agtic/keycloak_theme
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update prepare realm script

Browse Source
This commit is contained in:
Joseph Garrone 2024-12-15 17:42:45 +01:00
parent b6e9fe2585
commit 67f8ae41fc
2 changed files with 59 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json
View File

@ -673,17 +673,11 @@
"alwaysDisplayInConsole": false, "alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret", "clientAuthenticatorType": "client-secret",
"redirectUris": [ "redirectUris": [
"https://my-theme.keycloakify.dev/*", "/realms/myrealm/account/*",
"http://localhost*", "http://localhost/*",
"http://127.0.0.1*", "http://127.0.0.1/*"
"*"
],
"webOrigins": [
"https://my-theme.keycloakify.dev/*",
"http://localhost*",
"http://127.0.0.1*",
"*"
], ],
"webOrigins": ["*"],
"notBefore": 0, "notBefore": 0,
"bearerOnly": false, "bearerOnly": false,
"consentRequired": false, "consentRequired": false,
@ -698,7 +692,7 @@
"realm_client": "false", "realm_client": "false",
"oidc.ciba.grant.enabled": "false", "oidc.ciba.grant.enabled": "false",
"backchannel.logout.session.required": "true", "backchannel.logout.session.required": "true",
"post.logout.redirect.uris": "*##https://my-theme.keycloakify.dev/*##http://localhost*##http://127.0.0.1*", "post.logout.redirect.uris": "+##http://localhost/*##http://127.0.0.1/*",
"oauth2.device.authorization.grant.enabled": "false", "oauth2.device.authorization.grant.enabled": "false",
"display.on.consent.screen": "false", "display.on.consent.screen": "false",
"pkce.code.challenge.method": "S256", "pkce.code.challenge.method": "S256",
@ -834,12 +828,7 @@
"http://localhost*", "http://localhost*",
"http://127.0.0.1*" "http://127.0.0.1*"
], ],
"webOrigins": [ "webOrigins": ["*"],
"https://my-theme.keycloakify.dev/*",
"http://localhost*",
"http://127.0.0.1*",
"*"
],
"notBefore": 0, "notBefore": 0,
"bearerOnly": false, "bearerOnly": false,
"consentRequired": false, "consentRequired": false,
@ -854,7 +843,6 @@
"realm_client": "false", "realm_client": "false",
"oidc.ciba.grant.enabled": "false", "oidc.ciba.grant.enabled": "false",
"backchannel.logout.session.required": "true", "backchannel.logout.session.required": "true",
"login_theme": "keycloakify-starter",
"post.logout.redirect.uris": "https://my-theme.keycloakify.dev/*##http://localhost*##http://127.0.0.1*", "post.logout.redirect.uris": "https://my-theme.keycloakify.dev/*##http://localhost*##http://127.0.0.1*",
"oauth2.device.authorization.grant.enabled": "false", "oauth2.device.authorization.grant.enabled": "false",
"display.on.consent.screen": "false", "display.on.consent.screen": "false",
@ -952,17 +940,11 @@
"alwaysDisplayInConsole": false, "alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret", "clientAuthenticatorType": "client-secret",
"redirectUris": [ "redirectUris": [
"https://my-theme.keycloakify.dev/*",
"http://localhost*", "http://localhost*",
"http://127.0.0.1*", "http://127.0.0.1*",
"*" "/admin/myrealm/console/*"
],
"webOrigins": [
"https://my-theme.keycloakify.dev/*",
"http://localhost*",
"http://127.0.0.1*",
"*"
], ],
"webOrigins": ["*"],
"notBefore": 0, "notBefore": 0,
"bearerOnly": false, "bearerOnly": false,
"consentRequired": false, "consentRequired": false,
@ -978,7 +960,7 @@
"oidc.ciba.grant.enabled": "false", "oidc.ciba.grant.enabled": "false",
"client.use.lightweight.access.token.enabled": "true", "client.use.lightweight.access.token.enabled": "true",
"backchannel.logout.session.required": "true", "backchannel.logout.session.required": "true",
"post.logout.redirect.uris": "*##https://my-theme.keycloakify.dev/*##http://localhost*##http://127.0.0.1*", "post.logout.redirect.uris": "+",
"oauth2.device.authorization.grant.enabled": "false", "oauth2.device.authorization.grant.enabled": "false",
"display.on.consent.screen": "false", "display.on.consent.screen": "false",
"pkce.code.challenge.method": "S256", "pkce.code.challenge.method": "S256",
@ -1749,14 +1731,14 @@
"subComponents": {}, "subComponents": {},
"config": { "config": {
"allowed-protocol-mapper-types": [ "allowed-protocol-mapper-types": [
"oidc-sha256-pairwise-sub-mapper",
"oidc-address-mapper",
"oidc-usermodel-property-mapper",
"saml-role-list-mapper",
"oidc-usermodel-attribute-mapper", "oidc-usermodel-attribute-mapper",
"oidc-usermodel-property-mapper",
"oidc-address-mapper",
"oidc-sha256-pairwise-sub-mapper",
"saml-user-property-mapper", "saml-user-property-mapper",
"saml-user-attribute-mapper", "saml-user-attribute-mapper",
"oidc-full-name-mapper" "oidc-full-name-mapper",
"saml-role-list-mapper"
] ]
} }
}, },
@ -1786,14 +1768,14 @@
"subComponents": {}, "subComponents": {},
"config": { "config": {
"allowed-protocol-mapper-types": [ "allowed-protocol-mapper-types": [
"saml-user-attribute-mapper",
"saml-user-property-mapper", "saml-user-property-mapper",
"saml-role-list-mapper", "saml-role-list-mapper",
"oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper",
"oidc-full-name-mapper", "oidc-full-name-mapper",
"saml-user-attribute-mapper",
"oidc-address-mapper",
"oidc-usermodel-attribute-mapper", "oidc-usermodel-attribute-mapper",
"oidc-usermodel-property-mapper" "oidc-sha256-pairwise-sub-mapper",
"oidc-address-mapper"
] ]
} }
}, },

