Fixed install (create-db.sh & init-keycloak.sh)

Makefile

@@ -58,6 +58,7 @@ phpcs:
 	-w /project jakzal/phpqa phpcs --standard=PSR12 --extensions=php --colors src tests
 
 create-db:
+	@docker-compose exec php sh ./conf-dev/init-keycloak.sh
 	@docker-compose exec php sh ./conf-dev/create-db.sh
 
 remove-pgdata:

conf-dev/Dockerfile

@@ -2,7 +2,7 @@ FROM php:7.3-apache
 
 # Install modules
 RUN apt-get update \ 
-    && apt-get install -y zlib1g zlib1g-dev libpq-dev libpq5 libzip-dev zip unzip \
+    && apt-get install -y zlib1g zlib1g-dev libpq-dev libpq5 libzip-dev zip unzip jq \
     && docker-php-ext-install pgsql pdo_pgsql zip bcmath
     
 # Install pecl modules

conf-dev/init-keycloak.sh

+#!/bin/sh
+set -e
+
+# Get Keycloak Admin token
+admin_token=$(curl --location --request POST 'http://keycloak:8180/auth/realms/master/protocol/openid-connect/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'username=admin' --data-urlencode 'password=admin' --data-urlencode 'grant_type=password' --data-urlencode 'client_id=admin-cli' | jq -r '.access_token')
+
+# Create cesamsi user
+curl --location --request POST 'http://keycloak:8180/auth/admin/realms/anis/users' --header 'Content-Type: application/json' --header "Authorization: Bearer $admin_token" --data-raw '{"firstName":"cesam-si","lastName":"cesam-si", "email":"cesamsi@lam.fr", "enabled":"true", "emailVerified":"true", "credentials":[{"type":"password","value":"admin","temporary":false}]}'
+
+# Get anis_admin role and id_user
+anis_admin_role=$(curl --location --request GET 'http://keycloak:8180/auth/admin/realms/anis/roles/anis_admin'  --header 'Content-Type: application/json' --header "Authorization: Bearer $admin_token")
+id_user=$(curl --location --request GET 'http://keycloak:8180/auth/admin/realms/anis/users' --header 'Content-Type: application/json' --header "Authorization: Bearer $admin_token" | jq -r '.[0]' | jq -r '.id')
+
+# Add anis_admin role to cesamsi user
+curl --location --request POST "http://keycloak:8180/auth/admin/realms/anis/users/${id_user}/role-mappings/realm" --header 'Content-Type: application/json' --header "Authorization: Bearer $admin_token" --data-raw "[${anis_admin_role}]"

conf-dev/public_key

 -----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4woW+Tg4L3iGG9osCLi
-1TD6vX/fAqX3iMfe9hi+M269FcGCl/1+Ls4gwLs/TqqFpWmg3T3bLuShHkabeGi5
-CKr8hrHJMPA0NjPHuH1RUL/QyQpPgKQkmKxyUH9i3hdQtB2REcVZBmB5+JRIcUeh
-cTLkpOWrRz9cquv8R7N8xD6OpdLWSFItYnOrKlR4II6EQaY0PBDyNQElXIiqTMLt
-aTbXVn1suzT0NUwDTIvcxKpqTCEyM3meuIFsc+ISjff12WY5rLWoadVZHLwkfe/9
-7zF3UYPb3ddZkQ/W3jQXYYMVgMHOfskXjstqH9XPkez4ovJUHukPYKsvvWWqiDCo
-rwIDAQAB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmfw644EhXO2QURqqnLucM0qS8iE7l1fgAF44HaE+8NKeM+VaWUmPM5j0hCN9ujcsP9XOynU7t4c06T70f7csrzLVd36EUw35Z5vdLL5gEloW4eOvZYCRhybJSB3ED8qFSn0SvO01GdhUkyzFhqkfjCg0HInnTn+2PPj0x2TNsjPYWJfl9Hf9HZHc0GEZrqjV688Vjo4QlSDzdc0kDg+E7esAQE8125eca1HI6pJXF/eDL+Lg32m7+P9NxO6h3Qppqov+iSSXLF9HO6RnunFRNQgtof0wye4RU4HP9+irPR85vvLMom4THILBD95B8FyHZ8VMBr7KjfKoo7Kt4VBYQIDAQAB
 -----END PUBLIC KEY-----

src/Action/GroupAction.php

@@ -89,22 +89,10 @@ final class GroupAction extends AbstractAction
     private function editGroup(Group $group, array $parsedBody): void
     {
         $group->setLabel($parsedBody['label']);
-        $group->setUsers($this->getUsers($parsedBody['users']));
         $group->setDatasets($this->getDatasets($parsedBody['datasets']));
         $this->em->flush();
     }
 
-    private function getUsers(array $listOfUsersIds)
-    {
-        if (count($listOfUsersIds) < 1) {
-            return array();
-        }
-
-        $dql = 'SELECT u FROM App\Entity\User u WHERE u.id IN (' . implode(',', $listOfUsersIds) . ')';
-        $query = $this->em->createQuery($dql);
-        return $query->getResult();
-    }
-
     private function getDatasets(array $listOfDatasetsNames)
     {
         if (count($listOfDatasetsNames) < 1) {

src/Action/GroupListAction.php

@@ -71,7 +71,6 @@ final class GroupListAction extends AbstractAction
     private function postGroup(array $parsedBody): Group
     {
         $group = new Group(
-            $this->getUsers($parsedBody['users']),
             $this->getDatasets($parsedBody['datasets'])
         );
         $group->setLabel($parsedBody['label']);
@@ -82,21 +81,6 @@ final class GroupListAction extends AbstractAction
         return $group;
     }
 
-    private function getUsers(array $listOfUsersEmails)
-    {
-        if (count($listOfUsersEmails) < 1) {
-            return array();
-        }
-
-        $in = implode(',', array_map(function ($u) {
-            return "'" . $u . "'";
-        }, $listOfUsersEmails));
-
-        $dql = 'SELECT u FROM App\Entity\User u WHERE u.email IN (' . $in . ')';
-        $query = $this->em->createQuery($dql);
-        return $query->getResult();
-    }
-
     private function getDatasets(array $listOfDatasetsNames)
     {
         if (count($listOfDatasetsNames) < 1) {

src/Middleware/AuthorizationMiddleware.php

@@ -74,7 +74,8 @@ final class AuthorizationMiddleware implements MiddlewareInterface
 
         // Validating token (verifying expiration date and issuer)
         $data = new ValidationData();
-        $data->setIssuer($this->settings['issuer']);
+        // TODO: Ajouter une config pour vérifier ou non le issuer
+        // $data->setIssuer($this->settings['issuer']);
         if (!$token->validate($data)) {
             return (new NyholmResponse())->withStatus(401);
         }