diff --git a/.gitignore b/.gitignore index bf5d094f0c4..443e12ad50d 100644 --- a/.gitignore +++ b/.gitignore @@ -52,4 +52,6 @@ target # nodejs # ########## -node_modules \ No newline at end of file +# KEYCLOAK-5391: We will re-exclude node_modules when node_modules handling is worked out. +# For now, we keep our js libraries checked into GitHub, so we don't ignore. +#node_modules \ No newline at end of file diff --git a/README.md b/README.md index c2efec51d52..3fafffc6703 100755 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ Starting Keycloak To start Keycloak during development first build as specified above, then run: - mvn -f testsuite/integration/pom.xml exec:java -Pkeycloak-server + mvn -f testsuite/utils/pom.xml exec:java -Pkeycloak-server To start Keycloak from the server distribution first build the distribution it as specified above, then run: diff --git a/adapters/oidc/adapter-core/pom.xml b/adapters/oidc/adapter-core/pom.xml index a2f5b5bcffc..431032105d6 100755 --- a/adapters/oidc/adapter-core/pom.xml +++ b/adapters/oidc/adapter-core/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java index 5eed4329203..fd4544f637d 100755 --- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java +++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java @@ -164,7 +164,12 @@ public class BearerTokenRequestAuthenticator { OIDCAuthenticationError error = new OIDCAuthenticationError(reason, description); facade.getRequest().setError(error); facade.getResponse().addHeader("WWW-Authenticate", challenge); - facade.getResponse().sendError(401); + if(deployment.isDelegateBearerErrorResponseSending()){ + facade.getResponse().setStatus(401); + } + else { + facade.getResponse().sendError(401); + } return true; } }; diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java index d5761bcf1ae..707b882220b 100755 --- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java +++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java @@ -94,6 +94,8 @@ public class KeycloakDeployment { protected Map redirectRewriteRules; + protected boolean delegateBearerErrorResponseSending = false; + public KeycloakDeployment() { } @@ -456,6 +458,12 @@ public class KeycloakDeployment { public void setRewriteRedirectRules(Map redirectRewriteRules) { this.redirectRewriteRules = redirectRewriteRules; } - - + + public boolean isDelegateBearerErrorResponseSending() { + return delegateBearerErrorResponseSending; + } + + public void setDelegateBearerErrorResponseSending(boolean delegateBearerErrorResponseSending) { + this.delegateBearerErrorResponseSending = delegateBearerErrorResponseSending; + } } diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java index ee3f214e243..8d875ee4eb5 100755 --- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java +++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java @@ -331,7 +331,7 @@ public class OAuthRequestAuthenticator { } catch (ServerRequest.HttpFailure failure) { log.error("failed to turn code into token"); log.error("status from server: " + failure.getStatus()); - if (failure.getStatus() == 400 && failure.getError() != null) { + if (failure.getError() != null) { log.error(" " + failure.getError()); } return challenge(403, OIDCAuthenticationError.Reason.CODE_TO_TOKEN_FAILURE, null); diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/PathMatcher.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/PathMatcher.java index 9efa614573c..c8bce94592e 100644 --- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/PathMatcher.java +++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/PathMatcher.java @@ -89,7 +89,7 @@ class PathMatcher { pathString = "/"; } - if (matchingUri.equals(targetUri)) { + if (matchingUri.equals(targetUri) || pathString.equals(targetUri)) { cache.put(targetUri, entry); return entry; } diff --git a/adapters/oidc/as7-eap6/as7-adapter-spi/pom.xml b/adapters/oidc/as7-eap6/as7-adapter-spi/pom.xml index 89faf8b97bf..9e5887acc05 100755 --- a/adapters/oidc/as7-eap6/as7-adapter-spi/pom.xml +++ b/adapters/oidc/as7-eap6/as7-adapter-spi/pom.xml @@ -21,7 +21,7 @@ keycloak-as7-integration-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 diff --git a/adapters/oidc/as7-eap6/as7-adapter/pom.xml b/adapters/oidc/as7-eap6/as7-adapter/pom.xml index 47e344f9142..d187857cdfd 100755 --- a/adapters/oidc/as7-eap6/as7-adapter/pom.xml +++ b/adapters/oidc/as7-eap6/as7-adapter/pom.xml @@ -21,7 +21,7 @@ keycloak-as7-integration-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 diff --git a/adapters/oidc/as7-eap6/as7-adapter/src/main/java/org/keycloak/adapters/jbossweb/AuthenticatedActionsValve.java b/adapters/oidc/as7-eap6/as7-adapter/src/main/java/org/keycloak/adapters/jbossweb/AuthenticatedActionsValve.java new file mode 100644 index 00000000000..a8b800f38b5 --- /dev/null +++ b/adapters/oidc/as7-eap6/as7-adapter/src/main/java/org/keycloak/adapters/jbossweb/AuthenticatedActionsValve.java @@ -0,0 +1,13 @@ +package org.keycloak.adapters.jbossweb; + +import org.apache.catalina.Container; +import org.apache.catalina.Valve; +import org.keycloak.adapters.AdapterDeploymentContext; +import org.keycloak.adapters.tomcat.AbstractAuthenticatedActionsValve; + +public class AuthenticatedActionsValve extends AbstractAuthenticatedActionsValve { + + public AuthenticatedActionsValve(AdapterDeploymentContext deploymentContext, Valve next, Container container) { + super(deploymentContext, next, container); + } +} diff --git a/adapters/oidc/as7-eap6/as7-adapter/src/main/java/org/keycloak/adapters/jbossweb/KeycloakAuthenticatorValve.java b/adapters/oidc/as7-eap6/as7-adapter/src/main/java/org/keycloak/adapters/jbossweb/KeycloakAuthenticatorValve.java index 72088b3b7de..6a79f0b45c8 100755 --- a/adapters/oidc/as7-eap6/as7-adapter/src/main/java/org/keycloak/adapters/jbossweb/KeycloakAuthenticatorValve.java +++ b/adapters/oidc/as7-eap6/as7-adapter/src/main/java/org/keycloak/adapters/jbossweb/KeycloakAuthenticatorValve.java @@ -17,11 +17,15 @@ package org.keycloak.adapters.jbossweb; +import org.apache.catalina.Container; import org.apache.catalina.LifecycleException; +import org.apache.catalina.Valve; import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; import org.apache.catalina.core.StandardContext; import org.apache.catalina.deploy.LoginConfig; +import org.keycloak.adapters.AdapterDeploymentContext; +import org.keycloak.adapters.tomcat.AbstractAuthenticatedActionsValve; import org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve; import org.keycloak.adapters.tomcat.GenericPrincipalFactory; @@ -56,7 +60,6 @@ public class KeycloakAuthenticatorValve extends AbstractKeycloakAuthenticatorVal super.start(); } - public void logout(Request request) { logoutInternal(request); } @@ -65,4 +68,9 @@ public class KeycloakAuthenticatorValve extends AbstractKeycloakAuthenticatorVal protected GenericPrincipalFactory createPrincipalFactory() { return new JBossWebPrincipalFactory(); } + + @Override + protected AbstractAuthenticatedActionsValve createAuthenticatedActionsValve(AdapterDeploymentContext deploymentContext, Valve next, Container container) { + return new AuthenticatedActionsValve(deploymentContext, next, container); + } } diff --git a/adapters/oidc/as7-eap6/as7-subsystem/pom.xml b/adapters/oidc/as7-eap6/as7-subsystem/pom.xml index 5a2d24e3e98..2bdce7028d8 100755 --- a/adapters/oidc/as7-eap6/as7-subsystem/pom.xml +++ b/adapters/oidc/as7-eap6/as7-subsystem/pom.xml @@ -21,7 +21,7 @@ org.keycloak keycloak-as7-integration-pom - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/adapters/oidc/as7-eap6/pom.xml b/adapters/oidc/as7-eap6/pom.xml index 4b5a4272ecc..72cada7a545 100755 --- a/adapters/oidc/as7-eap6/pom.xml +++ b/adapters/oidc/as7-eap6/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml Keycloak AS7 / JBoss EAP 6 Integration diff --git a/adapters/oidc/cli-sso/pom.xml b/adapters/oidc/cli-sso/pom.xml index 216c3b794ee..79b7f341c12 100755 --- a/adapters/oidc/cli-sso/pom.xml +++ b/adapters/oidc/cli-sso/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 diff --git a/adapters/oidc/installed/pom.xml b/adapters/oidc/installed/pom.xml index 3c14afa2de0..d64b950209d 100755 --- a/adapters/oidc/installed/pom.xml +++ b/adapters/oidc/installed/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 diff --git a/adapters/oidc/jaxrs-oauth-client/pom.xml b/adapters/oidc/jaxrs-oauth-client/pom.xml index 6f46e7c9ccc..44cd9e686ff 100755 --- a/adapters/oidc/jaxrs-oauth-client/pom.xml +++ b/adapters/oidc/jaxrs-oauth-client/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 diff --git a/adapters/oidc/jetty/jetty-core/pom.xml b/adapters/oidc/jetty/jetty-core/pom.xml index 3ee1c5e155e..1a771e40b7e 100755 --- a/adapters/oidc/jetty/jetty-core/pom.xml +++ b/adapters/oidc/jetty/jetty-core/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml 4.0.0 diff --git a/adapters/oidc/jetty/jetty8.1/pom.xml b/adapters/oidc/jetty/jetty8.1/pom.xml index 312475509b3..74f86af7f93 100755 --- a/adapters/oidc/jetty/jetty8.1/pom.xml +++ b/adapters/oidc/jetty/jetty8.1/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml 4.0.0 diff --git a/adapters/oidc/jetty/jetty9.1/pom.xml b/adapters/oidc/jetty/jetty9.1/pom.xml index c5a47847111..e8957b17e82 100755 --- a/adapters/oidc/jetty/jetty9.1/pom.xml +++ b/adapters/oidc/jetty/jetty9.1/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml 4.0.0 diff --git a/adapters/oidc/jetty/jetty9.2/pom.xml b/adapters/oidc/jetty/jetty9.2/pom.xml index f8b6335404b..b2e4796dd91 100755 --- a/adapters/oidc/jetty/jetty9.2/pom.xml +++ b/adapters/oidc/jetty/jetty9.2/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml 4.0.0 diff --git a/adapters/oidc/jetty/jetty9.3/pom.xml b/adapters/oidc/jetty/jetty9.3/pom.xml index c4cb37489a3..04c9ae11a1e 100644 --- a/adapters/oidc/jetty/jetty9.3/pom.xml +++ b/adapters/oidc/jetty/jetty9.3/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml 4.0.0 diff --git a/adapters/oidc/jetty/jetty9.4/pom.xml b/adapters/oidc/jetty/jetty9.4/pom.xml index acb36c6bcc4..13fc4cdc086 100644 --- a/adapters/oidc/jetty/jetty9.4/pom.xml +++ b/adapters/oidc/jetty/jetty9.4/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml 4.0.0 diff --git a/adapters/oidc/jetty/pom.xml b/adapters/oidc/jetty/pom.xml index 5ec0c168b1a..8556e6bc2cc 100755 --- a/adapters/oidc/jetty/pom.xml +++ b/adapters/oidc/jetty/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml Keycloak Jetty Integration diff --git a/adapters/oidc/js/pom.xml b/adapters/oidc/js/pom.xml index 8b4cc6789c7..e4d866f801a 100755 --- a/adapters/oidc/js/pom.xml +++ b/adapters/oidc/js/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 @@ -38,6 +38,11 @@ com.samaxes.maven minify-maven-plugin + + CLOSURE + ECMASCRIPT5 + true + min-js diff --git a/adapters/oidc/js/src/main/resources/keycloak.js b/adapters/oidc/js/src/main/resources/keycloak.js index a784936c78f..ab6f78826aa 100755 --- a/adapters/oidc/js/src/main/resources/keycloak.js +++ b/adapters/oidc/js/src/main/resources/keycloak.js @@ -221,7 +221,7 @@ var callbackState = { state: state, nonce: nonce, - redirectUri: encodeURIComponent(redirectUri), + redirectUri: encodeURIComponent(redirectUri) } if (options && options.prompt) { @@ -843,6 +843,7 @@ } iframe.setAttribute('src', src ); + iframe.setAttribute('title', 'keycloak-session-iframe' ); iframe.style.display = 'none'; document.body.appendChild(iframe); diff --git a/adapters/oidc/osgi-adapter/pom.xml b/adapters/oidc/osgi-adapter/pom.xml index 26a90ec487c..537bcb2b44a 100755 --- a/adapters/oidc/osgi-adapter/pom.xml +++ b/adapters/oidc/osgi-adapter/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 diff --git a/adapters/oidc/pom.xml b/adapters/oidc/pom.xml index 9207401a1c2..28f243b7045 100755 --- a/adapters/oidc/pom.xml +++ b/adapters/oidc/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../pom.xml Keycloak OIDC Client Adapter Modules diff --git a/adapters/oidc/servlet-filter/pom.xml b/adapters/oidc/servlet-filter/pom.xml index 3d81dc7322e..7e5bdcdee71 100755 --- a/adapters/oidc/servlet-filter/pom.xml +++ b/adapters/oidc/servlet-filter/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 diff --git a/adapters/oidc/servlet-oauth-client/pom.xml b/adapters/oidc/servlet-oauth-client/pom.xml index bb709f1dc26..a5b25f08ac5 100755 --- a/adapters/oidc/servlet-oauth-client/pom.xml +++ b/adapters/oidc/servlet-oauth-client/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 diff --git a/adapters/oidc/spring-boot-container-bundle/pom.xml b/adapters/oidc/spring-boot-container-bundle/pom.xml index 49cab4ebe01..0b3d3c5e015 100644 --- a/adapters/oidc/spring-boot-container-bundle/pom.xml +++ b/adapters/oidc/spring-boot-container-bundle/pom.xml @@ -4,7 +4,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml spring-boot-container-bundle diff --git a/adapters/oidc/spring-boot/pom.xml b/adapters/oidc/spring-boot/pom.xml index 6a720f65a5b..c29a8d3f59f 100755 --- a/adapters/oidc/spring-boot/pom.xml +++ b/adapters/oidc/spring-boot/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 @@ -31,7 +31,9 @@ - 1.3.0.RELEASE + 1.4.0.RELEASE + 4.1.6.RELEASE + 1.9.5 @@ -98,7 +100,19 @@ junit test - + + org.springframework + spring-test + ${spring.version} + test + + + org.mockito + mockito-all + ${mockito.version} + test + + org.springframework.boot spring-boot-configuration-processor true diff --git a/adapters/oidc/spring-boot/src/main/java/org/keycloak/adapters/springboot/client/KeycloakRestTemplateCustomizer.java b/adapters/oidc/spring-boot/src/main/java/org/keycloak/adapters/springboot/client/KeycloakRestTemplateCustomizer.java new file mode 100644 index 00000000000..ae4836c7139 --- /dev/null +++ b/adapters/oidc/spring-boot/src/main/java/org/keycloak/adapters/springboot/client/KeycloakRestTemplateCustomizer.java @@ -0,0 +1,24 @@ +package org.keycloak.adapters.springboot.client; + +import org.springframework.boot.web.client.RestTemplateCustomizer; +import org.springframework.web.client.RestTemplate; + +public class KeycloakRestTemplateCustomizer implements RestTemplateCustomizer { + + private final KeycloakSecurityContextClientRequestInterceptor keycloakInterceptor; + + public KeycloakRestTemplateCustomizer() { + this(new KeycloakSecurityContextClientRequestInterceptor()); + } + + protected KeycloakRestTemplateCustomizer( + KeycloakSecurityContextClientRequestInterceptor keycloakInterceptor + ) { + this.keycloakInterceptor = keycloakInterceptor; + } + + @Override + public void customize(RestTemplate restTemplate) { + restTemplate.getInterceptors().add(keycloakInterceptor); + } +} diff --git a/adapters/oidc/spring-boot/src/main/java/org/keycloak/adapters/springboot/client/KeycloakSecurityContextClientRequestInterceptor.java b/adapters/oidc/spring-boot/src/main/java/org/keycloak/adapters/springboot/client/KeycloakSecurityContextClientRequestInterceptor.java new file mode 100644 index 00000000000..200a9035f1e --- /dev/null +++ b/adapters/oidc/spring-boot/src/main/java/org/keycloak/adapters/springboot/client/KeycloakSecurityContextClientRequestInterceptor.java @@ -0,0 +1,55 @@ +package org.keycloak.adapters.springboot.client; + +import org.keycloak.KeycloakPrincipal; +import org.keycloak.KeycloakSecurityContext; +import org.springframework.http.HttpRequest; +import org.springframework.http.client.ClientHttpRequestExecution; +import org.springframework.http.client.ClientHttpRequestInterceptor; +import org.springframework.http.client.ClientHttpResponse; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import java.io.IOException; +import java.security.Principal; + +/** + * Interceptor for {@link ClientHttpRequestExecution} objects created for server to server secured + * communication using OAuth2 bearer tokens issued by Keycloak. + * + * @author James McShane + * @version $Revision: 1 $ + */ +public class KeycloakSecurityContextClientRequestInterceptor implements ClientHttpRequestInterceptor { + + private static final String AUTHORIZATION_HEADER = "Authorization"; + + /** + * Returns the {@link KeycloakSecurityContext} from the Spring {@link ServletRequestAttributes}'s {@link Principal}. + * + * The principal must support retrieval of the KeycloakSecurityContext, so at this point, only {@link KeycloakPrincipal} + * values are supported + * + * @return the current KeycloakSecurityContext + */ + protected KeycloakSecurityContext getKeycloakSecurityContext() { + ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes(); + Principal principal = attributes.getRequest().getUserPrincipal(); + if (principal == null) { + throw new IllegalStateException("Cannot set authorization header because there is no authenticated principal"); + } + if (!(principal instanceof KeycloakPrincipal)) { + throw new IllegalStateException( + String.format( + "Cannot set authorization header because the principal type %s does not provide the KeycloakSecurityContext", + principal.getClass())); + } + return ((KeycloakPrincipal) principal).getKeycloakSecurityContext(); + } + + @Override + public ClientHttpResponse intercept(HttpRequest httpRequest, byte[] bytes, ClientHttpRequestExecution clientHttpRequestExecution) throws IOException { + KeycloakSecurityContext context = this.getKeycloakSecurityContext(); + httpRequest.getHeaders().set(AUTHORIZATION_HEADER, "Bearer " + context.getTokenString()); + return clientHttpRequestExecution.execute(httpRequest, bytes); + } +} diff --git a/adapters/oidc/spring-boot/src/test/java/org/keycloak/adapters/springboot/client/KeycloakRestTemplateCustomizerTest.java b/adapters/oidc/spring-boot/src/test/java/org/keycloak/adapters/springboot/client/KeycloakRestTemplateCustomizerTest.java new file mode 100644 index 00000000000..e8e599e40d3 --- /dev/null +++ b/adapters/oidc/spring-boot/src/test/java/org/keycloak/adapters/springboot/client/KeycloakRestTemplateCustomizerTest.java @@ -0,0 +1,28 @@ +package org.keycloak.adapters.springboot.client; + +import org.junit.Before; +import org.junit.Test; +import org.springframework.web.client.RestTemplate; + +import static org.junit.Assert.assertTrue; +import static org.mockito.Mockito.mock; + +public class KeycloakRestTemplateCustomizerTest { + + private KeycloakRestTemplateCustomizer customizer; + private KeycloakSecurityContextClientRequestInterceptor interceptor = + mock(KeycloakSecurityContextClientRequestInterceptor.class); + + @Before + public void setup() { + customizer = new KeycloakRestTemplateCustomizer(interceptor); + } + + @Test + public void interceptorIsAddedToRequest() { + RestTemplate restTemplate = new RestTemplate(); + customizer.customize(restTemplate); + assertTrue(restTemplate.getInterceptors().contains(interceptor)); + } + +} diff --git a/adapters/oidc/spring-boot/src/test/java/org/keycloak/adapters/springboot/client/KeycloakSecurityContextClientRequestInterceptorTest.java b/adapters/oidc/spring-boot/src/test/java/org/keycloak/adapters/springboot/client/KeycloakSecurityContextClientRequestInterceptorTest.java new file mode 100644 index 00000000000..689cc65274d --- /dev/null +++ b/adapters/oidc/spring-boot/src/test/java/org/keycloak/adapters/springboot/client/KeycloakSecurityContextClientRequestInterceptorTest.java @@ -0,0 +1,87 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.adapters.springboot.client; + +import org.junit.Before; +import org.junit.Test; +import org.keycloak.KeycloakPrincipal; +import org.keycloak.KeycloakSecurityContext; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; +import org.mockito.Spy; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import java.security.Principal; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.mockito.Mockito.when; + +/** + * Keycloak spring boot client request factory tests. + */ +public class KeycloakSecurityContextClientRequestInterceptorTest { + + @Spy + private KeycloakSecurityContextClientRequestInterceptor factory; + + private MockHttpServletRequest servletRequest; + + @Mock + private KeycloakSecurityContext keycloakSecurityContext; + + @Mock + private KeycloakPrincipal keycloakPrincipal; + + @Before + public void setUp() { + MockitoAnnotations.initMocks(this); + servletRequest = new MockHttpServletRequest(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(servletRequest)); + servletRequest.setUserPrincipal(keycloakPrincipal); + when(keycloakPrincipal.getKeycloakSecurityContext()).thenReturn(keycloakSecurityContext); + } + + @Test + public void testGetKeycloakSecurityContext() throws Exception { + KeycloakSecurityContext context = factory.getKeycloakSecurityContext(); + assertNotNull(context); + assertEquals(keycloakSecurityContext, context); + } + + @Test(expected = IllegalStateException.class) + public void testGetKeycloakSecurityContextInvalidPrincipal() throws Exception { + servletRequest.setUserPrincipal(new MarkerPrincipal()); + factory.getKeycloakSecurityContext(); + } + + @Test(expected = IllegalStateException.class) + public void testGetKeycloakSecurityContextNullAuthentication() throws Exception { + servletRequest.setUserPrincipal(null); + factory.getKeycloakSecurityContext(); + } + + private static class MarkerPrincipal implements Principal { + @Override + public String getName() { + return null; + } + } +} diff --git a/adapters/oidc/spring-security/pom.xml b/adapters/oidc/spring-security/pom.xml index b304cd5b0d0..008f38899bb 100755 --- a/adapters/oidc/spring-security/pom.xml +++ b/adapters/oidc/spring-security/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 diff --git a/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java b/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java index 7e235ae5204..2e9ef40f6d4 100644 --- a/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java +++ b/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java @@ -134,6 +134,10 @@ public class KeycloakAuthenticationProcessingFilter extends AbstractAuthenticati HttpFacade facade = new SimpleHttpFacade(request, response); KeycloakDeployment deployment = adapterDeploymentContext.resolveDeployment(facade); + + // using Spring authenticationFailureHandler + deployment.setDelegateBearerErrorResponseSending(true); + AdapterTokenStore tokenStore = adapterTokenStoreFactory.createAdapterTokenStore(deployment, request); RequestAuthenticator authenticator = new SpringSecurityRequestAuthenticator(facade, request, deployment, tokenStore, -1); diff --git a/adapters/oidc/tomcat/pom.xml b/adapters/oidc/tomcat/pom.xml index d733dbd6999..4c33882cdb9 100755 --- a/adapters/oidc/tomcat/pom.xml +++ b/adapters/oidc/tomcat/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml Keycloak Tomcat Integration diff --git a/adapters/oidc/tomcat/tomcat-core/pom.xml b/adapters/oidc/tomcat/tomcat-core/pom.xml index c47cc4dde9f..154bed1ca6f 100755 --- a/adapters/oidc/tomcat/tomcat-core/pom.xml +++ b/adapters/oidc/tomcat/tomcat-core/pom.xml @@ -21,7 +21,7 @@ keycloak-tomcat-integration-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 diff --git a/adapters/oidc/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/AuthenticatedActionsValve.java b/adapters/oidc/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/AbstractAuthenticatedActionsValve.java old mode 100755 new mode 100644 similarity index 86% rename from adapters/oidc/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/AuthenticatedActionsValve.java rename to adapters/oidc/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/AbstractAuthenticatedActionsValve.java index 69e993c80ee..123c2ec0aa4 --- a/adapters/oidc/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/AuthenticatedActionsValve.java +++ b/adapters/oidc/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/AbstractAuthenticatedActionsValve.java @@ -31,7 +31,7 @@ import javax.servlet.ServletException; import java.io.IOException; /** - * Pre-installed actions that must be authenticated + * Abstract base for pre-installed actions that must be authenticated *

* Actions include: *

@@ -41,18 +41,17 @@ import java.io.IOException; * @author Bill Burke * @version $Revision: 1 $ */ -public class AuthenticatedActionsValve extends ValveBase { - private static final Logger log = Logger.getLogger(AuthenticatedActionsValve.class); +public abstract class AbstractAuthenticatedActionsValve extends ValveBase { + private static final Logger log = Logger.getLogger(AbstractAuthenticatedActionsValve.class); protected AdapterDeploymentContext deploymentContext; - public AuthenticatedActionsValve(AdapterDeploymentContext deploymentContext, Valve next, Container container) { + public AbstractAuthenticatedActionsValve(AdapterDeploymentContext deploymentContext, Valve next, Container container) { this.deploymentContext = deploymentContext; if (next == null) throw new RuntimeException("Next valve is null!!!"); setNext(next); setContainer(container); } - @Override public void invoke(Request request, Response response) throws IOException, ServletException { log.debugv("AuthenticatedActionsValve.invoke {0}", request.getRequestURI()); diff --git a/adapters/oidc/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/AbstractKeycloakAuthenticatorValve.java b/adapters/oidc/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/AbstractKeycloakAuthenticatorValve.java index 703709371c1..7356fe5de1f 100755 --- a/adapters/oidc/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/AbstractKeycloakAuthenticatorValve.java +++ b/adapters/oidc/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/AbstractKeycloakAuthenticatorValve.java @@ -17,11 +17,7 @@ package org.keycloak.adapters.tomcat; -import org.apache.catalina.Context; -import org.apache.catalina.Lifecycle; -import org.apache.catalina.LifecycleEvent; -import org.apache.catalina.LifecycleListener; -import org.apache.catalina.Manager; +import org.apache.catalina.*; import org.apache.catalina.authenticator.FormAuthenticator; import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; @@ -136,7 +132,7 @@ public abstract class AbstractKeycloakAuthenticatorValve extends FormAuthenticat } context.getServletContext().setAttribute(AdapterDeploymentContext.class.getName(), deploymentContext); - AuthenticatedActionsValve actions = new AuthenticatedActionsValve(deploymentContext, getNext(), getContainer()); + AbstractAuthenticatedActionsValve actions = createAuthenticatedActionsValve(deploymentContext, getNext(), getContainer()); setNext(actions); nodesRegistrationManagement = new NodesRegistrationManagement(); @@ -189,6 +185,7 @@ public abstract class AbstractKeycloakAuthenticatorValve extends FormAuthenticat protected abstract GenericPrincipalFactory createPrincipalFactory(); protected abstract boolean forwardToErrorPageInternal(Request request, HttpServletResponse response, Object loginConfig) throws IOException; + protected abstract AbstractAuthenticatedActionsValve createAuthenticatedActionsValve(AdapterDeploymentContext deploymentContext, Valve next, Container container); protected boolean authenticateInternal(Request request, HttpServletResponse response, Object loginConfig) throws IOException { CatalinaHttpFacade facade = new OIDCCatalinaHttpFacade(request, response); diff --git a/adapters/oidc/tomcat/tomcat6/pom.xml b/adapters/oidc/tomcat/tomcat6/pom.xml index d0b7059351b..087d0839c6f 100755 --- a/adapters/oidc/tomcat/tomcat6/pom.xml +++ b/adapters/oidc/tomcat/tomcat6/pom.xml @@ -21,7 +21,7 @@ keycloak-tomcat-integration-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 diff --git a/adapters/oidc/tomcat/tomcat6/src/main/java/org/keycloak/adapters/tomcat/AuthenticatedActionsValve.java b/adapters/oidc/tomcat/tomcat6/src/main/java/org/keycloak/adapters/tomcat/AuthenticatedActionsValve.java new file mode 100644 index 00000000000..496eed3e684 --- /dev/null +++ b/adapters/oidc/tomcat/tomcat6/src/main/java/org/keycloak/adapters/tomcat/AuthenticatedActionsValve.java @@ -0,0 +1,12 @@ +package org.keycloak.adapters.tomcat; + +import org.apache.catalina.Container; +import org.apache.catalina.Valve; +import org.keycloak.adapters.AdapterDeploymentContext; + +public class AuthenticatedActionsValve extends AbstractAuthenticatedActionsValve { + + public AuthenticatedActionsValve(AdapterDeploymentContext deploymentContext, Valve next, Container container) { + super(deploymentContext, next, container); + } +} diff --git a/adapters/oidc/tomcat/tomcat6/src/main/java/org/keycloak/adapters/tomcat/KeycloakAuthenticatorValve.java b/adapters/oidc/tomcat/tomcat6/src/main/java/org/keycloak/adapters/tomcat/KeycloakAuthenticatorValve.java index b9f4ab83230..8e0732487e2 100755 --- a/adapters/oidc/tomcat/tomcat6/src/main/java/org/keycloak/adapters/tomcat/KeycloakAuthenticatorValve.java +++ b/adapters/oidc/tomcat/tomcat6/src/main/java/org/keycloak/adapters/tomcat/KeycloakAuthenticatorValve.java @@ -17,12 +17,15 @@ package org.keycloak.adapters.tomcat; +import org.apache.catalina.Container; import org.apache.catalina.LifecycleException; +import org.apache.catalina.Valve; import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; import org.apache.catalina.core.StandardContext; import org.apache.catalina.deploy.LoginConfig; import org.apache.catalina.realm.GenericPrincipal; +import org.keycloak.adapters.AdapterDeploymentContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletResponse; @@ -51,6 +54,10 @@ public class KeycloakAuthenticatorValve extends AbstractKeycloakAuthenticatorVal return true; } + @Override + protected AbstractAuthenticatedActionsValve createAuthenticatedActionsValve(AdapterDeploymentContext deploymentContext, Valve next, Container container) { + return new AuthenticatedActionsValve(deploymentContext, next, container); + } @Override public void start() throws LifecycleException { diff --git a/adapters/oidc/tomcat/tomcat7/pom.xml b/adapters/oidc/tomcat/tomcat7/pom.xml index d42530557ae..c09555126fb 100755 --- a/adapters/oidc/tomcat/tomcat7/pom.xml +++ b/adapters/oidc/tomcat/tomcat7/pom.xml @@ -21,7 +21,7 @@ keycloak-tomcat-integration-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 diff --git a/adapters/oidc/tomcat/tomcat7/src/main/java/org/keycloak/adapters/tomcat/AuthenticatedActionsValve.java b/adapters/oidc/tomcat/tomcat7/src/main/java/org/keycloak/adapters/tomcat/AuthenticatedActionsValve.java new file mode 100644 index 00000000000..82796d66abe --- /dev/null +++ b/adapters/oidc/tomcat/tomcat7/src/main/java/org/keycloak/adapters/tomcat/AuthenticatedActionsValve.java @@ -0,0 +1,17 @@ +package org.keycloak.adapters.tomcat; + +import org.apache.catalina.Container; +import org.apache.catalina.Valve; +import org.keycloak.adapters.AdapterDeploymentContext; + +public class AuthenticatedActionsValve extends AbstractAuthenticatedActionsValve { + + public AuthenticatedActionsValve(AdapterDeploymentContext deploymentContext, Valve next, Container container) { + super(deploymentContext, next, container); + } + + @Override + public boolean isAsyncSupported() { + return true; + } +} diff --git a/adapters/oidc/tomcat/tomcat7/src/main/java/org/keycloak/adapters/tomcat/KeycloakAuthenticatorValve.java b/adapters/oidc/tomcat/tomcat7/src/main/java/org/keycloak/adapters/tomcat/KeycloakAuthenticatorValve.java index 18195e354ac..49854ff81d1 100755 --- a/adapters/oidc/tomcat/tomcat7/src/main/java/org/keycloak/adapters/tomcat/KeycloakAuthenticatorValve.java +++ b/adapters/oidc/tomcat/tomcat7/src/main/java/org/keycloak/adapters/tomcat/KeycloakAuthenticatorValve.java @@ -17,11 +17,14 @@ package org.keycloak.adapters.tomcat; +import org.apache.catalina.Container; +import org.apache.catalina.Valve; import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; import org.apache.catalina.core.StandardContext; import org.apache.catalina.deploy.LoginConfig; import org.apache.catalina.realm.GenericPrincipal; +import org.keycloak.adapters.AdapterDeploymentContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletResponse; @@ -69,4 +72,9 @@ public class KeycloakAuthenticatorValve extends AbstractKeycloakAuthenticatorVal }; } + @Override + protected AbstractAuthenticatedActionsValve createAuthenticatedActionsValve(AdapterDeploymentContext deploymentContext, Valve next, Container container) { + return new AuthenticatedActionsValve(deploymentContext, next, container); + } + } diff --git a/adapters/oidc/tomcat/tomcat8/pom.xml b/adapters/oidc/tomcat/tomcat8/pom.xml index 8bf86063b0a..b6ad8322a1f 100755 --- a/adapters/oidc/tomcat/tomcat8/pom.xml +++ b/adapters/oidc/tomcat/tomcat8/pom.xml @@ -21,7 +21,7 @@ keycloak-tomcat-integration-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 diff --git a/adapters/oidc/tomcat/tomcat8/src/main/java/org/keycloak/adapters/tomcat/AuthenticatedActionsValve.java b/adapters/oidc/tomcat/tomcat8/src/main/java/org/keycloak/adapters/tomcat/AuthenticatedActionsValve.java new file mode 100644 index 00000000000..82796d66abe --- /dev/null +++ b/adapters/oidc/tomcat/tomcat8/src/main/java/org/keycloak/adapters/tomcat/AuthenticatedActionsValve.java @@ -0,0 +1,17 @@ +package org.keycloak.adapters.tomcat; + +import org.apache.catalina.Container; +import org.apache.catalina.Valve; +import org.keycloak.adapters.AdapterDeploymentContext; + +public class AuthenticatedActionsValve extends AbstractAuthenticatedActionsValve { + + public AuthenticatedActionsValve(AdapterDeploymentContext deploymentContext, Valve next, Container container) { + super(deploymentContext, next, container); + } + + @Override + public boolean isAsyncSupported() { + return true; + } +} diff --git a/adapters/oidc/tomcat/tomcat8/src/main/java/org/keycloak/adapters/tomcat/KeycloakAuthenticatorValve.java b/adapters/oidc/tomcat/tomcat8/src/main/java/org/keycloak/adapters/tomcat/KeycloakAuthenticatorValve.java index d227353ec7d..9da6964405a 100755 --- a/adapters/oidc/tomcat/tomcat8/src/main/java/org/keycloak/adapters/tomcat/KeycloakAuthenticatorValve.java +++ b/adapters/oidc/tomcat/tomcat8/src/main/java/org/keycloak/adapters/tomcat/KeycloakAuthenticatorValve.java @@ -17,11 +17,14 @@ package org.keycloak.adapters.tomcat; +import org.apache.catalina.Container; +import org.apache.catalina.Valve; import org.apache.catalina.authenticator.FormAuthenticator; import org.apache.catalina.connector.Request; import org.apache.catalina.core.StandardContext; import org.apache.catalina.realm.GenericPrincipal; import org.apache.tomcat.util.descriptor.web.LoginConfig; +import org.keycloak.adapters.AdapterDeploymentContext; import org.keycloak.adapters.AdapterTokenStore; import org.keycloak.adapters.KeycloakDeployment; import org.keycloak.adapters.spi.HttpFacade; @@ -102,4 +105,9 @@ public class KeycloakAuthenticatorValve extends AbstractKeycloakAuthenticatorVal protected AdapterTokenStore getTokenStore(Request request, HttpFacade facade, KeycloakDeployment resolvedDeployment) { return super.getTokenStore(request, facade, resolvedDeployment); } + + @Override + protected AbstractAuthenticatedActionsValve createAuthenticatedActionsValve(AdapterDeploymentContext deploymentContext, Valve next, Container container) { + return new AuthenticatedActionsValve(deploymentContext, next, container); + } } diff --git a/adapters/oidc/undertow/pom.xml b/adapters/oidc/undertow/pom.xml index ccdc34e60ee..32b5b8ee805 100755 --- a/adapters/oidc/undertow/pom.xml +++ b/adapters/oidc/undertow/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 diff --git a/adapters/oidc/wildfly-elytron/pom.xml b/adapters/oidc/wildfly-elytron/pom.xml index 71d56818183..811ffcf92f7 100755 --- a/adapters/oidc/wildfly-elytron/pom.xml +++ b/adapters/oidc/wildfly-elytron/pom.xml @@ -22,7 +22,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 diff --git a/adapters/oidc/wildfly-elytron/src/main/java/org/keycloak/adapters/elytron/ElytronHttpFacade.java b/adapters/oidc/wildfly-elytron/src/main/java/org/keycloak/adapters/elytron/ElytronHttpFacade.java index 4472af75f90..4941275f1e3 100644 --- a/adapters/oidc/wildfly-elytron/src/main/java/org/keycloak/adapters/elytron/ElytronHttpFacade.java +++ b/adapters/oidc/wildfly-elytron/src/main/java/org/keycloak/adapters/elytron/ElytronHttpFacade.java @@ -50,7 +50,9 @@ import java.net.InetSocketAddress; import java.net.URI; import java.net.URLDecoder; import java.util.Collection; +import java.util.HashMap; import java.util.List; +import java.util.Map; import java.util.function.Consumer; /** @@ -66,6 +68,7 @@ class ElytronHttpFacade implements OIDCHttpFacade { private ElytronAccount account; private SecurityIdentity securityIdentity; private boolean restored; + private final Map headers = new HashMap<>(); public ElytronHttpFacade(HttpServerRequest request, AdapterDeploymentContext deploymentContext, CallbackHandler handler) { this.request = request; @@ -261,6 +264,7 @@ class ElytronHttpFacade implements OIDCHttpFacade { @Override public Response getResponse() { return new Response() { + @Override public void setStatus(final int status) { responseConsumer = responseConsumer.andThen(response -> response.setStatusCode(status)); @@ -268,7 +272,17 @@ class ElytronHttpFacade implements OIDCHttpFacade { @Override public void addHeader(final String name, final String value) { - responseConsumer = responseConsumer.andThen(response -> response.addResponseHeader(name, value)); + headers.put(name, value); + responseConsumer = responseConsumer.andThen(new Consumer() { + @Override + public void accept(HttpServerResponse response) { + String latestValue = headers.get(name); + + if (latestValue.equals(value)) { + response.addResponseHeader(name, latestValue); + } + } + }); } @Override diff --git a/adapters/oidc/wildfly-elytron/src/main/java/org/keycloak/adapters/elytron/KeycloakSecurityRealm.java b/adapters/oidc/wildfly-elytron/src/main/java/org/keycloak/adapters/elytron/KeycloakSecurityRealm.java index 6042ec82d13..eef2b269423 100644 --- a/adapters/oidc/wildfly-elytron/src/main/java/org/keycloak/adapters/elytron/KeycloakSecurityRealm.java +++ b/adapters/oidc/wildfly-elytron/src/main/java/org/keycloak/adapters/elytron/KeycloakSecurityRealm.java @@ -17,6 +17,7 @@ package org.keycloak.adapters.elytron; import java.security.Principal; +import java.security.spec.AlgorithmParameterSpec; import java.util.Set; import org.keycloak.KeycloakPrincipal; @@ -54,7 +55,7 @@ public class KeycloakSecurityRealm implements SecurityRealm { } @Override - public SupportLevel getCredentialAcquireSupport(Class credentialType, String algorithmName) throws RealmUnavailableException { + public SupportLevel getCredentialAcquireSupport(Class credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException { return SupportLevel.UNSUPPORTED; } @@ -92,7 +93,7 @@ public class KeycloakSecurityRealm implements SecurityRealm { } @Override - public SupportLevel getCredentialAcquireSupport(Class credentialType, String algorithmName) throws RealmUnavailableException { + public SupportLevel getCredentialAcquireSupport(Class credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException { return SupportLevel.UNSUPPORTED; } diff --git a/adapters/oidc/wildfly/pom.xml b/adapters/oidc/wildfly/pom.xml index e93be16c2b5..b6a1db9b033 100755 --- a/adapters/oidc/wildfly/pom.xml +++ b/adapters/oidc/wildfly/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml Keycloak WildFly Integration diff --git a/adapters/oidc/wildfly/wf8-subsystem/pom.xml b/adapters/oidc/wildfly/wf8-subsystem/pom.xml index 2afcf14cdf1..d04b8d1af6f 100755 --- a/adapters/oidc/wildfly/wf8-subsystem/pom.xml +++ b/adapters/oidc/wildfly/wf8-subsystem/pom.xml @@ -21,7 +21,7 @@ org.keycloak keycloak-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml diff --git a/adapters/oidc/wildfly/wildfly-adapter/pom.xml b/adapters/oidc/wildfly/wildfly-adapter/pom.xml index 686661d8cf1..6fa127d4b6e 100644 --- a/adapters/oidc/wildfly/wildfly-adapter/pom.xml +++ b/adapters/oidc/wildfly/wildfly-adapter/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml 4.0.0 diff --git a/adapters/oidc/wildfly/wildfly-subsystem/pom.xml b/adapters/oidc/wildfly/wildfly-subsystem/pom.xml index 1d8e6cf9161..b73daf10703 100755 --- a/adapters/oidc/wildfly/wildfly-subsystem/pom.xml +++ b/adapters/oidc/wildfly/wildfly-subsystem/pom.xml @@ -21,7 +21,7 @@ org.keycloak keycloak-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml @@ -68,6 +68,10 @@ wildfly-web-common provided + + org.wildfly.security + wildfly-elytron + org.jboss.logging jboss-logging-annotations @@ -101,5 +105,9 @@ keycloak-wildfly-adapter ${project.version} + + org.keycloak + keycloak-wildfly-elytron-oidc-adapter + diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/SecureDeploymentAddHandler.java b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/AbstractAdapterConfigurationAddHandler.java similarity index 58% rename from adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/SecureDeploymentAddHandler.java rename to adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/AbstractAdapterConfigurationAddHandler.java index 110d385a756..55c83ca96bd 100755 --- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/SecureDeploymentAddHandler.java +++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/AbstractAdapterConfigurationAddHandler.java @@ -17,41 +17,32 @@ package org.keycloak.subsystem.adapter.extension; +import java.util.List; + import org.jboss.as.controller.AbstractAddStepHandler; -import org.jboss.as.controller.AttributeDefinition; import org.jboss.as.controller.OperationContext; import org.jboss.as.controller.OperationFailedException; +import org.jboss.as.controller.SimpleAttributeDefinition; +import org.jboss.as.controller.capability.RuntimeCapability; import org.jboss.dmr.ModelNode; -import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADD; -import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP; - /** * Add a deployment to a realm. * * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc. */ -public final class SecureDeploymentAddHandler extends AbstractAddStepHandler { +abstract class AbstractAdapterConfigurationAddHandler extends AbstractAddStepHandler { - public static SecureDeploymentAddHandler INSTANCE = new SecureDeploymentAddHandler(); + private final boolean elytronEnabled; - private SecureDeploymentAddHandler() {} - - @Override - protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException { - // TODO: localize exception. get id number - if (!operation.get(OP).asString().equals(ADD)) { - throw new OperationFailedException("Unexpected operation for add secure deployment. operation=" + operation.toString()); - } - - for (AttributeDefinition attr : SecureDeploymentDefinition.ALL_ATTRIBUTES) { - attr.validateAndSet(operation, model); - } + AbstractAdapterConfigurationAddHandler(RuntimeCapability runtimeCapability, List attributes) { + super(runtimeCapability, attributes); + elytronEnabled = runtimeCapability != null; } @Override protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model) throws OperationFailedException { KeycloakAdapterConfigService ckService = KeycloakAdapterConfigService.getInstance(); - ckService.addSecureDeployment(operation, context.resolveExpressions(model)); + ckService.addSecureDeployment(operation, context.resolveExpressions(model), elytronEnabled); } } diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/AbstractAdapterConfigurationDefinition.java b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/AbstractAdapterConfigurationDefinition.java new file mode 100755 index 00000000000..613c946f4f5 --- /dev/null +++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/AbstractAdapterConfigurationDefinition.java @@ -0,0 +1,164 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2016 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.subsystem.adapter.extension; + +import org.jboss.as.controller.AttributeDefinition; +import org.jboss.as.controller.PathElement; +import org.jboss.as.controller.SimpleAttributeDefinition; +import org.jboss.as.controller.SimpleAttributeDefinitionBuilder; +import org.jboss.as.controller.SimpleResourceDefinition; +import org.jboss.as.controller.operations.common.GenericSubsystemDescribeHandler; +import org.jboss.as.controller.operations.validation.IntRangeValidator; +import org.jboss.as.controller.operations.validation.StringLengthValidator; +import org.jboss.as.controller.registry.ManagementResourceRegistration; +import org.jboss.dmr.ModelNode; +import org.jboss.dmr.ModelType; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +/** + * Defines attributes and operations for a secure-deployment. + * + * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc. + */ +abstract class AbstractAdapterConfigurationDefinition extends SimpleResourceDefinition { + + protected static final SimpleAttributeDefinition REALM = + new SimpleAttributeDefinitionBuilder("realm", ModelType.STRING, true) + .setXmlName("realm") + .setAllowExpression(true) + .setValidator(new StringLengthValidator(1, Integer.MAX_VALUE, true, true)) + .build(); + protected static final SimpleAttributeDefinition RESOURCE = + new SimpleAttributeDefinitionBuilder("resource", ModelType.STRING, true) + .setXmlName("resource") + .setAllowExpression(true) + .setValidator(new StringLengthValidator(1, Integer.MAX_VALUE, true, true)) + .build(); + protected static final SimpleAttributeDefinition USE_RESOURCE_ROLE_MAPPINGS = + new SimpleAttributeDefinitionBuilder("use-resource-role-mappings", ModelType.BOOLEAN, true) + .setXmlName("use-resource-role-mappings") + .setAllowExpression(true) + .setDefaultValue(new ModelNode(false)) + .build(); + protected static final SimpleAttributeDefinition BEARER_ONLY = + new SimpleAttributeDefinitionBuilder("bearer-only", ModelType.BOOLEAN, true) + .setXmlName("bearer-only") + .setAllowExpression(true) + .setDefaultValue(new ModelNode(false)) + .build(); + protected static final SimpleAttributeDefinition ENABLE_BASIC_AUTH = + new SimpleAttributeDefinitionBuilder("enable-basic-auth", ModelType.BOOLEAN, true) + .setXmlName("enable-basic-auth") + .setAllowExpression(true) + .setDefaultValue(new ModelNode(false)) + .build(); + protected static final SimpleAttributeDefinition PUBLIC_CLIENT = + new SimpleAttributeDefinitionBuilder("public-client", ModelType.BOOLEAN, true) + .setXmlName("public-client") + .setAllowExpression(true) + .setDefaultValue(new ModelNode(false)) + .build(); + protected static final SimpleAttributeDefinition TURN_OFF_CHANGE_SESSION = + new SimpleAttributeDefinitionBuilder("turn-off-change-session-id-on-login", ModelType.BOOLEAN, true) + .setXmlName("turn-off-change-session-id-on-login") + .setAllowExpression(true) + .setDefaultValue(new ModelNode(false)) + .build(); + protected static final SimpleAttributeDefinition TOKEN_MINIMUM_TIME_TO_LIVE = + new SimpleAttributeDefinitionBuilder("token-minimum-time-to-live", ModelType.INT, true) + .setXmlName("token-minimum-time-to-live") + .setValidator(new IntRangeValidator(-1, true)) + .setAllowExpression(true) + .build(); + protected static final SimpleAttributeDefinition MIN_TIME_BETWEEN_JWKS_REQUESTS = + new SimpleAttributeDefinitionBuilder("min-time-between-jwks-requests", ModelType.INT, true) + .setXmlName("min-time-between-jwks-requests") + .setValidator(new IntRangeValidator(-1, true)) + .setAllowExpression(true) + .build(); + + static final List DEPLOYMENT_ONLY_ATTRIBUTES = new ArrayList(); + + static { + DEPLOYMENT_ONLY_ATTRIBUTES.add(REALM); + DEPLOYMENT_ONLY_ATTRIBUTES.add(RESOURCE); + DEPLOYMENT_ONLY_ATTRIBUTES.add(USE_RESOURCE_ROLE_MAPPINGS); + DEPLOYMENT_ONLY_ATTRIBUTES.add(BEARER_ONLY); + DEPLOYMENT_ONLY_ATTRIBUTES.add(ENABLE_BASIC_AUTH); + DEPLOYMENT_ONLY_ATTRIBUTES.add(PUBLIC_CLIENT); + DEPLOYMENT_ONLY_ATTRIBUTES.add(TURN_OFF_CHANGE_SESSION); + DEPLOYMENT_ONLY_ATTRIBUTES.add(TOKEN_MINIMUM_TIME_TO_LIVE); + DEPLOYMENT_ONLY_ATTRIBUTES.add(MIN_TIME_BETWEEN_JWKS_REQUESTS); + } + + static final List ALL_ATTRIBUTES = new ArrayList(); + + static { + ALL_ATTRIBUTES.addAll(DEPLOYMENT_ONLY_ATTRIBUTES); + ALL_ATTRIBUTES.addAll(SharedAttributeDefinitons.ATTRIBUTES); + } + + static final Map XML_ATTRIBUTES = new HashMap(); + + static { + for (SimpleAttributeDefinition def : ALL_ATTRIBUTES) { + XML_ATTRIBUTES.put(def.getXmlName(), def); + } + } + + private static final Map DEFINITION_LOOKUP = new HashMap(); + static { + for (SimpleAttributeDefinition def : ALL_ATTRIBUTES) { + DEFINITION_LOOKUP.put(def.getXmlName(), def); + } + } + + private final AbstractAdapterConfigurationWriteAttributeHandler attrWriteHandler; + private final List attributes; + + protected AbstractAdapterConfigurationDefinition(String name, List attributes, AbstractAdapterConfigurationAddHandler addHandler, AbstractAdapterConfigurationRemoveHandler removeHandler, AbstractAdapterConfigurationWriteAttributeHandler attrWriteHandler) { + super(PathElement.pathElement(name), + KeycloakExtension.getResourceDescriptionResolver(name), + addHandler, + removeHandler); + this.attributes = attributes; + this.attrWriteHandler = attrWriteHandler; + } + + @Override + public void registerOperations(ManagementResourceRegistration resourceRegistration) { + super.registerOperations(resourceRegistration); + resourceRegistration.registerOperationHandler(GenericSubsystemDescribeHandler.DEFINITION, GenericSubsystemDescribeHandler.INSTANCE); + } + + @Override + public void registerAttributes(ManagementResourceRegistration resourceRegistration) { + super.registerAttributes(resourceRegistration); + for (AttributeDefinition attrDef : this.attributes) { + resourceRegistration.registerReadWriteAttribute(attrDef, null, this.attrWriteHandler); + } + } + + public static SimpleAttributeDefinition lookup(String name) { + return DEFINITION_LOOKUP.get(name); + } +} diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/SecureDeploymentRemoveHandler.java b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/AbstractAdapterConfigurationRemoveHandler.java similarity index 85% rename from adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/SecureDeploymentRemoveHandler.java rename to adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/AbstractAdapterConfigurationRemoveHandler.java index 7088ec0cf90..2066aed3f48 100644 --- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/SecureDeploymentRemoveHandler.java +++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/AbstractAdapterConfigurationRemoveHandler.java @@ -27,11 +27,7 @@ import org.jboss.dmr.ModelNode; * * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc. */ -public final class SecureDeploymentRemoveHandler extends AbstractRemoveStepHandler { - - public static SecureDeploymentRemoveHandler INSTANCE = new SecureDeploymentRemoveHandler(); - - private SecureDeploymentRemoveHandler() {} +abstract class AbstractAdapterConfigurationRemoveHandler extends AbstractRemoveStepHandler { @Override protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model) throws OperationFailedException { diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/SecureDeploymentWriteAttributeHandler.java b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/AbstractAdapterConfigurationWriteAttributeHandler.java similarity index 83% rename from adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/SecureDeploymentWriteAttributeHandler.java rename to adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/AbstractAdapterConfigurationWriteAttributeHandler.java index 908526c8288..127ea538f1b 100755 --- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/SecureDeploymentWriteAttributeHandler.java +++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/AbstractAdapterConfigurationWriteAttributeHandler.java @@ -31,14 +31,10 @@ import java.util.List; * * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc. */ -public class SecureDeploymentWriteAttributeHandler extends AbstractWriteAttributeHandler { +abstract class AbstractAdapterConfigurationWriteAttributeHandler extends AbstractWriteAttributeHandler { - public SecureDeploymentWriteAttributeHandler(List definitions) { - this(definitions.toArray(new AttributeDefinition[definitions.size()])); - } - - public SecureDeploymentWriteAttributeHandler(AttributeDefinition... definitions) { - super(definitions); + AbstractAdapterConfigurationWriteAttributeHandler(List definitions) { + super(definitions.toArray(new AttributeDefinition[definitions.size()])); } @Override diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigDeploymentProcessor.java b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigDeploymentProcessor.java index 24e9ac0b744..1500808e328 100755 --- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigDeploymentProcessor.java +++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigDeploymentProcessor.java @@ -25,7 +25,9 @@ import org.jboss.as.web.common.WarMetaData; import org.jboss.logging.Logger; import org.jboss.metadata.javaee.spec.ParamValueMetaData; import org.jboss.metadata.web.jboss.JBossWebMetaData; +import org.jboss.metadata.web.spec.ListenerMetaData; import org.jboss.metadata.web.spec.LoginConfigMetaData; +import org.keycloak.adapters.elytron.KeycloakConfigurationServletListener; import org.keycloak.subsystem.adapter.logging.KeycloakLogger; import java.util.ArrayList; @@ -69,6 +71,9 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance(); if (service.isSecureDeployment(deploymentUnit) && service.isDeploymentConfigured(deploymentUnit)) { addKeycloakAuthData(phaseContext, service); + } else if (service.isElytronEnabled(deploymentUnit)) { + WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); + addConfigurationListener(warMetaData); } // FYI, Undertow Extension will find deployments that have auth-method set to KEYCLOAK @@ -99,6 +104,10 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP loginConfig.setAuthMethod("KEYCLOAK"); loginConfig.setRealmName(service.getRealmName(deploymentUnit)); KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentUnit.getName()); + + if (service.isElytronEnabled(deploymentUnit)) { + addConfigurationListener(warMetaData); + } } private void addJSONData(String json, WarMetaData warMetaData) { @@ -121,6 +130,31 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP webMetaData.setContextParams(contextParams); } + private void addConfigurationListener(WarMetaData warMetaData) { + if (warMetaData == null) { + return; + } + + JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); + if (webMetaData == null) { + webMetaData = new JBossWebMetaData(); + warMetaData.setMergedJBossWebMetaData(webMetaData); + } + + LoginConfigMetaData loginConfig = webMetaData.getLoginConfig(); + if (loginConfig == null) { + return; + } + if (!loginConfig.getAuthMethod().equals("KEYCLOAK")) { + return; + } + ListenerMetaData listenerMetaData = new ListenerMetaData(); + + listenerMetaData.setListenerClass(KeycloakConfigurationServletListener.class.getName()); + + webMetaData.getListeners().add(listenerMetaData); + } + @Override public void undeploy(DeploymentUnit du) { diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java index 5a71e615a88..496c3119827 100755 --- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java +++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java @@ -23,8 +23,11 @@ import org.jboss.dmr.ModelNode; import org.jboss.dmr.Property; import org.jboss.metadata.web.jboss.JBossWebMetaData; +import java.util.ArrayList; import java.util.HashMap; +import java.util.HashSet; import java.util.Map; +import java.util.Set; import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADDRESS; @@ -50,6 +53,7 @@ public final class KeycloakAdapterConfigService { // keycloak-secured deployments private final Map secureDeployments = new HashMap(); + private final Set elytronEnabledDeployments = new HashSet<>(); private KeycloakAdapterConfigService() { @@ -68,9 +72,13 @@ public final class KeycloakAdapterConfigService { this.realms.remove(realmNameFromOp(operation)); } - public void addSecureDeployment(ModelNode operation, ModelNode model) { + public void addSecureDeployment(ModelNode operation, ModelNode model, boolean elytronEnabled) { ModelNode deployment = model.clone(); - this.secureDeployments.put(deploymentNameFromOp(operation), deployment); + String name = deploymentNameFromOp(operation); + this.secureDeployments.put(name, deployment); + if (elytronEnabled) { + elytronEnabledDeployments.add(name); + } } public void updateSecureDeployment(ModelNode operation, String attrName, ModelNode resolvedValue) { @@ -79,7 +87,9 @@ public final class KeycloakAdapterConfigService { } public void removeSecureDeployment(ModelNode operation) { - this.secureDeployments.remove(deploymentNameFromOp(operation)); + String name = deploymentNameFromOp(operation); + this.secureDeployments.remove(name); + elytronEnabledDeployments.remove(name); } public void addCredential(ModelNode operation, ModelNode model) { @@ -187,7 +197,19 @@ public final class KeycloakAdapterConfigService { } private String deploymentNameFromOp(ModelNode operation) { - return valueFromOpAddress(SecureDeploymentDefinition.TAG_NAME, operation); + String deploymentName = valueFromOpAddress(SecureDeploymentDefinition.TAG_NAME, operation); + + if (deploymentName == null) { + deploymentName = valueFromOpAddress(KeycloakHttpServerAuthenticationMechanismFactoryDefinition.TAG_NAME, operation); + } + + if (deploymentName == null) { + deploymentName = valueFromOpAddress(SecureServerDefinition.TAG_NAME, operation); + } + + if (deploymentName == null) throw new RuntimeException("Can't find deployment name in address " + operation); + + return deploymentName; } private String credentialNameFromOp(ModelNode operation) { @@ -199,9 +221,7 @@ public final class KeycloakAdapterConfigService { } private String valueFromOpAddress(String addrElement, ModelNode operation) { - String deploymentName = getValueOfAddrElement(operation.get(ADDRESS), addrElement); - if (deploymentName == null) throw new RuntimeException("Can't find '" + addrElement + "' in address " + operation.toString()); - return deploymentName; + return getValueOfAddrElement(operation.get(ADDRESS), addrElement); } private String getValueOfAddrElement(ModelNode address, String elementName) { @@ -241,8 +261,22 @@ public final class KeycloakAdapterConfigService { return json.toJSONString(true); } + public String getJSON(String deploymentName) { + ModelNode deployment = this.secureDeployments.get(deploymentName); + String realmName = deployment.get(RealmDefinition.TAG_NAME).asString(); + ModelNode realm = this.realms.get(realmName); + + ModelNode json = new ModelNode(); + json.get(RealmDefinition.TAG_NAME).set(realmName); + + // Realm values set first. Some can be overridden by deployment values. + if (realm != null) setJSONValues(json, realm); + setJSONValues(json, deployment); + return json.toJSONString(true); + } + private void setJSONValues(ModelNode json, ModelNode values) { - for (Property prop : values.asPropertyList()) { + for (Property prop : new ArrayList<>(values.asPropertyList())) { String name = prop.getName(); ModelNode value = prop.getValue(); if (value.isDefined()) { @@ -258,6 +292,10 @@ public final class KeycloakAdapterConfigService { return this.secureDeployments.containsKey(deploymentName); } + public boolean isElytronEnabled(DeploymentUnit deploymentUnit) { + return elytronEnabledDeployments.contains(preferredDeploymentName(deploymentUnit)); + } + private ModelNode getSecureDeployment(DeploymentUnit deploymentUnit) { String deploymentName = preferredDeploymentName(deploymentUnit); return this.secureDeployments.containsKey(deploymentName) diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakDependencyProcessorWildFly.java b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakDependencyProcessorWildFly.java index e306a7f6306..61d670c8cdd 100755 --- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakDependencyProcessorWildFly.java +++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakDependencyProcessorWildFly.java @@ -29,13 +29,14 @@ import org.jboss.modules.ModuleLoader; */ public class KeycloakDependencyProcessorWildFly extends KeycloakDependencyProcessor { + private static final ModuleIdentifier KEYCLOAK_ELYTRON_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-wildfly-elytron-oidc-adapter"); private static final ModuleIdentifier KEYCLOAK_WILDFLY_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-wildfly-adapter"); private static final ModuleIdentifier KEYCLOAK_UNDERTOW_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-undertow-adapter"); @Override protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) { - // ModuleDependency(ModuleLoader moduleLoader, ModuleIdentifier identifier, boolean optional, boolean export, boolean importServices, boolean userSpecified) moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_WILDFLY_ADAPTER, false, false, true, false)); moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_UNDERTOW_ADAPTER, false, false, false, false)); + moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_ELYTRON_ADAPTER, true, false, false, false)); } } diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakExtension.java b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakExtension.java index d04e72d4030..52113c08251 100755 --- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakExtension.java +++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakExtension.java @@ -47,8 +47,9 @@ public class KeycloakExtension implements Extension { private static final ResourceDefinition KEYCLOAK_SUBSYSTEM_RESOURCE = new KeycloakSubsystemDefinition(); static final RealmDefinition REALM_DEFINITION = new RealmDefinition(); static final SecureDeploymentDefinition SECURE_DEPLOYMENT_DEFINITION = new SecureDeploymentDefinition(); + static final SecureServerDefinition SECURE_SERVER_DEFINITION = new SecureServerDefinition(); static final CredentialDefinition CREDENTIAL_DEFINITION = new CredentialDefinition(); - static final RedirecRewritetRuleDefinition REDIRECT_RULE_DEFINITON = new RedirecRewritetRuleDefinition(); + static final RedirecRewritetRuleDefinition REDIRECT_RULE_DEFINITON = new RedirecRewritetRuleDefinition(); public static StandardResourceDescriptionResolver getResourceDescriptionResolver(final String... keyPrefix) { StringBuilder prefix = new StringBuilder(SUBSYSTEM_NAME); @@ -80,6 +81,10 @@ public class KeycloakExtension implements Extension { secureDeploymentRegistration.registerSubModel(CREDENTIAL_DEFINITION); secureDeploymentRegistration.registerSubModel(REDIRECT_RULE_DEFINITON); + ManagementResourceRegistration secureServerRegistration = registration.registerSubModel(SECURE_SERVER_DEFINITION); + secureServerRegistration.registerSubModel(CREDENTIAL_DEFINITION); + secureServerRegistration.registerSubModel(REDIRECT_RULE_DEFINITON); + subsystem.registerXMLElementWriter(PARSER); } } diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakHttpAuthenticationFactoryService.java b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakHttpAuthenticationFactoryService.java new file mode 100644 index 00000000000..94fb8e566d1 --- /dev/null +++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakHttpAuthenticationFactoryService.java @@ -0,0 +1,67 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2016 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.subsystem.adapter.extension; + +import org.jboss.msc.service.Service; +import org.jboss.msc.service.StartContext; +import org.jboss.msc.service.StartException; +import org.jboss.msc.service.StopContext; +import org.jboss.msc.value.InjectedValue; +import org.keycloak.adapters.AdapterDeploymentContext; +import org.keycloak.adapters.KeycloakDeploymentBuilder; +import org.keycloak.adapters.elytron.KeycloakHttpServerAuthenticationMechanismFactory; +import org.wildfly.security.auth.server.SecurityDomain; +import org.wildfly.security.http.HttpServerAuthenticationMechanismFactory; +import org.wildfly.security.http.util.SetMechanismInformationMechanismFactory; + +import java.io.ByteArrayInputStream; + +/** + * @author Pedro Igor + */ +public class KeycloakHttpAuthenticationFactoryService implements Service { + + private final String factoryName; + private HttpServerAuthenticationMechanismFactory httpAuthenticationFactory; + + public KeycloakHttpAuthenticationFactoryService(String factoryName) { + this.factoryName = factoryName; + } + + @Override + public void start(StartContext context) throws StartException { + KeycloakAdapterConfigService adapterConfigService = KeycloakAdapterConfigService.getInstance(); + String config = adapterConfigService.getJSON(this.factoryName); + this.httpAuthenticationFactory = new KeycloakHttpServerAuthenticationMechanismFactory(createDeploymentContext(config.getBytes())); + } + + @Override + public void stop(StopContext context) { + this.httpAuthenticationFactory = null; + } + + @Override + public HttpServerAuthenticationMechanismFactory getValue() throws IllegalStateException, IllegalArgumentException { + return new SetMechanismInformationMechanismFactory(this.httpAuthenticationFactory); + } + + private AdapterDeploymentContext createDeploymentContext(byte[] config) { + return new AdapterDeploymentContext(KeycloakDeploymentBuilder.build(new ByteArrayInputStream(config))); + } +} diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakHttpServerAuthenticationMechanismFactoryDefinition.java b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakHttpServerAuthenticationMechanismFactoryDefinition.java new file mode 100644 index 00000000000..1e177a49f4f --- /dev/null +++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakHttpServerAuthenticationMechanismFactoryDefinition.java @@ -0,0 +1,117 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2016 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.subsystem.adapter.extension; + +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP_ADDR; +import static org.keycloak.subsystem.adapter.extension.KeycloakHttpServerAuthenticationMechanismFactoryDefinition.KeycloakHttpServerAuthenticationMechanismFactoryAddHandler.HTTP_SERVER_AUTHENTICATION_CAPABILITY; + +import org.jboss.as.controller.OperationContext; +import org.jboss.as.controller.OperationFailedException; +import org.jboss.as.controller.PathAddress; +import org.jboss.as.controller.SimpleResourceDefinition; +import org.jboss.as.controller.capability.RuntimeCapability; +import org.jboss.dmr.ModelNode; +import org.jboss.msc.service.ServiceController; +import org.jboss.msc.service.ServiceName; +import org.wildfly.security.http.HttpServerAuthenticationMechanismFactory; + +/** + * A {@link SimpleResourceDefinition} that can be used to configure a {@link org.keycloak.adapters.elytron.KeycloakHttpServerAuthenticationMechanismFactory} + * and expose it as a capability for other subsystems. + * + * @author Pedro Igor + */ +class KeycloakHttpServerAuthenticationMechanismFactoryDefinition extends AbstractAdapterConfigurationDefinition { + + static final String TAG_NAME = "http-server-mechanism-factory"; + + KeycloakHttpServerAuthenticationMechanismFactoryDefinition() { + this(TAG_NAME); + } + + KeycloakHttpServerAuthenticationMechanismFactoryDefinition(String tagName) { + super(tagName, ALL_ATTRIBUTES, new KeycloakHttpServerAuthenticationMechanismFactoryAddHandler(), new KeycloakHttpServerAuthenticationMechanismFactoryRemoveHandler(), new KeycloakHttpServerAuthenticationMechanismFactoryWriteHandler()); + } + + /** + * A {@link AbstractAdapterConfigurationAddHandler} that exposes a {@link KeycloakHttpServerAuthenticationMechanismFactoryDefinition} + * as a capability through the installation of a {@link KeycloakHttpAuthenticationFactoryService}. + * + * @author Pedro Igor + */ + static final class KeycloakHttpServerAuthenticationMechanismFactoryAddHandler extends AbstractAdapterConfigurationAddHandler { + + static final String HTTP_SERVER_AUTHENTICATION_CAPABILITY = "org.wildfly.security.http-server-mechanism-factory"; + static final RuntimeCapability HTTP_SERVER_AUTHENTICATION_RUNTIME_CAPABILITY = RuntimeCapability + .Builder.of(HTTP_SERVER_AUTHENTICATION_CAPABILITY, true, HttpServerAuthenticationMechanismFactory.class) + .build(); + + KeycloakHttpServerAuthenticationMechanismFactoryAddHandler() { + super(HTTP_SERVER_AUTHENTICATION_RUNTIME_CAPABILITY, ALL_ATTRIBUTES); + } + + @Override + protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model) throws OperationFailedException { + super.performRuntime(context, operation, model); + installCapability(context, operation); + } + + static void installCapability(OperationContext context, ModelNode operation) { + PathAddress pathAddress = PathAddress.pathAddress(operation.get(OP_ADDR)); + String factoryName = pathAddress.getLastElement().getValue(); + ServiceName serviceName = context.getCapabilityServiceName(HTTP_SERVER_AUTHENTICATION_CAPABILITY, factoryName, HttpServerAuthenticationMechanismFactory.class); + KeycloakHttpAuthenticationFactoryService service = new KeycloakHttpAuthenticationFactoryService(factoryName); + context.getServiceTarget().addService(serviceName, service).setInitialMode(ServiceController.Mode.ACTIVE).install(); + } + } + + /** + * A {@link AbstractAdapterConfigurationRemoveHandler} that handles the removal of {@link KeycloakHttpServerAuthenticationMechanismFactoryDefinition}. + * + * @author Pedro Igor + */ + static final class KeycloakHttpServerAuthenticationMechanismFactoryRemoveHandler extends AbstractAdapterConfigurationRemoveHandler { + @Override + protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model) throws OperationFailedException { + super.performRuntime(context, operation, model); + PathAddress pathAddress = PathAddress.pathAddress(operation.get(OP_ADDR)); + String factoryName = pathAddress.getLastElement().getValue(); + ServiceName serviceName = context.getCapabilityServiceName(HTTP_SERVER_AUTHENTICATION_CAPABILITY, factoryName, HttpServerAuthenticationMechanismFactory.class); + + context.removeService(serviceName); + } + + @Override + protected void recoverServices(OperationContext context, ModelNode operation, ModelNode model) throws OperationFailedException { + super.recoverServices(context, operation, model); + KeycloakHttpServerAuthenticationMechanismFactoryAddHandler.installCapability(context, operation); + } + } + + /** + * A {@link AbstractAdapterConfigurationWriteAttributeHandler} that updates attributes on a {@link KeycloakHttpServerAuthenticationMechanismFactoryDefinition}. + * + * @author Pedro Igor + */ + static final class KeycloakHttpServerAuthenticationMechanismFactoryWriteHandler extends AbstractAdapterConfigurationWriteAttributeHandler { + KeycloakHttpServerAuthenticationMechanismFactoryWriteHandler() { + super(ALL_ATTRIBUTES); + } + } +} diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakSubsystemParser.java b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakSubsystemParser.java index 79555e3b7bf..a8d50aeb3da 100755 --- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakSubsystemParser.java +++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakSubsystemParser.java @@ -62,6 +62,9 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader

