Browse Source

Fixed new features.

hotfix/merge
Marcos Pereira 7 years ago
parent
commit
71c7cd099d
  1. 4
      README.md
  2. 4
      docs/source/conf.py
  3. 6
      docs/source/index.rst
  4. 9
      keycloak/exceptions.py
  5. 140
      keycloak/keycloak_admin.py
  6. 3
      requirements.txt
  7. 4
      setup.py

4
README.md

@ -42,7 +42,9 @@ The documentation for python-keycloak is available on [readthedocs](http://pytho
## Contributors ## Contributors
* [Agriness Team](http://www.agriness.com/pt/) * [Agriness Team](http://www.agriness.com/pt/)
* [Marcos Pereira](marcospereira.mpj@gmail.com)
* [Martin Devlin](martin.devlin@pearson.com) * [Martin Devlin](martin.devlin@pearson.com)
* [Shon T. Urbas](shon.urbas@gmail.com>)
## Usage ## Usage
@ -75,7 +77,7 @@ token = keycloak_openid.token("user", "password")
rpt = keycloak_openid.entitlement(token['access_token'], "resource_id") rpt = keycloak_openid.entitlement(token['access_token'], "resource_id")
# Instropect RPT # Instropect RPT
token_rpt_info = keycloak_openid.instropect(keycloak_openid.instropect(token['access_token'], rpt=rpt['rpt'],
token_rpt_info = keycloak_openid.introspect(keycloak_openid.introspect(token['access_token'], rpt=rpt['rpt'],
token_type_hint="requesting_party_token")) token_type_hint="requesting_party_token"))
# Introspect Token # Introspect Token

4
docs/source/conf.py

@ -60,9 +60,9 @@ author = 'Marcos Pereira'
# built documents. # built documents.
# #
# The short X.Y version. # The short X.Y version.
version = '0.10.2'
version = '0.11.0'
# The full version, including alpha/beta/rc tags. # The full version, including alpha/beta/rc tags.
release = '0.10.2'
release = '0.11.0'
# The language for content autogenerated by Sphinx. Refer to documentation # The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages. # for a list of supported languages.

6
docs/source/index.rst

@ -43,7 +43,6 @@ python-keycloak depends on:
* Python 3 * Python 3
* `requests <http://docs.python-requests.org/en/master/>`_ * `requests <http://docs.python-requests.org/en/master/>`_
* `python-jose <http://python-jose.readthedocs.io/en/latest/>`_ * `python-jose <http://python-jose.readthedocs.io/en/latest/>`_
* `simplejson <https://simplejson.readthedocs.io/en/latest/>`_
Tests Dependencies Tests Dependencies
------------------ ------------------
@ -67,6 +66,7 @@ Contributors
* `Agriness Team <http://www.agriness.com/pt/>`_ * `Agriness Team <http://www.agriness.com/pt/>`_
* `Martin Devlin <martin.devlin@pearson.com>`_ * `Martin Devlin <martin.devlin@pearson.com>`_
* `Shon T. Urbas <shon.urbas@gmail.com>`_
Usage Usage
===== =====
@ -102,7 +102,7 @@ Main methods::
rpt = keycloak_openid.entitlement(token['access_token'], "resource_id") rpt = keycloak_openid.entitlement(token['access_token'], "resource_id")
# Instropect RPT # Instropect RPT
token_rpt_info = keycloak_openid.instropect(keycloak_openid.instropect(token['access_token'], rpt=rpt['rpt'],
token_rpt_info = keycloak_openid.introspect(keycloak_openid.introspect(token['access_token'], rpt=rpt['rpt'],
token_type_hint="requesting_party_token")) token_type_hint="requesting_party_token"))
# Introspect Token # Introspect Token
@ -127,7 +127,7 @@ Main methods::
username='example-admin', username='example-admin',
password='secret', password='secret',
realm_name="example_realm", realm_name="example_realm",
verify=True)
verify=True)
# Add user # Add user
new_user = keycloak_admin.create_user({"email": "example@example.com", new_user = keycloak_admin.create_user({"email": "example@example.com",

9
keycloak/exceptions.py

@ -16,7 +16,6 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
import requests import requests
from simplejson import JSONDecodeError
class KeycloakError(Exception): class KeycloakError(Exception):
@ -68,20 +67,16 @@ class KeycloakInvalidTokenError(KeycloakOperationError):
pass pass
def raise_error_from_response(response, error, expected_code=200, skip_exists=False):
def raise_error_from_response(response, error, expected_code=200):
if expected_code == response.status_code: if expected_code == response.status_code:
if expected_code == requests.codes.no_content: if expected_code == requests.codes.no_content:
return {} return {}
try: try:
return response.json() return response.json()
except JSONDecodeError as e:
except ValueError:
return response.content return response.content
if skip_exists and response.status_code == 409:
return {"Already exists"}
try: try:
message = response.json()['message'] message = response.json()['message']
except (KeyError, ValueError): except (KeyError, ValueError):

