agtic/keycloak_theme
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update prepare realm script

Browse Source
This commit is contained in:
Joseph Garrone 2024-12-15 17:42:45 +01:00
parent b6e9fe2585
commit 67f8ae41fc
2 changed files with 59 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json
View File

@ -673,17 +673,11 @@
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"https://my-theme.keycloakify.dev/*",
"http://localhost*",
"http://127.0.0.1*",
"*"
],
"webOrigins": [
"https://my-theme.keycloakify.dev/*",
"http://localhost*",
"http://127.0.0.1*",
"*"
"/realms/myrealm/account/*",
"http://localhost/*",
"http://127.0.0.1/*"
],
"webOrigins": ["*"],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
@ -698,7 +692,7 @@
"realm_client": "false",
"oidc.ciba.grant.enabled": "false",
"backchannel.logout.session.required": "true",
"post.logout.redirect.uris": "*##https://my-theme.keycloakify.dev/*##http://localhost*##http://127.0.0.1*",
"post.logout.redirect.uris": "+##http://localhost/*##http://127.0.0.1/*",
"oauth2.device.authorization.grant.enabled": "false",
"display.on.consent.screen": "false",
"pkce.code.challenge.method": "S256",
@ -834,12 +828,7 @@
"http://localhost*",
"http://127.0.0.1*"
],
"webOrigins": [
"https://my-theme.keycloakify.dev/*",
"http://localhost*",
"http://127.0.0.1*",
"*"
],
"webOrigins": ["*"],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
@ -854,7 +843,6 @@
"realm_client": "false",
"oidc.ciba.grant.enabled": "false",
"backchannel.logout.session.required": "true",
"login_theme": "keycloakify-starter",
"post.logout.redirect.uris": "https://my-theme.keycloakify.dev/*##http://localhost*##http://127.0.0.1*",
"oauth2.device.authorization.grant.enabled": "false",
"display.on.consent.screen": "false",
@ -952,17 +940,11 @@
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"https://my-theme.keycloakify.dev/*",
"http://localhost*",
"http://127.0.0.1*",
"*"
],
"webOrigins": [
"https://my-theme.keycloakify.dev/*",
"http://localhost*",
"http://127.0.0.1*",
"*"
"/admin/myrealm/console/*"
],
"webOrigins": ["*"],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
@ -978,7 +960,7 @@
"oidc.ciba.grant.enabled": "false",
"client.use.lightweight.access.token.enabled": "true",
"backchannel.logout.session.required": "true",
"post.logout.redirect.uris": "*##https://my-theme.keycloakify.dev/*##http://localhost*##http://127.0.0.1*",
"post.logout.redirect.uris": "+",
"oauth2.device.authorization.grant.enabled": "false",
"display.on.consent.screen": "false",
"pkce.code.challenge.method": "S256",
@ -1749,14 +1731,14 @@
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"oidc-sha256-pairwise-sub-mapper",
"oidc-address-mapper",
"oidc-usermodel-property-mapper",
"saml-role-list-mapper",
"oidc-usermodel-attribute-mapper",
"oidc-usermodel-property-mapper",
"oidc-address-mapper",
"oidc-sha256-pairwise-sub-mapper",
"saml-user-property-mapper",
"saml-user-attribute-mapper",
"oidc-full-name-mapper"
"oidc-full-name-mapper",
"saml-role-list-mapper"
]
}
},
@ -1786,14 +1768,14 @@
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"saml-user-attribute-mapper",
"saml-user-property-mapper",
"saml-role-list-mapper",
"oidc-sha256-pairwise-sub-mapper",
"oidc-usermodel-property-mapper",
"oidc-full-name-mapper",
"saml-user-attribute-mapper",
"oidc-address-mapper",
"oidc-usermodel-attribute-mapper",
"oidc-usermodel-property-mapper"
"oidc-sha256-pairwise-sub-mapper",
"oidc-address-mapper"
]
}
},

