From 9fe298a899ada90372a88bd3ffcc3b4088d7a45a Mon Sep 17 00:00:00 2001 From: kritzl Date: Sat, 1 Nov 2025 01:51:48 +0100 Subject: [PATCH] move auth chack to top of route handler --- .../ssh_key/SSHKeyResourceProvider.java | 61 +++++++++---------- 1 file changed, 30 insertions(+), 31 deletions(-) diff --git a/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProvider.java b/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProvider.java index 01fab43..7400069 100644 --- a/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProvider.java +++ b/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProvider.java @@ -49,50 +49,49 @@ public class SSHKeyResourceProvider implements RealmResourceProvider { @Path("export/{group_id}") @Produces(MediaType.APPLICATION_JSON) public Response exportKeys(@PathParam("group_id") String groupId) { + try { + AuthHelper.getAuth( + session, + authResult -> authResult.getToken().getIssuedFor().equals("admin-cli")); + } catch (Exception e) { + System.err.println(e); + return Response.status(401, e.getMessage()).build(); + } + UserProvider userProvider = session.users(); UserProfileProvider profileProvider = session.getProvider(UserProfileProvider.class); UPConfig upconfig = profileProvider.getConfiguration(); - List attributeNames = upconfig.getAttributes() .stream() .filter(a -> a.getGroup() != null && a.getGroup().equals("de.ccc.hamburg.keycloak.ssh_key.keys")) .map(a -> a.getName()) .toList(); - try { - AuthHelper.getAuth( - session, - authResult -> authResult.getToken().getIssuedFor().equals("admin-cli")); + RealmModel realm = session.getContext().getRealm(); - RealmModel realm = session.getContext().getRealm(); + // TODO: add allowlist check + GroupModel group = realm.getGroupById(groupId); - // TODO: add allowlist check - GroupModel group = realm.getGroupById(groupId); + Stream users = userProvider.getGroupMembersStream(realm, group); - Stream users = userProvider.getGroupMembersStream(realm, group); + List keys = users + .map(user -> { + return attributeNames + .stream() + .map(attributeName -> user.getAttributeStream(attributeName).findFirst()) + .filter(attribute -> attribute.isPresent()) + .map(attribute -> attribute.get()) + .toList(); + }) + .flatMap(List::stream) + .map(key -> { + final Matcher matcher = SSH_PUBLIC_KEY.matcher(key); + return matcher.find() ? matcher.group("key") : null; + }) + .filter(Objects::nonNull) + .toList(); - List keys = users - .map(user -> { - return attributeNames - .stream() - .map(attributeName -> user.getAttributeStream(attributeName).findFirst()) - .filter(attribute -> attribute.isPresent()) - .map(attribute -> attribute.get()) - .toList(); - }) - .flatMap(List::stream) - .map(key -> { - final Matcher matcher = SSH_PUBLIC_KEY.matcher(key); - return matcher.find() ? matcher.group("key") : null; - }) - .filter(Objects::nonNull) - .toList(); - - return Response.ok(Map.of("keys", keys)).build(); - } catch (Exception e) { - System.err.println(e); - return Response.status(401, e.getMessage()).build(); - } + return Response.ok(Map.of("keys", keys)).build(); }