From c28ac8a6be98ab36087550621a9d4fb9df112ed3 Mon Sep 17 00:00:00 2001 From: Dan Date: Mon, 6 Mar 2023 12:50:18 -0500 Subject: [PATCH 1/3] Minor fix to avoid an endless set of error messages if your session times out and you are using the builtin openid. --- spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py index 7b9a268a..b36ef225 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py @@ -101,7 +101,7 @@ def verify_token( refresh_token ) ) - if auth_token and "error" not in auth_token: + if auth_token and "error" not in auth_token and "id_token" in auth_token: tld = current_app.config["THREAD_LOCAL_DATA"] tld.new_access_token = auth_token["id_token"] tld.new_id_token = auth_token["id_token"] From 1bdc985982855f64bad1bc285dd539f947f44d2c Mon Sep 17 00:00:00 2001 From: burnettk Date: Mon, 6 Mar 2023 13:11:21 -0500 Subject: [PATCH 2/3] add test users, including for automated pp1 test --- .../realm_exports/spiffworkflow-realm.json | 315 ++++++++++++++++-- .../keycloak/test_user_lists/status | 11 + 2 files changed, 295 insertions(+), 31 deletions(-) diff --git a/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json b/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json index e68e696e..a017d710 100644 --- a/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json +++ b/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json @@ -396,7 +396,7 @@ "otpPolicyLookAheadWindow" : 1, "otpPolicyPeriod" : 30, "otpPolicyCodeReusable" : false, - "otpSupportedApplications" : [ "totpAppGoogleName", "totpAppFreeOTPName" ], + "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName" ], "webAuthnPolicyRpEntityName" : "keycloak", "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], "webAuthnPolicyRpId" : "", @@ -531,6 +531,29 @@ }, "notBefore" : 0, "groups" : [ ] + }, { + "id" : "403c2a71-c5c4-4115-a14d-75a70dbe6e6c", + "createdTimestamp" : 1678126023668, + "username" : "codex-a1.sme", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "codex-a1.sme@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "209" ] + }, + "credentials" : [ { + "id" : "c527df67-8fff-4587-b86d-fc7965d0bd47", + "type" : "password", + "createdDate" : 1678126023703, + "secretData" : "{\"value\":\"oD/WuYocBrcP5yfkjCHvW+sK20ElfxsUVa9rmA12+58CZFjkhHSk7QVRYwJEiWWU/ORmOG2tW5W1/+A4OA+USQ==\",\"salt\":\"prfujzQQ931j8RuRbqZBqQ==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] }, { "id" : "7721b278-b117-45c6-9e98-d66efa6272a4", "createdTimestamp" : 1677187934488, @@ -715,6 +738,52 @@ "realmRoles" : [ "default-roles-spiffworkflow" ], "notBefore" : 0, "groups" : [ ] + }, { + "id" : "5721e849-6583-4f98-9519-3d8bc7644604", + "createdTimestamp" : 1678126023999, + "username" : "core-a1.contributor", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "core-a1.contributor@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "202" ] + }, + "credentials" : [ { + "id" : "c2e7d8de-9143-4ca9-9a39-175902182d3e", + "type" : "password", + "createdDate" : 1678126024033, + "secretData" : "{\"value\":\"qxP9sTgPmD90x/78eRajEaofs2HXp6pLAzpXwMOeZJ6Q72WBhcbtdZ1p8gBykkmuZ90FdtHRvd2ggvErF/VcZg==\",\"salt\":\"hg4NpUbzHwF1e9d8Sh/wCw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "7f5d440c-6bd2-4b13-98a0-ba286f770d34", + "createdTimestamp" : 1678126024071, + "username" : "core-a2.contributor", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "core-a2.contributor@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "203" ] + }, + "credentials" : [ { + "id" : "d866d12f-ba5a-4948-bf77-c7704962d3a0", + "type" : "password", + "createdDate" : 