then + PS1="${_OLD_VIRTUAL_PS1:-}" + export PS1 + unset _OLD_VIRTUAL_PS1 + fi + + unset VIRTUAL_ENV + unset VIRTUAL_ENV_PROMPT + if [ ! "${1:-}" = "nondestructive" ] ; then + # Self destruct! + unset -f deactivate + fi +} + +# unset irrelevant variables +deactivate nondestructive + +VIRTUAL_ENV=/home/development/projects/illysky/python-keycloak/keycloak-dev +export VIRTUAL_ENV + +_OLD_VIRTUAL_PATH="$PATH" +PATH="$VIRTUAL_ENV/"bin":$PATH" +export PATH + +# unset PYTHONHOME if set +# this will fail if PYTHONHOME is set to the empty string (which is bad anyway) +# could use `if (set -u; : $PYTHONHOME) ;` in bash +if [ -n "${PYTHONHOME:-}" ] ; then + _OLD_VIRTUAL_PYTHONHOME="${PYTHONHOME:-}" + unset PYTHONHOME +fi + +if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT:-}" ] ; then + _OLD_VIRTUAL_PS1="${PS1:-}" + PS1='(keycloak-dev) '"${PS1:-}" + export PS1 + VIRTUAL_ENV_PROMPT='(keycloak-dev) ' + export VIRTUAL_ENV_PROMPT +fi + +# This should detect bash and zsh, which have a hash command that must +# be called to get it to forget past commands. Without forgetting +# past commands the $PATH changes we made may not be respected +if [ -n "${BASH:-}" -o -n "${ZSH_VERSION:-}" ] ; then + hash -r 2> /dev/null +fi diff --git a/keycloak-dev/bin/activate.csh b/keycloak-dev/bin/activate.csh new file mode 100644 index 0000000..4bf1e06 --- /dev/null +++ b/keycloak-dev/bin/activate.csh @@ -0,0 +1,26 @@ +# This file must be used with "source bin/activate.csh" *from csh*. +# You cannot run it directly. +# Created by Davide Di Blasi . +# Ported to Python 3.3 venv by Andrew Svetlov + +alias deactivate 'test $?_OLD_VIRTUAL_PATH != 0 && setenv PATH "$_OLD_VIRTUAL_PATH" && unset _OLD_VIRTUAL_PATH; rehash; test $?_OLD_VIRTUAL_PROMPT != 0 && set prompt="$_OLD_VIRTUAL_PROMPT" && unset _OLD_VIRTUAL_PROMPT; unsetenv VIRTUAL_ENV; unsetenv VIRTUAL_ENV_PROMPT; test "\!:*" != "nondestructive" && unalias deactivate' + +# Unset irrelevant variables. +deactivate nondestructive + +setenv VIRTUAL_ENV /home/development/projects/illysky/python-keycloak/keycloak-dev + +set _OLD_VIRTUAL_PATH="$PATH" +setenv PATH "$VIRTUAL_ENV/"bin":$PATH" + + +set _OLD_VIRTUAL_PROMPT="$prompt" + +if (! "$?VIRTUAL_ENV_DISABLE_PROMPT") then + set prompt = '(keycloak-dev) '"$prompt" + setenv VIRTUAL_ENV_PROMPT '(keycloak-dev) ' +endif + +alias pydoc python -m pydoc + +rehash diff --git a/keycloak-dev/bin/activate.fish b/keycloak-dev/bin/activate.fish new file mode 100644 index 0000000..ab4a391 --- /dev/null +++ b/keycloak-dev/bin/activate.fish @@ -0,0 +1,69 @@ +# This file must be used with "source /bin/activate.fish" *from fish* +# (https://fishshell.com/); you cannot run it directly. + +function deactivate -d "Exit virtual environment and return to normal shell environment" + # reset old environment variables + if test -n "$_OLD_VIRTUAL_PATH" + set -gx PATH $_OLD_VIRTUAL_PATH + set -e _OLD_VIRTUAL_PATH + end + if test -n "$_OLD_VIRTUAL_PYTHONHOME" + set -gx PYTHONHOME $_OLD_VIRTUAL_PYTHONHOME + set -e _OLD_VIRTUAL_PYTHONHOME + end + + if test -n "$_OLD_FISH_PROMPT_OVERRIDE" + set -e _OLD_FISH_PROMPT_OVERRIDE + # prevents error when using nested fish instances (Issue #93858) + if functions -q _old_fish_prompt + functions -e fish_prompt + functions -c _old_fish_prompt fish_prompt + functions -e _old_fish_prompt + end + end + + set -e VIRTUAL_ENV + set -e VIRTUAL_ENV_PROMPT + if test "$argv[1]" != "nondestructive" + # Self-destruct! + functions -e deactivate + end +end + +# Unset irrelevant variables. +deactivate nondestructive + +set -gx VIRTUAL_ENV /home/development/projects/illysky/python-keycloak/keycloak-dev + +set -gx _OLD_VIRTUAL_PATH $PATH +set -gx PATH "$VIRTUAL_ENV/"bin $PATH + +# Unset PYTHONHOME if set. +if set -q PYTHONHOME + set -gx _OLD_VIRTUAL_PYTHONHOME $PYTHONHOME + set -e PYTHONHOME +end + +if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + # fish uses a function instead of an env var to generate the prompt. + + # Save the current fish_prompt function as the function _old_fish_prompt. + functions -c fish_prompt _old_fish_prompt + + # With the original prompt function renamed, we can override with our own. + function fish_prompt + # Save the return status of the last command. + set -l old_status $status + + # Output the venv prompt; color taken from the blue of the Python logo. + printf "%s%s%s" (set_color 4B8BBE) '(keycloak-dev) ' (set_color normal) + + # Restore the return status of the previous command. + echo "exit $old_status" | . + # Output the original/"old" prompt. + _old_fish_prompt + end + + set -gx _OLD_FISH_PROMPT_OVERRIDE "$VIRTUAL_ENV" + set -gx VIRTUAL_ENV_PROMPT '(keycloak-dev) ' +end diff --git a/keycloak-dev/bin/httpx b/keycloak-dev/bin/httpx new file mode 100755 index 0000000..f9a52bd --- /dev/null +++ b/keycloak-dev/bin/httpx @@ -0,0 +1,8 @@ +#!/home/development/projects/illysky/python-keycloak/keycloak-dev/bin/python3 +# -*- coding: utf-8 -*- +import re +import sys +from httpx import main +if __name__ == '__main__': + sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0]) + sys.exit(main()) diff --git a/keycloak-dev/bin/normalizer b/keycloak-dev/bin/normalizer new file mode 100755 index 0000000..0521c4d --- /dev/null +++ b/keycloak-dev/bin/normalizer @@ -0,0 +1,8 @@ +#!/home/development/projects/illysky/python-keycloak/keycloak-dev/bin/python3 +# -*- coding: utf-8 -*- +import re +import sys +from charset_normalizer import cli +if __name__ == '__main__': + sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0]) + sys.exit(cli.cli_detect()) diff --git a/keycloak-dev/bin/pip b/keycloak-dev/bin/pip new file mode 100755 index 0000000..e8329ba --- /dev/null +++ b/keycloak-dev/bin/pip @@ -0,0 +1,8 @@ +#!/home/development/projects/illysky/python-keycloak/keycloak-dev/bin/python3 +# -*- coding: utf-8 -*- +import re +import sys +from pip._internal.cli.main import main +if __name__ == '__main__': + sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0]) + sys.exit(main()) diff --git a/keycloak-dev/bin/pip3 b/keycloak-dev/bin/pip3 new file mode 100755 index 0000000..e8329ba --- /dev/null +++ b/keycloak-dev/bin/pip3 @@ -0,0 +1,8 @@ +#!/home/development/projects/illysky/python-keycloak/keycloak-dev/bin/python3 +# -*- coding: utf-8 -*- +import re +import sys +from pip._internal.cli.main import main +if __name__ == '__main__': + sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0]) + sys.exit(main()) diff --git a/keycloak-dev/bin/pip3.10 b/keycloak-dev/bin/pip3.10 new file mode 100755 index 0000000..e8329ba --- /dev/null +++ b/keycloak-dev/bin/pip3.10 @@ -0,0 +1,8 @@ +#!/home/development/projects/illysky/python-keycloak/keycloak-dev/bin/python3 +# -*- coding: utf-8 -*- +import re +import sys +from pip._internal.cli.main import main +if __name__ == '__main__': + sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0]) + sys.exit(main()) diff --git a/keycloak-dev/bin/python b/keycloak-dev/bin/python new file mode 120000 index 0000000..b8a0adb --- /dev/null +++ b/keycloak-dev/bin/python @@ -0,0 +1 @@ +python3 \ No newline at end of file diff --git a/keycloak-dev/bin/python3 b/keycloak-dev/bin/python3 new file mode 120000 index 0000000..ae65fda --- /dev/null +++ b/keycloak-dev/bin/python3 @@ -0,0 +1 @@ +/usr/bin/python3 \ No newline at end of file diff --git a/keycloak-dev/bin/python3.10 b/keycloak-dev/bin/python3.10 new file mode 120000 index 0000000..b8a0adb --- /dev/null +++ b/keycloak-dev/bin/python3.10 @@ -0,0 +1 @@ +python3 \ No newline at end of file diff --git a/keycloak-dev/lib64 b/keycloak-dev/lib64 new file mode 120000 index 0000000..7951405 --- /dev/null +++ b/keycloak-dev/lib64 @@ -0,0 +1 @@ +lib \ No newline at end of file diff --git a/keycloak-dev/pyvenv.cfg b/keycloak-dev/pyvenv.cfg new file mode 100644 index 0000000..0537ffc --- /dev/null +++ b/keycloak-dev/pyvenv.cfg @@ -0,0 +1,3 @@ +home = /usr/bin +include-system-site-packages = false +version = 3.10.12 diff --git a/keycloak-dev/share/doc/jwcrypto/LICENSE b/keycloak-dev/share/doc/jwcrypto/LICENSE new file mode 100644 index 0000000..65c5ca8 --- /dev/null +++ b/keycloak-dev/share/doc/jwcrypto/LICENSE @@ -0,0 +1,165 @@ + GNU LESSER GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + + This version of the GNU Lesser General Public License incorporates +the terms and conditions of version 3 of the GNU General Public +License, supplemented by the additional permissions listed below. + + 0. Additional Definitions. + + As used herein, "this License" refers to version 3 of the GNU Lesser +General Public License, and the "GNU GPL" refers to version 3 of the GNU +General Public License. + + "The Library" refers to a covered work governed by this License, +other than an Application or a Combined Work as defined below. + + An "Application" is any work that makes use of an interface provided +by the Library, but which is not otherwise based on the Library. +Defining a subclass of a class defined by the Library is deemed a mode +of using an interface provided by the Library. + + A "Combined Work" is a work produced by combining or linking an +Application with the Library. The particular version of the Library +with which the Combined Work was made is also called the "Linked +Version". + + The "Minimal Corresponding Source" for a Combined Work means the +Corresponding Source for the Combined Work, excluding any source code +for portions of the Combined Work that, considered in isolation, are +based on the Application, and not on the Linked Version. + + The "Corresponding Application Code" for a Combined Work means the +object code and/or source code for the Application, including any data +and utility programs needed for reproducing the Combined Work from the +Application, but excluding the System Libraries of the Combined Work. + + 1. Exception to Section 3 of the GNU GPL. + + You may convey a covered work under sections 3 and 4 of this License +without being bound by section 3 of the GNU GPL. + + 2. Conveying Modified Versions. + + If you modify a copy of the Library, and, in your modifications, a +facility refers to a function or data to be supplied by an Application +that uses the facility (other than as an argument passed when the +facility is invoked), then you may convey a copy of the modified +version: + + a) under this License, provided that you make a good faith effort to + ensure that, in the event an Application does not supply the + function or data, the facility still operates, and performs + whatever part of its purpose remains meaningful, or + + b) under the GNU GPL, with none of the additional permissions of + this License applicable to that copy. + + 3. Object Code Incorporating Material from Library Header Files. + + The object code form of an Application may incorporate material from +a header file that is part of the Library. You may convey such object +code under terms of your choice, provided that, if the incorporated +material is not limited to numerical parameters, data structure +layouts and accessors, or small macros, inline functions and templates +(ten or fewer lines in length), you do both of the following: + + a) Give prominent notice with each copy of the object code that the + Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the object code with a copy of the GNU GPL and this license + document. + + 4. Combined Works. + + You may convey a Combined Work under terms of your choice that, +taken together, effectively