Compare commits
31 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 144b988ee8 | |||
| eae69c497c | |||
| 8a6e8cd71d | |||
| fd90a248c9 | |||
| d3d075c13d | |||
| 4d93162c0c | |||
| b9ef52c12b | |||
| 9de990a36c | |||
| 4a6b8f5ba2 | |||
| 4be53c6e7c | |||
| 3facb173c0 | |||
| 5241113727 | |||
| 1222bb7fc1 | |||
| 9cf52bf9b2 | |||
4bd0b347de
|
|||
|
60a2934297
|
|||
| f1adc3ce97 | |||
| 529d8b2f64 | |||
| 54ad89fbdd | |||
| 5354a21a6b | |||
| 97bee7d209 | |||
| 2b5a1de2f4 | |||
| 955049dccc | |||
| 25c7372f38 | |||
| db5482ff78 | |||
| 51fac9b45f | |||
| bc974d12cb | |||
| d00b10277e | |||
| 804d1441f9 | |||
|
8050a9007a
|
|||
|
f0775bb60f
|
@ -1,11 +1,13 @@
|
|||||||
name: deploy
|
name: Keycloak mailcow Build
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches: [main]
|
branches: [main]
|
||||||
|
pull_request:
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
deploy:
|
release:
|
||||||
|
name: Build und Bereitstellung
|
||||||
runs-on: act-runner-user
|
runs-on: act-runner-user
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
@ -16,11 +18,13 @@ jobs:
|
|||||||
mvn package
|
mvn package
|
||||||
|
|
||||||
- name: Remove old version
|
- name: Remove old version
|
||||||
|
if: gitea.event_name == 'push'
|
||||||
run: |
|
run: |
|
||||||
rm -rf /opt/data/keycloak/providers/spring-security-crypto-*.jar
|
rm -rf /opt/data/keycloak/providers/spring-security-crypto-*.jar
|
||||||
rm -rf /opt/data/keycloak/providers/keycloak-mailcow-*.jar
|
rm -rf /opt/data/keycloak/providers/keycloak-mailcow-*.jar
|
||||||
|
|
||||||
- name: Deploy
|
- name: Deploy
|
||||||
|
if: gitea.event_name == 'push'
|
||||||
run: |
|
run: |
|
||||||
export SPRINGSEC_VERSION=$(xmlstarlet sel -N x="http://maven.apache.org/POM/4.0.0" -t -m 'x:project/x:properties/x:version.springsec' -v . pom.xml)
|
export SPRINGSEC_VERSION=$(xmlstarlet sel -N x="http://maven.apache.org/POM/4.0.0" -t -m 'x:project/x:properties/x:version.springsec' -v . pom.xml)
|
||||||
curl -sL \
|
curl -sL \
|
||||||
@ -29,14 +33,15 @@ jobs:
|
|||||||
export SPI_VERSION=$(xmlstarlet sel -N x="http://maven.apache.org/POM/4.0.0" -t -m 'x:project/x:version' -v . pom.xml)
|
export SPI_VERSION=$(xmlstarlet sel -N x="http://maven.apache.org/POM/4.0.0" -t -m 'x:project/x:version' -v . pom.xml)
|
||||||
cp -r target/keycloak-mailcow-$SPI_VERSION.jar /opt/data/keycloak/providers/keycloak-mailcow-$SPI_VERSION.jar
|
cp -r target/keycloak-mailcow-$SPI_VERSION.jar /opt/data/keycloak/providers/keycloak-mailcow-$SPI_VERSION.jar
|
||||||
|
|
||||||
|
- name: Restart Keycloak
|
||||||
|
if: gitea.event_name == 'push'
|
||||||
|
run: |
|
||||||
|
curl -X POST -H "X-API-KEY: ${{ secrets.PORTAINER_API_KEY }}" https://docker.cantorgymnasium.de/api/stacks/48/stop\?endpointId\=1
|
||||||
|
curl -X POST -H "X-API-KEY: ${{ secrets.PORTAINER_API_KEY }}" https://docker.cantorgymnasium.de/api/stacks/48/start\?endpointId\=1
|
||||||
|
|
||||||
- name: Notification
|
- name: Notification
|
||||||
uses: actions/telegram-action@main
|
uses: actions/telegram-action@main
|
||||||
if: always()
|
if: always()
|
||||||
with:
|
with:
|
||||||
chat_id: ${{ secrets.TG_CHAT_ID }}
|
chat_id: ${{ secrets.TG_CHAT_ID }}
|
||||||
token: ${{ secrets.TG_TOKEN }}
|
token: ${{ secrets.TG_TOKEN }}
|
||||||
|
|
||||||
- name: Restart Keycloak
|
|
||||||
run: |
|
|
||||||
curl -X POST -H "X-API-KEY: ${{ secrets.PORTAINER_API_KEY }}" https://docker.cantorgymnasium.de/api/stacks/48/stop\?endpointId\=1
|
|
||||||
curl -X POST -H "X-API-KEY: ${{ secrets.PORTAINER_API_KEY }}" https://docker.cantorgymnasium.de/api/stacks/48/start\?endpointId\=1
|
|
||||||
12
pom.xml
12
pom.xml
@ -8,12 +8,12 @@
|
