From 6f567f17983b13d1e33e2ede07da2e212b8e6134 Mon Sep 17 00:00:00 2001
From: Johan Droz <johan.droz@gmail.com>
Date: Wed, 14 Mar 2018 18:42:14 +0100
Subject: [PATCH] Add path for attack-detection, handle errors with errors
 package

---
 Gopkg.lock                      | 14 +++++++++++++-
 attack_detection.go             | 27 +++++++++++++++++++++++++++
 client_test.go                  |  1 -
 client.go => keycloak_client.go | 25 +++++++++++++------------
 4 files changed, 53 insertions(+), 14 deletions(-)
 create mode 100644 attack_detection.go
 delete mode 100644 client_test.go
 rename client.go => keycloak_client.go (90%)

diff --git a/Gopkg.lock b/Gopkg.lock
index 6d541e4..ca42fb3 100644
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -19,6 +19,12 @@
   revision = "925541529c1fa6821df4e44ce2723319eb2be768"
   version = "v1.0.0"
 
+[[projects]]
+  name = "github.com/pkg/errors"
+  packages = ["."]
+  revision = "645ef00459ed84a119197bfb8d8205042c6df63d"
+  version = "v0.8.0"
+
 [[projects]]
   name = "github.com/pmezard/go-difflib"
   packages = ["difflib"]
@@ -31,6 +37,12 @@
   packages = [".","cacheobject"]
   revision = "0dec1b30a0215bb68605dfc568e8855066c9202d"
 
+[[projects]]
+  name = "github.com/spf13/pflag"
+  packages = ["."]
+  revision = "e57e3eeb33f795204c1ca35f56c44f83227c6e66"
+  version = "v1.0.0"
+
 [[projects]]
   name = "github.com/stretchr/testify"
   packages = ["assert","require"]
@@ -82,6 +94,6 @@
 [solve-meta]
   analyzer-name = "dep"
   analyzer-version = 1
-  inputs-digest = "5771516553a6ddbd4ae08c137169a7ca8437e019d877ae76413fbb7191e491ee"
+  inputs-digest = "bcd4dc5f3937d83e106e1a9999b3a7f5a9544ba495a3375c920688c9e73afce8"
   solver-name = "gps-cdcl"
   solver-version = 1
diff --git a/attack_detection.go b/attack_detection.go
new file mode 100644
index 0000000..28e099e
--- /dev/null
+++ b/attack_detection.go
@@ -0,0 +1,27 @@
+package keycloak
+
+import (
+	"gopkg.in/h2non/gentleman.v2/plugins/url"
+)
+
+const (
+	attackDetectionPath   = "/auth/admin/realms/:realm/attack-detection/brute-force/users"
+	attackDetectionIDPath = attackDetectionPath + "/:id"
+)
+
+// ClearAllLoginFailures clears any user login failures for all users. This can release temporary disabled users.
+func (c *Client) ClearAllLoginFailures(realmName string) error {
+	return c.delete(url.Path(attackDetectionPath), url.Param("realm", realmName))
+}
+
+// GetAttackDetectionStatus gets the status of a username in brute force detection.
+func (c *Client) GetAttackDetectionStatus(realmName, userID string) (map[string]interface{}, error) {
+	var resp = map[string]interface{}{}
+	var err = c.get(&resp, url.Path(attackDetectionIDPath), url.Param("realm", realmName), url.Param("id", userID))
+	return resp, err
+}
+
+// ClearUserLoginFailures clear any user login failures for the user. This can release temporary disabled user.
+func (c *Client) ClearUserLoginFailures(realmName, userID string) error {
+	return c.delete(url.Path(attackDetectionIDPath), url.Param("realm", realmName), url.Param("id", userID))
+}
diff --git a/client_test.go b/client_test.go
deleted file mode 100644
index cf172a0..0000000
--- a/client_test.go
+++ /dev/null
@@ -1 +0,0 @@
-package keycloak
diff --git a/client.go b/keycloak_client.go
similarity index 90%
rename from client.go
rename to keycloak_client.go
index 2588180..94224dd 100644
--- a/client.go
+++ b/keycloak_client.go
@@ -9,6 +9,7 @@ import (
 	"time"
 
 	oidc "github.com/coreos/go-oidc"
+	"github.com/pkg/errors"
 	"gopkg.in/h2non/gentleman.v2"
 	"gopkg.in/h2non/gentleman.v2/plugin"
 	"gopkg.in/h2non/gentleman.v2/plugins/query"
@@ -39,7 +40,7 @@ func New(config Config) (*Client, error) {
 		var err error
 		u, err = url.Parse(config.Addr)
 		if err != nil {
-			return nil, fmt.Errorf("could not parse URL: %v", err)
+			return nil, errors.Wrap(err, "could not parse URL")
 		}
 	}
 
