Merge master

5 years ago · b1c98ed883
10 changed files with 757 additions and 118 deletions
--- a/MANIFEST.in
+++ b/MANIFEST.in
@ -0,0 +1 @@
+include LICENSE
--- a/README.md
+++ b/README.md
@ -24,7 +24,7 @@ For review- see https://github.com/marcospereirampj/python-keycloak
 python-keycloak depends on:

 * Python 3
-* [requests](http://docs.python-requests.org/en/master/)
+* [requests](https://requests.readthedocs.io)
 * [python-jose](http://python-jose.readthedocs.io/en/latest/)

 ### Tests Dependencies
@ -94,11 +94,11 @@ token_rpt_info = keycloak_openid.introspect(keycloak_openid.introspect(token['ac
                                     token_type_hint="requesting_party_token"))

 # Introspect Token
-token_info = keycloak_openid.introspect(token['access_token']))
+token_info = keycloak_openid.introspect(token['access_token'])

 # Decode Token
-KEYCLOAK_PUBLIC_KEY = "secret"
-options = {"verify_signature": True, "verify_aud": True, "exp": True}
+KEYCLOAK_PUBLIC_KEY = keycloak_openid.public_key()
+options = {"verify_signature": True, "verify_aud": True, "verify_exp": True}
 token_info = keycloak_openid.decode_token(token['access_token'], key=KEYCLOAK_PUBLIC_KEY, options=options)

 # Get permissions by token
@ -114,7 +114,9 @@ from keycloak import KeycloakAdmin
 keycloak_admin = KeycloakAdmin(server_url="http://localhost:8080/auth/",
                               username='example-admin',
                               password='secret',
-                               realm_name="example_realm",
+                               realm_name="master",
+                               user_realm_name="only_if_other_realm_than_master",
+                               client_secret_key="client-secret",
                               verify=True)
        
 # Add user                       
@ -139,7 +141,7 @@ count_users = keycloak_admin.users_count()
 users = keycloak_admin.get_users({})

 # Get user ID from name
-user-id-keycloak = keycloak_admin.get_user_id("example@example.com")
+user_id_keycloak = keycloak_admin.get_user_id("example@example.com")

 # Get User
 user = keycloak_admin.get_user("user-id-keycloak")
@ -149,7 +151,7 @@ response = keycloak_admin.update_user(user_id="user-id-keycloak",
                                      payload={'firstName': 'Example Update'})

 # Update User Password
-response = set_user_password(user_id="user-id-keycloak", password="secret", temporary=True)
+response = keycloak_admin.set_user_password(user_id="user-id-keycloak", password="secret", temporary=True)
                                      
 # Delete User
 response = keycloak_admin.delete_user(user_id="user-id-keycloak")
@ -174,7 +176,7 @@ server_info = keycloak_admin.get_server_info()
 clients = keycloak_admin.get_clients()

 # Get client - id (not client-id) from client by name
-client_id=keycloak_admin.get_client_id("my-client")
+client_id = keycloak_admin.get_client_id("my-client")

 # Get representation of the client - id of client (not client-id)
 client = keycloak_admin.get_client(client_id="client_id")
--- a/docs/source/conf.py
+++ b/docs/source/conf.py
@ -60,9 +60,9 @@ author = 'Marcos Pereira'
 # built documents.
 #
 # The short X.Y version.
-version = '0.17.6'
+version = '0.23.0'
 # The full version, including alpha/beta/rc tags.
-release = '0.17.6'
+release = '0.23.0'

 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
--- a/docs/source/index.rst
+++ b/docs/source/index.rst
@ -132,7 +132,7 @@ Main methods::

    # Decode Token
    KEYCLOAK_PUBLIC_KEY = "secret"
-    options = {"verify_signature": True, "verify_aud": True, "exp": True}
+    options = {"verify_signature": True, "verify_aud": True, "verify_exp": True}
    token_info = keycloak_openid.decode_token(token['access_token'], key=KEYCLOAK_PUBLIC_KEY, options=options)

