Commit c47ecc89 authored by François Agneray's avatar François Agneray

Fixed install (create-db.sh & init-keycloak.sh)

parent cf3785ce
Pipeline #3434 passed with stages
in 2 minutes
......@@ -58,6 +58,7 @@ phpcs:
-w /project jakzal/phpqa phpcs --standard=PSR12 --extensions=php --colors src tests
create-db:
@docker-compose exec php sh ./conf-dev/init-keycloak.sh
@docker-compose exec php sh ./conf-dev/create-db.sh
remove-pgdata:
......
......@@ -2,7 +2,7 @@ FROM php:7.3-apache
# Install modules
RUN apt-get update \
&& apt-get install -y zlib1g zlib1g-dev libpq-dev libpq5 libzip-dev zip unzip \
&& apt-get install -y zlib1g zlib1g-dev libpq-dev libpq5 libzip-dev zip unzip jq \
&& docker-php-ext-install pgsql pdo_pgsql zip bcmath
# Install pecl modules
......
This diff is collapsed.
#!/bin/sh
set -e
# Get Keycloak Admin token
admin_token=$(curl --location --request POST 'http://keycloak:8180/auth/realms/master/protocol/openid-connect/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'username=admin' --data-urlencode 'password=admin' --data-urlencode 'grant_type=password' --data-urlencode 'client_id=admin-cli' | jq -r '.access_token')
# Create cesamsi user
curl --location --request POST 'http://keycloak:8180/auth/admin/realms/anis/users' --header 'Content-Type: application/json' --header "Authorization: Bearer $admin_token" --data-raw '{"firstName":"cesam-si","lastName":"cesam-si", "email":"cesamsi@lam.fr", "enabled":"true", "emailVerified":"true", "credentials":[{"type":"password","value":"admin","temporary":false}]}'
# Get anis_admin role and id_user
anis_admin_role=$(curl --location --request GET 'http://keycloak:8180/auth/admin/realms/anis/roles/anis_admin' --header 'Content-Type: application/json' --header "Authorization: Bearer $admin_token")
id_user=$(curl --location --request GET 'http://keycloak:8180/auth/admin/realms/anis/users' --header 'Content-Type: application/json' --header "Authorization: Bearer $admin_token" | jq -r '.[0]' | jq -r '.id')
# Add anis_admin role to cesamsi user
curl --location --request POST "http://keycloak:8180/auth/admin/realms/anis/users/${id_user}/role-mappings/realm" --header 'Content-Type: application/json' --header "Authorization: Bearer $admin_token" --data-raw "[${anis_admin_role}]"
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4woW+Tg4L3iGG9osCLi
1TD6vX/fAqX3iMfe9hi+M269FcGCl/1+Ls4gwLs/TqqFpWmg3T3bLuShHkabeGi5
CKr8hrHJMPA0NjPHuH1RUL/QyQpPgKQkmKxyUH9i3hdQtB2REcVZBmB5+JRIcUeh
cTLkpOWrRz9cquv8R7N8xD6OpdLWSFItYnOrKlR4II6EQaY0PBDyNQElXIiqTMLt
aTbXVn1suzT0NUwDTIvcxKpqTCEyM3meuIFsc+ISjff12WY5rLWoadVZHLwkfe/9
7zF3UYPb3ddZkQ/W3jQXYYMVgMHOfskXjstqH9XPkez4ovJUHukPYKsvvWWqiDCo
rwIDAQAB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmfw644EhXO2QURqqnLucM0qS8iE7l1fgAF44HaE+8NKeM+VaWUmPM5j0hCN9ujcsP9XOynU7t4c06T70f7csrzLVd36EUw35Z5vdLL5gEloW4eOvZYCRhybJSB3ED8qFSn0SvO01GdhUkyzFhqkfjCg0HInnTn+2PPj0x2TNsjPYWJfl9Hf9HZHc0GEZrqjV688Vjo4QlSDzdc0kDg+E7esAQE8125eca1HI6pJXF/eDL+Lg32m7+P9NxO6h3Qppqov+iSSXLF9HO6RnunFRNQgtof0wye4RU4HP9+irPR85vvLMom4THILBD95B8FyHZ8VMBr7KjfKoo7Kt4VBYQIDAQAB
-----END PUBLIC KEY-----
......@@ -89,22 +89,10 @@ final class GroupAction extends AbstractAction
private function editGroup(Group $group, array $parsedBody): void
{
$group->setLabel($parsedBody['label']);
$group->setUsers($this->getUsers($parsedBody['users']));
$group->setDatasets($this->getDatasets($parsedBody['datasets']));
$this->em->flush();
}
private function getUsers(array $listOfUsersIds)
{
if (count($listOfUsersIds) < 1) {
return array();
}
$dql = 'SELECT u FROM App\Entity\User u WHERE u.id IN (' . implode(',', $listOfUsersIds) . ')';
$query = $this->em->createQuery($dql);
return $query->getResult();
}
private function getDatasets(array $listOfDatasetsNames)
{
if (count($listOfDatasetsNames) < 1) {
......
......@@ -71,7 +71,6 @@ final class GroupListAction extends AbstractAction
private function postGroup(array $parsedBody): Group
{
$group = new Group(
$this->getUsers($parsedBody['users']),
$this->getDatasets($parsedBody['datasets'])
);
$group->setLabel($parsedBody['label']);
......@@ -82,21 +81,6 @@ final class GroupListAction extends AbstractAction
return $group;
}
private function getUsers(array $listOfUsersEmails)
{
if (count($listOfUsersEmails) < 1) {
return array();
}
$in = implode(',', array_map(function ($u) {
return "'" . $u . "'";
}, $listOfUsersEmails));
$dql = 'SELECT u FROM App\Entity\User u WHERE u.email IN (' . $in . ')';
$query = $this->em->createQuery($dql);
return $query->getResult();
}
private function getDatasets(array $listOfDatasetsNames)
{
if (count($listOfDatasetsNames) < 1) {
......
......@@ -74,7 +74,8 @@ final class AuthorizationMiddleware implements MiddlewareInterface
// Validating token (verifying expiration date and issuer)
$data = new ValidationData();
$data->setIssuer($this->settings['issuer']);
// TODO: Ajouter une config pour vérifier ou non le issuer
// $data->setIssuer($this->settings['issuer']);
if (!$token->validate($data)) {
return (new NyholmResponse())->withStatus(401);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment