put config for schulportal realm and client-id in existing kc-config

dBildungsplattform · Oct 16, 2023 · 8dd1d9b · 8dd1d9b
1 parent 121cce3
commit 8dd1d9b
Show file tree

Hide file tree

Showing 10 changed files with 37 additions and 30 deletions.
diff --git a/config/config.dev.json b/config/config.dev.json
@@ -12,14 +12,8 @@
     "KEYCLOAK": {
         "BASE_URL": "http://127.0.0.1:8080",
         "REALM_NAME": "master",
-        "CLIENT_ID": "admin-cli"
-    },
-    "SCHULPORTAL": {
-        "BASE_URL": "http://127.0.0.1:8080",
-        "REALM_NAME": "schulportal",
-        "CLIENT_ID": "schulportal",
-        "USERNAME": "dummy",
-        "PASSWORD": "dummy",
-        "SECRET": "dummy"
+        "CLIENT_ID": "admin-cli",
+        "SCHULPORTAL_REALM_NAME": "schulportal",
+        "SCHULPORTAL_CLIENT_ID": "schulportal"
     }
 }
diff --git a/config/config.test.json b/config/config.test.json
@@ -12,14 +12,8 @@
     "KEYCLOAK": {
         "BASE_URL": "http://127.0.0.1:8080",
         "REALM_NAME": "master",
-        "CLIENT_ID": "admin-cli"
-    },
-    "SCHULPORTAL": {
-        "BASE_URL": "http://127.0.0.1:8080",
-        "REALM_NAME": "schulportal",
-        "CLIENT_ID": "schulportal",
-        "USERNAME": "dummy",
-        "PASSWORD": "dummy",
-        "SECRET": "dummy"
+        "CLIENT_ID": "admin-cli",
+        "SCHULPORTAL_REALM_NAME": "schulportal",
+        "SCHULPORTAL_CLIENT_ID": "schulportal"
     }
 }
diff --git a/src/health/health.controller.spec.ts b/src/health/health.controller.spec.ts
@@ -24,6 +24,8 @@ describe('HealthController', () => {
         SECRET: '',
         REALM_NAME: '',
         BASE_URL: 'http://keycloak.test',
+        SCHULPORTAL_REALM_NAME: '',
+        SCHULPORTAL_CLIENT_ID: '',
     };
     let configService: DeepMocked<ConfigService>;
 

diff --git a/src/modules/ui-backend/domain/login.service.spec.ts b/src/modules/ui-backend/domain/login.service.spec.ts
@@ -4,6 +4,7 @@ import { errors, Issuer } from 'openid-client';
 import { createMock } from '@golevelup/ts-jest';
 import { KeycloakClientError, UserAuthenticationFailedError } from '../../../shared/error/index.js';
 import OPError = errors.OPError;
+import { ConfigTestModule } from '../../../../test/utils/index.js';
 
 const issuerDiscoverMock: jest.Mock = jest.fn();
 Issuer.discover = issuerDiscoverMock;
@@ -14,6 +15,7 @@ describe('LoginService', () => {
 
     beforeAll(async () => {
         module = await Test.createTestingModule({
+            imports: [ConfigTestModule],
             providers: [LoginService],
         }).compile();
         loginService = module.get(LoginService);

diff --git a/src/modules/ui-backend/domain/login.service.ts b/src/modules/ui-backend/domain/login.service.ts
@@ -3,18 +3,24 @@ import { Client, errors, Issuer, TokenSet } from 'openid-client';
 import OPError = errors.OPError;
 import { KeycloakClientError } from '../../../shared/error/index.js';
 import { UserAuthenticationFailedError } from '../../../shared/error/user-authentication-failed.error.js';
+import { KeycloakConfig } from '../../../shared/config/index.js';
+import { ConfigService } from '@nestjs/config';
 
 @Injectable()
 export class LoginService {
-    private static readonly REALM_NAME: string = 'http://localhost:8080/realms/schulportal';
+    private kcConfig: KeycloakConfig;
 