  • resourcesToAdd) throws XMLStreamException { + readSecureResource(KeycloakExtension.SECURE_DEPLOYMENT_DEFINITION.TAG_NAME, KeycloakExtension.SECURE_DEPLOYMENT_DEFINITION, reader, resourcesToAdd); + } + + private void readSecureServer(XMLExtendedStreamReader reader, List resourcesToAdd) throws XMLStreamException { + readSecureResource(KeycloakExtension.SECURE_SERVER_DEFINITION.TAG_NAME, KeycloakExtension.SECURE_SERVER_DEFINITION, reader, resourcesToAdd); + } + + private void readSecureResource(String tagName, AbstractAdapterConfigurationDefinition resource, XMLExtendedStreamReader reader, List resourcesToAdd) throws XMLStreamException { String name = readNameAttribute(reader); ModelNode addSecureDeployment = new ModelNode(); addSecureDeployment.get(ModelDescriptionConstants.OP).set(ModelDescriptionConstants.ADD); PathAddress addr = PathAddress.pathAddress(PathElement.pathElement(ModelDescriptionConstants.SUBSYSTEM, KeycloakExtension.SUBSYSTEM_NAME), - PathElement.pathElement(SecureDeploymentDefinition.TAG_NAME, name)); + PathElement.pathElement(tagName, name)); addSecureDeployment.get(ModelDescriptionConstants.OP_ADDR).set(addr.toModelNode()); List credentialsToAdd = new ArrayList(); List redirectRulesToAdd = new ArrayList(); while (reader.hasNext() && nextTag(reader) != END_ELEMENT) { - String tagName = reader.getLocalName(); - if (tagName.equals(CredentialDefinition.TAG_NAME)) { + String localName = reader.getLocalName(); + if (localName.equals(CredentialDefinition.TAG_NAME)) { readCredential(reader, addr, credentialsToAdd); continue; } - if (tagName.equals(RedirecRewritetRuleDefinition.TAG_NAME)) { + if (localName.equals(RedirecRewritetRuleDefinition.TAG_NAME)) { readRewriteRule(reader, addr, redirectRulesToAdd); continue; } - SimpleAttributeDefinition def = SecureDeploymentDefinition.lookup(tagName); - if (def == null) throw new XMLStreamException("Unknown secure-deployment tag " + tagName); + SimpleAttributeDefinition def = resource.lookup(localName); + if (def == null) throw new XMLStreamException("Unknown secure-deployment tag " + localName); def.parseAndSetParameter(reader.getElementText(), addSecureDeployment, reader); } @@ -236,6 +247,7 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader
  • attributes, XMLExtendedStreamWriter writer, SubsystemMarshallingContext context) throws XMLStreamException { + if (!context.getModelNode().get(tagName).isDefined()) { return; } - for (Property deployment : context.getModelNode().get(SecureDeploymentDefinition.TAG_NAME).asPropertyList()) { - writer.writeStartElement(SecureDeploymentDefinition.TAG_NAME); + for (Property deployment : context.getModelNode().get(tagName).asPropertyList()) { + writer.writeStartElement(tagName); writer.writeAttribute("name", deployment.getName()); ModelNode deploymentElements = deployment.getValue(); - for (AttributeDefinition element : SecureDeploymentDefinition.ALL_ATTRIBUTES) { + for (AttributeDefinition element : attributes) { element.marshallAsElement(deploymentElements, writer); } @@ -271,7 +291,7 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader
  • DEPLOYMENT_ONLY_ATTRIBUTES = new ArrayList(); - static { - DEPLOYMENT_ONLY_ATTRIBUTES.add(REALM); - DEPLOYMENT_ONLY_ATTRIBUTES.add(RESOURCE); - DEPLOYMENT_ONLY_ATTRIBUTES.add(USE_RESOURCE_ROLE_MAPPINGS); - DEPLOYMENT_ONLY_ATTRIBUTES.add(BEARER_ONLY); - DEPLOYMENT_ONLY_ATTRIBUTES.add(ENABLE_BASIC_AUTH); - DEPLOYMENT_ONLY_ATTRIBUTES.add(PUBLIC_CLIENT); - DEPLOYMENT_ONLY_ATTRIBUTES.add(TURN_OFF_CHANGE_SESSION); - DEPLOYMENT_ONLY_ATTRIBUTES.add(TOKEN_MINIMUM_TIME_TO_LIVE); - DEPLOYMENT_ONLY_ATTRIBUTES.add(MIN_TIME_BETWEEN_JWKS_REQUESTS); - } - - protected static final List ALL_ATTRIBUTES = new ArrayList(); - static { - ALL_ATTRIBUTES.addAll(DEPLOYMENT_ONLY_ATTRIBUTES); - ALL_ATTRIBUTES.addAll(SharedAttributeDefinitons.ATTRIBUTES); - } - - private static final Map DEFINITION_LOOKUP = new HashMap(); - static { - for (SimpleAttributeDefinition def : ALL_ATTRIBUTES) { - DEFINITION_LOOKUP.put(def.getXmlName(), def); - } - } - - private static SecureDeploymentWriteAttributeHandler attrHandler = new SecureDeploymentWriteAttributeHandler(ALL_ATTRIBUTES); + static final String TAG_NAME = "secure-deployment"; public SecureDeploymentDefinition() { - super(PathElement.pathElement(TAG_NAME), - KeycloakExtension.getResourceDescriptionResolver(TAG_NAME), - SecureDeploymentAddHandler.INSTANCE, - SecureDeploymentRemoveHandler.INSTANCE); + super(TAG_NAME, ALL_ATTRIBUTES, new SecureDeploymentAddHandler(), new SecureDeploymentRemoveHandler(), new SecureDeploymentWriteAttributeHandler()); } - @Override - public void registerOperations(ManagementResourceRegistration resourceRegistration) { - super.registerOperations(resourceRegistration); - resourceRegistration.registerOperationHandler(GenericSubsystemDescribeHandler.DEFINITION, GenericSubsystemDescribeHandler.INSTANCE); - } + /** + * Add a deployment to a realm. + * + * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc. + */ + static final class SecureDeploymentAddHandler extends AbstractAdapterConfigurationAddHandler { - @Override - public void registerAttributes(ManagementResourceRegistration resourceRegistration) { - super.registerAttributes(resourceRegistration); - for (AttributeDefinition attrDef : ALL_ATTRIBUTES) { - resourceRegistration.registerReadWriteAttribute(attrDef, null, attrHandler); + static final String HTTP_SERVER_AUTHENTICATION_CAPABILITY = "org.wildfly.security.http-server-mechanism-factory"; + static RuntimeCapability HTTP_SERVER_AUTHENTICATION_RUNTIME_CAPABILITY; + + static { + try { + HTTP_SERVER_AUTHENTICATION_RUNTIME_CAPABILITY = RuntimeCapability + .Builder.of(HTTP_SERVER_AUTHENTICATION_CAPABILITY, true, HttpServerAuthenticationMechanismFactory.class) + .build(); + } catch (NoClassDefFoundError ncfe) { + // ignore, Elytron not present thus no capability will be published by this resource definition + } + } + + SecureDeploymentAddHandler() { + super(HTTP_SERVER_AUTHENTICATION_RUNTIME_CAPABILITY, ALL_ATTRIBUTES); + } + + @Override + protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model) throws OperationFailedException { + super.performRuntime(context, operation, model); + if (HTTP_SERVER_AUTHENTICATION_RUNTIME_CAPABILITY != null) { + installCapability(context, operation); + } + } + + static void installCapability(OperationContext context, ModelNode operation) { + PathAddress pathAddress = PathAddress.pathAddress(operation.get(OP_ADDR)); + String factoryName = pathAddress.getLastElement().getValue(); + ServiceName serviceName = context.getCapabilityServiceName(HTTP_SERVER_AUTHENTICATION_CAPABILITY, factoryName, HttpServerAuthenticationMechanismFactory.class); + KeycloakHttpAuthenticationFactoryService service = new KeycloakHttpAuthenticationFactoryService(factoryName); + ServiceTarget serviceTarget = context.getServiceTarget(); + serviceTarget.addService(serviceName, service).setInitialMode(ServiceController.Mode.ACTIVE).install(); } } - public static SimpleAttributeDefinition lookup(String name) { - return DEFINITION_LOOKUP.get(name); + /** + * Remove a secure-deployment from a realm. + * + * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc. + */ + static final class SecureDeploymentRemoveHandler extends AbstractAdapterConfigurationRemoveHandler {} + + /** + * Update an attribute on a secure-deployment. + * + * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc. + */ + static final class SecureDeploymentWriteAttributeHandler extends AbstractAdapterConfigurationWriteAttributeHandler { + SecureDeploymentWriteAttributeHandler() { + super(ALL_ATTRIBUTES); + } } } diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/SecureServerDefinition.java b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/SecureServerDefinition.java new file mode 100755 index 00000000000..7d8fd05dfdb --- /dev/null +++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/SecureServerDefinition.java @@ -0,0 +1,258 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.subsystem.adapter.extension; + +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP_ADDR; +import static org.keycloak.subsystem.adapter.extension.KeycloakHttpServerAuthenticationMechanismFactoryDefinition.KeycloakHttpServerAuthenticationMechanismFactoryAddHandler.HTTP_SERVER_AUTHENTICATION_CAPABILITY; + +import java.io.File; +import java.io.IOException; +import java.net.URL; +import java.nio.file.Path; +import java.util.Collections; +import java.util.Date; +import java.util.List; + +import io.undertow.io.IoCallback; +import io.undertow.io.Sender; +import io.undertow.server.HttpServerExchange; +import io.undertow.server.handlers.resource.Resource; +import io.undertow.server.handlers.resource.ResourceChangeListener; +import io.undertow.server.handlers.resource.ResourceManager; +import io.undertow.util.ETag; +import io.undertow.util.MimeMappings; +import org.jboss.as.controller.OperationContext; +import org.jboss.as.controller.OperationFailedException; +import org.jboss.as.controller.PathAddress; +import org.jboss.as.controller.capability.RuntimeCapability; +import org.jboss.as.server.mgmt.domain.ExtensibleHttpManagement; +import org.jboss.dmr.ModelNode; +import org.jboss.msc.service.Service; +import org.jboss.msc.service.ServiceController.Mode; +import org.jboss.msc.service.ServiceName; +import org.jboss.msc.service.ServiceTarget; +import org.jboss.msc.service.StartContext; +import org.jboss.msc.service.StartException; +import org.jboss.msc.service.StopContext; +import org.jboss.msc.value.InjectedValue; +import org.wildfly.security.http.HttpServerAuthenticationMechanismFactory; + +/** + * Defines attributes and operations for a secure-deployment. + * + * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc. + */ +final class SecureServerDefinition extends AbstractAdapterConfigurationDefinition { + + public static final String TAG_NAME = "secure-server"; + + SecureServerDefinition() { + super(TAG_NAME, ALL_ATTRIBUTES, new SecureServerAddHandler(), new SecureServerRemoveHandler(), new SecureServerWriteHandler()); + } + + /** + * A {@link AbstractAdapterConfigurationAddHandler} that exposes a {@link SecureServerDefinition} + * as a capability through the installation of a {@link KeycloakHttpAuthenticationFactoryService}. + * + * @author Pedro Igor + */ + static final class SecureServerAddHandler extends AbstractAdapterConfigurationAddHandler { + + static final String HTTP_SERVER_AUTHENTICATION_CAPABILITY = "org.wildfly.security.http-server-mechanism-factory"; + static final String HTTP_MANAGEMENT_HTTP_EXTENSIBLE_CAPABILITY = "org.wildfly.management.http.extensible"; + static RuntimeCapability HTTP_SERVER_AUTHENTICATION_RUNTIME_CAPABILITY; + + static { + try { + HTTP_SERVER_AUTHENTICATION_RUNTIME_CAPABILITY = RuntimeCapability + .Builder.of(HTTP_SERVER_AUTHENTICATION_CAPABILITY, true, HttpServerAuthenticationMechanismFactory.class) + .build(); + } catch (NoClassDefFoundError ncfe) { + // ignore, Elytron not present thus no capability will be published by this resource definition + } + } + + SecureServerAddHandler() { + super(HTTP_SERVER_AUTHENTICATION_RUNTIME_CAPABILITY, ALL_ATTRIBUTES); + } + + @Override + protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model) throws OperationFailedException { + super.performRuntime(context, operation, model); + if (HTTP_SERVER_AUTHENTICATION_RUNTIME_CAPABILITY != null) { + installCapability(context, operation); + } + } + + static void installCapability(OperationContext context, ModelNode operation) throws OperationFailedException { + PathAddress pathAddress = PathAddress.pathAddress(operation.get(OP_ADDR)); + String factoryName = pathAddress.getLastElement().getValue(); + ServiceName serviceName = context.getCapabilityServiceName(HTTP_SERVER_AUTHENTICATION_CAPABILITY, factoryName, HttpServerAuthenticationMechanismFactory.class); + boolean publicClient = SecureServerDefinition.PUBLIC_CLIENT.resolveModelAttribute(context, operation).asBoolean(false); + + if (!publicClient) { + throw new OperationFailedException("Only public clients are allowed to have their configuration exposed through the management interface"); + } + + KeycloakHttpAuthenticationFactoryService service = new KeycloakHttpAuthenticationFactoryService(factoryName); + ServiceTarget serviceTarget = context.getServiceTarget(); + InjectedValue injectedValue = new InjectedValue<>(); + serviceTarget.addService(serviceName.append("http-management-context"), createHttpManagementConfigContextService(factoryName, injectedValue)) + .addDependency(context.getCapabilityServiceName(HTTP_MANAGEMENT_HTTP_EXTENSIBLE_CAPABILITY, ExtensibleHttpManagement.class), ExtensibleHttpManagement.class, injectedValue).setInitialMode(Mode.ACTIVE).install(); + serviceTarget.addService(serviceName, service).setInitialMode(Mode.ACTIVE).install(); + } + } + + /** + * A {@link AbstractAdapterConfigurationRemoveHandler} that handles the removal of {@link SecureServerDefinition}. + * + * @author Pedro Igor + */ + static final class SecureServerRemoveHandler extends AbstractAdapterConfigurationRemoveHandler { + @Override + protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model) throws OperationFailedException { + super.performRuntime(context, operation, model); + PathAddress pathAddress = PathAddress.pathAddress(operation.get(OP_ADDR)); + String factoryName = pathAddress.getLastElement().getValue(); + ServiceName serviceName = context.getCapabilityServiceName(HTTP_SERVER_AUTHENTICATION_CAPABILITY, factoryName, HttpServerAuthenticationMechanismFactory.class); + context.removeService(serviceName); + } + + @Override + protected void recoverServices(OperationContext context, ModelNode operation, ModelNode model) throws OperationFailedException { + super.recoverServices(context, operation, model); + SecureServerDefinition.SecureServerAddHandler.installCapability(context, operation); + } + } + + /** + * A {@link AbstractAdapterConfigurationWriteAttributeHandler} that updates attributes on a {@link SecureServerDefinition}. + * + * @author Pedro Igor + */ + static final class SecureServerWriteHandler extends AbstractAdapterConfigurationWriteAttributeHandler { + SecureServerWriteHandler() { + super(ALL_ATTRIBUTES); + } + } + + private static Service createHttpManagementConfigContextService(final String factoryName, final InjectedValue httpConfigContext) { + final String contextName = "/keycloak/adapter/" + factoryName + "/"; + return new Service() { + public void start(StartContext startContext) throws StartException { + ExtensibleHttpManagement extensibleHttpManagement = (ExtensibleHttpManagement)httpConfigContext.getValue(); + extensibleHttpManagement.addStaticContext(contextName, new ResourceManager() { + public Resource getResource(final String path) throws IOException { + KeycloakAdapterConfigService adapterConfigService = KeycloakAdapterConfigService.getInstance(); + final String config = adapterConfigService.getJSON(factoryName); + + if (config == null) { + return null; + } + + return new Resource() { + public String getPath() { + return null; + } + + public Date getLastModified() { + return null; + } + + public String getLastModifiedString() { + return null; + } + + public ETag getETag() { + return null; + } + + public String getName() { + return null; + } + + public boolean isDirectory() { + return false; + } + + public List list() { + return Collections.emptyList(); + } + + public String getContentType(MimeMappings mimeMappings) { + return "application/json"; + } + + public void serve(Sender sender, HttpServerExchange exchange, IoCallback completionCallback) { + sender.send(config); + } + + public Long getContentLength() { + return Long.valueOf((long)config.length()); + } + + public String getCacheKey() { + return null; + } + + public File getFile() { + return null; + } + + public Path getFilePath() { + return null; + } + + public File getResourceManagerRoot() { + return null; + } + + public Path getResourceManagerRootPath() { + return null; + } + + public URL getUrl() { + return null; + } + }; + } + + public boolean isResourceChangeListenerSupported() { + return false; + } + + public void registerResourceChangeListener(ResourceChangeListener listener) { + } + + public void removeResourceChangeListener(ResourceChangeListener listener) { + } + + public void close() throws IOException { + } + }); + } + + public void stop(StopContext stopContext) { + ((ExtensibleHttpManagement)httpConfigContext.getValue()).removeContext(contextName); + } + + public Void getValue() throws IllegalStateException, IllegalArgumentException { + return null; + } + }; + } +} diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/resources/org/keycloak/subsystem/adapter/extension/LocalDescriptions.properties b/adapters/oidc/wildfly/wildfly-subsystem/src/main/resources/org/keycloak/subsystem/adapter/extension/LocalDescriptions.properties index c9cea777875..f6097ae5cf8 100755 --- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/resources/org/keycloak/subsystem/adapter/extension/LocalDescriptions.properties +++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/resources/org/keycloak/subsystem/adapter/extension/LocalDescriptions.properties @@ -20,6 +20,8 @@ keycloak.subsystem.add=Operation Adds Keycloak adapter subsystem keycloak.subsystem.remove=Operation removes Keycloak adapter subsystem keycloak.subsystem.realm=A Keycloak realm. keycloak.subsystem.secure-deployment=A deployment secured by Keycloak. +keycloak.subsystem.secure-server=A configuration exposed to the server. +keycloak.subsystem.http-server-mechanism-factory=A http-server-mechanism-factory exposed to the server. keycloak.realm=A Keycloak realm. keycloak.realm.add=Add a realm definition to the subsystem. @@ -90,7 +92,48 @@ keycloak.secure-deployment.token-minimum-time-to-live=The adapter will refresh t keycloak.secure-deployment.min-time-between-jwks-requests=If adapter recognize token signed by unknown public key, it will try to download new public key from keycloak server. However it won't try to download if already tried it in less than 'min-time-between-jwks-requests' seconds keycloak.secure-deployment.ignore-oauth-query-parameter=disable query parameter parsing for access_token +keycloak.secure-server=A deployment secured by Keycloak +keycloak.secure-server.add=Add a deployment to be secured by Keycloak +keycloak.secure-server.realm=Keycloak realm +keycloak.secure-server.remove=Remove a deployment to be secured by Keycloak +keycloak.secure-server.realm-public-key=Public key of the realm +keycloak.secure-server.auth-server-url=Base URL of the Realm Auth Server +keycloak.secure-server.disable-trust-manager=Adapter will not use a trust manager when making adapter HTTPS requests +keycloak.secure-server.ssl-required=Specify if SSL is required (valid values are all, external and none) +keycloak.secure-server.allow-any-hostname=SSL Setting +keycloak.secure-server.truststore=Truststore used for adapter client HTTPS requests +keycloak.secure-server.truststore-password=Password of the Truststore +keycloak.secure-server.connection-pool-size=Connection pool size for the client used by the adapter +keycloak.secure-server.resource=Application name +keycloak.secure-server.use-resource-role-mappings=Use resource level permissions from token +keycloak.secure-server.credentials=Adapter credentials +keycloak.secure-server.redirect-rewrite-rule=Apply a rewrite rule for the redirect URI +keycloak.secure-server.bearer-only=Bearer Token Auth only +keycloak.secure-server.enable-basic-auth=Enable Basic Authentication +keycloak.secure-server.public-client=Public client +keycloak.secure-server.enable-cors=Enable Keycloak CORS support +keycloak.secure-server.autodetect-bearer-only=autodetect bearer-only requests +keycloak.secure-server.client-keystore=n/a +keycloak.secure-server.client-keystore-password=n/a +keycloak.secure-server.client-key-password=n/a +keycloak.secure-server.cors-max-age=CORS max-age header +keycloak.secure-server.cors-allowed-headers=CORS allowed headers +keycloak.secure-server.cors-allowed-methods=CORS allowed methods +keycloak.secure-server.cors-exposed-headers=CORS exposed headers +keycloak.secure-server.expose-token=Enable secure URL that exposes access token +keycloak.secure-server.auth-server-url-for-backend-requests=URL to use to make background calls to auth server +keycloak.secure-server.always-refresh-token=Refresh token on every single web request +keycloak.secure-server.register-node-at-startup=Cluster setting +keycloak.secure-server.register-node-period=how often to re-register node +keycloak.secure-server.token-store=cookie or session storage for auth session data +keycloak.secure-server.principal-attribute=token attribute to use to set Principal name +keycloak.secure-server.turn-off-change-session-id-on-login=The session id is changed by default on a successful login. Change this to true if you want to turn this off +keycloak.secure-server.token-minimum-time-to-live=The adapter will refresh the token if the current token is expired OR will expire in 'token-minimum-time-to-live' seconds or less +keycloak.secure-server.min-time-between-jwks-requests=If adapter recognize token signed by unknown public key, it will try to download new public key from keycloak server. However it won't try to download if already tried it in less than 'min-time-between-jwks-requests' seconds +keycloak.secure-server.ignore-oauth-query-parameter=disable query parameter parsing for access_token + keycloak.secure-deployment.credential=Credential value +keycloak.secure-server.credential=Credential value keycloak.credential=Credential keycloak.credential.value=Credential value diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/resources/schema/wildfly-keycloak_1_1.xsd b/adapters/oidc/wildfly/wildfly-subsystem/src/main/resources/schema/wildfly-keycloak_1_1.xsd index d8f5bc3d74d..caa147d8218 100755 --- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/resources/schema/wildfly-keycloak_1_1.xsd +++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/resources/schema/wildfly-keycloak_1_1.xsd @@ -38,6 +38,7 @@ + @@ -84,7 +85,7 @@ - + @@ -99,9 +100,9 @@ - - - + + + diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/SubsystemParsingTestCase.java b/adapters/oidc/wildfly/wildfly-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/SubsystemParsingTestCase.java index 9d5f87ab39d..4adad9f21ad 100755 --- a/adapters/oidc/wildfly/wildfly-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/SubsystemParsingTestCase.java +++ b/adapters/oidc/wildfly/wildfly-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/SubsystemParsingTestCase.java @@ -73,7 +73,7 @@ public class SubsystemParsingTestCase extends AbstractSubsystemBaseTest { ModelNode deployment = new ModelNode(); deployment.get("realm").set("demo"); deployment.get("resource").set("customer-portal"); - service.addSecureDeployment(deploymentOp, deployment); + service.addSecureDeployment(deploymentOp, deployment, false); addCredential(addr, service, "secret", "secret1"); addCredential(addr, service, "jwt.client-keystore-file", "/tmp/foo.jks"); diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/test/resources/org/keycloak/subsystem/adapter/extension/keycloak-1.1.xml b/adapters/oidc/wildfly/wildfly-subsystem/src/test/resources/org/keycloak/subsystem/adapter/extension/keycloak-1.1.xml index 246d76855fa..fce5c41dae7 100755 --- a/adapters/oidc/wildfly/wildfly-subsystem/src/test/resources/org/keycloak/subsystem/adapter/extension/keycloak-1.1.xml +++ b/adapters/oidc/wildfly/wildfly-subsystem/src/test/resources/org/keycloak/subsystem/adapter/extension/keycloak-1.1.xml @@ -40,6 +40,10 @@ session sub + + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKoq+a9MgXepmsPJDmo45qswuChW9pWjanX68oIBuI4hGvhQxFHryCow230A+sr7tFdMQMt8f1l/ysmV/fYAuW29WaoY4kI4Ou1yYPuwywKSsxT6PooTs83hKyZ1h4LZMj5DkLGDDDyVRHob2WmPaYg9RGVRw3iGGsD/p+Yb+L/gnBYQnZZ7lYqmN7h36p5CkzzlgXQA1Ha8sQxL+rJNH8+sZm0vBrKsoII3Of7TqHGsm1RwFV3XCuGJ7S61AbjJMXL5DQgJl9Z5scvxGAyoRLKC294UgMnQdzyBTMPw2GybxkRKmiK2KjQKmcopmrJp/Bt6fBR6ZkGSs9qUlxGHgwIDAQAB + http://localhost:8180/auth + master web-console @@ -69,4 +73,16 @@ /api/$1/ + + jboss-infra + wildfly-management + true + EXTERNAL + preferred_username + + + jboss-infra + wildfly-console + true + \ No newline at end of file diff --git a/adapters/pom.xml b/adapters/pom.xml index 21e23b987a1..96c56d5300b 100755 --- a/adapters/pom.xml +++ b/adapters/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml Keycloak Adapters diff --git a/adapters/saml/as7-eap6/adapter/pom.xml b/adapters/saml/as7-eap6/adapter/pom.xml index dd8aff53177..2fdd3ee7280 100755 --- a/adapters/saml/as7-eap6/adapter/pom.xml +++ b/adapters/saml/as7-eap6/adapter/pom.xml @@ -21,7 +21,7 @@ keycloak-saml-eap-integration-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 @@ -78,6 +78,18 @@ 7.1.2.Final provided + + org.infinispan + infinispan-core + provided + 5.2.20.Final + + + org.infinispan + infinispan-cachestore-remote + provided + 5.2.20.Final + org.keycloak keycloak-saml-tomcat-adapter-core diff --git a/adapters/saml/as7-eap6/adapter/src/main/java/org/keycloak/adapters/saml/jbossweb/infinispan/InfinispanSessionCacheIdMapperUpdater.java b/adapters/saml/as7-eap6/adapter/src/main/java/org/keycloak/adapters/saml/jbossweb/infinispan/InfinispanSessionCacheIdMapperUpdater.java index b6f4c23f094..dd19a7b7e66 100644 --- a/adapters/saml/as7-eap6/adapter/src/main/java/org/keycloak/adapters/saml/jbossweb/infinispan/InfinispanSessionCacheIdMapperUpdater.java +++ b/adapters/saml/as7-eap6/adapter/src/main/java/org/keycloak/adapters/saml/jbossweb/infinispan/InfinispanSessionCacheIdMapperUpdater.java @@ -16,9 +16,11 @@ */ package org.keycloak.adapters.saml.jbossweb.infinispan; +import org.keycloak.adapters.saml.AdapterConstants; import org.keycloak.adapters.spi.SessionIdMapper; import org.keycloak.adapters.spi.SessionIdMapperUpdater; +import java.util.List; import javax.naming.InitialContext; import javax.naming.NamingException; import javax.servlet.ServletContext; @@ -26,6 +28,8 @@ import org.apache.catalina.Context; import org.infinispan.Cache; import org.infinispan.configuration.cache.CacheMode; import org.infinispan.configuration.cache.Configuration; +import org.infinispan.loaders.CacheLoaderManager; +import org.infinispan.loaders.remote.RemoteCacheStore; import org.infinispan.manager.EmbeddedCacheManager; import org.jboss.logging.Logger; @@ -37,24 +41,12 @@ public class InfinispanSessionCacheIdMapperUpdater { private static final Logger LOG = Logger.getLogger(InfinispanSessionCacheIdMapperUpdater.class); - public static final String DEFAULT_CACHE_CONTAINER_JNDI_NAME = "java:jboss/infinispan/container/web"; - - private static final String DEPLOYMENT_CACHE_CONTAINER_JNDI_NAME_PARAM_NAME = "keycloak.sessionIdMapperUpdater.infinispan.cacheContainerJndi"; - private static final String DEPLOYMENT_CACHE_NAME_PARAM_NAME = "keycloak.sessionIdMapperUpdater.infinispan.deploymentCacheName"; - private static final String SSO_CACHE_NAME_PARAM_NAME = "keycloak.sessionIdMapperUpdater.infinispan.cacheName"; + public static final String DEFAULT_CACHE_CONTAINER_JNDI_NAME = "java:jboss/infinispan/container"; public static SessionIdMapperUpdater addTokenStoreUpdaters(Context context, SessionIdMapper mapper, SessionIdMapperUpdater previousIdMapperUpdater) { - boolean distributable = context.getDistributable(); - - if (! distributable) { - LOG.warnv("Deployment {0} does not use supported distributed session cache mechanism", context.getName()); - return previousIdMapperUpdater; - } - ServletContext servletContext = context.getServletContext(); - String cacheContainerLookup = (servletContext != null && servletContext.getInitParameter(DEPLOYMENT_CACHE_CONTAINER_JNDI_NAME_PARAM_NAME) != null) - ? servletContext.getInitParameter(DEPLOYMENT_CACHE_CONTAINER_JNDI_NAME_PARAM_NAME) - : DEFAULT_CACHE_CONTAINER_JNDI_NAME; + String containerName = servletContext == null ? null : servletContext.getInitParameter(AdapterConstants.REPLICATION_CONFIG_CONTAINER_PARAM_NAME); + String cacheName = servletContext == null ? null : servletContext.getInitParameter(AdapterConstants.REPLICATION_CONFIG_SSO_CACHE_PARAM_NAME); // the following is based on https://github.com/jbossas/jboss-as/blob/7.2.0.Final/clustering/web-infinispan/src/main/java/org/jboss/as/clustering/web/infinispan/DistributedCacheManagerFactory.java#L116-L122 String host = context.getParent() == null ? "" : context.getParent().getName(); @@ -62,43 +54,48 @@ public class InfinispanSessionCacheIdMapperUpdater { if ("/".equals(contextPath)) { contextPath = "/ROOT"; } + String deploymentSessionCacheName = host + contextPath; - boolean deploymentSessionCacheNamePreset = servletContext != null && servletContext.getInitParameter(DEPLOYMENT_CACHE_NAME_PARAM_NAME) != null; - String deploymentSessionCacheName = deploymentSessionCacheNamePreset - ? servletContext.getInitParameter(DEPLOYMENT_CACHE_NAME_PARAM_NAME) - : host + contextPath; - boolean ssoCacheNamePreset = servletContext != null && servletContext.getInitParameter(SSO_CACHE_NAME_PARAM_NAME) != null; - String ssoCacheName = ssoCacheNamePreset - ? servletContext.getInitParameter(SSO_CACHE_NAME_PARAM_NAME) - : deploymentSessionCacheName + ".ssoCache"; + if (containerName == null || cacheName == null || deploymentSessionCacheName == null) { + LOG.warnv("Cannot determine parameters of SSO cache for deployment {0}.", host + contextPath); + + return previousIdMapperUpdater; + } + + String cacheContainerLookup = DEFAULT_CACHE_CONTAINER_JNDI_NAME + "/" + containerName; try { EmbeddedCacheManager cacheManager = (EmbeddedCacheManager) new InitialContext().lookup(cacheContainerLookup); - Configuration ssoCacheConfiguration = cacheManager.getCacheConfiguration(ssoCacheName); + Configuration ssoCacheConfiguration = cacheManager.getCacheConfiguration(cacheName); if (ssoCacheConfiguration == null) { Configuration cacheConfiguration = cacheManager.getCacheConfiguration(deploymentSessionCacheName); if (cacheConfiguration == null) { - LOG.debugv("Using default cache container configuration for SSO cache. lookup={0}, looked up configuration of cache={1}", cacheContainerLookup, deploymentSessionCacheName); + LOG.debugv("Using default configuration for SSO cache {0}.{1}.", containerName, cacheName); ssoCacheConfiguration = cacheManager.getDefaultCacheConfiguration(); } else { - LOG.debugv("Using distributed HTTP session cache configuration for SSO cache. lookup={0}, configuration taken from cache={1}", cacheContainerLookup, deploymentSessionCacheName); + LOG.debugv("Using distributed HTTP session cache configuration for SSO cache {0}.{1}, configuration taken from cache {2}", + containerName, cacheName, deploymentSessionCacheName); ssoCacheConfiguration = cacheConfiguration; - cacheManager.defineConfiguration(ssoCacheName, ssoCacheConfiguration); + cacheManager.defineConfiguration(cacheName, ssoCacheConfiguration); } } else { - LOG.debugv("Using custom configuration for SSO cache. lookup={0}, cache name={1}", cacheContainerLookup, ssoCacheName); + LOG.debugv("Using custom configuration of SSO cache {0}.{1}.", containerName, cacheName); } CacheMode ssoCacheMode = ssoCacheConfiguration.clustering().cacheMode(); if (ssoCacheMode != CacheMode.REPL_ASYNC && ssoCacheMode != CacheMode.REPL_SYNC) { - LOG.warnv("SSO cache mode is {0}, it is recommended to use replicated mode instead", ssoCacheConfiguration.clustering().cacheModeString()); + LOG.warnv("SSO cache mode is {0}, it is recommended to use replicated mode instead.", ssoCacheConfiguration.clustering().cacheModeString()); } - Cache ssoCache = cacheManager.getCache(ssoCacheName, true); - ssoCache.addListener(new SsoSessionCacheListener(mapper)); + Cache ssoCache = cacheManager.getCache(cacheName, true); + final SsoSessionCacheListener listener = new SsoSessionCacheListener(ssoCache, mapper); + ssoCache.addListener(listener); - LOG.debugv("Added distributed SSO session cache, lookup={0}, cache name={1}", cacheContainerLookup, deploymentSessionCacheName); + // Not possible to add listener for cross-DC support because of too old Infinispan in AS 7 + warnIfRemoteStoreIsUsed(ssoCache); + + LOG.debugv("Added distributed SSO session cache, lookup={0}, cache name={1}", cacheContainerLookup, cacheName); SsoCacheSessionIdMapperUpdater updater = new SsoCacheSessionIdMapperUpdater(ssoCache, previousIdMapperUpdater); @@ -108,4 +105,17 @@ public class InfinispanSessionCacheIdMapperUpdater { return previousIdMapperUpdater; } } + + private static void warnIfRemoteStoreIsUsed(Cache ssoCache) { + final List stores = getRemoteStores(ssoCache); + if (stores == null || stores.isEmpty()) { + return; + } + + LOG.warnv("Unable to listen for events on remote stores configured for cache {0} (unsupported in this Infinispan limitations), logouts will not be propagated.", ssoCache.getName()); + } + + public static List getRemoteStores(Cache ssoCache) { + return ssoCache.getAdvancedCache().getComponentRegistry().getComponent(CacheLoaderManager.class).getCacheLoaders(RemoteCacheStore.class); + } } diff --git a/adapters/saml/as7-eap6/adapter/src/main/java/org/keycloak/adapters/saml/jbossweb/infinispan/SsoSessionCacheListener.java b/adapters/saml/as7-eap6/adapter/src/main/java/org/keycloak/adapters/saml/jbossweb/infinispan/SsoSessionCacheListener.java index ee100ad3175..aded4a38e9b 100644 --- a/adapters/saml/as7-eap6/adapter/src/main/java/org/keycloak/adapters/saml/jbossweb/infinispan/SsoSessionCacheListener.java +++ b/adapters/saml/as7-eap6/adapter/src/main/java/org/keycloak/adapters/saml/jbossweb/infinispan/SsoSessionCacheListener.java @@ -20,6 +20,7 @@ import org.keycloak.adapters.spi.SessionIdMapper; import java.util.*; import java.util.concurrent.*; +import org.infinispan.Cache; import org.infinispan.notifications.Listener; import org.infinispan.notifications.cachelistener.annotation.*; import org.infinispan.notifications.cachelistener.event.*; @@ -43,9 +44,12 @@ public class SsoSessionCacheListener { private final SessionIdMapper idMapper; + private final Cache ssoCache; + private ExecutorService executor = Executors.newSingleThreadExecutor(); - public SsoSessionCacheListener(SessionIdMapper idMapper) { + public SsoSessionCacheListener(Cache ssoCache, SessionIdMapper idMapper) { + this.ssoCache = ssoCache; this.idMapper = idMapper; } @@ -68,8 +72,10 @@ public class SsoSessionCacheListener { @CacheEntryRemoved @CacheEntryModified public void addEvent(TransactionalEvent event) { - if (event.isPre() == false) { + if (event.getGlobalTransaction() != null) { map.get(event.getGlobalTransaction()).add(event); + } else { + processEvent(event); } } @@ -87,40 +93,53 @@ public class SsoSessionCacheListener { } for (final Event e : events) { - switch (e.getType()) { - case CACHE_ENTRY_CREATED: - this.executor.submit(new Runnable() { - @Override public void run() { - cacheEntryCreated((CacheEntryCreatedEvent) e); - } - }); - break; + processEvent(e); + } + } - case CACHE_ENTRY_MODIFIED: - this.executor.submit(new Runnable() { - @Override public void run() { - cacheEntryModified((CacheEntryModifiedEvent) e); - } - }); - break; + private void processEvent(final Event e) { + switch (e.getType()) { + case CACHE_ENTRY_CREATED: + this.executor.submit(new Runnable() { + @Override public void run() { + cacheEntryCreated((CacheEntryCreatedEvent) e); + } + }); + break; + + case CACHE_ENTRY_MODIFIED: + this.executor.submit(new Runnable() { + @Override public void run() { + cacheEntryModified((CacheEntryModifiedEvent) e); + } + }); + break; - case CACHE_ENTRY_REMOVED: - this.executor.submit(new Runnable() { - @Override public void run() { - cacheEntryRemoved((CacheEntryRemovedEvent) e); - } - }); - break; - } + case CACHE_ENTRY_REMOVED: + this.executor.submit(new Runnable() { + @Override public void run() { + cacheEntryRemoved((CacheEntryRemovedEvent) e); + } + }); + break; } } private void cacheEntryCreated(CacheEntryCreatedEvent event) { - if (! (event.getKey() instanceof String) || ! (event.getValue() instanceof String[])) { + if (! (event.getKey() instanceof String)) { return; } + String httpSessionId = (String) event.getKey(); - String[] value = (String[]) event.getValue(); + + if (idMapper.hasSession(httpSessionId)) { + // Ignore local events generated by remote store + LOG.tracev("IGNORING cacheEntryCreated {0}", httpSessionId); + return; + } + + String[] value = ssoCache.get((String) httpSessionId); + String ssoId = value[0]; String principal = value[1]; diff --git a/adapters/saml/as7-eap6/pom.xml b/adapters/saml/as7-eap6/pom.xml index 66bdf0d5add..ecef244c1e1 100755 --- a/adapters/saml/as7-eap6/pom.xml +++ b/adapters/saml/as7-eap6/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml Keycloak SAML EAP Integration diff --git a/adapters/saml/as7-eap6/subsystem/pom.xml b/adapters/saml/as7-eap6/subsystem/pom.xml index d3c2a5d9a44..e9a8b37608b 100755 --- a/adapters/saml/as7-eap6/subsystem/pom.xml +++ b/adapters/saml/as7-eap6/subsystem/pom.xml @@ -21,7 +21,7 @@ org.keycloak keycloak-saml-eap-integration-pom - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakClusteredSsoDeploymentProcessor.java b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakClusteredSsoDeploymentProcessor.java new file mode 100644 index 00000000000..0333bc9dee8 --- /dev/null +++ b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakClusteredSsoDeploymentProcessor.java @@ -0,0 +1,157 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.subsystem.saml.as7; + +import org.keycloak.adapters.saml.AdapterConstants; +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; +import org.jboss.as.server.deployment.DeploymentPhaseContext; +import org.jboss.as.server.deployment.DeploymentUnit; +import org.jboss.as.server.deployment.DeploymentUnitProcessingException; +import org.jboss.as.server.deployment.DeploymentUnitProcessor; +import org.jboss.as.web.deployment.WarMetaData; +import org.jboss.logging.Logger; +import org.jboss.metadata.javaee.spec.ParamValueMetaData; +import org.jboss.metadata.web.jboss.JBossWebMetaData; +import org.jboss.metadata.web.spec.LoginConfigMetaData; +import org.jboss.msc.service.ServiceName; +import org.jboss.msc.service.ServiceTarget; + +/** + * + * @author hmlnarik + */ +public class KeycloakClusteredSsoDeploymentProcessor implements DeploymentUnitProcessor { + + private static final Logger LOG = Logger.getLogger(KeycloakClusteredSsoDeploymentProcessor.class); + + private static final String DEFAULT_CACHE_CONTAINER = "web"; + private static final String SSO_CACHE_CONTAINER_NAME_PARAM_NAME = "keycloak.sessionIdMapperUpdater.infinispan.containerName"; + private static final String SSO_CACHE_NAME_PARAM_NAME = "keycloak.sessionIdMapperUpdater.infinispan.cacheName"; + + @Override + public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { + final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); + + if (isKeycloakSamlAuthMethod(deploymentUnit) && isDistributable(deploymentUnit)) { + addSamlReplicationConfiguration(deploymentUnit, phaseContext); + } + } + + public static boolean isDistributable(final DeploymentUnit deploymentUnit) { + WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); + if (warMetaData == null) { + return false; + } + JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); + if (webMetaData == null) { + return false; + } + + return webMetaData.getDistributable() != null || webMetaData.getReplicationConfig() != null; + } + + public static boolean isKeycloakSamlAuthMethod(final DeploymentUnit deploymentUnit) { + WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); + if (warMetaData == null) { + return false; + } + JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); + if (webMetaData == null) { + return false; + } + + if (Configuration.INSTANCE.isSecureDeployment(deploymentUnit)) { + return true; + } + + LoginConfigMetaData loginConfig = webMetaData.getLoginConfig(); + + return loginConfig != null && Objects.equals(loginConfig.getAuthMethod(), "KEYCLOAK-SAML"); + } + + @Override + public void undeploy(DeploymentUnit du) { + + } + + private void addSamlReplicationConfiguration(DeploymentUnit deploymentUnit, DeploymentPhaseContext context) { + WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); + if (warMetaData == null) { + return; + } + + JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); + if (webMetaData == null) { + webMetaData = new JBossWebMetaData(); + warMetaData.setMergedJBossWebMetaData(webMetaData); + } + + // Find out default names of cache container and cache + String cacheContainer = DEFAULT_CACHE_CONTAINER; + String deploymentSessionCacheName = + (deploymentUnit.getParent() == null + ? "" + : deploymentUnit.getParent().getName() + ".") + + deploymentUnit.getName(); + + // Update names from jboss-web.xml's + if (webMetaData.getReplicationConfig() != null && webMetaData.getReplicationConfig().getCacheName() != null) { + ServiceName sn = ServiceName.parse(webMetaData.getReplicationConfig().getCacheName()); + cacheContainer = sn.getParent().getSimpleName(); + deploymentSessionCacheName = sn.getSimpleName(); + } + String ssoCacheName = deploymentSessionCacheName + ".ssoCache"; + + // Override if they were set in the context parameters + List contextParams = webMetaData.getContextParams(); + if (contextParams == null) { + contextParams = new ArrayList<>(); + } + for (ParamValueMetaData contextParam : contextParams) { + if (Objects.equals(contextParam.getParamName(), SSO_CACHE_CONTAINER_NAME_PARAM_NAME)) { + cacheContainer = contextParam.getParamValue(); + } else if (Objects.equals(contextParam.getParamName(), SSO_CACHE_NAME_PARAM_NAME)) { + ssoCacheName = contextParam.getParamValue(); + } + } + + LOG.debugv("Determined SSO cache container configuration: container: {0}, cache: {1}", cacheContainer, ssoCacheName); +// addCacheDependency(context, deploymentUnit, cacheContainer, cacheName); + + // Set context parameters for SSO cache container/name + ParamValueMetaData paramContainer = new ParamValueMetaData(); + paramContainer.setParamName(AdapterConstants.REPLICATION_CONFIG_CONTAINER_PARAM_NAME); + paramContainer.setParamValue(cacheContainer); + contextParams.add(paramContainer); + + ParamValueMetaData paramSsoCache = new ParamValueMetaData(); + paramSsoCache.setParamName(AdapterConstants.REPLICATION_CONFIG_SSO_CACHE_PARAM_NAME); + paramSsoCache.setParamValue(ssoCacheName); + contextParams.add(paramSsoCache); + + webMetaData.setContextParams(contextParams); + } + + private void addCacheDependency(DeploymentPhaseContext context, DeploymentUnit deploymentUnit, String cacheContainer, String cacheName) { + ServiceName jbossAsCacheContainerService = ServiceName.of("jboss", "infinispan", cacheContainer); + ServiceTarget st = context.getServiceTarget(); + st.addDependency(jbossAsCacheContainerService.append(cacheName)); + } + +} diff --git a/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemAdd.java b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemAdd.java index d583db43d1e..30a853ffa61 100755 --- a/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemAdd.java +++ b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemAdd.java @@ -48,6 +48,10 @@ class KeycloakSubsystemAdd extends AbstractBoottimeAddStepHandler { Phase.POST_MODULE, // PHASE Phase.POST_MODULE_VALIDATOR_FACTORY - 1, // PRIORITY chooseConfigDeploymentProcessor()); + processorTarget.addDeploymentProcessor(KeycloakSamlExtension.SUBSYSTEM_NAME, + Phase.POST_MODULE, // PHASE + Phase.POST_MODULE_VALIDATOR_FACTORY - 1, // PRIORITY + chooseClusteredSsoDeploymentProcessor()); } }, OperationContext.Stage.RUNTIME); } @@ -60,6 +64,10 @@ class KeycloakSubsystemAdd extends AbstractBoottimeAddStepHandler { return new KeycloakAdapterConfigDeploymentProcessor(); } + private DeploymentUnitProcessor chooseClusteredSsoDeploymentProcessor() { + return new KeycloakClusteredSsoDeploymentProcessor(); + } + @Override protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException { } diff --git a/adapters/saml/core-public/pom.xml b/adapters/saml/core-public/pom.xml index 29e35a9761d..d8d24040925 100755 --- a/adapters/saml/core-public/pom.xml +++ b/adapters/saml/core-public/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 diff --git a/adapters/saml/core/pom.xml b/adapters/saml/core/pom.xml index be1e686dc04..7e7e479c66c 100755 --- a/adapters/saml/core/pom.xml +++ b/adapters/saml/core/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 diff --git a/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/AdapterConstants.java b/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/AdapterConstants.java index 8b94068229f..3646ed45541 100755 --- a/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/AdapterConstants.java +++ b/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/AdapterConstants.java @@ -23,4 +23,6 @@ package org.keycloak.adapters.saml; */ public class AdapterConstants { public static final String AUTH_DATA_PARAM_NAME="org.keycloak.saml.xml.adapterConfig"; + public static final String REPLICATION_CONFIG_CONTAINER_PARAM_NAME = "org.keycloak.saml.replication.container"; + public static final String REPLICATION_CONFIG_SSO_CACHE_PARAM_NAME = "org.keycloak.saml.replication.cache.sso"; } diff --git a/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/profile/AbstractSamlAuthenticationHandler.java b/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/profile/AbstractSamlAuthenticationHandler.java index 2b40a424e82..12cb9248685 100644 --- a/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/profile/AbstractSamlAuthenticationHandler.java +++ b/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/profile/AbstractSamlAuthenticationHandler.java @@ -187,7 +187,7 @@ public abstract class AbstractSamlAuthenticationHandler implements SamlAuthentic final StatusResponseType statusResponse = (StatusResponseType) holder.getSamlObject(); // validate destination if (!requestUri.equals(statusResponse.getDestination())) { - log.error("Request URI does not match SAML request destination"); + log.error("Request URI '" + requestUri + "' does not match SAML request destination '" + statusResponse.getDestination() + "'"); return AuthOutcome.FAILED; } diff --git a/adapters/saml/jetty/jetty-core/pom.xml b/adapters/saml/jetty/jetty-core/pom.xml index 316cb7e6b18..98b180e25bc 100755 --- a/adapters/saml/jetty/jetty-core/pom.xml +++ b/adapters/saml/jetty/jetty-core/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml 4.0.0 diff --git a/adapters/saml/jetty/jetty8.1/pom.xml b/adapters/saml/jetty/jetty8.1/pom.xml index ca569821b36..3a649184f6e 100755 --- a/adapters/saml/jetty/jetty8.1/pom.xml +++ b/adapters/saml/jetty/jetty8.1/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml 4.0.0 diff --git a/adapters/saml/jetty/jetty9.1/pom.xml b/adapters/saml/jetty/jetty9.1/pom.xml index c01af403a28..27e7aff14a6 100755 --- a/adapters/saml/jetty/jetty9.1/pom.xml +++ b/adapters/saml/jetty/jetty9.1/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml 4.0.0 diff --git a/adapters/saml/jetty/jetty9.2/pom.xml b/adapters/saml/jetty/jetty9.2/pom.xml index 88bf6855957..4664c1f75bb 100755 --- a/adapters/saml/jetty/jetty9.2/pom.xml +++ b/adapters/saml/jetty/jetty9.2/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml 4.0.0 diff --git a/adapters/saml/jetty/jetty9.3/pom.xml b/adapters/saml/jetty/jetty9.3/pom.xml index d34f83e0ed1..2ad1e2a27ea 100644 --- a/adapters/saml/jetty/jetty9.3/pom.xml +++ b/adapters/saml/jetty/jetty9.3/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml 4.0.0 diff --git a/adapters/saml/jetty/jetty9.4/pom.xml b/adapters/saml/jetty/jetty9.4/pom.xml index cee8d453d9f..14bb3cd9d0d 100644 --- a/adapters/saml/jetty/jetty9.4/pom.xml +++ b/adapters/saml/jetty/jetty9.4/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml 4.0.0 diff --git a/adapters/saml/jetty/pom.xml b/adapters/saml/jetty/pom.xml index 2f53996d718..b646f8395f5 100755 --- a/adapters/saml/jetty/pom.xml +++ b/adapters/saml/jetty/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml Keycloak SAML Jetty Integration diff --git a/adapters/saml/pom.xml b/adapters/saml/pom.xml index 4ae655c4e9d..8b1ce3c0e27 100755 --- a/adapters/saml/pom.xml +++ b/adapters/saml/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../pom.xml Keycloak SAML Client Adapter Modules diff --git a/adapters/saml/servlet-filter/pom.xml b/adapters/saml/servlet-filter/pom.xml index fd7f9393ba2..9b49f239d21 100755 --- a/adapters/saml/servlet-filter/pom.xml +++ b/adapters/saml/servlet-filter/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 diff --git a/adapters/saml/tomcat/pom.xml b/adapters/saml/tomcat/pom.xml index 0911796e010..897d3b8edf9 100755 --- a/adapters/saml/tomcat/pom.xml +++ b/adapters/saml/tomcat/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml Keycloak SAML Tomcat Integration diff --git a/adapters/saml/tomcat/tomcat-core/pom.xml b/adapters/saml/tomcat/tomcat-core/pom.xml index e493969a3f4..e7f22241a50 100755 --- a/adapters/saml/tomcat/tomcat-core/pom.xml +++ b/adapters/saml/tomcat/tomcat-core/pom.xml @@ -21,7 +21,7 @@ keycloak-saml-tomcat-integration-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 diff --git a/adapters/saml/tomcat/tomcat6/pom.xml b/adapters/saml/tomcat/tomcat6/pom.xml index 12ad22bb0a2..245341679f2 100755 --- a/adapters/saml/tomcat/tomcat6/pom.xml +++ b/adapters/saml/tomcat/tomcat6/pom.xml @@ -21,7 +21,7 @@ keycloak-saml-tomcat-integration-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 diff --git a/adapters/saml/tomcat/tomcat7/pom.xml b/adapters/saml/tomcat/tomcat7/pom.xml index ff59bfc0ef6..b7e4c76a0de 100755 --- a/adapters/saml/tomcat/tomcat7/pom.xml +++ b/adapters/saml/tomcat/tomcat7/pom.xml @@ -21,7 +21,7 @@ keycloak-saml-tomcat-integration-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 diff --git a/adapters/saml/tomcat/tomcat8/pom.xml b/adapters/saml/tomcat/tomcat8/pom.xml index 835e4d52d2c..047019abeae 100755 --- a/adapters/saml/tomcat/tomcat8/pom.xml +++ b/adapters/saml/tomcat/tomcat8/pom.xml @@ -21,7 +21,7 @@ keycloak-saml-tomcat-integration-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 diff --git a/adapters/saml/undertow/pom.xml b/adapters/saml/undertow/pom.xml index b314f7efaf8..01fc1bcffc1 100755 --- a/adapters/saml/undertow/pom.xml +++ b/adapters/saml/undertow/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 diff --git a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlSessionStore.java b/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlSessionStore.java index 2bf2369ef17..7e8fb834568 100755 --- a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlSessionStore.java +++ b/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlSessionStore.java @@ -152,12 +152,19 @@ public class ServletSamlSessionStore implements SamlSessionStore { public boolean isLoggedIn() { HttpSession session = getSession(false); if (session == null) { - log.debug("session was null, returning null"); + log.debug("Session was not found"); return false; } + + if (! idMapper.hasSession(session.getId())) { + log.debugf("Session %s has expired on some other node", session.getId()); + session.removeAttribute(SamlSession.class.getName()); + return false; + } + final SamlSession samlSession = (SamlSession)session.getAttribute(SamlSession.class.getName()); if (samlSession == null) { - log.debug("SamlSession was not in session, returning null"); + log.debug("SamlSession was not found in the session"); return false; } diff --git a/adapters/saml/wildfly-elytron/pom.xml b/adapters/saml/wildfly-elytron/pom.xml index 4161b092e98..1fbfb110a46 100755 --- a/adapters/saml/wildfly-elytron/pom.xml +++ b/adapters/saml/wildfly-elytron/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 diff --git a/adapters/saml/wildfly-elytron/src/main/java/org/keycloak/adapters/saml/elytron/KeycloakSecurityRealm.java b/adapters/saml/wildfly-elytron/src/main/java/org/keycloak/adapters/saml/elytron/KeycloakSecurityRealm.java index 3207835360d..f79b60d25e4 100644 --- a/adapters/saml/wildfly-elytron/src/main/java/org/keycloak/adapters/saml/elytron/KeycloakSecurityRealm.java +++ b/adapters/saml/wildfly-elytron/src/main/java/org/keycloak/adapters/saml/elytron/KeycloakSecurityRealm.java @@ -17,6 +17,7 @@ package org.keycloak.adapters.saml.elytron; import java.security.Principal; +import java.security.spec.AlgorithmParameterSpec; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -53,7 +54,7 @@ public class KeycloakSecurityRealm implements SecurityRealm { } @Override - public SupportLevel getCredentialAcquireSupport(Class credentialType, String algorithmName) throws RealmUnavailableException { + public SupportLevel getCredentialAcquireSupport(Class aClass, String s, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException { return SupportLevel.UNSUPPORTED; } @@ -90,7 +91,7 @@ public class KeycloakSecurityRealm implements SecurityRealm { } @Override - public SupportLevel getCredentialAcquireSupport(Class credentialType, String algorithmName) throws RealmUnavailableException { + public SupportLevel getCredentialAcquireSupport(Class credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException { return SupportLevel.UNSUPPORTED; } diff --git a/adapters/saml/wildfly/pom.xml b/adapters/saml/wildfly/pom.xml index 43108bb00f8..fb4accca8d7 100755 --- a/adapters/saml/wildfly/pom.xml +++ b/adapters/saml/wildfly/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml Keycloak SAML Wildfly Integration diff --git a/adapters/saml/wildfly/wildfly-adapter/pom.xml b/adapters/saml/wildfly/wildfly-adapter/pom.xml index 3be5e7e4c0f..8e15de0ab7c 100755 --- a/adapters/saml/wildfly/wildfly-adapter/pom.xml +++ b/adapters/saml/wildfly/wildfly-adapter/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml 4.0.0 @@ -70,6 +70,10 @@ org.infinispan infinispan-core + + org.infinispan + infinispan-cachestore-remote + org.picketbox picketbox diff --git a/adapters/saml/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/saml/wildfly/infinispan/InfinispanSessionCacheIdMapperUpdater.java b/adapters/saml/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/saml/wildfly/infinispan/InfinispanSessionCacheIdMapperUpdater.java index 489d1d5c676..c35db63a1fe 100644 --- a/adapters/saml/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/saml/wildfly/infinispan/InfinispanSessionCacheIdMapperUpdater.java +++ b/adapters/saml/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/saml/wildfly/infinispan/InfinispanSessionCacheIdMapperUpdater.java @@ -16,6 +16,7 @@ */ package org.keycloak.adapters.saml.wildfly.infinispan; +import org.keycloak.adapters.saml.AdapterConstants; import org.keycloak.adapters.spi.SessionIdMapper; import org.keycloak.adapters.spi.SessionIdMapperUpdater; @@ -27,6 +28,8 @@ import org.infinispan.Cache; import org.infinispan.configuration.cache.CacheMode; import org.infinispan.configuration.cache.Configuration; import org.infinispan.manager.EmbeddedCacheManager; +import org.infinispan.persistence.manager.PersistenceManager; +import org.infinispan.persistence.remote.RemoteStore; import org.jboss.logging.Logger; /** @@ -37,64 +40,55 @@ public class InfinispanSessionCacheIdMapperUpdater { private static final Logger LOG = Logger.getLogger(InfinispanSessionCacheIdMapperUpdater.class); - public static final String DEFAULT_CACHE_CONTAINER_JNDI_NAME = "java:jboss/infinispan/container/web"; - - private static final String DEPLOYMENT_CACHE_CONTAINER_JNDI_NAME_PARAM_NAME = "keycloak.sessionIdMapperUpdater.infinispan.cacheContainerJndi"; - private static final String DEPLOYMENT_CACHE_NAME_PARAM_NAME = "keycloak.sessionIdMapperUpdater.infinispan.deploymentCacheName"; - private static final String SSO_CACHE_NAME_PARAM_NAME = "keycloak.sessionIdMapperUpdater.infinispan.cacheName"; + public static final String DEFAULT_CACHE_CONTAINER_JNDI_NAME = "java:jboss/infinispan/container"; public static SessionIdMapperUpdater addTokenStoreUpdaters(DeploymentInfo deploymentInfo, SessionIdMapper mapper, SessionIdMapperUpdater previousIdMapperUpdater) { - boolean distributable = Objects.equals( - deploymentInfo.getSessionManagerFactory().getClass().getName(), - "org.wildfly.clustering.web.undertow.session.DistributableSessionManagerFactory" - ); + Map initParameters = deploymentInfo.getInitParameters(); + String containerName = initParameters == null ? null : initParameters.get(AdapterConstants.REPLICATION_CONFIG_CONTAINER_PARAM_NAME); + String cacheName = initParameters == null ? null : initParameters.get(AdapterConstants.REPLICATION_CONFIG_SSO_CACHE_PARAM_NAME); + + if (containerName == null || cacheName == null) { + LOG.warnv("Cannot determine parameters of SSO cache for deployment {0}.", deploymentInfo.getDeploymentName()); - if (! distributable) { - LOG.warnv("Deployment {0} does not use supported distributed session cache mechanism", deploymentInfo.getDeploymentName()); return previousIdMapperUpdater; } - Map initParameters = deploymentInfo.getInitParameters(); - String cacheContainerLookup = (initParameters != null && initParameters.get(DEPLOYMENT_CACHE_CONTAINER_JNDI_NAME_PARAM_NAME) != null) - ? initParameters.get(DEPLOYMENT_CACHE_CONTAINER_JNDI_NAME_PARAM_NAME) - : DEFAULT_CACHE_CONTAINER_JNDI_NAME; - boolean deploymentSessionCacheNamePreset = initParameters != null && initParameters.get(DEPLOYMENT_CACHE_NAME_PARAM_NAME) != null; - String deploymentSessionCacheName = deploymentSessionCacheNamePreset - ? initParameters.get(DEPLOYMENT_CACHE_NAME_PARAM_NAME) - : deploymentInfo.getDeploymentName(); - boolean ssoCacheNamePreset = initParameters != null && initParameters.get(SSO_CACHE_NAME_PARAM_NAME) != null; - String ssoCacheName = ssoCacheNamePreset - ? initParameters.get(SSO_CACHE_NAME_PARAM_NAME) - : deploymentSessionCacheName + ".ssoCache"; + String cacheContainerLookup = DEFAULT_CACHE_CONTAINER_JNDI_NAME + "/" + containerName; + String deploymentSessionCacheName = deploymentInfo.getDeploymentName(); try { EmbeddedCacheManager cacheManager = (EmbeddedCacheManager) new InitialContext().lookup(cacheContainerLookup); - Configuration ssoCacheConfiguration = cacheManager.getCacheConfiguration(ssoCacheName); + Configuration ssoCacheConfiguration = cacheManager.getCacheConfiguration(cacheName); if (ssoCacheConfiguration == null) { Configuration cacheConfiguration = cacheManager.getCacheConfiguration(deploymentSessionCacheName); if (cacheConfiguration == null) { - LOG.debugv("Using default cache container configuration for SSO cache. lookup={0}, looked up configuration of cache={1}", cacheContainerLookup, deploymentSessionCacheName); + LOG.debugv("Using default configuration for SSO cache {0}.{1}.", containerName, cacheName); ssoCacheConfiguration = cacheManager.getDefaultCacheConfiguration(); } else { - LOG.debugv("Using distributed HTTP session cache configuration for SSO cache. lookup={0}, configuration taken from cache={1}", cacheContainerLookup, deploymentSessionCacheName); + LOG.debugv("Using distributed HTTP session cache configuration for SSO cache {0}.{1}, configuration taken from cache {2}", + containerName, cacheName, deploymentSessionCacheName); ssoCacheConfiguration = cacheConfiguration; - cacheManager.defineConfiguration(ssoCacheName, ssoCacheConfiguration); + cacheManager.defineConfiguration(cacheName, ssoCacheConfiguration); } } else { - LOG.debugv("Using custom configuration of SSO cache. lookup={0}, cache name={1}", cacheContainerLookup, ssoCacheName); + LOG.debugv("Using custom configuration of SSO cache {0}.{1}.", containerName, cacheName); } CacheMode ssoCacheMode = ssoCacheConfiguration.clustering().cacheMode(); if (ssoCacheMode != CacheMode.REPL_ASYNC && ssoCacheMode != CacheMode.REPL_SYNC) { - LOG.warnv("SSO cache mode is {0}, it is recommended to use replicated mode instead", ssoCacheConfiguration.clustering().cacheModeString()); + LOG.warnv("SSO cache mode is {0}, it is recommended to use replicated mode instead.", ssoCacheConfiguration.clustering().cacheModeString()); } - Cache ssoCache = cacheManager.getCache(ssoCacheName, true); - ssoCache.addListener(new SsoSessionCacheListener(mapper)); + Cache ssoCache = cacheManager.getCache(cacheName, true); + final SsoSessionCacheListener listener = new SsoSessionCacheListener(ssoCache, mapper); + ssoCache.addListener(listener); - LOG.debugv("Added distributed SSO session cache, lookup={0}, cache name={1}", cacheContainerLookup, deploymentSessionCacheName); + addSsoCacheCrossDcListener(ssoCache, listener); + LOG.debugv("Added distributed SSO session cache, lookup={0}, cache name={1}", cacheContainerLookup, cacheName); + + LOG.debugv("Adding session listener for SSO session cache, lookup={0}, cache name={1}", cacheContainerLookup, cacheName); SsoCacheSessionIdMapperUpdater updater = new SsoCacheSessionIdMapperUpdater(ssoCache, previousIdMapperUpdater); deploymentInfo.addSessionListener(updater); @@ -104,4 +98,25 @@ public class InfinispanSessionCacheIdMapperUpdater { return previousIdMapperUpdater; } } + + private static void addSsoCacheCrossDcListener(Cache ssoCache, SsoSessionCacheListener listener) { + if (ssoCache.getCacheConfiguration().persistence() == null) { + return; + } + + final Set stores = getRemoteStores(ssoCache); + if (stores == null || stores.isEmpty()) { + return; + } + + LOG.infov("Listening for events on remote stores configured for cache {0}", ssoCache.getName()); + + for (RemoteStore store : stores) { + store.getRemoteCache().addClientListener(listener); + } + } + + public static Set getRemoteStores(Cache ispnCache) { + return ispnCache.getAdvancedCache().getComponentRegistry().getComponent(PersistenceManager.class).getStores(RemoteStore.class); + } } diff --git a/adapters/saml/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/saml/wildfly/infinispan/SsoSessionCacheListener.java b/adapters/saml/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/saml/wildfly/infinispan/SsoSessionCacheListener.java index ccd102e7133..6d53485aa55 100644 --- a/adapters/saml/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/saml/wildfly/infinispan/SsoSessionCacheListener.java +++ b/adapters/saml/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/saml/wildfly/infinispan/SsoSessionCacheListener.java @@ -20,6 +20,12 @@ import org.keycloak.adapters.spi.SessionIdMapper; import java.util.*; import java.util.concurrent.*; +import org.infinispan.Cache; +import org.infinispan.client.hotrod.annotation.ClientCacheEntryCreated; +import org.infinispan.client.hotrod.annotation.ClientCacheEntryRemoved; +import org.infinispan.client.hotrod.annotation.ClientListener; +import org.infinispan.client.hotrod.event.ClientCacheEntryCreatedEvent; +import org.infinispan.client.hotrod.event.ClientCacheEntryRemovedEvent; import org.infinispan.notifications.Listener; import org.infinispan.notifications.cachelistener.annotation.*; import org.infinispan.notifications.cachelistener.event.*; @@ -34,6 +40,7 @@ import org.jboss.logging.Logger; * @author hmlnarik */ @Listener +@ClientListener public class SsoSessionCacheListener { private static final Logger LOG = Logger.getLogger(SsoSessionCacheListener.class); @@ -42,14 +49,21 @@ public class SsoSessionCacheListener { private final SessionIdMapper idMapper; + private final Cache ssoCache; + private ExecutorService executor = Executors.newSingleThreadExecutor(); - public SsoSessionCacheListener(SessionIdMapper idMapper) { + public SsoSessionCacheListener(Cache ssoCache, SessionIdMapper idMapper) { + this.ssoCache = ssoCache; this.idMapper = idMapper; } @TransactionRegistered public void startTransaction(TransactionRegisteredEvent event) { + if (event.getGlobalTransaction() == null) { + return; + } + map.put(event.getGlobalTransaction().globalId(), new ConcurrentLinkedQueue()); } @@ -66,42 +80,56 @@ public class SsoSessionCacheListener { @CacheEntryCreated @CacheEntryRemoved public void addEvent(TransactionalEvent event) { - if (event.isPre() == false) { + if (event.isOriginLocal()) { + // Local events are processed by local HTTP session listener + return; + } + + if (event.isPre()) { // only handle post events + return; + } + + if (event.getGlobalTransaction() != null) { map.get(event.getGlobalTransaction().globalId()).add(event); + } else { + processEvent(event); } } @TransactionCompleted public void endTransaction(TransactionCompletedEvent event) { + if (event.getGlobalTransaction() == null) { + return; + } + Queue events = map.remove(event.getGlobalTransaction().globalId()); if (events == null || ! event.isTransactionSuccessful()) { return; } - if (event.isOriginLocal()) { - // Local events are processed by local HTTP session listener - return; - } - for (final Event e : events) { - switch (e.getType()) { - case CACHE_ENTRY_CREATED: - this.executor.submit(new Runnable() { - @Override public void run() { - cacheEntryCreated((CacheEntryCreatedEvent) e); - } - }); - break; + processEvent(e); + } + } - case CACHE_ENTRY_REMOVED: - this.executor.submit(new Runnable() { - @Override public void run() { - cacheEntryRemoved((CacheEntryRemovedEvent) e); - } - }); - break; - } + private void processEvent(final Event e) { + switch (e.getType()) { + case CACHE_ENTRY_CREATED: + this.executor.submit(new Runnable() { + @Override public void run() { + cacheEntryCreated((CacheEntryCreatedEvent) e); + } + }); + break; + + case CACHE_ENTRY_REMOVED: + this.executor.submit(new Runnable() { + @Override public void run() { + cacheEntryRemoved((CacheEntryRemovedEvent) e); + } + }); + break; } } @@ -128,4 +156,40 @@ public class SsoSessionCacheListener { this.idMapper.removeSession((String) event.getKey()); } + + @ClientCacheEntryCreated + public void remoteCacheEntryCreated(ClientCacheEntryCreatedEvent event) { + if (! (event.getKey() instanceof String)) { + return; + } + + String httpSessionId = (String) event.getKey(); + + if (idMapper.hasSession(httpSessionId)) { + // Ignore local events generated by remote store + LOG.tracev("IGNORING remoteCacheEntryCreated {0}", httpSessionId); + return; + } + + String[] value = ssoCache.get((String) httpSessionId); + + if (value != null) { + String ssoId = value[0]; + String principal = value[1]; + + LOG.tracev("remoteCacheEntryCreated {0}:{1}", httpSessionId, ssoId); + + this.idMapper.map(ssoId, principal, httpSessionId); + } else { + LOG.tracev("remoteCacheEntryCreated {0}", event.getKey()); + + } + } + + @ClientCacheEntryRemoved + public void remoteCacheEntryRemoved(ClientCacheEntryRemovedEvent event) { + LOG.tracev("remoteCacheEntryRemoved {0}", event.getKey()); + + this.idMapper.removeSession((String) event.getKey()); + } } diff --git a/adapters/saml/wildfly/wildfly-subsystem/pom.xml b/adapters/saml/wildfly/wildfly-subsystem/pom.xml index acaf7f160fd..bb370c03402 100755 --- a/adapters/saml/wildfly/wildfly-subsystem/pom.xml +++ b/adapters/saml/wildfly/wildfly-subsystem/pom.xml @@ -21,7 +21,7 @@ org.keycloak keycloak-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml diff --git a/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakClusteredSsoDeploymentProcessor.java b/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakClusteredSsoDeploymentProcessor.java new file mode 100644 index 00000000000..3be66deb796 --- /dev/null +++ b/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakClusteredSsoDeploymentProcessor.java @@ -0,0 +1,178 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.subsystem.adapter.saml.extension; + +import org.keycloak.adapters.saml.AdapterConstants; +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; +import org.jboss.as.controller.capability.CapabilityServiceSupport; +import org.jboss.as.server.deployment.Attachments; +import org.jboss.as.server.deployment.DeploymentPhaseContext; +import org.jboss.as.server.deployment.DeploymentUnit; +import org.jboss.as.server.deployment.DeploymentUnitProcessingException; +import org.jboss.as.server.deployment.DeploymentUnitProcessor; +import org.jboss.as.web.common.WarMetaData; +import org.jboss.logging.Logger; +import org.jboss.metadata.javaee.spec.ParamValueMetaData; +import org.jboss.metadata.web.jboss.JBossWebMetaData; +import org.jboss.metadata.web.spec.LoginConfigMetaData; +import org.jboss.msc.service.ServiceController; +import org.jboss.msc.service.ServiceName; +import org.jboss.msc.service.ServiceTarget; + +/** + * + * @author hmlnarik + */ +public class KeycloakClusteredSsoDeploymentProcessor implements DeploymentUnitProcessor { + + private static final Logger LOG = Logger.getLogger(KeycloakClusteredSsoDeploymentProcessor.class); + + private static final String DEFAULT_CACHE_CONTAINER = "web"; + private static final String SSO_CACHE_CONTAINER_NAME_PARAM_NAME = "keycloak.sessionIdMapperUpdater.infinispan.containerName"; + private static final String SSO_CACHE_NAME_PARAM_NAME = "keycloak.sessionIdMapperUpdater.infinispan.cacheName"; + + @Override + public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { + final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); + + if (isKeycloakSamlAuthMethod(deploymentUnit) && isDistributable(deploymentUnit)) { + addSamlReplicationConfiguration(deploymentUnit, phaseContext); + } + } + + public static boolean isDistributable(final DeploymentUnit deploymentUnit) { + WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); + if (warMetaData == null) { + return false; + } + JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); + if (webMetaData == null) { + return false; + } + + return webMetaData.getDistributable() != null || webMetaData.getReplicationConfig() != null; + } + + public static boolean isKeycloakSamlAuthMethod(final DeploymentUnit deploymentUnit) { + if (Configuration.INSTANCE.getSecureDeployment(deploymentUnit) != null) { + return true; + } + + WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); + if (warMetaData == null) { + return false; + } + JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); + if (webMetaData == null) { + return false; + } + + LoginConfigMetaData loginConfig = webMetaData.getLoginConfig(); + + return loginConfig != null && Objects.equals(loginConfig.getAuthMethod(), "KEYCLOAK-SAML"); + } + + @Override + public void undeploy(DeploymentUnit du) { + + } + + private void addSamlReplicationConfiguration(DeploymentUnit deploymentUnit, DeploymentPhaseContext context) { + WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); + if (warMetaData == null) { + return; + } + + JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); + if (webMetaData == null) { + webMetaData = new JBossWebMetaData(); + warMetaData.setMergedJBossWebMetaData(webMetaData); + } + + // Find out default names of cache container and cache + String cacheContainer = DEFAULT_CACHE_CONTAINER; + String deploymentSessionCacheName = + (deploymentUnit.getParent() == null + ? "" + : deploymentUnit.getParent().getName() + ".") + + deploymentUnit.getName(); + + // Update names from jboss-web.xml's + if (webMetaData.getReplicationConfig() != null && webMetaData.getReplicationConfig().getCacheName() != null) { + ServiceName sn = ServiceName.parse(webMetaData.getReplicationConfig().getCacheName()); + cacheContainer = sn.getParent().getSimpleName(); + deploymentSessionCacheName = sn.getSimpleName(); + } + String ssoCacheName = deploymentSessionCacheName + ".ssoCache"; + + // Override if they were set in the context parameters + List contextParams = webMetaData.getContextParams(); + if (contextParams == null) { + contextParams = new ArrayList<>(); + } + for (ParamValueMetaData contextParam : contextParams) { + if (Objects.equals(contextParam.getParamName(), SSO_CACHE_CONTAINER_NAME_PARAM_NAME)) { + cacheContainer = contextParam.getParamValue(); + } else if (Objects.equals(contextParam.getParamName(), SSO_CACHE_NAME_PARAM_NAME)) { + ssoCacheName = contextParam.getParamValue(); + } + } + + LOG.debugv("Determined SSO cache container configuration: container: {0}, cache: {1}", cacheContainer, ssoCacheName); + addCacheDependency(context, deploymentUnit, cacheContainer, ssoCacheName); + + // Set context parameters for SSO cache container/name + ParamValueMetaData paramContainer = new ParamValueMetaData(); + paramContainer.setParamName(AdapterConstants.REPLICATION_CONFIG_CONTAINER_PARAM_NAME); + paramContainer.setParamValue(cacheContainer); + contextParams.add(paramContainer); + + ParamValueMetaData paramSsoCache = new ParamValueMetaData(); + paramSsoCache.setParamName(AdapterConstants.REPLICATION_CONFIG_SSO_CACHE_PARAM_NAME); + paramSsoCache.setParamValue(ssoCacheName); + contextParams.add(paramSsoCache); + + webMetaData.setContextParams(contextParams); + } + + private void addCacheDependency(DeploymentPhaseContext context, DeploymentUnit deploymentUnit, String cacheContainer, String cacheName) { + ServiceName wf10CacheContainerServiceName = ServiceName.of("jboss", "infinispan", cacheContainer); + final ServiceController wf10CacheContainerService = context.getServiceRegistry().getService(wf10CacheContainerServiceName); + + boolean legacy = wf10CacheContainerService != null; + ServiceTarget st = context.getServiceTarget(); + + if (legacy) { + ServiceName cacheServiceName = wf10CacheContainerServiceName.append(cacheName); + ServiceController cacheService = context.getServiceRegistry().getService(cacheServiceName); + if (cacheService != null) { + st.addDependency(cacheServiceName); + } + } else { + CapabilityServiceSupport support = deploymentUnit.getAttachment(Attachments.CAPABILITY_SERVICE_SUPPORT); + + ServiceName cacheServiceName = support.getCapabilityServiceName("org.wildfly.clustering.infinispan.cache." + cacheContainer + "." + cacheName); + ServiceController cacheService = context.getServiceRegistry().getService(cacheServiceName); + if (cacheService != null) { + st.addDependency(cacheServiceName); + } + } + } + +} diff --git a/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakSubsystemAdd.java b/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakSubsystemAdd.java index 79a49812d33..e9ef1a3ee15 100755 --- a/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakSubsystemAdd.java +++ b/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakSubsystemAdd.java @@ -43,6 +43,10 @@ class KeycloakSubsystemAdd extends AbstractBoottimeAddStepHandler { Phase.POST_MODULE, // PHASE Phase.POST_MODULE_VALIDATOR_FACTORY - 1, // PRIORITY chooseConfigDeploymentProcessor()); + processorTarget.addDeploymentProcessor(KeycloakSamlExtension.SUBSYSTEM_NAME, + Phase.POST_MODULE, // PHASE + Phase.POST_MODULE_VALIDATOR_FACTORY - 1, // PRIORITY + chooseClusteredSsoDeploymentProcessor()); } }, OperationContext.Stage.RUNTIME); } @@ -54,4 +58,8 @@ class KeycloakSubsystemAdd extends AbstractBoottimeAddStepHandler { private DeploymentUnitProcessor chooseConfigDeploymentProcessor() { return new KeycloakAdapterConfigDeploymentProcessor(); } + + private DeploymentUnitProcessor chooseClusteredSsoDeploymentProcessor() { + return new KeycloakClusteredSsoDeploymentProcessor(); + } } diff --git a/adapters/spi/adapter-spi/pom.xml b/adapters/spi/adapter-spi/pom.xml index 0145009a5fb..28a74bcfdb8 100755 --- a/adapters/spi/adapter-spi/pom.xml +++ b/adapters/spi/adapter-spi/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 diff --git a/adapters/spi/adapter-spi/src/main/java/org/keycloak/adapters/spi/InMemorySessionIdMapper.java b/adapters/spi/adapter-spi/src/main/java/org/keycloak/adapters/spi/InMemorySessionIdMapper.java index a00ae829f0a..7ca8af6e708 100755 --- a/adapters/spi/adapter-spi/src/main/java/org/keycloak/adapters/spi/InMemorySessionIdMapper.java +++ b/adapters/spi/adapter-spi/src/main/java/org/keycloak/adapters/spi/InMemorySessionIdMapper.java @@ -67,6 +67,11 @@ public class InMemorySessionIdMapper implements SessionIdMapper { ssoToSession.put(sso, session); sessionToSso.put(session, sso); } + + if (principal == null) { + return; + } + Set userSessions = principalToSession.get(principal); if (userSessions == null) { final Set tmp = Collections.synchronizedSet(new HashSet()); diff --git a/adapters/spi/jboss-adapter-core/pom.xml b/adapters/spi/jboss-adapter-core/pom.xml index 41be1d3d19f..69a59e23a95 100755 --- a/adapters/spi/jboss-adapter-core/pom.xml +++ b/adapters/spi/jboss-adapter-core/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 diff --git a/adapters/spi/jetty-adapter-spi/pom.xml b/adapters/spi/jetty-adapter-spi/pom.xml index 03adfdf126f..bbaf8bdd8da 100755 --- a/adapters/spi/jetty-adapter-spi/pom.xml +++ b/adapters/spi/jetty-adapter-spi/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 diff --git a/adapters/spi/pom.xml b/adapters/spi/pom.xml index 45805179b11..8f1ba6756f9 100755 --- a/adapters/spi/pom.xml +++ b/adapters/spi/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../pom.xml Keycloak Client Adapter SPI Modules diff --git a/adapters/spi/servlet-adapter-spi/pom.xml b/adapters/spi/servlet-adapter-spi/pom.xml index c9228b6e7f5..54b6e6b9a71 100755 --- a/adapters/spi/servlet-adapter-spi/pom.xml +++ b/adapters/spi/servlet-adapter-spi/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 diff --git a/adapters/spi/tomcat-adapter-spi/pom.xml b/adapters/spi/tomcat-adapter-spi/pom.xml index dcf55e5f50c..38b5d94cb91 100755 --- a/adapters/spi/tomcat-adapter-spi/pom.xml +++ b/adapters/spi/tomcat-adapter-spi/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 diff --git a/adapters/spi/undertow-adapter-spi/pom.xml b/adapters/spi/undertow-adapter-spi/pom.xml index 0f04bdb14dd..73b9e0225b4 100755 --- a/adapters/spi/undertow-adapter-spi/pom.xml +++ b/adapters/spi/undertow-adapter-spi/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml 4.0.0 diff --git a/authz/client/pom.xml b/authz/client/pom.xml index c45476a6e01..08cbab44295 100644 --- a/authz/client/pom.xml +++ b/authz/client/pom.xml @@ -7,7 +7,7 @@ org.keycloak keycloak-authz-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/authz/policy/common/pom.xml b/authz/policy/common/pom.xml index 193dcf49af6..a16944e1df5 100644 --- a/authz/policy/common/pom.xml +++ b/authz/policy/common/pom.xml @@ -25,7 +25,7 @@ org.keycloak keycloak-authz-provider-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java index 6d7ed543ac0..13602970d00 100644 --- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java +++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java @@ -108,7 +108,7 @@ public class ClientPolicyProviderFactory implements PolicyProviderFactory { diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java index 933a85971db..4769ee3ef21 100644 --- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java +++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java @@ -222,7 +222,7 @@ public class RolePolicyProviderFactory implements PolicyProviderFactory { diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/user/UserPolicyProviderFactory.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/user/UserPolicyProviderFactory.java index 5a90f93227c..28d4d0b86ca 100644 --- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/user/UserPolicyProviderFactory.java +++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/user/UserPolicyProviderFactory.java @@ -181,7 +181,7 @@ public class UserPolicyProviderFactory implements PolicyProviderFactory { - ResourceServer resourceServer = resourceServerStore.findByClient(clientModel.getId()); + ResourceServer resourceServer = resourceServerStore.findById(clientModel.getId()); if (resourceServer != null) { policyStore.findByType(getId(), resourceServer.getId()).forEach(policy -> { diff --git a/authz/policy/drools/pom.xml b/authz/policy/drools/pom.xml index eb6674110d6..bdc830cf909 100644 --- a/authz/policy/drools/pom.xml +++ b/authz/policy/drools/pom.xml @@ -7,7 +7,7 @@ org.keycloak keycloak-authz-provider-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/authz/policy/pom.xml b/authz/policy/pom.xml index f119652c858..7c9a43c7fef 100644 --- a/authz/policy/pom.xml +++ b/authz/policy/pom.xml @@ -7,7 +7,7 @@ org.keycloak keycloak-authz-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/authz/pom.xml b/authz/pom.xml index 36c54baf5ef..65260f57ca5 100644 --- a/authz/pom.xml +++ b/authz/pom.xml @@ -7,7 +7,7 @@ org.keycloak keycloak-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/boms/adapter/pom.xml b/boms/adapter/pom.xml index 47333617df2..9b0c4fa85e1 100644 --- a/boms/adapter/pom.xml +++ b/boms/adapter/pom.xml @@ -22,7 +22,7 @@ org.keycloak.bom keycloak-bom-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak.bom @@ -37,97 +37,97 @@ org.keycloak keycloak-core - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak keycloak-adapter-core - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak keycloak-adapter-spi - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak keycloak-wildfly-adapter-dist - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak keycloak-saml-adapter-core - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak keycloak-saml-adapter-api-public - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak keycloak-tomcat8-adapter - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak keycloak-tomcat7-adapter - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak keycloak-tomcat6-adapter - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak keycloak-jetty81-adapter - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak keycloak-jetty91-adapter - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak keycloak-jetty92-adapter - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak keycloak-jetty93-adapter - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak keycloak-undertow-adapter - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak keycloak-spring-boot-adapter - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak spring-boot-container-bundle - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak keycloak-spring-security-adapter - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak keycloak-spring-boot-starter - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak keycloak-authz-client - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT diff --git a/boms/pom.xml b/boms/pom.xml index bbbc0dbaf5b..a076fc912da 100644 --- a/boms/pom.xml +++ b/boms/pom.xml @@ -26,7 +26,7 @@ org.keycloak.bom keycloak-bom-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT pom diff --git a/boms/spi/pom.xml b/boms/spi/pom.xml index 9d970d1df08..ec688251a71 100644 --- a/boms/spi/pom.xml +++ b/boms/spi/pom.xml @@ -23,7 +23,7 @@ org.keycloak.bom keycloak-bom-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak.bom @@ -38,12 +38,12 @@ org.keycloak keycloak-core - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak keycloak-server-spi - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT diff --git a/common/pom.xml b/common/pom.xml index 70476b6743f..6b93036ba30 100755 --- a/common/pom.xml +++ b/common/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 diff --git a/core/pom.xml b/core/pom.xml index c759a8a8ffa..76cb21ef192 100755 --- a/core/pom.xml +++ b/core/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 diff --git a/core/src/main/java/org/keycloak/OAuth2Constants.java b/core/src/main/java/org/keycloak/OAuth2Constants.java index 2e585c32780..20d6e7388cd 100644 --- a/core/src/main/java/org/keycloak/OAuth2Constants.java +++ b/core/src/main/java/org/keycloak/OAuth2Constants.java @@ -97,6 +97,9 @@ public interface OAuth2Constants { String AUDIENCE="audience"; String SUBJECT_TOKEN="subject_token"; String SUBJECT_TOKEN_TYPE="subject_token_type"; + String REQUESTED_TOKEN_TYPE="requested_token_type"; + String ISSUED_TOKEN_TYPE="issued_token_type"; + String REQUESTED_ISSUER="requested_issuer"; String ACCESS_TOKEN_TYPE="urn:ietf:params:oauth:token-type:access_token"; String REFRESH_TOKEN_TYPE="urn:ietf:params:oauth:token-type:refresh_token"; String JWT_TOKEN_TYPE="urn:ietf:params:oauth:token-type:jwt"; diff --git a/core/src/main/java/org/keycloak/representations/account/ClientRepresentation.java b/core/src/main/java/org/keycloak/representations/account/ClientRepresentation.java new file mode 100644 index 00000000000..c2964268a87 --- /dev/null +++ b/core/src/main/java/org/keycloak/representations/account/ClientRepresentation.java @@ -0,0 +1,25 @@ +package org.keycloak.representations.account; + +/** + * Created by st on 29/03/17. + */ +public class ClientRepresentation { + private String clientId; + private String clientName; + + public String getClientId() { + return clientId; + } + + public void setClientId(String clientId) { + this.clientId = clientId; + } + + public String getClientName() { + return clientName; + } + + public void setClientName(String clientName) { + this.clientName = clientName; + } +} diff --git a/core/src/main/java/org/keycloak/representations/account/SessionRepresentation.java b/core/src/main/java/org/keycloak/representations/account/SessionRepresentation.java new file mode 100644 index 00000000000..8e4d96fbd22 --- /dev/null +++ b/core/src/main/java/org/keycloak/representations/account/SessionRepresentation.java @@ -0,0 +1,64 @@ +package org.keycloak.representations.account; + +import java.util.List; + +/** + * Created by st on 29/03/17. + */ +public class SessionRepresentation { + + private String id; + private String ipAddress; + private int started; + private int lastAccess; + private int expires; + private List clients; + + public String getId() { + return id; + } + + public void setId(String id) { + this.id = id; + } + + public String getIpAddress() { + return ipAddress; + } + + public void setIpAddress(String ipAddress) { + this.ipAddress = ipAddress; + } + + public int getStarted() { + return started; + } + + public void setStarted(int started) { + this.started = started; + } + + public int getLastAccess() { + return lastAccess; + } + + public void setLastAccess(int lastAccess) { + this.lastAccess = lastAccess; + } + + public int getExpires() { + return expires; + } + + public void setExpires(int expires) { + this.expires = expires; + } + + public List getClients() { + return clients; + } + + public void setClients(List clients) { + this.clients = clients; + } +} diff --git a/core/src/main/java/org/keycloak/representations/account/UserRepresentation.java b/core/src/main/java/org/keycloak/representations/account/UserRepresentation.java new file mode 100755 index 00000000000..f457b180ed7 --- /dev/null +++ b/core/src/main/java/org/keycloak/representations/account/UserRepresentation.java @@ -0,0 +1,97 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.representations.account; + +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import org.keycloak.json.StringListMapDeserializer; + +import java.util.List; +import java.util.Map; + +/** + * @author Stian Thorgersen + */ +public class UserRepresentation { + + private String id; + private String username; + private String firstName; + private String lastName; + private String email; + private boolean emailVerified; + + @JsonDeserialize(using = StringListMapDeserializer.class) + private Map> attributes; + + public String getId() { + return id; + } + + public void setId(String id) { + this.id = id; + } + + public String getUsername() { + return username; + } + + public void setUsername(String username) { + this.username = username; + } + + public String getFirstName() { + return firstName; + } + + public void setFirstName(String firstName) { + this.firstName = firstName; + } + + public String getLastName() { + return lastName; + } + + public void setLastName(String lastName) { + this.lastName = lastName; + } + + public String getEmail() { + return email; + } + + public void setEmail(String email) { + this.email = email; + } + + public boolean isEmailVerified() { + return emailVerified; + } + + public void setEmailVerified(boolean emailVerified) { + this.emailVerified = emailVerified; + } + + public Map> getAttributes() { + return attributes; + } + + public void setAttributes(Map> attributes) { + this.attributes = attributes; + } + +} diff --git a/core/src/main/java/org/keycloak/representations/idm/PublishedRealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/PublishedRealmRepresentation.java index eceb7592fc9..ea11f4f14dd 100755 --- a/core/src/main/java/org/keycloak/representations/idm/PublishedRealmRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/PublishedRealmRepresentation.java @@ -39,9 +39,6 @@ public class PublishedRealmRepresentation { @JsonProperty("account-service") protected String accountServiceUrl; - @JsonProperty("admin-api") - protected String adminApiUrl; - @JsonProperty("tokens-not-before") protected int notBefore; @@ -101,14 +98,6 @@ public class PublishedRealmRepresentation { this.accountServiceUrl = accountServiceUrl; } - public String getAdminApiUrl() { - return adminApiUrl; - } - - public void setAdminApiUrl(String adminApiUrl) { - this.adminApiUrl = adminApiUrl; - } - public int getNotBefore() { return notBefore; } diff --git a/core/src/main/java/org/keycloak/representations/idm/UserRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/UserRepresentation.java index 4dcea953dfc..7f0e0a0d1c3 100755 --- a/core/src/main/java/org/keycloak/representations/idm/UserRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/UserRepresentation.java @@ -23,6 +23,7 @@ import org.keycloak.json.StringListMapDeserializer; import java.util.Arrays; import java.util.HashMap; import java.util.List; +import java.util.ArrayList; import java.util.Map; import java.util.Set; @@ -55,6 +56,7 @@ public class UserRepresentation { protected List realmRoles; protected Map> clientRoles; protected List clientConsents; + protected Integer notBefore; @Deprecated protected Map> applicationRoles; @@ -156,7 +158,7 @@ public class UserRepresentation { public UserRepresentation singleAttribute(String name, String value) { if (this.attributes == null) attributes = new HashMap<>(); - attributes.put(name, Arrays.asList(value)); + attributes.put(name, (value == null ? new ArrayList() : Arrays.asList(value))); return this; } @@ -216,6 +218,14 @@ public class UserRepresentation { this.clientConsents = clientConsents; } + public Integer getNotBefore() { + return notBefore; + } + + public void setNotBefore(Integer notBefore) { + this.notBefore = notBefore; + } + @Deprecated public Map> getApplicationRoles() { return applicationRoles; diff --git a/dependencies/pom.xml b/dependencies/pom.xml index f0b973029d4..c00393b47c8 100755 --- a/dependencies/pom.xml +++ b/dependencies/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/dependencies/server-all/pom.xml b/dependencies/server-all/pom.xml index 4061b97a97d..91fa28581b0 100755 --- a/dependencies/server-all/pom.xml +++ b/dependencies/server-all/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../pom.xml 4.0.0 diff --git a/dependencies/server-min/pom.xml b/dependencies/server-min/pom.xml index 216bbad7e2d..fd55eff2732 100755 --- a/dependencies/server-min/pom.xml +++ b/dependencies/server-min/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../pom.xml 4.0.0 diff --git a/distribution/adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml b/distribution/adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml index f10d11a7eb6..ee1c6b2fa6d 100755 --- a/distribution/adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml +++ b/distribution/adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml diff --git a/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml b/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml index 2529bc45db0..1ff7fc03265 100755 --- a/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml +++ b/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml @@ -25,7 +25,7 @@ keycloak-as7-eap6-adapter-dist-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml b/distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml index f2c5dac4904..7b96da355fe 100755 --- a/distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml +++ b/distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-as7-eap6-adapter-dist-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/distribution/adapters/as7-eap6-adapter/pom.xml b/distribution/adapters/as7-eap6-adapter/pom.xml index e94db3a959c..26c79f432bc 100644 --- a/distribution/adapters/as7-eap6-adapter/pom.xml +++ b/distribution/adapters/as7-eap6-adapter/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml Keycloak AS7 / JBoss EAP 6 Adapter Distros diff --git a/distribution/adapters/fuse-adapter-zip/pom.xml b/distribution/adapters/fuse-adapter-zip/pom.xml index 03db2b4868d..fc31f437645 100644 --- a/distribution/adapters/fuse-adapter-zip/pom.xml +++ b/distribution/adapters/fuse-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/distribution/adapters/jetty81-adapter-zip/pom.xml b/distribution/adapters/jetty81-adapter-zip/pom.xml index 5cfa1988a19..b48d8dce955 100755 --- a/distribution/adapters/jetty81-adapter-zip/pom.xml +++ b/distribution/adapters/jetty81-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/distribution/adapters/jetty91-adapter-zip/pom.xml b/distribution/adapters/jetty91-adapter-zip/pom.xml index 506bf22f29c..e5e7147e3bc 100755 --- a/distribution/adapters/jetty91-adapter-zip/pom.xml +++ b/distribution/adapters/jetty91-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/distribution/adapters/jetty92-adapter-zip/pom.xml b/distribution/adapters/jetty92-adapter-zip/pom.xml index 62c81b80a8f..247270850bf 100755 --- a/distribution/adapters/jetty92-adapter-zip/pom.xml +++ b/distribution/adapters/jetty92-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/distribution/adapters/jetty93-adapter-zip/pom.xml b/distribution/adapters/jetty93-adapter-zip/pom.xml index f42fcd9283d..e713de6bd43 100644 --- a/distribution/adapters/jetty93-adapter-zip/pom.xml +++ b/distribution/adapters/jetty93-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/distribution/adapters/jetty94-adapter-zip/pom.xml b/distribution/adapters/jetty94-adapter-zip/pom.xml index bd199c9f5ef..0a4f66af8ec 100644 --- a/distribution/adapters/jetty94-adapter-zip/pom.xml +++ b/distribution/adapters/jetty94-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/distribution/adapters/js-adapter-zip/assembly.xml b/distribution/adapters/js-adapter-zip/assembly.xml index 14e0cc00b66..8111f783ea5 100755 --- a/distribution/adapters/js-adapter-zip/assembly.xml +++ b/distribution/adapters/js-adapter-zip/assembly.xml @@ -30,6 +30,7 @@ **/*.js + **/*.map **/*.d.ts **/*.html diff --git a/distribution/adapters/js-adapter-zip/pom.xml b/distribution/adapters/js-adapter-zip/pom.xml index be37dc8729a..f92cdc7413e 100755 --- a/distribution/adapters/js-adapter-zip/pom.xml +++ b/distribution/adapters/js-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml @@ -50,7 +50,7 @@ org.keycloak keycloak-js-adapter ${project.build.directory}/unpacked/js-adapter - *.js,*.d.ts + *.js,*.map,*.d.ts **/welcome-content/* diff --git a/distribution/adapters/osgi/features/pom.xml b/distribution/adapters/osgi/features/pom.xml index 36ef9f35afb..8b23c60ca54 100755 --- a/distribution/adapters/osgi/features/pom.xml +++ b/distribution/adapters/osgi/features/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml Keycloak OSGI Features diff --git a/distribution/adapters/osgi/jaas/pom.xml b/distribution/adapters/osgi/jaas/pom.xml index 2994b3cea2e..29ab2932f1b 100755 --- a/distribution/adapters/osgi/jaas/pom.xml +++ b/distribution/adapters/osgi/jaas/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml Keycloak OSGI JAAS Realm Configuration diff --git a/distribution/adapters/osgi/pom.xml b/distribution/adapters/osgi/pom.xml index 61b801af46e..53da019d24f 100755 --- a/distribution/adapters/osgi/pom.xml +++ b/distribution/adapters/osgi/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml Keycloak OSGI Integration diff --git a/distribution/adapters/osgi/thirdparty/pom.xml b/distribution/adapters/osgi/thirdparty/pom.xml index bf42fa8ca32..15bbf6fb29d 100755 --- a/distribution/adapters/osgi/thirdparty/pom.xml +++ b/distribution/adapters/osgi/thirdparty/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml diff --git a/distribution/adapters/pom.xml b/distribution/adapters/pom.xml index 6e4193fe2f1..5f139348338 100755 --- a/distribution/adapters/pom.xml +++ b/distribution/adapters/pom.xml @@ -20,7 +20,7 @@ keycloak-distribution-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Adapters Distribution Parent diff --git a/distribution/adapters/shared-cli/adapter-elytron-install.cli b/distribution/adapters/shared-cli/adapter-elytron-install.cli index 16f17ce9a81..6ef26d01e58 100644 --- a/distribution/adapters/shared-cli/adapter-elytron-install.cli +++ b/distribution/adapters/shared-cli/adapter-elytron-install.cli @@ -36,10 +36,10 @@ else end-if if (outcome != success) of /subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:read-resource - /subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:add(http-server-factories=[keycloak-oidc-http-server-mechanism-factory, global]) + /subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:add(http-server-mechanism-factories=[keycloak-oidc-http-server-mechanism-factory, global]) else echo Keycloak HTTP Mechanism Factory already installed. Trying to install Keycloak OpenID Connect HTTP Mechanism Factory. - /subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:list-add(name=http-server-factories, value=keycloak-oidc-http-server-mechanism-factory) + /subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:list-add(name=http-server-mechanism-factories, value=keycloak-oidc-http-server-mechanism-factory) end-if diff --git a/distribution/adapters/tomcat6-adapter-zip/pom.xml b/distribution/adapters/tomcat6-adapter-zip/pom.xml index 1ba65022c00..57e22dce901 100755 --- a/distribution/adapters/tomcat6-adapter-zip/pom.xml +++ b/distribution/adapters/tomcat6-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/distribution/adapters/tomcat7-adapter-zip/pom.xml b/distribution/adapters/tomcat7-adapter-zip/pom.xml index 391c642dc89..0da1f19baee 100755 --- a/distribution/adapters/tomcat7-adapter-zip/pom.xml +++ b/distribution/adapters/tomcat7-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/distribution/adapters/tomcat8-adapter-zip/pom.xml b/distribution/adapters/tomcat8-adapter-zip/pom.xml index d87f87b67b0..905574fa42f 100755 --- a/distribution/adapters/tomcat8-adapter-zip/pom.xml +++ b/distribution/adapters/tomcat8-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/distribution/adapters/wf8-adapter/pom.xml b/distribution/adapters/wf8-adapter/pom.xml index 05b72b5ef15..14878509660 100644 --- a/distribution/adapters/wf8-adapter/pom.xml +++ b/distribution/adapters/wf8-adapter/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml Keycloak Wildfly 8 Adapter diff --git a/distribution/adapters/wf8-adapter/wf8-adapter-zip/pom.xml b/distribution/adapters/wf8-adapter/wf8-adapter-zip/pom.xml index a88f373c912..02d7d6169a1 100755 --- a/distribution/adapters/wf8-adapter/wf8-adapter-zip/pom.xml +++ b/distribution/adapters/wf8-adapter/wf8-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml diff --git a/distribution/adapters/wf8-adapter/wf8-modules/pom.xml b/distribution/adapters/wf8-adapter/wf8-modules/pom.xml index 88f191bffb8..8ad11c2a64a 100755 --- a/distribution/adapters/wf8-adapter/wf8-modules/pom.xml +++ b/distribution/adapters/wf8-adapter/wf8-modules/pom.xml @@ -25,7 +25,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml diff --git a/distribution/adapters/wildfly-adapter/cli/adapter-elytron-install-offline.cli b/distribution/adapters/wildfly-adapter/cli/adapter-elytron-install-offline.cli index 8e0335ac02c..76ec08cb17b 100644 --- a/distribution/adapters/wildfly-adapter/cli/adapter-elytron-install-offline.cli +++ b/distribution/adapters/wildfly-adapter/cli/adapter-elytron-install-offline.cli @@ -38,10 +38,10 @@ else end-if if (outcome != success) of /subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:read-resource - /subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:add(http-server-factories=[keycloak-oidc-http-server-mechanism-factory, global]) + /subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:add(http-server-mechanism-factories=[keycloak-oidc-http-server-mechanism-factory, global]) else echo Keycloak HTTP Mechanism Factory already installed. Trying to install Keycloak OpenID Connect HTTP Mechanism Factory. - /subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:list-add(name=http-server-factories, value=keycloak-oidc-http-server-mechanism-factory) + /subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:list-add(name=http-server-mechanism-factories, value=keycloak-oidc-http-server-mechanism-factory) end-if diff --git a/distribution/adapters/wildfly-adapter/pom.xml b/distribution/adapters/wildfly-adapter/pom.xml index d116ab1a5f7..b36f521cdb8 100644 --- a/distribution/adapters/wildfly-adapter/pom.xml +++ b/distribution/adapters/wildfly-adapter/pom.xml @@ -21,7 +21,7 @@ keycloak-adapters-distribution-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT keycloak-wildfly-adapter-dist diff --git a/distribution/api-docs-dist/pom.xml b/distribution/api-docs-dist/pom.xml index a13c5212359..252bc61e0e4 100755 --- a/distribution/api-docs-dist/pom.xml +++ b/distribution/api-docs-dist/pom.xml @@ -21,7 +21,7 @@ keycloak-distribution-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT keycloak-api-docs-dist diff --git a/distribution/demo-dist/pom.xml b/distribution/demo-dist/pom.xml index 95ae460f83d..5a5ac140760 100755 --- a/distribution/demo-dist/pom.xml +++ b/distribution/demo-dist/pom.xml @@ -21,7 +21,7 @@ keycloak-distribution-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT keycloak-demo-dist diff --git a/distribution/demo-dist/src/main/xslt/standalone.xsl b/distribution/demo-dist/src/main/xslt/standalone.xsl index 5ea7e93ce09..f800ae23592 100755 --- a/distribution/demo-dist/src/main/xslt/standalone.xsl +++ b/distribution/demo-dist/src/main/xslt/standalone.xsl @@ -17,10 +17,10 @@ diff --git a/distribution/downloads/pom.xml b/distribution/downloads/pom.xml index 4c9211911ea..9dd7b22870d 100755 --- a/distribution/downloads/pom.xml +++ b/distribution/downloads/pom.xml @@ -21,7 +21,7 @@ keycloak-distribution-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT keycloak-dist-downloads diff --git a/distribution/examples-dist/pom.xml b/distribution/examples-dist/pom.xml index 5db83ef6a8f..794c7995781 100755 --- a/distribution/examples-dist/pom.xml +++ b/distribution/examples-dist/pom.xml @@ -21,7 +21,7 @@ keycloak-distribution-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT keycloak-examples-dist diff --git a/distribution/feature-packs/adapter-feature-pack/pom.xml b/distribution/feature-packs/adapter-feature-pack/pom.xml index 6f4b77b49cd..ff661ce6170 100755 --- a/distribution/feature-packs/adapter-feature-pack/pom.xml +++ b/distribution/feature-packs/adapter-feature-pack/pom.xml @@ -19,7 +19,7 @@ org.keycloak feature-packs-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/distribution/feature-packs/adapter-feature-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-wildfly-subsystem/main/module.xml b/distribution/feature-packs/adapter-feature-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-wildfly-subsystem/main/module.xml index 025f15271be..32849fc6f1e 100755 --- a/distribution/feature-packs/adapter-feature-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-wildfly-subsystem/main/module.xml +++ b/distribution/feature-packs/adapter-feature-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-wildfly-subsystem/main/module.xml @@ -38,5 +38,9 @@ + + + + diff --git a/distribution/feature-packs/pom.xml b/distribution/feature-packs/pom.xml index b32593d23e5..4fd074480ab 100644 --- a/distribution/feature-packs/pom.xml +++ b/distribution/feature-packs/pom.xml @@ -20,7 +20,7 @@ keycloak-distribution-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Feature Pack Builds diff --git a/distribution/feature-packs/server-feature-pack/pom.xml b/distribution/feature-packs/server-feature-pack/pom.xml index e2f1f4144bc..8b426ac656b 100644 --- a/distribution/feature-packs/server-feature-pack/pom.xml +++ b/distribution/feature-packs/server-feature-pack/pom.xml @@ -19,7 +19,7 @@ org.keycloak feature-packs-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/domain/subsystems.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/domain/subsystems.xml index ab9bfa9dcb6..7a841483afd 100755 --- a/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/domain/subsystems.xml +++ b/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/domain/subsystems.xml @@ -27,10 +27,8 @@ keycloak-infinispan.xml jaxrs.xml jca.xml - jdr.xml jmx.xml jpa.xml - jsf.xml mail.xml naming.xml remoting.xml @@ -54,11 +52,9 @@ keycloak-infinispan.xml jaxrs.xml jca.xml - jdr.xml jgroups.xml jmx.xml jpa.xml - jsf.xml mail.xml mod_cluster.xml naming.xml diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/standalone/subsystems-ha.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/standalone/subsystems-ha.xml index 9d9954de9b6..e19734cf21a 100755 --- a/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/standalone/subsystems-ha.xml +++ b/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/standalone/subsystems-ha.xml @@ -29,11 +29,9 @@ keycloak-infinispan.xml jaxrs.xml jca.xml - jdr.xml jgroups.xml jmx.xml jpa.xml - jsf.xml mail.xml mod_cluster.xml naming.xml diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/standalone/subsystems.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/standalone/subsystems.xml index 823b45cebca..a1a5035ab32 100755 --- a/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/standalone/subsystems.xml +++ b/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/standalone/subsystems.xml @@ -21,18 +21,16 @@ logging.xml bean-validation.xml - keycloak-datasources2.xml + keycloak-datasources.xml deployment-scanner.xml ee.xml ejb3.xml io.xml - keycloak-infinispan2.xml + keycloak-infinispan.xml jaxrs.xml jca.xml - jdr.xml jmx.xml jpa.xml - jsf.xml mail.xml naming.xml remoting.xml diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-spi-private/main/module.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-spi-private/main/module.xml index 0f136fde636..be103dde618 100755 --- a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-spi-private/main/module.xml +++ b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-spi-private/main/module.xml @@ -36,5 +36,7 @@ + + diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-services/main/module.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-services/main/module.xml index 968895d023a..18e162abd38 100755 --- a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-services/main/module.xml +++ b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-services/main/module.xml @@ -49,7 +49,6 @@ - diff --git a/distribution/pom.xml b/distribution/pom.xml index 165323ddc8c..a5f1fc73fd8 100755 --- a/distribution/pom.xml +++ b/distribution/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml @@ -34,9 +34,9 @@ adapters saml-adapters + feature-packs server-dist server-overlay - feature-packs diff --git a/distribution/proxy-dist/pom.xml b/distribution/proxy-dist/pom.xml index 79d4468de63..959be2a9d3a 100755 --- a/distribution/proxy-dist/pom.xml +++ b/distribution/proxy-dist/pom.xml @@ -21,7 +21,7 @@ keycloak-distribution-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT keycloak-proxy-dist diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml index 4165230f30d..5f7b4751bcc 100755 --- a/distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml +++ b/distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/pom.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/pom.xml index f2650dfd1df..9297bbaf6e0 100755 --- a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/pom.xml +++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/pom.xml @@ -25,7 +25,7 @@ keycloak-saml-as7-eap6-adapter-dist-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-as7-adapter/main/module.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-as7-adapter/main/module.xml index fd9d2e40899..885470fb2ee 100755 --- a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-as7-adapter/main/module.xml +++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-as7-adapter/main/module.xml @@ -34,7 +34,6 @@ - diff --git a/distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml b/distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml index 54c249d8ffa..5e5c14675a2 100755 --- a/distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml +++ b/distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-saml-as7-eap6-adapter-dist-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/distribution/saml-adapters/as7-eap6-adapter/pom.xml b/distribution/saml-adapters/as7-eap6-adapter/pom.xml index e1c378c2208..c7175bb171e 100755 --- a/distribution/saml-adapters/as7-eap6-adapter/pom.xml +++ b/distribution/saml-adapters/as7-eap6-adapter/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml Keycloak SAML AS7 / JBoss EAP 6 Adapter Distros diff --git a/distribution/saml-adapters/jetty81-adapter-zip/pom.xml b/distribution/saml-adapters/jetty81-adapter-zip/pom.xml index 8c8f99f9865..15e43564b63 100755 --- a/distribution/saml-adapters/jetty81-adapter-zip/pom.xml +++ b/distribution/saml-adapters/jetty81-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/distribution/saml-adapters/jetty92-adapter-zip/pom.xml b/distribution/saml-adapters/jetty92-adapter-zip/pom.xml index f5c3481c221..35b2d86f66f 100755 --- a/distribution/saml-adapters/jetty92-adapter-zip/pom.xml +++ b/distribution/saml-adapters/jetty92-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/distribution/saml-adapters/jetty93-adapter-zip/pom.xml b/distribution/saml-adapters/jetty93-adapter-zip/pom.xml index e6ef28e6519..df95b97ea78 100644 --- a/distribution/saml-adapters/jetty93-adapter-zip/pom.xml +++ b/distribution/saml-adapters/jetty93-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/distribution/saml-adapters/jetty94-adapter-zip/pom.xml b/distribution/saml-adapters/jetty94-adapter-zip/pom.xml index 8b86d43d740..f2c8e2a3589 100644 --- a/distribution/saml-adapters/jetty94-adapter-zip/pom.xml +++ b/distribution/saml-adapters/jetty94-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/distribution/saml-adapters/pom.xml b/distribution/saml-adapters/pom.xml index 81828d285e1..b3bc83abce2 100755 --- a/distribution/saml-adapters/pom.xml +++ b/distribution/saml-adapters/pom.xml @@ -20,7 +20,7 @@ keycloak-distribution-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT SAML Adapters Distribution Parent diff --git a/distribution/saml-adapters/shared-cli/adapter-elytron-install-saml.cli b/distribution/saml-adapters/shared-cli/adapter-elytron-install-saml.cli index 1f240854590..a76109b8091 100755 --- a/distribution/saml-adapters/shared-cli/adapter-elytron-install-saml.cli +++ b/distribution/saml-adapters/shared-cli/adapter-elytron-install-saml.cli @@ -36,10 +36,10 @@ else end-if if (outcome != success) of /subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:read-resource - /subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:add(http-server-factories=[keycloak-saml-http-server-mechanism-factory, global]) + /subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:add(http-server-mechanism-factories=[keycloak-saml-http-server-mechanism-factory, global]) else echo Keycloak HTTP Mechanism Factory already installed. Trying to install Keycloak SAML HTTP Mechanism Factory. - /subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:list-add(name=http-server-factories, value=keycloak-saml-http-server-mechanism-factory) + /subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:list-add(name=http-server-mechanism-factories, value=keycloak-saml-http-server-mechanism-factory) end-if if (outcome != success) of /subsystem=elytron/http-authentication-factory=keycloak-http-authentication:read-resource diff --git a/distribution/saml-adapters/tomcat6-adapter-zip/pom.xml b/distribution/saml-adapters/tomcat6-adapter-zip/pom.xml index 01cdab6a52d..3b0eb2aad25 100755 --- a/distribution/saml-adapters/tomcat6-adapter-zip/pom.xml +++ b/distribution/saml-adapters/tomcat6-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/distribution/saml-adapters/tomcat7-adapter-zip/pom.xml b/distribution/saml-adapters/tomcat7-adapter-zip/pom.xml index f4a5a2d125a..5cb56b7dc93 100755 --- a/distribution/saml-adapters/tomcat7-adapter-zip/pom.xml +++ b/distribution/saml-adapters/tomcat7-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/distribution/saml-adapters/tomcat8-adapter-zip/pom.xml b/distribution/saml-adapters/tomcat8-adapter-zip/pom.xml index da7c2187d60..37d00abfb83 100755 --- a/distribution/saml-adapters/tomcat8-adapter-zip/pom.xml +++ b/distribution/saml-adapters/tomcat8-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/distribution/saml-adapters/wildfly-adapter/pom.xml b/distribution/saml-adapters/wildfly-adapter/pom.xml index 6d2a6e2c2ea..9f084b1cdbe 100755 --- a/distribution/saml-adapters/wildfly-adapter/pom.xml +++ b/distribution/saml-adapters/wildfly-adapter/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../pom.xml Keycloak Wildfly SAML Adapter diff --git a/distribution/saml-adapters/wildfly-adapter/wildfly-adapter-zip/pom.xml b/distribution/saml-adapters/wildfly-adapter/wildfly-adapter-zip/pom.xml index 1b80a59d549..6f68ed0be3c 100755 --- a/distribution/saml-adapters/wildfly-adapter/wildfly-adapter-zip/pom.xml +++ b/distribution/saml-adapters/wildfly-adapter/wildfly-adapter-zip/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml diff --git a/distribution/saml-adapters/wildfly-adapter/wildfly-modules/pom.xml b/distribution/saml-adapters/wildfly-adapter/wildfly-modules/pom.xml index e398bbbe5f2..4123be58d44 100755 --- a/distribution/saml-adapters/wildfly-adapter/wildfly-modules/pom.xml +++ b/distribution/saml-adapters/wildfly-adapter/wildfly-modules/pom.xml @@ -25,7 +25,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../../../pom.xml diff --git a/distribution/saml-adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-saml-wildfly-subsystem/main/module.xml b/distribution/saml-adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-saml-wildfly-subsystem/main/module.xml index 857a8e31b89..b61266df6c5 100755 --- a/distribution/saml-adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-saml-wildfly-subsystem/main/module.xml +++ b/distribution/saml-adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-saml-wildfly-subsystem/main/module.xml @@ -40,5 +40,6 @@ + diff --git a/distribution/server-dist/assembly.xml b/distribution/server-dist/assembly.xml index dc0790454fa..f966cff11e1 100755 --- a/distribution/server-dist/assembly.xml +++ b/distribution/server-dist/assembly.xml @@ -33,6 +33,19 @@ **/module.xml + target/${project.build.finalName} @@ -40,6 +53,10 @@ false bin/*.sh + module.xml welcome-content/** appclient/** @@ -49,8 +66,20 @@ themes/** version.txt ${profileExcludes} + + target/${project.build.finalName} diff --git a/distribution/server-dist/pom.xml b/distribution/server-dist/pom.xml index 6b425c0a13d..334e2ee8dca 100755 --- a/distribution/server-dist/pom.xml +++ b/distribution/server-dist/pom.xml @@ -21,7 +21,7 @@ keycloak-distribution-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT keycloak-server-dist diff --git a/distribution/server-overlay/pom.xml b/distribution/server-overlay/pom.xml index f8a0c538ba4..b42f7e872bc 100755 --- a/distribution/server-overlay/pom.xml +++ b/distribution/server-overlay/pom.xml @@ -21,7 +21,7 @@ keycloak-distribution-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT keycloak-server-overlay diff --git a/distribution/server-overlay/src/main/modules/layers.conf b/distribution/server-overlay/src/main/modules/layers.conf new file mode 100644 index 00000000000..74f44850c7b --- /dev/null +++ b/distribution/server-overlay/src/main/modules/layers.conf @@ -0,0 +1 @@ +layers=keycloak \ No newline at end of file diff --git a/examples/admin-client/pom.xml b/examples/admin-client/pom.xml index c5ac43eafb8..bf10c785296 100755 --- a/examples/admin-client/pom.xml +++ b/examples/admin-client/pom.xml @@ -22,7 +22,7 @@ keycloak-examples-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Keycloak Examples - Admin Client diff --git a/examples/authz/hello-world-authz-service/pom.xml b/examples/authz/hello-world-authz-service/pom.xml index 26c1777330a..a36e305e730 100755 --- a/examples/authz/hello-world-authz-service/pom.xml +++ b/examples/authz/hello-world-authz-service/pom.xml @@ -24,7 +24,7 @@ org.keycloak keycloak-authz-example-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/examples/authz/hello-world/pom.xml b/examples/authz/hello-world/pom.xml index afdc3fb879a..31e48ec3b8c 100755 --- a/examples/authz/hello-world/pom.xml +++ b/examples/authz/hello-world/pom.xml @@ -24,7 +24,7 @@ org.keycloak keycloak-authz-example-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/examples/authz/photoz/photoz-authz-policy/pom.xml b/examples/authz/photoz/photoz-authz-policy/pom.xml index 08267aa4792..7d89b93eda7 100755 --- a/examples/authz/photoz/photoz-authz-policy/pom.xml +++ b/examples/authz/photoz/photoz-authz-policy/pom.xml @@ -6,7 +6,7 @@ org.keycloak keycloak-authz-photoz-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/examples/authz/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.admin/Main.drl b/examples/authz/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.admin/Main.drl index deb1c84757f..c807f9b7ab0 100644 --- a/examples/authz/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.admin/Main.drl +++ b/examples/authz/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.admin/Main.drl @@ -7,7 +7,7 @@ rule "Authorize Admin Resources" when $evaluation : Evaluation( $identity : context.identity, - $identity.hasRole("admin") + $identity.hasRealmRole("admin") ) then $evaluation.grant(); diff --git a/examples/authz/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.user/Main.drl b/examples/authz/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.user/Main.drl index 9b1677edca9..2ebc457ea46 100644 --- a/examples/authz/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.user/Main.drl +++ b/examples/authz/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.user/Main.drl @@ -7,7 +7,7 @@ rule "Authorize View User Album" when $evaluation : Evaluation( $identity : context.identity, - $identity.hasRole("user") + $identity.hasRealmRole("user") ) then $evaluation.grant(); diff --git a/examples/authz/photoz/photoz-html5-client/pom.xml b/examples/authz/photoz/photoz-html5-client/pom.xml index 5ff5fdb1369..e4fb521d9c8 100755 --- a/examples/authz/photoz/photoz-html5-client/pom.xml +++ b/examples/authz/photoz/photoz-html5-client/pom.xml @@ -5,7 +5,7 @@ org.keycloak keycloak-authz-photoz-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/examples/authz/photoz/photoz-restful-api/pom.xml b/examples/authz/photoz/photoz-restful-api/pom.xml index 94b73dc07be..4e65c16232e 100755 --- a/examples/authz/photoz/photoz-restful-api/pom.xml +++ b/examples/authz/photoz/photoz-restful-api/pom.xml @@ -6,7 +6,7 @@ org.keycloak keycloak-authz-photoz-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/examples/authz/photoz/photoz-restful-api/src/main/resources/photoz-restful-api-authz-service.json b/examples/authz/photoz/photoz-restful-api/src/main/resources/photoz-restful-api-authz-service.json index b6a93bc4f0e..28b87bc579c 100644 --- a/examples/authz/photoz/photoz-restful-api/src/main/resources/photoz-restful-api-authz-service.json +++ b/examples/authz/photoz/photoz-restful-api/src/main/resources/photoz-restful-api-authz-service.json @@ -113,7 +113,7 @@ "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "code": "var context = $evaluation.getContext();\nvar identity = context.getIdentity();\nvar attributes = identity.getAttributes();\nvar email = attributes.getValue('email').asString(0);\n\nif (identity.hasRole('admin') || email.endsWith('@keycloak.org')) {\n $evaluation.grant();\n}" + "code": "var context = $evaluation.getContext();\nvar identity = context.getIdentity();\nvar attributes = identity.getAttributes();\nvar email = attributes.getValue('email').asString(0);\n\nif (identity.hasRealmRole('admin') || email.endsWith('@keycloak.org')) {\n $evaluation.grant();\n}" } }, { diff --git a/examples/authz/photoz/pom.xml b/examples/authz/photoz/pom.xml index cbaeb243ec0..26f377aa0c3 100755 --- a/examples/authz/photoz/pom.xml +++ b/examples/authz/photoz/pom.xml @@ -6,7 +6,7 @@ org.keycloak keycloak-authz-example-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/examples/authz/pom.xml b/examples/authz/pom.xml index 06adb3ca987..a81552d604e 100755 --- a/examples/authz/pom.xml +++ b/examples/authz/pom.xml @@ -6,7 +6,7 @@ keycloak-examples-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/examples/authz/servlet-authz/pom.xml b/examples/authz/servlet-authz/pom.xml index ffcf7f20859..b730ba566a5 100755 --- a/examples/authz/servlet-authz/pom.xml +++ b/examples/authz/servlet-authz/pom.xml @@ -6,7 +6,7 @@ org.keycloak keycloak-authz-example-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/examples/basic-auth/pom.xml b/examples/basic-auth/pom.xml index af19e13ef0a..c8576f1e58d 100755 --- a/examples/basic-auth/pom.xml +++ b/examples/basic-auth/pom.xml @@ -23,7 +23,7 @@ keycloak-examples-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Keycloak Examples - Basic Auth diff --git a/examples/broker/facebook-authentication/pom.xml b/examples/broker/facebook-authentication/pom.xml index 0fb71b4a4ea..f8edf4829e0 100755 --- a/examples/broker/facebook-authentication/pom.xml +++ b/examples/broker/facebook-authentication/pom.xml @@ -23,7 +23,7 @@ keycloak-examples-broker-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Keycloak Broker Examples - Facebook Authentication diff --git a/examples/broker/google-authentication/pom.xml b/examples/broker/google-authentication/pom.xml index e89fbc560fa..0cc37e980d4 100755 --- a/examples/broker/google-authentication/pom.xml +++ b/examples/broker/google-authentication/pom.xml @@ -23,7 +23,7 @@ keycloak-examples-broker-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Keycloak Broker Examples - Google Authentication diff --git a/examples/broker/pom.xml b/examples/broker/pom.xml index 5797474cc68..ad206a7f766 100755 --- a/examples/broker/pom.xml +++ b/examples/broker/pom.xml @@ -20,7 +20,7 @@ keycloak-examples-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Broker Examples diff --git a/examples/broker/saml-broker-authentication/pom.xml b/examples/broker/saml-broker-authentication/pom.xml index 3226fbc3534..7207ab34a2b 100755 --- a/examples/broker/saml-broker-authentication/pom.xml +++ b/examples/broker/saml-broker-authentication/pom.xml @@ -23,7 +23,7 @@ keycloak-examples-broker-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Keycloak Broker Examples - SAML Identity Provider Brokering diff --git a/examples/broker/twitter-authentication/pom.xml b/examples/broker/twitter-authentication/pom.xml index 188035d0e86..514da61bf9e 100755 --- a/examples/broker/twitter-authentication/pom.xml +++ b/examples/broker/twitter-authentication/pom.xml @@ -23,7 +23,7 @@ keycloak-examples-broker-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Keycloak Broker Examples - Twitter Authentication diff --git a/examples/cors/angular-product-app/pom.xml b/examples/cors/angular-product-app/pom.xml index 28e65fcf6b3..143592d3316 100755 --- a/examples/cors/angular-product-app/pom.xml +++ b/examples/cors/angular-product-app/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-cors-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/cors/database-service/pom.xml b/examples/cors/database-service/pom.xml index 80ccf115b2f..404e8fc0212 100755 --- a/examples/cors/database-service/pom.xml +++ b/examples/cors/database-service/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-cors-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/cors/pom.xml b/examples/cors/pom.xml index 3e4d71ad6db..4ff72bc8e3d 100755 --- a/examples/cors/pom.xml +++ b/examples/cors/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Keycloak Examples - CORS diff --git a/examples/demo-template/admin-access-app/pom.xml b/examples/demo-template/admin-access-app/pom.xml index fd2565f3406..665e65f53bc 100755 --- a/examples/demo-template/admin-access-app/pom.xml +++ b/examples/demo-template/admin-access-app/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-demo-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/demo-template/angular-product-app/pom.xml b/examples/demo-template/angular-product-app/pom.xml index 06c4b2ed085..3a29e3baa3b 100755 --- a/examples/demo-template/angular-product-app/pom.xml +++ b/examples/demo-template/angular-product-app/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-demo-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/demo-template/customer-app-cli/pom.xml b/examples/demo-template/customer-app-cli/pom.xml index f58edd57494..68528419355 100755 --- a/examples/demo-template/customer-app-cli/pom.xml +++ b/examples/demo-template/customer-app-cli/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-demo-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/demo-template/customer-app-filter/pom.xml b/examples/demo-template/customer-app-filter/pom.xml index 3b8146fe156..cc6f6219039 100755 --- a/examples/demo-template/customer-app-filter/pom.xml +++ b/examples/demo-template/customer-app-filter/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-demo-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/demo-template/customer-app-js/pom.xml b/examples/demo-template/customer-app-js/pom.xml index e5e6ca9af5f..d3d78636d3f 100755 --- a/examples/demo-template/customer-app-js/pom.xml +++ b/examples/demo-template/customer-app-js/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-demo-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/demo-template/customer-app/pom.xml b/examples/demo-template/customer-app/pom.xml index 7c59225647c..d057f29cee0 100755 --- a/examples/demo-template/customer-app/pom.xml +++ b/examples/demo-template/customer-app/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-demo-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/demo-template/database-service/pom.xml b/examples/demo-template/database-service/pom.xml index e4252a40498..e81fac22bbf 100755 --- a/examples/demo-template/database-service/pom.xml +++ b/examples/demo-template/database-service/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-demo-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/demo-template/example-ear/pom.xml b/examples/demo-template/example-ear/pom.xml index 3c4d3a0f95f..864b5d7d98e 100755 --- a/examples/demo-template/example-ear/pom.xml +++ b/examples/demo-template/example-ear/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-demo-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/demo-template/offline-access-app/pom.xml b/examples/demo-template/offline-access-app/pom.xml index f2af2fb3fa2..7c9484a2d83 100755 --- a/examples/demo-template/offline-access-app/pom.xml +++ b/examples/demo-template/offline-access-app/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-demo-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/demo-template/pom.xml b/examples/demo-template/pom.xml index 19f8b9184bb..5ddedefbc27 100755 --- a/examples/demo-template/pom.xml +++ b/examples/demo-template/pom.xml @@ -20,7 +20,7 @@ keycloak-examples-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Demo Examples diff --git a/examples/demo-template/product-app/pom.xml b/examples/demo-template/product-app/pom.xml index c565ceefd07..e52a3c816da 100755 --- a/examples/demo-template/product-app/pom.xml +++ b/examples/demo-template/product-app/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-demo-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/demo-template/service-account/pom.xml b/examples/demo-template/service-account/pom.xml index 3f8526639b6..d61ea68c8e2 100755 --- a/examples/demo-template/service-account/pom.xml +++ b/examples/demo-template/service-account/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-demo-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/demo-template/third-party-cdi/pom.xml b/examples/demo-template/third-party-cdi/pom.xml index 20a7e7eef1b..3bc6a2f503b 100755 --- a/examples/demo-template/third-party-cdi/pom.xml +++ b/examples/demo-template/third-party-cdi/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-demo-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/demo-template/third-party/pom.xml b/examples/demo-template/third-party/pom.xml index 6aad96ccc72..8bd4694d60e 100755 --- a/examples/demo-template/third-party/pom.xml +++ b/examples/demo-template/third-party/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-demo-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/fuse/camel/pom.xml b/examples/fuse/camel/pom.xml index 0ca3c4e831f..b8f0984e9ae 100755 --- a/examples/fuse/camel/pom.xml +++ b/examples/fuse/camel/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-fuse-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/fuse/customer-app-fuse/pom.xml b/examples/fuse/customer-app-fuse/pom.xml index 3c4bfd414de..752ff870522 100755 --- a/examples/fuse/customer-app-fuse/pom.xml +++ b/examples/fuse/customer-app-fuse/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-fuse-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/fuse/cxf-jaxrs/pom.xml b/examples/fuse/cxf-jaxrs/pom.xml index 9d3faa06c96..51fb7340f6d 100755 --- a/examples/fuse/cxf-jaxrs/pom.xml +++ b/examples/fuse/cxf-jaxrs/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-fuse-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/fuse/cxf-jaxws/pom.xml b/examples/fuse/cxf-jaxws/pom.xml index f53164ca977..594fe509d1d 100755 --- a/examples/fuse/cxf-jaxws/pom.xml +++ b/examples/fuse/cxf-jaxws/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-fuse-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/fuse/external-config/pom.xml b/examples/fuse/external-config/pom.xml index 3f9f36df602..151ddab78e6 100755 --- a/examples/fuse/external-config/pom.xml +++ b/examples/fuse/external-config/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-fuse-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Keycloak Examples - External Config diff --git a/examples/fuse/features/pom.xml b/examples/fuse/features/pom.xml index a5fe72e3ea8..11b8d2fb456 100755 --- a/examples/fuse/features/pom.xml +++ b/examples/fuse/features/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-fuse-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/fuse/pom.xml b/examples/fuse/pom.xml index 48e01255b1c..1742a01190c 100755 --- a/examples/fuse/pom.xml +++ b/examples/fuse/pom.xml @@ -20,7 +20,7 @@ keycloak-examples-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Fuse Examples diff --git a/examples/fuse/product-app-fuse/pom.xml b/examples/fuse/product-app-fuse/pom.xml index e69578e4df8..e95917f0b72 100755 --- a/examples/fuse/product-app-fuse/pom.xml +++ b/examples/fuse/product-app-fuse/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-fuse-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/js-console/pom.xml b/examples/js-console/pom.xml index 37a64e2c797..7886ae2b39d 100755 --- a/examples/js-console/pom.xml +++ b/examples/js-console/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/kerberos/README.md b/examples/kerberos/README.md index 2c1d335aceb..7aafdacd978 100644 --- a/examples/kerberos/README.md +++ b/examples/kerberos/README.md @@ -47,7 +47,7 @@ is in your `/etc/hosts` before other records for the 127.0.0.1 host to avoid iss **5)** Configure Kerberos client (On linux it's in file `/etc/krb5.conf` ). You need to configure `KEYCLOAK.ORG` realm for host `localhost` and enable `forwardable` flag, which is needed for credential delegation example, as application needs to forward Kerberos ticket and authenticate with it against LDAP server. -See [this file](https://github.com/keycloak/keycloak/blob/master/testsuite/integration-arquillian/tests/base/src/test/resources/kerberos/test-krb5.conf) for inspiration. +See [this file](../../testsuite/integration-arquillian/tests/base/src/test/resources/kerberos/test-krb5.conf) for inspiration. On OS X the file to edit (or create) is `/Library/Preferences/edu.mit.Kerberos` with the same syntax as `krb5.conf`. On Windows the file to edit (or create) is `c:\Windows\krb5.ini` with the same syntax as `krb5.conf`. diff --git a/examples/kerberos/pom.xml b/examples/kerberos/pom.xml index 6d2d5b18140..20b43273399 100755 --- a/examples/kerberos/pom.xml +++ b/examples/kerberos/pom.xml @@ -22,7 +22,7 @@ keycloak-examples-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Keycloak Examples - Kerberos Credential Delegation diff --git a/examples/ldap/pom.xml b/examples/ldap/pom.xml index 62c4d1bb673..29f59c21516 100644 --- a/examples/ldap/pom.xml +++ b/examples/ldap/pom.xml @@ -22,7 +22,7 @@ keycloak-examples-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/examples/multi-tenant/pom.xml b/examples/multi-tenant/pom.xml index 6c45be0c04d..f96beb35762 100755 --- a/examples/multi-tenant/pom.xml +++ b/examples/multi-tenant/pom.xml @@ -21,7 +21,7 @@ keycloak-examples-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Keycloak Examples - Multi Tenant diff --git a/examples/pom.xml b/examples/pom.xml index 0421e888cdb..de9e92f7ac5 100755 --- a/examples/pom.xml +++ b/examples/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Keycloak Examples diff --git a/examples/providers/authenticator/pom.xml b/examples/providers/authenticator/pom.xml index a4042c7b425..d5305cadac1 100755 --- a/examples/providers/authenticator/pom.xml +++ b/examples/providers/authenticator/pom.xml @@ -20,7 +20,7 @@ keycloak-examples-providers-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Authenticator Example diff --git a/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java b/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java index fb71a7c9cfe..73d821fbcdb 100755 --- a/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java +++ b/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java @@ -47,7 +47,7 @@ public class SecretQuestionAuthenticator implements Authenticator { Cookie cookie = context.getHttpRequest().getHttpHeaders().getCookies().get("SECRET_QUESTION_ANSWERED"); boolean result = cookie != null; if (result) { - System.out.println("Bypassing secret question because cookie as set"); + System.out.println("Bypassing secret question because cookie is set"); } return result; } diff --git a/examples/providers/domain-extension/pom.xml b/examples/providers/domain-extension/pom.xml index 82032157506..fc5a61c397a 100755 --- a/examples/providers/domain-extension/pom.xml +++ b/examples/providers/domain-extension/pom.xml @@ -20,7 +20,7 @@ keycloak-examples-providers-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Domain Extension Example diff --git a/examples/providers/event-listener-sysout/pom.xml b/examples/providers/event-listener-sysout/pom.xml index 6448f1ef483..1d3602de1b1 100755 --- a/examples/providers/event-listener-sysout/pom.xml +++ b/examples/providers/event-listener-sysout/pom.xml @@ -20,7 +20,7 @@ keycloak-examples-providers-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Event Listener System.out Example diff --git a/examples/providers/event-store-mem/pom.xml b/examples/providers/event-store-mem/pom.xml index ab431451b97..ad7153fd12f 100755 --- a/examples/providers/event-store-mem/pom.xml +++ b/examples/providers/event-store-mem/pom.xml @@ -20,7 +20,7 @@ keycloak-examples-providers-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Event Store In-Mem Example diff --git a/examples/providers/pom.xml b/examples/providers/pom.xml index a55f5206786..061d7757761 100755 --- a/examples/providers/pom.xml +++ b/examples/providers/pom.xml @@ -20,7 +20,7 @@ keycloak-examples-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Provider Examples diff --git a/examples/providers/rest/pom.xml b/examples/providers/rest/pom.xml index 9570a740f71..8791c3c8987 100755 --- a/examples/providers/rest/pom.xml +++ b/examples/providers/rest/pom.xml @@ -20,7 +20,7 @@ keycloak-examples-providers-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT REST Example diff --git a/examples/providers/rest/src/main/java/org/keycloak/examples/rest/HelloResourceProvider.java b/examples/providers/rest/src/main/java/org/keycloak/examples/rest/HelloResourceProvider.java index aebd6772218..ebd8d1c9916 100644 --- a/examples/providers/rest/src/main/java/org/keycloak/examples/rest/HelloResourceProvider.java +++ b/examples/providers/rest/src/main/java/org/keycloak/examples/rest/HelloResourceProvider.java @@ -22,7 +22,6 @@ import org.keycloak.services.resource.RealmResourceProvider; import javax.ws.rs.GET; import javax.ws.rs.Produces; -import javax.ws.rs.core.MediaType; /** * @author Stian Thorgersen @@ -41,7 +40,7 @@ public class HelloResourceProvider implements RealmResourceProvider { } @GET - @Produces(MediaType.TEXT_PLAIN) + @Produces("text/plain; charset=utf-8") public String get() { String name = session.getContext().getRealm().getDisplayName(); if (name == null) { diff --git a/examples/providers/user-storage-jpa/pom.xml b/examples/providers/user-storage-jpa/pom.xml index a1a5637ed59..ba21ac49f6c 100755 --- a/examples/providers/user-storage-jpa/pom.xml +++ b/examples/providers/user-storage-jpa/pom.xml @@ -20,10 +20,10 @@ keycloak-examples-providers-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT - User Storage JPA Provider Exapmle + User Storage JPA Provider Example 4.0.0 diff --git a/examples/providers/user-storage-simple/pom.xml b/examples/providers/user-storage-simple/pom.xml index 36a41cb1731..48bdcba4347 100755 --- a/examples/providers/user-storage-simple/pom.xml +++ b/examples/providers/user-storage-simple/pom.xml @@ -20,7 +20,7 @@ keycloak-examples-providers-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT UserStorageProvider Simple Example diff --git a/examples/saml/pom.xml b/examples/saml/pom.xml index e69c6df1c5d..7ebf384e076 100755 --- a/examples/saml/pom.xml +++ b/examples/saml/pom.xml @@ -20,7 +20,7 @@ keycloak-examples-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT SAML Examples diff --git a/examples/saml/post-with-encryption/pom.xml b/examples/saml/post-with-encryption/pom.xml index d4bed04efad..0295e2f4004 100755 --- a/examples/saml/post-with-encryption/pom.xml +++ b/examples/saml/post-with-encryption/pom.xml @@ -22,7 +22,7 @@ keycloak-examples-saml-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT saml-post-encryption diff --git a/examples/saml/post-with-signature/pom.xml b/examples/saml/post-with-signature/pom.xml index 02713e6f6ee..23c508315b1 100755 --- a/examples/saml/post-with-signature/pom.xml +++ b/examples/saml/post-with-signature/pom.xml @@ -22,7 +22,7 @@ keycloak-examples-saml-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT sales-post-sig diff --git a/examples/saml/redirect-with-signature/pom.xml b/examples/saml/redirect-with-signature/pom.xml index 9f42085afb9..278c63a075f 100755 --- a/examples/saml/redirect-with-signature/pom.xml +++ b/examples/saml/redirect-with-signature/pom.xml @@ -22,7 +22,7 @@ keycloak-examples-saml-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT saml-redirect-signatures diff --git a/examples/saml/servlet-filter/pom.xml b/examples/saml/servlet-filter/pom.xml index e586f3e5868..83348d85bd2 100755 --- a/examples/saml/servlet-filter/pom.xml +++ b/examples/saml/servlet-filter/pom.xml @@ -22,7 +22,7 @@ keycloak-examples-saml-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT saml-servlet-filter diff --git a/examples/themes/pom.xml b/examples/themes/pom.xml index 7d18fdf4ced..d49da0d959e 100755 --- a/examples/themes/pom.xml +++ b/examples/themes/pom.xml @@ -20,7 +20,7 @@ keycloak-examples-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Themes Examples diff --git a/federation/kerberos/pom.xml b/federation/kerberos/pom.xml index 6b026eb08cf..d319be05fdf 100755 --- a/federation/kerberos/pom.xml +++ b/federation/kerberos/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../pom.xml 4.0.0 diff --git a/federation/ldap/pom.xml b/federation/ldap/pom.xml index 4618792225e..061ddd871bd 100755 --- a/federation/ldap/pom.xml +++ b/federation/ldap/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../pom.xml 4.0.0 diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java index d8653de1704..e77df536229 100755 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java @@ -17,6 +17,17 @@ package org.keycloak.storage.ldap; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import javax.naming.AuthenticationException; + import org.jboss.logging.Logger; import org.keycloak.common.constants.KerberosConstants; import org.keycloak.component.ComponentModel; @@ -33,14 +44,15 @@ import org.keycloak.models.KeycloakSession; import org.keycloak.models.LDAPConstants; import org.keycloak.models.ModelDuplicateException; import org.keycloak.models.ModelException; -import org.keycloak.models.utils.ReadOnlyUserModelDelegate; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; import org.keycloak.models.UserCredentialModel; -import org.keycloak.models.UserModel; import org.keycloak.models.UserManager; +import org.keycloak.models.UserModel; import org.keycloak.models.cache.UserCache; import org.keycloak.models.credential.PasswordUserCredentialModel; +import org.keycloak.models.utils.KeycloakModelUtils; +import org.keycloak.models.utils.ReadOnlyUserModelDelegate; import org.keycloak.storage.ReadOnlyException; import org.keycloak.storage.StorageId; import org.keycloak.storage.UserStorageProvider; @@ -62,16 +74,6 @@ import org.keycloak.storage.user.UserLookupProvider; import org.keycloak.storage.user.UserQueryProvider; import org.keycloak.storage.user.UserRegistrationProvider; -import javax.naming.AuthenticationException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashMap; -import java.util.HashSet; -import java.util.LinkedList; -import java.util.List; -import java.util.Map; -import java.util.Set; - /** * @author Marek Posolda * @author Bill Burke @@ -216,7 +218,30 @@ public class LDAPStorageProvider implements UserStorageProvider, @Override public List searchForUserByUserAttribute(String attrName, String attrValue, RealmModel realm) { - return Collections.EMPTY_LIST; + LDAPQuery ldapQuery = LDAPUtils.createQueryForUserSearch(this, realm); + LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder(); + + Condition attrCondition = conditionsBuilder.equal(attrName, attrValue, EscapeStrategy.DEFAULT); + ldapQuery.addWhereCondition(attrCondition); + + List ldapObjects = ldapQuery.getResultList(); + + if (ldapObjects == null || ldapObjects.isEmpty()) { + return Collections.emptyList(); + } + + List searchResults =new LinkedList(); + + for (LDAPObject ldapUser : ldapObjects) { + String ldapUsername = LDAPUtils.getUsername(ldapUser, this.ldapIdentityStore.getConfig()); + if (session.userLocalStorage().getUserByUsername(ldapUsername, realm) == null) { + UserModel imported = importUserFromLDAP(session, realm, ldapUser); + searchResults.add(imported); + } + } + + return searchResults; + } public boolean synchronizeRegistrations() { diff --git a/federation/pom.xml b/federation/pom.xml index 91368320049..921d27958fa 100755 --- a/federation/pom.xml +++ b/federation/pom.xml @@ -22,7 +22,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 diff --git a/federation/sssd/pom.xml b/federation/sssd/pom.xml index 1e40781d8a3..e023800ab93 100644 --- a/federation/sssd/pom.xml +++ b/federation/sssd/pom.xml @@ -4,7 +4,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../pom.xml 4.0.0 diff --git a/integration/admin-client/pom.xml b/integration/admin-client/pom.xml index ee006ef079a..cfdc820f45f 100755 --- a/integration/admin-client/pom.xml +++ b/integration/admin-client/pom.xml @@ -22,7 +22,7 @@ keycloak-integration-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/integration/client-cli/admin-cli/pom.xml b/integration/client-cli/admin-cli/pom.xml index 10d629bed73..b1bfd81c3b6 100755 --- a/integration/client-cli/admin-cli/pom.xml +++ b/integration/client-cli/admin-cli/pom.xml @@ -21,7 +21,7 @@ keycloak-client-cli-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/integration/client-cli/client-cli-dist/pom.xml b/integration/client-cli/client-cli-dist/pom.xml index 38a1d5631f7..5a2c10cb2f5 100755 --- a/integration/client-cli/client-cli-dist/pom.xml +++ b/integration/client-cli/client-cli-dist/pom.xml @@ -21,7 +21,7 @@ keycloak-client-cli-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT keycloak-client-cli-dist diff --git a/integration/client-cli/client-registration-cli/pom.xml b/integration/client-cli/client-registration-cli/pom.xml index 6a76bf03979..48cb8ae3695 100755 --- a/integration/client-cli/client-registration-cli/pom.xml +++ b/integration/client-cli/client-registration-cli/pom.xml @@ -21,7 +21,7 @@ keycloak-client-cli-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/integration/client-cli/pom.xml b/integration/client-cli/pom.xml index 1ffbf10e33f..e2b5922d931 100644 --- a/integration/client-cli/pom.xml +++ b/integration/client-cli/pom.xml @@ -20,7 +20,7 @@ keycloak-integration-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Keycloak Client CLI diff --git a/integration/client-registration/pom.xml b/integration/client-registration/pom.xml index c8d2d222a8b..015d1d30e96 100755 --- a/integration/client-registration/pom.xml +++ b/integration/client-registration/pom.xml @@ -21,7 +21,7 @@ keycloak-integration-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/integration/pom.xml b/integration/pom.xml index 2c829800ddc..3e005e03de1 100755 --- a/integration/pom.xml +++ b/integration/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml Keycloak Integration diff --git a/misc/CrossDataCenter.md b/misc/CrossDataCenter.md index 3313f3fe4be..261d099500b 100644 --- a/misc/CrossDataCenter.md +++ b/misc/CrossDataCenter.md @@ -3,116 +3,265 @@ Test Cross-Data-Center scenario (test with external JDG server) These are temporary notes. This docs should be removed once we have cross-DC support finished and properly documented. -Note that these steps are already automated, see Cross-DC tests section in [HOW-TO-RUN.md](../testsuite/integration-arquillian/HOW-TO-RUN.md) document. +These steps are already automated for embedded Undertow, see Cross-DC tests section in [HOW-TO-RUN.md](../testsuite/integration-arquillian/HOW-TO-RUN.md) document. For Wildfly they are not yet automated. +Following instructions are related to Wildfly server. What is working right now is: -- Propagating of invalidation messages for "realms" and "users" caches -- All the other things provided by ClusterProvider, which is: --- ClusterStartupTime (used for offlineSessions and revokeRefreshToken) is shared for all clusters in all datacenters --- Periodic userStorage synchronization is always executed just on one node at a time. It won't be never executed concurrently on more nodes (Assuming "nodes" refer to all servers in all clusters in all datacenters) - -What doesn't work right now: -- UserSessionProvider and offline sessions +- Propagating of invalidation messages for `realms`, `users` and `authorization` caches +- sessions, offline sessions and login failures are propagated between datacenters Basic setup =========== -This is setup with 2 keycloak nodes, which are NOT in cluster. They just share the same database and they will be configured with "work" infinispan cache with remoteStore, which will point -to external JDG server. +This is the example setup simulating 2 datacenters `site1` and `site2` . Each datacenter consists of 1 infinispan server and 2 Keycloak servers. +So 2 infinispan servers and 4 Keycloak servers are totally in the testing setup. -JDG Server setup ----------------- -- Download JDG 7.0 server and unzip to some folder +* Site1 consists of infinispan server `jdg1` and 2 Keycloak servers `node11` and `node12` . -- Add this into JDG_HOME/standalone/configuration/standalone.xml under cache-container named "local" : +* Site2 consists of infinispan server `jdg2` and 2 Keycloak servers `node21` and `node22` . + +* Infinispan servers `jdg1` and `jdg2` forms cluster with each other. The communication between them is the only communication between the 2 datacenters. + +* Keycloak servers `node11` and `node12` forms cluster with each other, but they don't communicate with any server in `site2` . They communicate with infinispan server `jdg1` through the HotRod protocol (Remote cache). + +* Same applies for `node21` and `node22` . They have cluster with each other and communicate just with `jdg2` server through the HotRod protocol. + +TODO: Picture on blog + +* For example when some object (realm, client, role, user, ...) is updated on `node11`, the `node11` will send invalidation message. It does it by saving special cache entry to the remote cache `work` on `jdg1` . + The `jdg1` notifies client listeners in same DC (hence on `node12`) and propagate the message to it. But `jdg1` is in replicated cache with `jdg2` . + So the entry is saved on `jdg2` too and `jdg2` will notify client listeners on nodes `node21` and `node22`. + All the nodes know that they should invalidate the updated object from their caches. The caches with the actual data (`realms`, `users` and `authorization`) are infinispan local caches. + +TODO: Picture and better explanation? + +* For example when some userSession is created/updated/removed on `node11` it is saved in cluster on current DC, so the `node12` can see it. But it's saved also to remote cache on `jdg1` server. + The userSession is then automatically seen on `jdg2` server because there is replicated cache `sessions` between `jdg1` and `jdg2` . Server `jdg2` then notifies nodes `node21` and `node22` through + the client listeners (Feature of Remote Cache and HotRod protocol. See infinispan docs for details). The node, who is owner of the userSession (either `node21` or `node22`) will update userSession in the cluster + on `site2` . Hence any user requests coming to Keycloak nodes on `site2` will see latest updates. + +TODO: Picture and better explanation? + +Example setup assumes all 6 servers are bootstrapped on localhost, but each on different ports. + + +Infinispan Server setup +----------------------- + +1) Download Infinispan 8.2.6 server and unzip to some folder + +2) Add this into `JDG1_HOME/standalone/configuration/clustered.xml` under cache-container named `clustered` : + +```xml + + ... + + + + + + + + + + + +``` + +3) Copy the server into the second location referred later as `JDG2_HOME` + +4) Start server `jdg1`: ``` - +cd JDG1_HOME/bin +./standalone.sh -c clustered.xml -Djava.net.preferIPv4Stack=true \ +-Djboss.socket.binding.port-offset=1010 -Djboss.default.multicast.address=234.56.78.99 \ +-Djboss.node.name=jdg1 ``` -- Start server: +5) Start server `jdg2`: + ``` -cd JDG_HOME/bin -./standalone.sh -Djboss.socket.binding.port-offset=100 +cd JDG2_HOME/bin +./standalone.sh -c clustered.xml -Djava.net.preferIPv4Stack=true \ +-Djboss.socket.binding.port-offset=2010 -Djboss.default.multicast.address=234.56.78.99 \ +-Djboss.node.name=jdg2 +``` + +6) There should be message in the log that nodes are in cluster with each other: + +``` +Received new cluster view for channel clustered: [jdg1|1] (2) [jdg1, jdg2] ``` Keycloak servers setup ---------------------- -You need to setup 2 Keycloak nodes in this way. +1) Download Keycloak 3.3.0.CR1 and unzip to some location referred later as `NODE11` -For now, it's recommended to test Keycloak overlay on EAP7 because of infinispan bug, which is fixed in EAP 7.0 (infinispan 8.1.2), but not -yet on Wildfly 10 (infinispan 8.1.0). See below for details. +2) Configure shared database for KeycloakDS datasource. Recommended to use MySQL, MariaDB or PostgreSQL. See Keycloak docs for more details + +3) Edit `NODE11/standalone/configuration/standalone-ha.xml` : -1) Configure shared database in KEYCLOAK_HOME/standalone/configuration/standalone.xml . For example MySQL - -2) Add `module` attribute to the infinispan keycloak container: +3.1) Add attribute `site` to the JGroups UDP protocol: +```xml + + ``` - -``` - -3) Configure `work` cache to use remoteStore. You should use this: +3.2) Add output-socket-binding for `remote-cache` under `socket-binding-group` element: + +```xml + + ... + + + + + ``` - + +3.3) Add this `module` attribute under `cache-container` element of name `keycloak` : + +```xml + +``` + +3.4) Add the `remote-store` under `work` cache: + +```xml + true org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory - + ``` -4) Configure connection to the external JDG server. Because we used port offset 100 for JDG (see above), the HotRod endpoint is running on 11322 . -So add the config like this to the bottom of standalone.xml under `socket-binding-group` element: +3.5) Add the `store` like this under `sessions` cache: -``` - - - +```xml + + + sessions + work + + ``` -5) Optional: Configure logging in standalone.xml to see what invalidation events were send: -```` +3.6) Same for `offlineSessions` and `loginFailures` caches: + +```xml + + + offlineSessions + work + + + + + + loginFailures + work + + +``` + +3.7) The configuration of distributed cache `authenticationSessions` and other caches is left unchanged. + +3.8) Optionally enable DEBUG logging under `logging` subsystem: + +```xml - + + + + + + + +``` + +4) Copy the `NODE11` to 3 other directories referred later as `NODE12`, `NODE21` and `NODE22`. + +5) Start `NODE11` : + +``` +cd NODE11/bin +./standalone.sh -c standalone-ha.xml -Djboss.node.name=node11 -Djboss.site.name=site1 \ +-Djboss.default.multicast.address=234.56.78.100 -Dremote.cache.port=12232 -Djava.net.preferIPv4Stack=true \ +-Djboss.socket.binding.port-offset=3000 + +``` + +6) Start `NODE12` : + +```` +cd NODE12/bin +./standalone.sh -c standalone-ha.xml -Djboss.node.name=node12 -Djboss.site.name=site1 \ +-Djboss.default.multicast.address=234.56.78.100 -Dremote.cache.port=12232 -Djava.net.preferIPv4Stack=true \ +-Djboss.socket.binding.port-offset=4000 ```` - -6) Setup Keycloak node2 . Just copy Keycloak to another location on your laptop and repeat steps 1-5 above for second server too. - -7) Run server 1 with parameters like (assuming you have virtual hosts "node1" and "node2" defined in your `/etc/hosts` ): -``` -./standalone.sh -Djboss.node.name=node1 -b node1 -bmanagement node1 -``` -and server2 with: -``` -./standalone.sh -Djboss.node.name=node2 -b node2 -bmanagement node2 -``` - -8) Note something like this in both `KEYCLOAK_HOME/standalone/log/server.log` on both nodes. Note that cluster Startup Time will be same time on both nodes: -``` -2016-11-16 22:12:52,080 DEBUG [org.keycloak.cluster.infinispan.InfinispanClusterProviderFactory] (ServerService Thread Pool -- 62) My address: node1-1953169551 -2016-11-16 22:12:52,081 DEBUG [org.keycloak.cluster.infinispan.CrossDCAwareCacheFactory] (ServerService Thread Pool -- 62) RemoteStore is available. Cross-DC scenario will be used -2016-11-16 22:12:52,119 DEBUG [org.keycloak.cluster.infinispan.InfinispanClusterProviderFactory] (ServerService Thread Pool -- 62) Loaded cluster startup time: Wed Nov 16 22:09:48 CET 2016 -2016-11-16 22:12:52,128 DEBUG [org.keycloak.cluster.infinispan.InfinispanNotificationsManager] (ServerService Thread Pool -- 62) Added listener for HotRod remoteStore cache: work -``` - -9) Login to node1. Then change any realm on node2. You will see in the node2 server.log that RealmUpdatedEvent was sent and on node1 that this event was received. - -This is done even if node1 and node2 are NOT in cluster as it's the external JDG used for communication between 2 keycloak servers and sending/receiving cache invalidation events. But note that userSession -doesn't yet work (eg. if you login to node1, you won't see the userSession on node2). - - -WARNING: Previous steps works on Keycloak server overlay deployed on EAP 7.0 . With deploy on Wildfly 10.0.0.Final, you will see exception -at startup caused by the bug https://issues.jboss.org/browse/ISPN-6203 . - -There is a workaround to add this line into KEYCLOAK_HOME/modules/system/layers/base/org/wildfly/clustering/service/main/module.xml : +The cluster nodes should be connected. This should be in the log of both NODE11 and NODE12: ``` - +Received new cluster view for channel hibernate: [node11|1] (2) [node11, node12] ``` + +7) Start `NODE21` : + +``` +cd NODE21/bin +./standalone.sh -c standalone-ha.xml -Djboss.node.name=node21 -Djboss.site.name=site2 \ +-Djboss.default.multicast.address=234.56.78.101 -Dremote.cache.port=13232 -Djava.net.preferIPv4Stack=true \ +-Djboss.socket.binding.port-offset=5000 +``` + +It shouldn't be connected to the cluster with `NODE11` and `NODE12`, but to separate one: + +``` +Received new cluster view for channel hibernate: [node21|0] (1) [node21] +``` + +8) Start `NODE22` : + +``` +cd NODE22/bin +./standalone.sh -c standalone-ha.xml -Djboss.node.name=node22 -Djboss.site.name=site2 \ +-Djboss.default.multicast.address=234.56.78.101 -Dremote.cache.port=13232 -Djava.net.preferIPv4Stack=true \ +-Djboss.socket.binding.port-offset=6000 +``` + +It should be in cluster with `NODE21` : + +``` +Received new cluster view for channel server: [node21|1] (2) [node21, node22] +``` + +9) Test: + +9.1) Go to `http://localhost:11080/auth/` and create initial admin user + +9.2) Go to `http://localhost:11080/auth/admin` and login as admin to admin console + +9.3) Open 2nd browser and go to any of nodes `http://localhost:12080/auth/admin` or `http://localhost:13080/auth/admin` or `http://localhost:14080/auth/admin` . After login, you should be able to see +the same sessions in tab `Sessions` of particular user, client or realm on all 4 servers + +9.4) After doing any change (eg. update some user), the update should be immediatelly visible on any of 4 nodes as caches should be properly invalidated everywhere. + + +9.5) Check server.logs if needed. After login or logout, the message like this should be on all the nodes `NODEXY/standalone/log/server.log` : + +``` +2017-08-25 17:35:17,737 DEBUG [org.keycloak.models.sessions.infinispan.remotestore.RemoteCacheSessionListener] (Client-Listener-sessions-30012a77422542f5) Received event from remote store. +Event 'CLIENT_CACHE_ENTRY_REMOVED', key '193489e7-e2bc-4069-afe8-f1dfa73084ea', skip 'false' +``` + +This is just a starting point and the instructions are subject to change. We plan performance improvements especially around performance. If you +have any feedback regarding cross-dc scenario, please let us know on keycloak-user mailing list referred from [Keycloak home page](http://www.keycloak.org/community.html). \ No newline at end of file diff --git a/misc/Testsuite.md b/misc/Testsuite.md index 7f5e036d62e..f7b4e8e3838 100644 --- a/misc/Testsuite.md +++ b/misc/Testsuite.md @@ -114,10 +114,10 @@ But additionally you can enable Kerberos authentication in LDAP provider with th * Kerberos realm: KEYCLOAK.ORG * Server Principal: HTTP/localhost@KEYCLOAK.ORG -* KeyTab: $KEYCLOAK_SOURCES/testsuite/integration/src/test/resources/kerberos/http.keytab (Replace $KEYCLOAK_SOURCES with correct absolute path of your sources) +* KeyTab: $KEYCLOAK_SOURCES/testsuite/integration-arquillian/tests/base/src/test/resources/kerberos/http.keytab (Replace $KEYCLOAK_SOURCES with correct absolute path of your sources) Once you do this, you should also ensure that your Kerberos client configuration file is properly configured with KEYCLOAK.ORG domain. -See [../testsuite/integration/src/test/resources/kerberos/test-krb5.conf](../testsuite/integration/src/test/resources/kerberos/test-krb5.conf) for inspiration. The location of Kerberos configuration file +See [../testsuite/integration-arquillian/src/test/resources/kerberos/test-krb5.conf](../testsuite/integration-arquillian/src/test/resources/kerberos/test-krb5.conf) for inspiration. The location of Kerberos configuration file is platform dependent (In linux it's file `/etc/krb5.conf` ) Then you need to configure your browser to allow SPNEGO/Kerberos login from `localhost` . diff --git a/misc/UpdatingDatabaseSchema.md b/misc/UpdatingDatabaseSchema.md index 363d1099f5b..cb4a0f8bf46 100644 --- a/misc/UpdatingDatabaseSchema.md +++ b/misc/UpdatingDatabaseSchema.md @@ -35,7 +35,7 @@ You can also have Liquibase and Hibernate create one for you. To do this follow 3. Make a copy of the database: `cp keycloak.h2.db keycloak-old.h2.db` 3. Run KeycloakServer to make Hibernate update the schema: - `mvn -f testsuite/integration/pom.xml exec:java -Pkeycloak-server -Dkeycloak.connectionsJpa.url='jdbc:h2:keycloak' -Dkeycloak.connectionsJpa.databaseSchema='development-update'` + `mvn -f testsuite/utils/pom.xml exec:java -Pkeycloak-server -Dkeycloak.connectionsJpa.url='jdbc:h2:keycloak' -Dkeycloak.connectionsJpa.databaseSchema='development-update'` 4. Wait until server is completely started, then stop it 5. View the difference: `mvn -f connections/jpa-liquibase/pom.xml liquibase:diff -Durl=jdbc:h2:keycloak-old -DreferenceUrl=jdbc:h2:keycloak` @@ -50,11 +50,11 @@ add entries to the `change-set` to update existing data if required. When you have update the change-set Hibernate can validate the schema for you. First run: rm -rf keycloak*h2.db - mvn -f testsuite/integration exec:java -Pkeycloak-server -Dkeycloak.connectionsJpa.url='jdbc:h2:keycloak' -Dkeycloak.connectionsJpa.databaseSchema='update' + mvn -f testsuite/utils/pom.xml exec:java -Pkeycloak-server -Dkeycloak.connectionsJpa.url='jdbc:h2:keycloak' -Dkeycloak.connectionsJpa.databaseSchema='update' Once the server has started fully, stop it and run: - mvn -f testsuite/integration exec:java -Pkeycloak-server -Dkeycloak.connectionsJpa.url='jdbc:h2:keycloak' -Dkeycloak.connectionsJpa.databaseSchema='development-validate' + mvn -f testsuite/utils/pom.xml exec:java -Pkeycloak-server -Dkeycloak.connectionsJpa.url='jdbc:h2:keycloak' -Dkeycloak.connectionsJpa.databaseSchema='development-validate' Testing database migration diff --git a/misc/keycloak-test-helper/pom.xml b/misc/keycloak-test-helper/pom.xml index 8747ec19d9f..c17e73e895c 100644 --- a/misc/keycloak-test-helper/pom.xml +++ b/misc/keycloak-test-helper/pom.xml @@ -6,7 +6,7 @@ keycloak-misc-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak keycloak-test-helper diff --git a/misc/pom.xml b/misc/pom.xml index d65bbe7b960..f72eb62a3c6 100644 --- a/misc/pom.xml +++ b/misc/pom.xml @@ -3,7 +3,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT Keycloak Misc diff --git a/misc/spring-boot-starter/keycloak-spring-boot-starter/pom.xml b/misc/spring-boot-starter/keycloak-spring-boot-starter/pom.xml index 2f55a9ac554..999a3b1d981 100644 --- a/misc/spring-boot-starter/keycloak-spring-boot-starter/pom.xml +++ b/misc/spring-boot-starter/keycloak-spring-boot-starter/pom.xml @@ -4,7 +4,7 @@ org.keycloak keycloak-spring-boot-starter-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT keycloak-spring-boot-starter Keycloak :: Spring :: Boot :: Default :: Starter diff --git a/misc/spring-boot-starter/pom.xml b/misc/spring-boot-starter/pom.xml index 70f7daf3361..1092895ad18 100644 --- a/misc/spring-boot-starter/pom.xml +++ b/misc/spring-boot-starter/pom.xml @@ -5,7 +5,7 @@ keycloak-misc-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT org.keycloak keycloak-spring-boot-starter-parent @@ -20,7 +20,7 @@ org.keycloak.bom keycloak-adapter-bom - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT pom import diff --git a/model/infinispan/pom.xml b/model/infinispan/pom.xml index 7d7dfe1584d..f94566132a8 100755 --- a/model/infinispan/pom.xml +++ b/model/infinispan/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../pom.xml 4.0.0 diff --git a/model/infinispan/src/main/java/org/keycloak/connections/infinispan/DefaultInfinispanConnectionProviderFactory.java b/model/infinispan/src/main/java/org/keycloak/connections/infinispan/DefaultInfinispanConnectionProviderFactory.java index 86f607456f0..5135e90bea8 100755 --- a/model/infinispan/src/main/java/org/keycloak/connections/infinispan/DefaultInfinispanConnectionProviderFactory.java +++ b/model/infinispan/src/main/java/org/keycloak/connections/infinispan/DefaultInfinispanConnectionProviderFactory.java @@ -40,12 +40,9 @@ import org.jboss.logging.Logger; import org.jgroups.JChannel; import org.keycloak.Config; import org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory; -import org.keycloak.common.util.HostUtils; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSessionFactory; -import org.keycloak.models.sessions.infinispan.remotestore.KcRemoteStoreConfigurationBuilder; -import org.keycloak.models.sessions.infinispan.util.InfinispanUtil; -import org.keycloak.models.utils.KeycloakModelUtils; +import org.keycloak.models.sessions.infinispan.remotestore.KeycloakRemoteStoreConfigurationBuilder; import javax.naming.InitialContext; @@ -249,7 +246,7 @@ public class DefaultInfinispanConnectionProviderFactory implements InfinispanCon if (jdgEnabled) { sessionConfigBuilder = new ConfigurationBuilder(); sessionConfigBuilder.read(sessionCacheConfigurationBase); - configureRemoteCacheStore(sessionConfigBuilder, async, InfinispanConnectionProvider.SESSION_CACHE_NAME, KcRemoteStoreConfigurationBuilder.class); + configureRemoteCacheStore(sessionConfigBuilder, async, InfinispanConnectionProvider.SESSION_CACHE_NAME, KeycloakRemoteStoreConfigurationBuilder.class); } Configuration sessionCacheConfiguration = sessionConfigBuilder.build(); cacheManager.defineConfiguration(InfinispanConnectionProvider.SESSION_CACHE_NAME, sessionCacheConfiguration); @@ -257,12 +254,19 @@ public class DefaultInfinispanConnectionProviderFactory implements InfinispanCon if (jdgEnabled) { sessionConfigBuilder = new ConfigurationBuilder(); sessionConfigBuilder.read(sessionCacheConfigurationBase); - configureRemoteCacheStore(sessionConfigBuilder, async, InfinispanConnectionProvider.OFFLINE_SESSION_CACHE_NAME, KcRemoteStoreConfigurationBuilder.class); + configureRemoteCacheStore(sessionConfigBuilder, async, InfinispanConnectionProvider.OFFLINE_SESSION_CACHE_NAME, KeycloakRemoteStoreConfigurationBuilder.class); } sessionCacheConfiguration = sessionConfigBuilder.build(); cacheManager.defineConfiguration(InfinispanConnectionProvider.OFFLINE_SESSION_CACHE_NAME, sessionCacheConfiguration); - cacheManager.defineConfiguration(InfinispanConnectionProvider.LOGIN_FAILURE_CACHE_NAME, sessionCacheConfigurationBase); + if (jdgEnabled) { + sessionConfigBuilder = new ConfigurationBuilder(); + sessionConfigBuilder.read(sessionCacheConfigurationBase); + configureRemoteCacheStore(sessionConfigBuilder, async, InfinispanConnectionProvider.LOGIN_FAILURE_CACHE_NAME, KeycloakRemoteStoreConfigurationBuilder.class); + } + sessionCacheConfiguration = sessionConfigBuilder.build(); + cacheManager.defineConfiguration(InfinispanConnectionProvider.LOGIN_FAILURE_CACHE_NAME, sessionCacheConfiguration); + cacheManager.defineConfiguration(InfinispanConnectionProvider.AUTHENTICATION_SESSIONS_CACHE_NAME, sessionCacheConfigurationBase); // Retrieve caches to enforce rebalance diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java index 0d971f70b9f..390c25c158f 100755 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java @@ -334,6 +334,8 @@ public class UserCacheSession implements UserCache { } protected UserModel cacheUser(RealmModel realm, UserModel delegate, Long revision) { + int notBefore = getDelegate().getNotBeforeOfUser(realm, delegate); + StorageId storageId = new StorageId(delegate.getId()); CachedUser cached = null; if (!storageId.isLocal()) { @@ -343,7 +345,7 @@ public class UserCacheSession implements UserCache { if (policy != null && policy == UserStorageProviderModel.CachePolicy.NO_CACHE) { return delegate; } - cached = new CachedUser(revision, realm, delegate); + cached = new CachedUser(revision, realm, delegate, notBefore); if (policy == null || policy == UserStorageProviderModel.CachePolicy.DEFAULT) { cache.addRevisioned(cached, startupRevision); } else { @@ -366,7 +368,7 @@ public class UserCacheSession implements UserCache { } } } else { - cached = new CachedUser(revision, realm, delegate); + cached = new CachedUser(revision, realm, delegate, notBefore); cache.addRevisioned(cached, startupRevision); } UserAdapter adapter = new UserAdapter(cached, this, session, realm); @@ -765,6 +767,32 @@ public class UserCacheSession implements UserCache { return consentModel; } + @Override + public void setNotBeforeForUser(RealmModel realm, UserModel user, int notBefore) { + if (!isRegisteredForInvalidation(realm, user.getId())) { + UserModel foundUser = getUserById(user.getId(), realm); + if (foundUser instanceof UserAdapter) { + ((UserAdapter) foundUser).invalidate(); + } + } + + getDelegate().setNotBeforeForUser(realm, user, notBefore); + + } + + @Override + public int getNotBeforeOfUser(RealmModel realm, UserModel user) { + if (isRegisteredForInvalidation(realm, user.getId())) { + return getDelegate().getNotBeforeOfUser(realm, user); + } + + UserModel foundUser = getUserById(user.getId(), realm); + if (foundUser instanceof UserAdapter) { + return ((UserAdapter) foundUser).cached.getNotBefore(); + } else { + return getDelegate().getNotBeforeOfUser(realm, user); + } + } @Override public UserModel addUser(RealmModel realm, String id, String username, boolean addDefaultRoles, boolean addDefaultRequiredActions) { diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceAdapter.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceAdapter.java index dc721b7112a..5e9b7d34310 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceAdapter.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceAdapter.java @@ -46,7 +46,7 @@ public class ResourceAdapter implements Resource, CachedModel { @Override public Resource getDelegateForUpdate() { if (updated == null) { - cacheSession.registerResourceInvalidation(cached.getId(), cached.getName(), cached.getType(), cached.getUri(), cached.getScopesIds(), cached.getResourceServerId()); + cacheSession.registerResourceInvalidation(cached.getId(), cached.getName(), cached.getType(), cached.getUri(), cached.getScopesIds(), cached.getResourceServerId(), cached.getOwner()); updated = cacheSession.getResourceStoreDelegate().findById(cached.getId(), cached.getResourceServerId()); if (updated == null) throw new IllegalStateException("Not found in database"); } @@ -95,7 +95,7 @@ public class ResourceAdapter implements Resource, CachedModel { @Override public void setName(String name) { getDelegateForUpdate(); - cacheSession.registerResourceInvalidation(cached.getId(), name, cached.getType(), cached.getUri(), cached.getScopesIds(), cached.getResourceServerId()); + cacheSession.registerResourceInvalidation(cached.getId(), name, cached.getType(), cached.getUri(), cached.getScopesIds(), cached.getResourceServerId(), cached.getOwner()); updated.setName(name); } @@ -127,7 +127,7 @@ public class ResourceAdapter implements Resource, CachedModel { @Override public void setUri(String uri) { getDelegateForUpdate(); - cacheSession.registerResourceInvalidation(cached.getId(), cached.getName(), cached.getType(), uri, cached.getScopesIds(), cached.getResourceServerId()); + cacheSession.registerResourceInvalidation(cached.getId(), cached.getName(), cached.getType(), uri, cached.getScopesIds(), cached.getResourceServerId(), cached.getOwner()); updated.setUri(uri); } @@ -140,7 +140,7 @@ public class ResourceAdapter implements Resource, CachedModel { @Override public void setType(String type) { getDelegateForUpdate(); - cacheSession.registerResourceInvalidation(cached.getId(), cached.getName(), type, cached.getUri(), cached.getScopesIds(), cached.getResourceServerId()); + cacheSession.registerResourceInvalidation(cached.getId(), cached.getName(), type, cached.getUri(), cached.getScopesIds(), cached.getResourceServerId(), cached.getOwner()); updated.setType(type); } @@ -168,7 +168,7 @@ public class ResourceAdapter implements Resource, CachedModel { @Override public void updateScopes(Set scopes) { getDelegateForUpdate(); - cacheSession.registerResourceInvalidation(cached.getId(), cached.getName(), cached.getType(), cached.getUri(), scopes.stream().map(scope1 -> scope1.getId()).collect(Collectors.toSet()), cached.getResourceServerId()); + cacheSession.registerResourceInvalidation(cached.getId(), cached.getName(), cached.getType(), cached.getUri(), scopes.stream().map(scope1 -> scope1.getId()).collect(Collectors.toSet()), cached.getResourceServerId(), cached.getOwner()); updated.updateScopes(scopes); } diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceServerAdapter.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceServerAdapter.java index bb3ec6cbc07..7d72c9890ed 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceServerAdapter.