Skip to content

Commit

Permalink
Merge pull request #45 from frital/feature/include_db_sync
Browse files Browse the repository at this point in the history
Feature: allow create / update users on the API users table with autenticated token
  • Loading branch information
robsontenorio authored Mar 25, 2022
2 parents 46ff1fe + 9943d75 commit fe6b9c5
Show file tree
Hide file tree
Showing 5 changed files with 53 additions and 1 deletion.
13 changes: 13 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,8 @@ This package helps you authenticate users on a Laravel API based on JWT tokens g

1. If everything is ok, find the user on database and authenticate it on my API.

1. Optionally, the user can be created / updated in the API users database.

1. Return response

# Install
Expand Down Expand Up @@ -95,6 +97,8 @@ return [
'realm_public_key' => env('KEYCLOAK_REALM_PUBLIC_KEY', null),

'load_user_from_database' => env('KEYCLOAK_LOAD_USER_FROM_DATABASE', true),

'user_provider_custom_retrieve_method' => null,

'user_provider_credential' => env('KEYCLOAK_USER_PROVIDER_CREDENTIAL', 'username'),

Expand Down Expand Up @@ -124,6 +128,15 @@ If you do not have an `users` table you must disable this.

It fetchs user from database and fill values into authenticated user object. If enabled, it will work together with `user_provider_credential` and `token_principal_attribute`.

✔️ **user_provider_custom_retrieve_method**

*Default is `null`.*

If you have an `users` table and want it to be updated (creating or updating users) based on the token, you can inform a custom method on a custom UserProvider, that will be called instead `retrieveByCredentials` and will receive the complete decoded token as parameter, not just the credentials (as default).
This will allow you to customize the way you want to interact with your database, before matching and delivering the authenticated user object, having all the information contained in the (valid) access token available. To read more about custom UserProviders, please check [Laravel's documentation about](https://laravel.com/docs/8.x/authentication#adding-custom-user-providers).

If using this feature, obviously, values defined for `user_provider_credential` and `token_principal_attribute` will be ignored.

✔️ **user_provider_credential**

*Required. Default is `username`.*
Expand Down
2 changes: 2 additions & 0 deletions config/keycloak.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@
'realm_public_key' => env('KEYCLOAK_REALM_PUBLIC_KEY', null),

'load_user_from_database' => env('KEYCLOAK_LOAD_USER_FROM_DATABASE', true),

'user_provider_custom_retrieve_method' => null,

'user_provider_credential' => env('KEYCLOAK_USER_PROVIDER_CREDENTIAL', 'username'),

Expand Down
7 changes: 6 additions & 1 deletion src/KeycloakGuard.php
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,12 @@ public function validate(array $credentials = [])
$this->validateResources();

if ($this->config['load_user_from_database']) {
$user = $this->provider->retrieveByCredentials($credentials);
$methodOnProvider = $this->config['user_provider_custom_retrieve_method'] ?? null;
if ($methodOnProvider) {
$user = $this->provider->{$methodOnProvider}($this->decodedToken, $credentials);
} else {
$user = $this->provider->retrieveByCredentials($credentials);
}

if (!$user) {
throw new UserNotFoundException("User not found. Credentials: " . json_encode($credentials));
Expand Down
15 changes: 15 additions & 0 deletions tests/AuthenticateTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,13 @@
namespace KeycloakGuard\Tests;

use Illuminate\Http\Request;
use Illuminate\Hashing\BcryptHasher;
use Illuminate\Support\Facades\Auth;
use KeycloakGuard\KeycloakGuard;
use KeycloakGuard\Tests\Models\User;
use KeycloakGuard\KeycloakGuardServiceProvider;
use KeycloakGuard\Tests\Controllers\FooController;
use KeycloakGuard\Tests\Extensions\CustomUserProvider;
use Illuminate\Routing\Router;
use Illuminate\Events\Dispatcher;
use KeycloakGuard\Exceptions\UserNotFoundException;
Expand Down Expand Up @@ -181,4 +183,17 @@ public function it_prevent_cross_roles_resources()
}



/** @test */
public function custom_user_retrieve_method()
{
config(['keycloak.user_provider_custom_retrieve_method' => 'custom_retrieve']);

Auth::extend('keycloak', function ($app, $name, array $config) {
return new KeycloakGuard(new CustomUserProvider(new BcryptHasher(), User::class), $app->request);
});

$response = $this->withToken()->json('GET', '/foo/secret');
$this->assertTrue(Auth::user()->customRetrieve);
}
}
17 changes: 17 additions & 0 deletions tests/Extensions/CustomUserProvider.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
<?php

namespace KeycloakGuard\Tests\Extensions;

use KeycloakGuard\Tests\Models\User;
use Illuminate\Auth\EloquentUserProvider;

class CustomUserProvider extends EloquentUserProvider
{
public function custom_retrieve(object $token, array $credentials)
{
$model = parent::retrieveByCredentials($credentials);
$model->customRetrieve = true;

return $model;
}
}

0 comments on commit fe6b9c5

Please sign in to comment.