def create(self, username, **kwargs):
"""
Create a user in Keycloak
http://www.keycloak.org/docs-api/3.4/rest-api/index.html#_users_resource
:param str username:
:param object credentials: (optional)
:param str first_name: (optional)
:param str last_name: (optional)
:param str email: (optional)
:param boolean enabled: (optional)
"""
payload = OrderedDict(username=username)
for key in USER_KWARGS:
from keycloak.admin.clientroles import to_camel_case
if key in kwargs:
payload[to_camel_case(key)] = kwargs[key]
return self._client.post(
url=self._client.get_full_url(
self.get_path('collection', realm=self._realm_name)
),
data=json.dumps(payload, sort_keys=True)
)
def update(self, **kwargs):
"""
Update existing user.
https://www.keycloak.org/docs-api/2.5/rest-api/index.html#_userrepresentation
:param str first_name: first_name for user
:param str last_name: last_name for user
:param str email: Email for user
:param bool email_verified: User email verified
:param Map attributes: Atributes in user
:param string array realm_roles: Realm Roles
:param Map client_roles: Client Roles
:param string array groups: Groups for user
"""
payload = {}
for k, v in self.user.items():
payload[k] = v
for key in USER_KWARGS:
from keycloak.admin.clientroles import to_camel_case
if key in kwargs:
payload[to_camel_case(key)] = kwargs[key]
result = self._client.put(
url=self._client.get_full_url(
self.get_path(
'single', realm=self._realm_name, user_id=self._user_id
)
),
data=json.dumps(payload, sort_keys=True)
)
self.get()
return result
def create(self, name, **kwargs):
"""
Create a group in Keycloak
https://www.keycloak.org/docs-api/7.0/rest-api/index.html#_grouprepresentation
:param name
:param path
:param access
:param attributes
:param client_roles
:param realm_roles
:param sub_groups
"""
payload = OrderedDict(name=name)
for key in GROUPS_KWARGS:
from keycloak.admin.clientroles import to_camel_case
if key in kwargs:
payload[to_camel_case(key)] = kwargs[key]
return self._client.post(url=self._client.get_full_url(
self.get_path('collection', realm=self._realm_name)),
data=json.dumps(payload))
def get_or_create_user(federated_user_id=None,
federated_user_name=None,
federated_provider=None,
check_federated_user=None,
email=None,
required_actions=None,
**kwargs) -> keycloak.admin.users.User:
if federated_user_id or check_federated_user or email:
user = get_user_by_federated_identity(federated_user_id,
federated_user_name,
federated_provider,
check_federated_user, email)
if user:
return user
admin_client = clients.get_keycloak_admin_client()
users = []
first = 0
inc = 500
while True:
new_users = admin_client._client.get(
url=admin_client._client.get_full_url(
'auth/admin/realms/{realm}/users?first={first}&max={max}'.
format(realm=admin_client._name, first=first, max=inc)))
users.extend(new_users)
if len(new_users) < inc:
break
first += inc
# If neither worked; create a new user
def username_exists(username):
return next(filter(lambda u: u.get("username") == username, users),
None) is not None
def gen_username(num=3):
return "-".join(list(map(lambda _: random.choice(WORDS), range(num))))
def gen_username_from_name():
first_name = kwargs.get("first_name", "").strip().lower().replace(
" ", "-").replace("\t", "-")
last_name = kwargs.get("last_name", "").strip().lower().replace(
" ", "-").replace("\t", "-")
if first_name and last_name:
return f"{first_name}-{last_name}"
elif first_name:
return first_name
elif last_name:
return last_name
preferred_username = email if email else (gen_username_from_name() if (
kwargs.get("first_name") or kwargs.get("last_name")) else
gen_username())
while username_exists(preferred_username):
preferred_username = gen_username()
attributes = {}
fields = {}
for k, v in kwargs.items():
if k in BASIC_FIELDS:
fields[k] = v
else:
attributes[k] = v
if email:
fields["email"] = email
payload = {
"username":
preferred_username,
"enabled":
True,
"federatedIdentities": [{
"identityProvider": federated_provider,
"userId": federated_user_id,
"userName": federated_user_name,
}] if federated_provider and federated_user_id and federated_user_name
else [],
"attributes":
attributes,
"requiredActions":
required_actions
}
for key in fields:
payload[to_camel_case(key)] = fields[key]
r = admin_client.users._client._realm.client.session.post(
url=admin_client.users._client.get_full_url(
"/auth/admin/realms/{realm}/users".format(
realm=admin_client.users._realm_name)),
data=json.dumps(payload),
headers=admin_client.users._client._add_auth_header(headers=None))
r.raise_for_status()
user = admin_client.users.by_id(r.headers["Location"].split("/")[-1]).user
if required_actions is not None and email:
user_required_actions(user.get("id"), required_actions)
return user