Fixed install (create-db.sh & init-keycloak.sh)

c47ecc89 · François Agneray · cf3785ce · c47ecc89 · c47ecc89 · c47ecc89
Commit c47ecc89 authored Nov 16, 2020 by François Agneray
8 changed files
--- a/Makefile
+++ b/Makefile
@@ -58,6 +58,7 @@ phpcs:
 	-w /project jakzal/phpqa phpcs --standard=PSR12 --extensions=php --colors src tests

 create-db:
+	@docker-compose exec php sh ./conf-dev/init-keycloak.sh
 	@docker-compose exec php sh ./conf-dev/create-db.sh

 remove-pgdata:

--- a/conf-dev/Dockerfile
+++ b/conf-dev/Dockerfile
@@ -2,7 +2,7 @@ FROM php:7.3-apache

 # Install modules
 RUN apt-get update \ 
-    && apt-get install -y zlib1g zlib1g-dev libpq-dev libpq5 libzip-dev zip unzip \
+    && apt-get install -y zlib1g zlib1g-dev libpq-dev libpq5 libzip-dev zip unzip jq \
    && docker-php-ext-install pgsql pdo_pgsql zip bcmath
    
 # Install pecl modules

--- a/conf-dev/create-db.sh
+++ b/conf-dev/create-db.sh
--- a/conf-dev/init-keycloak.sh
+++ b/conf-dev/init-keycloak.sh
+#!/bin/sh
+set -e
+
+# Get Keycloak Admin token
+admin_token=$(curl --location --request POST 'http://keycloak:8180/auth/realms/master/protocol/openid-connect/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'username=admin' --data-urlencode 'password=admin' --data-urlencode 'grant_type=password' --data-urlencode 'client_id=admin-cli' | jq -r '.access_token')
+
+# Create cesamsi user
+curl --location --request POST 'http://keycloak:8180/auth/admin/realms/anis/users' --header 'Content-Type: application/json' --header "Authorization: Bearer $admin_token" --data-raw '{"firstName":"cesam-si","lastName":"cesam-si", "email":"cesamsi@lam.fr", "enabled":"true", "emailVerified":"true", "credentials":[{"type":"password","value":"admin","temporary":false}]}'
+
+# Get anis_admin role and id_user
+anis_admin_role=$(curl --location --request GET 'http://keycloak:8180/auth/admin/realms/anis/roles/anis_admin'  --header 'Content-Type: application/json' --header "Authorization: Bearer $admin_token")
+id_user=$(curl --location --request GET 'http://keycloak:8180/auth/admin/realms/anis/users' --header 'Content-Type: application/json' --header "Authorization: Bearer $admin_token" | jq -r '.[0]' | jq -r '.id')
+
+# Add anis_admin role to cesamsi user
+curl --location --request POST "http://keycloak:8180/auth/admin/realms/anis/users/${id_user}/role-mappings/realm" --header 'Content-Type: application/json' --header "Authorization: Bearer $admin_token" --data-raw "[${anis_admin_role}]"
--- a/conf-dev/public_key
+++ b/conf-dev/public_key
 -----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4woW+Tg4L3iGG9osCLi
-1TD6vX/fAqX3iMfe9hi+M269FcGCl/1+Ls4gwLs/TqqFpWmg3T3bLuShHkabeGi5
-CKr8hrHJMPA0NjPHuH1RUL/QyQpPgKQkmKxyUH9i3hdQtB2REcVZBmB5+JRIcUeh
-cTLkpOWrRz9cquv8R7N8xD6OpdLWSFItYnOrKlR4II6EQaY0PBDyNQElXIiqTMLt
-aTbXVn1suzT0NUwDTIvcxKpqTCEyM3meuIFsc+ISjff12WY5rLWoadVZHLwkfe/9
-7zF3UYPb3ddZkQ/W3jQXYYMVgMHOfskXjstqH9XPkez4ovJUHukPYKsvvWWqiDCo
-rwIDAQAB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmfw644EhXO2QURqqnLucM0qS8iE7l1fgAF44HaE+8NKeM+VaWUmPM5j0hCN9ujcsP9XOynU7t4c06T70f7csrzLVd36EUw35Z5vdLL5gEloW4eOvZYCRhybJSB3ED8qFSn0SvO01GdhUkyzFhqkfjCg0HInnTn+2PPj0x2TNsjPYWJfl9Hf9HZHc0GEZrqjV688Vjo4QlSDzdc0kDg+E7esAQE8125eca1HI6pJXF/eDL+Lg32m7+P9NxO6h3Qppqov+iSSXLF9HO6RnunFRNQgtof0wye4RU4HP9+irPR85vvLMom4THILBD95B8FyHZ8VMBr7KjfKoo7Kt4VBYQIDAQAB
 -----END PUBLIC KEY-----
--- a/src/Action/GroupAction.php
+++ b/src/Action/GroupAction.php
@@ -89,22 +89,10 @@ final class GroupAction extends AbstractAction
    private function editGroup(Group $group, array $parsedBody): void
    {
        $group->setLabel($parsedBody['label']);
-        $group->setUsers($this->getUsers($parsedBody['users']));
        $group->setDatasets($this->getDatasets($parsedBody['datasets']));
        $this->em->flush();
    }

-    private function getUsers(array $listOfUsersIds)
-    {
-        if (count($listOfUsersIds) < 1) {
-            return array();
-        }
-
-        $dql = 'SELECT u FROM App\Entity\User u WHERE u.id IN (' . implode(',', $listOfUsersIds) . ')';
-        $query = $this->em->createQuery($dql);
-        return $query->getResult();
-    }
-
    private function getDatasets(array $listOfDatasetsNames)
    {
        if (count($listOfDatasetsNames) < 1) {

--- a/src/Action/GroupListAction.php
+++ b/src/Action/GroupListAction.php
@@ -71,7 +71,6 @@ final class GroupListAction extends AbstractAction
    private function postGroup(array $parsedBody): Group
    {
        $group = new Group(
-            $this->getUsers($parsedBody['users']),
            $this->getDatasets($parsedBody['datasets'])
        );
        $group->setLabel($parsedBody['label']);
@@ -82,21 +81,6 @@ final class GroupListAction extends AbstractAction
        return $group;
    }

-    private function getUsers(array $listOfUsersEmails)
-    {
-        if (count($listOfUsersEmails) < 1) {
-            return array();
-        }
-
-        $in = implode(',', array_map(function ($u) {
-            return "'" . $u . "'";
-        }, $listOfUsersEmails));
-
-        $dql = 'SELECT u FROM App\Entity\User u WHERE u.email IN (' . $in . ')';
-        $query = $this->em->createQuery($dql);
-        return $query->getResult();
-    }
-
    private function getDatasets(array $listOfDatasetsNames)
    {
        if (count($listOfDatasetsNames) < 1) {

--- a/src/Middleware/AuthorizationMiddleware.php
+++ b/src/Middleware/AuthorizationMiddleware.php
@@ -74,7 +74,8 @@ final class AuthorizationMiddleware implements MiddlewareInterface

        // Validating token (verifying expiration date and issuer)
        $data = new ValidationData();
-        $data->setIssuer($this->settings['issuer']);
+        // TODO: Ajouter une config pour vérifier ou non le issuer
+        // $data->setIssuer($this->settings['issuer']);
        if (!$token->validate($data)) {
            return (new NyholmResponse())->withStatus(401);
        }