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceServerAdapter.java @@ -38,7 +38,7 @@ public class ResourceServerAdapter implements ResourceServer, CachedModel invalidations) { + public void resourceServerUpdated(String id, Set invalidations) { invalidations.add(id); - invalidations.add(StoreFactoryCacheSession.getResourceServerByClientCacheKey(clientId)); + invalidations.add(StoreFactoryCacheSession.getResourceServerByClientCacheKey(id)); } - public void resourceServerRemoval(String id, String name, Set invalidations) { - resourceServerUpdated(id, name, invalidations); + public void resourceServerRemoval(String id, Set invalidations) { + resourceServerUpdated(id, invalidations); addInvalidations(InResourceServerPredicate.create().resourceServer(id), invalidations); } @@ -75,9 +75,10 @@ public class StoreFactoryCacheManager extends CacheManager { addInvalidations(InScopePredicate.create().scope(id), invalidations); } - public void resourceUpdated(String id, String name, String type, String uri, Set scopes, String serverId, Set invalidations) { + public void resourceUpdated(String id, String name, String type, String uri, Set scopes, String serverId, String owner, Set invalidations) { invalidations.add(id); invalidations.add(StoreFactoryCacheSession.getResourceByNameCacheKey(name, serverId)); + invalidations.add(StoreFactoryCacheSession.getResourceByOwnerCacheKey(owner, serverId)); if (type != null) { invalidations.add(StoreFactoryCacheSession.getResourceByTypeCacheKey(type, serverId)); @@ -97,8 +98,7 @@ public class StoreFactoryCacheManager extends CacheManager { } public void resourceRemoval(String id, String name, String type, String uri, String owner, Set scopes, String serverId, Set invalidations) { - resourceUpdated(id, name, type, uri, scopes, serverId, invalidations); - invalidations.add(StoreFactoryCacheSession.getResourceByOwnerCacheKey(owner, serverId)); + resourceUpdated(id, name, type, uri, scopes, serverId, owner, invalidations); addInvalidations(InResourcePredicate.create().resource(id), invalidations); } diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java index a169235643f..c70a43a5e74 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java @@ -229,12 +229,12 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { return invalidations.contains(id); } - public void registerResourceServerInvalidation(String id, String clientId) { - cache.resourceServerUpdated(id, clientId, invalidations); + public void registerResourceServerInvalidation(String id) { + cache.resourceServerUpdated(id, invalidations); ResourceServerAdapter adapter = managedResourceServers.get(id); if (adapter != null) adapter.invalidateFlag(); - invalidationEvents.add(ResourceServerUpdatedEvent.create(id, clientId)); + invalidationEvents.add(ResourceServerUpdatedEvent.create(id)); } public void registerScopeInvalidation(String id, String name, String serverId) { @@ -245,12 +245,12 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { invalidationEvents.add(ScopeUpdatedEvent.create(id, name, serverId)); } - public void registerResourceInvalidation(String id, String name, String type, String uri, Set scopes, String serverId) { - cache.resourceUpdated(id, name, type, uri, scopes, serverId, invalidations); + public void registerResourceInvalidation(String id, String name, String type, String uri, Set scopes, String serverId, String owner) { + cache.resourceUpdated(id, name, type, uri, scopes, serverId, owner, invalidations); ResourceAdapter adapter = managedResources.get(id); if (adapter != null) adapter.invalidateFlag(); - invalidationEvents.add(ResourceUpdatedEvent.create(id, name, type, uri, scopes, serverId)); + invalidationEvents.add(ResourceUpdatedEvent.create(id, name, type, uri, scopes, serverId, owner)); } public void registerPolicyInvalidation(String id, String name, Set resources, Set scopes, String serverId) { @@ -350,7 +350,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { @Override public ResourceServer create(String clientId) { ResourceServer server = getResourceServerStoreDelegate().create(clientId); - registerResourceServerInvalidation(server.getId(), server.getClientId()); + registerResourceServerInvalidation(server.getId()); return server; } @@ -361,8 +361,8 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { if (server == null) return; cache.invalidateObject(id); - invalidationEvents.add(ResourceServerRemovedEvent.create(id, server.getClientId())); - cache.resourceServerRemoval(id, server.getClientId(), invalidations); + invalidationEvents.add(ResourceServerRemovedEvent.create(id, server.getId())); + cache.resourceServerRemoval(id, invalidations); getResourceServerStoreDelegate().delete(id); } @@ -392,33 +392,6 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { managedResourceServers.put(id, adapter); return adapter; } - - - @Override - public ResourceServer findByClient(String clientId) { - String cacheKey = getResourceServerByClientCacheKey(clientId); - ResourceServerListQuery query = cache.get(cacheKey, ResourceServerListQuery.class); - if (query != null) { - logger.tracev("ResourceServer by clientId cache hit: {0}", clientId); - } - if (query == null) { - Long loaded = cache.getCurrentRevision(cacheKey); - ResourceServer model = getResourceServerStoreDelegate().findByClient(clientId); - if (model == null) return null; - if (invalidations.contains(model.getId())) return model; - query = new ResourceServerListQuery(loaded, cacheKey, model.getId()); - cache.addRevisioned(query, startupRevision); - return model; - } else if (invalidations.contains(cacheKey)) { - return getResourceServerStoreDelegate().findByClient(clientId); - } else { - String serverId = query.getResourceServers().iterator().next(); - if (invalidations.contains(serverId)) { - return getResourceServerStoreDelegate().findByClient(clientId); - } - return findById(serverId); - } - } } protected class ScopeCache implements ScopeStore { @@ -509,8 +482,9 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { @Override public Resource create(String name, ResourceServer resourceServer, String owner) { Resource resource = getResourceStoreDelegate().create(name, resourceServer, owner); - registerResourceInvalidation(resource.getId(), resource.getName(), resource.getType(), resource.getUri(), resource.getScopes().stream().map(scope -> scope.getId()).collect(Collectors.toSet()), resourceServer.getId()); - return resource; + Resource cached = findById(resource.getId(), resourceServer.getId()); + registerResourceInvalidation(resource.getId(), resource.getName(), resource.getType(), resource.getUri(), resource.getScopes().stream().map(scope -> scope.getId()).collect(Collectors.toSet()), resourceServer.getId(), resource.getOwner()); + return cached; } @Override diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/entities/CachedResourceServer.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/entities/CachedResourceServer.java index 7dfb5fbf862..a904bd1a3d2 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/entities/CachedResourceServer.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/entities/CachedResourceServer.java @@ -22,29 +22,20 @@ import org.keycloak.authorization.model.ResourceServer; import org.keycloak.models.cache.infinispan.entities.AbstractRevisioned; import org.keycloak.representations.idm.authorization.PolicyEnforcementMode; -import java.io.Serializable; - /** * @author Pedro Igor */ public class CachedResourceServer extends AbstractRevisioned { - private String clientId; private boolean allowRemoteResourceManagement; private PolicyEnforcementMode policyEnforcementMode; public CachedResourceServer(Long revision, ResourceServer resourceServer) { super(revision, resourceServer.getId()); - this.clientId = resourceServer.getClientId(); this.allowRemoteResourceManagement = resourceServer.isAllowRemoteResourceManagement(); this.policyEnforcementMode = resourceServer.getPolicyEnforcementMode(); } - - public String getClientId() { - return this.clientId; - } - public boolean isAllowRemoteResourceManagement() { return this.allowRemoteResourceManagement; } diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerRemovedEvent.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerRemovedEvent.java index fbe5a7aa483..74b8d0c26d3 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerRemovedEvent.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerRemovedEvent.java @@ -49,6 +49,6 @@ public class ResourceServerRemovedEvent extends InvalidationEvent implements Aut @Override public void addInvalidations(StoreFactoryCacheManager cache, Set invalidations) { - cache.resourceServerRemoval(id, clientId, invalidations); + cache.resourceServerRemoval(id, invalidations); } } diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerUpdatedEvent.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerUpdatedEvent.java index 2034c9b4d60..18623458877 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerUpdatedEvent.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerUpdatedEvent.java @@ -28,12 +28,10 @@ import java.util.Set; public class ResourceServerUpdatedEvent extends InvalidationEvent implements AuthorizationCacheInvalidationEvent { private String id; - private String clientId; - public static ResourceServerUpdatedEvent create(String id, String clientId) { + public static ResourceServerUpdatedEvent create(String id) { ResourceServerUpdatedEvent event = new ResourceServerUpdatedEvent(); event.id = id; - event.clientId = clientId; return event; } @@ -44,11 +42,11 @@ public class ResourceServerUpdatedEvent extends InvalidationEvent implements Aut @Override public String toString() { - return String.format("ResourceServerRemovedEvent [ id=%s, clientId=%s ]", id, clientId); + return String.format("ResourceServerRemovedEvent [ id=%s, clientId=%s ]", id, id); } @Override public void addInvalidations(StoreFactoryCacheManager cache, Set invalidations) { - cache.resourceServerUpdated(id, clientId, invalidations); + cache.resourceServerUpdated(id, invalidations); } } diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceUpdatedEvent.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceUpdatedEvent.java index cc30f230d9b..3f85a6d5b0a 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceUpdatedEvent.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceUpdatedEvent.java @@ -33,8 +33,9 @@ public class ResourceUpdatedEvent extends InvalidationEvent implements Authoriza private String type; private String uri; private Set scopes; + private String owner; - public static ResourceUpdatedEvent create(String id, String name, String type, String uri, Set scopes, String serverId) { + public static ResourceUpdatedEvent create(String id, String name, String type, String uri, Set scopes, String serverId, String owner) { ResourceUpdatedEvent event = new ResourceUpdatedEvent(); event.id = id; event.name = name; @@ -42,6 +43,7 @@ public class ResourceUpdatedEvent extends InvalidationEvent implements Authoriza event.uri = uri; event.scopes = scopes; event.serverId = serverId; + event.owner = owner; return event; } @@ -57,6 +59,6 @@ public class ResourceUpdatedEvent extends InvalidationEvent implements Authoriza @Override public void addInvalidations(StoreFactoryCacheManager cache, Set invalidations) { - cache.resourceUpdated(id, name, type, uri, scopes, serverId, invalidations); + cache.resourceUpdated(id, name, type, uri, scopes, serverId, owner, invalidations); } } diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedUser.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedUser.java index 1bf6e426a09..68dfc372cb1 100755 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedUser.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedUser.java @@ -45,10 +45,11 @@ public class CachedUser extends AbstractExtendableRevisioned implements InRealm private Set requiredActions = new HashSet<>(); private Set roleMappings = new HashSet<>(); private Set groups = new HashSet<>(); + private int notBefore; - public CachedUser(Long revision, RealmModel realm, UserModel user) { + public CachedUser(Long revision, RealmModel realm, UserModel user, int notBefore) { super(revision, user.getId()); this.realm = realm.getId(); this.username = user.getUsername(); @@ -71,6 +72,7 @@ public class CachedUser extends AbstractExtendableRevisioned implements InRealm groups.add(group.getId()); } } + this.notBefore = notBefore; } public String getRealm() { @@ -129,4 +131,7 @@ public class CachedUser extends AbstractExtendableRevisioned implements InRealm return groups; } + public int getNotBefore() { + return notBefore; + } } diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProvider.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProvider.java index c1a8ed688bc..48d1965fca8 100755 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProvider.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProvider.java @@ -42,7 +42,6 @@ import org.keycloak.models.sessions.infinispan.entities.AuthenticatedClientSessi import org.keycloak.models.sessions.infinispan.entities.LoginFailureEntity; import org.keycloak.models.sessions.infinispan.entities.LoginFailureKey; import org.keycloak.models.sessions.infinispan.entities.UserSessionEntity; -import org.keycloak.models.sessions.infinispan.events.ClientRemovedSessionEvent; import org.keycloak.models.sessions.infinispan.events.RealmRemovedSessionEvent; import org.keycloak.models.sessions.infinispan.events.RemoveAllUserLoginFailuresEvent; import org.keycloak.models.sessions.infinispan.events.RemoveUserSessionsEvent; @@ -52,6 +51,7 @@ import org.keycloak.models.sessions.infinispan.stream.Mappers; import org.keycloak.models.sessions.infinispan.stream.SessionPredicate; import org.keycloak.models.sessions.infinispan.stream.UserLoginFailurePredicate; import org.keycloak.models.sessions.infinispan.stream.UserSessionPredicate; +import org.keycloak.models.sessions.infinispan.util.FuturesHelper; import org.keycloak.models.sessions.infinispan.util.InfinispanUtil; import java.util.Iterator; @@ -59,6 +59,7 @@ import java.util.LinkedList; import java.util.List; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.Future; import java.util.function.Consumer; import java.util.function.Predicate; import java.util.stream.Stream; @@ -74,11 +75,11 @@ public class InfinispanUserSessionProvider implements UserSessionProvider { protected final Cache> sessionCache; protected final Cache> offlineSessionCache; - protected final Cache loginFailureCache; + protected final Cache> loginFailureCache; - protected final InfinispanChangelogBasedTransaction sessionTx; - protected final InfinispanChangelogBasedTransaction offlineSessionTx; - protected final InfinispanKeycloakTransaction tx; + protected final InfinispanChangelogBasedTransaction sessionTx; + protected final InfinispanChangelogBasedTransaction offlineSessionTx; + protected final InfinispanChangelogBasedTransaction loginFailuresTx; protected final SessionEventsSenderTransaction clusterEventsSenderTx; @@ -91,7 +92,7 @@ public class InfinispanUserSessionProvider implements UserSessionProvider { LastSessionRefreshStore offlineLastSessionRefreshStore, Cache> sessionCache, Cache> offlineSessionCache, - Cache loginFailureCache) { + Cache> loginFailureCache) { this.session = session; this.sessionCache = sessionCache; @@ -101,24 +102,24 @@ public class InfinispanUserSessionProvider implements UserSessionProvider { this.sessionTx = new InfinispanChangelogBasedTransaction<>(session, InfinispanConnectionProvider.SESSION_CACHE_NAME, sessionCache, remoteCacheInvoker); this.offlineSessionTx = new InfinispanChangelogBasedTransaction<>(session, InfinispanConnectionProvider.OFFLINE_SESSION_CACHE_NAME, offlineSessionCache, remoteCacheInvoker); - this.tx = new InfinispanKeycloakTransaction(); + this.loginFailuresTx = new InfinispanChangelogBasedTransaction<>(session, InfinispanConnectionProvider.LOGIN_FAILURE_CACHE_NAME, loginFailureCache, remoteCacheInvoker); this.clusterEventsSenderTx = new SessionEventsSenderTransaction(session); this.lastSessionRefreshStore = lastSessionRefreshStore; this.offlineLastSessionRefreshStore = offlineLastSessionRefreshStore; - session.getTransactionManager().enlistAfterCompletion(tx); session.getTransactionManager().enlistAfterCompletion(clusterEventsSenderTx); session.getTransactionManager().enlistAfterCompletion(sessionTx); session.getTransactionManager().enlistAfterCompletion(offlineSessionTx); + session.getTransactionManager().enlistAfterCompletion(loginFailuresTx); } protected Cache> getCache(boolean offline) { return offline ? offlineSessionCache : sessionCache; } - protected InfinispanChangelogBasedTransaction getTransaction(boolean offline) { + protected InfinispanChangelogBasedTransaction getTransaction(boolean offline) { return offline ? offlineSessionTx : sessionTx; } @@ -134,7 +135,7 @@ public class InfinispanUserSessionProvider implements UserSessionProvider { public AuthenticatedClientSessionModel createClientSession(RealmModel realm, ClientModel client, UserSessionModel userSession) { AuthenticatedClientSessionEntity entity = new AuthenticatedClientSessionEntity(); - InfinispanChangelogBasedTransaction updateTx = getTransaction(false); + InfinispanChangelogBasedTransaction updateTx = getTransaction(false); AuthenticatedClientSessionAdapter adapter = new AuthenticatedClientSessionAdapter(entity, client, (UserSessionAdapter) userSession, this, updateTx); adapter.setUserSession(userSession); return adapter; @@ -200,7 +201,7 @@ public class InfinispanUserSessionProvider implements UserSessionProvider { } private UserSessionEntity getUserSessionEntity(String id, boolean offline) { - InfinispanChangelogBasedTransaction tx = getTransaction(offline); + InfinispanChangelogBasedTransaction tx = getTransaction(offline); SessionEntityWrapper entityWrapper = tx.get(id); return entityWrapper==null ? null : entityWrapper.getEntity(); } @@ -309,7 +310,7 @@ public class InfinispanUserSessionProvider implements UserSessionProvider { UserSessionModel remoteSessionAdapter = wrap(realm, remoteSessionEntity, offline); if (predicate.test(remoteSessionAdapter)) { - InfinispanChangelogBasedTransaction tx = getTransaction(offline); + InfinispanChangelogBasedTransaction tx = getTransaction(offline); // Remote entity contains our predicate. Update local cache with the remote entity SessionEntityWrapper sessionWrapper = remoteSessionEntity.mergeRemoteEntityWithLocalEntity(tx.get(id)); @@ -396,11 +397,11 @@ public class InfinispanUserSessionProvider implements UserSessionProvider { int expired = Time.currentTime() - realm.getSsoSessionMaxLifespan(); int expiredRefresh = Time.currentTime() - realm.getSsoSessionIdleTimeout(); + FuturesHelper futures = new FuturesHelper(); + // Each cluster node cleanups just local sessions, which are those owned by himself (+ few more taking l1 cache into account) Cache> localCache = CacheDecorators.localCache(sessionCache); - int[] counter = { 0 }; - Cache> localCacheStoreIgnore = CacheDecorators.skipCacheLoaders(localCache); // Ignore remoteStore for stream iteration. But we will invoke remoteStore for userSession removal propagate @@ -413,14 +414,15 @@ public class InfinispanUserSessionProvider implements UserSessionProvider { @Override public void accept(String sessionId) { - counter[0]++; - tx.remove(localCache, sessionId); + Future future = localCache.removeAsync(sessionId); + futures.addTask(future); } }); + futures.waitForAllToFinish(); - log.debugf("Removed %d expired user sessions for realm '%s'", counter[0], realm.getName()); + log.debugf("Removed %d expired user sessions for realm '%s'", futures.size(), realm.getName()); } private void removeExpiredOfflineUserSessions(RealmModel realm) { @@ -432,7 +434,7 @@ public class InfinispanUserSessionProvider implements UserSessionProvider { UserSessionPredicate predicate = UserSessionPredicate.create(realm.getId()).expired(null, expiredOffline); - final int[] counter = { 0 }; + FuturesHelper futures = new FuturesHelper(); Cache> localCacheStoreIgnore = CacheDecorators.skipCacheLoaders(localCache); @@ -446,8 +448,8 @@ public class InfinispanUserSessionProvider implements UserSessionProvider { @Override public void accept(UserSessionEntity userSessionEntity) { - counter[0]++; - tx.remove(localCache, userSessionEntity.getId()); + Future future = localCache.removeAsync(userSessionEntity.getId()); + futures.addTask(future); // TODO:mposolda can be likely optimized to delete all expired at one step persister.removeUserSession( userSessionEntity.getId(), true); @@ -459,7 +461,9 @@ public class InfinispanUserSessionProvider implements UserSessionProvider { } }); - log.debugf("Removed %d expired offline user sessions for realm '%s'", counter, realm.getName()); + futures.waitForAllToFinish(); + + log.debugf("Removed %d expired offline user sessions for realm '%s'", futures.size(), realm.getName()); } @Override @@ -475,6 +479,8 @@ public class InfinispanUserSessionProvider implements UserSessionProvider { } private void removeLocalUserSessions(String realmId, boolean offline) { + FuturesHelper futures = new FuturesHelper(); + Cache> cache = getCache(offline); Cache> localCache = CacheDecorators.localCache(cache); @@ -489,17 +495,29 @@ public class InfinispanUserSessionProvider implements UserSessionProvider { @Override public void accept(String sessionId) { - // Remove session from remoteCache too - localCache.remove(sessionId); + // Remove session from remoteCache too. Use removeAsync for better perf + Future future = localCache.removeAsync(sessionId); + futures.addTask(future); } }); + + futures.waitForAllToFinish(); + + log.debugf("Removed %d sessions in realm %s. Offline: %b", (Object) futures.size(), realmId, offline); } @Override public UserLoginFailureModel getUserLoginFailure(RealmModel realm, String userId) { LoginFailureKey key = new LoginFailureKey(realm.getId(), userId); - return wrap(key, loginFailureCache.get(key)); + LoginFailureEntity entity = getLoginFailureEntity(key); + return wrap(key, entity); + } + + private LoginFailureEntity getLoginFailureEntity(LoginFailureKey key) { + InfinispanChangelogBasedTransaction tx = getLoginFailuresTx(); + SessionEntityWrapper entityWrapper = tx.get(key); + return entityWrapper==null ? null : entityWrapper.getEntity(); } @Override @@ -508,13 +526,53 @@ public class InfinispanUserSessionProvider implements UserSessionProvider { LoginFailureEntity entity = new LoginFailureEntity(); entity.setRealm(realm.getId()); entity.setUserId(userId); - tx.put(loginFailureCache, key, entity); + + SessionUpdateTask createLoginFailureTask = new SessionUpdateTask() { + + @Override + public void runUpdate(LoginFailureEntity session) { + + } + + @Override + public CacheOperation getOperation(LoginFailureEntity session) { + return CacheOperation.ADD_IF_ABSENT; + } + + @Override + public CrossDCMessageStatus getCrossDCMessageStatus(SessionEntityWrapper sessionWrapper) { + return CrossDCMessageStatus.SYNC; + } + + }; + + loginFailuresTx.addTask(key, createLoginFailureTask, entity); + return wrap(key, entity); } @Override public void removeUserLoginFailure(RealmModel realm, String userId) { - tx.remove(loginFailureCache, new LoginFailureKey(realm.getId(), userId)); + SessionUpdateTask removeTask = new SessionUpdateTask() { + + @Override + public void runUpdate(LoginFailureEntity entity) { + + } + + @Override + public CacheOperation getOperation(LoginFailureEntity entity) { + return CacheOperation.REMOVE; + } + + @Override + public CrossDCMessageStatus getCrossDCMessageStatus(SessionEntityWrapper sessionWrapper) { + return CrossDCMessageStatus.SYNC; + } + + }; + + loginFailuresTx.addTask(new LoginFailureKey(realm.getId(), userId), removeTask); } @Override @@ -529,9 +587,11 @@ public class InfinispanUserSessionProvider implements UserSessionProvider { } private void removeAllLocalUserLoginFailuresEvent(String realmId) { - Cache localCache = CacheDecorators.localCache(loginFailureCache); + FuturesHelper futures = new FuturesHelper(); - Cache localCacheStoreIgnore = CacheDecorators.skipCacheLoaders(localCache); + Cache> localCache = CacheDecorators.localCache(loginFailureCache); + + Cache> localCacheStoreIgnore = CacheDecorators.skipCacheLoaders(localCache); localCacheStoreIgnore .entrySet() @@ -539,9 +599,14 @@ public class InfinispanUserSessionProvider implements UserSessionProvider { .filter(UserLoginFailurePredicate.create(realmId)) .map(Mappers.loginFailureId()) .forEach(loginFailureKey -> { - // Remove loginFailure from remoteCache too - localCache.remove(loginFailureKey); + // Remove loginFailure from remoteCache too. Use removeAsync for better perf + Future future = localCache.removeAsync(loginFailureKey); + futures.addTask(future); }); + + futures.waitForAllToFinish(); + + log.debugf("Removed %d login failures in realm %s", futures.size(), realmId); } @Override @@ -574,8 +639,7 @@ public class InfinispanUserSessionProvider implements UserSessionProvider { removeUserSessions(realm, user, true); removeUserSessions(realm, user, false); - loginFailureCache.remove(new LoginFailureKey(realm.getId(), user.getUsername())); - loginFailureCache.remove(new LoginFailureKey(realm.getId(), user.getEmail())); + removeUserLoginFailure(realm, user.getId()); } @Override @@ -583,7 +647,7 @@ public class InfinispanUserSessionProvider implements UserSessionProvider { } protected void removeUserSession(UserSessionEntity sessionEntity, boolean offline) { - InfinispanChangelogBasedTransaction tx = getTransaction(offline); + InfinispanChangelogBasedTransaction tx = getTransaction(offline); SessionUpdateTask removeTask = new SessionUpdateTask() { @@ -607,17 +671,17 @@ public class InfinispanUserSessionProvider implements UserSessionProvider { tx.addTask(sessionEntity.getId(), removeTask); } - InfinispanKeycloakTransaction getTx() { - return tx; + InfinispanChangelogBasedTransaction getLoginFailuresTx() { + return loginFailuresTx; } UserSessionAdapter wrap(RealmModel realm, UserSessionEntity entity, boolean offline) { - InfinispanChangelogBasedTransaction tx = getTransaction(offline); + InfinispanChangelogBasedTransaction tx = getTransaction(offline); return entity != null ? new UserSessionAdapter(session, this, tx, realm, entity, offline) : null; } UserLoginFailureModel wrap(LoginFailureKey key, LoginFailureEntity entity) { - return entity != null ? new UserLoginFailureAdapter(this, loginFailureCache, key, entity) : null; + return entity != null ? new UserLoginFailureAdapter(this, key, entity) : null; } UserSessionEntity getUserSessionEntity(UserSessionModel userSession, boolean offline) { @@ -720,7 +784,7 @@ public class InfinispanUserSessionProvider implements UserSessionProvider { entity.setLastSessionRefresh(userSession.getLastSessionRefresh()); - InfinispanChangelogBasedTransaction tx = getTransaction(offline); + InfinispanChangelogBasedTransaction tx = getTransaction(offline); SessionUpdateTask importTask = new SessionUpdateTask() { @@ -756,7 +820,7 @@ public class InfinispanUserSessionProvider implements UserSessionProvider { private AuthenticatedClientSessionAdapter importClientSession(UserSessionAdapter importedUserSession, AuthenticatedClientSessionModel clientSession, - InfinispanChangelogBasedTransaction updateTx) { + InfinispanChangelogBasedTransaction updateTx) { AuthenticatedClientSessionEntity entity = new AuthenticatedClientSessionEntity(); entity.setAction(clientSession.getAction()); diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProviderFactory.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProviderFactory.java index 110a8124f83..df30b4e9272 100755 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProviderFactory.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProviderFactory.java @@ -85,7 +85,7 @@ public class InfinispanUserSessionProviderFactory implements UserSessionProvider InfinispanConnectionProvider connections = session.getProvider(InfinispanConnectionProvider.class); Cache> cache = connections.getCache(InfinispanConnectionProvider.SESSION_CACHE_NAME); Cache> offlineSessionsCache = connections.getCache(InfinispanConnectionProvider.OFFLINE_SESSION_CACHE_NAME); - Cache loginFailures = connections.getCache(InfinispanConnectionProvider.LOGIN_FAILURE_CACHE_NAME); + Cache> loginFailures = connections.getCache(InfinispanConnectionProvider.LOGIN_FAILURE_CACHE_NAME); return new InfinispanUserSessionProvider(session, remoteCacheInvoker, lastSessionRefreshStore, offlineLastSessionRefreshStore, cache, offlineSessionsCache, loginFailures); } @@ -224,6 +224,11 @@ public class InfinispanUserSessionProviderFactory implements UserSessionProvider if (offlineSessionsRemoteCache) { offlineLastSessionRefreshStore = new LastSessionRefreshStoreFactory().createAndInit(session, offlineSessionsCache, true); } + + Cache loginFailuresCache = ispn.getCache(InfinispanConnectionProvider.LOGIN_FAILURE_CACHE_NAME); + boolean loginFailuresRemoteCache = checkRemoteCache(session, loginFailuresCache, (RealmModel realm) -> { + return realm.getMaxDeltaTimeSeconds() * 1000; + }); } private boolean checkRemoteCache(KeycloakSession session, Cache ispnCache, RemoteCacheInvoker.MaxIdleTimeLoader maxIdleLoader) { @@ -248,12 +253,12 @@ public class InfinispanUserSessionProviderFactory implements UserSessionProvider private void loadSessionsFromRemoteCaches(KeycloakSession session) { for (String cacheName : remoteCacheInvoker.getRemoteCacheNames()) { - loadSessionsFromRemoteCache(session.getKeycloakSessionFactory(), cacheName, getMaxErrors()); + loadSessionsFromRemoteCache(session.getKeycloakSessionFactory(), cacheName, getSessionsPerSegment(), getMaxErrors()); } } - private void loadSessionsFromRemoteCache(final KeycloakSessionFactory sessionFactory, String cacheName, final int maxErrors) { + private void loadSessionsFromRemoteCache(final KeycloakSessionFactory sessionFactory, String cacheName, final int sessionsPerSegment, final int maxErrors) { log.debugf("Check pre-loading userSessions from remote cache '%s'", cacheName); KeycloakModelUtils.runJobInTransaction(sessionFactory, new KeycloakSessionTask() { @@ -263,8 +268,7 @@ public class InfinispanUserSessionProviderFactory implements UserSessionProvider InfinispanConnectionProvider connections = session.getProvider(InfinispanConnectionProvider.class); Cache workCache = connections.getCache(InfinispanConnectionProvider.WORK_CACHE_NAME); - // Use limit for sessionsPerSegment as RemoteCache bulk load doesn't have support for pagination :/ - BaseCacheInitializer initializer = new SingleWorkerCacheInitializer(session, workCache, new RemoteCacheSessionsLoader(cacheName), "remoteCacheLoad::" + cacheName); + InfinispanCacheInitializer initializer = new InfinispanCacheInitializer(sessionFactory, workCache, new RemoteCacheSessionsLoader(cacheName), "remoteCacheLoad::" + cacheName, sessionsPerSegment, maxErrors); initializer.initCache(); initializer.loadSessions(); diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UserLoginFailureAdapter.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UserLoginFailureAdapter.java index a41777dc43a..0971c262126 100755 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UserLoginFailureAdapter.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UserLoginFailureAdapter.java @@ -17,8 +17,8 @@ package org.keycloak.models.sessions.infinispan; -import org.infinispan.Cache; import org.keycloak.models.UserLoginFailureModel; +import org.keycloak.models.sessions.infinispan.changes.LoginFailuresUpdateTask; import org.keycloak.models.sessions.infinispan.entities.LoginFailureEntity; import org.keycloak.models.sessions.infinispan.entities.LoginFailureKey; @@ -28,13 +28,11 @@ import org.keycloak.models.sessions.infinispan.entities.LoginFailureKey; public class UserLoginFailureAdapter implements UserLoginFailureModel { private InfinispanUserSessionProvider provider; - private Cache cache; private LoginFailureKey key; private LoginFailureEntity entity; - public UserLoginFailureAdapter(InfinispanUserSessionProvider provider, Cache cache, LoginFailureKey key, LoginFailureEntity entity) { + public UserLoginFailureAdapter(InfinispanUserSessionProvider provider, LoginFailureKey key, LoginFailureEntity entity) { this.provider = provider; - this.cache = cache; this.key = key; this.entity = entity; } @@ -51,8 +49,16 @@ public class UserLoginFailureAdapter implements UserLoginFailureModel { @Override public void setFailedLoginNotBefore(int notBefore) { - entity.setFailedLoginNotBefore(notBefore); - update(); + LoginFailuresUpdateTask task = new LoginFailuresUpdateTask() { + + @Override + public void runUpdate(LoginFailureEntity entity) { + entity.setFailedLoginNotBefore(notBefore); + } + + }; + + update(task); } @Override @@ -62,14 +68,30 @@ public class UserLoginFailureAdapter implements UserLoginFailureModel { @Override public void incrementFailures() { - entity.setNumFailures(getNumFailures() + 1); - update(); + LoginFailuresUpdateTask task = new LoginFailuresUpdateTask() { + + @Override + public void runUpdate(LoginFailureEntity entity) { + entity.setNumFailures(entity.getNumFailures() + 1); + } + + }; + + update(task); } @Override public void clearFailures() { - entity.clearFailures(); - update(); + LoginFailuresUpdateTask task = new LoginFailuresUpdateTask() { + + @Override + public void runUpdate(LoginFailureEntity entity) { + entity.clearFailures(); + } + + }; + + update(task); } @Override @@ -79,8 +101,16 @@ public class UserLoginFailureAdapter implements UserLoginFailureModel { @Override public void setLastFailure(long lastFailure) { - entity.setLastFailure(lastFailure); - update(); + LoginFailuresUpdateTask task = new LoginFailuresUpdateTask() { + + @Override + public void runUpdate(LoginFailureEntity entity) { + entity.setLastFailure(lastFailure); + } + + }; + + update(task); } @Override @@ -90,12 +120,20 @@ public class UserLoginFailureAdapter implements UserLoginFailureModel { @Override public void setLastIPFailure(String ip) { - entity.setLastIPFailure(ip); - update(); + LoginFailuresUpdateTask task = new LoginFailuresUpdateTask() { + + @Override + public void runUpdate(LoginFailureEntity entity) { + entity.setLastIPFailure(ip); + } + + }; + + update(task); } - void update() { - provider.getTx().replace(cache, key, entity); + void update(LoginFailuresUpdateTask task) { + provider.getLoginFailuresTx().addTask(key, task); } } diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UserSessionAdapter.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UserSessionAdapter.java index 3f09773c117..635d4f7a0c4 100755 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UserSessionAdapter.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UserSessionAdapter.java @@ -82,25 +82,28 @@ public class UserSessionAdapter implements UserSessionModel { }); } - // Update user session - if (!removedClientUUIDS.isEmpty()) { - UserSessionUpdateTask task = new UserSessionUpdateTask() { - - @Override - public void runUpdate(UserSessionEntity entity) { - for (String clientUUID : removedClientUUIDS) { - entity.getAuthenticatedClientSessions().remove(clientUUID); - } - } - - }; - - update(task); - } + removeAuthenticatedClientSessions(removedClientUUIDS); return Collections.unmodifiableMap(result); } + @Override + public void removeAuthenticatedClientSessions(Iterable removedClientUUIDS) { + if (removedClientUUIDS == null || ! removedClientUUIDS.iterator().hasNext()) { + return; + } + + // Update user session + UserSessionUpdateTask task = new UserSessionUpdateTask() { + @Override + public void runUpdate(UserSessionEntity entity) { + removedClientUUIDS.forEach(entity.getAuthenticatedClientSessions()::remove); + } + }; + + update(task); + } + public String getId() { return entity.getId(); } diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/InfinispanChangelogBasedTransaction.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/InfinispanChangelogBasedTransaction.java index 43bb2b39295..e5a7a47c786 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/InfinispanChangelogBasedTransaction.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/InfinispanChangelogBasedTransaction.java @@ -33,18 +33,18 @@ import org.keycloak.models.sessions.infinispan.remotestore.RemoteCacheInvoker; /** * @author Marek Posolda */ -public class InfinispanChangelogBasedTransaction extends AbstractKeycloakTransaction { +public class InfinispanChangelogBasedTransaction extends AbstractKeycloakTransaction { public static final Logger logger = Logger.getLogger(InfinispanChangelogBasedTransaction.class); private final KeycloakSession kcSession; private final String cacheName; - private final Cache> cache; + private final Cache> cache; private final RemoteCacheInvoker remoteCacheInvoker; - private final Map> updates = new HashMap<>(); + private final Map> updates = new HashMap<>(); - public InfinispanChangelogBasedTransaction(KeycloakSession kcSession, String cacheName, Cache> cache, RemoteCacheInvoker remoteCacheInvoker) { + public InfinispanChangelogBasedTransaction(KeycloakSession kcSession, String cacheName, Cache> cache, RemoteCacheInvoker remoteCacheInvoker) { this.kcSession = kcSession; this.cacheName = cacheName; this.cache = cache; @@ -52,11 +52,11 @@ public class InfinispanChangelogBasedTransaction extend } - public void addTask(String key, SessionUpdateTask task) { - SessionUpdatesList myUpdates = updates.get(key); + public void addTask(K key, SessionUpdateTask task) { + SessionUpdatesList myUpdates = updates.get(key); if (myUpdates == null) { // Lookup entity from cache - SessionEntityWrapper wrappedEntity = cache.get(key); + SessionEntityWrapper wrappedEntity = cache.get(key); if (wrappedEntity == null) { logger.warnf("Not present cache item for key %s", key); return; @@ -75,14 +75,14 @@ public class InfinispanChangelogBasedTransaction extend // Create entity and new version for it - public void addTask(String key, SessionUpdateTask task, S entity) { + public void addTask(K key, SessionUpdateTask task, V entity) { if (entity == null) { throw new IllegalArgumentException("Null entity not allowed"); } RealmModel realm = kcSession.realms().getRealm(entity.getRealm()); - SessionEntityWrapper wrappedEntity = new SessionEntityWrapper<>(entity); - SessionUpdatesList myUpdates = new SessionUpdatesList<>(realm, wrappedEntity); + SessionEntityWrapper wrappedEntity = new SessionEntityWrapper<>(entity); + SessionUpdatesList myUpdates = new SessionUpdatesList<>(realm, wrappedEntity); updates.put(key, myUpdates); // Run the update now, so reader in same transaction can see it @@ -91,19 +91,19 @@ public class InfinispanChangelogBasedTransaction extend } - public void reloadEntityInCurrentTransaction(RealmModel realm, String key, SessionEntityWrapper entity) { + public void reloadEntityInCurrentTransaction(RealmModel realm, K key, SessionEntityWrapper entity) { if (entity == null) { throw new IllegalArgumentException("Null entity not allowed"); } - SessionEntityWrapper latestEntity = cache.get(key); + SessionEntityWrapper latestEntity = cache.get(key); if (latestEntity == null) { return; } - SessionUpdatesList newUpdates = new SessionUpdatesList<>(realm, latestEntity); + SessionUpdatesList newUpdates = new SessionUpdatesList<>(realm, latestEntity); - SessionUpdatesList existingUpdates = updates.get(key); + SessionUpdatesList existingUpdates = updates.get(key); if (existingUpdates != null) { newUpdates.setUpdateTasks(existingUpdates.getUpdateTasks()); } @@ -112,10 +112,10 @@ public class InfinispanChangelogBasedTransaction extend } - public SessionEntityWrapper get(String key) { - SessionUpdatesList myUpdates = updates.get(key); + public SessionEntityWrapper get(K key) { + SessionUpdatesList myUpdates = updates.get(key); if (myUpdates == null) { - SessionEntityWrapper wrappedEntity = cache.get(key); + SessionEntityWrapper wrappedEntity = cache.get(key); if (wrappedEntity == null) { return null; } @@ -127,7 +127,7 @@ public class InfinispanChangelogBasedTransaction extend return wrappedEntity; } else { - S entity = myUpdates.getEntityWrapper().getEntity(); + V entity = myUpdates.getEntityWrapper().getEntity(); // If entity is scheduled for remove, we don't return it. boolean scheduledForRemove = myUpdates.getUpdateTasks().stream().filter((SessionUpdateTask task) -> { @@ -143,13 +143,13 @@ public class InfinispanChangelogBasedTransaction extend @Override protected void commitImpl() { - for (Map.Entry> entry : updates.entrySet()) { - SessionUpdatesList sessionUpdates = entry.getValue(); - SessionEntityWrapper sessionWrapper = sessionUpdates.getEntityWrapper(); + for (Map.Entry> entry : updates.entrySet()) { + SessionUpdatesList sessionUpdates = entry.getValue(); + SessionEntityWrapper sessionWrapper = sessionUpdates.getEntityWrapper(); RealmModel realm = sessionUpdates.getRealm(); - MergedUpdate merged = MergedUpdate.computeUpdate(sessionUpdates.getUpdateTasks(), sessionWrapper); + MergedUpdate merged = MergedUpdate.computeUpdate(sessionUpdates.getUpdateTasks(), sessionWrapper); if (merged != null) { // Now run the operation in our cluster @@ -162,8 +162,8 @@ public class InfinispanChangelogBasedTransaction extend } - private void runOperationInCluster(String key, MergedUpdate task, SessionEntityWrapper sessionWrapper) { - S session = sessionWrapper.getEntity(); + private void runOperationInCluster(K key, MergedUpdate task, SessionEntityWrapper sessionWrapper) { + V session = sessionWrapper.getEntity(); SessionUpdateTask.CacheOperation operation = task.getOperation(session); // Don't need to run update of underlying entity. Local updates were already run @@ -182,9 +182,14 @@ public class InfinispanChangelogBasedTransaction extend .put(key, sessionWrapper, task.getLifespanMs(), TimeUnit.MILLISECONDS); break; case ADD_IF_ABSENT: - SessionEntityWrapper existing = cache.putIfAbsent(key, sessionWrapper); + SessionEntityWrapper existing = cache.putIfAbsent(key, sessionWrapper); if (existing != null) { - throw new IllegalStateException("There is already existing value in cache for key " + key); + logger.debugf("Existing entity in cache for key: %s . Will update it", key); + + // Apply updates on the existing entity and replace it + task.runUpdate(existing.getEntity()); + + replace(key, task, existing); } break; case REPLACE: @@ -197,12 +202,12 @@ public class InfinispanChangelogBasedTransaction extend } - private void replace(String key, MergedUpdate task, SessionEntityWrapper oldVersionEntity) { + private void replace(K key, MergedUpdate task, SessionEntityWrapper oldVersionEntity) { boolean replaced = false; - S session = oldVersionEntity.getEntity(); + V session = oldVersionEntity.getEntity(); while (!replaced) { - SessionEntityWrapper newVersionEntity = generateNewVersionAndWrapEntity(session, oldVersionEntity.getLocalMetadata()); + SessionEntityWrapper newVersionEntity = generateNewVersionAndWrapEntity(session, oldVersionEntity.getLocalMetadata()); // Atomic cluster-aware replace replaced = cache.replace(key, oldVersionEntity, newVersionEntity); @@ -235,7 +240,7 @@ public class InfinispanChangelogBasedTransaction extend protected void rollbackImpl() { } - private SessionEntityWrapper generateNewVersionAndWrapEntity(S entity, Map localMetadata) { + private SessionEntityWrapper generateNewVersionAndWrapEntity(V entity, Map localMetadata) { return new SessionEntityWrapper<>(localMetadata, entity); } diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/LoginFailuresUpdateTask.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/LoginFailuresUpdateTask.java new file mode 100644 index 00000000000..04ed05a3180 --- /dev/null +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/LoginFailuresUpdateTask.java @@ -0,0 +1,36 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.models.sessions.infinispan.changes; + +import org.keycloak.models.sessions.infinispan.entities.LoginFailureEntity; + +/** + * @author Marek Posolda + */ +public abstract class LoginFailuresUpdateTask implements SessionUpdateTask { + + @Override + public CacheOperation getOperation(LoginFailureEntity session) { + return CacheOperation.REPLACE; + } + + @Override + public CrossDCMessageStatus getCrossDCMessageStatus(SessionEntityWrapper sessionWrapper) { + return CrossDCMessageStatus.SYNC; + } +} diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/MergedUpdate.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/MergedUpdate.java index 1f24f84faf9..8e0cf0ed82b 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/MergedUpdate.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/MergedUpdate.java @@ -32,7 +32,7 @@ class MergedUpdate implements SessionUpdateTask { private CrossDCMessageStatus crossDCMessageStatus; - public MergedUpdate(CacheOperation operation, CrossDCMessageStatus crossDCMessageStatus) { + private MergedUpdate(CacheOperation operation, CrossDCMessageStatus crossDCMessageStatus) { this.operation = operation; this.crossDCMessageStatus = crossDCMessageStatus; } diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/SessionUpdateTask.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/SessionUpdateTask.java index 66f88baa055..244a88bd990 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/SessionUpdateTask.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/SessionUpdateTask.java @@ -17,8 +17,6 @@ package org.keycloak.models.sessions.infinispan.changes; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.RealmModel; import org.keycloak.models.sessions.infinispan.entities.SessionEntity; /** @@ -51,7 +49,7 @@ public interface SessionUpdateTask { if (this == ADD | this == ADD_IF_ABSENT) { if (other == ADD | other == ADD_IF_ABSENT) { - throw new IllegalStateException("Illegal state. Task already in progress for session " + entity.getId()); + throw new IllegalStateException("Illegal state. Task already in progress for session " + entity.toString()); } return this; diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/UserSessionUpdateTask.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/UserSessionUpdateTask.java index 4fd4bbebf1c..1db36a1c7e5 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/UserSessionUpdateTask.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/UserSessionUpdateTask.java @@ -17,8 +17,6 @@ package org.keycloak.models.sessions.infinispan.changes; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.RealmModel; import org.keycloak.models.sessions.infinispan.entities.UserSessionEntity; /** diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/sessions/LastSessionRefreshChecker.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/sessions/LastSessionRefreshChecker.java index f9adf9b8cbe..25e0df942fe 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/sessions/LastSessionRefreshChecker.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/sessions/LastSessionRefreshChecker.java @@ -60,7 +60,7 @@ public class LastSessionRefreshChecker { Integer lsrr = sessionWrapper.getLocalMetadataNoteInt(UserSessionEntity.LAST_SESSION_REFRESH_REMOTE); if (lsrr == null) { - logger.warnf("Not available lsrr note on user session %s.", sessionWrapper.getEntity().getId()); + logger.debugf("Not available lsrr note on user session %s.", sessionWrapper.getEntity().getId()); return SessionUpdateTask.CrossDCMessageStatus.SYNC; } diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/AuthenticationSessionEntity.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/AuthenticationSessionEntity.java index 0b992254b2d..cdb841e6f22 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/AuthenticationSessionEntity.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/AuthenticationSessionEntity.java @@ -21,6 +21,7 @@ import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Set; +import java.util.TreeSet; import org.keycloak.sessions.AuthenticationSessionModel; @@ -29,6 +30,8 @@ import org.keycloak.sessions.AuthenticationSessionModel; */ public class AuthenticationSessionEntity extends SessionEntity { + private String id; + private String clientUuid; private String authUserId; @@ -46,6 +49,14 @@ public class AuthenticationSessionEntity extends SessionEntity { private Set requiredActions = new HashSet<>(); private Map userSessionNotes; + public String getId() { + return id; + } + + public void setId(String id) { + this.id = id; + } + public String getClientUuid() { return clientUuid; } @@ -149,4 +160,26 @@ public class AuthenticationSessionEntity extends SessionEntity { public void setAuthNotes(Map authNotes) { this.authNotes = authNotes; } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (!(o instanceof AuthenticationSessionEntity)) return false; + + AuthenticationSessionEntity that = (AuthenticationSessionEntity) o; + + if (id != null ? !id.equals(that.id) : that.id != null) return false; + + return true; + } + + @Override + public int hashCode() { + return id != null ? id.hashCode() : 0; + } + + @Override + public String toString() { + return String.format("AuthenticationSessionEntity [id=%s, realm=%s, clientUuid=%s ]", getId(), getRealm(), getClientUuid()); + } } diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/LoginFailureEntity.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/LoginFailureEntity.java index d25f58b831a..5b328ecc915 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/LoginFailureEntity.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/LoginFailureEntity.java @@ -17,15 +17,12 @@ package org.keycloak.models.sessions.infinispan.entities; -import java.io.Serializable; - /** * @author Stian Thorgersen */ -public class LoginFailureEntity implements Serializable { +public class LoginFailureEntity extends SessionEntity { private String userId; - private String realm; private int failedLoginNotBefore; private int numFailures; private long lastFailure; @@ -39,14 +36,6 @@ public class LoginFailureEntity implements Serializable { this.userId = userId; } - public String getRealm() { - return realm; - } - - public void setRealm(String realm) { - this.realm = realm; - } - public int getFailedLoginNotBefore() { return failedLoginNotBefore; } @@ -85,4 +74,30 @@ public class LoginFailureEntity implements Serializable { this.lastFailure = 0; this.lastIPFailure = null; } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (!(o instanceof LoginFailureEntity)) return false; + + LoginFailureEntity that = (LoginFailureEntity) o; + + if (userId != null ? !userId.equals(that.userId) : that.userId != null) return false; + if (getRealm() != null ? !getRealm().equals(that.getRealm()) : that.getRealm() != null) return false; + + + return true; + } + + @Override + public int hashCode() { + int hashCode = getRealm() != null ? getRealm().hashCode() : 0; + hashCode = hashCode * 13 + (userId != null ? userId.hashCode() : 0); + return hashCode; + } + + @Override + public String toString() { + return String.format("LoginFailureEntity [ userId=%s, realm=%s, numFailures=%d ]", userId, getRealm(), numFailures); + } } diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/LoginFailureKey.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/LoginFailureKey.java index c45237963bf..318b1ba5479 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/LoginFailureKey.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/LoginFailureKey.java @@ -52,4 +52,9 @@ public class LoginFailureKey implements Serializable { return result; } + + @Override + public String toString() { + return String.format("LoginFailureKey [ realm=%s. userId=%s ]", realm, userId); + } } diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/SessionEntity.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/SessionEntity.java index 25ac2a4efeb..37f8e081ce3 100755 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/SessionEntity.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/SessionEntity.java @@ -26,17 +26,8 @@ import org.keycloak.models.sessions.infinispan.changes.SessionEntityWrapper; */ public abstract class SessionEntity implements Serializable { - private String id; - private String realm; - public String getId() { - return id; - } - - public void setId(String id) { - this.id = id; - } public String getRealm() { return realm; @@ -46,26 +37,13 @@ public abstract class SessionEntity implements Serializable { this.realm = realm; } - @Override - public boolean equals(Object o) { - if (this == o) return true; - if (!(o instanceof SessionEntity)) return false; - - SessionEntity that = (SessionEntity) o; - - if (id != null ? !id.equals(that.id) : that.id != null) return false; - - return true; - } - - @Override - public int hashCode() { - return id != null ? id.hashCode() : 0; - } - public SessionEntityWrapper mergeRemoteEntityWithLocalEntity(SessionEntityWrapper localEntityWrapper) { - throw new IllegalStateException("Not yet implemented"); + if (localEntityWrapper == null) { + return new SessionEntityWrapper<>(this); + } else { + return new SessionEntityWrapper<>(localEntityWrapper.getLocalMetadata(), this); + } }; } diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/UserSessionEntity.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/UserSessionEntity.java index 5d0edb09fe0..8ac85a17e48 100755 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/UserSessionEntity.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/UserSessionEntity.java @@ -43,6 +43,8 @@ public class UserSessionEntity extends SessionEntity { // Metadata attribute, which contains the lastSessionRefresh available on remoteCache. Used in decide whether we need to write to remoteCache (DC) or not public static final String LAST_SESSION_REFRESH_REMOTE = "lsrr"; + private String id; + private String user; private String brokerSessionId; @@ -62,6 +64,14 @@ public class UserSessionEntity extends SessionEntity { private UserSessionModel.State state; + public String getId() { + return id; + } + + public void setId(String id) { + this.id = id; + } + private Map notes = new ConcurrentHashMap<>(); private Map authenticatedClientSessions = new ConcurrentHashMap<>(); @@ -162,6 +172,23 @@ public class UserSessionEntity extends SessionEntity { this.brokerUserId = brokerUserId; } + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (!(o instanceof UserSessionEntity)) return false; + + UserSessionEntity that = (UserSessionEntity) o; + + if (id != null ? !id.equals(that.id) : that.id != null) return false; + + return true; + } + + @Override + public int hashCode() { + return id != null ? id.hashCode() : 0; + } + @Override public String toString() { return String.format("UserSessionEntity [id=%s, realm=%s, lastSessionRefresh=%d, clients=%s]", getId(), getRealm(), getLastSessionRefresh(), diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/initializer/BaseCacheInitializer.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/initializer/BaseCacheInitializer.java index 43788d07fb4..cca28cc6560 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/initializer/BaseCacheInitializer.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/initializer/BaseCacheInitializer.java @@ -106,7 +106,7 @@ public abstract class BaseCacheInitializer extends CacheInitializer { private InitializerState getStateFromCache() { - // We ignore cacheStore for now, so that in Cross-DC scenario (with RemoteStore enabled) is the remoteStore ignored. This means that every DC needs to load offline sessions separately. + // We ignore cacheStore for now, so that in Cross-DC scenario (with RemoteStore enabled) is the remoteStore ignored. return (InitializerState) workCache.getAdvancedCache() .withFlags(Flag.SKIP_CACHE_STORE, Flag.SKIP_CACHE_LOAD) .get(stateKey); @@ -122,7 +122,7 @@ public abstract class BaseCacheInitializer extends CacheInitializer { public void run() { // Save this synchronously to ensure all nodes read correct state - // We ignore cacheStore for now, so that in Cross-DC scenario (with RemoteStore enabled) is the remoteStore ignored. This means that every DC needs to load offline sessions separately. + // We ignore cacheStore for now, so that in Cross-DC scenario (with RemoteStore enabled) is the remoteStore ignored. BaseCacheInitializer.this.workCache.getAdvancedCache(). withFlags(Flag.IGNORE_RETURN_VALUES, Flag.FORCE_SYNCHRONOUS, Flag.SKIP_CACHE_STORE, Flag.SKIP_CACHE_LOAD) .put(stateKey, state); diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/initializer/InfinispanCacheInitializer.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/initializer/InfinispanCacheInitializer.java index 620a9a8178c..ef45bd9db59 100755 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/initializer/InfinispanCacheInitializer.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/initializer/InfinispanCacheInitializer.java @@ -35,7 +35,7 @@ import java.util.concurrent.Future; * Startup initialization for reading persistent userSessions to be filled into infinispan/memory . In cluster, * the initialization is distributed among all cluster nodes, so the startup time is even faster * - * TODO: Move to clusterService. Implementation is already pretty generic and doesn't contain any "userSession" specific stuff. All sessions-specific logic is in the SessionLoader implementation + * Implementation is pretty generic and doesn't contain any "userSession" specific stuff. All logic related to how are sessions loaded is in the SessionLoader implementation * * @author Marek Posolda */ diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/KcRemoteStoreConfigurationBuilder.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/KcRemoteStoreConfigurationBuilder.java deleted file mode 100644 index 9e99967467e..00000000000 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/KcRemoteStoreConfigurationBuilder.java +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.models.sessions.infinispan.remotestore; - -import org.infinispan.configuration.cache.PersistenceConfigurationBuilder; -import org.infinispan.persistence.remote.configuration.RemoteStoreConfiguration; -import org.infinispan.persistence.remote.configuration.RemoteStoreConfigurationBuilder; - -/** - * @author Marek Posolda - */ -public class KcRemoteStoreConfigurationBuilder extends RemoteStoreConfigurationBuilder { - - public KcRemoteStoreConfigurationBuilder(PersistenceConfigurationBuilder builder) { - super(builder); - } - - @Override - public KcRemoteStoreConfiguration create() { - RemoteStoreConfiguration cfg = super.create(); - KcRemoteStoreConfiguration cfg2 = new KcRemoteStoreConfiguration(cfg.attributes(), cfg.async(), cfg.singletonStore(), cfg.asyncExecutorFactory(), cfg.connectionPool()); - return cfg2; - } -} diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/KcRemoteStore.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/KeycloakRemoteStore.java similarity index 50% rename from model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/KcRemoteStore.java rename to model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/KeycloakRemoteStore.java index ba413ae124f..a0f5e423793 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/KcRemoteStore.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/KeycloakRemoteStore.java @@ -17,14 +17,23 @@ package org.keycloak.models.sessions.infinispan.remotestore; +import java.util.Optional; import java.util.concurrent.Executor; -import org.infinispan.client.hotrod.Flag; +import org.infinispan.commons.CacheException; import org.infinispan.commons.configuration.ConfiguredBy; +import org.infinispan.configuration.cache.ConfigurationBuilder; +import org.infinispan.configuration.cache.PersistenceConfigurationBuilder; +import org.infinispan.configuration.cache.StoreConfiguration; import org.infinispan.filter.KeyFilter; +import org.infinispan.manager.EmbeddedCacheManager; import org.infinispan.marshall.core.MarshalledEntry; import org.infinispan.metadata.InternalMetadata; +import org.infinispan.persistence.InitializationContextImpl; import org.infinispan.persistence.remote.RemoteStore; +import org.infinispan.persistence.remote.configuration.RemoteStoreConfiguration; +import org.infinispan.persistence.remote.configuration.RemoteStoreConfigurationBuilder; +import org.infinispan.persistence.spi.InitializationContext; import org.infinispan.persistence.spi.PersistenceException; import org.jboss.logging.Logger; import org.keycloak.models.sessions.infinispan.changes.SessionEntityWrapper; @@ -33,26 +42,68 @@ import org.keycloak.models.sessions.infinispan.entities.SessionEntity; /** * @author Marek Posolda */ -@ConfiguredBy(KcRemoteStoreConfiguration.class) -public class KcRemoteStore extends RemoteStore { +@ConfiguredBy(KeycloakRemoteStoreConfiguration.class) +public class KeycloakRemoteStore extends RemoteStore { - protected static final Logger logger = Logger.getLogger(KcRemoteStore.class); + protected static final Logger logger = Logger.getLogger(KeycloakRemoteStore.class); - private String cacheName; + private String remoteCacheName; @Override public void start() throws PersistenceException { + this.remoteCacheName = getConfiguration().remoteCacheName(); + + String cacheTemplateName = getConfiguration().useConfigTemplateFromCache(); + + if (cacheTemplateName != null) { + logger.debugf("Will override configuration of cache '%s' from template of cache '%s'", ctx.getCache().getName(), cacheTemplateName); + + // Just to ensure that dependent cache is started and it's configuration fully loaded + EmbeddedCacheManager cacheManager = ctx.getCache().getCacheManager(); + cacheManager.getCache(cacheTemplateName, true); + + Optional optional = cacheManager.getCacheConfiguration(cacheTemplateName).persistence().stores().stream().filter((StoreConfiguration storeConfig) -> { + + return storeConfig instanceof RemoteStoreConfiguration; + + }).findFirst(); + + if (!optional.isPresent()) { + throw new CacheException("Unable to find remoteStore on cache '" + cacheTemplateName + "."); + } + + RemoteStoreConfiguration templateConfig = (RemoteStoreConfiguration) optional.get(); + + // We have template configuration, so create new configuration from it. Override just remoteCacheName + PersistenceConfigurationBuilder readPersistenceBuilder = new ConfigurationBuilder().read(ctx.getCache().getCacheConfiguration()).persistence(); + RemoteStoreConfigurationBuilder configBuilder = new RemoteStoreConfigurationBuilder(readPersistenceBuilder); + configBuilder.read(templateConfig); + + configBuilder.remoteCacheName(this.remoteCacheName); + + RemoteStoreConfiguration newCfg1 = configBuilder.create(); + KeycloakRemoteStoreConfiguration newCfg = new KeycloakRemoteStoreConfiguration(newCfg1); + + InitializationContext ctx = new InitializationContextImpl(newCfg, this.ctx.getCache(), this.ctx.getMarshaller(), this.ctx.getTimeService(), + this.ctx.getByteBufferFactory(), this.ctx.getMarshalledEntryFactory()); + + init(ctx); + + } else { + logger.debugf("Skip overriding configuration from template for cache '%s'", ctx.getCache().getName()); + } + super.start(); + if (getRemoteCache() == null) { String cacheName = getConfiguration().remoteCacheName(); - throw new IllegalStateException("Remote cache '" + cacheName + "' is not available."); + throw new CacheException("Remote cache '" + cacheName + "' is not available."); } - this.cacheName = getRemoteCache().getName(); } @Override public MarshalledEntry load(Object key) throws PersistenceException { - logger.debugf("Calling load: '%s' for remote cache '%s'", key, cacheName); + logger.debugf("Calling load: '%s' for remote cache '%s'", key, remoteCacheName); MarshalledEntry entry = super.load(key); if (entry == null) { @@ -74,7 +125,7 @@ public class KcRemoteStore extends RemoteStore { // Don't do anything. Iterate over remoteCache.keySet() can have big performance impact. We handle bulk load by ourselves if needed. @Override public void process(KeyFilter filter, CacheLoaderTask task, Executor executor, boolean fetchValue, boolean fetchMetadata) { - logger.debugf("Skip calling process with filter '%s' on cache '%s'", filter, cacheName); + logger.debugf("Skip calling process with filter '%s' on cache '%s'", filter, remoteCacheName); // super.process(filter, task, executor, fetchValue, fetchMetadata); } @@ -87,7 +138,7 @@ public class KcRemoteStore extends RemoteStore { @Override public boolean delete(Object key) throws PersistenceException { - logger.debugf("Calling delete for key '%s' on cache '%s'", key, cacheName); + logger.debugf("Calling delete for key '%s' on cache '%s'", key, remoteCacheName); // Optimization - we don't need to know the previous value. // TODO: For some usecases (bulk removal of user sessions), it may be better for performance to call removeAsync and wait for all futures to be finished @@ -101,5 +152,8 @@ public class KcRemoteStore extends RemoteStore { } - + @Override + public KeycloakRemoteStoreConfiguration getConfiguration() { + return (KeycloakRemoteStoreConfiguration) super.getConfiguration(); + } } diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/KcRemoteStoreConfiguration.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/KeycloakRemoteStoreConfiguration.java similarity index 53% rename from model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/KcRemoteStoreConfiguration.java rename to model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/KeycloakRemoteStoreConfiguration.java index d786872e240..79788e32dca 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/KcRemoteStoreConfiguration.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/KeycloakRemoteStoreConfiguration.java @@ -19,22 +19,30 @@ package org.keycloak.models.sessions.infinispan.remotestore; import org.infinispan.commons.configuration.BuiltBy; import org.infinispan.commons.configuration.ConfigurationFor; -import org.infinispan.commons.configuration.attributes.AttributeSet; -import org.infinispan.configuration.cache.AsyncStoreConfiguration; -import org.infinispan.configuration.cache.SingletonStoreConfiguration; -import org.infinispan.persistence.remote.configuration.ConnectionPoolConfiguration; -import org.infinispan.persistence.remote.configuration.ExecutorFactoryConfiguration; +import org.infinispan.commons.configuration.attributes.Attribute; +import org.infinispan.commons.configuration.attributes.AttributeDefinition; import org.infinispan.persistence.remote.configuration.RemoteStoreConfiguration; /** * @author Marek Posolda */ -@BuiltBy(KcRemoteStoreConfigurationBuilder.class) -@ConfigurationFor(KcRemoteStore.class) -public class KcRemoteStoreConfiguration extends RemoteStoreConfiguration { +@BuiltBy(KeycloakRemoteStoreConfigurationBuilder.class) +@ConfigurationFor(KeycloakRemoteStore.class) +public class KeycloakRemoteStoreConfiguration extends RemoteStoreConfiguration { - public KcRemoteStoreConfiguration(AttributeSet attributes, AsyncStoreConfiguration async, SingletonStoreConfiguration singletonStore, - ExecutorFactoryConfiguration asyncExecutorFactory, ConnectionPoolConfiguration connectionPool) { - super(attributes, async, singletonStore, asyncExecutorFactory, connectionPool); + static final AttributeDefinition USE_CONFIG_TEMPLATE_FROM_CACHE = AttributeDefinition.builder("useConfigTemplateFromCache", null, String.class).immutable().build(); + + private final Attribute useConfigTemplateFromCache; + + + public KeycloakRemoteStoreConfiguration(RemoteStoreConfiguration other) { + super(other.attributes(), other.async(), other.singletonStore(), other.asyncExecutorFactory(), other.connectionPool()); + useConfigTemplateFromCache = attributes.attribute(USE_CONFIG_TEMPLATE_FROM_CACHE.name()); + } + + + + public String useConfigTemplateFromCache() { + return useConfigTemplateFromCache==null ? null : useConfigTemplateFromCache.get(); } } diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/KeycloakRemoteStoreConfigurationBuilder.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/KeycloakRemoteStoreConfigurationBuilder.java new file mode 100644 index 00000000000..2a0ec197059 --- /dev/null +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/KeycloakRemoteStoreConfigurationBuilder.java @@ -0,0 +1,61 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.models.sessions.infinispan.remotestore; + +import java.lang.reflect.Field; +import java.util.Map; + +import org.infinispan.commons.CacheConfigurationException; +import org.infinispan.commons.configuration.attributes.Attribute; +import org.infinispan.commons.configuration.attributes.AttributeDefinition; +import org.infinispan.commons.configuration.attributes.AttributeSet; +import org.infinispan.configuration.cache.PersistenceConfigurationBuilder; +import org.infinispan.persistence.remote.configuration.RemoteStoreConfiguration; +import org.infinispan.persistence.remote.configuration.RemoteStoreConfigurationBuilder; +import org.keycloak.common.util.reflections.Reflections; + +/** + * @author Marek Posolda + */ +public class KeycloakRemoteStoreConfigurationBuilder extends RemoteStoreConfigurationBuilder { + + public KeycloakRemoteStoreConfigurationBuilder(PersistenceConfigurationBuilder builder) { + super(builder); + + // No better way to add new attribute definition to superclass :/ + try { + AttributeDefinition def = KeycloakRemoteStoreConfiguration.USE_CONFIG_TEMPLATE_FROM_CACHE; + Attribute attribute = def.toAttribute(); + + Field f = Reflections.findDeclaredField(AttributeSet.class, "attributes"); + f.setAccessible(true); + Map> attributesInternal = (Map>) f.get(this.attributes); + attributesInternal.put(def.name(), attribute); + } catch (IllegalAccessException iae) { + throw new CacheConfigurationException(iae); + } + } + + + @Override + public KeycloakRemoteStoreConfiguration create() { + RemoteStoreConfiguration cfg = super.create(); + KeycloakRemoteStoreConfiguration cfg2 = new KeycloakRemoteStoreConfiguration(cfg); + return cfg2; + } +} diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/RemoteCacheInvoker.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/RemoteCacheInvoker.java index 89fd2159029..8891469f3b5 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/RemoteCacheInvoker.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/RemoteCacheInvoker.java @@ -55,13 +55,13 @@ public class RemoteCacheInvoker { } - public void runTask(KeycloakSession kcSession, RealmModel realm, String cacheName, String key, SessionUpdateTask task, SessionEntityWrapper sessionWrapper) { + public void runTask(KeycloakSession kcSession, RealmModel realm, String cacheName, K key, SessionUpdateTask task, SessionEntityWrapper sessionWrapper) { RemoteCacheContext context = remoteCaches.get(cacheName); if (context == null) { return; } - S session = sessionWrapper.getEntity(); + V session = sessionWrapper.getEntity(); SessionUpdateTask.CacheOperation operation = task.getOperation(session); SessionUpdateTask.CrossDCMessageStatus status = task.getCrossDCMessageStatus(sessionWrapper); @@ -82,8 +82,8 @@ public class RemoteCacheInvoker { } - private void runOnRemoteCache(RemoteCache remoteCache, long maxIdleMs, String key, SessionUpdateTask task, SessionEntityWrapper sessionWrapper) { - S session = sessionWrapper.getEntity(); + private void runOnRemoteCache(RemoteCache remoteCache, long maxIdleMs, K key, SessionUpdateTask task, SessionEntityWrapper sessionWrapper) { + V session = sessionWrapper.getEntity(); SessionUpdateTask.CacheOperation operation = task.getOperation(session); switch (operation) { @@ -96,13 +96,16 @@ public class RemoteCacheInvoker { break; case ADD_IF_ABSENT: final int currentTime = Time.currentTime(); - SessionEntity existing = (SessionEntity) remoteCache + SessionEntity existing = remoteCache .withFlags(Flag.FORCE_RETURN_VALUE) .putIfAbsent(key, session, -1, TimeUnit.MILLISECONDS, maxIdleMs, TimeUnit.MILLISECONDS); if (existing != null) { - throw new IllegalStateException("There is already existing value in cache for key " + key); + logger.debugf("Existing entity in remote cache for key: %s . Will update it", key); + + replace(remoteCache, task.getLifespanMs(), maxIdleMs, key, task); + } else { + sessionWrapper.putLocalMetadataNoteInt(UserSessionEntity.LAST_SESSION_REFRESH_REMOTE, currentTime); } - sessionWrapper.putLocalMetadataNoteInt(UserSessionEntity.LAST_SESSION_REFRESH_REMOTE, currentTime); break; case REPLACE: replace(remoteCache, task.getLifespanMs(), maxIdleMs, key, task); @@ -113,16 +116,16 @@ public class RemoteCacheInvoker { } - private void replace(RemoteCache remoteCache, long lifespanMs, long maxIdleMs, String key, SessionUpdateTask task) { + private void replace(RemoteCache remoteCache, long lifespanMs, long maxIdleMs, K key, SessionUpdateTask task) { boolean replaced = false; while (!replaced) { - VersionedValue versioned = remoteCache.getVersioned(key); + VersionedValue versioned = remoteCache.getVersioned(key); if (versioned == null) { logger.warnf("Not found entity to replace for key '%s'", key); return; } - S session = versioned.getValue(); + V session = versioned.getValue(); // Run task on the remote session task.runUpdate(session); diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/RemoteCacheSessionListener.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/RemoteCacheSessionListener.java index d29e2206ede..b1868338675 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/RemoteCacheSessionListener.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/RemoteCacheSessionListener.java @@ -44,12 +44,12 @@ import org.infinispan.client.hotrod.VersionedValue; * @author Marek Posolda */ @ClientListener -public class RemoteCacheSessionListener { +public class RemoteCacheSessionListener { protected static final Logger logger = Logger.getLogger(RemoteCacheSessionListener.class); - private Cache cache; - private RemoteCache remoteCache; + private Cache> cache; + private RemoteCache remoteCache; private boolean distributed; private String myAddress; @@ -58,7 +58,7 @@ public class RemoteCacheSessionListener { } - protected void init(KeycloakSession session, Cache cache, RemoteCache remoteCache) { + protected void init(KeycloakSession session, Cache> cache, RemoteCache remoteCache) { this.cache = cache; this.remoteCache = remoteCache; @@ -73,7 +73,7 @@ public class RemoteCacheSessionListener { @ClientCacheEntryCreated public void created(ClientCacheEntryCreatedEvent event) { - String key = (String) event.getKey(); + K key = (K) event.getKey(); if (shouldUpdateLocalCache(event.getType(), key, event.isCommandRetried())) { // Should load it from remoteStore @@ -84,7 +84,7 @@ public class RemoteCacheSessionListener { @ClientCacheEntryModified public void updated(ClientCacheEntryModifiedEvent event) { - String key = (String) event.getKey(); + K key = (K) event.getKey(); if (shouldUpdateLocalCache(event.getType(), key, event.isCommandRetried())) { @@ -94,7 +94,7 @@ public class RemoteCacheSessionListener { private static final int MAXIMUM_REPLACE_RETRIES = 10; - private void replaceRemoteEntityInCache(String key, long eventVersion) { + private void replaceRemoteEntityInCache(K key, long eventVersion) { // TODO can be optimized and remoteSession sent in the event itself? boolean replaced = false; int replaceRetries = 0; @@ -102,8 +102,8 @@ public class RemoteCacheSessionListener { do { replaceRetries++; - SessionEntityWrapper localEntityWrapper = cache.get(key); - VersionedValue remoteSessionVersioned = remoteCache.getVersioned(key); + SessionEntityWrapper localEntityWrapper = cache.get(key); + VersionedValue remoteSessionVersioned = remoteCache.getVersioned(key); if (remoteSessionVersioned == null || remoteSessionVersioned.getVersion() < eventVersion) { try { logger.debugf("Got replace remote entity event prematurely, will try again. Event version: %d, got: %d", @@ -120,7 +120,7 @@ public class RemoteCacheSessionListener { logger.debugf("Read session%s. Entity read from remote cache: %s", replaceRetries > 1 ? "" : " again", remoteSession); - SessionEntityWrapper sessionWrapper = remoteSession.mergeRemoteEntityWithLocalEntity(localEntityWrapper); + SessionEntityWrapper sessionWrapper = remoteSession.mergeRemoteEntityWithLocalEntity(localEntityWrapper); // We received event from remoteCache, so we won't update it back replaced = cache.getAdvancedCache().withFlags(Flag.SKIP_CACHE_STORE, Flag.SKIP_CACHE_LOAD, Flag.IGNORE_RETURN_VALUES) @@ -135,7 +135,7 @@ public class RemoteCacheSessionListener { @ClientCacheEntryRemoved public void removed(ClientCacheEntryRemovedEvent event) { - String key = (String) event.getKey(); + K key = (K) event.getKey(); if (shouldUpdateLocalCache(event.getType(), key, event.isCommandRetried())) { // We received event from remoteCache, so we won't update it back @@ -152,7 +152,7 @@ public class RemoteCacheSessionListener { // For distributed caches, ensure that local modification is executed just on owner OR if event.isCommandRetried - protected boolean shouldUpdateLocalCache(ClientEvent.Type type, String key, boolean commandRetried) { + protected boolean shouldUpdateLocalCache(ClientEvent.Type type, K key, boolean commandRetried) { boolean result; // Case when cache is stopping or stopped already @@ -184,7 +184,7 @@ public class RemoteCacheSessionListener { } - public static RemoteCacheSessionListener createListener(KeycloakSession session, Cache cache, RemoteCache remoteCache) { + public static RemoteCacheSessionListener createListener(KeycloakSession session, Cache> cache, RemoteCache remoteCache) { /*boolean isCoordinator = InfinispanUtil.isCoordinator(cache); // Just cluster coordinator will fetch userSessions from remote cache. @@ -198,7 +198,7 @@ public class RemoteCacheSessionListener { listener = new DontFetchInitialStateCacheListener(); }*/ - RemoteCacheSessionListener listener = new RemoteCacheSessionListener(); + RemoteCacheSessionListener listener = new RemoteCacheSessionListener<>(); listener.init(session, cache, remoteCache); return listener; diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/RemoteCacheSessionsLoader.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/RemoteCacheSessionsLoader.java index 65c31bc77d3..789fc160e8f 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/RemoteCacheSessionsLoader.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/remotestore/RemoteCacheSessionsLoader.java @@ -18,10 +18,12 @@ package org.keycloak.models.sessions.infinispan.remotestore; import java.io.Serializable; +import java.util.HashMap; import java.util.Map; import org.infinispan.Cache; import org.infinispan.client.hotrod.RemoteCache; +import org.infinispan.commons.marshall.Marshaller; import org.infinispan.context.Flag; import org.jboss.logging.Logger; import org.keycloak.connections.infinispan.InfinispanConnectionProvider; @@ -40,8 +42,33 @@ public class RemoteCacheSessionsLoader implements SessionLoader { private static final Logger log = Logger.getLogger(RemoteCacheSessionsLoader.class); - // Hardcoded limit for now. See if needs to be configurable (or if preloading can be enabled/disabled in configuration) - public static final int LIMIT = 100000; + + // Javascript to be executed on remote infinispan server (Flag CACHE_MODE_LOCAL assumes that remoteCache is replicated) + private static final String REMOTE_SCRIPT_FOR_LOAD_SESSIONS = + "function loadSessions() {" + + " var flagClazz = cache.getClass().getClassLoader().loadClass(\"org.infinispan.context.Flag\"); \n" + + " var localFlag = java.lang.Enum.valueOf(flagClazz, \"CACHE_MODE_LOCAL\"); \n" + + " var cacheStream = cache.getAdvancedCache().withFlags([ localFlag ]).entrySet().stream();\n" + + " var result = cacheStream.skip(first).limit(max).collect(java.util.stream.Collectors.toMap(\n" + + " new java.util.function.Function() {\n" + + " apply: function(entry) {\n" + + " return entry.getKey();\n" + + " }\n" + + " },\n" + + " new java.util.function.Function() {\n" + + " apply: function(entry) {\n" + + " return entry.getValue();\n" + + " }\n" + + " }\n" + + " ));\n" + + "\n" + + " cacheStream.close();\n" + + " return result;\n" + + "};\n" + + "\n" + + "loadSessions();"; + + private final String cacheName; @@ -51,7 +78,15 @@ public class RemoteCacheSessionsLoader implements SessionLoader { @Override public void init(KeycloakSession session) { + RemoteCache remoteCache = InfinispanUtil.getRemoteCache(getCache(session)); + RemoteCache scriptCache = remoteCache.getRemoteCacheManager().getCache("___script_cache"); + + if (!scriptCache.containsKey("load-sessions.js")) { + scriptCache.put("load-sessions.js", + "// mode=local,language=javascript\n" + + REMOTE_SCRIPT_FOR_LOAD_SESSIONS); + } } @Override @@ -67,21 +102,28 @@ public class RemoteCacheSessionsLoader implements SessionLoader { RemoteCache remoteCache = InfinispanUtil.getRemoteCache(cache); - int size = remoteCache.size(); + log.debugf("Will do bulk load of sessions from remote cache '%s' . First: %d, max: %d", cache.getName(), first, max); - if (size > LIMIT) { - log.infof("Skip bulk load of '%d' sessions from remote cache '%s'. Sessions will be retrieved lazily", size, cache.getName()); - return true; - } else { - log.infof("Will do bulk load of '%d' sessions from remote cache '%s'", size, cache.getName()); - } + Map remoteParams = new HashMap<>(); + remoteParams.put("first", first); + remoteParams.put("max", max); + Map remoteObjects = remoteCache.execute("load-sessions.js", remoteParams); + log.debugf("Successfully finished loading sessions '%s' . First: %d, max: %d", cache.getName(), first, max); - for (Map.Entry entry : remoteCache.getBulk().entrySet()) { - SessionEntity entity = (SessionEntity) entry.getValue(); - SessionEntityWrapper entityWrapper = new SessionEntityWrapper(entity); + Marshaller marshaller = remoteCache.getRemoteCacheManager().getMarshaller(); - decoratedCache.putAsync(entry.getKey(), entityWrapper); + for (Map.Entry entry : remoteObjects.entrySet()) { + try { + Object key = marshaller.objectFromByteBuffer(entry.getKey()); + SessionEntity entity = (SessionEntity) marshaller.objectFromByteBuffer(entry.getValue()); + + SessionEntityWrapper entityWrapper = new SessionEntityWrapper(entity); + + decoratedCache.putAsync(key, entityWrapper); + } catch (Exception e) { + log.warn("Error loading session from remote cache", e); + } } return true; diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/stream/Mappers.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/stream/Mappers.java index f75391cd610..815a54d4b74 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/stream/Mappers.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/stream/Mappers.java @@ -48,7 +48,7 @@ public class Mappers { return new UserSessionEntityMapper(); } - public static Function, LoginFailureKey> loginFailureId() { + public static Function>, LoginFailureKey> loginFailureId() { return new LoginFailureIdMapper(); } @@ -103,9 +103,9 @@ public class Mappers { } - private static class LoginFailureIdMapper implements Function, LoginFailureKey>, Serializable { + private static class LoginFailureIdMapper implements Function>, LoginFailureKey>, Serializable { @Override - public LoginFailureKey apply(Map.Entry entry) { + public LoginFailureKey apply(Map.Entry> entry) { return entry.getKey(); } } diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/stream/UserLoginFailurePredicate.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/stream/UserLoginFailurePredicate.java index ae0b28d2b39..499600073ea 100755 --- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/stream/UserLoginFailurePredicate.java +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/stream/UserLoginFailurePredicate.java @@ -17,6 +17,7 @@ package org.keycloak.models.sessions.infinispan.stream; +import org.keycloak.models.sessions.infinispan.changes.SessionEntityWrapper; import org.keycloak.models.sessions.infinispan.entities.LoginFailureEntity; import org.keycloak.models.sessions.infinispan.entities.LoginFailureKey; @@ -27,7 +28,7 @@ import java.util.function.Predicate; /** * @author Stian Thorgersen */ -public class UserLoginFailurePredicate implements Predicate>, Serializable { +public class UserLoginFailurePredicate implements Predicate>>, Serializable { private String realm; @@ -40,8 +41,8 @@ public class UserLoginFailurePredicate implements Predicate entry) { - LoginFailureEntity e = entry.getValue(); + public boolean test(Map.Entry> entry) { + LoginFailureEntity e = entry.getValue().getEntity(); return realm.equals(e.getRealm()); } diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/util/FuturesHelper.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/util/FuturesHelper.java new file mode 100644 index 00000000000..6f088dca811 --- /dev/null +++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/util/FuturesHelper.java @@ -0,0 +1,59 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.models.sessions.infinispan.util; + +import java.util.LinkedList; +import java.util.Queue; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.Future; + +import org.jboss.logging.Logger; + +/** + * Not thread-safe. Assumes tasks are added from single thread. + * + * @author Marek Posolda + */ +public class FuturesHelper { + + private static final Logger log = Logger.getLogger(FuturesHelper.class); + + private final Queue futures = new LinkedList<>(); + + + public void addTask(Future future) { + this.futures.add(future); + } + + + public void waitForAllToFinish() { + for (Future future : futures) { + try { + future.get(); + } catch (ExecutionException | InterruptedException ee) { + log.error("Exception when waiting for future", ee); // TODO Possibly some good mechanism to avoid swamp log with many same exceptions? + } + } + } + + + public int size() { + return futures.size(); + } + +} diff --git a/model/infinispan/src/test/java/org/keycloak/cluster/infinispan/ConcurrencyJDGSessionsCacheTest.java b/model/infinispan/src/test/java/org/keycloak/cluster/infinispan/ConcurrencyJDGSessionsCacheTest.java index dd34b19d9f6..d95c5f9137a 100644 --- a/model/infinispan/src/test/java/org/keycloak/cluster/infinispan/ConcurrencyJDGSessionsCacheTest.java +++ b/model/infinispan/src/test/java/org/keycloak/cluster/infinispan/ConcurrencyJDGSessionsCacheTest.java @@ -29,15 +29,8 @@ import org.infinispan.client.hotrod.annotation.ClientCacheEntryModified; import org.infinispan.client.hotrod.annotation.ClientListener; import org.infinispan.client.hotrod.event.ClientCacheEntryCreatedEvent; import org.infinispan.client.hotrod.event.ClientCacheEntryModifiedEvent; -import org.infinispan.configuration.cache.Configuration; -import org.infinispan.configuration.cache.ConfigurationBuilder; -import org.infinispan.configuration.global.GlobalConfigurationBuilder; import org.infinispan.context.Flag; -import org.infinispan.manager.DefaultCacheManager; import org.infinispan.manager.EmbeddedCacheManager; -import org.infinispan.persistence.manager.PersistenceManager; -import org.infinispan.persistence.remote.RemoteStore; -import org.infinispan.persistence.remote.configuration.ExhaustedAction; import org.jboss.logging.Logger; import org.junit.Assert; import org.keycloak.common.util.Time; @@ -46,8 +39,7 @@ import org.keycloak.models.sessions.infinispan.changes.SessionEntityWrapper; import org.keycloak.models.sessions.infinispan.entities.AuthenticatedClientSessionEntity; import org.keycloak.models.sessions.infinispan.entities.SessionEntity; import org.keycloak.models.sessions.infinispan.entities.UserSessionEntity; -import org.keycloak.models.sessions.infinispan.remotestore.KcRemoteStore; -import org.keycloak.models.sessions.infinispan.remotestore.KcRemoteStoreConfigurationBuilder; +import org.keycloak.models.sessions.infinispan.remotestore.KeycloakRemoteStoreConfigurationBuilder; import org.keycloak.models.sessions.infinispan.util.InfinispanUtil; /** @@ -212,7 +204,7 @@ public class ConcurrencyJDGSessionsCacheTest { private static EmbeddedCacheManager createManager(int threadId) { - return new TestCacheManagerFactory().createManager(threadId, InfinispanConnectionProvider.SESSION_CACHE_NAME, KcRemoteStoreConfigurationBuilder.class); + return new TestCacheManagerFactory().createManager(threadId, InfinispanConnectionProvider.SESSION_CACHE_NAME, KeycloakRemoteStoreConfigurationBuilder.class); } @@ -244,6 +236,10 @@ public class ConcurrencyJDGSessionsCacheTest { SessionEntity session = (SessionEntity) remoteCache.get(cacheKey); SessionEntityWrapper sessionWrapper = new SessionEntityWrapper(session); + if (listenerCount.get() % 100 == 0) { + logger.infof("Listener count: " + listenerCount.get()); + } + // TODO: for distributed caches, ensure that it is executed just on owner OR if event.isCommandRetried origCache .getAdvancedCache().withFlags(Flag.SKIP_CACHE_LOAD, Flag.SKIP_CACHE_STORE) diff --git a/model/infinispan/src/test/java/org/keycloak/cluster/infinispan/TestCacheManagerFactory.java b/model/infinispan/src/test/java/org/keycloak/cluster/infinispan/TestCacheManagerFactory.java index 06dd95fed58..6b4eec11e49 100644 --- a/model/infinispan/src/test/java/org/keycloak/cluster/infinispan/TestCacheManagerFactory.java +++ b/model/infinispan/src/test/java/org/keycloak/cluster/infinispan/TestCacheManagerFactory.java @@ -60,8 +60,9 @@ class TestCacheManagerFactory { private Configuration getCacheBackedByRemoteStore(int threadId, String cacheName, Class builderClass) { ConfigurationBuilder cacheConfigBuilder = new ConfigurationBuilder(); + String host = "localhost"; int port = threadId==1 ? 12232 : 13232; - //int port = 12232; + //int port = 11222; return cacheConfigBuilder.persistence().addStore(builderClass) .fetchPersistentState(false) @@ -74,8 +75,8 @@ class TestCacheManagerFactory { .forceReturnValues(false) .marshaller(KeycloakHotRodMarshallerFactory.class.getName()) .addServer() - .host("localhost") - .port(port) + .host(host) + .port(port) .connectionPool() .maxActive(20) .exhaustedAction(ExhaustedAction.CREATE_NEW) diff --git a/model/jpa/pom.xml b/model/jpa/pom.xml index 54166f54459..b9625876ad2 100755 --- a/model/jpa/pom.xml +++ b/model/jpa/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../pom.xml 4.0.0 diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceServerEntity.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceServerEntity.java index fabdd9c1e08..46f236d45a1 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceServerEntity.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceServerEntity.java @@ -18,41 +18,24 @@ package org.keycloak.authorization.jpa.entities; -import org.keycloak.authorization.model.ResourceServer; import org.keycloak.representations.idm.authorization.PolicyEnforcementMode; -import javax.persistence.Access; -import javax.persistence.AccessType; import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Id; -import javax.persistence.NamedQueries; -import javax.persistence.NamedQuery; -import javax.persistence.OneToMany; import javax.persistence.Table; -import javax.persistence.UniqueConstraint; -import java.util.List; /** * @author Pedro Igor */ @Entity -@Table(name = "RESOURCE_SERVER", uniqueConstraints = {@UniqueConstraint(columnNames = "CLIENT_ID")}) -@NamedQueries( - { - @NamedQuery(name="findResourceServerIdByClient", query="select r.id from ResourceServerEntity r where r.clientId = :clientId"), - } -) +@Table(name = "RESOURCE_SERVER") public class ResourceServerEntity { @Id @Column(name="ID", length = 36) - @Access(AccessType.PROPERTY) // we do this because relationships often fetch id, but not entity. This avoids an extra SQL private String id; - @Column(name = "CLIENT_ID") - private String clientId; - @Column(name = "ALLOW_RS_REMOTE_MGMT") private boolean allowRemoteResourceManagement; @@ -67,14 +50,6 @@ public class ResourceServerEntity { this.id = id; } - public String getClientId() { - return this.clientId; - } - - public void setClientId(String clientId) { - this.clientId = clientId; - } - public boolean isAllowRemoteResourceManagement() { return this.allowRemoteResourceManagement; } diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java index 8eb1037ee31..207d4abe4a7 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java @@ -22,16 +22,11 @@ import org.keycloak.authorization.jpa.entities.PolicyEntity; import org.keycloak.authorization.jpa.entities.ResourceEntity; import org.keycloak.authorization.jpa.entities.ResourceServerEntity; import org.keycloak.authorization.jpa.entities.ScopeEntity; -import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.ResourceServer; -import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.store.ResourceServerStore; -import org.keycloak.models.utils.KeycloakModelUtils; import javax.persistence.EntityManager; -import javax.persistence.NoResultException; -import javax.persistence.Query; import javax.persistence.TypedQuery; import java.util.LinkedList; import java.util.List; @@ -53,8 +48,7 @@ public class JPAResourceServerStore implements ResourceServerStore { public ResourceServer create(String clientId) { ResourceServerEntity entity = new ResourceServerEntity(); - entity.setId(KeycloakModelUtils.generateId()); - entity.setClientId(clientId); + entity.setId(clientId); this.entityManager.persist(entity); @@ -116,17 +110,4 @@ public class JPAResourceServerStore implements ResourceServerStore { if (entity == null) return null; return new ResourceServerAdapter(entity, entityManager, provider.getStoreFactory()); } - - @Override - public ResourceServer findByClient(final String clientId) { - TypedQuery query = entityManager.createNamedQuery("findResourceServerIdByClient", String.class); - - query.setParameter("clientId", clientId); - try { - String id = query.getSingleResult(); - return provider.getStoreFactory().getResourceServerStore().findById(id); - } catch (NoResultException ex) { - return null; - } - } } diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/PolicyAdapter.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/PolicyAdapter.java index 6fc2d1e85e5..b7891659d97 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/PolicyAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/PolicyAdapter.java @@ -16,7 +16,6 @@ */ package org.keycloak.authorization.jpa.store; -import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.jpa.entities.PolicyEntity; import org.keycloak.authorization.jpa.entities.ResourceEntity; import org.keycloak.authorization.jpa.entities.ScopeEntity; diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceAdapter.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceAdapter.java index 5c55114901b..9ce0de200e4 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceAdapter.java @@ -16,7 +16,6 @@ */ package org.keycloak.authorization.jpa.store; -import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.jpa.entities.ResourceEntity; import org.keycloak.authorization.jpa.entities.ScopeEntity; import org.keycloak.authorization.model.Resource; diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceServerAdapter.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceServerAdapter.java index 56d585650e7..72c7cc1c922 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceServerAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceServerAdapter.java @@ -16,11 +16,7 @@ */ package org.keycloak.authorization.jpa.store; -import org.keycloak.authorization.AuthorizationProvider; -import org.keycloak.authorization.jpa.entities.ResourceEntity; import org.keycloak.authorization.jpa.entities.ResourceServerEntity; -import org.keycloak.authorization.model.Policy; -import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.store.StoreFactory; import org.keycloak.models.jpa.JpaModel; @@ -53,11 +49,6 @@ public class ResourceServerAdapter implements ResourceServer, JpaModel query = em.createNamedQuery("getRealmIdByName", String.class); query.setParameter("name", name); List entities = query.getResultList(); - if (entities.size() == 0) return null; + if (entities.isEmpty()) return null; if (entities.size() > 1) throw new IllegalStateException("Should not be more than one realm with same name"); String id = query.getResultList().get(0); @@ -152,6 +152,10 @@ public class JpaRealmProvider implements RealmProvider { removeRole(adapter, role); } + for (GroupModel group : adapter.getGroups()) { + session.realms().removeGroup(adapter, group); + } + num = em.createNamedQuery("removeClientInitialAccessByRealm") .setParameter("realm", realm).executeUpdate(); @@ -205,7 +209,7 @@ public class JpaRealmProvider implements RealmProvider { query.setParameter("name", name); query.setParameter("realm", realm.getId()); List roles = query.getResultList(); - if (roles.size() == 0) return null; + if (roles.isEmpty()) return null; return session.realms().getRoleById(roles.get(0), realm); } @@ -234,7 +238,7 @@ public class JpaRealmProvider implements RealmProvider { List roles = query.getResultList(); if (roles.isEmpty()) return Collections.EMPTY_SET; - Set list = new HashSet(); + Set list = new HashSet<>(); for (String id : roles) { list.add(session.realms().getRoleById(id, realm)); } @@ -247,14 +251,14 @@ public class JpaRealmProvider implements RealmProvider { query.setParameter("name", name); query.setParameter("client", client.getId()); List roles = query.getResultList(); - if (roles.size() == 0) return null; + if (roles.isEmpty()) return null; return session.realms().getRoleById(roles.get(0), realm); } @Override public Set getClientRoles(RealmModel realm, ClientModel client) { - Set list = new HashSet(); + Set list = new HashSet<>(); TypedQuery query = em.createNamedQuery("getClientRoleIds", String.class); query.setParameter("client", client.getId()); List roles = query.getResultList(); @@ -421,9 +425,8 @@ public class JpaRealmProvider implements RealmProvider { for (GroupModel subGroup : group.getSubGroups()) { session.realms().removeGroup(realm, subGroup); } - moveGroup(realm, group, null); GroupEntity groupEntity = em.find(GroupEntity.class, group.getId()); - if (!groupEntity.getRealm().getId().equals(realm.getId())) { + if ((groupEntity == null) || (!groupEntity.getRealm().getId().equals(realm.getId()))) { return false; } em.createNamedQuery("deleteGroupRoleMappingsByGroup").setParameter("group", groupEntity).executeUpdate(); @@ -452,6 +455,7 @@ public class JpaRealmProvider implements RealmProvider { RealmEntity realmEntity = em.getReference(RealmEntity.class, realm.getId()); groupEntity.setRealm(realmEntity); em.persist(groupEntity); + em.flush(); realmEntity.getGroups().add(groupEntity); GroupAdapter adapter = new GroupAdapter(realm, em, groupEntity); diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java index b9352c05884..b543d6b2f47 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java @@ -39,7 +39,6 @@ import org.keycloak.models.UserProvider; import org.keycloak.models.jpa.entities.CredentialAttributeEntity; import org.keycloak.models.jpa.entities.CredentialEntity; import org.keycloak.models.jpa.entities.FederatedIdentityEntity; -import org.keycloak.models.jpa.entities.UserAttributeEntity; import org.keycloak.models.jpa.entities.UserConsentEntity; import org.keycloak.models.jpa.entities.UserConsentProtocolMapperEntity; import org.keycloak.models.jpa.entities.UserConsentRoleEntity; @@ -363,6 +362,18 @@ public class JpaUserProvider implements UserProvider, UserCredentialStore { } + @Override + public void setNotBeforeForUser(RealmModel realm, UserModel user, int notBefore) { + UserEntity entity = em.getReference(UserEntity.class, user.getId()); + entity.setNotBefore(notBefore); + } + + @Override + public int getNotBeforeOfUser(RealmModel realm, UserModel user) { + UserEntity entity = em.getReference(UserEntity.class, user.getId()); + return entity.getNotBefore(); + } + @Override public void grantToAllUsers(RealmModel realm, RoleModel role) { int num = em.createNamedQuery("grantRoleToAllUsers") diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java index 50b77607a65..771487f7543 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java @@ -103,6 +103,9 @@ public class UserEntity { @Column(name="SERVICE_ACCOUNT_CLIENT_LINK") protected String serviceAccountClientLink; + @Column(name="NOT_BEFORE") + protected int notBefore; + public String getId() { return id; } @@ -224,6 +227,14 @@ public class UserEntity { this.serviceAccountClientLink = serviceAccountClientLink; } + public int getNotBefore() { + return notBefore; + } + + public void setNotBefore(int notBefore) { + this.notBefore = notBefore; + } + @Override public boolean equals(Object o) { if (this == o) return true; diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/session/PersistentClientSessionEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/session/PersistentClientSessionEntity.java index 8910bca9480..3ae17b2448a 100644 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/session/PersistentClientSessionEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/session/PersistentClientSessionEntity.java @@ -34,7 +34,7 @@ import java.io.Serializable; @NamedQuery(name="deleteClientSessionsByClient", query="delete from PersistentClientSessionEntity sess where sess.clientId = :clientId"), @NamedQuery(name="deleteClientSessionsByUser", query="delete from PersistentClientSessionEntity sess where sess.userSessionId IN (select u.userSessionId from PersistentUserSessionEntity u where u.userId = :userId)"), @NamedQuery(name="deleteClientSessionsByUserSession", query="delete from PersistentClientSessionEntity sess where sess.userSessionId = :userSessionId and sess.offline = :offline"), - @NamedQuery(name="deleteDetachedClientSessions", query="delete from PersistentClientSessionEntity sess where sess.userSessionId NOT IN (select u.userSessionId from PersistentUserSessionEntity u)"), + @NamedQuery(name="deleteDetachedClientSessions", query="delete from PersistentClientSessionEntity sess where NOT EXISTS (select u.userSessionId from PersistentUserSessionEntity u where u.userSessionId = sess.userSessionId )"), @NamedQuery(name="findClientSessionsByUserSession", query="select sess from PersistentClientSessionEntity sess where sess.userSessionId=:userSessionId and sess.offline = :offline"), @NamedQuery(name="findClientSessionsByUserSessions", query="select sess from PersistentClientSessionEntity sess where sess.offline = :offline and sess.userSessionId IN (:userSessionIds) order by sess.userSessionId"), @NamedQuery(name="updateClientSessionsTimestamps", query="update PersistentClientSessionEntity c set timestamp = :timestamp"), diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/session/PersistentUserSessionEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/session/PersistentUserSessionEntity.java index 94aae1e4c2a..cc35be28224 100644 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/session/PersistentUserSessionEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/session/PersistentUserSessionEntity.java @@ -34,7 +34,7 @@ import java.io.Serializable; @NamedQueries({ @NamedQuery(name="deleteUserSessionsByRealm", query="delete from PersistentUserSessionEntity sess where sess.realmId = :realmId"), @NamedQuery(name="deleteUserSessionsByUser", query="delete from PersistentUserSessionEntity sess where sess.userId = :userId"), - @NamedQuery(name="deleteDetachedUserSessions", query="delete from PersistentUserSessionEntity sess where sess.userSessionId NOT IN (select c.userSessionId from PersistentClientSessionEntity c)"), + @NamedQuery(name="deleteDetachedUserSessions", query="delete from PersistentUserSessionEntity sess where NOT EXISTS (select c.userSessionId from PersistentClientSessionEntity c where c.userSessionId = sess.userSessionId)"), @NamedQuery(name="findUserSessionsCount", query="select count(sess) from PersistentUserSessionEntity sess where sess.offline = :offline"), @NamedQuery(name="findUserSessions", query="select sess from PersistentUserSessionEntity sess where sess.offline = :offline order by sess.userSessionId"), @NamedQuery(name="updateUserSessionsTimestamps", query="update PersistentUserSessionEntity c set lastSessionRefresh = :lastSessionRefresh"), diff --git a/model/jpa/src/main/java/org/keycloak/storage/jpa/JpaUserFederatedStorageProvider.java b/model/jpa/src/main/java/org/keycloak/storage/jpa/JpaUserFederatedStorageProvider.java index cded4e997b3..f6de4312a37 100644 --- a/model/jpa/src/main/java/org/keycloak/storage/jpa/JpaUserFederatedStorageProvider.java +++ b/model/jpa/src/main/java/org/keycloak/storage/jpa/JpaUserFederatedStorageProvider.java @@ -416,6 +416,20 @@ public class JpaUserFederatedStorageProvider implements } + @Override + public void setNotBeforeForUser(RealmModel realm, String userId, int notBefore) { + // Track it as attribute for now + String notBeforeStr = String.valueOf(notBefore); + setSingleAttribute(realm, userId, "fedNotBefore", notBeforeStr); + } + + @Override + public int getNotBeforeOfUser(RealmModel realm, String userId) { + MultivaluedHashMap attrs = getAttributes(realm, userId); + String notBeforeStr = attrs.getFirst("fedNotBefore"); + + return notBeforeStr==null ? 0 : Integer.parseInt(notBeforeStr); + } @Override public Set getGroups(RealmModel realm, String userId) { diff --git a/model/jpa/src/main/resources/META-INF/jpa-changelog-3.2.0.xml b/model/jpa/src/main/resources/META-INF/jpa-changelog-3.2.0.xml index daa1c5040f5..692301f83af 100644 --- a/model/jpa/src/main/resources/META-INF/jpa-changelog-3.2.0.xml +++ b/model/jpa/src/main/resources/META-INF/jpa-changelog-3.2.0.xml @@ -16,7 +16,29 @@ ~ limitations under the License. --> - + + + + + + + + + + + + + + + + + + @@ -31,7 +53,9 @@ - + + + diff --git a/model/jpa/src/main/resources/META-INF/jpa-changelog-3.3.0.xml b/model/jpa/src/main/resources/META-INF/jpa-changelog-3.3.0.xml new file mode 100644 index 00000000000..e615a94ce62 --- /dev/null +++ b/model/jpa/src/main/resources/META-INF/jpa-changelog-3.3.0.xml @@ -0,0 +1,28 @@ + + + + + + + + + + + + + diff --git a/model/jpa/src/main/resources/META-INF/jpa-changelog-authz-3.4.0.CR1.xml b/model/jpa/src/main/resources/META-INF/jpa-changelog-authz-3.4.0.CR1.xml new file mode 100755 index 00000000000..24b2970c78f --- /dev/null +++ b/model/jpa/src/main/resources/META-INF/jpa-changelog-authz-3.4.0.CR1.xml @@ -0,0 +1,115 @@ + + + + + + + + + + + + + + + + + + + + + + + + + UPDATE RESOURCE_SERVER_POLICY p SET RESOURCE_SERVER_CLIENT_ID = (SELECT CLIENT_ID FROM RESOURCE_SERVER s WHERE s.ID = p.RESOURCE_SERVER_ID); + UPDATE RESOURCE_SERVER_RESOURCE p SET RESOURCE_SERVER_CLIENT_ID = (SELECT CLIENT_ID FROM RESOURCE_SERVER s WHERE s.ID = p.RESOURCE_SERVER_ID); + UPDATE RESOURCE_SERVER_SCOPE p SET RESOURCE_SERVER_CLIENT_ID = (SELECT CLIENT_ID FROM RESOURCE_SERVER s WHERE s.ID = p.RESOURCE_SERVER_ID); + + + + + + + + UPDATE RESOURCE_SERVER_POLICY SET RESOURCE_SERVER_CLIENT_ID = s.CLIENT_ID FROM (SELECT ID, CLIENT_ID FROM RESOURCE_SERVER) s WHERE s.ID = RESOURCE_SERVER_POLICY.RESOURCE_SERVER_ID; + UPDATE RESOURCE_SERVER_RESOURCE SET RESOURCE_SERVER_CLIENT_ID = s.CLIENT_ID FROM (SELECT ID, CLIENT_ID FROM RESOURCE_SERVER) s WHERE s.ID = RESOURCE_SERVER_RESOURCE.RESOURCE_SERVER_ID; + UPDATE RESOURCE_SERVER_SCOPE SET RESOURCE_SERVER_CLIENT_ID = s.CLIENT_ID FROM (SELECT ID, CLIENT_ID FROM RESOURCE_SERVER) s WHERE s.ID = RESOURCE_SERVER_SCOPE.RESOURCE_SERVER_ID; + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml b/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml index ae7d98b4e41..008443a404c 100755 --- a/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml +++ b/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml @@ -48,4 +48,6 @@ + + diff --git a/model/pom.xml b/model/pom.xml index 43f383425cd..feeea968e9f 100755 --- a/model/pom.xml +++ b/model/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml Keycloak Model Parent diff --git a/pom.xml b/pom.xml index 8b216dcbefe..375d767146f 100755 --- a/pom.xml +++ b/pom.xml @@ -33,24 +33,21 @@ org.keycloak keycloak-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT pom - 7.2.0.DR3 + 7.2.0.DR4 ${timestamp} - - 7.2.0.Final - 11.0.0.Alpha1 + 11.0.0.CR1 1.2.2.Final - 7.1.0.Beta1-redhat-5 + 7.1.0.GA-redhat-4 1.2.2.Final - 3.0.0.Beta11 + 3.0.1.Final - 1.1.0.Beta32 - 1.0.0.Beta14 + 7.2.0.Final 0.66.15 4.5 @@ -80,6 +77,8 @@ 2.2.11 20140925 1.4.11.Final + 1.1.1.Final + 1.0.0.Final 5.0.3 2.0.5 @@ -120,7 +119,7 @@ 7.5.Final 1.9.0 1.0.4 - 1.7.2 + 1.7.6 2.3.7 1.1.0.Final 1.6.5 @@ -624,12 +623,12 @@ org.wildfly.security wildfly-elytron - ${version.org.wildfly.security.wildfly-elytron} + ${elytron.version} org.wildfly.security.elytron-web undertow-server - ${version.org.wildfly.security.elytron-web.undertow-server} + ${elytron.undertow-server.version} org.infinispan @@ -1309,15 +1308,20 @@ org.keycloak - keycloak-testsuite-integration + keycloak-testsuite-integration-deprecated ${project.version} org.keycloak - keycloak-testsuite-integration + keycloak-testsuite-integration-deprecated ${project.version} test-jar + + org.keycloak + keycloak-testsuite-utils + ${project.version} + org.keycloak keycloak-testsuite-tools diff --git a/proxy/launcher/pom.xml b/proxy/launcher/pom.xml index e3a71d1ab6b..f90f2e4d7f7 100755 --- a/proxy/launcher/pom.xml +++ b/proxy/launcher/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../pom.xml 4.0.0 diff --git a/proxy/pom.xml b/proxy/pom.xml index 8858109d76a..1ff25334345 100755 --- a/proxy/pom.xml +++ b/proxy/pom.xml @@ -20,7 +20,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml Keycloak Proxy diff --git a/proxy/proxy-server/pom.xml b/proxy/proxy-server/pom.xml index be58cd6e939..4b24c3137e4 100755 --- a/proxy/proxy-server/pom.xml +++ b/proxy/proxy-server/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../pom.xml 4.0.0 diff --git a/saml-core-api/pom.xml b/saml-core-api/pom.xml index bd33054aa16..ac6cd1ec642 100755 --- a/saml-core-api/pom.xml +++ b/saml-core-api/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 diff --git a/saml-core/pom.xml b/saml-core/pom.xml index 8ed8de1be8e..ca126567a57 100755 --- a/saml-core/pom.xml +++ b/saml-core/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 diff --git a/server-spi-private/pom.xml b/server-spi-private/pom.xml index 3d3f430c075..1fb137b6c29 100755 --- a/server-spi-private/pom.xml +++ b/server-spi-private/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/identity/Identity.java b/server-spi-private/src/main/java/org/keycloak/authorization/identity/Identity.java index ad7057b4575..e203dfe4a3a 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/identity/Identity.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/identity/Identity.java @@ -44,17 +44,6 @@ public interface Identity { */ Attributes getAttributes(); - /** - * Indicates if this identity is granted with a role (realm or client) with the given roleName. - * - * @param roleName the name of the role - * - * @return true if the identity has the given role. Otherwise, it returns false. - */ - default boolean hasRole(String roleName) { - return hasRealmRole(roleName) || hasClientRole(roleName); - } - /** * Indicates if this identity is granted with a realm role with the given roleName. * @@ -77,21 +66,4 @@ public interface Identity { default boolean hasClientRole(String clientId, String roleName) { return getAttributes().containsValue("kc.client." + clientId + ".roles", roleName); } - - /** - * Indicates if this identity is granted with a client role with the given roleName. - * - * @param roleName the name of the role - * - * @return true if the identity has the given role. Otherwise, it returns false. - */ - default boolean hasClientRole(String roleName) { - return getAttributes().toMap().entrySet().stream().filter(entry -> { - String key = entry.getKey(); - if (key.startsWith("kc.client") && key.endsWith(".roles")) { - return getAttributes().containsValue(key, roleName); - } - return false; - }).findFirst().isPresent(); - } } diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/model/ResourceServer.java b/server-spi-private/src/main/java/org/keycloak/authorization/model/ResourceServer.java index d5b9ac46abb..69c3b6de8a4 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/model/ResourceServer.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/model/ResourceServer.java @@ -35,14 +35,6 @@ public interface ResourceServer { */ String getId(); - /** - * Returns the identifier of the client application (which already exists in Keycloak) that is also acting as a resource - * server. - * - * @return the identifier of the client application associated with this instance. - */ - String getClientId(); - /** * Indicates if the resource server is allowed to manage its own resources remotely using the Protection API. * diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java b/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java index 1ec8887d5da..c7205047124 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java @@ -165,7 +165,7 @@ public class DefaultPolicyEvaluator implements PolicyEvaluator { List resourcesByType = resourceStore.findByType(type, resource.getResourceServer().getId()); for (Resource resourceType : resourcesByType) { - if (resourceType.getOwner().equals(resource.getResourceServer().getClientId())) { + if (resourceType.getOwner().equals(resource.getResourceServer().getId())) { resources.add(resourceType); } } diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java index 742f98b299c..d01b19a411b 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java @@ -51,13 +51,4 @@ public interface ResourceServerStore { * @return the resource server instance with the given identifier or null if no instance was found */ ResourceServer findById(String id); - - /** - * Returns a {@link ResourceServer} instance based on the identifier of a client application. - * - * @param id the identifier of an existing client application - * - * @return the resource server instance, with the given client id or null if no instance was found - */ - ResourceServer findByClient(String id); } diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java index aeb039dc4fc..d8af293e0fb 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java @@ -37,7 +37,7 @@ public class ClientApplicationSynchronizer implements Synchronizer { StoreFactory storeFactory = authorizationProvider.getStoreFactory(); event.getRealm().getClients().forEach(clientModel -> { - ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel.getId()); + ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); if (resourceServer != null) { String id = resourceServer.getId(); diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/UserSynchronizer.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/UserSynchronizer.java index 03a2cda7187..b760e8d5984 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/UserSynchronizer.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/UserSynchronizer.java @@ -17,8 +17,6 @@ package org.keycloak.authorization.store.syncronization; -import java.util.function.Consumer; - import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.store.PolicyStore; @@ -48,7 +46,7 @@ public class UserSynchronizer implements Synchronizer { RealmModel realm = event.getRealm(); realm.getClients().forEach(clientModel -> { - ResourceServer resourceServer = resourceServerStore.findByClient(clientModel.getId()); + ResourceServer resourceServer = resourceServerStore.findById(clientModel.getId()); if (resourceServer != null) { resourceStore.findByOwner(userModel.getId(), resourceServer.getId()).forEach(resource -> { diff --git a/server-spi-private/src/main/java/org/keycloak/broker/provider/AbstractIdentityProvider.java b/server-spi-private/src/main/java/org/keycloak/broker/provider/AbstractIdentityProvider.java index 0320299c830..231dbc1d468 100755 --- a/server-spi-private/src/main/java/org/keycloak/broker/provider/AbstractIdentityProvider.java +++ b/server-spi-private/src/main/java/org/keycloak/broker/provider/AbstractIdentityProvider.java @@ -16,22 +16,34 @@ */ package org.keycloak.broker.provider; +import org.keycloak.common.util.Base64Url; +import org.keycloak.common.util.KeycloakUriBuilder; import org.keycloak.events.EventBuilder; +import org.keycloak.models.ClientModel; import org.keycloak.models.IdentityProviderModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.models.UserSessionModel; +import org.keycloak.representations.AccessToken; import org.keycloak.sessions.AuthenticationSessionModel; +import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; +import java.nio.charset.StandardCharsets; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.HashMap; +import java.util.Map; +import java.util.UUID; /** * @author Pedro Igor */ public abstract class AbstractIdentityProvider implements IdentityProvider { + public static final String ACCOUNT_LINK_URL = "account-link-url"; protected final KeycloakSession session; private final C config; @@ -74,6 +86,62 @@ public abstract class AbstractIdentityProvider } + public Response exchangeNotSupported() { + Map error = new HashMap<>(); + error.put("error", "invalid_target"); + error.put("error_description", "target_exchange_unsupported"); + return Response.status(400).entity(error).type(MediaType.APPLICATION_JSON_TYPE).build(); + } + + public Response exchangeNotLinked(UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject, AccessToken token) { + return exchangeErrorResponse(uriInfo, authorizedClient, tokenUserSession, token, "invalid_target"); + } + + protected Response exchangeErrorResponse(UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession, AccessToken token, String reason) { + Map error = new HashMap<>(); + error.put("error", "invalid_target"); + error.put("error_description", reason); + String accountLinkUrl = getLinkingUrl(uriInfo, authorizedClient, tokenUserSession, token); + if (accountLinkUrl != null) error.put(ACCOUNT_LINK_URL, accountLinkUrl); + return Response.status(400).entity(error).type(MediaType.APPLICATION_JSON_TYPE).build(); + } + + protected String getLinkingUrl(UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession, AccessToken token) { + if (authorizedClient.getClientId().equals(token.getIssuedFor())) { + String provider = getConfig().getAlias(); + String clientId = authorizedClient.getClientId(); + String nonce = UUID.randomUUID().toString(); + MessageDigest md = null; + try { + md = MessageDigest.getInstance("SHA-256"); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } + String input = nonce + tokenUserSession.getId() + clientId + provider; + byte[] check = md.digest(input.getBytes(StandardCharsets.UTF_8)); + String hash = Base64Url.encode(check); + return KeycloakUriBuilder.fromUri(uriInfo.getBaseUri()) + .path("/realms/{realm}/broker/{provider}/link") + .queryParam("nonce", nonce) + .queryParam("hash", hash) + .queryParam("client_id", clientId) + .build(authorizedClient.getRealm().getName(), provider) + .toString(); + } + return null; + } + + public Response exchangeTokenExpired(UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject, AccessToken token) { + return exchangeErrorResponse(uriInfo, authorizedClient, tokenUserSession, token, "token_expired"); + } + + public Response exchangeUnsupportedRequiredType() { + Map error = new HashMap<>(); + error.put("error", "invalid_target"); + error.put("error_description", "response_token_type_unsupported"); + return Response.status(400).entity(error).type(MediaType.APPLICATION_JSON_TYPE).build(); + } + @Override public void authenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context) { diff --git a/server-spi-private/src/main/java/org/keycloak/broker/provider/TokenExchangeTo.java b/server-spi-private/src/main/java/org/keycloak/broker/provider/TokenExchangeTo.java new file mode 100644 index 00000000000..64f9db113d9 --- /dev/null +++ b/server-spi-private/src/main/java/org/keycloak/broker/provider/TokenExchangeTo.java @@ -0,0 +1,43 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.broker.provider; + +import org.keycloak.models.ClientModel; +import org.keycloak.models.UserModel; +import org.keycloak.models.UserSessionModel; +import org.keycloak.representations.AccessToken; + +import javax.ws.rs.core.MultivaluedMap; +import javax.ws.rs.core.Response; +import javax.ws.rs.core.UriInfo; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public interface TokenExchangeTo { + /** + * + * @param authorizedClient client requesting exchange + * @param tokenUserSession UserSessionModel of token exchanging from + * @param tokenSubject UserModel of token exchanging from + * @param token access token representation of token exchanging from + * @param params form parameters received for requested exchange + * @return + */ + Response exchangeTo(UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject, AccessToken token, MultivaluedMap params); +} diff --git a/server-spi-private/src/main/java/org/keycloak/broker/provider/util/SimpleHttp.java b/server-spi-private/src/main/java/org/keycloak/broker/provider/util/SimpleHttp.java index 024d78f0495..005d64748c2 100755 --- a/server-spi-private/src/main/java/org/keycloak/broker/provider/util/SimpleHttp.java +++ b/server-spi-private/src/main/java/org/keycloak/broker/provider/util/SimpleHttp.java @@ -17,16 +17,25 @@ package org.keycloak.broker.provider.util; -import org.apache.http.*; +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.apache.http.Header; +import org.apache.http.HeaderIterator; +import org.apache.http.HttpEntity; +import org.apache.http.HttpResponse; +import org.apache.http.NameValuePair; import org.apache.http.client.HttpClient; import org.apache.http.client.entity.UrlEncodedFormEntity; import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpPost; import org.apache.http.client.methods.HttpRequestBase; import org.apache.http.client.utils.URIBuilder; +import org.apache.http.entity.StringEntity; import org.apache.http.message.BasicNameValuePair; import org.keycloak.connections.httpclient.HttpClientProvider; import org.keycloak.models.KeycloakSession; +import org.keycloak.util.JsonSerialization; import java.io.IOException; import java.io.InputStream; @@ -47,25 +56,36 @@ import java.util.zip.GZIPInputStream; */ public class SimpleHttp { - private KeycloakSession session; + private static final ObjectMapper mapper = new ObjectMapper(); + + private HttpClient client; private String url; private String method; private Map headers; private Map params; + private Object entity; - protected SimpleHttp(String url, String method, KeycloakSession session) { - this.session = session; + protected SimpleHttp(String url, String method, HttpClient client) { + this.client = client; this.url = url; this.method = method; } public static SimpleHttp doGet(String url, KeycloakSession session) { - return new SimpleHttp(url, "GET", session); + return doGet(url, session.getProvider(HttpClientProvider.class).getHttpClient()); + } + + public static SimpleHttp doGet(String url, HttpClient client) { + return new SimpleHttp(url, "GET", client); } public static SimpleHttp doPost(String url, KeycloakSession session) { - return new SimpleHttp(url, "POST", session); + return doPost(url, session.getProvider(HttpClientProvider.class).getHttpClient()); + } + + public static SimpleHttp doPost(String url, HttpClient client) { + return new SimpleHttp(url, "POST", client); } public SimpleHttp header(String name, String value) { @@ -76,6 +96,11 @@ public class SimpleHttp { return this; } + public SimpleHttp json(Object entity) { + this.entity = entity; + return this; + } + public SimpleHttp param(String name, String value) { if (params == null) { params = new HashMap(); @@ -84,43 +109,52 @@ public class SimpleHttp { return this; } - public String asString() throws IOException { - HttpClient httpClient = session.getProvider(HttpClientProvider.class).getHttpClient(); + public SimpleHttp auth(String token) { + header("Authorization", "Bearer " + token); + return this; + } - HttpResponse response = makeRequest(httpClient); - - InputStream is; - HttpEntity entity = response.getEntity(); - if (entity != null) { - is = entity.getContent(); - try { - HeaderIterator it = response.headerIterator(); - while (it.hasNext()) { - Header header = it.nextHeader(); - if (header.getName().equals("Content-Encoding") && header.getValue().equals("gzip")) { - is = new GZIPInputStream(is); - } - } - - return toString(is); - } finally { - if (is != null) { - is.close(); - } - } + public SimpleHttp acceptJson() { + if (headers == null || !headers.containsKey("Accept")) { + header("Accept", "application/json"); } - return null; + return this; + } + + public JsonNode asJson() throws IOException { + if (headers == null || !headers.containsKey("Accept")) { + header("Accept", "application/json"); + } + return mapper.readTree(asString()); + } + + public T asJson(Class type) throws IOException { + if (headers == null || !headers.containsKey("Accept")) { + header("Accept", "application/json"); + } + return JsonSerialization.readValue(asString(), type); + } + + public T asJson(TypeReference type) throws IOException { + if (headers == null || !headers.containsKey("Accept")) { + header("Accept", "application/json"); + } + return JsonSerialization.readValue(asString(), type); + } + + public String asString() throws IOException { + return asResponse().asString(); } public int asStatus() throws IOException { - HttpClient httpClient = session.getProvider(HttpClientProvider.class).getHttpClient(); - - HttpResponse response = makeRequest(httpClient); - - return response.getStatusLine().getStatusCode(); + return asResponse().getStatus(); } - private HttpResponse makeRequest(HttpClient httpClient) throws IOException { + public Response asResponse() throws IOException { + return makeRequest(); + } + + private Response makeRequest() throws IOException { boolean get = method.equals("GET"); boolean post = method.equals("POST"); @@ -130,7 +164,16 @@ public class SimpleHttp { } if (post) { - ((HttpPost) httpRequest).setEntity(getFormEntityFromParameter()); + if (params != null) { + ((HttpPost) httpRequest).setEntity(getFormEntityFromParameter()); + } else if (entity != null) { + if (headers == null || !headers.containsKey("Content-Type")) { + header("Content-Type", "application/json"); + } + ((HttpPost) httpRequest).setEntity(getJsonEntity()); + } else { + throw new IllegalStateException("No content set"); + } } if (headers != null) { @@ -139,7 +182,7 @@ public class SimpleHttp { } } - return httpClient.execute(httpRequest); + return new Response(client.execute(httpRequest)); } private URI appendParameterToUrl(String url) throws IOException { @@ -161,28 +204,93 @@ public class SimpleHttp { return uri; } + private StringEntity getJsonEntity() throws IOException { + return new StringEntity(JsonSerialization.writeValueAsString(entity)); + } + private UrlEncodedFormEntity getFormEntityFromParameter() throws IOException{ List urlParameters = new ArrayList<>(); if (params != null) { for (Map.Entry p : params.entrySet()) { - urlParameters.add(new BasicNameValuePair(p.getKey(), p.getValue())); + urlParameters. add(new BasicNameValuePair(p.getKey(), p.getValue())); } } return new UrlEncodedFormEntity(urlParameters); } - private String toString(InputStream is) throws IOException { - InputStreamReader reader = new InputStreamReader(is); + public static class Response { - StringWriter writer = new StringWriter(); + private HttpResponse response; + private int statusCode = -1; + private String responseString; - char[] buffer = new char[1024 * 4]; - for (int n = reader.read(buffer); n != -1; n = reader.read(buffer)) { - writer.write(buffer, 0, n); + public Response(HttpResponse response) { + this.response = response; } - return writer.toString(); + private void readResponse() throws IOException { + if (statusCode == -1) { + statusCode = response.getStatusLine().getStatusCode(); + + InputStream is; + HttpEntity entity = response.getEntity(); + if (entity != null) { + is = entity.getContent(); + try { + HeaderIterator it = response.headerIterator(); + while (it.hasNext()) { + Header header = it.nextHeader(); + if (header.getName().equals("Content-Encoding") && header.getValue().equals("gzip")) { + is = new GZIPInputStream(is); + } + } + + InputStreamReader reader = new InputStreamReader(is); + + StringWriter writer = new StringWriter(); + + char[] buffer = new char[1024 * 4]; + for (int n = reader.read(buffer); n != -1; n = reader.read(buffer)) { + writer.write(buffer, 0, n); + } + + responseString = writer.toString(); + } finally { + if (is != null) { + is.close(); + } + } + } + } + } + + public int getStatus() throws IOException { + readResponse(); + return response.getStatusLine().getStatusCode(); + } + + public JsonNode asJson() throws IOException { + return mapper.readTree(asString()); + } + + public T asJson(Class type) throws IOException { + return JsonSerialization.readValue(asString(), type); + } + + public T asJson(TypeReference type) throws IOException { + return JsonSerialization.readValue(asString(), type); + } + + public String asString() throws IOException { + readResponse(); + return responseString; + } + + public void close() throws IOException { + readResponse(); + } } + } diff --git a/server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2PasswordHashProvider.java b/server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2PasswordHashProvider.java index 6a6c1ff3eba..f010dd37297 100644 --- a/server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2PasswordHashProvider.java +++ b/server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2PasswordHashProvider.java @@ -49,7 +49,12 @@ public class Pbkdf2PasswordHashProvider implements PasswordHashProvider { @Override public boolean policyCheck(PasswordPolicy policy, CredentialModel credential) { - return credential.getHashIterations() == policy.getHashIterations() && providerId.equals(credential.getAlgorithm()); + int policyHashIterations = policy.getHashIterations(); + if (policyHashIterations == -1) { + policyHashIterations = defaultIterations; + } + + return credential.getHashIterations() == policyHashIterations && providerId.equals(credential.getAlgorithm()); } @Override diff --git a/server-spi-private/src/main/java/org/keycloak/migration/MigrationModelManager.java b/server-spi-private/src/main/java/org/keycloak/migration/MigrationModelManager.java index 4b620bc5610..4e3f67607fb 100755 --- a/server-spi-private/src/main/java/org/keycloak/migration/MigrationModelManager.java +++ b/server-spi-private/src/main/java/org/keycloak/migration/MigrationModelManager.java @@ -35,6 +35,7 @@ import org.keycloak.migration.migrators.MigrateTo2_5_0; import org.keycloak.migration.migrators.MigrateTo3_0_0; import org.keycloak.migration.migrators.MigrateTo3_1_0; import org.keycloak.migration.migrators.MigrateTo3_2_0; +import org.keycloak.migration.migrators.MigrateTo3_3_0; import org.keycloak.migration.migrators.Migration; import org.keycloak.models.KeycloakSession; @@ -62,7 +63,8 @@ public class MigrationModelManager { new MigrateTo2_5_0(), new MigrateTo3_0_0(), new MigrateTo3_1_0(), - new MigrateTo3_2_0() + new MigrateTo3_2_0(), + new MigrateTo3_3_0() }; public static void migrate(KeycloakSession session) { diff --git a/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo2_1_0.java b/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo2_1_0.java index d1e0ca2b357..9ff2a52cd7d 100644 --- a/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo2_1_0.java +++ b/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo2_1_0.java @@ -67,7 +67,7 @@ public class MigrateTo2_1_0 implements Migration { StoreFactory storeFactory = authorizationProvider.getStoreFactory(); PolicyStore policyStore = storeFactory.getPolicyStore(); realm.getClients().forEach(clientModel -> { - ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel.getId()); + ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); if (resourceServer != null) { policyStore.findByType("role", resourceServer.getId()).forEach(policy -> { diff --git a/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo3_3_0.java b/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo3_3_0.java new file mode 100644 index 00000000000..1fc4b1a2f9b --- /dev/null +++ b/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo3_3_0.java @@ -0,0 +1,55 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.migration.migrators; + + +import org.keycloak.migration.ModelVersion; +import org.keycloak.models.KeycloakSession; +import org.keycloak.models.RealmModel; + +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +/** + * @author Bruno Oliveira + */ +public class MigrateTo3_3_0 implements Migration { + + public static final ModelVersion VERSION = new ModelVersion("3.3.0"); + + @Override + public void migrate(KeycloakSession session) { + for (RealmModel realm : session.realms().getRealms()) { + Map securityHeaders = realm.getBrowserSecurityHeaders(); + if (securityHeaders != null && securityHeaders.containsValue("frame-src 'self';")) { + + Map browserSecurityHeaders = new HashMap<>(securityHeaders); + browserSecurityHeaders.put("contentSecurityPolicy", "frame-src 'self'; frame-ancestors 'self'; object-src 'none';"); + + realm.setBrowserSecurityHeaders(Collections.unmodifiableMap(browserSecurityHeaders)); + } + } + } + + @Override + public ModelVersion getVersion() { + return VERSION; + } + +} diff --git a/server-spi-private/src/main/java/org/keycloak/models/BrowserSecurityHeaders.java b/server-spi-private/src/main/java/org/keycloak/models/BrowserSecurityHeaders.java index 40274fe681e..d8d8d38719c 100755 --- a/server-spi-private/src/main/java/org/keycloak/models/BrowserSecurityHeaders.java +++ b/server-spi-private/src/main/java/org/keycloak/models/BrowserSecurityHeaders.java @@ -39,7 +39,7 @@ public class BrowserSecurityHeaders { Map dh = new HashMap<>(); dh.put("xFrameOptions", "SAMEORIGIN"); - dh.put("contentSecurityPolicy", "frame-src 'self'"); + dh.put("contentSecurityPolicy", "frame-src 'self'; frame-ancestors 'self'; object-src 'none';"); dh.put("xContentTypeOptions", "nosniff"); dh.put("xRobotsTag", "none"); dh.put("xXSSProtection", "1; mode=block"); @@ -47,4 +47,4 @@ public class BrowserSecurityHeaders { defaultHeaders = Collections.unmodifiableMap(dh); headerAttributeMap = Collections.unmodifiableMap(headerMap); } -} +} \ No newline at end of file diff --git a/server-spi-private/src/main/java/org/keycloak/models/session/PersistentUserSessionAdapter.java b/server-spi-private/src/main/java/org/keycloak/models/session/PersistentUserSessionAdapter.java index 6bea75f7fba..e3b577766da 100644 --- a/server-spi-private/src/main/java/org/keycloak/models/session/PersistentUserSessionAdapter.java +++ b/server-spi-private/src/main/java/org/keycloak/models/session/PersistentUserSessionAdapter.java @@ -160,6 +160,15 @@ public class PersistentUserSessionAdapter implements UserSessionModel { return authenticatedClientSessions; } + @Override + public void removeAuthenticatedClientSessions(Iterable removedClientUUIDS) { + if (removedClientUUIDS == null || ! removedClientUUIDS.iterator().hasNext()) { + return; + } + + removedClientUUIDS.forEach(authenticatedClientSessions::remove); + } + @Override public String getNote(String name) { return getData().getNotes()==null ? null : getData().getNotes().get(name); diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java b/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java index 225117d40eb..82089a1cc98 100755 --- a/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java +++ b/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java @@ -24,7 +24,6 @@ import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.policy.provider.PolicyProviderFactory; import org.keycloak.authorization.store.ResourceStore; -import org.keycloak.common.Profile; import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.common.util.Time; import org.keycloak.component.ComponentModel; @@ -146,6 +145,8 @@ public class ModelToRepresentation { rep.setDisableableCredentialTypes(session.userCredentialManager().getDisableableCredentialTypes(realm, user)); rep.setFederationLink(user.getFederationLink()); + rep.setNotBefore(session.users().getNotBeforeOfUser(realm, user)); + List reqActions = new ArrayList(); Set requiredActions = user.getRequiredActions(); reqActions.addAll(requiredActions); @@ -738,7 +739,7 @@ public class ModelToRepresentation { ResourceServerRepresentation server = new ResourceServerRepresentation(); server.setId(model.getId()); - server.setClientId(model.getClientId()); + server.setClientId(model.getId()); server.setName(client.getClientId()); server.setAllowRemoteResourceManagement(model.isAllowRemoteResourceManagement()); server.setPolicyEnforcementMode(model.getPolicyEnforcementMode()); @@ -801,8 +802,8 @@ public class ModelToRepresentation { KeycloakSession keycloakSession = authorization.getKeycloakSession(); RealmModel realm = authorization.getRealm(); - if (owner.getId().equals(resourceServer.getClientId())) { - ClientModel clientModel = realm.getClientById(resourceServer.getClientId()); + if (owner.getId().equals(resourceServer.getId())) { + ClientModel clientModel = realm.getClientById(resourceServer.getId()); owner.setName(clientModel.getClientId()); } else { UserModel userModel = keycloakSession.users().getUserById(owner.getId(), realm); @@ -831,7 +832,7 @@ public class ModelToRepresentation { if (resource.getType() != null) { ResourceStore resourceStore = authorization.getStoreFactory().getResourceStore(); for (Resource typed : resourceStore.findByType(resource.getType(), resourceServer.getId())) { - if (typed.getOwner().equals(resourceServer.getClientId()) && !typed.getId().equals(resource.getId())) { + if (typed.getOwner().equals(resourceServer.getId()) && !typed.getId().equals(resource.getId())) { resource.setTypedScopes(typed.getScopes().stream().map(model1 -> { ScopeRepresentation scope = new ScopeRepresentation(); scope.setId(model1.getId()); diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java index fe27fae6668..ad838ff414a 100755 --- a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java +++ b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java @@ -1454,6 +1454,11 @@ public class RepresentationToModel { session.users().addConsent(newRealm, user.getId(), consentModel); } } + + if (userRep.getNotBefore() != null) { + session.users().setNotBeforeForUser(newRealm, user, userRep.getNotBefore()); + } + if (userRep.getServiceAccountClientId() != null) { String clientId = userRep.getServiceAccountClientId(); ClientModel client = newRealm.getClientByClientId(clientId); @@ -1917,7 +1922,7 @@ public class RepresentationToModel { public static void toModel(ResourceServerRepresentation rep, AuthorizationProvider authorization) { ResourceServerStore resourceServerStore = authorization.getStoreFactory().getResourceServerStore(); ResourceServer resourceServer; - ResourceServer existing = resourceServerStore.findByClient(rep.getClientId()); + ResourceServer existing = resourceServerStore.findById(rep.getClientId()); if (existing == null) { resourceServer = resourceServerStore.create(rep.getClientId()); @@ -1942,7 +1947,7 @@ public class RepresentationToModel { if (owner == null) { owner = new ResourceOwnerRepresentation(); - owner.setId(resourceServer.getClientId()); + owner.setId(resourceServer.getId()); resource.setOwner(owner); } else if (owner.getName() != null) { UserModel user = session.users().getUserByUsername(owner.getName(), realm); @@ -2265,7 +2270,7 @@ public class RepresentationToModel { if (owner == null) { owner = new ResourceOwnerRepresentation(); - owner.setId(resourceServer.getClientId()); + owner.setId(resourceServer.getId()); } String ownerId = owner.getId(); @@ -2274,7 +2279,7 @@ public class RepresentationToModel { throw new RuntimeException("No owner specified for resource [" + resource.getName() + "]."); } - if (!resourceServer.getClientId().equals(ownerId)) { + if (!resourceServer.getId().equals(ownerId)) { RealmModel realm = authorization.getRealm(); KeycloakSession keycloakSession = authorization.getKeycloakSession(); UserProvider users = keycloakSession.users(); @@ -2378,6 +2383,9 @@ public class RepresentationToModel { federatedStorage.addConsent(newRealm, userRep.getId(), consentModel); } } + if (userRep.getNotBefore() != null) { + federatedStorage.setNotBeforeForUser(newRealm, userRep.getId(), userRep.getNotBefore()); + } } diff --git a/server-spi/pom.xml b/server-spi/pom.xml index e251128e6ef..cc48344ae59 100755 --- a/server-spi/pom.xml +++ b/server-spi/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 diff --git a/server-spi/src/main/java/org/keycloak/models/ClientModel.java b/server-spi/src/main/java/org/keycloak/models/ClientModel.java index 072cda3a9c5..5f4403f9f60 100755 --- a/server-spi/src/main/java/org/keycloak/models/ClientModel.java +++ b/server-spi/src/main/java/org/keycloak/models/ClientModel.java @@ -34,8 +34,16 @@ public interface ClientModel extends RoleContainerModel, ProtocolMapperContaine void updateClient(); + /** + * Returns client internal ID (UUID). + * @return + */ String getId(); + /** + * Returns client ID as defined by the user. + * @return + */ String getClientId(); void setClientId(String clientId); diff --git a/server-spi/src/main/java/org/keycloak/models/UserProvider.java b/server-spi/src/main/java/org/keycloak/models/UserProvider.java index 46bb4c3117b..c337f3ac879 100755 --- a/server-spi/src/main/java/org/keycloak/models/UserProvider.java +++ b/server-spi/src/main/java/org/keycloak/models/UserProvider.java @@ -51,6 +51,8 @@ public interface UserProvider extends Provider, void updateConsent(RealmModel realm, String userId, UserConsentModel consent); boolean revokeConsentForClient(RealmModel realm, String userId, String clientInternalId); + void setNotBeforeForUser(RealmModel realm, UserModel user, int notBefore); + int getNotBeforeOfUser(RealmModel realm, UserModel user); UserModel getServiceAccount(ClientModel client); List getUsers(RealmModel realm, boolean includeServiceAccounts); diff --git a/server-spi/src/main/java/org/keycloak/models/UserSessionModel.java b/server-spi/src/main/java/org/keycloak/models/UserSessionModel.java index a6f1c355aef..ff7c86485cc 100755 --- a/server-spi/src/main/java/org/keycloak/models/UserSessionModel.java +++ b/server-spi/src/main/java/org/keycloak/models/UserSessionModel.java @@ -52,7 +52,17 @@ public interface UserSessionModel { void setLastSessionRefresh(int seconds); + /** + * Returns map where key is ID of the client (its UUID) and value is the respective {@link AuthenticatedClientSessionModel} object. + * @return + */ Map getAuthenticatedClientSessions(); + /** + * Removes authenticated client sessions for all clients whose UUID is present in {@code removedClientUUIDS} parameter. + * @param removedClientUUIDS + */ + void removeAuthenticatedClientSessions(Iterable removedClientUUIDS); + public String getNote(String name); public void setNote(String name, String value); diff --git a/server-spi/src/main/java/org/keycloak/sessions/AuthenticationSessionProvider.java b/server-spi/src/main/java/org/keycloak/sessions/AuthenticationSessionProvider.java index 99806d45b29..8cc40350d0f 100644 --- a/server-spi/src/main/java/org/keycloak/sessions/AuthenticationSessionProvider.java +++ b/server-spi/src/main/java/org/keycloak/sessions/AuthenticationSessionProvider.java @@ -27,7 +27,10 @@ import java.util.Map; */ public interface AuthenticationSessionProvider extends Provider { - // Generates random ID + /** + * Creates and registers a new authentication session with random ID. Authentication session + * entity will be prefilled with current timestamp, the given realm and client. + */ AuthenticationSessionModel createAuthenticationSession(RealmModel realm, ClientModel client); AuthenticationSessionModel createAuthenticationSession(String id, RealmModel realm, ClientModel client); diff --git a/server-spi/src/main/java/org/keycloak/sessions/CommonClientSessionModel.java b/server-spi/src/main/java/org/keycloak/sessions/CommonClientSessionModel.java index 1598714c37d..5f913caf419 100644 --- a/server-spi/src/main/java/org/keycloak/sessions/CommonClientSessionModel.java +++ b/server-spi/src/main/java/org/keycloak/sessions/CommonClientSessionModel.java @@ -59,6 +59,7 @@ public interface CommonClientSessionModel { CODE_TO_TOKEN, AUTHENTICATE, LOGGED_OUT, + LOGGING_OUT, REQUIRED_ACTIONS } diff --git a/server-spi/src/main/java/org/keycloak/storage/federated/UserFederatedStorageProvider.java b/server-spi/src/main/java/org/keycloak/storage/federated/UserFederatedStorageProvider.java index 1d12d3626f7..da42c4c868f 100755 --- a/server-spi/src/main/java/org/keycloak/storage/federated/UserFederatedStorageProvider.java +++ b/server-spi/src/main/java/org/keycloak/storage/federated/UserFederatedStorageProvider.java @@ -36,6 +36,7 @@ public interface UserFederatedStorageProvider extends Provider, UserAttributeFederatedStorage, UserBrokerLinkFederatedStorage, UserConsentFederatedStorage, + UserNotBeforeFederatedStorage, UserGroupMembershipFederatedStorage, UserRequiredActionsFederatedStorage, UserRoleMappingsFederatedStorage, diff --git a/server-spi/src/main/java/org/keycloak/storage/federated/UserNotBeforeFederatedStorage.java b/server-spi/src/main/java/org/keycloak/storage/federated/UserNotBeforeFederatedStorage.java new file mode 100644 index 00000000000..4b18026645b --- /dev/null +++ b/server-spi/src/main/java/org/keycloak/storage/federated/UserNotBeforeFederatedStorage.java @@ -0,0 +1,30 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.storage.federated; + +import org.keycloak.models.RealmModel; +import org.keycloak.models.UserModel; + +/** + * @author Marek Posolda + */ +public interface UserNotBeforeFederatedStorage { + + void setNotBeforeForUser(RealmModel realm, String userId, int notBefore); + int getNotBeforeOfUser(RealmModel realm, String userId); +} diff --git a/services/pom.xml b/services/pom.xml index 733b81277e9..703d48594b2 100755 --- a/services/pom.xml +++ b/services/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/browser/ConditionalOtpFormAuthenticator.java b/services/src/main/java/org/keycloak/authentication/authenticators/browser/ConditionalOtpFormAuthenticator.java index 1696a1d9205..17550f47b2d 100644 --- a/services/src/main/java/org/keycloak/authentication/authenticators/browser/ConditionalOtpFormAuthenticator.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/browser/ConditionalOtpFormAuthenticator.java @@ -300,10 +300,27 @@ public class ConditionalOtpFormAuthenticator extends OTPFormAuthenticator { && configModel.getConfig().size() <= 1) { return true; } + if (containsConditionalOtpConfig(configModel.getConfig()) + && voteForUserOtpControlAttribute(user, configModel.getConfig()) == ABSTAIN + && voteForUserRole(realm, user, configModel.getConfig()) == ABSTAIN + && voteForHttpHeaderMatchesPattern(requestHeaders, configModel.getConfig()) == ABSTAIN + && (voteForDefaultFallback(configModel.getConfig()) == SHOW_OTP + || voteForDefaultFallback(configModel.getConfig()) == ABSTAIN)) { + return true; + } } return false; } + private boolean containsConditionalOtpConfig(Map config) { + return config.containsKey(OTP_CONTROL_USER_ATTRIBUTE) + || config.containsKey(SKIP_OTP_ROLE) + || config.containsKey(FORCE_OTP_ROLE) + || config.containsKey(SKIP_OTP_FOR_HTTP_HEADER) + || config.containsKey(FORCE_OTP_FOR_HTTP_HEADER) + || config.containsKey(DEFAULT_OTP_OUTCOME); + } + @Override public void setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user) { if (!isOTPRequired(session, realm, user)) { diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/browser/CookieAuthenticator.java b/services/src/main/java/org/keycloak/authentication/authenticators/browser/CookieAuthenticator.java index cf7e1a0ba22..e2e1ee1de44 100755 --- a/services/src/main/java/org/keycloak/authentication/authenticators/browser/CookieAuthenticator.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/browser/CookieAuthenticator.java @@ -51,7 +51,7 @@ public class CookieAuthenticator implements Authenticator { if (protocol.requireReauthentication(authResult.getSession(), clientSession)) { context.attempted(); } else { - clientSession.setClientNote(AuthenticationManager.SSO_AUTH, "true"); + context.getSession().setAttribute(AuthenticationManager.SSO_AUTH, "true"); context.setUser(authResult.getUser()); context.attachUserSession(authResult.getSession()); diff --git a/services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java b/services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java index 3d4f1633639..72772e29dad 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java @@ -18,15 +18,15 @@ package org.keycloak.authorization.admin; +import javax.ws.rs.Path; + import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; import org.keycloak.services.resources.admin.AdminEventBuilder; - -import javax.ws.rs.Path; +import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; /** * @author Pedro Igor @@ -43,7 +43,7 @@ public class AuthorizationService { this.client = client; this.authorization = session.getProvider(AuthorizationProvider.class); this.adminEvent = adminEvent; - this.resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findByClient(this.client.getId()); + this.resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findById(this.client.getId()); this.auth = auth; } diff --git a/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java b/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java index ecebaae34af..e3903a8f0ff 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java @@ -229,7 +229,7 @@ public class PolicyEvaluationService { String clientId = representation.getClientId(); if (clientId == null) { - clientId = resourceServer.getClientId(); + clientId = resourceServer.getId(); } if (clientId != null) { diff --git a/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java b/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java index 3f8b7373c34..f4d685c9cda 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java @@ -30,17 +30,15 @@ import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.ResourceType; import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; -import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; -import org.keycloak.models.UserProvider; import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation; import org.keycloak.representations.idm.authorization.ResourceRepresentation; import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.services.ErrorResponse; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; import org.keycloak.services.resources.admin.AdminEventBuilder; +import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; @@ -103,7 +101,7 @@ public class ResourceSetService { if (owner == null) { owner = new ResourceOwnerRepresentation(); - owner.setId(resourceServer.getClientId()); + owner.setId(resourceServer.getId()); } String ownerId = owner.getId(); @@ -217,7 +215,7 @@ public class ResourceSetService { if (model.getType() != null) { ResourceStore resourceStore = authorization.getStoreFactory().getResourceStore(); for (Resource typed : resourceStore.findByType(model.getType(), resourceServer.getId())) { - if (typed.getOwner().equals(resourceServer.getClientId()) && !typed.getId().equals(model.getId())) { + if (typed.getOwner().equals(resourceServer.getId()) && !typed.getId().equals(model.getId())) { scopes.addAll(typed.getScopes().stream().map(model1 -> { ScopeRepresentation scope = new ScopeRepresentation(); scope.setId(model1.getId()); diff --git a/services/src/main/java/org/keycloak/authorization/common/ClientModelIdentity.java b/services/src/main/java/org/keycloak/authorization/common/ClientModelIdentity.java index d2c6b67672b..f499a018f61 100644 --- a/services/src/main/java/org/keycloak/authorization/common/ClientModelIdentity.java +++ b/services/src/main/java/org/keycloak/authorization/common/ClientModelIdentity.java @@ -70,14 +70,4 @@ public class ClientModelIdentity implements Identity { if (role == null) return false; return serviceAccount.hasRole(role); } - - @Override - public boolean hasRole(String roleName) { - throw new RuntimeException("Should not execute"); - } - - @Override - public boolean hasClientRole(String roleName) { - throw new RuntimeException("Should not execute"); - } } diff --git a/services/src/main/java/org/keycloak/authorization/common/UserModelIdentity.java b/services/src/main/java/org/keycloak/authorization/common/UserModelIdentity.java index c54e4c0532a..2726913b205 100644 --- a/services/src/main/java/org/keycloak/authorization/common/UserModelIdentity.java +++ b/services/src/main/java/org/keycloak/authorization/common/UserModelIdentity.java @@ -64,14 +64,4 @@ public class UserModelIdentity implements Identity { if (role == null) return false; return user.hasRole(role); } - - @Override - public boolean hasRole(String roleName) { - throw new RuntimeException("Should not execute"); - } - - @Override - public boolean hasClientRole(String roleName) { - throw new RuntimeException("Should not execute"); - } } diff --git a/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java b/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java index 54097bbe366..0108eab9340 100644 --- a/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java +++ b/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java @@ -119,7 +119,7 @@ public class EntitlementService { } StoreFactory storeFactory = authorization.getStoreFactory(); - ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(client.getId()); + ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(client.getId()); if (resourceServer == null) { throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Client does not support permissions", Status.FORBIDDEN); @@ -152,7 +152,7 @@ public class EntitlementService { } StoreFactory storeFactory = authorization.getStoreFactory(); - ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(client.getId()); + ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(client.getId()); if (resourceServer == null) { throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Client does not support permissions", Status.FORBIDDEN); diff --git a/services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java b/services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java index 377927983e8..30afbc798b2 100644 --- a/services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java +++ b/services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java @@ -100,7 +100,7 @@ public class ProtectionService { ResourceServer resourceServer = getResourceServer(identity); KeycloakSession keycloakSession = authorization.getKeycloakSession(); RealmModel realm = keycloakSession.getContext().getRealm(); - ClientModel client = realm.getClientById(resourceServer.getClientId()); + ClientModel client = realm.getClientById(resourceServer.getId()); if (!identity.hasClientRole(client.getClientId(), "uma_protection")) { throw new ErrorResponseException(OAuthErrorException.INVALID_SCOPE, "Requires uma_protection scope.", Status.FORBIDDEN); @@ -117,7 +117,7 @@ public class ProtectionService { throw new ErrorResponseException("invalid_clientId", "Client application with id [" + identity.getId() + "] does not exist in realm [" + realm.getName() + "]", Status.BAD_REQUEST); } - ResourceServer resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findByClient(identity.getId()); + ResourceServer resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findById(identity.getId()); if (resourceServer == null) { throw new ErrorResponseException("invalid_clientId", "Client application [" + clientApplication.getClientId() + "] is not registered as resource server.", Status.FORBIDDEN); diff --git a/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java b/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java index 665fe8f5af0..1e669cfa048 100644 --- a/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java +++ b/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java @@ -114,7 +114,7 @@ public class AbstractPermissionService { } for (Resource baseResource : authorization.getStoreFactory().getResourceStore().findByType(resource.getType(), resourceServer.getId())) { - if (baseResource.getOwner().equals(resource.getResourceServer().getClientId())) { + if (baseResource.getOwner().equals(resource.getResourceServer().getId())) { for (Scope baseScope : baseResource.getScopes()) { if (baseScope.getName().equals(scopeName)) { return new ScopeRepresentation(scopeName); diff --git a/services/src/main/java/org/keycloak/authorization/util/Permissions.java b/services/src/main/java/org/keycloak/authorization/util/Permissions.java index b0e5daa364d..a420cf9bb51 100644 --- a/services/src/main/java/org/keycloak/authorization/util/Permissions.java +++ b/services/src/main/java/org/keycloak/authorization/util/Permissions.java @@ -20,8 +20,6 @@ package org.keycloak.authorization.util; import java.util.ArrayList; import java.util.Arrays; -import java.util.Collections; -import java.util.HashMap; import java.util.HashSet; import java.util.LinkedHashMap; import java.util.LinkedList; @@ -70,7 +68,7 @@ public final class Permissions { StoreFactory storeFactory = authorization.getStoreFactory(); ResourceStore resourceStore = storeFactory.getResourceStore(); - resourceStore.findByOwner(resourceServer.getClientId(), resourceServer.getId()).stream().forEach(resource -> permissions.addAll(createResourcePermissionsWithScopes(resource, new LinkedList(resource.getScopes()), authorization))); + resourceStore.findByOwner(resourceServer.getId(), resourceServer.getId()).stream().forEach(resource -> permissions.addAll(createResourcePermissionsWithScopes(resource, new LinkedList(resource.getScopes()), authorization))); resourceStore.findByOwner(identity.getId(), resourceServer.getId()).stream().forEach(resource -> permissions.addAll(createResourcePermissionsWithScopes(resource, new LinkedList(resource.getScopes()), authorization))); return permissions; @@ -86,11 +84,11 @@ public final class Permissions { scopes = new LinkedList<>(resource.getScopes()); // check if there is a typed resource whose scopes are inherited by the resource being requested. In this case, we assume that parent resource // is owned by the resource server itself - if (type != null && !resource.getOwner().equals(resourceServer.getClientId())) { + if (type != null && !resource.getOwner().equals(resourceServer.getId())) { StoreFactory storeFactory = authorization.getStoreFactory(); ResourceStore resourceStore = storeFactory.getResourceStore(); resourceStore.findByType(type, resourceServer.getId()).forEach(resource1 -> { - if (resource1.getOwner().equals(resourceServer.getClientId())) { + if (resource1.getOwner().equals(resourceServer.getId())) { for (Scope typeScope : resource1.getScopes()) { if (!scopes.contains(typeScope)) { scopes.add(typeScope); @@ -123,11 +121,11 @@ public final class Permissions { // check if there is a typed resource whose scopes are inherited by the resource being requested. In this case, we assume that parent resource // is owned by the resource server itself - if (type != null && !resource.getOwner().equals(resourceServer.getClientId())) { + if (type != null && !resource.getOwner().equals(resourceServer.getId())) { StoreFactory storeFactory = authorization.getStoreFactory(); ResourceStore resourceStore = storeFactory.getResourceStore(); resourceStore.findByType(type, resourceServer.getId()).forEach(resource1 -> { - if (resource1.getOwner().equals(resourceServer.getClientId())) { + if (resource1.getOwner().equals(resourceServer.getId())) { for (Scope typeScope : resource1.getScopes()) { if (!scopes.contains(typeScope)) { scopes.add(typeScope); diff --git a/services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java b/services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java index f4a877e17ef..7c754c2b21e 100755 --- a/services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java +++ b/services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java @@ -24,22 +24,33 @@ import org.keycloak.broker.provider.AbstractIdentityProvider; import org.keycloak.broker.provider.AuthenticationRequest; import org.keycloak.broker.provider.BrokeredIdentityContext; import org.keycloak.broker.provider.IdentityBrokerException; +import org.keycloak.broker.provider.TokenExchangeTo; import org.keycloak.broker.provider.util.SimpleHttp; import org.keycloak.common.ClientConnection; +import org.keycloak.events.Details; import org.keycloak.events.Errors; import org.keycloak.events.EventBuilder; import org.keycloak.events.EventType; +import org.keycloak.models.ClientModel; import org.keycloak.models.FederatedIdentityModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; +import org.keycloak.models.UserModel; +import org.keycloak.models.UserSessionModel; +import org.keycloak.representations.AccessToken; +import org.keycloak.representations.AccessTokenResponse; +import org.keycloak.protocol.oidc.OIDCLoginProtocol; import org.keycloak.services.ErrorPage; import org.keycloak.services.messages.Messages; +import org.keycloak.sessions.AuthenticationSessionModel; import javax.ws.rs.GET; import javax.ws.rs.QueryParam; import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriInfo; @@ -51,7 +62,7 @@ import java.util.regex.Pattern; /** * @author Pedro Igor */ -public abstract class AbstractOAuth2IdentityProvider extends AbstractIdentityProvider { +public abstract class AbstractOAuth2IdentityProvider extends AbstractIdentityProvider implements TokenExchangeTo { protected static final Logger logger = Logger.getLogger(AbstractOAuth2IdentityProvider.class); public static final String OAUTH2_GRANT_TYPE_REFRESH_TOKEN = "refresh_token"; @@ -136,14 +147,76 @@ public abstract class AbstractOAuth2IdentityProvider params) { + String requestedType = params.getFirst(OAuth2Constants.REQUESTED_TOKEN_TYPE); + if (requestedType != null && !requestedType.equals(OAuth2Constants.ACCESS_TOKEN_TYPE)) { + return exchangeUnsupportedRequiredType(); + } + if (!getConfig().isStoreToken()) { + String brokerId = tokenUserSession.getNote(Details.IDENTITY_PROVIDER); + if (brokerId == null || !brokerId.equals(getConfig().getAlias())) { + return exchangeNotSupported(); + } + return exchangeSessionToken(uriInfo, authorizedClient, tokenUserSession, tokenSubject, token); + } else { + return exchangeStoredToken(uriInfo, authorizedClient, tokenUserSession, tokenSubject, token); + } + } + + protected Response exchangeStoredToken(UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject, AccessToken token) { + FederatedIdentityModel model = session.users().getFederatedIdentity(tokenSubject, getConfig().getAlias(), authorizedClient.getRealm()); + if (model == null || model.getToken() == null) { + return exchangeNotLinked(uriInfo, authorizedClient, tokenUserSession, tokenSubject, token); + } + String accessToken = extractTokenFromResponse(model.getToken(), getAccessTokenResponseParameter()); + if (accessToken == null) { + model.setToken(null); + session.users().updateFederatedIdentity(authorizedClient.getRealm(), tokenSubject, model); + return exchangeTokenExpired(uriInfo, authorizedClient, tokenUserSession, tokenSubject, token); + } + AccessTokenResponse tokenResponse = new AccessTokenResponse(); + tokenResponse.setToken(accessToken); + tokenResponse.setIdToken(null); + tokenResponse.setRefreshToken(null); + tokenResponse.setRefreshExpiresIn(0); + tokenResponse.getOtherClaims().clear(); + tokenResponse.getOtherClaims().put(OAuth2Constants.ISSUED_TOKEN_TYPE, OAuth2Constants.ACCESS_TOKEN_TYPE); + tokenResponse.getOtherClaims().put(ACCOUNT_LINK_URL, getLinkingUrl(uriInfo, authorizedClient, tokenUserSession, token)); + return Response.ok(tokenResponse).type(MediaType.APPLICATION_JSON_TYPE).build(); + } + + protected Response exchangeSessionToken(UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject, AccessToken token) { + String accessToken = tokenUserSession.getNote(FEDERATED_ACCESS_TOKEN); + if (accessToken == null) { + return exchangeTokenExpired(uriInfo, authorizedClient, tokenUserSession, tokenSubject, token); + } + AccessTokenResponse tokenResponse = new AccessTokenResponse(); + tokenResponse.setToken(accessToken); + tokenResponse.setIdToken(null); + tokenResponse.setRefreshToken(null); + tokenResponse.setRefreshExpiresIn(0); + tokenResponse.getOtherClaims().clear(); + tokenResponse.getOtherClaims().put(OAuth2Constants.ISSUED_TOKEN_TYPE, OAuth2Constants.ACCESS_TOKEN_TYPE); + tokenResponse.getOtherClaims().put(ACCOUNT_LINK_URL, getLinkingUrl(uriInfo, authorizedClient, tokenUserSession, token)); + return Response.ok(tokenResponse).type(MediaType.APPLICATION_JSON_TYPE).build(); + } + + public BrokeredIdentityContext getFederatedIdentity(String response) { - String accessToken = extractTokenFromResponse(response, OAUTH2_PARAMETER_ACCESS_TOKEN); + String accessToken = extractTokenFromResponse(response, getAccessTokenResponseParameter()); if (accessToken == null) { throw new IdentityBrokerException("No access token available in OAuth server response: " + response); } - return doGetFederatedIdentity(accessToken); + BrokeredIdentityContext context = doGetFederatedIdentity(accessToken); + context.getContextData().put(FEDERATED_ACCESS_TOKEN, accessToken); + return context; + } + + protected String getAccessTokenResponseParameter() { + return OAUTH2_PARAMETER_ACCESS_TOKEN; } @@ -153,12 +226,18 @@ public abstract class AbstractOAuth2IdentityProvider { +public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider { protected static final Logger logger = Logger.getLogger(OIDCIdentityProvider.class); public static final String OAUTH2_PARAMETER_PROMPT = "prompt"; @@ -68,6 +73,7 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider=200 && status < 400; if (!success) { logger.warn("Failed backchannel broker logout to: " + url); @@ -170,7 +176,7 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider 0 && currentTime > exp) { - String response = refreshToken(session, userSession); + String response = refreshTokenForLogout(session, userSession); AccessTokenResponse tokenResponse = null; try { tokenResponse = JsonSerialization.readValue(response, AccessTokenResponse.class); @@ -215,8 +221,108 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider 0) { + long accessTokenExpiration = Time.currentTime() + newResponse.getExpiresIn(); + newResponse.getOtherClaims().put(ACCESS_TOKEN_EXPIRATION, accessTokenExpiration); + response = JsonSerialization.writeValueAsString(newResponse); + } + String oldToken = tokenUserSession.getNote(FEDERATED_ACCESS_TOKEN); + if (oldToken != null && oldToken.equals(tokenResponse.getToken())) { + long accessTokenExpiration = newResponse.getExpiresIn() > 0 ? Time.currentTime() + newResponse.getExpiresIn() : 0; + tokenUserSession.setNote(FEDERATED_TOKEN_EXPIRATION, Long.toString(accessTokenExpiration)); + tokenUserSession.setNote(FEDERATED_REFRESH_TOKEN, newResponse.getRefreshToken()); + tokenUserSession.setNote(FEDERATED_ACCESS_TOKEN, newResponse.getToken()); + tokenUserSession.setNote(FEDERATED_ID_TOKEN, newResponse.getIdToken()); + + } + model.setToken(response); + tokenResponse = newResponse; + } else if (exp != null) { + tokenResponse.setExpiresIn(exp - Time.currentTime()); + } + tokenResponse.setIdToken(null); + tokenResponse.setRefreshToken(null); + tokenResponse.setRefreshExpiresIn(0); + tokenResponse.getOtherClaims().clear(); + tokenResponse.getOtherClaims().put(OAuth2Constants.ISSUED_TOKEN_TYPE, OAuth2Constants.ACCESS_TOKEN_TYPE); + tokenResponse.getOtherClaims().put(ACCOUNT_LINK_URL, getLinkingUrl(uriInfo, authorizedClient, tokenUserSession, token)); + return Response.ok(tokenResponse).type(MediaType.APPLICATION_JSON_TYPE).build(); + } catch (IOException e) { + throw new RuntimeException(e); + } + } + + protected Response exchangeSessionToken(UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject, AccessToken token) { + try { + long expiration = Long.parseLong(tokenUserSession.getNote(FEDERATED_TOKEN_EXPIRATION)); + String refreshToken = tokenUserSession.getNote(FEDERATED_REFRESH_TOKEN); + String accessToken = tokenUserSession.getNote(FEDERATED_ACCESS_TOKEN); + String idToken = tokenUserSession.getNote(FEDERATED_ID_TOKEN); + if (expiration == 0 || expiration > Time.currentTime()) { + AccessTokenResponse tokenResponse = new AccessTokenResponse(); + tokenResponse.setExpiresIn(expiration); + tokenResponse.setToken(accessToken); + tokenResponse.setIdToken(null); + tokenResponse.setRefreshToken(null); + tokenResponse.setRefreshExpiresIn(0); + tokenResponse.getOtherClaims().put(OAuth2Constants.ISSUED_TOKEN_TYPE, OAuth2Constants.ACCESS_TOKEN_TYPE); + tokenResponse.getOtherClaims().put(ACCOUNT_LINK_URL, getLinkingUrl(uriInfo, authorizedClient, tokenUserSession, token)); + return Response.ok(tokenResponse).type(MediaType.APPLICATION_JSON_TYPE).build(); + } + String response = SimpleHttp.doPost(getConfig().getTokenUrl(), session) + .param("refresh_token", refreshToken) + .param(OAUTH2_PARAMETER_GRANT_TYPE, OAUTH2_GRANT_TYPE_REFRESH_TOKEN) + .param(OAUTH2_PARAMETER_CLIENT_ID, getConfig().getClientId()) + .param(OAUTH2_PARAMETER_CLIENT_SECRET, getConfig().getClientSecret()).asString(); + if (response.contains("error")) { + return exchangeTokenExpired(uriInfo, authorizedClient, tokenUserSession, tokenSubject, token); + } + AccessTokenResponse newResponse = JsonSerialization.readValue(response, AccessTokenResponse.class); + long accessTokenExpiration = newResponse.getExpiresIn() > 0 ? Time.currentTime() + newResponse.getExpiresIn() : 0; + tokenUserSession.setNote(FEDERATED_TOKEN_EXPIRATION, Long.toString(accessTokenExpiration)); + tokenUserSession.setNote(FEDERATED_REFRESH_TOKEN, newResponse.getRefreshToken()); + tokenUserSession.setNote(FEDERATED_ACCESS_TOKEN, newResponse.getToken()); + tokenUserSession.setNote(FEDERATED_ID_TOKEN, newResponse.getIdToken()); + newResponse.setIdToken(null); + newResponse.setRefreshToken(null); + newResponse.setRefreshExpiresIn(0); + newResponse.getOtherClaims().clear(); + newResponse.getOtherClaims().put(OAuth2Constants.ISSUED_TOKEN_TYPE, OAuth2Constants.ACCESS_TOKEN_TYPE); + newResponse.getOtherClaims().put(ACCOUNT_LINK_URL, getLinkingUrl(uriInfo, authorizedClient, tokenUserSession, token)); + return Response.ok(newResponse).type(MediaType.APPLICATION_JSON_TYPE).build(); + } catch (IOException e) { + throw new RuntimeException(e); + } + } + + @Override public BrokeredIdentityContext getFederatedIdentity(String response) { AccessTokenResponse tokenResponse = null; @@ -235,6 +341,13 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider 0) { + long accessTokenExpiration = Time.currentTime() + tokenResponse.getExpiresIn(); + tokenResponse.getOtherClaims().put(ACCESS_TOKEN_EXPIRATION, accessTokenExpiration); + response1 = JsonSerialization.writeValueAsString(tokenResponse); + } + response = response1; identity.setToken(response); } @@ -254,9 +367,8 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProviderBill Burke - * @version $Revision: 1 $ - */ -public class JsonSimpleHttp extends SimpleHttp { - public JsonSimpleHttp(String url, String method, KeycloakSession session) { - super(url, method, session); - } - - public static JsonSimpleHttp doGet(String url, KeycloakSession session) { - return new JsonSimpleHttp(url, "GET", session); - } - - public static JsonSimpleHttp doPost(String url, KeycloakSession session) { - return new JsonSimpleHttp(url, "POST", session); - } - - private static ObjectMapper mapper = new ObjectMapper(); - - public static JsonNode asJson(SimpleHttp request) throws IOException { - return mapper.readTree(request.asString()); - } - -} diff --git a/services/src/main/java/org/keycloak/email/freemarker/FreeMarkerEmailTemplateProvider.java b/services/src/main/java/org/keycloak/email/freemarker/FreeMarkerEmailTemplateProvider.java index ddf29a15aa6..09a3789e980 100755 --- a/services/src/main/java/org/keycloak/email/freemarker/FreeMarkerEmailTemplateProvider.java +++ b/services/src/main/java/org/keycloak/email/freemarker/FreeMarkerEmailTemplateProvider.java @@ -49,11 +49,11 @@ import java.util.Properties; */ public class FreeMarkerEmailTemplateProvider implements EmailTemplateProvider { - private KeycloakSession session; - private FreeMarkerUtil freeMarker; - private RealmModel realm; - private UserModel user; - private final Map attributes = new HashMap<>(); + protected KeycloakSession session; + protected FreeMarkerUtil freeMarker; + protected RealmModel realm; + protected UserModel user; + protected final Map attributes = new HashMap<>(); public FreeMarkerEmailTemplateProvider(KeycloakSession session, FreeMarkerUtil freeMarker) { this.session = session; @@ -78,7 +78,7 @@ public class FreeMarkerEmailTemplateProvider implements EmailTemplateProvider { return this; } - private String getRealmName() { + protected String getRealmName() { if (realm.getDisplayName() != null) { return realm.getDisplayName(); } else { @@ -165,11 +165,11 @@ public class FreeMarkerEmailTemplateProvider implements EmailTemplateProvider { send("emailVerificationSubject", "email-verification.ftl", attributes); } - private void send(String subjectKey, String template, Map attributes) throws EmailException { + protected void send(String subjectKey, String template, Map attributes) throws EmailException { send(subjectKey, Collections.emptyList(), template, attributes); } - private EmailTemplate processTemplate(String subjectKey, List subjectAttributes, String template, Map attributes) throws EmailException { + protected EmailTemplate processTemplate(String subjectKey, List subjectAttributes, String template, Map attributes) throws EmailException { try { ThemeProvider themeProvider = session.getProvider(ThemeProvider.class, "extending"); Theme theme = themeProvider.getTheme(realm.getEmailTheme(), Theme.Type.EMAIL); @@ -198,7 +198,7 @@ public class FreeMarkerEmailTemplateProvider implements EmailTemplateProvider { throw new EmailException("Failed to template email", e); } } - private void send(String subjectKey, List subjectAttributes, String template, Map attributes) throws EmailException { + protected void send(String subjectKey, List subjectAttributes, String template, Map attributes) throws EmailException { try { EmailTemplate email = processTemplate(subjectKey, subjectAttributes, template, attributes); send(email.getSubject(), email.getTextBody(), email.getHtmlBody()); @@ -207,11 +207,11 @@ public class FreeMarkerEmailTemplateProvider implements EmailTemplateProvider { } } - private void send(String subject, String textBody, String htmlBody) throws EmailException { + protected void send(String subject, String textBody, String htmlBody) throws EmailException { send(realm.getSmtpConfig(), subject, textBody, htmlBody); } - private void send(Map config, String subject, String textBody, String htmlBody) throws EmailException { + protected void send(Map config, String subject, String textBody, String htmlBody) throws EmailException { EmailSenderProvider emailSender = session.getProvider(EmailSenderProvider.class); emailSender.send(config, user, subject, textBody, htmlBody); } @@ -220,15 +220,15 @@ public class FreeMarkerEmailTemplateProvider implements EmailTemplateProvider { public void close() { } - private String toCamelCase(EventType event){ + protected String toCamelCase(EventType event){ StringBuilder sb = new StringBuilder("event"); - for(String s : event.name().toString().toLowerCase().split("_")){ + for(String s : event.name().toLowerCase().split("_")){ sb.append(ObjectUtil.capitalize(s)); } return sb.toString(); } - private class EmailTemplate { + protected class EmailTemplate { private String subject; private String textBody; diff --git a/services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java b/services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java index facce6ca2d7..371c4daa019 100755 --- a/services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java +++ b/services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java @@ -55,7 +55,6 @@ import org.keycloak.models.RoleContainerModel; import org.keycloak.models.RoleModel; import org.keycloak.models.UserConsentModel; import org.keycloak.models.UserModel; -import org.keycloak.models.UserProvider; import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.ClientTemplateRepresentation; @@ -73,6 +72,7 @@ import org.keycloak.representations.idm.authorization.ResourceRepresentation; import org.keycloak.representations.idm.authorization.ResourceServerRepresentation; import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.util.JsonSerialization; + import com.fasterxml.jackson.core.JsonEncoding; import com.fasterxml.jackson.core.JsonFactory; import com.fasterxml.jackson.core.JsonGenerator; @@ -298,7 +298,7 @@ public class ExportUtils { AuthorizationProviderFactory providerFactory = (AuthorizationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class); AuthorizationProvider authorization = providerFactory.create(session, client.getRealm()); StoreFactory storeFactory = authorization.getStoreFactory(); - ResourceServer settingsModel = authorization.getStoreFactory().getResourceServerStore().findByClient(client.getId()); + ResourceServer settingsModel = authorization.getStoreFactory().getResourceServerStore().findById(client.getId()); if (settingsModel == null) { return null; @@ -314,7 +314,7 @@ public class ExportUtils { .stream().map(resource -> { ResourceRepresentation rep = toRepresentation(resource, settingsModel, authorization); - if (rep.getOwner().getId().equals(settingsModel.getClientId())) { + if (rep.getOwner().getId().equals(settingsModel.getId())) { rep.setOwner(null); } else { rep.getOwner().setId(null); @@ -530,6 +530,10 @@ public class ExportUtils { userRep.setClientConsents(consentReps); } + // Not Before + int notBefore = session.users().getNotBeforeOfUser(realm, user); + userRep.setNotBefore(notBefore); + // Service account if (user.getServiceAccountClientLink() != null) { String clientInternalId = user.getServiceAccountClientLink(); @@ -717,6 +721,10 @@ public class ExportUtils { userRep.setClientConsents(consentReps); } + // Not Before + int notBefore = session.userFederatedStorage().getNotBeforeOfUser(realm, userRep.getId()); + userRep.setNotBefore(notBefore); + if (options.isGroupsAndRolesIncluded()) { List groups = new LinkedList<>(); for (GroupModel group : session.userFederatedStorage().getGroups(realm, id)) { diff --git a/services/src/main/java/org/keycloak/forms/account/freemarker/model/AccountFederatedIdentityBean.java b/services/src/main/java/org/keycloak/forms/account/freemarker/model/AccountFederatedIdentityBean.java index 96f42575584..54dd7bff9a6 100755 --- a/services/src/main/java/org/keycloak/forms/account/freemarker/model/AccountFederatedIdentityBean.java +++ b/services/src/main/java/org/keycloak/forms/account/freemarker/model/AccountFederatedIdentityBean.java @@ -23,7 +23,7 @@ import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.models.utils.KeycloakModelUtils; -import org.keycloak.services.resources.AccountService; +import org.keycloak.services.resources.account.AccountFormService; import org.keycloak.services.Urls; import javax.ws.rs.core.UriBuilder; @@ -80,7 +80,7 @@ public class AccountFederatedIdentityBean { this.identities = new LinkedList(orderedSet); // Removing last social provider is not possible if you don't have other possibility to authenticate - this.removeLinkPossible = availableIdentities > 1 || user.getFederationLink() != null || AccountService.isPasswordSet(session, realm, user); + this.removeLinkPossible = availableIdentities > 1 || user.getFederationLink() != null || AccountFormService.isPasswordSet(session, realm, user); } private FederatedIdentityModel getIdentity(Set identities, String providerId) { diff --git a/services/src/main/java/org/keycloak/protocol/AuthorizationEndpointBase.java b/services/src/main/java/org/keycloak/protocol/AuthorizationEndpointBase.java index c06caa07378..b854e52cd9e 100755 --- a/services/src/main/java/org/keycloak/protocol/AuthorizationEndpointBase.java +++ b/services/src/main/java/org/keycloak/protocol/AuthorizationEndpointBase.java @@ -180,9 +180,10 @@ public abstract class AuthorizationEndpointBase { return new AuthorizationEndpointChecks(authSession); } else if (isNewRequest(authSession, client, requestState)) { - // Check if we have lastProcessedExecution and restart the session just if yes. Otherwise update just client information from the AuthorizationEndpoint request. + // Check if we have lastProcessedExecution note or if some request parameter beside state (eg. prompt, kc_idp_hint) changed. Restart the session just if yes. + // Otherwise update just client information from the AuthorizationEndpoint request. // This difference is needed, because of logout from JS applications in multiple browser tabs. - if (hasProcessedExecution(authSession)) { + if (shouldRestartAuthSession(authSession)) { logger.debug("New request from application received, but authentication session already exists. Restart existing authentication session"); authSession.restartSession(realm, client); } else { @@ -223,11 +224,18 @@ public abstract class AuthorizationEndpointBase { } + + protected boolean shouldRestartAuthSession(AuthenticationSessionModel authSession) { + return hasProcessedExecution(authSession); + } + + private boolean hasProcessedExecution(AuthenticationSessionModel authSession) { String lastProcessedExecution = authSession.getAuthNote(AuthenticationProcessor.LAST_PROCESSED_EXECUTION); return (lastProcessedExecution != null); } + // See if we have lastProcessedExecution note. If yes, we are expired. Also if we are in different flow than initial one. Otherwise it is browser refresh of initial username/password form private boolean shouldShowExpirePage(AuthenticationSessionModel authSession) { if (hasProcessedExecution(authSession)) { diff --git a/services/src/main/java/org/keycloak/protocol/docker/installation/DockerRegistryConfigFileInstallationProvider.java b/services/src/main/java/org/keycloak/protocol/docker/installation/DockerRegistryConfigFileInstallationProvider.java index ba4440a21c0..e84b4d4750b 100644 --- a/services/src/main/java/org/keycloak/protocol/docker/installation/DockerRegistryConfigFileInstallationProvider.java +++ b/services/src/main/java/org/keycloak/protocol/docker/installation/DockerRegistryConfigFileInstallationProvider.java @@ -43,9 +43,9 @@ public class DockerRegistryConfigFileInstallationProvider implements ClientInsta public Response generateInstallation(final KeycloakSession session, final RealmModel realm, final ClientModel client, final URI serverBaseUri) { final StringBuilder responseString = new StringBuilder("auth:\n") .append(" token:\n") - .append(" realm: ").append(serverBaseUri).append("/auth/realms/").append(realm.getName()).append("/protocol/").append(DockerAuthV2Protocol.LOGIN_PROTOCOL).append("/auth\n") + .append(" realm: ").append(serverBaseUri).append("/realms/").append(realm.getName()).append("/protocol/").append(DockerAuthV2Protocol.LOGIN_PROTOCOL).append("/auth\n") .append(" service: ").append(client.getClientId()).append("\n") - .append(" issuer: ").append(serverBaseUri).append("/auth/realms/").append(realm.getName()).append("\n"); + .append(" issuer: ").append(serverBaseUri).append("/realms/").append(realm.getName()).append("\n"); return Response.ok(responseString.toString(), MediaType.TEXT_PLAIN_TYPE).build(); } diff --git a/services/src/main/java/org/keycloak/protocol/docker/installation/DockerVariableOverrideInstallationProvider.java b/services/src/main/java/org/keycloak/protocol/docker/installation/DockerVariableOverrideInstallationProvider.java index 055d9ac0435..967879310be 100644 --- a/services/src/main/java/org/keycloak/protocol/docker/installation/DockerVariableOverrideInstallationProvider.java +++ b/services/src/main/java/org/keycloak/protocol/docker/installation/DockerVariableOverrideInstallationProvider.java @@ -43,9 +43,9 @@ public class DockerVariableOverrideInstallationProvider implements ClientInstall @Override public Response generateInstallation(final KeycloakSession session, final RealmModel realm, final ClientModel client, final URI serverBaseUri) { final StringBuilder builder = new StringBuilder() - .append("-e REGISTRY_AUTH_TOKEN_REALM=").append(serverBaseUri).append("/auth/realms/").append(realm.getName()).append("/protocol/").append(DockerAuthV2Protocol.LOGIN_PROTOCOL).append("/auth \\\n") + .append("-e REGISTRY_AUTH_TOKEN_REALM=").append(serverBaseUri).append("/realms/").append(realm.getName()).append("/protocol/").append(DockerAuthV2Protocol.LOGIN_PROTOCOL).append("/auth \\\n") .append("-e REGISTRY_AUTH_TOKEN_SERVICE=").append(client.getClientId()).append(" \\\n") - .append("-e REGISTRY_AUTH_TOKEN_ISSUER=").append(serverBaseUri).append("/auth/realms/").append(realm.getName()).append(" \\\n"); + .append("-e REGISTRY_AUTH_TOKEN_ISSUER=").append(serverBaseUri).append("/realms/").append(realm.getName()).append(" \\\n"); return Response.ok(builder.toString(), MediaType.TEXT_PLAIN_TYPE).build(); } diff --git a/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java b/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java index 6a26c692d55..769947a0b84 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java @@ -180,6 +180,9 @@ public class TokenManager { if (oldToken.getIssuedAt() < realm.getNotBefore()) { throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Stale token"); } + if (oldToken.getIssuedAt() < session.users().getNotBeforeOfUser(realm, user)) { + throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Stale token"); + } // recreate token. @@ -207,9 +210,12 @@ public class TokenManager { if (!user.isEnabled()) { return false; } + if (token.getIssuedAt() < session.users().getNotBeforeOfUser(realm, user)) { + return false; + } ClientModel client = realm.getClientByClientId(token.getIssuedFor()); - if (client == null || !client.isEnabled()) { + if (client == null || !client.isEnabled() || token.getIssuedAt() < client.getNotBefore()) { return false; } @@ -816,9 +822,13 @@ public class TokenManager { res.setRefreshExpiresIn(refreshToken.getExpiration() - Time.currentTime()); } } + int notBefore = realm.getNotBefore(); if (client.getNotBefore() > notBefore) notBefore = client.getNotBefore(); + int userNotBefore = session.users().getNotBeforeOfUser(realm, userSession.getUser()); + if (userNotBefore > notBefore) notBefore = userNotBefore; res.setNotBeforePolicy(notBefore); + return res; } } diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java index 38dbc8f5e4b..f00c89237d3 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java @@ -49,6 +49,8 @@ import org.keycloak.util.TokenUtil; import javax.ws.rs.GET; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; + +import java.util.Objects; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -370,7 +372,48 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase { // If state is same, we likely have the refresh of some previous request String stateFromSession = authSession.getClientNote(OIDCLoginProtocol.STATE_PARAM); - return !stateFromRequest.equals(stateFromSession); + boolean stateChanged =!stateFromRequest.equals(stateFromSession); + if (stateChanged) { + return true; + } + + return isOIDCAuthenticationRelatedParamsChanged(authSession); + } + + + @Override + protected boolean shouldRestartAuthSession(AuthenticationSessionModel authSession) { + return super.shouldRestartAuthSession(authSession) || isOIDCAuthenticationRelatedParamsChanged(authSession); + } + + + // Check if some important OIDC parameters, which have impact on authentication, changed. If yes, we need to restart auth session + private boolean isOIDCAuthenticationRelatedParamsChanged(AuthenticationSessionModel authSession) { + if (isRequestParamChanged(authSession, OIDCLoginProtocol.LOGIN_HINT_PARAM, request.getLoginHint())) { + return true; + } + if (isRequestParamChanged(authSession, OIDCLoginProtocol.PROMPT_PARAM, request.getPrompt())) { + return true; + } + if (isRequestParamChanged(authSession, AdapterConstants.KC_IDP_HINT, request.getIdpHint())) { + return true; + } + + String maxAgeValue = authSession.getClientNote(OIDCLoginProtocol.MAX_AGE_PARAM); + if (maxAgeValue == null && request.getMaxAge() == null) { + return false; + } + if (maxAgeValue != null && Integer.parseInt(maxAgeValue) == request.getMaxAge()) { + return false; + } + + return true; + } + + + private boolean isRequestParamChanged(AuthenticationSessionModel authSession, String noteName, String requestParamValue) { + String authSessionNoteValue = authSession.getClientNote(noteName); + return !Objects.equals(authSessionNoteValue, requestParamValue); } diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java index fef17c6ca06..a3d6e0c3069 100644 --- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java @@ -23,6 +23,8 @@ import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.OAuth2Constants; import org.keycloak.OAuthErrorException; import org.keycloak.authentication.AuthenticationProcessor; +import org.keycloak.broker.provider.IdentityProvider; +import org.keycloak.broker.provider.TokenExchangeTo; import org.keycloak.common.ClientConnection; import org.keycloak.common.constants.ServiceAccountConstants; import org.keycloak.common.util.Base64Url; @@ -34,6 +36,7 @@ import org.keycloak.events.EventType; import org.keycloak.models.AuthenticationFlowModel; import org.keycloak.models.AuthenticatedClientSessionModel; import org.keycloak.models.ClientModel; +import org.keycloak.models.IdentityProviderModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; @@ -53,6 +56,7 @@ import org.keycloak.services.managers.ClientManager; import org.keycloak.services.managers.ClientSessionCode; import org.keycloak.services.managers.RealmManager; import org.keycloak.services.resources.Cors; +import org.keycloak.services.resources.IdentityBrokerService; import org.keycloak.services.resources.admin.permissions.AdminPermissions; import org.keycloak.sessions.AuthenticationSessionModel; import org.keycloak.util.TokenUtil; @@ -65,6 +69,7 @@ import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; +import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriInfo; import java.util.Map; import java.util.Objects; @@ -158,7 +163,7 @@ public class TokenEndpoint { if (logger.isDebugEnabled()) { logger.debugv("CORS preflight from: {0}", headers.getRequestHeaders().getFirst("Origin")); } - return Cors.add(request, Response.ok()).auth().preflight().build(); + return Cors.add(request, Response.ok()).auth().preflight().allowedMethods("POST", "OPTIONS").build(); } private void checkSsl() { @@ -564,19 +569,65 @@ public class TokenEndpoint { public Response buildTokenExchange() { event.detail(Details.AUTH_METHOD, "oauth_credentials"); - String scope = formParams.getFirst(OAuth2Constants.SCOPE); String subjectToken = formParams.getFirst(OAuth2Constants.SUBJECT_TOKEN); String subjectTokenType = formParams.getFirst(OAuth2Constants.SUBJECT_TOKEN_TYPE); + if (subjectTokenType != null && !subjectTokenType.equals(OAuth2Constants.ACCESS_TOKEN_TYPE)) { + event.error(Errors.INVALID_TOKEN); + throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "Invalid token type, must be access token", Response.Status.BAD_REQUEST); + + } + + AuthenticationManager.AuthResult authResult = AuthenticationManager.verifyIdentityToken(session, realm, uriInfo, clientConnection, true, true, false, subjectToken, headers); if (authResult == null) { event.error(Errors.INVALID_TOKEN); throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "Invalid token", Response.Status.BAD_REQUEST); } + String requestedIssuer = formParams.getFirst(OAuth2Constants.REQUESTED_ISSUER); + + if (requestedIssuer == null) { + return exchangeClientToClient(authResult); + } else { + return exchangeToIdentityProvider(authResult, requestedIssuer); + } + } + + public Response exchangeToIdentityProvider(AuthenticationManager.AuthResult authResult, String requestedIssuer) { + IdentityProviderModel providerModel = realm.getIdentityProviderByAlias(requestedIssuer); + if (providerModel == null) { + event.error(Errors.UNKNOWN_IDENTITY_PROVIDER); + throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Invalid issuer", Response.Status.BAD_REQUEST); + } + + IdentityProvider provider = IdentityBrokerService.getIdentityProvider(session, realm, requestedIssuer); + if (!