|||||||
|
|
||||||
<groupId>de.cantorgymnasium</groupId>
|
<groupId>de.cantorgymnasium</groupId>
|
||||||
<artifactId>keycloak-mailcow</artifactId>
|
<artifactId>keycloak-mailcow</artifactId>
|
||||||
<version>1.0.1</version>
|
<version>1.1.0</version>
|
||||||
<packaging>jar</packaging>
|
<packaging>jar</packaging>
|
||||||
|
|
||||||
<properties>
|
<properties>
|
||||||
<version.keycloak>23.0.1</version.keycloak>
|
<version.keycloak>25.0.6</version.keycloak>
|
||||||
<version.springsec>6.2.1</version.springsec>
|
<version.springsec>6.3.3</version.springsec>
|
||||||
</properties>
|
</properties>
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
@ -31,7 +31,7 @@
|
|||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.keycloak</groupId>
|
<groupId>org.keycloak</groupId>
|
||||||
<artifactId>keycloak-model-legacy</artifactId>
|
<artifactId>keycloak-model-storage</artifactId>
|
||||||
<scope>provided</scope>
|
<scope>provided</scope>
|
||||||
<version>${version.keycloak}</version>
|
<version>${version.keycloak}</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
@ -50,7 +50,7 @@
|
|||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.slf4j</groupId>
|
<groupId>org.slf4j</groupId>
|
||||||
<artifactId>slf4j-api</artifactId>
|
<artifactId>slf4j-api</artifactId>
|
||||||
<version>2.0.9</version>
|
<version>2.0.16</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.springframework.security</groupId>
|
<groupId>org.springframework.security</groupId>
|
||||||
@ -64,7 +64,7 @@
|
|||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.apache.maven.plugins</groupId>
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
<artifactId>maven-compiler-plugin</artifactId>
|
<artifactId>maven-compiler-plugin</artifactId>
|
||||||
<version>3.11.0</version>
|
<version>3.13.0</version>
|
||||||
<configuration>
|
<configuration>
|
||||||
<source>17</source>
|
<source>17</source>
|
||||||
<target>17</target>
|
<target>17</target>
|
||||||
|
|||||||
3
renovate.json
Normal file
3
renovate.json
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
{
|
||||||
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json"
|
||||||
|
}
|
||||||
@ -5,7 +5,7 @@ import java.util.Map;
|
|||||||
|
|
||||||
import org.keycloak.common.util.MultivaluedHashMap;
|
import org.keycloak.common.util.MultivaluedHashMap;
|
||||||
import org.keycloak.component.ComponentModel;
|
import org.keycloak.component.ComponentModel;
|
||||||
import org.keycloak.credential.LegacyUserCredentialManager;
|
import org.keycloak.credential.UserCredentialManager;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.SubjectCredentialManager;
|
import org.keycloak.models.SubjectCredentialManager;
|
||||||
@ -130,6 +130,6 @@ class mailcowUser extends AbstractUserAdapter {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public SubjectCredentialManager credentialManager() {
|
public SubjectCredentialManager credentialManager() {
|
||||||
return new LegacyUserCredentialManager(session, realm, this);
|
return new UserCredentialManager(session, realm, this);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -49,19 +49,19 @@ public class mailcowUserStorageProvider implements UserStorageProvider,
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void close() {
|
public void close() {
|
||||||
logger.info("[mailcow] close()");
|
logger.debug("[mailcow] close()");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public UserModel getUserById(RealmModel realm, String id) {
|
public UserModel getUserById(RealmModel realm, String id) {
|
||||||
logger.info("[mailcow] getUserById({})", id);
|
logger.debug("[mailcow] getUserById({})", id);
|
||||||
