Merge pull request #45 from frital/feature/include_db_sync

Feature: allow create / update users on the API users table with autenticated token
robsontenorio · Mar 25, 2022 · fe6b9c5 · fe6b9c5
2 parents 46ff1fe + 9943d75
commit fe6b9c5
Show file tree

Hide file tree

Showing 5 changed files with 53 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -51,6 +51,8 @@ This package helps you authenticate users on a Laravel API based on JWT tokens g
 
 1. If everything is ok, find the user on database and authenticate it on my API.
 
+1. Optionally, the user can be created / updated in the API users database.
+
 1. Return response
 
 # Install
@@ -95,6 +97,8 @@ return [
   'realm_public_key' => env('KEYCLOAK_REALM_PUBLIC_KEY', null),
 
   'load_user_from_database' => env('KEYCLOAK_LOAD_USER_FROM_DATABASE', true),
+
+  'user_provider_custom_retrieve_method' => null,
 
   'user_provider_credential' => env('KEYCLOAK_USER_PROVIDER_CREDENTIAL', 'username'),
 
@@ -124,6 +128,15 @@ If you do not have an `users` table you must disable this.
 
 It fetchs user from database and fill values into authenticated user object. If enabled, it will work together with `user_provider_credential` and `token_principal_attribute`.
 
+✔️ **user_provider_custom_retrieve_method**
+
+*Default is `null`.*
+
+If you have an `users` table and want it to be updated (creating or updating users) based on the token, you can inform a custom method on a custom UserProvider, that will be called instead `retrieveByCredentials` and will receive the complete decoded token as parameter, not just the credentials (as default).  
+This will allow you to customize the way you want to interact with your database, before matching and delivering the authenticated user object, having all the information contained in the (valid) access token available. To read more about custom UserProviders, please check [Laravel's documentation about](https://laravel.com/docs/8.x/authentication#adding-custom-user-providers).
+
+If using this feature, obviously, values defined for `user_provider_credential` and `token_principal_attribute` will be ignored.
+
 ✔️ **user_provider_credential**
 
 *Required. Default is `username`.*

diff --git a/config/keycloak.php b/config/keycloak.php
@@ -4,6 +4,8 @@
   'realm_public_key' => env('KEYCLOAK_REALM_PUBLIC_KEY', null),
 
   'load_user_from_database' => env('KEYCLOAK_LOAD_USER_FROM_DATABASE', true),
+
+  'user_provider_custom_retrieve_method' => null,
 
   'user_provider_credential' => env('KEYCLOAK_USER_PROVIDER_CREDENTIAL', 'username'),
 

diff --git a/src/KeycloakGuard.php b/src/KeycloakGuard.php
@@ -124,7 +124,12 @@ public function validate(array $credentials = [])
     $this->validateResources();
 
     if ($this->config['load_user_from_database']) {
-      $user = $this->provider->retrieveByCredentials($credentials);
+      $methodOnProvider = $this->config['user_provider_custom_retrieve_method'] ?? null;
+      if ($methodOnProvider) {
+        $user = $this->provider->{$methodOnProvider}($this->decodedToken, $credentials);
+      } else {
+        $user = $this->provider->retrieveByCredentials($credentials);
+      }      
 
       if (!$user) {
         throw new UserNotFoundException("User not found. Credentials: " . json_encode($credentials));

diff --git a/tests/AuthenticateTest.php b/tests/AuthenticateTest.php
@@ -2,11 +2,13 @@
 namespace KeycloakGuard\Tests;
 
 use Illuminate\Http\Request;
+use Illuminate\Hashing\BcryptHasher;
 use Illuminate\Support\Facades\Auth;
 use KeycloakGuard\KeycloakGuard;
 use KeycloakGuard\Tests\Models\User;
 use KeycloakGuard\KeycloakGuardServiceProvider;
 use KeycloakGuard\Tests\Controllers\FooController;
+use KeycloakGuard\Tests\Extensions\CustomUserProvider;
 use Illuminate\Routing\Router;
 use Illuminate\Events\Dispatcher;
 use KeycloakGuard\Exceptions\UserNotFoundException;
@@ -181,4 +183,17 @@ public function it_prevent_cross_roles_resources()
   }
 
 
+
+    /** @test */
+    public function custom_user_retrieve_method()
+    {
+      config(['keycloak.user_provider_custom_retrieve_method' => 'custom_retrieve']);
+
+      Auth::extend('keycloak', function ($app, $name, array $config) {
+          return new KeycloakGuard(new CustomUserProvider(new BcryptHasher(), User::class), $app->request);
+      });
+
+      $response = $this->withToken()->json('GET', '/foo/secret');
+      $this->assertTrue(Auth::user()->customRetrieve);
+    }
 }
diff --git a/tests/Extensions/CustomUserProvider.php b/tests/Extensions/CustomUserProvider.php
@@ -0,0 +1,17 @@
+<?php
+
+namespace KeycloakGuard\Tests\Extensions;
+
+use KeycloakGuard\Tests\Models\User;
+use Illuminate\Auth\EloquentUserProvider;
+
+class CustomUserProvider extends EloquentUserProvider
+{
+  public function custom_retrieve(object $token, array $credentials) 
+  {
+    $model = parent::retrieveByCredentials($credentials);
+    $model->customRetrieve = true;
+
+    return $model;
+  }
+}