libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Fix converting all var type variables to const or let

Browse source
This commit is contained in:
Costas Papastathis 2022-03-13 13:41:25 +02:00 committed by Bruno Oliveira da Silva
parent 0154301a2a
commit 9e5605a7f0
6 changed files with 52 additions and 52 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
aggregation/navbar.html
View file

@ -1,8 +1,8 @@
<script src="https://cdnjs.cloudflare.com/ajax/libs/tocbot/4.4.2/tocbot.js"></script>
<script>
var oldtoc = document.getElementById('toctitle').nextElementSibling;
var newtoc = document.createElement('div');
const oldtoc = document.getElementById('toctitle').nextElementSibling;
let newtoc = document.createElement('div');
newtoc.setAttribute('id', 'tocbot');
newtoc.setAttribute('class', 'js-toc');
oldtoc.parentNode.replaceChild(newtoc, oldtoc);
@ -10,8 +10,8 @@
headingSelector: 'h2, h3, h4',
smoothScroll: false
});
var handleTocOnResize = function() {
var width = window.innerWidth
const handleTocOnResize = function() {
const width = window.innerWidth
|| document.documentElement.clientWidth
|| document.body.clientWidth;
if (width < 768) {

10
authorization_services/topics/enforcer-js-adapter.adoc
View file

@ -13,8 +13,8 @@ You can obtain this library from a running a {project_name} Server instance by i
Once you do that, you can create a `KeycloakAuthorization` instance as follows:
```javascript
var keycloak = ... // obtain a Keycloak instance from keycloak.js library
var authorization = new KeycloakAuthorization(keycloak);
const keycloak = ... // obtain a Keycloak instance from keycloak.js library
const authorization = new KeycloakAuthorization(keycloak);
```
The *keycloak-authz.js* library provides two main features:
@ -46,7 +46,7 @@ and use the library to send an authorization request as follows:
```javascript
// prepare a authorization request with the permission ticket
var authorizationRequest = {};
let authorizationRequest = {};
authorizationRequest.ticket = ticket;
// send the authorization request, if successful retry the request
@ -112,7 +112,7 @@ properties:
An array of objects representing the resource and scopes. For instance:
+
```javascript
var authorizationRequest = {
const authorizationRequest = {
"permissions": [
{
"id" : "Some Resource",
@ -145,5 +145,5 @@ This parameter will only take effect when used together with the `ticket` parame
If you have already obtained an RPT using any of the authorization functions provided by the library, you can always obtain the RPT as follows from the authorization object (assuming that it has been initialized by one of the techniques shown earlier):
```javascript
var rpt = authorization.rpt;
const rpt = authorization.rpt;
```

