diff --git a/compose.yaml b/compose.yaml index 45054cde2..733e24cfe 100644 --- a/compose.yaml +++ b/compose.yaml @@ -17,3 +17,16 @@ services: environment: - KEYCLOAK_ADMIN=admin - KEYCLOAK_ADMIN_PASSWORD=admin + keycloak: + image: quay.io/keycloak/keycloak:22.0.4 + environment: + - KEYCLOAK_ADMIN=admin + - KEYCLOAK_ADMIN_PASSWORD=admin + command: + - 'start-dev' + - '--import-realm' + ports: + - 8080:8080 + - 8443:8443 + volumes: + - ./dev-realm-spsh.json:/opt/keycloak/data/import/realm.json diff --git a/config/config.dev.json b/config/config.dev.json index 6cd518fa6..11beca9d2 100644 --- a/config/config.dev.json +++ b/config/config.dev.json @@ -12,9 +12,9 @@ }, "KEYCLOAK": { "BASE_URL": "http://127.0.0.1:8080", - "ADMIN_REALM_NAME": "master", + "ADMIN_REALM_NAME": "SPSH", "ADMIN_CLIENT_ID": "admin-cli", - "REALM_NAME": "schulportal", - "CLIENT_ID": "schulportal" + "REALM_NAME": "SPSH", + "CLIENT_ID": "spsh" } } diff --git a/config/config.test.json b/config/config.test.json index 3d76a02c5..a17b4d340 100644 --- a/config/config.test.json +++ b/config/config.test.json @@ -12,9 +12,9 @@ }, "KEYCLOAK": { "BASE_URL": "http://127.0.0.1:8080", - "ADMIN_REALM_NAME": "master", + "ADMIN_REALM_NAME": "SPSH", "ADMIN_CLIENT_ID": "admin-cli", - "REALM_NAME": "schulportal", - "CLIENT_ID": "schulportal" + "REALM_NAME": "SPSH", + "CLIENT_ID": "spsh" } } diff --git a/dev-realm-spsh.json b/dev-realm-spsh.json index 32dcfcb4b..c808a6814 100644 --- a/dev-realm-spsh.json +++ b/dev-realm-spsh.json @@ -66,6 +66,22 @@ "containerId": "17bbe7b0-1ce8-44c3-b326-dafea397e270", "attributes": {} }, + { + "id": "73e11c10-4d3a-4772-9cc2-7f4aeabd144a", + "name": "admin", + "description": "Admin role for SPSH", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "manage-users" + ] + } + }, + "clientRole": false, + "containerId": "17bbe7b0-1ce8-44c3-b326-dafea397e270", + "attributes": {} + }, { "id": "4e8df461-0777-4036-ae35-a32d279558e9", "name": "offline_access", @@ -452,6 +468,23 @@ "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, "webAuthnPolicyPasswordlessAcceptableAaguids": [], "users": [ + { + "id": "f3cf6895-d74e-4011-a846-5f19be8543d9", + "createdTimestamp": 1697619074892, + "username": "service-account-admin-cli", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "admin-cli", + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-spsh", + "admin" + ], + "notBefore": 0, + "groups": [] + }, { "id": "9e30e22d-2f7b-47cf-a82a-a6e82cf8c5de", "createdTimestamp": 1697087666332, @@ -596,6 +629,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", + "secret": "A4Py4nxWuFRfv0s7ElMc9JflIJWBQeMR", "redirectUris": [], "webOrigins": [], "notBefore": 0, @@ -603,9 +637,9 @@ "consentRequired": false, "standardFlowEnabled": false, "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": {}, diff --git a/src/modules/person/api/person.controller.ts b/src/modules/person/api/person.controller.ts index ae3edf016..1dce0f8a3 100644 --- a/src/modules/person/api/person.controller.ts +++ b/src/modules/person/api/person.controller.ts @@ -11,6 +11,7 @@ import { ApiTags, ApiUnauthorizedResponse, } from '@nestjs/swagger'; +import { Unprotected } from 'nest-keycloak-connect'; import { PersonUc } from '../api/person.uc.js'; import { CreatePersonBodyParams } from './create-person.body.params.js'; import { CreatePersonDto } from '../domain/create-person.dto.js'; @@ -28,6 +29,7 @@ import { FindPersonenkontextDto } from './find-personenkontext.dto.js'; @ApiTags('person') @Controller({ path: 'person' }) +@Unprotected() export class PersonController { public constructor( private readonly personUc: PersonUc,