You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
133 lines
6.6 KiB
133 lines
6.6 KiB
package keycloak
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"gopkg.in/h2non/gentleman.v2/plugins/body"
|
|
"gopkg.in/h2non/gentleman.v2/plugins/url"
|
|
)
|
|
|
|
const (
|
|
userPath = "/auth/admin/realms/:realm/users"
|
|
usersAdminExtensionApiPath = "/auth/realms/:realmReq/api/admin/realms/:realm/users"
|
|
userCountPath = userPath + "/count"
|
|
userIDPath = userPath + "/:id"
|
|
userGroupsPath = userIDPath + "/groups"
|
|
resetPasswordPath = userIDPath + "/reset-password"
|
|
sendVerifyEmailPath = userIDPath + "/send-verify-email"
|
|
executeActionsEmailPath = userIDPath + "/execute-actions-email"
|
|
smsAPI = "/auth/realms/:realm/smsApi"
|
|
sendNewEnrolmentCode = smsAPI + "/sendNewCode"
|
|
getCredentialsForUserPath = usersAdminExtensionApiPath + "/:id/credentials"
|
|
deleteCredentialsForUserPath = getCredentialsForUserPath + "/:credid"
|
|
accountPasswordPath = "/auth/realms/master/api/account/realms/:realm/credentials/password"
|
|
)
|
|
|
|
// GetUsers returns a list of users, filtered according to the query parameters.
|
|
// Parameters: email, first (paging offset, int), firstName, lastName, username,
|
|
// max (maximum result size, default = 100),
|
|
// search (string contained in username, firstname, lastname or email)
|
|
func (c *Client) GetUsers(accessToken string, reqRealmName, targetRealmName string, paramKV ...string) ([]UserRepresentation, error) {
|
|
if len(paramKV)%2 != 0 {
|
|
return nil, fmt.Errorf("the number of key/val parameters should be even")
|
|
}
|
|
|
|
var resp = []UserRepresentation{}
|
|
var plugins = append(createQueryPlugins(paramKV...), url.Path(usersAdminExtensionApiPath), url.Param("realmReq", reqRealmName), url.Param("realm", targetRealmName))
|
|
var err = c.get(accessToken, &resp, plugins...)
|
|
return resp, err
|
|
}
|
|
|
|
// CreateUser creates the user from its UserRepresentation. The username must be unique.
|
|
func (c *Client) CreateUser(accessToken string, reqRealmName, targetRealmName string, user UserRepresentation) (string, error) {
|
|
return c.post(accessToken, nil, url.Path(usersAdminExtensionApiPath), url.Param("realmReq", reqRealmName), url.Param("realm", targetRealmName), body.JSON(user))
|
|
}
|
|
|
|
// CountUsers returns the number of users in the realm.
|
|
func (c *Client) CountUsers(accessToken string, realmName string) (int, error) {
|
|
var resp = 0
|
|
var err = c.get(accessToken, &resp, url.Path(userCountPath), url.Param("realm", realmName))
|
|
return resp, err
|
|
}
|
|
|
|
// GetUser get the represention of the user.
|
|
func (c *Client) GetUser(accessToken string, realmName, userID string) (UserRepresentation, error) {
|
|
var resp = UserRepresentation{}
|
|
var err = c.get(accessToken, &resp, url.Path(userIDPath), url.Param("realm", realmName), url.Param("id", userID))
|
|
return resp, err
|
|
}
|
|
|
|
// GetGroupsOfUser get the groups of the user.
|
|
func (c *Client) GetGroupsOfUser(accessToken string, realmName, userID string) ([]GroupRepresentation, error) {
|
|
var resp = []GroupRepresentation{}
|
|
var err = c.get(accessToken, &resp, url.Path(userGroupsPath), url.Param("realm", realmName), url.Param("id", userID))
|
|
return resp, err
|
|
}
|
|
|
|
// UpdateUser updates the user.
|
|
func (c *Client) UpdateUser(accessToken string, realmName, userID string, user UserRepresentation) error {
|
|
return c.put(accessToken, url.Path(userIDPath), url.Param("realm", realmName), url.Param("id", userID), body.JSON(user))
|
|
}
|
|
|
|
// DeleteUser deletes the user.