101
src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts
View File

@ -4,6 +4,7 @@ import { getDefaultConfig } from "./defaultConfig";
import type { BuildContext } from "../../shared/buildContext";
import { objectKeys } from "tsafe/objectKeys";
import { TEST_APP_URL } from "../../shared/constants";
import { sameFactory } from "evt/tools/inDepth/same";
export type BuildContextLike = {
themeNames: BuildContext["themeNames"];
@ -139,18 +140,38 @@ function addOrEditTestUser(params: {
parsedRealmJson.clients.map(client => [client.id, client.clientId] as const)
);
newUser.clientRoles = {};
const newClientRoles: NonNullable<
ParsedRealmJson["users"][number]["clientRoles"]
> = {};
for (const clientRole of Object.values(parsedRealmJson.roles.client).flat()) {
const clientName = nameByClientId[clientRole.containerId];
assert(clientName !== undefined);
(newUser.clientRoles[clientName] ??= []).push(clientRole.name);
(newClientRoles[clientName] ??= []).push(clientRole.name);
}
for (const clientName of Object.keys(newUser.clientRoles)) {
newUser.clientRoles[clientName].sort().reverse();
const { same: sameSet } = sameFactory({
takeIntoAccountArraysOrdering: false
});
for (const [clientName, roles] of Object.entries(newClientRoles)) {
keep_previous_ordering_if_possible: {
const roles_previous = newUser.clientRoles?.[clientName];
if (roles_previous === undefined) {
break keep_previous_ordering_if_possible;
}
if (!sameSet(roles_previous, roles)) {
break keep_previous_ordering_if_possible;
}
continue;
}
(newUser.clientRoles ??= {})[clientName] = roles;
}
}
@ -234,39 +255,17 @@ function addOrEditClient(params: {
parsedRealmJson.clients.push(testClient);
}
for (const redirectUri of [
testClient.redirectUris = [
`${TEST_APP_URL}/*`,
"http://localhost*",
"http://127.0.0.1*"
]) {
for (const propertyName of ["webOrigins", "redirectUris"] as const) {
const arr = (testClient[propertyName] ??= []);
]
.sort()
.reverse();
if (arr.includes(redirectUri)) {
continue;
}
(testClient.attributes ??= {})["post.logout.redirect.uris"] = "+";
arr.push(redirectUri);
}
{
if (testClient.attributes === undefined) {
testClient.attributes = {};
}
const arr = (testClient.attributes["post.logout.redirect.uris"] ?? "")
.split("##")
.map(s => s.trim());
if (!arr.includes(redirectUri)) {
arr.push(redirectUri);
testClient.attributes["post.logout.redirect.uris"] = arr.join("##");
}
}
}
testClient.webOrigins?.sort().reverse();
testClient.redirectUris?.sort().reverse();
testClient.webOrigins = ["*"];
return { clientId: testClient.clientId };
}
@ -283,38 +282,20 @@ function editAccountConsoleAndSecurityAdminConsole(params: {
assert(client !== undefined);
for (const redirectUri of [
`${TEST_APP_URL}/*`,
"http://localhost*",
"http://127.0.0.1*"
]) {
for (const propertyName of ["webOrigins", "redirectUris"] as const) {
const arr = (client[propertyName] ??= []);
{
const arr = (client.redirectUris ??= []);
if (arr.includes(redirectUri)) {
continue;
}
arr.push(redirectUri);
}
{
if (client.attributes === undefined) {
client.attributes = {};
}
const arr = (client.attributes["post.logout.redirect.uris"] ?? "")
.split("##")
.map(s => s.trim());
if (!arr.includes(redirectUri)) {
arr.push(redirectUri);
client.attributes["post.logout.redirect.uris"] = arr.join("##");
for (const value of ["http://localhost*", "http://127.0.0.1*"]) {
if (!arr.includes(value)) {
arr.push(value);
}
}
client.redirectUris?.sort().reverse();
}
client.webOrigins?.sort().reverse();
client.redirectUris?.sort().reverse();
(client.attributes ??= {})["post.logout.redirect.uris"] = "+";
client.webOrigins = ["*"];
}
}