    # Get permissions by token
@ -158,6 +158,14 @@ Main methods::
    #                               realm_name="example_realm",
    #                               verify=True,
    #                               custom_headers={'CustomHeader': 'value'})
+    #
+    # You can also authenticate with client_id and client_secret
+    #keycloak_admin = KeycloakAdmin(server_url="http://localhost:8080/auth/",
+    #                               client_id="example_client",
+    #                               client_secret_key="secret",
+    #                               realm_name="example_realm",
+    #                               verify=True,
+    #                               custom_headers={'CustomHeader': 'value'})

    # Add user
    new_user = keycloak_admin.create_user({"email": "example@example.com",
@ -268,3 +276,19 @@ Main methods::

    # Function to trigger user sync from provider
    sync_users(storage_id="storage_di", action="action")
+
+    # List public RSA keys
+    components = keycloak_admin.keys
+
+    # List all keys
+    components = keycloak_admin.get_components(query={"parent":"example_realm", "type":"org.keycloak.keys.KeyProvider"})
+
+    # Create a new RSA key
+    component = keycloak_admin.create_component({"name":"rsa-generated","providerId":"rsa-generated","providerType":"org.keycloak.keys.KeyProvider","parentId":"example_realm","config":{"priority":["100"],"enabled":["true"],"active":["true"],"algorithm":["RS256"],"keySize":["2048"]}})
+
+    # Update the key
+    component_details['config']['active'] = ["false"]
+    keycloak_admin.update_component(component['id'])
+
+    # Delete the key
+    keycloak_admin.delete_component(component['id'])
--- a/keycloak/connection.py
+++ b/keycloak/connection.py
@ -47,6 +47,7 @@ class ConnectionManager(object):
        self._timeout = timeout
        self._verify = verify
        self._s = requests.Session()
+        self._s.auth = lambda x: x  # don't let requests add auth headers

        # retry once to reset connection with Keycloak after  tomcat's ConnectionTimeout
        # see https://github.com/marcospereirampj/python-keycloak/issues/36
@ -198,11 +199,12 @@ class ConnectionManager(object):
            raise KeycloakConnectionError(
                "Can't connect to server (%s)" % e)

-    def raw_delete(self, path, **kwargs):
+    def raw_delete(self, path, data={}, **kwargs):
        """ Submit delete request to the path.

        :arg
            path (str): Path for request.
+            data (dict): Payload for request.
        :return
            Response the request.
        :exception
@ -211,6 +213,7 @@ class ConnectionManager(object):
        try:
            return self._s.delete(urljoin(self.base_url, path),
                                  params=kwargs,
+                                  data=data,
                                  headers=self.headers,
                                  timeout=self.timeout,
                                  verify=self.verify)
--- a/keycloak/exceptions.py
+++ b/keycloak/exceptions.py
@ -53,6 +53,9 @@ class KeycloakOperationError(KeycloakError):
    pass


+class KeycloakDeprecationError(KeycloakError):
+    pass
+
 class KeycloakGetError(KeycloakOperationError):
    pass

@ -73,9 +76,12 @@ class KeycloakInvalidTokenError(KeycloakOperationError):
    pass


-def raise_error_from_response(response, error, expected_code=200, skip_exists=False):
-    if expected_code == response.status_code:
-        if expected_code == requests.codes.no_content:
+def raise_error_from_response(response, error, expected_codes=None, skip_exists=False):
+    if expected_codes is None:
+        expected_codes = [200, 201, 204]
+
+    if response.status_code in expected_codes:
+        if response.status_code == requests.codes.no_content:
            return {}

        try:
--- a/keycloak/keycloak_admin.py
+++ b/keycloak/keycloak_admin.py
--- a/keycloak/keycloak_openid.py
+++ b/keycloak/keycloak_openid.py
@ -28,8 +28,9 @@ from jose import jwt
 from .authorization import Authorization
 from .connection import ConnectionManager
 from .exceptions import raise_error_from_response, KeycloakGetError, \
-    KeycloakRPTNotFound, KeycloakAuthorizationConfigError, KeycloakInvalidTokenError
+    KeycloakRPTNotFound, KeycloakAuthorizationConfigError, KeycloakInvalidTokenError, KeycloakDeprecationError
 from .urls_patterns import (
+    URL_REALM,
    URL_AUTH,
    URL_TOKEN,
    URL_USERINFO,
@ -250,7 +251,7 @@ class KeycloakOpenID:
        data_raw = self.connection.raw_post(URL_LOGOUT.format(**params_path),
                                            data=payload)