StorageId sid = new StorageId(id);
|
StorageId sid = new StorageId(id);
|
||||||
return getUserByUsername(realm, sid.getExternalId());
|
return getUserByUsername(realm, sid.getExternalId());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public UserModel getUserByUsername(RealmModel realm, String username) {
|
public UserModel getUserByUsername(RealmModel realm, String username) {
|
||||||
logger.info("[mailcow] getUserByUsername({})", username);
|
logger.debug("[mailcow] getUserByUsername({})", username);
|
||||||
try (Connection c = DbUtil.getConnection(this.model)) {
|
try (Connection c = DbUtil.getConnection(this.model)) {
|
||||||
PreparedStatement st = c.prepareStatement(
|
PreparedStatement st = c.prepareStatement(
|
||||||
"select username, name, `mailbox`.`domain`, local_part FROM `mailbox` INNER JOIN domain on mailbox.domain = domain.domain WHERE `mailbox`.`active` = '1' AND `domain`.`active`='1' AND username = ?");
|
"select username, name, `mailbox`.`domain`, local_part FROM `mailbox` INNER JOIN domain on mailbox.domain = domain.domain WHERE `mailbox`.`active` = '1' AND `domain`.`active`='1' AND username = ?");
|
||||||
@ -80,7 +80,7 @@ public class mailcowUserStorageProvider implements UserStorageProvider,
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public UserModel getUserByEmail(RealmModel realm, String email) {
|
public UserModel getUserByEmail(RealmModel realm, String email) {
|
||||||
logger.info("[mailcow] getUserByEmail({})", email);
|
logger.debug("[mailcow] getUserByEmail({})", email);
|
||||||
try (Connection c = DbUtil.getConnection(this.model)) {
|
try (Connection c = DbUtil.getConnection(this.model)) {
|
||||||
PreparedStatement st = c.prepareStatement(
|
PreparedStatement st = c.prepareStatement(
|
||||||
"select username, name, `mailbox`.`domain`, local_part FROM `mailbox` INNER JOIN domain on mailbox.domain = domain.domain WHERE `mailbox`.`active` = '1' AND `domain`.`active`='1' AND username = ?");
|
"select username, name, `mailbox`.`domain`, local_part FROM `mailbox` INNER JOIN domain on mailbox.domain = domain.domain WHERE `mailbox`.`active` = '1' AND `domain`.`active`='1' AND username = ?");
|
||||||
@ -99,13 +99,13 @@ public class mailcowUserStorageProvider implements UserStorageProvider,
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean supportsCredentialType(String credentialType) {
|
public boolean supportsCredentialType(String credentialType) {
|
||||||
logger.info("[mailcow] supportsCredentialType({})", credentialType);
|
logger.debug("[mailcow] supportsCredentialType({})", credentialType);
|
||||||
return PasswordCredentialModel.TYPE.endsWith(credentialType);
|
return PasswordCredentialModel.TYPE.endsWith(credentialType);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isConfiguredFor(RealmModel realm, UserModel user, String credentialType) {
|
public boolean isConfiguredFor(RealmModel realm, UserModel user, String credentialType) {
|
||||||
logger.info("[mailcow] isConfiguredFor(realm={},user={},credentialType={})", realm.getName(),
|
logger.debug("[mailcow] isConfiguredFor(realm={},user={},credentialType={})", realm.getName(),
|
||||||
user.getUsername(), credentialType);
|
user.getUsername(), credentialType);
|
||||||
// In our case, password is the only type of credential, so we allways return
|
// In our case, password is the only type of credential, so we allways return
|
||||||
// 'true' if
|
// 'true' if
|
||||||
@ -114,7 +114,7 @@ public class mailcowUserStorageProvider implements UserStorageProvider,
|
|||||||
}
|
}
|
||||||
|
|
||||||
private boolean verifyHash(String hash, String password) {
|
private boolean verifyHash(String hash, String password) {