|
|
func (c *Client) DeleteUser(accessToken string, realmName, userID string) error {
|
|
return c.delete(accessToken, url.Path(userIDPath), url.Param("realm", realmName), url.Param("id", userID))
|
|
}
|
|
|
|
// ResetPassword resets password of the user.
|
|
func (c *Client) ResetPassword(accessToken string, realmName, userID string, cred CredentialRepresentation) error {
|
|
return c.put(accessToken, url.Path(resetPasswordPath), url.Param("realm", realmName), url.Param("id", userID), body.JSON(cred))
|
|
}
|
|
|
|
// SendVerifyEmail sends an email-verification email to the user An email contains a link the user can click to verify their email address.
|
|
func (c *Client) SendVerifyEmail(accessToken string, realmName string, userID string, paramKV ...string) error {
|
|
if len(paramKV)%2 != 0 {
|
|
return fmt.Errorf("the number of key/val parameters should be even")
|
|
}
|
|
|
|
var plugins = append(createQueryPlugins(paramKV...), url.Path(sendVerifyEmailPath), url.Param("realm", realmName), url.Param("id", userID))
|
|
|
|
return c.put(accessToken, plugins...)
|
|
}
|
|
|
|
// ExecuteActionsEmail sends an update account email to the user. An email contains a link the user can click to perform a set of required actions.
|
|
func (c *Client) ExecuteActionsEmail(accessToken string, realmName string, userID string, actions []string, paramKV ...string) error {
|
|
if len(paramKV)%2 != 0 {
|
|
return fmt.Errorf("the number of key/val parameters should be even")
|
|
}
|
|
|
|
var plugins = append(createQueryPlugins(paramKV...), url.Path(executeActionsEmailPath), url.Param("realm", realmName), url.Param("id", userID), body.JSON(actions))
|
|
|
|
return c.put(accessToken, plugins...)
|
|
}
|
|
|
|
// Send a new enrolment code and return it
|
|
func (c *Client) SendNewEnrolmentCode(accessToken string, realmName string, userID string) (SmsCodeRepresentation, error) {
|
|
var paramKV []string
|
|
paramKV = append(paramKV, "userid", userID)
|
|
var plugins = append(createQueryPlugins(paramKV...), url.Path(sendNewEnrolmentCode), url.Param("realm", realmName))
|
|
var resp = SmsCodeRepresentation{}
|
|
|
|
_, err := c.post(accessToken, &resp, plugins...)
|
|
|
|
return resp, err
|
|
}
|
|
|
|
// GetCredentialsForUser gets the credential list for a user
|
|
func (c *Client) GetCredentialsForUser(accessToken string, realmReq, realmName string, userID string) ([]CredentialRepresentation, error) {
|
|
var resp = []CredentialRepresentation{}
|
|
var err = c.get(accessToken, &resp, url.Path(getCredentialsForUserPath), url.Param("realmReq", realmReq), url.Param("realm", realmName), url.Param("id", userID))
|
|
return resp, err
|
|
}
|
|
|
|
// DeleteCredentialsForUser remove credentials for a user
|
|
func (c *Client) DeleteCredentialsForUser(accessToken string, realmReq, realmName string, userID string, credentialID string) error {
|
|
return c.delete(accessToken, url.Path(deleteCredentialsForUserPath), url.Param("realmReq", realmReq), url.Param("realm", realmName), url.Param("id", userID), url.Param("credid", userID))
|
|
}
|
|
|
|
// UpdatePassword updates the user's password
|
|
// Parameters: realm, currentPassword, newPassword, confirmPassword
|
|
func (c *Client) UpdatePassword(accessToken, realm, currentPassword, newPassword, confirmPassword string) (string, error) {
|
|
var m = map[string]string{"currentPassword": currentPassword, "newPassword": newPassword, "confirmation": confirmPassword}
|
|
return c.post(accessToken, nil, url.Path(accountPasswordPath), url.Param("realm", realm), body.JSON(m))
|
|
}
|
|
|