From 8cf325d263fb3715529a8c5978e4c7d2cb5f8e08 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 17 May 2022 09:06:16 +0200
Subject: [PATCH 1/8] fix: [audit logs] monkey fix for the missing fields when
 coming from a CLI query

---
 src/Model/Table/AuditLogsTable.php | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/Model/Table/AuditLogsTable.php b/src/Model/Table/AuditLogsTable.php
index e6f6f95..acfef9f 100644
--- a/src/Model/Table/AuditLogsTable.php
+++ b/src/Model/Table/AuditLogsTable.php
@@ -58,7 +58,12 @@ class AuditLogsTable extends AppTable
                 $data['request_ip'] = '127.0.0.1';
             }
         }
-        foreach (['user_id', 'request_type', 'authkey_id'] as $field) {
+        $defaults = [
+            'user_id' => 0,
+            'request_type' => 'CLI',
+            'authkey_id' => 0
+        ];
+        foreach (array_keys($defaults) as $field) {
             if (!isset($data[$field])) {
                 if (!isset($userInfo)) {
                     $userInfo = $this->userInfo();
@@ -92,6 +97,11 @@ class AuditLogsTable extends AppTable
             }
             $data['changed'] = $changed;
         }
+        foreach ($defaults as $field => $default_value) {
+            if (!isset($data[$field])) {
+                $data[$field] = $default_value;
+            }
+        }
     }
 
     public function beforeSave(EventInterface $event, EntityInterface $entity, ArrayObject $options)
@@ -157,7 +167,7 @@ class AuditLogsTable extends AppTable
         if ($this->user !== null) {
             return $this->user;
         }
-        
+
         $this->user = ['id' => 0, /*'org_id' => 0, */'authkey_id' => 0, 'request_type' => self::REQUEST_TYPE_DEFAULT, 'name' => ''];
 
         $isShell = (php_sapi_name() === 'cli');

From 23c41008d463ec65682029548abb989454e29699 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 17 May 2022 09:23:08 +0200
Subject: [PATCH 2/8] chg: [audit logs] fix test

---
 src/Model/Table/AuditLogsTable.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/Model/Table/AuditLogsTable.php b/src/Model/Table/AuditLogsTable.php
index acfef9f..d222d2e 100644
--- a/src/Model/Table/AuditLogsTable.php
+++ b/src/Model/Table/AuditLogsTable.php
@@ -60,7 +60,7 @@ class AuditLogsTable extends AppTable
         }
         $defaults = [
             'user_id' => 0,
-            'request_type' => 'CLI',
+            'request_type' => self::REQUEST_TYPE_CLI,
             'authkey_id' => 0
         ];
         foreach (array_keys($defaults) as $field) {
@@ -194,6 +194,15 @@ class AuditLogsTable extends AppTable
                 if (isset($authUser['authkey_id'])) {
                     $this->user['authkey_id'] = $authUser['authkey_id'];
                 }
+            } else {
+                $this->user['request_type'] = self::REQUEST_TYPE_CLI;
+                $currentUserId = Configure::read('CurrentUserId');
+                if (!empty($currentUserId)) {
+                    $this->user['id'] = $currentUserId;
+                    $userFromDb = $this->Users->find()->where(['id' => $currentUserId])->first();
+                    $this->user['name'] = $userFromDb['name'];
+                    $this->user['org_id'] = $userFromDb['org_id'];
+                }
             }
         }
         return $this->user;

From 11c99005802f20da64750c370a19e2ab5b71cd5b Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 17 May 2022 09:24:37 +0200
Subject: [PATCH 3/8] chg: revert

---
 src/Model/Table/AuditLogsTable.php | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/src/Model/Table/AuditLogsTable.php b/src/Model/Table/AuditLogsTable.php
index d222d2e..63db0df 100644
--- a/src/Model/Table/AuditLogsTable.php
+++ b/src/Model/Table/AuditLogsTable.php
@@ -194,15 +194,6 @@ class AuditLogsTable extends AppTable
                 if (isset($authUser['authkey_id'])) {
                     $this->user['authkey_id'] = $authUser['authkey_id'];
                 }
-            } else {
-                $this->user['request_type'] = self::REQUEST_TYPE_CLI;
-                $currentUserId = Configure::read('CurrentUserId');
-                if (!empty($currentUserId)) {
-                    $this->user['id'] = $currentUserId;
-                    $userFromDb = $this->Users->find()->where(['id' => $currentUserId])->first();
-                    $this->user['name'] = $userFromDb['name'];
-                    $this->user['org_id'] = $userFromDb['org_id'];
-                }
             }
         }
         return $this->user;

From a88318c5dffe0f4f572489be55a652c46775a98f Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 17 May 2022 09:26:23 +0200
Subject: [PATCH 4/8] fix: [auditlogs] more monkey fixing the logging errors
 via CLI