1678126024105, + "secretData" : "{\"value\":\"NzeXrpYEF1y8rBWo250JtWCoF6i/oFIpjU/h01P0cXcr9IXPIZ3YcymrBebD5qN58tIFcmbNRqpdixrKScEZSw==\",\"salt\":\"WQP+VJk5SrXfUjakwIYt+Q==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] }, { "id" : "0bc23c31-47d3-4112-89b9-e43eb1cb0038", "createdTimestamp" : 1676302140217, @@ -831,8 +900,8 @@ "notBefore" : 0, "groups" : [ ] }, { - "id" : "9b7820b2-ad02-431f-a603-2d9b7d4415c8", - "createdTimestamp" : 1677181801624, + "id" : "5119e7f6-9b0f-4e04-824a-9c5ef87fdb42", + "createdTimestamp" : 1678126023934, "username" : "core6.contributor", "enabled" : true, "totp" : false, @@ -842,10 +911,10 @@ "spiffworkflow-employeeid" : [ "199" ] }, "credentials" : [ { - "id" : "b6cc5352-e173-44e2-a37d-3607b606ab1b", + "id" : "f219e401-0fdb-4b73-be77-d01bb0caa448", "type" : "password", - "createdDate" : 1677181801659, - "secretData" : "{\"value\":\"ZIjW8sUAJ5AczMOy+3Jgq82F0hvXqWmcLsmVY88hgVr4rkdjMu0+oOv36OfLFeFNwJrNxQAAots7RGuAyPbZQg==\",\"salt\":\"y6SgpBIdSuEzeJpeFx7/GQ==\",\"additionalParameters\":{}}", + "createdDate" : 1678126023967, + "secretData" : "{\"value\":\"zdr8Psnlti56oHo8f/wuuZb5p7ZRpDQKHGFsrkjtl0VaOn2uNOeUmCqXLQ4UGyGssK8Qn8s8R62yrFKUNeeSjA==\",\"salt\":\"9MlVZL9xo3OWvlsvyXt0UQ==\",\"additionalParameters\":{}}", "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" } ], "disableableCredentialTypes" : [ ], @@ -916,6 +985,29 @@ "realmRoles" : [ "default-roles-spiffworkflow" ], "notBefore" : 0, "groups" : [ ] + }, { + "id" : "edbd1e5b-d5c3-4a32-8a79-057a138b6e90", + "createdTimestamp" : 1678126023732, + "username" : "desktop-a1.sme", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "desktop-a1.sme@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "210" ] + }, + "credentials" : [ { + "id" : "a7241c3c-967e-4769-8d7b-2080420449a6", + "type" : "password", + "createdDate" : 1678126023768, + "secretData" : "{\"value\":\"cZWUniaLJfn3qy/jKagx2i6VPohejBUlZKSSulbBmJM5UhG/KeqWmSbC/iqQKTQLlLR7MwviY0CEDSH3vIjX0Q==\",\"salt\":\"1sZMEktCurx4pLqpfH6kXg==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] }, { "id" : "a12635e9-084c-4724-aa5b-327fd23c262e", "createdTimestamp" : 1676302141100, @@ -1200,6 +1292,29 @@ "realmRoles" : [ "default-roles-spiffworkflow" ], "notBefore" : 0, "groups" : [ ] + }, { + "id" : "7c38c256-dc06-461e-a1f8-97150be39475", + "createdTimestamp" : 1678126023264, + "username" : "fluffy.project-lead", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "fluffy.project-lead@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "162" ] + }, + "credentials" : [ { + "id" : "92532886-8b9c-4054-9bef-2674eb495500", + "type" : "password", + "createdDate" : 1678126023299, + "secretData" : "{\"value\":\"i8aUsn2U/uNoCJdFWCSlDYDzLnRLzanEvO3k6a12EPj/r6WdhX9jWE+4FqnmPTG8j4Dl8S7iAe2KrMjuRogJxQ==\",\"salt\":\"jvtLSF1owwuEr1SyCkslFA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] }, { "id" : "98f7b174-40a9-4717-a193-fbe76f3ad127", "createdTimestamp" : 1676302141803, @@ -1223,6 +1338,29 @@ "realmRoles" : [ "default-roles-spiffworkflow" ], "notBefore" : 0, "groups" : [ ] + }, { + "id" : "f0bf1e1b-c5fa-4574-9c09-aaad3886ac5f", + "createdTimestamp" : 1678126023332, + "username" : "infra-a1.sme", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "infra-a1.sme@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "204" ] + }, + "credentials" : [ { + "id" : "0e1f9819-cc3b-47db-b939-cd6d6052c35e", + "type" : "password", + "createdDate" : 