Merge branch 'main' into feature/PPF-462

cultuurnet · Jun 27, 2024 · a8f1150 · a8f1150
2 parents 8aa488e + 4170299
commit a8f1150
Show file tree

Hide file tree

Showing 8 changed files with 75 additions and 22 deletions.
diff --git a/.env.ci b/.env.ci
@@ -1,6 +1,6 @@
 APP_NAME=publiq-platform
 APP_ENV=local
-APP_KEY=
+APP_KEY=base64:5f6ivEq1QCl8ylgkFEzMpU6npqDi5tGYRuG1LYzilb4=
 APP_DEBUG=true
 APP_URL=http://localhost
 APP_SERVICE=laravel
@@ -74,6 +74,17 @@ AUTH0_LOGIN_CLIENT_ID=***
 AUTH0_LOGIN_CLIENT_SECRET=***
 AUTH0_LOGIN_REDIRECT_URI=http://localhost/auth/callback
 
+KEYCLOAK_CREATION_ENABLED=true
+KEYCLOAK_LOGIN_ENABLED=false
+
+KEYCLOAK_LOGIN_DOMAIN=account-keycloak-acc.uitid.be
+KEYCLOAK_LOGIN_MANAGEMENT_DOMAIN=account-keycloak-acc.uitid.be
+KEYCLOAK_LOGIN_CLIENT_ID=
+KEYCLOAK_LOGIN_CLIENT_SECRET
+KEYCLOAK_LOGIN_REDIRECT_URI=http://localhost/auth/callback
+KEYCLOAK_LOGIN_PARAMETERS="locale=nl&referrer=publiq-platform&prompt=login&skip_verify_legacy=true&product_display_name=publiq platform"
+KEYCLOAK_LOGIN_REALM_NAME=
+
 AUTH0_CLIENT_CREATION_ENABLED=true
 
 # MUST always be set to DEV tenant config except for the .env for the production app!

diff --git a/app/Auth0/Auth0ServiceProvider.php b/app/Auth0/Auth0ServiceProvider.php
@@ -93,7 +93,7 @@ public function register(): void
             );
         });
 
-        if (config(KeycloakConfig::IS_ENABLED)) {
+        if (config(KeycloakConfig::KEYCLOAK_CREATION_ENABLED)) {
             // By default, the Auth0 integration is enabled. For testing purposes this can be disabled inside the .env file.
 
             // May always be registered even if there are no configured tenants, because in that case the cluster SDK will

diff --git a/app/Domain/Auth/Controllers/LogoutController.php b/app/Domain/Auth/Controllers/LogoutController.php
@@ -4,6 +4,7 @@
 
 namespace App\Domain\Auth\Controllers;
 
+use App\Keycloak\KeycloakConfig;
 use Auth0\SDK\Auth0;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Support\Facades\Auth;
@@ -22,17 +23,20 @@ private function getLogoutLink(): string
             Auth::guard(config('nova.guard'))->logout();
         }
 
-        if (env('AUTHENTICATION_MODE') === 'keycloak') {
+        $url = config('app.url');
+
+        if (config(KeycloakConfig::KEYCLOAK_LOGIN_ENABLED)) {
             return sprintf(
-                'https://%s/realms/%s/protocol/openid-connect/logout?client_id=%s&post_logout_redirect_uri=%s',
-                env('AUTH0_LOGIN_MANAGEMENT_DOMAIN'),
-                env('KEYCLOAK_LOGIN_REALM_NAME'),
-                env('AUTH0_LOGIN_CLIENT_ID'),
-                env('APP_URL')
+                'https://%s/realms/%s/protocol/openid-connect/logout?client_id=%s&post_logout_redirect_uri=%s&id_token_hint=%s',
+                config(KeycloakConfig::KEYCLOAK_DOMAIN),
+                config(KeycloakConfig::KEYCLOAK_REALM_NAME),
+                config(KeycloakConfig::KEYCLOAK_CLIENT_ID),
+                $url,
+                $auth0->getIdToken()
             );
         }
 