(provider instanceof TokenExchangeTo)) { + event.error(Errors.UNKNOWN_IDENTITY_PROVIDER); + throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Issuer does not support token exchange", Response.Status.BAD_REQUEST); + } + if (!AdminPermissions.management(session, realm).idps().canExchangeTo(client, providerModel)) { + logger.debug("Client not allowed to exchange for linked token"); + event.error(Errors.NOT_ALLOWED); + throw new ErrorResponseException(OAuthErrorException.ACCESS_DENIED, "Client not allowed to exchange", Response.Status.FORBIDDEN); + } + Response response = ((TokenExchangeTo)provider).exchangeTo(uriInfo, client, authResult.getSession(), authResult.getUser(), authResult.getToken(), formParams); + return Cors.add(request, Response.fromResponse(response)).auth().allowedOrigins(uriInfo, client).allowedMethods("POST").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build(); + + } + + public Response exchangeClientToClient(AuthenticationManager.AuthResult subject) { + String requestedTokenType = formParams.getFirst(OAuth2Constants.REQUESTED_TOKEN_TYPE); + if (requestedTokenType == null) { + requestedTokenType = OAuth2Constants.REFRESH_TOKEN_TYPE; + } else if (!requestedTokenType.equals(OAuth2Constants.ACCESS_TOKEN_TYPE) && !requestedTokenType.equals(OAuth2Constants.REFRESH_TOKEN_TYPE)) { + event.error(Errors.INVALID_REQUEST); + throw new ErrorResponseException("unsupported_requested_token_type", "Unsupported requested token type", Response.Status.BAD_REQUEST); + + } String audience = formParams.getFirst(OAuth2Constants.AUDIENCE); if (audience == null) { event.error(Errors.INVALID_REQUEST); - throw new ErrorResponseException("invalid_audience", "No audience specified", Response.Status.BAD_REQUEST); + throw new ErrorResponseException("invalid_audience", "Audience parameter required", Response.Status.BAD_REQUEST); } ClientModel targetClient = null; @@ -593,37 +644,21 @@ public class TokenEndpoint { throw new ErrorResponseException(OAuthErrorException.INVALID_CLIENT, "Client requires user consent", Response.Status.BAD_REQUEST); } - boolean exchangeFromAllowed = false; - for (String aud : authResult.getToken().getAudience()) { - ClientModel audClient = realm.getClientByClientId(aud); - if (audClient == null) continue; - if (audClient.equals(client)) { - exchangeFromAllowed = true; - break; - } - if (AdminPermissions.management(session, realm).clients().canExchangeFrom(client, audClient)) { - exchangeFromAllowed = true; - break; - } - } - if (!exchangeFromAllowed) { - logger.debug("Client does not have exchange rights for audience of provided token"); - event.error(Errors.NOT_ALLOWED); - throw new ErrorResponseException(OAuthErrorException.ACCESS_DENIED, "Client not allowed to exchange", Response.Status.FORBIDDEN); - } if (!AdminPermissions.management(session, realm).clients().canExchangeTo(client, targetClient)) { logger.debug("Client does not have exchange rights for target audience"); event.error(Errors.NOT_ALLOWED); throw new ErrorResponseException(OAuthErrorException.ACCESS_DENIED, "Client not allowed to exchange", Response.Status.FORBIDDEN); } + String scope = formParams.getFirst(OAuth2Constants.SCOPE); + AuthenticationSessionModel authSession = new AuthenticationSessionManager(session).createAuthenticationSession(realm, targetClient, false); - authSession.setAuthenticatedUser(authResult.getUser()); + authSession.setAuthenticatedUser(subject.getUser()); authSession.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName())); authSession.setClientNote(OIDCLoginProtocol.SCOPE_PARAM, scope); - UserSessionModel userSession = authResult.getSession(); + UserSessionModel userSession = subject.getSession(); event.session(userSession); AuthenticationManager.setRolesAndMappersInSession(authSession); @@ -637,10 +672,13 @@ public class TokenEndpoint { updateUserSessionFromClientAuth(userSession); TokenManager.AccessTokenResponseBuilder responseBuilder = tokenManager.responseBuilder(realm, targetClient, event, session, userSession, clientSession) - .generateAccessToken() - .generateRefreshToken(); + .generateAccessToken(); responseBuilder.getAccessToken().issuedFor(client.getClientId()); - responseBuilder.getRefreshToken().issuedFor(client.getClientId()); + + if (requestedTokenType.equals(OAuth2Constants.REFRESH_TOKEN_TYPE)) { + responseBuilder.generateRefreshToken(); + responseBuilder.getRefreshToken().issuedFor(client.getClientId()); + } String scopeParam = clientSession.getNote(OAuth2Constants.SCOPE); if (TokenUtil.isOIDCRequest(scopeParam)) { diff --git a/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAttributeMapperHelper.java b/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAttributeMapperHelper.java index 5acde8b1ac9..560a4904ee1 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAttributeMapperHelper.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAttributeMapperHelper.java @@ -86,7 +86,7 @@ public class OIDCAttributeMapperHelper { } private static Object convertToType(String type, Object attributeValue) { - if (type == null) return attributeValue; + if (type == null || attributeValue == null) return attributeValue; switch (type) { case "boolean": Boolean booleanObject = getBoolean(attributeValue); diff --git a/services/src/main/java/org/keycloak/protocol/saml/JaxrsSAML2BindingBuilder.java b/services/src/main/java/org/keycloak/protocol/saml/JaxrsSAML2BindingBuilder.java index d3efb2535da..e816986b989 100755 --- a/services/src/main/java/org/keycloak/protocol/saml/JaxrsSAML2BindingBuilder.java +++ b/services/src/main/java/org/keycloak/protocol/saml/JaxrsSAML2BindingBuilder.java @@ -69,7 +69,7 @@ public class JaxrsSAML2BindingBuilder extends BaseSAML2BindingBuilderStian Thorgersen @@ -79,6 +80,18 @@ public class Auth { this.clientSession = clientSession; } + public void require(String role) { + if (!hasClientRole(client, role)) { + throw new ForbiddenException(); + } + } + + public void requireOneOf(String... roles) { + if (!hasOneOfAppRole(client, roles)) { + throw new ForbiddenException(); + } + } + public boolean hasRealmRole(String role) { if (cookie) { return user.hasRole(realm.getRole(role)); diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java index bc28fc4afd8..4f6f4eca806 100755 --- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java @@ -66,6 +66,7 @@ import javax.ws.rs.core.UriInfo; import java.net.URI; import java.security.PublicKey; import java.util.*; +import java.util.stream.Collectors; /** * Stateless object that manages authentication @@ -78,6 +79,11 @@ public class AuthenticationManager { public static final String END_AFTER_REQUIRED_ACTIONS = "END_AFTER_REQUIRED_ACTIONS"; public static final String INVALIDATE_ACTION_TOKEN = "INVALIDATE_ACTION_TOKEN"; + /** + * Auth session note on client logout state (when logging out) + */ + public static final String CLIENT_LOGOUT_STATE = "logout.state."; + // userSession note with authTime (time when authentication flow including requiredActions was finished) public static final String AUTH_TIME = "AUTH_TIME"; // clientSession note with flag that clientSession was authenticated through SSO cookie @@ -136,6 +142,19 @@ public class AuthenticationManager { } + public static void backchannelLogout(KeycloakSession session, UserSessionModel userSession, boolean logoutBroker) { + backchannelLogout( + session, + session.getContext().getRealm(), + userSession, + session.getContext().getUri(), + session.getContext().getConnection(), + session.getContext().getRequestHeaders(), + logoutBroker + ); + } + + /** * Do not logout broker * @@ -152,14 +171,49 @@ public class AuthenticationManager { boolean logoutBroker) { if (userSession == null) return; UserModel user = userSession.getUser(); - userSession.setState(UserSessionModel.State.LOGGING_OUT); + if (userSession.getState() != UserSessionModel.State.LOGGING_OUT) { + userSession.setState(UserSessionModel.State.LOGGING_OUT); + } logger.debugv("Logging out: {0} ({1})", user.getUsername(), userSession.getId()); expireUserSessionCookie(session, userSession, realm, uriInfo, headers, connection); - for (AuthenticatedClientSessionModel clientSession : userSession.getAuthenticatedClientSessions().values()) { - backchannelLogoutClientSession(session, realm, clientSession, userSession, uriInfo, headers); + final AuthenticationSessionManager asm = new AuthenticationSessionManager(session); + AuthenticationSessionModel logoutAuthSession = createOrJoinLogoutSession(realm, asm, false); + + try { + backchannelLogoutAll(session, realm, userSession, logoutAuthSession, uriInfo, headers, logoutBroker); + checkUserSessionOnlyHasLoggedOutClients(realm, userSession, logoutAuthSession); + } finally { + asm.removeAuthenticationSession(realm, logoutAuthSession, false); } + + userSession.setState(UserSessionModel.State.LOGGED_OUT); + session.sessions().removeUserSession(realm, userSession); + } + + private static AuthenticationSessionModel createOrJoinLogoutSession(RealmModel realm, final AuthenticationSessionManager asm, boolean browserCookie) { + ClientModel client = realm.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID); + AuthenticationSessionModel logoutAuthSession = asm.getCurrentAuthenticationSession(realm); + // Try to join existing logout session if it exists and browser session is required + if (browserCookie && logoutAuthSession != null) { + if (Objects.equals(AuthenticationSessionModel.Action.LOGGING_OUT.name(), logoutAuthSession.getAction())) { + return logoutAuthSession; + } + logoutAuthSession.restartSession(realm, client); + } else { + logoutAuthSession = asm.createAuthenticationSession(realm, client, browserCookie); + } + logoutAuthSession.setAction(AuthenticationSessionModel.Action.LOGGING_OUT.name()); + return logoutAuthSession; + } + + private static void backchannelLogoutAll(KeycloakSession session, RealmModel realm, + UserSessionModel userSession, AuthenticationSessionModel logoutAuthSession, UriInfo uriInfo, + HttpHeaders headers, boolean logoutBroker) { + userSession.getAuthenticatedClientSessions().values().forEach( + clientSession -> backchannelLogoutClientSession(session, realm, clientSession, logoutAuthSession, uriInfo, headers) + ); if (logoutBroker) { String brokerId = userSession.getNote(Details.IDENTITY_PROVIDER); if (brokerId != null) { @@ -171,32 +225,180 @@ public class AuthenticationManager { } } } - userSession.setState(UserSessionModel.State.LOGGED_OUT); - session.sessions().removeUserSession(realm, userSession); } - public static void backchannelLogoutClientSession(KeycloakSession session, RealmModel realm, AuthenticatedClientSessionModel clientSession, UserSessionModel userSession, UriInfo uriInfo, HttpHeaders headers) { + /** + * Checks that all sessions have been removed from the user session. The list of logged out clients is determined from + * the {@code logoutAuthSession} auth session notes. + * @param realm + * @param userSession + * @param logoutAuthSession + * @return {@code true} when all clients have been logged out, {@code false} otherwise + */ + private static boolean checkUserSessionOnlyHasLoggedOutClients(RealmModel realm, + UserSessionModel userSession, AuthenticationSessionModel logoutAuthSession) { + final Map acs = userSession.getAuthenticatedClientSessions(); + Set notLoggedOutSessions = acs.entrySet().stream() + .filter(me -> ! Objects.equals(AuthenticationSessionModel.Action.LOGGED_OUT, getClientLogoutAction(logoutAuthSession, me.getKey()))) + .filter(me -> ! Objects.equals(AuthenticationSessionModel.Action.LOGGED_OUT.name(), me.getValue().getAction())) + .filter(me -> Objects.nonNull(me.getValue().getProtocol())) // Keycloak service-like accounts + .map(Map.Entry::getValue) + .collect(Collectors.toSet()); + + boolean allClientsLoggedOut = notLoggedOutSessions.isEmpty(); + + if (! allClientsLoggedOut) { + logger.warnf("Some clients have been not been logged out for user %s in %s realm: %s", + userSession.getUser().getUsername(), realm.getName(), + notLoggedOutSessions.stream() + .map(AuthenticatedClientSessionModel::getClient) + .map(ClientModel::getClientId) + .sorted() + .collect(Collectors.joining(", ")) + ); + } else if (logger.isDebugEnabled()) { + logger.debugf("All clients have been logged out for user %s in %s realm, session %s", + userSession.getUser().getUsername(), realm.getName(), userSession.getId()); + } + + return allClientsLoggedOut; + } + + /** + * Logs out the given client session and records the result into {@code logoutAuthSession} if set. + * @param session + * @param realm + * @param clientSession + * @param logoutAuthSession auth session used for recording result of logout. May be {@code null} + * @param uriInfo + * @param headers + * @return {@code true} if the client was or is already being logged out, {@code false} if logout failed or it is not known how to log it out. + */ + private static boolean backchannelLogoutClientSession(KeycloakSession session, RealmModel realm, + AuthenticatedClientSessionModel clientSession, AuthenticationSessionModel logoutAuthSession, + UriInfo uriInfo, HttpHeaders headers) { + UserSessionModel userSession = clientSession.getUserSession(); ClientModel client = clientSession.getClient(); - if (!client.isFrontchannelLogout() && !AuthenticatedClientSessionModel.Action.LOGGED_OUT.name().equals(clientSession.getAction())) { + + if (client.isFrontchannelLogout() || AuthenticationSessionModel.Action.LOGGED_OUT.name().equals(clientSession.getAction())) { + return false; + } + + final AuthenticationSessionModel.Action logoutState = getClientLogoutAction(logoutAuthSession, client.getId()); + + if (logoutState == AuthenticationSessionModel.Action.LOGGED_OUT || logoutState == AuthenticationSessionModel.Action.LOGGING_OUT) { + return true; + } + + try { + setClientLogoutAction(logoutAuthSession, client.getId(), AuthenticationSessionModel.Action.LOGGING_OUT); + String authMethod = clientSession.getProtocol(); - if (authMethod == null) return; // must be a keycloak service like account + if (authMethod == null) return true; // must be a keycloak service like account + + logger.debugv("backchannel logout to: {0}", client.getClientId()); LoginProtocol protocol = session.getProvider(LoginProtocol.class, authMethod); protocol.setRealm(realm) .setHttpHeaders(headers) .setUriInfo(uriInfo); protocol.backchannelLogout(userSession, clientSession); - clientSession.setAction(AuthenticatedClientSessionModel.Action.LOGGED_OUT.name()); - } + setClientLogoutAction(logoutAuthSession, client.getId(), AuthenticationSessionModel.Action.LOGGED_OUT); + + return true; + } catch (Exception ex) { + ServicesLogger.LOGGER.failedToLogoutClient(ex); + return false; + } } - // Logout all clientSessions of this user and client - public static void backchannelUserFromClient(KeycloakSession session, RealmModel realm, UserModel user, ClientModel client, UriInfo uriInfo, HttpHeaders headers) { + private static Response frontchannelLogoutClientSession(KeycloakSession session, RealmModel realm, + AuthenticatedClientSessionModel clientSession, AuthenticationSessionModel logoutAuthSession, + UriInfo uriInfo, HttpHeaders headers) { + UserSessionModel userSession = clientSession.getUserSession(); + ClientModel client = clientSession.getClient(); + + if (! client.isFrontchannelLogout() || AuthenticationSessionModel.Action.LOGGED_OUT.name().equals(clientSession.getAction())) { + return null; + } + + final AuthenticationSessionModel.Action logoutState = getClientLogoutAction(logoutAuthSession, client.getId()); + + if (logoutState == AuthenticationSessionModel.Action.LOGGED_OUT || logoutState == AuthenticationSessionModel.Action.LOGGING_OUT) { + return null; + } + + try { + setClientLogoutAction(logoutAuthSession, client.getId(), AuthenticationSessionModel.Action.LOGGING_OUT); + + String authMethod = clientSession.getProtocol(); + if (authMethod == null) return null; // must be a keycloak service like account + + logger.debugv("frontchannel logout to: {0}", client.getClientId()); + LoginProtocol protocol = session.getProvider(LoginProtocol.class, authMethod); + protocol.setRealm(realm) + .setHttpHeaders(headers) + .setUriInfo(uriInfo); + + Response response = protocol.frontchannelLogout(userSession, clientSession); + if (response != null) { + logger.debug("returning frontchannel logout request to client"); + // setting this to logged out cuz I'm not sure protocols can always verify that the client was logged out or not + + setClientLogoutAction(logoutAuthSession, client.getId(), AuthenticationSessionModel.Action.LOGGED_OUT); + + return response; + } + } catch (Exception e) { + ServicesLogger.LOGGER.failedToLogoutClient(e); + } + + return null; + } + + /** + * Sets logout state of the particular client into the {@code logoutAuthSession} + * @param logoutAuthSession logoutAuthSession. May be {@code null} in which case this is a no-op. + * @param client Client. Must not be {@code null} + * @param state + */ + public static void setClientLogoutAction(AuthenticationSessionModel logoutAuthSession, String clientUuid, AuthenticationSessionModel.Action action) { + if (logoutAuthSession != null && clientUuid != null) { + logoutAuthSession.setAuthNote(CLIENT_LOGOUT_STATE + clientUuid, action.name()); + } + } + + /** + * Returns the logout state of the particular client as per the {@code logoutAuthSession} + * @param logoutAuthSession logoutAuthSession. May be {@code null} in which case this is a no-op. + * @param clientUuid Internal ID of the client. Must not be {@code null} + * @return State if it can be determined, {@code null} otherwise. + */ + public static AuthenticationSessionModel.Action getClientLogoutAction(AuthenticationSessionModel logoutAuthSession, String clientUuid) { + if (logoutAuthSession == null || clientUuid == null) { + return null; + } + + String state = logoutAuthSession.getAuthNote(CLIENT_LOGOUT_STATE + clientUuid); + return state == null ? null : AuthenticationSessionModel.Action.valueOf(state); + } + + /** + * Logout all clientSessions of this user and client + * @param session + * @param realm + * @param user + * @param client + * @param uriInfo + * @param headers + */ + public static void backchannelLogoutUserFromClient(KeycloakSession session, RealmModel realm, UserModel user, ClientModel client, UriInfo uriInfo, HttpHeaders headers) { List userSessions = session.sessions().getUserSessions(realm, user); for (UserSessionModel userSession : userSessions) { AuthenticatedClientSessionModel clientSession = userSession.getAuthenticatedClientSessions().get(client.getId()); if (clientSession != null) { - AuthenticationManager.backchannelLogoutClientSession(session, realm, clientSession, userSession, uriInfo, headers); + AuthenticationManager.backchannelLogoutClientSession(session, realm, clientSession, null, uriInfo, headers); + clientSession.setAction(AuthenticationSessionModel.Action.LOGGED_OUT.name()); TokenManager.dettachClientSession(session.sessions(), realm, clientSession); } } @@ -204,67 +406,61 @@ public class AuthenticationManager { public static Response browserLogout(KeycloakSession session, RealmModel realm, UserSessionModel userSession, UriInfo uriInfo, ClientConnection connection, HttpHeaders headers) { if (userSession == null) return null; - UserModel user = userSession.getUser(); - logger.debugv("Logging out: {0} ({1})", user.getUsername(), userSession.getId()); + if (logger.isDebugEnabled()) { + UserModel user = userSession.getUser(); + logger.debugv("Logging out: {0} ({1})", user.getUsername(), userSession.getId()); + } + if (userSession.getState() != UserSessionModel.State.LOGGING_OUT) { userSession.setState(UserSessionModel.State.LOGGING_OUT); } - List redirectClients = new LinkedList<>(); - for (AuthenticatedClientSessionModel clientSession : userSession.getAuthenticatedClientSessions().values()) { - ClientModel client = clientSession.getClient(); - if (AuthenticatedClientSessionModel.Action.LOGGED_OUT.name().equals(clientSession.getAction())) continue; - if (client.isFrontchannelLogout()) { - String authMethod = clientSession.getProtocol(); - if (authMethod == null) continue; // must be a keycloak service like account - redirectClients.add(clientSession); - } else { - String authMethod = clientSession.getProtocol(); - if (authMethod == null) continue; // must be a keycloak service like account - LoginProtocol protocol = session.getProvider(LoginProtocol.class, authMethod); - protocol.setRealm(realm) - .setHttpHeaders(headers) - .setUriInfo(uriInfo); - try { - logger.debugv("backchannel logout to: {0}", client.getClientId()); - protocol.backchannelLogout(userSession, clientSession); - clientSession.setAction(AuthenticatedClientSessionModel.Action.LOGGED_OUT.name()); - } catch (Exception e) { - ServicesLogger.LOGGER.failedToLogoutClient(e); - } - } + + final AuthenticationSessionManager asm = new AuthenticationSessionManager(session); + AuthenticationSessionModel logoutAuthSession = createOrJoinLogoutSession(realm, asm, true); + + Response response = browserLogoutAllClients(userSession, session, realm, headers, uriInfo, logoutAuthSession); + if (response != null) { + return response; } - for (AuthenticatedClientSessionModel nextRedirectClient : redirectClients) { - String authMethod = nextRedirectClient.getProtocol(); - LoginProtocol protocol = session.getProvider(LoginProtocol.class, authMethod); - protocol.setRealm(realm) - .setHttpHeaders(headers) - .setUriInfo(uriInfo); - // setting this to logged out cuz I"m not sure protocols can always verify that the client was logged out or not - nextRedirectClient.setAction(AuthenticatedClientSessionModel.Action.LOGGED_OUT.name()); - try { - logger.debugv("frontchannel logout to: {0}", nextRedirectClient.getClient().getClientId()); - Response response = protocol.frontchannelLogout(userSession, nextRedirectClient); - if (response != null) { - logger.debug("returning frontchannel logout request to client"); - return response; - } - } catch (Exception e) { - ServicesLogger.LOGGER.failedToLogoutClient(e); - } - - } String brokerId = userSession.getNote(Details.IDENTITY_PROVIDER); if (brokerId != null) { IdentityProvider identityProvider = IdentityBrokerService.getIdentityProvider(session, realm, brokerId); - Response response = identityProvider.keycloakInitiatedBrowserLogout(session, userSession, uriInfo, realm); - if (response != null) return response; + response = identityProvider.keycloakInitiatedBrowserLogout(session, userSession, uriInfo, realm); + if (response != null) { + return response; + } } + return finishBrowserLogout(session, realm, userSession, uriInfo, connection, headers); } + private static Response browserLogoutAllClients(UserSessionModel userSession, KeycloakSession session, RealmModel realm, HttpHeaders headers, UriInfo uriInfo, AuthenticationSessionModel logoutAuthSession) { + Map> acss = userSession.getAuthenticatedClientSessions().values().stream() + .filter(clientSession -> ! Objects.equals(AuthenticationSessionModel.Action.LOGGED_OUT.name(), clientSession.getAction())) + .filter(clientSession -> clientSession.getProtocol() != null) + .collect(Collectors.partitioningBy(clientSession -> clientSession.getClient().isFrontchannelLogout())); + + final List backendLogoutSessions = acss.get(false) == null ? Collections.emptyList() : acss.get(false); + backendLogoutSessions.forEach(acs -> backchannelLogoutClientSession(session, realm, acs, logoutAuthSession, uriInfo, headers)); + + final List redirectClients = acss.get(true) == null ? Collections.emptyList() : acss.get(true); + for (AuthenticatedClientSessionModel nextRedirectClient : redirectClients) { + Response response = frontchannelLogoutClientSession(session, realm, nextRedirectClient, logoutAuthSession, uriInfo, headers); + if (response != null) { + return response; + } + } + + return null; + } + public static Response finishBrowserLogout(KeycloakSession session, RealmModel realm, UserSessionModel userSession, UriInfo uriInfo, ClientConnection connection, HttpHeaders headers) { + final AuthenticationSessionManager asm = new AuthenticationSessionManager(session); + AuthenticationSessionModel logoutAuthSession = asm.getCurrentAuthenticationSession(realm); + checkUserSessionOnlyHasLoggedOutClients(realm, userSession, logoutAuthSession); + expireIdentityCookie(realm, uriInfo, connection); expireRememberMeCookie(realm, uriInfo, connection); userSession.setState(UserSessionModel.State.LOGGED_OUT); @@ -303,7 +499,7 @@ public class AuthenticationManager { String encoded = encodeToken(keycloakSession, realm, identityToken); boolean secureOnly = realm.getSslRequired().isRequired(connection); int maxAge = NewCookie.DEFAULT_MAX_AGE; - if (session.isRememberMe()) { + if (session != null && session.isRememberMe()) { maxAge = realm.getSsoSessionMaxLifespan(); } logger.debugv("Create login cookie - name: {0}, path: {1}, max-age: {2}", KEYCLOAK_IDENTITY_COOKIE, cookiePath, maxAge); @@ -450,9 +646,13 @@ public class AuthenticationManager { } // Update userSession note with authTime. But just if flag SSO_AUTH is not set - if (!isSSOAuthentication(clientSession)) { + boolean isSSOAuthentication = "true".equals(session.getAttribute(SSO_AUTH)); + if (isSSOAuthentication) { + clientSession.setNote(SSO_AUTH, "true"); + } else { int authTime = Time.currentTime(); userSession.setNote(AUTH_TIME, String.valueOf(authTime)); + clientSession.removeNote(SSO_AUTH); } return protocol.authenticated(userSession, clientSession); @@ -817,6 +1017,12 @@ public class AuthenticationManager { return null; } + int userNotBefore = session.users().getNotBeforeOfUser(realm, user); + if (token.getIssuedAt() < userNotBefore) { + logger.debug("User notBefore newer than token"); + return null; + } + UserSessionModel userSession = session.sessions().getUserSession(realm, token.getSessionState()); if (!isSessionValid(realm, userSession)) { // Check if accessToken was for the offline session. diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationSessionManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationSessionManager.java index 1cba9dcf3af..ac6259eedeb 100644 --- a/services/src/main/java/org/keycloak/services/managers/AuthenticationSessionManager.java +++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationSessionManager.java @@ -45,7 +45,14 @@ public class AuthenticationSessionManager { this.session = session; } - + /** + * Creates a fresh authentication session for the given realm and client. Optionally sets the browser + * authentication session cookie {@link #AUTH_SESSION_ID} with the ID of the new session. + * @param realm + * @param client + * @param browserCookie Set the cookie in the browser for the + * @return + */ public AuthenticationSessionModel createAuthenticationSession(RealmModel realm, ClientModel client, boolean browserCookie) { AuthenticationSessionModel authSession = session.authenticationSessions().createAuthenticationSession(realm, client); @@ -57,11 +64,20 @@ public class AuthenticationSessionManager { } + /** + * Returns ID of current authentication session if it exists, otherwise returns {@code null}. + * @param realm + * @return + */ public String getCurrentAuthenticationSessionId(RealmModel realm) { return getAuthSessionCookieDecoded(realm); } - + /** + * Returns current authentication session if it exists, otherwise returns {@code null}. + * @param realm + * @return + */ public AuthenticationSessionModel getCurrentAuthenticationSession(RealmModel realm) { String authSessionId = getAuthSessionCookieDecoded(realm); return authSessionId==null ? null : session.authenticationSessions().getAuthenticationSession(realm, authSessionId); diff --git a/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java b/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java index 3d71c2a663c..dbb0e78c4b4 100755 --- a/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java +++ b/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java @@ -107,6 +107,8 @@ public class ResourceAdminManager { } public void logoutUser(URI requestUri, RealmModel realm, UserModel user, KeycloakSession keycloakSession) { + keycloakSession.users().setNotBeforeForUser(realm, user, Time.currentTime()); + List userSessions = keycloakSession.sessions().getUserSessions(realm, user); logoutUserSessions(requestUri, realm, userSessions); } diff --git a/services/src/main/java/org/keycloak/services/messages/Messages.java b/services/src/main/java/org/keycloak/services/messages/Messages.java index 180694ada45..35359f480c7 100755 --- a/services/src/main/java/org/keycloak/services/messages/Messages.java +++ b/services/src/main/java/org/keycloak/services/messages/Messages.java @@ -176,6 +176,8 @@ public class Messages { public static final String READ_ONLY_USER = "readOnlyUserMessage"; + public static final String READ_ONLY_USERNAME = "readOnlyUsernameMessage"; + public static final String READ_ONLY_PASSWORD = "readOnlyPasswordMessage"; public static final String SUCCESS_TOTP_REMOVED = "successTotpRemovedMessage"; diff --git a/services/src/main/java/org/keycloak/services/resources/AbstractSecuredLocalService.java b/services/src/main/java/org/keycloak/services/resources/AbstractSecuredLocalService.java index cc8abfb685b..7b857955092 100755 --- a/services/src/main/java/org/keycloak/services/resources/AbstractSecuredLocalService.java +++ b/services/src/main/java/org/keycloak/services/resources/AbstractSecuredLocalService.java @@ -203,32 +203,6 @@ public abstract class AbstractSecuredLocalService { return oauth.redirect(uriInfo, accountUri.toString()); } - protected Response authenticateBrowser() { - AppAuthManager authManager = new AppAuthManager(); - AuthenticationManager.AuthResult authResult = authManager.authenticateIdentityCookie(session, realm); - if (authResult != null) { - auth = new Auth(realm, authResult.getToken(), authResult.getUser(), client, authResult.getSession(), true); - } else { - return login(null); - } - // don't allow cors requests - // This is to prevent CSRF attacks. - String requestOrigin = UriUtils.getOrigin(uriInfo.getBaseUri()); - String origin = headers.getRequestHeaders().getFirst("Origin"); - if (origin != null && !requestOrigin.equals(origin)) { - throw new ForbiddenException(); - } - - if (!request.getHttpMethod().equals("GET")) { - String referrer = headers.getRequestHeaders().getFirst("Referer"); - if (referrer != null && !requestOrigin.equals(UriUtils.getOrigin(referrer))) { - throw new ForbiddenException(); - } - } - updateCsrfChecks(); - return null; - } - static class OAuthRedirect extends AbstractOAuthClient { /** diff --git a/services/src/main/java/org/keycloak/services/resources/Cors.java b/services/src/main/java/org/keycloak/services/resources/Cors.java index c9bfa030fee..b647c75eda1 100755 --- a/services/src/main/java/org/keycloak/services/resources/Cors.java +++ b/services/src/main/java/org/keycloak/services/resources/Cors.java @@ -108,28 +108,32 @@ public class Cors { public Cors allowedOrigins(String... allowedOrigins) { if (allowedOrigins != null && allowedOrigins.length > 0) { - this.allowedOrigins = new HashSet(Arrays.asList(allowedOrigins)); + this.allowedOrigins = new HashSet<>(Arrays.asList(allowedOrigins)); } return this; } public Cors allowedMethods(String... allowedMethods) { - this.allowedMethods = new HashSet(Arrays.asList(allowedMethods)); + this.allowedMethods = new HashSet<>(Arrays.asList(allowedMethods)); return this; } public Cors exposedHeaders(String... exposedHeaders) { - this.exposedHeaders = new HashSet(Arrays.asList(exposedHeaders)); + this.exposedHeaders = new HashSet<>(Arrays.asList(exposedHeaders)); return this; } public Response build() { String origin = request.getHttpHeaders().getRequestHeaders().getFirst(ORIGIN_HEADER); if (origin == null) { + logger.trace("No origin header ignoring"); return builder.build(); } if (!preflight && (allowedOrigins == null || (!allowedOrigins.contains(origin) && !allowedOrigins.contains(ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD)))) { + if (logger.isDebugEnabled()) { + logger.debugv("Invalid CORS request: origin {0} not in allowed origins {1}", origin, Arrays.toString(allowedOrigins.toArray())); + } return builder.build(); } @@ -165,23 +169,25 @@ public class Cors { builder.header(ACCESS_CONTROL_MAX_AGE, DEFAULT_MAX_AGE); } + logger.debug("Added CORS headers to response"); + return builder.build(); } public void build(HttpResponse response) { String origin = request.getHttpHeaders().getRequestHeaders().getFirst(ORIGIN_HEADER); if (origin == null) { - logger.debug("No origin returning"); + logger.trace("No origin header ignoring"); return; } if (!preflight && (allowedOrigins == null || (!allowedOrigins.contains(origin) && !allowedOrigins.contains(ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD)))) { - logger.debug("!preflight and no origin"); + if (logger.isDebugEnabled()) { + logger.debugv("Invalid CORS request: origin {0} not in allowed origins {1}", origin, Arrays.toString(allowedOrigins.toArray())); + } return; } - logger.debug("build CORS headers and return"); - if (allowedOrigins.contains(ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD)) { response.getOutputHeaders().add(ACCESS_CONTROL_ALLOW_ORIGIN, ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD); } else { @@ -213,6 +219,8 @@ public class Cors { if (preflight) { response.getOutputHeaders().add(ACCESS_CONTROL_MAX_AGE, DEFAULT_MAX_AGE); } + + logger.debug("Added CORS headers to response"); } } diff --git a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java index 79611632316..2ef481e2d16 100755 --- a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java +++ b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java @@ -37,7 +37,6 @@ import org.keycloak.common.ClientConnection; import org.keycloak.common.util.Base64Url; import org.keycloak.common.util.ObjectUtil; import org.keycloak.common.util.Time; -import org.keycloak.common.util.UriUtils; import org.keycloak.events.Details; import org.keycloak.events.Errors; import org.keycloak.events.EventBuilder; @@ -77,6 +76,7 @@ import org.keycloak.services.managers.AuthenticationSessionManager; import org.keycloak.services.managers.BruteForceProtector; import org.keycloak.services.managers.ClientSessionCode; import org.keycloak.services.messages.Messages; +import org.keycloak.services.resources.account.AccountFormService; import org.keycloak.services.util.BrowserHistoryHelper; import org.keycloak.services.util.CacheControlUtil; import org.keycloak.services.validation.Validation; @@ -1082,7 +1082,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal FormMessage errorMessage = new FormMessage(message, parameters); try { String serializedError = JsonSerialization.writeValueAsString(errorMessage); - authSession.setAuthNote(AccountService.ACCOUNT_MGMT_FORWARDED_ERROR_NOTE, serializedError); + authSession.setAuthNote(AccountFormService.ACCOUNT_MGMT_FORWARDED_ERROR_NOTE, serializedError); } catch (IOException ioe) { throw new RuntimeException(ioe); } diff --git a/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java b/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java index 7526139c3a2..0bacdbb23b7 100755 --- a/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java +++ b/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java @@ -25,6 +25,7 @@ import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.protocol.oidc.OIDCLoginProtocolService; import org.keycloak.representations.idm.PublishedRealmRepresentation; +import org.keycloak.services.resources.account.AccountFormService; import org.keycloak.services.resources.admin.AdminRoot; import javax.ws.rs.GET; @@ -91,8 +92,7 @@ public class PublicRealmResource { PublishedRealmRepresentation rep = new PublishedRealmRepresentation(); rep.setRealm(realm.getName()); rep.setTokenServiceUrl(OIDCLoginProtocolService.tokenServiceBaseUrl(uriInfo).build(realm.getName()).toString()); - rep.setAccountServiceUrl(AccountService.accountServiceBaseUrl(uriInfo).build(realm.getName()).toString()); - rep.setAdminApiUrl(uriInfo.getBaseUriBuilder().path(AdminRoot.class).build().toString()); + rep.setAccountServiceUrl(AccountFormService.accountServiceBaseUrl(uriInfo).build(realm.getName()).toString()); rep.setPublicKeyPem(PemUtils.encodeKey(session.keys().getActiveRsaKey(realm).getPublicKey())); rep.setNotBefore(realm.getNotBefore()); return rep; diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java index bc3f8dc19a5..18a6fd99308 100755 --- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java @@ -26,7 +26,6 @@ import org.keycloak.common.Profile; import org.keycloak.common.util.KeycloakUriBuilder; import org.keycloak.events.EventBuilder; import org.keycloak.models.ClientModel; -import org.keycloak.models.Constants; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.protocol.LoginProtocol; @@ -34,6 +33,7 @@ import org.keycloak.protocol.LoginProtocolFactory; import org.keycloak.services.clientregistration.ClientRegistrationService; import org.keycloak.services.managers.RealmManager; import org.keycloak.services.resource.RealmResourceProvider; +import org.keycloak.services.resources.account.AccountLoader; import org.keycloak.services.util.CacheControlUtil; import org.keycloak.services.util.ResolveRelative; import org.keycloak.utils.ProfileHelper; @@ -206,20 +206,10 @@ public class RealmsResource { } @Path("{realm}/account") - public AccountService getAccountService(final @PathParam("realm") String name) { + public Object getAccountService(final @PathParam("realm") String name) { RealmModel realm = init(name); - - ClientModel client = realm.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID); - if (client == null || !client.isEnabled()) { - logger.debug("account management not enabled"); - throw new NotFoundException("account management not enabled"); - } - EventBuilder event = new EventBuilder(realm, session, clientConnection); - AccountService accountService = new AccountService(realm, client, event); - ResteasyProviderFactory.getInstance().injectProperties(accountService); - accountService.init(); - return accountService; + return AccountLoader.getAccountService(session, event); } @Path("{realm}") diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java similarity index 79% rename from services/src/main/java/org/keycloak/services/resources/AccountService.java rename to services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java index ac9bf807f67..04c6f04f642 100755 --- a/services/src/main/java/org/keycloak/services/resources/AccountService.java +++ b/services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java @@ -14,10 +14,11 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.keycloak.services.resources; +package org.keycloak.services.resources.account; import org.jboss.logging.Logger; import org.keycloak.common.util.Base64Url; +import org.keycloak.common.util.Time; import org.keycloak.common.util.UriUtils; import org.keycloak.credential.CredentialModel; import org.keycloak.events.Details; @@ -43,9 +44,7 @@ import org.keycloak.models.UserModel; import org.keycloak.models.UserSessionModel; import org.keycloak.models.utils.CredentialValidation; import org.keycloak.models.utils.FormMessage; -import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.protocol.oidc.utils.RedirectUtils; -import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.services.ForbiddenException; import org.keycloak.services.ServicesLogger; import org.keycloak.services.Urls; @@ -54,6 +53,9 @@ import org.keycloak.services.managers.Auth; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.UserSessionManager; import org.keycloak.services.messages.Messages; +import org.keycloak.services.resources.AbstractSecuredLocalService; +import org.keycloak.services.resources.AttributeFormDataProcessor; +import org.keycloak.services.resources.RealmsResource; import org.keycloak.services.util.ResolveRelative; import org.keycloak.services.validation.Validation; import org.keycloak.sessions.AuthenticationSessionModel; @@ -82,13 +84,13 @@ import java.util.UUID; /** * @author Stian Thorgersen */ -public class AccountService extends AbstractSecuredLocalService { +public class AccountFormService extends AbstractSecuredLocalService { - private static final Logger logger = Logger.getLogger(AccountService.class); + private static final Logger logger = Logger.getLogger(AccountFormService.class); private static Set VALID_PATHS = new HashSet(); static { - for (Method m : AccountService.class.getMethods()) { + for (Method m : AccountFormService.class.getMethods()) { Path p = m.getAnnotation(Path.class); if (p != null) { VALID_PATHS.add(p.value()); @@ -96,20 +98,6 @@ public class AccountService extends AbstractSecuredLocalService { } } - private static final EventType[] LOG_EVENTS = {EventType.LOGIN, EventType.LOGOUT, EventType.REGISTER, EventType.REMOVE_FEDERATED_IDENTITY, EventType.REMOVE_TOTP, EventType.SEND_RESET_PASSWORD, - EventType.SEND_VERIFY_EMAIL, EventType.FEDERATED_IDENTITY_LINK, EventType.UPDATE_EMAIL, EventType.UPDATE_PASSWORD, EventType.UPDATE_PROFILE, EventType.UPDATE_TOTP, EventType.VERIFY_EMAIL}; - - private static final Set LOG_DETAILS = new HashSet(); - static { - LOG_DETAILS.add(Details.UPDATED_EMAIL); - LOG_DETAILS.add(Details.EMAIL); - LOG_DETAILS.add(Details.PREVIOUS_EMAIL); - LOG_DETAILS.add(Details.USERNAME); - LOG_DETAILS.add(Details.REMEMBER_ME); - LOG_DETAILS.add(Details.REGISTER_METHOD); - LOG_DETAILS.add(Details.AUTH_METHOD); - } - // Used when some other context (ie. IdentityBrokerService) wants to forward error to account management and display it here public static final String ACCOUNT_MGMT_FORWARDED_ERROR_NOTE = "ACCOUNT_MGMT_FORWARDED_ERROR"; @@ -118,7 +106,7 @@ public class AccountService extends AbstractSecuredLocalService { private AccountProvider account; private EventStoreProvider eventStore; - public AccountService(RealmModel realm, ClientModel client, EventBuilder event) { + public AccountFormService(RealmModel realm, ClientModel client, EventBuilder event) { super(realm, client); this.event = event; this.authManager = new AppAuthManager(); @@ -129,33 +117,24 @@ public class AccountService extends AbstractSecuredLocalService { account = session.getProvider(AccountProvider.class).setRealm(realm).setUriInfo(uriInfo).setHttpHeaders(headers); - AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(session, realm, uriInfo, clientConnection, headers); + AuthenticationManager.AuthResult authResult = authManager.authenticateIdentityCookie(session, realm); if (authResult != null) { - auth = new Auth(realm, authResult.getToken(), authResult.getUser(), client, authResult.getSession(), false); - } else { - authResult = authManager.authenticateIdentityCookie(session, realm); - if (authResult != null) { - auth = new Auth(realm, authResult.getToken(), authResult.getUser(), client, authResult.getSession(), true); - updateCsrfChecks(); - account.setStateChecker(stateChecker); - } + auth = new Auth(realm, authResult.getToken(), authResult.getUser(), client, authResult.getSession(), true); + updateCsrfChecks(); + account.setStateChecker(stateChecker); } String requestOrigin = UriUtils.getOrigin(uriInfo.getBaseUri()); - // don't allow cors requests unless they were authenticated by an access token - // This is to prevent CSRF attacks. - if (auth != null && auth.isCookieAuthenticated()) { - String origin = headers.getRequestHeaders().getFirst("Origin"); - if (origin != null && !requestOrigin.equals(origin)) { - throw new ForbiddenException(); - } + String origin = headers.getRequestHeaders().getFirst("Origin"); + if (origin != null && !requestOrigin.equals(origin)) { + throw new ForbiddenException(); + } - if (!request.getHttpMethod().equals("GET")) { - String referrer = headers.getRequestHeaders().getFirst("Referer"); - if (referrer != null && !requestOrigin.equals(UriUtils.getOrigin(referrer))) { - throw new ForbiddenException(); - } + if (!request.getHttpMethod().equals("GET")) { + String referrer = headers.getRequestHeaders().getFirst("Referer"); + if (referrer != null && !requestOrigin.equals(UriUtils.getOrigin(referrer))) { + throw new ForbiddenException(); } } @@ -170,13 +149,9 @@ public class AccountService extends AbstractSecuredLocalService { } account.setUser(auth.getUser()); - } - boolean eventsEnabled = eventStore != null && realm.isEventsEnabled(); - - // todo find out from federation if password is updatable - account.setFeatures(realm.isIdentityFederationEnabled(), eventsEnabled, true); + account.setFeatures(realm.isIdentityFederationEnabled(), eventStore != null && realm.isEventsEnabled(), true); } public static UriBuilder accountServiceBaseUrl(UriInfo uriInfo) { @@ -185,21 +160,17 @@ public class AccountService extends AbstractSecuredLocalService { } public static UriBuilder accountServiceApplicationPage(UriInfo uriInfo) { - return accountServiceBaseUrl(uriInfo).path(AccountService.class, "applicationsPage"); - } - - public static UriBuilder accountServiceBaseUrl(UriBuilder base) { - return base.path(RealmsResource.class).path(RealmsResource.class, "getAccountService"); + return accountServiceBaseUrl(uriInfo).path(AccountFormService.class, "applicationsPage"); } protected Set getValidPaths() { - return AccountService.VALID_PATHS; + return AccountFormService.VALID_PATHS; } private Response forwardToPage(String path, AccountPages page) { if (auth != null) { try { - require(AccountRoles.MANAGE_ACCOUNT); + auth.require(AccountRoles.MANAGE_ACCOUNT); } catch (ForbiddenException e) { return session.getProvider(LoginFormsProvider.class).setError(Messages.NO_ACCESS).createErrorPage(); } @@ -227,24 +198,13 @@ public class AccountService extends AbstractSecuredLocalService { } } - protected void setReferrerOnPage() { + private void setReferrerOnPage() { String[] referrer = getReferrer(); if (referrer != null) { account.setReferrer(referrer); } } - /** - * CORS preflight - * - * @return - */ - @Path("/") - @OPTIONS - public Response accountPreflight() { - return Cors.add(request, Response.ok()).auth().preflight().build(); - } - /** * Get account information. * @@ -257,32 +217,8 @@ public class AccountService extends AbstractSecuredLocalService { return forwardToPage(null, AccountPages.ACCOUNT); } - /** - * Get account information. - * - * @return - */ - @Path("/") - @GET - @Produces(MediaType.APPLICATION_JSON) - public Response accountPageJson() { - requireOneOf(AccountRoles.MANAGE_ACCOUNT, AccountRoles.VIEW_PROFILE); - - UserRepresentation rep = ModelToRepresentation.toRepresentation(session, realm, auth.getUser()); - if (rep.getAttributes() != null) { - Iterator itr = rep.getAttributes().keySet().iterator(); - while (itr.hasNext()) { - if (itr.next().startsWith("keycloak.")) { - itr.remove(); - } - } - } - - return Cors.add(request, Response.ok(rep)).auth().allowedOrigins(auth.getToken()).build(); - } - public static UriBuilder totpUrl(UriBuilder base) { - return RealmsResource.accountUrl(base).path(AccountService.class, "totpPage"); + return RealmsResource.accountUrl(base).path(AccountFormService.class, "totpPage"); } @Path("totp") @GET @@ -291,7 +227,7 @@ public class AccountService extends AbstractSecuredLocalService { } public static UriBuilder passwordUrl(UriBuilder base) { - return RealmsResource.accountUrl(base).path(AccountService.class, "passwordPage"); + return RealmsResource.accountUrl(base).path(AccountFormService.class, "passwordPage"); } @Path("password") @GET @@ -313,12 +249,12 @@ public class AccountService extends AbstractSecuredLocalService { @GET public Response logPage() { if (auth != null) { - List events = eventStore.createQuery().type(LOG_EVENTS).user(auth.getUser().getId()).maxResults(30).getResultList(); + List events = eventStore.createQuery().type(Constants.EXPOSED_LOG_EVENTS).user(auth.getUser().getId()).maxResults(30).getResultList(); for (Event e : events) { if (e.getDetails() != null) { Iterator> itr = e.getDetails().entrySet().iterator(); while (itr.hasNext()) { - if (!LOG_DETAILS.contains(itr.next().getKey())) { + if (!Constants.EXPOSED_LOG_DETAILS.contains(itr.next().getKey())) { itr.remove(); } } @@ -364,7 +300,7 @@ public class AccountService extends AbstractSecuredLocalService { return login(null); } - require(AccountRoles.MANAGE_ACCOUNT); + auth.require(AccountRoles.MANAGE_ACCOUNT); String action = formData.getFirst("submitAction"); if (action != null && action.equals("Cancel")) { @@ -385,8 +321,8 @@ public class AccountService extends AbstractSecuredLocalService { } try { - updateUsername(formData.getFirst("username"), user); - updateEmail(formData.getFirst("email"), user); + updateUsername(formData.getFirst("username"), user, session); + updateEmail(formData.getFirst("email"), user, session, event); user.setFirstName(formData.getFirst("firstName")); user.setLastName(formData.getFirst("lastName")); @@ -406,82 +342,6 @@ public class AccountService extends AbstractSecuredLocalService { } } - @Path("/") - @POST - @Consumes(MediaType.APPLICATION_JSON) - @Produces(MediaType.APPLICATION_JSON) - public Response processAccountUpdateJson(UserRepresentation userRep) { - require(AccountRoles.MANAGE_ACCOUNT); - if (auth.isCookieAuthenticated()) { - throw new ForbiddenException(); - } - - UserModel user = auth.getUser(); - - event.event(EventType.UPDATE_PROFILE).client(auth.getClient()).user(auth.getUser()); - - updateUsername(userRep.getUsername(), user); - updateEmail(userRep.getEmail(), user); - - user.setFirstName(userRep.getFirstName()); - user.setLastName(userRep.getLastName()); - - if (userRep.getAttributes() != null) { - for (String k : user.getAttributes().keySet()) { - if (!userRep.getAttributes().containsKey(k)) { - user.removeAttribute(k); - } - } - - for (Map.Entry> e : userRep.getAttributes().entrySet()) { - user.setAttribute(e.getKey(), e.getValue()); - } - } - - event.success(); - - return Cors.add(request, Response.ok()).build(); - } - - private void updateUsername(String username, UserModel user) { - if (realm.isEditUsernameAllowed() && username != null) { - UserModel existing = session.users().getUserByUsername(username, realm); - if (existing != null && !existing.getId().equals(user.getId())) { - throw new ModelDuplicateException(Messages.USERNAME_EXISTS); - } - - user.setUsername(username); - } - } - - private void updateEmail(String email, UserModel user) { - String oldEmail = user.getEmail(); - boolean emailChanged = oldEmail != null ? !oldEmail.equals(email) : email != null; - if (emailChanged && !realm.isDuplicateEmailsAllowed()) { - UserModel existing = session.users().getUserByEmail(email, realm); - if (existing != null && !existing.getId().equals(user.getId())) { - throw new ModelDuplicateException(Messages.EMAIL_EXISTS); - } - } - - user.setEmail(email); - - if (emailChanged) { - user.setEmailVerified(false); - event.clone().event(EventType.UPDATE_EMAIL).detail(Details.PREVIOUS_EMAIL, oldEmail).detail(Details.UPDATED_EMAIL, email).success(); - } - - if (realm.isRegistrationEmailAsUsername()) { - if (!realm.isDuplicateEmailsAllowed()) { - UserModel existing = session.users().getUserByEmail(email, realm); - if (existing != null && !existing.getId().equals(user.getId())) { - throw new ModelDuplicateException(Messages.USERNAME_EXISTS); - } - } - user.setUsername(email); - } - } - @Path("totp-remove") @GET public Response processTotpRemove(@QueryParam("stateChecker") String stateChecker) { @@ -489,7 +349,7 @@ public class AccountService extends AbstractSecuredLocalService { return login("totp"); } - require(AccountRoles.MANAGE_ACCOUNT); + auth.require(AccountRoles.MANAGE_ACCOUNT); csrfCheck(stateChecker); @@ -510,16 +370,21 @@ public class AccountService extends AbstractSecuredLocalService { return login("sessions"); } - require(AccountRoles.MANAGE_ACCOUNT); + auth.require(AccountRoles.MANAGE_ACCOUNT); csrfCheck(stateChecker); UserModel user = auth.getUser(); + + // Rather decrease time a bit. To avoid situation when user is immediatelly redirected to login screen, then automatically authenticated (eg. with Kerberos) and then seeing issues due the stale token + // as time on the token will be same like notBefore + session.users().setNotBeforeForUser(realm, user, Time.currentTime() - 1); + List userSessions = session.sessions().getUserSessions(realm, user); for (UserSessionModel userSession : userSessions) { AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, true); } - UriBuilder builder = Urls.accountBase(uriInfo.getBaseUri()).path(AccountService.class, "sessionsPage"); + UriBuilder builder = Urls.accountBase(uriInfo.getBaseUri()).path(AccountFormService.class, "sessionsPage"); String referrer = uriInfo.getQueryParameters().getFirst("referrer"); if (referrer != null) { builder.queryParam("referrer", referrer); @@ -537,7 +402,7 @@ public class AccountService extends AbstractSecuredLocalService { return login("applications"); } - require(AccountRoles.MANAGE_ACCOUNT); + auth.require(AccountRoles.MANAGE_ACCOUNT); csrfCheck(formData); String clientId = formData.getFirst("clientId"); @@ -555,12 +420,12 @@ public class AccountService extends AbstractSecuredLocalService { new UserSessionManager(session).revokeOfflineToken(user, client); // Logout clientSessions for this user and client - AuthenticationManager.backchannelUserFromClient(session, realm, user, client, uriInfo, headers); + AuthenticationManager.backchannelLogoutUserFromClient(session, realm, user, client, uriInfo, headers); event.event(EventType.REVOKE_GRANT).client(auth.getClient()).user(auth.getUser()).detail(Details.REVOKED_CLIENT, client.getClientId()).success(); setReferrerOnPage(); - UriBuilder builder = Urls.accountBase(uriInfo.getBaseUri()).path(AccountService.class, "applicationsPage"); + UriBuilder builder = Urls.accountBase(uriInfo.getBaseUri()).path(AccountFormService.class, "applicationsPage"); String referrer = uriInfo.getQueryParameters().getFirst("referrer"); if (referrer != null) { builder.queryParam("referrer", referrer); @@ -589,7 +454,7 @@ public class AccountService extends AbstractSecuredLocalService { return login("totp"); } - require(AccountRoles.MANAGE_ACCOUNT); + auth.require(AccountRoles.MANAGE_ACCOUNT); String action = formData.getFirst("submitAction"); if (action != null && action.equals("Cancel")) { @@ -649,7 +514,7 @@ public class AccountService extends AbstractSecuredLocalService { return login("password"); } - require(AccountRoles.MANAGE_ACCOUNT); + auth.require(AccountRoles.MANAGE_ACCOUNT); csrfCheck(formData); UserModel user = auth.getUser(); @@ -732,7 +597,7 @@ public class AccountService extends AbstractSecuredLocalService { return login("identity"); } - require(AccountRoles.MANAGE_ACCOUNT); + auth.require(AccountRoles.MANAGE_ACCOUNT); csrfCheck(stateChecker); UserModel user = auth.getUser(); @@ -819,7 +684,7 @@ public class AccountService extends AbstractSecuredLocalService { } public static UriBuilder loginRedirectUrl(UriBuilder base) { - return RealmsResource.accountUrl(base).path(AccountService.class, "loginRedirect"); + return RealmsResource.accountUrl(base).path(AccountFormService.class, "loginRedirect"); } @Override @@ -868,27 +733,7 @@ public class AccountService extends AbstractSecuredLocalService { return null; } - public void require(String role) { - if (auth == null) { - throw new ForbiddenException(); - } - - if (!auth.hasClientRole(client, role)) { - throw new ForbiddenException(); - } - } - - public void requireOneOf(String... roles) { - if (auth == null) { - throw new ForbiddenException(); - } - - if (!auth.hasOneOfAppRole(client, roles)) { - throw new ForbiddenException(); - } - } - - public enum AccountSocialAction { + private enum AccountSocialAction { ADD, REMOVE; @@ -902,4 +747,52 @@ public class AccountService extends AbstractSecuredLocalService { } } } + + + private void updateUsername(String username, UserModel user, KeycloakSession session) { + RealmModel realm = session.getContext().getRealm(); + boolean usernameChanged = username == null || !user.getUsername().equals(username); + if (realm.isEditUsernameAllowed()) { + if (usernameChanged) { + UserModel existing = session.users().getUserByUsername(username, realm); + if (existing != null && !existing.getId().equals(user.getId())) { + throw new ModelDuplicateException(Messages.USERNAME_EXISTS); + } + + user.setUsername(username); + } + } else if (usernameChanged) { + + } + } + + private void updateEmail(String email, UserModel user, KeycloakSession session, EventBuilder event) { + RealmModel realm = session.getContext().getRealm(); + String oldEmail = user.getEmail(); + boolean emailChanged = oldEmail != null ? !oldEmail.equals(email) : email != null; + if (emailChanged && !realm.isDuplicateEmailsAllowed()) { + UserModel existing = session.users().getUserByEmail(email, realm); + if (existing != null && !existing.getId().equals(user.getId())) { + throw new ModelDuplicateException(Messages.EMAIL_EXISTS); + } + } + + user.setEmail(email); + + if (emailChanged) { + user.setEmailVerified(false); + event.clone().event(EventType.UPDATE_EMAIL).detail(Details.PREVIOUS_EMAIL, oldEmail).detail(Details.UPDATED_EMAIL, email).success(); + } + + if (realm.isRegistrationEmailAsUsername()) { + if (!realm.isDuplicateEmailsAllowed()) { + UserModel existing = session.users().getUserByEmail(email, realm); + if (existing != null && !existing.getId().equals(user.getId())) { + throw new ModelDuplicateException(Messages.USERNAME_EXISTS); + } + } + user.setUsername(email); + } + } + } diff --git a/services/src/main/java/org/keycloak/services/resources/account/AccountLoader.java b/services/src/main/java/org/keycloak/services/resources/account/AccountLoader.java new file mode 100644 index 00000000000..11c3161ef0f --- /dev/null +++ b/services/src/main/java/org/keycloak/services/resources/account/AccountLoader.java @@ -0,0 +1,83 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.services.resources.account; + +import org.jboss.logging.Logger; +import org.jboss.resteasy.spi.HttpRequest; +import org.jboss.resteasy.spi.ResteasyProviderFactory; +import org.keycloak.events.EventBuilder; +import org.keycloak.models.ClientModel; +import org.keycloak.models.Constants; +import org.keycloak.models.KeycloakSession; +import org.keycloak.models.RealmModel; +import org.keycloak.services.managers.AppAuthManager; +import org.keycloak.services.managers.Auth; +import org.keycloak.services.managers.AuthenticationManager; + +import javax.ws.rs.HttpMethod; +import javax.ws.rs.NotAuthorizedException; +import javax.ws.rs.NotFoundException; +import javax.ws.rs.core.HttpHeaders; +import javax.ws.rs.core.MediaType; +import java.util.List; + +/** + * @author Stian Thorgersen + */ +public class AccountLoader { + + private static final Logger logger = Logger.getLogger(AccountLoader.class); + + private AccountLoader() { + } + + public static Object getAccountService(KeycloakSession session, EventBuilder event) { + RealmModel realm = session.getContext().getRealm(); + + ClientModel client = realm.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID); + if (client == null || !client.isEnabled()) { + logger.debug("account management not enabled"); + throw new NotFoundException("account management not enabled"); + } + + HttpRequest request = session.getContext().getContextObject(HttpRequest.class); + HttpHeaders headers = session.getContext().getRequestHeaders(); + MediaType content = headers.getMediaType(); + List accepts = headers.getAcceptableMediaTypes(); + + if (request.getHttpMethod().equals(HttpMethod.OPTIONS)) { + return new CorsPreflightService(request); + } else if ((accepts.contains(MediaType.APPLICATION_JSON_TYPE) || MediaType.APPLICATION_JSON_TYPE.equals(content)) && !request.getUri().getPath().endsWith("keycloak.json")) { + AuthenticationManager.AuthResult authResult = new AppAuthManager().authenticateBearerToken(session); + if (authResult == null) { + throw new NotAuthorizedException("Bearer token required"); + } + + Auth auth = new Auth(session.getContext().getRealm(), authResult.getToken(), authResult.getUser(), client, authResult.getSession(), false); + AccountRestService accountRestService = new AccountRestService(session, auth, client, event); + ResteasyProviderFactory.getInstance().injectProperties(accountRestService); + accountRestService.init(); + return accountRestService; + } else { + AccountFormService accountFormService = new AccountFormService(realm, client, event); + ResteasyProviderFactory.getInstance().injectProperties(accountFormService); + accountFormService.init(); + return accountFormService; + } + } + +} diff --git a/services/src/main/java/org/keycloak/services/resources/account/AccountRestService.java b/services/src/main/java/org/keycloak/services/resources/account/AccountRestService.java new file mode 100755 index 00000000000..e3275193786 --- /dev/null +++ b/services/src/main/java/org/keycloak/services/resources/account/AccountRestService.java @@ -0,0 +1,270 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.services.resources.account; + +import org.jboss.resteasy.annotations.cache.NoCache; +import org.jboss.resteasy.spi.HttpRequest; +import org.keycloak.common.ClientConnection; +import org.keycloak.events.Details; +import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventStoreProvider; +import org.keycloak.events.EventType; +import org.keycloak.models.AccountRoles; +import org.keycloak.models.ClientModel; +import org.keycloak.models.KeycloakSession; +import org.keycloak.models.RealmModel; +import org.keycloak.models.UserModel; +import org.keycloak.models.UserSessionModel; +import org.keycloak.representations.account.ClientRepresentation; +import org.keycloak.representations.account.SessionRepresentation; +import org.keycloak.representations.account.UserRepresentation; +import org.keycloak.services.ErrorResponse; +import org.keycloak.services.managers.Auth; +import org.keycloak.services.managers.AuthenticationManager; +import org.keycloak.services.resources.Cors; +import org.keycloak.storage.ReadOnlyException; + +import javax.ws.rs.Consumes; +import javax.ws.rs.DELETE; +import javax.ws.rs.GET; +import javax.ws.rs.OPTIONS; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.HttpHeaders; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import javax.ws.rs.core.UriInfo; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; + +/** + * @author Stian Thorgersen + */ +public class AccountRestService { + + @Context + private HttpRequest request; + @Context + protected UriInfo uriInfo; + @Context + protected HttpHeaders headers; + @Context + protected ClientConnection clientConnection; + + private final KeycloakSession session; + private final ClientModel client; + private final EventBuilder event; + private EventStoreProvider eventStore; + private Auth auth; + + private final RealmModel realm; + private final UserModel user; + + public AccountRestService(KeycloakSession session, Auth auth, ClientModel client, EventBuilder event) { + this.session = session; + this.auth = auth; + this.realm = auth.getRealm(); + this.user = auth.getUser(); + this.client = client; + this.event = event; + } + + public void init() { + eventStore = session.getProvider(EventStoreProvider.class); + } + + /** + * CORS preflight + * + * @return + */ + @Path("/") + @OPTIONS + @NoCache + public Response preflight() { + return Cors.add(request, Response.ok()).auth().preflight().build(); + } + + /** + * Get account information. + * + * @return + */ + @Path("/") + @GET + @Produces(MediaType.APPLICATION_JSON) + @NoCache + public Response account() { + auth.requireOneOf(AccountRoles.MANAGE_ACCOUNT, AccountRoles.VIEW_PROFILE); + + UserModel user = auth.getUser(); + + UserRepresentation rep = new UserRepresentation(); + rep.setUsername(user.getUsername()); + rep.setFirstName(user.getFirstName()); + rep.setLastName(user.getLastName()); + rep.setEmail(user.getEmail()); + rep.setEmailVerified(user.isEmailVerified()); + rep.setAttributes(user.getAttributes()); + + return Cors.add(request, Response.ok(rep)).auth().allowedOrigins(auth.getToken()).build(); + } + + @Path("/") + @POST + @Consumes(MediaType.APPLICATION_JSON) + @Produces(MediaType.APPLICATION_JSON) + @NoCache + public Response updateAccount(UserRepresentation userRep) { + auth.require(AccountRoles.MANAGE_ACCOUNT); + + event.event(EventType.UPDATE_PROFILE).client(auth.getClient()).user(user); + + try { + RealmModel realm = session.getContext().getRealm(); + + boolean usernameChanged = userRep.getUsername() != null && !userRep.getUsername().equals(user.getUsername()); + if (realm.isEditUsernameAllowed()) { + if (usernameChanged) { + UserModel existing = session.users().getUserByUsername(userRep.getUsername(), realm); + if (existing != null) { + return ErrorResponse.exists(Errors.USERNAME_EXISTS); + } + + user.setUsername(userRep.getUsername()); + } + } else if (usernameChanged) { + return ErrorResponse.error(Errors.READ_ONLY_USERNAME, Response.Status.BAD_REQUEST); + } + + boolean emailChanged = userRep.getEmail() != null && !userRep.getEmail().equals(user.getEmail()); + if (emailChanged && !realm.isDuplicateEmailsAllowed()) { + UserModel existing = session.users().getUserByEmail(userRep.getEmail(), realm); + if (existing != null) { + return ErrorResponse.exists(Errors.EMAIL_EXISTS); + } + } + + if (realm.isRegistrationEmailAsUsername() && !realm.isDuplicateEmailsAllowed()) { + UserModel existing = session.users().getUserByUsername(userRep.getEmail(), realm); + if (existing != null) { + return ErrorResponse.exists(Errors.USERNAME_EXISTS); + } + } + + if (emailChanged) { + String oldEmail = user.getEmail(); + user.setEmail(userRep.getEmail()); + user.setEmailVerified(false); + event.clone().event(EventType.UPDATE_EMAIL).detail(Details.PREVIOUS_EMAIL, oldEmail).detail(Details.UPDATED_EMAIL, userRep.getEmail()).success(); + + if (realm.isRegistrationEmailAsUsername()) { + user.setUsername(userRep.getEmail()); + } + } + + user.setFirstName(userRep.getFirstName()); + user.setLastName(userRep.getLastName()); + + if (userRep.getAttributes() != null) { + for (String k : user.getAttributes().keySet()) { + if (!userRep.getAttributes().containsKey(k)) { + user.removeAttribute(k); + } + } + + for (Map.Entry> e : userRep.getAttributes().entrySet()) { + user.setAttribute(e.getKey(), e.getValue()); + } + } + + event.success(); + + return Cors.add(request, Response.ok()).auth().allowedOrigins(auth.getToken()).build(); + } catch (ReadOnlyException e) { + return ErrorResponse.error(Errors.READ_ONLY_USER, Response.Status.BAD_REQUEST); + } + } + + /** + * Get session information. + * + * @return + */ + @Path("/sessions") + @GET + @Produces(MediaType.APPLICATION_JSON) + @NoCache + public Response sessions() { + List reps = new LinkedList<>(); + + List sessions = session.sessions().getUserSessions(realm, user); + for (UserSessionModel s : sessions) { + SessionRepresentation rep = new SessionRepresentation(); + rep.setId(s.getId()); + rep.setIpAddress(s.getIpAddress()); + rep.setStarted(s.getStarted()); + rep.setLastAccess(s.getLastSessionRefresh()); + rep.setExpires(s.getStarted() + realm.getSsoSessionMaxLifespan()); + rep.setClients(new LinkedList()); + + for (String clientUUID : s.getAuthenticatedClientSessions().keySet()) { + ClientModel client = realm.getClientById(clientUUID); + ClientRepresentation clientRep = new ClientRepresentation(); + clientRep.setClientId(client.getClientId()); + clientRep.setClientName(client.getName()); + rep.getClients().add(clientRep); + } + + reps.add(rep); + } + + return Cors.add(request, Response.ok(reps)).auth().allowedOrigins(auth.getToken()).build(); + } + + /** + * Remove sessions + * + * @param removeCurrent remove current session (default is false) + * @return + */ + @Path("/sessions") + @DELETE + @Produces(MediaType.APPLICATION_JSON) + @NoCache + public Response sessionsLogout(@QueryParam("current") boolean removeCurrent) { + UserSessionModel userSession = auth.getSession(); + + List userSessions = session.sessions().getUserSessions(realm, user); + for (UserSessionModel s : userSessions) { + if (removeCurrent || !s.getId().equals(userSession.getId())) { + AuthenticationManager.backchannelLogout(session, s, true); + } + } + + return Cors.add(request, Response.ok()).auth().allowedOrigins(auth.getToken()).build(); + } + + // TODO Federated identities + // TODO Applications + // TODO Logs + +} diff --git a/services/src/main/java/org/keycloak/services/resources/account/Constants.java b/services/src/main/java/org/keycloak/services/resources/account/Constants.java new file mode 100644 index 00000000000..95b76de3991 --- /dev/null +++ b/services/src/main/java/org/keycloak/services/resources/account/Constants.java @@ -0,0 +1,47 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.services.resources.account; + +import org.keycloak.events.Details; +import org.keycloak.events.EventType; + +import java.util.HashSet; +import java.util.Set; + +/** + * @author Stian Thorgersen + */ +public class Constants { + + public static final EventType[] EXPOSED_LOG_EVENTS = { + EventType.LOGIN, EventType.LOGOUT, EventType.REGISTER, EventType.REMOVE_FEDERATED_IDENTITY, EventType.REMOVE_TOTP, EventType.SEND_RESET_PASSWORD, + EventType.SEND_VERIFY_EMAIL, EventType.FEDERATED_IDENTITY_LINK, EventType.UPDATE_EMAIL, EventType.UPDATE_PASSWORD, EventType.UPDATE_PROFILE, EventType.UPDATE_TOTP, EventType.VERIFY_EMAIL + }; + + public static final Set EXPOSED_LOG_DETAILS = new HashSet<>(); + + static { + EXPOSED_LOG_DETAILS.add(Details.UPDATED_EMAIL); + EXPOSED_LOG_DETAILS.add(Details.EMAIL); + EXPOSED_LOG_DETAILS.add(Details.PREVIOUS_EMAIL); + EXPOSED_LOG_DETAILS.add(Details.USERNAME); + EXPOSED_LOG_DETAILS.add(Details.REMEMBER_ME); + EXPOSED_LOG_DETAILS.add(Details.REGISTER_METHOD); + EXPOSED_LOG_DETAILS.add(Details.AUTH_METHOD); + } + +} diff --git a/services/src/main/java/org/keycloak/services/resources/account/CorsPreflightService.java b/services/src/main/java/org/keycloak/services/resources/account/CorsPreflightService.java new file mode 100644 index 00000000000..f9c0fa6ec28 --- /dev/null +++ b/services/src/main/java/org/keycloak/services/resources/account/CorsPreflightService.java @@ -0,0 +1,33 @@ +package org.keycloak.services.resources.account; + +import org.jboss.resteasy.spi.HttpRequest; +import org.keycloak.services.resources.Cors; + +import javax.ws.rs.OPTIONS; +import javax.ws.rs.Path; +import javax.ws.rs.core.Response; + +/** + * Created by st on 21/03/17. + */ +public class CorsPreflightService { + + private HttpRequest request; + + public CorsPreflightService(HttpRequest request) { + this.request = request; + } + + /** + * CORS preflight + * + * @return + */ + @Path("/") + @OPTIONS + public Response preflight() { + Cors cors = Cors.add(request, Response.ok()).auth().allowedMethods("GET", "POST", "HEAD", "OPTIONS").preflight(); + return cors.build(); + } + +} diff --git a/services/src/main/java/org/keycloak/services/resources/account/Errors.java b/services/src/main/java/org/keycloak/services/resources/account/Errors.java new file mode 100644 index 00000000000..6cb55bd0f6f --- /dev/null +++ b/services/src/main/java/org/keycloak/services/resources/account/Errors.java @@ -0,0 +1,29 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.services.resources.account; + +/** + * @author Stian Thorgersen + */ +public class Errors { + + public static final String USERNAME_EXISTS = "username_exists"; + public static final String EMAIL_EXISTS = "email_exists"; + public static final String READ_ONLY_USER = "user_read_only"; + public static final String READ_ONLY_USERNAME = "username_read_only"; + +} diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java index 61f62547102..9503e02ea57 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java @@ -509,10 +509,13 @@ public class AuthenticationManagementResource { rep.setId(execution.getId()); if (factory.isConfigurable()) { - AuthenticatorConfigModel authenticatorConfig = realm.getAuthenticatorConfigById(execution.getAuthenticatorConfig()); + String authenticatorConfigId = execution.getAuthenticatorConfig(); + if(authenticatorConfigId != null) { + AuthenticatorConfigModel authenticatorConfig = realm.getAuthenticatorConfigById(authenticatorConfigId); - if (authenticatorConfig != null) { - rep.setAlias(authenticatorConfig.getAlias()); + if (authenticatorConfig != null) { + rep.setAlias(authenticatorConfig.getAlias()); + } } } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java index 4c08c204b22..3f07b47c18f 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java @@ -19,12 +19,15 @@ package org.keycloak.services.resources.admin; import org.jboss.logging.Logger; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; +import org.keycloak.authorization.model.Resource; +import org.keycloak.authorization.model.ResourceServer; import org.keycloak.broker.provider.IdentityProvider; import org.keycloak.broker.provider.IdentityProviderFactory; import org.keycloak.broker.provider.IdentityProviderMapper; import org.keycloak.broker.social.SocialIdentityProvider; import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.ResourceType; +import org.keycloak.models.ClientModel; import org.keycloak.models.FederatedIdentityModel; import org.keycloak.models.IdentityProviderMapperModel; import org.keycloak.models.IdentityProviderModel; @@ -43,8 +46,11 @@ import org.keycloak.representations.idm.ConfigPropertyRepresentation; import org.keycloak.representations.idm.IdentityProviderMapperRepresentation; import org.keycloak.representations.idm.IdentityProviderMapperTypeRepresentation; import org.keycloak.representations.idm.IdentityProviderRepresentation; +import org.keycloak.representations.idm.ManagementPermissionReference; import org.keycloak.services.ErrorResponse; import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; +import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement; +import org.keycloak.services.resources.admin.permissions.AdminPermissions; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; @@ -402,5 +408,58 @@ public class IdentityProviderResource { } + /** + * Return object stating whether client Authorization permissions have been initialized or not and a reference + * + * @return + */ + @Path("management/permissions") + @GET + @Produces(MediaType.APPLICATION_JSON) + @NoCache + public ManagementPermissionReference getManagementPermissions() { + this.auth.realm().requireViewIdentityProviders(); + + AdminPermissionManagement permissions = AdminPermissions.management(session, realm); + if (!permissions.idps().isPermissionsEnabled(identityProviderModel)) { + return new ManagementPermissionReference(); + } + return toMgmtRef(identityProviderModel, permissions); + } + + public static ManagementPermissionReference toMgmtRef(IdentityProviderModel model, AdminPermissionManagement permissions) { + ManagementPermissionReference ref = new ManagementPermissionReference(); + ref.setEnabled(true); + ref.setResource(permissions.idps().resource(model).getId()); + ref.setScopePermissions(permissions.idps().getPermissions(model)); + return ref; + } + + + /** + * Return object stating whether client Authorization permissions have been initialized or not and a reference + * + * + * @return initialized manage permissions reference + */ + @Path("management/permissions") + @PUT + @Produces(MediaType.APPLICATION_JSON) + @Consumes(MediaType.APPLICATION_JSON) + @NoCache + public ManagementPermissionReference setManagementPermissionsEnabled(ManagementPermissionReference ref) { + this.auth.realm().requireManageIdentityProviders(); + AdminPermissionManagement permissions = AdminPermissions.management(session, realm); + permissions.idps().setPermissionsEnabled(identityProviderModel, ref.isEnabled()); + if (ref.isEnabled()) { + return toMgmtRef(identityProviderModel, permissions); + } else { + return new ManagementPermissionReference(); + } + } + + + + } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java index b00f2e46077..7fd223fd30a 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java @@ -146,7 +146,8 @@ public class RealmsAdminResource { return Response.created(location).build(); } catch (ModelDuplicateException e) { - return ErrorResponse.exists("Realm with same name exists"); + logger.error("Conflict detected", e); + return ErrorResponse.exists("Conflict detected. See logs for details"); } } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java index fbd318ae743..34bbcea9ce7 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java @@ -68,8 +68,8 @@ import org.keycloak.services.ServicesLogger; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.BruteForceProtector; import org.keycloak.services.managers.UserSessionManager; -import org.keycloak.services.resources.AccountService; import org.keycloak.services.resources.LoginActionsService; +import org.keycloak.services.resources.account.AccountFormService; import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; import org.keycloak.services.validation.Validation; import org.keycloak.storage.ReadOnlyException; @@ -201,6 +201,8 @@ public class UserResource { if (rep.isEnabled() != null) user.setEnabled(rep.isEnabled()); if (rep.isEmailVerified() != null) user.setEmailVerified(rep.isEmailVerified()); + if (rep.getFederationLink() != null) user.setFederationLink(rep.getFederationLink()); + List reqActions = rep.getRequiredActions(); if (reqActions != null) { @@ -282,7 +284,7 @@ public class UserResource { String sessionId = KeycloakModelUtils.generateId(); UserSessionModel userSession = session.sessions().createUserSession(sessionId, realm, user, user.getUsername(), clientConnection.getRemoteAddr(), "impersonate", false, null, null); AuthenticationManager.createLoginCookie(session, realm, userSession.getUser(), userSession, uriInfo, clientConnection); - URI redirect = AccountService.accountServiceApplicationPage(uriInfo).build(realm.getName()); + URI redirect = AccountFormService.accountServiceApplicationPage(uriInfo).build(realm.getName()); Map result = new HashMap<>(); result.put("sameRealm", sameRealm); result.put("redirect", redirect.toString()); @@ -488,7 +490,7 @@ public class UserResource { if (revokedConsent) { // Logout clientSessions for this user and client - AuthenticationManager.backchannelUserFromClient(session, realm, user, client, uriInfo, headers); + AuthenticationManager.backchannelLogoutUserFromClient(session, realm, user, client, uriInfo, headers); } if (!revokedConsent && !revokedOfflineToken) { @@ -508,6 +510,8 @@ public class UserResource { public void logout() { auth.users().requireManage(user); + session.users().setNotBeforeForUser(realm, user, Time.currentTime()); + List userSessions = session.sessions().getUserSessions(realm, user); for (UserSessionModel userSession : userSessions) { AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, true); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java index c7b9945fc2e..578885d292c 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java @@ -68,7 +68,6 @@ import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.BruteForceProtector; import org.keycloak.services.*; import org.keycloak.services.managers.*; -import org.keycloak.services.resources.AccountService; import org.keycloak.services.resources.LoginActionsService; import org.keycloak.services.validation.Validation; import org.keycloak.storage.ReadOnlyException; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/AdminPermissionManagement.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/AdminPermissionManagement.java index d8eb94a4b4e..4dfce43700a 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/AdminPermissionManagement.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/AdminPermissionManagement.java @@ -27,7 +27,6 @@ import org.keycloak.models.ClientModel; public interface AdminPermissionManagement { public static final String MANAGE_SCOPE = "manage"; public static final String VIEW_SCOPE = "view"; - public static final String EXCHANGE_FROM_SCOPE="exchange-from"; public static final String EXCHANGE_TO_SCOPE="exchange-to"; ClientModel getRealmManagementClient(); @@ -38,6 +37,7 @@ public interface AdminPermissionManagement { UserPermissionManagement users(); GroupPermissionManagement groups(); ClientPermissionManagement clients(); + IdentityProviderPermissionManagement idps(); ResourceServer realmResourceServer(); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissionManagement.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissionManagement.java index ccf9679609e..03bfa73b47b 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissionManagement.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissionManagement.java @@ -41,12 +41,8 @@ public interface ClientPermissionManagement { Map getPermissions(ClientModel client); - boolean canExchangeFrom(ClientModel authorizedClient, ClientModel from); - boolean canExchangeTo(ClientModel authorizedClient, ClientModel to); - Policy exchangeFromPermission(ClientModel client); - Policy exchangeToPermission(ClientModel client); Policy mapRolesPermission(ClientModel client); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java index bbb7bf4d294..149b313bc9d 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java @@ -18,10 +18,8 @@ package org.keycloak.services.resources.admin.permissions; import org.jboss.logging.Logger; import org.keycloak.authorization.AuthorizationProvider; -import org.keycloak.authorization.attribute.Attributes; import org.keycloak.authorization.common.ClientModelIdentity; import org.keycloak.authorization.common.DefaultEvaluationContext; -import org.keycloak.authorization.identity.Identity; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.ResourceServer; @@ -32,8 +30,6 @@ import org.keycloak.models.ClientModel; import org.keycloak.models.ClientTemplateModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; -import org.keycloak.models.RoleModel; -import org.keycloak.representations.AccessToken; import org.keycloak.services.ForbiddenException; import java.util.Arrays; @@ -44,7 +40,6 @@ import java.util.LinkedHashMap; import java.util.Map; import java.util.Set; -import static org.keycloak.services.resources.admin.permissions.AdminPermissionManagement.EXCHANGE_FROM_SCOPE; import static org.keycloak.services.resources.admin.permissions.AdminPermissionManagement.EXCHANGE_TO_SCOPE; /** @@ -54,7 +49,7 @@ import static org.keycloak.services.resources.admin.permissions.AdminPermissionM * @author Bill Burke * @version $Revision: 1 $ */ -class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionManagement { +class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionManagement { private static final Logger logger = Logger.getLogger(ClientPermissions.class); protected final KeycloakSession session; protected final RealmModel realm; @@ -95,11 +90,7 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionMa return EXCHANGE_TO_SCOPE + ".permission.client." + client.getId(); } - private String getExchangeFromPermissionName(ClientModel client) { - return EXCHANGE_FROM_SCOPE + ".permission.client." + client.getId(); - } - - private void initialize(ClientModel client) { + private void initialize(ClientModel client) { ResourceServer server = root.findOrCreateResourceServer(client); Scope manageScope = manageScope(server); if (manageScope == null) { @@ -116,13 +107,12 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionMa Scope mapRoleClientScope = root.initializeScope(MAP_ROLES_CLIENT_SCOPE, server); Scope mapRoleCompositeScope = root.initializeScope(MAP_ROLES_COMPOSITE_SCOPE, server); Scope configureScope = root.initializeScope(CONFIGURE_SCOPE, server); - Scope exchangeFromScope = root.initializeScope(EXCHANGE_FROM_SCOPE, server); Scope exchangeToScope = root.initializeScope(EXCHANGE_TO_SCOPE, server); String resourceName = getResourceName(client); Resource resource = authz.getStoreFactory().getResourceStore().findByName(resourceName, server.getId()); if (resource == null) { - resource = authz.getStoreFactory().getResourceStore().create(resourceName, server, server.getClientId()); + resource = authz.getStoreFactory().getResourceStore().create(resourceName, server, server.getId()); resource.setType("Client"); Set scopeset = new HashSet<>(); scopeset.add(configureScope); @@ -131,7 +121,6 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionMa scopeset.add(mapRoleScope); scopeset.add(mapRoleClientScope); scopeset.add(mapRoleCompositeScope); - scopeset.add(exchangeFromScope); scopeset.add(exchangeToScope); resource.updateScopes(scopeset); } @@ -170,11 +159,6 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionMa if (exchangeToPermission == null) { Helper.addEmptyScopePermission(authz, server, exchangeToPermissionName, resource, exchangeToScope); } - String exchangeFromPermissionName = getExchangeFromPermissionName(client); - Policy exchangeFromPermission = authz.getStoreFactory().getPolicyStore().findByName(exchangeFromPermissionName, server.getId()); - if (exchangeFromPermission == null) { - Helper.addEmptyScopePermission(authz, server, exchangeFromPermissionName, resource, exchangeFromScope); - } } private void deletePolicy(String name, ResourceServer server) { @@ -195,7 +179,6 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionMa deletePolicy(getMapRolesCompositePermissionName(client), server); deletePolicy(getConfigurePermissionName(client), server); deletePolicy(getExchangeToPermissionName(client), server); - deletePolicy(getExchangeFromPermissionName(client), server); Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());; if (resource != null) authz.getStoreFactory().getResourceStore().delete(resource.getId()); } @@ -223,10 +206,6 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionMa return authz.getStoreFactory().getScopeStore().findByName(AdminPermissionManagement.MANAGE_SCOPE, server.getId()); } - private Scope exchangeFromScope(ResourceServer server) { - return authz.getStoreFactory().getScopeStore().findByName(EXCHANGE_FROM_SCOPE, server.getId()); - } - private Scope exchangeToScope(ResourceServer server) { return authz.getStoreFactory().getScopeStore().findByName(EXCHANGE_TO_SCOPE, server.getId()); } @@ -314,59 +293,10 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionMa scopes.put(MAP_ROLES_SCOPE, mapRolesPermission(client).getId()); scopes.put(MAP_ROLES_CLIENT_SCOPE, mapRolesClientScopePermission(client).getId()); scopes.put(MAP_ROLES_COMPOSITE_SCOPE, mapRolesCompositePermission(client).getId()); - scopes.put(EXCHANGE_FROM_SCOPE, exchangeFromPermission(client).getId()); scopes.put(EXCHANGE_TO_SCOPE, exchangeToPermission(client).getId()); return scopes; } - @Override - public boolean canExchangeFrom(ClientModel authorizedClient, ClientModel from) { - if (!authorizedClient.equals(from)) { - ResourceServer server = resourceServer(from); - if (server == null) { - logger.debug("No resource server set up for target client"); - return false; - } - - Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(from), server.getId()); - if (resource == null) { - logger.debug("No resource object set up for target client"); - return false; - } - - Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getExchangeFromPermissionName(from), server.getId()); - if (policy == null) { - logger.debug("No permission object set up for target client"); - return false; - } - - Set associatedPolicies = policy.getAssociatedPolicies(); - // if no policies attached to permission then just do default behavior - if (associatedPolicies == null || associatedPolicies.isEmpty()) { - logger.debug("No policies set up for permission on target client"); - return false; - } - - Scope scope = exchangeFromScope(server); - if (scope == null) { - logger.debug(EXCHANGE_FROM_SCOPE + " not initialized"); - return false; - } - ClientModelIdentity identity = new ClientModelIdentity(session, authorizedClient); - EvaluationContext context = new DefaultEvaluationContext(identity, session) { - @Override - public Map> getBaseAttributes() { - Map> attributes = super.getBaseAttributes(); - attributes.put("kc.client.id", Arrays.asList(authorizedClient.getClientId())); - return attributes; - } - - }; - return root.evaluatePermission(resource, scope, server, context); - } - return true; - } - @Override public boolean canExchangeTo(ClientModel authorizedClient, ClientModel to) { @@ -601,13 +531,6 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionMa return root.evaluatePermission(resource, scope, server); } - @Override - public Policy exchangeFromPermission(ClientModel client) { - ResourceServer server = resourceServer(client); - if (server == null) return null; - return authz.getStoreFactory().getPolicyStore().findByName(getExchangeFromPermissionName(client), server.getId()); - } - @Override public Policy exchangeToPermission(ClientModel client) { ResourceServer server = resourceServer(client); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java index b20d4626dfe..c6aa3c6434d 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java @@ -26,7 +26,6 @@ import org.keycloak.models.AdminRoles; import org.keycloak.models.GroupModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; -import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.services.ForbiddenException; import java.util.HashMap; @@ -95,7 +94,7 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag String groupResourceName = getGroupResourceName(group); Resource groupResource = authz.getStoreFactory().getResourceStore().findByName(groupResourceName, server.getId()); if (groupResource == null) { - groupResource = authz.getStoreFactory().getResourceStore().create(groupResourceName, server, server.getClientId()); + groupResource = authz.getStoreFactory().getResourceStore().create(groupResourceName, server, server.getId()); Set scopeset = new HashSet<>(); scopeset.add(manageScope); scopeset.add(viewScope); @@ -185,7 +184,7 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag authz.getStoreFactory().getPolicyStore().delete(manageMembersPermission.getId()); } Policy viewMembersPermission = viewMembersPermission(group); - if (viewMembersPermission == null) { + if (viewMembersPermission != null) { authz.getStoreFactory().getPolicyStore().delete(viewMembersPermission.getId()); } Policy manageMembershipPermission = manageMembershipPermission(group); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissionManagement.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissionManagement.java new file mode 100644 index 00000000000..a5b595dfea2 --- /dev/null +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissionManagement.java @@ -0,0 +1,42 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.services.resources.admin.permissions; + +import org.keycloak.authorization.model.Policy; +import org.keycloak.authorization.model.Resource; +import org.keycloak.models.ClientModel; +import org.keycloak.models.IdentityProviderModel; + +import java.util.Map; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public interface IdentityProviderPermissionManagement { + boolean isPermissionsEnabled(IdentityProviderModel idp); + + void setPermissionsEnabled(IdentityProviderModel idp, boolean enable); + + Resource resource(IdentityProviderModel idp); + + Map getPermissions(IdentityProviderModel idp); + + boolean canExchangeTo(ClientModel authorizedClient, IdentityProviderModel to); + + Policy exchangeToPermission(IdentityProviderModel idp); +} diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java new file mode 100644 index 00000000000..9be37d6b6e4 --- /dev/null +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java @@ -0,0 +1,204 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.services.resources.admin.permissions; + +import org.jboss.logging.Logger; +import org.keycloak.authorization.AuthorizationProvider; +import org.keycloak.authorization.common.ClientModelIdentity; +import org.keycloak.authorization.common.DefaultEvaluationContext; +import org.keycloak.authorization.model.Policy; +import org.keycloak.authorization.model.Resource; +import org.keycloak.authorization.model.ResourceServer; +import org.keycloak.authorization.model.Scope; +import org.keycloak.authorization.policy.evaluation.EvaluationContext; +import org.keycloak.models.ClientModel; +import org.keycloak.models.IdentityProviderModel; +import org.keycloak.models.KeycloakSession; +import org.keycloak.models.RealmModel; + +import java.util.Arrays; +import java.util.Collection; +import java.util.HashSet; +import java.util.LinkedHashMap; +import java.util.Map; +import java.util.Set; + +import static org.keycloak.services.resources.admin.permissions.AdminPermissionManagement.EXCHANGE_TO_SCOPE; + +/** + * Manages default policies for all users. + * + * + * @author Bill Burke + * @version $Revision: 1 $ + */ +class IdentityProviderPermissions implements IdentityProviderPermissionManagement { + private static final Logger logger = Logger.getLogger(IdentityProviderPermissions.class); + protected final KeycloakSession session; + protected final RealmModel realm; + protected final AuthorizationProvider authz; + protected final MgmtPermissions root; + + public IdentityProviderPermissions(KeycloakSession session, RealmModel realm, AuthorizationProvider authz, MgmtPermissions root) { + this.session = session; + this.realm = realm; + this.authz = authz; + this.root = root; + } + + private String getResourceName(IdentityProviderModel idp) { + return "idp.resource." + idp.getInternalId(); + } + + private String getExchangeToPermissionName(IdentityProviderModel idp) { + return EXCHANGE_TO_SCOPE + ".permission.idp." + idp.getInternalId(); + } + + private void initialize(IdentityProviderModel idp) { + ResourceServer server = root.initializeRealmResourceServer(); + Scope exchangeToScope = root.initializeScope(EXCHANGE_TO_SCOPE, server); + + String resourceName = getResourceName(idp); + Resource resource = authz.getStoreFactory().getResourceStore().findByName(resourceName, server.getId()); + if (resource == null) { + resource = authz.getStoreFactory().getResourceStore().create(resourceName, server, server.getId()); + resource.setType("IdentityProvider"); + Set scopeset = new HashSet<>(); + scopeset.add(exchangeToScope); + resource.updateScopes(scopeset); + } + String exchangeToPermissionName = getExchangeToPermissionName(idp); + Policy exchangeToPermission = authz.getStoreFactory().getPolicyStore().findByName(exchangeToPermissionName, server.getId()); + if (exchangeToPermission == null) { + Helper.addEmptyScopePermission(authz, server, exchangeToPermissionName, resource, exchangeToScope); + } + } + + private void deletePolicy(String name, ResourceServer server) { + Policy policy = authz.getStoreFactory().getPolicyStore().findByName(name, server.getId()); + if (policy != null) { + authz.getStoreFactory().getPolicyStore().delete(policy.getId()); + } + + } + + private void deletePermissions(IdentityProviderModel idp) { + ResourceServer server = root.initializeRealmResourceServer(); + if (server == null) return; + deletePolicy(getExchangeToPermissionName(idp), server); + Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(idp), server.getId());; + if (resource != null) authz.getStoreFactory().getResourceStore().delete(resource.getId()); + } + + @Override + public boolean isPermissionsEnabled(IdentityProviderModel idp) { + ResourceServer server = root.initializeRealmResourceServer(); + if (server == null) return false; + + return authz.getStoreFactory().getResourceStore().findByName(getResourceName(idp), server.getId()) != null; + } + + @Override + public void setPermissionsEnabled(IdentityProviderModel idp, boolean enable) { + if (enable) { + initialize(idp); + } else { + deletePermissions(idp); + } + } + + + + private Scope exchangeToScope(ResourceServer server) { + return authz.getStoreFactory().getScopeStore().findByName(EXCHANGE_TO_SCOPE, server.getId()); + } + + @Override + public Resource resource(IdentityProviderModel idp) { + ResourceServer server = root.initializeRealmResourceServer(); + if (server == null) return null; + Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(idp), server.getId()); + if (resource == null) return null; + return resource; + } + + + @Override + public Map getPermissions(IdentityProviderModel idp) { + initialize(idp); + Map scopes = new LinkedHashMap<>(); + scopes.put(EXCHANGE_TO_SCOPE, exchangeToPermission(idp).getId()); + return scopes; + } + + @Override + public boolean canExchangeTo(ClientModel authorizedClient, IdentityProviderModel to) { + + if (!authorizedClient.equals(to)) { + ResourceServer server = root.initializeRealmResourceServer(); + if (server == null) { + logger.debug("No resource server set up for target idp"); + return false; + } + + Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(to), server.getId()); + if (resource == null) { + logger.debug("No resource object set up for target idp"); + return false; + } + + Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getExchangeToPermissionName(to), server.getId()); + if (policy == null) { + logger.debug("No permission object set up for target idp"); + return false; + } + + Set associatedPolicies = policy.getAssociatedPolicies(); + // if no policies attached to permission then just do default behavior + if (associatedPolicies == null || associatedPolicies.isEmpty()) { + logger.debug("No policies set up for permission on target idp"); + return false; + } + + Scope scope = exchangeToScope(server); + if (scope == null) { + logger.debug(EXCHANGE_TO_SCOPE + " not initialized"); + return false; + } + ClientModelIdentity identity = new ClientModelIdentity(session, authorizedClient); + EvaluationContext context = new DefaultEvaluationContext(identity, session) { + @Override + public Map> getBaseAttributes() { + Map> attributes = super.getBaseAttributes(); + attributes.put("kc.client.id", Arrays.asList(authorizedClient.getClientId())); + return attributes; + } + + }; + return root.evaluatePermission(resource, scope, server, context); + } + return true; + } + + @Override + public Policy exchangeToPermission(IdentityProviderModel idp) { + ResourceServer server = root.initializeRealmResourceServer(); + if (server == null) return null; + return authz.getStoreFactory().getPolicyStore().findByName(getExchangeToPermissionName(idp), server.getId()); + } + +} diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java index fe4a11fe935..6fa044f2559 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java @@ -40,7 +40,6 @@ import org.keycloak.models.Constants; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.models.RealmModel; -import org.keycloak.models.RoleModel; import org.keycloak.models.UserModel; import org.keycloak.services.ForbiddenException; import org.keycloak.services.managers.RealmManager; @@ -67,6 +66,7 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage protected GroupPermissions groups; protected RealmPermissions realmPermissions; protected ClientPermissions clientPermissions; + protected IdentityProviderPermissions idpPermissions; MgmtPermissions(KeycloakSession session, RealmModel realm) { @@ -223,6 +223,13 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage return clientPermissions; } + @Override + public IdentityProviderPermissions idps() { + if (idpPermissions != null) return idpPermissions; + idpPermissions = new IdentityProviderPermissions(session, realm, authz, this); + return idpPermissions; + } + @Override public GroupPermissions groups() { if (groups != null) return groups; @@ -244,7 +251,7 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage ResourceServerStore resourceServerStore = authz.getStoreFactory().getResourceServerStore(); ClientModel client = getRealmManagementClient(); if (client == null) return null; - realmResourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(client.getId()); + realmResourceServer = authz.getStoreFactory().getResourceServerStore().findById(client.getId()); return realmResourceServer; } @@ -252,7 +259,7 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage public ResourceServer initializeRealmResourceServer() { if (realmResourceServer != null) return realmResourceServer; ClientModel client = getRealmManagementClient(); - realmResourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(client.getId()); + realmResourceServer = authz.getStoreFactory().getResourceServerStore().findById(client.getId()); if (realmResourceServer == null) { realmResourceServer = authz.getStoreFactory().getResourceServerStore().create(client.getId()); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissions.java index 0e12861929e..361cb0c25a3 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissions.java @@ -34,7 +34,6 @@ import org.keycloak.models.RoleModel; import org.keycloak.representations.idm.authorization.DecisionStrategy; import org.keycloak.services.ForbiddenException; -import java.util.HashMap; import java.util.HashSet; import java.util.LinkedHashMap; import java.util.Map; @@ -541,7 +540,7 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme String roleResourceName = getRoleResourceName(role); Resource resource = authz.getStoreFactory().getResourceStore().findByName(roleResourceName, server.getId()); if (resource == null) { - resource = authz.getStoreFactory().getResourceStore().create(roleResourceName, server, server.getClientId()); + resource = authz.getStoreFactory().getResourceStore().create(roleResourceName, server, server.getId()); Set scopeset = new HashSet<>(); scopeset.add(mapClientScope); scopeset.add(mapCompositeScope); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java index 3ac26ed5faf..0078497bf65 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java @@ -84,7 +84,7 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme Resource usersResource = authz.getStoreFactory().getResourceStore().findByName(USERS_RESOURCE, server.getId()); if (usersResource == null) { - usersResource = authz.getStoreFactory().getResourceStore().create(USERS_RESOURCE, server, server.getClientId()); + usersResource = authz.getStoreFactory().getResourceStore().create(USERS_RESOURCE, server, server.getId()); Set scopeset = new HashSet<>(); scopeset.add(manageScope); scopeset.add(viewScope); diff --git a/services/src/main/java/org/keycloak/social/bitbucket/BitbucketIdentityProvider.java b/services/src/main/java/org/keycloak/social/bitbucket/BitbucketIdentityProvider.java index c7583b738e9..bb7aa641029 100755 --- a/services/src/main/java/org/keycloak/social/bitbucket/BitbucketIdentityProvider.java +++ b/services/src/main/java/org/keycloak/social/bitbucket/BitbucketIdentityProvider.java @@ -21,7 +21,6 @@ import com.fasterxml.jackson.databind.JsonNode; import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider; import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig; import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper; -import org.keycloak.broker.oidc.util.JsonSimpleHttp; import org.keycloak.broker.provider.BrokeredIdentityContext; import org.keycloak.broker.provider.IdentityBrokerException; import org.keycloak.broker.provider.util.SimpleHttp; @@ -54,7 +53,7 @@ public class BitbucketIdentityProvider extends AbstractOAuth2IdentityProvider im @Override protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) { try { - JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(USER_URL, session).header("Authorization", "Bearer " + accessToken)); + JsonNode profile = SimpleHttp.doGet(USER_URL, session).header("Authorization", "Bearer " + accessToken).asJson(); String type = getJsonProperty(profile, "type"); if (type == null) { diff --git a/services/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java b/services/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java index bd6ca5497df..54be72c4ee7 100755 --- a/services/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java +++ b/services/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java @@ -21,7 +21,6 @@ import com.fasterxml.jackson.databind.JsonNode; import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider; import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig; import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper; -import org.keycloak.broker.oidc.util.JsonSimpleHttp; import org.keycloak.broker.provider.BrokeredIdentityContext; import org.keycloak.broker.provider.IdentityBrokerException; import org.keycloak.broker.provider.util.SimpleHttp; @@ -47,7 +46,7 @@ public class FacebookIdentityProvider extends AbstractOAuth2IdentityProvider imp protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) { try { - JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL, session).header("Authorization", "Bearer " + accessToken)); + JsonNode profile = SimpleHttp.doGet(PROFILE_URL, session).header("Authorization", "Bearer " + accessToken).asJson(); String id = getJsonProperty(profile, "id"); diff --git a/services/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java b/services/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java index 71692937a05..4120e432927 100755 --- a/services/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java +++ b/services/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java @@ -21,7 +21,6 @@ import com.fasterxml.jackson.databind.JsonNode; import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider; import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig; import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper; -import org.keycloak.broker.oidc.util.JsonSimpleHttp; import org.keycloak.broker.provider.BrokeredIdentityContext; import org.keycloak.broker.provider.IdentityBrokerException; import org.keycloak.broker.provider.util.SimpleHttp; @@ -48,7 +47,7 @@ public class GitHubIdentityProvider extends AbstractOAuth2IdentityProvider imple @Override protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) { try { - JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL, session).header("Authorization", "Bearer " + accessToken)); + JsonNode profile = SimpleHttp.doGet(PROFILE_URL, session).header("Authorization", "Bearer " + accessToken).asJson(); BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "id")); diff --git a/services/src/main/java/org/keycloak/social/gitlab/GitLabIdentityProvider.java b/services/src/main/java/org/keycloak/social/gitlab/GitLabIdentityProvider.java index a57704ff69a..a35b4a3d42d 100755 --- a/services/src/main/java/org/keycloak/social/gitlab/GitLabIdentityProvider.java +++ b/services/src/main/java/org/keycloak/social/gitlab/GitLabIdentityProvider.java @@ -18,14 +18,10 @@ package org.keycloak.social.gitlab; import com.fasterxml.jackson.databind.JsonNode; -import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider; -import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig; import org.keycloak.broker.oidc.OIDCIdentityProvider; import org.keycloak.broker.oidc.OIDCIdentityProviderConfig; import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper; -import org.keycloak.broker.oidc.util.JsonSimpleHttp; import org.keycloak.broker.provider.BrokeredIdentityContext; -import org.keycloak.broker.provider.IdentityBrokerException; import org.keycloak.broker.provider.util.SimpleHttp; import org.keycloak.broker.social.SocialIdentityProvider; import org.keycloak.models.KeycloakSession; @@ -68,9 +64,8 @@ public class GitLabIdentityProvider extends OIDCIdentityProvider implements Soc if (getConfig().getDefaultScope().contains(API_SCOPE)) { String userInfoUrl = getUserInfoUrl(); if (userInfoUrl != null && !userInfoUrl.isEmpty() && (id == null || name == null || preferredUsername == null || email == null)) { - SimpleHttp request = JsonSimpleHttp.doGet(userInfoUrl, session) - .header("Authorization", "Bearer " + accessToken); - JsonNode userInfo = JsonSimpleHttp.asJson(request); + JsonNode userInfo = SimpleHttp.doGet(userInfoUrl, session) + .header("Authorization", "Bearer " + accessToken).asJson(); name = getJsonProperty(userInfo, "name"); preferredUsername = getJsonProperty(userInfo, "username"); diff --git a/services/src/main/java/org/keycloak/social/linkedin/LinkedInIdentityProvider.java b/services/src/main/java/org/keycloak/social/linkedin/LinkedInIdentityProvider.java index d3befd704b8..e25bcfa3bd9 100755 --- a/services/src/main/java/org/keycloak/social/linkedin/LinkedInIdentityProvider.java +++ b/services/src/main/java/org/keycloak/social/linkedin/LinkedInIdentityProvider.java @@ -21,7 +21,6 @@ import org.jboss.logging.Logger; import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider; import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig; import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper; -import org.keycloak.broker.oidc.util.JsonSimpleHttp; import org.keycloak.broker.provider.BrokeredIdentityContext; import org.keycloak.broker.provider.IdentityBrokerException; import org.keycloak.broker.provider.util.SimpleHttp; @@ -57,7 +56,7 @@ public class LinkedInIdentityProvider extends AbstractOAuth2IdentityProvider imp protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) { log.debug("doGetFederatedIdentity()"); try { - JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL, session).header("Authorization", "Bearer " + accessToken)); + JsonNode profile = SimpleHttp.doGet(PROFILE_URL, session).header("Authorization", "Bearer " + accessToken).asJson(); BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "id")); diff --git a/services/src/main/java/org/keycloak/social/microsoft/MicrosoftIdentityProvider.java b/services/src/main/java/org/keycloak/social/microsoft/MicrosoftIdentityProvider.java index 224733b2ed1..17dde5edb86 100755 --- a/services/src/main/java/org/keycloak/social/microsoft/MicrosoftIdentityProvider.java +++ b/services/src/main/java/org/keycloak/social/microsoft/MicrosoftIdentityProvider.java @@ -22,13 +22,11 @@ import org.jboss.logging.Logger; import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider; import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig; import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper; -import org.keycloak.broker.oidc.util.JsonSimpleHttp; import org.keycloak.broker.provider.BrokeredIdentityContext; import org.keycloak.broker.provider.IdentityBrokerException; import org.keycloak.broker.provider.util.SimpleHttp; import org.keycloak.broker.social.SocialIdentityProvider; -import com.fasterxml.jackson.databind.JsonNode; import org.keycloak.models.KeycloakSession; import java.net.URLEncoder; @@ -62,7 +60,7 @@ public class MicrosoftIdentityProvider extends AbstractOAuth2IdentityProvider im if (log.isDebugEnabled()) { log.debug("Microsoft Live user profile request to: " + URL); } - JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(URL, session)); + JsonNode profile = SimpleHttp.doGet(URL, session).asJson(); String id = getJsonProperty(profile, "id"); diff --git a/services/src/main/java/org/keycloak/social/openshift/OpenshiftV3IdentityProvider.java b/services/src/main/java/org/keycloak/social/openshift/OpenshiftV3IdentityProvider.java index bc83af133b4..fafa42552b8 100644 --- a/services/src/main/java/org/keycloak/social/openshift/OpenshiftV3IdentityProvider.java +++ b/services/src/main/java/org/keycloak/social/openshift/OpenshiftV3IdentityProvider.java @@ -3,7 +3,6 @@ package org.keycloak.social.openshift; import com.fasterxml.jackson.databind.JsonNode; import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider; import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper; -import org.keycloak.broker.oidc.util.JsonSimpleHttp; import org.keycloak.broker.provider.BrokeredIdentityContext; import org.keycloak.broker.provider.IdentityBrokerException; import org.keycloak.broker.provider.util.SimpleHttp; @@ -59,8 +58,9 @@ public class OpenshiftV3IdentityProvider extends AbstractOAuth2IdentityProvider< } private JsonNode fetchProfile(String accessToken) throws IOException { - return JsonSimpleHttp.asJson(SimpleHttp.doGet(getConfig().getUserInfoUrl(), this.session) - .header("Authorization", "Bearer " + accessToken)); + return SimpleHttp.doGet(getConfig().getUserInfoUrl(), this.session) + .header("Authorization", "Bearer " + accessToken) + .asJson(); } } diff --git a/services/src/main/java/org/keycloak/social/paypal/PayPalIdentityProvider.java b/services/src/main/java/org/keycloak/social/paypal/PayPalIdentityProvider.java new file mode 100644 index 00000000000..a3f460235d1 --- /dev/null +++ b/services/src/main/java/org/keycloak/social/paypal/PayPalIdentityProvider.java @@ -0,0 +1,73 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.social.paypal; + +import com.fasterxml.jackson.databind.JsonNode; +import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider; +import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig; +import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper; +import org.keycloak.broker.provider.BrokeredIdentityContext; +import org.keycloak.broker.provider.IdentityBrokerException; +import org.keycloak.broker.provider.util.SimpleHttp; +import org.keycloak.broker.social.SocialIdentityProvider; +import org.keycloak.models.KeycloakSession; + +/** + * @author Petter Lysne (petterlysne at hotmail dot com) + */ +public class PayPalIdentityProvider extends AbstractOAuth2IdentityProvider implements SocialIdentityProvider{ + + public static final String BASE_URL = "https://api.paypal.com/v1"; + public static final String AUTH_URL = "https://www.paypal.com/signin/authorize"; + public static final String TOKEN_RESOURCE = "/identity/openidconnect/tokenservice"; + public static final String PROFILE_RESOURCE = "/oauth2/token/userinfo?schema=openid"; + public static final String DEFAULT_SCOPE = "openid profile email"; + + public PayPalIdentityProvider(KeycloakSession session, PayPalIdentityProviderConfig config) { + super(session, config); + config.setAuthorizationUrl(config.targetSandbox() ? "https://www.sandbox.paypal.com/signin/authorize" : AUTH_URL); + config.setTokenUrl((config.targetSandbox() ? "https://api.sandbox.paypal.com/v1" : BASE_URL) + TOKEN_RESOURCE); + config.setUserInfoUrl((config.targetSandbox() ? "https://api.sandbox.paypal.com/v1" : BASE_URL) + PROFILE_RESOURCE); + } + + @Override + protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) { + try { + JsonNode profile = SimpleHttp.doGet(getConfig().getUserInfoUrl(), session).header("Authorization", "Bearer " + accessToken).asJson(); + + BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "user_id")); + + user.setUsername(getJsonProperty(profile, "email")); + user.setName(getJsonProperty(profile, "name")); + user.setEmail(getJsonProperty(profile, "email")); + user.setIdpConfig(getConfig()); + user.setIdp(this); + + AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile, getConfig().getAlias()); + + return user; + } catch (Exception e) { + throw new IdentityBrokerException("Could not obtain user profile from paypal.", e); + } + } + + @Override + protected String getDefaultScopes() { + return DEFAULT_SCOPE; + } +} diff --git a/services/src/main/java/org/keycloak/social/paypal/PayPalIdentityProviderConfig.java b/services/src/main/java/org/keycloak/social/paypal/PayPalIdentityProviderConfig.java new file mode 100644 index 00000000000..dc94e3addf2 --- /dev/null +++ b/services/src/main/java/org/keycloak/social/paypal/PayPalIdentityProviderConfig.java @@ -0,0 +1,40 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.social.paypal; + +import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig; +import org.keycloak.models.IdentityProviderModel; + +/** + * @author Petter Lysne (petterlysne at hotmail dot com) + */ +public class PayPalIdentityProviderConfig extends OAuth2IdentityProviderConfig { + + public PayPalIdentityProviderConfig(IdentityProviderModel model) { + super(model); + } + + public boolean targetSandbox() { + String sandbox = getConfig().get("sandbox"); + return sandbox == null ? false : Boolean.valueOf(sandbox); + } + + public void setSandbox(boolean sandbox) { + getConfig().put("sandbox", String.valueOf(sandbox)); + } + +} diff --git a/services/src/main/java/org/keycloak/social/paypal/PayPalIdentityProviderFactory.java b/services/src/main/java/org/keycloak/social/paypal/PayPalIdentityProviderFactory.java new file mode 100644 index 00000000000..b0b554126a2 --- /dev/null +++ b/services/src/main/java/org/keycloak/social/paypal/PayPalIdentityProviderFactory.java @@ -0,0 +1,46 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.social.paypal; + +import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig; +import org.keycloak.broker.provider.AbstractIdentityProviderFactory; +import org.keycloak.models.IdentityProviderModel; +import org.keycloak.broker.social.SocialIdentityProviderFactory; +import org.keycloak.models.KeycloakSession; + +/** + * @author Petter Lysne + */ +public class PayPalIdentityProviderFactory extends AbstractIdentityProviderFactory implements SocialIdentityProviderFactory { + + public static final String PROVIDER_ID = "paypal"; + + @Override + public String getName() { + return "PayPal"; + } + + @Override + public PayPalIdentityProvider create(KeycloakSession session, IdentityProviderModel model) { + return new PayPalIdentityProvider(session, new PayPalIdentityProviderConfig(model)); + } + + @Override + public String getId() { + return PROVIDER_ID; + } +} diff --git a/services/src/main/java/org/keycloak/social/paypal/PayPalUserAttributeMapper.java b/services/src/main/java/org/keycloak/social/paypal/PayPalUserAttributeMapper.java new file mode 100644 index 00000000000..8311cda6f76 --- /dev/null +++ b/services/src/main/java/org/keycloak/social/paypal/PayPalUserAttributeMapper.java @@ -0,0 +1,41 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.social.paypal; + +import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper; + +/** + * User attribute mapper. + * + * @author Petter Lysne (petterlysne at hotmail dot com) + */ +public class PayPalUserAttributeMapper extends AbstractJsonUserAttributeMapper { + + private static final String[] cp = new String[] { PayPalIdentityProviderFactory.PROVIDER_ID }; + + @Override + public String[] getCompatibleProviders() { + return cp; + } + + @Override + public String getId() { + return "paypal-user-attribute-mapper"; + } + +} diff --git a/services/src/main/java/org/keycloak/social/stackoverflow/StackoverflowIdentityProvider.java b/services/src/main/java/org/keycloak/social/stackoverflow/StackoverflowIdentityProvider.java index 43ccc6c603c..9a0992a586d 100755 --- a/services/src/main/java/org/keycloak/social/stackoverflow/StackoverflowIdentityProvider.java +++ b/services/src/main/java/org/keycloak/social/stackoverflow/StackoverflowIdentityProvider.java @@ -20,7 +20,6 @@ import com.fasterxml.jackson.databind.JsonNode; import org.jboss.logging.Logger; import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider; import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper; -import org.keycloak.broker.oidc.util.JsonSimpleHttp; import org.keycloak.broker.provider.BrokeredIdentityContext; import org.keycloak.broker.provider.IdentityBrokerException; import org.keycloak.broker.provider.util.SimpleHttp; @@ -63,7 +62,7 @@ public class StackoverflowIdentityProvider extends AbstractOAuth2IdentityProvide if (log.isDebugEnabled()) { log.debug("StackOverflow profile request to: " + URL); } - JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(URL, session)).get("items").get(0); + JsonNode profile = SimpleHttp.doGet(URL, session).asJson().get("items").get(0); BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "user_id")); diff --git a/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java b/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java index 77009e7f861..ad9dc409250 100755 --- a/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java +++ b/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java @@ -17,18 +17,26 @@ package org.keycloak.social.twitter; import org.jboss.logging.Logger; +import org.keycloak.OAuth2Constants; +import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider; import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig; import org.keycloak.broker.provider.AbstractIdentityProvider; import org.keycloak.broker.provider.AuthenticationRequest; import org.keycloak.broker.provider.BrokeredIdentityContext; import org.keycloak.broker.provider.IdentityBrokerException; +import org.keycloak.broker.provider.TokenExchangeTo; import org.keycloak.broker.social.SocialIdentityProvider; import org.keycloak.common.ClientConnection; +import org.keycloak.events.Details; import org.keycloak.events.EventBuilder; import org.keycloak.events.EventType; +import org.keycloak.models.ClientModel; import org.keycloak.models.FederatedIdentityModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; +import org.keycloak.models.UserModel; +import org.keycloak.models.UserSessionModel; +import org.keycloak.representations.AccessTokenResponse; import org.keycloak.services.ErrorPage; import org.keycloak.services.managers.ClientSessionCode; import org.keycloak.services.messages.Messages; @@ -44,6 +52,7 @@ import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; import java.net.URI; @@ -52,7 +61,10 @@ import java.net.URI; * @author Stian Thorgersen */ public class TwitterIdentityProvider extends AbstractIdentityProvider implements - SocialIdentityProvider { + SocialIdentityProvider, TokenExchangeTo { + + String TWITTER_TOKEN_TYPE="twitter"; + protected static final Logger logger = Logger.getLogger(TwitterIdentityProvider.class); @@ -90,6 +102,62 @@ public class TwitterIdentityProvider extends AbstractIdentityProvider params) { + String requestedType = params.getFirst(OAuth2Constants.REQUESTED_TOKEN_TYPE); + if (requestedType != null && !requestedType.equals(TWITTER_TOKEN_TYPE)) { + return exchangeUnsupportedRequiredType(); + } + if (!getConfig().isStoreToken()) { + String brokerId = tokenUserSession.getNote(Details.IDENTITY_PROVIDER); + if (brokerId == null || !brokerId.equals(getConfig().getAlias())) { + return exchangeNotSupported(); + } + return exchangeSessionToken(uriInfo, authorizedClient, tokenUserSession, tokenSubject, token); + } else { + return exchangeStoredToken(uriInfo, authorizedClient, tokenUserSession, tokenSubject, token); + } + } + + protected Response exchangeStoredToken(UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject, org.keycloak.representations.AccessToken token) { + FederatedIdentityModel model = session.users().getFederatedIdentity(tokenSubject, getConfig().getAlias(), authorizedClient.getRealm()); + if (model == null || model.getToken() == null) { + return exchangeNotLinked(uriInfo, authorizedClient, tokenUserSession, tokenSubject, token); + } + String accessToken = model.getToken(); + if (accessToken == null) { + model.setToken(null); + session.users().updateFederatedIdentity(authorizedClient.getRealm(), tokenSubject, model); + return exchangeTokenExpired(uriInfo, authorizedClient, tokenUserSession, tokenSubject, token); + } + AccessTokenResponse tokenResponse = new AccessTokenResponse(); + tokenResponse.setToken(accessToken); + tokenResponse.setIdToken(null); + tokenResponse.setRefreshToken(null); + tokenResponse.setRefreshExpiresIn(0); + tokenResponse.getOtherClaims().clear(); + tokenResponse.getOtherClaims().put(OAuth2Constants.ISSUED_TOKEN_TYPE, TWITTER_TOKEN_TYPE); + tokenResponse.getOtherClaims().put(ACCOUNT_LINK_URL, getLinkingUrl(uriInfo, authorizedClient, tokenUserSession, token)); + return Response.ok(tokenResponse).type(MediaType.APPLICATION_JSON_TYPE).build(); + } + + protected Response exchangeSessionToken(UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject, org.keycloak.representations.AccessToken token) { + String accessToken = tokenUserSession.getNote(AbstractOAuth2IdentityProvider.FEDERATED_ACCESS_TOKEN); + if (accessToken == null) { + return exchangeTokenExpired(uriInfo, authorizedClient, tokenUserSession, tokenSubject, token); + } + AccessTokenResponse tokenResponse = new AccessTokenResponse(); + tokenResponse.setToken(accessToken); + tokenResponse.setIdToken(null); + tokenResponse.setRefreshToken(null); + tokenResponse.setRefreshExpiresIn(0); + tokenResponse.getOtherClaims().clear(); + tokenResponse.getOtherClaims().put(OAuth2Constants.ISSUED_TOKEN_TYPE, TWITTER_TOKEN_TYPE); + tokenResponse.getOtherClaims().put(ACCOUNT_LINK_URL, getLinkingUrl(uriInfo, authorizedClient, tokenUserSession, token)); + return Response.ok(tokenResponse).type(MediaType.APPLICATION_JSON_TYPE).build(); + } + + protected class Endpoint { protected RealmModel realm; protected AuthenticationCallback callback; @@ -142,6 +210,7 @@ public class TwitterIdentityProvider extends AbstractIdentityProvider { diff --git a/testsuite/integration-arquillian/HOW-TO-RUN.md b/testsuite/integration-arquillian/HOW-TO-RUN.md index e80479dc0c3..40335591304 100644 --- a/testsuite/integration-arquillian/HOW-TO-RUN.md +++ b/testsuite/integration-arquillian/HOW-TO-RUN.md @@ -294,7 +294,7 @@ The Welcome Page tests need to be run on WildFly/EAP and with `-Dskip.add.user.j The social login tests require setup of all social networks including an example social user. These details can't be shared as it would result in the clients and users eventually being blocked. By default these tests are skipped. -To run the full test you need to configure clients in Google, Facebook, GitHub, Twitter, LinkedIn, Microsoft and +To run the full test you need to configure clients in Google, Facebook, GitHub, Twitter, LinkedIn, Microsoft, PayPal and StackOverflow. See the server administration guide for details on how to do that. Further, you also need to create a sample user that can login to the social network. @@ -336,9 +336,15 @@ To run the tests run: #### Mozilla Firefox * **Supported version:** [latest ESR](https://www.mozilla.org/en-US/firefox/organizations/) (Extended Support Release) -* **Driver download required:** no +* **Driver download required:** no (using the old legacy Firefox driver) * **Run with:** `-Dbrowser=firefox`; optionally you can specify `-Dfirefox_binary=path/to/firefox/binary` +#### Mozilla Firefox with GeckoDriver +You can also use Firefox automation with modern Marionette protocol and GeckoDriver. However, this is **highly experimental** and the testsuite may not work as expected. +* **Supported version:** as latest as possible (Firefox has better support for Marionette with each version released) +* **Driver download required:** [GeckoDriver](https://github.com/mozilla/geckodriver/releases) +* **Run with:** `-Dbrowser=firefox -DfirefoxLegacyDriver=false -Dwebdriver.gecko.driver=path/to/geckodriver` + #### Google Chrome * **Supported version:** latest stable * **Driver download required:** [ChromeDriver](https://sites.google.com/a/chromium.org/chromedriver/) which corresponds with your version of the browser @@ -346,9 +352,12 @@ To run the tests run: #### Internet Explorer * **Supported version:** 11 -* **Driver download required:** [Internet Explorer Driver Server](http://www.seleniumhq.org/download/); recommended version [2.53.1 32-bit](http://selenium-release.storage.googleapis.com/2.53/IEDriverServer_Win32_2.53.1.zip) +* **Driver download required:** [Internet Explorer Driver Server](http://www.seleniumhq.org/download/); recommended version [3.5.1 32-bit](http://selenium-release.storage.googleapis.com/3.5/IEDriverServer_Win32_3.5.1.zip) * **Run with:** `-Dbrowser=internetExplorer -Dwebdriver.ie.driver=path/to/IEDriverServer.exe` - + +#### Automatic driver downloads +You can rely on automatic driver downloads which is provided by [Arquillian Drone](http://arquillian.org/arquillian-extension-drone/#_automatic_download). To do so just omit the `-Dwebdriver.{browser}.driver` CLI argument when running the tests. + ## Run X.509 tests To run the X.509 client certificate authentication tests: @@ -468,6 +477,16 @@ or It can be useful to add additional system property to enable logging: -Dkeycloak.infinispan.logging.level=debug + +Tests from package "manual" uses manual lifecycle for all servers, so needs to be executed manually. Also needs to be executed with real DB like MySQL. You can run them with: + + mvn -Pcache-server-infinispan -Dtest=*.crossdc.manual.* -Dmanual.mode=true \ + -Dkeycloak.connectionsJpa.url.crossdc=jdbc:mysql://localhost/keycloak -Dkeycloak.connectionsJpa.driver.crossdc=com.mysql.jdbc.Driver \ + -Dkeycloak.connectionsJpa.user=keycloak -Dkeycloak.connectionsJpa.password=keycloak \ + -pl testsuite/integration-arquillian/tests/base test + + + @@ -512,6 +531,9 @@ connects to the remoteStore provided by infinispan server configured in previous -Dkeycloak.connectionsInfinispan.remoteStorePort=11222 -Dkeycloak.connectionsInfinispan.remoteStorePort.2=11222 -Dkeycloak.connectionsInfinispan.sessionsOwners=1 -Dsession.cache.owners=1 -Dkeycloak.infinispan.logging.level=debug -Dresources +NOTE: Tests from package "manual" (eg. SessionsPreloadCrossDCTest) needs to be executed with managed containers. +So skip steps 1,2 and add property `-Dmanual.mode=true` and change "cache.server.lifecycle.skip" to false `-Dcache.server.lifecycle.skip=false` or remove it. + 7) If you want to debug and test manually, the servers are running on these ports (Note that not all backend servers are running by default and some might be also unused by loadbalancer): Loadbalancer -> "http://localhost:8180/auth" diff --git a/testsuite/integration-arquillian/pom.xml b/testsuite/integration-arquillian/pom.xml index 0bcb2b899b2..d42264a841d 100644 --- a/testsuite/integration-arquillian/pom.xml +++ b/testsuite/integration-arquillian/pom.xml @@ -24,7 +24,7 @@ org.keycloak keycloak-testsuite-pom - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml @@ -41,14 +41,14 @@ ${java.home} - 1.1.11.Final - 2.53.0 - 2.0.1.Final - 2.1.0.Alpha3 - 2.1.0.Alpha2 + 1.1.13.Final + 3.5.1 + 2.4.0 + 2.3.1 + 2.1.0.Beta1 1.0.1.Final 1.2.0.Beta2 - 2.2.2 + 2.2.6 1.0.0.Alpha2 diff --git a/testsuite/integration-arquillian/servers/app-server/jboss/as7/pom.xml b/testsuite/integration-arquillian/servers/app-server/jboss/as7/pom.xml index 99e193528ad..f436c88f0d6 100644 --- a/testsuite/integration-arquillian/servers/app-server/jboss/as7/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/jboss/as7/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-app-server-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/app-server/jboss/eap/pom.xml b/testsuite/integration-arquillian/servers/app-server/jboss/eap/pom.xml index 7e7b10be536..01bc3da31dd 100644 --- a/testsuite/integration-arquillian/servers/app-server/jboss/eap/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/jboss/eap/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-app-server-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/app-server/jboss/eap6-fuse/pom.xml b/testsuite/integration-arquillian/servers/app-server/jboss/eap6-fuse/pom.xml index 0a1eb4c36ef..3286d20ffbc 100644 --- a/testsuite/integration-arquillian/servers/app-server/jboss/eap6-fuse/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/jboss/eap6-fuse/pom.xml @@ -5,7 +5,7 @@ integration-arquillian-servers-app-server-jboss org.keycloak.testsuite - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/app-server/jboss/eap6/pom.xml b/testsuite/integration-arquillian/servers/app-server/jboss/eap6/pom.xml index e78f3e8403f..9111aca37bd 100644 --- a/testsuite/integration-arquillian/servers/app-server/jboss/eap6/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/jboss/eap6/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-app-server-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/app-server/jboss/pom.xml b/testsuite/integration-arquillian/servers/app-server/jboss/pom.xml index 382612cfb8a..343e980bca3 100644 --- a/testsuite/integration-arquillian/servers/app-server/jboss/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/jboss/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-app-server - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/app-server/jboss/relative/eap/pom.xml b/testsuite/integration-arquillian/servers/app-server/jboss/relative/eap/pom.xml index 4e47112555a..be19bd575de 100644 --- a/testsuite/integration-arquillian/servers/app-server/jboss/relative/eap/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/jboss/relative/eap/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-app-server-jboss-relative - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/app-server/jboss/relative/pom.xml b/testsuite/integration-arquillian/servers/app-server/jboss/relative/pom.xml index 3014456dcc4..80aeba2071d 100644 --- a/testsuite/integration-arquillian/servers/app-server/jboss/relative/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/jboss/relative/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-app-server-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/app-server/jboss/relative/wildfly/pom.xml b/testsuite/integration-arquillian/servers/app-server/jboss/relative/wildfly/pom.xml index 18e864e14b5..daf9c5befb3 100644 --- a/testsuite/integration-arquillian/servers/app-server/jboss/relative/wildfly/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/jboss/relative/wildfly/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-app-server-jboss-relative - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/app-server/jboss/wildfly/pom.xml b/testsuite/integration-arquillian/servers/app-server/jboss/wildfly/pom.xml index a4c073ea9cf..e59798d0180 100644 --- a/testsuite/integration-arquillian/servers/app-server/jboss/wildfly/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/jboss/wildfly/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-app-server-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/app-server/jboss/wildfly10/pom.xml b/testsuite/integration-arquillian/servers/app-server/jboss/wildfly10/pom.xml index 50def5c4a9f..00d6d8d0f24 100644 --- a/testsuite/integration-arquillian/servers/app-server/jboss/wildfly10/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/jboss/wildfly10/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-app-server-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/app-server/jboss/wildfly8/pom.xml b/testsuite/integration-arquillian/servers/app-server/jboss/wildfly8/pom.xml index 60845f88f70..3fc13930a43 100644 --- a/testsuite/integration-arquillian/servers/app-server/jboss/wildfly8/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/jboss/wildfly8/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-app-server-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/app-server/jboss/wildfly9/pom.xml b/testsuite/integration-arquillian/servers/app-server/jboss/wildfly9/pom.xml index afdb3462151..c015266ce90 100644 --- a/testsuite/integration-arquillian/servers/app-server/jboss/wildfly9/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/jboss/wildfly9/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-app-server-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/app-server/karaf/fuse61/pom.xml b/testsuite/integration-arquillian/servers/app-server/karaf/fuse61/pom.xml index 0b565ec1f69..58e7bd2b125 100644 --- a/testsuite/integration-arquillian/servers/app-server/karaf/fuse61/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/karaf/fuse61/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-app-server-karaf - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/app-server/karaf/fuse62/pom.xml b/testsuite/integration-arquillian/servers/app-server/karaf/fuse62/pom.xml index 2d555c462a9..2cf49cc6dc4 100644 --- a/testsuite/integration-arquillian/servers/app-server/karaf/fuse62/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/karaf/fuse62/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-app-server-karaf - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/app-server/karaf/fuse63/pom.xml b/testsuite/integration-arquillian/servers/app-server/karaf/fuse63/pom.xml index eccac119fdc..3a18df5d530 100644 --- a/testsuite/integration-arquillian/servers/app-server/karaf/fuse63/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/karaf/fuse63/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-app-server-karaf - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/app-server/karaf/karaf3/pom.xml b/testsuite/integration-arquillian/servers/app-server/karaf/karaf3/pom.xml index 9b307e5d041..3ec29465863 100644 --- a/testsuite/integration-arquillian/servers/app-server/karaf/karaf3/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/karaf/karaf3/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-app-server-karaf - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/app-server/karaf/pom.xml b/testsuite/integration-arquillian/servers/app-server/karaf/pom.xml index e61143471c1..4e7bb3ba14c 100644 --- a/testsuite/integration-arquillian/servers/app-server/karaf/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/karaf/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-app-server - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/app-server/pom.xml b/testsuite/integration-arquillian/servers/app-server/pom.xml index f0c8fbf8c8a..fe2b9edbd42 100644 --- a/testsuite/integration-arquillian/servers/app-server/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml b/testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml index 3d0d309065f..9bc5526e6a2 100644 --- a/testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-app-server - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/app-server/tomcat/tomcat7/pom.xml b/testsuite/integration-arquillian/servers/app-server/tomcat/tomcat7/pom.xml index bbc1631b505..48dd6408e88 100644 --- a/testsuite/integration-arquillian/servers/app-server/tomcat/tomcat7/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/tomcat/tomcat7/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-app-server-tomcat - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/app-server/tomcat/tomcat8/pom.xml b/testsuite/integration-arquillian/servers/app-server/tomcat/tomcat8/pom.xml index 82f7d30cef7..06b604766bd 100644 --- a/testsuite/integration-arquillian/servers/app-server/tomcat/tomcat8/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/tomcat/tomcat8/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-app-server-tomcat - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/app-server/tomcat/tomcat9/pom.xml b/testsuite/integration-arquillian/servers/app-server/tomcat/tomcat9/pom.xml index 463dff3645b..b62a4b4fc03 100644 --- a/testsuite/integration-arquillian/servers/app-server/tomcat/tomcat9/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/tomcat/tomcat9/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-app-server-tomcat - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/eap/pom.xml b/testsuite/integration-arquillian/servers/auth-server/jboss/eap/pom.xml index 426906d0883..47e6a7fc9f2 100644 --- a/testsuite/integration-arquillian/servers/auth-server/jboss/eap/pom.xml +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/eap/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-auth-server-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/pom.xml b/testsuite/integration-arquillian/servers/auth-server/jboss/pom.xml index c7059ad4bfa..a2de7fdde82 100644 --- a/testsuite/integration-arquillian/servers/auth-server/jboss/pom.xml +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-auth-server - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/wildfly/pom.xml b/testsuite/integration-arquillian/servers/auth-server/jboss/wildfly/pom.xml index 675104f219b..c4f8f525aa6 100644 --- a/testsuite/integration-arquillian/servers/auth-server/jboss/wildfly/pom.xml +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/wildfly/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-auth-server-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/auth-server/pom.xml b/testsuite/integration-arquillian/servers/auth-server/pom.xml index 31f2aa560a3..e8f30e197df 100644 --- a/testsuite/integration-arquillian/servers/auth-server/pom.xml +++ b/testsuite/integration-arquillian/servers/auth-server/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/auth-server/services/pom.xml b/testsuite/integration-arquillian/servers/auth-server/services/pom.xml index 6387079b1fb..8f5e7ab75ff 100644 --- a/testsuite/integration-arquillian/servers/auth-server/services/pom.xml +++ b/testsuite/integration-arquillian/servers/auth-server/services/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-auth-server - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml index 8ad166f5d5a..9a05165de26 100644 --- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml +++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-servers-auth-server-services - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-testsuite-providers diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestApplicationResourceProvider.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestApplicationResourceProvider.java index f47061a3056..988108809d9 100644 --- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestApplicationResourceProvider.java +++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestApplicationResourceProvider.java @@ -17,7 +17,6 @@ package org.keycloak.testsuite.rest; -import org.jboss.resteasy.annotations.Query; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.HttpRequest; import org.jboss.resteasy.spi.ResteasyProviderFactory; @@ -30,6 +29,7 @@ import org.keycloak.representations.adapters.action.TestAvailabilityAction; import org.keycloak.services.resource.RealmResourceProvider; import org.keycloak.services.resources.RealmsResource; import org.keycloak.testsuite.rest.resource.TestingOIDCEndpointsApplicationResource; +import org.keycloak.utils.MediaType; import javax.ws.rs.Consumes; import javax.ws.rs.GET; @@ -38,7 +38,6 @@ import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; -import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; @@ -69,21 +68,21 @@ public class TestApplicationResourceProvider implements RealmResourceProvider { } @POST - @Consumes(MediaType.TEXT_PLAIN) + @Consumes(MediaType.TEXT_PLAIN_UTF_8) @Path("/admin/k_logout") public void adminLogout(String data) throws JWSInputException { adminLogoutActions.add(new JWSInput(data).readJsonContent(LogoutAction.class)); } @POST - @Consumes(MediaType.TEXT_PLAIN) + @Consumes(MediaType.TEXT_PLAIN_UTF_8) @Path("/admin/k_push_not_before") public void adminPushNotBefore(String data) throws JWSInputException { adminPushNotBeforeActions.add(new JWSInput(data).readJsonContent(PushNotBeforeAction.class)); } @POST - @Consumes(MediaType.TEXT_PLAIN) + @Consumes(MediaType.TEXT_PLAIN_UTF_8) @Path("/admin/k_test_available") public void testAvailable(String data) throws JWSInputException { adminTestAvailabilityAction.add(new JWSInput(data).readJsonContent(TestAvailabilityAction.class)); @@ -119,7 +118,7 @@ public class TestApplicationResourceProvider implements RealmResourceProvider { } @POST - @Produces(MediaType.TEXT_HTML) + @Produces(MediaType.TEXT_HTML_UTF_8) @Path("/{action}") public String post(@PathParam("action") String action) { String title = "APP_REQUEST"; @@ -148,7 +147,7 @@ public class TestApplicationResourceProvider implements RealmResourceProvider { } @GET - @Produces(MediaType.TEXT_HTML) + @Produces(MediaType.TEXT_HTML_UTF_8) @Path("/{action}") public String get(@PathParam("action") String action) { //String requestUri = session.getContext().getUri().getRequestUri().toString(); @@ -171,7 +170,7 @@ public class TestApplicationResourceProvider implements RealmResourceProvider { @GET @NoCache - @Produces(MediaType.TEXT_HTML) + @Produces(MediaType.TEXT_HTML_UTF_8) @Path("/get-account-profile") public String getAccountProfile(@QueryParam("token") String token, @QueryParam("account-uri") String accountUri) { StringBuilder sb = new StringBuilder(); diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestCacheResource.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestCacheResource.java index 9847b27dcb8..964e80da8b9 100644 --- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestCacheResource.java +++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestCacheResource.java @@ -27,18 +27,17 @@ import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; -import javax.ws.rs.core.MediaType; import org.infinispan.Cache; import org.infinispan.client.hotrod.RemoteCache; import org.infinispan.remoting.transport.Transport; -import org.infinispan.remoting.transport.jgroups.JGroupsTransport; import org.jgroups.JChannel; import org.keycloak.connections.infinispan.InfinispanConnectionProvider; import org.keycloak.models.KeycloakSession; import org.keycloak.models.sessions.infinispan.entities.UserSessionEntity; import org.keycloak.models.sessions.infinispan.util.InfinispanUtil; import org.keycloak.testsuite.rest.representation.JGroupsStats; +import org.keycloak.utils.MediaType; /** * @author Marek Posolda @@ -82,7 +81,7 @@ public class TestCacheResource { @GET @Path("/clear") - @Consumes(MediaType.TEXT_PLAIN) + @Consumes(MediaType.TEXT_PLAIN_UTF_8) public void clear() { cache.clear(); } diff --git a/testsuite/integration-arquillian/servers/auth-server/undertow/pom.xml b/testsuite/integration-arquillian/servers/auth-server/undertow/pom.xml index ba495704caf..26c82a191c3 100644 --- a/testsuite/integration-arquillian/servers/auth-server/undertow/pom.xml +++ b/testsuite/integration-arquillian/servers/auth-server/undertow/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-auth-server - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/lb/SimpleUndertowLoadBalancer.java b/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/lb/SimpleUndertowLoadBalancer.java index 1a4b1183cf7..3da888afe3b 100644 --- a/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/lb/SimpleUndertowLoadBalancer.java +++ b/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/lb/SimpleUndertowLoadBalancer.java @@ -195,7 +195,13 @@ public class SimpleUndertowLoadBalancer { @Override protected Host selectHost(HttpServerExchange exchange) { Host host = super.selectHost(exchange); - log.debugf("Selected host: %s, host available: %b", host.getUri().toString(), host.isAvailable()); + + if (host != null) { + log.debugf("Selected host: %s, host available: %b", host.getUri().toString(), host.isAvailable()); + } else { + log.warn("No host available"); + } + exchange.putAttachment(SELECTED_HOST, host); return host; } diff --git a/testsuite/integration-arquillian/servers/cache-server/jboss/common/add-keycloak-caches.xsl b/testsuite/integration-arquillian/servers/cache-server/jboss/common/add-keycloak-caches.xsl index b6fbd2e53c6..9a68ecf0e32 100644 --- a/testsuite/integration-arquillian/servers/cache-server/jboss/common/add-keycloak-caches.xsl +++ b/testsuite/integration-arquillian/servers/cache-server/jboss/common/add-keycloak-caches.xsl @@ -39,6 +39,8 @@ + + @@ -57,6 +59,8 @@ + + diff --git a/testsuite/integration-arquillian/servers/cache-server/jboss/infinispan/pom.xml b/testsuite/integration-arquillian/servers/cache-server/jboss/infinispan/pom.xml index 73735e24ee6..101b173d5ef 100644 --- a/testsuite/integration-arquillian/servers/cache-server/jboss/infinispan/pom.xml +++ b/testsuite/integration-arquillian/servers/cache-server/jboss/infinispan/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-cache-server-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/cache-server/jboss/jdg/pom.xml b/testsuite/integration-arquillian/servers/cache-server/jboss/jdg/pom.xml index 74b792f1501..4aa51e66276 100644 --- a/testsuite/integration-arquillian/servers/cache-server/jboss/jdg/pom.xml +++ b/testsuite/integration-arquillian/servers/cache-server/jboss/jdg/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-cache-server-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/cache-server/jboss/pom.xml b/testsuite/integration-arquillian/servers/cache-server/jboss/pom.xml index 5b0401667fb..588ca92160c 100644 --- a/testsuite/integration-arquillian/servers/cache-server/jboss/pom.xml +++ b/testsuite/integration-arquillian/servers/cache-server/jboss/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers-cache-server - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/cache-server/pom.xml b/testsuite/integration-arquillian/servers/cache-server/pom.xml index 3a739e74330..d4ab528325f 100644 --- a/testsuite/integration-arquillian/servers/cache-server/pom.xml +++ b/testsuite/integration-arquillian/servers/cache-server/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/migration/pom.xml b/testsuite/integration-arquillian/servers/migration/pom.xml index a8fd5ab4fd1..8212c1df30e 100644 --- a/testsuite/integration-arquillian/servers/migration/pom.xml +++ b/testsuite/integration-arquillian/servers/migration/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/pom.xml b/testsuite/integration-arquillian/servers/pom.xml index e7336383a45..c242846f1e9 100644 --- a/testsuite/integration-arquillian/servers/pom.xml +++ b/testsuite/integration-arquillian/servers/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/wildfly-balancer/pom.xml b/testsuite/integration-arquillian/servers/wildfly-balancer/pom.xml index 3a7837903c2..32ad553d4b4 100644 --- a/testsuite/integration-arquillian/servers/wildfly-balancer/pom.xml +++ b/testsuite/integration-arquillian/servers/wildfly-balancer/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-servers - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/servers/wildfly-balancer/src/main/xslt/mod_cluster.xsl b/testsuite/integration-arquillian/servers/wildfly-balancer/src/main/xslt/mod_cluster.xsl index 18853541e0a..f1be82ac117 100644 --- a/testsuite/integration-arquillian/servers/wildfly-balancer/src/main/xslt/mod_cluster.xsl +++ b/testsuite/integration-arquillian/servers/wildfly-balancer/src/main/xslt/mod_cluster.xsl @@ -40,7 +40,7 @@ - + org.keycloak.testsuite integration-arquillian-test-apps - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT keycloak-test-app-profile-jee diff --git a/testsuite/integration-arquillian/test-apps/cors/angular-product/pom.xml b/testsuite/integration-arquillian/test-apps/cors/angular-product/pom.xml index adceab14532..47b903355ea 100755 --- a/testsuite/integration-arquillian/test-apps/cors/angular-product/pom.xml +++ b/testsuite/integration-arquillian/test-apps/cors/angular-product/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-test-apps-cors-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/test-apps/cors/database-service/pom.xml b/testsuite/integration-arquillian/test-apps/cors/database-service/pom.xml index d4b2e4e03b5..acb8ebf9f9d 100755 --- a/testsuite/integration-arquillian/test-apps/cors/database-service/pom.xml +++ b/testsuite/integration-arquillian/test-apps/cors/database-service/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-test-apps-cors-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/test-apps/cors/pom.xml b/testsuite/integration-arquillian/test-apps/cors/pom.xml index 052505c95a5..f73f2b8af5d 100644 --- a/testsuite/integration-arquillian/test-apps/cors/pom.xml +++ b/testsuite/integration-arquillian/test-apps/cors/pom.xml @@ -5,7 +5,7 @@ integration-arquillian-test-apps org.keycloak.testsuite - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/test-apps/hello-world-authz-service/pom.xml b/testsuite/integration-arquillian/test-apps/hello-world-authz-service/pom.xml index ccddbb22165..448ff83b3af 100755 --- a/testsuite/integration-arquillian/test-apps/hello-world-authz-service/pom.xml +++ b/testsuite/integration-arquillian/test-apps/hello-world-authz-service/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-test-apps - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT hello-world-authz-service diff --git a/testsuite/integration-arquillian/test-apps/js-console/pom.xml b/testsuite/integration-arquillian/test-apps/js-console/pom.xml index 43e0bc35bf3..f5615796731 100755 --- a/testsuite/integration-arquillian/test-apps/js-console/pom.xml +++ b/testsuite/integration-arquillian/test-apps/js-console/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-test-apps - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/test-apps/js-database/pom.xml b/testsuite/integration-arquillian/test-apps/js-database/pom.xml index 729524ad627..1e56d7f75d5 100644 --- a/testsuite/integration-arquillian/test-apps/js-database/pom.xml +++ b/testsuite/integration-arquillian/test-apps/js-database/pom.xml @@ -5,7 +5,7 @@ integration-arquillian-test-apps org.keycloak.testsuite - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/test-apps/photoz/photoz-authz-policy/pom.xml b/testsuite/integration-arquillian/test-apps/photoz/photoz-authz-policy/pom.xml index bb401d2a78f..04f2a61a85f 100755 --- a/testsuite/integration-arquillian/test-apps/photoz/photoz-authz-policy/pom.xml +++ b/testsuite/integration-arquillian/test-apps/photoz/photoz-authz-policy/pom.xml @@ -6,7 +6,7 @@ org.keycloak.testsuite integration-arquillian-test-apps-photoz-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/testsuite/integration-arquillian/test-apps/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.admin/Main.drl b/testsuite/integration-arquillian/test-apps/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.admin/Main.drl index deb1c84757f..c807f9b7ab0 100644 --- a/testsuite/integration-arquillian/test-apps/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.admin/Main.drl +++ b/testsuite/integration-arquillian/test-apps/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.admin/Main.drl @@ -7,7 +7,7 @@ rule "Authorize Admin Resources" when $evaluation : Evaluation( $identity : context.identity, - $identity.hasRole("admin") + $identity.hasRealmRole("admin") ) then $evaluation.grant(); diff --git a/testsuite/integration-arquillian/test-apps/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.user/Main.drl b/testsuite/integration-arquillian/test-apps/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.user/Main.drl index 9b1677edca9..2ebc457ea46 100644 --- a/testsuite/integration-arquillian/test-apps/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.user/Main.drl +++ b/testsuite/integration-arquillian/test-apps/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.user/Main.drl @@ -7,7 +7,7 @@ rule "Authorize View User Album" when $evaluation : Evaluation( $identity : context.identity, - $identity.hasRole("user") + $identity.hasRealmRole("user") ) then $evaluation.grant(); diff --git a/testsuite/integration-arquillian/test-apps/photoz/photoz-html5-client/pom.xml b/testsuite/integration-arquillian/test-apps/photoz/photoz-html5-client/pom.xml index c1f9d2727ff..ce43bdcea08 100755 --- a/testsuite/integration-arquillian/test-apps/photoz/photoz-html5-client/pom.xml +++ b/testsuite/integration-arquillian/test-apps/photoz/photoz-html5-client/pom.xml @@ -5,7 +5,7 @@ org.keycloak.testsuite integration-arquillian-test-apps-photoz-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api-authz-service.json b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api-authz-service.json index ab34c88edf0..ba44208488b 100644 --- a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api-authz-service.json +++ b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api-authz-service.json @@ -118,7 +118,7 @@ "decisionStrategy": "UNANIMOUS", "config": { "applyPolicies": "[]", - "code": "var context = $evaluation.getContext();\nvar identity = context.getIdentity();\nvar attributes = identity.getAttributes();\nvar email = attributes.getValue('email').asString(0);\n\nif (identity.hasRole('admin') || email.endsWith('@keycloak.org')) {\n $evaluation.grant();\n}" + "code": "var context = $evaluation.getContext();\nvar identity = context.getIdentity();\nvar attributes = identity.getAttributes();\nvar email = attributes.getValue('email').asString(0);\n\nif (identity.hasRealmRole('admin') || email.endsWith('@keycloak.org')) {\n $evaluation.grant();\n}" } }, { diff --git a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/pom.xml b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/pom.xml index 0bd38d9340c..87e1dbeb7f3 100755 --- a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/pom.xml +++ b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/pom.xml @@ -6,7 +6,7 @@ org.keycloak.testsuite integration-arquillian-test-apps-photoz-parent - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/testsuite/integration-arquillian/test-apps/photoz/pom.xml b/testsuite/integration-arquillian/test-apps/photoz/pom.xml index 5d5431a40cc..fb512f33e65 100755 --- a/testsuite/integration-arquillian/test-apps/photoz/pom.xml +++ b/testsuite/integration-arquillian/test-apps/photoz/pom.xml @@ -6,7 +6,7 @@ org.keycloak.testsuite integration-arquillian-test-apps - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-test-apps-photoz-parent diff --git a/testsuite/integration-arquillian/test-apps/pom.xml b/testsuite/integration-arquillian/test-apps/pom.xml index 1afac477af2..ca4f1ef6edf 100644 --- a/testsuite/integration-arquillian/test-apps/pom.xml +++ b/testsuite/integration-arquillian/test-apps/pom.xml @@ -5,7 +5,7 @@ integration-arquillian org.keycloak.testsuite - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/test-apps/servlet-authz/pom.xml b/testsuite/integration-arquillian/test-apps/servlet-authz/pom.xml index adeb787049e..b9c28f9e31f 100755 --- a/testsuite/integration-arquillian/test-apps/servlet-authz/pom.xml +++ b/testsuite/integration-arquillian/test-apps/servlet-authz/pom.xml @@ -6,7 +6,7 @@ org.keycloak.testsuite integration-arquillian-test-apps - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT servlet-authz-app diff --git a/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/pom.xml b/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/pom.xml index 2dfa42d6aaa..00de1686239 100755 --- a/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/pom.xml +++ b/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-test-apps - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT servlet-policy-enforcer diff --git a/testsuite/integration-arquillian/test-apps/servlets/pom.xml b/testsuite/integration-arquillian/test-apps/servlets/pom.xml index ed876dbcbfb..5b3af57c229 100644 --- a/testsuite/integration-arquillian/test-apps/servlets/pom.xml +++ b/testsuite/integration-arquillian/test-apps/servlets/pom.xml @@ -5,7 +5,7 @@ integration-arquillian-test-apps org.keycloak.testsuite - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/LinkAndExchangeServlet.java b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/LinkAndExchangeServlet.java new file mode 100644 index 00000000000..65a945e7fb6 --- /dev/null +++ b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/LinkAndExchangeServlet.java @@ -0,0 +1,176 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.testsuite.adapter.servlet; + +import org.junit.Assert; +import org.keycloak.KeycloakSecurityContext; +import org.keycloak.OAuth2Constants; +import org.keycloak.common.util.KeycloakUriBuilder; +import org.keycloak.representations.AccessToken; +import org.keycloak.representations.AccessTokenResponse; +import org.keycloak.util.BasicAuthHelper; +import org.keycloak.util.JsonSerialization; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.ws.rs.core.HttpHeaders; +import java.io.BufferedWriter; +import java.io.IOException; +import java.io.OutputStream; +import java.io.OutputStreamWriter; +import java.io.PrintWriter; +import java.io.UnsupportedEncodingException; +import java.net.HttpURLConnection; +import java.net.URL; +import java.net.URLEncoder; +import java.util.HashMap; +import java.util.Map; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +@WebServlet("/client-linking") +public class LinkAndExchangeServlet extends HttpServlet { + + private String getPostDataString(HashMap params) throws UnsupportedEncodingException{ + StringBuilder result = new StringBuilder(); + boolean first = true; + for(Map.Entry entry : params.entrySet()){ + if (first) + first = false; + else + result.append("&"); + + result.append(URLEncoder.encode(entry.getKey(), "UTF-8")); + result.append("="); + result.append(URLEncoder.encode(entry.getValue(), "UTF-8")); + } + + return result.toString(); + } + + public AccessTokenResponse doTokenExchange(String realm, String token, String requestedIssuer, + String clientId, String clientSecret) throws Exception { + try { + String exchangeUrl = KeycloakUriBuilder.fromUri(ServletTestUtils.getAuthServerUrlBase()) + .path("/auth/realms/{realm}/protocol/openid-connect/token").build(realm).toString(); + + URL url = new URL(exchangeUrl); + HttpURLConnection conn = (HttpURLConnection) url.openConnection(); + conn.setRequestMethod("POST"); + conn.setDoInput(true); + conn.setDoOutput(true); + HashMap parameters = new HashMap<>(); + if (clientSecret != null) { + String authorization = BasicAuthHelper.createHeader(clientId, clientSecret); + conn.setRequestProperty(HttpHeaders.AUTHORIZATION, authorization); + } else { + parameters.put("client_id", clientId); + + } + + parameters.put(OAuth2Constants.GRANT_TYPE, OAuth2Constants.TOKEN_EXCHANGE_GRANT_TYPE); + parameters.put(OAuth2Constants.SUBJECT_TOKEN, token); + parameters.put(OAuth2Constants.SUBJECT_TOKEN_TYPE, OAuth2Constants.ACCESS_TOKEN_TYPE); + parameters.put(OAuth2Constants.REQUESTED_ISSUER, requestedIssuer); + + OutputStream os = conn.getOutputStream(); + BufferedWriter writer = new BufferedWriter( + new OutputStreamWriter(os, "UTF-8")); + writer.write(getPostDataString(parameters)); + + writer.flush(); + writer.close(); + os.close(); + AccessTokenResponse tokenResponse = JsonSerialization.readValue(conn.getInputStream(), AccessTokenResponse.class); + conn.getInputStream().close(); + return tokenResponse; + } finally { + } + } + + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse resp) throws ServletException, IOException { + resp.setHeader("Cache-Control", "no-cache"); + if (request.getRequestURI().endsWith("/link") && request.getParameter("response") == null) { + String provider = request.getParameter("provider"); + String realm = request.getParameter("realm"); + KeycloakSecurityContext session = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName()); + AccessToken token = session.getToken(); + String tokenString = session.getTokenString(); + + String clientId = token.getAudience()[0]; + String linkUrl = null; + try { + AccessTokenResponse response = doTokenExchange(realm, tokenString, provider, clientId, "password"); + String error = (String)response.getOtherClaims().get("error"); + if (error != null) { + System.out.println("*** error : " + error); + System.out.println("*** link-url: " + response.getOtherClaims().get("account-link-url")); + linkUrl = (String)response.getOtherClaims().get("account-link-url"); + } else { + Assert.assertNotNull(response.getToken()); + resp.setStatus(200); + resp.setContentType("text/html"); + PrintWriter pw = resp.getWriter(); + pw.printf("%s", "Client Linking"); + pw.println("Account Linked"); + pw.print(""); + pw.flush(); + return; + } + } catch (Exception e) { + throw new RuntimeException(e); + } + + String redirectUri = KeycloakUriBuilder.fromUri(request.getRequestURL().toString()) + .replaceQuery(null) + .queryParam("response", "true").build().toString(); + String accountLinkUrl = KeycloakUriBuilder.fromUri(linkUrl) + .queryParam("redirect_uri", redirectUri).build().toString(); + resp.setStatus(302); + resp.setHeader("Location", accountLinkUrl); + } else if (request.getRequestURI().endsWith("/link") && request.getParameter("response") != null) { + resp.setStatus(200); + resp.setContentType("text/html"); + PrintWriter pw = resp.getWriter(); + pw.printf("%s", "Client Linking"); + String error = request.getParameter("link_error"); + if (error != null) { + pw.println("Link error: " + error); + } else { + pw.println("Account Linked"); + } + pw.print(""); + pw.flush(); + } else { + resp.setStatus(200); + resp.setContentType("text/html"); + PrintWriter pw = resp.getWriter(); + pw.printf("%s", "Client Linking"); + pw.println("Unknown request: " + request.getRequestURL().toString()); + pw.print(""); + pw.flush(); + + } + + } +} diff --git a/testsuite/integration-arquillian/test-apps/test-apps-dist/pom.xml b/testsuite/integration-arquillian/test-apps/test-apps-dist/pom.xml index 4268d88bd1b..fd176b7c7d1 100644 --- a/testsuite/integration-arquillian/test-apps/test-apps-dist/pom.xml +++ b/testsuite/integration-arquillian/test-apps/test-apps-dist/pom.xml @@ -5,7 +5,7 @@ integration-arquillian-test-apps org.keycloak.testsuite - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/tests/base/pom.xml b/testsuite/integration-arquillian/tests/base/pom.xml index b2c06ad85d0..bd7b3d7aa31 100644 --- a/testsuite/integration-arquillian/tests/base/pom.xml +++ b/testsuite/integration-arquillian/tests/base/pom.xml @@ -21,7 +21,7 @@ org.keycloak.testsuite integration-arquillian-tests - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/BasicAuthExample.