140
keycloak/keycloak_admin.py

@ -15,12 +15,16 @@
# You should have received a copy of the GNU Lesser General Public License # You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
# Unless otherwise stated in the comments, "id", in e.g. user_id, refers to the internal Keycloak server ID, usually a uuid string
# Unless otherwise stated in the comments, "id", in e.g. user_id, refers to the
# internal Keycloak server ID, usually a uuid string
from .urls_patterns import URL_ADMIN_USERS_COUNT, URL_ADMIN_USER, URL_ADMIN_USER_CONSENTS, \
from .urls_patterns import \
URL_ADMIN_USERS_COUNT, URL_ADMIN_USER, URL_ADMIN_USER_CONSENTS, \
URL_ADMIN_SEND_UPDATE_ACCOUNT, URL_ADMIN_RESET_PASSWORD, URL_ADMIN_SEND_VERIFY_EMAIL, URL_ADMIN_GET_SESSIONS, \ URL_ADMIN_SEND_UPDATE_ACCOUNT, URL_ADMIN_RESET_PASSWORD, URL_ADMIN_SEND_VERIFY_EMAIL, URL_ADMIN_GET_SESSIONS, \
URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS, URL_ADMIN_CLIENT, URL_ADMIN_CLIENT_ROLES, URL_ADMIN_REALM_ROLES, URL_ADMIN_USER_CLIENT_ROLES, \
URL_ADMIN_GROUP, URL_ADMIN_GROUPS, URL_ADMIN_GROUP_CHILD, URL_ADMIN_USER_GROUP, URL_ADMIN_USER_PASSWORD, URL_ADMIN_GROUP_PERMISSIONS
URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS, URL_ADMIN_CLIENT, URL_ADMIN_CLIENT_ROLES, URL_ADMIN_REALM_ROLES, \
URL_ADMIN_USER_CLIENT_ROLES, URL_ADMIN_GROUP, URL_ADMIN_GROUPS, URL_ADMIN_GROUP_CHILD, URL_ADMIN_USER_GROUP,\
URL_ADMIN_USER_PASSWORD, URL_ADMIN_GROUP_PERMISSIONS
from .keycloak_openid import KeycloakOpenID from .keycloak_openid import KeycloakOpenID
from .exceptions import raise_error_from_response, KeycloakGetError from .exceptions import raise_error_from_response, KeycloakGetError
@ -109,47 +113,21 @@ class KeycloakAdmin:
data_raw = self.connection.raw_get(URL_ADMIN_USERS.format(**params_path), **query) data_raw = self.connection.raw_get(URL_ADMIN_USERS.format(**params_path), **query)
return raise_error_from_response(data_raw, KeycloakGetError) return raise_error_from_response(data_raw, KeycloakGetError)
def create_user(self, username, email='', firstName='', lastName='', emailVerified=False, enabled=True, password=None, passwordTemp=False, skip_exists=False):
def create_user(self, payload):
""" """
Create a new user Username must be unique Create a new user Username must be unique
UserRepresentation UserRepresentation
http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_userrepresentation http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_userrepresentation
:param data: Http response
:param payload: UserRepresentation
:return: UserRepresentation
""" """
data={}
data["username"]=username
data["email"]=email
data["firstName"]=firstName
data["lastName"]=lastName
data["emailVerified"]=emailVerified
data["enabled"]=enabled
params_path = {"realm-name": self.realm_name} params_path = {"realm-name": self.realm_name}
exists = self.get_user_id(username=username)
if exists is not None:
return str(exists)
data_raw = self.connection.raw_post(URL_ADMIN_USERS.format(**params_path), data_raw = self.connection.raw_post(URL_ADMIN_USERS.format(**params_path),
data=json.dumps(data))
create_resp = raise_error_from_response(data_raw, KeycloakGetError, expected_code=201, skip_exists=skip_exists)
if password is not None:
user_id = self.get_user_id(username)
data={}
data["value"]=password
data["type"]="password"
data["temporary"]=passwordTemp
params_path = {"realm-name": self.realm_name, "id": user_id}
data_raw = self.connection.raw_put(URL_ADMIN_USER_PASSWORD.format(**params_path),
data=json.dumps(data))
return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
else:
return create_resp
data=json.dumps(payload))
return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201)
def users_count(self): def users_count(self):
""" """
@ -161,7 +139,6 @@ class KeycloakAdmin:
data_raw = self.connection.raw_get(URL_ADMIN_USERS_COUNT.format(**params_path)) data_raw = self.connection.raw_get(URL_ADMIN_USERS_COUNT.format(**params_path))
return raise_error_from_response(data_raw, KeycloakGetError) return raise_error_from_response(data_raw, KeycloakGetError)
def get_user_id(self, username): def get_user_id(self, username):
""" """
Get internal keycloak user id from username Get internal keycloak user id from username
@ -198,40 +175,19 @@ class KeycloakAdmin:
data_raw = self.connection.raw_get(URL_ADMIN_USER.format(**params_path)) data_raw = self.connection.raw_get(URL_ADMIN_USER.format(**params_path))
return raise_error_from_response(data_raw, KeycloakGetError) return raise_error_from_response(data_raw, KeycloakGetError)
def update_user(self, user_id, username, email='', firstName='', lastName='', emailVerified=False, enabled=True, password=None, passwordTemp=False):
def update_user(self, user_id, payload):
""" """
Update the user Update the user
:param user_id: User id :param user_id: User id
:param data: UserRepresentation
:param payload: UserRepresentation
:return: Http response :return: Http response
""" """
data={}
data["username"]=username
data["email"]=email
data["firstName"]=firstName
data["lastName"]=lastName
data["emailVerified"]=emailVerified
data["enabled"]=enabled
params_path = {"realm-name": self.realm_name, "id": user_id} params_path = {"realm-name": self.realm_name, "id": user_id}
data_raw = self.connection.raw_put(URL_ADMIN_USER.format(**params_path), data_raw = self.connection.raw_put(URL_ADMIN_USER.format(**params_path),
data=json.dumps(data))
update_resp = raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
if password is not None:
user_id = self.get_user_id(username)
data={}
data["value"]=password
data["type"]="password"
data["temporary"]=passwordTemp
