From 67f8ae41fcc43c94d640af5abe28fcd968a28463 Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Sun, 15 Dec 2024 17:42:45 +0100 Subject: [PATCH] Update prepare realm script --- .../defaultConfig/realm-kc-26.json | 54 ++++------ .../realmConfig/prepareRealmConfig.ts | 101 +++++++----------- 2 files changed, 59 insertions(+), 96 deletions(-) diff --git a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json index 12582bfe..a0d3e1b9 100644 --- a/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json +++ b/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json @@ -673,17 +673,11 @@ "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ - "https://my-theme.keycloakify.dev/*", - "http://localhost*", - "http://127.0.0.1*", - "*" - ], - "webOrigins": [ - "https://my-theme.keycloakify.dev/*", - "http://localhost*", - "http://127.0.0.1*", - "*" + "/realms/myrealm/account/*", + "http://localhost/*", + "http://127.0.0.1/*" ], + "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -698,7 +692,7 @@ "realm_client": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", - "post.logout.redirect.uris": "*##https://my-theme.keycloakify.dev/*##http://localhost*##http://127.0.0.1*", + "post.logout.redirect.uris": "+##http://localhost/*##http://127.0.0.1/*", "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", "pkce.code.challenge.method": "S256", @@ -834,12 +828,7 @@ "http://localhost*", "http://127.0.0.1*" ], - "webOrigins": [ - "https://my-theme.keycloakify.dev/*", - "http://localhost*", - "http://127.0.0.1*", - "*" - ], + "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -854,7 +843,6 @@ "realm_client": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", - "login_theme": "keycloakify-starter", "post.logout.redirect.uris": "https://my-theme.keycloakify.dev/*##http://localhost*##http://127.0.0.1*", "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", @@ -952,17 +940,11 @@ "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ - "https://my-theme.keycloakify.dev/*", "http://localhost*", "http://127.0.0.1*", - "*" - ], - "webOrigins": [ - "https://my-theme.keycloakify.dev/*", - "http://localhost*", - "http://127.0.0.1*", - "*" + "/admin/myrealm/console/*" ], + "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -978,7 +960,7 @@ "oidc.ciba.grant.enabled": "false", "client.use.lightweight.access.token.enabled": "true", "backchannel.logout.session.required": "true", - "post.logout.redirect.uris": "*##https://my-theme.keycloakify.dev/*##http://localhost*##http://127.0.0.1*", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", "pkce.code.challenge.method": "S256", @@ -1749,14 +1731,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper", - "oidc-usermodel-property-mapper", - "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper", + "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", - "oidc-full-name-mapper" + "oidc-full-name-mapper", + "saml-role-list-mapper" ] } }, @@ -1786,14 +1768,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "saml-user-attribute-mapper", "saml-user-property-mapper", "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-property-mapper", "oidc-full-name-mapper", - "saml-user-attribute-mapper", - "oidc-address-mapper", "oidc-usermodel-attribute-mapper", - "oidc-usermodel-property-mapper" + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper" ] } }, diff --git a/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts b/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts index af9b07f1..46cbf531 100644 --- a/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts +++ b/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts @@ -4,6 +4,7 @@ import { getDefaultConfig } from "./defaultConfig"; import type { BuildContext } from "../../shared/buildContext"; import { objectKeys } from "tsafe/objectKeys"; import { TEST_APP_URL } from "../../shared/constants"; +import { sameFactory } from "evt/tools/inDepth/same"; export type BuildContextLike = { themeNames: BuildContext["themeNames"]; @@ -139,18 +140,38 @@ function addOrEditTestUser(params: { parsedRealmJson.clients.map(client => [client.id, client.clientId] as const) ); - newUser.clientRoles = {}; + const newClientRoles: NonNullable< + ParsedRealmJson["users"][number]["clientRoles"] + > = {}; for (const clientRole of Object.values(parsedRealmJson.roles.client).flat()) { const clientName = nameByClientId[clientRole.containerId]; assert(clientName !== undefined); - (newUser.clientRoles[clientName] ??= []).push(clientRole.name); + (newClientRoles[clientName] ??= []).push(clientRole.name); } - for (const clientName of Object.keys(newUser.clientRoles)) { - newUser.clientRoles[clientName].sort().reverse(); + const { same: sameSet } = sameFactory({ + takeIntoAccountArraysOrdering: false + }); + + for (const [clientName, roles] of Object.entries(newClientRoles)) { + keep_previous_ordering_if_possible: { + const roles_previous = newUser.clientRoles?.[clientName]; + + if (roles_previous === undefined) { + break keep_previous_ordering_if_possible; + } + + if (!sameSet(roles_previous, roles)) { + break keep_previous_ordering_if_possible; + } + + continue; + } + + (newUser.clientRoles ??= {})[clientName] = roles; } } @@ -234,39 +255,17 @@ function addOrEditClient(params: { parsedRealmJson.clients.push(testClient); } - for (const redirectUri of [ + testClient.redirectUris = [ `${TEST_APP_URL}/*`, "http://localhost*", "http://127.0.0.1*" - ]) { - for (const propertyName of ["webOrigins", "redirectUris"] as const) { - const arr = (testClient[propertyName] ??= []); + ] + .sort() + .reverse(); - if (arr.includes(redirectUri)) { - continue; - } + (testClient.attributes ??= {})["post.logout.redirect.uris"] = "+"; - arr.push(redirectUri); - } - - { - if (testClient.attributes === undefined) { - testClient.attributes = {}; - } - - const arr = (testClient.attributes["post.logout.redirect.uris"] ?? "") - .split("##") - .map(s => s.trim()); - - if (!arr.includes(redirectUri)) { - arr.push(redirectUri); - testClient.attributes["post.logout.redirect.uris"] = arr.join("##"); - } - } - } - - testClient.webOrigins?.sort().reverse(); - testClient.redirectUris?.sort().reverse(); + testClient.webOrigins = ["*"]; return { clientId: testClient.clientId }; } @@ -283,38 +282,20 @@ function editAccountConsoleAndSecurityAdminConsole(params: { assert(client !== undefined); - for (const redirectUri of [ - `${TEST_APP_URL}/*`, - "http://localhost*", - "http://127.0.0.1*" - ]) { - for (const propertyName of ["webOrigins", "redirectUris"] as const) { - const arr = (client[propertyName] ??= []); + { + const arr = (client.redirectUris ??= []); - if (arr.includes(redirectUri)) { - continue; - } - - arr.push(redirectUri); - } - - { - if (client.attributes === undefined) { - client.attributes = {}; - } - - const arr = (client.attributes["post.logout.redirect.uris"] ?? "") - .split("##") - .map(s => s.trim()); - - if (!arr.includes(redirectUri)) { - arr.push(redirectUri); - client.attributes["post.logout.redirect.uris"] = arr.join("##"); + for (const value of ["http://localhost*", "http://127.0.0.1*"]) { + if (!arr.includes(value)) { + arr.push(value); } } + + client.redirectUris?.sort().reverse(); } - client.webOrigins?.sort().reverse(); - client.redirectUris?.sort().reverse(); + (client.attributes ??= {})["post.logout.redirect.uris"] = "+"; + + client.webOrigins = ["*"]; } }