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/BasicAuthExample.java deleted file mode 100644 index 09774b69d0b..00000000000 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/BasicAuthExample.java +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.adapter.page; - -import org.jboss.arquillian.container.test.api.OperateOnDeployment; -import org.jboss.arquillian.test.api.ArquillianResource; -import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl; - -import javax.ws.rs.core.UriBuilder; -import java.net.URL; - -/** - * - * @author tkyjovsk - */ -public class BasicAuthExample extends AbstractPageWithInjectedUrl { - - public static final String DEPLOYMENT_NAME = "basic-auth-example"; - - @ArquillianResource - @OperateOnDeployment(DEPLOYMENT_NAME) - private URL url; - - @Override - public URL getInjectedUrl() { - //EAP6 URL fix - URL fixedUrl = createInjectedURL("basicauth"); - return fixedUrl != null ? fixedUrl : url; - } - - @Override - public UriBuilder createUriBuilder() { - return super.createUriBuilder() - .userInfo("{user}:{password}") - .path("service/echo") - .queryParam("value", "{value}"); - } - - public BasicAuthExample setTemplateValues(String user, String password, String value) { - setUriParameter("user", user); - setUriParameter("password", password); - setUriParameter("value", value); - return this; - } - -} diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/CustomerPortalExample.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/CustomerPortalExample.java deleted file mode 100644 index 8f02dc609a5..00000000000 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/CustomerPortalExample.java +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.adapter.page; - -import org.jboss.arquillian.container.test.api.OperateOnDeployment; -import org.jboss.arquillian.graphene.findby.FindByJQuery; -import org.jboss.arquillian.test.api.ArquillianResource; -import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl; -import org.openqa.selenium.WebElement; - -import java.net.URL; - -import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement; - -/** - * - * @author tkyjovsk - */ -public class CustomerPortalExample extends AbstractPageWithInjectedUrl { - - public static final String DEPLOYMENT_NAME = "customer-portal-example"; - - @ArquillianResource - @OperateOnDeployment(DEPLOYMENT_NAME) - private URL url; - - @Override - public URL getInjectedUrl() { - //EAP6 URL fix - URL fixedUrl = createInjectedURL("customer-portal"); - return fixedUrl != null ? fixedUrl : url; - } - - @FindByJQuery("h1:contains('Customer Portal')") - private WebElement title; - - @FindByJQuery("a:contains('Customer Listing')") - private WebElement customerListingLink; - @FindByJQuery("h1:contains('Customer Listing')") - private WebElement customerListingHeader; - - @FindByJQuery("h1:contains('Customer Session')") - private WebElement customerSessionHeader; - - @FindByJQuery("a:contains('Customer Admin Interface')") - private WebElement customerAdminInterfaceLink; - - @FindByJQuery("a:contains('Customer Session')") - private WebElement customerSessionLink; - - @FindByJQuery("a:contains('products')") - private WebElement productsLink; - - @FindByJQuery("a:contains('logout')") - private WebElement logOutButton; - - public void goToProducts() { - productsLink.click(); - } - - public void customerListing() { - customerListingLink.click(); - } - - public void customerAdminInterface() { - customerAdminInterfaceLink.click(); - } - - public void customerSession() { - waitUntilElement(customerSessionLink).is().present(); - customerSessionLink.click(); - } - - public void logOut() { - logOutButton.click(); - } - - public void waitForCustomerListingHeader() { - waitUntilElement(customerListingHeader).is().not().present(); - } - - public void waitForCustomerSessionHeader() { - waitUntilElement(customerSessionHeader).is().not().present(); - } - -} diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/MultiTenantExample.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/MultiTenantExample.java deleted file mode 100644 index 7cff7140d44..00000000000 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/MultiTenantExample.java +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.adapter.page; - -import org.jboss.arquillian.container.test.api.OperateOnDeployment; -import org.jboss.arquillian.test.api.ArquillianResource; -import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl; - -import javax.ws.rs.core.UriBuilder; -import java.net.MalformedURLException; -import java.net.URL; - -/** - * - * @author tkyjovsk - */ -public class MultiTenantExample extends AbstractPageWithInjectedUrl { - - public static final String DEPLOYMENT_NAME = "multi-tenant-example"; - - @ArquillianResource - @OperateOnDeployment(DEPLOYMENT_NAME) - private URL url; - - @Override - public URL getInjectedUrl() { - return url; - } - - @Override - public UriBuilder createUriBuilder() { - return super.createUriBuilder().path("{tenantRealm}"); - } - - public URL getTenantRealmUrl(String realm) { - try { - return getUriBuilder().build(realm).toURL(); - } catch (MalformedURLException ex) { - throw new IllegalStateException("Page URL is malformed."); - } - } - - public void navigateToRealm(String realm) { - URL u = getTenantRealmUrl(realm); - log.info("navigate to "+u.toExternalForm()); - driver.navigate().to(u.toExternalForm()); - } - -} diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/PhotozClientAuthzTestApp.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/PhotozClientAuthzTestApp.java index 4d11f937474..32cc58f0d36 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/PhotozClientAuthzTestApp.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/PhotozClientAuthzTestApp.java @@ -93,9 +93,9 @@ public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl { } public void navigateToAdminAlbum() { - URLUtils.navigateToUri(driver, toString() + "/#/admin/album", true); + URLUtils.navigateToUri(toString() + "/#/admin/album", true); driver.navigate().refresh(); // This is sometimes necessary for loading the new policy settings - waitForPageToLoad(driver); + waitForPageToLoad(); pause(WAIT_AFTER_OPERATION); } @@ -136,7 +136,7 @@ public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl { scopesValue.append(scope); } - URLUtils.navigateToUri(driver, this.driver.getCurrentUrl() + " " + scopesValue, true); + URLUtils.navigateToUri(this.driver.getCurrentUrl() + " " + scopesValue, true); } this.loginPage.form().login(username, password); @@ -155,7 +155,7 @@ public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl { public void viewAlbum(String name) throws InterruptedException { this.driver.findElement(By.xpath("//a[text() = '" + name + "']")).click(); - waitForPageToLoad(driver); + waitForPageToLoad(); driver.navigate().refresh(); // This is sometimes necessary for loading the new policy settings pause(WAIT_AFTER_OPERATION); } @@ -172,6 +172,6 @@ public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl { @Override public boolean isCurrent() { - return URLUtils.currentUrlStartWith(driver, toString()); + return URLUtils.currentUrlStartWith(toString()); } } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/ProductPortalExample.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/ProductPortalExample.java deleted file mode 100644 index 81c8b0a0cb6..00000000000 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/ProductPortalExample.java +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.adapter.page; - -import org.jboss.arquillian.container.test.api.OperateOnDeployment; -import org.jboss.arquillian.graphene.findby.FindByJQuery; -import org.jboss.arquillian.test.api.ArquillianResource; -import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl; -import org.openqa.selenium.WebElement; - -import java.net.URL; - -import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement; - -/** - * - * @author tkyjovsk - */ -public class ProductPortalExample extends AbstractPageWithInjectedUrl { - - public static final String DEPLOYMENT_NAME = "product-portal-example"; - - @ArquillianResource - @OperateOnDeployment(DEPLOYMENT_NAME) - private URL url; - - @Override - public URL getInjectedUrl() { - //EAP6 URL fix - URL fixedUrl = createInjectedURL("product-portal"); - return fixedUrl != null ? fixedUrl : url; - } - - @FindByJQuery("h1:contains('Product Portal')") - private WebElement title; - - @FindByJQuery("a:contains('Product Listing')") - private WebElement productListingLink; - @FindByJQuery("h1:contains('Product Listing')") - private WebElement productListingHeader; - - @FindByJQuery("a:contains('customers')") - private WebElement customersLink; - - @FindByJQuery("a:contains('logout')") - private WebElement logOutButton; - - public void productListing() { - productListingLink.click(); - } - - public void goToCustomers() { - customersLink.click(); - } - - public void waitForProductListingHeader() { - waitUntilElement(productListingHeader).is().not().present(); - } - - public void logOut() { - logOutButton.click(); - } - - -} diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLPostEncExample.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLPostEncExample.java deleted file mode 100644 index 6772ea9d904..00000000000 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLPostEncExample.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.adapter.page; - -import org.jboss.arquillian.container.test.api.OperateOnDeployment; -import org.jboss.arquillian.test.api.ArquillianResource; -import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl; -import org.openqa.selenium.WebElement; -import org.openqa.selenium.support.FindBy; - -import java.net.URL; - -/** - * @author mhajas - */ -public class SAMLPostEncExample extends AbstractPageWithInjectedUrl { - public static final String DEPLOYMENT_NAME = "saml-post-encryption"; - - @ArquillianResource - @OperateOnDeployment(DEPLOYMENT_NAME) - private URL url; - - @FindBy(tagName = "a") - WebElement logoutButton; - - @Override - public URL getInjectedUrl() { - //EAP6 URL fix - URL fixedUrl = createInjectedURL("sales-post-enc"); - return fixedUrl != null ? fixedUrl : url; - } - - public void logout() { - logoutButton.click(); - } -} diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLPostSigExample.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLPostSigExample.java deleted file mode 100644 index 7105bd1a64d..00000000000 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLPostSigExample.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.adapter.page; - -import org.jboss.arquillian.container.test.api.OperateOnDeployment; -import org.jboss.arquillian.test.api.ArquillianResource; -import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl; -import org.openqa.selenium.WebElement; -import org.openqa.selenium.support.FindBy; - -import java.net.URL; - -/** - * @author mhajas - */ -public class SAMLPostSigExample extends AbstractPageWithInjectedUrl { - public static final String DEPLOYMENT_NAME = "sales-post-sig"; - - @ArquillianResource - @OperateOnDeployment(DEPLOYMENT_NAME) - private URL url; - - @FindBy(tagName = "a") - WebElement logoutButton; - - @Override - public URL getInjectedUrl() { - //EAP6 URL fix - URL fixedUrl = createInjectedURL("sales-post-sig"); - return fixedUrl != null ? fixedUrl : url; - } - - public void logout() { - logoutButton.click(); - } -} diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLRedirectSigExample.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLRedirectSigExample.java deleted file mode 100644 index 78e1316a330..00000000000 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLRedirectSigExample.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.adapter.page; - -import org.jboss.arquillian.container.test.api.OperateOnDeployment; -import org.jboss.arquillian.test.api.ArquillianResource; -import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl; -import org.openqa.selenium.WebElement; -import org.openqa.selenium.support.FindBy; - -import java.net.URL; - -/** - * @author mhajas - */ -public class SAMLRedirectSigExample extends AbstractPageWithInjectedUrl { - public static final String DEPLOYMENT_NAME = "saml-redirect-signatures"; - - @ArquillianResource - @OperateOnDeployment(DEPLOYMENT_NAME) - private URL url; - - @FindBy(tagName = "a") - WebElement logoutButton; - - @Override - public URL getInjectedUrl() { - //EAP6 URL fix - URL fixedUrl = createInjectedURL("employee-sig"); - return fixedUrl != null ? fixedUrl : url; - } - - public void logout() { - logoutButton.click(); - } -} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java index 085c2dec5c6..f03a81d1269 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java @@ -54,7 +54,7 @@ import javax.ws.rs.NotFoundException; */ public class AuthServerTestEnricher { - protected final Logger log = Logger.getLogger(this.getClass()); + protected static final Logger log = Logger.getLogger(AuthServerTestEnricher.class); @Inject private Instance containerRegistry; @@ -84,6 +84,10 @@ public class AuthServerTestEnricher { private static final Boolean START_MIGRATION_CONTAINER = "auto".equals(System.getProperty("migration.mode")) || "manual".equals(System.getProperty("migration.mode")); + // In manual mode are all containers despite loadbalancers started in mode "manual" and nothing is managed through "suite". + // Useful for tests, which require restart servers etc. + private static final String MANUAL_MODE = "manual.mode"; + @Inject @SuiteScoped private InstanceProducer suiteContextProducer; @@ -118,6 +122,9 @@ public class AuthServerTestEnricher { .map(ContainerInfo::new) .collect(Collectors.toSet()); + // A way to specify that containers should be in mode "manual" rather then "suite" + checkManualMode(containers); + suiteContext = new SuiteContext(containers); if (AUTH_SERVER_CROSS_DC) { @@ -148,6 +155,15 @@ public class AuthServerTestEnricher { suiteContext.addAuthServerBackendsInfo(Integer.valueOf(dcString), c); }); + containers.stream() + .filter(c -> c.getQualifier().startsWith("cache-server-cross-dc-")) + .sorted((a, b) -> a.getQualifier().compareTo(b.getQualifier())) + .forEach(containerInfo -> { + int prefixSize = "cache-server-cross-dc-".length(); + int dcIndex = Integer.parseInt(containerInfo.getQualifier().substring(prefixSize)) -1; + suiteContext.addCacheServerInfo(dcIndex, containerInfo); + }); + if (suiteContext.getDcAuthServerInfo().isEmpty()) { throw new RuntimeException(String.format("No auth server container matching '%s' found in arquillian.xml.", AUTH_SERVER_BACKEND)); } @@ -157,6 +173,10 @@ public class AuthServerTestEnricher { if (suiteContext.getDcAuthServerBackendsInfo().stream().anyMatch(List::isEmpty)) { throw new RuntimeException(String.format("Some data center has no auth server container matching '%s' defined in arquillian.xml.", AUTH_SERVER_BACKEND)); } + boolean cacheServerLifecycleSkip = Boolean.parseBoolean(System.getProperty("cache.server.lifecycle.skip")); + if (suiteContext.getCacheServersInfo().isEmpty() && !cacheServerLifecycleSkip) { + throw new IllegalStateException("Cache containers misconfiguration"); + } log.info("Using frontend containers: " + this.suiteContext.getDcAuthServerInfo().stream() .map(ContainerInfo::getQualifier) @@ -270,10 +290,23 @@ public class AuthServerTestEnricher { public void afterClass(@Observes(precedence = 2) AfterClass event) { TestContext testContext = testContextProducer.get(); - List testRealmReps = testContext.getTestRealmReps(); Keycloak adminClient = testContext.getAdminClient(); KeycloakTestingClient testingClient = testContext.getTestingClient(); + removeTestRealms(testContext, adminClient); + + if (adminClient != null) { + adminClient.close(); + } + + if (testingClient != null) { + testingClient.close(); + } + } + + + public static void removeTestRealms(TestContext testContext, Keycloak adminClient) { + List testRealmReps = testContext.getTestRealmReps(); if (testRealmReps != null) { log.info("removing test realms after test class"); for (RealmRepresentation testRealm : testRealmReps) { @@ -286,13 +319,20 @@ public class AuthServerTestEnricher { } } } + } - if (adminClient != null) { - adminClient.close(); - } - if (testingClient != null) { - testingClient.close(); + private void checkManualMode(Set containers) { + String manualMode = System.getProperty(MANUAL_MODE); + + if (Boolean.parseBoolean(manualMode)) { + + containers.stream() + .filter(containerInfo -> !containerInfo.getQualifier().contains("balancer")) + .forEach(containerInfo -> { + log.infof("Container '%s' will be in manual mode", containerInfo.getQualifier()); + containerInfo.getArquillianContainer().getContainerConfiguration().setMode("manual"); + }); } } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentTargetModifier.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentTargetModifier.java index e3950d3306a..f7fc8cfc065 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentTargetModifier.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentTargetModifier.java @@ -25,6 +25,7 @@ import org.jboss.logging.Logger; import java.util.List; +import java.util.Objects; import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.getAppServerQualifier; /** @@ -51,9 +52,15 @@ public class DeploymentTargetModifier extends AnnotationDeploymentScenarioGenera if (appServerQualifier != null && !appServerQualifier.isEmpty()) { for (DeploymentDescription deployment : deployments) { - if (deployment.getTarget() == null || !deployment.getTarget().getName().startsWith(appServerQualifier)) { + final boolean containerMatches = deployment.getTarget() != null && deployment.getTarget().getName().startsWith(appServerQualifier); + + if (deployment.getTarget() == null || Objects.equals(deployment.getTarget().getName(), "_DEFAULT_")) { log.debug("Setting target container for " + deployment.getName() + ": " + appServerQualifier); deployment.setTarget(new TargetDescription(appServerQualifier)); + } else if (! containerMatches) { + throw new RuntimeException("Inconsistency found: target container for " + deployment.getName() + + " is set to " + deployment.getTarget().getName() + + " but the test class targets " + appServerQualifier); } } } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KeycloakArquillianExtension.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KeycloakArquillianExtension.java index 33dc8c21401..4671ccb257b 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KeycloakArquillianExtension.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KeycloakArquillianExtension.java @@ -17,18 +17,17 @@ package org.keycloak.testsuite.arquillian; -import org.jboss.arquillian.container.spi.client.container.DeployableContainer; import org.jboss.arquillian.container.osgi.OSGiApplicationArchiveProcessor; +import org.jboss.arquillian.container.spi.client.container.DeployableContainer; import org.jboss.arquillian.container.test.impl.enricher.resource.URLResourceProvider; import org.jboss.arquillian.container.test.spi.client.deployment.ApplicationArchiveProcessor; import org.jboss.arquillian.container.test.spi.client.deployment.DeploymentScenarioGenerator; import org.jboss.arquillian.core.spi.LoadableExtension; import org.jboss.arquillian.drone.spi.Configurator; -import org.jboss.arquillian.drone.spi.Instantiator; -import org.jboss.arquillian.drone.webdriver.factory.HtmlUnitDriverFactory; import org.jboss.arquillian.drone.webdriver.factory.WebDriverFactory; import org.jboss.arquillian.graphene.location.ContainerCustomizableURLResourceProvider; import org.jboss.arquillian.graphene.location.CustomizableURLResourceProvider; +import org.jboss.arquillian.test.spi.TestEnricher; import org.jboss.arquillian.test.spi.enricher.resource.ResourceProvider; import org.jboss.arquillian.test.spi.execution.TestExecutionDecider; import org.keycloak.testsuite.arquillian.h2.H2TestEnricher; @@ -43,9 +42,7 @@ import org.keycloak.testsuite.arquillian.provider.TestContextProvider; import org.keycloak.testsuite.arquillian.provider.URLProvider; import org.keycloak.testsuite.drone.HtmlUnitScreenshots; import org.keycloak.testsuite.drone.KeycloakDronePostSetup; -import org.keycloak.testsuite.drone.KeycloakHtmlUnitInstantiator; import org.keycloak.testsuite.drone.KeycloakWebDriverConfigurator; -import org.jboss.arquillian.test.spi.TestEnricher; /** * @@ -83,7 +80,6 @@ public class KeycloakArquillianExtension implements LoadableExtension { builder .override(Configurator.class, WebDriverFactory.class, KeycloakWebDriverConfigurator.class) - .override(Instantiator.class, HtmlUnitDriverFactory.class, KeycloakHtmlUnitInstantiator.class) .observer(HtmlUnitScreenshots.class) .observer(KeycloakDronePostSetup.class); diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/SuiteContext.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/SuiteContext.java index 8a6d3009484..bc4b09c84a0 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/SuiteContext.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/SuiteContext.java @@ -40,6 +40,8 @@ public final class SuiteContext { private List authServerInfo = new LinkedList<>(); private final List> authServerBackendsInfo = new ArrayList<>(); + private final List cacheServersInfo = new ArrayList<>(); + private ContainerInfo migratedAuthServerInfo; private final MigrationContext migrationContext = new MigrationContext(); @@ -96,6 +98,13 @@ public final class SuiteContext { this.authServerInfo.set(dcIndex, serverInfo); } + public void addCacheServerInfo(int dcIndex, ContainerInfo serverInfo) { + while (dcIndex >= cacheServersInfo.size()) { + cacheServersInfo.add(null); + } + this.cacheServersInfo.set(dcIndex, serverInfo); + } + public List getAuthServerBackendsInfo() { return getAuthServerBackendsInfo(0); } @@ -108,6 +117,10 @@ public final class SuiteContext { return authServerBackendsInfo; } + public List getCacheServersInfo() { + return cacheServersInfo; + } + public void addAuthServerBackendsInfo(int dcIndex, ContainerInfo container) { while (dcIndex >= authServerBackendsInfo.size()) { authServerBackendsInfo.add(new LinkedList<>()); @@ -161,6 +174,10 @@ public final class SuiteContext { int dcIndex = i; getDcAuthServerBackendsInfo().get(i).forEach(bInfo -> sb.append("Backend (dc=").append(dcIndex).append("): ").append(bInfo).append("\n")); } + + for (int dcIndex=0 ; dcIndexStian Thorgersen @@ -56,7 +54,7 @@ public interface TestApplicationResource { void clearAdminActions(); @GET - @Produces(MediaType.TEXT_HTML) + @Produces(MediaType.TEXT_HTML_UTF_8) @Path("/get-account-profile") String getAccountProfile(@QueryParam("token") String token, @QueryParam("account-uri") String accountUri); diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingCacheResource.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingCacheResource.java index e1aee2a374b..1c362ea3a10 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingCacheResource.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingCacheResource.java @@ -17,18 +17,16 @@ package org.keycloak.testsuite.client.resources; -import java.util.Map; -import java.util.Set; +import org.keycloak.testsuite.rest.representation.JGroupsStats; +import org.keycloak.testsuite.rest.representation.RemoteCacheStats; +import org.keycloak.utils.MediaType; import javax.ws.rs.Consumes; import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; -import javax.ws.rs.core.MediaType; - -import org.keycloak.testsuite.rest.representation.JGroupsStats; -import org.keycloak.testsuite.rest.representation.RemoteCacheStats; +import java.util.Set; /** * @author Marek Posolda @@ -55,7 +53,7 @@ public interface TestingCacheResource { @GET @Path("/clear") - @Consumes(MediaType.TEXT_PLAIN) + @Consumes(MediaType.TEXT_PLAIN_UTF_8) void clear(); @GET diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java index 2787c0e82f6..080afcf7691 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java @@ -18,14 +18,13 @@ package org.keycloak.testsuite.client.resources; import org.jboss.resteasy.annotations.cache.NoCache; -import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.representations.idm.AdminEventRepresentation; import org.keycloak.representations.idm.AuthenticationFlowRepresentation; import org.keycloak.representations.idm.EventRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.testsuite.components.TestProvider; import org.keycloak.testsuite.rest.representation.AuthenticatorState; -import org.keycloak.testsuite.rest.resource.TestCacheResource; +import org.keycloak.utils.MediaType; import javax.ws.rs.Consumes; import javax.ws.rs.GET; @@ -35,8 +34,6 @@ import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Response; import java.util.List; import java.util.Map; @@ -259,8 +256,8 @@ public interface TestingResource { @POST @Path("/run-on-server") - @Consumes(MediaType.TEXT_PLAIN) - @Produces(MediaType.TEXT_PLAIN) + @Consumes(MediaType.TEXT_PLAIN_UTF_8) + @Produces(MediaType.TEXT_PLAIN_UTF_8) String runOnServer(String runOnServer); } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/fragment/AbstractMultipleSelect2.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/fragment/AbstractMultipleSelect2.java index 3c4dda8d19d..c29b1603626 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/fragment/AbstractMultipleSelect2.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/fragment/AbstractMultipleSelect2.java @@ -16,22 +16,23 @@ */ package org.keycloak.testsuite.console.page.fragment; +import org.jboss.arquillian.drone.api.annotation.Drone; +import org.jboss.arquillian.graphene.fragment.Root; +import org.openqa.selenium.By; +import org.openqa.selenium.JavascriptExecutor; +import org.openqa.selenium.Keys; +import org.openqa.selenium.WebDriver; +import org.openqa.selenium.WebElement; +import org.openqa.selenium.support.FindBy; + import java.util.HashSet; import java.util.List; import java.util.Set; import java.util.function.BiFunction; import java.util.function.Function; -import org.jboss.arquillian.drone.api.annotation.Drone; -import org.jboss.arquillian.graphene.fragment.Root; -import org.keycloak.testsuite.util.WaitUtils; -import org.openqa.selenium.By; -import org.openqa.selenium.JavascriptExecutor; -import org.openqa.selenium.Keys; -import org.openqa.selenium.WebDriver; -import org.openqa.selenium.WebElement; -import org.openqa.selenium.interactions.Actions; -import org.openqa.selenium.support.FindBy; +import static org.keycloak.testsuite.util.WaitUtils.pause; +import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad; /** * @author Pedro Igor @@ -44,7 +45,7 @@ public abstract class AbstractMultipleSelect2 { @Drone private WebDriver driver; - @FindBy(xpath = ".//input[contains(@class,'select2-input')]") + @FindBy(xpath = "//input[contains(@class,'select2-focused')]") private WebElement search; @FindBy(xpath = "//div[contains(@class,'select2-result-label')]") @@ -76,17 +77,17 @@ public abstract class AbstractMultipleSelect2 { } public void select(R value) { + pause(500); root.click(); - WaitUtils.pause(500); + pause(500); String id = identity().apply(value); - Actions actions = new Actions(driver); - actions.sendKeys(id).perform(); - WaitUtils.pause(500); + search.sendKeys(id); + waitForPageToLoad(); if (result.isEmpty()) { - actions.sendKeys(Keys.ESCAPE).perform(); + search.sendKeys(Keys.ESCAPE); return; } @@ -137,7 +138,7 @@ public abstract class AbstractMultipleSelect2 { WebElement element = selected.findElement(By.xpath(".//a[contains(@class,'select2-search-choice-close')]")); JavascriptExecutor executor = (JavascriptExecutor) driver; executor.executeScript("arguments[0].click();", element); - WaitUtils.pause(500); + pause(500); return true; } return false; diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/fragment/DataTable.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/fragment/DataTable.java index 4f128cd59c7..9906b133a4c 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/fragment/DataTable.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/fragment/DataTable.java @@ -25,6 +25,7 @@ import org.openqa.selenium.support.FindBy; import java.util.List; +import static org.keycloak.testsuite.util.WaitUtils.pause; import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad; import static org.openqa.selenium.By.xpath; @@ -59,12 +60,12 @@ public class DataTable { public void clickHeaderButton(String buttonText) { header.findElement(By.xpath(".//button[text()='" + buttonText + "']")).click(); - waitForPageToLoad(driver); + waitForPageToLoad(); } public void clickHeaderLink(String linkText) { header.findElement(By.linkText(linkText)).click(); - waitForPageToLoad(driver); + waitForPageToLoad(); } public WebElement body() { @@ -72,6 +73,7 @@ public class DataTable { } public List rows() { + pause(500); // wait a bit to ensure the table is no more changing return rows; } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/fragment/Dropdown.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/fragment/Dropdown.java index e5081e6e0ef..6c5d4e1f308 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/fragment/Dropdown.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/fragment/Dropdown.java @@ -6,6 +6,7 @@ import org.openqa.selenium.By; import org.openqa.selenium.WebDriver; import org.openqa.selenium.WebElement; +import static org.keycloak.testsuite.util.URLUtils.navigateToUri; import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement; /** @@ -27,6 +28,6 @@ public class Dropdown { public void selectByText(String text) { waitUntilElement(dropDownRoot).is().present(); WebElement element = dropDownRoot.findElement(By.xpath("./ul/li/a[text()='" + text + "']")); - driver.navigate().to(element.getAttribute("href")); + navigateToUri(element.getAttribute("href"), true); // TODO: move cursor to show the menu and then click the menu item } } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/fragment/ModalDialog.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/fragment/ModalDialog.java index 96397493948..2d3b7f656b9 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/fragment/ModalDialog.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/fragment/ModalDialog.java @@ -52,21 +52,21 @@ public class ModalDialog { private WebElement message; public void ok() { - waitForModalFadeIn(driver); + waitForModalFadeIn(); okButton.click(); - waitForModalFadeOut(driver); + waitForModalFadeOut(); } public void confirmDeletion() { - waitForModalFadeIn(driver); + waitForModalFadeIn(); deleteButton.click(); - waitForModalFadeOut(driver); + waitForModalFadeOut(); } public void cancel() { - waitForModalFadeIn(driver); + waitForModalFadeIn(); cancelButton.click(); - waitForModalFadeOut(driver); + waitForModalFadeOut(); } public void setName(String name) { diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/fragment/OnOffSwitch.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/fragment/OnOffSwitch.java index ccb6817addf..5c57758c9f3 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/fragment/OnOffSwitch.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/fragment/OnOffSwitch.java @@ -17,12 +17,8 @@ package org.keycloak.testsuite.console.page.fragment; import org.jboss.arquillian.graphene.fragment.Root; -import org.jboss.arquillian.test.api.ArquillianResource; -import org.openqa.selenium.By; import org.openqa.selenium.WebElement; -import org.openqa.selenium.interactions.Actions; - -import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement; +import org.openqa.selenium.support.FindBy; /** * @@ -33,26 +29,18 @@ public class OnOffSwitch { @Root private WebElement root; - @ArquillianResource - private Actions actions; + @FindBy(tagName = "input") + private WebElement inputTag; - public OnOffSwitch() { - } - - public OnOffSwitch(WebElement root, Actions actions) { - this.root = root; - this.actions = actions; - } + @FindBy(tagName = "label") + private WebElement labelTag; public boolean isOn() { - waitUntilElement(root).is().present(); - return root.findElement(By.tagName("input")).isSelected(); + return inputTag.isSelected(); } private void click() { - waitUntilElement(root).is().present(); - actions.moveToElement(root.findElement(By.tagName("label"))) - .click().build().perform(); + labelTag.click(); } public void toggle() { diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/drone/HtmlUnitScreenshots.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/drone/HtmlUnitScreenshots.java index 5c6097ef951..1036d9184a1 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/drone/HtmlUnitScreenshots.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/drone/HtmlUnitScreenshots.java @@ -39,7 +39,7 @@ public class HtmlUnitScreenshots { public void configureExtension(@Observes ScreenshooterExtensionConfigured event) { ScreenshooterConfiguration conf = configuration.get(); - if (System.getProperty("browser").equals("htmlUnit")) { + if (System.getProperty("browser", "htmlUnit").equals("htmlUnit")) { conf.setProperty("takeWhenTestFailed", "false"); log.info("Screenshots disabled as htmlUnit is used"); } else { diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/drone/KeycloakHtmlUnitInstantiator.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/drone/KeycloakHtmlUnitInstantiator.java deleted file mode 100644 index d8a275cb83f..00000000000 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/drone/KeycloakHtmlUnitInstantiator.java +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.drone; - -import java.lang.reflect.Method; - -import com.gargoylesoftware.htmlunit.WebClient; -import org.jboss.arquillian.drone.spi.Instantiator; -import org.jboss.arquillian.drone.webdriver.configuration.WebDriverConfiguration; -import org.jboss.arquillian.drone.webdriver.factory.HtmlUnitDriverFactory; -import org.jboss.logging.Logger; -import org.keycloak.common.util.reflections.Reflections; -import org.openqa.selenium.htmlunit.HtmlUnitDriver; - -/** - * @author Marek Posolda - */ -public class KeycloakHtmlUnitInstantiator extends HtmlUnitDriverFactory implements Instantiator { - - protected final Logger log = Logger.getLogger(KeycloakHtmlUnitInstantiator.class); - - @Override - public int getPrecedence() { - return 1; - } - - - @Override - public HtmlUnitDriver createInstance(WebDriverConfiguration configuration) { - HtmlUnitDriver htmlUnitDriver = super.createInstance(configuration); - - // Disable CSS - Method getWebClient = Reflections.findDeclaredMethod(HtmlUnitDriver.class, "getWebClient"); - WebClient webClient = (WebClient) Reflections.invokeMethod(true, getWebClient, htmlUnitDriver); - webClient.getOptions().setCssEnabled(false); - - return htmlUnitDriver; - } - -} diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/AbstractAlert.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/AbstractAlert.java index 59f1021d36c..4778da62da1 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/AbstractAlert.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/AbstractAlert.java @@ -51,7 +51,7 @@ public abstract class AbstractAlert { } protected boolean checkAlertType(String type) { - WaitUtils.waitForPageToLoad(driver); + WaitUtils.waitForPageToLoad(); try { (new WebDriverWait(driver, 1)).until(ExpectedConditions.attributeContains(root, "class", "alert-" + type)); } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/AbstractPage.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/AbstractPage.java index 4d002fc3f00..34daa16138e 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/AbstractPage.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/AbstractPage.java @@ -95,11 +95,11 @@ public abstract class AbstractPage { } public void navigateTo(boolean waitForMatch) { - URLUtils.navigateToUri(driver, buildUri().toASCIIString(), waitForMatch); + URLUtils.navigateToUri(buildUri().toASCIIString(), waitForMatch); } public boolean isCurrent() { - return URLUtils.currentUrlEqual(driver, toString()); + return URLUtils.currentUrlEqual(toString()); } } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/Form.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/Form.java index 6af4998ce90..6eab0c7d19f 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/Form.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/Form.java @@ -47,7 +47,7 @@ public class Form { public void save() { // guardAjax(save).click(); save.click(); - WaitUtils.waitForPageToLoad(driver); + WaitUtils.waitForPageToLoad(); } public void cancel() { diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountPasswordPage.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountPasswordPage.java index 2c98c55e40f..d62806f0b4e 100755 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountPasswordPage.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountPasswordPage.java @@ -16,7 +16,7 @@ */ package org.keycloak.testsuite.pages; -import org.keycloak.services.resources.AccountService; +import org.keycloak.services.resources.account.AccountFormService; import org.openqa.selenium.WebElement; import org.openqa.selenium.support.FindBy; @@ -69,6 +69,6 @@ public class AccountPasswordPage extends AbstractAccountPage { } public String getPath() { - return AccountService.passwordUrl(UriBuilder.fromUri(getAuthServerRoot())).build(this.realmName).toString(); + return AccountFormService.passwordUrl(UriBuilder.fromUri(getAuthServerRoot())).build(this.realmName).toString(); } } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java index 1029e1010a0..6527476e02c 100755 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java @@ -16,7 +16,7 @@ */ package org.keycloak.testsuite.pages; -import org.keycloak.services.resources.AccountService; +import org.keycloak.services.resources.account.AccountFormService; import org.openqa.selenium.WebElement; import org.openqa.selenium.support.FindBy; @@ -40,7 +40,7 @@ public class AccountTotpPage extends AbstractAccountPage { private WebElement removeLink; private String getPath() { - return AccountService.totpUrl(UriBuilder.fromUri(getAuthServerRoot())).build("test").toString(); + return AccountFormService.totpUrl(UriBuilder.fromUri(getAuthServerRoot())).build("test").toString(); } public void configure(String totp) { diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AppServerWelcomePage.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AppServerWelcomePage.java new file mode 100644 index 00000000000..de8bc098a2d --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AppServerWelcomePage.java @@ -0,0 +1,81 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.testsuite.pages; + +import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad; + +import org.jboss.arquillian.graphene.page.Page; +import org.keycloak.testsuite.adapter.page.AppServerContextRoot; +import org.keycloak.testsuite.auth.page.login.OIDCLogin; +import org.keycloak.testsuite.util.URLUtils; +import org.keycloak.testsuite.util.WaitUtils; +import org.openqa.selenium.WebElement; +import org.openqa.selenium.support.FindBy; + +/** + * @author Pedro Igor + */ +public class AppServerWelcomePage extends AppServerContextRoot { + + @Page + protected OIDCLogin loginPage; + + @FindBy(xpath = "//a[text() = 'Access Control']") + private WebElement accessControlLink; + + @FindBy(xpath = "//a[text() = 'Manage user profile']") + private WebElement manageProfileLink; + + @FindBy(xpath = "//div[text() = 'Logout']") + private WebElement logoutLink; + + @Override + public boolean isCurrent() { + return driver.getPageSource().contains("Access Control"); + } + + public void navigateToConsole() { + WaitUtils.pause(2000); + URLUtils.navigateToUri(getInjectedUrl().toString() + "/console", true); + waitForPageToLoad(); + } + + public void login(String username, String password) { + loginPage.form().waitForLoginButtonPresent(); + loginPage.form().login(username, password); + waitForPageToLoad(); + } + + public void navigateToAccessControl() { + accessControlLink.click(); + waitForPageToLoad(); + } + + public void navigateManageProfile() { + manageProfileLink.click(); + waitForPageToLoad(); + } + + public void logout() { + logoutLink.click(); + waitForPageToLoad(); + } + + public boolean isLoginPage() { + return loginPage.isCurrent(); + } +} diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/social/PayPalLoginPage.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/social/PayPalLoginPage.java new file mode 100644 index 00000000000..4f98213c8da --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/social/PayPalLoginPage.java @@ -0,0 +1,52 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.pages.social; + +import org.openqa.selenium.NoSuchElementException; +import org.openqa.selenium.WebElement; +import org.openqa.selenium.support.FindBy; + +/** + * @author Petter Lysne (petterlysne at hotmail dot com) + */ +public class PayPalLoginPage extends AbstractSocialLoginPage { + @FindBy(id = "email") + private WebElement usernameInput; + + @FindBy(id = "password") + private WebElement passwordInput; + + @FindBy(name = "btnLogin") + private WebElement loginButton; + + @FindBy(name = "continueLogin") + private WebElement continueLoginButton; + + @Override + public void login(String user, String password) { + try { + usernameInput.clear(); // to remove pre-filled email + usernameInput.sendKeys(user); + passwordInput.sendKeys(password); + loginButton.click(); + } + catch (NoSuchElementException e) { + continueLoginButton.click(); // already logged in, just need to confirm it + } + } +} diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/DroneUtils.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/DroneUtils.java new file mode 100644 index 00000000000..8efb968fa67 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/DroneUtils.java @@ -0,0 +1,30 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.util; + +import org.jboss.arquillian.graphene.context.GrapheneContext; +import org.openqa.selenium.WebDriver; + +/** + * @author Vaclav Muzikar + */ +public final class DroneUtils { + public static WebDriver getCurrentDriver() { + return GrapheneContext.lastContext().getWebDriver(); + } +} diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java index e577758cedd..07935bc8e59 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java @@ -19,11 +19,11 @@ package org.keycloak.testsuite.util; import org.apache.commons.io.IOUtils; import org.apache.commons.io.output.ByteArrayOutputStream; -import org.apache.http.HttpResponse; import org.apache.http.NameValuePair; import org.apache.http.client.entity.UrlEncodedFormEntity; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.methods.HttpOptions; import org.apache.http.client.methods.HttpPost; import org.apache.http.client.utils.URLEncodedUtils; import org.apache.http.impl.client.CloseableHttpClient; @@ -50,7 +50,6 @@ import org.keycloak.representations.IDToken; import org.keycloak.representations.RefreshToken; import org.keycloak.representations.idm.KeysMetadataRepresentation; import org.keycloak.testsuite.arquillian.AuthServerTestEnricher; -import org.keycloak.testsuite.arquillian.SuiteContext; import org.keycloak.util.BasicAuthHelper; import org.keycloak.util.JsonSerialization; import org.keycloak.util.TokenUtil; @@ -60,7 +59,6 @@ import org.openqa.selenium.WebDriver; import javax.ws.rs.core.UriBuilder; -import java.io.Closeable; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.URI; @@ -204,7 +202,7 @@ public class OAuthClient { } public void fillLoginForm(String username, String password) { - WaitUtils.waitForPageToLoad(driver); + WaitUtils.waitForPageToLoad(); String src = driver.getPageSource(); try { driver.findElement(By.id("username")).sendKeys(username); @@ -251,6 +249,17 @@ public class OAuthClient { return new DefaultHttpClient(); } + public CloseableHttpResponse doPreflightRequest() { + try (CloseableHttpClient client = newCloseableHttpClient()) { + HttpOptions options = new HttpOptions(getAccessTokenUrl()); + options.setHeader("Origin", "http://example.com"); + + return client.execute(options); + } catch (IOException ioe) { + throw new RuntimeException(ioe); + } + } + public AccessTokenResponse doAccessTokenRequest(String code, String password) { try (CloseableHttpClient client = newCloseableHttpClient()) { HttpPost post = new HttpPost(getAccessTokenUrl()); diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java index 06609b1f635..257afc0db0e 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java @@ -51,6 +51,7 @@ import java.io.UnsupportedEncodingException; import java.net.URI; import java.security.PrivateKey; import java.security.PublicKey; +import java.util.Arrays; import java.util.LinkedList; import java.util.List; import java.util.UUID; @@ -280,7 +281,8 @@ public class SamlClient { public static AuthnRequestType createLoginRequestDocument(String issuer, String assertionConsumerURL, URI destination) { try { SAML2Request samlReq = new SAML2Request(); - AuthnRequestType loginReq = samlReq.createAuthnRequestType(UUID.randomUUID().toString(), assertionConsumerURL, destination.toString(), issuer); + AuthnRequestType loginReq = samlReq.createAuthnRequestType(UUID.randomUUID().toString(), assertionConsumerURL, + destination == null ? null : destination.toString(), issuer); return loginReq; } catch (ConfigurationException ex) { @@ -288,6 +290,18 @@ public class SamlClient { } } + public void execute(Step... steps) { + executeAndTransform(resp -> null, Arrays.asList(steps)); + } + + public void execute(List steps) { + executeAndTransform(resp -> null, steps); + } + + public T executeAndTransform(ResultExtractor resultTransformer, Step... steps) { + return executeAndTransform(resultTransformer, Arrays.asList(steps)); + } + public T executeAndTransform(ResultExtractor resultTransformer, List steps) { CloseableHttpResponse currentResponse = null; URI currentUri = URI.create("about:blank"); diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClientBuilder.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClientBuilder.java index 89d309249c5..3879447fb54 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClientBuilder.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClientBuilder.java @@ -33,6 +33,10 @@ import org.keycloak.testsuite.util.saml.IdPInitiatedLoginBuilder; import org.keycloak.testsuite.util.saml.LoginBuilder; import org.keycloak.testsuite.util.saml.ModifySamlResponseStepBuilder; import org.keycloak.testsuite.util.saml.RequiredConsentBuilder; +import org.apache.http.HttpResponse; +import org.apache.http.client.methods.HttpUriRequest; +import org.hamcrest.Matcher; +import org.junit.Assert; import org.w3c.dom.Document; /** @@ -43,6 +47,19 @@ public class SamlClientBuilder { private final List steps = new LinkedList<>(); + /** + * Execute the current steps without any work on the final response. + * @return Client that executed the steps + */ + public SamlClient execute() { + return execute(resp -> {}); + } + + /** + * Execute the current steps and pass the final response to the {@code resultConsumer} for processing. + * @param resultConsumer This function is given the final response + * @return Client that executed the steps + */ public SamlClient execute(Consumer resultConsumer) { final SamlClient samlClient = new SamlClient(); samlClient.executeAndTransform(r -> { @@ -52,6 +69,11 @@ public class SamlClientBuilder { return samlClient; } + /** + * Execute the current steps and pass the final response to the {@code resultTransformer} for processing. + * @param resultTransformer This function is given the final response and processes it into some value + * @return Value returned by {@code resultTransformer} + */ public T executeAndTransform(ResultExtractor resultTransformer) { return new SamlClient().executeAndTransform(resultTransformer, steps); } @@ -60,11 +82,48 @@ public class SamlClientBuilder { return steps; } - public T addStep(T step) { + public T addStepBuilder(T step) { steps.add(step); return step; } + /** + * Adds a single generic step + * @param step + * @return This builder + */ + public SamlClientBuilder addStep(Step step) { + steps.add(step); + return this; + } + + /** + * Adds a single generic step + * @param step + * @return This builder + */ + public SamlClientBuilder addStep(Runnable stepWithNoParameters) { + addStep((client, currentURI, currentResponse, context) -> { + stepWithNoParameters.run(); + return null; + }); + return this; + } + + public SamlClientBuilder assertResponse(Matcher matcher) { + steps.add((client, currentURI, currentResponse, context) -> { + Assert.assertThat(currentResponse, matcher); + return null; + }); + return this; + } + + /** + * When executing the {@link HttpUriRequest} obtained from the previous step, + * do not to follow HTTP redirects but pass the first response immediately + * to the following step. + * @return This builder + */ public SamlClientBuilder doNotFollowRedirects() { this.steps.add(new DoNotFollowRedirectStep()); return this; @@ -80,32 +139,32 @@ public class SamlClientBuilder { /** Creates fresh and issues an AuthnRequest to the SAML endpoint */ public CreateAuthnRequestStepBuilder authnRequest(URI authServerSamlUrl, String issuer, String assertionConsumerURL, Binding requestBinding) { - return addStep(new CreateAuthnRequestStepBuilder(authServerSamlUrl, issuer, assertionConsumerURL, requestBinding, this)); + return addStepBuilder(new CreateAuthnRequestStepBuilder(authServerSamlUrl, issuer, assertionConsumerURL, requestBinding, this)); } /** Issues the given AuthnRequest to the SAML endpoint */ public CreateAuthnRequestStepBuilder authnRequest(URI authServerSamlUrl, Document authnRequestDocument, Binding requestBinding) { - return addStep(new CreateAuthnRequestStepBuilder(authServerSamlUrl, authnRequestDocument, requestBinding, this)); + return addStepBuilder(new CreateAuthnRequestStepBuilder(authServerSamlUrl, authnRequestDocument, requestBinding, this)); } /** Issues the given AuthnRequest to the SAML endpoint */ public CreateLogoutRequestStepBuilder logoutRequest(URI authServerSamlUrl, String issuer, Binding requestBinding) { - return addStep(new CreateLogoutRequestStepBuilder(authServerSamlUrl, issuer, requestBinding, this)); + return addStepBuilder(new CreateLogoutRequestStepBuilder(authServerSamlUrl, issuer, requestBinding, this)); } /** Handles login page */ public LoginBuilder login() { - return addStep(new LoginBuilder(this)); + return addStepBuilder(new LoginBuilder(this)); } /** Starts IdP-initiated flow for the given client */ public IdPInitiatedLoginBuilder idpInitiatedLogin(URI authServerSamlUrl, String clientId) { - return addStep(new IdPInitiatedLoginBuilder(authServerSamlUrl, clientId, this)); + return addStepBuilder(new IdPInitiatedLoginBuilder(authServerSamlUrl, clientId, this)); } /** Handles "Requires consent" page */ public RequiredConsentBuilder consentRequired() { - return addStep(new RequiredConsentBuilder(this)); + return addStepBuilder(new RequiredConsentBuilder(this)); } /** Returns SAML request or response as replied from server. Note that the redirects are disabled for this to work. */ @@ -119,20 +178,16 @@ public class SamlClientBuilder { public ModifySamlResponseStepBuilder processSamlResponse(Binding responseBinding) { return doNotFollowRedirects() - .addStep(new ModifySamlResponseStepBuilder(responseBinding, this)); + .addStepBuilder(new ModifySamlResponseStepBuilder(responseBinding, this)); } public SamlClientBuilder navigateTo(String httpGetUri) { - steps.add((client, currentURI, currentResponse, context) -> { - return new HttpGet(httpGetUri); - }); + steps.add((client, currentURI, currentResponse, context) -> new HttpGet(httpGetUri)); return this; } public SamlClientBuilder navigateTo(URI httpGetUri) { - steps.add((client, currentURI, currentResponse, context) -> { - return new HttpGet(httpGetUri); - }); + steps.add((client, currentURI, currentResponse, context) -> new HttpGet(httpGetUri)); return this; } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/TokenUtil.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/TokenUtil.java new file mode 100644 index 00000000000..a75f5cd7cd8 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/TokenUtil.java @@ -0,0 +1,85 @@ +package org.keycloak.testsuite.util; + +import org.junit.rules.TestRule; +import org.junit.runners.model.Statement; +import org.keycloak.common.util.Time; + +import static org.junit.Assert.fail; + +/** + * Created by st on 22/03/17. + */ +public class TokenUtil implements TestRule { + + private final String username; + private final String password; + private OAuthClient oauth; + + private String refreshToken; + private String token; + private int expires; + + public TokenUtil() { + this("test-user@localhost", "password"); + } + + public TokenUtil(String username, String password) { + this.username = username; + this.password = password; + this.oauth = new OAuthClient(); + this.oauth.init(null, null); + this.oauth.clientId("direct-grant"); + } + + @Override + public Statement apply(final Statement base, org.junit.runner.Description description) { + return new Statement() { + @Override + public void evaluate() throws Throwable { + base.evaluate(); + } + }; + } + + public String getToken() { + if (refreshToken == null) { + load(); + } else if (expires < Time.currentTime()) { + refresh(); + } + return token; + } + + private void load() { + try { + OAuthClient.AccessTokenResponse accessTokenResponse = oauth.doGrantAccessTokenRequest("password", username, password); + if (accessTokenResponse.getStatusCode() != 200) { + fail("Failed to get token: " + accessTokenResponse.getErrorDescription()); + } + + this.refreshToken = accessTokenResponse.getRefreshToken(); + this.token = accessTokenResponse.getAccessToken(); + + expires = Time.currentTime() + accessTokenResponse.getExpiresIn() - 20; + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + private void refresh() { + try { + OAuthClient.AccessTokenResponse accessTokenResponse = oauth.doRefreshTokenRequest(refreshToken, "password"); + if (accessTokenResponse.getStatusCode() != 200) { + fail("Failed to get token: " + accessTokenResponse.getErrorDescription()); + } + + this.refreshToken = accessTokenResponse.getRefreshToken(); + this.token = accessTokenResponse.getAccessToken(); + + expires = Time.currentTime() + accessTokenResponse.getExpiresIn() - 20; + } catch (Exception e) { + throw new RuntimeException(e); + } + } + +} diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UIUtils.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UIUtils.java index ec54244a04d..84cd7c8bfb5 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UIUtils.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UIUtils.java @@ -1,12 +1,14 @@ package org.keycloak.testsuite.util; import org.openqa.selenium.TimeoutException; -import org.openqa.selenium.WebDriver; import org.openqa.selenium.WebElement; import org.openqa.selenium.support.ui.ExpectedConditions; import org.openqa.selenium.support.ui.Select; import org.openqa.selenium.support.ui.WebDriverWait; +import static org.keycloak.testsuite.util.DroneUtils.getCurrentDriver; +import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad; + /** * @author Vaclav Muzikar */ @@ -21,13 +23,40 @@ public final class UIUtils { return false; } - public static boolean currentTitleEquals(WebDriver driver, String url) { + public static boolean currentTitleEquals(String url) { try { - (new WebDriverWait(driver, 5)).until(ExpectedConditions.titleIs(url)); + (new WebDriverWait(getCurrentDriver(), 5)).until(ExpectedConditions.titleIs(url)); } catch (TimeoutException e) { return false; } return true; } + + /** + * Safely performs an operation which is expected to cause a page reload, e.g. a link click. + * This ensures the page will be fully loaded after the operation. + * This is intended for use in UI tests only. + * + * @param operation + */ + public static void performOperationWithPageReload(Runnable operation) { + operation.run(); + waitForPageToLoad(); + } + + public static void clickLink(WebElement element) { + performOperationWithPageReload(element::click); + } + + /** + * Navigates to a link directly instead of clicking on it. + * Some browsers are sometimes having problems with clicking on links, so this should be used only in that cases, + * i.e. only when clicking directly doesn't work + * + * @param element + */ + public static void navigateToLink(WebElement element) { + URLUtils.navigateToUri(element.getAttribute("href"), true); + } } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/URLUtils.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/URLUtils.java index ea7d72c9111..e3985c5a3c5 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/URLUtils.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/URLUtils.java @@ -10,8 +10,9 @@ import org.openqa.selenium.support.ui.WebDriverWait; import java.util.regex.Pattern; +import static org.keycloak.testsuite.util.DroneUtils.getCurrentDriver; +import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad; import static org.openqa.selenium.support.ui.ExpectedConditions.not; -import static org.openqa.selenium.support.ui.ExpectedConditions.or; import static org.openqa.selenium.support.ui.ExpectedConditions.urlMatches; import static org.openqa.selenium.support.ui.ExpectedConditions.urlToBe; @@ -20,12 +21,15 @@ import static org.openqa.selenium.support.ui.ExpectedConditions.urlToBe; */ public final class URLUtils { - public static void navigateToUri(WebDriver driver, String uri, boolean waitForMatch) { - navigateToUri(driver, uri, waitForMatch, true); + private static Logger log = Logger.getLogger(URLUtils.class); + + public static void navigateToUri(String uri, boolean waitForMatch) { + navigateToUri(uri, waitForMatch, true); } - private static void navigateToUri(WebDriver driver, String uri, boolean waitForMatch, boolean enableIEWorkaround) { - Logger log = Logger.getLogger(URLUtils.class); + // TODO: remove waitForMatch + private static void navigateToUri(String uri, boolean waitForMatch, boolean enableIEWorkaround) { + WebDriver driver = getCurrentDriver(); log.info("starting navigation"); @@ -34,27 +38,20 @@ public final class URLUtils { if (driver instanceof InternetExplorerDriver && driver.getCurrentUrl().equals(uri)) { log.info("IE workaround: target URL equals current URL - refreshing the page"); driver.navigate().refresh(); + waitForPageToLoad(); } - WaitUtils.waitForPageToLoad(driver); - log.info("current URL: " + driver.getCurrentUrl()); log.info("navigating to " + uri); - driver.navigate().to(uri); - - if (waitForMatch) { - // Possible login URL; this is to eliminate unnecessary wait when navigating to a secured page and being - // redirected to the login page - String loginUrl = "^[^\\?]+/auth/realms/[^/]+/(protocol|login-actions).+$"; - - try { - (new WebDriverWait(driver, 3)).until(or(urlMatches("^" + Pattern.quote(uri) + ".*$"), urlMatches(loginUrl))); - } catch (TimeoutException e) { - log.info("new current URL doesn't start with desired URL"); - } + if (driver.getCurrentUrl().equals(uri)) { // Some browsers won't do anything if navigating to the same URL; this "fixes" it + log.info("target URL equals current URL - refreshing the page"); + driver.navigate().refresh(); + } + else { + driver.navigate().to(uri); } - WaitUtils.waitForPageToLoad(driver); + waitForPageToLoad(); log.info("new current URL: " + driver.getCurrentUrl()); @@ -65,45 +62,45 @@ public final class URLUtils { && (driver.getCurrentUrl().matches("^[^#]+/#state=[^#/&]+&code=[^#/&]+$") || driver.getCurrentUrl().matches("^.+/auth/admin/[^/]+/console/$"))) { log.info("IE workaround: reloading the page after deleting the cookies..."); - navigateToUri(driver, uri, waitForMatch, false); + navigateToUri(uri, waitForMatch, false); } else { log.info("navigation complete"); } } - public static boolean currentUrlEqual(WebDriver driver, String url) { - return urlCheck(driver, urlToBe(url)); + public static boolean currentUrlEqual(String url) { + return urlCheck(urlToBe(url)); } - public static boolean currentUrlDoesntEqual(WebDriver driver, String url) { - return urlCheck(driver, not(urlToBe(url))); + public static boolean currentUrlDoesntEqual(String url) { + return urlCheck(not(urlToBe(url))); } - public static boolean currentUrlStartWith(WebDriver driver, String url) { - return urlCheck(driver, urlMatches("^" + Pattern.quote(url) + ".*$")); + public static boolean currentUrlStartWith(String url) { + return urlCheck(urlMatches("^" + Pattern.quote(url) + ".*$")); } - public static boolean currentUrlDoesntStartWith(WebDriver driver, String url) { - return urlCheck(driver, urlMatches("^(?!" + Pattern.quote(url) + ").+$")); + public static boolean currentUrlDoesntStartWith(String url) { + return urlCheck(urlMatches("^(?!" + Pattern.quote(url) + ").+$")); } - private static boolean urlCheck(WebDriver driver, ExpectedCondition condition) { - return urlCheck(driver, condition, false); + private static boolean urlCheck(ExpectedCondition condition) { + return urlCheck(condition, false); } - private static boolean urlCheck(WebDriver driver, ExpectedCondition condition, boolean secondTry) { - Logger log = Logger.getLogger(URLUtils.class); + private static boolean urlCheck(ExpectedCondition condition, boolean secondTry) { + WebDriver driver = getCurrentDriver(); try { - (new WebDriverWait(driver, 1, 100)).until(condition); + (new WebDriverWait(driver, 5, 100)).until(condition); } catch (TimeoutException e) { if (driver instanceof InternetExplorerDriver && !secondTry) { // IE WebDriver has sometimes invalid current URL log.info("IE workaround: checking URL failed at first attempt - refreshing the page and trying one more time..."); driver.navigate().refresh(); - urlCheck(driver, condition, true); + urlCheck(condition, true); } else { return false; diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/WaitUtils.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/WaitUtils.java index 216e2cae834..30ec1a87100 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/WaitUtils.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/WaitUtils.java @@ -21,17 +21,18 @@ import org.openqa.selenium.By; import org.openqa.selenium.TimeoutException; import org.openqa.selenium.WebDriver; import org.openqa.selenium.WebElement; +import org.openqa.selenium.htmlunit.HtmlUnitDriver; +import org.openqa.selenium.support.ui.FluentWait; import org.openqa.selenium.support.ui.WebDriverWait; import java.util.Collections; +import java.util.concurrent.TimeUnit; import java.util.logging.Level; import java.util.logging.Logger; import static org.jboss.arquillian.graphene.Graphene.waitGui; -import static org.openqa.selenium.support.ui.ExpectedConditions.invisibilityOfAllElements; -import static org.openqa.selenium.support.ui.ExpectedConditions.javaScriptThrowsNoExceptions; -import static org.openqa.selenium.support.ui.ExpectedConditions.not; -import static org.openqa.selenium.support.ui.ExpectedConditions.urlContains; +import static org.keycloak.testsuite.util.DroneUtils.getCurrentDriver; +import static org.openqa.selenium.support.ui.ExpectedConditions.*; /** * @@ -64,13 +65,14 @@ public final class WaitUtils { return waitGui().until(failMessage).element(element); } - public static void waitUntilElementIsNotPresent(WebDriver driver, By locator) { - waitUntilElementIsNotPresent(driver, driver.findElement(locator)); + public static void waitUntilElementIsNotPresent(By locator) { + waitUntilElement(locator).is().not().present(); } - public static void waitUntilElementIsNotPresent(WebDriver driver, WebElement element) { - (new WebDriverWait(driver, IMPLICIT_ELEMENT_WAIT_MILLIS)) - .until(invisibilityOfAllElements(Collections.singletonList(element))); + public static void waitUntilElementIsNotPresent(WebElement element) { + waitUntilElement(element).is().not().present(); +// (new WebDriverWait(driver, IMPLICIT_ELEMENT_WAIT_MILLIS)) +// .until(invisibilityOfAllElements(Collections.singletonList(element))); } public static void pause(long millis) { @@ -89,15 +91,32 @@ public final class WaitUtils { * Waits for page to finish any pending redirects, REST API requests etc. * Because Keycloak's Admin Console is a single-page application, we need to * take extra steps to ensure the page is fully loaded - * - * @param driver */ - public static void waitForPageToLoad(WebDriver driver) { - WebDriverWait wait = new WebDriverWait(driver, PAGELOAD_TIMEOUT_MILLIS / 1000); + public static void waitForPageToLoad() { + WebDriver driver = getCurrentDriver(); + + if (driver instanceof HtmlUnitDriver) { + return; // not needed + } + + // Ensure the URL is "stable", i.e. is not changing anymore; if it'd changing, some redirects are probably still in progress + for (int maxRedirects = 2; maxRedirects > 0; maxRedirects--) { + String currentUrl = driver.getCurrentUrl(); + FluentWait wait = new FluentWait<>(driver).withTimeout(250, TimeUnit.MILLISECONDS); + try { + wait.until(not(urlToBe(currentUrl))); + } + catch (TimeoutException e) { + break; // URL has not changed recently - ok, the URL is stable and page is current + } + if (maxRedirects == 1) { + log.warn("URL seems unstable! (Some redirect are probably still in progress)"); + } + } + + WebDriverWait wait = new WebDriverWait(getCurrentDriver(), PAGELOAD_TIMEOUT_MILLIS / 1000); try { - wait.until(not(urlContains("redirect_fragment"))); - // Checks if the document is ready and asks AngularJS, if present, whether there are any REST API requests // in progress wait.until(javaScriptThrowsNoExceptions( @@ -112,12 +131,12 @@ public final class WaitUtils { } } - public static void waitForModalFadeIn(WebDriver driver) { + public static void waitForModalFadeIn() { pause(500); // TODO: Find out how to do in more 'elegant' way, e.g. like in the waitForModalFadeOut } - public static void waitForModalFadeOut(WebDriver driver) { - waitUntilElementIsNotPresent(driver, By.className("modal-backdrop")); + public static void waitForModalFadeOut() { + waitUntilElementIsNotPresent(By.className("modal-backdrop")); } } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/WebDriverLogDumper.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/WebDriverLogDumper.java new file mode 100644 index 00000000000..f56a119fe31 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/WebDriverLogDumper.java @@ -0,0 +1,26 @@ +package org.keycloak.testsuite.util; + +import org.jboss.logging.Logger; +import org.openqa.selenium.WebDriver; +import org.openqa.selenium.logging.LogEntries; +import org.openqa.selenium.logging.LogEntry; + +/** + * Created by st on 21/03/17. + */ +public class WebDriverLogDumper { + + public static String dumpBrowserLogs(WebDriver driver) { + try { + StringBuilder sb = new StringBuilder(); + LogEntries logEntries = driver.manage().logs().get("browser"); + for (LogEntry e : logEntries.getAll()) { + sb.append("\n\t" + e.getMessage()); + } + return sb.toString(); + } catch (UnsupportedOperationException e) { + return "Browser doesn't support fetching logs"; + } + } + +} diff --git a/testsuite/integration-arquillian/tests/base/src/main/resources/META-INF/services/org.keycloak.storage.UserStorageProviderFactory b/testsuite/integration-arquillian/tests/base/src/main/resources/META-INF/services/org.keycloak.storage.UserStorageProviderFactory new file mode 100755 index 00000000000..68493ad6e37 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/main/resources/META-INF/services/org.keycloak.storage.UserStorageProviderFactory @@ -0,0 +1 @@ +org.keycloak.testsuite.federation.DummyUserFederationProviderFactory diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AssertEvents.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AssertEvents.java index 098c05a4a16..1f73f4f0011 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AssertEvents.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AssertEvents.java @@ -49,6 +49,8 @@ public class AssertEvents implements TestRule { public static final String DEFAULT_CLIENT_ID = "test-app"; public static final String DEFAULT_IP_ADDRESS = "127.0.0.1"; + public static final String DEFAULT_IP_ADDRESS_V6 = "0:0:0:0:0:0:0:1"; + public static final String DEFAULT_IP_ADDRESS_V6_SHORT = "::1"; public static final String DEFAULT_REALM = "test"; public static final String DEFAULT_USERNAME = "test-user@localhost"; @@ -167,7 +169,7 @@ public class AssertEvents implements TestRule { .realm(defaultRealmId()) .client(DEFAULT_CLIENT_ID) .user(defaultUserId()) - .ipAddress(DEFAULT_IP_ADDRESS) + .ipAddress(CoreMatchers.anyOf(is(DEFAULT_IP_ADDRESS), is(DEFAULT_IP_ADDRESS_V6), is(DEFAULT_IP_ADDRESS_V6_SHORT))) .session((String) null) .event(event); } @@ -177,6 +179,7 @@ public class AssertEvents implements TestRule { private Matcher realmId; private Matcher userId; private Matcher sessionId; + private Matcher ipAddress; private HashMap> details; public ExpectedEvent realm(Matcher realmId) { @@ -229,7 +232,12 @@ public class AssertEvents implements TestRule { } public ExpectedEvent ipAddress(String ipAddress) { - expected.setIpAddress(ipAddress); + this.ipAddress = CoreMatchers.equalTo(ipAddress); + return this; + } + + public ExpectedEvent ipAddress(Matcher ipAddress) { + this.ipAddress = ipAddress; return this; } @@ -279,7 +287,7 @@ public class AssertEvents implements TestRule { Assert.assertThat("realm ID", actual.getRealmId(), is(realmId)); Assert.assertThat("client ID", actual.getClientId(), is(expected.getClientId())); Assert.assertThat("error", actual.getError(), is(expected.getError())); - Assert.assertThat("ip address", actual.getIpAddress(), is(expected.getIpAddress())); + Assert.assertThat("ip address", actual.getIpAddress(), ipAddress); Assert.assertThat("user ID", actual.getUserId(), is(userId)); Assert.assertThat("session ID", actual.getSessionId(), is(sessionId)); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountFormServiceTest.java similarity index 99% rename from testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java rename to testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountFormServiceTest.java index c69f489000c..2c6b772b718 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountFormServiceTest.java @@ -18,12 +18,10 @@ package org.keycloak.testsuite.account; import org.jboss.arquillian.drone.api.annotation.Drone; import org.jboss.arquillian.graphene.page.Page; -import org.junit.After; import org.junit.Assert; import org.junit.Before; import org.junit.Rule; import org.junit.Test; - import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.events.Details; import org.keycloak.events.Errors; @@ -37,10 +35,10 @@ import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.EventRepresentation; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.UserRepresentation; -import org.keycloak.services.resources.AccountService; import org.keycloak.services.resources.RealmsResource; -import org.keycloak.testsuite.AssertEvents; +import org.keycloak.services.resources.account.AccountFormService; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; +import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.drone.Different; import org.keycloak.testsuite.pages.AccountApplicationsPage; @@ -59,7 +57,6 @@ import org.keycloak.testsuite.util.IdentityProviderBuilder; import org.keycloak.testsuite.util.OAuthClient; import org.keycloak.testsuite.util.RealmBuilder; import org.keycloak.testsuite.util.UserBuilder; - import org.openqa.selenium.By; import org.openqa.selenium.WebDriver; @@ -68,13 +65,15 @@ import java.util.LinkedList; import java.util.List; import java.util.Map; -import static org.hamcrest.Matchers.*; +import static org.hamcrest.Matchers.containsInAnyOrder; +import static org.hamcrest.Matchers.containsString; +import static org.hamcrest.Matchers.hasItems; /** * @author Stian Thorgersen * @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc. */ -public class AccountTest extends AbstractTestRealmKeycloakTest { +public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest { @Override public void configureTestRealm(RealmRepresentation testRealm) { @@ -121,7 +120,7 @@ public class AccountTest extends AbstractTestRealmKeycloakTest { private static final UriBuilder BASE = UriBuilder.fromUri("http://localhost:8180/auth"); private static final String ACCOUNT_URL = RealmsResource.accountUrl(BASE.clone()).build("test").toString(); - public static String ACCOUNT_REDIRECT = AccountService.loginRedirectUrl(BASE.clone()).build("test").toString(); + public static String ACCOUNT_REDIRECT = AccountFormService.loginRedirectUrl(BASE.clone()).build("test").toString(); // Create second session @Drone @@ -904,7 +903,7 @@ public class AccountTest extends AbstractTestRealmKeycloakTest { Assert.assertTrue(applicationsPage.isCurrent()); Map apps = applicationsPage.getApplications(); - Assert.assertThat(apps.keySet(), containsInAnyOrder("root-url-client", "Account", "test-app", "test-app-scope", "third-party", "test-app-authz", "My Named Test App", "Test App Named - ${client_account}")); + Assert.assertThat(apps.keySet(), containsInAnyOrder("root-url-client", "Account", "test-app", "test-app-scope", "third-party", "test-app-authz", "My Named Test App", "Test App Named - ${client_account}", "direct-grant")); AccountApplicationsPage.AppEntry accountEntry = apps.get("Account"); Assert.assertEquals(3, accountEntry.getRolesAvailable().size()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountRestServiceCorsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountRestServiceCorsTest.java new file mode 100755 index 00000000000..35263867431 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountRestServiceCorsTest.java @@ -0,0 +1,180 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.testsuite.account; + +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClientBuilder; +import org.junit.After; +import org.junit.Before; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; +import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.representations.idm.UserRepresentation; +import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; +import org.keycloak.testsuite.AssertEvents; +import org.keycloak.testsuite.util.OAuthClient; +import org.keycloak.testsuite.util.TokenUtil; +import org.keycloak.testsuite.util.WebDriverLogDumper; +import org.keycloak.util.JsonSerialization; +import org.openqa.selenium.JavascriptExecutor; + +import java.io.IOException; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; + +/** + * @author Stian Thorgersen + */ +public class AccountRestServiceCorsTest extends AbstractTestRealmKeycloakTest { + + private static final String VALID_CORS_URL = "http://localtest.me:8180/auth"; + private static final String INVALID_CORS_URL = "http://invalid.localtest.me:8180/auth"; + + @Rule + public TokenUtil tokenUtil = new TokenUtil(); + + private CloseableHttpClient client; + private JavascriptExecutor executor; + + @Before + public void before() { + client = HttpClientBuilder.create().build(); + oauth.clientId("direct-grant"); + executor = (JavascriptExecutor) driver; + } + + @After + public void after() { + try { + client.close(); + } catch (IOException e) { + throw new RuntimeException(e); + } + } + + @Override + public void configureTestRealm(RealmRepresentation testRealm) { + } + + @Rule + public AssertEvents events = new AssertEvents(this); + + @Test + public void testGetProfile() throws IOException, InterruptedException { + driver.navigate().to(VALID_CORS_URL); + + doJsGet(executor, getAccountUrl(), tokenUtil.getToken(), true); + } + + @Test + public void testGetProfileInvalidOrigin() throws IOException, InterruptedException { + driver.navigate().to(INVALID_CORS_URL); + + doJsGet(executor, getAccountUrl(), tokenUtil.getToken(), false); + } + + @Test + public void testUpdateProfile() throws IOException { + driver.navigate().to(VALID_CORS_URL); + + doJsPost(executor, getAccountUrl(), tokenUtil.getToken(), "{ \"firstName\" : \"Bob\" }", true); + } + + @Test + public void testUpdateProfileInvalidOrigin() throws IOException { + driver.navigate().to(INVALID_CORS_URL); + + doJsPost(executor, getAccountUrl(), tokenUtil.getToken(), "{ \"firstName\" : \"Bob\" }", false); + } + + private String getAccountUrl() { + return suiteContext.getAuthServerInfo().getContextRoot().toString() + "/auth/realms/test/account"; + } + + private Result doJsGet(JavascriptExecutor executor, String url, String token, boolean expectAllowed) { + String js = "var r = new XMLHttpRequest();" + + "var r = new XMLHttpRequest();" + + "r.open('GET', '" + url + "', false);" + + "r.setRequestHeader('Accept','application/json');" + + "r.setRequestHeader('Authorization','bearer " + token + "');" + + "r.send();" + + "return r.status + ':::' + r.responseText"; + return doXhr(executor, js, expectAllowed); + } + + private Result doJsPost(JavascriptExecutor executor, String url, String token, String data, boolean expectAllowed) { + String js = "var r = new XMLHttpRequest();" + + "var r = new XMLHttpRequest();" + + "r.open('POST', '" + url + "', false);" + + "r.setRequestHeader('Accept','application/json');" + + "r.setRequestHeader('Content-Type','application/json');" + + "r.setRequestHeader('Authorization','bearer " + token + "');" + + "r.send('" + data + "');" + + "return r.status + ':::' + r.responseText"; + return doXhr(executor, js, expectAllowed); + } + + private Result doXhr(JavascriptExecutor executor, String js, boolean expectAllowed) { + Result result = null; + Throwable error = null; + try { + String response = (String) executor.executeScript(js); + String r[] = response.split(":::"); + result = new Result(Integer.parseInt(r[0]), r.length == 2 ? r[1] : null); + } catch (Throwable t ) { + error = t; + } + + if (result == null || result.getStatus() != 200 || error != null) { + if (expectAllowed) { + throw new AssertionError("Cors request failed: " + WebDriverLogDumper.dumpBrowserLogs(driver)); + } else { + return result; + } + } else { + if (!expectAllowed) { + throw new AssertionError("Expected CORS request to be rejected, but was successful"); + } else { + return result; + } + } + } + + private static class Result { + int status; + + String result; + + public Result(int status, String result) { + this.status = status; + this.result = result; + } + + public int getStatus() { + return status; + } + + public String getResult() { + return result; + } + } + +} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountRestServiceTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountRestServiceTest.java new file mode 100755 index 00000000000..47ed56fa39b --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountRestServiceTest.java @@ -0,0 +1,199 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.testsuite.account; + +import com.fasterxml.jackson.core.type.TypeReference; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClientBuilder; +import org.junit.After; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.keycloak.broker.provider.util.SimpleHttp; +import org.keycloak.representations.account.SessionRepresentation; +import org.keycloak.representations.account.UserRepresentation; +import org.keycloak.representations.idm.ErrorRepresentation; +import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; +import org.keycloak.testsuite.AssertEvents; +import org.keycloak.testsuite.util.TokenUtil; +import org.keycloak.testsuite.util.UserBuilder; + +import java.io.IOException; +import java.util.Collections; +import java.util.List; + +import static org.hamcrest.Matchers.containsInAnyOrder; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.assertTrue; + +/** + * @author Stian Thorgersen + */ +public class AccountRestServiceTest extends AbstractTestRealmKeycloakTest { + + @Rule + public TokenUtil tokenUtil = new TokenUtil(); + + @Rule + public AssertEvents events = new AssertEvents(this); + + private CloseableHttpClient client; + + @Before + public void before() { + client = HttpClientBuilder.create().build(); + } + + @After + public void after() { + try { + client.close(); + } catch (IOException e) { + throw new RuntimeException(e); + } + } + + @Override + public void configureTestRealm(RealmRepresentation testRealm) { + testRealm.getUsers().add(UserBuilder.create().username("no-account-access").password("password").build()); + testRealm.getUsers().add(UserBuilder.create().username("view-account-access").role("account", "view-profile").password("password").build()); + } + + @Test + public void testGetProfile() throws IOException { + UserRepresentation user = SimpleHttp.doGet(getAccountUrl(null), client).auth(tokenUtil.getToken()).asJson(UserRepresentation.class); + assertEquals("Tom", user.getFirstName()); + assertEquals("Brady", user.getLastName()); + assertEquals("test-user@localhost", user.getEmail()); + assertFalse(user.isEmailVerified()); + assertTrue(user.getAttributes().isEmpty()); + } + + @Test + public void testUpdateProfile() throws IOException { + UserRepresentation user = SimpleHttp.doGet(getAccountUrl(null), client).auth(tokenUtil.getToken()).asJson(UserRepresentation.class); + user.setFirstName("Homer"); + user.setLastName("Simpsons"); + user.getAttributes().put("attr1", Collections.singletonList("val1")); + user.getAttributes().put("attr2", Collections.singletonList("val2")); + + user = updateAndGet(user); + + assertEquals("Homer", user.getFirstName()); + assertEquals("Simpsons", user.getLastName()); + assertEquals(2, user.getAttributes().size()); + assertEquals(1, user.getAttributes().get("attr1").size()); + assertEquals("val1", user.getAttributes().get("attr1").get(0)); + assertEquals(1, user.getAttributes().get("attr2").size()); + assertEquals("val2", user.getAttributes().get("attr2").get(0)); + + // Update attributes + user.getAttributes().remove("attr1"); + user.getAttributes().get("attr2").add("val3"); + + user = updateAndGet(user); + + assertEquals(1, user.getAttributes().size()); + assertEquals(2, user.getAttributes().get("attr2").size()); + assertThat(user.getAttributes().get("attr2"), containsInAnyOrder("val2", "val3")); + + // Update email + user.setEmail("bobby@localhost"); + user = updateAndGet(user); + assertEquals("bobby@localhost", user.getEmail()); + + user.setEmail("john-doh@localhost"); + updateError(user, 409, "email_exists"); + + user.setEmail("test-user@localhost"); + user = updateAndGet(user); + assertEquals("test-user@localhost", user.getEmail()); + + // Update username + user.setUsername("updatedUsername"); + user = updateAndGet(user); + assertEquals("updatedusername", user.getUsername()); + + user.setUsername("john-doh@localhost"); + updateError(user, 409, "username_exists"); + + user.setUsername("test-user@localhost"); + user = updateAndGet(user); + assertEquals("test-user@localhost", user.getUsername()); + + RealmRepresentation realmRep = adminClient.realm("test").toRepresentation(); + realmRep.setEditUsernameAllowed(false); + adminClient.realm("test").update(realmRep); + + user.setUsername("updatedUsername2"); + updateError(user, 400, "username_read_only"); + } + + private UserRepresentation updateAndGet(UserRepresentation user) throws IOException { + int status = SimpleHttp.doPost(getAccountUrl(null), client).auth(tokenUtil.getToken()).json(user).asStatus(); + assertEquals(200, status); + return SimpleHttp.doGet(getAccountUrl(null), client).auth(tokenUtil.getToken()).asJson(UserRepresentation.class); + } + + + private void updateError(UserRepresentation user, int expectedStatus, String expectedMessage) throws IOException { + SimpleHttp.Response response = SimpleHttp.doPost(getAccountUrl(null), client).auth(tokenUtil.getToken()).json(user).asResponse(); + assertEquals(expectedStatus, response.getStatus()); + assertEquals(expectedMessage, response.asJson(ErrorRepresentation.class).getErrorMessage()); + } + + @Test + public void testProfilePermissions() throws IOException { + TokenUtil noaccessToken = new TokenUtil("no-account-access", "password"); + TokenUtil viewToken = new TokenUtil("view-account-access", "password"); + + // Read with no access + assertEquals(403, SimpleHttp.doGet(getAccountUrl(null), client).header("Accept", "application/json").auth(noaccessToken.getToken()).asStatus()); + + // Update with no access + assertEquals(403, SimpleHttp.doPost(getAccountUrl(null), client).auth(noaccessToken.getToken()).json(new UserRepresentation()).asStatus()); + + // Update with read only + assertEquals(403, SimpleHttp.doPost(getAccountUrl(null), client).auth(viewToken.getToken()).json(new UserRepresentation()).asStatus()); + } + + @Test + public void testUpdateProfilePermissions() throws IOException { + TokenUtil noaccessToken = new TokenUtil("no-account-access", "password"); + int status = SimpleHttp.doGet(getAccountUrl(null), client).header("Accept", "application/json").auth(noaccessToken.getToken()).asStatus(); + assertEquals(403, status); + + TokenUtil viewToken = new TokenUtil("view-account-access", "password"); + status = SimpleHttp.doGet(getAccountUrl(null), client).header("Accept", "application/json").auth(viewToken.getToken()).asStatus(); + assertEquals(200, status); + } + + @Test + public void testGetSessions() throws IOException { + List sessions = SimpleHttp.doGet(getAccountUrl("sessions"), client).auth(tokenUtil.getToken()).asJson(new TypeReference>() {}); + + assertEquals(1, sessions.size()); + } + + private String getAccountUrl(String resource) { + return suiteContext.getAuthServerInfo().getContextRoot().toString() + "/auth/realms/test/account" + (resource != null ? "/" + resource : ""); + } + +} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ProfileTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ProfileTest.java deleted file mode 100755 index 95274c6b897..00000000000 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ProfileTest.java +++ /dev/null @@ -1,362 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.account; - -import org.apache.commons.io.IOUtils; -import org.apache.http.HttpHeaders; -import org.apache.http.HttpResponse; -import org.apache.http.client.HttpClient; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.entity.StringEntity; -import org.apache.http.impl.client.DefaultHttpClient; -import org.jboss.arquillian.drone.api.annotation.Default; -import org.jboss.arquillian.graphene.context.GrapheneContext; -import org.jboss.arquillian.graphene.page.Page; -import org.junit.Before; -import org.junit.Test; -import org.keycloak.OAuth2Constants; -import org.keycloak.admin.client.resource.ClientResource; -import org.keycloak.admin.client.resource.RealmResource; -import org.keycloak.admin.client.resource.RoleMappingResource; -import org.keycloak.admin.client.resource.RoleScopeResource; -import org.keycloak.models.AccountRoles; -import org.keycloak.representations.idm.RealmRepresentation; -import org.keycloak.representations.idm.RoleRepresentation; -import org.keycloak.representations.idm.UserRepresentation; -import org.keycloak.services.resources.RealmsResource; -import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; -import org.keycloak.testsuite.admin.ApiUtil; -import org.keycloak.testsuite.client.resources.TestApplicationResource; -import org.keycloak.testsuite.pages.AccountApplicationsPage; -import org.keycloak.testsuite.pages.AccountUpdateProfilePage; -import org.keycloak.testsuite.pages.LoginPage; -import org.keycloak.testsuite.pages.OAuthGrantPage; -import org.keycloak.testsuite.runonserver.SerializationUtil; -import org.keycloak.testsuite.util.ClientBuilder; -import org.keycloak.testsuite.util.OAuthClient; -import org.keycloak.testsuite.util.RealmBuilder; -import org.keycloak.testsuite.util.RealmRepUtil; -import org.keycloak.testsuite.util.UserBuilder; -import org.keycloak.testsuite.util.WaitUtils; -import org.keycloak.util.JsonSerialization; -import org.openqa.selenium.By; -import org.openqa.selenium.Capabilities; -import org.openqa.selenium.JavascriptExecutor; -import org.openqa.selenium.Platform; -import org.openqa.selenium.WebDriver; -import org.openqa.selenium.WebDriverException; -import org.openqa.selenium.htmlunit.HtmlUnitDriver; -import org.openqa.selenium.remote.DesiredCapabilities; -import twitter4j.JSONArray; -import twitter4j.JSONObject; - -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.UriBuilder; -import java.io.IOException; -import java.net.URI; -import java.util.Collections; -import java.util.List; -import java.util.Map; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.fail; - -/** - * @author Stian Thorgersen - * @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc. - */ -public class ProfileTest extends AbstractTestRealmKeycloakTest { - - @Override - public void configureTestRealm(RealmRepresentation testRealm) { - UserRepresentation user = RealmRepUtil.findUser(testRealm, "test-user@localhost"); - user.setFirstName("First"); - user.setLastName("Last"); - user.singleAttribute("key1", "value1"); - user.singleAttribute("key2", "value2"); - - UserRepresentation user2 = UserBuilder.create() - .enabled(true) - .username("test-user-no-access@localhost") - .password("password") - .build(); - RealmBuilder.edit(testRealm) - .accessTokenLifespan(1000) - .user(user2); - - ClientBuilder.edit(RealmRepUtil.findClientByClientId(testRealm, "test-app")) - .addWebOrigin("http://localtest.me:8180"); - } - - private RoleRepresentation findViewProfileRole(ClientResource accountApp) { - RoleMappingResource scopeMappings = accountApp.getScopeMappings(); - RoleScopeResource clientLevelMappings = scopeMappings.clientLevel(accountApp.toRepresentation().getId()); - List accountRoleList = clientLevelMappings.listEffective(); - - for (RoleRepresentation role : accountRoleList) { - if (role.getName().equals(AccountRoles.VIEW_PROFILE)) return role; - } - - return null; - } - - @Before - public void addScopeMappings() { - String accountClientId = org.keycloak.models.Constants.ACCOUNT_MANAGEMENT_CLIENT_ID; - ClientResource accountApp = ApiUtil.findClientByClientId(testRealm(), accountClientId); - RoleRepresentation role = findViewProfileRole(accountApp); - - String accountAppId = accountApp.toRepresentation().getId(); - ClientResource app = ApiUtil.findClientByClientId(testRealm(), "test-app"); - app.getScopeMappings().clientLevel(accountAppId).add(Collections.singletonList(role)); - - ClientResource thirdParty = ApiUtil.findClientByClientId(testRealm(), "third-party"); - thirdParty.getScopeMappings().clientLevel(accountAppId).add(Collections.singletonList(role)); - } - - @Page - protected AccountUpdateProfilePage profilePage; - - @Page - protected AccountApplicationsPage accountApplicationsPage; - - @Page - protected LoginPage loginPage; - - @Page - protected OAuthGrantPage grantPage; - - @Test - public void getProfile() throws Exception { - oauth.doLogin("test-user@localhost", "password"); - - String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); - String token = oauth.doAccessTokenRequest(code, "password").getAccessToken(); - - HttpResponse response = doGetProfile(token, null); - assertEquals(200, response.getStatusLine().getStatusCode()); - UserRepresentation profile = JsonSerialization.readValue(IOUtils.toString(response.getEntity().getContent()), UserRepresentation.class); - - assertEquals("test-user@localhost", profile.getUsername()); - assertEquals("test-user@localhost", profile.getEmail()); - assertEquals("First", profile.getFirstName()); - assertEquals("Last", profile.getLastName()); - - Map> attributes = profile.getAttributes(); - List attrValue = attributes.get("key1"); - assertEquals(1, attrValue.size()); - assertEquals("value1", attrValue.get(0)); - attrValue = attributes.get("key2"); - assertEquals(1, attrValue.size()); - assertEquals("value2", attrValue.get(0)); - } - - @Test - public void updateProfile() throws Exception { - oauth.doLogin("test-user@localhost", "password"); - - String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); - String token = oauth.doAccessTokenRequest(code, "password").getAccessToken(); - - UserRepresentation user = new UserRepresentation(); - user.setUsername("test-user@localhost"); - user.setFirstName("NewFirst"); - user.setLastName("NewLast"); - user.setEmail("NewEmail@localhost"); - - HttpResponse response = doUpdateProfile(token, null, JsonSerialization.writeValueAsString(user)); - assertEquals(200, response.getStatusLine().getStatusCode()); - - response = doGetProfile(token, null); - - UserRepresentation profile = JsonSerialization.readValue(IOUtils.toString(response.getEntity().getContent()), UserRepresentation.class); - - assertEquals("test-user@localhost", profile.getUsername()); - assertEquals("newemail@localhost", profile.getEmail()); - assertEquals("NewFirst", profile.getFirstName()); - assertEquals("NewLast", profile.getLastName()); - - // Revert - user.setFirstName("First"); - user.setLastName("Last"); - user.setEmail("test-user@localhost"); - doUpdateProfile(token, null, JsonSerialization.writeValueAsString(user)); - assertEquals(200, response.getStatusLine().getStatusCode()); - } - - @Test - public void getProfileCors() throws Exception { - oauth.doLogin("test-user@localhost", "password"); - - String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); - String token = oauth.doAccessTokenRequest(code, "password").getAccessToken(); - - driver.navigate().to("http://localtest.me:8180/auth/realms/test/account"); - - String[] response = doGetProfileJs("http://localtest.me:8180/auth", token); - assertEquals("200", response[0]); - } - - - // WARN: If it's failing for phantomJS, make sure to enable CORS by using: - // -Dphantomjs.cli.args="--ignore-ssl-errors=true --web-security=true" - @Test - public void getProfileCorsInvalidOrigin() throws Exception { - oauth.doLogin("test-user@localhost", "password"); - - String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); - String token = oauth.doAccessTokenRequest(code, "password").getAccessToken(); - - String[] response = null; - try { - response = doGetProfileJs("http://invalid.localtest.me:8180/auth", token); - } catch (WebDriverException ex) { - // Expected - } - - // Some webDrivers throw exception (htmlUnit) , some just doesn't return anything. - if (response != null && response.length > 0 && response[0].equals("200")) { - fail("Not expected to retrieve response. Make sure CORS are enabled for your browser!"); - } - } - - @Test - public void getProfileCookieAuth() throws Exception { - profilePage.open(); - loginPage.login("test-user@localhost", "password"); - - String[] response = doGetProfileJs(OAuthClient.AUTH_SERVER_ROOT, null); - assertEquals("200", response[0]); - - JSONObject profile = new JSONObject(response[1]); - assertEquals("test-user@localhost", profile.getString("username")); - } - - @Test - public void getProfileNoAuth() throws Exception { - HttpResponse response = doGetProfile(null, null); - assertEquals(403, response.getStatusLine().getStatusCode()); - } - - @Test - public void getProfileNoAccess() throws Exception { - oauth.doLogin("test-user-no-access@localhost", "password"); - - String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); - String token = oauth.doAccessTokenRequest(code, "password").getAccessToken(); - - HttpResponse response = doGetProfile(token, null); - assertEquals(403, response.getStatusLine().getStatusCode()); - } - - @Test - public void getProfileOAuthClient() throws Exception { - oauth.clientId("third-party"); - oauth.doLoginGrant("test-user@localhost", "password"); - - grantPage.accept(); - - String token = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get(OAuth2Constants.CODE), "password").getAccessToken(); - HttpResponse response = doGetProfile(token, null); - - assertEquals(200, response.getStatusLine().getStatusCode()); - JSONObject profile = new JSONObject(IOUtils.toString(response.getEntity().getContent())); - - assertEquals("test-user@localhost", profile.getString("username")); - - accountApplicationsPage.open(); - accountApplicationsPage.revokeGrant("third-party"); - } - - @Test - public void getProfileOAuthClientNoScope() throws Exception { - oauth.clientId("third-party"); - oauth.doLoginGrant("test-user@localhost", "password"); - - String token = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get(OAuth2Constants.CODE), "password").getAccessToken(); - HttpResponse response = doGetProfile(token, null); - - assertEquals(403, response.getStatusLine().getStatusCode()); - } - - private URI getAccountURI() { - return RealmsResource.accountUrl(UriBuilder.fromUri(oauth.AUTH_SERVER_ROOT)).build(oauth.getRealm()); - } - - private HttpResponse doGetProfile(String token, String origin) throws IOException { - HttpClient client = new DefaultHttpClient(); - HttpGet get = new HttpGet(UriBuilder.fromUri(getAccountURI()).build()); - if (token != null) { - get.setHeader(HttpHeaders.AUTHORIZATION, "bearer " + token); - } - if (origin != null) { - get.setHeader("Origin", origin); - } - get.setHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON); - return client.execute(get); - } - - private HttpResponse doUpdateProfile(String token, String origin, String value) throws IOException { - HttpClient client = new DefaultHttpClient(); - HttpPost post = new HttpPost(UriBuilder.fromUri(getAccountURI()).build()); - if (token != null) { - post.setHeader(HttpHeaders.AUTHORIZATION, "bearer " + token); - } - if (origin != null) { - post.setHeader("Origin", origin); - } - post.setHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON); - post.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON); - post.setEntity(new StringEntity(value)); - return client.execute(post); - } - - private String[] doGetProfileJs(String authServerRoot, String token) { - UriBuilder uriBuilder = UriBuilder.fromUri(authServerRoot) - .path(TestApplicationResource.class) - .path(TestApplicationResource.class, "getAccountProfile") - .queryParam("account-uri", getAccountURI().toString()); - - if (token != null) { - uriBuilder.queryParam("token", token); - - // Remove Keycloak cookies. Some browsers send cookies even in preflight requests - driver.navigate().to(OAuthClient.AUTH_SERVER_ROOT + "/realms/test/account"); - driver.manage().deleteAllCookies(); - } - - String accountProfileUri = uriBuilder.build().toString(); - log.info("Retrieve profile with URI: " + accountProfileUri); - - driver.navigate().to(accountProfileUri); - WaitUtils.waitUntilElement(By.id("innerOutput")); - String response = driver.findElement(By.id("innerOutput")).getText(); - return response.split("///"); - } - - private WebDriver getHtmlUnitDriver() { - DesiredCapabilities cap = new DesiredCapabilities(); - cap.setPlatform(Platform.ANY); - cap.setJavascriptEnabled(true); - cap.setVersion("chrome"); - cap.setBrowserName("htmlunit"); - HtmlUnitDriver driver = new HtmlUnitDriver(cap); - return driver; - } -} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowOTPTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowOTPTest.java index 4f192e652db..969a5776790 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowOTPTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowOTPTest.java @@ -175,6 +175,74 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest { assertCurrentUrlStartsWith(testLoginOneTimeCodePage); } + @Test + public void conditionalOTPNoDefaultWithChecks() { + configureRequiredActions(); + configureOTP(); + //prepare config - no configuration specified + Map config = new HashMap<>(); + config.put(OTP_CONTROL_USER_ATTRIBUTE, "noSuchUserSkipAttribute"); + config.put(SKIP_OTP_ROLE, "no_such_otp_role"); + config.put(FORCE_OTP_ROLE, "no_such_otp_role"); + config.put(SKIP_OTP_FOR_HTTP_HEADER, "NoSuchHost: nolocalhost:65536"); + config.put(FORCE_OTP_FOR_HTTP_HEADER, "NoSuchHost: nolocalhost:65536"); + setConditionalOTPForm(config); + + //test OTP is required + testRealmAccountManagementPage.navigateTo(); + testRealmLoginPage.form().login(testUser); + testRealmLoginPage.form().totpForm().waitForTotpInputFieldPresent(); + + //verify that the page is login page, not totp setup + assertCurrentUrlStartsWith(testLoginOneTimeCodePage); + } + + @Test + public void conditionalOTPDefaultSkipWithChecks() { + //prepare config - default skip + Map config = new HashMap<>(); + config.put(OTP_CONTROL_USER_ATTRIBUTE, "noSuchUserSkipAttribute"); + config.put(SKIP_OTP_ROLE, "no_such_otp_role"); + config.put(FORCE_OTP_ROLE, "no_such_otp_role"); + config.put(SKIP_OTP_FOR_HTTP_HEADER, "NoSuchHost: nolocalhost:65536"); + config.put(FORCE_OTP_FOR_HTTP_HEADER, "NoSuchHost: nolocalhost:65536"); + config.put(DEFAULT_OTP_OUTCOME, SKIP); + + setConditionalOTPForm(config); + + //test OTP is skipped + testRealmAccountManagementPage.navigateTo(); + testRealmLoginPage.form().login(testUser); + assertCurrentUrlStartsWith(testRealmAccountManagementPage); + } + + @Test + public void conditionalOTPDefaultForceWithChecks() { + + //prepare config - default force + Map config = new HashMap<>(); + config.put(OTP_CONTROL_USER_ATTRIBUTE, "noSuchUserSkipAttribute"); + config.put(SKIP_OTP_ROLE, "no_such_otp_role"); + config.put(FORCE_OTP_ROLE, "no_such_otp_role"); + config.put(SKIP_OTP_FOR_HTTP_HEADER, "NoSuchHost: nolocalhost:65536"); + config.put(FORCE_OTP_FOR_HTTP_HEADER, "NoSuchHost: nolocalhost:65536"); + config.put(DEFAULT_OTP_OUTCOME, FORCE); + + setConditionalOTPForm(config); + + //test OTP is forced + testRealmAccountManagementPage.navigateTo(); + testRealmLoginPage.form().login(testUser); + assertTrue(loginConfigTotpPage.isCurrent()); + + configureOTP(); + testRealmLoginPage.form().login(testUser); + testRealmLoginPage.form().totpForm().waitForTotpInputFieldPresent(); + + //verify that the page is login page, not totp setup + assertCurrentUrlStartsWith(testLoginOneTimeCodePage); + } + @Test public void conditionalOTPUserAttributeSkip() { //prepare config - user attribute, default to force diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomThemeTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomThemeTest.java index 81942fee977..d9e30b3383b 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomThemeTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomThemeTest.java @@ -27,7 +27,7 @@ import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; -import org.keycloak.testsuite.account.AccountTest; +import org.keycloak.testsuite.account.AccountFormServiceTest; import org.keycloak.testsuite.pages.AccountUpdateProfilePage; import org.keycloak.testsuite.pages.LoginPage; import org.keycloak.testsuite.util.RealmBuilder; @@ -68,7 +68,7 @@ public class CustomThemeTest extends AbstractTestRealmKeycloakTest { profilePage.open(); loginPage.login("test-user@localhost", "password"); - events.expectLogin().client("account").detail(Details.REDIRECT_URI, AccountTest.ACCOUNT_REDIRECT).assertEvent(); + events.expectLogin().client("account").detail(Details.REDIRECT_URI, AccountFormServiceTest.ACCOUNT_REDIRECT).assertEvent(); Assert.assertEquals("test-user@localhost", profilePage.getEmail()); Assert.assertEquals("", profilePage.getAttribute("street")); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractServletsAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractServletsAdapterTest.java index 235d15f8e05..744486793c9 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractServletsAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractServletsAdapterTest.java @@ -31,6 +31,7 @@ import java.io.IOException; import java.net.URL; import java.util.List; +import org.junit.Assert; import static org.keycloak.testsuite.auth.page.AuthRealm.DEMO; import static org.keycloak.testsuite.util.IOUtil.loadRealm; @@ -74,7 +75,10 @@ public abstract class AbstractServletsAdapterTest extends AbstractAdapterTest { String webInfPath = baseSAMLPath + name + "/WEB-INF/"; URL keycloakSAMLConfig = AbstractServletsAdapterTest.class.getResource(webInfPath + "keycloak-saml.xml"); + Assert.assertNotNull("keycloak-saml.xml should be in " + webInfPath, keycloakSAMLConfig); + URL webXML = AbstractServletsAdapterTest.class.getResource(baseSAMLPath + webXMLPath); + Assert.assertNotNull("web.xml should be in " + baseSAMLPath + webXMLPath, keycloakSAMLConfig); WebArchive deployment = ShrinkWrap.create(WebArchive.class, name + ".war") .addClasses(servletClasses) diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/AbstractBasicAuthExampleAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/AbstractBasicAuthExampleAdapterTest.java deleted file mode 100644 index 57868f28be8..00000000000 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/AbstractBasicAuthExampleAdapterTest.java +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.adapter.example; - -import org.jboss.arquillian.container.test.api.Deployment; -import org.jboss.arquillian.graphene.page.Page; -import org.jboss.shrinkwrap.api.spec.WebArchive; -import org.junit.Test; -import org.keycloak.representations.idm.RealmRepresentation; -import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest; -import org.keycloak.testsuite.adapter.page.BasicAuthExample; - -import javax.ws.rs.client.Client; -import javax.ws.rs.client.ClientBuilder; -import javax.ws.rs.core.Response; -import java.io.File; -import java.io.IOException; -import java.util.List; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; -import static org.keycloak.testsuite.auth.page.AuthRealm.EXAMPLE; -import static org.keycloak.testsuite.util.IOUtil.loadRealm; - -public abstract class AbstractBasicAuthExampleAdapterTest extends AbstractExampleAdapterTest { - - @Page - private BasicAuthExample basicAuthExample; - - @Deployment(name = BasicAuthExample.DEPLOYMENT_NAME) - private static WebArchive basicAuthExample() throws IOException { - return exampleDeployment("examples-basicauth"); - } - - @Override - public void addAdapterTestRealms(List testRealms) { - testRealms.add(loadRealm(new File(EXAMPLES_HOME_DIR + "/basic-auth/basicauthrealm.json"))); - } - - @Override - public void setDefaultPageUriParameters() { - super.setDefaultPageUriParameters(); - testRealmPage.setAuthRealm(EXAMPLE); - } - - @Test - public void testBasicAuthExample() { - String value = "hello"; - Client client = ClientBuilder.newClient(); - - Response response = client.target(basicAuthExample - .setTemplateValues("admin", "password", value).buildUri()).request().get(); - assertEquals(200, response.getStatus()); - assertEquals(value, response.readEntity(String.class)); - response.close(); - - response = client.target(basicAuthExample - .setTemplateValues("invalid-user", "password", value).buildUri()).request().get(); - assertEquals(401, response.getStatus()); - String readResponse = response.readEntity(String.class); - assertTrue(readResponse.contains("Unauthorized") || readResponse.contains("Status 401")); - response.close(); - - response = client.target(basicAuthExample - .setTemplateValues("admin", "invalid-password", value).buildUri()).request().get(); - assertEquals(401, response.getStatus()); - readResponse = response.readEntity(String.class); - assertTrue(readResponse.contains("Unauthorized") || readResponse.contains("Status 401")); - response.close(); - - client.close(); - } - -} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/AbstractDemoExampleAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/AbstractDemoExampleAdapterTest.java deleted file mode 100644 index 4db4a3c46ac..00000000000 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/AbstractDemoExampleAdapterTest.java +++ /dev/null @@ -1,373 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.adapter.example; - -import org.apache.commons.io.FileUtils; -import org.jboss.arquillian.container.test.api.Deployment; -import org.jboss.arquillian.graphene.page.Page; -import org.jboss.shrinkwrap.api.spec.WebArchive; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; -import org.keycloak.admin.client.resource.ClientResource; -import org.keycloak.representations.idm.ClientRepresentation; -import org.keycloak.representations.idm.RealmRepresentation; -import org.keycloak.representations.idm.UserRepresentation; -import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest; -import org.keycloak.testsuite.adapter.page.CustomerPortalExample; -import org.keycloak.testsuite.adapter.page.DatabaseServiceExample; -import org.keycloak.testsuite.adapter.page.ProductPortalExample; -import org.keycloak.testsuite.admin.ApiUtil; -import org.keycloak.testsuite.auth.page.account.Account; -import org.keycloak.testsuite.auth.page.account.Applications; -import org.keycloak.testsuite.auth.page.login.OAuthGrant; -import org.keycloak.testsuite.console.page.events.Config; -import org.keycloak.testsuite.console.page.events.LoginEvents; -import org.openqa.selenium.By; -import org.openqa.selenium.WebElement; - -import java.io.File; -import java.io.IOException; -import java.util.Arrays; -import java.util.List; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; -import static org.keycloak.testsuite.auth.page.AuthRealm.DEMO; -import static org.keycloak.testsuite.util.IOUtil.loadRealm; -import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith; - -public abstract class AbstractDemoExampleAdapterTest extends AbstractExampleAdapterTest { - - @Page - private CustomerPortalExample customerPortalExamplePage; - - @Page - private ProductPortalExample productPortalExamplePage; - - @Page - private DatabaseServiceExample databaseServiceExamplePage; - - @Page - private Account testRealmAccountPage; - - @Page - private Config configPage; - - @Page - private LoginEvents loginEventsPage; - - @Page - private OAuthGrant oAuthGrantPage; - - @Page - private Applications applicationsPage; - - @Deployment(name = CustomerPortalExample.DEPLOYMENT_NAME) - private static WebArchive customerPortalExample() throws IOException { - return exampleDeployment(CustomerPortalExample.DEPLOYMENT_NAME); - } - - @Deployment(name = ProductPortalExample.DEPLOYMENT_NAME) - private static WebArchive productPortalExample() throws IOException { - return exampleDeployment(ProductPortalExample.DEPLOYMENT_NAME); - } - - @Deployment(name = DatabaseServiceExample.DEPLOYMENT_NAME) - private static WebArchive databaseServiceExample() throws IOException { - return exampleDeployment("database-service"); - } - - @Override - public void addAdapterTestRealms(List testRealms) { - testRealms.add( - loadRealm(new File(EXAMPLES_HOME_DIR + "/demo-template/testrealm.json"))); - } - - @Override - public void setDefaultPageUriParameters() { - super.setDefaultPageUriParameters(); - testRealmPage.setAuthRealm(DEMO); - testRealmLoginPage.setAuthRealm(DEMO); - testRealmAccountPage.setAuthRealm(DEMO); - configPage.setConsoleRealm(DEMO); - loginEventsPage.setConsoleRealm(DEMO); - applicationsPage.setAuthRealm(DEMO); - } - - @Before - public void beforeDemoExampleTest() { - customerPortalExamplePage.navigateTo(); - driver.manage().deleteAllCookies(); - productPortalExamplePage.navigateTo(); - driver.manage().deleteAllCookies(); - } - - @Test - public void customerPortalListingTest() { - - customerPortalExamplePage.navigateTo(); - customerPortalExamplePage.customerListing(); - - testRealmLoginPage.form().login("bburke@redhat.com", "password"); - - assertCurrentUrlStartsWith(customerPortalExamplePage); - customerPortalExamplePage.waitForCustomerListingHeader(); - - Assert.assertTrue(driver.getPageSource().contains("Username: bburke@redhat.com")); - Assert.assertTrue(driver.getPageSource().contains("Bill Burke")); - Assert.assertTrue(driver.getPageSource().contains("Stian Thorgersen")); - } - - @Test - public void customerPortalSessionTest() { - - customerPortalExamplePage.navigateTo(); - customerPortalExamplePage.customerSession(); - - testRealmLoginPage.form().login("bburke@redhat.com", "password"); - - assertCurrentUrlStartsWith(customerPortalExamplePage); - - customerPortalExamplePage.waitForCustomerSessionHeader(); - Assert.assertTrue(driver.getPageSource().contains("You visited this page")); - } - - @Test - public void productPortalListingTest() { - - productPortalExamplePage.navigateTo(); - productPortalExamplePage.productListing(); - - testRealmLoginPage.form().login("bburke@redhat.com", "password"); - - assertCurrentUrlStartsWith(productPortalExamplePage); - productPortalExamplePage.waitForProductListingHeader(); - - Assert.assertTrue(driver.getPageSource().contains("iphone")); - Assert.assertTrue(driver.getPageSource().contains("ipad")); - Assert.assertTrue(driver.getPageSource().contains("ipod")); - - productPortalExamplePage.goToCustomers(); - } - - @Test - public void goToProductPortalWithOneLoginTest() { - - productPortalExamplePage.navigateTo(); - productPortalExamplePage.productListing(); - - testRealmLoginPage.form().login("bburke@redhat.com", "password"); - - assertCurrentUrlStartsWith(productPortalExamplePage); - productPortalExamplePage.waitForProductListingHeader(); - productPortalExamplePage.goToCustomers(); - - assertCurrentUrlStartsWith(customerPortalExamplePage); - customerPortalExamplePage.customerListing(); - customerPortalExamplePage.goToProducts(); - assertCurrentUrlStartsWith(productPortalExamplePage); - } - - @Test - public void logoutFromAllAppsTest() { - - productPortalExamplePage.navigateTo(); - productPortalExamplePage.productListing(); - - testRealmLoginPage.form().login("bburke@redhat.com", "password"); - - assertCurrentUrlStartsWith(productPortalExamplePage); - productPortalExamplePage.waitForProductListingHeader(); - - if (isRelative()) { //KEYCLOAK-1546 - productPortalExamplePage.logOut(); - } else { - driver.navigate().to(testRealmPage.getOIDCLogoutUrl() + "?redirect_uri=" + productPortalExamplePage); - } - - assertCurrentUrlStartsWith(productPortalExamplePage); - productPortalExamplePage.productListing(); - - customerPortalExamplePage.navigateTo(); - customerPortalExamplePage.customerListing(); - testRealmLoginPage.form().login("bburke@redhat.com", "password"); - - customerPortalExamplePage.logOut(); - } - - @Test - public void grantServerBasedApp() { - ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), "customer-portal"); - ClientRepresentation client = clientResource.toRepresentation(); - client.setConsentRequired(true); - clientResource.update(client); - - RealmRepresentation realm = testRealmResource().toRepresentation(); - realm.setEventsEnabled(true); - realm.setEnabledEventTypes(Arrays.asList("REVOKE_GRANT", "LOGIN")); - testRealmResource().update(realm); - - customerPortalExamplePage.navigateTo(); - customerPortalExamplePage.customerSession(); - - loginPage.form().login("bburke@redhat.com", "password"); - - assertTrue(oAuthGrantPage.isCurrent()); - - oAuthGrantPage.accept(); - - assertTrue(driver.getPageSource().contains("Your hostname:")); - assertTrue(driver.getPageSource().contains("You visited this page")); - - applicationsPage.navigateTo(); - applicationsPage.revokeGrantForApplication("customer-portal"); - - customerPortalExamplePage.navigateTo(); - customerPortalExamplePage.customerSession(); - - assertTrue(oAuthGrantPage.isCurrent()); - - loginEventsPage.navigateTo(); - if (!testContext.isAdminLoggedIn()) { - loginPage.form().login(adminUser); - testContext.setAdminLoggedIn(true); - } - loginEventsPage.table().filter(); - loginEventsPage.table().filterForm().addEventType("REVOKE_GRANT"); - loginEventsPage.table().update(); - - List resultList = loginEventsPage.table().rows(); - - assertEquals(1, resultList.size()); - - resultList.get(0).findElement(By.xpath(".//td[text()='REVOKE_GRANT']")); - resultList.get(0).findElement(By.xpath(".//td[text()='Client']/../td[text()='account']")); - resultList.get(0).findElement(By.xpath(".//td[text()='IP Address']/../td[text()='127.0.0.1' or text()='0:0:0:0:0:0:0:1']")); - resultList.get(0).findElement(By.xpath(".//td[text()='revoked_client']/../td[text()='customer-portal']")); - - loginEventsPage.table().reset(); - loginEventsPage.table().filterForm().addEventType("LOGIN"); - loginEventsPage.table().update(); - resultList = loginEventsPage.table().rows(); - - assertEquals(1, resultList.size()); - - resultList.get(0).findElement(By.xpath(".//td[text()='LOGIN']")); - resultList.get(0).findElement(By.xpath(".//td[text()='Client']/../td[text()='customer-portal']")); - resultList.get(0).findElement(By.xpath(".//td[text()='IP Address']/../td[text()='127.0.0.1' or text()='0:0:0:0:0:0:0:1']")); - resultList.get(0).findElement(By.xpath(".//td[text()='username']/../td[text()='bburke@redhat.com']")); - resultList.get(0).findElement(By.xpath(".//td[text()='consent']/../td[text()='consent_granted']")); - } - - @Test - public void historyOfAccessResourceTest() throws IOException { - RealmRepresentation realm = testRealmResource().toRepresentation(); - realm.setEventsEnabled(true); - realm.setEnabledEventTypes(Arrays.asList("LOGIN", "LOGIN_ERROR", "LOGOUT", "CODE_TO_TOKEN")); - testRealmResource().update(realm); - - customerPortalExamplePage.navigateTo(); - customerPortalExamplePage.customerListing(); - - testRealmLoginPage.form().login("bburke@redhat.com", "password"); - - Assert.assertTrue(driver.getPageSource().contains("Username: bburke@redhat.com") - && driver.getPageSource().contains("Bill Burke") - && driver.getPageSource().contains("Stian Thorgersen") - ); - - if (isRelative()) { //KEYCLOAK-1546 - productPortalExamplePage.logOut(); - } else { - driver.navigate().to(testRealmPage.getOIDCLogoutUrl() + "?redirect_uri=" + productPortalExamplePage); - } - - loginEventsPage.navigateTo(); - - if (!testContext.isAdminLoggedIn()) { - loginPage.form().login(adminUser); - testContext.setAdminLoggedIn(true); - } - - loginEventsPage.table().filter(); - loginEventsPage.table().filterForm().addEventType("LOGOUT"); - loginEventsPage.table().update(); - - List resultList = loginEventsPage.table().rows(); - - assertEquals(1, resultList.size()); - - resultList.get(0).findElement(By.xpath(".//td[text()='LOGOUT']")); - resultList.get(0).findElement(By.xpath(".//td[text()='Client']/../td[text()='']")); - resultList.get(0).findElement(By.xpath(".//td[text()='IP Address']/../td[text()='127.0.0.1' or text()='0:0:0:0:0:0:0:1']")); - - loginEventsPage.table().reset(); - loginEventsPage.table().filterForm().addEventType("LOGIN"); - loginEventsPage.table().update(); - resultList = loginEventsPage.table().rows(); - - assertEquals(1, resultList.size()); - - resultList.get(0).findElement(By.xpath(".//td[text()='LOGIN']")); - resultList.get(0).findElement(By.xpath(".//td[text()='Client']/../td[text()='customer-portal']")); - resultList.get(0).findElement(By.xpath(".//td[text()='IP Address']/../td[text()='127.0.0.1' or text()='0:0:0:0:0:0:0:1']")); - resultList.get(0).findElement(By.xpath(".//td[text()='username']/../td[text()='bburke@redhat.com']")); - - loginEventsPage.table().reset(); - loginEventsPage.table().filterForm().addEventType("CODE_TO_TOKEN"); - loginEventsPage.table().update(); - resultList = loginEventsPage.table().rows(); - - assertEquals(1, resultList.size()); - resultList.get(0).findElement(By.xpath(".//td[text()='CODE_TO_TOKEN']")); - resultList.get(0).findElement(By.xpath(".//td[text()='Client']/../td[text()='customer-portal']")); - resultList.get(0).findElement(By.xpath(".//td[text()='IP Address']/../td[text()='127.0.0.1' or text()='0:0:0:0:0:0:0:1']")); - resultList.get(0).findElement(By.xpath(".//td[text()='refresh_token_type']/../td[text()='Refresh']")); - - String serverLogPath = null; - - if (System.getProperty("app.server").equals("wildfly") || System.getProperty("app.server").equals("eap6") || System.getProperty("app.server").equals("eap")) { - serverLogPath = System.getProperty("app.server.home") + "/standalone/log/server.log"; - } - - String appServerUrl; - if (Boolean.parseBoolean(System.getProperty("app.server.ssl.required"))) { - appServerUrl = "https://localhost:" + System.getProperty("app.server.https.port", "8543") + "/"; - } else { - appServerUrl = "http://localhost:" + System.getProperty("app.server.http.port", "8280") + "/"; - } - - if (serverLogPath != null) { - log.info("Checking app server log at: " + serverLogPath); - File serverLog = new File(serverLogPath); - String serverLogContent = FileUtils.readFileToString(serverLog); - UserRepresentation bburke = ApiUtil.findUserByUsername(testRealmResource(), "bburke@redhat.com"); - - Pattern pattern = Pattern.compile("User '" + bburke.getId() + "' invoking '" + appServerUrl + "customer-portal\\/customers\\/view\\.jsp[^\\s]+' on client 'customer-portal'"); - Matcher matcher = pattern.matcher(serverLogContent); - - assertTrue(matcher.find()); - assertTrue(serverLogContent.contains("User '" + bburke.getId() + "' invoking '" + appServerUrl + "database/customers' on client 'database-service'")); - } else { - log.info("Checking app server log on app-server: \"" + System.getProperty("app.server") + "\" is not supported."); - } - } -} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/AbstractSAMLExampleAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/AbstractSAMLExampleAdapterTest.java deleted file mode 100644 index 3a0676e4992..00000000000 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/AbstractSAMLExampleAdapterTest.java +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.adapter.example; - -import org.jboss.arquillian.container.test.api.Deployment; -import org.jboss.arquillian.graphene.page.Page; -import org.jboss.shrinkwrap.api.spec.WebArchive; -import org.junit.Test; -import org.keycloak.representations.idm.RealmRepresentation; -import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest; -import org.keycloak.testsuite.adapter.page.SAMLPostEncExample; -import org.keycloak.testsuite.adapter.page.SAMLPostSigExample; -import org.keycloak.testsuite.adapter.page.SAMLRedirectSigExample; -import org.keycloak.testsuite.util.URLAssert; -import org.openqa.selenium.By; - -import java.io.File; -import java.io.IOException; -import java.util.List; - -import static org.keycloak.testsuite.auth.page.AuthRealm.SAMLDEMO; -import static org.keycloak.testsuite.util.IOUtil.loadRealm; -import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement; - -/** - * @author mhajas - */ -public abstract class AbstractSAMLExampleAdapterTest extends AbstractExampleAdapterTest { - - @Page - private SAMLPostSigExample samlPostSigExamplePage; - - @Page - private SAMLPostEncExample samlPostEncExamplePage; - - @Page - private SAMLRedirectSigExample samlRedirectSigExamplePage; - - @Override - public void addAdapterTestRealms(List testRealms) { - RealmRepresentation samlRealm = loadRealm(new File(EXAMPLES_HOME_DIR + "/saml/testsaml.json")); - testRealms.add(samlRealm); - } - - @Override - public void setDefaultPageUriParameters() { - super.setDefaultPageUriParameters(); - testRealmPage.setAuthRealm(SAMLDEMO); - testRealmSAMLRedirectLoginPage.setAuthRealm(SAMLDEMO); - testRealmSAMLPostLoginPage.setAuthRealm(SAMLDEMO); - } - - @Deployment(name = SAMLPostSigExample.DEPLOYMENT_NAME) - private static WebArchive samlPostSigExampleDeployment() throws IOException { - return exampleDeployment(SAMLPostSigExample.DEPLOYMENT_NAME); - } - - @Deployment(name = SAMLPostEncExample.DEPLOYMENT_NAME) - private static WebArchive samlPostEncExampleDeployment() throws IOException { - return exampleDeployment(SAMLPostEncExample.DEPLOYMENT_NAME); - } - - @Deployment(name = SAMLRedirectSigExample.DEPLOYMENT_NAME) - private static WebArchive samlRedirectSigExampleDeployment() throws IOException { - return exampleDeployment(SAMLRedirectSigExample.DEPLOYMENT_NAME); - } - - @Test - public void samlPostWithSignatureExampleTest() { - samlPostSigExamplePage.navigateTo(); - testRealmSAMLPostLoginPage.form().login(bburkeUser); - - waitUntilElement(By.xpath("//body")).text().contains("Welcome to the Sales Tool, " + bburkeUser.getUsername()); - - samlPostSigExamplePage.logout(); - waitUntilElement(By.xpath("//body")).text().contains("Logged out."); - - samlPostSigExamplePage.navigateTo(); - URLAssert.assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage); - } - - @Test - public void samlPostWithEncryptionExampleTest() { - samlPostEncExamplePage.navigateTo(); - - testRealmSAMLPostLoginPage.form().login(bburkeUser); - - waitUntilElement(By.xpath("//body")).text().contains("Welcome to the Sales Tool, " + bburkeUser.getUsername()); - - samlPostEncExamplePage.logout(); - waitUntilElement(By.xpath("//body")).text().contains("Logged out."); - - samlPostEncExamplePage.navigateTo(); - URLAssert.assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage); - } - - @Test - public void samlRedirectWithSignatureExampleTest() { - samlRedirectSigExamplePage.navigateTo(); - - testRealmSAMLRedirectLoginPage.form().login(bburkeUser); - - waitUntilElement(By.xpath("//body")).text().contains("Welcome to the Employee Tool,"); - - samlRedirectSigExamplePage.logout(); - URLAssert.assertCurrentUrlStartsWith(testRealmSAMLRedirectLoginPage); - - samlRedirectSigExamplePage.navigateTo(); - URLAssert.assertCurrentUrlStartsWith(testRealmSAMLRedirectLoginPage); - } -} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java index 2f9fede0ac5..7223b2abcf6 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java @@ -88,13 +88,6 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd @Before public void beforePhotozExampleAdapterTest() throws FileNotFoundException { deleteAllCookiesForClientPage(); - - for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) { - if ("Only Owner Policy".equals(policy.getName())) { - policy.getConfig().put("mavenArtifactVersion", System.getProperty("project.version")); - getAuthorizationResource().policies().policy(policy.getId()).update(policy); - } - } } @Override @@ -650,7 +643,13 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd } private void importResourceServerSettings() throws FileNotFoundException { - getAuthorizationResource().importSettings(loadJson(new FileInputStream(new File(TEST_APPS_HOME_DIR + "/photoz/photoz-restful-api-authz-service.json")), ResourceServerRepresentation.class)); + ResourceServerRepresentation authSettings = loadJson(new FileInputStream(new File(TEST_APPS_HOME_DIR + "/photoz/photoz-restful-api-authz-service.json")), ResourceServerRepresentation.class); + + authSettings.getPolicies().stream() + .filter(x -> "Only Owner Policy".equals(x.getName())) + .forEach(x -> x.getConfig().put("mavenArtifactVersion", System.getProperty("project.version"))); + + getAuthorizationResource().importSettings(authSettings); } private AuthorizationResource getAuthorizationResource() throws FileNotFoundException { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzFunctionalAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzFunctionalAdapterTest.java index 49158faacf5..a46f8f142bb 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzFunctionalAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzFunctionalAdapterTest.java @@ -207,7 +207,7 @@ public abstract class AbstractServletAuthzFunctionalAdapterTest extends Abstract public void testAccessPublicResource() throws Exception { performTests(() -> { driver.navigate().to(getResourceServerUrl() + "/public-html.html"); - WaitUtils.waitForPageToLoad(driver); + WaitUtils.waitForPageToLoad(); assertTrue(hasText("This is public resource that should be accessible without login.")); }); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractClientInitiatedAccountLinkTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractClientInitiatedAccountLinkTest.java index f95fe7f2410..ace58078a88 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractClientInitiatedAccountLinkTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractClientInitiatedAccountLinkTest.java @@ -48,7 +48,6 @@ import org.keycloak.testsuite.pages.AccountUpdateProfilePage; import org.keycloak.testsuite.pages.ErrorPage; import org.keycloak.testsuite.pages.LoginPage; import org.keycloak.testsuite.pages.LoginUpdateProfilePage; -import org.keycloak.testsuite.pages.UpdateAccountInformationPage; import org.keycloak.testsuite.util.OAuthClient; import org.keycloak.testsuite.util.WaitUtils; import org.keycloak.util.JsonSerialization; @@ -61,8 +60,6 @@ import java.util.LinkedList; import java.util.List; import java.util.Map; import java.util.UUID; -import java.util.regex.Matcher; -import java.util.regex.Pattern; import static org.keycloak.models.AccountRoles.MANAGE_ACCOUNT; import static org.keycloak.models.AccountRoles.MANAGE_ACCOUNT_LINKS; @@ -545,7 +542,7 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer // Login to account mgmt first profilePage.open(CHILD_IDP); - WaitUtils.waitForPageToLoad(driver); + WaitUtils.waitForPageToLoad(); Assert.assertTrue(loginPage.isCurrent(CHILD_IDP)); loginPage.login("child", "password"); @@ -590,7 +587,7 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer // Login to account mgmt first profilePage.open(CHILD_IDP); - WaitUtils.waitForPageToLoad(driver); + WaitUtils.waitForPageToLoad(); Assert.assertTrue(loginPage.isCurrent(CHILD_IDP)); loginPage.login("child", "password"); @@ -624,7 +621,7 @@ public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractSer private void navigateTo(String uri) { driver.navigate().to(uri); - WaitUtils.waitForPageToLoad(driver); + WaitUtils.waitForPageToLoad(); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java index f7a9335336d..721c89ee8f5 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java @@ -53,8 +53,6 @@ import org.keycloak.testsuite.util.*; import org.keycloak.testsuite.util.URLUtils; import org.keycloak.util.BasicAuthHelper; -import org.openqa.selenium.By; - import javax.ws.rs.client.Client; import javax.ws.rs.client.ClientBuilder; import javax.ws.rs.client.Entity; @@ -197,7 +195,7 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd assertCurrentUrlStartsWithLoginUrlOf(testRealmPage); testRealmLoginPage.form().login("bburke@redhat.com", "password"); assertCurrentUrlEquals(driver, inputPortal + "/secured/post"); - waitForPageToLoad(driver); + waitForPageToLoad(); String pageSource = driver.getPageSource(); assertThat(pageSource, containsString("parameter=hello")); @@ -564,7 +562,7 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd // Test I need to reauthenticate with prompt=login String appUri = tokenMinTTLPage.getUriBuilder().queryParam(OIDCLoginProtocol.PROMPT_PARAM, OIDCLoginProtocol.PROMPT_VALUE_LOGIN).build().toString(); - URLUtils.navigateToUri(driver, appUri, true); + URLUtils.navigateToUri(appUri, true); assertCurrentUrlStartsWithLoginUrlOf(testRealmPage); testRealmLoginPage.form().login("bburke@redhat.com", "password"); AccessToken token = tokenMinTTLPage.getAccessToken(); @@ -624,7 +622,7 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd oAuthGrantPage.accept(); String pageSource = driver.getPageSource(); - waitForPageToLoad(driver); + waitForPageToLoad(); assertThat(pageSource, containsString("Bill Burke")); assertThat(pageSource, containsString("Stian Thorgersen")); @@ -682,7 +680,7 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd testRealmLoginPage.form().login("bburke@redhat.com", "password"); - waitForPageToLoad(driver); + waitForPageToLoad(); String pageSource = driver.getPageSource(); assertThat(pageSource, containsString("Bill Burke")); assertThat(pageSource, containsString("Stian Thorgersen")); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractLinkAndExchangeTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractLinkAndExchangeTest.java new file mode 100644 index 00000000000..312517cca8c --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractLinkAndExchangeTest.java @@ -0,0 +1,657 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.testsuite.adapter.servlet; + +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.container.test.api.OperateOnDeployment; +import org.jboss.arquillian.graphene.page.Page; +import org.jboss.arquillian.test.api.ArquillianResource; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.keycloak.OAuth2Constants; +import org.keycloak.admin.client.resource.ClientResource; +import org.keycloak.admin.client.resource.RealmResource; +import org.keycloak.authorization.model.Policy; +import org.keycloak.authorization.model.ResourceServer; +import org.keycloak.common.util.Base64Url; +import org.keycloak.models.ClientModel; +import org.keycloak.models.Constants; +import org.keycloak.models.IdentityProviderModel; +import org.keycloak.models.KeycloakSession; +import org.keycloak.models.RealmModel; +import org.keycloak.protocol.oidc.OIDCLoginProtocol; +import org.keycloak.protocol.oidc.OIDCLoginProtocolService; +import org.keycloak.representations.AccessTokenResponse; +import org.keycloak.representations.idm.ClientRepresentation; +import org.keycloak.representations.idm.FederatedIdentityRepresentation; +import org.keycloak.representations.idm.IdentityProviderRepresentation; +import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.representations.idm.RoleRepresentation; +import org.keycloak.representations.idm.UserRepresentation; +import org.keycloak.representations.idm.authorization.ClientPolicyRepresentation; +import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement; +import org.keycloak.services.resources.admin.permissions.AdminPermissions; +import org.keycloak.testsuite.ActionURIUtils; +import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest; +import org.keycloak.testsuite.admin.ApiUtil; +import org.keycloak.testsuite.arquillian.AuthServerTestEnricher; +import org.keycloak.testsuite.broker.BrokerTestTools; +import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl; +import org.keycloak.testsuite.pages.AccountUpdateProfilePage; +import org.keycloak.testsuite.pages.ErrorPage; +import org.keycloak.testsuite.pages.LoginPage; +import org.keycloak.testsuite.pages.LoginUpdateProfilePage; +import org.keycloak.testsuite.util.OAuthClient; +import org.keycloak.testsuite.util.WaitUtils; +import org.keycloak.util.JsonSerialization; + +import javax.ws.rs.client.Client; +import javax.ws.rs.client.ClientBuilder; +import javax.ws.rs.core.UriBuilder; +import java.net.URL; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.UUID; + +import static org.keycloak.models.AccountRoles.MANAGE_ACCOUNT; +import static org.keycloak.models.AccountRoles.MANAGE_ACCOUNT_LINKS; +import static org.keycloak.models.Constants.ACCOUNT_MANAGEMENT_CLIENT_ID; +import static org.keycloak.testsuite.admin.ApiUtil.createUserAndResetPasswordWithAdminClient; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public abstract class AbstractLinkAndExchangeTest extends AbstractServletsAdapterTest { + public static final String CHILD_IDP = "child"; + public static final String PARENT_IDP = "parent-idp"; + public static final String PARENT_USERNAME = "parent"; + + @Page + protected LoginUpdateProfilePage loginUpdateProfilePage; + + @Page + protected AccountUpdateProfilePage profilePage; + + @Page + private LoginPage loginPage; + + @Page + protected ErrorPage errorPage; + + public static class ClientApp extends AbstractPageWithInjectedUrl { + + public static final String DEPLOYMENT_NAME = "client-linking"; + + @ArquillianResource + @OperateOnDeployment(DEPLOYMENT_NAME) + private URL url; + + @Override + public URL getInjectedUrl() { + return url; + } + + } + + @Page + private ClientApp appPage; + + @Override + public void beforeAuthTest() { + } + + @Override + public void addAdapterTestRealms(List testRealms) { + RealmRepresentation realm = new RealmRepresentation(); + realm.setRealm(CHILD_IDP); + realm.setEnabled(true); + ClientRepresentation servlet = new ClientRepresentation(); + servlet.setClientId("client-linking"); + servlet.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); + String uri = "/client-linking"; + if (!isRelative()) { + uri = appServerContextRootPage.toString() + uri; + } + servlet.setAdminUrl(uri); + servlet.setDirectAccessGrantsEnabled(true); + servlet.setBaseUrl(uri); + servlet.setRedirectUris(new LinkedList<>()); + servlet.getRedirectUris().add(uri + "/*"); + servlet.setSecret("password"); + servlet.setFullScopeAllowed(true); + realm.setClients(new LinkedList<>()); + realm.getClients().add(servlet); + testRealms.add(realm); + + + realm = new RealmRepresentation(); + realm.setRealm(PARENT_IDP); + realm.setEnabled(true); + + testRealms.add(realm); + + } + + + @Deployment(name = ClientApp.DEPLOYMENT_NAME) + protected static WebArchive accountLink() { + return servletDeployment(ClientApp.DEPLOYMENT_NAME, LinkAndExchangeServlet.class, ServletTestUtils.class); + } + + @Before + public void addIdpUser() { + RealmResource realm = adminClient.realms().realm(PARENT_IDP); + UserRepresentation user = new UserRepresentation(); + user.setUsername(PARENT_USERNAME); + user.setEnabled(true); + String userId = createUserAndResetPasswordWithAdminClient(realm, user, "password"); + + } + + private String childUserId = null; + + + @Before + public void addChildUser() { + RealmResource realm = adminClient.realms().realm(CHILD_IDP); + UserRepresentation user = new UserRepresentation(); + user.setUsername("child"); + user.setEnabled(true); + childUserId = createUserAndResetPasswordWithAdminClient(realm, user, "password"); + UserRepresentation user2 = new UserRepresentation(); + user2.setUsername("child2"); + user2.setEnabled(true); + String user2Id = createUserAndResetPasswordWithAdminClient(realm, user2, "password"); + + // have to add a role as undertow default auth manager doesn't like "*". todo we can remove this eventually as undertow fixes this in later versions + realm.roles().create(new RoleRepresentation("user", null, false)); + RoleRepresentation role = realm.roles().get("user").toRepresentation(); + List roles = new LinkedList<>(); + roles.add(role); + realm.users().get(childUserId).roles().realmLevel().add(roles); + realm.users().get(user2Id).roles().realmLevel().add(roles); + ClientRepresentation brokerService = realm.clients().findByClientId(Constants.BROKER_SERVICE_CLIENT_ID).get(0); + role = realm.clients().get(brokerService.getId()).roles().get(Constants.READ_TOKEN_ROLE).toRepresentation(); + roles.clear(); + roles.add(role); + realm.users().get(childUserId).roles().clientLevel(brokerService.getId()).add(roles); + realm.users().get(user2Id).roles().clientLevel(brokerService.getId()).add(roles); + + } + + public static void setupRealm(KeycloakSession session) { + RealmModel realm = session.realms().getRealmByName(CHILD_IDP); + ClientModel client = realm.getClientByClientId("client-linking"); + IdentityProviderModel idp = realm.getIdentityProviderByAlias(PARENT_IDP); + Assert.assertNotNull(idp); + + AdminPermissionManagement management = AdminPermissions.management(session, realm); + management.idps().setPermissionsEnabled(idp, true); + ClientPolicyRepresentation clientRep = new ClientPolicyRepresentation(); + clientRep.setName("toIdp"); + clientRep.addClient(client.getId()); + ResourceServer server = management.realmResourceServer(); + Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientRep, server); + management.idps().exchangeToPermission(idp).addAssociatedPolicy(clientPolicy); + + } + @Before + public void createBroker() { + createParentChild(); + testingClient.server().run(AbstractLinkAndExchangeTest::setupRealm); + } + + public void createParentChild() { + BrokerTestTools.createKcOidcBroker(adminClient, CHILD_IDP, PARENT_IDP, suiteContext); + } + + + @Test + public void testErrorConditions() throws Exception { + + RealmResource realm = adminClient.realms().realm(CHILD_IDP); + List links = realm.users().get(childUserId).getFederatedIdentity(); + Assert.assertTrue(links.isEmpty()); + + ClientRepresentation client = adminClient.realms().realm(CHILD_IDP).clients().findByClientId("client-linking").get(0); + + UriBuilder redirectUri = UriBuilder.fromUri(appPage.getInjectedUrl().toString()) + .path("link") + .queryParam("response", "true"); + + UriBuilder directLinking = UriBuilder.fromUri(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth") + .path("realms/child/broker/{provider}/link") + .queryParam("client_id", "client-linking") + .queryParam("redirect_uri", redirectUri.build()) + .queryParam("hash", Base64Url.encode("crap".getBytes())) + .queryParam("nonce", UUID.randomUUID().toString()); + + String linkUrl = directLinking + .build(PARENT_IDP).toString(); + + // test not logged in + + navigateTo(linkUrl); + Assert.assertTrue(loginPage.isCurrent(CHILD_IDP)); + loginPage.login("child", "password"); + + Assert.assertTrue(driver.getCurrentUrl().contains("link_error=not_logged_in")); + + logoutAll(); + + // now log in + + navigateTo( appPage.getInjectedUrl() + "/hello"); + Assert.assertTrue(loginPage.isCurrent(CHILD_IDP)); + loginPage.login("child", "password"); + Assert.assertTrue(driver.getCurrentUrl().startsWith(appPage.getInjectedUrl() + "/hello")); + Assert.assertTrue(driver.getPageSource().contains("Unknown request:")); + + // now test CSRF with bad hash. + + navigateTo(linkUrl); + + Assert.assertTrue(driver.getPageSource().contains("We're sorry...")); + + logoutAll(); + + // now log in again with client that does not have scope + + String accountId = adminClient.realms().realm(CHILD_IDP).clients().findByClientId(ACCOUNT_MANAGEMENT_CLIENT_ID).get(0).getId(); + RoleRepresentation manageAccount = adminClient.realms().realm(CHILD_IDP).clients().get(accountId).roles().get(MANAGE_ACCOUNT).toRepresentation(); + RoleRepresentation manageLinks = adminClient.realms().realm(CHILD_IDP).clients().get(accountId).roles().get(MANAGE_ACCOUNT_LINKS).toRepresentation(); + RoleRepresentation userRole = adminClient.realms().realm(CHILD_IDP).roles().get("user").toRepresentation(); + + client.setFullScopeAllowed(false); + ClientResource clientResource = adminClient.realms().realm(CHILD_IDP).clients().get(client.getId()); + clientResource.update(client); + + List roles = new LinkedList<>(); + roles.add(userRole); + clientResource.getScopeMappings().realmLevel().add(roles); + + navigateTo( appPage.getInjectedUrl() + "/hello"); + Assert.assertTrue(loginPage.isCurrent(CHILD_IDP)); + loginPage.login("child", "password"); + Assert.assertTrue(driver.getCurrentUrl().startsWith(appPage.getInjectedUrl() + "/hello")); + Assert.assertTrue(driver.getPageSource().contains("Unknown request:")); + + + UriBuilder linkBuilder = UriBuilder.fromUri(appPage.getInjectedUrl().toString()) + .path("link"); + String clientLinkUrl = linkBuilder.clone() + .queryParam("realm", CHILD_IDP) + .queryParam("provider", PARENT_IDP).build().toString(); + + + navigateTo(clientLinkUrl); + + Assert.assertTrue(driver.getCurrentUrl().contains("error=not_allowed")); + + logoutAll(); + + // add MANAGE_ACCOUNT_LINKS scope should pass. + + links = realm.users().get(childUserId).getFederatedIdentity(); + Assert.assertTrue(links.isEmpty()); + + + roles = new LinkedList<>(); + roles.add(manageLinks); + clientResource.getScopeMappings().clientLevel(accountId).add(roles); + + navigateTo(clientLinkUrl); + Assert.assertTrue(loginPage.isCurrent(CHILD_IDP)); + loginPage.login("child", "password"); + Assert.assertTrue(loginPage.isCurrent(PARENT_IDP)); + loginPage.login(PARENT_USERNAME, "password"); + + Assert.assertTrue(driver.getCurrentUrl().startsWith(linkBuilder.toTemplate())); + Assert.assertTrue(driver.getPageSource().contains("Account Linked")); + + links = realm.users().get(childUserId).getFederatedIdentity(); + Assert.assertFalse(links.isEmpty()); + + realm.users().get(childUserId).removeFederatedIdentity(PARENT_IDP); + links = realm.users().get(childUserId).getFederatedIdentity(); + Assert.assertTrue(links.isEmpty()); + + clientResource.getScopeMappings().clientLevel(accountId).remove(roles); + + logoutAll(); + + navigateTo(clientLinkUrl); + Assert.assertTrue(loginPage.isCurrent(CHILD_IDP)); + loginPage.login("child", "password"); + + Assert.assertTrue(driver.getCurrentUrl().contains("link_error=not_allowed")); + + logoutAll(); + + // add MANAGE_ACCOUNT scope should pass + + links = realm.users().get(childUserId).getFederatedIdentity(); + Assert.assertTrue(links.isEmpty()); + + + roles = new LinkedList<>(); + roles.add(manageAccount); + clientResource.getScopeMappings().clientLevel(accountId).add(roles); + + navigateTo(clientLinkUrl); + Assert.assertTrue(loginPage.isCurrent(CHILD_IDP)); + loginPage.login("child", "password"); + Assert.assertTrue(loginPage.isCurrent(PARENT_IDP)); + loginPage.login(PARENT_USERNAME, "password"); + + Assert.assertTrue(driver.getCurrentUrl().startsWith(linkBuilder.toTemplate())); + Assert.assertTrue(driver.getPageSource().contains("Account Linked")); + + links = realm.users().get(childUserId).getFederatedIdentity(); + Assert.assertFalse(links.isEmpty()); + + realm.users().get(childUserId).removeFederatedIdentity(PARENT_IDP); + links = realm.users().get(childUserId).getFederatedIdentity(); + Assert.assertTrue(links.isEmpty()); + + clientResource.getScopeMappings().clientLevel(accountId).remove(roles); + + logoutAll(); + + navigateTo(clientLinkUrl); + Assert.assertTrue(loginPage.isCurrent(CHILD_IDP)); + loginPage.login("child", "password"); + + Assert.assertTrue(driver.getCurrentUrl().contains("link_error=not_allowed")); + + logoutAll(); + + + // undo fullScopeAllowed + + client = adminClient.realms().realm(CHILD_IDP).clients().findByClientId("client-linking").get(0); + client.setFullScopeAllowed(true); + clientResource.update(client); + + links = realm.users().get(childUserId).getFederatedIdentity(); + Assert.assertTrue(links.isEmpty()); + + logoutAll(); + + + + + + + } + + @Test + public void testAccountLink() throws Exception { + RealmResource realm = adminClient.realms().realm(CHILD_IDP); + List links = realm.users().get(childUserId).getFederatedIdentity(); + Assert.assertTrue(links.isEmpty()); + + UriBuilder linkBuilder = UriBuilder.fromUri(appPage.getInjectedUrl().toString()) + .path("link"); + String linkUrl = linkBuilder.clone() + .queryParam("realm", CHILD_IDP) + .queryParam("provider", PARENT_IDP).build().toString(); + System.out.println("linkUrl: " + linkUrl); + navigateTo(linkUrl); + Assert.assertTrue(loginPage.isCurrent(CHILD_IDP)); + Assert.assertTrue(driver.getPageSource().contains(PARENT_IDP)); + loginPage.login("child", "password"); + Assert.assertTrue(loginPage.isCurrent(PARENT_IDP)); + loginPage.login(PARENT_USERNAME, "password"); + System.out.println("After linking: " + driver.getCurrentUrl()); + System.out.println(driver.getPageSource()); + Assert.assertTrue(driver.getCurrentUrl().startsWith(linkBuilder.toTemplate())); + Assert.assertTrue(driver.getPageSource().contains("Account Linked")); + + OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest(CHILD_IDP, "child", "password", null, "client-linking", "password"); + Assert.assertNotNull(response.getAccessToken()); + Assert.assertNull(response.getError()); + Client httpClient = ClientBuilder.newClient(); + String firstToken = getToken(response, httpClient); + Assert.assertNotNull(firstToken); + + + navigateTo(linkUrl); + Assert.assertTrue(driver.getPageSource().contains("Account Linked")); + String nextToken = getToken(response, httpClient); + Assert.assertNotNull(nextToken); + Assert.assertNotEquals(firstToken, nextToken); + + + + + + + links = realm.users().get(childUserId).getFederatedIdentity(); + Assert.assertFalse(links.isEmpty()); + + realm.users().get(childUserId).removeFederatedIdentity(PARENT_IDP); + links = realm.users().get(childUserId).getFederatedIdentity(); + Assert.assertTrue(links.isEmpty()); + + logoutAll(); + + + } + + private String getToken(OAuthClient.AccessTokenResponse response, Client httpClient) throws Exception { + String idpToken = httpClient.target(OAuthClient.AUTH_SERVER_ROOT) + .path("realms") + .path("child/broker") + .path(PARENT_IDP) + .path("token") + .request() + .header("Authorization", "Bearer " + response.getAccessToken()) + .get(String.class); + AccessTokenResponse res = JsonSerialization.readValue(idpToken, AccessTokenResponse.class); + return res.getToken(); + } + + public void logoutAll() { + String logoutUri = OIDCLoginProtocolService.logoutUrl(authServerPage.createUriBuilder()).build(CHILD_IDP).toString(); + navigateTo(logoutUri); + logoutUri = OIDCLoginProtocolService.logoutUrl(authServerPage.createUriBuilder()).build(PARENT_IDP).toString(); + navigateTo(logoutUri); + } + + @Test + public void testLinkOnlyProvider() throws Exception { + RealmResource realm = adminClient.realms().realm(CHILD_IDP); + IdentityProviderRepresentation rep = realm.identityProviders().get(PARENT_IDP).toRepresentation(); + rep.setLinkOnly(true); + realm.identityProviders().get(PARENT_IDP).update(rep); + try { + + List links = realm.users().get(childUserId).getFederatedIdentity(); + Assert.assertTrue(links.isEmpty()); + + UriBuilder linkBuilder = UriBuilder.fromUri(appPage.getInjectedUrl().toString()) + .path("link"); + String linkUrl = linkBuilder.clone() + .queryParam("realm", CHILD_IDP) + .queryParam("provider", PARENT_IDP).build().toString(); + navigateTo(linkUrl); + Assert.assertTrue(loginPage.isCurrent(CHILD_IDP)); + + // should not be on login page. This is what we are testing + Assert.assertFalse(driver.getPageSource().contains(PARENT_IDP)); + + // now test that we can still link. + loginPage.login("child", "password"); + Assert.assertTrue(loginPage.isCurrent(PARENT_IDP)); + loginPage.login(PARENT_USERNAME, "password"); + System.out.println("After linking: " + driver.getCurrentUrl()); + System.out.println(driver.getPageSource()); + Assert.assertTrue(driver.getCurrentUrl().startsWith(linkBuilder.toTemplate())); + Assert.assertTrue(driver.getPageSource().contains("Account Linked")); + + links = realm.users().get(childUserId).getFederatedIdentity(); + Assert.assertFalse(links.isEmpty()); + + realm.users().get(childUserId).removeFederatedIdentity(PARENT_IDP); + links = realm.users().get(childUserId).getFederatedIdentity(); + Assert.assertTrue(links.isEmpty()); + + logoutAll(); + + System.out.println("testing link-only attack"); + + navigateTo(linkUrl); + Assert.assertTrue(loginPage.isCurrent(CHILD_IDP)); + + System.out.println("login page uri is: " + driver.getCurrentUrl()); + + // ok, now scrape the code from page + String pageSource = driver.getPageSource(); + String action = ActionURIUtils.getActionURIFromPageSource(pageSource); + System.out.println("action uri: " + action); + + Map queryParams = ActionURIUtils.parseQueryParamsFromActionURI(action); + System.out.println("query params: " + queryParams); + + // now try and use the code to login to remote link-only idp + + String uri = "/auth/realms/child/broker/parent-idp/login"; + + uri = UriBuilder.fromUri(AuthServerTestEnricher.getAuthServerContextRoot()) + .path(uri) + .queryParam(OAuth2Constants.CODE, queryParams.get(OAuth2Constants.CODE)) + .queryParam(Constants.CLIENT_ID, queryParams.get(Constants.CLIENT_ID)) + .build().toString(); + + System.out.println("hack uri: " + uri); + + navigateTo(uri); + + Assert.assertTrue(driver.getPageSource().contains("Could not send authentication request to identity provider.")); + + + + + + } finally { + + rep.setLinkOnly(false); + realm.identityProviders().get(PARENT_IDP).update(rep); + } + + + } + + + @Test + public void testAccountNotLinkedAutomatically() throws Exception { + RealmResource realm = adminClient.realms().realm(CHILD_IDP); + List links = realm.users().get(childUserId).getFederatedIdentity(); + Assert.assertTrue(links.isEmpty()); + + // Login to account mgmt first + profilePage.open(CHILD_IDP); + WaitUtils.waitForPageToLoad(); + + Assert.assertTrue(loginPage.isCurrent(CHILD_IDP)); + loginPage.login("child", "password"); + profilePage.assertCurrent(); + + // Now in another tab, open login screen with "prompt=login" . Login screen will be displayed even if I have SSO cookie + UriBuilder linkBuilder = UriBuilder.fromUri(appPage.getInjectedUrl().toString()) + .path("nosuch"); + String linkUrl = linkBuilder.clone() + .queryParam(OIDCLoginProtocol.PROMPT_PARAM, OIDCLoginProtocol.PROMPT_VALUE_LOGIN) + .build().toString(); + + navigateTo(linkUrl); + Assert.assertTrue(loginPage.isCurrent(CHILD_IDP)); + loginPage.clickSocial(PARENT_IDP); + Assert.assertTrue(loginPage.isCurrent(PARENT_IDP)); + loginPage.login(PARENT_USERNAME, "password"); + + // Test I was not automatically linked. + links = realm.users().get(childUserId).getFederatedIdentity(); + Assert.assertTrue(links.isEmpty()); + + loginUpdateProfilePage.assertCurrent(); + loginUpdateProfilePage.update("Joe", "Doe", "joe@parent.com"); + + errorPage.assertCurrent(); + Assert.assertEquals("You are already authenticated as different user 'child' in this session. Please logout first.", errorPage.getError()); + + logoutAll(); + + // Remove newly created user + String newUserId = ApiUtil.findUserByUsername(realm, "parent").getId(); + getCleanup("child").addUserId(newUserId); + } + + + @Test + public void testAccountLinkingExpired() throws Exception { + RealmResource realm = adminClient.realms().realm(CHILD_IDP); + List links = realm.users().get(childUserId).getFederatedIdentity(); + Assert.assertTrue(links.isEmpty()); + + // Login to account mgmt first + profilePage.open(CHILD_IDP); + WaitUtils.waitForPageToLoad(); + + Assert.assertTrue(loginPage.isCurrent(CHILD_IDP)); + loginPage.login("child", "password"); + profilePage.assertCurrent(); + + // Now in another tab, request account linking + UriBuilder linkBuilder = UriBuilder.fromUri(appPage.getInjectedUrl().toString()) + .path("link"); + String linkUrl = linkBuilder.clone() + .queryParam("realm", CHILD_IDP) + .queryParam("provider", PARENT_IDP).build().toString(); + navigateTo(linkUrl); + + Assert.assertTrue(loginPage.isCurrent(PARENT_IDP)); + + // Logout "child" userSession in the meantime (for example through admin request) + realm.logoutAll(); + + // Finish login on parent. + loginPage.login(PARENT_USERNAME, "password"); + + // Test I was not automatically linked + links = realm.users().get(childUserId).getFederatedIdentity(); + Assert.assertTrue(links.isEmpty()); + + errorPage.assertCurrent(); + Assert.assertEquals("Requested broker account linking, but current session is no longer valid.", errorPage.getError()); + + logoutAll(); + } + + private void navigateTo(String uri) { + driver.navigate().to(uri); + WaitUtils.waitForPageToLoad(); + } + + + +} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLServletsAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLServletsAdapterTest.java index b62ba31b8aa..a2b263445c6 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLServletsAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLServletsAdapterTest.java @@ -397,7 +397,7 @@ public abstract class AbstractSAMLServletsAdapterTest extends AbstractServletsAd private void checkLoggedOut(AbstractPage page, Login loginPage) { page.navigateTo(); - waitForPageToLoad(driver); + waitForPageToLoad(); assertCurrentUrlStartsWith(loginPage); } @@ -950,7 +950,7 @@ public abstract class AbstractSAMLServletsAdapterTest extends AbstractServletsAd assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage); testRealmSAMLPostLoginPage.form().login("bburke", "password"); assertCurrentUrlStartsWith(employeeServletPage); - waitForPageToLoad(driver); + waitForPageToLoad(); String pageSource = driver.getPageSource(); assertThat(pageSource, containsString("Relay state: " + SamlSPFacade.RELAY_STATE)); assertThat(pageSource, not(containsString("SAML response: null"))); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/cluster/AbstractSAMLAdapterClusterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/cluster/AbstractSAMLAdapterClusterTest.java index 3868fb5ceeb..f71b757eac0 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/cluster/AbstractSAMLAdapterClusterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/cluster/AbstractSAMLAdapterClusterTest.java @@ -17,7 +17,6 @@ package org.keycloak.testsuite.adapter.servlet.cluster; import org.keycloak.admin.client.resource.RealmResource; -import org.keycloak.admin.client.resource.UsersResource; import org.keycloak.representations.idm.*; import org.keycloak.testsuite.Retry; import org.keycloak.testsuite.adapter.page.EmployeeServletDistributable; @@ -38,7 +37,6 @@ import java.net.URL; import java.nio.file.Path; import java.nio.file.Paths; import java.util.List; -import java.util.function.Consumer; import org.apache.commons.io.FileUtils; import org.apache.commons.lang3.math.NumberUtils; import org.jboss.arquillian.container.test.api.*; @@ -50,14 +48,21 @@ import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; +import org.keycloak.testsuite.util.Matchers; +import org.keycloak.testsuite.util.SamlClient; +import org.keycloak.testsuite.util.SamlClient.Binding; +import org.keycloak.testsuite.util.SamlClientBuilder; +import java.net.MalformedURLException; +import java.util.function.BiConsumer; +import org.apache.http.client.methods.HttpGet; import org.openqa.selenium.TimeoutException; import org.openqa.selenium.WebDriver; -import org.openqa.selenium.support.PageFactory; import org.openqa.selenium.support.ui.WebDriverWait; -import static org.hamcrest.Matchers.*; +import static org.hamcrest.Matchers.containsString; +import static org.hamcrest.Matchers.is; +import static org.hamcrest.Matchers.not; import static org.junit.Assert.assertThat; -import static org.keycloak.testsuite.AbstractAuthTest.createUserRepresentation; import static org.keycloak.testsuite.admin.Users.setPasswordFor; import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.getNearestSuperclassWithAnnotation; import static org.keycloak.testsuite.auth.page.AuthRealm.DEMO; @@ -132,15 +137,21 @@ public abstract class AbstractSAMLAdapterClusterTest extends AbstractServletsAda public void startServer() throws Exception { prepareServerDirectory("standalone-" + NODE_1_NAME); controller.start(NODE_1_SERVER_NAME); - prepareWorkerNode(Integer.valueOf(System.getProperty("app.server.1.management.port"))); + prepareWorkerNode(0, Integer.valueOf(System.getProperty("app.server.1.management.port"))); prepareServerDirectory("standalone-" + NODE_2_NAME); controller.start(NODE_2_SERVER_NAME); - prepareWorkerNode(Integer.valueOf(System.getProperty("app.server.2.management.port"))); + prepareWorkerNode(1, Integer.valueOf(System.getProperty("app.server.2.management.port"))); deployer.deploy(EmployeeServletDistributable.DEPLOYMENT_NAME); deployer.deploy(EmployeeServletDistributable.DEPLOYMENT_NAME + "_2"); } - protected abstract void prepareWorkerNode(Integer managementPort) throws Exception; + /** + * Prepares a worker node + * @param nodeIndex Node index, counting from 0 + * @param managementPort Port for management operations on this node + * @throws Exception + */ + protected abstract void prepareWorkerNode(int nodeIndex, Integer managementPort) throws Exception; @After public void stopServer() { @@ -157,41 +168,103 @@ public abstract class AbstractSAMLAdapterClusterTest extends AbstractServletsAda loginActionsPage.setAuthRealm(DEMO); } - protected void testLogoutViaSessionIndex(URL employeeUrl, Consumer logoutFunction) { - EmployeeServletDistributable page = PageFactory.initElements(driver, EmployeeServletDistributable.class); - page.setUrl(employeeUrl); - page.getUriBuilder().port(HTTP_PORT_NODE_REVPROXY); - - UserRepresentation bburkeUser = createUserRepresentation("bburke", "bburke@redhat.com", "Bill", "Burke", true); + protected void testLogoutViaSessionIndex(URL employeeUrl, boolean forceRefreshAtOtherNode, BiConsumer logoutFunction) { setPasswordFor(bburkeUser, CredentialRepresentation.PASSWORD); - assertSuccessfulLogin(page, bburkeUser, testRealmSAMLPostLoginPage, "principal=bburke"); + final String employeeUrlString; + try { + URL employeeUrlAtRevProxy = new URL(employeeUrl.getProtocol(), employeeUrl.getHost(), HTTP_PORT_NODE_REVPROXY, employeeUrl.getFile()); + employeeUrlString = employeeUrlAtRevProxy.toString(); + } catch (MalformedURLException ex) { + throw new RuntimeException(ex); + } - updateProxy(NODE_2_NAME, NODE_2_URI, NODE_1_URI); - logoutFunction.accept(page); - delayedCheckLoggedOut(page, loginActionsPage); + SamlClientBuilder builder = new SamlClientBuilder() + // Go to employee URL at reverse proxy which is set to forward to first node + .navigateTo(employeeUrlString) + // process redirection to login page + .processSamlResponse(Binding.POST).build() + .login().user(bburkeUser).build() + .processSamlResponse(Binding.POST).build() + + // Returned to the page + .assertResponse(Matchers.bodyHC(containsString("principal=bburke"))) + + // Update the proxy to forward to the second node. + .addStep(() -> updateProxy(NODE_2_NAME, NODE_2_URI, NODE_1_URI)); + + if (forceRefreshAtOtherNode) { + // Go to employee URL at reverse proxy which is set to forward to _second_ node now + builder + .navigateTo(employeeUrlString) + .doNotFollowRedirects() + .assertResponse(Matchers.bodyHC(containsString("principal=bburke"))); + } + + // Logout at the _second_ node + logoutFunction.accept(builder, employeeUrlString); + + SamlClient samlClient = builder.execute(); + delayedCheckLoggedOut(samlClient, employeeUrlString); + + // Update the proxy to forward to the first node. updateProxy(NODE_1_NAME, NODE_1_URI, NODE_2_URI); - delayedCheckLoggedOut(page, loginActionsPage); + delayedCheckLoggedOut(samlClient, employeeUrlString); + } + + private void delayedCheckLoggedOut(SamlClient samlClient, String url) { + Retry.execute(() -> { + samlClient.execute( + (client, currentURI, currentResponse, context) -> new HttpGet(url), + (client, currentURI, currentResponse, context) -> { + assertThat(currentResponse, Matchers.bodyHC(not(containsString("principal=bburke")))); + return null; + } + ); + }, 10, 300); + } + + private void logoutViaAdminConsole() { + RealmResource demoRealm = adminClient.realm(DEMO); + String bburkeId = ApiUtil.findUserByUsername(demoRealm, "bburke").getId(); + demoRealm.users().get(bburkeId).logout(); + log.infov("Logged out via admin console"); } @Test - public void testBackchannelLogout(@ArquillianResource + public void testAdminInitiatedBackchannelLogout(@ArquillianResource @OperateOnDeployment(value = EmployeeServletDistributable.DEPLOYMENT_NAME) URL employeeUrl) throws Exception { - testLogoutViaSessionIndex(employeeUrl, (EmployeeServletDistributable page) -> { - RealmResource demoRealm = adminClient.realm(DEMO); - String bburkeId = ApiUtil.findUserByUsername(demoRealm, "bburke").getId(); - demoRealm.users().get(bburkeId).logout(); - log.infov("Logged out via admin console"); + testLogoutViaSessionIndex(employeeUrl, false, (builder, url) -> builder.addStep(this::logoutViaAdminConsole)); + } + + @Test + public void testAdminInitiatedBackchannelLogoutWithAssertionOfLoggedIn(@ArquillianResource + @OperateOnDeployment(value = EmployeeServletDistributable.DEPLOYMENT_NAME) URL employeeUrl) throws Exception { + testLogoutViaSessionIndex(employeeUrl, true, (builder, url) -> builder.addStep(this::logoutViaAdminConsole)); + } + + @Test + public void testUserInitiatedFrontchannelLogout(@ArquillianResource + @OperateOnDeployment(value = EmployeeServletDistributable.DEPLOYMENT_NAME) URL employeeUrl) throws Exception { + testLogoutViaSessionIndex(employeeUrl, false, (builder, url) -> { + builder + .navigateTo(url + "?GLO=true") + .processSamlResponse(Binding.POST).build() // logout request + .processSamlResponse(Binding.POST).build() // logout response + ; }); } @Test - public void testFrontchannelLogout(@ArquillianResource + public void testUserInitiatedFrontchannelLogoutWithAssertionOfLoggedIn(@ArquillianResource @OperateOnDeployment(value = EmployeeServletDistributable.DEPLOYMENT_NAME) URL employeeUrl) throws Exception { - testLogoutViaSessionIndex(employeeUrl, (EmployeeServletDistributable page) -> { - page.logout(); - log.infov("Logged out via application"); + testLogoutViaSessionIndex(employeeUrl, true, (builder, url) -> { + builder + .navigateTo(url + "?GLO=true") + .processSamlResponse(Binding.POST).build() // logout request + .processSamlResponse(Binding.POST).build() // logout response + ; }); } @@ -223,7 +296,7 @@ public abstract class AbstractSAMLAdapterClusterTest extends AbstractServletsAda protected void checkLoggedOut(AbstractPage page, AuthRealm loginPage) { page.navigateTo(); - WaitUtils.waitForPageToLoad(driver); + WaitUtils.waitForPageToLoad(); assertCurrentUrlStartsWith(loginPage); } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/DatabaseServiceExample.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowLinkAndExchangeTest.java similarity index 50% rename from testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/DatabaseServiceExample.java rename to testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowLinkAndExchangeTest.java index c856064a9d3..523015692d4 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/DatabaseServiceExample.