diff --git a/.github/workflows/nighlty-ci-release-branch.yml b/.github/workflows/nighlty-ci-release-branch.yml index e8ddd781f..acb8638f4 100644 --- a/.github/workflows/nighlty-ci-release-branch.yml +++ b/.github/workflows/nighlty-ci-release-branch.yml @@ -1,5 +1,8 @@ -name: Nightly CI Release +name: Nightly CI (Release branch) +# workflow can be scheduled ONLY from DEFAULT branch +# > This event will only trigger a workflow run if the workflow file is on the default branch. +# See: https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#schedule on: schedule: - cron: '0 23 * * *' # run at 10 PM UTC diff --git a/.github/workflows/shared_workflow.yml b/.github/workflows/shared_workflow.yml index e2a06650d..b20291042 100644 --- a/.github/workflows/shared_workflow.yml +++ b/.github/workflows/shared_workflow.yml @@ -11,8 +11,18 @@ jobs: name: unit tests and linting strategy: matrix: - nextcloudVersion: [ stable30 ] + nextcloudVersion: [ stable31, master ] phpVersion: [ 8.1, 8.2, 8.3 ] + isReleaseBranch: + - ${{ startsWith(inputs.branch, 'release/') || startsWith(github.base_ref, 'release/') || startsWith(github.ref, 'refs/heads/release/') }} + # will be overridden by the include section + exclude: + - nextcloudVersion: master + isReleaseBranch: true + - nextcloudVersion: master + phpVersion: 8.1 + - nextcloudVersion: master + phpVersion: 8.2 include: - nextcloudVersion: stable27 phpVersion: 8.0 @@ -20,6 +30,8 @@ jobs: phpVersion: 8.1 - nextcloudVersion: stable29 phpVersion: 8.1 + - nextcloudVersion: stable30 + phpVersion: 8.2 runs-on: ubuntu-20.04 steps: - name: Checkout for nightly CI @@ -80,7 +92,7 @@ jobs: cd server && git submodule update --init ./occ maintenance:install --admin-pass=admin - - name: PHP code analysis + - name: PHP code analysis and linting run: | # The following if block can be removed once Nextcloud no longer supports PHP 8.0 if [ "${{matrix.phpVersion}}" -eq 8 ]; then @@ -88,18 +100,13 @@ jobs: sed -i '//a \ ' psalm.xml fi make psalm - - - name: PHP code style - run: composer run cs:check || ( echo 'Please run `composer run cs:fix` to format your code' && exit 1 ) + make phpcs || ( echo 'Please run `make phpcs-fix` to format your code' && exit 1 ) - name: Install NPM Dependencies run: npm install - name: JS Lint - run: npm run lint - - - name: Style Lint - run: npm run stylelint + run: make lint-js || ( echo 'Please run `make lint-js-fix` to format your code' && exit 1 ) - name: PHP & Vue Unit Tests run: | @@ -180,13 +187,25 @@ jobs: name: API tests strategy: matrix: - nextcloudVersion: [ stable30 ] + nextcloudVersion: [ stable31, master ] phpVersionMajor: [ 8 ] phpVersionMinor: [ 1, 2, 3 ] database: [ mysql ] + isReleaseBranch: + - ${{ startsWith(inputs.branch, 'release/') || startsWith(github.base_ref, 'release/') || startsWith(github.ref, 'refs/heads/release/') }} + # will be overridden by the include section + exclude: + - nextcloudVersion: master + isReleaseBranch: true + - nextcloudVersion: master + phpVersionMajor: 8 + phpVersionMinor: 1 + - nextcloudVersion: master + phpVersionMajor: 8 + phpVersionMinor: 2 include: # Each database once on the newest Server with preinstalled PHP version - - nextcloudVersion: stable30 + - nextcloudVersion: stable31 phpVersionMajor: 8 phpVersionMinor: 1 database: pgsql @@ -202,6 +221,11 @@ jobs: phpVersionMajor: 8 phpVersionMinor: 1 database: mysql + - nextcloudVersion: stable30 + phpVersionMajor: 8 + phpVersionMinor: 2 + database: mysql + runs-on: ubuntu-20.04 container: image: public.ecr.aws/lts/ubuntu:20.04 diff --git a/CHANGELOG.md b/CHANGELOG.md index 35a2a0cab..9bc7534ed 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] +### Changed +- Support Nextcloud 31 ## 2.7.2 - 2024-12-16 ### Fixed diff --git a/appinfo/info.xml b/appinfo/info.xml index 140958325..6868017cc 100644 --- a/appinfo/info.xml +++ b/appinfo/info.xml @@ -3,7 +3,8 @@ integration_openproject OpenProject Integration Link Nextcloud files to OpenProject work packages - + + ]]> + 2.7.2 agpl Julien Veyssier @@ -41,7 +43,7 @@ For more information on how to set up and use the OpenProject application, pleas https://github.com/nextcloud/integration_openproject/raw/master/img/screenshot1.png https://github.com/nextcloud/integration_openproject/raw/master/img/screenshot2.png - + OCA\OpenProject\BackgroundJob\RemoveExpiredDirectUploadTokens diff --git a/bootstrap.php b/bootstrap.php index 275626f83..fde4c7f06 100644 --- a/bootstrap.php +++ b/bootstrap.php @@ -4,7 +4,9 @@ use Composer\Autoload\ClassLoader; include_once __DIR__.'/vendor/autoload.php'; -if (file_exists(__DIR__ . '/server')) { +if (getenv('SERVER_PATH')) { + $serverPath = getenv('SERVER_PATH'); +} elseif (file_exists(__DIR__ . '/server')) { $serverPath = __DIR__ . '/server'; } else { $serverPath = __DIR__ . '/../..'; diff --git a/composer.json b/composer.json index 5e91b9007..1f1c8ad0c 100644 --- a/composer.json +++ b/composer.json @@ -12,7 +12,10 @@ }, "scripts": { "cs:fix": "php-cs-fixer fix", - "cs:check": "php-cs-fixer fix --dry-run --diff" + "cs:check": "php-cs-fixer fix --dry-run --diff", + "psalm": "psalm", + "test:unit": "phpunit", + "test:api": "behat -c tests/acceptance/config/behat.yml" }, "config": { "allow-plugins": { diff --git a/dev/keycloak.yaml b/dev/keycloak.yaml index e1fd73910..0442885d6 100644 --- a/dev/keycloak.yaml +++ b/dev/keycloak.yaml @@ -17,6 +17,7 @@ services: 'start-dev', '--proxy edge', '--spi-connections-http-client-default-disable-trust-manager=true', + '--import-realm' ] environment: KC_DB: postgres @@ -32,6 +33,7 @@ services: networks: - nc-op volumes: + - ./opnc-realm.json:/opt/keycloak/data/import/opnc-realm.json - step:/step:ro - keycloakdata:/opt/keycloak/data/ labels: diff --git a/dev/opnc-realm.json b/dev/opnc-realm.json new file mode 100644 index 000000000..0b256383a --- /dev/null +++ b/dev/opnc-realm.json @@ -0,0 +1,2147 @@ +{ + "id" : "b7fbca5e-5d61-474d-b405-d25ec3a2230d", + "realm" : "opnc", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "2675ae7a-c5e4-490a-a44c-9471b8f5e989", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "b7fbca5e-5d61-474d-b405-d25ec3a2230d", + "attributes" : { } + }, { + "id" : "084b7e13-f4b4-41b5-b3c7-324484bf27c6", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "b7fbca5e-5d61-474d-b405-d25ec3a2230d", + "attributes" : { } + }, { + "id" : "ffb4c044-77b2-408d-b954-10e3578afa51", + "name" : "default-roles-opnc", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "manage-account", "view-profile" ] + } + }, + "clientRole" : false, + "containerId" : "b7fbca5e-5d61-474d-b405-d25ec3a2230d", + "attributes" : { } + } ], + "client" : { + "nextcloud" : [ ], + "realm-management" : [ { + "id" : "abe5ef56-41de-43e8-919c-b1fc7151e8da", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "27c3e781-f8ff-4959-b941-fe475f734fb4", + "attributes" : { } + }, { + "id" : "d7e345c7-0b91-4984-8463-18656d218332", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "27c3e781-f8ff-4959-b941-fe475f734fb4", + "attributes" : { } + }, { + "id" : "2f26fe18-0691-4f7b-a950-74e267c20690", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "27c3e781-f8ff-4959-b941-fe475f734fb4", + "attributes" : { } + }, { + "id" : "07bf505d-fb9a-47b9-93e9-fa76e46a6209", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "27c3e781-f8ff-4959-b941-fe475f734fb4", + "attributes" : { } + }, { + "id" : "3a67bb49-cda9-4a2d-b252-3edc29749dfd", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "27c3e781-f8ff-4959-b941-fe475f734fb4", + "attributes" : { } + }, { + "id" : "2a23544a-9e85-4f80-bbe6-1830b240fdb9", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "27c3e781-f8ff-4959-b941-fe475f734fb4", + "attributes" : { } + }, { + "id" : "e4b38a23-48e9-4b3e-b10f-c41390ec08a9", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-users", "query-groups" ] + } + }, + "clientRole" : true, + "containerId" : "27c3e781-f8ff-4959-b941-fe475f734fb4", + "attributes" : { } + }, { + "id" : "0349ff35-dbb4-40de-ac61-9d99bd64678a", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "27c3e781-f8ff-4959-b941-fe475f734fb4", + "attributes" : { } + }, { + "id" : "e88beaa7-4d79-466a-a3c4-6e0c357d5407", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "view-clients", "create-client", "query-users", "query-groups", "manage-realm", "view-users", "manage-identity-providers", "view-events", "query-realms", "view-identity-providers", "manage-authorization", "manage-users", "manage-clients", "view-realm", "view-authorization", "query-clients", "manage-events", "impersonation" ] + } + }, + "clientRole" : true, + "containerId" : "27c3e781-f8ff-4959-b941-fe475f734fb4", + "attributes" : { } + }, { + "id" : "6e30cf47-c86c-43fc-8003-0ac4d8cda8a4", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "27c3e781-f8ff-4959-b941-fe475f734fb4", + "attributes" : { } + }, { + "id" : "02abdba4-583e-4ed2-bd74-4899a2680c8f", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "27c3e781-f8ff-4959-b941-fe475f734fb4", + "attributes" : { } + }, { + "id" : "636d812a-eb6f-4d51-9124-676a55fd6419", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "27c3e781-f8ff-4959-b941-fe475f734fb4", + "attributes" : { } + }, { + "id" : "eea3cb32-a681-46df-9592-349dd2e837a0", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "27c3e781-f8ff-4959-b941-fe475f734fb4", + "attributes" : { } + }, { + "id" : "93b3bbf1-4831-45d8-9c4f-0454c11dad44", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "27c3e781-f8ff-4959-b941-fe475f734fb4", + "attributes" : { } + }, { + "id" : "801f027d-d924-4da2-b472-4d1a40224902", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "27c3e781-f8ff-4959-b941-fe475f734fb4", + "attributes" : { } + }, { + "id" : "b3ee78ae-64e1-4dd6-9975-8d19253992ac", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "27c3e781-f8ff-4959-b941-fe475f734fb4", + "attributes" : { } + }, { + "id" : "740f8a2f-a86d-4019-8085-bc112384d62f", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "27c3e781-f8ff-4959-b941-fe475f734fb4", + "attributes" : { } + }, { + "id" : "7dc7038a-1a48-4370-8b03-3995232399de", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "27c3e781-f8ff-4959-b941-fe475f734fb4", + "attributes" : { } + }, { + "id" : "4ea083cf-350d-468c-8204-9ed48cf8b984", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "27c3e781-f8ff-4959-b941-fe475f734fb4", + "attributes" : { } + } ], + "openproject" : [ ], + "security-admin-console" : [ ], + "admin-cli" : [ ], + "account-console" : [ ], + "broker" : [ { + "id" : "730d5ca0-3a76-4864-b45a-125907c089fa", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "589c4ecc-e4d8-420b-bd6d-db1b5916cef4", + "attributes" : { } + } ], + "account" : [ { + "id" : "6fbe71ec-1ced-4c8f-b61a-396a360ef509", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "4f8a28f2-34a7-45c3-a6fd-02b632d8bdbd", + "attributes" : { } + }, { + "id" : "cc452a26-da7e-4b16-a5c8-ab1a89aefc68", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "4f8a28f2-34a7-45c3-a6fd-02b632d8bdbd", + "attributes" : { } + }, { + "id" : "e3a069b0-3e02-4450-a4f8-a0332e5651e2", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "4f8a28f2-34a7-45c3-a6fd-02b632d8bdbd", + "attributes" : { } + }, { + "id" : "932360ab-e010-4b13-b0ae-4e171b7e3485", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "4f8a28f2-34a7-45c3-a6fd-02b632d8bdbd", + "attributes" : { } + }, { + "id" : "f26babcc-6ae3-4c28-b0bd-28bb5bd20b85", + "name" : "view-groups", + "description" : "${role_view-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "4f8a28f2-34a7-45c3-a6fd-02b632d8bdbd", + "attributes" : { } + }, { + "id" : "05bfc7f1-f201-475b-b10e-6fdbf5878fb5", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "4f8a28f2-34a7-45c3-a6fd-02b632d8bdbd", + "attributes" : { } + }, { + "id" : "ed6d1327-239d-41bb-a5d8-e0e49195d5ff", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "4f8a28f2-34a7-45c3-a6fd-02b632d8bdbd", + "attributes" : { } + }, { + "id" : "f53b8d24-f891-4a1e-bca4-fe2ba4466716", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "4f8a28f2-34a7-45c3-a6fd-02b632d8bdbd", + "attributes" : { } + } ] + } + }, + "groups" : [ ], + "defaultRole" : { + "id" : "ffb4c044-77b2-408d-b954-10e3578afa51", + "name" : "default-roles-opnc", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "b7fbca5e-5d61-474d-b405-d25ec3a2230d" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpPolicyCodeReusable" : false, + "otpSupportedApplications" : [ "totpAppMicrosoftAuthenticatorName", "totpAppFreeOTPName", "totpAppGoogleName" ], + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "users" : [ { + "id" : "27c234a3-8b47-4f97-8daf-3c33a0138f6b", + "createdTimestamp" : 1737367462648, + "username" : "alice", + "enabled" : true, + "totp" : false, + "emailVerified" : true, + "firstName" : "Alice", + "lastName" : "Hansen", + "email" : "alice@example.com", + "credentials" : [ { + "id" : "86934b42-21bc-4f83-80e6-8cdd4f1d035d", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1737367476856, + "secretData" : "{\"value\":\"rK/7REBAqpGKxijbKhbSEyZugmH98mXh4aL3bj++6hg=\",\"salt\":\"vukiSCQjPwPbEqe10KU7cg==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-opnc" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "821ecfdb-7178-47ba-93a0-450d58ca2bc9", + "createdTimestamp" : 1737367498263, + "username" : "brian", + "enabled" : true, + "totp" : false, + "emailVerified" : true, + "firstName" : "Brian", + "lastName" : "Murphy", + "email" : "brian@example.com", + "credentials" : [ { + "id" : "92ee16b7-189d-4572-ab62-bc7db5483d2e", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1737367505702, + "secretData" : "{\"value\":\"ntGBBvh3YEcMDGW4WVoS7pi9zF/z/XFZ+A8A1zE8RhM=\",\"salt\":\"pWeVl+lgTHoP8WxpjB9mcw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-opnc" ], + "notBefore" : 0, + "groups" : [ ] + } ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account", "view-groups" ] + } ] + }, + "clients" : [ { + "id" : "4f8a28f2-34a7-45c3-a6fd-02b632d8bdbd", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/opnc/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/opnc/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "704b692b-8c45-4c50-adc7-e8d69a0a737a", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/opnc/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/opnc/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "2513a457-e201-4371-99c0-768ae36a7298", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "c003fb66-7a59-4e65-a1e1-74b1fd281c00", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "589c4ecc-e4d8-420b-bd6d-db1b5916cef4", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "71c4769a-be41-4b12-ad52-e06189090511", + "clientId" : "nextcloud", + "name" : "", + "description" : "", + "rootUrl" : "https://nextcloud.local", + "adminUrl" : "https://nextcloud.local", + "baseUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "WpI7bXhQHK67LMklXT3SAbCNAc5lwaZu", + "redirectUris" : [ "https://nextcloud.local/*" ], + "webOrigins" : [ "https://nextcloud.local" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : true, + "protocol" : "openid-connect", + "attributes" : { + "oidc.ciba.grant.enabled" : "false", + "oauth2.device.authorization.grant.enabled" : "false", + "client.secret.creation.time" : "1737367420", + "backchannel.logout.session.required" : "true", + "backchannel.logout.revoke.offline.tokens" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "ab3ea1b7-645d-42d4-8179-60ebc2eee6c3", + "clientId" : "openproject", + "name" : "", + "description" : "", + "rootUrl" : "https://openproject.local", + "adminUrl" : "https://openproject.local", + "baseUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "8XBgTNoCZIs6sQ3ziXQGJ4q5ttwEQaka", + "redirectUris" : [ "https://openproject.local/*" ], + "webOrigins" : [ "https://openproject.local" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : true, + "protocol" : "openid-connect", + "attributes" : { + "oidc.ciba.grant.enabled" : "false", + "oauth2.device.authorization.grant.enabled" : "false", + "client.secret.creation.time" : "1737367442", + "backchannel.logout.session.required" : "true", + "backchannel.logout.revoke.offline.tokens" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "27c3e781-f8ff-4959-b941-fe475f734fb4", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "authorizationServicesEnabled" : true, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], + "authorizationSettings" : { + "allowRemoteResourceManagement" : false, + "policyEnforcementMode" : "ENFORCING", + "resources" : [ { + "name" : "client.resource.71c4769a-be41-4b12-ad52-e06189090511", + "type" : "Client", + "ownerManagedAccess" : false, + "attributes" : { }, + "_id" : "903b63c8-8213-469a-9724-b15f4bc10643", + "uris" : [ ], + "scopes" : [ { + "name" : "view" + }, { + "name" : "map-roles-client-scope" + }, { + "name" : "configure" + }, { + "name" : "map-roles" + }, { + "name" : "manage" + }, { + "name" : "map-roles-composite" + }, { + "name" : "token-exchange" + } ] + }, { + "name" : "client.resource.ab3ea1b7-645d-42d4-8179-60ebc2eee6c3", + "type" : "Client", + "ownerManagedAccess" : false, + "attributes" : { }, + "_id" : "cf4fa137-3540-4f67-b6e2-e35a07337f55", + "uris" : [ ], + "scopes" : [ { + "name" : "view" + }, { + "name" : "map-roles-client-scope" + }, { + "name" : "configure" + }, { + "name" : "map-roles" + }, { + "name" : "manage" + }, { + "name" : "map-roles-composite" + }, { + "name" : "token-exchange" + } ] + } ], + "policies" : [ { + "id" : "80b77402-5103-47ce-ad0e-7e964103f922", + "name" : "opnc-policy", + "description" : "", + "type" : "client", + "logic" : "POSITIVE", + "decisionStrategy" : "UNANIMOUS", + "config" : { + "clients" : "[\"nextcloud\",\"openproject\"]" + } + }, { + "id" : "63ec99f5-6ceb-4140-bae2-15430115e484", + "name" : "manage.permission.client.71c4769a-be41-4b12-ad52-e06189090511", + "type" : "scope", + "logic" : "POSITIVE", + "decisionStrategy" : "UNANIMOUS", + "config" : { + "resources" : "[\"client.resource.71c4769a-be41-4b12-ad52-e06189090511\"]", + "scopes" : "[\"manage\"]" + } + }, { + "id" : "5b00a7b3-0972-48ca-b1f6-bddcdfa33773", + "name" : "configure.permission.client.71c4769a-be41-4b12-ad52-e06189090511", + "type" : "scope", + "logic" : "POSITIVE", + "decisionStrategy" : "UNANIMOUS", + "config" : { + "resources" : "[\"client.resource.71c4769a-be41-4b12-ad52-e06189090511\"]", + "scopes" : "[\"configure\"]" + } + }, { + "id" : "c41268fa-c2fc-40a2-bbeb-6643f5b7432a", + "name" : "view.permission.client.71c4769a-be41-4b12-ad52-e06189090511", + "type" : "scope", + "logic" : "POSITIVE", + "decisionStrategy" : "UNANIMOUS", + "config" : { + "resources" : "[\"client.resource.71c4769a-be41-4b12-ad52-e06189090511\"]", + "scopes" : "[\"view\"]" + } + }, { + "id" : "1cb1bad5-f323-45ef-83f7-8be8b7690020", + "name" : "map-roles.permission.client.71c4769a-be41-4b12-ad52-e06189090511", + "type" : "scope", + "logic" : "POSITIVE", + "decisionStrategy" : "UNANIMOUS", + "config" : { + "resources" : "[\"client.resource.71c4769a-be41-4b12-ad52-e06189090511\"]", + "scopes" : "[\"map-roles\"]" + } + }, { + "id" : "b9b28436-c7fc-4558-857e-3d31e43a37f5", + "name" : "map-roles-client-scope.permission.client.71c4769a-be41-4b12-ad52-e06189090511", + "type" : "scope", + "logic" : "POSITIVE", + "decisionStrategy" : "UNANIMOUS", + "config" : { + "resources" : "[\"client.resource.71c4769a-be41-4b12-ad52-e06189090511\"]", + "scopes" : "[\"map-roles-client-scope\"]" + } + }, { + "id" : "108a3932-08d2-40da-a33a-f2effceb075b", + "name" : "map-roles-composite.permission.client.71c4769a-be41-4b12-ad52-e06189090511", + "type" : "scope", + "logic" : "POSITIVE", + "decisionStrategy" : "UNANIMOUS", + "config" : { + "resources" : "[\"client.resource.71c4769a-be41-4b12-ad52-e06189090511\"]", + "scopes" : "[\"map-roles-composite\"]" + } + }, { + "id" : "ece64594-79f2-4df1-9daa-23aa86fb4206", + "name" : "token-exchange.permission.client.71c4769a-be41-4b12-ad52-e06189090511", + "description" : "", + "type" : "scope", + "logic" : "POSITIVE", + "decisionStrategy" : "UNANIMOUS", + "config" : { + "resources" : "[\"client.resource.71c4769a-be41-4b12-ad52-e06189090511\"]", + "scopes" : "[\"token-exchange\"]", + "applyPolicies" : "[\"opnc-policy\"]" + } + }, { + "id" : "d9048d47-4c83-454b-b47b-991afc78c774", + "name" : "manage.permission.client.ab3ea1b7-645d-42d4-8179-60ebc2eee6c3", + "type" : "scope", + "logic" : "POSITIVE", + "decisionStrategy" : "UNANIMOUS", + "config" : { + "resources" : "[\"client.resource.ab3ea1b7-645d-42d4-8179-60ebc2eee6c3\"]", + "scopes" : "[\"manage\"]" + } + }, { + "id" : "1876853d-5c69-4f1f-9922-86fedcd2ff9d", + "name" : "configure.permission.client.ab3ea1b7-645d-42d4-8179-60ebc2eee6c3", + "type" : "scope", + "logic" : "POSITIVE", + "decisionStrategy" : "UNANIMOUS", + "config" : { + "resources" : "[\"client.resource.ab3ea1b7-645d-42d4-8179-60ebc2eee6c3\"]", + "scopes" : "[\"configure\"]" + } + }, { + "id" : "a0c37fc4-1a00-4766-bdd3-698f44033781", + "name" : "view.permission.client.ab3ea1b7-645d-42d4-8179-60ebc2eee6c3", + "type" : "scope", + "logic" : "POSITIVE", + "decisionStrategy" : "UNANIMOUS", + "config" : { + "resources" : "[\"client.resource.ab3ea1b7-645d-42d4-8179-60ebc2eee6c3\"]", + "scopes" : "[\"view\"]" + } + }, { + "id" : "4ec4613e-81d7-44cf-b008-94bb18f082c8", + "name" : "map-roles.permission.client.ab3ea1b7-645d-42d4-8179-60ebc2eee6c3", + "type" : "scope", + "logic" : "POSITIVE", + "decisionStrategy" : "UNANIMOUS", + "config" : { + "resources" : "[\"client.resource.ab3ea1b7-645d-42d4-8179-60ebc2eee6c3\"]", + "scopes" : "[\"map-roles\"]" + } + }, { + "id" : "8cc8ecba-6d6f-4db0-8314-eb1d630a0d33", + "name" : "map-roles-client-scope.permission.client.ab3ea1b7-645d-42d4-8179-60ebc2eee6c3", + "type" : "scope", + "logic" : "POSITIVE", + "decisionStrategy" : "UNANIMOUS", + "config" : { + "resources" : "[\"client.resource.ab3ea1b7-645d-42d4-8179-60ebc2eee6c3\"]", + "scopes" : "[\"map-roles-client-scope\"]" + } + }, { + "id" : "1990bbab-5856-42a1-b6dd-b163e8cfa136", + "name" : "map-roles-composite.permission.client.ab3ea1b7-645d-42d4-8179-60ebc2eee6c3", + "type" : "scope", + "logic" : "POSITIVE", + "decisionStrategy" : "UNANIMOUS", + "config" : { + "resources" : "[\"client.resource.ab3ea1b7-645d-42d4-8179-60ebc2eee6c3\"]", + "scopes" : "[\"map-roles-composite\"]" + } + }, { + "id" : "2788c935-a402-44cb-98cc-40bf1a7206c6", + "name" : "token-exchange.permission.client.ab3ea1b7-645d-42d4-8179-60ebc2eee6c3", + "description" : "", + "type" : "scope", + "logic" : "POSITIVE", + "decisionStrategy" : "UNANIMOUS", + "config" : { + "resources" : "[\"client.resource.ab3ea1b7-645d-42d4-8179-60ebc2eee6c3\"]", + "scopes" : "[\"token-exchange\"]", + "applyPolicies" : "[\"opnc-policy\"]" + } + } ], + "scopes" : [ { + "id" : "1e997c1d-8fd3-4086-b8a5-8fe3a92437e9", + "name" : "manage" + }, { + "id" : "3bc88f08-a648-4889-92ba-b68e528bb072", + "name" : "view" + }, { + "id" : "499e12b6-a16d-444f-a062-2ac8a20ef594", + "name" : "map-roles" + }, { + "id" : "e3858ccb-bbcb-4337-9994-604add593acf", + "name" : "map-roles-client-scope" + }, { + "id" : "42b673a2-1bc4-4af5-8eb2-854abc1c59f7", + "name" : "map-roles-composite" + }, { + "id" : "dcbdd6bd-a9e6-469c-918b-5025324c195e", + "name" : "configure" + }, { + "id" : "5e0c7177-1de8-4ebf-85e3-d7e1a436362d", + "name" : "token-exchange" + } ], + "decisionStrategy" : "UNANIMOUS" + } + }, { + "id" : "8c3f8a56-87b9-490c-85cd-ba6aed42fbbc", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/opnc/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/opnc/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "5e3fa4b2-f24e-459e-ab7c-ab74323ee72e", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "fd0f14d9-98ed-47c5-94c8-ef4af30b49c9", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "a1947ce4-6f65-4c31-b5dd-9329b0fc504b", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "61d998d9-66c9-41f1-b192-f5e222f18fa2", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "7bb389a4-5813-445c-894e-08d7155eee87", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "5adb4bcd-08b1-47b5-ad4a-e41dcb046f63", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "7805d13d-0179-473c-b0df-2129b6928263", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "ec5f26a6-db08-4711-ba3f-1a7f68592890", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + }, { + "id" : "1bc83cf6-4abc-4886-9be4-9cb751e69c93", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "d249aba9-22d0-4822-b159-3c111e914521", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + } ] + }, { + "id" : "719036bd-5c8a-4ad5-998a-eaaa29620bab", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "ea285b15-5a90-4a72-8d8e-95f5ff298312", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + }, { + "id" : "835d6656-da74-466e-81d9-36527e81dd48", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "5301e375-6a20-44e6-9b42-6d1b41107e7c", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "f5bc84e6-9284-4f34-9731-35968fec7750", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + }, { + "id" : "a6584b74-44b3-48b8-b29b-d6d9884e1e2c", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "eb026795-d294-42bf-8fa5-06ea9ef82497", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "d1d221e7-74c6-429c-87d2-6a7604dc3cf9", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "c963317d-e4b8-405e-b2c0-18df261f2992", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "1f6bd3a2-e74c-4585-9263-652557a1804a", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "b683890a-77f0-44f9-80c6-dd21fd1ae91f", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "d1a60ead-51e2-4d96-86b7-dd7baa9a20e7", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "5d2e2ba9-c987-4039-8a22-9311065b54ca", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "8c3e13f9-380c-4ef5-9737-e84c4860ce0c", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "c5c09429-8c50-4e7f-b5bc-3be5d5bb574b", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "59e0be34-3b27-4b40-996b-49d62addd5ec", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "c56ca0f6-b084-4134-a502-b1d5b8988774", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "1f4dc8ce-5e14-4b26-b685-a4ced80aa2f1", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "6b50cc62-1919-44c6-9c8f-09addcc3f088", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "ee574792-b966-4f67-9fc6-b765fa796c64", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "ccbf2b88-5494-4d3b-81b1-1e0ccdccfe94", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "a300e95a-3324-40f8-939c-2553b506a1e9", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "ba83486a-c98f-40d2-af08-9bea9f7e7c23", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "ae03893f-ac0d-4241-8b35-acdc9cb8e7f9", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "long" + } + }, { + "id" : "528e15ce-9dc1-4979-8001-ed8a29a625e8", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "11a9edb4-9d29-4d95-8637-91be93bcbedc", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "b7de35c2-5693-4751-8a5c-d9bb1a391e75", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "76015594-b5c2-42ca-9763-d2357e018966", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + } ] + } ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "d08e6917-d297-441f-a067-4735f7dbd45b", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "5e774f76-19b1-4e36-85d7-76173dfdaac6", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "7f6a72ec-17ff-4c0d-b660-5e7440642958", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "ced4b446-2682-4092-a796-04b085f8ce71", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "f87d0154-08b5-4671-a0e1-59a927be3fbc", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper" ] + } + }, { + "id" : "ac7de5d6-d660-477d-a7db-f5b04e3c3ff1", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "ed51cc92-16d2-45d8-a1bb-c86fcfaf66ca", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper" ] + } + }, { + "id" : "f09139e4-ef8e-496c-8d68-69ae8c648d13", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "0563aa17-33f1-46a4-8a6f-4c02d33bc1c1", + "name" : "hmac-generated", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "3f6f8a07-bce2-45e9-901c-6ffa96b9817c" ], + "secret" : [ "Ot2mS9T7wEks7bI9ReMUvkhZvdn9k726S2_8hic2HquZNvFiF3dEbML7BzXpgVJtZ5btHfjT6GW9EOwVHoEqzA" ], + "priority" : [ "100" ], + "algorithm" : [ "HS256" ] + } + }, { + "id" : "4fd46b9f-a3b0-40c4-80f1-e48e59092a55", + "name" : "rsa-enc-generated", + "providerId" : "rsa-enc-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEogIBAAKCAQEAkIBUj9ZZzhvo5FP3o0nJXI/GJuFpqyd6NAfi0Vr/WV6WvuTkBBA6+NCk/CRG08Q6DG3ywOCF+P1c9iqHrYxU/6wxIHInXFmtJhAxqS2MFWSAOlKe4LiDIXEcL9SDORpHZxSLOw55wiC/PATkYI1sIUJwYr/zwdghgt/OVQRAdZ3RvkgKnyD7wif+G/esZvNNgCcaKftwbQHlrW88icV2p+kB6RHTDxttlyjbG4dj/fMfQR04WAXxYl9DFHBLTKQqwKq8OF4nSLZH/nPfRTA/q6xyyrRsP8nmPOTyJOlzZfE6yVhif1Uzj5jO1g40MgsNY17eYI10zvBMtXYEWS4PnwIDAQABAoIBADdOXs80t+eaqA8oEiqVtbOvNaSw9swyzmN2tznw7bXLbb//hEQH4EJWPSdiTReFTcBvHo/y/2P2uStgyNBEW04GHkFwX59JlWtxnEhHrguMDUYFVFjnVg0pKSQnXtgutjB+XPHMDw8dkIQMzUolJsMuFiy9kjLZoa3hMiw49eDt5NMKL+bfaAc3+cvbX8KkWOyJ2eJ5DM91NasnfAxXNr1tNzEoWqM+ogoLGJGrBCCHXc+8YIlkBCAZvPZ/ChWJPj/fXdFBjJHxdHe640H/aDKYV4Y+REXXH0mJAJezTsnrx4NenBtqAPePZvDxnnCMtKmJ90qJKpQ8kcpPGVJHWqECgYEAxJek3hiI6cqMlegZe+w4f1LSBBOhmf6xUGxlvprN9Eow4mLJ9Znnmexb9Rr6QBs6FLj/xSCb8Us66Zr0zUQdgNMGQcFJmh0nZ1d6U1NIzcQ3SELg8o96ce4JlVIJSe3N4lsiJMHGwQw4g3jEopWd6hj/P9uzG3luK8aUbUco+T8CgYEAvCrtyjoWXT/2OrOFkKzRuNpdnoRCUf+5KrSp1HDIinKfE52TQ2nz6M6TaZl/CvUNfdjl5DLCdwygTgVnyfrWKOoHRleh0s4fa3DIal+uqt5QEk+ia6Ohbpih6YaFZ/FEKHn8/cjsuHVw+ddVi+9RN6i15tfXvXxR499VaRv78aECgYAN1CTywoMO/wJ4oQT55JnsyuSfCMp7TKEoaReXGsiWAIoDwrM2JYdXGns1eJpV3BRv1LuZIDwX8xTHzfCeZ8Yzg6STB4en4Zkd+ddO+TLL1puU569vIIyaawYdjNG+c43h+EskjsTuW2+2P86FKUUcbHm4AjpNGnOXfLaAIVtOfQKBgG87XUffIJtNFSxMNRd54ZvJkfADtQSuC3KgS4hmh1W4PislSgle1612eBPDhiMfCzOqhPNpwiUH1LdqYJk4a2LSPSyq3uEzscUcbYzcNO+S7Xh1lMjWeLZdCdF3EOOJ7sWSnygSn0THP9qhHVPUS4mAdM8aJtE/bVUsD1xMC5ohAoGAZmt/VPnI9+uJXODZybZILxfrEzOWm6wfen71GEdbhzbw9TvG7ZjF8OMCDy0UqKD3w3q+3pibr7alFG0MrEg2/sHNMg8rwDeAcS9wKIzK/2lgbRkuAPhGioJmQcS4BrrXDCRK6i4PWtHW+iSKNTIvr2jLyEEI05S+xJbhhUMHXO4=" ], + "keyUse" : [ "ENC" ], + "certificate" : [ "MIIClzCCAX8CBgGUgyrMijANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARvcG5jMB4XDTI1MDEyMDEwMDE0N1oXDTM1MDEyMDEwMDMyN1owDzENMAsGA1UEAwwEb3BuYzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJCAVI/WWc4b6ORT96NJyVyPxibhaasnejQH4tFa/1lelr7k5AQQOvjQpPwkRtPEOgxt8sDghfj9XPYqh62MVP+sMSByJ1xZrSYQMaktjBVkgDpSnuC4gyFxHC/UgzkaR2cUizsOecIgvzwE5GCNbCFCcGK/88HYIYLfzlUEQHWd0b5ICp8g+8In/hv3rGbzTYAnGin7cG0B5a1vPInFdqfpAekR0w8bbZco2xuHY/3zH0EdOFgF8WJfQxRwS0ykKsCqvDheJ0i2R/5z30UwP6uscsq0bD/J5jzk8iTpc2XxOslYYn9VM4+YztYONDILDWNe3mCNdM7wTLV2BFkuD58CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEADn1iFM2uUVMu3s2EFWWkaaxRVd06pyqzHbjwlgsgLsmpOGGn1imU89Fk5GdaNFrkb2vjAuLJ9h+//OB9uW6SB58g4aZc5FQSax0gpt2jqcrXfs8yWTQ/D8g9W37sFPJ6vV2PC4WY+5ZnYFMRzgjG1didPlnTma6+NSROTa+FpoMzX9BOvOIWGSYQHJ8393jvQUGTWtVCYrZfTveGfYGYCVpNNg/+iRl5OT5RT+aevAvoZIu2Uw97PaEv2BcsRcgq4f18n+2hGfbwkev1gMDnd4Pltp3IzWGooD0DATAc4BV8ukFXc9Vw9ebpuxxmOkWhVT+FYziU5SoG7jR8v6na4w==" ], + "priority" : [ "100" ], + "algorithm" : [ "RSA-OAEP" ] + } + }, { + "id" : "2fd5f760-de8d-4de3-bb97-09cf71ac6e1e", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "2351e22d-4799-43dd-b7a2-a33450a4ec0d" ], + "secret" : [ "t5D44lGA42qBugs-SndSpA" ], + "priority" : [ "100" ] + } + }, { + "id" : "27f531ca-2cb5-4043-a777-7e2a38094410", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEpQIBAAKCAQEAtEVaxEFOLJOBDqMIhPvaPGiRtZz0v3KF0gfkJpc9qlOo8brTL1deXI0bQU9elS6uo7LtWK0wacRL/gsJqsTtrvvPmC37nfOZ3i66a4N2gBnd/QSFpC5gBHNU5DgggK9hH/Y/ZsmE4j9NbY03MaV1s62mRSCSLFqt8e9gUaSFOe6P0wCUQjeEHpfFrZnDGPzCqvvDr69xzUY++ji9aSKI9fq3/r3fRdUEZl4s1ElTy1iOrI9QUyDQWgkrKrIZ9jewU3tT/ZcwuLVSj/vsbSHM3uoRo62A78BM2c9C0WlkY5dy3DFcZX5SdI5iPBvctVYXGTR/vCxsrAVWP75m/aq/8wIDAQABAoIBAAGFkv2bL2sz6fyYJQy2wpzJWzIqT6KA8M4ZKucRpzIp0K9rL6rVTIez9ErQjv+ogHZvQF+D+X9BY6sm8c5/2Eof1oiAQqlEgDNPS9TjaJvCYuDmuqJlhD6rRJJtJ5r7IAc3i0lQWFfamHlj7wZfByytahfh4A8R2MpuVxCTehj2Ug8FZLd0JEPXNAko2IfIValPofGvgzL34ii+RiuXLW45hC5WDsyXQ5QzrfBLPCQPxE5RwtyC2mwH0LN56UyykwnmJnxgWvCq/MYY8BkMQ472sUvubR/SWkOW+YOPyNq5/dKmWTlAtquj2RbwefhU7gxfaIwTnykPlM4+QoGCgQ0CgYEA9u6uuRVLWW4iIB80OpYWDv0yN7ee8I7ZZy6q0HOdfQyXbJBHPZ7AS42kWc4kFimvC9Tp84QLCe/5gx22/Rrb7W/o2LqvrnKC8uvN7Uwwfbqa7fL5SwcLEZODgCyzOZqcCApcQ5Gs95yC8w+r64hm54kiRAmIBW1GKuPQuc5ZdocCgYEAuuQDXKcWma4QK8A7RqJt6x1mn5XTxRqP1GygwUTsmnQu4RJRbbWRHkLsyBCS80+nwgzwRyQ86CNMs+9HDkE61adwc3GE1lKBP16DgvPqJgMCob1G99MnJUK6KLUiZlzY68JGpX/irpGRJ58m4ngTuVdPKwviJCyWoe+hlotomjUCgYEAqfG67kZphTL26YSQPYHtzIMVfKMzD/xAQ3MqvCvVx6pSzLS/Uvle/qCM7AGjdF1by5jNKntF3aD65/IbbjZ+BftvFTnmjvjghq8jGp3FAcLbvcfrKme+hmovppcdAhgWKrJ2rUok8IUW2pF+kKtfpxoKKykkJBgAoqQHktkhWSECgYEAsSNPAHGqnSz7TMyeIlvwPSoXy+ix2R9M9jWjxKv0aoz2pgO7xHWUv48FaLc04YM9aVLkJzn0tL5IhD+mJJ+1CS70CaeuFYoL0SlfEy7nXvH5e52wd1LexpVRZyYQHd+hBwyT82ecToPQhjJ2I69WWpSjiBRyWoEcoQ5FJTCri4UCgYEAkqc3tr5cV1bDpqlqvl2CWxNb2WEmAgd1sZ2mWyd9WohcfLfCKsFpihKb7a2ulxdEP5PNZq5bcWlIYZq7HcGRvK7eyVA6gtoC90yU1l40ClAm9gRNJIa3Uxtlmbl8Zo0u5AR4s6qw766t3RMb1FejrNN3jtXw6D47nXuOFQ2/KTg=" ], + "keyUse" : [ "SIG" ], + "certificate" : [ "MIIClzCCAX8CBgGUgyrMazANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARvcG5jMB4XDTI1MDEyMDEwMDE0N1oXDTM1MDEyMDEwMDMyN1owDzENMAsGA1UEAwwEb3BuYzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRFWsRBTiyTgQ6jCIT72jxokbWc9L9yhdIH5CaXPapTqPG60y9XXlyNG0FPXpUurqOy7VitMGnES/4LCarE7a77z5gt+53zmd4uumuDdoAZ3f0EhaQuYARzVOQ4IICvYR/2P2bJhOI/TW2NNzGldbOtpkUgkixarfHvYFGkhTnuj9MAlEI3hB6Xxa2Zwxj8wqr7w6+vcc1GPvo4vWkiiPX6t/6930XVBGZeLNRJU8tYjqyPUFMg0FoJKyqyGfY3sFN7U/2XMLi1Uo/77G0hzN7qEaOtgO/ATNnPQtFpZGOXctwxXGV+UnSOYjwb3LVWFxk0f7wsbKwFVj++Zv2qv/MCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAoahD2BNYru5/3gZth/V6deSDVzeodAbmtxlbrJm4fd1Ck+HAQs11fSxP7Bq3ZlfalftNoAYrCp6pKGph3IBmoZic5zD8w7YZjXpEv7suTCGw/5FYufFtZGjs8qF87ogqAbs/Gqk+l3bdzbmO+MAON79J3QIafLr96jhOiuTj+SLd3J0mrYCESxLD0dlZCPFHiKxecdCtohFu1UVt3K8B1TpnkIQDroWs3JO0v6hthIW7PMkT1uS5TXhH/vQMSW4flyqcayde+JP1fyI0v372FWPsMc2wITfqC1Que2Imf5hcxWsEVJxgCZ3ZIkOgStM83Cds0tHeVuZSUZTK8m6NIw==" ], + "priority" : [ "100" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "703cbf04-6afc-4ee5-a346-47ec012e9092", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "d8231de8-169e-40e8-b132-8a0bcd258c0b", + "alias" : "Authentication Options", + "description" : "Authentication options.