38
authorization_services/topics/policy-js-policy.adoc
View file

@ -49,8 +49,8 @@ Here is a simple example of a JavaScript-based policy that uses attribute-based
obtained from the execution context:
```javascript
var context = $evaluation.getContext();
var contextAttributes = context.getAttributes();
const context = $evaluation.getContext();
const contextAttributes = context.getAttributes();
if (contextAttributes.containsValue('kc.client.network.ip_address', '127.0.0.1')) {
$evaluation.grant();
@ -62,10 +62,10 @@ Here is a simple example of a JavaScript-based policy that uses attribute-based
obtained associated with the current identity:
```javascript
var context = $evaluation.getContext();
var identity = context.getIdentity();
var attributes = identity.getAttributes();
var email = attributes.getValue('email').asString(0);
const context = $evaluation.getContext();
const identity = context.getIdentity();
const attributes = identity.getAttributes();
const email = attributes.getValue('email').asString(0);
if (email.endsWith('@keycloak.org')) {
$evaluation.grant();
@ -78,8 +78,8 @@ Where these attributes are mapped from whatever claim is defined in the token th
You can also use Role-Based Access Control (RBAC) in your policies. In the example below, we check if a user is granted with a `keycloak_user` *realm* role:
```javascript
var context = $evaluation.getContext();
var identity = context.getIdentity();
const context = $evaluation.getContext();
const identity = context.getIdentity();
if (identity.hasRealmRole('keycloak_user')) {
$evaluation.grant();
@ -89,8 +89,8 @@ if (identity.hasRealmRole('keycloak_user')) {
Or you can check if a user is granted with a `my-client-role` *client* role, where `my-client` is the client id of the client application:
```javascript
var context = $evaluation.getContext();
var identity = context.getIdentity();
const context = $evaluation.getContext();
const identity = context.getIdentity();
if (identity.hasClientRole('my-client', 'my-client-role')) {
$evaluation.grant();
@ -101,7 +101,7 @@ if (identity.hasClientRole('my-client', 'my-client-role')) {
To check for realm roles granted to an user:
```javascript
var realm = $evaluation.getRealm();
const realm = $evaluation.getRealm();
if (realm.isUserInRealmRole('marta', 'role-a')) {
$evaluation.grant();
@ -111,7 +111,7 @@ if (realm.isUserInRealmRole('marta', 'role-a')) {
Or for client roles granted to an user:
```javascript
var realm = $evaluation.getRealm();
const realm = $evaluation.getRealm();
if (realm.isUserInClientRole('marta', 'my-client', 'some-client-role')) {
$evaluation.grant();
@ -122,7 +122,7 @@ if (realm.isUserInClientRole('marta', 'my-client', 'some-client-role')) {
To check for realm roles granted to a group:
```javascript
var realm = $evaluation.getRealm();
const realm = $evaluation.getRealm();
if (realm.isGroupInRole('/Group A/Group D', 'role-a')) {
$evaluation.grant();
@ -134,7 +134,7 @@ To push arbitrary claims to the resource server in order to provide additional i
enforced:
```javascript
var permission = $evaluation.getPermission();
let permission = $evaluation.getPermission();
// decide if permission should be granted
@ -149,7 +149,7 @@ if (granted) {
=== Checking for group membership
```javascript
var realm = $evaluation.getRealm();
const realm = $evaluation.getRealm();
if (realm.isUserInGroup('marta', '/Group A/Group B')) {
$evaluation.grant();
@ -162,10 +162,10 @@ claims/attributes(ABAC) checks can be used within the same policy. In this case
or has an e-mail from `keycloak.org` domain:
```javascript
var context = $evaluation.getContext();
var identity = context.getIdentity();
var attributes = identity.getAttributes();
var email = attributes.getValue('email').asString(0);
const context = $evaluation.getContext();
const identity = context.getIdentity();
const attributes = identity.getAttributes();
const email = attributes.getValue('email').asString(0);
if (identity.hasRealmRole('admin') || email.endsWith('@keycloak.org')) {
$evaluation.grant();

12
securing_apps/topics/oidc/javascript-adapter.adoc
View file

@ -31,7 +31,7 @@ The following example shows how to initialize the JavaScript adapter:
<script src="keycloak.js"></script>
<script>
function initKeycloak() {
var keycloak = new Keycloak();
const keycloak = new Keycloak();
keycloak.init().then(function(authenticated) {
alert(authenticated ? 'authenticated' : 'not authenticated');
}).catch(function() {
@ -50,14 +50,14 @@ If the `keycloak.json` file is in a different location you can specify it:
[source,javascript]
----
var keycloak = new Keycloak('http://localhost:8080/myapp/keycloak.json');
const keycloak = new Keycloak('http://localhost:8080/myapp/keycloak.json');
----
Alternatively, you can pass in a JavaScript object with the required configuration instead:
[source,javascript,subs="attributes+"]
----
var keycloak = new Keycloak({
const keycloak = new Keycloak({
url: 'http://keycloak-server${kc_base_path}',
realm: 'myrealm',
clientId: 'myapp'
@ -116,12 +116,12 @@ After the user is authenticated the application can make requests to RESTful ser
[source,javascript]
----
var loadData = function () {
const loadData = function () {
document.getElementById('username').innerText = keycloak.subject;
var url = 'http://localhost:8080/restful-service';
const url = 'http://localhost:8080/restful-service';
var req = new XMLHttpRequest();
let req = new XMLHttpRequest();
req.open('GET', url, true);
req.setRequestHeader('Accept', 'application/json');
req.setRequestHeader('Authorization', 'Bearer ' + keycloak.token);