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowLinkAndExchangeTest.java @@ -14,32 +14,29 @@ * See the License for the specific language governing permissions and * limitations under the License. */ +package org.keycloak.testsuite.adapter.undertow.servlet; -package org.keycloak.testsuite.adapter.page; - -import org.jboss.arquillian.container.test.api.OperateOnDeployment; -import org.jboss.arquillian.test.api.ArquillianResource; -import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl; - -import java.net.URL; +import org.junit.Test; +import org.keycloak.testsuite.adapter.servlet.AbstractClientInitiatedAccountLinkTest; +import org.keycloak.testsuite.adapter.servlet.AbstractLinkAndExchangeTest; +import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; /** * - * @author tkyjovsk + * @author Vlastislav Ramik */ -public class DatabaseServiceExample extends AbstractPageWithInjectedUrl { +@AppServerContainer("auth-server-undertow") +public class UndertowLinkAndExchangeTest extends AbstractLinkAndExchangeTest { - public static final String DEPLOYMENT_NAME = "database-service-example"; + //@Test + public void testUi() throws Exception { + Thread.sleep(1000000000); - @ArquillianResource - @OperateOnDeployment(DEPLOYMENT_NAME) - private URL url; - - @Override - public URL getInjectedUrl() { - //EAP6 URL fix - URL fixedUrl = createInjectedURL("database"); - return fixedUrl != null ? fixedUrl : url; } + @Override + @Test + public void testAccountLink() throws Exception { + super.testAccountLink(); + } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AbstractAdminTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AbstractAdminTest.java old mode 100644 new mode 100755 diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java index 4c472fba5f1..11eac1202a2 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java @@ -22,6 +22,7 @@ import java.util.List; import org.jboss.arquillian.container.test.api.Deployment; import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.junit.BeforeClass; import org.junit.Test; import org.keycloak.admin.client.resource.ClientsResource; import org.keycloak.authorization.AuthorizationProvider; @@ -37,6 +38,7 @@ import org.keycloak.representations.idm.authorization.Logic; import org.keycloak.representations.idm.authorization.ResourceServerRepresentation; import org.keycloak.representations.idm.authorization.RolePolicyRepresentation; import org.keycloak.testsuite.AbstractKeycloakTest; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.runonserver.RunOnServerDeployment; import org.keycloak.testsuite.util.ClientBuilder; import org.keycloak.testsuite.util.RealmBuilder; @@ -48,6 +50,11 @@ import org.keycloak.util.JsonSerialization; */ public class AuthzCleanupTest extends AbstractKeycloakTest { + @BeforeClass + public static void enabled() { + ProfileAssume.assumePreview(); + } + @Deployment public static WebArchive deploy() { return RunOnServerDeployment.create(); @@ -78,7 +85,7 @@ public class AuthzCleanupTest extends AbstractKeycloakTest { session.getContext().setRealm(realm); AuthorizationProvider authz = session.getProvider(AuthorizationProvider.class); ClientModel myclient = realm.getClientByClientId("myclient"); - ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(myclient.getId()); + ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findById(myclient.getId()); createRolePolicy(authz, resourceServer, "client-role-1"); createRolePolicy(authz, resourceServer, "client-role-2"); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java index 16b080497c5..42dbdb08560 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java @@ -1829,7 +1829,7 @@ public class PermissionsTest extends AbstractKeycloakTest { for (Method m : rep.getClass().getDeclaredMethods()) { if (m.getParameters().length == 0 && m.getName().startsWith("get") && !ignoreList.contains(m.getName())) { - try { + try { Object o = m.invoke(rep); assertNull("Expected " + m.getName() + " to be null", o); } catch (Exception e) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java index 58193e9ff1a..8442339e7be 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java @@ -40,6 +40,7 @@ import org.keycloak.models.PasswordPolicy; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.representations.idm.ClientRepresentation; +import org.keycloak.representations.idm.ComponentRepresentation; import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.ErrorRepresentation; import org.keycloak.representations.idm.FederatedIdentityRepresentation; @@ -50,7 +51,10 @@ import org.keycloak.representations.idm.RequiredActionProviderRepresentation; import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.services.resources.RealmsResource; +import org.keycloak.storage.UserStorageProvider; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; +import org.keycloak.testsuite.federation.DummyUserFederationProvider; +import org.keycloak.testsuite.federation.DummyUserFederationProviderFactory; import org.keycloak.testsuite.page.LoginPasswordUpdatePage; import org.keycloak.testsuite.pages.ErrorPage; import org.keycloak.testsuite.pages.InfoPage; @@ -120,11 +124,12 @@ public class UserTest extends AbstractAdminTest { @Deployment public static WebArchive deploy() { return RunOnServerDeployment.create( - AbstractAdminTest.class, - AbstractTestRealmKeycloakTest.class, + AbstractAdminTest.class, + AbstractTestRealmKeycloakTest.class, + DummyUserFederationProviderFactory.class, DummyUserFederationProvider.class, UserResource.class); } - + public String createUser() { return createUser("user1", "user1@localhost"); } @@ -189,13 +194,13 @@ public class UserTest extends AbstractAdminTest { assertEquals(409, response.getStatus()); response.close(); } - + @Test public void createUserWithHashedCredentials() { UserRepresentation user = new UserRepresentation(); user.setUsername("user_creds"); user.setEmail("email@localhost"); - + CredentialRepresentation hashedPassword = new CredentialRepresentation(); hashedPassword.setAlgorithm("my-algorithm"); hashedPassword.setCounter(11); @@ -207,11 +212,11 @@ public class UserTest extends AbstractAdminTest { hashedPassword.setPeriod(99); hashedPassword.setSalt(Base64.encodeBytes("theSalt".getBytes())); hashedPassword.setType(CredentialRepresentation.PASSWORD); - + user.setCredentials(Arrays.asList(hashedPassword)); - + createUser(user); - + CredentialModel credentialHashed = fetchCredentials("user_creds"); assertNotNull("Expecting credential", credentialHashed); assertEquals("my-algorithm", credentialHashed.getAlgorithm()); @@ -225,7 +230,7 @@ public class UserTest extends AbstractAdminTest { assertEquals("theSalt", new String(credentialHashed.getSalt())); assertEquals(CredentialRepresentation.PASSWORD, credentialHashed.getType()); } - + @Test public void createUserWithRawCredentials() { UserRepresentation user = new UserRepresentation(); @@ -236,7 +241,7 @@ public class UserTest extends AbstractAdminTest { rawPassword.setValue("ABCD"); rawPassword.setType(CredentialRepresentation.PASSWORD); user.setCredentials(Arrays.asList(rawPassword)); - + createUser(user); CredentialModel credential = fetchCredentials("user_rawpw"); @@ -246,7 +251,7 @@ public class UserTest extends AbstractAdminTest { assertNotEquals("ABCD", credential.getValue()); assertEquals(CredentialRepresentation.PASSWORD, credential.getType()); } - + private CredentialModel fetchCredentials(String username) { return getTestingClient().server(REALM_NAME).fetch(session -> { RealmModel realm = session.getContext().getRealm(); @@ -256,7 +261,7 @@ public class UserTest extends AbstractAdminTest { return storedCredentialsByType.get(0); }, CredentialModel.class); } - + @Test public void createDuplicatedUser3() { createUser(); @@ -267,7 +272,7 @@ public class UserTest extends AbstractAdminTest { assertEquals(409, response.getStatus()); response.close(); } - + @Test public void createDuplicatedUser4() { createUser(); @@ -290,7 +295,7 @@ public class UserTest extends AbstractAdminTest { assertEquals(409, response.getStatus()); response.close(); } - + @Test public void createDuplicatedUser6() { createUser(); @@ -317,7 +322,33 @@ public class UserTest extends AbstractAdminTest { assertAdminEvents.assertEmpty(); } - + + @Test + public void createUserWithFederationLink() { + + // add a dummy federation provider + ComponentRepresentation dummyFederationProvider = new ComponentRepresentation(); + dummyFederationProvider.setId(DummyUserFederationProviderFactory.PROVIDER_NAME); + dummyFederationProvider.setName(DummyUserFederationProviderFactory.PROVIDER_NAME); + dummyFederationProvider.setProviderId(DummyUserFederationProviderFactory.PROVIDER_NAME); + dummyFederationProvider.setProviderType(UserStorageProvider.class.getName()); + adminClient.realms().realm(REALM_NAME).components().add(dummyFederationProvider); + + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.componentPath(DummyUserFederationProviderFactory.PROVIDER_NAME), dummyFederationProvider, ResourceType.COMPONENT); + + UserRepresentation user = new UserRepresentation(); + user.setUsername("user1"); + user.setEmail("user1@localhost"); + user.setFederationLink(DummyUserFederationProviderFactory.PROVIDER_NAME); + + String userId = createUser(user); + + // fetch user again and see federation link filled in + UserRepresentation createdUser = realm.users().get(userId).toRepresentation(); + assertNotNull(createdUser); + assertEquals(user.getFederationLink(), createdUser.getFederationLink()); + } + private void createUsers() { for (int i = 1; i < 10; i++) { UserRepresentation user = new UserRepresentation(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTotpTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTotpTest.java index 1e349d9e55b..f2448e1df5d 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTotpTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTotpTest.java @@ -28,7 +28,7 @@ import org.keycloak.models.utils.TimeBasedOTP; import org.keycloak.representations.idm.AdminEventRepresentation; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.UserRepresentation; -import org.keycloak.services.resources.AccountService; +import org.keycloak.services.resources.account.AccountFormService; import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; import org.keycloak.testsuite.pages.AccountTotpPage; @@ -45,7 +45,7 @@ import java.util.List; public class UserTotpTest extends AbstractTestRealmKeycloakTest { private static final UriBuilder BASE = UriBuilder.fromUri("http://localhost:8180/auth"); - public static String ACCOUNT_REDIRECT = AccountService.loginRedirectUrl(BASE.clone()).build("test").toString(); + public static String ACCOUNT_REDIRECT = AccountFormService.loginRedirectUrl(BASE.clone()).build("test").toString(); @Rule public AssertEvents events = new AssertEvents(this); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java index eb3d2df4c9c..6ff3bbe9217 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java @@ -19,8 +19,10 @@ package org.keycloak.testsuite.admin.client; import org.junit.After; import org.junit.Before; +import org.junit.BeforeClass; import org.junit.Test; import org.keycloak.admin.client.resource.ClientResource; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.arquillian.AuthServerTestEnricher; @@ -52,11 +54,9 @@ public class InstallationTest extends AbstractClientTest { public void createClients() { oidcClientId = createOidcClient(OIDC_NAME); oidcBearerOnlyClientId = createOidcBearerOnlyClient(OIDC_NAME_BEARER_ONLY_NAME); - oidcBearerOnlyClientWithAuthzId = createOidcBearerOnlyClientWithAuthz(OIDC_NAME_BEARER_ONLY_WITH_AUTHZ_NAME); oidcClient = findClientResource(OIDC_NAME); oidcBearerOnlyClient = findClientResource(OIDC_NAME_BEARER_ONLY_NAME); - oidcBearerOnlyClientWithAuthz = findClientResource(OIDC_NAME_BEARER_ONLY_WITH_AUTHZ_NAME); samlClientId = createSamlClient(SAML_NAME); samlClient = findClientResource(SAML_NAME); @@ -66,7 +66,6 @@ public class InstallationTest extends AbstractClientTest { public void tearDown() { removeClient(oidcClientId); removeClient(oidcBearerOnlyClientId); - removeClient(oidcBearerOnlyClientWithAuthzId); removeClient(samlClientId); } @@ -102,12 +101,19 @@ public class InstallationTest extends AbstractClientTest { @Test public void testOidcBearerOnlyWithAuthzJson() { + ProfileAssume.assumePreview(); + + oidcBearerOnlyClientWithAuthzId = createOidcBearerOnlyClientWithAuthz(OIDC_NAME_BEARER_ONLY_WITH_AUTHZ_NAME); + oidcBearerOnlyClientWithAuthz = findClientResource(OIDC_NAME_BEARER_ONLY_WITH_AUTHZ_NAME); + String json = oidcBearerOnlyClientWithAuthz.getInstallationProvider("keycloak-oidc-keycloak-json"); assertOidcInstallationConfig(json); assertThat(json, containsString("bearer-only")); assertThat(json, not(containsString("public-client"))); assertThat(json, containsString("credentials")); assertThat(json, containsString("secret")); + + removeClient(oidcBearerOnlyClientWithAuthzId); } private void assertOidcInstallationConfig(String config) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AbstractPolicyManagementTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AbstractPolicyManagementTest.java index 41f3890f6c5..77045a10728 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AbstractPolicyManagementTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AbstractPolicyManagementTest.java @@ -31,6 +31,7 @@ import java.util.function.Supplier; import javax.ws.rs.core.Response; import org.junit.Before; +import org.junit.BeforeClass; import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ClientsResource; import org.keycloak.admin.client.resource.RealmResource; @@ -41,6 +42,7 @@ import org.keycloak.representations.idm.authorization.ResourceRepresentation; import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.representations.idm.authorization.UserPolicyRepresentation; import org.keycloak.testsuite.AbstractKeycloakTest; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.util.ClientBuilder; import org.keycloak.testsuite.util.RealmBuilder; import org.keycloak.testsuite.util.UserBuilder; @@ -50,6 +52,11 @@ import org.keycloak.testsuite.util.UserBuilder; */ public abstract class AbstractPolicyManagementTest extends AbstractKeycloakTest { + @BeforeClass + public static void enabled() { + ProfileAssume.assumePreview(); + } + @Override public void addTestRealms(List testRealms) { testRealms.add(createTestRealm().build()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AbstractAuthzTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AbstractAuthzTest.java new file mode 100644 index 00000000000..00917cd6d77 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AbstractAuthzTest.java @@ -0,0 +1,16 @@ +package org.keycloak.testsuite.authz; + +import org.junit.BeforeClass; +import org.keycloak.testsuite.AbstractKeycloakTest; +import org.keycloak.testsuite.ProfileAssume; + +/** + * @author mhajas + */ +public abstract class AbstractAuthzTest extends AbstractKeycloakTest { + + @BeforeClass + public static void enabled() { + ProfileAssume.assumePreview(); + } +} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AuthzClientCredentialsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AuthzClientCredentialsTest.java index 2e9086a2b3e..38a194dd2a5 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AuthzClientCredentialsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AuthzClientCredentialsTest.java @@ -64,7 +64,7 @@ import org.keycloak.testsuite.util.UserBuilder; * @author Bill Burke * @version $Revision: 1 $ */ -public class AuthzClientCredentialsTest extends AbstractKeycloakTest { +public class AuthzClientCredentialsTest extends AbstractAuthzTest { @Override public void addTestRealms(List testRealms) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/ConflictingScopePermissionTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/ConflictingScopePermissionTest.java index 450820ed5ed..d7f8c6bb53f 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/ConflictingScopePermissionTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/ConflictingScopePermissionTest.java @@ -59,7 +59,7 @@ import org.keycloak.util.JsonSerialization; * @author Bill Burke * @version $Revision: 1 $ */ -public class ConflictingScopePermissionTest extends AbstractKeycloakTest { +public class ConflictingScopePermissionTest extends AbstractAuthzTest { @Override public void addTestRealms(List testRealms) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/EntitlementAPITest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/EntitlementAPITest.java index 0f2ac61da42..2145c6f82e5 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/EntitlementAPITest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/EntitlementAPITest.java @@ -58,7 +58,7 @@ import org.keycloak.util.JsonSerialization; /** * @author Pedro Igor */ -public class EntitlementAPITest extends AbstractKeycloakTest { +public class EntitlementAPITest extends AbstractAuthzTest { private AuthzClient authzClient; diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/GroupNamePolicyTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/GroupNamePolicyTest.java index cc4b9118f96..256c24c69b2 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/GroupNamePolicyTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/GroupNamePolicyTest.java @@ -63,7 +63,7 @@ import org.keycloak.util.JsonSerialization; /** * @author Pedro Igor */ -public class GroupNamePolicyTest extends AbstractKeycloakTest { +public class GroupNamePolicyTest extends AbstractAuthzTest { @Override public void addTestRealms(List testRealms) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/GroupPathPolicyTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/GroupPathPolicyTest.java index 19f74b42fc7..9b3b72862c0 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/GroupPathPolicyTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/GroupPathPolicyTest.java @@ -66,7 +66,7 @@ import org.keycloak.util.JsonSerialization; /** * @author Pedro Igor */ -public class GroupPathPolicyTest extends AbstractKeycloakTest { +public class GroupPathPolicyTest extends AbstractAuthzTest { @Override public void addTestRealms(List testRealms) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationCompositeRoleTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationCompositeRoleTest.java index e5f84e26dc1..1c571473713 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationCompositeRoleTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationCompositeRoleTest.java @@ -19,6 +19,7 @@ package org.keycloak.testsuite.authz; import org.jboss.arquillian.container.test.api.Deployment; import org.jboss.shrinkwrap.api.spec.WebArchive; import org.junit.Assert; +import org.junit.BeforeClass; import org.junit.Test; import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.authorization.AuthorizationProvider; @@ -42,6 +43,7 @@ import org.keycloak.representations.idm.authorization.PolicyEvaluationResponse; import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation; import org.keycloak.testsuite.AbstractKeycloakTest; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.runonserver.RunOnServerDeployment; import java.util.HashMap; @@ -54,7 +56,8 @@ import static org.keycloak.testsuite.auth.page.AuthRealm.TEST; * @author Bill Burke * @version $Revision: 1 $ */ -public class PolicyEvaluationCompositeRoleTest extends AbstractKeycloakTest { +public class PolicyEvaluationCompositeRoleTest extends AbstractAuthzTest { + @Override public void addTestRealms(List testRealms) { RealmRepresentation testRealmRep = new RealmRepresentation(); @@ -63,10 +66,10 @@ public class PolicyEvaluationCompositeRoleTest extends AbstractKeycloakTest { testRealmRep.setEnabled(true); testRealms.add(testRealmRep); } - + @Deployment public static WebArchive deploy() { - return RunOnServerDeployment.create(); + return RunOnServerDeployment.create(AbstractAuthzTest.class); } public static void setup(KeycloakSession session) { @@ -84,7 +87,7 @@ public class PolicyEvaluationCompositeRoleTest extends AbstractKeycloakTest { Policy policy = createRolePolicy(authz, resourceServer, role1); Scope scope = authz.getStoreFactory().getScopeStore().create("myscope", resourceServer); - Resource resource = authz.getStoreFactory().getResourceStore().create("myresource", resourceServer, resourceServer.getClientId()); + Resource resource = authz.getStoreFactory().getResourceStore().create("myresource", resourceServer, resourceServer.getId()); addScopePermission(authz, resourceServer, "mypermission", resource, scope, policy); RoleModel composite = realm.addRole("composite"); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/RequireUmaAuthorizationScopeTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/RequireUmaAuthorizationScopeTest.java index cf54a66a62b..0b24c2aeafb 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/RequireUmaAuthorizationScopeTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/RequireUmaAuthorizationScopeTest.java @@ -55,7 +55,7 @@ import org.keycloak.util.JsonSerialization; /** * @author Pedro Igor */ -public class RequireUmaAuthorizationScopeTest extends AbstractKeycloakTest { +public class RequireUmaAuthorizationScopeTest extends AbstractAuthzTest { @Override public void addTestRealms(List testRealms) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/RolePolicyTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/RolePolicyTest.java index 93aa5ca2098..994e52e8358 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/RolePolicyTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/RolePolicyTest.java @@ -59,7 +59,7 @@ import org.keycloak.util.JsonSerialization; /** * @author Pedro Igor */ -public class RolePolicyTest extends AbstractKeycloakTest { +public class RolePolicyTest extends AbstractAuthzTest { @Override public void addTestRealms(List testRealms) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerConfiguration.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerConfiguration.java index 61664a9fc44..2f15ff68429 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerConfiguration.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerConfiguration.java @@ -105,7 +105,12 @@ public class KcOidcBrokerConfiguration implements BrokerConfiguration { IdentityProviderRepresentation idp = createIdentityProvider(IDP_OIDC_ALIAS, IDP_OIDC_PROVIDER_ID); Map config = idp.getConfig(); + applyDefaultConfiguration(suiteContext, config); + return idp; + } + + protected void applyDefaultConfiguration(final SuiteContext suiteContext, final Map config) { config.put("clientId", CLIENT_ID); config.put("clientSecret", CLIENT_SECRET); config.put("prompt", "login"); @@ -115,8 +120,6 @@ public class KcOidcBrokerConfiguration implements BrokerConfiguration { config.put("userInfoUrl", getAuthRoot(suiteContext) + "/auth/realms/" + REALM_PROV_NAME + "/protocol/openid-connect/userinfo"); config.put("defaultScope", "email profile"); config.put("backchannelSupported", "true"); - - return idp; } @Override diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerLoginHintTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerLoginHintTest.java new file mode 100644 index 00000000000..49ed3623742 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerLoginHintTest.java @@ -0,0 +1,114 @@ +package org.keycloak.testsuite.broker; + +import java.util.List; +import java.util.Map; + +import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_ALIAS; +import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_PROVIDER_ID; +import static org.keycloak.testsuite.broker.BrokerTestConstants.USER_EMAIL; +import static org.keycloak.testsuite.broker.BrokerTestTools.createIdentityProvider; +import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage; +import org.keycloak.admin.client.resource.UsersResource; +import org.keycloak.broker.oidc.mappers.ExternalKeycloakRoleToRoleMapper; +import org.keycloak.representations.idm.IdentityProviderMapperRepresentation; +import org.keycloak.representations.idm.IdentityProviderRepresentation; +import org.keycloak.representations.idm.UserRepresentation; +import org.keycloak.testsuite.Assert; +import org.keycloak.testsuite.arquillian.SuiteContext; +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.Lists; + +public class KcOidcBrokerLoginHintTest extends AbstractBrokerTest { + + @Override + protected BrokerConfiguration getBrokerConfiguration() { + return new KcOidcBrokerConfigurationWithLoginHint(); + } + + @Override + protected String getAccountUrl(String realmName) { + return BrokerTestTools.getAuthRoot(suiteContext) + "/auth/realms/" + realmName + "/account"; + } + + @Override + protected Iterable createIdentityProviderMappers() { + IdentityProviderMapperRepresentation attrMapper1 = new IdentityProviderMapperRepresentation(); + attrMapper1.setName("manager-role-mapper"); + attrMapper1.setIdentityProviderMapper(ExternalKeycloakRoleToRoleMapper.PROVIDER_ID); + attrMapper1.setConfig(ImmutableMap.builder() + .put("external.role", "manager") + .put("role", "manager") + .build()); + + IdentityProviderMapperRepresentation attrMapper2 = new IdentityProviderMapperRepresentation(); + attrMapper2.setName("user-role-mapper"); + attrMapper2.setIdentityProviderMapper(ExternalKeycloakRoleToRoleMapper.PROVIDER_ID); + attrMapper2.setConfig(ImmutableMap.builder() + .put("external.role", "user") + .put("role", "user") + .build()); + + return Lists.newArrayList(attrMapper1, attrMapper2); + } + + private class KcOidcBrokerConfigurationWithLoginHint extends KcOidcBrokerConfiguration { + + @Override + public IdentityProviderRepresentation setUpIdentityProvider(SuiteContext suiteContext) { + IdentityProviderRepresentation idp = createIdentityProvider(IDP_OIDC_ALIAS, IDP_OIDC_PROVIDER_ID); + + Map config = idp.getConfig(); + applyDefaultConfiguration(suiteContext, config); + config.put("loginHint", "true"); + return idp; + } + } + + @Override + protected void loginUser() { + driver.navigate().to(getAccountUrl(bc.consumerRealmName())); + + driver.navigate().to(driver.getCurrentUrl() + "&login_hint=" + USER_EMAIL); + + log.debug("Clicking social " + bc.getIDPAlias()); + accountLoginPage.clickSocial(bc.getIDPAlias()); + + waitForPage(driver, "log in to"); + + Assert.assertTrue("Driver should be on the provider realm page right now", + driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/")); + + Assert.assertTrue("User identifiant should be fullfilled", + accountLoginPage.getUsername().equalsIgnoreCase(USER_EMAIL)); + + log.debug("Logging in"); + accountLoginPage.login(bc.getUserPassword()); + + waitForPage(driver, "update account information"); + + updateAccountInformationPage.assertCurrent(); + Assert.assertTrue("We must be on correct realm right now", + driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/")); + + log.debug("Updating info on updateAccount page"); + updateAccountInformationPage.updateAccountInformation(bc.getUserLogin(), bc.getUserEmail(), "Firstname", "Lastname"); + + UsersResource consumerUsers = adminClient.realm(bc.consumerRealmName()).users(); + + int userCount = consumerUsers.count(); + Assert.assertTrue("There must be at least one user", userCount > 0); + + List users = consumerUsers.search("", 0, userCount); + + boolean isUserFound = false; + for (UserRepresentation user : users) { + if (user.getUsername().equals(bc.getUserLogin()) && user.getEmail().equals(bc.getUserEmail())) { + isUserFound = true; + break; + } + } + + Assert.assertTrue("There must be user " + bc.getUserLogin() + " in realm " + bc.consumerRealmName(), + isUserFound); + } +} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerNoLoginHintTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerNoLoginHintTest.java new file mode 100644 index 00000000000..d812ea4f2a0 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerNoLoginHintTest.java @@ -0,0 +1,85 @@ +package org.keycloak.testsuite.broker; + +import java.util.List; +import java.util.Map; + +import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_ALIAS; +import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_PROVIDER_ID; +import static org.keycloak.testsuite.broker.BrokerTestConstants.USER_EMAIL; +import static org.keycloak.testsuite.broker.BrokerTestTools.createIdentityProvider; +import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage; +import org.apache.commons.lang3.StringUtils; +import org.keycloak.admin.client.resource.UsersResource; +import org.keycloak.representations.idm.IdentityProviderRepresentation; +import org.keycloak.representations.idm.UserRepresentation; +import org.keycloak.testsuite.Assert; +import org.keycloak.testsuite.arquillian.SuiteContext; + +public class KcOidcBrokerNoLoginHintTest extends KcOidcBrokerLoginHintTest { + + @Override + protected BrokerConfiguration getBrokerConfiguration() { + return new KcOidcBrokerConfigurationWithNoLoginHint(); + } + + private class KcOidcBrokerConfigurationWithNoLoginHint extends KcOidcBrokerConfiguration { + + @Override + public IdentityProviderRepresentation setUpIdentityProvider(SuiteContext suiteContext) { + IdentityProviderRepresentation idp = createIdentityProvider(IDP_OIDC_ALIAS, IDP_OIDC_PROVIDER_ID); + + Map config = idp.getConfig(); + applyDefaultConfiguration(suiteContext, config); + config.put("loginHint", "false"); + return idp; + } + } + + @Override + protected void loginUser() { + driver.navigate().to(getAccountUrl(bc.consumerRealmName())); + + driver.navigate().to(driver.getCurrentUrl() + "&login_hint=" + USER_EMAIL); + + log.debug("Clicking social " + bc.getIDPAlias()); + accountLoginPage.clickSocial(bc.getIDPAlias()); + + waitForPage(driver, "log in to"); + + Assert.assertTrue("Driver should be on the provider realm page right now", + driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/")); + + Assert.assertTrue("User identifiant should not be fullfilled", + StringUtils.isBlank(accountLoginPage.getUsername())); + + log.debug("Logging in"); + accountLoginPage.login(bc.getUserLogin(), bc.getUserPassword()); + + waitForPage(driver, "update account information"); + + updateAccountInformationPage.assertCurrent(); + Assert.assertTrue("We must be on correct realm right now", + driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/")); + + log.debug("Updating info on updateAccount page"); + updateAccountInformationPage.updateAccountInformation(bc.getUserLogin(), bc.getUserEmail(), "Firstname", "Lastname"); + + UsersResource consumerUsers = adminClient.realm(bc.consumerRealmName()).users(); + + int userCount = consumerUsers.count(); + Assert.assertTrue("There must be at least one user", userCount > 0); + + List users = consumerUsers.search("", 0, userCount); + + boolean isUserFound = false; + for (UserRepresentation user : users) { + if (user.getUsername().equals(bc.getUserLogin()) && user.getEmail().equals(bc.getUserEmail())) { + isUserFound = true; + break; + } + } + + Assert.assertTrue("There must be user " + bc.getUserLogin() + " in realm " + bc.consumerRealmName(), + isUserFound); + } +} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlBrokerConfiguration.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlBrokerConfiguration.java index da0bc2bbcc8..3f2d1d7a463 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlBrokerConfiguration.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlBrokerConfiguration.java @@ -143,7 +143,7 @@ public class KcSamlBrokerConfiguration implements BrokerConfiguration { config.put(POST_BINDING_AUTHN_REQUEST, "true"); config.put(VALIDATE_SIGNATURE, "false"); config.put(WANT_AUTHN_REQUESTS_SIGNED, "false"); - config.put(BACKCHANNEL_SUPPORTED, "true"); + config.put(BACKCHANNEL_SUPPORTED, "false"); return idp; } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/SocialLoginTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/SocialLoginTest.java index 096fb7657b4..e34dd784f3c 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/SocialLoginTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/SocialLoginTest.java @@ -20,6 +20,7 @@ import org.keycloak.testsuite.pages.social.GitHubLoginPage; import org.keycloak.testsuite.pages.social.GoogleLoginPage; import org.keycloak.testsuite.pages.social.LinkedInLoginPage; import org.keycloak.testsuite.pages.social.MicrosoftLoginPage; +import org.keycloak.testsuite.pages.social.PayPalLoginPage; import org.keycloak.testsuite.pages.social.StackOverflowLoginPage; import org.keycloak.testsuite.pages.social.TwitterLoginPage; import org.keycloak.testsuite.util.IdentityProviderBuilder; @@ -42,6 +43,7 @@ import static org.keycloak.testsuite.broker.SocialLoginTest.Provider.GITHUB; import static org.keycloak.testsuite.broker.SocialLoginTest.Provider.GOOGLE; import static org.keycloak.testsuite.broker.SocialLoginTest.Provider.LINKEDIN; import static org.keycloak.testsuite.broker.SocialLoginTest.Provider.MICROSOFT; +import static org.keycloak.testsuite.broker.SocialLoginTest.Provider.PAYPAL; import static org.keycloak.testsuite.broker.SocialLoginTest.Provider.OPENSHIFT; import static org.keycloak.testsuite.broker.SocialLoginTest.Provider.STACKOVERFLOW; import static org.keycloak.testsuite.broker.SocialLoginTest.Provider.TWITTER; @@ -70,6 +72,7 @@ public class SocialLoginTest extends AbstractKeycloakTest { TWITTER("twitter", TwitterLoginPage.class), LINKEDIN("linkedin", LinkedInLoginPage.class), MICROSOFT("microsoft", MicrosoftLoginPage.class), + PAYPAL("paypal", PayPalLoginPage.class), STACKOVERFLOW("stackoverflow", StackOverflowLoginPage.class), OPENSHIFT("openshift-v3", null); @@ -190,6 +193,13 @@ public class SocialLoginTest extends AbstractKeycloakTest { assertAccount(); } + @Test + public void paypalLogin() { + currentTestProvider = PAYPAL; + performLogin(); + assertAccount(); + } + @Test public void stackoverflowLogin() { currentTestProvider = STACKOVERFLOW; @@ -209,6 +219,9 @@ public class SocialLoginTest extends AbstractKeycloakTest { if (provider == OPENSHIFT) { idp.getConfig().put("baseUrl", config.getProperty(provider.id() + ".baseUrl", OpenshiftV3IdentityProvider.BASE_URL)); } + if (provider == PAYPAL) { + idp.getConfig().put("sandbox", getConfig(provider, "sandbox")); + } return idp; } @@ -225,10 +238,10 @@ public class SocialLoginTest extends AbstractKeycloakTest { // Just to be sure there's no redirect in progress WaitUtils.pause(3000); - WaitUtils.waitForPageToLoad(driver); + WaitUtils.waitForPageToLoad(); // Only when there's not active session for the social provider, i.e. login is required - if (URLUtils.currentUrlDoesntStartWith(driver, getAuthServerRoot().toASCIIString())) { + if (URLUtils.currentUrlDoesntStartWith(getAuthServerRoot().toASCIIString())) { log.infof("current URL: %s", driver.getCurrentUrl()); log.infof("performing log in to '%s' ...", currentTestProvider.id()); AbstractSocialLoginPage loginPage = Graphene.createPageFragment(currentTestProvider.pageObjectClazz(), driver.findElement(By.tagName("html"))); @@ -240,7 +253,7 @@ public class SocialLoginTest extends AbstractKeycloakTest { } private void assertAccount() { - assertTrue(URLUtils.currentUrlStartWith(driver, accountPage.toString())); // Sometimes after login the URL ends with /# or similar + assertTrue(URLUtils.currentUrlStartWith(accountPage.toString())); // Sometimes after login the URL ends with /# or similar assertEquals(getConfig("profile.firstName"), accountPage.getFirstName()); assertEquals(getConfig("profile.lastName"), accountPage.getLastName()); @@ -248,7 +261,7 @@ public class SocialLoginTest extends AbstractKeycloakTest { } private void assertUpdateProfile(boolean firstName, boolean lastName, boolean email) { - assertTrue(URLUtils.currentUrlDoesntStartWith(driver, accountPage.toString())); + assertTrue(URLUtils.currentUrlDoesntStartWith(accountPage.toString())); if (firstName) { assertTrue(updateAccountPage.fields().getFirstName().isEmpty()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/AbstractCrossDCTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/AbstractCrossDCTest.java index fd6300e4b0c..d8001628378 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/AbstractCrossDCTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/AbstractCrossDCTest.java @@ -16,6 +16,7 @@ */ package org.keycloak.testsuite.crossdc; +import org.apache.commons.io.FileUtils; import org.keycloak.admin.client.Keycloak; import org.keycloak.models.Constants; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; @@ -24,6 +25,8 @@ import org.keycloak.testsuite.arquillian.LoadBalancerController; import org.keycloak.testsuite.arquillian.annotation.LoadBalancer; import org.keycloak.testsuite.auth.page.AuthRealm; +import java.io.File; +import java.io.IOException; import java.util.Collections; import java.util.HashMap; import java.util.List; @@ -321,6 +324,45 @@ public abstract class AbstractCrossDCTest extends AbstractTestRealmKeycloakTest return dcNodes.stream().filter(c -> ! c.isManual()); } + /** + * Returns cache server corresponding to given DC + * @param dc + * @return + */ + public ContainerInfo getCacheServer(DC dc) { + int dcIndex = dc.ordinal(); + return this.suiteContext.getCacheServersInfo().get(dcIndex); + } + + + public void stopCacheServer(ContainerInfo cacheServer) { + log.infof("Stopping %s", cacheServer.getQualifier()); + + containerController.stop(cacheServer.getQualifier()); + + // Workaround for possible arquillian bug. Needs to cleanup dir manually + String setupCleanServerBaseDir = cacheServer.getArquillianContainer().getContainerConfiguration().getContainerProperties().get("setupCleanServerBaseDir"); + String cleanServerBaseDir = cacheServer.getArquillianContainer().getContainerConfiguration().getContainerProperties().get("cleanServerBaseDir"); + + if (Boolean.parseBoolean(setupCleanServerBaseDir)) { + log.infof("Going to clean directory: %s", cleanServerBaseDir); + + File dir = new File(cleanServerBaseDir); + if (dir.exists()) { + try { + FileUtils.cleanDirectory(dir); + + File deploymentsDir = new File(dir, "deployments"); + deploymentsDir.mkdir(); + } catch (IOException ioe) { + throw new RuntimeException("Failed to clean directory: " + cleanServerBaseDir, ioe); + } + } + } + + log.infof("Stopped %s", cacheServer.getQualifier()); + } + /** * Sets time offset on all the started containers. diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/BruteForceCrossDCTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/BruteForceCrossDCTest.java new file mode 100644 index 00000000000..ec572e90738 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/BruteForceCrossDCTest.java @@ -0,0 +1,231 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.crossdc; + +import java.io.IOException; +import java.net.URISyntaxException; + +import javax.ws.rs.NotFoundException; + +import org.junit.Before; +import org.junit.Test; +import org.keycloak.connections.infinispan.InfinispanConnectionProvider; +import org.keycloak.models.Constants; +import org.keycloak.models.RealmModel; +import org.keycloak.models.UserLoginFailureModel; +import org.keycloak.representations.idm.ClientRepresentation; +import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.representations.idm.UserRepresentation; +import org.keycloak.testsuite.Assert; +import org.keycloak.testsuite.Retry; +import org.keycloak.testsuite.client.KeycloakTestingClient; +import org.keycloak.testsuite.util.ClientBuilder; +import org.keycloak.testsuite.util.OAuthClient; +import org.keycloak.testsuite.util.RealmBuilder; +import org.keycloak.testsuite.util.UserBuilder; + +/** + * @author Marek Posolda + */ +public class BruteForceCrossDCTest extends AbstractAdminCrossDCTest { + + private static final String REALM_NAME = "brute-force-test"; + + @Before + public void beforeTest() { + try { + adminClient.realm(REALM_NAME).remove(); + } catch (NotFoundException ignore) { + } + + UserRepresentation user = UserBuilder.create() + .id("login-test-1") + .username("login-test-1") + .email("login-1@test.com") + .enabled(true) + .password("password") + .addRoles(Constants.OFFLINE_ACCESS_ROLE) + .build(); + + UserRepresentation user2 = UserBuilder.create() + .id("login-test-2") + .username("login-test-2") + .email("login-2@test.com") + .enabled(true) + .password("password") + .addRoles(Constants.OFFLINE_ACCESS_ROLE) + .build(); + + ClientRepresentation client = ClientBuilder.create() + .clientId("test-app") + .directAccessGrants() + .redirectUris("http://localhost:8180/auth/realms/master/app/*") + .addWebOrigin("http://localhost:8180") + .secret("password") + .build(); + + RealmRepresentation realmRep = RealmBuilder.create() + .name(REALM_NAME) + .user(user) + .user(user2) + .client(client) + .bruteForceProtected(true) + .build(); + + adminClient.realms().create(realmRep); + } + + + @Test + public void testBruteForceWithUserOperations() throws Exception { + // Enable 1st DC only + enableDcOnLoadBalancer(DC.FIRST); + enableDcOnLoadBalancer(DC.SECOND); + + // Clear all + adminClient.realms().realm(REALM_NAME).attackDetection().clearAllBruteForce(); + assertStatistics("After brute force cleared", 0, 0, 0); + + // Create 10 brute force statuses for user1. Assert available on both DC1 and DC2 + createBruteForceFailures(10, "login-test-1"); + assertStatistics("After brute force for user1 created", 10, 0, 1); + + // Create 10 brute force statuses for user2. Assert available on both DC1 and DC2createBruteForceFailures(10, "login-test-2");createBruteForceFailures(10, "login-test-2"); + createBruteForceFailures(10, "login-test-2"); + assertStatistics("After brute force for user2 created", 10, 10, 2); + + // Remove brute force for user1 + adminClient.realms().realm(REALM_NAME).attackDetection().clearBruteForceForUser("login-test-1"); + assertStatistics("After brute force for user1 cleared", 0, 10, 1); + + // Re-add 10 brute force statuses for user1 + createBruteForceFailures(10, "login-test-1"); + assertStatistics("After brute force for user1 re-created", 10, 10, 2); + + // Remove user1 + adminClient.realms().realm(REALM_NAME).users().get("login-test-1").remove(); + assertStatistics("After user1 removed", 0, 10, 1); + } + + + @Test + public void testBruteForceWithRealmOperations() throws Exception { + // Enable 1st DC only + enableDcOnLoadBalancer(DC.FIRST); + enableDcOnLoadBalancer(DC.SECOND); + + // Clear all + adminClient.realms().realm(REALM_NAME).attackDetection().clearAllBruteForce(); + assertStatistics("After brute force cleared", 0, 0, 0); + + // Create 10 brute force statuses for user1 and user2. + createBruteForceFailures(10, "login-test-1"); + createBruteForceFailures(10, "login-test-2"); + assertStatistics("After brute force for users created", 10, 10, 2); + + // Clear all + adminClient.realms().realm(REALM_NAME).attackDetection().clearAllBruteForce(); + assertStatistics("After brute force cleared for realm", 0, 0, 0); + + // Re-add 10 brute force statuses for users + createBruteForceFailures(10, "login-test-1"); + createBruteForceFailures(10, "login-test-2"); + assertStatistics("After brute force for users re-created", 10, 10, 2); + + // Remove realm + adminClient.realms().realm(REALM_NAME).remove(); + + Retry.execute(() -> { + int dc0CacheSize = getTestingClientForStartedNodeInDc(0).testing().cache(InfinispanConnectionProvider.LOGIN_FAILURE_CACHE_NAME).size(); + int dc1CacheSize = getTestingClientForStartedNodeInDc(1).testing().cache(InfinispanConnectionProvider.LOGIN_FAILURE_CACHE_NAME).size(); + Assert.assertEquals(0, dc0CacheSize); + Assert.assertEquals(0, dc1CacheSize); + }, 50, 50); + + } + + + @Test + public void testDuplicatedPutIfAbsentOperation() throws Exception { + // Enable 1st DC only + enableDcOnLoadBalancer(DC.FIRST); + enableDcOnLoadBalancer(DC.SECOND); + + // Clear all + adminClient.realms().realm(REALM_NAME).attackDetection().clearAllBruteForce(); + assertStatistics("After brute force cleared", 0, 0, 0); + + // create the entry manually in DC0 + addUserLoginFailure(getTestingClientForStartedNodeInDc(0)); + assertStatistics("After create entry1", 1, 0, 1); + + // try to create the entry manually in DC1 (not use real concurrency for now). It should still update the numFailures in existing entry rather then override it + addUserLoginFailure(getTestingClientForStartedNodeInDc(1)); + assertStatistics("After create entry2", 2, 0, 1); + + } + + + private void assertStatistics(String prefixMessage, int expectedUser1, int expectedUser2, int expectedCacheSize) { + Retry.execute(() -> { + int dc0user1 = (Integer) getAdminClientForStartedNodeInDc(0).realm(REALM_NAME).attackDetection().bruteForceUserStatus("login-test-1").get("numFailures"); + int dc1user1 = (Integer) getAdminClientForStartedNodeInDc(1).realm(REALM_NAME).attackDetection().bruteForceUserStatus("login-test-1").get("numFailures"); + int dc0user2 = (Integer) getAdminClientForStartedNodeInDc(0).realm(REALM_NAME).attackDetection().bruteForceUserStatus("login-test-2").get("numFailures"); + int dc1user2 = (Integer) getAdminClientForStartedNodeInDc(1).realm(REALM_NAME).attackDetection().bruteForceUserStatus("login-test-2").get("numFailures"); + + int dc0CacheSize = getTestingClientForStartedNodeInDc(0).testing().cache(InfinispanConnectionProvider.LOGIN_FAILURE_CACHE_NAME).size(); + int dc1CacheSize = getTestingClientForStartedNodeInDc(1).testing().cache(InfinispanConnectionProvider.LOGIN_FAILURE_CACHE_NAME).size(); + + log.infof("%s: dc0User1=%d, dc0user2=%d, dc1user1=%d, dc1user2=%d, dc0CacheSize=%d, dc1CacheSize=%d", prefixMessage, dc0user1, dc0user2, dc1user1, dc1user2, dc0CacheSize, dc1CacheSize); + + Assert.assertEquals(dc0user1, expectedUser1); + Assert.assertEquals(dc0user2, expectedUser2); + Assert.assertEquals(dc1user1, expectedUser1); + Assert.assertEquals(dc1user2, expectedUser2); + + Assert.assertEquals(expectedCacheSize, dc0CacheSize); + Assert.assertEquals(expectedCacheSize, dc1CacheSize); + }, 50, 50); + } + + + + + + private void createBruteForceFailures(int count, String username) throws Exception { + oauth.realm(REALM_NAME); + + for (int i=0 ; i { + RealmModel realm = session.realms().getRealmByName(REALM_NAME); + UserLoginFailureModel loginFailure = session.sessions().addUserLoginFailure(realm, "login-test-1"); + loginFailure.incrementFailures(); + }); + } + +} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/SessionExpirationCrossDCTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/SessionExpirationCrossDCTest.java index 96a59d84e09..a7f955924e8 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/SessionExpirationCrossDCTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/SessionExpirationCrossDCTest.java @@ -18,17 +18,22 @@ package org.keycloak.testsuite.crossdc; +import java.util.ArrayList; +import java.util.List; + import javax.ws.rs.NotFoundException; import org.hamcrest.Matchers; import org.junit.Before; import org.junit.Test; import org.keycloak.OAuth2Constants; +import org.keycloak.admin.client.resource.UserResource; import org.keycloak.connections.infinispan.InfinispanConnectionProvider; import org.keycloak.models.Constants; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.UserRepresentation; +import org.keycloak.representations.idm.UserSessionRepresentation; import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Retry; import org.keycloak.testsuite.admin.ApiUtil; @@ -99,7 +104,7 @@ public class SessionExpirationCrossDCTest extends AbstractAdminCrossDCTest { @JmxInfinispanCacheStatistics(dc=DC.FIRST, dcNodeIndex=0, cacheName=InfinispanConnectionProvider.SESSION_CACHE_NAME) InfinispanStatistics cacheDc1Statistics, @JmxInfinispanCacheStatistics(dc=DC.SECOND, dcNodeIndex=0, cacheName=InfinispanConnectionProvider.SESSION_CACHE_NAME) InfinispanStatistics cacheDc2Statistics, @JmxInfinispanChannelStatistics() InfinispanStatistics channelStatisticsCrossDc) throws Exception { - createInitialSessions(InfinispanConnectionProvider.SESSION_CACHE_NAME, false, cacheDc1Statistics, cacheDc2Statistics); + createInitialSessions(InfinispanConnectionProvider.SESSION_CACHE_NAME, false, cacheDc1Statistics, cacheDc2Statistics, true); // log.infof("Sleeping!"); // Thread.sleep(10000000); @@ -116,7 +121,7 @@ public class SessionExpirationCrossDCTest extends AbstractAdminCrossDCTest { // Return last used accessTokenResponse - private OAuthClient.AccessTokenResponse createInitialSessions(String cacheName, boolean offline, InfinispanStatistics cacheDc1Statistics, InfinispanStatistics cacheDc2Statistics) throws Exception { + private List createInitialSessions(String cacheName, boolean offline, InfinispanStatistics cacheDc1Statistics, InfinispanStatistics cacheDc2Statistics, boolean includeRemoteStats) throws Exception { // Enable second DC enableDcOnLoadBalancer(DC.SECOND); @@ -135,9 +140,9 @@ public class SessionExpirationCrossDCTest extends AbstractAdminCrossDCTest { oauth.scope(OAuth2Constants.OFFLINE_ACCESS); } - OAuthClient.AccessTokenResponse lastAccessTokenResponse = null; + List responses = new ArrayList<>(); for (int i=0 ; i responses = createInitialSessions(InfinispanConnectionProvider.SESSION_CACHE_NAME, false, cacheDc1Statistics, cacheDc2Statistics, false); + + // Kill node2 now. Around 10 sessions (half of SESSIONS_COUNT) will be lost on Keycloak side. But not on infinispan side + stopBackendNode(DC.FIRST, 1); + + channelStatisticsCrossDc.reset(); + + // Increase offset a bit to ensure logout happens later then token issued time + setTimeOffset(10); + + // Logout user + ApiUtil.findUserByUsernameId(getAdminClient().realm(REALM_NAME), "login-test").logout(); + + // Assert it's not possible to refresh sessions. Works because user.notBefore + int i = 0; + for (OAuthClient.AccessTokenResponse response : responses) { + i++; + OAuthClient.AccessTokenResponse refreshTokenResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password"); + Assert.assertNull("Failed in iteration " + i, refreshTokenResponse.getRefreshToken()); + Assert.assertNotNull("Failed in iteration " + i, refreshTokenResponse.getError()); + } + } + // AUTH SESSIONS diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/manual/SessionsPreloadCrossDCTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/manual/SessionsPreloadCrossDCTest.java new file mode 100644 index 00000000000..80949cf801a --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/manual/SessionsPreloadCrossDCTest.java @@ -0,0 +1,257 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.crossdc.manual; + +import java.util.LinkedList; +import java.util.List; + +import org.junit.Test; +import org.keycloak.OAuth2Constants; +import org.keycloak.connections.infinispan.InfinispanConnectionProvider; +import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.testsuite.Assert; +import org.keycloak.testsuite.admin.ApiUtil; +import org.keycloak.testsuite.arquillian.AuthServerTestEnricher; +import org.keycloak.testsuite.crossdc.AbstractAdminCrossDCTest; +import org.keycloak.testsuite.crossdc.DC; +import org.keycloak.testsuite.util.OAuthClient; + +/** + * Tests userSessions and offline sessions preloading at startup + * + * This test requires that lifecycle of infinispan/JDG servers is managed by testsuite, so you need to run with: + * + * -Dmanual.mode=true + * + * @author Marek Posolda + */ +public class SessionsPreloadCrossDCTest extends AbstractAdminCrossDCTest { + + private static final int SESSIONS_COUNT = 10; + + @Override + public void beforeAbstractKeycloakTest() throws Exception { + // Doublecheck we are in manual mode + Assert.assertTrue("The test requires to be executed with manual.mode=true", suiteContext.getCacheServersInfo().get(0).isManual()); + + stopAllCacheServersAndAuthServers(); + + // Start DC1 only + containerController.start(getCacheServer(DC.FIRST).getQualifier()); + startBackendNode(DC.FIRST, 0); + enableLoadBalancerNode(DC.FIRST, 0); + + super.beforeAbstractKeycloakTest(); + } + + + // Override as we are in manual mode + @Override + public void enableOnlyFirstNodeInFirstDc() { + } + + + // Override as we are in manual mode + @Override + public void terminateManuallyStartedServers() { + } + + + + + @Override + public void afterAbstractKeycloakTest() { + super.afterAbstractKeycloakTest(); + + // Remove realms now. In @AfterClass servers are already shutdown + AuthServerTestEnricher.removeTestRealms(testContext, adminClient); + testContext.setTestRealmReps(null); + + adminClient.close(); + adminClient = null; + testContext.setAdminClient(null); + + stopAllCacheServersAndAuthServers(); + } + + private void stopAllCacheServersAndAuthServers() { + log.infof("Going to stop all auth servers"); + + stopBackendNode(DC.FIRST, 0); + disableLoadBalancerNode(DC.FIRST, 0); + stopBackendNode(DC.SECOND, 0); + disableLoadBalancerNode(DC.SECOND, 0); + + log.infof("Auth servers stopped successfully. Going to stop all cache servers"); + + suiteContext.getCacheServersInfo().stream() + .filter(containerInfo -> containerInfo.isStarted()) + .forEach(containerInfo -> { + stopCacheServer(containerInfo); + }); + + log.infof("Cache servers stopped successfully"); + } + + + @Test + public void sessionsPreloadTest() throws Exception { + int sessionsBefore = getTestingClientForStartedNodeInDc(0).testing().cache(InfinispanConnectionProvider.SESSION_CACHE_NAME).size(); + log.infof("sessionsBefore: %d", sessionsBefore); + + // Create initial sessions + List tokenResponses = createInitialSessions(false); + + // Start 2nd DC. + containerController.start(getCacheServer(DC.SECOND).getQualifier()); + startBackendNode(DC.SECOND, 0); + enableLoadBalancerNode(DC.SECOND, 0); + + // Ensure sessions are loaded in both 1st DC and 2nd DC + int sessions01 = getTestingClientForStartedNodeInDc(0).testing().cache(InfinispanConnectionProvider.SESSION_CACHE_NAME).size(); + int sessions02 = getTestingClientForStartedNodeInDc(1).testing().cache(InfinispanConnectionProvider.SESSION_CACHE_NAME).size(); + log.infof("sessions01: %d, sessions02: %d", sessions01, sessions02); + Assert.assertEquals(sessions01, sessionsBefore + SESSIONS_COUNT); + Assert.assertEquals(sessions02, sessionsBefore + SESSIONS_COUNT); + + // On DC2 sessions were preloaded from from remoteCache + Assert.assertTrue(getTestingClientForStartedNodeInDc(1).testing().cache(InfinispanConnectionProvider.WORK_CACHE_NAME).contains("distributed::remoteCacheLoad::sessions")); + + // Assert refreshing works + for (OAuthClient.AccessTokenResponse resp : tokenResponses) { + OAuthClient.AccessTokenResponse newResponse = oauth.doRefreshTokenRequest(resp.getRefreshToken(), "password"); + Assert.assertNull(newResponse.getError()); + Assert.assertNotNull(newResponse.getAccessToken()); + } + } + + + @Test + public void offlineSessionsPreloadTest() throws Exception { + int offlineSessionsBefore = getTestingClientForStartedNodeInDc(0).testing().cache(InfinispanConnectionProvider.OFFLINE_SESSION_CACHE_NAME).size(); + log.infof("offlineSessionsBefore: %d", offlineSessionsBefore); + + // Create initial sessions + List tokenResponses = createInitialSessions(true); + + int offlineSessions01 = getTestingClientForStartedNodeInDc(0).testing().cache(InfinispanConnectionProvider.OFFLINE_SESSION_CACHE_NAME).size(); + Assert.assertEquals(offlineSessions01, offlineSessionsBefore + SESSIONS_COUNT); + log.infof("offlineSessions01: %d", offlineSessions01); + + // Stop Everything + stopAllCacheServersAndAuthServers(); + + // Start DC1. Sessions should be preloaded from DB + containerController.start(getCacheServer(DC.FIRST).getQualifier()); + startBackendNode(DC.FIRST, 0); + enableLoadBalancerNode(DC.FIRST, 0); + + // Start DC2. Sessions should be preloaded from remoteCache + containerController.start(getCacheServer(DC.SECOND).getQualifier()); + startBackendNode(DC.SECOND, 0); + enableLoadBalancerNode(DC.SECOND, 0); + + // Ensure sessions are loaded in both 1st DC and 2nd DC + int offlineSessions11 = getTestingClientForStartedNodeInDc(0).testing().cache(InfinispanConnectionProvider.OFFLINE_SESSION_CACHE_NAME).size(); + int offlineSessions12 = getTestingClientForStartedNodeInDc(1).testing().cache(InfinispanConnectionProvider.OFFLINE_SESSION_CACHE_NAME).size(); + log.infof("offlineSessions11: %d, offlineSessions12: %d", offlineSessions11, offlineSessions12); + Assert.assertEquals(offlineSessions11, offlineSessionsBefore + SESSIONS_COUNT); + Assert.assertEquals(offlineSessions12, offlineSessionsBefore + SESSIONS_COUNT); + + // On DC1 sessions were preloaded from DB. On DC2 sessions were preloaded from remoteCache + Assert.assertTrue(getTestingClientForStartedNodeInDc(0).testing().cache(InfinispanConnectionProvider.WORK_CACHE_NAME).contains("distributed::offlineUserSessions")); + Assert.assertFalse(getTestingClientForStartedNodeInDc(0).testing().cache(InfinispanConnectionProvider.WORK_CACHE_NAME).contains("distributed::remoteCacheLoad::offlineSessions")); + + Assert.assertFalse(getTestingClientForStartedNodeInDc(1).testing().cache(InfinispanConnectionProvider.WORK_CACHE_NAME).contains("distributed::offlineUserSessions")); + Assert.assertTrue(getTestingClientForStartedNodeInDc(1).testing().cache(InfinispanConnectionProvider.WORK_CACHE_NAME).contains("distributed::remoteCacheLoad::offlineSessions")); + + // Assert refreshing with offline tokens work + for (OAuthClient.AccessTokenResponse resp : tokenResponses) { + OAuthClient.AccessTokenResponse newResponse = oauth.doRefreshTokenRequest(resp.getRefreshToken(), "password"); + Assert.assertNull(newResponse.getError()); + Assert.assertNotNull(newResponse.getAccessToken()); + } + } + + + @Test + public void loginFailuresPreloadTest() throws Exception { + // Enable brute force protector + RealmRepresentation realmRep = getAdminClientForStartedNodeInDc(0).realms().realm("test").toRepresentation(); + realmRep.setBruteForceProtected(true); + getAdminClientForStartedNodeInDc(0).realms().realm("test").update(realmRep); + + String userId = ApiUtil.findUserByUsername(getAdminClientForStartedNodeInDc(0).realms().realm("test"), "test-user@localhost").getId(); + + int loginFailuresBefore = (Integer) getAdminClientForStartedNodeInDc(0).realm("test").attackDetection().bruteForceUserStatus(userId).get("numFailures"); + log.infof("loginFailuresBefore: %d", loginFailuresBefore); + + // Create initial brute force records + for (int i=0 ; i createInitialSessions(boolean offline) throws Exception { + if (offline) { + oauth.scope(OAuth2Constants.OFFLINE_ACCESS); + } + + List responses = new LinkedList<>(); + + for (int i=0 ; i { + UserRepresentation u = adminClient.realm("test").users().get(user.getId()).toRepresentation(); + Assert.assertTrue(u.getNotBefore() > 0); + + loginPage.open(); + loginPage.assertCurrent(); + }, 10, 200); + } + } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/PasswordHashingTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/PasswordHashingTest.java index 6763e7d20dd..8b978a40587 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/PasswordHashingTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/PasswordHashingTest.java @@ -45,6 +45,7 @@ import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.client.KeycloakTestingClient; +import org.keycloak.testsuite.pages.AccountUpdateProfilePage; import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.pages.AppPage.RequestType; import org.keycloak.testsuite.pages.ErrorPage; @@ -67,6 +68,7 @@ import java.security.NoSuchAlgorithmException; import java.security.spec.KeySpec; import java.util.Map; +import static org.junit.Assert.assertArrayEquals; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotEquals; @@ -78,6 +80,9 @@ import static org.junit.Assert.fail; */ public class PasswordHashingTest extends AbstractTestRealmKeycloakTest { + @Page + private AccountUpdateProfilePage updateProfilePage; + @Deployment public static WebArchive deploy() { return RunOnServerDeployment.create(PasswordHashingTest.class, AbstractTestRealmKeycloakTest.class); @@ -147,6 +152,42 @@ public class PasswordHashingTest extends AbstractTestRealmKeycloakTest { assertEncoded(credential, "password", credential.getSalt(), "PBKDF2WithHmacSHA256", 1); } + // KEYCLOAK-5282 + @Test + public void testPasswordNotRehasedUnchangedIterations() throws Exception { + setPasswordPolicy(""); + + String username = "testPasswordNotRehasedUnchangedIterations"; + createUser(username); + + CredentialModel credential = fetchCredentials(username); + String credentialId = credential.getId(); + byte[] salt = credential.getSalt(); + + setPasswordPolicy("hashIterations"); + + loginPage.open(); + loginPage.login(username, "password"); + + credential = fetchCredentials(username); + + assertEquals(credentialId, credential.getId()); + assertArrayEquals(salt, credential.getSalt()); + + setPasswordPolicy("hashIterations(" + Pbkdf2Sha256PasswordHashProviderFactory.DEFAULT_ITERATIONS + ")"); + + updateProfilePage.open(); + updateProfilePage.logout(); + + loginPage.open(); + loginPage.login(username, "password"); + + credential = fetchCredentials(username); + + assertEquals(credentialId, credential.getId()); + assertArrayEquals(salt, credential.getSalt()); + } + @Test public void testPbkdf2Sha1() throws Exception { setPasswordPolicy("hashAlgorithm(" + Pbkdf2PasswordHashProviderFactory.ID + ")"); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/LoginPageTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/LoginPageTest.java index 2d927198b69..ea3793a64d1 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/LoginPageTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/LoginPageTest.java @@ -81,6 +81,8 @@ public class LoginPageTest extends AbstractI18NTest { @Test public void languageDropdown() { + ProfileAssume.assumeCommunity(); + loginPage.open(); Assert.assertEquals("English", loginPage.getLanguageDropdownText()); @@ -143,6 +145,8 @@ public class LoginPageTest extends AbstractI18NTest { // KEYCLOAK-3887 @Test public void languageChangeRequiredActions() { + ProfileAssume.assumeCommunity(); + UserResource user = ApiUtil.findUserByUsernameId(testRealm(), "test-user@localhost"); UserRepresentation userRep = user.toRepresentation(); userRep.setRequiredActions(Arrays.asList(UserModel.RequiredAction.UPDATE_PASSWORD.toString())); @@ -168,6 +172,8 @@ public class LoginPageTest extends AbstractI18NTest { // KEYCLOAK-3887 @Test public void languageChangeConsentScreen() { + ProfileAssume.assumeCommunity(); + // Set client, which requires consent oauth.clientId("third-party"); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java index cfdf0b79797..721f5257513 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java @@ -16,12 +16,6 @@ */ package org.keycloak.testsuite.migration; -import java.util.HashSet; -import java.util.List; -import java.util.Set; -import java.util.stream.Collectors; -import javax.ws.rs.NotFoundException; - import org.jboss.arquillian.container.test.api.Deployment; import org.jboss.arquillian.container.test.api.TargetsContainer; import org.jboss.shrinkwrap.api.spec.WebArchive; @@ -59,6 +53,12 @@ import org.keycloak.testsuite.runonserver.RunHelpers; import org.keycloak.testsuite.runonserver.RunOnServerDeployment; import org.keycloak.testsuite.util.OAuthClient; +import javax.ws.rs.NotFoundException; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.stream.Collectors; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.keycloak.models.AccountRoles.MANAGE_ACCOUNT; @@ -94,35 +94,30 @@ public class MigrationTest extends AbstractKeycloakTest { public void addTestRealms(List testRealms) { log.info("Adding no test realms for migration test. Test realm should be migrated from previous vesrion."); } - @Before public void beforeMigrationTest() { migrationRealm = adminClient.realms().realm(MIGRATION); migrationRealm2 = adminClient.realms().realm(MIGRATION2); migrationRealm3 = adminClient.realms().realm("authorization"); - masterRealm = adminClient.realms().realm(MASTER); - //add migration realms to testRealmReps to make them removed after test addTestRealmToTestRealmReps(migrationRealm); addTestRealmToTestRealmReps(migrationRealm2); addTestRealmToTestRealmReps(migrationRealm3); } - private void addTestRealmToTestRealmReps(RealmResource realm) { try { testRealmReps.add(realm.toRepresentation()); } catch (NotFoundException ex) { } } - @Test @Migration(versionFrom = "2.5.5.Final") public void migration2_5_5Test() { testMigratedData(); testMigrationTo3_0_0(); + testMigrationTo3_3_0(); } - @Test @Migration(versionFrom = "1.9.8.Final") public void migration1_9_8Test() throws Exception { @@ -135,8 +130,8 @@ public class MigrationTest extends AbstractKeycloakTest { testMigrationTo2_5_1(); testMigrationTo3_0_0(); testMigrationTo3_2_0(); + testMigrationTo3_3_0(); } - @Test @Migration(versionFrom = "2.2.1.Final") public void migrationInAuthorizationServicesTest() { @@ -153,7 +148,6 @@ public class MigrationTest extends AbstractKeycloakTest { assertNames(masterRealm.clients().get(id).roles().list(), "master-test-client-role"); assertNames(masterRealm.users().search("", 0, 5), "admin", "master-test-user"); assertNames(masterRealm.groups().groups(), "master-test-group"); - //migrationRealm assertNames(migrationRealm.roles().list(), "offline_access", "uma_authorization", "migration-test-realm-role"); assertNames(migrationRealm.clients().findAll(), "account", "admin-cli", "broker", "migration-test-client", "realm-management", "security-admin-console"); @@ -162,21 +156,18 @@ public class MigrationTest extends AbstractKeycloakTest { assertNames(migrationRealm.users().search("", 0, 5), "migration-test-user"); assertNames(migrationRealm.groups().groups(), "migration-test-group"); } - /** * @see org.keycloak.migration.migrators.MigrateTo2_0_0 */ private void testMigrationTo2_0_0() { testAuthorizationServices(masterRealm, migrationRealm); } - /** * @see org.keycloak.migration.migrators.MigrateTo2_1_0 */ private void testMigrationTo2_1_0() { testNameOfOTPRequiredAction(masterRealm, migrationRealm); } - /** * @see org.keycloak.migration.migrators.MigrateTo2_2_0 */ @@ -184,7 +175,6 @@ public class MigrationTest extends AbstractKeycloakTest { testIdentityProviderAuthenticator(masterRealm, migrationRealm); //MigrateTo2_2_0#migrateRolePolicies is not relevant any more } - /** * @see org.keycloak.migration.migrators.MigrateTo2_3_0 */ @@ -192,13 +182,11 @@ public class MigrationTest extends AbstractKeycloakTest { testUpdateProtocolMappers(masterRealm, migrationRealm); testExtractRealmKeys(masterRealm, migrationRealm); } - /** * @see org.keycloak.migration.migrators.MigrateTo2_5_0 */ private void testMigrationTo2_5_0() { testLdapKerberosMigration_2_5_0(); - //https://github.com/keycloak/keycloak/pull/3630 testDuplicateEmailSupport(masterRealm, migrationRealm); } @@ -206,7 +194,6 @@ public class MigrationTest extends AbstractKeycloakTest { private void testMigrationTo2_5_1() throws Exception { testOfflineTokenLogin(); } - /** * @see org.keycloak.migration.migrators.MigrateTo3_0_0 */ @@ -221,6 +208,16 @@ public class MigrationTest extends AbstractKeycloakTest { testDockerAuthenticationFlow(masterRealm, migrationRealm); } + private void testMigrationTo3_3_0() { + Map securityHeaders = masterRealm.toRepresentation().getBrowserSecurityHeaders(); + if (securityHeaders != null) { + assertEquals("frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + securityHeaders.get("contentSecurityPolicy")); + } else { + fail("Browser security headers not found"); + } + } + private void testDockerAuthenticationFlow(RealmResource... realms) { for (RealmResource realm : realms) { AuthenticationFlowRepresentation flow = null; @@ -255,7 +252,6 @@ public class MigrationTest extends AbstractKeycloakTest { } } } - private void testExtractRealmKeys(RealmResource masterRealm, RealmResource migrationRealm) { log.info("testing extract realm keys"); String expectedMasterRealmKey = "MIIEowIBAAKCAQEAiU54OXoCbHy0L0gHn1yasctcnKHRU1pHFIJnWvaI7rClJydet9dDJaiYXOxMKseiBm3eYznfN3cPyU8udYmRnMuKjiocZ77LT2IEttAjXb6Ggazx7loriFHRy0IOJeX4KxXhAPWmxqa3mkFNfLBEvFqVaBgUDHQ60cmnPvNSHYudBTW9K80s8nvmP2pso7HTwWJ1+Xatj1Ey/gTmB3CXlyqBegGWC9TeuErEYpYhdh+11TVWasgMBZyUCtL3NRPaBuhaPg1LpW8lWGk05nS+YM6dvTk3Mppv+z2RygEpxyO09oT3b4G+Zfwit1STqn0AvDTGzINdoKcNtFScV0j8TwIDAQABAoIBAHcbPKsPLZ8SJfOF1iblW8OzFulAbaaSf2pJHIMJrQrw7LKkMkPjVXoLX+/rgr7xYZmWIP2OLBWfEHCeYTzQUyHiZpSf7vgHx7Fa45/5uVQOe/ttHIiYa37bCtP4vvEdJkOpvP7qGPvljwsebqsk9Ns28LfVez66bHOjK5Mt2yOIulbTeEs7ch//h39YwKJv96vc+CHbV2O6qoOxZessO6y+287cOBvbFXmS2GaGle5Nx/EwncBNS4b7czoetmm70+9ht3yX+kxaP311YUT31KQjuaJt275kOiKsrXr27PvgO++bsIyGuSzqyS7G7fmxF2zUyphEqEpalyDGMKMnrAECgYEA1fCgFox03rPDjm0MhW/ThoS2Ld27sbWQ6reS+PBMdUTJZVZIU1D2//h6VXDnlddhk6avKjA4smdy1aDKzmjz3pt9AKn+kgkXqtTC2fD3wp+fC9hND0z+rQPGe/Gk7ZUnTdsqnfyowxr+woIgzdnRukOUrG+xQiP3RUUT7tt6NQECgYEApEz2xvgqMm+9/f/YxjLdsFUfLqc4WlafB863stYEVqlCYy5ujyo0VQ0ahKSKJkLDnf52+aMUqPOpwaGePpu3O6VkvpcKfPY2MUlZW7/6Sa9et9hxNkdTS7Gui2d1ELpaCBe1Bc62sk8EA01iHXE1PpvyUqDWrhNh+NrDICA9oU8CgYBgGDYACtTP11TmW2r9YK5VRLUDww30k4ZlN1GnyV++aMhBYVEZQ0u+y+A/EnijIFwu0vbo70H4OGknNZMCxbeMbLDoJHM5KyZbUDe5ZvgSjloFGwH59m6KTiDQOUkIgi9mVCQ/VGaFRFHcElEjxUvj60kTbxPijn8ZuR5r8l9hAQKBgQCQ9jL5pHWeoIayN20smi6M6N2lTPbkhe60dcgQatHTIG2pkosLl8IqlHAkPgSB84AiwyR351JQKwRJCm7TcJI/dxMnMZ6YWKfB3qSP1hdfsfJRJQ/mQxIUBAYrizF3e+P5peka4aLCOgMhYsJBlePThMZN7wja99EGPwXQL4IQ8wKBgB8Nis1lQK6Z30GCp9u4dYleGfEP71Lwqvk/eJb89/uz0fjF9CTpJMULFc+nA5u4yHP3LFnRg3zCU6aEwfwUyk4GH9lWGV/qIAisQtgrCEraVe4qxz0DVE59C7qjO26IhU2U66TEzPAqvQ3zqey+woDn/cz/JMWK1vpcSk+TKn3K"; @@ -335,7 +331,6 @@ public class MigrationTest extends AbstractKeycloakTest { assertEquals(1, migratedRulesPolicies.size()); } - private void testAuthorizationServices(RealmResource... realms) { log.info("testing authorization services"); for (RealmResource realm : realms) { @@ -348,14 +343,12 @@ public class MigrationTest extends AbstractKeycloakTest { assertTrue("role should be added to default roles for new users", realm.toRepresentation().getDefaultRoles().contains(roleName)); } - //test admin roles - master admin client List clients = realm.clients().findByClientId(realm.toRepresentation().getRealm() + "-realm"); if (!clients.isEmpty()) { ClientResource masterAdminClient = realm.clients().get(clients.get(0).getId()); masterAdminClient.roles().get(AdminRoles.VIEW_AUTHORIZATION).toRepresentation(); masterAdminClient.roles().get(AdminRoles.MANAGE_AUTHORIZATION).toRepresentation(); - //test admin roles - admin role composite Set roleNames = new HashSet<>(); for (RoleRepresentation role : realm.roles().get(AdminRoles.ADMIN).getRoleComposites()) { @@ -366,7 +359,6 @@ public class MigrationTest extends AbstractKeycloakTest { } } } - private void testNameOfOTPRequiredAction(RealmResource... realms) { log.info("testing OTP Required Action"); for (RealmResource realm : realms) { @@ -375,7 +367,6 @@ public class MigrationTest extends AbstractKeycloakTest { assertEquals("The name of CONFIGURE_TOTP required action should be 'Configure OTP'.", "Configure OTP", otpAction.getName()); } } - private void testIdentityProviderAuthenticator(RealmResource... realms) { log.info("testing identity provider authenticator"); for (RealmResource realm : realms) { @@ -396,7 +387,6 @@ public class MigrationTest extends AbstractKeycloakTest { } } } - private void testUpdateProtocolMappers(RealmResource... realms) { log.info("testing updated protocol mappers"); for (RealmResource realm : realms) { @@ -412,14 +402,12 @@ public class MigrationTest extends AbstractKeycloakTest { } } } - private void testUpdateProtocolMapper(ProtocolMapperRepresentation protocolMapper) { if (protocolMapper.getConfig().get("id.token.claim") != null) { assertEquals("ProtocolMapper's config should contain key 'userinfo.token.claim'.", protocolMapper.getConfig().get("id.token.claim"), protocolMapper.getConfig().get("userinfo.token.claim")); } } - private void testDuplicateEmailSupport(RealmResource... realms) { log.info("testing duplicate email"); for (RealmResource realm : realms) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java index 926ff69c6fb..d0e05174de2 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java @@ -38,7 +38,6 @@ import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AssertEvents; -import org.keycloak.testsuite.account.AccountTest; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.pages.AccountApplicationsPage; import org.keycloak.testsuite.pages.AppPage; diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java index b8dd51fd0fb..ad16c2d06f7 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java @@ -52,6 +52,7 @@ import static org.hamcrest.Matchers.containsInAnyOrder; import static org.hamcrest.Matchers.hasItems; import static org.hamcrest.Matchers.instanceOf; import static org.hamcrest.Matchers.is; +import static org.hamcrest.Matchers.isEmptyString; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; @@ -123,7 +124,6 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest { user.singleAttribute("formatted", "6 Foo Street"); user.singleAttribute("phone", "617-777-6666"); - List departments = Arrays.asList("finance", "development"); user.getAttributes().put("departments", departments); userResource.update(user); @@ -242,6 +242,62 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest { events.clear(); } + @Test + public void testNullOrEmptyTokenMapping() throws Exception { + { + UserResource userResource = findUserByUsernameId(adminClient.realm("test"), "test-user@localhost"); + UserRepresentation user = userResource.toRepresentation(); + + user.singleAttribute("empty", ""); + user.singleAttribute("null", null); + userResource.update(user); + + ClientResource app = findClientResourceByClientId(adminClient.realm("test"), "test-app"); + app.getProtocolMappers().createMapper(createClaimMapper("empty", "empty", "empty", "String", true, "", true, true, false)).close(); + app.getProtocolMappers().createMapper(createClaimMapper("null", "null", "null", "String", true, "", true, true, false)).close(); + } + + { + OAuthClient.AccessTokenResponse response = browserLogin("password", "test-user@localhost", "password"); + + IDToken idToken = oauth.verifyIDToken(response.getIdToken()); + Object empty = idToken.getOtherClaims().get("empty"); + assertThat((empty == null ? null : (String) empty), isEmptyString()); + Object nulll = idToken.getOtherClaims().get("null"); + assertNull(nulll); + + AccessToken accessToken = oauth.verifyToken(response.getAccessToken()); + oauth.openLogout(); + } + + // undo mappers + { + ClientResource app = findClientByClientId(adminClient.realm("test"), "test-app"); + ClientRepresentation clientRepresentation = app.toRepresentation(); + for (ProtocolMapperRepresentation model : clientRepresentation.getProtocolMappers()) { + if (model.getName().equals("empty") + || model.getName().equals("null") + ) { + app.getProtocolMappers().delete(model.getId()); + } + } + } + + events.clear(); + + { + OAuthClient.AccessTokenResponse response = browserLogin("password", "test-user@localhost", "password"); + IDToken idToken = oauth.verifyIDToken(response.getIdToken()); + assertNull(idToken.getAddress()); + assertNull(idToken.getOtherClaims().get("empty")); + assertNull(idToken.getOtherClaims().get("null")); + + oauth.openLogout(); + } + events.clear(); + } + + @Test public void testUserRoleToAttributeMappers() throws Exception { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java index c0ca7f119ba..6254b51da92 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java @@ -43,7 +43,7 @@ import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AssertEvents; -import org.keycloak.testsuite.account.AccountTest; +import org.keycloak.testsuite.account.AccountFormServiceTest; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.arquillian.AuthServerTestEnricher; import org.keycloak.testsuite.auth.page.AuthRealm; @@ -530,7 +530,7 @@ public class OfflineTokenTest extends AbstractKeycloakTest { // Go to account mgmt applications page applicationsPage.open(); loginPage.login("test-user@localhost", "password"); - events.expectLogin().client("account").detail(Details.REDIRECT_URI, AccountTest.ACCOUNT_REDIRECT + "?path=applications").assertEvent(); + events.expectLogin().client("account").detail(Details.REDIRECT_URI, AccountFormServiceTest.ACCOUNT_REDIRECT + "?path=applications").assertEvent(); Assert.assertTrue(applicationsPage.isCurrent()); Map apps = applicationsPage.getApplications(); Assert.assertTrue(apps.containsKey("offline-client-2")); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/PreflightRequestTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/PreflightRequestTest.java new file mode 100644 index 00000000000..7aa1d36aceb --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/PreflightRequestTest.java @@ -0,0 +1,51 @@ +package org.keycloak.testsuite.oauth; + +import org.apache.http.client.methods.CloseableHttpResponse; +import org.junit.Rule; +import org.junit.Test; +import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.testsuite.AbstractKeycloakTest; +import org.keycloak.testsuite.AssertEvents; + +import java.util.Arrays; +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import static org.keycloak.testsuite.auth.page.AuthRealm.TEST; + +/** + * @author Martin Kanis + */ +public class PreflightRequestTest extends AbstractKeycloakTest { + + @Rule + public AssertEvents events = new AssertEvents(this); + + @Override + public void beforeAbstractKeycloakTest() throws Exception { + super.beforeAbstractKeycloakTest(); + } + + @Override + public void addTestRealms(List testRealms) { + RealmRepresentation testRealmRep = new RealmRepresentation(); + testRealmRep.setId(TEST); + testRealmRep.setRealm(TEST); + testRealmRep.setEnabled(true); + testRealms.add(testRealmRep); + } + + @Test + public void preflightRequest() throws Exception { + CloseableHttpResponse response = oauth.doPreflightRequest(); + + String[] methods = response.getHeaders("Access-Control-Allow-Methods")[0].getValue().split(", "); + Set allowedMethods = new HashSet(Arrays.asList(methods)); + + assertEquals(2, allowedMethods.size()); + assertTrue(allowedMethods.containsAll(Arrays.asList("POST", "OPTIONS"))); + } +} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenExchangeTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenExchangeTest.java index 2889118efdb..fc6b5aef2c0 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenExchangeTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenExchangeTest.java @@ -102,15 +102,6 @@ public class TokenExchangeTest extends AbstractKeycloakTest { illegal.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); illegal.setFullScopeAllowed(false); - ClientModel illegalTo = realm.addClient("illegal-to"); - illegalTo.setClientId("illegal-to"); - illegalTo.setPublicClient(false); - illegalTo.setDirectAccessGrantsEnabled(true); - illegalTo.setEnabled(true); - illegalTo.setSecret("secret"); - illegalTo.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); - illegalTo.setFullScopeAllowed(false); - ClientModel legal = realm.addClient("legal"); legal.setClientId("legal"); legal.setPublicClient(false); @@ -131,15 +122,6 @@ public class TokenExchangeTest extends AbstractKeycloakTest { Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientRep, server); management.clients().exchangeToPermission(target).addAssociatedPolicy(clientPolicy); - management.clients().setPermissionsEnabled(clientExchanger, true); - ClientPolicyRepresentation client2Rep = new ClientPolicyRepresentation(); - client2Rep.setName("from"); - client2Rep.addClient(legal.getId()); - client2Rep.addClient(illegalTo.getId()); - Policy client2Policy = management.authz().getStoreFactory().getPolicyStore().create(client2Rep, server); - management.clients().exchangeFromPermission(clientExchanger).addAssociatedPolicy(client2Policy); - - UserModel user = session.users().addUser(realm, "user"); user.setEnabled(true); session.userCredentialManager().updateCredential(realm, user, UserCredentialModel.password("password")); @@ -194,10 +176,6 @@ public class TokenExchangeTest extends AbstractKeycloakTest { response = oauth.doTokenExchange(TEST, accessToken, "target", "illegal", "secret"); Assert.assertEquals(403, response.getStatusCode()); } - { - response = oauth.doTokenExchange(TEST, accessToken, "target", "illegal-to", "secret"); - Assert.assertEquals(403, response.getStatusCode()); - } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCAdvancedRequestParamsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCAdvancedRequestParamsTest.java index 03522d66fdd..f558ede702b 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCAdvancedRequestParamsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCAdvancedRequestParamsTest.java @@ -282,12 +282,23 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); EventRepresentation loginEvent = events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent(); - IDToken idToken = sendTokenRequestAndGetIDToken(loginEvent); - int authTime = idToken.getAuthTime(); + IDToken oldIdToken = sendTokenRequestAndGetIDToken(loginEvent); // Set time offset setTimeOffset(10); + // SSO login first WITHOUT prompt=login ( Tests KEYCLOAK-5248 ) + driver.navigate().to(oauth.getLoginFormUrl()); + Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); + loginEvent = events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent(); + IDToken newIdToken = sendTokenRequestAndGetIDToken(loginEvent); + + // Assert that authTime wasn't updated + Assert.assertEquals(oldIdToken.getAuthTime(), newIdToken.getAuthTime()); + + // Set time offset + setTimeOffset(20); + // Assert need to re-authenticate with prompt=login driver.navigate().to(oauth.getLoginFormUrl() + "&prompt=login"); @@ -296,12 +307,14 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); loginEvent = events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent(); - idToken = sendTokenRequestAndGetIDToken(loginEvent); - int authTimeUpdated = idToken.getAuthTime(); + newIdToken = sendTokenRequestAndGetIDToken(loginEvent); // Assert that authTime was updated - Assert.assertTrue(authTime + 10 <= authTimeUpdated); + Assert.assertTrue("Expected auth time to change. old auth time: " + oldIdToken.getAuthTime() + " , new auth time: " + newIdToken.getAuthTime(), + oldIdToken.getAuthTime() + 20 <= newIdToken.getAuthTime()); + // Assert userSession didn't change + Assert.assertEquals(oldIdToken.getSessionState(), newIdToken.getSessionState()); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AbstractSamlTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AbstractSamlTest.java index 6f68908c1f1..dec091b9dad 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AbstractSamlTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AbstractSamlTest.java @@ -29,6 +29,12 @@ public abstract class AbstractSamlTest extends AbstractAuthTest { protected static final String SAML_ASSERTION_CONSUMER_URL_SALES_POST2 = "http://localhost:8080/sales-post2/"; protected static final String SAML_CLIENT_ID_SALES_POST2 = "http://localhost:8081/sales-post2/"; + protected static final String SAML_ASSERTION_CONSUMER_URL_SALES_POST_SIG = "http://localhost:8080/sales-post-sig/"; + protected static final String SAML_CLIENT_ID_SALES_POST_SIG = "http://localhost:8081/sales-post-sig/"; + protected static final String SAML_URL_SALES_POST_SIG = "http://localhost:8080/sales-post-sig/"; + protected static final String SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY = "MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBANUbxrvEY3pkiQNt55zJLKBwN+zKmNQw08ThAmOKzwHfXoK+xlDSFxNMtTKJGkeUdnKzaTfESEcEfKYULUA41y/NnOlvjS0CEsc7Wq0Ce63TSSGMB2NHea4tV0aQz/MwLsbmz2IjAFWHA5CHL5WwacIf3UTOSNnhJUSvnkomjJAlAgMBAAECgYANpO2gb/5+g5lSIuNFYov86bJq8r2+ODIW1OE2Rljioc6HSHeiDRF1JuAjECwikRrUVTBTZbnK8jqY14neJsWAKBzGo+ToaQALsNZ9B91DxxL50K5oVOzw5shAS9TnRjN40+KIXFED4ydq4JRdoqb8+cN+N3i0+Cu7tdm+UaHTAQJBAOwFs3ZwqQEqmv9vmgmIFwFpJm1aIw25gEOf3Hy45GP4bL/j0FQgwcXYRbLE5bPqhw/liLKc1GQ97bVm6zs8SvUCQQDnJZA6TFRMiDjezinE1J4e0v4RupyDniVjbE5ArTK5/FRVkjw4Ny0AqZUEyIIqlTeZlCq45pCJy4a2hymDGVJxAj9gzfXNnmezEsZ//kYvoqHM8lPQhifaeTsigW7tuOf0GPCBw+6uksDnZM0xhZCxOoArBPoMSEbU1pGo1Y2lvhUCQF6E5sBgHAybm53Ich4Rz4LNRqWbSIstrR5F2I3sBRU2kInZXZSjQ1zE+7HUCB4/nFfJ1dp8NdiTCEg1Zw072pECQQDnxyQALmWhQbBTl0tq6CwYf9rZDwBzxuY+CXB8Ky1gOmXwan96KZvV4rK8MQQs6HIiYC/j+5lX3A3zlXTFldaz"; + protected static final String SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVG8a7xGN6ZIkDbeecySygcDfsypjUMNPE4QJjis8B316CvsZQ0hcTTLUyiRpHlHZys2k3xEhHBHymFC1AONcvzZzpb40tAhLHO1qtAnut00khjAdjR3muLVdGkM/zMC7G5s9iIwBVhwOQhy+VsGnCH91EzkjZ4SVEr55KJoyQJQIDAQAB"; + protected static final String SAML_ASSERTION_CONSUMER_URL_SALES_POST_ENC = "http://localhost:8080/sales-post-enc/"; protected static final String SAML_CLIENT_ID_SALES_POST_ENC = "http://localhost:8081/sales-post-enc/"; protected static final String SAML_CLIENT_SALES_POST_ENC_PRIVATE_KEY = "MIICXQIBAAKBgQDb7kwJPkGdU34hicplwfp6/WmNcaLh94TSc7Jyr9Undp5pkyLgb0DE7EIE+6kSs4LsqCb8HDkB0nLD5DXbBJFd8n0WGoKstelvtg6FtVJMnwN7k7yZbfkPECWH9zF70VeOo9vbzrApNRnct8ZhH5fbflRB4JMA9L9R+LbURdoSKQIDAQABAoGBANtbZG9bruoSGp2s5zhzLzd4hczT6Jfk3o9hYjzNb5Z60ymN3Z1omXtQAdEiiNHkRdNxK+EM7TcKBfmoJqcaeTkW8cksVEAW23ip8W9/XsLqmbU2mRrJiKa+KQNDSHqJi1VGyimi4DDApcaqRZcaKDFXg2KDr/Qt5JFD/o9IIIPZAkEA+ZENdBIlpbUfkJh6Ln+bUTss/FZ1FsrcPZWu13rChRMrsmXsfzu9kZUWdUeQ2Dj5AoW2Q7L/cqdGXS7Mm5XhcwJBAOGZq9axJY5YhKrsksvYRLhQbStmGu5LG75suF+rc/44sFq+aQM7+oeRr4VY88Mvz7mk4esdfnk7ae+cCazqJvMCQQCx1L1cZw3yfRSn6S6u8XjQMjWE/WpjulujeoRiwPPY9WcesOgLZZtYIH8nRL6ehEJTnMnahbLmlPFbttxPRUanAkA11MtSIVcKzkhp2KV2ipZrPJWwI18NuVJXb+3WtjypTrGWFZVNNkSjkLnHIeCYlJIGhDd8OL9zAiBXEm6kmgLNAkBWAg0tK2hCjvzsaA505gWQb4X56uKWdb0IzN+fOLB3Qt7+fLqbVQNQoNGzqey6B4MoS1fUKAStqdGTFYPG/+9t"; diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/BasicSamlTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/BasicSamlTest.java index abfd00160fe..7a5cba92dc9 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/BasicSamlTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/BasicSamlTest.java @@ -3,17 +3,24 @@ package org.keycloak.testsuite.saml; import org.junit.Test; import org.keycloak.dom.saml.v2.protocol.AuthnRequestType; import org.keycloak.protocol.saml.SamlProtocol; +import org.keycloak.saml.SignatureAlgorithm; +import org.keycloak.saml.common.constants.GeneralConstants; import org.keycloak.saml.common.exceptions.ConfigurationException; import org.keycloak.saml.common.exceptions.ParsingException; import org.keycloak.saml.common.exceptions.ProcessingException; import org.keycloak.saml.processing.api.saml.v2.request.SAML2Request; import org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder; +import org.keycloak.saml.processing.web.util.RedirectBindingUtil; import org.keycloak.services.resources.RealmsResource; +import org.keycloak.testsuite.util.KeyUtils; import org.keycloak.testsuite.util.SamlClient; import org.keycloak.testsuite.util.SamlClient.Binding; import org.keycloak.testsuite.util.SamlClient.RedirectStrategyWithSwitchableFollowRedirect; import org.keycloak.testsuite.util.SamlClientBuilder; +import java.net.URI; +import java.security.Signature; import javax.ws.rs.core.Response; +import javax.ws.rs.core.Response.Status; import javax.ws.rs.core.UriBuilder; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpUriRequest; @@ -21,6 +28,7 @@ import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.util.EntityUtils; import org.hamcrest.Matcher; +import org.jboss.resteasy.util.Encode; import org.w3c.dom.Document; import static org.hamcrest.CoreMatchers.not; @@ -52,6 +60,94 @@ public class BasicSamlTest extends AbstractSamlTest { assertThat(documentToString(document.getSamlDocument()), not(containsString("InResponseTo=\"" + System.getProperty("java.version") + "\""))); } + @Test + public void testRedirectUrlSigned() throws Exception { + testSpecialCharsInRelayState(null); + } + + @Test + public void testRedirectUrlUnencodedSpecialChars() throws Exception { + testSpecialCharsInRelayState("New%20Document%20(1).doc"); + } + + @Test + public void testRedirectUrlEncodedSpecialChars() throws Exception { + testSpecialCharsInRelayState("New%20Document%20%281%29.doc"); + } + + private void testSpecialCharsInRelayState(String encodedRelayState) throws Exception { + AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST_SIG, SAML_ASSERTION_CONSUMER_URL_SALES_POST_SIG, getAuthServerSamlEndpoint(REALM_NAME)); + + Document doc = SAML2Request.convert(loginRep); + URI redirect = Binding.REDIRECT.createSamlUnsignedRequest(getAuthServerSamlEndpoint(REALM_NAME), null, doc).getURI(); + String query = redirect.getRawQuery(); + SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.RSA_SHA256; + + // now add the relayState + String relayStatePart = encodedRelayState == null + ? "" + : ("&" + GeneralConstants.RELAY_STATE + "=" + encodedRelayState); + String sigAlgPart = "&" + GeneralConstants.SAML_SIG_ALG_REQUEST_KEY + "=" + Encode.encodeQueryParamAsIs(signatureAlgorithm.getXmlSignatureMethod()); + + Signature signature = signatureAlgorithm.createSignature(); + byte[] sig; + + signature.initSign(KeyUtils.privateKeyFromString(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY)); + signature.update(query.getBytes(GeneralConstants.SAML_CHARSET)); + signature.update(relayStatePart.getBytes(GeneralConstants.SAML_CHARSET)); + signature.update(sigAlgPart.getBytes(GeneralConstants.SAML_CHARSET)); + sig = signature.sign(); + + String encodedSig = RedirectBindingUtil.base64Encode(sig); + String sigPart = "&" + GeneralConstants.SAML_SIGNATURE_REQUEST_KEY + "=" + Encode.encodeQueryParamAsIs(encodedSig); + + new SamlClientBuilder() + .navigateTo(redirect.toString() + relayStatePart + sigAlgPart + sigPart) + .assertResponse(statusCodeIsHC(Status.OK)) + .execute(); + } + + @Test + public void testNoDestinationPost() throws Exception { + AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, null); + + Document doc = SAML2Request.convert(loginRep); + HttpUriRequest post = Binding.POST.createSamlUnsignedRequest(getAuthServerSamlEndpoint(REALM_NAME), null, doc); + + try (CloseableHttpClient client = HttpClientBuilder.create().setRedirectStrategy(new RedirectStrategyWithSwitchableFollowRedirect()).build(); + CloseableHttpResponse response = client.execute(post)) { + assertThat(response, statusCodeIsHC(Response.Status.OK)); + assertThat(EntityUtils.toString(response.getEntity(), "UTF-8"), containsString("login")); + } + } + + @Test + public void testNoDestinationRedirect() throws Exception { + AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, null); + + Document doc = SAML2Request.convert(loginRep); + HttpUriRequest post = Binding.REDIRECT.createSamlUnsignedRequest(getAuthServerSamlEndpoint(REALM_NAME), null, doc); + + try (CloseableHttpClient client = HttpClientBuilder.create().setRedirectStrategy(new RedirectStrategyWithSwitchableFollowRedirect()).build(); + CloseableHttpResponse response = client.execute(post)) { + assertThat(response, statusCodeIsHC(Response.Status.OK)); + assertThat(EntityUtils.toString(response.getEntity(), "UTF-8"), containsString("login")); + } + } + + @Test + public void testNoDestinationSignedPost() throws Exception { + AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST_SIG, SAML_ASSERTION_CONSUMER_URL_SALES_POST_SIG, null); + + Document doc = SAML2Request.convert(loginRep); + HttpUriRequest post = Binding.POST.createSamlSignedRequest(getAuthServerSamlEndpoint(REALM_NAME), null, doc, SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY); + + try (CloseableHttpClient client = HttpClientBuilder.create().setRedirectStrategy(new RedirectStrategyWithSwitchableFollowRedirect()).build(); + CloseableHttpResponse response = client.execute(post)) { + assertThat(response, statusCodeIsHC(Response.Status.INTERNAL_SERVER_ERROR)); + } + } + @Test public void testNoPortInDestination() throws Exception { // note that this test relies on settings of the login-protocol.saml.knownProtocols configuration option diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/TrustStoreEmailTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/ssl/TrustStoreEmailTest.java similarity index 99% rename from testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/TrustStoreEmailTest.java rename to testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/ssl/TrustStoreEmailTest.java index 7fb96929616..f4d3af77458 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/TrustStoreEmailTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/ssl/TrustStoreEmailTest.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.keycloak.testsuite.account; +package org.keycloak.testsuite.ssl; import org.jboss.arquillian.graphene.page.Page; import org.junit.After; diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/URLAssert.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/URLAssert.java index 90ee6cefa83..2fd0cb6d84c 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/URLAssert.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/URLAssert.java @@ -53,12 +53,12 @@ public class URLAssert { public static void assertCurrentUrlEquals(WebDriver driver, final AbstractPage page) { String expected = page.toString(); assertTrue("Expected URL: " + expected + "; actual: " + driver.getCurrentUrl(), - currentUrlEqual(driver, page.toString())); + currentUrlEqual(page.toString())); } public static void assertCurrentUrlEquals(WebDriver driver, final String url) { assertTrue("Expected URL: " + url + "; actual: " + driver.getCurrentUrl(), - currentUrlEqual(driver, url)); + currentUrlEqual(url)); } public static void assertCurrentUrlStartsWith(AbstractPage page) { @@ -67,7 +67,7 @@ public class URLAssert { public static void assertCurrentUrlStartsWith(WebDriver driver, final String url) { assertTrue("URL expected to begin with:" + url + "; actual URL: " + driver.getCurrentUrl(), - currentUrlStartWith(driver, url)); + currentUrlStartWith(url)); } public static void assertCurrentUrlDoesntStartWith(AbstractPage page) { @@ -76,7 +76,7 @@ public class URLAssert { public static void assertCurrentUrlDoesntStartWith(WebDriver driver, final String url) { assertTrue("URL expected NOT to begin with:" + url + "; actual URL: " + driver.getCurrentUrl(), - currentUrlDoesntStartWith(driver, url)); + currentUrlDoesntStartWith(url)); } public static void assertCurrentUrlStartsWithLoginUrlOf(PageWithLoginUrl page) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee2/WEB-INF/keycloak-saml.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee2/WEB-INF/keycloak-saml.xml index 14bd44ef056..16798d01398 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee2/WEB-INF/keycloak-saml.xml +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee2/WEB-INF/keycloak-saml.xml @@ -23,7 +23,7 @@ nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" logoutPage="/logout.jsp" forceAuthentication="false"> - + diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml index acf153c8106..57e2433db87 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml @@ -24,10 +24,22 @@ ${browser} + ${webdriverDownloadBinaries} + + ${htmlUnitBrowserVersion} - ${firefox_binary} - ${chromeArguments} + cssEnabled=false;historyPageCacheLimit=1 + + ${phantomjs.cli.args} --ssl-certificates-path=${client.certificate.ca.path} --ssl-client-certificate-file=${client.certificate.file} --ssl-client-key-file=${client.key.file} --ssl-client-key-passphrase=${client.key.passphrase} + + + ${firefox_binary} + OFF + ${firefoxLegacyDriver} + + + ${chromeArguments} @@ -74,6 +86,7 @@ ${migration.import.properties} ${auth.server.profile} ${auth.server.feature} + ${kie.maven.settings} ${auth.server.jboss.jvm.debug.args} diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/import-authorization-unordered-settings.json b/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/import-authorization-unordered-settings.json index 8bdb6352b10..1d6009023cb 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/import-authorization-unordered-settings.json +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/import-authorization-unordered-settings.json @@ -159,7 +159,7 @@ "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "code": "var context = $evaluation.getContext();\nvar identity = context.getIdentity();\nvar attributes = identity.getAttributes();\nvar email = attributes.getValue('email').asString(0);\n\nif (identity.hasRole('admin') || email.endsWith('@keycloak.org')) {\n $evaluation.grant();\n}" + "code": "var context = $evaluation.getContext();\nvar identity = context.getIdentity();\nvar attributes = identity.getAttributes();\nvar email = attributes.getValue('email').asString(0);\n\nif (identity.hasRealmRole('admin') || email.endsWith('@keycloak.org')) {\n $evaluation.grant();\n}" } }, { diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/log4j.properties b/testsuite/integration-arquillian/tests/base/src/test/resources/log4j.properties index 8f743734d1f..3dcf46ac7c1 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/resources/log4j.properties +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/log4j.properties @@ -75,4 +75,11 @@ log4j.logger.org.apache.directory.server.core=warn # log4j.logger.org.keycloak.keys.infinispan=trace log4j.logger.org.keycloak.services.clientregistration.policy=debug -#log4j.logger.org.keycloak.authentication=debug \ No newline at end of file +#log4j.logger.org.keycloak.authentication=debug + +## Enable SQL debugging +# Enable logs the SQL statements +#log4j.logger.org.hibernate.SQL=debug + +# Enable logs the JDBC parameters passed to a query +#log4j.logger.org.hibernate.type=trace diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/model/testrealm.json b/testsuite/integration-arquillian/tests/base/src/test/resources/model/testrealm.json index fb1a7e00028..a0c5b3011e4 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/resources/model/testrealm.json +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/model/testrealm.json @@ -120,6 +120,7 @@ "username": "wburke", "enabled": true, "createdTimestamp" : 123654, + "notBefore": 159, "attributes": { "email": "bburke@redhat.com" }, diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/testrealm.json b/testsuite/integration-arquillian/tests/base/src/test/resources/testrealm.json index 2ce6b3916e7..bbed5618872 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/resources/testrealm.json +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/testrealm.json @@ -358,6 +358,13 @@ ], "adminUrl": "http://localhost:8180/varnamedapp/base/admin", "secret": "password" + }, + { + "clientId": "direct-grant", + "enabled": true, + "directAccessGrantsEnabled": true, + "secret": "password", + "webOrigins": [ "http://localtest.me:8180" ] } ], "roles" : { @@ -449,6 +456,17 @@ "attributes": { "level2Attribute": ["true"] + } + }, + { + "name": "level2group2", + "realmRoles": ["admin"], + "clientRoles": { + "test-app": ["customer-user"] + }, + "attributes": { + "level2Attribute": ["true"] + } } ] @@ -474,6 +492,17 @@ "attributes": { "level2Attribute": ["true"] + } + }, + { + "name": "level2group2", + "realmRoles": ["admin"], + "clientRoles": { + "test-app": ["customer-user"] + }, + "attributes": { + "level2Attribute": ["true"] + } } ] diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/wildfly-integration/wildfly-management-realm.json b/testsuite/integration-arquillian/tests/base/src/test/resources/wildfly-integration/wildfly-management-realm.json new file mode 100644 index 00000000000..373ca9ab965 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/wildfly-integration/wildfly-management-realm.json @@ -0,0 +1,68 @@ +{ + "realm": "jboss-infra", + "enabled": true, + "sslRequired": "external", + "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=", + "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB", + "requiredCredentials": [ + "password" + ], + "users": [ + { + "username": "admin", + "enabled": true, + "email": "admin@admin.com", + "firstName": "Admin", + "lastName": "Istrator", + "credentials": [ + { + "type": "password", + "value": "admin" + } + ], + "realmRoles": [ + "Administrator" + ], + "clientRoles": { + "realm-management": [ + "realm-admin" + ], + "account": [ + "manage-account" + ] + } + } + ], + "roles": { + "realm": [ + { + "name": "Administrator", + "description": "Administrator privileges" + } + ] + }, + "clients": [ + { + "clientId": "wildfly-console", + "enabled": true, + "adminUrl": "http://localhost:10190", + "baseUrl": "http://localhost:10190", + "publicClient": true, + "redirectUris": [ + "http://localhost:10190/*" + ], + "webOrigins": ["http://localhost:10190"] + }, + { + "clientId": "wildfly-management", + "secret": "secret", + "enabled": true, + "baseUrl": "/photoz-restful-api", + "publicClient": false, + "redirectUris": [ + "/photoz-restful-api/*" + ], + "webOrigins" : ["*"] + } + ] +} diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/as7/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/jboss/as7/pom.xml index ebb0293957e..c2067e14ae3 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/as7/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/as7/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-as7 diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/common/xslt/keycloak-subsystem.xsl b/testsuite/integration-arquillian/tests/other/adapters/jboss/common/xslt/keycloak-subsystem.xsl index 114d875d92d..24fe3e2800c 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/common/xslt/keycloak-subsystem.xsl +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/common/xslt/keycloak-subsystem.xsl @@ -13,25 +13,29 @@ - - demo - MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB - /auth - EXTERNAL - customer-portal-subsystem - password - - - - demo - MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB - /auth - EXTERNAL - product-portal-subsystem - password - + + + + demo + MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB + /auth + EXTERNAL + customer-portal-subsystem + password + + + demo + MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB + /auth + EXTERNAL + product-portal-subsystem + password + + + + diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/pom.xml index 6e06b837f4f..309b4bc873a 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-eap diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/example/EAPBasicAuthExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/example/EAPBasicAuthExampleAdapterTest.java deleted file mode 100644 index 574ee16c4c7..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/example/EAPBasicAuthExampleAdapterTest.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * - * @author tkyjovsk - */ -@AppServerContainer("app-server-eap") -public class EAPBasicAuthExampleAdapterTest extends AbstractBasicAuthExampleAdapterTest { - -} diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/example/EAPDemoExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/example/EAPDemoExampleAdapterTest.java deleted file mode 100644 index f461222e5eb..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/example/EAPDemoExampleAdapterTest.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * - * @author tkyjovsk - */ -@AppServerContainer("app-server-eap") -public class EAPDemoExampleAdapterTest extends AbstractDemoExampleAdapterTest { - -} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/example/EAPSAMLExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/example/EAPSAMLExampleAdapterTest.java deleted file mode 100644 index b5431ff7b8f..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/example/EAPSAMLExampleAdapterTest.java +++ /dev/null @@ -1,11 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * @author mhajas - */ -@AppServerContainer("app-server-eap") -public class EAPSAMLExampleAdapterTest extends AbstractSAMLExampleAdapterTest { - -} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/example/authorization/EAPServletAuthzAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/example/authorization/EAPServletAuthzAdapterTest.java index 8355037f1ce..0ff9905fd8b 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/example/authorization/EAPServletAuthzAdapterTest.java +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/example/authorization/EAPServletAuthzAdapterTest.java @@ -17,7 +17,6 @@ package org.keycloak.testsuite.adapter.example.authorization; import org.jboss.arquillian.container.test.api.RunAsClient; -import org.keycloak.testsuite.adapter.example.authorization.AbstractServletAuthzAdapterTest; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; /** @@ -27,6 +26,6 @@ import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; @RunAsClient @AppServerContainer("app-server-eap") //@AdapterLibsLocationProperty("adapter.libs.wildfly") -public class EAPServletAuthzAdapterTest extends AbstractServletAuthzAdapterTest { +public class EAPServletAuthzAdapterTest extends AbstractServletAuthzFunctionalAdapterTest { } diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6-fuse/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6-fuse/pom.xml index 9f5a988b8f4..2e455df6d99 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6-fuse/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6-fuse/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-eap6-fuse diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/pom.xml index 16ae5fd3a20..0f5862f8799 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-eap6 @@ -37,6 +37,12 @@ creaper-core test 1.5.0 + + + com.google.guava + guava + + org.wildfly.core @@ -48,6 +54,8 @@ eap6 + 2.0.0.Final + 8.2.5.Final remote ${app.server.management.port.jmx} diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/cluster/EAP6SAMLAdapterClusterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/cluster/EAP6SAMLAdapterClusterTest.java index f0a166bea4d..b52a8debf91 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/cluster/EAP6SAMLAdapterClusterTest.java +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/cluster/EAP6SAMLAdapterClusterTest.java @@ -54,8 +54,8 @@ public class EAP6SAMLAdapterClusterTest extends AbstractSAMLAdapterClusterTest { } @Override - protected void prepareWorkerNode(Integer managementPort) throws IOException, CliException, NumberFormatException { - log.infov("Preparing worker node ({0})", managementPort); + protected void prepareWorkerNode(int nodeIndex, Integer managementPort) throws IOException, CliException, NumberFormatException { + log.infov("Preparing worker node ({0} @ {1})", nodeIndex, managementPort); OnlineManagementClient clientWorkerNodeClient = ManagementClient.online(OnlineOptions .standalone() diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/crossdc/EAP6SAMLAdapterCrossDCTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/crossdc/EAP6SAMLAdapterCrossDCTest.java new file mode 100644 index 00000000000..3a726ce20be --- /dev/null +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/crossdc/EAP6SAMLAdapterCrossDCTest.java @@ -0,0 +1,169 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.testsuite.adapter.crossdc; + +import org.keycloak.testsuite.adapter.page.EmployeeServletDistributable; +import org.keycloak.testsuite.arquillian.annotation.*; + +import java.io.*; + +import org.keycloak.testsuite.adapter.servlet.cluster.AbstractSAMLAdapterClusterTest; +import org.keycloak.testsuite.adapter.servlet.SendUsernameServlet; + +import org.apache.commons.lang3.math.NumberUtils; +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.container.test.api.TargetsContainer; +import org.jboss.dmr.ModelNode; +import org.jboss.shrinkwrap.api.asset.StringAsset; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.junit.Assert; +import org.junit.Assume; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.wildfly.extras.creaper.core.*; +import org.wildfly.extras.creaper.core.online.*; +import org.wildfly.extras.creaper.core.online.operations.*; + +import static org.hamcrest.Matchers.is; +import static org.hamcrest.Matchers.not; +import static org.keycloak.testsuite.adapter.AbstractServletsAdapterTest.samlServletDeployment; + +/** + * + * @author hmlnarik + */ +@Ignore("Infinispan version 5 does not support remote cache events, hence this test is left here for development purposes only") +@AppServerContainer("app-server-eap6") +public class EAP6SAMLAdapterCrossDCTest extends AbstractSAMLAdapterClusterTest { + + @BeforeClass + public static void checkCrossDcTest() { + Assume.assumeThat("Seems not to be running cross-DC tests", System.getProperty("cache.server"), not(is("undefined"))); + } + + protected static final int PORT_OFFSET_CACHE_1 = NumberUtils.toInt(System.getProperty("cache.server.port.offset"), 0); + protected static final int CACHE_HOTROD_PORT_CACHE_1 = 11222 + PORT_OFFSET_CACHE_1; + protected static final int PORT_OFFSET_CACHE_2 = NumberUtils.toInt(System.getProperty("cache.server.2.port.offset"), 0); + protected static final int CACHE_HOTROD_PORT_CACHE_2 = 11222 + PORT_OFFSET_CACHE_2; + + private final int[] CACHE_HOTROD_PORTS = new int[] { CACHE_HOTROD_PORT_CACHE_1, CACHE_HOTROD_PORT_CACHE_2 }; + private final int[] TCPPING_PORTS = new int[] { 7600 + PORT_OFFSET_NODE_1, 7600 + PORT_OFFSET_NODE_2 }; + + private static final String SESSION_CACHE_NAME = EmployeeServletDistributable.DEPLOYMENT_NAME + "-cache"; + private static final String SSO_CACHE_NAME = SESSION_CACHE_NAME + ".ssoCache"; + + private static final Address SESSION_CACHE_ADDR = Address.subsystem("infinispan") + .and("cache-container", "web") + .and("replicated-cache", SESSION_CACHE_NAME); + private static final Address SSO_CACHE_ADDR = Address.subsystem("infinispan") + .and("cache-container", "web") + .and("replicated-cache", SSO_CACHE_NAME); + + private static final String JBOSS_WEB_XML = "\n" + + "\n" + + " \n" + + " SESSION\n" + + " " + "web." + SESSION_CACHE_NAME + "\n" + + " \n" + + ""; + + @TargetsContainer(value = "app-server-eap6-" + NODE_1_NAME) + @Deployment(name = EmployeeServletDistributable.DEPLOYMENT_NAME, managed = false) + protected static WebArchive employee() { + return samlServletDeployment(EmployeeServletDistributable.DEPLOYMENT_NAME, + EmployeeServletDistributable.DEPLOYMENT_NAME + "/WEB-INF/web.xml", + SendUsernameServlet.class) + .addAsWebInfResource(new StringAsset(JBOSS_WEB_XML), "jboss-web.xml"); + } + + @TargetsContainer(value = "app-server-eap6-" + NODE_2_NAME) + @Deployment(name = EmployeeServletDistributable.DEPLOYMENT_NAME + "_2", managed = false) + protected static WebArchive employee2() { + return employee(); + } + + @Override + protected void prepareWorkerNode(int nodeIndex, Integer managementPort) throws IOException, CliException, NumberFormatException { + log.infov("Preparing worker node ({0} @ {1})", nodeIndex, managementPort); + + OnlineManagementClient clientWorkerNodeClient = ManagementClient.online(OnlineOptions + .standalone() + .hostAndPort("localhost", managementPort) + .protocol(ManagementProtocol.REMOTE) + .build()); + Operations op = new Operations(clientWorkerNodeClient); + + Batch b = new Batch(); + Address tcppingStack = Address + .subsystem("jgroups") + .and("stack", "tcpping"); + b.add(tcppingStack); + b.add(tcppingStack.and("transport", "TRANSPORT"), Values.of("socket-binding", "jgroups-tcp").and("type", "TCP")); + b.invoke("add-protocol", tcppingStack, Values.of("type", "TCPPING")); + b.add(tcppingStack.and("protocol", "TCPPING").and("property", "initial_hosts"), Values.of("value", "localhost[" + TCPPING_PORTS[nodeIndex] + "]")); + b.add(tcppingStack.and("protocol", "TCPPING").and("property", "port_range"), Values.of("value", "0")); + b.add(tcppingStack.and("protocol", "TCPPING").and("property", "num_initial_members"), Values.of("value", "1")); + b.add(tcppingStack.and("protocol", "TCPPING").and("property", "timeout"), Values.of("value", "3000")); + b.invoke("add-protocol", tcppingStack, Values.of("type", "MERGE2")); + b.invoke("add-protocol", tcppingStack, Values.of("type", "FD_SOCK").and("socket-binding", "jgroups-tcp-fd")); + b.invoke("add-protocol", tcppingStack, Values.of("type", "FD")); + b.invoke("add-protocol", tcppingStack, Values.of("type", "VERIFY_SUSPECT")); + b.invoke("add-protocol", tcppingStack, Values.of("type", "pbcast.NAKACK")); + b.invoke("add-protocol", tcppingStack, Values.of("type", "UNICAST2")); + b.invoke("add-protocol", tcppingStack, Values.of("type", "pbcast.STABLE")); + b.invoke("add-protocol", tcppingStack, Values.of("type", "pbcast.GMS")); + b.invoke("add-protocol", tcppingStack, Values.of("type", "UFC")); + b.invoke("add-protocol", tcppingStack, Values.of("type", "MFC")); + b.invoke("add-protocol", tcppingStack, Values.of("type", "FRAG2")); + b.invoke("add-protocol", tcppingStack, Values.of("type", "RSVP")); + Assert.assertTrue("Could not add TCPPING JGroups stack", op.batch(b).isSuccess()); + + op.add(Address.of("socket-binding-group", "standard-sockets").and("remote-destination-outbound-socket-binding", "cache-server"), + Values.of("host", "localhost") + .and("port", CACHE_HOTROD_PORTS[nodeIndex])); + + op.add(SESSION_CACHE_ADDR, Values.of("statistics-enabled", "true").and("mode", "SYNC")); + op.add(SESSION_CACHE_ADDR.and("remote-store", "REMOTE_STORE"), + Values.of("remote-servers", ModelNode.fromString("[{\"outbound-socket-binding\"=>\"cache-server\"}]")) + .and("cache", SESSION_CACHE_NAME) + .and("passivation", false) + .and("purge", false) + .and("preload", false) + .and("shared", true) + ); + + op.add(SSO_CACHE_ADDR, Values.of("statistics-enabled", "true").and("mode", "SYNC")); + op.add(SSO_CACHE_ADDR.and("remote-store", "REMOTE_STORE"), + Values.of("remote-servers", ModelNode.fromString("[{\"outbound-socket-binding\"=>\"cache-server\"}]")) + .and("cache", SSO_CACHE_NAME) + .and("passivation", false) + .and("purge", false) + .and("preload", false) + .and("shared", true) + ); + + Assert.assertTrue(op.writeAttribute(Address.subsystem("jgroups"), "default-stack", "tcpping").isSuccess()); + Assert.assertTrue(op.writeAttribute(Address.subsystem("web"), "instance-id", "${jboss.node.name}").isSuccess()); + op.add(Address.extension("org.keycloak.keycloak-saml-adapter-subsystem"), Values.of("module", "org.keycloak.keycloak-saml-adapter-subsystem")); + op.add(Address.subsystem("keycloak-saml")); + + clientWorkerNodeClient.execute("reload"); + + log.infov("Worker node ({0}) Prepared", managementPort); + } + +} diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/example/EAP6BasicAuthExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/example/EAP6BasicAuthExampleAdapterTest.java deleted file mode 100644 index 8299093dc2d..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/example/EAP6BasicAuthExampleAdapterTest.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * - * @author tkyjovsk - */ -@AppServerContainer("app-server-eap6") -public class EAP6BasicAuthExampleAdapterTest extends AbstractBasicAuthExampleAdapterTest { - -} diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/example/EAP6DemoExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/example/EAP6DemoExampleAdapterTest.java deleted file mode 100644 index d0c0c95e740..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/example/EAP6DemoExampleAdapterTest.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * - * @author tkyjovsk - */ -@AppServerContainer("app-server-eap6") -public class EAP6DemoExampleAdapterTest extends AbstractDemoExampleAdapterTest { - -} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/example/EAP6SAMLExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/example/EAP6SAMLExampleAdapterTest.java deleted file mode 100644 index 208d43098ef..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/example/EAP6SAMLExampleAdapterTest.java +++ /dev/null @@ -1,11 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * @author mhajas - */ -@AppServerContainer("app-server-eap6") -public class EAP6SAMLExampleAdapterTest extends AbstractSAMLExampleAdapterTest { - -} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/jboss/pom.xml index 45d6cd14c53..e5afde620d2 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-jboss diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/eap/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/eap/pom.xml index 7ef888ebc24..1f52d55e956 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/eap/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/eap/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-jboss-relative - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-relative-eap diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/eap/src/test/java/org/keycloak/testsuite/adapter/example/RelativeEAPBasicAuthExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/eap/src/test/java/org/keycloak/testsuite/adapter/example/RelativeEAPBasicAuthExampleAdapterTest.java deleted file mode 100644 index 9d779502d20..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/eap/src/test/java/org/keycloak/testsuite/adapter/example/RelativeEAPBasicAuthExampleAdapterTest.java +++ /dev/null @@ -1,9 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -/** - * - * @author tkyjovsk - */ -public class RelativeEAPBasicAuthExampleAdapterTest extends AbstractBasicAuthExampleAdapterTest { - -} diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/eap/src/test/java/org/keycloak/testsuite/adapter/example/RelativeEAPCorsExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/eap/src/test/java/org/keycloak/testsuite/adapter/example/RelativeEAPCorsExampleAdapterTest.java deleted file mode 100644 index b96ee75e0f5..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/eap/src/test/java/org/keycloak/testsuite/adapter/example/RelativeEAPCorsExampleAdapterTest.java +++ /dev/null @@ -1,9 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -/** - * - * @author fkiss - */ -public class RelativeEAPCorsExampleAdapterTest extends AbstractCorsExampleAdapterTest { - -} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/eap/src/test/java/org/keycloak/testsuite/adapter/example/RelativeEAPDemoExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/eap/src/test/java/org/keycloak/testsuite/adapter/example/RelativeEAPDemoExampleAdapterTest.java deleted file mode 100644 index ef94eee5b3b..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/eap/src/test/java/org/keycloak/testsuite/adapter/example/RelativeEAPDemoExampleAdapterTest.java +++ /dev/null @@ -1,9 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -/** - * - * @author tkyjovsk - */ -public class RelativeEAPDemoExampleAdapterTest extends AbstractDemoExampleAdapterTest { - -} diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/eap/src/test/java/org/keycloak/testsuite/adapter/example/RelativeEAPSAMLExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/eap/src/test/java/org/keycloak/testsuite/adapter/example/RelativeEAPSAMLExampleAdapterTest.java deleted file mode 100644 index 2afe2381e13..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/eap/src/test/java/org/keycloak/testsuite/adapter/example/RelativeEAPSAMLExampleAdapterTest.java +++ /dev/null @@ -1,9 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -/** - * - * @author mhajas - */ -public class RelativeEAPSAMLExampleAdapterTest extends AbstractSAMLExampleAdapterTest { - -} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/pom.xml index 306ee67b7fa..426dafb6f93 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT pom diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/wildfly/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/wildfly/pom.xml index e838764dc5b..cc9de328049 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/wildfly/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/wildfly/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-jboss-relative - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-relative-wildfly diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/pom.xml index 922bb867e5a..8a96e082443 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-remote diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/java/org/keycloak/testsuite/adapter/example/RemoteBasicAuthExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/java/org/keycloak/testsuite/adapter/example/RemoteBasicAuthExampleAdapterTest.java deleted file mode 100644 index 07b907e21ad..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/java/org/keycloak/testsuite/adapter/example/RemoteBasicAuthExampleAdapterTest.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * - * @author tkyjovsk - */ -@AppServerContainer("app-server-remote") -public class RemoteBasicAuthExampleAdapterTest extends AbstractBasicAuthExampleAdapterTest { - -} diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/java/org/keycloak/testsuite/adapter/example/RemoteDemoExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/java/org/keycloak/testsuite/adapter/example/RemoteDemoExampleAdapterTest.java deleted file mode 100644 index 90860d24e5b..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/java/org/keycloak/testsuite/adapter/example/RemoteDemoExampleAdapterTest.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * - * @author tkyjovsk - */ -@AppServerContainer("app-server-remote") -public class RemoteDemoExampleAdapterTest extends AbstractDemoExampleAdapterTest { - -} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/java/org/keycloak/testsuite/adapter/example/RemoteSAMLExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/java/org/keycloak/testsuite/adapter/example/RemoteSAMLExampleAdapterTest.java deleted file mode 100644 index 9dca78baf07..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/java/org/keycloak/testsuite/adapter/example/RemoteSAMLExampleAdapterTest.java +++ /dev/null @@ -1,11 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * @author mhajas - */ -@AppServerContainer("app-server-remote") -public class RemoteSAMLExampleAdapterTest extends AbstractSAMLExampleAdapterTest { - -} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/pom.xml index 3a6e545cda4..610161acee7 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-wildfly @@ -36,13 +36,25 @@ org.wildfly.extras.creaper creaper-core test - 1.5.0 + 1.6.1 + + + com.google.guava + guava + + org.wildfly.core wildfly-cli test - 2.2.0.Final + ${wildfly.core.version} + + + org.wildfly.core + wildfly-controller-client + test + ${wildfly.core.version} diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/cluster/WildflySAMLAdapterClusterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/cluster/WildflySAMLAdapterClusterTest.java index eb7973c37dc..5735a6aed48 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/cluster/WildflySAMLAdapterClusterTest.java +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/cluster/WildflySAMLAdapterClusterTest.java @@ -53,8 +53,8 @@ public class WildflySAMLAdapterClusterTest extends AbstractSAMLAdapterClusterTes } @Override - protected void prepareWorkerNode(Integer managementPort) throws IOException, CliException, NumberFormatException { - log.infov("Preparing worker node ({0})", managementPort); + protected void prepareWorkerNode(int nodeIndex, Integer managementPort) throws IOException, CliException, NumberFormatException { + log.infov("Preparing worker node ({0} @ {1})", nodeIndex, managementPort); OnlineManagementClient clientWorkerNodeClient = ManagementClient.online(OnlineOptions .standalone() @@ -71,8 +71,6 @@ public class WildflySAMLAdapterClusterTest extends AbstractSAMLAdapterClusterTes b.add(tcppingStack.and("protocol", "TCPPING")); b.add(tcppingStack.and("protocol", "TCPPING").and("property", "initial_hosts"), Values.of("value", "localhost[" + (7600 + PORT_OFFSET_NODE_1) + "],localhost[" + (7600 + PORT_OFFSET_NODE_2) + "]")); b.add(tcppingStack.and("protocol", "TCPPING").and("property", "port_range"), Values.of("value", "0")); - b.add(tcppingStack.and("protocol", "TCPPING").and("property", "num_initial_members"), Values.of("value", "2")); - b.add(tcppingStack.and("protocol", "TCPPING").and("property", "timeout"), Values.of("value", "3000")); b.add(tcppingStack.and("protocol", "MERGE3")); b.add(tcppingStack.and("protocol", "FD_SOCK"), Values.of("socket-binding", "jgroups-tcp-fd")); b.add(tcppingStack.and("protocol", "FD")); diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/crossdc/WildflySAMLAdapterCrossDCTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/crossdc/WildflySAMLAdapterCrossDCTest.java new file mode 100644 index 00000000000..9288f20a9c6 --- /dev/null +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/crossdc/WildflySAMLAdapterCrossDCTest.java @@ -0,0 +1,162 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.testsuite.adapter.crossdc; + +import org.keycloak.testsuite.adapter.page.EmployeeServletDistributable; +import org.keycloak.testsuite.arquillian.annotation.*; + +import java.io.*; + +import org.keycloak.testsuite.adapter.servlet.cluster.AbstractSAMLAdapterClusterTest; +import org.keycloak.testsuite.adapter.servlet.SendUsernameServlet; + +import org.apache.commons.lang3.math.NumberUtils; +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.container.test.api.TargetsContainer; +import org.jboss.shrinkwrap.api.asset.StringAsset; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.junit.Assume; +import org.junit.BeforeClass; +import org.wildfly.extras.creaper.core.*; +import org.wildfly.extras.creaper.core.online.*; +import org.wildfly.extras.creaper.core.online.operations.*; + +import static org.hamcrest.Matchers.is; +import static org.hamcrest.Matchers.not; +import static org.keycloak.testsuite.adapter.AbstractServletsAdapterTest.samlServletDeployment; + +/** + * + * @author hmlnarik + */ +@AppServerContainer("app-server-wildfly") +public class WildflySAMLAdapterCrossDCTest extends AbstractSAMLAdapterClusterTest { + + @BeforeClass + public static void checkCrossDcTest() { + Assume.assumeThat("Seems not to be running cross-DC tests", System.getProperty("cache.server"), not(is("undefined"))); + } + + protected static final int PORT_OFFSET_CACHE_1 = NumberUtils.toInt(System.getProperty("cache.server.port.offset"), 0); + protected static final int CACHE_HOTROD_PORT_CACHE_1 = 11222 + PORT_OFFSET_CACHE_1; + protected static final int PORT_OFFSET_CACHE_2 = NumberUtils.toInt(System.getProperty("cache.server.2.port.offset"), 0); + protected static final int CACHE_HOTROD_PORT_CACHE_2 = 11222 + PORT_OFFSET_CACHE_2; + + private final int[] CACHE_HOTROD_PORTS = new int[] { CACHE_HOTROD_PORT_CACHE_1, CACHE_HOTROD_PORT_CACHE_2 }; + private final int[] TCPPING_PORTS = new int[] { 7600 + PORT_OFFSET_NODE_1, 7600 + PORT_OFFSET_NODE_2 }; + + private static final String SESSION_CACHE_NAME = EmployeeServletDistributable.DEPLOYMENT_NAME + "-cache"; + private static final String SSO_CACHE_NAME = SESSION_CACHE_NAME + ".ssoCache"; + + private static final Address SESSION_CACHE_ADDR = Address.subsystem("infinispan") + .and("cache-container", "web") + .and("replicated-cache", SESSION_CACHE_NAME); + private static final Address SSO_CACHE_ADDR = Address.subsystem("infinispan") + .and("cache-container", "web") + .and("replicated-cache", SSO_CACHE_NAME); + + private static final String JBOSS_WEB_XML = "\n" + + "\n" + + " \n" + + " SESSION\n" + + " " + "web." + SESSION_CACHE_NAME + "\n" + + " \n" + + ""; + + @TargetsContainer(value = "app-server-wildfly-" + NODE_1_NAME) + @Deployment(name = EmployeeServletDistributable.DEPLOYMENT_NAME, managed = false) + protected static WebArchive employee() { + return samlServletDeployment(EmployeeServletDistributable.DEPLOYMENT_NAME, + EmployeeServletDistributable.DEPLOYMENT_NAME + "/WEB-INF/web.xml", + SendUsernameServlet.class) + .addAsWebInfResource(new StringAsset(JBOSS_WEB_XML), "jboss-web.xml"); + } + + @TargetsContainer(value = "app-server-wildfly-" + NODE_2_NAME) + @Deployment(name = EmployeeServletDistributable.DEPLOYMENT_NAME + "_2", managed = false) + protected static WebArchive employee2() { + return employee(); + } + + @Override + protected void prepareWorkerNode(int nodeIndex, Integer managementPort) throws IOException, CliException, NumberFormatException { + log.infov("Preparing worker node ({0} @ {1})", nodeIndex, managementPort); + + OnlineManagementClient clientWorkerNodeClient = ManagementClient.online(OnlineOptions + .standalone() + .hostAndPort("localhost", managementPort) + .build()); + Operations op = new Operations(clientWorkerNodeClient); + + Batch b = new Batch(); + Address tcppingStack = Address + .subsystem("jgroups") + .and("stack", "tcpping"); + b.add(tcppingStack); + b.add(tcppingStack.and("transport", "TCP"), Values.of("socket-binding", "jgroups-tcp")); + b.add(tcppingStack.and("protocol", "TCPPING")); + b.add(tcppingStack.and("protocol", "TCPPING").and("property", "initial_hosts"), Values.of("value", "localhost[" + TCPPING_PORTS[nodeIndex] + "]")); + b.add(tcppingStack.and("protocol", "TCPPING").and("property", "port_range"), Values.of("value", "0")); + b.add(tcppingStack.and("protocol", "MERGE3")); + b.add(tcppingStack.and("protocol", "FD_SOCK"), Values.of("socket-binding", "jgroups-tcp-fd")); + b.add(tcppingStack.and("protocol", "FD")); + b.add(tcppingStack.and("protocol", "VERIFY_SUSPECT")); + b.add(tcppingStack.and("protocol", "pbcast.NAKACK2")); + b.add(tcppingStack.and("protocol", "UNICAST3")); + b.add(tcppingStack.and("protocol", "pbcast.STABLE")); + b.add(tcppingStack.and("protocol", "pbcast.GMS")); + b.add(tcppingStack.and("protocol", "MFC")); + b.add(tcppingStack.and("protocol", "FRAG2")); + b.writeAttribute(Address.subsystem("jgroups").and("channel", "ee"), "stack", "tcpping"); + op.batch(b); + + + op.add(Address.of("socket-binding-group", "standard-sockets").and("remote-destination-outbound-socket-binding", "cache-server"), + Values.of("host", "localhost") + .and("port", CACHE_HOTROD_PORTS[nodeIndex])); + + op.add(SESSION_CACHE_ADDR, Values.of("statistics-enabled", "true").and("mode", "SYNC")); + op.writeAttribute(SESSION_CACHE_ADDR.and("component", "locking"), "isolation", "REPEATABLE_READ"); + op.writeAttribute(SESSION_CACHE_ADDR.and("component", "transaction"), "mode", "BATCH"); + op.add(SESSION_CACHE_ADDR.and("store", "remote"), + Values.ofList("remote-servers", "cache-server") + .and("cache", SESSION_CACHE_NAME) + .and("passivation", false) + .and("purge", false) + .and("preload", false) + .and("shared", true) + ); + + op.add(SSO_CACHE_ADDR, Values.of("statistics-enabled", "true").and("mode", "SYNC")); + op.add(SSO_CACHE_ADDR.and("store", "remote"), + Values.ofList("remote-servers", "cache-server") + .and("cache", SSO_CACHE_NAME) + .and("passivation", false) + .and("purge", false) + .and("preload", false) + .and("shared", true) + ); + + op.add(Address.extension("org.keycloak.keycloak-saml-adapter-subsystem"), Values.of("module", "org.keycloak.keycloak-saml-adapter-subsystem")); + op.add(Address.subsystem("keycloak-saml")); + + clientWorkerNodeClient.execute("reload"); + + log.infov("Worker node ({0}) Prepared", managementPort); + } + +} diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/WildflyBasicAuthExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/WildflyBasicAuthExampleAdapterTest.java deleted file mode 100644 index 878f337cbe5..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/WildflyBasicAuthExampleAdapterTest.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * - * @author tkyjovsk - */ -@AppServerContainer("app-server-wildfly") -public class WildflyBasicAuthExampleAdapterTest extends AbstractBasicAuthExampleAdapterTest { - -} diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/WildflyDemoExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/WildflyDemoExampleAdapterTest.java deleted file mode 100644 index 588c28d82d4..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/WildflyDemoExampleAdapterTest.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * - * @author tkyjovsk - */ -@AppServerContainer("app-server-wildfly") -public class WildflyDemoExampleAdapterTest extends AbstractDemoExampleAdapterTest { - -} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/WildflySAMLExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/WildflySAMLExampleAdapterTest.java deleted file mode 100644 index e118da1f1b2..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/WildflySAMLExampleAdapterTest.java +++ /dev/null @@ -1,11 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * @author mhajas - */ -@AppServerContainer("app-server-wildfly") -public class WildflySAMLExampleAdapterTest extends AbstractSAMLExampleAdapterTest { - -} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/hal/WildflyConsoleProtectionTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/hal/WildflyConsoleProtectionTest.java new file mode 100644 index 00000000000..8057da730a8 --- /dev/null +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/hal/WildflyConsoleProtectionTest.java @@ -0,0 +1,109 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.testsuite.adapter.example.hal; + +import static org.junit.Assert.assertTrue; +import static org.keycloak.testsuite.util.IOUtil.loadRealm; + +import java.util.List; + +import org.jboss.arquillian.graphene.page.Page; +import org.junit.Before; +import org.junit.Test; +import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.testsuite.adapter.AbstractAdapterTest; +import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; +import org.keycloak.testsuite.pages.AccountUpdateProfilePage; +import org.keycloak.testsuite.pages.AppServerWelcomePage; +import org.keycloak.testsuite.util.WaitUtils; +import org.wildfly.extras.creaper.core.ManagementClient; +import org.wildfly.extras.creaper.core.online.OnlineManagementClient; +import org.wildfly.extras.creaper.core.online.OnlineOptions; + +/** + * + * @author Pedro Igor + */ +@AppServerContainer("app-server-wildfly") +//@AdapterLibsLocationProperty("adapter.libs.wildfly") +public class WildflyConsoleProtectionTest extends AbstractAdapterTest { + + @Page + protected AppServerWelcomePage appServerWelcomePage; + + @Page + protected AccountUpdateProfilePage accountUpdateProfilePage; + + @Override + public void addAdapterTestRealms(List testRealms) { + testRealms.add(loadRealm("/wildfly-integration/wildfly-management-realm.json")); + } + + @Before + public void beforeAuthTest() { + super.beforeAuthTest(); + + try { + OnlineManagementClient clientWorkerNodeClient = ManagementClient.online(OnlineOptions + .standalone() + .hostAndPort("localhost", 10190) + .build()); + + // Create a realm for both wildfly console and mgmt interface + clientWorkerNodeClient.execute("/subsystem=keycloak/realm=jboss-infra:add(auth-server-url=http://localhost:8180/auth,realm-public-key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB)"); + + // Create a secure-deployment in order to protect mgmt interface + clientWorkerNodeClient.execute("/subsystem=keycloak/secure-deployment=wildfly-management:add(realm=jboss-infra,resource=wildfly-management,principal-attribute=preferred_username,bearer-only=true,ssl-required=EXTERNAL)"); + + // Protect HTTP mgmt interface with Keycloak adapter + clientWorkerNodeClient.execute("/core-service=management/management-interface=http-interface:undefine-attribute(name=security-realm)"); + clientWorkerNodeClient.execute("/subsystem=elytron/http-authentication-factory=keycloak-mgmt-http-authentication:add(security-domain=KeycloakDomain,http-server-mechanism-factory=wildfly-management,mechanism-configurations=[{mechanism-name=KEYCLOAK,mechanism-realm-configurations=[{realm-name=KeycloakOIDCRealm,realm-mapper=keycloak-oidc-realm-mapper}]}])"); + clientWorkerNodeClient.execute("/core-service=management/management-interface=http-interface:write-attribute(name=http-authentication-factory,value=keycloak-mgmt-http-authentication)"); + clientWorkerNodeClient.execute("/core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade, value={enabled=true, sasl-authentication-factory=management-sasl-authentication})"); + + // Enable RBAC where roles are obtained from the identity + clientWorkerNodeClient.execute("/core-service=management/access=authorization:write-attribute(name=provider,value=rbac)"); + clientWorkerNodeClient.execute("/core-service=management/access=authorization:write-attribute(name=use-identity-roles,value=true)"); + + // Create a secure-server in order to publish the wildfly console configuration via mgmt interface + clientWorkerNodeClient.execute("/subsystem=keycloak/secure-server=wildfly-console:add(realm=jboss-infra,resource=wildfly-console,public-client=true)"); + + // reload + clientWorkerNodeClient.execute("reload"); + } catch (Exception cause) { + throw new RuntimeException("Failed to configure app server", cause); + } + } + + @Test + public void testLogin() throws InterruptedException { + appServerWelcomePage.navigateToConsole(); + appServerWelcomePage.login("admin", "admin"); + WaitUtils.pause(2000); + assertTrue(appServerWelcomePage.isCurrent()); + } + + @Test + public void testUserCanAccessAccountService() throws InterruptedException { + appServerWelcomePage.navigateToConsole(); + appServerWelcomePage.login("admin", "admin"); + WaitUtils.pause(2000); + appServerWelcomePage.navigateToAccessControl(); + appServerWelcomePage.navigateManageProfile(); + assertTrue(accountUpdateProfilePage.isCurrent()); + } +} diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly10/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly10/pom.xml index 62c011cf010..152688c96e5 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly10/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly10/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-wildfly10 @@ -37,6 +37,12 @@ creaper-core test 1.5.0 + + + com.google.guava + guava + + org.wildfly.core @@ -48,6 +54,8 @@ wildfly10 + 2.0.0.Final + 8.2.5.Final \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly10/src/test/java/org/keycloak/testsuite/adapter/cluster/Wildfly10SAMLAdapterClusterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly10/src/test/java/org/keycloak/testsuite/adapter/cluster/Wildfly10SAMLAdapterClusterTest.java index f62f320adef..d80fda5aaa5 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly10/src/test/java/org/keycloak/testsuite/adapter/cluster/Wildfly10SAMLAdapterClusterTest.java +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly10/src/test/java/org/keycloak/testsuite/adapter/cluster/Wildfly10SAMLAdapterClusterTest.java @@ -40,21 +40,21 @@ import static org.keycloak.testsuite.adapter.AbstractServletsAdapterTest.samlSer @AppServerContainer("app-server-wildfly10") public class Wildfly10SAMLAdapterClusterTest extends AbstractSAMLAdapterClusterTest { - @TargetsContainer(value = "app-server-wildfly-" + NODE_1_NAME) + @TargetsContainer(value = "app-server-wildfly10-" + NODE_1_NAME) @Deployment(name = EmployeeServletDistributable.DEPLOYMENT_NAME, managed = false) protected static WebArchive employee() { return samlServletDeployment(EmployeeServletDistributable.DEPLOYMENT_NAME, EmployeeServletDistributable.DEPLOYMENT_NAME + "/WEB-INF/web.xml", SendUsernameServlet.class); } - @TargetsContainer(value = "app-server-wildfly-" + NODE_2_NAME) + @TargetsContainer(value = "app-server-wildfly10-" + NODE_2_NAME) @Deployment(name = EmployeeServletDistributable.DEPLOYMENT_NAME + "_2", managed = false) protected static WebArchive employee2() { return employee(); } @Override - protected void prepareWorkerNode(Integer managementPort) throws IOException, CliException, NumberFormatException { - log.infov("Preparing worker node ({0})", managementPort); + protected void prepareWorkerNode(int nodeIndex, Integer managementPort) throws IOException, CliException, NumberFormatException { + log.infov("Preparing worker node ({0} @ {1})", nodeIndex, managementPort); OnlineManagementClient clientWorkerNodeClient = ManagementClient.online(OnlineOptions .standalone() @@ -71,8 +71,6 @@ public class Wildfly10SAMLAdapterClusterTest extends AbstractSAMLAdapterClusterT b.add(tcppingStack.and("protocol", "TCPPING")); b.add(tcppingStack.and("protocol", "TCPPING").and("property", "initial_hosts"), Values.of("value", "localhost[" + (7600 + PORT_OFFSET_NODE_1) + "],localhost[" + (7600 + PORT_OFFSET_NODE_2) + "]")); b.add(tcppingStack.and("protocol", "TCPPING").and("property", "port_range"), Values.of("value", "0")); - b.add(tcppingStack.and("protocol", "TCPPING").and("property", "num_initial_members"), Values.of("value", "2")); - b.add(tcppingStack.and("protocol", "TCPPING").and("property", "timeout"), Values.of("value", "3000")); b.add(tcppingStack.and("protocol", "MERGE3")); b.add(tcppingStack.and("protocol", "FD_SOCK"), Values.of("socket-binding", "jgroups-tcp-fd")); b.add(tcppingStack.and("protocol", "FD")); diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly10/src/test/java/org/keycloak/testsuite/adapter/crossdc/Wildfly10SAMLAdapterCrossDCTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly10/src/test/java/org/keycloak/testsuite/adapter/crossdc/Wildfly10SAMLAdapterCrossDCTest.java new file mode 100644 index 00000000000..9c7d935db6c --- /dev/null +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly10/src/test/java/org/keycloak/testsuite/adapter/crossdc/Wildfly10SAMLAdapterCrossDCTest.java @@ -0,0 +1,162 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.testsuite.adapter.crossdc; + +import org.keycloak.testsuite.adapter.page.EmployeeServletDistributable; +import org.keycloak.testsuite.arquillian.annotation.*; + +import java.io.*; + +import org.keycloak.testsuite.adapter.servlet.cluster.AbstractSAMLAdapterClusterTest; +import org.keycloak.testsuite.adapter.servlet.SendUsernameServlet; + +import org.apache.commons.lang3.math.NumberUtils; +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.container.test.api.TargetsContainer; +import org.jboss.shrinkwrap.api.asset.StringAsset; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.junit.Assume; +import org.junit.BeforeClass; +import org.wildfly.extras.creaper.core.*; +import org.wildfly.extras.creaper.core.online.*; +import org.wildfly.extras.creaper.core.online.operations.*; + +import static org.hamcrest.Matchers.is; +import static org.hamcrest.Matchers.not; +import static org.keycloak.testsuite.adapter.AbstractServletsAdapterTest.samlServletDeployment; + +/** + * + * @author hmlnarik + */ +@AppServerContainer("app-server-wildfly10") +public class Wildfly10SAMLAdapterCrossDCTest extends AbstractSAMLAdapterClusterTest { + + @BeforeClass + public static void checkCrossDcTest() { + Assume.assumeThat("Seems not to be running cross-DC tests", System.getProperty("cache.server"), not(is("undefined"))); + } + + protected static final int PORT_OFFSET_CACHE_1 = NumberUtils.toInt(System.getProperty("cache.server.port.offset"), 0); + protected static final int CACHE_HOTROD_PORT_CACHE_1 = 11222 + PORT_OFFSET_CACHE_1; + protected static final int PORT_OFFSET_CACHE_2 = NumberUtils.toInt(System.getProperty("cache.server.2.port.offset"), 0); + protected static final int CACHE_HOTROD_PORT_CACHE_2 = 11222 + PORT_OFFSET_CACHE_2; + + private final int[] CACHE_HOTROD_PORTS = new int[] { CACHE_HOTROD_PORT_CACHE_1, CACHE_HOTROD_PORT_CACHE_2 }; + private final int[] TCPPING_PORTS = new int[] { 7600 + PORT_OFFSET_NODE_1, 7600 + PORT_OFFSET_NODE_2 }; + + private static final String SESSION_CACHE_NAME = EmployeeServletDistributable.DEPLOYMENT_NAME + "-cache"; + private static final String SSO_CACHE_NAME = SESSION_CACHE_NAME + ".ssoCache"; + + private static final Address SESSION_CACHE_ADDR = Address.subsystem("infinispan") + .and("cache-container", "web") + .and("replicated-cache", SESSION_CACHE_NAME); + private static final Address SSO_CACHE_ADDR = Address.subsystem("infinispan") + .and("cache-container", "web") + .and("replicated-cache", SSO_CACHE_NAME); + + private static final String JBOSS_WEB_XML = "\n" + + "\n" + + " \n" + + " SESSION\n" + + " " + "web." + SESSION_CACHE_NAME + "\n" + + " \n" + + ""; + + @TargetsContainer(value = "app-server-wildfly10-" + NODE_1_NAME) + @Deployment(name = EmployeeServletDistributable.DEPLOYMENT_NAME, managed = false) + protected static WebArchive employee() { + return samlServletDeployment(EmployeeServletDistributable.DEPLOYMENT_NAME, + EmployeeServletDistributable.DEPLOYMENT_NAME + "/WEB-INF/web.xml", + SendUsernameServlet.class) + .addAsWebInfResource(new StringAsset(JBOSS_WEB_XML), "jboss-web.xml"); + } + + @TargetsContainer(value = "app-server-wildfly10-" + NODE_2_NAME) + @Deployment(name = EmployeeServletDistributable.DEPLOYMENT_NAME + "_2", managed = false) + protected static WebArchive employee2() { + return employee(); + } + + @Override + protected void prepareWorkerNode(int nodeIndex, Integer managementPort) throws IOException, CliException, NumberFormatException { + log.infov("Preparing worker node ({0} @ {1})", nodeIndex, managementPort); + + OnlineManagementClient clientWorkerNodeClient = ManagementClient.online(OnlineOptions + .standalone() + .hostAndPort("localhost", managementPort) + .build()); + Operations op = new Operations(clientWorkerNodeClient); + + Batch b = new Batch(); + Address tcppingStack = Address + .subsystem("jgroups") + .and("stack", "tcpping"); + b.add(tcppingStack); + b.add(tcppingStack.and("transport", "TCP"), Values.of("socket-binding", "jgroups-tcp")); + b.add(tcppingStack.and("protocol", "TCPPING")); + b.add(tcppingStack.and("protocol", "TCPPING").and("property", "initial_hosts"), Values.of("value", "localhost[" + TCPPING_PORTS[nodeIndex] + "]")); + b.add(tcppingStack.and("protocol", "TCPPING").and("property", "port_range"), Values.of("value", "0")); + b.add(tcppingStack.and("protocol", "MERGE3")); + b.add(tcppingStack.and("protocol", "FD_SOCK"), Values.of("socket-binding", "jgroups-tcp-fd")); + b.add(tcppingStack.and("protocol", "FD")); + b.add(tcppingStack.and("protocol", "VERIFY_SUSPECT")); + b.add(tcppingStack.and("protocol", "pbcast.NAKACK2")); + b.add(tcppingStack.and("protocol", "UNICAST3")); + b.add(tcppingStack.and("protocol", "pbcast.STABLE")); + b.add(tcppingStack.and("protocol", "pbcast.GMS")); + b.add(tcppingStack.and("protocol", "MFC")); + b.add(tcppingStack.and("protocol", "FRAG2")); + b.writeAttribute(Address.subsystem("jgroups").and("channel", "ee"), "stack", "tcpping"); + op.batch(b); + + + op.add(Address.of("socket-binding-group", "standard-sockets").and("remote-destination-outbound-socket-binding", "cache-server"), + Values.of("host", "localhost") + .and("port", CACHE_HOTROD_PORTS[nodeIndex])); + + op.add(SESSION_CACHE_ADDR, Values.of("statistics-enabled", "true").and("mode", "SYNC")); + op.writeAttribute(SESSION_CACHE_ADDR.and("component", "locking"), "isolation", "REPEATABLE_READ"); + op.writeAttribute(SESSION_CACHE_ADDR.and("component", "transaction"), "mode", "BATCH"); + op.add(SESSION_CACHE_ADDR.and("store", "remote"), + Values.ofList("remote-servers", "cache-server") + .and("cache", SESSION_CACHE_NAME) + .and("passivation", false) + .and("purge", false) + .and("preload", false) + .and("shared", true) + ); + + op.add(SSO_CACHE_ADDR, Values.of("statistics-enabled", "true").and("mode", "SYNC")); + op.add(SSO_CACHE_ADDR.and("store", "remote"), + Values.ofList("remote-servers", "cache-server") + .and("cache", SSO_CACHE_NAME) + .and("passivation", false) + .and("purge", false) + .and("preload", false) + .and("shared", true) + ); + + op.add(Address.extension("org.keycloak.keycloak-saml-adapter-subsystem"), Values.of("module", "org.keycloak.keycloak-saml-adapter-subsystem")); + op.add(Address.subsystem("keycloak-saml")); + + clientWorkerNodeClient.execute("reload"); + + log.infov("Worker node ({0}) Prepared", managementPort); + } + +} diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly10/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly10BasicAuthExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly10/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly10BasicAuthExampleAdapterTest.java deleted file mode 100644 index f49dd19949d..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly10/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly10BasicAuthExampleAdapterTest.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * - * @author tkyjovsk - */ -@AppServerContainer("app-server-wildfly10") -public class Wildfly10BasicAuthExampleAdapterTest extends AbstractBasicAuthExampleAdapterTest { - -} diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly10/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly10DemoExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly10/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly10DemoExampleAdapterTest.java deleted file mode 100644 index 6117bfd86eb..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly10/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly10DemoExampleAdapterTest.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * - * @author tkyjovsk - */ -@AppServerContainer("app-server-wildfly10") -public class Wildfly10DemoExampleAdapterTest extends AbstractDemoExampleAdapterTest { - -} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly10/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly10SAMLExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly10/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly10SAMLExampleAdapterTest.java deleted file mode 100644 index d7a162c9278..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly10/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly10SAMLExampleAdapterTest.java +++ /dev/null @@ -1,11 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * @author mhajas - */ -@AppServerContainer("app-server-wildfly10") -public class Wildfly10SAMLExampleAdapterTest extends AbstractSAMLExampleAdapterTest { - -} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly8/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly8/pom.xml index ea362d4bbe4..d1cf8c05b93 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly8/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly8/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-wildfly8 diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly8/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly8BasicAuthExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly8/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly8BasicAuthExampleAdapterTest.java deleted file mode 100644 index dc4e7cc76c8..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly8/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly8BasicAuthExampleAdapterTest.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * - * @author tkyjovsk - */ -@AppServerContainer("app-server-wildfly8") -public class Wildfly8BasicAuthExampleAdapterTest extends AbstractBasicAuthExampleAdapterTest { - -} diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly8/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly8DemoExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly8/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly8DemoExampleAdapterTest.java deleted file mode 100644 index 8bb20d8b676..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly8/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly8DemoExampleAdapterTest.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * - * @author tkyjovsk - */ -@AppServerContainer("app-server-wildfly8") -public class Wildfly8DemoExampleAdapterTest extends AbstractDemoExampleAdapterTest { - -} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly9/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly9/pom.xml index af851f28399..22235f5cc83 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly9/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly9/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-jboss - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-wildfly9 diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly9/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly9BasicAuthExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly9/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly9BasicAuthExampleAdapterTest.java deleted file mode 100644 index 9d68c8a3830..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly9/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly9BasicAuthExampleAdapterTest.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * - * @author tkyjovsk - */ -@AppServerContainer("app-server-wildfly9") -public class Wildfly9BasicAuthExampleAdapterTest extends AbstractBasicAuthExampleAdapterTest { - -} diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly9/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly9DemoExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly9/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly9DemoExampleAdapterTest.java deleted file mode 100644 index 26ce953a62f..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly9/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly9DemoExampleAdapterTest.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * - * @author tkyjovsk - */ -@AppServerContainer("app-server-wildfly9") -public class Wildfly9DemoExampleAdapterTest extends AbstractDemoExampleAdapterTest { - -} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly9/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly9SAMLExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly9/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly9SAMLExampleAdapterTest.java deleted file mode 100644 index e5e5c27dab2..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly9/src/test/java/org/keycloak/testsuite/adapter/example/Wildfly9SAMLExampleAdapterTest.java +++ /dev/null @@ -1,11 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * @author mhajas - */ -@AppServerContainer("app-server-wildfly9") -public class Wildfly9SAMLExampleAdapterTest extends AbstractSAMLExampleAdapterTest { - -} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/karaf/fuse61/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/karaf/fuse61/pom.xml index a206f014cef..a4bc24ec32b 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/karaf/fuse61/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/karaf/fuse61/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-karaf - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-fuse61 diff --git a/testsuite/integration-arquillian/tests/other/adapters/karaf/fuse62/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/karaf/fuse62/pom.xml index 62e8607ffce..c51f88f79e0 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/karaf/fuse62/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/karaf/fuse62/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-karaf - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-fuse62 diff --git a/testsuite/integration-arquillian/tests/other/adapters/karaf/fuse63/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/karaf/fuse63/pom.xml index bd0e11efb00..b6369d883bf 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/karaf/fuse63/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/karaf/fuse63/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-karaf - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-fuse63 diff --git a/testsuite/integration-arquillian/tests/other/adapters/karaf/karaf3/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/karaf/karaf3/pom.xml index f86b72ca106..81b87d7b603 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/karaf/karaf3/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/karaf/karaf3/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-karaf - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-karaf3 diff --git a/testsuite/integration-arquillian/tests/other/adapters/karaf/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/karaf/pom.xml index 433e64212cf..3609ef12cdb 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/karaf/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/karaf/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-karaf diff --git a/testsuite/integration-arquillian/tests/other/adapters/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/pom.xml index 6cfc621f241..4267ae22163 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-other - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters @@ -68,6 +68,7 @@ 10399 + @@ -80,6 +81,7 @@ -Dmy.host.name=localhost -Djava.security.krb5.conf=${project.build.directory}/dependency/kerberos/test-krb5.conf -Dkie.maven.settings.custom=${settings.path} + -Dkie.maven.repo.local=${maven.repo.local} -Drepo.url=${repo.url} @@ -265,24 +267,6 @@ - - org.keycloak.example.demo - product-portal-example - ${project.version} - war - - - org.keycloak.example.demo - customer-portal-example - ${project.version} - war - - - org.keycloak.example.demo - database-service - ${project.version} - war - org.keycloak.testsuite integration-arquillian-test-apps-js-console @@ -295,48 +279,6 @@ ${project.version} war - - org.keycloak - examples-multitenant - ${project.version} - war - - - org.keycloak - examples-basicauth - ${project.version} - war - - - org.keycloak.example.demo - cors-angular-product-example - ${project.version} - war - - - org.keycloak.example.demo - cors-database-service - ${project.version} - war - - - org.keycloak - sales-post-sig - ${project.version} - war - - - org.keycloak - saml-post-encryption - ${project.version} - war - - - org.keycloak - saml-redirect-signatures - ${project.version} - war - org.keycloak.testsuite hello-world-authz-service diff --git a/testsuite/integration-arquillian/tests/other/adapters/tomcat/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/tomcat/pom.xml index d5fd8c875ee..6cdb4e980ac 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/tomcat/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/tomcat/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-tomcat diff --git a/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat7/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat7/pom.xml index 502985408e3..cccbddece44 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat7/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat7/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-tomcat - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-tomcat7 diff --git a/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat7/src/test/java/org/keycloak/testsuite/adapter/example/Tomcat7BasicAuthExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat7/src/test/java/org/keycloak/testsuite/adapter/example/Tomcat7BasicAuthExampleAdapterTest.java deleted file mode 100644 index cd1e26b6b45..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat7/src/test/java/org/keycloak/testsuite/adapter/example/Tomcat7BasicAuthExampleAdapterTest.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * - * @author tkyjovsk - */ -@AppServerContainer("app-server-tomcat7") -public class Tomcat7BasicAuthExampleAdapterTest extends AbstractBasicAuthExampleAdapterTest { - -} diff --git a/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat7/src/test/java/org/keycloak/testsuite/adapter/example/Tomcat7DemoExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat7/src/test/java/org/keycloak/testsuite/adapter/example/Tomcat7DemoExampleAdapterTest.java deleted file mode 100644 index cbfd42756eb..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat7/src/test/java/org/keycloak/testsuite/adapter/example/Tomcat7DemoExampleAdapterTest.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * - * @author tkyjovsk - */ -@AppServerContainer("app-server-tomcat7") -public class Tomcat7DemoExampleAdapterTest extends AbstractDemoExampleAdapterTest { - -} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat8/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat8/pom.xml index 32574f8e334..a14a838c24f 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat8/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat8/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-tomcat - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-tomcat8 diff --git a/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat8/src/test/java/org/keycloak/testsuite/adapter/example/Tomcat8BasicAuthExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat8/src/test/java/org/keycloak/testsuite/adapter/example/Tomcat8BasicAuthExampleAdapterTest.java deleted file mode 100644 index 175ed9ef1a9..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat8/src/test/java/org/keycloak/testsuite/adapter/example/Tomcat8BasicAuthExampleAdapterTest.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * - * @author tkyjovsk - */ -@AppServerContainer("app-server-tomcat8") -public class Tomcat8BasicAuthExampleAdapterTest extends AbstractBasicAuthExampleAdapterTest { - -} diff --git a/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat8/src/test/java/org/keycloak/testsuite/adapter/example/Tomcat8DemoExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat8/src/test/java/org/keycloak/testsuite/adapter/example/Tomcat8DemoExampleAdapterTest.java deleted file mode 100644 index ef3d06d0a42..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat8/src/test/java/org/keycloak/testsuite/adapter/example/Tomcat8DemoExampleAdapterTest.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * - * @author tkyjovsk - */ -@AppServerContainer("app-server-tomcat8") -public class Tomcat8DemoExampleAdapterTest extends AbstractDemoExampleAdapterTest { - -} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat9/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat9/pom.xml index c48763444cd..9928c0cacda 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat9/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat9/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-tomcat - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-tomcat9 diff --git a/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat9/src/test/java/org/keycloak/testsuite/adapter/example/Tomcat9BasicAuthExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat9/src/test/java/org/keycloak/testsuite/adapter/example/Tomcat9BasicAuthExampleAdapterTest.java deleted file mode 100644 index 221c0067611..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat9/src/test/java/org/keycloak/testsuite/adapter/example/Tomcat9BasicAuthExampleAdapterTest.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * - * @author tkyjovsk - */ -@AppServerContainer("app-server-tomcat9") -public class Tomcat9BasicAuthExampleAdapterTest extends AbstractBasicAuthExampleAdapterTest { - -} diff --git a/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat9/src/test/java/org/keycloak/testsuite/adapter/example/Tomcat9DemoExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat9/src/test/java/org/keycloak/testsuite/adapter/example/Tomcat9DemoExampleAdapterTest.java deleted file mode 100644 index 56ae537146d..00000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat9/src/test/java/org/keycloak/testsuite/adapter/example/Tomcat9DemoExampleAdapterTest.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.keycloak.testsuite.adapter.example; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; - -/** - * - * @author tkyjovsk - */ -@AppServerContainer("app-server-tomcat9") -public class Tomcat9DemoExampleAdapterTest extends AbstractDemoExampleAdapterTest { - -} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/was/README.md b/testsuite/integration-arquillian/tests/other/adapters/was/README.md index ae7afce9034..5f127fc9957 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/was/README.md +++ b/testsuite/integration-arquillian/tests/other/adapters/was/README.md @@ -13,7 +13,7 @@ ## How to run tests 1. start IBM WebSphere container with ibmjdk8 (tests expects that app-server runs on port 8280) -2. add the [repository](https://repository.jboss.org/nexus/content/repositories/jboss_releases_staging_profile-11801) to settings.xml +2. add the [repository](https://repository.jboss.org/nexus/content/repositories/jboss_releases_staging_profile-12222) to settings.xml 3. mvn -f keycloak/pom.xml -Pdistribution -DskipTests clean install 4. mvn -f keycloak/testsuite/integration-arquillian/pom.xml -Pauth-server-wildfly -DskipTests clean install 5. mvn -f keycloak/testsuite/integration-arquillian/tests/other/adapters/was/pom.xml -Pauth-server-wildfly,app-server-was clean install \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/was/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/was/pom.xml index c5b96a215ce..f869d2992c0 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/was/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/was/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-was diff --git a/testsuite/integration-arquillian/tests/other/adapters/was/was8/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/was/was8/pom.xml index ad138d389d2..98f7f687059 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/was/was8/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/was/was8/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-was - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-was8 diff --git a/testsuite/integration-arquillian/tests/other/adapters/wls/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/wls/pom.xml index 85e33bce937..e0d09e5921e 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/wls/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/wls/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-wls diff --git a/testsuite/integration-arquillian/tests/other/adapters/wls/wls12/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/wls/wls12/pom.xml index afade15a9a4..32b0b658d3f 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/wls/wls12/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/wls/wls12/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-wls - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-adapters-wls12 diff --git a/testsuite/integration-arquillian/tests/other/clean-start/pom.xml b/testsuite/integration-arquillian/tests/other/clean-start/pom.xml index 72eee786cd6..ef7f76038f5 100644 --- a/testsuite/integration-arquillian/tests/other/clean-start/pom.xml +++ b/testsuite/integration-arquillian/tests/other/clean-start/pom.xml @@ -23,7 +23,7 @@ org.keycloak.testsuite integration-arquillian-tests-other - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-smoke-clean-start diff --git a/testsuite/integration-arquillian/tests/other/console/pom.xml b/testsuite/integration-arquillian/tests/other/console/pom.xml index 003e24c9393..5a6f512fbee 100644 --- a/testsuite/integration-arquillian/tests/other/console/pom.xml +++ b/testsuite/integration-arquillian/tests/other/console/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-other - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-console @@ -33,6 +33,7 @@ ${auth.server.home}/themes + firefox|chrome|internetExplorer @@ -55,6 +56,27 @@ + + maven-enforcer-plugin + + + + enforce + + + + + browser + Browser property must be set! + ${supportedBrowsers} + Unsupported browser "${browser}"! Only the following are supported: ${supportedBrowsers} + + + true + + + + diff --git a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/authentication/PasswordPolicy.java b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/authentication/PasswordPolicy.java index 8f8073ca615..02ad49e0a7b 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/authentication/PasswordPolicy.java +++ b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/authentication/PasswordPolicy.java @@ -36,7 +36,7 @@ public class PasswordPolicy extends Authentication { addPolicySelect.selectByVisibleText(policy.getName()); if (value != null) {setPolicyValue(policy, value);} primaryButton.click(); - waitForPageToLoad(driver); + waitForPageToLoad(); } @@ -53,7 +53,7 @@ public class PasswordPolicy extends Authentication { if (primaryButton.isEnabled()) { primaryButton.click(); } - waitForPageToLoad(driver); + waitForPageToLoad(); } public void editPolicy(Type policy, int value) { @@ -65,7 +65,7 @@ public class PasswordPolicy extends Authentication { if (primaryButton.isEnabled()) { primaryButton.click(); } - waitForPageToLoad(driver); + waitForPageToLoad(); } private void setPolicyValue(Type policy, String value) { diff --git a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/authentication/RequiredActions.java b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/authentication/RequiredActions.java index 09f5f1cb48a..f9c4edebd1d 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/authentication/RequiredActions.java +++ b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/authentication/RequiredActions.java @@ -33,7 +33,7 @@ public class RequiredActions extends Authentication { WebElement checkbox = requiredActionTable.findElement(By.id(id)); - if (checkbox.isSelected() != value) { + if (checkbox.isEnabled() && checkbox.isSelected() != value) { checkbox.click(); } } diff --git a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/authentication/flows/Flows.java b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/authentication/flows/Flows.java index 262a834ea24..6e410add0f8 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/authentication/flows/Flows.java +++ b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/authentication/flows/Flows.java @@ -8,6 +8,8 @@ import org.openqa.selenium.support.ui.Select; import java.util.List; import java.util.stream.Collectors; +import static org.keycloak.testsuite.util.UIUtils.performOperationWithPageReload; + /** * @author tkyjovsk * @author mhajas @@ -61,7 +63,7 @@ public class Flows extends Authentication { } public void selectFlowOption(FlowOption option) { - flowSelect.selectByVisibleText(option.getName()); + performOperationWithPageReload(() -> flowSelect.selectByVisibleText(option.getName())); } public String getFlowSelectValue() { diff --git a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/Client.java b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/Client.java index 39999ba1041..619a06527b3 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/Client.java +++ b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/Client.java @@ -6,6 +6,8 @@ import org.openqa.selenium.WebElement; import org.openqa.selenium.support.FindBy; import static org.keycloak.testsuite.console.page.fragment.Breadcrumb.BREADCRUMB_XPATH; +import static org.keycloak.testsuite.util.UIUtils.clickLink; + import org.openqa.selenium.NoSuchElementException; /** @@ -44,7 +46,7 @@ public class Client extends Clients { private WebElement deleteIcon; public void delete() { - deleteIcon.click(); + clickLink(deleteIcon); modalDialog.confirmDeletion(); } @@ -80,35 +82,35 @@ public class Client extends Clients { private WebElement authorizationLink; public void settings() { - settingsLink.click(); + clickLink(settingsLink); } public void roles() { - rolesLink.click(); + clickLink(rolesLink); } public void mappers() { - mappersLink.click(); + clickLink(mappersLink); } public void scope() { - scopeLink.click(); + clickLink(scopeLink); } public void revocation() { - revocationLink.click(); + clickLink(revocationLink); } public void sessions() { - sessionsLink.click(); + clickLink(sessionsLink); } public void installation() { - installationLink.click(); + clickLink(installationLink); } public void authorization() { - authorizationLink.click(); + clickLink(authorizationLink); } public boolean isServiceAccountRolesDisplayed() { diff --git a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/Authorization.java b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/Authorization.java index 5510d7e631d..391e1e6006e 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/Authorization.java +++ b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/Authorization.java @@ -16,6 +16,7 @@ */ package org.keycloak.testsuite.console.page.clients.authorization; +import org.jboss.arquillian.drone.api.annotation.Drone; import org.jboss.arquillian.graphene.fragment.Root; import org.jboss.arquillian.graphene.page.Page; import org.keycloak.testsuite.console.page.clients.Client; @@ -23,9 +24,12 @@ import org.keycloak.testsuite.console.page.clients.authorization.permission.Perm import org.keycloak.testsuite.console.page.clients.authorization.policy.Policies; import org.keycloak.testsuite.console.page.clients.authorization.resource.Resources; import org.keycloak.testsuite.console.page.clients.authorization.scope.Scopes; +import org.openqa.selenium.WebDriver; import org.openqa.selenium.WebElement; import org.openqa.selenium.support.FindBy; +import static org.keycloak.testsuite.util.UIUtils.navigateToLink; + /** * * @author Pedro Igor @@ -97,6 +101,9 @@ public class Authorization extends Client { @Root private WebElement root; + @Drone + private WebDriver driver; + @FindBy(linkText = "Settings") private WebElement settingsLink; @@ -113,23 +120,28 @@ public class Authorization extends Client { private WebElement policiesLink; public void settings() { - settingsLink.click(); + //clickLink(settingsLink); + navigateToLink(settingsLink); // for some reason, GeckoDriver is currently having problems clicking on those tabs } public void resources() { - resourcesLink.click(); + //clickLink(resourcesLink); + navigateToLink(resourcesLink); } private void scopes() { - scopesLink.click(); + //clickLink(scopesLink); + navigateToLink(scopesLink); } private void permissions() { - permissionsLink.click(); + //clickLink(permissionsLink); + navigateToLink(permissionsLink); } private void policies() { - policiesLink.click(); + //clickLink(policiesLink); + navigateToLink(policiesLink); } } } diff --git a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/permission/Permissions.java b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/permission/Permissions.java index de9c13c3391..f861c852923 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/permission/Permissions.java +++ b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/permission/Permissions.java @@ -16,8 +16,6 @@ */ package org.keycloak.testsuite.console.page.clients.authorization.permission; -import static org.openqa.selenium.By.tagName; - import org.jboss.arquillian.graphene.page.Page; import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation; import org.keycloak.representations.idm.authorization.PolicyRepresentation; @@ -25,13 +23,15 @@ import org.keycloak.representations.idm.authorization.ResourcePermissionRepresen import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation; import org.keycloak.testsuite.console.page.clients.authorization.policy.PolicyTypeUI; import org.keycloak.testsuite.page.Form; -import org.keycloak.testsuite.util.URLUtils; import org.keycloak.testsuite.util.WaitUtils; import org.openqa.selenium.By; import org.openqa.selenium.WebElement; import org.openqa.selenium.support.FindBy; import org.openqa.selenium.support.ui.Select; +import static org.keycloak.testsuite.util.UIUtils.clickLink; +import static org.openqa.selenium.By.tagName; + /** * @author Pedro Igor */ @@ -73,8 +73,8 @@ public class Permissions extends Form { for (WebElement row : permissions().rows()) { PolicyRepresentation actual = permissions().toRepresentation(row); if (actual.getName().equalsIgnoreCase(name)) { - URLUtils.navigateToUri(driver, row.findElements(tagName("a")).get(0).getAttribute("href"), true); - WaitUtils.waitForPageToLoad(driver); + clickLink(row.findElements(tagName("a")).get(0)); + WaitUtils.waitForPageToLoad(); String type = representation.getType(); if ("resource".equals(type)) { @@ -92,8 +92,8 @@ public class Permissions extends Form { for (WebElement row : permissions().rows()) { PolicyRepresentation actual = permissions().toRepresentation(row); if (actual.getName().equalsIgnoreCase(name)) { - URLUtils.navigateToUri(driver, row.findElements(tagName("a")).get(0).getAttribute("href"), true); - WaitUtils.waitForPageToLoad(driver); + clickLink(row.findElements(tagName("a")).get(0)); + WaitUtils.waitForPageToLoad(); String type = actual.getType(); if ("resource".equals(type)) { return (P) resourcePermission; @@ -109,8 +109,8 @@ public class Permissions extends Form { for (WebElement row : permissions().rows()) { PolicyRepresentation actual = permissions().toRepresentation(row); if (actual.getName().equalsIgnoreCase(name)) { - URLUtils.navigateToUri(driver, row.findElements(tagName("a")).get(0).getAttribute("href"), true); - WaitUtils.waitForPageToLoad(driver); + clickLink(row.findElements(tagName("a")).get(0)); + WaitUtils.waitForPageToLoad(); String type = actual.getType(); diff --git a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/policy/GroupPolicyForm.java b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/policy/GroupPolicyForm.java index 389a214d578..d063f6cd8ec 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/policy/GroupPolicyForm.java +++ b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/policy/GroupPolicyForm.java @@ -16,6 +16,7 @@ */ package org.keycloak.testsuite.console.page.clients.authorization.policy; +import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement; import static org.openqa.selenium.By.tagName; import java.util.ArrayList; @@ -93,6 +94,7 @@ public class GroupPolicyForm extends Form { String groupName = path.substring(path.lastIndexOf('/') + 1); WebElement element = driver.findElement(By.xpath("//span[text()='" + groupName + "']")); element.click(); + waitUntilElement(selectGroupButton).is().enabled(); selectGroupButton.click(); driver.findElements(By.xpath("(//table[@id='selected-groups'])/tbody/tr")).stream() .filter(webElement -> webElement.findElements(tagName("td")).size() > 1) diff --git a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/policy/Policies.java b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/policy/Policies.java index a42e12e07ee..79c69578fd1 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/policy/Policies.java +++ b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/policy/Policies.java @@ -16,8 +16,6 @@ */ package org.keycloak.testsuite.console.page.clients.authorization.policy; -import static org.openqa.selenium.By.tagName; - import org.jboss.arquillian.graphene.page.Page; import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation; import org.keycloak.representations.idm.authorization.AggregatePolicyRepresentation; @@ -30,13 +28,15 @@ import org.keycloak.representations.idm.authorization.RulePolicyRepresentation; import org.keycloak.representations.idm.authorization.TimePolicyRepresentation; import org.keycloak.representations.idm.authorization.UserPolicyRepresentation; import org.keycloak.testsuite.page.Form; -import org.keycloak.testsuite.util.URLUtils; -import org.keycloak.testsuite.util.WaitUtils; import org.openqa.selenium.By; import org.openqa.selenium.WebElement; import org.openqa.selenium.support.FindBy; import org.openqa.selenium.support.ui.Select; +import static org.keycloak.testsuite.util.UIUtils.clickLink; +import static org.keycloak.testsuite.util.UIUtils.performOperationWithPageReload; +import static org.openqa.selenium.By.tagName; + /** * @author Pedro Igor */ @@ -79,7 +79,7 @@ public class Policies extends Form { public

