new: [user deletion] tied into KeyCloak

- remove user from KC when possible - proceed for local users
2022-11-11 15:10:04 +01:00 · 2022-11-11 15:10:04 +01:00 · 6d41622129
parent f6f94983e4
commit 6d41622129
1 changed files with 56 additions and 0 deletions
--- a/src/Model/Behavior/AuthKeycloakBehavior.php
+++ b/src/Model/Behavior/AuthKeycloakBehavior.php
@ -84,6 +84,62 @@ class AuthKeycloakBehavior extends Behavior
        );
    }

+    public function getUserIdByUsername(string $username)
+    {
+        $response = $this->restApiRequest(
+            '%s/admin/realms/%s/users/?username=' . urlencode($username),
+            [],
+            'GET'
+        );
+        if (!$response->isOk()) {
+            $responseBody = json_decode($response->getStringBody(), true);
+            $this->_table->auditLogs()->insert([
+                'request_action' => 'keycloakGetUser',
+                'model' => 'User',
+                'model_id' => 0,
+                'model_title' => __('Failed to fetch user ({0}) from keycloak', $username),
+                'changed' => ['error' => empty($responseBody['errorMessage']) ? 'Unknown error.' : $responseBody['errorMessage']]
+            ]);
+        }
+        $responseBody = json_decode($response->getStringBody(), true);
+        if (empty($responseBody[0]['id'])) {
+            return false;
+        }
+        return $responseBody[0]['id'];
+    }
+
+    public function deleteUser($data): bool
+    {
+        $userId = $this->getUserIdByUsername($data['username']);
+        if ($userId === false) {
+            $this->_table->auditLogs()->insert([
+                'request_action' => 'keycloakUserDeletion',
+                'model' => 'User',
+                'model_id' => 0,
+                'model_title' => __('User {0} not found in keycloak, deleting the user locally.', $data['username']),
+                'changed' => []
+            ]);
+            return true;
+        }
+        $response = $this->restApiRequest(
+            '%s/admin/realms/%s/users/' . urlencode($userId),
+            [],
+            'delete'
+        );
+        if (!$response->isOk()) {
+            $responseBody = json_decode($response->getStringBody(), true);
+            $this->_table->auditLogs()->insert([
+                'request_action' => 'keycloakUserDeletion',
+                'model' => 'User',
+                'model_id' => 0,
+                'model_title' => __('Failed to delete user {0} ({1}) in keycloak', $data['username'], $userId),
+                'changed' => ['error' => empty($responseBody['errorMessage']) ? 'Unknown error.' : $responseBody['errorMessage']]
+            ]);
+            return false;
+        }
+        return true;
+    }
+
    public function enrollUser($data): bool
    {
        $roleConditions = [