---
 src/Model/Table/AuditLogsTable.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/Model/Table/AuditLogsTable.php b/src/Model/Table/AuditLogsTable.php
index 63db0df..5997088 100644
--- a/src/Model/Table/AuditLogsTable.php
+++ b/src/Model/Table/AuditLogsTable.php
@@ -104,6 +104,17 @@ class AuditLogsTable extends AppTable
         }
     }
 
+    public function afterMarshal(
+        EventInterface $event,
+        EntityInterface $entity,
+        ArrayObject $data,
+        ArrayObject $options
+    ) {
+        if ($entity->request_type === null) {
+            $entity->request_type = self::REQUEST_TYPE_CLI;
+        }
+    }
+
     public function beforeSave(EventInterface $event, EntityInterface $entity, ArrayObject $options)
     {
         $entity->request_ip = inet_pton($entity->request_ip);

From 398307e41402a6f1673f99f56263e94e4cd61a32 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 17 May 2022 10:16:47 +0200
Subject: [PATCH 5/8] fix: [user enrollment] fixed via KC

---
 src/Model/Behavior/AuthKeycloakBehavior.php | 28 +++++++++++++--------
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/src/Model/Behavior/AuthKeycloakBehavior.php b/src/Model/Behavior/AuthKeycloakBehavior.php
index d958ee5..6550dae 100644
--- a/src/Model/Behavior/AuthKeycloakBehavior.php
+++ b/src/Model/Behavior/AuthKeycloakBehavior.php
@@ -150,15 +150,12 @@ class AuthKeycloakBehavior extends Behavior
         foreach ($roles as $role) {
             $rolesParsed[$role['name']] = $role['id'];
         }
-        $this->createUser($user, $clientId, $rolesParsed);
-        $logChange = [
-            'username' => $user['username'],
-            'individual_id' => $user['individual']['id'],
-            'role_id' => $user['role']['id']
-        ];
-        if (!$response->isOk()) {
-            $logChange['code'] = $response->getStatusCode();
-            $logChange['error_body'] = $response->getStringBody();
+        if ($this->createUser($user, $clientId, $rolesParsed)) {
+            $logChange = [
+                'username' => $user['username'],
+                'individual_id' => $user['individual']['id'],
+                'role_id' => $user['role']['id']
+            ];
             $this->_table->auditLogs()->insert([
                 'request_action' => 'enrollUser',
                 'model' => 'User',
@@ -167,6 +164,11 @@ class AuthKeycloakBehavior extends Behavior
                 'changed' => $logChange
             ]);
         } else {
+            $logChange = [
+                'username' => $user['username'],
+                'individual_id' => $user['individual']['id'],
+                'role_id' => $user['role']['id']
+            ];
             $this->_table->auditLogs()->insert([
                 'request_action' => 'enrollUser',
                 'model' => 'User',
@@ -406,10 +408,14 @@ class AuthKeycloakBehavior extends Behavior
             ]);
         }
         $newUser = $this->restApiRequest('%s/admin/realms/%s/users?username=' . urlencode($user['username']), [], 'get');
-        $user['id'] = json_decode($newUser->getStringBody(), true);
-        if (empty($user['id'])) {
+        $users = json_decode($newUser->getStringBody(), true);
+        if (empty($users[0]['id'])) {
             return false;
         }
+        if (is_array($users[0]['id'])) {
+            $users[0]['id'] = $users[0]['id'][0];
+        }
+        $user['id'] = $users[0]['id'];
         $this->assignRolesToUser($user, $rolesParsed, $clientId);
         return true;
     }

From be064bb0c989eb15f881bf9a7323d125bfee0de3 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 17 May 2022 10:42:44 +0200
Subject: [PATCH 6/8] new: [KC] profile link added

---
 src/Controller/UsersController.php                             | 1 +
 .../genericElements/SingleViews/Fields/genericField.php        | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index 84ce230..45a3bc6 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -136,6 +136,7 @@ class UsersController extends AppController
         if (!empty($responsePayload)) {
             return $responsePayload;
         }
+        $this->set('keycloakConfig', Configure::read('keycloak'));
         $this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate');
     }
 
diff --git a/templates/element/genericElements/SingleViews/Fields/genericField.php b/templates/element/genericElements/SingleViews/Fields/genericField.php
index cba9ff6..f2f4f5d 100644
--- a/templates/element/genericElements/SingleViews/Fields/genericField.php
+++ b/templates/element/genericElements/SingleViews/Fields/genericField.php
@@ -15,6 +15,9 @@ if (!empty($field['url'])) {
             $field['url'] = str_replace('{{' . $k . '}}', $this->Hash->extract($data, $path)[0], $field['url']);
         }
     }
+    if (substr($field['url'], 0, 4) === 'http') {
+        $baseurl = '';
+    }
     $string = sprintf(
         '<a href="%s%s">%s</a>',
         $baseurl,

From c6572885a933d287dfebb771edc528dc76faee1b Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 17 May 2022 10:47:25 +0200
Subject: [PATCH 7/8] chg: [users view] added KC checks for the profile link