params_path = {"realm-name": self.realm_name, "id": user_id}
data_raw = self.connection.raw_put(URL_ADMIN_USER_PASSWORD.format(**params_path),
data=json.dumps(data))
return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
else:
return update_resp
data=json.dumps(payload))
return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
def delete_user(self, user_id): def delete_user(self, user_id):
""" """
@ -245,6 +201,26 @@ class KeycloakAdmin:
data_raw = self.connection.raw_delete(URL_ADMIN_USER.format(**params_path)) data_raw = self.connection.raw_delete(URL_ADMIN_USER.format(**params_path))
return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204) return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
def set_user_password(self, user_id, password, temporary=True):
"""
Set up a password for the user. If temporary is True, the user will have to reset
the temporary password next time they log in.
http://www.keycloak.org/docs-api/3.2/rest-api/#_users_resource
http://www.keycloak.org/docs-api/3.2/rest-api/#_credentialrepresentation
:param user_id: User id
:param password: New password
:param temporary: True if password is temporary
:return:
"""
payload = {"type": "password", "temporary": temporary, "value": password}
params_path = {"realm-name": self.realm_name, "id": user_id}
data_raw = self.connection.raw_put(URL_ADMIN_USER_PASSWORD.format(**params_path),
data=json.dumps(payload))
return raise_error_from_response(data_raw, KeycloakGetError, expected_code=200)
def consents_user(self, user_id): def consents_user(self, user_id):
""" """
Get consents granted by the user Get consents granted by the user
@ -362,25 +338,27 @@ class KeycloakAdmin:
:return: GroupID (string) :return: GroupID (string)
""" """
if parent is not None: if parent is not None:
params_path = {"realm-name": self.realm_name, "id": parent}
data_raw = self.connection.raw_get(URL_ADMIN_GROUP.format(**params_path))
res = raise_error_from_response(data_raw, KeycloakGetError)
data_content = []
data_content.append(res)
params_path = {"realm-name": self.realm_name, "id": parent}
data_raw = self.connection.raw_get(URL_ADMIN_GROUP.format(**params_path))
res = raise_error_from_response(data_raw, KeycloakGetError)
data_content = []
data_content.append(res)
else: else:
params_path = {"realm-name": self.realm_name}
data_raw = self.connection.raw_get(URL_ADMIN_GROUPS.format(**params_path))
data_content = raise_error_from_response(data_raw, KeycloakGetError)
params_path = {"realm-name": self.realm_name}
data_raw = self.connection.raw_get(URL_ADMIN_GROUPS.format(**params_path))
data_content = raise_error_from_response(data_raw, KeycloakGetError)
for group in data_content: for group in data_content:
thisgroupname = json.dumps(group["name"]).strip('"')
thisgrouppath = json.dumps(group["path"]).strip('"')
if (thisgroupname == name and name is not None) or (thisgrouppath == path and path is not None):
return json.dumps(group["id"]).strip('"')
for subgroup in group["subGroups"]:
thisgrouppath = json.dumps(subgroup["path"]).strip('"')
if (thisgrouppath == path and path is not None) or (thisgrouppath == name and name is not None):
return json.dumps(subgroup["id"]).strip('"')
thisgroupname = json.dumps(group["name"]).strip('"')
thisgrouppath = json.dumps(group["path"]).strip('"')
if (thisgroupname == name and name is not None) or (thisgrouppath == path and path is not None):
return json.dumps(group["id"]).strip('"')
for subgroup in group["subGroups"]:
thisgrouppath = json.dumps(subgroup["path"]).strip('"')
if (thisgrouppath == path and path is not None) or (thisgrouppath == name and name is not None):
return json.dumps(subgroup["id"]).strip('"')
return None return None
def create_group(self, name=None, client_roles={}, realm_roles=[], sub_groups=[], path=None, parent=None, skip_exists=False): def create_group(self, name=None, client_roles={}, realm_roles=[], sub_groups=[], path=None, parent=None, skip_exists=False):
@ -539,7 +517,8 @@ class KeycloakAdmin:
data_raw = self.connection.raw_get(URL_ADMIN_CLIENT.format(**params_path)) data_raw = self.connection.raw_get(URL_ADMIN_CLIENT.format(**params_path))
return raise_error_from_response(data_raw, KeycloakGetError) return raise_error_from_response(data_raw, KeycloakGetError)
def create_client(self, name, client_id, redirect_uris, protocol="openid-connect", public_client=True, direct_access_grants=True, skip_exists=False):
def create_client(self, name, client_id, redirect_uris, protocol="openid-connect", public_client=True,
direct_access_grants=True):
""" """
Create a client Create a client
@ -563,7 +542,7 @@ class KeycloakAdmin:
params_path = {"realm-name": self.realm_name} params_path = {"realm-name": self.realm_name}
data_raw = self.connection.raw_post(URL_ADMIN_CLIENTS.format(**params_path), data_raw = self.connection.raw_post(URL_ADMIN_CLIENTS.format(**params_path),
data=json.dumps(data)) data=json.dumps(data))
return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201, skip_exists=skip_exists)
return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201)
def delete_client(self, client_id): def delete_client(self, client_id):
""" """
@ -671,7 +650,8 @@ class KeycloakAdmin:
""" """
Assign a client role to a user Assign a client role to a user
:param client_id: id of client (not client-id), user_id: id of user, client_id: id of client containing role, role_id: client role id, role_name: client role name)
:param client_id: id of client (not client-id), user_id: id of user, client_id: id of client containing role,
role_id: client role id, role_name: client role name)
""" """
payload=[{}] payload=[{}]