    P create(AbstractPolicyRepresentation expected) { String type = expected.getType(); - createSelect.selectByValue(type); + performOperationWithPageReload(() -> createSelect.selectByValue(type)); if ("role".equals(type)) { rolePolicy.form().populate((RolePolicyRepresentation) expected); @@ -104,7 +104,6 @@ public class Policies extends Form { return (P) clientPolicy; } else if ("group".equals(type)) { groupPolicy.form().populate((GroupPolicyRepresentation) expected); - groupPolicy.form().save(); return (P) groupPolicy; } @@ -115,8 +114,7 @@ public class Policies extends Form { for (WebElement row : policies().rows()) { PolicyRepresentation actual = policies().toRepresentation(row); if (actual.getName().equalsIgnoreCase(name)) { - URLUtils.navigateToUri(driver, row.findElements(tagName("a")).get(0).getAttribute("href"), true); - WaitUtils.waitForPageToLoad(driver); + clickLink(row.findElements(tagName("a")).get(0)); String type = representation.getType(); if ("role".equals(type)) { @@ -146,7 +144,7 @@ public class Policies extends Form { for (WebElement row : policies().rows()) { PolicyRepresentation actual = policies().toRepresentation(row); if (actual.getName().equalsIgnoreCase(name)) { - URLUtils.navigateToUri(driver, row.findElements(tagName("a")).get(0).getAttribute("href"), true); + clickLink(row.findElements(tagName("a")).get(0)); String type = actual.getType(); if ("role".equals(type)) { return (P) rolePolicy; @@ -174,7 +172,7 @@ public class Policies extends Form { for (WebElement row : policies().rows()) { PolicyRepresentation actual = policies().toRepresentation(row); if (actual.getName().equalsIgnoreCase(name)) { - URLUtils.navigateToUri(driver, row.findElements(tagName("a")).get(0).getAttribute("href"), true); + clickLink(row.findElements(tagName("a")).get(0)); String type = actual.getType(); diff --git a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/policy/RulePolicyForm.java b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/policy/RulePolicyForm.java index 0ba43f14d6c..3b02288a433 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/policy/RulePolicyForm.java +++ b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/policy/RulePolicyForm.java @@ -77,7 +77,7 @@ public class RulePolicyForm extends Form { setInputValue(artifactVersion, expected.getArtifactVersion()); resolveModuleButton.click(); - WaitUtils.waitForPageToLoad(driver); + WaitUtils.waitForPageToLoad(); moduleName.selectByVisibleText(expected.getModuleName()); WaitUtils.pause(1000); diff --git a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/resource/Resources.java b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/resource/Resources.java index 199be95091e..d079ce69d87 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/resource/Resources.java +++ b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/resource/Resources.java @@ -16,17 +16,17 @@ */ package org.keycloak.testsuite.console.page.clients.authorization.resource; -import static org.openqa.selenium.By.tagName; - import org.jboss.arquillian.graphene.page.Page; import org.keycloak.representations.idm.authorization.ResourceRepresentation; import org.keycloak.testsuite.page.Form; -import org.keycloak.testsuite.util.URLUtils; import org.keycloak.testsuite.util.WaitUtils; import org.openqa.selenium.By; import org.openqa.selenium.WebElement; import org.openqa.selenium.support.FindBy; +import static org.keycloak.testsuite.util.UIUtils.clickLink; +import static org.openqa.selenium.By.tagName; + /** * @author Pedro Igor */ @@ -54,8 +54,8 @@ public class Resources extends Form { for (WebElement row : resources().rows()) { ResourceRepresentation actual = resources().toRepresentation(row); if (actual.getName().equalsIgnoreCase(name)) { - URLUtils.navigateToUri(driver, row.findElements(tagName("a")).get(0).getAttribute("href"), true); - WaitUtils.waitForPageToLoad(driver); + clickLink(row.findElements(tagName("a")).get(0)); + WaitUtils.waitForPageToLoad(); resource.form().populate(representation); return; } @@ -66,8 +66,8 @@ public class Resources extends Form { for (WebElement row : resources().rows()) { ResourceRepresentation actual = resources().toRepresentation(row); if (actual.getName().equalsIgnoreCase(name)) { - URLUtils.navigateToUri(driver, row.findElements(tagName("a")).get(0).getAttribute("href"), true); - WaitUtils.waitForPageToLoad(driver); + clickLink(row.findElements(tagName("a")).get(0)); + WaitUtils.waitForPageToLoad(); resource.form().delete(); return; } @@ -89,8 +89,8 @@ public class Resources extends Form { for (WebElement row : resources().rows()) { ResourceRepresentation actual = resources().toRepresentation(row); if (actual.getName().equalsIgnoreCase(name)) { - URLUtils.navigateToUri(driver, row.findElements(tagName("a")).get(0).getAttribute("href"), true); - WaitUtils.waitForPageToLoad(driver); + clickLink(row.findElements(tagName("a")).get(0)); + WaitUtils.waitForPageToLoad(); return resource; } } diff --git a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/scope/Scopes.java b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/scope/Scopes.java index 3974e35faed..7324996aa66 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/scope/Scopes.java +++ b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/authorization/scope/Scopes.java @@ -16,16 +16,16 @@ */ package org.keycloak.testsuite.console.page.clients.authorization.scope; -import static org.openqa.selenium.By.tagName; - import org.jboss.arquillian.graphene.page.Page; import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.testsuite.page.Form; -import org.keycloak.testsuite.util.URLUtils; import org.openqa.selenium.By; import org.openqa.selenium.WebElement; import org.openqa.selenium.support.FindBy; +import static org.keycloak.testsuite.util.UIUtils.clickLink; +import static org.openqa.selenium.By.tagName; + /** * @author Pedro Igor */ @@ -53,7 +53,7 @@ public class Scopes extends Form { for (WebElement row : scopes().rows()) { ScopeRepresentation actual = scopes().toRepresentation(row); if (actual.getName().equalsIgnoreCase(name)) { - URLUtils.navigateToUri(driver, row.findElements(tagName("a")).get(0).getAttribute("href"), true); + clickLink(row.findElements(tagName("a")).get(0)); scope.form().populate(representation); } } @@ -63,7 +63,7 @@ public class Scopes extends Form { for (WebElement row : scopes().rows()) { ScopeRepresentation actual = scopes().toRepresentation(row); if (actual.getName().equalsIgnoreCase(name)) { - URLUtils.navigateToUri(driver, row.findElements(tagName("a")).get(0).getAttribute("href"), true); + clickLink(row.findElements(tagName("a")).get(0)); scope.form().delete(); } } diff --git a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/credentials/ClientCredentialsForm.java b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/credentials/ClientCredentialsForm.java index 3ec2773e745..b29de62c0e4 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/credentials/ClientCredentialsForm.java +++ b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/credentials/ClientCredentialsForm.java @@ -57,18 +57,18 @@ public class ClientCredentialsForm extends Form { public void regenerateSecret() { waitUntilElement(regenerateSecretButton).is().visible(); regenerateSecretButton.click(); - waitForPageToLoad(driver); + waitForPageToLoad(); } public void regenerateRegistrationAccessToken() { waitUntilElement(regenerateRegistrationAccessTokenButton).is().visible(); regenerateRegistrationAccessTokenButton.click(); - waitForPageToLoad(driver); + waitForPageToLoad(); } public void generateNewKeysAndCert() { waitUntilElement(generateNewKeysAndCert).is().visible(); generateNewKeysAndCert.click(); - waitForPageToLoad(driver); + waitForPageToLoad(); } } diff --git a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/installation/ClientInstallationForm.java b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/installation/ClientInstallationForm.java index fbd415ab694..2458931d064 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/installation/ClientInstallationForm.java +++ b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/installation/ClientInstallationForm.java @@ -41,7 +41,7 @@ public class ClientInstallationForm extends Form { public void setConfigFormat(String value) { configFormatsSelect.selectByVisibleText(value); - WaitUtils.waitForPageToLoad(driver); + WaitUtils.waitForPageToLoad(); } public String getTextareaContent() { diff --git a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/mappers/CreateClientMappersForm.java b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/mappers/CreateClientMappersForm.java index a4b31079190..c43dfe0f52b 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/mappers/CreateClientMappersForm.java +++ b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/mappers/CreateClientMappersForm.java @@ -116,7 +116,7 @@ public class CreateClientMappersForm extends Form { } WaitUtils.pause(1000); selectRealmRoleButton.click(); - WaitUtils.waitForModalFadeOut(driver); + WaitUtils.waitForModalFadeOut(); } public void selectClientRole(String clientName, String roleName) { @@ -126,7 +126,7 @@ public class CreateClientMappersForm extends Form { } WaitUtils.pause(1000); selectClientRoleButton.click(); - WaitUtils.waitForModalFadeOut(driver); + WaitUtils.waitForModalFadeOut(); } } diff --git a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/users/Users.java b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/users/Users.java index 4232289415c..ca1fa9eb183 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/users/Users.java +++ b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/users/Users.java @@ -79,18 +79,18 @@ public class Users extends AdminConsoleRealm { } public void clickUser(String username) { - URLUtils.navigateToUri(driver, getRowByUsername(username).findElement(By.xpath("./td[position()=1]/a")).getAttribute("href"), true); - waitForPageToLoad(driver); + URLUtils.navigateToUri(getRowByUsername(username).findElement(By.xpath("./td[position()=1]/a")).getAttribute("href"), true); + waitForPageToLoad(); } public void editUser(String username) { clickRowActionButton(getRowByUsername(username), EDIT); - waitForPageToLoad(driver); + waitForPageToLoad(); } public void impersonateUser(String username) { clickRowActionButton(getRowByUsername(username), IMPERSONATE); - waitForPageToLoad(driver); + waitForPageToLoad(); } public void deleteUser(String username) { diff --git a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authentication/RequiredActionsTest.java b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authentication/RequiredActionsTest.java index b879e183226..d0c9068a5a9 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authentication/RequiredActionsTest.java +++ b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authentication/RequiredActionsTest.java @@ -22,10 +22,8 @@ import org.junit.Before; import org.junit.Test; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.testsuite.Assert; -import org.keycloak.testsuite.auth.page.AuthRealm; import org.keycloak.testsuite.auth.page.login.Registration; import org.keycloak.testsuite.console.AbstractConsoleTest; -import org.keycloak.testsuite.console.page.AdminConsoleRealm; import org.keycloak.testsuite.console.page.authentication.RequiredActions; import org.keycloak.testsuite.console.page.realm.LoginSettings; import org.openqa.selenium.By; diff --git a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/AbstractAuthorizationSettingsTest.java b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/AbstractAuthorizationSettingsTest.java index 276985e190a..de199f78340 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/AbstractAuthorizationSettingsTest.java +++ b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/AbstractAuthorizationSettingsTest.java @@ -22,7 +22,9 @@ import static org.keycloak.testsuite.auth.page.login.Login.OIDC; import org.jboss.arquillian.graphene.page.Page; import org.junit.Before; +import org.junit.BeforeClass; import org.keycloak.representations.idm.ClientRepresentation; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.console.clients.AbstractClientTest; import org.keycloak.testsuite.console.page.clients.authorization.Authorization; import org.keycloak.testsuite.console.page.clients.settings.ClientSettings; @@ -41,6 +43,11 @@ public abstract class AbstractAuthorizationSettingsTest extends AbstractClientTe protected ClientRepresentation newClient; + @BeforeClass + public static void enabled() { + ProfileAssume.assumePreview(); + } + @Before public void configureTest() { this.newClient = createResourceServer(); diff --git a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/events/LoginEventsTest.java b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/events/LoginEventsTest.java index 7a12f61a67e..24b7a083a56 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/events/LoginEventsTest.java +++ b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/events/LoginEventsTest.java @@ -62,7 +62,7 @@ public class LoginEventsTest extends AbstractConsoleTest { resultList.get(0).findElement(By.xpath("//td[text()='LOGIN']")); resultList.get(0).findElement(By.xpath("//td[text()='User']/../td[text()='" + testUser.getId() + "']")); resultList.get(0).findElement(By.xpath("//td[text()='Client']/../td[text()='security-admin-console']")); - resultList.get(0).findElement(By.xpath("//td[text()='IP Address']/../td[text()='127.0.0.1']")); + resultList.get(0).findElement(By.xpath("//td[text()='IP Address']/../td[text()='127.0.0.1' or text()='0:0:0:0:0:0:0:1']")); loginEventsPage.table().reset(); loginEventsPage.table().filterForm().addEventType("LOGOUT"); @@ -73,7 +73,7 @@ public class LoginEventsTest extends AbstractConsoleTest { assertEquals(1, resultList.size()); resultList.get(0).findElement(By.xpath("//td[text()='LOGOUT']")); resultList.get(0).findElement(By.xpath("//td[text()='User']/../td[text()='" + testUser.getId() + "']")); - resultList.get(0).findElement(By.xpath("//td[text()='IP Address']/../td[text()='127.0.0.1']")); + resultList.get(0).findElement(By.xpath("//td[text()='IP Address']/../td[text()='127.0.0.1' or text()='0:0:0:0:0:0:0:1']")); loginEventsPage.table().reset(); loginEventsPage.table().filterForm().addEventType("LOGIN_ERROR"); @@ -86,7 +86,7 @@ public class LoginEventsTest extends AbstractConsoleTest { resultList.get(0).findElement(By.xpath("//td[text()='User']/../td[text()='" + testUser.getId() + "']")); resultList.get(0).findElement(By.xpath("//td[text()='Client']/../td[text()='security-admin-console']")); resultList.get(0).findElement(By.xpath("//td[text()='Error']/../td[text()='invalid_user_credentials']")); - resultList.get(0).findElement(By.xpath("//td[text()='IP Address']/../td[text()='127.0.0.1']")); + resultList.get(0).findElement(By.xpath("//td[text()='IP Address']/../td[text()='127.0.0.1' or text()='0:0:0:0:0:0:0:1']")); } diff --git a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/realm/LoginSettingsTest.java b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/realm/LoginSettingsTest.java index 9495cdefea0..d92b493884d 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/realm/LoginSettingsTest.java +++ b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/realm/LoginSettingsTest.java @@ -42,6 +42,7 @@ import static org.keycloak.testsuite.admin.ApiUtil.createUserAndResetPasswordWit import static org.keycloak.testsuite.admin.Users.setPasswordFor; import static org.keycloak.testsuite.auth.page.AuthRealm.TEST; import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith; +import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWithLoginUrlOf; /** * @@ -136,15 +137,16 @@ public class LoginSettingsTest extends AbstractRealmTest { log.info("edit username"); testAccountPage.navigateTo(); testRealmLoginPage.form().login(testUser); - testAccountPage.waitForAccountLinkPresent(); + assertCurrentUrlStartsWith(testAccountPage); testAccountPage.setUsername(NEW_USERNAME); testAccountPage.save(); testAccountPage.signOut(); log.debug("edited"); log.info("log in with edited username"); + assertCurrentUrlStartsWithLoginUrlOf(testAccountPage); testRealmLoginPage.form().login(NEW_USERNAME, PASSWORD); - testAccountPage.waitForAccountLinkPresent(); + assertCurrentUrlStartsWith(testAccountPage); log.debug("user is logged in with edited username"); log.info("disabling edit username"); @@ -202,6 +204,7 @@ public class LoginSettingsTest extends AbstractRealmTest { testAccountPage.navigateTo(); testRealmLoginPage.form().rememberMe(true); testRealmLoginPage.form().login(testUser); + assertCurrentUrlStartsWith(testAccountPage); assertTrue("Cookie KEYCLOAK_REMEMBER_ME should be present.", getCookieNames().contains("KEYCLOAK_REMEMBER_ME")); @@ -265,7 +268,7 @@ public class LoginSettingsTest extends AbstractRealmTest { log.info("log in as new user"); testAccountPage.navigateTo(); testRealmLoginPage.form().login(newUser); - testAccountPage.waitForAccountLinkPresent(); + assertCurrentUrlStartsWith(testAccountPage); log.info("verified verify email is disabled"); diff --git a/testsuite/integration-arquillian/tests/other/jpa-performance/pom.xml b/testsuite/integration-arquillian/tests/other/jpa-performance/pom.xml index 75e4bc7a1c5..88cc797f531 100644 --- a/testsuite/integration-arquillian/tests/other/jpa-performance/pom.xml +++ b/testsuite/integration-arquillian/tests/other/jpa-performance/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-other - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-jpa-performance diff --git a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/pom.xml b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/pom.xml index 16e5394c24d..0eb06848357 100644 --- a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/pom.xml +++ b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-other - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-other-mod_auth_mellon diff --git a/testsuite/integration-arquillian/tests/other/nodejs_adapter/pom.xml b/testsuite/integration-arquillian/tests/other/nodejs_adapter/pom.xml index 828006c55bb..4819f4003a1 100644 --- a/testsuite/integration-arquillian/tests/other/nodejs_adapter/pom.xml +++ b/testsuite/integration-arquillian/tests/other/nodejs_adapter/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-other - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-nodejs-adapter diff --git a/testsuite/integration-arquillian/tests/other/nodejs_adapter/src/main/java/org/keycloak/testsuite/adapter/nodejs/page/NodejsExamplePage.java b/testsuite/integration-arquillian/tests/other/nodejs_adapter/src/main/java/org/keycloak/testsuite/adapter/nodejs/page/NodejsExamplePage.java index 0c223f429dd..0feb8ecc160 100644 --- a/testsuite/integration-arquillian/tests/other/nodejs_adapter/src/main/java/org/keycloak/testsuite/adapter/nodejs/page/NodejsExamplePage.java +++ b/testsuite/integration-arquillian/tests/other/nodejs_adapter/src/main/java/org/keycloak/testsuite/adapter/nodejs/page/NodejsExamplePage.java @@ -50,11 +50,11 @@ public class NodejsExamplePage extends AbstractNodejsExamplePage { public boolean isOnLoginSecuredPage() { UriBuilder uriBuilder = createUriBuilder().path("login"); - return URLUtils.currentUrlEqual(driver, uriBuilder.build().toASCIIString()); + return URLUtils.currentUrlEqual(uriBuilder.build().toASCIIString()); } @Override public boolean isCurrent() { - return URLUtils.currentUrlStartWith(driver, toString()); + return URLUtils.currentUrlStartWith(toString()); } } diff --git a/testsuite/integration-arquillian/tests/other/pom.xml b/testsuite/integration-arquillian/tests/other/pom.xml index f406421e96e..da03e0f3e1e 100644 --- a/testsuite/integration-arquillian/tests/other/pom.xml +++ b/testsuite/integration-arquillian/tests/other/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT integration-arquillian-tests-other diff --git a/testsuite/integration-arquillian/tests/other/server-config-migration/pom.xml b/testsuite/integration-arquillian/tests/other/server-config-migration/pom.xml index 428d254f147..81e5f2265ae 100644 --- a/testsuite/integration-arquillian/tests/other/server-config-migration/pom.xml +++ b/testsuite/integration-arquillian/tests/other/server-config-migration/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-other - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml diff --git a/testsuite/integration-arquillian/tests/other/springboot-tests/pom.xml b/testsuite/integration-arquillian/tests/other/springboot-tests/pom.xml index 90a997f344b..99982fb94bc 100644 --- a/testsuite/integration-arquillian/tests/other/springboot-tests/pom.xml +++ b/testsuite/integration-arquillian/tests/other/springboot-tests/pom.xml @@ -5,7 +5,7 @@ integration-arquillian-tests-other org.keycloak.testsuite - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/tests/other/sssd/pom.xml b/testsuite/integration-arquillian/tests/other/sssd/pom.xml index e3f0b789e62..8228537e460 100644 --- a/testsuite/integration-arquillian/tests/other/sssd/pom.xml +++ b/testsuite/integration-arquillian/tests/other/sssd/pom.xml @@ -5,7 +5,7 @@ integration-arquillian-tests-other org.keycloak.testsuite - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 diff --git a/testsuite/integration-arquillian/tests/pom.xml b/testsuite/integration-arquillian/tests/pom.xml index 324f7265e87..d56f3e1cabe 100755 --- a/testsuite/integration-arquillian/tests/pom.xml +++ b/testsuite/integration-arquillian/tests/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT pom @@ -90,12 +90,17 @@ + + ${project.build.directory}/examples htmlUnit + true chrome - /usr/bin/firefox --ignore-ssl-errors=true --web-security=false + /usr/bin/firefox + true + true true @@ -245,15 +250,21 @@ ${adapter.test.props} ${migration.import.properties} - + ${kie.maven.settings} + ${testsuite.constants} ${cli.log.output} ${test.intermittent} ${browser} ${htmlUnitBrowserVersion} + ${webdriverDownloadBinaries} + ${firefox_binary} ${phantomjs.cli.args} + ${chromeArguments} + + ${firefoxLegacyDriver} ${project.version} ${migration.project.version} @@ -313,6 +324,12 @@ org.jboss.arquillian.container arquillian-container-osgi 2.1.0.CR18 + + + com.google.guava + guava + + org.osgi @@ -986,9 +1003,18 @@ org.apache.commons commons-io + + com.google.guava + guava + + + org.apache.httpcomponents + httpclient + 4.5.3 + jfree jfreechart @@ -1067,6 +1093,12 @@ org.keycloak keycloak-dependencies-server-all pom + + + com.google.guava + guava + + @@ -1184,6 +1216,18 @@ + + + + + + org.seleniumhq.selenium + htmlunit-driver + 2.27 + + + + @@ -1215,6 +1259,25 @@ + + + kie.maven.settings + + + repo.url + + + + ${user.home}/.m2/repository + ${user.home}/.m2/settings.xml + + -Dkie.maven.settings.custom=${settings.path} + -Dkie.maven.repo.local=${maven.repo.local} + -Drepo.url=${repo.url} + + + + diff --git a/testsuite/integration/pom.xml b/testsuite/integration-deprecated/pom.xml similarity index 89% rename from testsuite/integration/pom.xml rename to testsuite/integration-deprecated/pom.xml index 25b8036ba8e..83ea636238f 100755 --- a/testsuite/integration/pom.xml +++ b/testsuite/integration-deprecated/pom.xml @@ -21,13 +21,13 @@ keycloak-testsuite-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 - keycloak-testsuite-integration - Keycloak Integration TestSuite - + keycloak-testsuite-integration-deprecated + Keycloak Integration TestSuite - deprecated + This testsuite is deprecated. Use testsuite/integration-arquillian instead 1.8 @@ -162,6 +162,10 @@ org.keycloak user-storage-properties-example + + org.keycloak + keycloak-testsuite-utils + @@ -330,51 +334,6 @@ - - keycloak-server - - - - org.codehaus.mojo - exec-maven-plugin - - org.keycloak.testsuite.KeycloakServer - test - - - - - - - mail-server - - - - org.codehaus.mojo - exec-maven-plugin - - org.keycloak.testsuite.MailServer - test - - - - - - - totp - - - - org.codehaus.mojo - exec-maven-plugin - - org.keycloak.testsuite.TotpGenerator - test - - - - - ldap diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/ApiUtil.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/ApiUtil.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/ApiUtil.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/ApiUtil.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/ApplicationServlet.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/ApplicationServlet.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/ApplicationServlet.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/ApplicationServlet.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/AssertEvents.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/AssertEvents.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/AssertEvents.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/AssertEvents.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/Constants.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/Constants.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/Constants.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/Constants.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/MailUtil.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/MailUtil.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/MailUtil.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/MailUtil.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/OAuthClient.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/OAuthClient.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/Retry.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/Retry.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/Retry.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/Retry.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTestStrategy.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/AdapterTestStrategy.java similarity index 98% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTestStrategy.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/AdapterTestStrategy.java index e0068205490..98215f7bfbb 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTestStrategy.java +++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/AdapterTestStrategy.java @@ -126,6 +126,14 @@ public class AdapterTestStrategy extends ExternalResource { protected void after() { super.after(); webRule.after(); + + // Revert notBefore + KeycloakSession session = keycloakRule.startSession(); + RealmModel realm = session.realms().getRealmByName("demo"); + UserModel user = session.users().getUserByUsername("bburke@redhat.com", realm); + session.users().setNotBeforeForUser(realm, user, 0); + session.getTransactionManager().commit(); + session.close(); } public void testSavedPostRequest() throws Exception { diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CallAuthenticatedServlet.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/CallAuthenticatedServlet.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CallAuthenticatedServlet.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/CallAuthenticatedServlet.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CookieTokenStoreAdapterTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/CookieTokenStoreAdapterTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CookieTokenStoreAdapterTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/CookieTokenStoreAdapterTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CustomerDatabaseServlet.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/CustomerDatabaseServlet.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CustomerDatabaseServlet.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/CustomerDatabaseServlet.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CustomerServlet.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/CustomerServlet.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CustomerServlet.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/CustomerServlet.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/FilterAdapterTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/FilterAdapterTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/FilterAdapterTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/FilterAdapterTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/InputPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/InputPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/InputPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/InputPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/InputServlet.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/InputServlet.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/InputServlet.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/InputServlet.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/MultiTenancyTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/MultiTenancyTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/MultiTenancyTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/MultiTenancyTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/MultiTenantResolver.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/MultiTenantResolver.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/MultiTenantResolver.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/MultiTenantResolver.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/MultiTenantServlet.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/MultiTenantServlet.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/MultiTenantServlet.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/MultiTenantServlet.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/ProductServlet.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/ProductServlet.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/ProductServlet.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/ProductServlet.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/SessionServlet.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/SessionServlet.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/SessionServlet.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adapter/SessionServlet.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adduser/AddUserTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adduser/AddUserTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/adduser/AddUserTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/adduser/AddUserTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/AbstractAuthorizationTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/AbstractAuthorizationTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/AbstractAuthorizationTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/AbstractAuthorizationTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/AbstractPhotozAdminTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/AbstractPhotozAdminTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/AbstractPhotozAdminTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/AbstractPhotozAdminTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/AttributeTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/AttributeTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/AttributeTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/AttributeTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/AuthorizationClientTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/AuthorizationClientTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/AuthorizationClientTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/AuthorizationClientTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/KeycloakAuthorizationServerRule.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/KeycloakAuthorizationServerRule.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/KeycloakAuthorizationServerRule.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/KeycloakAuthorizationServerRule.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourceManagementTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/ResourceManagementTest.java similarity index 98% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourceManagementTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/ResourceManagementTest.java index 4a4fc9a4ad6..b9a75a42c4c 100644 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourceManagementTest.java +++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/ResourceManagementTest.java @@ -61,7 +61,6 @@ public class ResourceManagementTest extends AbstractPhotozAdminTest { assertEquals("Resource Type", resourceModel.getType()); assertEquals("Resource Icon URI", resourceModel.getIconUri()); assertEquals("Resource URI", resourceModel.getUri()); - assertEquals(resourceServer.getClientId(), resourceModel.getOwner()); assertEquals(resourceServer.getId(), resourceModel.getResourceServer().getId()); }); } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ScopeManagementTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/ScopeManagementTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ScopeManagementTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/ScopeManagementTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractFirstBrokerLoginTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractFirstBrokerLoginTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractFirstBrokerLoginTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractFirstBrokerLoginTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderModelTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderModelTest.java similarity index 94% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderModelTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderModelTest.java index cebe067acfd..d84c80a0699 100644 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderModelTest.java +++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderModelTest.java @@ -21,6 +21,7 @@ import org.keycloak.broker.oidc.OIDCIdentityProviderFactory; import org.keycloak.broker.saml.SAMLIdentityProviderFactory; import org.keycloak.social.facebook.FacebookIdentityProviderFactory; import org.keycloak.social.github.GitHubIdentityProviderFactory; +import org.keycloak.social.paypal.PayPalIdentityProviderFactory; import org.keycloak.social.google.GoogleIdentityProviderFactory; import org.keycloak.social.linkedin.LinkedInIdentityProviderFactory; import org.keycloak.social.stackoverflow.StackoverflowIdentityProviderFactory; @@ -47,6 +48,7 @@ public abstract class AbstractIdentityProviderModelTest extends AbstractModelTes this.expectedProviders.add(GoogleIdentityProviderFactory.PROVIDER_ID); this.expectedProviders.add(FacebookIdentityProviderFactory.PROVIDER_ID); this.expectedProviders.add(GitHubIdentityProviderFactory.PROVIDER_ID); + this.expectedProviders.add(PayPalIdentityProviderFactory.PROVIDER_ID); this.expectedProviders.add(TwitterIdentityProviderFactory.PROVIDER_ID); this.expectedProviders.add(LinkedInIdentityProviderFactory.PROVIDER_ID); this.expectedProviders.add(StackoverflowIdentityProviderFactory.PROVIDER_ID); diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractKeycloakIdentityProviderTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractKeycloakIdentityProviderTest.java similarity index 98% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractKeycloakIdentityProviderTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractKeycloakIdentityProviderTest.java index 781714aa76e..08310539119 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractKeycloakIdentityProviderTest.java +++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractKeycloakIdentityProviderTest.java @@ -48,11 +48,9 @@ import java.io.IOException; import java.net.URI; import java.util.Set; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; +import static org.hamcrest.Matchers.is; +import static org.hamcrest.Matchers.startsWith; +import static org.junit.Assert.*; /** * @author pedroigor @@ -470,19 +468,19 @@ public abstract class AbstractKeycloakIdentityProviderTest extends AbstractIdent // Login as pedroigor to account management accountFederatedIdentityPage.realm("realm-with-broker"); accountFederatedIdentityPage.open(); - assertTrue(driver.getTitle().equals("Log in to realm-with-broker")); + assertThat(driver.getTitle(), is("Log in to realm-with-broker")); loginPage.login("pedroigor", "password"); - assertTrue(accountFederatedIdentityPage.isCurrent()); + accountFederatedIdentityPage.assertCurrent(); // Try to link my "pedroigor" identity with "test-user" from brokered Keycloak. accountFederatedIdentityPage.clickAddProvider(identityProvider.getAlias()); - assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8082/auth/")); + assertThat(this.driver.getCurrentUrl(), startsWith("http://localhost:8082/auth/")); this.loginPage.login("test-user", "password"); doAfterProviderAuthentication(); // Error is displayed in account management because federated identity"test-user" already linked to local account "test-user" - assertTrue(accountFederatedIdentityPage.isCurrent()); + accountFederatedIdentityPage.assertCurrent(); assertEquals("Federated identity returned by " + getProviderId() + " is already linked to another user.", accountFederatedIdentityPage.getError()); } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/BrokerKeyCloakRule.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/BrokerKeyCloakRule.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/BrokerKeyCloakRule.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/BrokerKeyCloakRule.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/IdentityProviderHintTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/IdentityProviderHintTest.java similarity index 79% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/IdentityProviderHintTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/IdentityProviderHintTest.java index 05d1afa1165..a58b82f257a 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/IdentityProviderHintTest.java +++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/IdentityProviderHintTest.java @@ -95,6 +95,29 @@ public class IdentityProviderHintTest { assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8082/auth/")); } + + // KEYCLOAK-5260 + @Test + public void testSuccessfulRedirectToProviderAfterLoginPageShown() { + this.driver.navigate().to("http://localhost:8081/test-app"); + String loginPageUrl = driver.getCurrentUrl(); + assertTrue(loginPageUrl.startsWith("http://localhost:8081/auth/")); + + // Manually add "kc_idp_hint" to URL . Should redirect to provider + loginPageUrl = loginPageUrl + "&kc_idp_hint=kc-oidc-idp-hidden"; + this.driver.navigate().to(loginPageUrl); + assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8082/auth/")); + + // Redirect from the app with the "kc_idp_hint". Should redirect to provider + this.driver.navigate().to("http://localhost:8081/test-app?kc_idp_hint=kc-oidc-idp-hidden"); + assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8082/auth/")); + + // Now redirect should't happen + this.driver.navigate().to("http://localhost:8081/test-app"); + assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/")); + } + + @Test public void testInvalidIdentityProviderHint() { this.driver.navigate().to("http://localhost:8081/test-app?kc_idp_hint=invalid-idp-id"); diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/IdentityProviderRegistrationTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/IdentityProviderRegistrationTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/IdentityProviderRegistrationTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/IdentityProviderRegistrationTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java similarity index 91% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java index 8d70f077fc0..fcacc36d8f6 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java +++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java @@ -33,6 +33,9 @@ import org.keycloak.social.facebook.FacebookIdentityProvider; import org.keycloak.social.facebook.FacebookIdentityProviderFactory; import org.keycloak.social.github.GitHubIdentityProvider; import org.keycloak.social.github.GitHubIdentityProviderFactory; +import org.keycloak.social.paypal.PayPalIdentityProvider; +import org.keycloak.social.paypal.PayPalIdentityProviderFactory; +import org.keycloak.social.paypal.PayPalIdentityProviderConfig; import org.keycloak.social.google.GoogleIdentityProvider; import org.keycloak.social.google.GoogleIdentityProviderFactory; import org.keycloak.social.linkedin.LinkedInIdentityProvider; @@ -143,6 +146,8 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes assertFacebookIdentityProviderConfig(realm, identityProvider); } else if (GitHubIdentityProviderFactory.PROVIDER_ID.equals(providerId)) { assertGitHubIdentityProviderConfig(realm, identityProvider); + } else if (PayPalIdentityProviderFactory.PROVIDER_ID.equals(providerId)) { + assertPayPalIdentityProviderConfig(realm, identityProvider); } else if (TwitterIdentityProviderFactory.PROVIDER_ID.equals(providerId)) { assertTwitterIdentityProviderConfig(identityProvider); } else if (LinkedInIdentityProviderFactory.PROVIDER_ID.equals(providerId)) { @@ -253,6 +258,26 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes assertEquals(GitHubIdentityProvider.PROFILE_URL, config.getUserInfoUrl()); } + private void assertPayPalIdentityProviderConfig(RealmModel realm, IdentityProviderModel identityProvider) { + PayPalIdentityProvider payPalIdentityProvider = new PayPalIdentityProviderFactory().create(session, identityProvider); + PayPalIdentityProviderConfig config = payPalIdentityProvider.getConfig(); + + assertEquals("model-paypal", config.getAlias()); + assertEquals(PayPalIdentityProviderFactory.PROVIDER_ID, config.getProviderId()); + assertEquals(true, config.isEnabled()); + assertEquals(false, config.isTrustEmail()); + assertEquals(false, config.isAuthenticateByDefault()); + assertEquals(false, config.isStoreToken()); + assertEquals("clientId", config.getClientId()); + assertEquals("clientSecret", config.getClientSecret()); + assertEquals(false, config.targetSandbox()); + assertEquals(realm.getFlowByAlias(DefaultAuthenticationFlows.FIRST_BROKER_LOGIN_FLOW).getId(), identityProvider.getFirstBrokerLoginFlowId()); + assertEquals(realm.getBrowserFlow().getId(), identityProvider.getPostBrokerLoginFlowId()); + assertEquals(PayPalIdentityProvider.AUTH_URL, config.getAuthorizationUrl()); + assertEquals(PayPalIdentityProvider.BASE_URL + PayPalIdentityProvider.TOKEN_RESOURCE, config.getTokenUrl()); + assertEquals(PayPalIdentityProvider.BASE_URL + PayPalIdentityProvider.PROFILE_RESOURCE, config.getUserInfoUrl()); + } + private void assertLinkedInIdentityProviderConfig(IdentityProviderModel identityProvider) { LinkedInIdentityProvider liIdentityProvider = new LinkedInIdentityProviderFactory().create(session, identityProvider); OAuth2IdentityProviderConfig config = liIdentityProvider.getConfig(); diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCBrokerUserPropertyTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/OIDCBrokerUserPropertyTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCBrokerUserPropertyTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/OIDCBrokerUserPropertyTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCFirstBrokerLoginTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/OIDCFirstBrokerLoginTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCFirstBrokerLoginTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/OIDCFirstBrokerLoginTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCKeyCloakServerBrokerBasicTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/OIDCKeyCloakServerBrokerBasicTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCKeyCloakServerBrokerBasicTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/OIDCKeyCloakServerBrokerBasicTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCKeycloakServerBrokerWithConsentTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/OIDCKeycloakServerBrokerWithConsentTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCKeycloakServerBrokerWithConsentTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/OIDCKeycloakServerBrokerWithConsentTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/PostBrokerFlowTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/PostBrokerFlowTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/PostBrokerFlowTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/PostBrokerFlowTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLBrokerUserPropertyTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/SAMLBrokerUserPropertyTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLBrokerUserPropertyTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/SAMLBrokerUserPropertyTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLFirstBrokerLoginTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/SAMLFirstBrokerLoginTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLFirstBrokerLoginTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/SAMLFirstBrokerLoginTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/provider/CustomIdentityProvider.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/provider/CustomIdentityProvider.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/provider/CustomIdentityProvider.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/provider/CustomIdentityProvider.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/provider/CustomIdentityProviderFactory.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/provider/CustomIdentityProviderFactory.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/provider/CustomIdentityProviderFactory.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/provider/CustomIdentityProviderFactory.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/provider/social/CustomSocialProvider.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/provider/social/CustomSocialProvider.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/provider/social/CustomSocialProvider.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/provider/social/CustomSocialProvider.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/provider/social/CustomSocialProviderFactory.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/provider/social/CustomSocialProviderFactory.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/provider/social/CustomSocialProviderFactory.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/provider/social/CustomSocialProviderFactory.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/util/UserSessionStatusServlet.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/util/UserSessionStatusServlet.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/broker/util/UserSessionStatusServlet.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/util/UserSessionStatusServlet.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPTestConfiguration.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPTestConfiguration.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPTestConfiguration.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPTestConfiguration.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/BrokenUserStorageTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/BrokenUserStorageTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/BrokenUserStorageTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/BrokenUserStorageTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java similarity index 97% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java index 8a1bf5dbeb7..a1e44113590 100644 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java +++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java @@ -137,7 +137,7 @@ public class FederatedStorageExportImportTest { Assert.assertEquals(1, session.userFederatedStorage().getStoredUsersCount(realm)); MultivaluedHashMap attributes = session.userFederatedStorage().getAttributes(realm, userId); - Assert.assertEquals(2, attributes.size()); + Assert.assertEquals(3, attributes.size()); Assert.assertEquals("value1", attributes.getFirst("single1")); Assert.assertTrue(attributes.getList("list1").contains("1")); Assert.assertTrue(attributes.getList("list1").contains("2")); @@ -174,6 +174,7 @@ public class FederatedStorageExportImportTest { session.userFederatedStorage().createCredential(realm, userId, credential); session.userFederatedStorage().grantRole(realm, userId, role); session.userFederatedStorage().joinGroup(realm, userId, group); + session.userFederatedStorage().setNotBeforeForUser(realm, userId, 50); keycloakRule.stopSession(session, true); @@ -203,13 +204,14 @@ public class FederatedStorageExportImportTest { Assert.assertEquals(1, session.userFederatedStorage().getStoredUsersCount(realm)); MultivaluedHashMap attributes = session.userFederatedStorage().getAttributes(realm, userId); - Assert.assertEquals(2, attributes.size()); + Assert.assertEquals(3, attributes.size()); Assert.assertEquals("value1", attributes.getFirst("single1")); Assert.assertTrue(attributes.getList("list1").contains("1")); Assert.assertTrue(attributes.getList("list1").contains("2")); Assert.assertTrue(session.userFederatedStorage().getRequiredActions(realm, userId).contains("UPDATE_PASSWORD")); Assert.assertTrue(session.userFederatedStorage().getRoleMappings(realm, userId).contains(role)); Assert.assertTrue(session.userFederatedStorage().getGroups(realm, userId).contains(group)); + Assert.assertEquals(50, session.userFederatedStorage().getNotBeforeOfUser(realm, userId)); List creds = session.userFederatedStorage().getStoredCredentials(realm, userId); Assert.assertEquals(1, creds.size()); Assert.assertTrue(getHashProvider(session, realm.getPasswordPolicy()).verify("password", creds.get(0))); diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/UserMapStorage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/UserMapStorage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/UserMapStorage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/UserMapStorage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/UserMapStorageFactory.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/UserMapStorageFactory.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/UserMapStorageFactory.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/UserMapStorageFactory.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/UserPropertyFileStorage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/UserPropertyFileStorage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/UserPropertyFileStorage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/UserPropertyFileStorage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/UserPropertyFileStorageFactory.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/UserPropertyFileStorageFactory.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/UserPropertyFileStorageFactory.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/UserPropertyFileStorageFactory.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPBinaryAttributesTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPBinaryAttributesTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPBinaryAttributesTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPBinaryAttributesTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPExampleServlet.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPExampleServlet.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPExampleServlet.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPExampleServlet.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapper2WaySyncTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapper2WaySyncTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapper2WaySyncTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapper2WaySyncTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperSyncTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperSyncTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperSyncTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperSyncTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPLegacyImportTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPLegacyImportTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPLegacyImportTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPLegacyImportTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMSADFullNameTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMSADFullNameTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMSADFullNameTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMSADFullNameTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMSADMapperTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMSADMapperTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMSADMapperTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMSADMapperTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMultipleAttributesTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMultipleAttributesTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMultipleAttributesTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMultipleAttributesTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPNoMSADTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPNoMSADTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPNoMSADTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPNoMSADTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPProvidersIntegrationTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPProvidersIntegrationTest.java similarity index 95% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPProvidersIntegrationTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPProvidersIntegrationTest.java index a9546ed0ecd..f9a95d1747f 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPProvidersIntegrationTest.java +++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPProvidersIntegrationTest.java @@ -17,6 +17,14 @@ package org.keycloak.testsuite.federation.storage.ldap; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.MASTER; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.keycloak.models.AdminRoles.ADMIN; +import static org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT; + +import java.util.List; + import org.jboss.logging.Logger; import org.junit.Assert; import org.junit.Before; @@ -33,13 +41,6 @@ import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.component.ComponentModel; import org.keycloak.credential.CredentialModel; import org.keycloak.models.Constants; -import org.keycloak.storage.ReadOnlyException; -import org.keycloak.storage.UserStorageProvider; -import org.keycloak.storage.UserStorageProviderModel; -import org.keycloak.storage.ldap.LDAPConfig; -import org.keycloak.storage.ldap.LDAPStorageProvider; -import org.keycloak.storage.ldap.LDAPStorageProviderFactory; -import org.keycloak.storage.ldap.idm.model.LDAPObject; import org.keycloak.models.KeycloakSession; import org.keycloak.models.LDAPConstants; import org.keycloak.models.ModelException; @@ -50,6 +51,13 @@ import org.keycloak.models.UserModel; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.representations.AccessToken; import org.keycloak.services.managers.RealmManager; +import org.keycloak.storage.ReadOnlyException; +import org.keycloak.storage.UserStorageProvider; +import org.keycloak.storage.UserStorageProviderModel; +import org.keycloak.storage.ldap.LDAPConfig; +import org.keycloak.storage.ldap.LDAPStorageProvider; +import org.keycloak.storage.ldap.LDAPStorageProviderFactory; +import org.keycloak.storage.ldap.idm.model.LDAPObject; import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapper; import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapperFactory; import org.keycloak.storage.ldap.mappers.HardcodedLDAPAttributeMapper; @@ -71,13 +79,6 @@ import org.keycloak.testsuite.rule.WebResource; import org.keycloak.testsuite.rule.WebRule; import org.openqa.selenium.WebDriver; -import java.util.List; - -import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.MASTER; -import static org.junit.Assert.assertEquals; -import static org.keycloak.models.AdminRoles.ADMIN; -import static org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT; - /** * @author Marek Posolda */ @@ -1088,5 +1089,46 @@ public class LDAPProvidersIntegrationTest { keycloakRule.stopSession(session, false); } } + + + @Test + public void testSearchByAttributes() { + KeycloakSession session = keycloakRule.startSession(); + final String ATTRIBUTE = "postal_code"; + final String ATTRIBUTE_VALUE = "80330340"; + try { + RealmModel appRealm = session.realms().getRealmByName("test"); + LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + + LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "username8", "John8", "Doel8", "user8@email.org", null, ATTRIBUTE_VALUE); + LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "username9", "John9", "Doel9", "user9@email.org", null, ATTRIBUTE_VALUE); + LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "username10", "John10", "Doel10", "user10@email.org", null, "1210"); + + // Users are not at local store at this moment + Assert.assertNull(session.userLocalStorage().getUserByUsername("username8", appRealm)); + Assert.assertNull(session.userLocalStorage().getUserByUsername("username9", appRealm)); + Assert.assertNull(session.userLocalStorage().getUserByUsername("username10", appRealm)); + + // search for user by attribute + List users = ldapProvider.searchForUserByUserAttribute(ATTRIBUTE, ATTRIBUTE_VALUE, appRealm); + assertEquals(2, users.size()); + assertNotNull(users.get(0).getAttribute(ATTRIBUTE)); + assertEquals(1, users.get(0).getAttribute(ATTRIBUTE).size()); + assertEquals(ATTRIBUTE_VALUE, users.get(0).getAttribute(ATTRIBUTE).get(0)); + + assertNotNull(users.get(1).getAttribute(ATTRIBUTE)); + assertEquals(1, users.get(1).getAttribute(ATTRIBUTE).size()); + assertEquals(ATTRIBUTE_VALUE, users.get(1).getAttribute(ATTRIBUTE).get(0)); + + // user are now imported to local store + LDAPTestUtils.assertUserImported(session.userLocalStorage(), appRealm, "username8", "John8", "Doel8", "user8@email.org", ATTRIBUTE_VALUE); + LDAPTestUtils.assertUserImported(session.userLocalStorage(), appRealm, "username9", "John9", "Doel9", "user9@email.org", ATTRIBUTE_VALUE); + // but the one not looked up is not + Assert.assertNull(session.userLocalStorage().getUserByUsername("username10", appRealm)); + + } finally { + keycloakRule.stopSession(session, true); + } + } } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPRoleMappingsTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPRoleMappingsTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPRoleMappingsTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPRoleMappingsTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPSpecialCharsTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPSpecialCharsTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPSpecialCharsTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPSpecialCharsTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPSyncTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPSyncTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPSyncTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPSyncTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPTestUtils.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPTestUtils.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPTestUtils.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPTestUtils.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPGroupMapperNoImportTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPGroupMapperNoImportTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPGroupMapperNoImportTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPGroupMapperNoImportTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPMultipleAttributesNoImportTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPMultipleAttributesNoImportTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPMultipleAttributesNoImportTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPMultipleAttributesNoImportTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPProvidersIntegrationNoImportTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPProvidersIntegrationNoImportTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPProvidersIntegrationNoImportTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPProvidersIntegrationNoImportTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPRoleMappingsNoImportTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPRoleMappingsNoImportTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPRoleMappingsNoImportTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPRoleMappingsNoImportTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/sync/SyncDummyUserFederationProviderFactory.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/sync/SyncDummyUserFederationProviderFactory.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/sync/SyncDummyUserFederationProviderFactory.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/sync/SyncDummyUserFederationProviderFactory.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/sync/SyncFederationTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/sync/SyncFederationTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/federation/sync/SyncFederationTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/sync/SyncFederationTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/jaxrs/JaxrsBasicAuthTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/jaxrs/JaxrsBasicAuthTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/jaxrs/JaxrsBasicAuthTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/jaxrs/JaxrsBasicAuthTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/jaxrs/JaxrsFilterTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/jaxrs/JaxrsFilterTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/jaxrs/JaxrsFilterTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/jaxrs/JaxrsFilterTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/jaxrs/JaxrsTestApplication.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/jaxrs/JaxrsTestApplication.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/jaxrs/JaxrsTestApplication.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/jaxrs/JaxrsTestApplication.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/jaxrs/JaxrsTestResource.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/jaxrs/JaxrsTestResource.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/jaxrs/JaxrsTestResource.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/jaxrs/JaxrsTestResource.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/InputPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/keycloaksaml/InputPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/InputPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/keycloaksaml/InputPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/InputServlet.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/keycloaksaml/InputServlet.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/InputServlet.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/keycloaksaml/InputServlet.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlAdapterTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlAdapterTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlAdapterTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlAdapterTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlAdapterTestStrategy.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlAdapterTestStrategy.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlAdapterTestStrategy.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlAdapterTestStrategy.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlKeycloakRule.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlKeycloakRule.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlKeycloakRule.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlKeycloakRule.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlSPFacade.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlSPFacade.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlSPFacade.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlSPFacade.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SendUsernameServlet.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/keycloaksaml/SendUsernameServlet.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SendUsernameServlet.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/keycloaksaml/SendUsernameServlet.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AbstractModelTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/AbstractModelTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/model/AbstractModelTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/AbstractModelTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AuthenticationSessionProviderTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/AuthenticationSessionProviderTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/model/AuthenticationSessionProviderTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/AuthenticationSessionProviderTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/CacheTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/CacheTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/model/CacheTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/CacheTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/ClientModelTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/ClientModelTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/model/ClientModelTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/ClientModelTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/ClusterInvalidationTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/ClusterInvalidationTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/model/ClusterInvalidationTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/ClusterInvalidationTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/ClusterSessionCleanerTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/ClusterSessionCleanerTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/model/ClusterSessionCleanerTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/ClusterSessionCleanerTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/CompositeRolesModelTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/CompositeRolesModelTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/model/CompositeRolesModelTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/CompositeRolesModelTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/ConcurrentTransactionsTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/ConcurrentTransactionsTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/model/ConcurrentTransactionsTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/ConcurrentTransactionsTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/DBLockTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/DBLockTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/model/DBLockTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/DBLockTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/ImportTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/ImportTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/model/ImportTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/ImportTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/MigrationVersionTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/MigrationVersionTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/model/MigrationVersionTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/MigrationVersionTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/MultipleRealmsTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/MultipleRealmsTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/model/MultipleRealmsTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/MultipleRealmsTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/SimplePerfTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/SimplePerfTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/model/SimplePerfTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/SimplePerfTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/TransactionsTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/TransactionsTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/model/TransactionsTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/TransactionsTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserConsentModelTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/UserConsentModelTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserConsentModelTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/UserConsentModelTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserConsentWithUserStorageModelTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/UserConsentWithUserStorageModelTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserConsentWithUserStorageModelTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/UserConsentWithUserStorageModelTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserModelTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/UserModelTest.java similarity index 94% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserModelTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/UserModelTest.java index 191a39af899..4e0dca51c17 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserModelTest.java +++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/UserModelTest.java @@ -241,7 +241,7 @@ public class UserModelTest extends AbstractModelTest { @Test public void testUpdateUserSingleAttribute() { Map> expected = ImmutableMap.of( - "key1", Arrays.asList("value3"), + "key1", Arrays.asList("value3"), "key2", Arrays.asList("value2")); RealmModel realm = realmManager.createRealm("original"); @@ -398,6 +398,31 @@ public class UserModelTest extends AbstractModelTest { Assert.assertFalse(realm2User1.hasRole(role1)); } + @Test + public void testUserNotBefore() throws Exception { + RealmModel realm = realmManager.createRealm("original"); + + UserModel user1 = session.users().addUser(realm, "user1"); + session.users().setNotBeforeForUser(realm, user1, 10); + + commit(); + + realm = realmManager.getRealmByName("original"); + user1 = session.users().getUserByUsername("user1", realm); + int notBefore = session.users().getNotBeforeOfUser(realm, user1); + Assert.assertEquals(10, notBefore); + + // Try to update + session.users().setNotBeforeForUser(realm, user1, 20); + + commit(); + + realm = realmManager.getRealmByName("original"); + user1 = session.users().getUserByUsername("user1", realm); + notBefore = session.users().getNotBeforeOfUser(realm, user1); + Assert.assertEquals(20, notBefore); + } + public static void assertEquals(UserModel expected, UserModel actual) { Assert.assertEquals(expected.getUsername(), actual.getUsername()); Assert.assertEquals(expected.getCreatedTimestamp(), actual.getCreatedTimestamp()); diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionInitializerTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/UserSessionInitializerTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionInitializerTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/UserSessionInitializerTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionPersisterProviderTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/UserSessionPersisterProviderTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionPersisterProviderTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/UserSessionPersisterProviderTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionProviderOfflineTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/UserSessionProviderOfflineTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionProviderOfflineTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/UserSessionProviderOfflineTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionProviderTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/UserSessionProviderTest.java similarity index 96% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionProviderTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/UserSessionProviderTest.java index 0312cbb753b..846267f7d35 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionProviderTest.java +++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/model/UserSessionProviderTest.java @@ -462,26 +462,6 @@ public class UserSessionProviderTest { } - @Test - public void testFailCreateExistingSession() { - UserSessionModel userSession = session.sessions().createUserSession("123", realm, session.users().getUserByUsername("user1", realm), "user1", "127.0.0.2", "form", true, null, null); - - // commit - resetSession(); - - - try { - session.sessions().createUserSession("123", realm, session.users().getUserByUsername("user1", realm), "user1", "127.0.0.2", "form", true, null, null); - kc.stopSession(session, true); - Assert.fail("Not expected to successfully create duplicated userSession"); - } catch (IllegalStateException e) { - // Expected - session = kc.startSession(); - } - - } - - private void testAuthenticatedClientSession(AuthenticatedClientSessionModel clientSession, String expectedClientId, String expectedUserSessionId, String expectedAction, int expectedTimestamp) { Assert.assertEquals(expectedClientId, clientSession.getClient().getClientId()); Assert.assertEquals(expectedUserSessionId, clientSession.getUserSession().getId()); @@ -531,6 +511,15 @@ public class UserSessionProviderTest { resetSession(); + // Add the failure, which already exists + failure1 = session.sessions().addUserLoginFailure(realm, "user1"); + failure1.incrementFailures(); + + resetSession(); + + failure1 = session.sessions().getUserLoginFailure(realm, "user1"); + assertEquals(2, failure1.getNumFailures()); + failure1 = session.sessions().getUserLoginFailure(realm, "user1"); failure1.clearFailures(); @@ -556,13 +545,15 @@ public class UserSessionProviderTest { public void testOnUserRemoved() { createSessions(); - session.sessions().addUserLoginFailure(realm, "user1"); - session.sessions().addUserLoginFailure(realm, "user1@localhost"); - session.sessions().addUserLoginFailure(realm, "user2"); + UserModel user1 = session.users().getUserByUsername("user1", realm); + UserModel user2 = session.users().getUserByUsername("user2", realm); + + session.sessions().addUserLoginFailure(realm, user1.getId()); + session.sessions().addUserLoginFailure(realm, user2.getId()); resetSession(); - UserModel user1 = session.users().getUserByUsername("user1", realm); + user1 = session.users().getUserByUsername("user1", realm); new UserManager(session).removeUser(realm, user1); resetSession(); @@ -570,9 +561,8 @@ public class UserSessionProviderTest { assertTrue(session.sessions().getUserSessions(realm, user1).isEmpty()); assertFalse(session.sessions().getUserSessions(realm, session.users().getUserByUsername("user2", realm)).isEmpty()); - assertNull(session.sessions().getUserLoginFailure(realm, "user1")); - assertNull(session.sessions().getUserLoginFailure(realm, "user1@localhost")); - assertNotNull(session.sessions().getUserLoginFailure(realm, "user2")); + assertNull(session.sessions().getUserLoginFailure(realm, user1.getId())); + assertNotNull(session.sessions().getUserLoginFailure(realm, user2.getId())); } private AuthenticatedClientSessionModel createClientSession(ClientModel client, UserSessionModel userSession, String redirect, String state, Set roles, Set protocolMappers) { diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AbstractAccountPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AbstractAccountPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AbstractAccountPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AbstractAccountPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AbstractPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AbstractPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AbstractPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AbstractPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AccountApplicationsPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AccountApplicationsPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AccountApplicationsPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AccountApplicationsPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AccountFederatedIdentityPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AccountFederatedIdentityPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AccountFederatedIdentityPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AccountFederatedIdentityPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AccountLogPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AccountLogPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AccountLogPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AccountLogPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AccountPasswordPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AccountPasswordPage.java similarity index 91% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AccountPasswordPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AccountPasswordPage.java index 1e1da65f8f8..c3340741499 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AccountPasswordPage.java +++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AccountPasswordPage.java @@ -16,7 +16,7 @@ */ package org.keycloak.testsuite.pages; -import org.keycloak.services.resources.AccountService; +import org.keycloak.services.resources.account.AccountFormService; import org.keycloak.testsuite.Constants; import org.openqa.selenium.WebElement; import org.openqa.selenium.support.FindBy; @@ -70,6 +70,6 @@ public class AccountPasswordPage extends AbstractAccountPage { } public String getPath() { - return AccountService.passwordUrl(UriBuilder.fromUri(Constants.AUTH_SERVER_ROOT)).build(this.realmName).toString(); + return AccountFormService.passwordUrl(UriBuilder.fromUri(Constants.AUTH_SERVER_ROOT)).build(this.realmName).toString(); } } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AccountSessionsPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AccountSessionsPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AccountSessionsPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AccountSessionsPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AccountTotpPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AccountTotpPage.java similarity index 89% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AccountTotpPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AccountTotpPage.java index a715c564af3..8d1dfacb41c 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AccountTotpPage.java +++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AccountTotpPage.java @@ -16,7 +16,7 @@ */ package org.keycloak.testsuite.pages; -import org.keycloak.services.resources.AccountService; +import org.keycloak.services.resources.account.AccountFormService; import org.keycloak.testsuite.Constants; import org.openqa.selenium.WebElement; import org.openqa.selenium.support.FindBy; @@ -28,7 +28,7 @@ import javax.ws.rs.core.UriBuilder; */ public class AccountTotpPage extends AbstractAccountPage { - private static String PATH = AccountService.totpUrl(UriBuilder.fromUri(Constants.AUTH_SERVER_ROOT)).build("test").toString(); + private static String PATH = AccountFormService.totpUrl(UriBuilder.fromUri(Constants.AUTH_SERVER_ROOT)).build("test").toString(); @FindBy(id = "totpSecret") private WebElement totpSecret; diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AccountUpdateProfilePage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AccountUpdateProfilePage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AccountUpdateProfilePage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AccountUpdateProfilePage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AppPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AppPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AppPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AppPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/BypassKerberosPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/BypassKerberosPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/BypassKerberosPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/BypassKerberosPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/ErrorPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/ErrorPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/ErrorPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/ErrorPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/IdpConfirmLinkPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/IdpConfirmLinkPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/IdpConfirmLinkPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/IdpConfirmLinkPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/IdpLinkEmailPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/IdpLinkEmailPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/IdpLinkEmailPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/IdpLinkEmailPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/InfoPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/InfoPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/InfoPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/InfoPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/LoginConfigTotpPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/LoginConfigTotpPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/LoginConfigTotpPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/LoginConfigTotpPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/LoginExpiredPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/LoginExpiredPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/LoginExpiredPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/LoginExpiredPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/LoginPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/LoginPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/LoginPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/LoginPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/LoginPasswordResetPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/LoginPasswordResetPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/LoginPasswordResetPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/LoginPasswordResetPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/LoginPasswordUpdatePage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/LoginPasswordUpdatePage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/LoginPasswordUpdatePage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/LoginPasswordUpdatePage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/LoginRecoverUsernamePage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/LoginRecoverUsernamePage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/LoginRecoverUsernamePage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/LoginRecoverUsernamePage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/LoginTotpPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/LoginTotpPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/LoginTotpPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/LoginTotpPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/LoginUpdateProfileEditUsernameAllowedPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/LoginUpdateProfileEditUsernameAllowedPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/LoginUpdateProfileEditUsernameAllowedPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/LoginUpdateProfileEditUsernameAllowedPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/LoginUpdateProfilePage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/LoginUpdateProfilePage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/LoginUpdateProfilePage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/LoginUpdateProfilePage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/OAuthGrantPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/OAuthGrantPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/OAuthGrantPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/OAuthGrantPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/ProceedPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/ProceedPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/ProceedPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/ProceedPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/RegisterPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/RegisterPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/RegisterPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/RegisterPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/TermsAndConditionsPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/TermsAndConditionsPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/TermsAndConditionsPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/TermsAndConditionsPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/ValidatePassworrdEmailResetPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/ValidatePassworrdEmailResetPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/ValidatePassworrdEmailResetPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/ValidatePassworrdEmailResetPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/VerifyEmailPage.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/VerifyEmailPage.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/pages/VerifyEmailPage.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/VerifyEmailPage.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/ErrorServlet.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/rule/ErrorServlet.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/rule/ErrorServlet.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/rule/ErrorServlet.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/GreenMailRule.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/rule/GreenMailRule.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/rule/GreenMailRule.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/rule/GreenMailRule.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/LDAPRule.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/rule/LDAPRule.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/rule/LDAPRule.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/rule/LDAPRule.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/LoggingRule.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/rule/LoggingRule.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/rule/LoggingRule.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/rule/LoggingRule.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/WebResource.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/rule/WebResource.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/rule/WebResource.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/rule/WebResource.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/WebRule.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/rule/WebRule.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/rule/WebRule.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/rule/WebRule.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlEcpProfileTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/saml/SamlEcpProfileTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlEcpProfileTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/saml/SamlEcpProfileTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlKeycloakRule.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/saml/SamlKeycloakRule.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlKeycloakRule.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/saml/SamlKeycloakRule.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlPicketlinkSPTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/saml/SamlPicketlinkSPTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlPicketlinkSPTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/saml/SamlPicketlinkSPTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/saml/ValidationTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/saml/ValidationTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/saml/ValidationTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/saml/ValidationTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/samlfilter/SamlAdapterTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/samlfilter/SamlAdapterTest.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/samlfilter/SamlAdapterTest.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/samlfilter/SamlAdapterTest.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/samlfilter/SamlKeycloakRule.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/samlfilter/SamlKeycloakRule.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/samlfilter/SamlKeycloakRule.java rename to testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/samlfilter/SamlKeycloakRule.java diff --git a/testsuite/integration/src/test/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderFactory b/testsuite/integration-deprecated/src/test/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderFactory similarity index 100% rename from testsuite/integration/src/test/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderFactory rename to testsuite/integration-deprecated/src/test/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderFactory diff --git a/testsuite/integration/src/test/resources/META-INF/services/org.keycloak.broker.social.SocialIdentityProviderFactory b/testsuite/integration-deprecated/src/test/resources/META-INF/services/org.keycloak.broker.social.SocialIdentityProviderFactory similarity index 100% rename from testsuite/integration/src/test/resources/META-INF/services/org.keycloak.broker.social.SocialIdentityProviderFactory rename to testsuite/integration-deprecated/src/test/resources/META-INF/services/org.keycloak.broker.social.SocialIdentityProviderFactory diff --git a/testsuite/integration/src/test/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory b/testsuite/integration-deprecated/src/test/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory similarity index 100% rename from testsuite/integration/src/test/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory rename to testsuite/integration-deprecated/src/test/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory diff --git a/testsuite/integration/src/test/resources/META-INF/services/org.keycloak.storage.UserStorageProviderFactory b/testsuite/integration-deprecated/src/test/resources/META-INF/services/org.keycloak.storage.UserStorageProviderFactory similarity index 100% rename from testsuite/integration/src/test/resources/META-INF/services/org.keycloak.storage.UserStorageProviderFactory rename to testsuite/integration-deprecated/src/test/resources/META-INF/services/org.keycloak.storage.UserStorageProviderFactory diff --git a/testsuite/integration/src/test/resources/adapter-test/cust-app-cookie-keycloak.json b/testsuite/integration-deprecated/src/test/resources/adapter-test/cust-app-cookie-keycloak.json similarity index 100% rename from testsuite/integration/src/test/resources/adapter-test/cust-app-cookie-keycloak.json rename to testsuite/integration-deprecated/src/test/resources/adapter-test/cust-app-cookie-keycloak.json diff --git a/testsuite/integration/src/test/resources/adapter-test/cust-app-keycloak-relative.json b/testsuite/integration-deprecated/src/test/resources/adapter-test/cust-app-keycloak-relative.json similarity index 100% rename from testsuite/integration/src/test/resources/adapter-test/cust-app-keycloak-relative.json rename to testsuite/integration-deprecated/src/test/resources/adapter-test/cust-app-keycloak-relative.json diff --git a/testsuite/integration/src/test/resources/adapter-test/cust-app-keycloak.json b/testsuite/integration-deprecated/src/test/resources/adapter-test/cust-app-keycloak.json similarity index 100% rename from testsuite/integration/src/test/resources/adapter-test/cust-app-keycloak.json rename to testsuite/integration-deprecated/src/test/resources/adapter-test/cust-app-keycloak.json diff --git a/testsuite/integration/src/test/resources/adapter-test/customer-db-keycloak-relative.json b/testsuite/integration-deprecated/src/test/resources/adapter-test/customer-db-keycloak-relative.json similarity index 100% rename from testsuite/integration/src/test/resources/adapter-test/customer-db-keycloak-relative.json rename to testsuite/integration-deprecated/src/test/resources/adapter-test/customer-db-keycloak-relative.json diff --git a/testsuite/integration/src/test/resources/adapter-test/customer-db-keycloak.json b/testsuite/integration-deprecated/src/test/resources/adapter-test/customer-db-keycloak.json similarity index 100% rename from testsuite/integration/src/test/resources/adapter-test/customer-db-keycloak.json rename to testsuite/integration-deprecated/src/test/resources/adapter-test/customer-db-keycloak.json diff --git a/testsuite/integration/src/test/resources/adapter-test/demorealm-relative.json b/testsuite/integration-deprecated/src/test/resources/adapter-test/demorealm-relative.json similarity index 100% rename from testsuite/integration/src/test/resources/adapter-test/demorealm-relative.json rename to testsuite/integration-deprecated/src/test/resources/adapter-test/demorealm-relative.json diff --git a/testsuite/integration/src/test/resources/adapter-test/demorealm.json b/testsuite/integration-deprecated/src/test/resources/adapter-test/demorealm.json similarity index 100% rename from testsuite/integration/src/test/resources/adapter-test/demorealm.json rename to testsuite/integration-deprecated/src/test/resources/adapter-test/demorealm.json diff --git a/testsuite/integration/src/test/resources/adapter-test/input-keycloak.json b/testsuite/integration-deprecated/src/test/resources/adapter-test/input-keycloak.json similarity index 100% rename from testsuite/integration/src/test/resources/adapter-test/input-keycloak.json rename to testsuite/integration-deprecated/src/test/resources/adapter-test/input-keycloak.json diff --git a/testsuite/integration/src/test/resources/adapter-test/no-access-token.json b/testsuite/integration-deprecated/src/test/resources/adapter-test/no-access-token.json similarity index 100% rename from testsuite/integration/src/test/resources/adapter-test/no-access-token.json rename to testsuite/integration-deprecated/src/test/resources/adapter-test/no-access-token.json diff --git a/testsuite/integration/src/test/resources/adapter-test/product-autodetect-bearer-only-keycloak.json b/testsuite/integration-deprecated/src/test/resources/adapter-test/product-autodetect-bearer-only-keycloak.json similarity index 100% rename from testsuite/integration/src/test/resources/adapter-test/product-autodetect-bearer-only-keycloak.json rename to testsuite/integration-deprecated/src/test/resources/adapter-test/product-autodetect-bearer-only-keycloak.json diff --git a/testsuite/integration/src/test/resources/adapter-test/product-keycloak-relative.json b/testsuite/integration-deprecated/src/test/resources/adapter-test/product-keycloak-relative.json similarity index 100% rename from testsuite/integration/src/test/resources/adapter-test/product-keycloak-relative.json rename to testsuite/integration-deprecated/src/test/resources/adapter-test/product-keycloak-relative.json diff --git a/testsuite/integration/src/test/resources/adapter-test/product-keycloak.json b/testsuite/integration-deprecated/src/test/resources/adapter-test/product-keycloak.json similarity index 100% rename from testsuite/integration/src/test/resources/adapter-test/product-keycloak.json rename to testsuite/integration-deprecated/src/test/resources/adapter-test/product-keycloak.json diff --git a/testsuite/integration/src/test/resources/adapter-test/secure-portal-keycloak.json b/testsuite/integration-deprecated/src/test/resources/adapter-test/secure-portal-keycloak.json similarity index 100% rename from testsuite/integration/src/test/resources/adapter-test/secure-portal-keycloak.json rename to testsuite/integration-deprecated/src/test/resources/adapter-test/secure-portal-keycloak.json diff --git a/testsuite/integration/src/test/resources/adapter-test/secure-portal-keystore.jks b/testsuite/integration-deprecated/src/test/resources/adapter-test/secure-portal-keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/adapter-test/secure-portal-keystore.jks rename to testsuite/integration-deprecated/src/test/resources/adapter-test/secure-portal-keystore.jks diff --git a/testsuite/integration/src/test/resources/adapter-test/session-keycloak.json b/testsuite/integration-deprecated/src/test/resources/adapter-test/session-keycloak.json similarity index 100% rename from testsuite/integration/src/test/resources/adapter-test/session-keycloak.json rename to testsuite/integration-deprecated/src/test/resources/adapter-test/session-keycloak.json diff --git a/testsuite/integration/src/test/resources/adapter-test/tenant1-keycloak.json b/testsuite/integration-deprecated/src/test/resources/adapter-test/tenant1-keycloak.json similarity index 100% rename from testsuite/integration/src/test/resources/adapter-test/tenant1-keycloak.json rename to testsuite/integration-deprecated/src/test/resources/adapter-test/tenant1-keycloak.json diff --git a/testsuite/integration/src/test/resources/adapter-test/tenant1-realm.json b/testsuite/integration-deprecated/src/test/resources/adapter-test/tenant1-realm.json similarity index 100% rename from testsuite/integration/src/test/resources/adapter-test/tenant1-realm.json rename to testsuite/integration-deprecated/src/test/resources/adapter-test/tenant1-realm.json diff --git a/testsuite/integration/src/test/resources/adapter-test/tenant2-keycloak.json b/testsuite/integration-deprecated/src/test/resources/adapter-test/tenant2-keycloak.json similarity index 100% rename from testsuite/integration/src/test/resources/adapter-test/tenant2-keycloak.json rename to testsuite/integration-deprecated/src/test/resources/adapter-test/tenant2-keycloak.json diff --git a/testsuite/integration/src/test/resources/adapter-test/tenant2-realm.json b/testsuite/integration-deprecated/src/test/resources/adapter-test/tenant2-realm.json similarity index 100% rename from testsuite/integration/src/test/resources/adapter-test/tenant2-realm.json rename to testsuite/integration-deprecated/src/test/resources/adapter-test/tenant2-realm.json diff --git a/testsuite/integration/src/test/resources/authorization-test/keycloak.json b/testsuite/integration-deprecated/src/test/resources/authorization-test/keycloak.json similarity index 100% rename from testsuite/integration/src/test/resources/authorization-test/keycloak.json rename to testsuite/integration-deprecated/src/test/resources/authorization-test/keycloak.json diff --git a/testsuite/integration/src/test/resources/authorization-test/test-photoz-realm.json b/testsuite/integration-deprecated/src/test/resources/authorization-test/test-photoz-realm.json similarity index 100% rename from testsuite/integration/src/test/resources/authorization-test/test-photoz-realm.json rename to testsuite/integration-deprecated/src/test/resources/authorization-test/test-photoz-realm.json diff --git a/testsuite/integration/src/test/resources/broker-test/realm-with-oidc-property-mappers.json b/testsuite/integration-deprecated/src/test/resources/broker-test/realm-with-oidc-property-mappers.json similarity index 100% rename from testsuite/integration/src/test/resources/broker-test/realm-with-oidc-property-mappers.json rename to testsuite/integration-deprecated/src/test/resources/broker-test/realm-with-oidc-property-mappers.json diff --git a/testsuite/integration/src/test/resources/broker-test/realm-with-saml-property-mappers.json b/testsuite/integration-deprecated/src/test/resources/broker-test/realm-with-saml-property-mappers.json similarity index 100% rename from testsuite/integration/src/test/resources/broker-test/realm-with-saml-property-mappers.json rename to testsuite/integration-deprecated/src/test/resources/broker-test/realm-with-saml-property-mappers.json diff --git a/testsuite/integration/src/test/resources/broker-test/test-app-keycloak.json b/testsuite/integration-deprecated/src/test/resources/broker-test/test-app-keycloak.json similarity index 100% rename from testsuite/integration/src/test/resources/broker-test/test-app-keycloak.json rename to testsuite/integration-deprecated/src/test/resources/broker-test/test-app-keycloak.json diff --git a/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-kc-oidc.json b/testsuite/integration-deprecated/src/test/resources/broker-test/test-broker-realm-with-kc-oidc.json similarity index 100% rename from testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-kc-oidc.json rename to testsuite/integration-deprecated/src/test/resources/broker-test/test-broker-realm-with-kc-oidc.json diff --git a/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml-with-signature.json b/testsuite/integration-deprecated/src/test/resources/broker-test/test-broker-realm-with-saml-with-signature.json similarity index 100% rename from testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml-with-signature.json rename to testsuite/integration-deprecated/src/test/resources/broker-test/test-broker-realm-with-saml-with-signature.json diff --git a/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml.json b/testsuite/integration-deprecated/src/test/resources/broker-test/test-broker-realm-with-saml.json similarity index 100% rename from testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml.json rename to testsuite/integration-deprecated/src/test/resources/broker-test/test-broker-realm-with-saml.json diff --git a/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json b/testsuite/integration-deprecated/src/test/resources/broker-test/test-realm-with-broker.json similarity index 97% rename from testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json rename to testsuite/integration-deprecated/src/test/resources/broker-test/test-realm-with-broker.json index 09fa373bbe6..8d5f10224ad 100755 --- a/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json +++ b/testsuite/integration-deprecated/src/test/resources/broker-test/test-realm-with-broker.json @@ -51,6 +51,21 @@ "clientSecret": "clientSecret" } }, + { + "alias" : "model-paypal", + "providerId" : "paypal", + "enabled": true, + "storeToken": false, + "postBrokerLoginFlowAlias" : "browser", + "config": { + "sandbox": false, + "authorizationUrl": "authorizationUrl", + "tokenUrl": "tokenUrl", + "userInfoUrl": "userInfoUrl", + "clientId": "clientId", + "clientSecret": "clientSecret" + } + }, { "alias" : "model-twitter", "providerId" : "twitter", diff --git a/testsuite/integration/src/test/resources/client-auth-test/keystore-client1.jks b/testsuite/integration-deprecated/src/test/resources/client-auth-test/keystore-client1.jks similarity index 100% rename from testsuite/integration/src/test/resources/client-auth-test/keystore-client1.jks rename to testsuite/integration-deprecated/src/test/resources/client-auth-test/keystore-client1.jks diff --git a/testsuite/integration/src/test/resources/client-auth-test/keystore-client2.jks b/testsuite/integration-deprecated/src/test/resources/client-auth-test/keystore-client2.jks similarity index 100% rename from testsuite/integration/src/test/resources/client-auth-test/keystore-client2.jks rename to testsuite/integration-deprecated/src/test/resources/client-auth-test/keystore-client2.jks diff --git a/testsuite/integration/src/test/resources/client-auth-test/keystore-client2.p12 b/testsuite/integration-deprecated/src/test/resources/client-auth-test/keystore-client2.p12 similarity index 100% rename from testsuite/integration/src/test/resources/client-auth-test/keystore-client2.p12 rename to testsuite/integration-deprecated/src/test/resources/client-auth-test/keystore-client2.p12 diff --git a/testsuite/integration/src/test/resources/jaxrs-test/jaxrs-keycloak-basicauth.json b/testsuite/integration-deprecated/src/test/resources/jaxrs-test/jaxrs-keycloak-basicauth.json similarity index 100% rename from testsuite/integration/src/test/resources/jaxrs-test/jaxrs-keycloak-basicauth.json rename to testsuite/integration-deprecated/src/test/resources/jaxrs-test/jaxrs-keycloak-basicauth.json diff --git a/testsuite/integration/src/test/resources/jaxrs-test/jaxrs-keycloak-relative.json b/testsuite/integration-deprecated/src/test/resources/jaxrs-test/jaxrs-keycloak-relative.json similarity index 100% rename from testsuite/integration/src/test/resources/jaxrs-test/jaxrs-keycloak-relative.json rename to testsuite/integration-deprecated/src/test/resources/jaxrs-test/jaxrs-keycloak-relative.json diff --git a/testsuite/integration/src/test/resources/jaxrs-test/jaxrs-keycloak-resource-mappings.json b/testsuite/integration-deprecated/src/test/resources/jaxrs-test/jaxrs-keycloak-resource-mappings.json similarity index 100% rename from testsuite/integration/src/test/resources/jaxrs-test/jaxrs-keycloak-resource-mappings.json rename to testsuite/integration-deprecated/src/test/resources/jaxrs-test/jaxrs-keycloak-resource-mappings.json diff --git a/testsuite/integration/src/test/resources/jaxrs-test/jaxrs-keycloak-ssl.json b/testsuite/integration-deprecated/src/test/resources/jaxrs-test/jaxrs-keycloak-ssl.json similarity index 100% rename from testsuite/integration/src/test/resources/jaxrs-test/jaxrs-keycloak-ssl.json rename to testsuite/integration-deprecated/src/test/resources/jaxrs-test/jaxrs-keycloak-ssl.json diff --git a/testsuite/integration/src/test/resources/jaxrs-test/jaxrs-keycloak.json b/testsuite/integration-deprecated/src/test/resources/jaxrs-test/jaxrs-keycloak.json similarity index 100% rename from testsuite/integration/src/test/resources/jaxrs-test/jaxrs-keycloak.json rename to testsuite/integration-deprecated/src/test/resources/jaxrs-test/jaxrs-keycloak.json diff --git a/testsuite/integration/src/test/resources/keycloak-saml/bad-assertion-signed-post/WEB-INF/keycloak-saml.xml b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/bad-assertion-signed-post/WEB-INF/keycloak-saml.xml similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/bad-assertion-signed-post/WEB-INF/keycloak-saml.xml rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/bad-assertion-signed-post/WEB-INF/keycloak-saml.xml diff --git a/testsuite/integration/src/test/resources/keycloak-saml/bad-assertion-signed-post/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/bad-assertion-signed-post/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/bad-assertion-signed-post/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/bad-assertion-signed-post/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/keycloak-saml/bad-client-signed-post/WEB-INF/keycloak-saml.xml b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/bad-client-signed-post/WEB-INF/keycloak-saml.xml similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/bad-client-signed-post/WEB-INF/keycloak-saml.xml rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/bad-client-signed-post/WEB-INF/keycloak-saml.xml diff --git a/testsuite/integration/src/test/resources/keycloak-saml/bad-client-signed-post/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/bad-client-signed-post/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/bad-client-signed-post/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/bad-client-signed-post/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/keycloak-saml/bad-realm-signed-post/WEB-INF/keycloak-saml.xml b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/bad-realm-signed-post/WEB-INF/keycloak-saml.xml similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/bad-realm-signed-post/WEB-INF/keycloak-saml.xml rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/bad-realm-signed-post/WEB-INF/keycloak-saml.xml diff --git a/testsuite/integration/src/test/resources/keycloak-saml/bad-realm-signed-post/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/bad-realm-signed-post/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/bad-realm-signed-post/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/bad-realm-signed-post/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/keycloak-saml/ecp/ecp-sp/WEB-INF/keycloak-saml.xml b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/ecp/ecp-sp/WEB-INF/keycloak-saml.xml similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/ecp/ecp-sp/WEB-INF/keycloak-saml.xml rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/ecp/ecp-sp/WEB-INF/keycloak-saml.xml diff --git a/testsuite/integration/src/test/resources/keycloak-saml/ecp/ecp-sp/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/ecp/ecp-sp/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/ecp/ecp-sp/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/ecp/ecp-sp/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/keycloak-saml/ecp/testsamlecp.json b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/ecp/testsamlecp.json similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/ecp/testsamlecp.json rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/ecp/testsamlecp.json diff --git a/testsuite/integration/src/test/resources/keycloak-saml/encrypted-post/WEB-INF/keycloak-saml.xml b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/encrypted-post/WEB-INF/keycloak-saml.xml similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/encrypted-post/WEB-INF/keycloak-saml.xml rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/encrypted-post/WEB-INF/keycloak-saml.xml diff --git a/testsuite/integration/src/test/resources/keycloak-saml/encrypted-post/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/encrypted-post/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/encrypted-post/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/encrypted-post/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/keycloak-saml/mappers/WEB-INF/keycloak-saml.xml b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/mappers/WEB-INF/keycloak-saml.xml similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/mappers/WEB-INF/keycloak-saml.xml rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/mappers/WEB-INF/keycloak-saml.xml diff --git a/testsuite/integration/src/test/resources/keycloak-saml/missing-assertion-sig/WEB-INF/keycloak-saml.xml b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/missing-assertion-sig/WEB-INF/keycloak-saml.xml similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/missing-assertion-sig/WEB-INF/keycloak-saml.xml rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/missing-assertion-sig/WEB-INF/keycloak-saml.xml diff --git a/testsuite/integration/src/test/resources/keycloak-saml/missing-assertion-sig/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/missing-assertion-sig/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/missing-assertion-sig/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/missing-assertion-sig/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/keycloak-saml/sales-post-assertion-and-response-sig/WEB-INF/keycloak-saml.xml b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/sales-post-assertion-and-response-sig/WEB-INF/keycloak-saml.xml similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/sales-post-assertion-and-response-sig/WEB-INF/keycloak-saml.xml rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/sales-post-assertion-and-response-sig/WEB-INF/keycloak-saml.xml diff --git a/testsuite/integration/src/test/resources/keycloak-saml/sales-post-assertion-and-response-sig/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/sales-post-assertion-and-response-sig/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/sales-post-assertion-and-response-sig/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/sales-post-assertion-and-response-sig/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/keycloak-saml/signed-front-get/WEB-INF/keycloak-saml.xml b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-front-get/WEB-INF/keycloak-saml.xml similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/signed-front-get/WEB-INF/keycloak-saml.xml rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-front-get/WEB-INF/keycloak-saml.xml diff --git a/testsuite/integration/src/test/resources/keycloak-saml/signed-front-get/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-front-get/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/signed-front-get/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-front-get/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/keycloak-saml/signed-get/WEB-INF/keycloak-saml.xml b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-get/WEB-INF/keycloak-saml.xml similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/signed-get/WEB-INF/keycloak-saml.xml rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-get/WEB-INF/keycloak-saml.xml diff --git a/testsuite/integration/src/test/resources/keycloak-saml/signed-get/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-get/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/signed-get/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-get/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/keycloak-saml/signed-metadata/WEB-INF/keycloak-saml.xml b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-metadata/WEB-INF/keycloak-saml.xml similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/signed-metadata/WEB-INF/keycloak-saml.xml rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-metadata/WEB-INF/keycloak-saml.xml diff --git a/testsuite/integration/src/test/resources/keycloak-saml/signed-metadata/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-metadata/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/signed-metadata/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-metadata/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/keycloak-saml/signed-post-email/WEB-INF/keycloak-saml.xml b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-post-email/WEB-INF/keycloak-saml.xml similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/signed-post-email/WEB-INF/keycloak-saml.xml rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-post-email/WEB-INF/keycloak-saml.xml diff --git a/testsuite/integration/src/test/resources/keycloak-saml/signed-post-email/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-post-email/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/signed-post-email/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-post-email/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/keycloak-saml/signed-post-persistent/WEB-INF/keycloak-saml.xml b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-post-persistent/WEB-INF/keycloak-saml.xml similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/signed-post-persistent/WEB-INF/keycloak-saml.xml rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-post-persistent/WEB-INF/keycloak-saml.xml diff --git a/testsuite/integration/src/test/resources/keycloak-saml/signed-post-persistent/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-post-persistent/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/signed-post-persistent/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-post-persistent/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/keycloak-saml/signed-post-transient/WEB-INF/keycloak-saml.xml b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-post-transient/WEB-INF/keycloak-saml.xml similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/signed-post-transient/WEB-INF/keycloak-saml.xml rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-post-transient/WEB-INF/keycloak-saml.xml diff --git a/testsuite/integration/src/test/resources/keycloak-saml/signed-post-transient/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-post-transient/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/signed-post-transient/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-post-transient/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/keycloak-saml/signed-post/WEB-INF/keycloak-saml.xml b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-post/WEB-INF/keycloak-saml.xml similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/signed-post/WEB-INF/keycloak-saml.xml rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-post/WEB-INF/keycloak-saml.xml diff --git a/testsuite/integration/src/test/resources/keycloak-saml/signed-post/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-post/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/signed-post/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/signed-post/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml diff --git a/testsuite/integration/src/test/resources/keycloak-saml/simple-post-passive/WEB-INF/keycloak-saml.xml b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/simple-post-passive/WEB-INF/keycloak-saml.xml similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/simple-post-passive/WEB-INF/keycloak-saml.xml rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/simple-post-passive/WEB-INF/keycloak-saml.xml diff --git a/testsuite/integration/src/test/resources/keycloak-saml/simple-post/WEB-INF/keycloak-saml.xml b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/simple-post/WEB-INF/keycloak-saml.xml similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/simple-post/WEB-INF/keycloak-saml.xml rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/simple-post/WEB-INF/keycloak-saml.xml diff --git a/testsuite/integration/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml diff --git a/testsuite/integration/src/test/resources/keycloak-saml/sp-metadata-email-nameid.xml b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/sp-metadata-email-nameid.xml similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/sp-metadata-email-nameid.xml rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/sp-metadata-email-nameid.xml diff --git a/testsuite/integration/src/test/resources/keycloak-saml/sp-metadata.xml b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/sp-metadata.xml similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/sp-metadata.xml rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/sp-metadata.xml diff --git a/testsuite/integration/src/test/resources/keycloak-saml/testsaml.json b/testsuite/integration-deprecated/src/test/resources/keycloak-saml/testsaml.json similarity index 100% rename from testsuite/integration/src/test/resources/keycloak-saml/testsaml.json rename to testsuite/integration-deprecated/src/test/resources/keycloak-saml/testsaml.json diff --git a/testsuite/integration/src/test/resources/ldap/fed-provider-export.json b/testsuite/integration-deprecated/src/test/resources/ldap/fed-provider-export.json similarity index 99% rename from testsuite/integration/src/test/resources/ldap/fed-provider-export.json rename to testsuite/integration-deprecated/src/test/resources/ldap/fed-provider-export.json index 4bbe374dbb7..9fdd5c088a8 100644 --- a/testsuite/integration/src/test/resources/ldap/fed-provider-export.json +++ b/testsuite/integration-deprecated/src/test/resources/ldap/fed-provider-export.json @@ -97,7 +97,7 @@ "serverPrincipal": "HTTP/localhost@KEYCLOAK.ORG", "debug": "true", "pagination": "true", - "keyTab": "/Users/williamburke/jboss/keycloak/p1b-repo/keycloak/testsuite/integration/target/test-classes/kerberos/http.keytab", + "keyTab": "/Users/williamburke/jboss/keycloak/p1b-repo/keycloak/testsuite/integration-deprecated/target/test-classes/kerberos/http.keytab", "connectionPooling": "true", "usersDn": "ou=People,dc=keycloak,dc=org", "useKerberosForPasswordAuthentication": "false", diff --git a/testsuite/integration/src/test/resources/ldap/ldap-app-keycloak.json b/testsuite/integration-deprecated/src/test/resources/ldap/ldap-app-keycloak.json similarity index 100% rename from testsuite/integration/src/test/resources/ldap/ldap-app-keycloak.json rename to testsuite/integration-deprecated/src/test/resources/ldap/ldap-app-keycloak.json diff --git a/testsuite/integration/src/test/resources/ldap/ldap-connection.properties b/testsuite/integration-deprecated/src/test/resources/ldap/ldap-connection.properties similarity index 100% rename from testsuite/integration/src/test/resources/ldap/ldap-connection.properties rename to testsuite/integration-deprecated/src/test/resources/ldap/ldap-connection.properties diff --git a/testsuite/integration/src/test/resources/ldap/users.ldif b/testsuite/integration-deprecated/src/test/resources/ldap/users.ldif similarity index 100% rename from testsuite/integration/src/test/resources/ldap/users.ldif rename to testsuite/integration-deprecated/src/test/resources/ldap/users.ldif diff --git a/testsuite/integration/src/test/resources/model/testcomposites.json b/testsuite/integration-deprecated/src/test/resources/model/testcomposites.json similarity index 100% rename from testsuite/integration/src/test/resources/model/testcomposites.json rename to testsuite/integration-deprecated/src/test/resources/model/testcomposites.json diff --git a/testsuite/integration/src/test/resources/model/testrealm-demo.json b/testsuite/integration-deprecated/src/test/resources/model/testrealm-demo.json similarity index 100% rename from testsuite/integration/src/test/resources/model/testrealm-demo.json rename to testsuite/integration-deprecated/src/test/resources/model/testrealm-demo.json diff --git a/testsuite/integration/src/test/resources/model/testrealm-noclient-id.json b/testsuite/integration-deprecated/src/test/resources/model/testrealm-noclient-id.json similarity index 100% rename from testsuite/integration/src/test/resources/model/testrealm-noclient-id.json rename to testsuite/integration-deprecated/src/test/resources/model/testrealm-noclient-id.json diff --git a/testsuite/integration/src/test/resources/model/testrealm.json b/testsuite/integration-deprecated/src/test/resources/model/testrealm.json similarity index 100% rename from testsuite/integration/src/test/resources/model/testrealm.json rename to testsuite/integration-deprecated/src/test/resources/model/testrealm.json diff --git a/testsuite/integration/src/test/resources/model/testrealm2.json b/testsuite/integration-deprecated/src/test/resources/model/testrealm2.json similarity index 100% rename from testsuite/integration/src/test/resources/model/testrealm2.json rename to testsuite/integration-deprecated/src/test/resources/model/testrealm2.json diff --git a/testsuite/integration/src/test/resources/oidc/offline-client-keycloak.json b/testsuite/integration-deprecated/src/test/resources/oidc/offline-client-keycloak.json similarity index 100% rename from testsuite/integration/src/test/resources/oidc/offline-client-keycloak.json rename to testsuite/integration-deprecated/src/test/resources/oidc/offline-client-keycloak.json diff --git a/testsuite/integration/src/test/resources/org/keycloak/testsuite/excluded/keycloak.json b/testsuite/integration-deprecated/src/test/resources/org/keycloak/testsuite/excluded/keycloak.json similarity index 100% rename from testsuite/integration/src/test/resources/org/keycloak/testsuite/excluded/keycloak.json rename to testsuite/integration-deprecated/src/test/resources/org/keycloak/testsuite/excluded/keycloak.json diff --git a/testsuite/integration/src/test/resources/saml/bad-client-signed-post/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/saml/bad-client-signed-post/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/saml/bad-client-signed-post/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/saml/bad-client-signed-post/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/saml/bad-client-signed-post/WEB-INF/picketlink.xml b/testsuite/integration-deprecated/src/test/resources/saml/bad-client-signed-post/WEB-INF/picketlink.xml similarity index 100% rename from testsuite/integration/src/test/resources/saml/bad-client-signed-post/WEB-INF/picketlink.xml rename to testsuite/integration-deprecated/src/test/resources/saml/bad-client-signed-post/WEB-INF/picketlink.xml diff --git a/testsuite/integration/src/test/resources/saml/bad-realm-signed-post/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/saml/bad-realm-signed-post/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/saml/bad-realm-signed-post/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/saml/bad-realm-signed-post/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/saml/bad-realm-signed-post/WEB-INF/picketlink.xml b/testsuite/integration-deprecated/src/test/resources/saml/bad-realm-signed-post/WEB-INF/picketlink.xml similarity index 100% rename from testsuite/integration/src/test/resources/saml/bad-realm-signed-post/WEB-INF/picketlink.xml rename to testsuite/integration-deprecated/src/test/resources/saml/bad-realm-signed-post/WEB-INF/picketlink.xml diff --git a/testsuite/integration/src/test/resources/saml/encrypted-post/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/saml/encrypted-post/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/saml/encrypted-post/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/saml/encrypted-post/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/saml/encrypted-post/WEB-INF/picketlink.xml b/testsuite/integration-deprecated/src/test/resources/saml/encrypted-post/WEB-INF/picketlink.xml similarity index 100% rename from testsuite/integration/src/test/resources/saml/encrypted-post/WEB-INF/picketlink.xml rename to testsuite/integration-deprecated/src/test/resources/saml/encrypted-post/WEB-INF/picketlink.xml diff --git a/testsuite/integration/src/test/resources/saml/signed-front-get/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/saml/signed-front-get/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/saml/signed-front-get/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/saml/signed-front-get/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/saml/signed-front-get/WEB-INF/picketlink.xml b/testsuite/integration-deprecated/src/test/resources/saml/signed-front-get/WEB-INF/picketlink.xml similarity index 100% rename from testsuite/integration/src/test/resources/saml/signed-front-get/WEB-INF/picketlink.xml rename to testsuite/integration-deprecated/src/test/resources/saml/signed-front-get/WEB-INF/picketlink.xml diff --git a/testsuite/integration/src/test/resources/saml/signed-get/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/saml/signed-get/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/saml/signed-get/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/saml/signed-get/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/saml/signed-get/WEB-INF/picketlink.xml b/testsuite/integration-deprecated/src/test/resources/saml/signed-get/WEB-INF/picketlink.xml similarity index 100% rename from testsuite/integration/src/test/resources/saml/signed-get/WEB-INF/picketlink.xml rename to testsuite/integration-deprecated/src/test/resources/saml/signed-get/WEB-INF/picketlink.xml diff --git a/testsuite/integration/src/test/resources/saml/signed-metadata/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/saml/signed-metadata/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/saml/signed-metadata/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/saml/signed-metadata/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/saml/signed-metadata/WEB-INF/picketlink.xml b/testsuite/integration-deprecated/src/test/resources/saml/signed-metadata/WEB-INF/picketlink.xml similarity index 100% rename from testsuite/integration/src/test/resources/saml/signed-metadata/WEB-INF/picketlink.xml rename to testsuite/integration-deprecated/src/test/resources/saml/signed-metadata/WEB-INF/picketlink.xml diff --git a/testsuite/integration/src/test/resources/saml/signed-post-email/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/saml/signed-post-email/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/saml/signed-post-email/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/saml/signed-post-email/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/saml/signed-post-email/WEB-INF/picketlink.xml b/testsuite/integration-deprecated/src/test/resources/saml/signed-post-email/WEB-INF/picketlink.xml similarity index 100% rename from testsuite/integration/src/test/resources/saml/signed-post-email/WEB-INF/picketlink.xml rename to testsuite/integration-deprecated/src/test/resources/saml/signed-post-email/WEB-INF/picketlink.xml diff --git a/testsuite/integration/src/test/resources/saml/signed-post-persistent/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/saml/signed-post-persistent/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/saml/signed-post-persistent/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/saml/signed-post-persistent/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/saml/signed-post-persistent/WEB-INF/picketlink.xml b/testsuite/integration-deprecated/src/test/resources/saml/signed-post-persistent/WEB-INF/picketlink.xml similarity index 100% rename from testsuite/integration/src/test/resources/saml/signed-post-persistent/WEB-INF/picketlink.xml rename to testsuite/integration-deprecated/src/test/resources/saml/signed-post-persistent/WEB-INF/picketlink.xml diff --git a/testsuite/integration/src/test/resources/saml/signed-post-transient/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/saml/signed-post-transient/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/saml/signed-post-transient/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/saml/signed-post-transient/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/saml/signed-post-transient/WEB-INF/picketlink.xml b/testsuite/integration-deprecated/src/test/resources/saml/signed-post-transient/WEB-INF/picketlink.xml similarity index 100% rename from testsuite/integration/src/test/resources/saml/signed-post-transient/WEB-INF/picketlink.xml rename to testsuite/integration-deprecated/src/test/resources/saml/signed-post-transient/WEB-INF/picketlink.xml diff --git a/testsuite/integration/src/test/resources/saml/signed-post/WEB-INF/keystore.jks b/testsuite/integration-deprecated/src/test/resources/saml/signed-post/WEB-INF/keystore.jks similarity index 100% rename from testsuite/integration/src/test/resources/saml/signed-post/WEB-INF/keystore.jks rename to testsuite/integration-deprecated/src/test/resources/saml/signed-post/WEB-INF/keystore.jks diff --git a/testsuite/integration/src/test/resources/saml/signed-post/WEB-INF/picketlink.xml b/testsuite/integration-deprecated/src/test/resources/saml/signed-post/WEB-INF/picketlink.xml similarity index 100% rename from testsuite/integration/src/test/resources/saml/signed-post/WEB-INF/picketlink.xml rename to testsuite/integration-deprecated/src/test/resources/saml/signed-post/WEB-INF/picketlink.xml diff --git a/testsuite/integration/src/test/resources/saml/simple-get/WEB-INF/picketlink.xml b/testsuite/integration-deprecated/src/test/resources/saml/simple-get/WEB-INF/picketlink.xml similarity index 100% rename from testsuite/integration/src/test/resources/saml/simple-get/WEB-INF/picketlink.xml rename to testsuite/integration-deprecated/src/test/resources/saml/simple-get/WEB-INF/picketlink.xml diff --git a/testsuite/integration/src/test/resources/saml/simple-post/WEB-INF/picketlink.xml b/testsuite/integration-deprecated/src/test/resources/saml/simple-post/WEB-INF/picketlink.xml similarity index 100% rename from testsuite/integration/src/test/resources/saml/simple-post/WEB-INF/picketlink.xml rename to testsuite/integration-deprecated/src/test/resources/saml/simple-post/WEB-INF/picketlink.xml diff --git a/testsuite/integration/src/test/resources/saml/sp-metadata.xml b/testsuite/integration-deprecated/src/test/resources/saml/sp-metadata.xml similarity index 100% rename from testsuite/integration/src/test/resources/saml/sp-metadata.xml rename to testsuite/integration-deprecated/src/test/resources/saml/sp-metadata.xml diff --git a/testsuite/integration/src/test/resources/saml/testsaml.json b/testsuite/integration-deprecated/src/test/resources/saml/testsaml.json similarity index 100% rename from testsuite/integration/src/test/resources/saml/testsaml.json rename to testsuite/integration-deprecated/src/test/resources/saml/testsaml.json diff --git a/testsuite/integration/src/test/resources/storage-test/read-only-user-password.properties b/testsuite/integration-deprecated/src/test/resources/storage-test/read-only-user-password.properties similarity index 100% rename from testsuite/integration/src/test/resources/storage-test/read-only-user-password.properties rename to testsuite/integration-deprecated/src/test/resources/storage-test/read-only-user-password.properties diff --git a/testsuite/integration/src/test/resources/storage-test/user-password.properties b/testsuite/integration-deprecated/src/test/resources/storage-test/user-password.properties similarity index 100% rename from testsuite/integration/src/test/resources/storage-test/user-password.properties rename to testsuite/integration-deprecated/src/test/resources/storage-test/user-password.properties diff --git a/testsuite/integration/src/test/resources/testcomposite.json b/testsuite/integration-deprecated/src/test/resources/testcomposite.json similarity index 100% rename from testsuite/integration/src/test/resources/testcomposite.json rename to testsuite/integration-deprecated/src/test/resources/testcomposite.json diff --git a/testsuite/integration/src/test/resources/testrealm.json b/testsuite/integration-deprecated/src/test/resources/testrealm.json similarity index 100% rename from testsuite/integration/src/test/resources/testrealm.json rename to testsuite/integration-deprecated/src/test/resources/testrealm.json diff --git a/testsuite/jetty/jetty81/pom.xml b/testsuite/jetty/jetty81/pom.xml index 41d754930a6..5c6ef1d27c9 100755 --- a/testsuite/jetty/jetty81/pom.xml +++ b/testsuite/jetty/jetty81/pom.xml @@ -21,7 +21,7 @@ keycloak-testsuite-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../pom.xml 4.0.0 @@ -209,12 +209,12 @@ org.keycloak - keycloak-testsuite-integration + keycloak-testsuite-integration-deprecated test org.keycloak - keycloak-testsuite-integration + keycloak-testsuite-integration-deprecated test-jar test diff --git a/testsuite/jetty/jetty91/pom.xml b/testsuite/jetty/jetty91/pom.xml index 6d4fe3e00fe..61dd1924dc3 100755 --- a/testsuite/jetty/jetty91/pom.xml +++ b/testsuite/jetty/jetty91/pom.xml @@ -21,7 +21,7 @@ keycloak-testsuite-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../pom.xml 4.0.0 @@ -209,12 +209,12 @@ org.keycloak - keycloak-testsuite-integration + keycloak-testsuite-integration-deprecated test org.keycloak - keycloak-testsuite-integration + keycloak-testsuite-integration-deprecated test-jar test diff --git a/testsuite/jetty/jetty92/pom.xml b/testsuite/jetty/jetty92/pom.xml index 4886f7fbdee..ae100a187ea 100755 --- a/testsuite/jetty/jetty92/pom.xml +++ b/testsuite/jetty/jetty92/pom.xml @@ -21,7 +21,7 @@ keycloak-testsuite-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../pom.xml 4.0.0 @@ -209,12 +209,12 @@ org.keycloak - keycloak-testsuite-integration + keycloak-testsuite-integration-deprecated test org.keycloak - keycloak-testsuite-integration + keycloak-testsuite-integration-deprecated test-jar test diff --git a/testsuite/jetty/jetty93/pom.xml b/testsuite/jetty/jetty93/pom.xml index ca619eebbb0..00131cf8a99 100644 --- a/testsuite/jetty/jetty93/pom.xml +++ b/testsuite/jetty/jetty93/pom.xml @@ -21,7 +21,7 @@ keycloak-testsuite-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../pom.xml 4.0.0 @@ -209,12 +209,12 @@ org.keycloak - keycloak-testsuite-integration + keycloak-testsuite-integration-deprecated test org.keycloak - keycloak-testsuite-integration + keycloak-testsuite-integration-deprecated test-jar test diff --git a/testsuite/jetty/jetty94/pom.xml b/testsuite/jetty/jetty94/pom.xml index 87fbee5de75..c768e4bfc49 100644 --- a/testsuite/jetty/jetty94/pom.xml +++ b/testsuite/jetty/jetty94/pom.xml @@ -21,7 +21,7 @@ keycloak-testsuite-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../../pom.xml 4.0.0 @@ -209,12 +209,12 @@ org.keycloak - keycloak-testsuite-integration + keycloak-testsuite-integration-deprecated test org.keycloak - keycloak-testsuite-integration + keycloak-testsuite-integration-deprecated test-jar test diff --git a/testsuite/jetty/pom.xml b/testsuite/jetty/pom.xml index ed23e79750f..abe45e1baf6 100755 --- a/testsuite/jetty/pom.xml +++ b/testsuite/jetty/pom.xml @@ -20,7 +20,7 @@ keycloak-testsuite-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml Keycloak SAML Jetty Testsuite Integration diff --git a/testsuite/pom.xml b/testsuite/pom.xml index 0adb3053042..d734b9c0032 100755 --- a/testsuite/pom.xml +++ b/testsuite/pom.xml @@ -21,7 +21,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 @@ -50,7 +50,7 @@ - integration + integration-deprecated tomcat8 integration-arquillian utils diff --git a/testsuite/proxy/pom.xml b/testsuite/proxy/pom.xml index 0d0314f4587..03b4c2cbc5b 100755 --- a/testsuite/proxy/pom.xml +++ b/testsuite/proxy/pom.xml @@ -21,7 +21,7 @@ keycloak-testsuite-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 @@ -200,12 +200,12 @@ org.keycloak - keycloak-testsuite-integration + keycloak-testsuite-integration-deprecated test org.keycloak - keycloak-testsuite-integration + keycloak-testsuite-integration-deprecated test-jar test diff --git a/testsuite/tomcat6/pom.xml b/testsuite/tomcat6/pom.xml index 7500803981f..e955839d3f7 100755 --- a/testsuite/tomcat6/pom.xml +++ b/testsuite/tomcat6/pom.xml @@ -21,7 +21,7 @@ keycloak-testsuite-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 @@ -203,12 +203,12 @@ org.keycloak - keycloak-testsuite-integration + keycloak-testsuite-integration-deprecated test org.keycloak - keycloak-testsuite-integration + keycloak-testsuite-integration-deprecated test-jar test diff --git a/testsuite/tomcat7/pom.xml b/testsuite/tomcat7/pom.xml index 2109bac880a..0e0b623eb90 100755 --- a/testsuite/tomcat7/pom.xml +++ b/testsuite/tomcat7/pom.xml @@ -21,7 +21,7 @@ keycloak-testsuite-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 @@ -235,12 +235,12 @@ org.keycloak - keycloak-testsuite-integration + keycloak-testsuite-integration-deprecated test org.keycloak - keycloak-testsuite-integration + keycloak-testsuite-integration-deprecated test-jar test diff --git a/testsuite/tomcat8/pom.xml b/testsuite/tomcat8/pom.xml index 700c4619b8f..f515d1b31a8 100755 --- a/testsuite/tomcat8/pom.xml +++ b/testsuite/tomcat8/pom.xml @@ -21,7 +21,7 @@ keycloak-testsuite-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT ../pom.xml 4.0.0 @@ -207,12 +207,12 @@ org.keycloak - keycloak-testsuite-integration + keycloak-testsuite-integration-deprecated test org.keycloak - keycloak-testsuite-integration + keycloak-testsuite-integration-deprecated test-jar test diff --git a/testsuite/utils/pom.xml b/testsuite/utils/pom.xml index 0bbf0535149..3fd3f5936c1 100755 --- a/testsuite/utils/pom.xml +++ b/testsuite/utils/pom.xml @@ -21,7 +21,7 @@ keycloak-testsuite-pom org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 @@ -33,4 +33,292 @@ 1.8 1.8 + + + + + org.bouncycastle + bcprov-jdk15on + + + org.bouncycastle + bcpkix-jdk15on + + + org.keycloak + keycloak-dependencies-server-all + pom + + + org.keycloak + keycloak-admin-client + + + org.keycloak + keycloak-wildfly-adduser + + + log4j + log4j + compile + + + org.slf4j + slf4j-log4j12 + compile + + + dom4j + dom4j + compile + + + org.jboss.spec.javax.servlet + jboss-servlet-api_3.0_spec + + + org.jboss.spec.javax.ws.rs + jboss-jaxrs-api_2.0_spec + + + org.jboss.spec.javax.transaction + jboss-transaction-api_1.2_spec + + + org.jboss.resteasy + resteasy-jaxrs + + + log4j + log4j + + + org.slf4j + slf4j-api + + + org.slf4j + slf4j-simple + + + + + org.jboss.resteasy + resteasy-client + + + org.jboss.resteasy + resteasy-undertow + + + org.jboss.resteasy + resteasy-multipart-provider + + + org.jboss.resteasy + resteasy-jackson2-provider + + + com.google.zxing + javase + + + org.apache.httpcomponents + httpclient + + + org.keycloak + keycloak-server-spi-private + + + org.keycloak + keycloak-ldap-federation + + + org.keycloak + keycloak-kerberos-federation + + + org.keycloak + keycloak-undertow-adapter + + + org.keycloak + keycloak-saml-adapter-api-public + + + org.keycloak + keycloak-saml-adapter-core + + + org.keycloak + keycloak-authz-client + + + org.keycloak + keycloak-saml-servlet-filter-adapter + + + org.keycloak + keycloak-servlet-filter-adapter + + + org.keycloak + keycloak-saml-undertow-adapter + + + org.keycloak + keycloak-jaxrs-oauth-client + + + org.keycloak + user-storage-properties-example + + + + + org.keycloak.testsuite + integration-arquillian-testsuite-providers + ${project.version} + + + + org.jboss.logging + jboss-logging + + + io.undertow + undertow-servlet + + + io.undertow + undertow-core + + + com.fasterxml.jackson.core + jackson-core + + + com.fasterxml.jackson.core + jackson-databind + + + com.fasterxml.jackson.core + jackson-annotations + + + org.hibernate.javax.persistence + hibernate-jpa-2.1-api + + + com.h2database + h2 + compile + + + org.hibernate + hibernate-entitymanager + + + com.icegreen + greenmail + compile + + + org.slf4j + slf4j-api + + + + + org.infinispan + infinispan-core + + + org.infinispan + infinispan-cachestore-remote + + + xml-apis + xml-apis + compile + + + + + org.keycloak + keycloak-util-embedded-ldap + + + + org.wildfly + wildfly-undertow + compile + + + + mysql + mysql-connector-java + compile + + + org.postgresql + postgresql + ${postgresql.version} + + + org.mariadb.jdbc + mariadb-java-client + ${mariadb.version} + + + + + + + keycloak-server + + + + org.codehaus.mojo + exec-maven-plugin + + org.keycloak.testsuite.KeycloakServer + test + + + + + + + mail-server + + + + org.codehaus.mojo + exec-maven-plugin + + org.keycloak.testsuite.MailServer + test + + + + + + + totp + + + + org.codehaus.mojo + exec-maven-plugin + + org.keycloak.testsuite.TotpGenerator + test + + + + + + diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/KeycloakServer.java b/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java similarity index 99% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/KeycloakServer.java rename to testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java index f9813770646..0ebc0d8f8c2 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/KeycloakServer.java +++ b/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java @@ -165,11 +165,11 @@ public class KeycloakServer { String resources = System.getProperty("resources"); if (resources == null || resources.equals("") || resources.equals("true")) { if (System.getProperties().containsKey("maven.home")) { - resources = System.getProperty("user.dir").replaceFirst("testsuite.integration.*", ""); + resources = System.getProperty("user.dir").replaceFirst("testsuite.utils.*", ""); } else { for (String c : System.getProperty("java.class.path").split(File.pathSeparator)) { - if (c.contains(File.separator + "testsuite" + File.separator + "integration")) { - resources = c.replaceFirst("testsuite.integration.*", ""); + if (c.contains(File.separator + "testsuite" + File.separator + "utils")) { + resources = c.replaceFirst("testsuite.utils.*", ""); } } } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/MailServer.java b/testsuite/utils/src/main/java/org/keycloak/testsuite/MailServer.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/MailServer.java rename to testsuite/utils/src/main/java/org/keycloak/testsuite/MailServer.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/TotpGenerator.java b/testsuite/utils/src/main/java/org/keycloak/testsuite/TotpGenerator.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/TotpGenerator.java rename to testsuite/utils/src/main/java/org/keycloak/testsuite/TotpGenerator.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/AbstractCommand.java b/testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/AbstractCommand.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/AbstractCommand.java rename to testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/AbstractCommand.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/AbstractSessionCacheCommand.java b/testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/AbstractSessionCacheCommand.java similarity index 82% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/AbstractSessionCacheCommand.java rename to testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/AbstractSessionCacheCommand.java index f85a8e3cc57..23760a137f9 100644 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/AbstractSessionCacheCommand.java +++ b/testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/AbstractSessionCacheCommand.java @@ -22,9 +22,12 @@ import org.infinispan.Cache; import org.infinispan.context.Flag; import org.keycloak.common.util.Time; import org.keycloak.connections.infinispan.InfinispanConnectionProvider; +import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; +import org.keycloak.models.UserSessionModel; +import org.keycloak.models.sessions.infinispan.changes.SessionEntityWrapper; import org.keycloak.models.sessions.infinispan.entities.SessionEntity; import org.keycloak.models.sessions.infinispan.entities.UserSessionEntity; import org.keycloak.models.utils.KeycloakModelUtils; @@ -44,8 +47,20 @@ public abstract class AbstractSessionCacheCommand extends AbstractCommand { throw new HandledException(); } - Cache ispnCache = provider.getCache(cacheName); + Cache ispnCache = provider.getCache(cacheName); doRunCacheCommand(session, ispnCache); + + ispnCache.entrySet().stream().skip(0).limit(10).collect(java.util.stream.Collectors.toMap(new java.util.function.Function() { + + public Object apply(Object entry) { + return ((java.util.Map.Entry) entry).getKey(); + } + }, new java.util.function.Function() { + + public Object apply(Object entry) { + return ((java.util.Map.Entry) entry).getValue(); + } + })); } protected void printSession(String id, UserSessionEntity userSession) { @@ -67,7 +82,7 @@ public abstract class AbstractSessionCacheCommand extends AbstractCommand { return getName() + " "; } - protected abstract void doRunCacheCommand(KeycloakSession session, Cache cache); + protected abstract void doRunCacheCommand(KeycloakSession session, Cache cache); // IMPLS @@ -80,7 +95,7 @@ public abstract class AbstractSessionCacheCommand extends AbstractCommand { } @Override - protected void doRunCacheCommand(KeycloakSession session, Cache cache) { + protected void doRunCacheCommand(KeycloakSession session, Cache cache) { UserSessionEntity userSession = new UserSessionEntity(); String id = getArg(1); @@ -88,7 +103,7 @@ public abstract class AbstractSessionCacheCommand extends AbstractCommand { userSession.setRealm(getArg(2)); userSession.setLastSessionRefresh(Time.currentTime()); - cache.put(id, userSession); + cache.put(id, new SessionEntityWrapper(userSession)); } @Override @@ -106,9 +121,9 @@ public abstract class AbstractSessionCacheCommand extends AbstractCommand { } @Override - protected void doRunCacheCommand(KeycloakSession session, Cache cache) { + protected void doRunCacheCommand(KeycloakSession session, Cache cache) { String id = getArg(1); - UserSessionEntity userSession = (UserSessionEntity) cache.get(id); + UserSessionEntity userSession = (UserSessionEntity) cache.get(id).getEntity(); printSession(id, userSession); } @@ -127,13 +142,13 @@ public abstract class AbstractSessionCacheCommand extends AbstractCommand { } @Override - protected void doRunCacheCommand(KeycloakSession session, Cache cache) { + protected void doRunCacheCommand(KeycloakSession session, Cache cache) { String id = getArg(1); int count = getIntArg(2); long start = System.currentTimeMillis(); for (int i=0 ; i cache) { + protected void doRunCacheCommand(KeycloakSession session, Cache cache) { String id = getArg(1); cache.remove(id); } @@ -175,7 +190,7 @@ public abstract class AbstractSessionCacheCommand extends AbstractCommand { } @Override - protected void doRunCacheCommand(KeycloakSession session, Cache cache) { + protected void doRunCacheCommand(KeycloakSession session, Cache cache) { cache.clear(); } } @@ -189,7 +204,7 @@ public abstract class AbstractSessionCacheCommand extends AbstractCommand { } @Override - protected void doRunCacheCommand(KeycloakSession session, Cache cache) { + protected void doRunCacheCommand(KeycloakSession session, Cache cache) { log.info("Size: " + cache.size()); } } @@ -203,13 +218,13 @@ public abstract class AbstractSessionCacheCommand extends AbstractCommand { } @Override - protected void doRunCacheCommand(KeycloakSession session, Cache cache) { + protected void doRunCacheCommand(KeycloakSession session, Cache cache) { for (String id : cache.keySet()) { - SessionEntity entity = cache.get(id); + SessionEntity entity = cache.get(id).getEntity(); if (!(entity instanceof UserSessionEntity)) { continue; } - UserSessionEntity userSession = (UserSessionEntity) cache.get(id); + UserSessionEntity userSession = (UserSessionEntity) cache.get(id).getEntity(); log.info("list: key=" + id + ", value=" + toString(userSession)); } } @@ -225,10 +240,10 @@ public abstract class AbstractSessionCacheCommand extends AbstractCommand { @Override - protected void doRunCacheCommand(KeycloakSession session, Cache cache) { + protected void doRunCacheCommand(KeycloakSession session, Cache cache) { String id = getArg(1); cache = ((AdvancedCache) cache).withFlags(Flag.CACHE_MODE_LOCAL); - UserSessionEntity userSession = (UserSessionEntity) cache.get(id); + UserSessionEntity userSession = (UserSessionEntity) cache.get(id).getEntity(); printSession(id, userSession); } @@ -247,7 +262,7 @@ public abstract class AbstractSessionCacheCommand extends AbstractCommand { } @Override - protected void doRunCacheCommand(KeycloakSession session, Cache cache) { + protected void doRunCacheCommand(KeycloakSession session, Cache cache) { log.info("Size local: " + cache.getAdvancedCache().withFlags(Flag.CACHE_MODE_LOCAL).size()); } } @@ -261,7 +276,7 @@ public abstract class AbstractSessionCacheCommand extends AbstractCommand { } @Override - protected void doRunCacheCommand(KeycloakSession session, Cache cache) { + protected void doRunCacheCommand(KeycloakSession session, Cache cache) { String realmName = getArg(1); int count = getIntArg(2); int batchCount = getIntArg(3); @@ -275,7 +290,7 @@ public abstract class AbstractSessionCacheCommand extends AbstractCommand { userSession.setRealm(realmName); userSession.setLastSessionRefresh(Time.currentTime()); - cache.put(id, userSession); + cache.put(id, new SessionEntityWrapper(userSession)); } log.infof("Created '%d' sessions started from offset '%d'", countInIteration, firstInIteration); @@ -301,18 +316,22 @@ public abstract class AbstractSessionCacheCommand extends AbstractCommand { } @Override - protected void doRunCacheCommand(KeycloakSession session, Cache cache) { + protected void doRunCacheCommand(KeycloakSession session, Cache cache) { String realmName = getArg(1); - String username = getArg(2); - int count = getIntArg(3); - int batchCount = getIntArg(4); + String clientId = getArg(2); + String username = getArg(3); + int count = getIntArg(4); + int batchCount = getIntArg(5); BatchTaskRunner.runInBatches(0, count, batchCount, session.getKeycloakSessionFactory(), (KeycloakSession batchSession, int firstInIteration, int countInIteration) -> { RealmModel realm = batchSession.realms().getRealmByName(realmName); + ClientModel client = realm.getClientByClientId(clientId); UserModel user = batchSession.users().getUserByUsername(username, realm); for (int i=0 ; i "; + return getName() + " "; } } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/BatchTaskRunner.java b/testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/BatchTaskRunner.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/BatchTaskRunner.java rename to testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/BatchTaskRunner.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/CacheCommands.java b/testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/CacheCommands.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/CacheCommands.java rename to testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/CacheCommands.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/ClusterProviderTaskCommand.java b/testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/ClusterProviderTaskCommand.java similarity index 92% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/ClusterProviderTaskCommand.java rename to testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/ClusterProviderTaskCommand.java index f1e09677cfa..1b29be61407 100644 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/ClusterProviderTaskCommand.java +++ b/testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/ClusterProviderTaskCommand.java @@ -17,14 +17,13 @@ package org.keycloak.testsuite.util.cli; -import java.util.concurrent.ExecutorService; -import java.util.concurrent.Executors; -import java.util.concurrent.Future; - import org.keycloak.cluster.ClusterProvider; import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.models.KeycloakSession; -import org.keycloak.testsuite.federation.sync.SyncDummyUserFederationProviderFactory; + +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; +import java.util.concurrent.Future; /** * @author Marek Posolda @@ -60,7 +59,7 @@ public class ClusterProviderTaskCommand extends AbstractCommand { } private void updateConfig(MultivaluedHashMap cfg, int waitTime) { - cfg.putSingle(SyncDummyUserFederationProviderFactory.WAIT_TIME, String.valueOf(waitTime)); + cfg.putSingle("wait-time", String.valueOf(waitTime)); } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/LoadPersistentSessionsCommand.java b/testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/LoadPersistentSessionsCommand.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/LoadPersistentSessionsCommand.java rename to testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/LoadPersistentSessionsCommand.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/PersistSessionsCommand.java b/testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/PersistSessionsCommand.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/PersistSessionsCommand.java rename to testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/PersistSessionsCommand.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/RoleCommands.java b/testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/RoleCommands.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/RoleCommands.java rename to testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/RoleCommands.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/SyncDummyFederationProviderCommand.java b/testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/SyncDummyFederationProviderCommand.java similarity index 91% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/SyncDummyFederationProviderCommand.java rename to testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/SyncDummyFederationProviderCommand.java index fe53b82c696..f8949167203 100644 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/SyncDummyFederationProviderCommand.java +++ b/testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/SyncDummyFederationProviderCommand.java @@ -23,7 +23,6 @@ import org.keycloak.models.RealmModel; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.services.managers.UserStorageSyncManager; import org.keycloak.storage.UserStorageProviderModel; -import org.keycloak.testsuite.federation.sync.SyncDummyUserFederationProviderFactory; /** * @author Marek Posolda @@ -42,7 +41,7 @@ public class SyncDummyFederationProviderCommand extends AbstractCommand { updateConfig(cfg, waitTime); UserStorageProviderModel model = new UserStorageProviderModel(); - model.setProviderId(SyncDummyUserFederationProviderFactory.SYNC_PROVIDER_ID); + model.setProviderId("sync-dummy"); model.setPriority(1); model.setName("cluster-dummy"); model.setFullSyncPeriod(-1); @@ -62,7 +61,7 @@ public class SyncDummyFederationProviderCommand extends AbstractCommand { } private void updateConfig(MultivaluedHashMap cfg, int waitTime) { - cfg.putSingle(SyncDummyUserFederationProviderFactory.WAIT_TIME, String.valueOf(waitTime)); + cfg.putSingle("wait-time", String.valueOf(waitTime)); } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/TestCacheUtils.java b/testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/TestCacheUtils.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/TestCacheUtils.java rename to testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/TestCacheUtils.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/TestsuiteCLI.java b/testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/TestsuiteCLI.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/TestsuiteCLI.java rename to testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/TestsuiteCLI.java diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/UserCommands.java b/testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/UserCommands.java similarity index 100% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/util/cli/UserCommands.java rename to testsuite/utils/src/main/java/org/keycloak/testsuite/util/cli/UserCommands.java diff --git a/testsuite/integration/src/test/resources/META-INF/keycloak-server.json b/testsuite/utils/src/main/resources/META-INF/keycloak-server.json similarity index 100% rename from testsuite/integration/src/test/resources/META-INF/keycloak-server.json rename to testsuite/utils/src/main/resources/META-INF/keycloak-server.json diff --git a/testsuite/integration/src/test/resources/log4j.properties b/testsuite/utils/src/main/resources/log4j.properties similarity index 100% rename from testsuite/integration/src/test/resources/log4j.properties rename to testsuite/utils/src/main/resources/log4j.properties diff --git a/themes/pom.xml b/themes/pom.xml index 42742626c30..a0a56706002 100755 --- a/themes/pom.xml +++ b/themes/pom.xml @@ -4,7 +4,7 @@ keycloak-parent org.keycloak - 3.3.0.CR1-SNAPSHOT + 3.4.0.CR1-SNAPSHOT 4.0.0 @@ -53,6 +53,7 @@ + diff --git a/themes/src/main/resources-community/theme/base/account/messages/messages_nl.properties b/themes/src/main/resources-community/theme/base/account/messages/messages_nl.properties new file mode 100644 index 00000000000..f0882fbc01a --- /dev/null +++ b/themes/src/main/resources-community/theme/base/account/messages/messages_nl.properties @@ -0,0 +1,133 @@ +doSave=Opslaan +doCancel=Annuleer +doLogOutAllSessions=Alle sessies uitloggen +doRemove=Verwijder +doAdd=Voeg toe +doSignOut=Afmelden +editAccountHtmlTitle=Bewerk account +federatedIdentitiesHtmlTitle=Federated Identities +accountLogHtmlTitle=Account log +changePasswordHtmlTitle=Verander wachtwoord +sessionsHtmlTitle=Sessies +accountManagementTitle=Keycloak Accountbeheer +authenticatorTitle=Authenticator +applicationsHtmlTitle=Toepassingen +authenticatorCode=Eenmalige code +email=E-mailadres +firstName=Voornaam +givenName=Voornaam +fullName=Volledige naam +lastName=Achternaam +familyName=Achternaam +password=Wachtwoord +passwordConfirm=Bevestiging +passwordNew=Nieuw Wachtwoord +username=Gebruikersnaam +address=Adres +street=Straat +locality=Stad of plaats +region=Staat, provincie of regio +postal_code=Postcode +country=Land +emailVerified=E-mailadres geverifieerd +gssDelegationCredential=GSS gedelegeerde aanmeldgegevens +role_admin=Beheer +role_realm-admin=Realmbeheer +role_create-realm=Creëer realm +role_view-realm=Bekijk realm +role_view-users=Bekijk gebruikers +role_view-applications=Bekijk toepassingen +role_view-clients=Bekijk clients +role_view-events=Bekijk gebeurtenissen +role_view-identity-providers=Bekijk identity providers +role_manage-realm=Beheer realm +role_manage-users=Beheer gebruikers +role_manage-applications=Beheer toepassingen +role_manage-identity-providers=Beheer identity providers +role_manage-clients=Beheer clients +role_manage-events=Beheer gebeurtenissen +role_view-profile=Bekijk profiel +role_manage-account=Beheer account +role_manage-account-links=Beheer accountkoppelingen +role_read-token=Lees token +role_offline-access=Offline toegang +role_uma_authorization=Verkrijg UMA rechten +client_account=Account +client_security-admin-console=Console Veligheidsbeheer +client_admin-cli=Beheer CLI +client_realm-management=Realmbeheer +client_broker=Broker +requiredFields=Verplichte velden +allFieldsRequired=Alle velden verplicht +backToApplication=« Terug naar toepassing +backTo=Terug naar {0} +date=Datum +event=Gebeurtenis +ip=IP +client=Client +clients=Clients +details=Details +started=Gestart +lastAccess=Laatste toegang +expires=Vervalt +applications=Toepassingen +account=Account +federatedIdentity=Federated Identity +authenticator=Authenticator +sessions=Sessies +log=Log +application=Toepassing +availablePermissions=Beschikbare rechten +grantedPermissions=Gegunde rechten +grantedPersonalInfo=Gegunde Persoonsgegevens +additionalGrants=Verdere vergunningen +action=Actie +inResource=in +fullAccess=Volledige toegang +offlineToken=Offline Token +revoke=Vergunning intrekken +configureAuthenticators=Ingestelde authenticators +mobile=Mobiel nummer +totpStep1=Installeer FreeOTP of Google Authenticator op uw apparaat. Beide toepassingen zijn beschikbaar in Google Play en de Apple App Store. +totpStep2=Open de toepassing en scan de QR-code of voer de sleutel in. +totpStep3=Voer de door de toepassing gegeven eenmalige code in en klik op Opslaan om de configuratie af te ronden. +missingUsernameMessage=Gebruikersnaam ontbreekt. +missingFirstNameMessage=Voornaam onbreekt. +invalidEmailMessage=Ongeldig e-mailadres. +missingLastNameMessage=Achternaam ontbreekt. +missingEmailMessage=E-mailadres ontbreekt. +missingPasswordMessage=Wachtwoord ontbreekt. +notMatchPasswordMessage=Wachtwoorden komen niet overeen. +missingTotpMessage=Authenticatiecode ontbreekt. +invalidPasswordExistingMessage=Ongeldig bestaand wachtwoord. +invalidPasswordConfirmMessage=Wachtwoordbevestiging komt niet overeen. +invalidTotpMessage=Ongeldige authenticatiecode. +emailExistsMessage=E-mailadres bestaat reeds. +readOnlyUserMessage=U kunt uw account niet bijwerken aangezien het account alleen-lezen is. +readOnlyPasswordMessage=U kunt uw wachtwoord niet wijzigen omdat uw account alleen-lezen is. +successTotpMessage=Mobiele authenticator geconfigureerd. +successTotpRemovedMessage=Mobiele authenticator verwijderd. +successGrantRevokedMessage=Vergunning succesvol ingetrokken +accountUpdatedMessage=Uw account is gewijzigd. +accountPasswordUpdatedMessage=Uw wachtwoord is gewijzigd. +missingIdentityProviderMessage=Geen identity provider aangegeven. +invalidFederatedIdentityActionMessage=Ongeldige of ontbrekende actie op federated identity. +identityProviderNotFoundMessage=Gespecificeerde identity provider niet gevonden. +federatedIdentityLinkNotActiveMessage=Deze federated identity is niet langer geldig. +federatedIdentityRemovingLastProviderMessage=U kunt de laatste federated identity provider niet verwijderen aangezien u dan niet langer zou kunnen inloggen. +identityProviderRedirectErrorMessage=Kon niet herverwijzen naar identity provider. +identityProviderRemovedMessage=Identity provider met succes verwijderd. +identityProviderAlreadyLinkedMessage=Door {0} teruggegeven federated identity is al gekoppeld aan een andere gebruiker. +staleCodeAccountMessage=De pagina is verlopen. Probeer het nogmaals. +consentDenied=Toestemming geweigerd +accountDisabledMessage=Account is gedeactiveerd. Contacteer de beheerder. +accountTemporarilyDisabledMessage=Account is tijdelijk deactiveerd, neem contact op met de beheerder of probeer het later opnieuw. +invalidPasswordMinLengthMessage=Ongeldig wachtwoord: de minimale lengte is {0} karakters. +invalidPasswordMinLowerCaseCharsMessage=Ongeldig wachtwoord: het moet minstens {0} kleine letters bevatten. +invalidPasswordMinDigitsMessage=Ongeldig wachtwoord: het moet minstens {0} getallen bevatten. +invalidPasswordMinUpperCaseCharsMessage=Ongeldig wachtwoord: het moet minstens {0} hoofdletters bevatten. +invalidPasswordMinSpecialCharsMessage=Ongeldig wachtwoord: het moet minstens {0} speciale karakters bevatten. +invalidPasswordNotUsernameMessage=Ongeldig wachtwoord: het mag niet overeenkomen met de gebruikersnaam. +invalidPasswordRegexPatternMessage=Ongeldig wachtwoord: het voldoet niet aan het door de beheerder ingestelde patroon. +invalidPasswordHistoryMessage=Ongeldig wachtwoord: het mag niet overeen komen met een van de laatste {0} wachtwoorden. +invalidPasswordGenericMessage=Ongeldig wachtwoord: het nieuwe wachtwoord voldoet niet aan het wachtwoordbeleid. diff --git a/themes/src/main/resources-community/theme/base/account/messages/messages_no.properties b/themes/src/main/resources-community/theme/base/account/messages/messages_no.properties index 948ff6c8a9b..2147735d541 100644 --- a/themes/src/main/resources-community/theme/base/account/messages/messages_no.properties +++ b/themes/src/main/resources-community/theme/base/account/messages/messages_no.properties @@ -159,6 +159,7 @@ locale_fr=Fran\u00e7ais locale_it=Italian locale_ja=\u65E5\u672C\u8A9E locale_no=Norsk +locale_nl=Nederlands locale_pt-BR=Portugu\u00EAs (Brasil) locale_ru=\u0420\u0443\u0441\u0441\u043A\u0438\u0439 locale_zh-CN=\u4e2d\u6587\u7b80\u4f53 diff --git a/themes/src/main/resources-community/theme/base/account/theme.properties b/themes/src/main/resources-community/theme/base/account/theme.properties index 6b2b6e8fac0..f1aeaf53019 100644 --- a/themes/src/main/resources-community/theme/base/account/theme.properties +++ b/themes/src/main/resources-community/theme/base/account/theme.properties @@ -1 +1 @@ -locales=ca,de,en,es,fr,it,ja,lt,no,pt-BR,ru,sv \ No newline at end of file +locales=ca,de,en,es,fr,it,ja,lt,no,nl,pt-BR,ru,sv diff --git a/themes/src/main/resources-community/theme/base/admin/messages/admin-messages_nl.properties b/themes/src/main/resources-community/theme/base/admin/messages/admin-messages_nl.properties new file mode 100644 index 00000000000..e69de29bb2d diff --git a/themes/src/main/resources-community/theme/base/admin/messages/messages_nl.properties b/themes/src/main/resources-community/theme/base/admin/messages/messages_nl.properties new file mode 100644 index 00000000000..4a04a5249d3 --- /dev/null +++ b/themes/src/main/resources-community/theme/base/admin/messages/messages_nl.properties @@ -0,0 +1,27 @@ +invalidPasswordMinLengthMessage=Ongeldig wachtwoord: de minimale lengte is {0} karakters. +invalidPasswordMinLowerCaseCharsMessage=Ongeldig wachtwoord: het moet minstens {0} kleine letters bevatten. +invalidPasswordMinDigitsMessage=Ongeldig wachtwoord: het moet minstens {0} getallen bevatten. +invalidPasswordMinUpperCaseCharsMessage=Ongeldig wachtwoord: het moet minstens {0} hoofdletters bevatten. +invalidPasswordMinSpecialCharsMessage=Ongeldig wachtwoord: het moet minstens {0} speciale karakters bevatten. +invalidPasswordNotUsernameMessage=Ongeldig wachtwoord: het mag niet overeenkomen met de gebruikersnaam. +invalidPasswordRegexPatternMessage=Ongeldig wachtwoord: het voldoet niet aan het door de beheerder ingestelde patroon. +invalidPasswordHistoryMessage=Ongeldig wachtwoord: het mag niet overeen komen met een van de laatste {0} wachtwoorden. +invalidPasswordGenericMessage=Ongeldig wachtwoord: het nieuwe wachtwoord voldoet niet aan het wachtwoordbeleid. + +ldapErrorInvalidCustomFilter=LDAP filter met aangepaste configuratie start niet met "(" of eindigt niet met ")". +ldapErrorConnectionTimeoutNotNumber=Verbindingstimeout moet een getal zijn +ldapErrorReadTimeoutNotNumber=Lees-timeout moet een getal zijn +ldapErrorMissingClientId=Client ID moet ingesteld zijn als Realm Roles Mapping niet gebruikt wordt. +ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType=Kan groepsovererving niet behouden bij UID-lidmaatschapstype. +ldapErrorCantWriteOnlyForReadOnlyLdap=Alleen-schrijven niet mogelijk als LDAP provider mode niet WRITABLE is +ldapErrorCantWriteOnlyAndReadOnly=Alleen-schrijven en alleen-lezen mogen niet tegelijk ingesteld zijn + +clientRedirectURIsFragmentError=Redirect URIs mogen geen URI fragment bevatten +clientRootURLFragmentError=Root URL mag geen URL fragment bevatten + +pairwiseMalformedClientRedirectURI=Client heeft een ongeldige redirect URI. +pairwiseClientRedirectURIsMissingHost=Client redirect URIs moeten een geldige host-component bevatten. +pairwiseClientRedirectURIsMultipleHosts=Zonder een geconfigureerde Sector Identifier URI mogen client redirect URIs niet meerdere host componenten hebben. +pairwiseMalformedSectorIdentifierURI=Onjuist notatie in Sector Identifier URI. +pairwiseFailedToGetRedirectURIs=Kon geen redirect URIs verkrijgen van de Sector Identifier URI. +pairwiseRedirectURIsMismatch=Client redirect URIs komen niet overeen met redict URIs ontvangen van de Sector Identifier URI. diff --git a/themes/src/main/resources-community/theme/base/admin/theme.properties b/themes/src/main/resources-community/theme/base/admin/theme.properties index 4bd8da4d737..36d3234157e 100644 --- a/themes/src/main/resources-community/theme/base/admin/theme.properties +++ b/themes/src/main/resources-community/theme/base/admin/theme.properties @@ -1,2 +1,2 @@ import=common/keycloak -locales=ca,en,es,fr,it,ja,lt,no,pt-BR,ru,zh-CN \ No newline at end of file +locales=ca,en,es,fr,it,ja,lt,nl,no,pt-BR,ru,zh-CN diff --git a/themes/src/main/resources-community/theme/base/email/messages/messages_nl.properties b/themes/src/main/resources-community/theme/base/email/messages/messages_nl.properties new file mode 100644 index 00000000000..af84d6df9f0 --- /dev/null +++ b/themes/src/main/resources-community/theme/base/email/messages/messages_nl.properties @@ -0,0 +1,27 @@ +emailVerificationSubject=Bevestig e-mailadres +emailVerificationBody=Iemand heeft een {2} account aangemaakt met dit e-mailadres. Als u dit was, klikt u op de onderstaande koppeling om uw e-mailadres te bevestigen \n\n{0}\n\nDeze koppeling zal binnen {1} minuten vervallen.\n\nU kunt dit bericht negeren indien u dit account niet heeft aangemaakt. +emailVerificationBodyHtml=