|
||||||
logger.info("[mailcow] verifyHash");
|
logger.debug("[mailcow] verifyHash");
|
||||||
Pattern pattern = Pattern.compile("\\{(.+)\\}(.+)");
|
Pattern pattern = Pattern.compile("\\{(.+)\\}(.+)");
|
||||||
Matcher matcher = pattern.matcher(hash);
|
Matcher matcher = pattern.matcher(hash);
|
||||||
while (matcher.find()) {
|
while (matcher.find()) {
|
||||||
@ -128,7 +128,7 @@ public class mailcowUserStorageProvider implements UserStorageProvider,
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isValid(RealmModel realm, UserModel user, CredentialInput credentialInput) {
|
public boolean isValid(RealmModel realm, UserModel user, CredentialInput credentialInput) {
|
||||||
logger.info("[mailcow] isValid(realm={},user={},credentialInput.type={})", realm.getName(), user.getUsername(),
|
logger.debug("[mailcow] isValid(realm={},user={},credentialInput.type={})", realm.getName(), user.getUsername(),
|
||||||
credentialInput.getType());
|
credentialInput.getType());
|
||||||
if (!this.supportsCredentialType(credentialInput.getType())) {
|
if (!this.supportsCredentialType(credentialInput.getType())) {
|
||||||
return false;
|
return false;
|
||||||
@ -157,7 +157,7 @@ public class mailcowUserStorageProvider implements UserStorageProvider,
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public int getUsersCount(RealmModel realm) {
|
public int getUsersCount(RealmModel realm) {
|
||||||
logger.info("[mailcow] getUsersCount: realm={}", realm.getName());
|
logger.debug("[mailcow] getUsersCount: realm={}", realm.getName());
|
||||||
try (Connection c = DbUtil.getConnection(this.model)) {
|
try (Connection c = DbUtil.getConnection(this.model)) {
|
||||||
Statement st = c.createStatement();
|
Statement st = c.createStatement();
|
||||||
st.execute(
|
st.execute(
|
||||||
@ -173,7 +173,7 @@ public class mailcowUserStorageProvider implements UserStorageProvider,
|
|||||||
@Override
|
@Override
|
||||||
public Stream<UserModel> getGroupMembersStream(RealmModel realm, GroupModel group, Integer firstResult,
|
public Stream<UserModel> getGroupMembersStream(RealmModel realm, GroupModel group, Integer firstResult,
|
||||||
Integer maxResults) {
|
Integer maxResults) {
|
||||||
logger.info("[mailcow] getUsers: realm={}", realm.getName());
|
logger.debug("[mailcow] getUsers: realm={}", realm.getName());
|
||||||
|
|
||||||
try (Connection c = DbUtil.getConnection(this.model)) {
|
try (Connection c = DbUtil.getConnection(this.model)) {
|
||||||
PreparedStatement st = c.prepareStatement(
|
PreparedStatement st = c.prepareStatement(
|
||||||
@ -182,7 +182,6 @@ public class mailcowUserStorageProvider implements UserStorageProvider,
|
|||||||
st.setInt(2, firstResult);
|
st.setInt(2, firstResult);
|
||||||
st.execute();
|
st.execute();
|
||||||
ResultSet rs = st.getResultSet();
|
ResultSet rs = st.getResultSet();
|
||||||
logger.info(rs.toString());
|
|
||||||
List<UserModel> users = new ArrayList<>();
|
List<UserModel> users = new ArrayList<>();
|
||||||
while (rs.next()) {
|
while (rs.next()) {
|
||||||
users.add(mapUser(realm, rs));
|
users.add(mapUser(realm, rs));
|
||||||
@ -198,7 +197,7 @@ public class mailcowUserStorageProvider implements UserStorageProvider,
|
|||||||
Integer maxResults) {
|
Integer maxResults) {
|
||||||
String search = params.get(UserModel.SEARCH);
|
String search = params.get(UserModel.SEARCH);
|
||||||
|
|
||||||
logger.info("[mailcow] searchForUser: realm={}, search={}", realm.getName(), search);
|
logger.debug("[mailcow] searchForUser: realm={}, search={}", realm.getName(), search);
|
||||||
|
|
||||||
try (Connection c = DbUtil.getConnection(this.model)) {
