Merge branch 'main' of github.com:cerebrate-project/cerebrate into develop

2022-06-08 10:40:54 +02:00 · 2022-06-08 10:40:54 +02:00 · 85fd938320
parent cea986c622 f513f8ec99
commit 85fd938320
5 changed files with 108 additions and 64 deletions
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@ -136,6 +136,7 @@ class UsersController extends AppController
        if (!empty($responsePayload)) {
            return $responsePayload;
        }
+        $this->set('keycloakConfig', Configure::read('keycloak'));
        $this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate');
    }

--- a/src/Model/Behavior/AuthKeycloakBehavior.php
+++ b/src/Model/Behavior/AuthKeycloakBehavior.php
@ -66,9 +66,10 @@ class AuthKeycloakBehavior extends Behavior
                'name' => $profile_payload[$fields['role_name']],
            ]
        ];
-        $user['user']['individual_id'] = $this->_table->captureIndividual($user);
-        $user['user']['role_id'] = $this->_table->captureRole($user);
+        //$user['user']['individual_id'] = $this->_table->captureIndividual($user);
+        //$user['user']['role_id'] = $this->_table->captureRole($user);
        $existingUser = $this->_table->find()->where(['username' => $user['user']['username']])->first();
+        /*
        if (empty($existingUser)) {
            $user['user']['password'] = Security::randomString(16);
            $existingUser = $this->_table->newEntity($user['user']);
@ -92,6 +93,7 @@ class AuthKeycloakBehavior extends Behavior
                }
            }
        }
+        */
        return $existingUser;
    }

@ -150,15 +152,12 @@ class AuthKeycloakBehavior extends Behavior
        foreach ($roles as $role) {
            $rolesParsed[$role['name']] = $role['id'];
        }
-        $this->createUser($user, $clientId, $rolesParsed);
-        $logChange = [
-            'username' => $user['username'],
-            'individual_id' => $user['individual']['id'],
-            'role_id' => $user['role']['id']
-        ];
-        if (!$response->isOk()) {
-            $logChange['code'] = $response->getStatusCode();
-            $logChange['error_body'] = $response->getStringBody();
+        if ($this->createUser($user, $clientId, $rolesParsed)) {
+            $logChange = [
+                'username' => $user['username'],
+                'individual_id' => $user['individual']['id'],
+                'role_id' => $user['role']['id']
+            ];
            $this->_table->auditLogs()->insert([
                'request_action' => 'enrollUser',
                'model' => 'User',
@ -167,6 +166,11 @@ class AuthKeycloakBehavior extends Behavior
                'changed' => $logChange
            ]);
        } else {
+            $logChange = [
+                'username' => $user['username'],
+                'individual_id' => $user['individual']['id'],
+                'role_id' => $user['role']['id']
+            ];
            $this->_table->auditLogs()->insert([
                'request_action' => 'enrollUser',
                'model' => 'User',
@ -406,10 +410,14 @@ class AuthKeycloakBehavior extends Behavior
            ]);
        }
        $newUser = $this->restApiRequest('%s/admin/realms/%s/users?username=' . urlencode($user['username']), [], 'get');
-        $user['id'] = json_decode($newUser->getStringBody(), true);
-        if (empty($user['id'])) {
+        $users = json_decode($newUser->getStringBody(), true);
+        if (empty($users[0]['id'])) {
            return false;
        }
+        if (is_array($users[0]['id'])) {
+            $users[0]['id'] = $users[0]['id'][0];
+        }
+        $user['id'] = $users[0]['id'];
        $this->assignRolesToUser($user, $rolesParsed, $clientId);
        return true;
    }
--- a/src/Model/Table/AuditLogsTable.php
+++ b/src/Model/Table/AuditLogsTable.php
@ -58,7 +58,12 @@ class AuditLogsTable extends AppTable
                $data['request_ip'] = '127.0.0.1';
            }
        }
-        foreach (['user_id', 'request_type', 'authkey_id'] as $field) {
+        $defaults = [
+            'user_id' => 0,
+            'request_type' => self::REQUEST_TYPE_CLI,
+            'authkey_id' => 0
+        ];
+        foreach (array_keys($defaults) as $field) {
            if (!isset($data[$field])) {
                if (!isset($userInfo)) {
                    $userInfo = $this->userInfo();
@ -92,6 +97,22 @@ class AuditLogsTable extends AppTable
            }
            $data['changed'] = $changed;
        }
+        foreach ($defaults as $field => $default_value) {
+            if (!isset($data[$field])) {
+                $data[$field] = $default_value;
+            }
+        }
+    }
+
+    public function afterMarshal(
+        EventInterface $event,
+        EntityInterface $entity,
+        ArrayObject $data,
+        ArrayObject $options
+    ) {
+        if ($entity->request_type === null) {
+            $entity->request_type = self::REQUEST_TYPE_CLI;
+        }
    }

    public function beforeSave(EventInterface $event, EntityInterface $entity, ArrayObject $options)
@ -157,7 +178,7 @@ class AuditLogsTable extends AppTable
        if ($this->user !== null) {
            return $this->user;
        }
-        
+
        $this->user = ['id' => 0, /*'org_id' => 0, */'authkey_id' => 0, 'request_type' => self::REQUEST_TYPE_DEFAULT, 'name' => ''];