1678126023367, + "secretData" : "{\"value\":\"l5/3UqrG2juQyvH12akeT2Uocah5VgUbCkvUpjSNxpZ2t9QeCCMTuPpYD0qUACTunfZZC48j/dyxu1uPv5ob5g==\",\"salt\":\"tx4fGTpaoQNFl2xneExNug==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] }, { "id" : "4f3fadc8-f0a3-45fb-8710-c054385b866b", "createdTimestamp" : 1676302141941, @@ -1547,6 +1685,29 @@ "realmRoles" : [ "default-roles-spiffworkflow" ], "notBefore" : 0, "groups" : [ ] + }, { + "id" : "955c6a18-5aad-4e7f-aed5-725e3e41acf7", + "createdTimestamp" : 1678126023400, + "username" : "legal-a1.sme", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "legal-a1.sme@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "205" ] + }, + "credentials" : [ { + "id" : "713c171f-a82a-4f2f-a185-714609858efc", + "type" : "password", + "createdDate" : 1678126023436, + "secretData" : "{\"value\":\"fjMhEu8f7paU6suq19v2/XclTijY6HG7U7bUexYE579wZcBG345fmpGRuLoTL3BQsNJQHzzByryxYUbb3HjalA==\",\"salt\":\"TJuX9tqhDtt9rkkAy6yTTw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] }, { "id" : "6e9129f9-34f8-43bb-953b-de4156d425ba", "createdTimestamp" : 1676302142894, @@ -1817,6 +1978,29 @@ "realmRoles" : [ "default-roles-spiffworkflow" ], "notBefore" : 0, "groups" : [ ] + }, { + "id" : "7f34beba-e1e1-458a-8d23-eb07d6e3800c", + "createdTimestamp" : 1678126023154, + "username" : "nimbus.program-lead", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "nimbus.program-lead@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "161" ] + }, + "credentials" : [ { + "id" : "7973b07b-db96-4c9d-989b-8441bed69d2e", + "type" : "password", + "createdDate" : 1678126023210, + "secretData" : "{\"value\":\"WNG4RlzGVsz5xEwiiv0GFB5jiHrkVgImE3mbJRVn0NNgqM7g+1qfRHm/DWTV2ZOnO8NuC6nJr6BWZeqDq5lRKw==\",\"salt\":\"gUbtnSkleLO2G01khwtlLg==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] }, { "id" : "df72b3d2-07fd-4cb0-a447-a1c433db49d5", "createdTimestamp" : 1676302143785, @@ -1840,6 +2024,29 @@ "realmRoles" : [ "default-roles-spiffworkflow" ], "notBefore" : 0, "groups" : [ ] + }, { + "id" : "b914bb58-77a9-4376-964a-f806c7c084c5", + "createdTimestamp" : 1678126023604, + "username" : "peopleops.partner-a1.sme", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "peopleops.partner-a1.sme@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "208" ] + }, + "credentials" : [ { + "id" : "208fbfd5-4267-49dd-911d-766fe9784e1e", + "type" : "password", + "createdDate" : 1678126023639, + "secretData" : "{\"value\":\"nEVx7QCmUNE7N1trDn7cCVhzSFF3AIikL8/D2ghbS7uSalqSI0k5eeL2sdE+lVjH6+v9TH5en0/C96wiqdtR8A==\",\"salt\":\"Jt2RyXkXuKrQcHX0Li/z4g==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] }, { "id" : "69697a8c-00b4-485a-a651-e19824c60936", "createdTimestamp" : 1676302143531, @@ -2093,6 +2300,29 @@ "realmRoles" : [ "default-roles-spiffworkflow" ], "notBefore" : 0, "groups" : [ ] + }, { + "id" : "03baabf7-6a1a-440a-acb8-d05dbf18b947", + "createdTimestamp" : 1678126023533, + "username" : "ppg.ba-a1.sme", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "ppg.ba-a1.sme@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "207" ] + }, + "credentials" : [ { + "id" : "adaea451-830c-448f-9e2f-2d66cab42a4c", + "type" : "password", + "createdDate" : 1678126023567, + "secretData" : "{\"value\":\"0xjJpnEOUNjxMzJ1qYFlgJ6EjIxX7sZ6nXUoZIg08vLJZaVDJQ+UiTtPEOoTTh+iGoj/rmLQDwd9A7u7WbrTGg==\",\"salt\":\"HttQ5JLWUoxCuXyfBQJAHA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] }, { "id" : "4c327a1e-8075-46de-9d9d-db98012c4002", "createdTimestamp" : 1676302144292, @@ -2277,6 +2507,29 @@ "realmRoles" : [ "default-roles-spiffworkflow" ], "notBefore" : 0, "groups" : [ ] + }, { + "id" : "877da767-ffba-4179-a441-17c5fafae495", + "createdTimestamp" : 