-        return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
+        return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])

    def certs(self):
        """
@ -265,6 +266,17 @@ class KeycloakOpenID:
        params_path = {"realm-name": self.realm_name}
        data_raw = self.connection.raw_get(URL_CERTS.format(**params_path))
        return raise_error_from_response(data_raw, KeycloakGetError)
+    
+    def public_key(self):
+        """
+        The public key is exposed by the realm page directly.
+
+        :return:
+        """
+        params_path = {"realm-name": self.realm_name}
+        data_raw = self.connection.raw_get(URL_REALM.format(**params_path))
+        return raise_error_from_response(data_raw, KeycloakGetError)['public_key']
+

    def entitlement(self, token, resource_server_id):
        """
@ -279,6 +291,9 @@ class KeycloakOpenID:
        self.connection.add_param_headers("Authorization", "Bearer " + token)
        params_path = {"realm-name": self.realm_name, "resource-server-id": resource_server_id}
        data_raw = self.connection.raw_get(URL_ENTITLEMENT.format(**params_path))
+        
+        if data_raw.status_code == 404: 
+            return raise_error_from_response(data_raw, KeycloakDeprecationError)

        return raise_error_from_response(data_raw, KeycloakGetError)

--- a/keycloak/urls_patterns.py
+++ b/keycloak/urls_patterns.py
@ -22,6 +22,7 @@
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

 # OPENID URLS
+URL_REALM = "realms/{realm-name}"
 URL_WELL_KNOWN = "realms/{realm-name}/.well-known/openid-configuration"
 URL_TOKEN = "realms/{realm-name}/protocol/openid-connect/token"
 URL_USERINFO = "realms/{realm-name}/protocol/openid-connect/userinfo"
@ -42,6 +43,9 @@ URL_ADMIN_RESET_PASSWORD = "admin/realms/{realm-name}/users/{id}/reset-password"
 URL_ADMIN_GET_SESSIONS = "admin/realms/{realm-name}/users/{id}/sessions"
 URL_ADMIN_USER_CLIENT_ROLES = "admin/realms/{realm-name}/users/{id}/role-mappings/clients/{client-id}"
 URL_ADMIN_USER_REALM_ROLES = "admin/realms/{realm-name}/users/{id}/role-mappings/realm"
+URL_ADMIN_GROUPS_REALM_ROLES = "admin/realms/{realm-name}/groups/{id}/role-mappings/realm"
+URL_ADMIN_GET_GROUPS_REALM_ROLES = "admin/realms/{realm-name}/groups/{id}/role-mappings"
+URL_ADMIN_GROUPS_CLIENT_ROLES = "admin/realms/{realm-name}/groups/{id}/role-mappings/clients/{client-id}"
 URL_ADMIN_USER_CLIENT_ROLES_AVAILABLE = "admin/realms/{realm-name}/users/{id}/role-mappings/clients/{client-id}/available"
 URL_ADMIN_USER_CLIENT_ROLES_COMPOSITE = "admin/realms/{realm-name}/users/{id}/role-mappings/clients/{client-id}/composite"
 URL_ADMIN_USER_GROUP = "admin/realms/{realm-name}/users/{id}/groups/{group-id}"
@ -62,17 +66,39 @@ URL_ADMIN_CLIENT = URL_ADMIN_CLIENTS + "/{id}"
 URL_ADMIN_CLIENT_SECRETS= URL_ADMIN_CLIENT + "/client-secret"
 URL_ADMIN_CLIENT_ROLES = URL_ADMIN_CLIENT + "/roles"
 URL_ADMIN_CLIENT_ROLE = URL_ADMIN_CLIENT + "/roles/{role-name}"
+URL_ADMIN_CLIENT_ROLE_MEMBERS = URL_ADMIN_CLIENT + "/roles/{role-name}/users"
 URL_ADMIN_CLIENT_AUTHZ_SETTINGS = URL_ADMIN_CLIENT + "/authz/resource-server/settings"
 URL_ADMIN_CLIENT_AUTHZ_RESOURCES = URL_ADMIN_CLIENT + "/authz/resource-server/resource"
+URL_ADMIN_CLIENT_SERVICE_ACCOUNT_USER = URL_ADMIN_CLIENT + "/service-account-user"
 URL_ADMIN_CLIENT_CERTS = URL_ADMIN_CLIENT + "/certificates/{attr}"
+URL_ADMIN_CLIENT_INSTALLATION_PROVIDER = URL_ADMIN_CLIENT + "/installation/providers/{provider-id}"
+URL_ADMIN_CLIENT_PROTOCOL_MAPPER = URL_ADMIN_CLIENT + "/protocol-mappers/models"