-    private static readonly CLIENT_ID: string = 'schulportal';
+    public constructor(private readonly config: ConfigService) {
+        this.kcConfig = this.config.getOrThrow<KeycloakConfig>('KEYCLOAK');
+    }
 
     public async getTokenForUser(username: string, password: string): Promise<TokenSet> {
         try {
-            const keycloakIssuer: Issuer = await Issuer.discover(LoginService.REALM_NAME);
+            const keycloakIssuer: Issuer = await Issuer.discover(
+                this.kcConfig.BASE_URL + '/realms/' + this.kcConfig.SCHULPORTAL_REALM_NAME,
+            );
             const client: Client = new keycloakIssuer.Client({
-                client_id: LoginService.CLIENT_ID,
+                client_id: this.kcConfig.SCHULPORTAL_CLIENT_ID,
                 token_endpoint_auth_method: 'none',
             });
             return await client.grant({

diff --git a/src/modules/ui-backend/domain/new-login.service.ts b/src/modules/ui-backend/domain/new-login.service.ts
@@ -9,18 +9,18 @@ export class NewLoginService {
     private kcConfig: KeycloakConfig;
 
     public constructor(private readonly kcAdminClient: KeycloakAdminClient, private readonly config: ConfigService) {
-        this.kcConfig = this.config.getOrThrow<KeycloakConfig>('SCHULPORTAL');
+        this.kcConfig = this.config.getOrThrow<KeycloakConfig>('KEYCLOAK');
         this.kcAdminClient.setConfig({
             baseUrl: this.kcConfig.BASE_URL,
-            realmName: this.kcConfig.REALM_NAME,
+            realmName: this.kcConfig.SCHULPORTAL_REALM_NAME,
         });
     }
 
     public async auth(username: string, password: string): Promise<Result<string, DomainError>> {
         try {
             const credentials: Credentials = {
                 grantType: 'password',
-                clientId: this.kcConfig.CLIENT_ID,
+                clientId: this.kcConfig.SCHULPORTAL_CLIENT_ID,
                 username: username,
                 password: password,
             };

diff --git a/src/modules/ui-backend/ui-backend-api.module.ts b/src/modules/ui-backend/ui-backend-api.module.ts
@@ -3,10 +3,11 @@ import { LoginController } from './api/login.controller.js';
 import { LoginService } from './domain/login.service.js';
 import { NewLoginService } from './domain/new-login.service.js';
 import { KeycloakAdminClient } from '@s3pweb/keycloak-admin-client-cjs';
+import { ConfigService } from '@nestjs/config';
 
 @Module({
     imports: [],
-    providers: [KeycloakAdminClient, LoginService, NewLoginService],
+    providers: [KeycloakAdminClient, ConfigService, LoginService, NewLoginService],
     controllers: [LoginController],
 })
 export class UiBackendApiModule {}
diff --git a/src/shared/config/config.loader.spec.ts b/src/shared/config/config.loader.spec.ts
@@ -40,6 +40,8 @@ describe('configloader', () => {
                     BASE_URL: 'localhost:8080',
                     CLIENT_ID: 'admin-cli',
                     REALM_NAME: 'master',
+                    SCHULPORTAL_REALM_NAME: 'schulportal',
+                    SCHULPORTAL_CLIENT_ID: 'schulportal',
                 },
             };
 
@@ -82,6 +84,8 @@ describe('configloader', () => {
                     BASE_URL: '',
                     CLIENT_ID: '',
                     REALM_NAME: '',
+                    SCHULPORTAL_REALM_NAME: '',
+                    SCHULPORTAL_CLIENT_ID: '',
                 },
             };
 

diff --git a/src/shared/config/json.config.ts b/src/shared/config/json.config.ts
@@ -21,8 +21,4 @@ export class JsonConfig {
     @ValidateNested()
     @Type(() => KeycloakConfig)
     public readonly KEYCLOAK!: KeycloakConfig;
-
-    @ValidateNested()
-    @Type(() => KeycloakConfig)
-    public readonly SCHULPORTAL!: KeycloakConfig;
 }
diff --git a/src/shared/config/keycloak.config.ts b/src/shared/config/keycloak.config.ts
@@ -16,4 +16,12 @@ export class KeycloakConfig {
     @IsString()
     @IsNotEmpty()
     public readonly SECRET!: string;
+
+    @IsString()
+    @IsNotEmpty()
+    public readonly SCHULPORTAL_REALM_NAME!: string;
+
+    @IsString()
+    @IsNotEmpty()
+    public readonly SCHULPORTAL_CLIENT_ID!: string;
 }