-        return $auth0->authentication()->getLogoutLink(config('app.url'));
+        return $auth0->authentication()->getLogoutLink($url);
     }
 
     public function adminLogout(): JsonResponse

diff --git a/app/Keycloak/KeycloakConfig.php b/app/Keycloak/KeycloakConfig.php
@@ -6,5 +6,10 @@
 
 final class KeycloakConfig
 {
-    public const IS_ENABLED = 'keycloak.enabled';
+    public const KEYCLOAK_LOGIN_ENABLED = 'keycloak.loginEnabled';
+    public const KEYCLOAK_CREATION_ENABLED = 'keycloak.creationEnabled';
+    public const KEYCLOAK_DOMAIN = 'keycloak.login.domain';
+    public const KEYCLOAK_CLIENT_ID = 'keycloak.login.clientId';
+    public const KEYCLOAK_REALM_NAME = 'keycloak.login.realmName';
+    public const KEYCLOAK_LOGIN_PARAMETERS = 'keycloak.login.parameters';
 }
diff --git a/app/Keycloak/KeycloakServiceProvider.php b/app/Keycloak/KeycloakServiceProvider.php
@@ -67,7 +67,7 @@ public function register(): void
 
     private function bootstrapEventHandling(): void
     {
-        if (!config(KeycloakConfig::IS_ENABLED)) {
+        if (!config(KeycloakConfig::KEYCLOAK_CREATION_ENABLED)) {
             return;
         }
 

diff --git a/app/Nova/Resources/Integration.php b/app/Nova/Resources/Integration.php
@@ -67,7 +67,7 @@ public static function searchableColumns(): array
             $output[] = new SearchableRelation('auth0Clients', 'auth0_client_id');
         }
 
-        if (config(KeycloakConfig::IS_ENABLED)) {
+        if (config(KeycloakConfig::KEYCLOAK_CREATION_ENABLED)) {
             $output[] = new SearchableRelation('keycloakClients', 'client_id');
         }
 
@@ -204,7 +204,7 @@ function (Text $field, NovaRequest $request, FormData $formData) {
             $fields[] = HasMany::make('UiTiD v2 Client Credentials (Auth0)', 'auth0Clients', Auth0Client::class);
         }
 
-        if (config(KeycloakConfig::IS_ENABLED)) {
+        if (config(KeycloakConfig::KEYCLOAK_CREATION_ENABLED)) {
             $fields[] = HasMany::make('Keycloak client Credentials', 'keycloakClients', KeycloakClient::class);
         }
 
@@ -289,7 +289,7 @@ public function actions(NovaRequest $request): array
                 ->canRun(fn (Request $request, IntegrationModel $model) => $model->hasMissingAuth0Clients());
         }
 
-        if (config(KeycloakConfig::IS_ENABLED)) {
+        if (config(KeycloakConfig::KEYCLOAK_CREATION_ENABLED)) {
             $actions[] = (new CreateMissingKeycloakClients())
                 ->withName('Create missing Keycloak clients')
                 ->exceptOnIndex()

diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
@@ -19,12 +19,13 @@
 use App\Domain\Integrations\Policies\IntegrationPolicy;
 use App\Domain\Integrations\Policies\IntegrationUrlPolicy;
 use App\Domain\Integrations\Policies\OrganizerPolicy;
+use App\Domain\KeyVisibilityUpgrades\Models\KeyVisibilityUpgradeModel;
+use App\Domain\KeyVisibilityUpgrades\Policies\KeyVisibilityUpgradePolicy;
 use App\Domain\Organizations\Models\OrganizationModel;
 use App\Domain\Organizations\Policies\OrganizationPolicy;
 use App\Domain\Subscriptions\Models\SubscriptionModel;
 use App\Domain\Subscriptions\Policies\SubscriptionPolicy;
-use App\Domain\KeyVisibilityUpgrades\Models\KeyVisibilityUpgradeModel;
-use App\Domain\KeyVisibilityUpgrades\Policies\KeyVisibilityUpgradePolicy;
+use App\Keycloak\KeycloakConfig;
 use App\Keycloak\Models\KeycloakClientModel;
 use App\Keycloak\Policies\KeycloakClientPolicy;
 use App\UiTiDv1\Models\UiTiDv1ConsumerModel;
@@ -63,14 +64,29 @@ public function boot(): void
 