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "basic-auth", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "basic-auth-otp", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "e4a9b202-03e6-427d-8e9b-1a6ef722c54b", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "c92f3863-bfd5-4e47-8109-703dfd9196c6", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "33e724cf-b302-4737-b272-cc7a04d6bbc6", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "f7de583c-db66-40f7-b991-a39262e922d2", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "4f81017a-d14d-4b0e-8db4-476fbe36a1b9", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "598a597d-6cf0-49da-8d8f-044dcd310760", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false + } ] + }, { + "id" : "04dddc0b-b291-4771-9d0d-d64abf54334d", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "29272268-81a7-4166-961d-52519198be6e", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "forms", + "userSetupAllowed" : false + } ] + }, { + "id" : "b5ed63b0-cee1-412c-bcb8-666f6c235ecb", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "6a5c5a94-232c-4d39-b675-bb4f63de4b36", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "fa4b6b99-f1ae-4137-b831-c2cc8367c00c", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "4e7dfca7-66fd-4369-a960-863908b1269e", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false + } ] + }, { + "id" : "e35c991d-87fc-4933-91df-2ca5244b8c4a", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "4d91d590-2810-4eef-8716-5181eae60f52", + "alias" : "http challenge", + "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "no-cookie-redirect", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Authentication Options", + "userSetupAllowed" : false + } ] + }, { + "id" : "53226039-3364-4528-9a64-9e24113e67fc", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : true, + "flowAlias" : "registration form", + "userSetupAllowed" : false + } ] + }, { + "id" : "5ea0780d-b138-41e9-93c8-3da19c72392d", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-profile-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "3690a435-c9fe-4319-a74b-7da2897053cf", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "e54b5cc6-4ad0-4a06-9cf0-647c88ad9b38", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "381e51cb-c82a-44e5-844b-890c4c22d560", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "14a0f30e-8e94-40ff-9d41-01c5146814e1", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "TERMS_AND_CONDITIONS", + "name" : "Terms and Conditions", + "providerId" : "TERMS_AND_CONDITIONS", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "CONFIGURE_RECOVERY_AUTHN_CODES", + "name" : "Recovery Authentication Codes", + "providerId" : "CONFIGURE_RECOVERY_AUTHN_CODES", + "enabled" : true, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "UPDATE_EMAIL", + "name" : "Update Email", + "providerId" : "UPDATE_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "webauthn-register", + "name" : "Webauthn Register", + "providerId" : "webauthn-register", + "enabled" : true, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "webauthn-register-passwordless", + "name" : "Webauthn Register Passwordless", + "providerId" : "webauthn-register-passwordless", + "enabled" : true, + "defaultAction" : false, + "priority" : 80, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaExpiresIn" : "120", + "cibaAuthRequestedUserHint" : "login_hint", + "oauth2DeviceCodeLifespan" : "600", + "oauth2DevicePollingInterval" : "5", + "parRequestUriLifespan" : "60", + "cibaInterval" : "5", + "realmReusableOtpCode" : "false" + }, + "keycloakVersion" : "21.1.2", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } +} \ No newline at end of file diff --git a/docs/setup_nc_op__full.md b/docs/setup_nc_op__full.md index 91faa3607..67ba118d8 100644 --- a/docs/setup_nc_op__full.md +++ b/docs/setup_nc_op__full.md @@ -1,6 +1,13 @@ # Nextcloud-OpenProject Full Setup -**Pre-requisites:** +## Table of Contents + +1. [Pre-requisites](#pre-requisites) +2. [Run the Setup](#run-the-setup) +3. [Installing Extra Apps](#installing-extra-apps) +4. [Keycloak Realm Configuration](#keycloak-realm-configuration) + +### Pre-requisites - Docker - Docker Compose @@ -81,3 +88,19 @@ If permission issues occur, you can run the following command: docker compose exec nextcloud chown www-data -R custom_apps/ ``` + +### Keycloak Realm Configuration + +When the setup is run with Keycloak, new realm will be initialized with necessary clients, permissions, and some demo users. The following are the details: + +| | | +| ------- | ------------------------------------------------------------------ | +| Realm | `opnc` | +| Clients | `nextcloud` and `openproject` (token-exchange has been configured) | + +And the following are the demo users: + +| Displayname | Username | Password | +| ---------------- | -------- | -------- | +| **Alice Hansen** | `alice` | `1234` | +| **Brian Murphy** | `brian` | `1234` | diff --git a/lib/Controller/FilesController.php b/lib/Controller/FilesController.php index 43962f818..84aa5138b 100644 --- a/lib/Controller/FilesController.php +++ b/lib/Controller/FilesController.php @@ -25,12 +25,12 @@ use OCP\Files\FileInfo; use OCP\Files\IRootFolder; use OCP\IDBConnection; -use OCP\ILogger; use OCP\IRequest; use OCP\IUser; use OCP\IUserManager; use OCP\IUserSession; use OCP\Server; +use Psr\Log\LoggerInterface; class FilesController extends OCSController { @@ -55,7 +55,7 @@ class FilesController extends OCSController { protected $connection; /** - * @var ILogger + * @var LoggerInterface */ private $logger; @@ -76,7 +76,7 @@ class FilesController extends OCSController { * @param IMountProviderCollection $mountCollection * @param IManager $activityManager * @param IDBConnection $connection - * @param ILogger $logger + * @param LoggerInterface $logger * @param IUserManager $userManager * @param DavUtil $davUtils */ @@ -88,7 +88,7 @@ public function __construct(string $appName, IMountProviderCollection $mountCollection, IManager $activityManager, IDBConnection $connection, - ILogger $logger, + LoggerInterface $logger, IUserManager $userManager, DavUtil $davUtils ) { diff --git a/lib/Listener/LoadAdditionalScriptsListener.php b/lib/Listener/LoadAdditionalScriptsListener.php index a180f2705..d8c90d3fb 100644 --- a/lib/Listener/LoadAdditionalScriptsListener.php +++ b/lib/Listener/LoadAdditionalScriptsListener.php @@ -2,9 +2,9 @@ namespace OCA\OpenProject\Listener; -use OC_Util; use OCA\Files\Event\LoadAdditionalScriptsEvent; use OCA\OpenProject\AppInfo\Application; +use OCA\OpenProject\ServerVersionHelper; use OCP\EventDispatcher\Event; use OCP\EventDispatcher\IEventListener; use OCP\Util; @@ -13,15 +13,12 @@ * @template-implements IEventListener */ class LoadAdditionalScriptsListener implements IEventListener { - public function __construct() { - } public function handle(Event $event): void { if (!