---
 templates/Users/view.php | 109 +++++++++++++++++++++------------------
 1 file changed, 60 insertions(+), 49 deletions(-)

diff --git a/templates/Users/view.php b/templates/Users/view.php
index 3af7c4c..c9b3ea2 100644
--- a/templates/Users/view.php
+++ b/templates/Users/view.php
@@ -1,57 +1,68 @@
 <?php
+$kcurl = $keycloakConfig['provider']['baseUrl'] . '/realms/' . $keycloakConfig['provider']['realm'] . '/account/#/security/signingin';
+$fields = [
+    [
+        'key' => __('ID'),
+        'path' => 'id'
+    ],
+    [
+        'key' => __('UUID'),
+        'path' => 'uuid'
+    ],
+    [
+        'key' => __('Username'),
+        'path' => 'username'
+    ],
+    [
+        'type' => 'generic',
+        'key' => __('Email'),
+        'path' => 'individual.email',
+        'url' => '/individuals/view/{{0}}',
+        'url_vars' => 'individual_id'
+    ],
+    [
+        'type' => 'generic',
+        'key' => __('Organisation'),
+        'path' => 'organisation.name',
+        'url' => '/organisations/view/{{0}}',
+        'url_vars' => 'organisation.id'
+    ],
+    [
+        'type' => 'generic',
+        'key' => __('Role'),
+        'path' => 'role.name',
+        'url' => '/roles/view/{{0}}',
+        'url_vars' => 'role.id'
+    ],
+    [
+        'key' => __('First name'),
+        'path' => 'individual.first_name'
+    ],
+    [
+        'key' => __('Last name'),
+        'path' => 'individual.last_name'
+    ],
+    [
+        'key' => __('Alignments'),
+        'type' => 'alignment',
+        'path' => 'individual',
+        'scope' => 'individuals'
+    ]
+];
+if ($keycloakConfig['enabled'] && $loggedUser['id'] == $entity['id']) {
+    $fields[] = [
+        'type' => 'generic',
+        'key' => __('Modify keycloak profile'),
+        'path' => 'username',
+        'url' => $kcurl,
+        'requirements' => false
+    ];
+}
 echo $this->element(
     '/genericElements/SingleViews/single_view',
     [
         'data' => $entity,
-        'fields' => [
-            [
-                'key' => __('ID'),
-                'path' => 'id'
-            ],
-            [
-                'key' => __('UUID'),
-                'path' => 'uuid'
-            ],
-            [
-                'key' => __('Username'),
-                'path' => 'username'
-            ],
-            [
-                'type' => 'generic',
-                'key' => __('Email'),
-                'path' => 'individual.email',
-                'url' => '/individuals/view/{{0}}',
-                'url_vars' => 'individual_id'
-            ],
-            [
-                'type' => 'generic',
-                'key' => __('Organisation'),
-                'path' => 'organisation.name',
-                'url' => '/organisations/view/{{0}}',
-                'url_vars' => 'organisation.id'
-            ],
-            [
-                'type' => 'generic',
-                'key' => __('Role'),
-                'path' => 'role.name',
-                'url' => '/roles/view/{{0}}',
-                'url_vars' => 'role.id'
-            ],
-            [
-                'key' => __('First name'),
-                'path' => 'individual.first_name'
-            ],
-            [
-                'key' => __('Last name'),
-                'path' => 'individual.last_name'
-            ],
-            [
-                'key' => __('Alignments'),
-                'type' => 'alignment',
-                'path' => 'individual',
-                'scope' => 'individuals'
-            ]
-        ],
+        'fields' => $fields,
         'children' => [
             [
                 'url' => '/AuthKeys/index?Users.id={{0}}',

From f513f8ec99d235a3e5691d402f701682fbbcc712 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 17 May 2022 11:00:30 +0200
Subject: [PATCH 8/8] chg: [kc] disabled user capturing

- Cerebrate is now authoritative
---
 src/Model/Behavior/AuthKeycloakBehavior.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/Model/Behavior/AuthKeycloakBehavior.php b/src/Model/Behavior/AuthKeycloakBehavior.php
index 6550dae..ae35957 100644
--- a/src/Model/Behavior/AuthKeycloakBehavior.php
+++ b/src/Model/Behavior/AuthKeycloakBehavior.php
@@ -66,9 +66,10 @@ class AuthKeycloakBehavior extends Behavior
                 'name' => $profile_payload[$fields['role_name']],
             ]
         ];
-        $user['user']['individual_id'] = $this->_table->captureIndividual($user);
-        $user['user']['role_id'] = $this->_table->captureRole($user);
+        //$user['user']['individual_id'] = $this->_table->captureIndividual($user);
+        //$user['user']['role_id'] = $this->_table->captureRole($user);
         $existingUser = $this->_table->find()->where(['username' => $user['user']['username']])->first();
+        /*
         if (empty($existingUser)) {
             $user['user']['password'] = Security::randomString(16);
             $existingUser = $this->_table->newEntity($user['user']);
@@ -92,6 +93,7 @@ class AuthKeycloakBehavior extends Behavior
                 }
             }
         }
+        */
         return $existingUser;
     }