        $isShell = (php_sapi_name() === 'cli');
--- a/templates/Users/view.php
+++ b/templates/Users/view.php
@ -1,57 +1,68 @@
 <?php
+$kcurl = $keycloakConfig['provider']['baseUrl'] . '/realms/' . $keycloakConfig['provider']['realm'] . '/account/#/security/signingin';
+$fields = [
+    [
+        'key' => __('ID'),
+        'path' => 'id'
+    ],
+    [
+        'key' => __('UUID'),
+        'path' => 'uuid'
+    ],
+    [
+        'key' => __('Username'),
+        'path' => 'username'
+    ],
+    [
+        'type' => 'generic',
+        'key' => __('Email'),
+        'path' => 'individual.email',
+        'url' => '/individuals/view/{{0}}',
+        'url_vars' => 'individual_id'
+    ],
+    [
+        'type' => 'generic',
+        'key' => __('Organisation'),
+        'path' => 'organisation.name',
+        'url' => '/organisations/view/{{0}}',
+        'url_vars' => 'organisation.id'
+    ],
+    [
+        'type' => 'generic',
+        'key' => __('Role'),
+        'path' => 'role.name',
+        'url' => '/roles/view/{{0}}',
+        'url_vars' => 'role.id'
+    ],
+    [
+        'key' => __('First name'),
+        'path' => 'individual.first_name'
+    ],
+    [
+        'key' => __('Last name'),
+        'path' => 'individual.last_name'
+    ],
+    [
+        'key' => __('Alignments'),
+        'type' => 'alignment',
+        'path' => 'individual',
+        'scope' => 'individuals'
+    ]
+];
+if ($keycloakConfig['enabled'] && $loggedUser['id'] == $entity['id']) {
+    $fields[] = [
+        'type' => 'generic',
+        'key' => __('Modify keycloak profile'),
+        'path' => 'username',
+        'url' => $kcurl,
+        'requirements' => false
+    ];
+}
 echo $this->element(
    '/genericElements/SingleViews/single_view',
    [
        'data' => $entity,
-        'fields' => [
-            [
-                'key' => __('ID'),
-                'path' => 'id'
-            ],
-            [
-                'key' => __('UUID'),
-                'path' => 'uuid'
-            ],
-            [
-                'key' => __('Username'),
-                'path' => 'username'
-            ],
-            [
-                'type' => 'generic',
-                'key' => __('Email'),
-                'path' => 'individual.email',
-                'url' => '/individuals/view/{{0}}',
-                'url_vars' => 'individual_id'
-            ],
-            [
-                'type' => 'generic',
-                'key' => __('Organisation'),
-                'path' => 'organisation.name',
-                'url' => '/organisations/view/{{0}}',
-                'url_vars' => 'organisation.id'
-            ],
-            [
-                'type' => 'generic',
-                'key' => __('Role'),
-                'path' => 'role.name',
-                'url' => '/roles/view/{{0}}',
-                'url_vars' => 'role.id'
-            ],
-            [
-                'key' => __('First name'),
-                'path' => 'individual.first_name'
-            ],
-            [
-                'key' => __('Last name'),
-                'path' => 'individual.last_name'
-            ],
-            [
-                'key' => __('Alignments'),
-                'type' => 'alignment',
-                'path' => 'individual',
-                'scope' => 'individuals'
-            ]
-        ],
+        'fields' => $fields,
        'children' => [
            [
                'url' => '/AuthKeys/index?Users.id={{0}}',
--- a/templates/element/genericElements/SingleViews/Fields/genericField.php
+++ b/templates/element/genericElements/SingleViews/Fields/genericField.php
@ -15,6 +15,9 @@ if (!empty($field['url'])) {
            $field['url'] = str_replace('{{' . $k . '}}', $this->Hash->extract($data, $path)[0], $field['url']);
        }
    }
+    if (substr($field['url'], 0, 4) === 'http') {
+        $baseurl = '';
+    }
    $string = sprintf(
        '<a href="%s%s">%s</a>',
        $baseurl,