Skip to content

Keycloak auth adapter #6376

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Aug 31, 2020
Merged

Keycloak auth adapter #6376

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
2003b58
Merge pull request #5 from parse-community/master
rhuanbarreto Jan 28, 2020
36be7a3
Copy auth adapter to create keycloak adapter
Jan 28, 2020
3f54467
Add keycloak authentication adapter
Jan 28, 2020
0aceeca
Add keycloak to auth adapter tests
rhuanbarreto Feb 10, 2020
6e0a150
Improve tests
dplewis Mar 22, 2020
964fd44
Merge branch 'master' into keycloak-auth-adapter
davimacedo Aug 31, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
252 changes: 251 additions & 1 deletion spec/AuthenticationAdapters.spec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ describe('AuthenticationProviders', function () {
'weibo',
'phantauth',
'microsoft',
'keycloak',
].map(function (providerName) {
it('Should validate structure of ' + providerName, done => {
const provider = require('../lib/Adapters/Auth/' + providerName);
Expand All @@ -65,7 +66,7 @@ describe('AuthenticationProviders', function () {
});

it(`should provide the right responses for adapter ${providerName}`, async () => {
const noResponse = ['twitter', 'apple', 'gcenter', 'google'];
const noResponse = ['twitter', 'apple', 'gcenter', "google", 'keycloak'];
if (noResponse.includes(providerName)) {
return;
}
Expand Down Expand Up @@ -703,6 +704,255 @@ describe('google play games service auth', () => {
});
});

describe('keycloak auth adapter', () => {
const keycloak = require('../lib/Adapters/Auth/keycloak');
const httpsRequest = require('../lib/Adapters/Auth/httpsRequest');

it('validateAuthData should fail without access token', async () => {
const authData = {
id: 'fakeid',
};
try {
await keycloak.validateAuthData(authData);
fail();
} catch (e) {
expect(e.message).toBe('Missing access token and/or User id');
}
});

it('validateAuthData should fail without user id', async () => {
const authData = {
access_token: 'sometoken',
};
try {
await keycloak.validateAuthData(authData);
fail();
} catch (e) {
expect(e.message).toBe('Missing access token and/or User id');
}
});

it('validateAuthData should fail without config', async () => {
const options = {
keycloak: {
config: null,
},
};
const authData = {
id: 'fakeid',
access_token: 'sometoken',
};
const { adapter, providerOptions } = authenticationLoader.loadAuthAdapter(
'keycloak',
options
);
try {
await adapter.validateAuthData(authData, providerOptions);
fail();
} catch (e) {
expect(e.message).toBe('Missing keycloak configuration');
}
});

it('validateAuthData should fail connect error', async () => {
spyOn(httpsRequest, 'get').and.callFake(() => {
return Promise.reject({
text: JSON.stringify({ error: 'hosting_error' }),
});
});
const options = {
keycloak: {
config: {
'auth-server-url': 'http://example.com',
realm: 'new',
},
},
};
const authData = {
id: 'fakeid',
access_token: 'sometoken',
};
const { adapter, providerOptions } = authenticationLoader.loadAuthAdapter(
'keycloak',
options
);
try {
await adapter.validateAuthData(authData, providerOptions);
fail();
} catch (e) {
expect(e.message).toBe('Could not connect to the authentication server');
}
});

it('validateAuthData should fail with error description', async () => {
spyOn(httpsRequest, 'get').and.callFake(() => {
return Promise.reject({
text: JSON.stringify({ error_description: 'custom error message' }),
});
});
const options = {
keycloak: {
config: {
'auth-server-url': 'http://example.com',
realm: 'new',
},
},
};
const authData = {
id: 'fakeid',
access_token: 'sometoken',
};
const { adapter, providerOptions } = authenticationLoader.loadAuthAdapter(
'keycloak',
options
);
try {
await adapter.validateAuthData(authData, providerOptions);
fail();
} catch (e) {
expect(e.message).toBe('custom error message');
}
});

it('validateAuthData should fail with invalid auth', async () => {
spyOn(httpsRequest, 'get').and.callFake(() => {
return Promise.resolve({});
});
const options = {
keycloak: {
config: {
'auth-server-url': 'http://example.com',
realm: 'new',
},
},
};
const authData = {
id: 'fakeid',
access_token: 'sometoken',
};
const { adapter, providerOptions } = authenticationLoader.loadAuthAdapter(
'keycloak',
options
);
try {
await adapter.validateAuthData(authData, providerOptions);
fail();
} catch (e) {
expect(e.message).toBe('Invalid authentication');
}
});

it('validateAuthData should fail with invalid groups', async () => {
spyOn(httpsRequest, 'get').and.callFake(() => {
return Promise.resolve({
data: {
sub: 'fakeid',
roles: ['role1'],
groups: ['unknown'],
},
});
});
const options = {
keycloak: {
config: {
'auth-server-url': 'http://example.com',
realm: 'new',
},
},
};
const authData = {
id: 'fakeid',
access_token: 'sometoken',
roles: ['role1'],
groups: ['group1'],
};
const { adapter, providerOptions } = authenticationLoader.loadAuthAdapter(
'keycloak',
options
);
try {
await adapter.validateAuthData(authData, providerOptions);
fail();
} catch (e) {
expect(e.message).toBe('Invalid authentication');
}
});

it('validateAuthData should fail with invalid roles', async () => {
spyOn(httpsRequest, 'get').and.callFake(() => {
return Promise.resolve({
data: {
sub: 'fakeid',
roles: 'unknown',
groups: ['group1'],
},
});
});
const options = {
keycloak: {
config: {
'auth-server-url': 'http://example.com',
realm: 'new',
},
},
};
const authData = {
id: 'fakeid',
access_token: 'sometoken',
roles: ['role1'],
groups: ['group1'],
};
const { adapter, providerOptions } = authenticationLoader.loadAuthAdapter(
'keycloak',
options
);
try {
await adapter.validateAuthData(authData, providerOptions);
fail();
} catch (e) {
expect(e.message).toBe('Invalid authentication');
}
});

it('validateAuthData should handle authentication', async () => {
spyOn(httpsRequest, 'get').and.callFake(() => {
return Promise.resolve({
data: {
sub: 'fakeid',
roles: ['role1'],
groups: ['group1'],
},
});
});
const options = {
keycloak: {
config: {
'auth-server-url': 'http://example.com',
realm: 'new',
},
},
};
const authData = {
id: 'fakeid',
access_token: 'sometoken',
roles: ['role1'],
groups: ['group1'],
};
const { adapter, providerOptions } = authenticationLoader.loadAuthAdapter(
'keycloak',
options
);
await adapter.validateAuthData(authData, providerOptions);
expect(httpsRequest.get).toHaveBeenCalledWith({
host: 'http://example.com',
path: '/realms/new/protocol/openid-connect/userinfo',
headers: {
Authorization: 'Bearer sometoken',
},
});
});
});

describe('oauth2 auth adapter', () => {
const oauth2 = require('../lib/Adapters/Auth/oauth2');
const httpsRequest = require('../lib/Adapters/Auth/httpsRequest');
Expand Down
2 changes: 2 additions & 0 deletions src/Adapters/Auth/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ const weibo = require('./weibo');
const oauth2 = require('./oauth2');
const phantauth = require('./phantauth');
const microsoft = require('./microsoft');
const keycloak = require('./keycloak');
const ldap = require('./ldap');

const anonymous = {
Expand Down Expand Up @@ -56,6 +57,7 @@ const providers = {
weibo,
phantauth,
microsoft,
keycloak,
ldap,
};

Expand Down
Loading