         $this->app->singleton(
             Auth0::class,
-            static fn (): Auth0 => new Auth0(new SdkConfiguration(config('auth0')))
-        );
+            static function (): Auth0 {
+                if (config(KeycloakConfig::KEYCLOAK_LOGIN_ENABLED)) {
+                    return new Auth0(new SdkConfiguration(config('keycloak.login')));
+                }
 
-        $auth0LoginParameters = [];
-        parse_str(config('auth0.login_parameters'), $auth0LoginParameters);
+                return new Auth0(new SdkConfiguration(config('auth0')));
+            }
+        );
 
         $this->app->when(LoginController::class)
             ->needs('$loginParams')
-            ->give($auth0LoginParameters);
+            ->give($this->getLoginParameters());
+    }
+
+    private function getLoginParameters(): array
+    {
+        $auth0LoginParameters = [];
+        if (config(KeycloakConfig::KEYCLOAK_LOGIN_ENABLED)) {
+            parse_str(config(KeycloakConfig::KEYCLOAK_LOGIN_PARAMETERS), $auth0LoginParameters);
+            return $auth0LoginParameters;
+        }
+
+        parse_str(config('auth0.login_parameters'), $auth0LoginParameters);
+        return $auth0LoginParameters;
     }
 }
diff --git a/config/keycloak.php b/config/keycloak.php
@@ -2,8 +2,25 @@
 
 declare(strict_types=1);
 
+use Auth0\SDK\Configuration\SdkConfiguration;
+
 return [
-    'enabled' => env('KEYCLOAK_ENABLED', false),
+
+    'loginEnabled' => env('KEYCLOAK_LOGIN_ENABLED', false),
+    'creationEnabled' => env('KEYCLOAK_CREATION_ENABLED', false),
+    'login' => [
+        'strategy' => env('AUTH0_LOGIN_STRATEGY', SdkConfiguration::STRATEGY_REGULAR),
+        'domain' => env('KEYCLOAK_LOGIN_DOMAIN'),
+        'managementDomain' => env('KEYCLOAK_LOGIN_MANAGEMENT_DOMAIN'),
+        'clientId' => env('KEYCLOAK_LOGIN_CLIENT_ID'),
+        'clientSecret' => env('KEYCLOAK_LOGIN_CLIENT_SECRET'),
+        'audience' => env('KEYCLOAK_LOGIN_AUDIENCE'),
+        'realmName' => env('KEYCLOAK_LOGIN_REALM_NAME'),
+        'parameters' => env('KEYCLOAK_LOGIN_PARAMETERS'),
+        'cookieSecret' => env('KEYCLOAK_LOGIN_COOKIE_SECRET', env('APP_KEY')),
+        'cookieExpires' => env('COOKIE_EXPIRES', 0),
+        'redirectUri' => env('KEYCLOAK_LOGIN_REDIRECT_URI', env('APP_URL') . '/callback'),
+    ],
     'environments' => [
         'acc' => [
             'internalName' => env('KEYCLOAK_ACC_REALM_NAME', ''),
-Original file line number
+Diff line change
@@ Expand Up / @@ -67,7 +67,7 @@ public function register(): void @@
         private function bootstrapEventHandling(): void
         {
-            if (!config(KeycloakConfig::IS_ENABLED)) {
+            if (!config(KeycloakConfig::KEYCLOAK_CREATION_ENABLED)) {
                 return;
             }
@@ Expand Down @@