1678126023467, + "username" : "security-a1.sme", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "security-a1.sme@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "206" ] + }, + "credentials" : [ { + "id" : "54d5792b-2da3-458e-af67-7d6df17e1dee", + "type" : "password", + "createdDate" : 1678126023502, + "secretData" : "{\"value\":\"UVwdtK6jNdEoOdCSfyPph/wRO2P6Po2IdlkZXS+NDzRBoFOxlankETXvEiF2HttwTXtLASdzo2UuHNgtQ4Q/Ug==\",\"salt\":\"Nkv0K+Dl7nisvAKUvIlXUw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] }, { "id" : "c85c76fb-2912-4ffa-bab5-55bfc1c300ff", "createdTimestamp" : 1676302144924, @@ -3773,7 +4026,7 @@ "subType" : "authenticated", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "oidc-address-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper" ] + "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "saml-user-property-mapper" ] } }, { "id" : "d68e938d-dde6-47d9-bdc8-8e8523eb08cd", @@ -3791,7 +4044,7 @@ "subType" : "anonymous", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper" ] + "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper" ] } }, { "id" : "3854361d-3fe5-47fb-9417-a99592e3dc5c", @@ -3881,7 +4134,7 @@ "internationalizationEnabled" : false, "supportedLocales" : [ ], "authenticationFlows" : [ { - "id" : "0e6ef523-0828-4847-9646-37c2833ad205", + "id" : "84c5d297-0fe5-423d-a563-506a227fd48e", "alias" : "Account verification options", "description" : "Method with which to verity the existing account", "providerId" : "basic-flow", @@ -3903,7 +4156,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "7edc2f58-0e95-4374-b49c-8589b0a7ee64", + "id" : "f816c0fb-937d-4874-823c-982e8a5b895d", "alias" : "Authentication Options", "description" : "Authentication options.", "providerId" : "basic-flow", @@ -3932,7 +4185,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "a4ad982f-def5-4845-840d-971205cae536", + "id" : "f9ae89b4-a726-4672-bcde-5c7d5bcae312", "alias" : "Browser - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -3954,7 +4207,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "daa18225-9c2b-47b8-b31f-152cd64f4202", + "id" : "f56fc357-0772-4bd3-9c15-7a0265c13ae2", "alias" : "Direct Grant - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -3976,7 +4229,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "113bca83-78e1-4148-9124-27aeb9e278d3", + "id" : "e34eb5aa-0f88-4f92-8f1e-d64919a7313e", "alias" : "First broker login - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -3998,7 +4251,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "cd8c8c26-aa53-4cd4-a3e0-74a4a4376a98", + "id" : "5c3ff777-1fd3-4e13-a500-87fd064d4f56", "alias" : "Handle Existing Account", "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId" : "basic-flow", @@ -4020,7 +4273,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "12cb511e-64b3-4506-8905-3e5c8f08fad9", + "id" : "a1684709-c4f0-493f-8eef-08cc4331b068", "alias" : "Reset - Conditional OTP", "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId" : "basic-flow", @@ -4042,7 +4295,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "89863115-cb99-4fbf-abfe-6a8a404b5148", + "id" : "ddb4247d-e70f-4b3e-8c58-2127539df878", "alias" : "User creation or linking", "description" : "Flow for the existing/non-existing user alternatives", "providerId" : "basic-flow", @@ -4065,7 +4318,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "c90e6d81-9306-41d0-8376-8c237b8757c6", + "id" : "c1feb17c-2704-4854-abde-f2d97e1441eb", "alias" : "Verify Existing Account by