101
src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts
View File

@ -4,6 +4,7 @@ import { getDefaultConfig } from "./defaultConfig";
import type { BuildContext } from "../../shared/buildContext"; import type { BuildContext } from "../../shared/buildContext";
import { objectKeys } from "tsafe/objectKeys"; import { objectKeys } from "tsafe/objectKeys";
import { TEST_APP_URL } from "../../shared/constants"; import { TEST_APP_URL } from "../../shared/constants";
import { sameFactory } from "evt/tools/inDepth/same";
export type BuildContextLike = { export type BuildContextLike = {
themeNames: BuildContext["themeNames"]; themeNames: BuildContext["themeNames"];
@ -139,18 +140,38 @@ function addOrEditTestUser(params: {
parsedRealmJson.clients.map(client => [client.id, client.clientId] as const) parsedRealmJson.clients.map(client => [client.id, client.clientId] as const)
); );
newUser.clientRoles = {}; const newClientRoles: NonNullable<
ParsedRealmJson["users"][number]["clientRoles"]
> = {};
for (const clientRole of Object.values(parsedRealmJson.roles.client).flat()) { for (const clientRole of Object.values(parsedRealmJson.roles.client).flat()) {
const clientName = nameByClientId[clientRole.containerId]; const clientName = nameByClientId[clientRole.containerId];
assert(clientName !== undefined); assert(clientName !== undefined);
(newUser.clientRoles[clientName] ??= []).push(clientRole.name); (newClientRoles[clientName] ??= []).push(clientRole.name);
} }
for (const clientName of Object.keys(newUser.clientRoles)) { const { same: sameSet } = sameFactory({
newUser.clientRoles[clientName].sort().reverse(); takeIntoAccountArraysOrdering: false
});
for (const [clientName, roles] of Object.entries(newClientRoles)) {
keep_previous_ordering_if_possible: {
const roles_previous = newUser.clientRoles?.[clientName];
if (roles_previous === undefined) {
break keep_previous_ordering_if_possible;
}
if (!sameSet(roles_previous, roles)) {
break keep_previous_ordering_if_possible;
}
continue;
}
(newUser.clientRoles ??= {})[clientName] = roles;
} }
} }
@ -234,39 +255,17 @@ function addOrEditClient(params: {
parsedRealmJson.clients.push(testClient); parsedRealmJson.clients.push(testClient);
} }
for (const redirectUri of [ testClient.redirectUris = [
`${TEST_APP_URL}/*`, `${TEST_APP_URL}/*`,
"http://localhost*", "http://localhost*",
"http://127.0.0.1*" "http://127.0.0.1*"
]) { ]
for (const propertyName of ["webOrigins", "redirectUris"] as const) { .sort()
const arr = (testClient[propertyName] ??= []); .reverse();
if (arr.includes(redirectUri)) { (testClient.attributes ??= {})["post.logout.redirect.uris"] = "+";
continue;
}
arr.push(redirectUri); testClient.webOrigins = ["*"];
}
{
if (testClient.attributes === undefined) {
testClient.attributes = {};
}
const arr = (testClient.attributes["post.logout.redirect.uris"] ?? "")
.split("##")
.map(s => s.trim());
if (!arr.includes(redirectUri)) {
arr.push(redirectUri);
testClient.attributes["post.logout.redirect.uris"] = arr.join("##");
}
}
}
testClient.webOrigins?.sort().reverse();
testClient.redirectUris?.sort().reverse();
return { clientId: testClient.clientId }; return { clientId: testClient.clientId };
} }
@ -283,38 +282,20 @@ function editAccountConsoleAndSecurityAdminConsole(params: {
assert(client !== undefined); assert(client !== undefined);
for (const redirectUri of [ {
`${TEST_APP_URL}/*`, const arr = (client.redirectUris ??= []);
"http://localhost*",
"http://127.0.0.1*"
]) {
for (const propertyName of ["webOrigins", "redirectUris"] as const) {
const arr = (client[propertyName] ??= []);
if (arr.includes(redirectUri)) { for (const value of ["http://localhost*", "http://127.0.0.1*"]) {
continue; if (!arr.includes(value)) {
} arr.push(value);
arr.push(redirectUri);
}
{
if (client.attributes === undefined) {
client.attributes = {};
}
const arr = (client.attributes["post.logout.redirect.uris"] ?? "")
.split("##")
.map(s => s.trim());
if (!arr.includes(redirectUri)) {
arr.push(redirectUri);
client.attributes["post.logout.redirect.uris"] = arr.join("##");
} }
} }
client.redirectUris?.sort().reverse();
} }
client.webOrigins?.sort().reverse(); (client.attributes ??= {})["post.logout.redirect.uris"] = "+";
client.redirectUris?.sort().reverse();
client.webOrigins = ["*"];
} }
} }