improved role handling

Author: instipod

src/main/java/com/instipod/keycloakauthenticators/ConditionalRoleEnhancedAuthenticator.java

@@ -28,10 +28,10 @@ public boolean matchCondition(AuthenticationFlowContext context) {
             boolean check;
             if (not) {
                 //does not have role
-                check = !(AuthenticatorUtils.hasRole(context.getUser(), role));
+                check = !(AuthenticatorUtils.hasRole(context, role));
             } else {
                 //has role
-                check = (AuthenticatorUtils.hasRole(context.getUser(), role));
+                check = (AuthenticatorUtils.hasRole(context, role));
             }
 
             if (AuthenticatorUtils.debuggingBuild)

src/main/java/com/instipod/keycloakauthenticators/ConditionalRoleEnhancedAuthenticatorFactory.java

@@ -20,7 +20,7 @@ public class ConditionalRoleEnhancedAuthenticatorFactory implements org.keycloak
 
     static {
         commonConfig = Collections.unmodifiableList(ProviderConfigurationBuilder.create()
-                .property().name(CONDITIONAL_ROLE).label("Role").helpText("Role to check for (supports variables)").type(ProviderConfigProperty.STRING_TYPE).add()
+                .property().name(CONDITIONAL_ROLE).label("Role Id").helpText("Role Id to check for (supports variables)").type(ProviderConfigProperty.STRING_TYPE).add()
                 .property().name(CONDITIONAL_NOT).label("Not").helpText("If we should match on NOT having this role").type(ProviderConfigProperty.BOOLEAN_TYPE).add()
                 .build()
         );

src/main/java/com/instipod/keycloakauthenticators/utils/AuthenticatorUtils.java

@@ -4,6 +4,7 @@
 import org.jboss.logging.Logger;
 import org.keycloak.authentication.AuthenticationFlowContext;
 import org.keycloak.models.AuthenticatorConfigModel;
+import org.keycloak.models.GroupModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.models.UserModel;
 
@@ -20,6 +21,9 @@ public static String variableReplace(AuthenticationFlowContext context, String m
             user = context.getUser();
         } catch (Exception ex) { }
 
+        try {
+            message = message.replace("%userid%", user.getId());
+        } catch (Exception ex) { }
         try {
             message = message.replace("%username%", user.getUsername());
         } catch (Exception ex) { }
@@ -35,6 +39,9 @@ public static String variableReplace(AuthenticationFlowContext context, String m
         try {
             message = message.replace("%ipaddress%", context.getConnection().getRemoteAddr());
         } catch (Exception ex) { }
+        try {
+            message = message.replace("%clientid%", context.getAuthenticationSession().getClient().getId());
+        } catch (Exception ex) { }
         try {
             message = message.replace("%clientname%", context.getAuthenticationSession().getClient().getName());
         } catch (Exception ex) { }
@@ -48,20 +55,24 @@ public static String variableReplace(AuthenticationFlowContext context, String m
         return message;
     }
 
-    public static boolean hasRole(UserModel user, String roleName) {
-        Set<RoleModel> roles = user.getRoleMappings();
+    public static boolean hasRole(AuthenticationFlowContext context, String roleId) {
+        RoleModel role = context.getRealm().getRoleById(roleId);
 
-        for (RoleModel role : roles) {
-            if (role.getName().equalsIgnoreCase(roleName)) {
-                return true;
-            }
+        if (role == null) {
+            Logger.getLogger(AuthenticatorUtils.class).warn("Could not find role by id " + roleId);
+            return false;
         }
 
-        return false;
+        if (context.getUser() == null) {
+            return false;
+        }
+
+        return (context.getUser().hasRole(role));
     }
 
     public static boolean getConfigBoolean(AuthenticationFlowContext context, String configName) {
         AuthenticatorConfigModel authConfig = context.getAuthenticatorConfig();
+
         if (authConfig!=null && authConfig.getConfig()!=null) {
             String booleanValue = authConfig.getConfig().get(configName);