Re-authentication", "description" : "Reauthentication of existing account", "providerId" : "basic-flow", @@ -4087,7 +4340,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "6d13fbf1-ba5d-4246-8085-5997f8d44941", + "id" : "5c7e4833-d2ce-4973-9da5-370c77efda7d", "alias" : "browser", "description" : "browser based authentication", "providerId" : "basic-flow", @@ -4123,7 +4376,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "b68f54f3-6361-4480-82ed-a508be0376c2", + "id" : "5b0ab6fc-da4c-4b1f-8036-3c6848a7b648", "alias" : "clients", "description" : "Base authentication for clients", "providerId" : "client-flow", @@ -4159,7 +4412,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "8260dae3-441c-4d08-b96a-591ea07c10a6", + "id" : "1c2c738c-2f40-4dcd-b82d-17b8d32b34dc", "alias" : "direct grant", "description" : "OpenID Connect Resource Owner Grant", "providerId" : "basic-flow", @@ -4188,7 +4441,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "3a101262-fb6e-453a-94a4-9119c12d4577", + "id" : "24544f4c-2e68-4f0e-9d7d-791e63b2c705", "alias" : "docker auth", "description" : "Used by Docker clients to authenticate against the IDP", "providerId" : "basic-flow", @@ -4203,7 +4456,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "ef1643ac-cf03-41e8-bd89-659de5288339", + "id" : "6104dbf5-a433-454b-abba-c46665c0cfe3", "alias" : "first broker login", "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId" : "basic-flow", @@ -4226,7 +4479,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "409616c0-64ab-4a9c-a286-a446ea717b53", + "id" : "ef60185e-3c7b-425e-b813-91b1a59ccddb", "alias" : "forms", "description" : "Username, password, otp and other auth forms.", "providerId" : "basic-flow", @@ -4248,7 +4501,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "a90dd7dc-f6b6-4cd1-85f4-f5aec95e5c7b", + "id" : "f5292250-2f32-4021-a4ed-fb8316c22331", "alias" : "http challenge", "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", "providerId" : "basic-flow", @@ -4270,7 +4523,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "aa535b04-a256-4c0a-aad6-aaa6d053f821", + "id" : "60919bb8-7857-4217-9a3e-7f2c44396dd7", "alias" : "registration", "description" : "registration flow", "providerId" : "basic-flow", @@ -4286,7 +4539,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "cbaa3dde-4b4b-4344-841f-ba7468734286", + "id" : "e16f693e-70e8-446f-bab0-c5ee7ce14506", "alias" : "registration form", "description" : "registration form", "providerId" : "form-flow", @@ -4322,7 +4575,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "62c55336-4753-4c4e-a4f9-03adb86f253f", + "id" : "61441726-52c9-4720-b801-0fc4e7a89912", "alias" : "reset credentials", "description" : "Reset credentials for a user if they forgot their password or something", "providerId" : "basic-flow", @@ -4358,7 +4611,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "35366a6a-8669-4110-9c62-a4f195243f2c", + "id" : "87a6ced7-419e-419c-ba66-3aaad4a4970a", "alias" : "saml ecp", "description" : "SAML ECP Profile Authentication Flow", "providerId" : "basic-flow", @@ -4374,13 +4627,13 @@ } ] } ], "authenticatorConfig" : [ { - "id" : "0d2f25a1-c358-4f08-9b44-02559d1d2b5f", + "id" : "0e0bacbb-9901-4f91-9eec-ef3b8816919b", "alias" : "create unique user config", "config" : { "require.password.update.after.registration" : "false" } }, { - "id" : "350789a4-bbaf-4cba-999d-f40f4cc632ea", + "id" : "c4fecfc8-120e-44e7-8576-c2aafd9d433f", "alias" : "review profile config", "config" : { "update.profile.on.first.login" : "missing" @@ -4475,4 +4728,4 @@ "clientPolicies" : { "policies" : [ ] } -} +} \ No newline at end of file diff --git a/spiffworkflow-backend/keycloak/test_user_lists/status b/spiffworkflow-backend/keycloak/test_user_lists/status index 292bbb94..23b865a9 100644 --- a/spiffworkflow-backend/keycloak/test_user_lists/status +++ b/spiffworkflow-backend/keycloak/test_user_lists/status @@ -2,6 +2,7 @@ email,spiffworkflow-employeeid # admin@spiffworkflow.org amir@status.im app.program-lead@status.im,121 +codex-a1.sme@status.im,209 codex.project-lead@status.im,153 codex.sme@status.im,185 codex1.sme@status.im,186 @@ -9,6 +10,8 @@ codex2.sme@status.im,187 codex3.sme@status.im,188 codex4.sme@status.im,189 codex5.sme@status.im,190 +core-a1.contributor@status.im,202 +core-a2.contributor@status.im,203 core1.contributor@status.im,155 core2.contributor@status.im,156 core3.contributor@status.im,157 @@ -17,6 +20,7 @@ core5.contributor@status.im,159 core6.contributor@status.im,199 core@status.im,113 dao.project.lead@status.im +desktop-a1.sme@status.im,210 desktop.program.lead@status.im desktop.project-lead@status.im,192 desktop.project.lead@status.im @@ -29,7 +33,9 @@ desktop5.sme@status.im,198 fin@status.im,118 finance.lead@status.im,128 finance_user1@status.im +fluffy.project-lead@status.im,162 harmeet@status.im,109 +infra-a1.sme@status.im,204 infra.project-lead@status.im,130 infra.sme@status.im,119 infra1.sme@status.im,131 @@ -40,6 +46,7 @@ infra5.sme@status.im,176 jakub@status.im jarrad@status.im lead@status.im,114 +legal-a1.sme@status.im,205 legal.project-lead@status.im,133 legal.sme@status.im,125 legal1.sme@status.im,134 @@ -49,6 +56,8 @@ legal4.sme@status.im,177 legal5.sme@status.im,178 logos.program-lead@status.im,160 manuchehr@status.im,110 +nimbus.program-lead@status.im,161 +peopleops.partner-a1.sme@status.im,208 peopleops.partner.sme@status.im,148 peopleops.partner1.sme@status.im,149 peopleops.partner2.sme@status.im,173 @@ -60,6 +69,7 @@ peopleops.project-lead@status.im,147 peopleops.talent.sme@status.im,143 peopleops.talent1.sme@status.im,142 peopleops.talent@status.im,141 +ppg.ba-a1.sme@status.im,207 ppg.ba.project-lead@status.im,137 ppg.ba.sme@status.im,138 ppg.ba1.sme@status.im,170 @@ -69,6 +79,7 @@ ppg.ba4.sme@status.im,200 ppg.ba5.sme@status.im,201 ppg.ba@status.im,127 sasha@status.im,112 +security-a1.sme@status.im,206 security.project-lead@status.im,151 security.sme@status.im,123 security1.sme@status.im,135 From 328fdf88f06137fbc4cc020a12babf9b078de650 Mon Sep 17 00:00:00 2001 From: jasquat Date: Mon, 6 Mar 2023 14:28:55 -0500 Subject: [PATCH 3/3] pyl --- .../keycloak/realm_exports/spiffworkflow-realm.json | 2 +- .../src/spiffworkflow_backend/routes/user.py | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json b/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json index a017d710..008755eb 100644 --- a/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json +++ b/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json @@ -4728,4 +4728,4 @@ "clientPolicies" : { "policies" : [ ] } -} \ No newline at end of file +} diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py index b36ef225..dfe846bc 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py @@ -101,7 +101,11 @@ def verify_token( refresh_token ) ) - if auth_token and "error" not in auth_token and "id_token" in auth_token: + if ( + auth_token + and "error" not in auth_token + and "id_token" in auth_token + ): tld = current_app.config["THREAD_LOCAL_DATA"] tld.new_access_token = auth_token["id_token"] tld.new_id_token = auth_token["id_token"]