 URL_ADMIN_CLIENT_SCOPES = "admin/realms/{realm-name}/client-scopes"
 URL_ADMIN_CLIENT_SCOPE = URL_ADMIN_CLIENT_SCOPES + "/{scope-id}"
 URL_ADMIN_CLIENT_SCOPES_ADD_MAPPER = URL_ADMIN_CLIENT_SCOPE + "/protocol-mappers/models"
+URL_ADMIN_CLIENT_SCOPES_MAPPERS = URL_ADMIN_CLIENT_SCOPES_ADD_MAPPER + "/{protocol-mapper-id}"

 URL_ADMIN_REALM_ROLES = "admin/realms/{realm-name}/roles"
+URL_ADMIN_REALM_ROLES_MEMBERS = URL_ADMIN_REALM_ROLES + "/{role-name}/users"
 URL_ADMIN_REALMS = "admin/realms"
+URL_ADMIN_REALM = "admin/realms/{realm-name}"
 URL_ADMIN_IDPS = "admin/realms/{realm-name}/identity-provider/instances"
+URL_ADMIN_IDP_MAPPERS = "admin/realms/{realm-name}/identity-provider/instances/{idp-alias}/mappers"
+URL_ADMIN_IDP = "admin/realms//{realm-name}/identity-provider/instances/{alias}"
+URL_ADMIN_REALM_ROLES_ROLE_BY_NAME = "admin/realms/{realm-name}/roles/{role-name}"
+URL_ADMIN_REALM_ROLES_COMPOSITE_REALM_ROLE = "admin/realms/{realm-name}/roles/{role-name}/composites"

 URL_ADMIN_FLOWS = "admin/realms/{realm-name}/authentication/flows"
+URL_ADMIN_FLOWS_ALIAS = "admin/realms/{realm-name}/authentication/flows/{flow-id}"
+URL_ADMIN_FLOWS_COPY = "admin/realms/{realm-name}/authentication/flows/{flow-alias}/copy"
 URL_ADMIN_FLOWS_EXECUTIONS = "admin/realms/{realm-name}/authentication/flows/{flow-alias}/executions"
+URL_ADMIN_FLOWS_EXECUTIONS_EXEUCUTION = "admin/realms/{realm-name}/authentication/flows/{flow-alias}/executions/execution"
+URL_ADMIN_FLOWS_EXECUTIONS_FLOW = "admin/realms/{realm-name}/authentication/flows/{flow-alias}/executions/flow"
+
+URL_ADMIN_COMPONENTS = "admin/realms/{realm-name}/components"
+URL_ADMIN_COMPONENT = "admin/realms/{realm-name}/components/{component-id}"
+URL_ADMIN_KEYS = "admin/realms/{realm-name}/keys"
+
+URL_ADMIN_USER_FEDERATED_IDENTITIES = "admin/realms/{realm-name}/users/{id}/federated-identity"
+URL_ADMIN_USER_FEDERATED_IDENTITY = "admin/realms/{realm-name}/users/{id}/federated-identity/{provider}"
--- a/setup.py
+++ b/setup.py
@ -7,7 +7,7 @@ with open("README.md", "r") as fh:

 setup(
    name='python-keycloak',
-    version='0.17.6',
+    version='0.23.0',
    url='https://github.com/marcospereirampj/python-keycloak',
    license='The MIT License',
    author='Marcos Pereira',