feat(IDCIKeycloakSecurityBundle) Keycloak Security Bundle

* Added function to encode attributes.
ntidev · Nov 16, 2021 · 461f01c · 461f01c
1 parent c2d1a47
commit 461f01c
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 6 deletions.
diff --git a/Security/User/KeycloakBearerUserProvider.php b/Security/User/KeycloakBearerUserProvider.php
@@ -79,12 +79,14 @@ public function loadUserByUsername($accessToken): UserInterface
         $roles = [];
         if(isset($jwt['resource_access'])) {
             $roles = $jwt['resource_access'][$provider->getClientId()]['roles'];
+            $rolesTmp = array(); // Remove denied roles
+            foreach($jwt['resource_access'][$provider->getClientId()]['roles'] as $val) $rolesTmp[$val] = 1;
             if(isset($jwt['denied_roles']) && isset($jwt['denied_roles'][$provider->getClientId()])){
-                $rolesTmp = array(); // Remove denied roles
-                foreach($jwt['resource_access'][$provider->getClientId()]['roles'] as $val) $rolesTmp[$val] = 1;
-                foreach($jwt['denied_roles'][$provider->getClientId()] as $val) unset($rolesTmp[$val]);
-                $roles = array_keys($rolesTmp);
+                $deniedRoles = $jwt['denied_roles'][$provider->getClientId()] ?? "[]";
+                if(!is_array($deniedRoles ?? "[]")) $deniedRoles = json_decode($deniedRoles ?? "[]",true);
+                foreach($deniedRoles as $val) unset($rolesTmp[$val]);
             }
+            $roles = array_keys($rolesTmp);
         }
 
         // Get local user

diff --git a/Service/KeycloakAdminUserService.php b/Service/KeycloakAdminUserService.php
@@ -85,15 +85,15 @@ public function count() {
 
     public function saveNewUser($data) {
         $url = $this->basePath;
-        $result = $this->restPost($url, $data);
+        $result = $this->restPost($url, $this->attributesEncode($data));
         $response = json_decode($result, true);
         return $response;
     }
 
     public function updateUser($id, $data) {
         $url = $this->basePath.self::UPDATE_BY_ID_URL;
         $url = str_replace("{id}", $id, $url);
-        $result = $this->restPut($url, $data);
+        $result = $this->restPut($url, $this->attributesEncode($data));
         $response = json_decode($result, true);
         return $response;
     }
@@ -161,6 +161,18 @@ public function updateUserGroup($id, $groupId, $data) {
         return $response;
     }
 
+    private function attributesEncode($data = null)
+    {
+        if($data && is_array($data) && array_key_exists("attributes",$data) && $data["attributes"]){
+            foreach ($data['attributes'] as $attribute => $value) {
+                if(is_array($value)){
+                    $data['attributes'][$attribute] = json_encode($value,true) ?? "[]";
+                }
+            }
+        }
+        return $data;
+    }
+
     private function attributesDecode($data = null)
     {
         if($data && is_array($data) && array_key_exists("attributes",$data) && $data["attributes"]){