$event instanceof LoadAdditionalScriptsEvent) { return; } - - if (version_compare(implode('.', OC_Util::getVersion()), '28') < 0) { + if (version_compare(ServerVersionHelper::getNextcloudVersion(), '28') < 0) { Util::addScript(Application::APP_ID, Application::APP_ID . '-fileActions'); Util::addScript(Application::APP_ID, Application::APP_ID . '-filesPluginLessThan28', 'files'); } else { diff --git a/lib/ServerVersionHelper.php b/lib/ServerVersionHelper.php new file mode 100644 index 000000000..969c7fd44 --- /dev/null +++ b/lib/ServerVersionHelper.php @@ -0,0 +1,26 @@ +getVersion(); + } else { + /** @psalm-suppress UndefinedMethod getVersion() method is not in stable31 so making psalm not complain */ + $versionArray = OC_Util::getVersion(); + } + + return implode('.', $versionArray); + } +} diff --git a/lib/Service/OauthService.php b/lib/Service/OauthService.php index 6b07e7322..b594af8ec 100644 --- a/lib/Service/OauthService.php +++ b/lib/Service/OauthService.php @@ -12,10 +12,10 @@ namespace OCA\OpenProject\Service; -use OC_Util; use OCA\OAuth2\Db\Client; use OCA\OAuth2\Db\ClientMapper; use OCA\OAuth2\Exceptions\ClientNotFoundException; +use OCA\OpenProject\ServerVersionHelper; use OCP\Security\ICrypto; use OCP\Security\ISecureRandom; @@ -30,7 +30,6 @@ class OauthService { * @var ClientMapper */ private $clientMapper; - /** * @var ICrypto */ @@ -82,7 +81,7 @@ public function createNcOauthClient(string $name, string $redirectUri): array { $client->setName($name); $client->setRedirectUri(sprintf($redirectUri, $clientId)); $secret = $this->secureRandom->generate(64, self::validChars); - $nextcloudVersion = implode('.', OC_Util::getVersion()); + $nextcloudVersion = ServerVersionHelper::getNextcloudVersion(); $client->setSecret($this->hashOrEncryptSecretBasedOnNextcloudVersion($secret, $nextcloudVersion)); $client->setClientIdentifier($clientId); $client = $this->clientMapper->insert($client); diff --git a/makefile b/makefile index d0384eb83..012b5c4dc 100644 --- a/makefile +++ b/makefile @@ -63,16 +63,46 @@ npm-dev: .PHONY: psalm psalm: - vendor/bin/psalm + composer run psalm + +.PHONY: phpcs +phpcs: + composer run cs:check + +.PHONY: phpcs-fix +phpcs-fix: + composer run cs:fix + +.PHONY: lint-php +lint-php: psalm phpcs + +.PHONY: lint-php-fix +lint-php-fix: psalm phpcs-fix + +.PHONY: lint-js +lint-js: + npm run lint + npm run stylelint + +.PHONY: lint-js-fix +lint-js-fix: + npm run lint:fix + npm run stylelint:fix + +.PHONY: lint +lint: lint-php lint-js + +.PHONY: lint-fix +lint-fix: lint-php-fix lint-js-fix .PHONY: phpunit phpunit: - vendor/phpunit/phpunit/phpunit + composer run test:unit # The following make block can be removed once Nextcloud no longer supports PHP 8.0 .PHONY: phpunitforphp8.0 phpunitforphp8.0: - vendor/phpunit/phpunit/phpunit --exclude-group ignoreWithPHP8.0 + composer run test:unit -- --exclude-group ignoreWithPHP8.0 .PHONY: jsunit jsunit: @@ -80,10 +110,10 @@ jsunit: .PHONY: api-test api-test: - vendor/bin/behat -c tests/acceptance/config/behat.yml --tags '${FILTER_TAGS}' ${FEATURE_PATH} + composer run test:api -- --tags '${FILTER_TAGS}' ${FEATURE_PATH} .PHONY: test -test: phpunit jsunit api-test +test: phpunit jsunit api-test clean: sudo rm -rf $(build_dir) diff --git a/psalm.xml b/psalm.xml index 383521f40..13d3b290a 100644 --- a/psalm.xml +++ b/psalm.xml @@ -41,9 +41,15 @@ - + + + + + + + @@ -81,6 +87,8 @@ + + diff --git a/tests/acceptance/features/bootstrap/FeatureContext.php b/tests/acceptance/features/bootstrap/FeatureContext.php index 095286871..a687fee75 100644 --- a/tests/acceptance/features/bootstrap/FeatureContext.php +++ b/tests/acceptance/features/bootstrap/FeatureContext.php @@ -510,7 +510,7 @@ public function theHTTPStatusCodeShouldBe( if (\is_array($expectedStatusCode)) { if ($message === "") { $message = "HTTP status code $actualStatusCode is not one of the expected values " . - \implode(" or ", $expectedStatusCode); + \implode(" or ", $expectedStatusCode); } Assert::assertContainsEquals( diff --git a/tests/lib/Controller/FilesControllerTest.php b/tests/lib/Controller/FilesControllerTest.php index afaceb5a3..5c72182e2 100644 --- a/tests/lib/Controller/FilesControllerTest.php +++ b/tests/lib/Controller/FilesControllerTest.php @@ -7,11 +7,11 @@ use OCP\Files\DavUtil; use OCP\Files\Node; use OCP\IDBConnection; -use OCP\ILogger; use OCP\IRequest; use OCP\IUserManager; use PHPUnit\Framework\MockObject\MockObject; use PHPUnit\Framework\TestCase; +use Psr\Log\LoggerInterface; use function PHPUnit\Framework\assertSame; /** @@ -864,7 +864,7 @@ private function createFilesController( $mountProviderCollectionMock, $this->createMock(IManager::class), $this->createMock(IDBConnection::class), - $this->createMock(ILogger::class), + $this->createMock(LoggerInterface::class), $this->createMock(IUserManager::class), $this->createMock(DavUtil::class), ); @@ -915,7 +915,7 @@ public function getFilesControllerMock( $mountProviderCollectionMock, $this->createMock(IManager::class), $this->createMock(IDBConnection::class), - $this->createMock(ILogger::class), + $this->createMock(LoggerInterface::class), $this->createMock(IUserManager::class), $davUtilsMock ])