@@ -59,7 +60,7 @@ func New(config Config) (*Client, error) {
 		var issuer = fmt.Sprintf("%s/auth/realms/master", u.String())
 		oidcProvider, err = oidc.NewProvider(context.Background(), issuer)
 		if err != nil {
-			return nil, fmt.Errorf("could not create oidc provider: %v", err)
+			return nil, errors.Wrap(err, "could not create oidc provider")
 		}
 	}
 
@@ -88,7 +89,7 @@ func (c *Client) getToken() error {
 		var err error
 		resp, err = req.Do()
 		if err != nil {
-			return fmt.Errorf("could not get token: %v", err)
+			return errors.Wrap(err, "could not get token")
 		}
 	}
 	defer resp.Close()
@@ -98,7 +99,7 @@ func (c *Client) getToken() error {
 		var err error
 		err = resp.JSON(&unmarshalledBody)
 		if err != nil {
-			return fmt.Errorf("could not unmarshal response: %v", err)
+			return errors.Wrap(err, "could not unmarshal response")
 		}
 	}
 
@@ -134,7 +135,7 @@ func (c *Client) get(data interface{}, plugins ...plugin.Plugin) error {
 		var err error
 		resp, err = req.Do()
 		if err != nil {
-			return fmt.Errorf("could not get response: %v", err)
+			return errors.Wrap(err, "could not get response")
 		}
 
 		switch {
@@ -143,7 +144,7 @@ func (c *Client) get(data interface{}, plugins ...plugin.Plugin) error {
 			if err = c.verifyToken(); err != nil {
 				var err = c.getToken()
 				if err != nil {
-					return fmt.Errorf("could not get token: %v", err)
+					return errors.Wrap(err, "could not get token: %v")
 				}
 			}
 			return c.get(data, plugins...)
@@ -166,7 +167,7 @@ func (c *Client) post(plugins ...plugin.Plugin) error {
 		var err error
 		resp, err = req.Do()
 		if err != nil {
-			return fmt.Errorf("could not get response: %v", err)
+			return errors.Wrap(err, "could not get response")
 		}
 
 		switch {
@@ -175,7 +176,7 @@ func (c *Client) post(plugins ...plugin.Plugin) error {
 			if err = c.verifyToken(); err != nil {
 				var err = c.getToken()
 				if err != nil {
-					return fmt.Errorf("could not get token: %v", err)
+					return errors.Wrap(err, "could not get token")
 				}
 			}
 			return c.post(plugins...)
@@ -198,7 +199,7 @@ func (c *Client) delete(plugins ...plugin.Plugin) error {
 		var err error
 		resp, err = req.Do()
 		if err != nil {
-			return fmt.Errorf("could not get response: %v", err)
+			return errors.Wrap(err, "could not get response")
 		}
 
 		switch {
@@ -207,7 +208,7 @@ func (c *Client) delete(plugins ...plugin.Plugin) error {
 			if err = c.verifyToken(); err != nil {
 				var err = c.getToken()
 				if err != nil {
-					return fmt.Errorf("could not get token: %v", err)
+					return errors.Wrap(err, "could not get token")
 				}
 			}
 			return c.delete(plugins...)
@@ -230,7 +231,7 @@ func (c *Client) put(plugins ...plugin.Plugin) error {
 		var err error
 		resp, err = req.Do()
 		if err != nil {
-			return fmt.Errorf("could not get response: %v", err)
+			return errors.Wrap(err, "could not get response")
 		}
 
 		switch {
@@ -239,7 +240,7 @@ func (c *Client) put(plugins ...plugin.Plugin) error {
 			if err = c.verifyToken(); err != nil {
 				var err = c.getToken()
 				if err != nil {
-					return fmt.Errorf("could not get token: %v", err)
+					return errors.Wrap(err, "could not get token: %v")
 				}
 			}
 			return c.put(plugins...)