|
try (Connection c = DbUtil.getConnection(this.model)) {
|
||||||
PreparedStatement st;
|
PreparedStatement st;
|
||||||
|
|||||||
@ -20,7 +20,7 @@ public class mailcowUserStorageProviderFactory implements UserStorageProviderFac
|
|||||||
protected final List<ProviderConfigProperty> configMetadata;
|
protected final List<ProviderConfigProperty> configMetadata;
|
||||||
|
|
||||||
public mailcowUserStorageProviderFactory() {
|
public mailcowUserStorageProviderFactory() {
|
||||||
logger.info("[mailcow] mailcowUserStorageProviderFactory created");
|
logger.debug("[mailcow] mailcowUserStorageProviderFactory created");
|
||||||
|
|
||||||
// Create config metadata
|
// Create config metadata
|
||||||
configMetadata = ProviderConfigurationBuilder.create()
|
configMetadata = ProviderConfigurationBuilder.create()
|
||||||
@ -64,13 +64,13 @@ public class mailcowUserStorageProviderFactory implements UserStorageProviderFac
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public mailcowUserStorageProvider create(KeycloakSession ksession, ComponentModel model) {
|
public mailcowUserStorageProvider create(KeycloakSession ksession, ComponentModel model) {
|
||||||
logger.info("[mailcow] creating new mailcowUserStorageProvider");
|
logger.debug("[mailcow] creating new mailcowUserStorageProvider");
|
||||||
return new mailcowUserStorageProvider(ksession, model);
|
return new mailcowUserStorageProvider(ksession, model);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String getId() {
|
public String getId() {
|
||||||
logger.info("[mailcow] getId()");
|
logger.debug("[mailcow] getId()");
|
||||||
return "mailcow-user-provider";
|
return "mailcow-user-provider";
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -85,9 +85,9 @@ public class mailcowUserStorageProviderFactory implements UserStorageProviderFac
|
|||||||
throws ComponentValidationException {
|
throws ComponentValidationException {
|
||||||
|
|
||||||
try (Connection c = DbUtil.getConnection(config)) {
|
try (Connection c = DbUtil.getConnection(config)) {
|
||||||
logger.info("[mailcow] Testing connection...");
|
logger.debug("[mailcow] Testing connection...");
|
||||||
c.createStatement().execute(config.get(CONFIG_KEY_VALIDATION_QUERY));
|
c.createStatement().execute(config.get(CONFIG_KEY_VALIDATION_QUERY));
|
||||||
logger.info("[mailcow] Connection OK !");
|
logger.debug("[mailcow] Connection OK !");
|
||||||
} catch (Exception ex) {
|
} catch (Exception ex) {
|
||||||
logger.warn("[mailcow] Unable to validate connection: ex={}", ex.getMessage());
|
logger.warn("[mailcow] Unable to validate connection: ex={}", ex.getMessage());
|
||||||
throw new ComponentValidationException("Unable to validate database connection", ex);
|
throw new ComponentValidationException("Unable to validate database connection", ex);
|
||||||
@ -96,11 +96,11 @@ public class mailcowUserStorageProviderFactory implements UserStorageProviderFac
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void onUpdate(KeycloakSession session, RealmModel realm, ComponentModel oldModel, ComponentModel newModel) {
|
public void onUpdate(KeycloakSession session, RealmModel realm, ComponentModel oldModel, ComponentModel newModel) {
|
||||||
logger.info("[mailcow] onUpdate()");
|
logger.debug("[mailcow] onUpdate()");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void onCreate(KeycloakSession session, RealmModel realm, ComponentModel model) {
|
public void onCreate(KeycloakSession session, RealmModel realm, ComponentModel model) {
|
||||||
logger.info("[mailcow] onCreate()");
|
logger.debug("[mailcow] onCreate()");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user