nicolas
/
3scale-webhooks-sample
mirror of https://github.com/nmasse-itix/3scale-webhooks-sample.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

implement client removal + add safety check

master
Nicolas Massé 9 years ago
parent
1b9077d8b5
commit
6c40e5a716
1 changed files with 70 additions and 13 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 83
      sso.js

83
sso.js
View File

@ -38,30 +38,65 @@ exports.init = sso_init;
function handle_application(action, type, app, next) { function handle_application(action, type, app, next) {
// Safety check: only create apps for OAuth enabled apps
// We know that an app is OAuth enabled if there is a redirect_url
// element in the webhooks payload. The element can be empty but it has to be there.
if (!("redirect_url" in app)) {
console.log("No redirect_url found in app description (not OAuth ?). Skipping client creation...");
return next("No redirect_url found in app description (not OAuth ?)");
}
// Base Payload for app creation/update
var client = { var client = {
clientId: app.application_id, clientId: app.application_id,
clientAuthenticatorType: "client-secret",
secret: app.keys.key,
redirectUris: [ app.redirect_url ],
publicClient: false,
name: app.name, name: app.name,
description: app.description description: app.description
}; };
// Add the client_secret to the client creation payload when found
if ('keys' in app && 'key' in app.keys && app.keys.key != null) {
console.log("Found a client_secret : '%s'", app.keys.key);
client.secret = app.keys.key;
client.clientAuthenticatorType = "client-secret";
client.publicClient = false;
}
// Add the redirect_url to the client creation payload when found
if (app.redirect_url != null && app.redirect_url != "") {
console.log("Found a redirect_url : '%s'", app.redirect_url);
client.redirectUris = [ app.redirect_url ];
}
authenticate_to_sso(next, (access_token) => { authenticate_to_sso(next, (access_token) => {
get_sso_client(client.clientId, access_token, next, (sso_client) => { get_sso_client(client.clientId, access_token, next, (sso_client) => {
if (sso_client == null) { if (action == "updated" || action == "created") {
console.log("Could not find a client, creating it..."); if (sso_client == null) {
create_sso_client(access_token, client, (response) => { console.log("Could not find a client, creating it...");
console.log("OK, client created !") create_sso_client(access_token, client, (response) => {
console.log("OK, client created !")
next('SUCCESS');
});
} else {
console.log("Found an existing client with id = %s", sso_client.id);
update_sso_client(access_token, client, sso_client.id, next, (response) => {
console.log("OK, client updated !");
next('SUCCESS');
});
}
} else if (action == "deleted") {
if (sso_client == null) {
console.log("Could not find a matching client...");
return next('Nothing done, could not find a matching client.');
}
console.log("Deleting client with id = %s", sso_client.id);
delete_sso_client(access_token, sso_client.id, next, (response) => {
console.log("OK, client deleted !");
next('SUCCESS'); next('SUCCESS');
}); });
} else { } else {
console.log("Found an existing client with id = %s", sso_client.id); console.log("Unkown action '%s'", action);
update_sso_client(access_token, client, sso_client.id, next, (response) => { next(util.format("Unknown action '%s'", action));
console.log("OK, client updated !");
next('SUCCESS');
});
} }
}); });
}); });
@ -152,6 +187,28 @@ function update_sso_client(access_token, client, id, error, next) {
}); });
} }
function delete_sso_client(access_token, id, error, next) {
req.delete(util.format("https://%s/auth/admin/realms/%s/clients/%s", config.SSO_HOSTNAME, config.SSO_REALM, id), {
headers: {
"Authorization": "Bearer " + access_token
}
}, (err, response, body) => {
if (err) {
return error(err);
}
console.log("Got a %d response from SSO", response.statusCode);
if (response.statusCode == 204) {
try {
next();
} catch (err) {
return error(err);
}
} else {
return error(util.format("Got a %d response from SSO while updating client", response.statusCode));
}
});
}
function authenticate_to_sso(error, next) { function authenticate_to_sso(error, next) {
console.log("Authenticating to SSO (realm = '%s') using the ROPC OAuth flow with %s/%s", config.SSO_REALM, config.SSO_SERVICE_USERNAME, config.SSO_SERVICE_PASSWORD); console.log("Authenticating to SSO (realm = '%s') using the ROPC OAuth flow with %s/%s", config.SSO_REALM, config.SSO_SERVICE_USERNAME, config.SSO_SERVICE_PASSWORD);
req.post(util.format("https://%s/auth/realms/%s/protocol/openid-connect/token", config.SSO_HOSTNAME, config.SSO_REALM), { req.post(util.format("https://%s/auth/realms/%s/protocol/openid-connect/token", config.SSO_HOSTNAME, config.SSO_REALM), {

Write Preview
Loading…
Cancel
Save