do not restrict modification of the +portions of the Library contained in the Combined Work and reverse +engineering for debugging such modifications, if you also do each of +the following: + + a) Give prominent notice with each copy of the Combined Work that + the Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the Combined Work with a copy of the GNU GPL and this license + document. + + c) For a Combined Work that displays copyright notices during + execution, include the copyright notice for the Library among + these notices, as well as a reference directing the user to the + copies of the GNU GPL and this license document. + + d) Do one of the following: + + 0) Convey the Minimal Corresponding Source under the terms of this + License, and the Corresponding Application Code in a form + suitable for, and under terms that permit, the user to + recombine or relink the Application with a modified version of + the Linked Version to produce a modified Combined Work, in the + manner specified by section 6 of the GNU GPL for conveying + Corresponding Source. + + 1) Use a suitable shared library mechanism for linking with the + Library. A suitable mechanism is one that (a) uses at run time + a copy of the Library already present on the user's computer + system, and (b) will operate properly with a modified version + of the Library that is interface-compatible with the Linked + Version. + + e) Provide Installation Information, but only if you would otherwise + be required to provide such information under section 6 of the + GNU GPL, and only to the extent that such information is + necessary to install and execute a modified version of the + Combined Work produced by recombining or relinking the + Application with a modified version of the Linked Version. (If + you use option 4d0, the Installation Information must accompany + the Minimal Corresponding Source and Corresponding Application + Code. If you use option 4d1, you must provide the Installation + Information in the manner specified by section 6 of the GNU GPL + for conveying Corresponding Source.) + + 5. Combined Libraries. + + You may place library facilities that are a work based on the +Library side by side in a single library together with other library +facilities that are not Applications and are not covered by this +License, and convey such a combined library under terms of your +choice, if you do both of the following: + + a) Accompany the combined library with a copy of the same work based + on the Library, uncombined with any other library facilities, + conveyed under the terms of this License. + + b) Give prominent notice with the combined library that part of it + is a work based on the Library, and explaining where to find the + accompanying uncombined form of the same work. + + 6. Revised Versions of the GNU Lesser General Public License. + + The Free Software Foundation may publish revised and/or new versions +of the GNU Lesser General Public License from time to time. Such new +versions will be similar in spirit to the present version, but may +differ in detail to address new problems or concerns. + + Each version is given a distinguishing version number. If the +Library as you received it specifies that a certain numbered version +of the GNU Lesser General Public License "or any later version" +applies to it, you have the option of following the terms and +conditions either of that published version or of any later version +published by the Free Software Foundation. If the Library as you +received it does not specify a version number of the GNU Lesser +General Public License, you may choose any version of the GNU Lesser +General Public License ever published by the Free Software Foundation. + + If the Library as you received it specifies that a proxy can decide +whether future versions of the GNU Lesser General Public License shall +apply, that proxy's public statement of acceptance of any version is +permanent authorization for you to choose that version for the +Library. diff --git a/keycloak-dev/share/doc/jwcrypto/README.md b/keycloak-dev/share/doc/jwcrypto/README.md new file mode 100644 index 0000000..c777d51 --- /dev/null +++ b/keycloak-dev/share/doc/jwcrypto/README.md @@ -0,0 +1,48 @@ +[![PyPI](https://img.shields.io/pypi/v/jwcrypto.svg)](https://pypi.org/project/jwcrypto/) +[![Changelog](https://img.shields.io/github/v/release/latchset/jwcrypto?label=changelog)](https://github.com/latchset/jwcrypto/releases) +[![Build Status](https://github.com/latchset/jwcrypto/actions/workflows/build.yml/badge.svg)](https://github.com/latchset/jwcrypto/actions/workflows/build.yml) +[![ppc64le Build](https://github.com/latchset/jwcrypto/actions/workflows/ppc64le.yml/badge.svg)](https://github.com/latchset/jwcrypto/actions/workflows/ppc64le.yml) +[![Code Scan](https://github.com/latchset/jwcrypto/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/latchset/jwcrypto/actions/workflows/codeql-analysis.yml) +[![Documentation Status](https://readthedocs.org/projects/jwcrypto/badge/?version=latest)](https://jwcrypto.readthedocs.io/en/latest/?badge=latest) + +JWCrypto +======== + +An implementation of the JOSE Working Group documents: +- RFC 7515 - JSON Web Signature (JWS) +- RFC 7516 - JSON Web Encryption (JWE) +- RFC 7517 - JSON Web Key (JWK) +- RFC 7518 - JSON Web Algorithms (JWA) +- RFC 7519 - JSON Web Token (JWT) +- RFC 7520 - Examples of Protecting Content Using JSON Object Signing and + Encryption (JOSE) + +Installation +============ + + pip install jwcrypto + +Documentation +============= + +http://jwcrypto.readthedocs.org + +Deprecation Notices +=================== + +2020.12.11: The RSA1_5 algorithm is now considered deprecated due to numerous +implementation issues that make it a very problematic tool to use safely. +The algorithm can still be used but requires explicitly allowing it on object +instantiation. If your application depends on it there are examples of how to +re-enable RSA1_5 usage in the tests files. + +Note: if you enable support for `RSA1_5` and the attacker can send you chosen +ciphertext and is able to measure the processing times of your application, +then your application will be vulnerable to a Bleichenbacher RSA padding +oracle, allowing the so-called "Million messages attack". That attack allows +to decrypt intercepted messages (even if they were encrypted with RSA-OAEP) or +forge signatures (both RSA-PKCS#1 v1.5 and RSASSA-PSS). + +Given JWT is generally used in tokens to sign authorization assertions or to +encrypt private key material, this is a particularly severe issue, and must +not be underestimated. diff --git a/src/keycloak/keycloak_admin.py b/src/keycloak/keycloak_admin.py index e79a0b5..b745139 100644 --- a/src/keycloak/keycloak_admin.py +++ b/src/keycloak/keycloak_admin.py @@ -427,6 +427,138 @@ class KeycloakAdmin: KeycloakDeleteError, expected_codes=[HTTP_NO_CONTENT], ) + + + def get_organizations(self) -> list | bytes: + """ + Fetch all organizations in the realm. + + :return: List of organizations + :rtype: list | bytes + """ + params_path = {"realm-name": self.connection.realm_name} + data_raw = self.connection.raw_get(urls_patterns.URL_ADMIN_ORGANIZATIONS.format(**params_path)) + return raise_error_from_response(data_raw, KeycloakGetError) + + def get_organization(self, organization_id: str) -> dict | bytes: + """ + Fetch details of a specific organization. + + :param organization_id: ID of the organization + :type organization_id: str + :return: Organization details + :rtype: dict | bytes + """ + params_path = {"realm-name": self.connection.realm_name, "organization_id": organization_id} + data_raw = self.connection.raw_get(urls_patterns.URL_ADMIN_ORGANIZATION_BY_ID.format(**params_path)) + return raise_error_from_response(data_raw, KeycloakGetError) + + def create_organization(self, payload: dict) -> dict | bytes: + """ + Create a new organization. + + :param payload: Dictionary containing organization details + :type payload: dict + :return: Response from Keycloak + :rtype: dict | bytes + """ + params_path = {"realm-name": self.connection.realm_name} + + print(payload) + data_raw = self.connection.raw_post( + urls_patterns.URL_ADMIN_ORGANIZATIONS.format(**params_path), + data=json.dumps(payload), + ) + + return raise_error_from_response( + data_raw, + KeycloakPostError, + expected_codes=[HTTP_CREATED], + ) + + return raise_error_from_response(data_raw, KeycloakPostError) + + def update_organization(self, organization_id: str, payload: dict) -> dict | bytes: + """ + Update an existing organization. + + :param organization_id: ID of the organization + :type organization_id: str + :param payload: Dictionary with updated organization details + :type payload: dict + :return: Response from Keycloak + :rtype: dict | bytes + """ + params_path = {"realm-name": self.connection.realm_name, "organization_id": organization_id} + data_raw = self.connection.raw_put( + urls_patterns.URL_ADMIN_ORGANIZATION_BY_ID.format(**params_path), + data=json.dumps(payload), + ) + return raise_error_from_response(data_raw, KeycloakPutError, expected_codes=[204]) + + def delete_organization(self, organization_id: str) -> dict | bytes: + """ + Delete an organization. + + :param organization_id: ID of the organization + :type organization_id: str + :return: Response from Keycloak + :rtype: dict | bytes + """ + params_path = {"realm-name": self.connection.realm_name, "organization_id": organization_id} + data_raw = self.connection.raw_delete(urls_patterns.URL_ADMIN_ORGANIZATION_BY_ID.format(**params_path)) + return raise_error_from_response(data_raw, KeycloakDeleteError, expected_codes=[204]) + + def get_organization_members(self, organization_id: str) -> list | bytes: + """ + Fetch all users in an organization. + + :param organization_id: ID of the organization + :type organization_id: str + :return: List of users in the organization + :rtype: list | bytes + """ + params_path = {"realm-name": self.connection.realm_name, "organization_id": organization_id} + data_raw = self.connection.raw_get(urls_patterns.URL_ADMIN_ORGANIZATION_MEMBERS.format(**params_path)) + return raise_error_from_response(data_raw, KeycloakGetError) + + def add_user_to_organization(self, organization_id: str, user_id: str) -> dict | bytes: + """ + Add a user to an organization. + + :param organization_id: ID of the organization + :type organization_id: str + :param user_id: ID of the user to be added + :type user_id: str + :return: Response from Keycloak + :rtype: dict | bytes + """ + params_path = {"realm-name": self.connection.realm_name, "organization_id": organization_id} + data_raw = self.connection.raw_post( + urls_patterns.URL_ADMIN_ORGANIZATION_ADD_MEMBER_BY_ID.format(**params_path), + data=user_id + ) + return raise_error_from_response(data_raw, KeycloakPutError, expected_codes=[201]) + + def remove_user_from_organization(self, organization_id: str, user_id: str) -> dict | bytes: + """ + Remove a user from an organization. + + :param organization_id: ID of the organization + :type organization_id: str + :param user_id: ID of the user to be removed + :type user_id: str + :return: Response from Keycloak + :rtype: dict | bytes + """ + params_path = {"realm-name": self.connection.realm_name, "organization_id": organization_id, "user_id": user_id} + + url = urls_patterns.URL_ADMIN_ORGANIZATION_DEL_MEMBER_BY_ID.format(**params_path) + print (url); + data_raw = self.connection.raw_delete(url) + return raise_error_from_response(data_raw, KeycloakDeleteError, expected_codes=[204]) + + def get_users(self, query: dict | None = None) -> list: """ diff --git a/src/keycloak/urls_patterns.py b/src/keycloak/urls_patterns.py index 91fd2dc..fd75770 100644 --- a/src/keycloak/urls_patterns.py +++ b/src/keycloak/urls_patterns.py @@ -238,3 +238,16 @@ URL_AUTHENTICATION_EXECUTION_LOWER_PRIORITY = ( ) URL_ADMIN_FLOWS_EXECUTION_CONFIG = URL_ADMIN_FLOWS_EXECUTION + "/config" + +# Organization API Endpoints +URL_ADMIN_ORGANIZATIONS = URL_ADMIN_REALM + "/organizations" +URL_ADMIN_ORGANIZATION_BY_ID = URL_ADMIN_ORGANIZATIONS + "/{organization_id}" +URL_ADMIN_ORGANIZATION_MEMBERS = URL_ADMIN_ORGANIZATION_BY_ID + "/members" +URL_ADMIN_ORGANIZATION_ADD_MEMBER_BY_ID = URL_ADMIN_ORGANIZATION_MEMBERS +URL_ADMIN_ORGANIZATION_DEL_MEMBER_BY_ID = URL_ADMIN_ORGANIZATION_MEMBERS + "/{user_id}" + + + + + + diff --git a/tests/test_orgs.py b/tests/test_orgs.py new file mode 100644 index 0000000..f476d4c --- /dev/null +++ b/tests/test_orgs.py @@ -0,0 +1,74 @@ +from keycloak import KeycloakAdmin +import json + +# Keycloak Configuration +KEYCLOAK_URL = "https://auth.illysky.io" +REALM_NAME = "cassandra" +CLIENT_ID = "administration" +CLIENT_SECRET = "JMFYMbWfPBYG3t6C4ZtQ5tfXjBE6n2PY" + + +keycloak_admin = KeycloakAdmin( + server_url=f"{KEYCLOAK_URL}/", + realm_name=REALM_NAME, + client_id=CLIENT_ID, + client_secret_key=CLIENT_SECRET, + verify=True +) + + + +# šŸŸ¢ Test fetching all organizations +print("\nšŸ”¹ Fetching all organizations...") +organizations = keycloak_admin.get_organizations() +print(json.dumps(organizations, indent=4)) + +# šŸŸ¢ Test creating an organization +print("\nšŸ”¹ Creating a new organization...") +new_org = {"name": "St Leonards Academy", "alias": "st-leonards-academy", "description": "This is a test organization", "domains": ["test.com"]} +keycloak_admin.create_organization(new_org) +print("Created Organization") + +# šŸŸ¢ Test fetching all organizations +print("\nšŸ”¹ Fetching all organizations...") +organizations = keycloak_admin.get_organizations() +print(json.dumps(organizations, indent=4)) +organization_id = next((org["id"] for org in organizations if org["name"] == new_org["name"]), None) + + +# šŸŸ¢ Test fetching organization details +print(f"\nšŸ”¹ Fetching organization details for {organization_id}...") +org_details = keycloak_admin.get_organization(organization_id) +print(org_details) + +# šŸŸ¢ Test updating organization +print("\nšŸ”¹ Updating organization...") + + + +# šŸŸ¢ Test listing organization members +print("\nšŸ”¹ Fetching members of the organization...") +org_members = keycloak_admin.get_organization_members(organization_id) +print(json.dumps(org_members, indent=4)) + +# šŸŸ¢ Test adding a user to an organization +user_id = "e9dc913d-9d55-4e01-b70b-4cf5d3b3393a" # Replace with a real user ID +print(f"\nšŸ”¹ Adding user {user_id} to organization {organization_id}...") +add_response = keycloak_admin.add_user_to_organization(organization_id, user_id) +print("Added User") + + +# šŸŸ¢ Test listing organization members +print("\nšŸ”¹ Fetching members of the organization...") +org_members = keycloak_admin.get_organization_members(organization_id) +print(json.dumps(org_members, indent=4)) + +# šŸŸ¢ Test removing a user from an organization +print(f"\nšŸ”¹ Removing user {user_id} from organization {organization_id}...") +remove_response = keycloak_admin.remove_user_from_organization(organization_id, user_id) +print("Removed User Response:", remove_response) + +# šŸŸ¢ Test deleting an organization +print("\nšŸ”¹ Deleting organization...") +delete_response = keycloak_admin.delete_organization(organization_id) +print("Deleted Organization Response:", delete_response)