3
requirements.txt

@ -1,4 +1,3 @@
requests==2.18.3
requests==2.18.4
httmock==1.2.5 httmock==1.2.5
python-jose==1.3.2 python-jose==1.3.2
simplejson

4
setup.py

@ -4,7 +4,7 @@ from setuptools import setup
setup( setup(
name='python-keycloak', name='python-keycloak',
version='0.10.2',
version='0.11.0',
url='https://bitbucket.org/agriness/python-keycloak', url='https://bitbucket.org/agriness/python-keycloak',
license='GNU General Public License - V3', license='GNU General Public License - V3',
author='Marcos Pereira', author='Marcos Pereira',
@ -12,7 +12,7 @@ setup(
keywords='keycloak openid', keywords='keycloak openid',
description=u'python-keycloak is a Python package providing access to the Keycloak API.', description=u'python-keycloak is a Python package providing access to the Keycloak API.',
packages=['keycloak', 'keycloak.authorization', 'keycloak.tests'], packages=['keycloak', 'keycloak.authorization', 'keycloak.tests'],
install_requires=['requests==2.18.3', 'httmock==1.2.5', 'python-jose==1.3.2', 'simplejson'],
install_requires=['requests==2.18.4', 'httmock==1.2.5', 'python-jose==1.3.2', 'simplejson'],
classifiers=[ classifiers=[
'Programming Language :: Python :: 3', 'Programming Language :: Python :: 3',
'License :: OSI Approved :: GNU General Public License v3 (GPLv3)', 'License :: OSI Approved :: GNU General Public License v3 (GPLv3)',

Loading…
Cancel
Save