34
securing_apps/topics/oidc/nodejs-adapter.adoc
View file

@ -51,11 +51,11 @@ involves no arguments.
[source,javascript]
----
var session = require('express-session');
var Keycloak = require('keycloak-connect');
const session = require('express-session');
const Keycloak = require('keycloak-connect');
var memoryStore = new session.MemoryStore();
var keycloak = new Keycloak({ store: memoryStore });
const memoryStore = new session.MemoryStore();
const keycloak = new Keycloak({ store: memoryStore });
----
By default, this will locate a file named `keycloak.json` alongside
@ -69,7 +69,7 @@ object, rather than the `keycloak.json` file:
[source,javascript,subs="attributes+"]
----
let kcConfig = {
const kcConfig = {
clientId: 'myclient',
bearerOnly: true,
serverUrl: 'http://localhost:8080{kc_base_path}',
@ -77,13 +77,13 @@ object, rather than the `keycloak.json` file:
realmPublicKey: 'MIIBIjANB...'
};
let keycloak = new Keycloak({ store: memoryStore }, kcConfig);
const keycloak = new Keycloak({ store: memoryStore }, kcConfig);
----
Applications can also redirect users to their preferred identity provider by using:
[source,javascript]
----
let keycloak = new Keycloak({ store: memoryStore, idpHint: myIdP }, kcConfig);
const keycloak = new Keycloak({ store: memoryStore, idpHint: myIdP }, kcConfig);
----
Configuring a web session store::
@ -94,16 +94,16 @@ server-side state for authentication, you need to initialize the
session store that `express-session` is using.
[source,javascript]
----
var session = require('express-session');
var memoryStore = new session.MemoryStore();
const session = require('express-session');
const memoryStore = new session.MemoryStore();
var keycloak = new Keycloak({ store: memoryStore });
const keycloak = new Keycloak({ store: memoryStore });
----
Passing a custom scope value::
By default, the scope value `openid` is passed as a query parameter to {project_name}'s login URL, but you can add an additional custom value:
[source,javascript]
var keycloak = new Keycloak({ scope: 'offline_access' });
const keycloak = new Keycloak({ scope: 'offline_access' });
==== Installing middleware
@ -111,7 +111,7 @@ Once instantiated, install the middleware into your connect-capable app:
[source,javascript]
----
var app = express();
const app = express();
app.use( keycloak.middleware() );
----
@ -127,7 +127,7 @@ Example configuration:
[source,javascript]
----
var app = express();
const app = express();
app.set( 'trust proxy', true );
@ -196,8 +196,8 @@ If `response_mode` is set to `token`, permissions are obtained from the server o
[source,javascript]
----
app.get('/apis/me', keycloak.enforcer('user:profile', {response_mode: 'token'}), function (req, res) {
var token = req.kauth.grant.access_token.content;
var permissions = token.authorization ? token.authorization.permissions : undefined;
const token = req.kauth.grant.access_token.content;
const permissions = token.authorization ? token.authorization.permissions : undefined;
// show user profile
});
@ -210,7 +210,7 @@ If `response_mode` is set to `permissions` (default mode), the server only retur
[source,javascript]
----
app.get('/apis/me', keycloak.enforcer('user:profile', {response_mode: 'permissions'}), function (req, res) {
var permissions = req.permissions;
const permissions = req.permissions;
// show user profile
});
@ -277,7 +277,7 @@ For example, this override checks if the URL contains /api/ and disables login r
[source,javascript]
----
Keycloak.prototype.redirectToLogin = function(req) {
var apiReqMatcher = /\/api\//i;
const apiReqMatcher = /\/api\//i;
return !apiReqMatcher.test(req.originalUrl || req.url);
};
----

2
server_admin/topics/identity-broker/suggested.adoc
View file

@ -20,7 +20,7 @@ If you are using the `keycloak.js` adapter, you can also achieve the same behavi
[source,javascript]
----
var keycloak = new Keycloak('keycloak.json');
const keycloak = new Keycloak('keycloak.json');
keycloak.createLoginUrl({
idpHint: 'facebook'