    Iemand heeft een {2} account aangemaakt met dit e-mailadres. Als u dit was, klikt u op de onderstaande koppeling om uw e-mailadres te bevestigen

    Koppeling naar e-mailadres bevestiging

    Deze koppeling zal binnen {1} minuten vervallen.U kunt dit bericht negeren indien u dit account niet heeft aangemaakt.

    +emailTestSubject=[KEYCLOAK] - SMTP testbericht +emailTestBody=Dit is een testbericht +emailTestBodyHtml=

    Dit is een testbericht

    +identityProviderLinkSubject=Koppel {0} +identityProviderLinkBody=Iemand wil uw "{1}" account koppelen met "{0}" account van gebruiker {2}. Als u dit was, klik dan op de onderstaande link om de accounts te koppelen\n\n{3}\n\nDeze link zal over {4} minuten vervallen.\n\nAls u de accounts niet wilt koppelen, negeer dan dit bericht. Als u accounts koppelt, dan kunt u bij {1} inloggen via {0}. +identityProviderLinkBodyHtml=

    Iemand wil uw "{1}" account koppelen met "{0}" account van gebruiker {2}. Als u dit was, klik dan op de onderstaande link om de accounts te koppelen

    Link om accounts te koppelen

    Deze link zal over {4} minuten vervallen.

    Als u de accounts niet wilt koppelen, negeer dan dit bericht. Als u accounts koppelt, dan kunt u bij {1} inloggen via {0}.

    +passwordResetSubject=Wijzig wachtwoord +passwordResetBody=Iemand verzocht de aanmeldgegevens van uw {2} account te wijzigen. Als u dit was, klik dan op de onderstaande koppeling om ze te wijzigen.\n\n{0}\n\nDe link en de code zullen binnen {1} minuten vervallen.\n\nAls u uw aanmeldgegevens niet wilt wijzigen, negeer dan dit bericht en er zal niets gewijzigd worden. +passwordResetBodyHtml=

    Iemand verzocht de aanmeldgegevens van uw {2} account te wijzigen. Als u dit was, klik dan op de onderstaande koppeling om ze te wijzigen.

    Wijzig aanmeldgegevens

    De link en de code zullen binnen {1} minuten vervallen.

    Als u uw aanmeldgegevens niet wilt wijzigen, negeer dan dit bericht en er zal niets gewijzigd worden.

    +executeActionsSubject=Wijzig uw account +executeActionsBody=Uw beheerder heeft u verzocht uw {2} account te wijzigen. Klik op de onderstaande koppeling om dit proces te starten. \n\n{0}\n\nDeze link zal over {1} minuten vervallen. \n\nAls u niet over dit verzoek op de hoogte was, negeer dan dit bericht om uw account ongewijzigd te laten. +executeActionsBodyHtml=

    Uw beheerder heeft u verzocht uw {2} account te wijzigen. Klik op de onderstaande koppeling om dit proces te starten.

    Link naar account wijziging

    Deze link zal over {1} minuten vervallen.

    Als u niet over dit verzoek op de hoogte was, negeer dan dit bericht om uw account ongewijzigd te laten.

    +eventLoginErrorSubject=Inlogfout +eventLoginErrorBody=Er is een foutieve inlogpoging gedetecteerd op uw account om {0} vanuit {1}. Als u dit niet was, neem dan contact op met de beheerder. +eventLoginErrorBodyHtml=

    Er is een foutieve inlogpoging gedetecteerd op uw account om {0} vanuit {1}. Als u dit niet was, neem dan contact op met de beheerder.

    +eventRemoveTotpSubject=TOTP verwijderd +eventRemoveTotpBody=TOTP is verwijderd van uw account om {0} vanuit {1}. Als u dit niet was, neem dan contact op met uw beheerder. +eventRemoveTotpBodyHtml=

    TOTP is verwijderd van uw account om {0} vanuit {1}. Als u dit niet was, neem dan contact op met uw beheerder.

    +eventUpdatePasswordSubject=Wachtwoord gewijzigd +eventUpdatePasswordBody=Uw wachtwoord is gewijzigd om {0} door {1}. Als u dit niet was, neem dan contact op met uw beheerder. +eventUpdatePasswordBodyHtml=

    Uw wachtwoord is gewijzigd om {0} door {1}. Als u dit niet was, neem dan contact op met uw beheerder.

    +eventUpdateTotpSubject=TOTP gewijzigd +eventUpdateTotpBody=TOTP is gewijzigd voor uw account om {0} door {1}. Als u dit niet was, neem dan contact op met uw beheerder. +eventUpdateTotpBodyHtml=

    TOTP is gewijzigd voor uw account om {0} door {1}. Als u dit niet was, neem dan contact op met uw beheerder.

    diff --git a/themes/src/main/resources-community/theme/base/email/theme.properties b/themes/src/main/resources-community/theme/base/email/theme.properties index 6b2b6e8fac0..b970c5e8f4e 100644 --- a/themes/src/main/resources-community/theme/base/email/theme.properties +++ b/themes/src/main/resources-community/theme/base/email/theme.properties @@ -1 +1 @@ -locales=ca,de,en,es,fr,it,ja,lt,no,pt-BR,ru,sv \ No newline at end of file +locales=ca,de,en,es,fr,it,ja,lt,nl,no,pt-BR,ru,sv diff --git a/themes/src/main/resources-community/theme/base/login/messages/messages_nl.properties b/themes/src/main/resources-community/theme/base/login/messages/messages_nl.properties new file mode 100644 index 00000000000..13af95a91ec --- /dev/null +++ b/themes/src/main/resources-community/theme/base/login/messages/messages_nl.properties @@ -0,0 +1,224 @@ +doLogIn=Inloggen +doRegister=Registeer +doCancel=Annuleer +doSubmit=Verzenden +doYes=Ja +doNo=Nee +doContinue=Doorgaan +doAccept=Accepteren +doDecline=Afwijzen +doForgotPassword=Wachtwoord vergeten? +doClickHere=Klik hier +doImpersonate=Identiteit overnemen +kerberosNotConfigured=Kerberos is niet geconfigureerd +kerberosNotConfiguredTitle=Kerberos is niet geconfigureerd +bypassKerberosDetail=U bent niet ingelogd via Kerberos of uw browser kan niet met Kerberos inloggen. Klik op 'doorgaan' om via een andere manier in te loggen +kerberosNotSetUp=Kerberos is onjuist geconfigureerd. U kunt niet inloggen. +registerWithTitle=Registeer met {0} +registerWithTitleHtml={0} +loginTitle=Inloggen bij {0} +loginTitleHtml={0} +impersonateTitle={0} Identiteit overnemen +impersonateTitleHtml={0} Identiteit overnemen +realmChoice=Realm +unknownUser=Onbekende gebruiker +loginTotpTitle=Mobile Authenticator Setup +loginProfileTitle=Update accountinformatie +loginTimeout=U bent te lang bezig geweest met inloggen. Het inlogproces begint overnieuw. +oauthGrantTitle=Verleen Toegang +oauthGrantTitleHtml={0} +errorTitle=Er is een fout opgetreden... +errorTitleHtml=Er is een fout opgetreden... +emailVerifyTitle=E-mailadres-verificatie +emailForgotTitle=Wachtwoord vergeten? +updatePasswordTitle=Wachtwoord updaten +codeSuccessTitle=Succescode +codeErrorTitle=Foutcode: {0} + +termsTitle=Voorwaarden +termsTitleHtml=Voorwaarden +termsText=

    Gedefinieerde voorwaarden

    +recaptchaFailed=Ongeldige Recaptcha +recaptchaNotConfigured=Recaptcha is verplicht, maar niet geconfigureerd +consentDenied=Toestemming geweigerd. + +noAccount=Nieuwe gebruiker? +username=Gebruikersnaam +usernameOrEmail=Gebruikersnaam of e-mailadres +firstName=Voornaam +givenName=Voornaam +lastName=Achternaam +familyName=Familienaam +email=E-mailadres +password=Wachtwoord +passwordConfirm=Bevestig wachtwoord +passwordNew=Nieuw wachtwoord +passwordNewConfirm=Bevestiging nieuwe wachtwoord +rememberMe=Ingelogd blijven +authenticatorCode=Authenticatiecode +address=Adres +postal_code=Postcode +country=Land +emailVerified=E-mailadres geverifieerd +gssDelegationCredential=GSS delegatie Credential +loginTotpStep1=Installeer FreeOTP of Google Authenticator op uw mobiele telefoon. Beide applicaties zijn beschikbaar in de Google Play en Apple App Store. +loginTotpStep2=Open de applicatie en scan de barcode of voer de sleutel in +loginTotpStep3=Voer de eenmalige code die door de applicatie is aangeleverd in en klik op 'Verzenden' om de setup te voltooien +loginTotpOneTime=Eenmalige code + +oauthGrantRequest=Wilt u deze toegangsrechten verlenen? +inResource=in + +emailVerifyInstruction1=Een e-mail met instructies om uw e-mailadres te verifiëren is zojuist verzonden. +emailVerifyInstruction2=Heeft u geen verificatiecode ontvangen in uw e-mail? +emailVerifyInstruction3=om opnieuw een e-mail te versturen. + +emailLinkIdpTitle=Link {0} +emailLinkIdp1=Er is een e-mail met instructies verzonden om {0} account {1} te koppelen met uw {2} account. +emailLinkIdp2=Heeft u geen verificatiecode in uw e-mail ontvangen? +emailLinkIdp3=om opnieuw een e-mail te versturen. + +backToLogin=« Terug naar Inloggen + +emailInstruction=Voer uw gebruikersnaam of e-mailadres in en wij sturen u een e-mailbericht met instructies voor het aanmaken van een nieuw wachtwoord. + +copyCodeInstruction=Kopieer deze code en plak deze in uw applicatie: + +personalInfo=Persoonlijke informatie: +role_realm-admin=Realm beheren +role_create-realm=Realm aanmaken +role_create-client=Client aanmaken +role_view-realm=Bekijk realm +role_view-users=Bekijk gebruikers +role_view-clients=Bekijk clients +role_view-events=Bekijk gebeurtenissen +role_view-identity-providers=Bekijk identity providers +role_manage-realm=Beheer realm +role_manage-users=Gebruikers beheren +role_manage-identity-providers=Beheer identity providers +role_manage-clients=Beheer clients +role_manage-events=Beheer gebeurtenissen +role_view-profile=Profiel bekijken +role_read-token=Token lezen +role_offline-access=Offline toegang +client_account=Account +client_security-admin-console=Security Admin Console +client_admin-cli=Admin CLI +client_broker=Broker +invalidUserMessage=Ongeldige gebruikersnaam of wachtwoord. +invalidEmailMessage=Ongeldig e-mailadres. +accountDisabledMessage=Account is uitgeschakeld, neem contact op met beheer. +accountTemporarilyDisabledMessage=Account is tijdelijk uitgeschakeld, neem contact op met beheer of probeer het later opnieuw. +expiredCodeMessage=Logintijd verlopen. Gelieve opnieuw in te loggen. + +missingFirstNameMessage=Voer uw voornaam in. +missingLastNameMessage=Voer uw achternaam in. +missingEmailMessage=Voer uw e-mailadres in. +missingUsernameMessage=Voer uw gebruikersnaam in. +missingPasswordMessage=Voer uw wachtwoord in. +missingTotpMessage=Voer uw authenticatiecode in. +notMatchPasswordMessage=Wachtwoorden komen niet overeen. +invalidPasswordExistingMessage=Ongeldig bestaand wachtwoord. +invalidPasswordConfirmMessage=Wachtwoord komt niet overeen met wachtwoordbevestiging. +invalidTotpMessage=Ongeldige authenticatiecode. + +usernameExistsMessage=Gebruikersnaam bestaat al. +emailExistsMessage=E-mailadres bestaat al. + +federatedIdentityExistsMessage=Gebruiker met {0} {1} bestaat al. Log in met het beheerdersaccount om het account te koppelen. + +confirmLinkIdpTitle=Account bestaat al +federatedIdentityConfirmLinkMessage=Gebruiker met {0} {1} bestaat al. Hoe wilt u doorgaan? +federatedIdentityConfirmReauthenticateMessage=Authenticeer als {0} om uw account te koppelen {1} +confirmLinkIdpReviewProfile=Nalopen profiel +confirmLinkIdpContinue=Voeg toe aan bestaande account + +configureTotpMessage=U moet de Mobile Authenticator configuren om uw account te activeren. +updateProfileMessage=U moet uw gebruikersprofiel bijwerken om uw account te activeren. +updatePasswordMessage=U moet uw wachtwoord wijzigen om uw account te activeren. +verifyEmailMessage=U moet uw e-mailadres verifiëren om uw account te activeren. +linkIdpMessage=U moet uw e-mailadres verifiëren om uw account te koppelen aan {0}. + +emailSentMessage=U ontvangt binnenkort een e-mail met verdere instructies. +emailSendErrorMessage=Het versturen van de e-mail is mislukt, probeer het later opnieuw. + +accountUpdatedMessage=Uw account is gewijzigd. +accountPasswordUpdatedMessage=Uw wachtwoord is gewijzigd. + +noAccessMessage=Geen toegang + +invalidPasswordMinLengthMessage=Ongeldig wachtwoord, de minimumlengte is {0} karakters. +invalidPasswordMinDigitsMessage=Ongeldig wachtwoord, deze moet minstens {0} cijfers bevatten. +invalidPasswordMinLowerCaseCharsMessage=Ongeldig wachtwoord, deze moet minstens {0} kleine letters bevatten. +invalidPasswordMinUpperCaseCharsMessage=Ongeldig wachtwoord, deze moet minstens {0} hoofdletters bevatten. +invalidPasswordMinSpecialCharsMessage=Ongeldig wachtwoord, deze moet minstens {0} speciale tekens bevatten. +invalidPasswordNotUsernameMessage=Ongeldig wachtwoord, deze mag niet overeen komen met de gebruikersnaam. +invalidPasswordRegexPatternMessage=Ongeldig wachtwoord, deze komt niet overeen met opgegeven reguliere expressie(s). +invalidPasswordHistoryMessage=Ongeldig wachtwoord, deze mag niet overeen komen met een van de laatste {0} wachtwoorden. + +failedToProcessResponseMessage=Het verwerken van de respons is mislukt +httpsRequiredMessage=HTTPS vereist +realmNotEnabledMessage=Realm niet geactiveerd +invalidRequestMessage=Ongeldige request +failedLogout=Afmelden is mislukt +unknownLoginRequesterMessage=De login requester is onbekend +loginRequesterNotEnabledMessage=De login requester is niet geactiveerd +bearerOnlyMessage=Bearer-only applicaties mogen geen browserlogin initiëren +standardFlowDisabledMessage=Client mag geen browserlogin starten met het opgegeven response_type. Standard flow is uitgeschakeld voor de client. +implicitFlowDisabledMessage=Client mag geen browserlogin starten met opgegeven response_type. Implicit flow is uitgeschakeld voor de klant. +invalidRedirectUriMessage=Ongeldige redirect-URI +unsupportedNameIdFormatMessage=Niet-ondersteunde NameIDFormat +invalidRequesterMessage=Ongeldige requester +registrationNotAllowedMessage=Registratie is niet toegestaan +resetCredentialNotAllowedMessage=Het opnieuw instellen van de aanmeldgegevens is niet toegestaan +permissionNotApprovedMessage=Recht verworpen. +noRelayStateInResponseMessage=Geen relay state in antwoord van de identity provider. +insufficientPermissionMessage=Onvoldoende rechten om identiteiten te koppelen. +couldNotProceedWithAuthenticationRequestMessage=Het authenticatieverzoek naar de identity provider wordt afgebroken. +couldNotObtainTokenMessage=Kon geen token bemachtigen van de identity provider. +unexpectedErrorRetrievingTokenMessage=Onverwachte fout bij het ophalen van de token van de identity provider. +unexpectedErrorHandlingResponseMessage=Onverwachte fout bij het verwerken van de respons van de identity provider. +identityProviderAuthenticationFailedMessage=Verificatie mislukt. Er kon niet worden geauthenticeerd met de identity provider. +identityProviderDifferentUserMessage=U bent geauthenticeerd als {0}, maar u werd verwacht als {1} geauthenticeerd te zijn +couldNotSendAuthenticationRequestMessage=Kan het authenticatieverzoek niet verzenden naar de identity provider. +unexpectedErrorHandlingRequestMessage=Onverwachte fout bij het verwerken van het authenticatieverzoek naar de identity provider. +invalidAccessCodeMessage=Ongeldige toegangscode. +sessionNotActiveMessage=Sessie inactief. +invalidCodeMessage=Er is een fout opgetreden, probeer nogmaals in te loggen. +identityProviderUnexpectedErrorMessage=Onverwachte fout tijdens de authenticatie met de identity provider +identityProviderNotFoundMessage=Geen identity provider gevonden met deze naam. +identityProviderLinkSuccess=Uw account is met succes gekoppeld aan {0} account {1}. +staleCodeMessage=Deze pagina is verlopen. Keer terug naar uw applicatie om opnieuw in te loggen. +realmSupportsNoCredentialsMessage=Realm ondersteunt geen enkel soort aanmeldgegeven. +identityProviderNotUniqueMessage=Realm ondersteunt meerdere identity providers. Er kon niet bepaald worden welke identity provider er gebruikt zou moeten worden tijdens de authenticatie. +emailVerifiedMessage=Uw e-mailadres is geverifieerd. +staleEmailVerificationLink=De link die u gebruikt is verlopen, wellicht omdat u uw e-mailadres al eerder geverifieerd heeft. + +backToApplication=« Terug naar de applicatie +missingParameterMessage=Missende parameters: {0} +clientNotFoundMessage=Client niet gevonden. +clientDisabledMessage=Client is inactief. +invalidParameterMessage=Ongeldige parameter: {0} +alreadyLoggedIn=U bent al ingelogd. + +p3pPolicy=CP="This is not a P3P policy!" +fullName=Volledige naam +street=Straat +locality=Plaats +region=Staat, provincie of regio +emailLinkIdp4=Als u de e-mail al geverifieerd heeft in een andere browser +emailLinkIdp5=om door te gaan. +pageExpiredTitle=Pagina is verlopen +pageExpiredMsg1=Om het inlogproces te herstarten +pageExpiredMsg2=Om het inlogproces te vervolgen +role_admin=Beheerder +role_view-applications=Bekijk applicaties +role_manage-applications=Beheer applicaties +role_manage-account=Beheer account +role_manage-account-links=Beheer account-links +client_realm-management=Realm-beheer +expiredActionMessage=Actie verlopen. Vervolg nu met inloggen. +invalidPasswordGenericMessage=Ongeldig wachtwoord: het nieuwe wachtwoord voldoet niet aan het wachtwoordbeleid. +identityProviderAlreadyLinkedMessage=De door {0} teruggegeven gefedereerde identiteit is al aan een andere gebruiker gekoppeld. +differentUserAuthenticated=U bent in deze sessie al als de gebruiker "{0}" aangemeld. Log eerst uit. +brokerLinkingSessionExpired=Broker account linking aangevraagd, maar de huidige sessie in verlopen. diff --git a/themes/src/main/resources-community/theme/base/login/messages/messages_no.properties b/themes/src/main/resources-community/theme/base/login/messages/messages_no.properties index 1f1a9d903ea..47922cd277c 100644 --- a/themes/src/main/resources-community/theme/base/login/messages/messages_no.properties +++ b/themes/src/main/resources-community/theme/base/login/messages/messages_no.properties @@ -214,6 +214,7 @@ locale_es=Espa\u00F1ol locale_fr=Fran\u00e7ais locale_it=Italian locale_ja=\u65E5\u672C\u8A9E +locale_nl=Nederlands locale_no=Norsk locale_pt_BR=Portugu\u00EAs (Brasil) locale_pt-BR=Portugu\u00EAs (Brasil) diff --git a/themes/src/main/resources-community/theme/base/login/theme.properties b/themes/src/main/resources-community/theme/base/login/theme.properties index 6b2b6e8fac0..f1aeaf53019 100644 --- a/themes/src/main/resources-community/theme/base/login/theme.properties +++ b/themes/src/main/resources-community/theme/base/login/theme.properties @@ -1 +1 @@ -locales=ca,de,en,es,fr,it,ja,lt,no,pt-BR,ru,sv \ No newline at end of file +locales=ca,de,en,es,fr,it,ja,lt,no,nl,pt-BR,ru,sv diff --git a/themes/src/main/resources/theme/base/account/messages/messages_en.properties b/themes/src/main/resources/theme/base/account/messages/messages_en.properties index 47dbda14ba2..c5ce32a39bf 100755 --- a/themes/src/main/resources/theme/base/account/messages/messages_en.properties +++ b/themes/src/main/resources/theme/base/account/messages/messages_en.properties @@ -119,6 +119,7 @@ usernameExistsMessage=Username already exists. emailExistsMessage=Email already exists. readOnlyUserMessage=You can''t update your account as it is read only. +readOnlyUsernameMessage=You can''t update your username as it is read only. readOnlyPasswordMessage=You can''t update your password as your account is read only. successTotpMessage=Mobile authenticator configured. @@ -160,9 +161,10 @@ locale_es=Espa\u00F1ol locale_fr=Fran\u00e7ais locale_it=Italian locale_ja=\u65E5\u672C\u8A9E +locale_nl=Nederlands locale_no=Norsk locale_lt=Lietuvi\u0173 locale_pt-BR=Portugu\u00EAs (Brasil) locale_ru=\u0420\u0443\u0441\u0441\u043A\u0438\u0439 +locale_sv=Svenska locale_zh-CN=\u4e2d\u6587\u7b80\u4f53 -locale_sv=Svenska \ No newline at end of file diff --git a/themes/src/main/resources/theme/base/account/messages/messages_zh_CN.properties b/themes/src/main/resources/theme/base/account/messages/messages_zh_CN.properties index 4691002972b..f2636684348 100644 --- a/themes/src/main/resources/theme/base/account/messages/messages_zh_CN.properties +++ b/themes/src/main/resources/theme/base/account/messages/messages_zh_CN.properties @@ -157,6 +157,7 @@ locale_es=Español locale_fr=Français locale_it=Italian locale_ja=日本語 +locale_nl=Nederlands locale_no=Norsk locale_lt=Lietuvių locale_pt-BR=Português (Brasil) diff --git a/themes/src/main/resources/theme/base/account/theme.properties b/themes/src/main/resources/theme/base/account/theme.properties index b9c39909573..d7c6edfc4d4 100644 --- a/themes/src/main/resources/theme/base/account/theme.properties +++ b/themes/src/main/resources/theme/base/account/theme.properties @@ -1 +1 @@ -locales=ca,de,en,es,fr,it,ja,lt,no,pt-BR,ru,zh-CN \ No newline at end of file +locales=ca,de,en,es,fr,it,ja,lt,nl,no,pt-BR,ru,zh-CN diff --git a/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties b/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties index a7601d2f0d1..4c5be53b4f0 100644 --- a/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties +++ b/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties @@ -484,6 +484,8 @@ disableUserInfo=Disable User Info identity-provider.disableUserInfo.tooltip=Disable usage of User Info service to obtain additional user information? Default is to use this OIDC service. userIp=Use userIp Param identity-provider.google-userIp.tooltip=Set 'userIp' query parameter when invoking on Google's User Info service. This will use the user's ip address. Useful if Google is throttling access to the User Info service. +sandbox=Target Sandbox +identity-provider.paypal-sandbox.tooltip=Target PayPal's sandbox environment update-profile-on-first-login=Update Profile on First Login on=On on-missing-info=On missing info @@ -504,6 +506,8 @@ authorization-url=Authorization URL authorization-url.tooltip=The Authorization Url. token-url=Token URL token-url.tooltip=The Token URL. +loginHint=Pass login_hint +loginHint.tooltip=Pass login_hint to identity provider. logout-url=Logout URL identity-provider.logout-url.tooltip=End session endpoint to use to logout user from external IDP. backchannel-logout=Backchannel Logout @@ -1342,7 +1346,6 @@ manage-authz-group-scope-description=Policies that decide if an admin can manage view-authz-group-scope-description=Policies that decide if an admin can view this group view-members-authz-group-scope-description=Policies that decide if an admin can manage the members of this group exchange-to-authz-client-scope-description=Policies that decide which clients are allowed exchange tokens for a token that is targeted to this client. -exchange-from-authz-client-scope-description=Policies that decide which clients are allowed to exchange tokens that were generated for this client. manage-authz-client-scope-description=Policies that decide if an admin can manage this client configure-authz-client-scope-description=Reduced management permissions for admin. Cannot set scope, template, or protocol mappers. view-authz-client-scope-description=Policies that decide if an admin can view this client diff --git a/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js b/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js index 14c9392af4d..76dc5aa7c6e 100644 --- a/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js +++ b/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js @@ -971,12 +971,12 @@ module.controller('ResourceServerPolicyResourceDetailCtrl', function($scope, $ro $scope.applyToResourceTypeFlag = true; } - $scope.selectedPolicies = []; ResourceServerPermission.associatedPolicies({ realm : $route.current.params.realm, client : client.id, id : policy.id }, function(policies) { + $scope.selectedPolicies = []; for (i = 0; i < policies.length; i++) { policies[i].text = policies[i].name; $scope.selectedPolicies.push(policies[i]); @@ -1472,7 +1472,11 @@ module.controller('ResourceServerPolicyClientDetailCtrl', function($scope, $rout return; } Client.query({realm: $route.current.params.realm, search: query.term.trim(), max: 20}, function(response) { - data.results = response; + for (i = 0; i < response.length; i++) { + if (response[i].clientId.indexOf(query.term) != -1) { + data.results.push(response[i]); + } + } query.callback(data); }); }, diff --git a/themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js b/themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js index 33cb93be302..76c9a9b7011 100755 --- a/themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js +++ b/themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js @@ -730,12 +730,17 @@ module.controller('ClientImportCtrl', function($scope, $location, $upload, realm module.controller('ClientListCtrl', function($scope, realm, Client, serverInfo, $route, Dialog, Notifications, filterFilter) { $scope.realm = realm; - $scope.clients = Client.query({realm: realm.realm, viewableOnly: true}); + $scope.clients = []; $scope.currentPage = 1; $scope.currentPageInput = 1; + $scope.numberOfPages = 1; $scope.pageSize = 20; - $scope.numberOfPages = Math.ceil($scope.clients.length/$scope.pageSize); - + + Client.query({realm: realm.realm, viewableOnly: true}).$promise.then(function(clients) { + $scope.numberOfPages = Math.ceil(clients.length/$scope.pageSize); + $scope.clients = clients; + }); + $scope.$watch('search', function (newVal, oldVal) { $scope.filtered = filterFilter($scope.clients, newVal); $scope.totalItems = $scope.filtered.length; @@ -743,7 +748,7 @@ module.controller('ClientListCtrl', function($scope, realm, Client, serverInfo, $scope.currentPage = 1; $scope.currentPageInput = 1; }, true); - + $scope.removeClient = function(client) { Dialog.confirmDelete(client.clientId, 'client', function() { Client.remove({ @@ -1798,7 +1803,7 @@ module.controller('ClientProtocolMapperCtrl', function($scope, realm, serverInfo ClientProtocolMapper.update({ realm : realm.realm, client: client.id, - id : mapper.id + id : $scope.model.mapper.id }, $scope.model.mapper, function() { $scope.model.changed = false; mapper = angular.copy($scope.mapper); diff --git a/themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js b/themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js index 77dc9cdb4eb..26443798913 100644 --- a/themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js +++ b/themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js @@ -524,13 +524,11 @@ module.controller('RealmPasswordPolicyCtrl', function($scope, Realm, realm, $htt } var policyString = ""; for (var i = 0; i < policies.length; i++) { - policyString += policies[i].id; - if (policies[i].value && policies[i].value != policies[i].defaultValue) { - policyString += '(' + policies[i].value + ')'; + policyString += policies[i].id + '(' + policies[i].value + ')'; + if (i != policies.length - 1) { + policyString += ' and '; } - policyString += " and "; } - policyString = policyString.substring(0, policyString.length - 5); return policyString; } @@ -560,7 +558,7 @@ module.controller('RealmPasswordPolicyCtrl', function($scope, Realm, realm, $htt $scope.save = function() { $scope.realm.passwordPolicy = toString($scope.policy); - console.debug($scope.realm.passwordPolicy); + console.log($scope.realm.passwordPolicy); Realm.update($scope.realm, function () { $route.reload(); @@ -2515,6 +2513,7 @@ module.controller('ClientRegPolicyDetailCtrl', function($scope, realm, clientReg if ($scope.providerType.properties) { ComponentUtils.addLastEmptyValueToMultivaluedLists($scope.providerType.properties, $scope.instance.config); + ComponentUtils.addMvOptionsToMultivaluedLists($scope.providerType.properties); } var oldCopy = angular.copy($scope.instance); @@ -2525,7 +2524,7 @@ module.controller('ClientRegPolicyDetailCtrl', function($scope, realm, clientReg $scope.changed = true; } }, true); - + $scope.reset = function() { $route.reload(); }; diff --git a/themes/src/main/resources/theme/base/admin/resources/js/services.js b/themes/src/main/resources/theme/base/admin/resources/js/services.js index 2fb10dd0ece..18fa0748e0c 100755 --- a/themes/src/main/resources/theme/base/admin/resources/js/services.js +++ b/themes/src/main/resources/theme/base/admin/resources/js/services.js @@ -232,6 +232,25 @@ module.factory('ComponentUtils', function() { } } } + + // Allows you to use ui-select2 with tag. + // In HTML you will then use property.mvOptions like this: + // + +
    + +
    + {{:: 'loginHint.tooltip' | translate}} +
    diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-paypal-ext.html b/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-paypal-ext.html new file mode 100644 index 00000000000..692a078b908 --- /dev/null +++ b/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-paypal-ext.html @@ -0,0 +1,7 @@ +
    + +
    + +
    + {{:: 'identity-provider.paypal-sandbox.tooltip' | translate}} +
    \ No newline at end of file diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-paypal.html b/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-paypal.html new file mode 100644 index 00000000000..62e97badb2a --- /dev/null +++ b/themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-paypal.html @@ -0,0 +1 @@ +
    diff --git a/themes/src/main/resources/theme/base/admin/resources/templates/kc-component-config.html b/themes/src/main/resources/theme/base/admin/resources/templates/kc-component-config.html index c5172c0cc12..0f990380143 100755 --- a/themes/src/main/resources/theme/base/admin/resources/templates/kc-component-config.html +++ b/themes/src/main/resources/theme/base/admin/resources/templates/kc-component-config.html @@ -17,9 +17,7 @@
    - +
    diff --git a/themes/src/main/resources/theme/base/admin/theme.properties b/themes/src/main/resources/theme/base/admin/theme.properties index 4bd8da4d737..36d3234157e 100644 --- a/themes/src/main/resources/theme/base/admin/theme.properties +++ b/themes/src/main/resources/theme/base/admin/theme.properties @@ -1,2 +1,2 @@ import=common/keycloak -locales=ca,en,es,fr,it,ja,lt,no,pt-BR,ru,zh-CN \ No newline at end of file +locales=ca,en,es,fr,it,ja,lt,nl,no,pt-BR,ru,zh-CN diff --git a/themes/src/main/resources/theme/base/email/theme.properties b/themes/src/main/resources/theme/base/email/theme.properties index b9c39909573..d7c6edfc4d4 100644 --- a/themes/src/main/resources/theme/base/email/theme.properties +++ b/themes/src/main/resources/theme/base/email/theme.properties @@ -1 +1 @@ -locales=ca,de,en,es,fr,it,ja,lt,no,pt-BR,ru,zh-CN \ No newline at end of file +locales=ca,de,en,es,fr,it,ja,lt,nl,no,pt-BR,ru,zh-CN diff --git a/themes/src/main/resources/theme/base/login/messages/messages_en.properties b/themes/src/main/resources/theme/base/login/messages/messages_en.properties index dbd0a3c3408..9abb4feab4d 100755 --- a/themes/src/main/resources/theme/base/login/messages/messages_en.properties +++ b/themes/src/main/resources/theme/base/login/messages/messages_en.properties @@ -230,6 +230,7 @@ locale_es=Espa\u00F1ol locale_fr=Fran\u00e7ais locale_it=Italian locale_ja=\u65E5\u672C\u8A9E +locale_nl=Nederlands locale_no=Norsk locale_pt_BR=Portugu\u00EAs (Brasil) locale_pt-BR=Portugu\u00EAs (Brasil) diff --git a/themes/src/main/resources/theme/base/login/messages/messages_zh_CN.properties b/themes/src/main/resources/theme/base/login/messages/messages_zh_CN.properties index 7a1a0728bac..39340bbef24 100644 --- a/themes/src/main/resources/theme/base/login/messages/messages_zh_CN.properties +++ b/themes/src/main/resources/theme/base/login/messages/messages_zh_CN.properties @@ -215,6 +215,7 @@ locale_es=Español locale_fr=Français locale_it=Italian locale_ja=日本語 +locale_nl=Nederlands locale_no=Norsk locale_pt_BR=Português (Brasil) locale_pt-BR=Português (Brasil) diff --git a/themes/src/main/resources/theme/base/login/theme.properties b/themes/src/main/resources/theme/base/login/theme.properties index b9c39909573..d7c6edfc4d4 100644 --- a/themes/src/main/resources/theme/base/login/theme.properties +++ b/themes/src/main/resources/theme/base/login/theme.properties @@ -1 +1 @@ -locales=ca,de,en,es,fr,it,ja,lt,no,pt-BR,ru,zh-CN \ No newline at end of file +locales=ca,de,en,es,fr,it,ja,lt,nl,no,pt-BR,ru,zh-CN diff --git a/themes/src/main/resources/theme/keycloak/common/resources/README.md b/themes/src/main/resources/theme/keycloak/common/resources/README.md index a5ef8521621..50e2e69551c 100644 --- a/themes/src/main/resources/theme/keycloak/common/resources/README.md +++ b/themes/src/main/resources/theme/keycloak/common/resources/README.md @@ -6,7 +6,9 @@ libraries are not available in the public npm repo and are thus checked into GitHub. Javascript libraries under *./node_modules* directory are managed with yarn. -THEY SHOULD NOT BE CHECKED INTO GITHUB! + +THESE LIBRARIES SHOULD BE CHECKED INTO GITHUB UNTIL KEYCLOAK-5324 and KEYCLOAK-5392 +ARE RESOLVED. Adding or Removing javascript libraries --------------------------------------- diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/.bin/mkdirp b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/.bin/mkdirp new file mode 100644 index 00000000000..4b0046722f7 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/.bin/mkdirp @@ -0,0 +1,15 @@ +#!/bin/sh +basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')") + +case `uname` in + *CYGWIN*) basedir=`cygpath -w "$basedir"`;; +esac + +if [ -x "$basedir/node" ]; then + "$basedir/node" "$basedir/../mkdirp/bin/cmd.js" "$@" + ret=$? +else + node "$basedir/../mkdirp/bin/cmd.js" "$@" + ret=$? +fi +exit $ret diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/.bin/mkdirp.cmd b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/.bin/mkdirp.cmd new file mode 100644 index 00000000000..0d2cdd7c486 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/.bin/mkdirp.cmd @@ -0,0 +1,7 @@ +@IF EXIST "%~dp0\node.exe" ( + "%~dp0\node.exe" "%~dp0\..\mkdirp\bin\cmd.js" %* +) ELSE ( + @SETLOCAL + @SET PATHEXT=%PATHEXT:;.JS;=;% + node "%~dp0\..\mkdirp\bin\cmd.js" %* +) \ No newline at end of file diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/.yarn-integrity b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/.yarn-integrity new file mode 100644 index 00000000000..5176ac33dae --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/.yarn-integrity @@ -0,0 +1,49 @@ +{ + "flags": [], + "linkedModules": [], + "topLevelPatters": [ + "angular-cookies@^1.6.4", + "angular-loader@^1.6.4", + "angular-resource@^1.6.4", + "angular-route@^1.6.4", + "angular-sanitize@^1.6.4", + "angular-translate-loader-url@^2.15.1", + "angular-translate@^2.15.1", + "angular-treeview@^0.1.5", + "angular-ui-select2@^0.0.5", + "angular@^1.6.4", + "autofill-event@^0.0.1", + "bootstrap@^3.3.7", + "filesaver@^0.0.13", + "font-awesome@^4.7.0", + "jquery@^3.2.1", + "ng-file-upload@^12.2.13", + "select2@3.5.1" + ], + "lockfileEntries": { + "angular-cookies@^1.6.4": "https://registry.yarnpkg.com/angular-cookies/-/angular-cookies-1.6.4.tgz#c28f3f6aac7a9826c1e45f1d6807240036e5b26d", + "angular-loader@^1.6.4": "https://registry.yarnpkg.com/angular-loader/-/angular-loader-1.6.4.tgz#c202b9dd233b11e66c802f7716c5d82ad249bb42", + "angular-resource@^1.6.4": "https://registry.yarnpkg.com/angular-resource/-/angular-resource-1.6.4.tgz#bcb83688b0a7d3402fde58dc7f4881383a6c0ebb", + "angular-route@^1.6.4": "https://registry.yarnpkg.com/angular-route/-/angular-route-1.6.4.tgz#7bb216fcda746a1b8c452054b05900a7074ecc62", + "angular-sanitize@^1.6.4": "https://registry.yarnpkg.com/angular-sanitize/-/angular-sanitize-1.6.4.tgz#60a37ea96fb0d4a322a3ccb64ee4a5cf3b154f0c", + "angular-translate-loader-url@^2.15.1": "https://registry.yarnpkg.com/angular-translate-loader-url/-/angular-translate-loader-url-2.15.1.tgz#31d6785a59d813fe7d8a1990d8be16864ff59e24", + "angular-translate@^2.15.1": "https://registry.yarnpkg.com/angular-translate/-/angular-translate-2.15.1.tgz#920f7d2b877819e1c0fa881781b9b675f36480ce", + "angular-translate@~2.15.1": "https://registry.yarnpkg.com/angular-translate/-/angular-translate-2.15.1.tgz#920f7d2b877819e1c0fa881781b9b675f36480ce", + "angular-treeview@^0.1.5": "https://registry.yarnpkg.com/angular-treeview/-/angular-treeview-0.1.5.tgz#ec797d4d001b20172c983e65d855ebcd8152b4fa", + "angular-ui-select2@^0.0.5": "https://registry.yarnpkg.com/angular-ui-select2/-/angular-ui-select2-0.0.5.tgz#15e7643afd69ca9063d405eb3be2f95dd5ec87f5", + "angular@>=1.2.26 <=1.6": "https://registry.yarnpkg.com/angular/-/angular-1.6.4.tgz#03b7b15c01a0802d7e2cf593240e604054dc77fb", + "angular@^1.6.4": "https://registry.yarnpkg.com/angular/-/angular-1.6.4.tgz#03b7b15c01a0802d7e2cf593240e604054dc77fb", + "autofill-event@^0.0.1": "https://registry.yarnpkg.com/autofill-event/-/autofill-event-0.0.1.tgz#c382cf989b21b61ff4a12b3597e1943471d3cf7a", + "bootstrap@^3.3.7": "https://registry.yarnpkg.com/bootstrap/-/bootstrap-3.3.7.tgz#5a389394549f23330875a3b150656574f8a9eb71", + "filesaver@^0.0.13": "https://registry.yarnpkg.com/filesaver/-/filesaver-0.0.13.tgz#fa9b2ac1371d436fe5edc9285ed998d1e2782bee", + "font-awesome@^4.7.0": "https://registry.yarnpkg.com/font-awesome/-/font-awesome-4.7.0.tgz#8fa8cf0411a1a31afd07b06d2902bb9fc815a133", + "jquery@^3.2.1": "https://registry.yarnpkg.com/jquery/-/jquery-3.2.1.tgz#5c4d9de652af6cd0a770154a631bba12b015c787", + "minimist@0.0.8": "https://registry.yarnpkg.com/minimist/-/minimist-0.0.8.tgz#857fcabfc3397d2625b8228262e86aa7a011b05d", + "mkdirp@^0.5.0": "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.1.tgz#30057438eac6cf7f8c4767f38648d6697d75c903", + "ng-file-upload@^12.2.13": "https://registry.yarnpkg.com/ng-file-upload/-/ng-file-upload-12.2.13.tgz#01800f3872e526f95310f8477e99e4f12d0d8d14", + "safename@0.0.4": "https://registry.yarnpkg.com/safename/-/safename-0.0.4.tgz#b82c3b6db70d943a0582f9052fbfbfebbb589af5", + "select2@3.5.1": "https://registry.yarnpkg.com/select2/-/select2-3.5.1.tgz#f2819489bbc65fd6d328be72bbe2b95dd7e87cfe" + }, + "files": [], + "artifacts": {} +} \ No newline at end of file diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/LICENSE.md b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/LICENSE.md new file mode 100644 index 00000000000..2c395eef1ba --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/LICENSE.md @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2016 Angular + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/README.md b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/README.md new file mode 100644 index 00000000000..7b190d34615 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/README.md @@ -0,0 +1,68 @@ +# packaged angular-cookies + +This repo is for distribution on `npm` and `bower`. The source for this module is in the +[main AngularJS repo](https://github.com/angular/angular.js/tree/master/src/ngCookies). +Please file issues and pull requests against that repo. + +## Install + +You can install this package either with `npm` or with `bower`. + +### npm + +```shell +npm install angular-cookies +``` + +Then add `ngCookies` as a dependency for your app: + +```javascript +angular.module('myApp', [require('angular-cookies')]); +``` + +### bower + +```shell +bower install angular-cookies +``` + +Add a ` +``` + +Then add `ngCookies` as a dependency for your app: + +```javascript +angular.module('myApp', ['ngCookies']); +``` + +## Documentation + +Documentation is available on the +[AngularJS docs site](http://docs.angularjs.org/api/ngCookies). + +## License + +The MIT License + +Copyright (c) 2010-2015 Google, Inc. http://angularjs.org + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/angular-cookies.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/angular-cookies.js new file mode 100644 index 00000000000..a290ec04600 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/angular-cookies.js @@ -0,0 +1,331 @@ +/** + * @license AngularJS v1.6.4 + * (c) 2010-2017 Google, Inc. http://angularjs.org + * License: MIT + */ +(function(window, angular) {'use strict'; + +/** + * @ngdoc module + * @name ngCookies + * @description + * + * # ngCookies + * + * The `ngCookies` module provides a convenient wrapper for reading and writing browser cookies. + * + * + *
    + * + * See {@link ngCookies.$cookies `$cookies`} for usage. + */ + + +angular.module('ngCookies', ['ng']). + info({ angularVersion: '1.6.4' }). + /** + * @ngdoc provider + * @name $cookiesProvider + * @description + * Use `$cookiesProvider` to change the default behavior of the {@link ngCookies.$cookies $cookies} service. + * */ + provider('$cookies', [/** @this */function $CookiesProvider() { + /** + * @ngdoc property + * @name $cookiesProvider#defaults + * @description + * + * Object containing default options to pass when setting cookies. + * + * The object may have following properties: + * + * - **path** - `{string}` - The cookie will be available only for this path and its + * sub-paths. By default, this is the URL that appears in your `` tag. + * - **domain** - `{string}` - The cookie will be available only for this domain and + * its sub-domains. For security reasons the user agent will not accept the cookie + * if the current domain is not a sub-domain of this domain or equal to it. + * - **expires** - `{string|Date}` - String of the form "Wdy, DD Mon YYYY HH:MM:SS GMT" + * or a Date object indicating the exact date/time this cookie will expire. + * - **secure** - `{boolean}` - If `true`, then the cookie will only be available through a + * secured connection. + * + * Note: By default, the address that appears in your `` tag will be used as the path. + * This is important so that cookies will be visible for all routes when html5mode is enabled. + * + * @example + * + * ```js + * angular.module('cookiesProviderExample', ['ngCookies']) + * .config(['$cookiesProvider', function($cookiesProvider) { + * // Setting default options + * $cookiesProvider.defaults.domain = 'foo.com'; + * $cookiesProvider.defaults.secure = true; + * }]); + * ``` + **/ + var defaults = this.defaults = {}; + + function calcOptions(options) { + return options ? angular.extend({}, defaults, options) : defaults; + } + + /** + * @ngdoc service + * @name $cookies + * + * @description + * Provides read/write access to browser's cookies. + * + *
    + * Up until Angular 1.3, `$cookies` exposed properties that represented the + * current browser cookie values. In version 1.4, this behavior has changed, and + * `$cookies` now provides a standard api of getters, setters etc. + *
    + * + * Requires the {@link ngCookies `ngCookies`} module to be installed. + * + * @example + * + * ```js + * angular.module('cookiesExample', ['ngCookies']) + * .controller('ExampleController', ['$cookies', function($cookies) { + * // Retrieving a cookie + * var favoriteCookie = $cookies.get('myFavorite'); + * // Setting a cookie + * $cookies.put('myFavorite', 'oatmeal'); + * }]); + * ``` + */ + this.$get = ['$$cookieReader', '$$cookieWriter', function($$cookieReader, $$cookieWriter) { + return { + /** + * @ngdoc method + * @name $cookies#get + * + * @description + * Returns the value of given cookie key + * + * @param {string} key Id to use for lookup. + * @returns {string} Raw cookie value. + */ + get: function(key) { + return $$cookieReader()[key]; + }, + + /** + * @ngdoc method + * @name $cookies#getObject + * + * @description + * Returns the deserialized value of given cookie key + * + * @param {string} key Id to use for lookup. + * @returns {Object} Deserialized cookie value. + */ + getObject: function(key) { + var value = this.get(key); + return value ? angular.fromJson(value) : value; + }, + + /** + * @ngdoc method + * @name $cookies#getAll + * + * @description + * Returns a key value object with all the cookies + * + * @returns {Object} All cookies + */ + getAll: function() { + return $$cookieReader(); + }, + + /** + * @ngdoc method + * @name $cookies#put + * + * @description + * Sets a value for given cookie key + * + * @param {string} key Id for the `value`. + * @param {string} value Raw value to be stored. + * @param {Object=} options Options object. + * See {@link ngCookies.$cookiesProvider#defaults $cookiesProvider.defaults} + */ + put: function(key, value, options) { + $$cookieWriter(key, value, calcOptions(options)); + }, + + /** + * @ngdoc method + * @name $cookies#putObject + * + * @description + * Serializes and sets a value for given cookie key + * + * @param {string} key Id for the `value`. + * @param {Object} value Value to be stored. + * @param {Object=} options Options object. + * See {@link ngCookies.$cookiesProvider#defaults $cookiesProvider.defaults} + */ + putObject: function(key, value, options) { + this.put(key, angular.toJson(value), options); + }, + + /** + * @ngdoc method + * @name $cookies#remove + * + * @description + * Remove given cookie + * + * @param {string} key Id of the key-value pair to delete. + * @param {Object=} options Options object. + * See {@link ngCookies.$cookiesProvider#defaults $cookiesProvider.defaults} + */ + remove: function(key, options) { + $$cookieWriter(key, undefined, calcOptions(options)); + } + }; + }]; + }]); + +angular.module('ngCookies'). +/** + * @ngdoc service + * @name $cookieStore + * @deprecated + * sinceVersion="v1.4.0" + * Please use the {@link ngCookies.$cookies `$cookies`} service instead. + * + * @requires $cookies + * + * @description + * Provides a key-value (string-object) storage, that is backed by session cookies. + * Objects put or retrieved from this storage are automatically serialized or + * deserialized by angular's toJson/fromJson. + * + * Requires the {@link ngCookies `ngCookies`} module to be installed. + * + * @example + * + * ```js + * angular.module('cookieStoreExample', ['ngCookies']) + * .controller('ExampleController', ['$cookieStore', function($cookieStore) { + * // Put cookie + * $cookieStore.put('myFavorite','oatmeal'); + * // Get cookie + * var favoriteCookie = $cookieStore.get('myFavorite'); + * // Removing a cookie + * $cookieStore.remove('myFavorite'); + * }]); + * ``` + */ + factory('$cookieStore', ['$cookies', function($cookies) { + + return { + /** + * @ngdoc method + * @name $cookieStore#get + * + * @description + * Returns the value of given cookie key + * + * @param {string} key Id to use for lookup. + * @returns {Object} Deserialized cookie value, undefined if the cookie does not exist. + */ + get: function(key) { + return $cookies.getObject(key); + }, + + /** + * @ngdoc method + * @name $cookieStore#put + * + * @description + * Sets a value for given cookie key + * + * @param {string} key Id for the `value`. + * @param {Object} value Value to be stored. + */ + put: function(key, value) { + $cookies.putObject(key, value); + }, + + /** + * @ngdoc method + * @name $cookieStore#remove + * + * @description + * Remove given cookie + * + * @param {string} key Id of the key-value pair to delete. + */ + remove: function(key) { + $cookies.remove(key); + } + }; + + }]); + +/** + * @name $$cookieWriter + * @requires $document + * + * @description + * This is a private service for writing cookies + * + * @param {string} name Cookie name + * @param {string=} value Cookie value (if undefined, cookie will be deleted) + * @param {Object=} options Object with options that need to be stored for the cookie. + */ +function $$CookieWriter($document, $log, $browser) { + var cookiePath = $browser.baseHref(); + var rawDocument = $document[0]; + + function buildCookieString(name, value, options) { + var path, expires; + options = options || {}; + expires = options.expires; + path = angular.isDefined(options.path) ? options.path : cookiePath; + if (angular.isUndefined(value)) { + expires = 'Thu, 01 Jan 1970 00:00:00 GMT'; + value = ''; + } + if (angular.isString(expires)) { + expires = new Date(expires); + } + + var str = encodeURIComponent(name) + '=' + encodeURIComponent(value); + str += path ? ';path=' + path : ''; + str += options.domain ? ';domain=' + options.domain : ''; + str += expires ? ';expires=' + expires.toUTCString() : ''; + str += options.secure ? ';secure' : ''; + + // per http://www.ietf.org/rfc/rfc2109.txt browser must allow at minimum: + // - 300 cookies + // - 20 cookies per unique domain + // - 4096 bytes per cookie + var cookieLength = str.length + 1; + if (cookieLength > 4096) { + $log.warn('Cookie \'' + name + + '\' possibly not set or overflowed because it was too large (' + + cookieLength + ' > 4096 bytes)!'); + } + + return str; + } + + return function(name, value, options) { + rawDocument.cookie = buildCookieString(name, value, options); + }; +} + +$$CookieWriter.$inject = ['$document', '$log', '$browser']; + +angular.module('ngCookies').provider('$$cookieWriter', /** @this */ function $$CookieWriterProvider() { + this.$get = $$CookieWriter; +}); + + +})(window, window.angular); diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/angular-cookies.min.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/angular-cookies.min.js new file mode 100644 index 00000000000..dd30241caaf --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/angular-cookies.min.js @@ -0,0 +1,9 @@ +/* + AngularJS v1.6.4 + (c) 2010-2017 Google, Inc. http://angularjs.org + License: MIT +*/ +(function(n,c){'use strict';function l(b,a,g){var d=g.baseHref(),k=b[0];return function(b,e,f){var g,h;f=f||{};h=f.expires;g=c.isDefined(f.path)?f.path:d;c.isUndefined(e)&&(h="Thu, 01 Jan 1970 00:00:00 GMT",e="");c.isString(h)&&(h=new Date(h));e=encodeURIComponent(b)+"="+encodeURIComponent(e);e=e+(g?";path="+g:"")+(f.domain?";domain="+f.domain:"");e+=h?";expires="+h.toUTCString():"";e+=f.secure?";secure":"";f=e.length+1;4096 4096 bytes)!");k.cookie=e}}c.module("ngCookies",["ng"]).info({angularVersion:"1.6.4"}).provider("$cookies",[function(){var b=this.defaults={};this.$get=["$$cookieReader","$$cookieWriter",function(a,g){return{get:function(d){return a()[d]},getObject:function(d){return(d=this.get(d))?c.fromJson(d):d},getAll:function(){return a()},put:function(d,a,m){g(d,a,m?c.extend({},b,m):b)},putObject:function(d,b,a){this.put(d,c.toJson(b),a)},remove:function(a,k){g(a,void 0,k?c.extend({},b,k):b)}}}]}]);c.module("ngCookies").factory("$cookieStore", +["$cookies",function(b){return{get:function(a){return b.getObject(a)},put:function(a,c){b.putObject(a,c)},remove:function(a){b.remove(a)}}}]);l.$inject=["$document","$log","$browser"];c.module("ngCookies").provider("$$cookieWriter",function(){this.$get=l})})(window,window.angular); +//# sourceMappingURL=angular-cookies.min.js.map diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/angular-cookies.min.js.map b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/angular-cookies.min.js.map new file mode 100644 index 00000000000..a4278c4d397 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/angular-cookies.min.js.map @@ -0,0 +1,8 @@ +{ +"version":3, +"file":"angular-cookies.min.js", +"lineCount":8, +"mappings":"A;;;;;aAKC,SAAQ,CAACA,CAAD,CAASC,CAAT,CAAkB,CAoR3BC,QAASA,EAAc,CAACC,CAAD,CAAYC,CAAZ,CAAkBC,CAAlB,CAA4B,CACjD,IAAIC,EAAaD,CAAAE,SAAA,EAAjB,CACIC,EAAcL,CAAA,CAAU,CAAV,CAmClB,OAAO,SAAQ,CAACM,CAAD,CAAOC,CAAP,CAAcC,CAAd,CAAuB,CAjCW,IAC3CC,CAD2C,CACrCC,CACVF,EAAA,CAgCoDA,CAhCpD,EAAqB,EACrBE,EAAA,CAAUF,CAAAE,QACVD,EAAA,CAAOX,CAAAa,UAAA,CAAkBH,CAAAC,KAAlB,CAAA,CAAkCD,CAAAC,KAAlC,CAAiDN,CACpDL,EAAAc,YAAA,CAAoBL,CAApB,CAAJ,GACEG,CACA,CADU,+BACV,CAAAH,CAAA,CAAQ,EAFV,CAIIT,EAAAe,SAAA,CAAiBH,CAAjB,CAAJ,GACEA,CADF,CACY,IAAII,IAAJ,CAASJ,CAAT,CADZ,CAIIK,EAAAA,CAAMC,kBAAA,CAqB6BV,CArB7B,CAANS,CAAiC,GAAjCA,CAAuCC,kBAAA,CAAmBT,CAAnB,CAE3CQ,EAAA,CADAA,CACA,EADON,CAAA,CAAO,QAAP,CAAkBA,CAAlB,CAAyB,EAChC,GAAOD,CAAAS,OAAA,CAAiB,UAAjB,CAA8BT,CAAAS,OAA9B,CAA+C,EAAtD,CACAF,EAAA,EAAOL,CAAA,CAAU,WAAV,CAAwBA,CAAAQ,YAAA,EAAxB,CAAgD,EACvDH,EAAA,EAAOP,CAAAW,OAAA,CAAiB,SAAjB,CAA6B,EAMhCC,EAAAA,CAAeL,CAAAM,OAAfD,CAA4B,CACb,KAAnB,CAAIA,CAAJ,EACEnB,CAAAqB,KAAA,CAAU,UAAV,CASqChB,CATrC,CACE,6DADF;AAEEc,CAFF,CAEiB,iBAFjB,CASFf,EAAAkB,OAAA,CAJOR,CAG6B,CArCW,CAlQnDjB,CAAA0B,OAAA,CAAe,WAAf,CAA4B,CAAC,IAAD,CAA5B,CAAAC,KAAA,CACO,CAAEC,eAAgB,OAAlB,CADP,CAAAC,SAAA,CAQY,UARZ,CAQwB,CAAaC,QAAyB,EAAG,CAkC7D,IAAIC,EAAW,IAAAA,SAAXA,CAA2B,EAiC/B,KAAAC,KAAA,CAAY,CAAC,gBAAD,CAAmB,gBAAnB,CAAqC,QAAQ,CAACC,CAAD,CAAiBC,CAAjB,CAAiC,CACxF,MAAO,CAWLC,IAAKA,QAAQ,CAACC,CAAD,CAAM,CACjB,MAAOH,EAAA,EAAA,CAAiBG,CAAjB,CADU,CAXd,CAyBLC,UAAWA,QAAQ,CAACD,CAAD,CAAM,CAEvB,MAAO,CADH3B,CACG,CADK,IAAA0B,IAAA,CAASC,CAAT,CACL,EAAQpC,CAAAsC,SAAA,CAAiB7B,CAAjB,CAAR,CAAkCA,CAFlB,CAzBpB,CAuCL8B,OAAQA,QAAQ,EAAG,CACjB,MAAON,EAAA,EADU,CAvCd,CAuDLO,IAAKA,QAAQ,CAACJ,CAAD,CAAM3B,CAAN,CAAaC,CAAb,CAAsB,CACjCwB,CAAA,CAAeE,CAAf,CAAoB3B,CAApB,CAAuCC,CAvFpC,CAAUV,CAAAyC,OAAA,CAAe,EAAf,CAAmBV,CAAnB,CAuF0BrB,CAvF1B,CAAV,CAAkDqB,CAuFrD,CADiC,CAvD9B,CAuELW,UAAWA,QAAQ,CAACN,CAAD,CAAM3B,CAAN,CAAaC,CAAb,CAAsB,CACvC,IAAA8B,IAAA,CAASJ,CAAT,CAAcpC,CAAA2C,OAAA,CAAelC,CAAf,CAAd,CAAqCC,CAArC,CADuC,CAvEpC,CAsFLkC,OAAQA,QAAQ,CAACR,CAAD,CAAM1B,CAAN,CAAe,CAC7BwB,CAAA,CAAeE,CAAf,CAAoBS,IAAAA,EAApB,CAA2CnC,CAtHxC,CAAUV,CAAAyC,OAAA,CAAe,EAAf,CAAmBV,CAAnB,CAsH8BrB,CAtH9B,CAAV,CAAkDqB,CAsHrD,CAD6B,CAtF1B,CADiF,CAA9E,CAnEiD,CAAzC,CARxB,CAyKA/B,EAAA0B,OAAA,CAAe,WAAf,CAAAoB,QAAA,CA+BS,cA/BT;AA+ByB,CAAC,UAAD,CAAa,QAAQ,CAACC,CAAD,CAAW,CAErD,MAAO,CAWLZ,IAAKA,QAAQ,CAACC,CAAD,CAAM,CACjB,MAAOW,EAAAV,UAAA,CAAmBD,CAAnB,CADU,CAXd,CAyBLI,IAAKA,QAAQ,CAACJ,CAAD,CAAM3B,CAAN,CAAa,CACxBsC,CAAAL,UAAA,CAAmBN,CAAnB,CAAwB3B,CAAxB,CADwB,CAzBrB,CAsCLmC,OAAQA,QAAQ,CAACR,CAAD,CAAM,CACpBW,CAAAH,OAAA,CAAgBR,CAAhB,CADoB,CAtCjB,CAF8C,CAAhC,CA/BzB,CAmIAnC,EAAA+C,QAAA,CAAyB,CAAC,WAAD,CAAc,MAAd,CAAsB,UAAtB,CAEzBhD,EAAA0B,OAAA,CAAe,WAAf,CAAAG,SAAA,CAAqC,gBAArC,CAAoEoB,QAA+B,EAAG,CACpG,IAAAjB,KAAA,CAAY/B,CADwF,CAAtG,CAhU2B,CAA1B,CAAD,CAqUGF,MArUH,CAqUWA,MAAAC,QArUX;", +"sources":["angular-cookies.js"], +"names":["window","angular","$$CookieWriter","$document","$log","$browser","cookiePath","baseHref","rawDocument","name","value","options","path","expires","isDefined","isUndefined","isString","Date","str","encodeURIComponent","domain","toUTCString","secure","cookieLength","length","warn","cookie","module","info","angularVersion","provider","$CookiesProvider","defaults","$get","$$cookieReader","$$cookieWriter","get","key","getObject","fromJson","getAll","put","extend","putObject","toJson","remove","undefined","factory","$cookies","$inject","$$CookieWriterProvider"] +} diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/bower.json b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/bower.json new file mode 100644 index 00000000000..1f522e355b4 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/bower.json @@ -0,0 +1,10 @@ +{ + "name": "angular-cookies", + "version": "1.6.4", + "license": "MIT", + "main": "./angular-cookies.js", + "ignore": [], + "dependencies": { + "angular": "1.6.4" + } +} diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/index.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/index.js new file mode 100644 index 00000000000..657667549a8 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/index.js @@ -0,0 +1,2 @@ +require('./angular-cookies'); +module.exports = 'ngCookies'; diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/package.json b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/package.json new file mode 100644 index 00000000000..5f3597b18a4 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-cookies/package.json @@ -0,0 +1,33 @@ +{ + "name": "angular-cookies", + "version": "1.6.4", + "description": "AngularJS module for cookies", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "repository": { + "type": "git", + "url": "https://github.com/angular/angular.js.git" + }, + "keywords": [ + "angular", + "framework", + "browser", + "cookies", + "client-side" + ], + "author": "Angular Core Team ", + "license": "MIT", + "bugs": { + "url": "https://github.com/angular/angular.js/issues" + }, + "homepage": "http://angularjs.org", + "jspm": { + "shim": { + "angular-cookies": { + "deps": ["angular"] + } + } + } +} diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-loader/LICENSE.md b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-loader/LICENSE.md new file mode 100644 index 00000000000..2c395eef1ba --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-loader/LICENSE.md @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2016 Angular + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-loader/README.md b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-loader/README.md new file mode 100644 index 00000000000..7322047be00 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-loader/README.md @@ -0,0 +1,65 @@ +# packaged angular-loader + +This repo is for distribution on `npm` and `bower`. The source for this module is in the +[main AngularJS repo](https://github.com/angular/angular.js/blob/master/src/loader.js). +Please file issues and pull requests against that repo. + +## Install + +You can install this package either with `npm` or with `bower`. + +### npm + +```shell +npm install angular-loader +``` + +Add a ` +``` + +Note that this package is not in CommonJS format, so doing `require('angular-loader')` will +return `undefined`. + +### bower + +```shell +bower install angular-loader +``` + +Add a ` +``` + +## Documentation + +Documentation is available on the +[AngularJS docs site](http://docs.angularjs.org/guide/bootstrap). + +## License + +The MIT License + +Copyright (c) 2010-2015 Google, Inc. http://angularjs.org + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-loader/angular-loader.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-loader/angular-loader.js new file mode 100644 index 00000000000..3dd430cdbe4 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-loader/angular-loader.js @@ -0,0 +1,533 @@ +/** + * @license AngularJS v1.6.4 + * (c) 2010-2017 Google, Inc. http://angularjs.org + * License: MIT + */ + +(function() {'use strict'; + function isFunction(value) {return typeof value === 'function';} + function isDefined(value) {return typeof value !== 'undefined';} + function isObject(value) {return value !== null && typeof value === 'object';} + +/* global toDebugString: true */ + +function serializeObject(obj, maxDepth) { + var seen = []; + + // There is no direct way to stringify object until reaching a specific depth + // and a very deep object can cause a performance issue, so we copy the object + // based on this specific depth and then stringify it. + if (isValidObjectMaxDepth(maxDepth)) { + obj = copy(obj, null, maxDepth); + } + return JSON.stringify(obj, function(key, val) { + val = toJsonReplacer(key, val); + if (isObject(val)) { + + if (seen.indexOf(val) >= 0) return '...'; + + seen.push(val); + } + return val; + }); +} + +function toDebugString(obj, maxDepth) { + if (typeof obj === 'function') { + return obj.toString().replace(/ \{[\s\S]*$/, ''); + } else if (isUndefined(obj)) { + return 'undefined'; + } else if (typeof obj !== 'string') { + return serializeObject(obj, maxDepth); + } + return obj; +} + +/** + * @description + * + * This object provides a utility for producing rich Error messages within + * Angular. It can be called as follows: + * + * var exampleMinErr = minErr('example'); + * throw exampleMinErr('one', 'This {0} is {1}', foo, bar); + * + * The above creates an instance of minErr in the example namespace. The + * resulting error will have a namespaced error code of example.one. The + * resulting error will replace {0} with the value of foo, and {1} with the + * value of bar. The object is not restricted in the number of arguments it can + * take. + * + * If fewer arguments are specified than necessary for interpolation, the extra + * interpolation markers will be preserved in the final string. + * + * Since data will be parsed statically during a build step, some restrictions + * are applied with respect to how minErr instances are created and called. + * Instances should have names of the form namespaceMinErr for a minErr created + * using minErr('namespace') . Error codes, namespaces and template strings + * should all be static strings, not variables or general expressions. + * + * @param {string} module The namespace to use for the new minErr instance. + * @param {function} ErrorConstructor Custom error constructor to be instantiated when returning + * error from returned function, for cases when a particular type of error is useful. + * @returns {function(code:string, template:string, ...templateArgs): Error} minErr instance + */ + +function minErr(module, ErrorConstructor) { + ErrorConstructor = ErrorConstructor || Error; + return function() { + var code = arguments[0], + template = arguments[1], + message = '[' + (module ? module + ':' : '') + code + '] ', + templateArgs = sliceArgs(arguments, 2).map(function(arg) { + return toDebugString(arg, minErrConfig.objectMaxDepth); + }), + paramPrefix, i; + + message += template.replace(/\{\d+\}/g, function(match) { + var index = +match.slice(1, -1); + + if (index < templateArgs.length) { + return templateArgs[index]; + } + + return match; + }); + + message += '\nhttp://errors.angularjs.org/1.6.4/' + + (module ? module + '/' : '') + code; + + for (i = 0, paramPrefix = '?'; i < templateArgs.length; i++, paramPrefix = '&') { + message += paramPrefix + 'p' + i + '=' + encodeURIComponent(templateArgs[i]); + } + + return new ErrorConstructor(message); + }; +} + +/** + * @ngdoc type + * @name angular.Module + * @module ng + * @description + * + * Interface for configuring angular {@link angular.module modules}. + */ + +function setupModuleLoader(window) { + + var $injectorMinErr = minErr('$injector'); + var ngMinErr = minErr('ng'); + + function ensure(obj, name, factory) { + return obj[name] || (obj[name] = factory()); + } + + var angular = ensure(window, 'angular', Object); + + // We need to expose `angular.$$minErr` to modules such as `ngResource` that reference it during bootstrap + angular.$$minErr = angular.$$minErr || minErr; + + return ensure(angular, 'module', function() { + /** @type {Object.} */ + var modules = {}; + + /** + * @ngdoc function + * @name angular.module + * @module ng + * @description + * + * The `angular.module` is a global place for creating, registering and retrieving Angular + * modules. + * All modules (angular core or 3rd party) that should be available to an application must be + * registered using this mechanism. + * + * Passing one argument retrieves an existing {@link angular.Module}, + * whereas passing more than one argument creates a new {@link angular.Module} + * + * + * # Module + * + * A module is a collection of services, directives, controllers, filters, and configuration information. + * `angular.module` is used to configure the {@link auto.$injector $injector}. + * + * ```js + * // Create a new module + * var myModule = angular.module('myModule', []); + * + * // register a new service + * myModule.value('appName', 'MyCoolApp'); + * + * // configure existing services inside initialization blocks. + * myModule.config(['$locationProvider', function($locationProvider) { + * // Configure existing providers + * $locationProvider.hashPrefix('!'); + * }]); + * ``` + * + * Then you can create an injector and load your modules like this: + * + * ```js + * var injector = angular.injector(['ng', 'myModule']) + * ``` + * + * However it's more likely that you'll just use + * {@link ng.directive:ngApp ngApp} or + * {@link angular.bootstrap} to simplify this process for you. + * + * @param {!string} name The name of the module to create or retrieve. + * @param {!Array.=} requires If specified then new module is being created. If + * unspecified then the module is being retrieved for further configuration. + * @param {Function=} configFn Optional configuration function for the module. Same as + * {@link angular.Module#config Module#config()}. + * @returns {angular.Module} new module with the {@link angular.Module} api. + */ + return function module(name, requires, configFn) { + + var info = {}; + + var assertNotHasOwnProperty = function(name, context) { + if (name === 'hasOwnProperty') { + throw ngMinErr('badname', 'hasOwnProperty is not a valid {0} name', context); + } + }; + + assertNotHasOwnProperty(name, 'module'); + if (requires && modules.hasOwnProperty(name)) { + modules[name] = null; + } + return ensure(modules, name, function() { + if (!requires) { + throw $injectorMinErr('nomod', 'Module \'{0}\' is not available! You either misspelled ' + + 'the module name or forgot to load it. If registering a module ensure that you ' + + 'specify the dependencies as the second argument.', name); + } + + /** @type {!Array.>} */ + var invokeQueue = []; + + /** @type {!Array.} */ + var configBlocks = []; + + /** @type {!Array.} */ + var runBlocks = []; + + var config = invokeLater('$injector', 'invoke', 'push', configBlocks); + + /** @type {angular.Module} */ + var moduleInstance = { + // Private state + _invokeQueue: invokeQueue, + _configBlocks: configBlocks, + _runBlocks: runBlocks, + + /** + * @ngdoc method + * @name angular.Module#info + * @module ng + * + * @param {Object=} info Information about the module + * @returns {Object|Module} The current info object for this module if called as a getter, + * or `this` if called as a setter. + * + * @description + * Read and write custom information about this module. + * For example you could put the version of the module in here. + * + * ```js + * angular.module('myModule', []).info({ version: '1.0.0' }); + * ``` + * + * The version could then be read back out by accessing the module elsewhere: + * + * ``` + * var version = angular.module('myModule').info().version; + * ``` + * + * You can also retrieve this information during runtime via the + * {@link $injector#modules `$injector.modules`} property: + * + * ```js + * var version = $injector.modules['myModule'].info().version; + * ``` + */ + info: function(value) { + if (isDefined(value)) { + if (!isObject(value)) throw ngMinErr('aobj', 'Argument \'{0}\' must be an object', 'value'); + info = value; + return this; + } + return info; + }, + + /** + * @ngdoc property + * @name angular.Module#requires + * @module ng + * + * @description + * Holds the list of modules which the injector will load before the current module is + * loaded. + */ + requires: requires, + + /** + * @ngdoc property + * @name angular.Module#name + * @module ng + * + * @description + * Name of the module. + */ + name: name, + + + /** + * @ngdoc method + * @name angular.Module#provider + * @module ng + * @param {string} name service name + * @param {Function} providerType Construction function for creating new instance of the + * service. + * @description + * See {@link auto.$provide#provider $provide.provider()}. + */ + provider: invokeLaterAndSetModuleName('$provide', 'provider'), + + /** + * @ngdoc method + * @name angular.Module#factory + * @module ng + * @param {string} name service name + * @param {Function} providerFunction Function for creating new instance of the service. + * @description + * See {@link auto.$provide#factory $provide.factory()}. + */ + factory: invokeLaterAndSetModuleName('$provide', 'factory'), + + /** + * @ngdoc method + * @name angular.Module#service + * @module ng + * @param {string} name service name + * @param {Function} constructor A constructor function that will be instantiated. + * @description + * See {@link auto.$provide#service $provide.service()}. + */ + service: invokeLaterAndSetModuleName('$provide', 'service'), + + /** + * @ngdoc method + * @name angular.Module#value + * @module ng + * @param {string} name service name + * @param {*} object Service instance object. + * @description + * See {@link auto.$provide#value $provide.value()}. + */ + value: invokeLater('$provide', 'value'), + + /** + * @ngdoc method + * @name angular.Module#constant + * @module ng + * @param {string} name constant name + * @param {*} object Constant value. + * @description + * Because the constants are fixed, they get applied before other provide methods. + * See {@link auto.$provide#constant $provide.constant()}. + */ + constant: invokeLater('$provide', 'constant', 'unshift'), + + /** + * @ngdoc method + * @name angular.Module#decorator + * @module ng + * @param {string} name The name of the service to decorate. + * @param {Function} decorFn This function will be invoked when the service needs to be + * instantiated and should return the decorated service instance. + * @description + * See {@link auto.$provide#decorator $provide.decorator()}. + */ + decorator: invokeLaterAndSetModuleName('$provide', 'decorator', configBlocks), + + /** + * @ngdoc method + * @name angular.Module#animation + * @module ng + * @param {string} name animation name + * @param {Function} animationFactory Factory function for creating new instance of an + * animation. + * @description + * + * **NOTE**: animations take effect only if the **ngAnimate** module is loaded. + * + * + * Defines an animation hook that can be later used with + * {@link $animate $animate} service and directives that use this service. + * + * ```js + * module.animation('.animation-name', function($inject1, $inject2) { + * return { + * eventName : function(element, done) { + * //code to run the animation + * //once complete, then run done() + * return function cancellationFunction(element) { + * //code to cancel the animation + * } + * } + * } + * }) + * ``` + * + * See {@link ng.$animateProvider#register $animateProvider.register()} and + * {@link ngAnimate ngAnimate module} for more information. + */ + animation: invokeLaterAndSetModuleName('$animateProvider', 'register'), + + /** + * @ngdoc method + * @name angular.Module#filter + * @module ng + * @param {string} name Filter name - this must be a valid angular expression identifier + * @param {Function} filterFactory Factory function for creating new instance of filter. + * @description + * See {@link ng.$filterProvider#register $filterProvider.register()}. + * + *
    + * **Note:** Filter names must be valid angular {@link expression} identifiers, such as `uppercase` or `orderBy`. + * Names with special characters, such as hyphens and dots, are not allowed. If you wish to namespace + * your filters, then you can use capitalization (`myappSubsectionFilterx`) or underscores + * (`myapp_subsection_filterx`). + *
    + */ + filter: invokeLaterAndSetModuleName('$filterProvider', 'register'), + + /** + * @ngdoc method + * @name angular.Module#controller + * @module ng + * @param {string|Object} name Controller name, or an object map of controllers where the + * keys are the names and the values are the constructors. + * @param {Function} constructor Controller constructor function. + * @description + * See {@link ng.$controllerProvider#register $controllerProvider.register()}. + */ + controller: invokeLaterAndSetModuleName('$controllerProvider', 'register'), + + /** + * @ngdoc method + * @name angular.Module#directive + * @module ng + * @param {string|Object} name Directive name, or an object map of directives where the + * keys are the names and the values are the factories. + * @param {Function} directiveFactory Factory function for creating new instance of + * directives. + * @description + * See {@link ng.$compileProvider#directive $compileProvider.directive()}. + */ + directive: invokeLaterAndSetModuleName('$compileProvider', 'directive'), + + /** + * @ngdoc method + * @name angular.Module#component + * @module ng + * @param {string} name Name of the component in camel-case (i.e. myComp which will match as my-comp) + * @param {Object} options Component definition object (a simplified + * {@link ng.$compile#directive-definition-object directive definition object}) + * + * @description + * See {@link ng.$compileProvider#component $compileProvider.component()}. + */ + component: invokeLaterAndSetModuleName('$compileProvider', 'component'), + + /** + * @ngdoc method + * @name angular.Module#config + * @module ng + * @param {Function} configFn Execute this function on module load. Useful for service + * configuration. + * @description + * Use this method to register work which needs to be performed on module loading. + * For more about how to configure services, see + * {@link providers#provider-recipe Provider Recipe}. + */ + config: config, + + /** + * @ngdoc method + * @name angular.Module#run + * @module ng + * @param {Function} initializationFn Execute this function after injector creation. + * Useful for application initialization. + * @description + * Use this method to register work which should be performed when the injector is done + * loading all modules. + */ + run: function(block) { + runBlocks.push(block); + return this; + } + }; + + if (configFn) { + config(configFn); + } + + return moduleInstance; + + /** + * @param {string} provider + * @param {string} method + * @param {String=} insertMethod + * @returns {angular.Module} + */ + function invokeLater(provider, method, insertMethod, queue) { + if (!queue) queue = invokeQueue; + return function() { + queue[insertMethod || 'push']([provider, method, arguments]); + return moduleInstance; + }; + } + + /** + * @param {string} provider + * @param {string} method + * @returns {angular.Module} + */ + function invokeLaterAndSetModuleName(provider, method, queue) { + if (!queue) queue = invokeQueue; + return function(recipeName, factoryFunction) { + if (factoryFunction && isFunction(factoryFunction)) factoryFunction.$$moduleName = name; + queue.push([provider, method, arguments]); + return moduleInstance; + }; + } + }); + }; + }); + +} + +setupModuleLoader(window); +})(window); + +/** + * Closure compiler type information + * + * @typedef { { + * requires: !Array., + * invokeQueue: !Array.>, + * + * service: function(string, Function):angular.Module, + * factory: function(string, Function):angular.Module, + * value: function(string, *):angular.Module, + * + * filter: function(string, Function):angular.Module, + * + * init: function(Function):angular.Module + * } } + */ +angular.Module; + diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-loader/angular-loader.min.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-loader/angular-loader.min.js new file mode 100644 index 00000000000..73cfdea2326 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-loader/angular-loader.min.js @@ -0,0 +1,10 @@ +/* + AngularJS v1.6.4 + (c) 2010-2017 Google, Inc. http://angularjs.org + License: MIT +*/ +(function(){'use strict';function g(a,f){f=f||Error;return function(){var d=arguments[0],e;e="["+(a?a+":":"")+d+"] http://errors.angularjs.org/1.6.4/"+(a?a+"/":"")+d;for(d=1;d", + "license": "MIT", + "bugs": { + "url": "https://github.com/angular/angular.js/issues" + }, + "homepage": "http://angularjs.org", + "jspm": { + "shim": { + "angular-loader": { + "deps": ["angular"] + } + } + } +} diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-resource/LICENSE.md b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-resource/LICENSE.md new file mode 100644 index 00000000000..2c395eef1ba --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-resource/LICENSE.md @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2016 Angular + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-resource/README.md b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-resource/README.md new file mode 100644 index 00000000000..f3bd119ce22 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-resource/README.md @@ -0,0 +1,68 @@ +# packaged angular-resource + +This repo is for distribution on `npm` and `bower`. The source for this module is in the +[main AngularJS repo](https://github.com/angular/angular.js/tree/master/src/ngResource). +Please file issues and pull requests against that repo. + +## Install + +You can install this package either with `npm` or with `bower`. + +### npm + +```shell +npm install angular-resource +``` + +Then add `ngResource` as a dependency for your app: + +```javascript +angular.module('myApp', [require('angular-resource')]); +``` + +### bower + +```shell +bower install angular-resource +``` + +Add a ` +``` + +Then add `ngResource` as a dependency for your app: + +```javascript +angular.module('myApp', ['ngResource']); +``` + +## Documentation + +Documentation is available on the +[AngularJS docs site](http://docs.angularjs.org/api/ngResource). + +## License + +The MIT License + +Copyright (c) 2010-2015 Google, Inc. http://angularjs.org + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-resource/angular-resource.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-resource/angular-resource.js new file mode 100644 index 00000000000..41a6697a6ef --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-resource/angular-resource.js @@ -0,0 +1,858 @@ +/** + * @license AngularJS v1.6.4 + * (c) 2010-2017 Google, Inc. http://angularjs.org + * License: MIT + */ +(function(window, angular) {'use strict'; + +var $resourceMinErr = angular.$$minErr('$resource'); + +// Helper functions and regex to lookup a dotted path on an object +// stopping at undefined/null. The path must be composed of ASCII +// identifiers (just like $parse) +var MEMBER_NAME_REGEX = /^(\.[a-zA-Z_$@][0-9a-zA-Z_$@]*)+$/; + +function isValidDottedPath(path) { + return (path != null && path !== '' && path !== 'hasOwnProperty' && + MEMBER_NAME_REGEX.test('.' + path)); +} + +function lookupDottedPath(obj, path) { + if (!isValidDottedPath(path)) { + throw $resourceMinErr('badmember', 'Dotted member path "@{0}" is invalid.', path); + } + var keys = path.split('.'); + for (var i = 0, ii = keys.length; i < ii && angular.isDefined(obj); i++) { + var key = keys[i]; + obj = (obj !== null) ? obj[key] : undefined; + } + return obj; +} + +/** + * Create a shallow copy of an object and clear other fields from the destination + */ +function shallowClearAndCopy(src, dst) { + dst = dst || {}; + + angular.forEach(dst, function(value, key) { + delete dst[key]; + }); + + for (var key in src) { + if (src.hasOwnProperty(key) && !(key.charAt(0) === '$' && key.charAt(1) === '$')) { + dst[key] = src[key]; + } + } + + return dst; +} + +/** + * @ngdoc module + * @name ngResource + * @description + * + * # ngResource + * + * The `ngResource` module provides interaction support with RESTful services + * via the $resource service. + * + * + *
    + * + * See {@link ngResource.$resourceProvider} and {@link ngResource.$resource} for usage. + */ + +/** + * @ngdoc provider + * @name $resourceProvider + * + * @description + * + * Use `$resourceProvider` to change the default behavior of the {@link ngResource.$resource} + * service. + * + * ## Dependencies + * Requires the {@link ngResource } module to be installed. + * + */ + +/** + * @ngdoc service + * @name $resource + * @requires $http + * @requires ng.$log + * @requires $q + * @requires ng.$timeout + * + * @description + * A factory which creates a resource object that lets you interact with + * [RESTful](http://en.wikipedia.org/wiki/Representational_State_Transfer) server-side data sources. + * + * The returned resource object has action methods which provide high-level behaviors without + * the need to interact with the low level {@link ng.$http $http} service. + * + * Requires the {@link ngResource `ngResource`} module to be installed. + * + * By default, trailing slashes will be stripped from the calculated URLs, + * which can pose problems with server backends that do not expect that + * behavior. This can be disabled by configuring the `$resourceProvider` like + * this: + * + * ```js + app.config(['$resourceProvider', function($resourceProvider) { + // Don't strip trailing slashes from calculated URLs + $resourceProvider.defaults.stripTrailingSlashes = false; + }]); + * ``` + * + * @param {string} url A parameterized URL template with parameters prefixed by `:` as in + * `/user/:username`. If you are using a URL with a port number (e.g. + * `http://example.com:8080/api`), it will be respected. + * + * If you are using a url with a suffix, just add the suffix, like this: + * `$resource('http://example.com/resource.json')` or `$resource('http://example.com/:id.json')` + * or even `$resource('http://example.com/resource/:resource_id.:format')` + * If the parameter before the suffix is empty, :resource_id in this case, then the `/.` will be + * collapsed down to a single `.`. If you need this sequence to appear and not collapse then you + * can escape it with `/\.`. + * + * @param {Object=} paramDefaults Default values for `url` parameters. These can be overridden in + * `actions` methods. If a parameter value is a function, it will be called every time + * a param value needs to be obtained for a request (unless the param was overridden). The function + * will be passed the current data value as an argument. + * + * Each key value in the parameter object is first bound to url template if present and then any + * excess keys are appended to the url search query after the `?`. + * + * Given a template `/path/:verb` and parameter `{verb:'greet', salutation:'Hello'}` results in + * URL `/path/greet?salutation=Hello`. + * + * If the parameter value is prefixed with `@`, then the value for that parameter will be + * extracted from the corresponding property on the `data` object (provided when calling actions + * with a request body). + * For example, if the `defaultParam` object is `{someParam: '@someProp'}` then the value of + * `someParam` will be `data.someProp`. + * Note that the parameter will be ignored, when calling a "GET" action method (i.e. an action + * method that does not accept a request body) + * + * @param {Object.=} actions Hash with declaration of custom actions that will be available + * in addition to the default set of resource actions (see below). If a custom action has the same + * key as a default action (e.g. `save`), then the default action will be *overwritten*, and not + * extended. + * + * The declaration should be created in the format of {@link ng.$http#usage $http.config}: + * + * {action1: {method:?, params:?, isArray:?, headers:?, ...}, + * action2: {method:?, params:?, isArray:?, headers:?, ...}, + * ...} + * + * Where: + * + * - **`action`** – {string} – The name of action. This name becomes the name of the method on + * your resource object. + * - **`method`** – {string} – Case insensitive HTTP method (e.g. `GET`, `POST`, `PUT`, + * `DELETE`, `JSONP`, etc). + * - **`params`** – {Object=} – Optional set of pre-bound parameters for this action. If any of + * the parameter value is a function, it will be called every time when a param value needs to + * be obtained for a request (unless the param was overridden). The function will be passed the + * current data value as an argument. + * - **`url`** – {string} – action specific `url` override. The url templating is supported just + * like for the resource-level urls. + * - **`isArray`** – {boolean=} – If true then the returned object for this action is an array, + * see `returns` section. + * - **`transformRequest`** – + * `{function(data, headersGetter)|Array.}` – + * transform function or an array of such functions. The transform function takes the http + * request body and headers and returns its transformed (typically serialized) version. + * By default, transformRequest will contain one function that checks if the request data is + * an object and serializes it using `angular.toJson`. To prevent this behavior, set + * `transformRequest` to an empty array: `transformRequest: []` + * - **`transformResponse`** – + * `{function(data, headersGetter, status)|Array.}` – + * transform function or an array of such functions. The transform function takes the http + * response body, headers and status and returns its transformed (typically deserialized) + * version. + * By default, transformResponse will contain one function that checks if the response looks + * like a JSON string and deserializes it using `angular.fromJson`. To prevent this behavior, + * set `transformResponse` to an empty array: `transformResponse: []` + * - **`cache`** – `{boolean|Cache}` – If true, a default $http cache will be used to cache the + * GET request, otherwise if a cache instance built with + * {@link ng.$cacheFactory $cacheFactory} is supplied, this cache will be used for + * caching. + * - **`timeout`** – `{number}` – timeout in milliseconds.
    + * **Note:** In contrast to {@link ng.$http#usage $http.config}, {@link ng.$q promises} are + * **not** supported in $resource, because the same value would be used for multiple requests. + * If you are looking for a way to cancel requests, you should use the `cancellable` option. + * - **`cancellable`** – `{boolean}` – if set to true, the request made by a "non-instance" call + * will be cancelled (if not already completed) by calling `$cancelRequest()` on the call's + * return value. Calling `$cancelRequest()` for a non-cancellable or an already + * completed/cancelled request will have no effect.
    + * - **`withCredentials`** - `{boolean}` - whether to set the `withCredentials` flag on the + * XHR object. See + * [requests with credentials](https://developer.mozilla.org/en/http_access_control#section_5) + * for more information. + * - **`responseType`** - `{string}` - see + * [requestType](https://developer.mozilla.org/en-US/docs/DOM/XMLHttpRequest#responseType). + * - **`interceptor`** - `{Object=}` - The interceptor object has two optional methods - + * `response` and `responseError`. Both `response` and `responseError` interceptors get called + * with `http response` object. See {@link ng.$http $http interceptors}. + * - **`hasBody`** - `{boolean}` - allows to specify if a request body should be included or not. + * If not specified only POST, PUT and PATCH requests will have a body. + * + * @param {Object} options Hash with custom settings that should extend the + * default `$resourceProvider` behavior. The supported options are: + * + * - **`stripTrailingSlashes`** – {boolean} – If true then the trailing + * slashes from any calculated URL will be stripped. (Defaults to true.) + * - **`cancellable`** – {boolean} – If true, the request made by a "non-instance" call will be + * cancelled (if not already completed) by calling `$cancelRequest()` on the call's return value. + * This can be overwritten per action. (Defaults to false.) + * + * @returns {Object} A resource "class" object with methods for the default set of resource actions + * optionally extended with custom `actions`. The default set contains these actions: + * ```js + * { 'get': {method:'GET'}, + * 'save': {method:'POST'}, + * 'query': {method:'GET', isArray:true}, + * 'remove': {method:'DELETE'}, + * 'delete': {method:'DELETE'} }; + * ``` + * + * Calling these methods invoke an {@link ng.$http} with the specified http method, + * destination and parameters. When the data is returned from the server then the object is an + * instance of the resource class. The actions `save`, `remove` and `delete` are available on it + * as methods with the `$` prefix. This allows you to easily perform CRUD operations (create, + * read, update, delete) on server-side data like this: + * ```js + * var User = $resource('/user/:userId', {userId:'@id'}); + * var user = User.get({userId:123}, function() { + * user.abc = true; + * user.$save(); + * }); + * ``` + * + * It is important to realize that invoking a $resource object method immediately returns an + * empty reference (object or array depending on `isArray`). Once the data is returned from the + * server the existing reference is populated with the actual data. This is a useful trick since + * usually the resource is assigned to a model which is then rendered by the view. Having an empty + * object results in no rendering, once the data arrives from the server then the object is + * populated with the data and the view automatically re-renders itself showing the new data. This + * means that in most cases one never has to write a callback function for the action methods. + * + * The action methods on the class object or instance object can be invoked with the following + * parameters: + * + * - "class" actions without a body: `Resource.action([parameters], [success], [error])` + * - "class" actions with a body: `Resource.action([parameters], postData, [success], [error])` + * - instance actions: `instance.$action([parameters], [success], [error])` + * + * + * When calling instance methods, the instance itself is used as the request body (if the action + * should have a body). By default, only actions using `POST`, `PUT` or `PATCH` have request + * bodies, but you can use the `hasBody` configuration option to specify whether an action + * should have a body or not (regardless of its HTTP method). + * + * + * Success callback is called with (value (Object|Array), responseHeaders (Function), + * status (number), statusText (string)) arguments, where the value is the populated resource + * instance or collection object. The error callback is called with (httpResponse) argument. + * + * Class actions return empty instance (with additional properties below). + * Instance actions return promise of the action. + * + * The Resource instances and collections have these additional properties: + * + * - `$promise`: the {@link ng.$q promise} of the original server interaction that created this + * instance or collection. + * + * On success, the promise is resolved with the same resource instance or collection object, + * updated with data from server. This makes it easy to use in + * {@link ngRoute.$routeProvider resolve section of $routeProvider.when()} to defer view + * rendering until the resource(s) are loaded. + * + * On failure, the promise is rejected with the {@link ng.$http http response} object, without + * the `resource` property. + * + * If an interceptor object was provided, the promise will instead be resolved with the value + * returned by the interceptor. + * + * - `$resolved`: `true` after first server interaction is completed (either with success or + * rejection), `false` before that. Knowing if the Resource has been resolved is useful in + * data-binding. + * + * The Resource instances and collections have these additional methods: + * + * - `$cancelRequest`: If there is a cancellable, pending request related to the instance or + * collection, calling this method will abort the request. + * + * The Resource instances have these additional methods: + * + * - `toJSON`: It returns a simple object without any of the extra properties added as part of + * the Resource API. This object can be serialized through {@link angular.toJson} safely + * without attaching Angular-specific fields. Notice that `JSON.stringify` (and + * `angular.toJson`) automatically use this method when serializing a Resource instance + * (see [MDN](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/stringify#toJSON%28%29_behavior)). + * + * @example + * + * # Credit card resource + * + * ```js + // Define CreditCard class + var CreditCard = $resource('/user/:userId/card/:cardId', + {userId:123, cardId:'@id'}, { + charge: {method:'POST', params:{charge:true}} + }); + + // We can retrieve a collection from the server + var cards = CreditCard.query(function() { + // GET: /user/123/card + // server returns: [ {id:456, number:'1234', name:'Smith'} ]; + + var card = cards[0]; + // each item is an instance of CreditCard + expect(card instanceof CreditCard).toEqual(true); + card.name = "J. Smith"; + // non GET methods are mapped onto the instances + card.$save(); + // POST: /user/123/card/456 {id:456, number:'1234', name:'J. Smith'} + // server returns: {id:456, number:'1234', name: 'J. Smith'}; + + // our custom method is mapped as well. + card.$charge({amount:9.99}); + // POST: /user/123/card/456?amount=9.99&charge=true {id:456, number:'1234', name:'J. Smith'} + }); + + // we can create an instance as well + var newCard = new CreditCard({number:'0123'}); + newCard.name = "Mike Smith"; + newCard.$save(); + // POST: /user/123/card {number:'0123', name:'Mike Smith'} + // server returns: {id:789, number:'0123', name: 'Mike Smith'}; + expect(newCard.id).toEqual(789); + * ``` + * + * The object returned from this function execution is a resource "class" which has "static" method + * for each action in the definition. + * + * Calling these methods invoke `$http` on the `url` template with the given `method`, `params` and + * `headers`. + * + * @example + * + * # User resource + * + * When the data is returned from the server then the object is an instance of the resource type and + * all of the non-GET methods are available with `$` prefix. This allows you to easily support CRUD + * operations (create, read, update, delete) on server-side data. + + ```js + var User = $resource('/user/:userId', {userId:'@id'}); + User.get({userId:123}, function(user) { + user.abc = true; + user.$save(); + }); + ``` + * + * It's worth noting that the success callback for `get`, `query` and other methods gets passed + * in the response that came from the server as well as $http header getter function, so one + * could rewrite the above example and get access to http headers as: + * + ```js + var User = $resource('/user/:userId', {userId:'@id'}); + User.get({userId:123}, function(user, getResponseHeaders){ + user.abc = true; + user.$save(function(user, putResponseHeaders) { + //user => saved user object + //putResponseHeaders => $http header getter + }); + }); + ``` + * + * You can also access the raw `$http` promise via the `$promise` property on the object returned + * + ``` + var User = $resource('/user/:userId', {userId:'@id'}); + User.get({userId:123}) + .$promise.then(function(user) { + $scope.user = user; + }); + ``` + * + * @example + * + * # Creating a custom 'PUT' request + * + * In this example we create a custom method on our resource to make a PUT request + * ```js + * var app = angular.module('app', ['ngResource', 'ngRoute']); + * + * // Some APIs expect a PUT request in the format URL/object/ID + * // Here we are creating an 'update' method + * app.factory('Notes', ['$resource', function($resource) { + * return $resource('/notes/:id', null, + * { + * 'update': { method:'PUT' } + * }); + * }]); + * + * // In our controller we get the ID from the URL using ngRoute and $routeParams + * // We pass in $routeParams and our Notes factory along with $scope + * app.controller('NotesCtrl', ['$scope', '$routeParams', 'Notes', + function($scope, $routeParams, Notes) { + * // First get a note object from the factory + * var note = Notes.get({ id:$routeParams.id }); + * $id = note.id; + * + * // Now call update passing in the ID first then the object you are updating + * Notes.update({ id:$id }, note); + * + * // This will PUT /notes/ID with the note object in the request payload + * }]); + * ``` + * + * @example + * + * # Cancelling requests + * + * If an action's configuration specifies that it is cancellable, you can cancel the request related + * to an instance or collection (as long as it is a result of a "non-instance" call): + * + ```js + // ...defining the `Hotel` resource... + var Hotel = $resource('/api/hotel/:id', {id: '@id'}, { + // Let's make the `query()` method cancellable + query: {method: 'get', isArray: true, cancellable: true} + }); + + // ...somewhere in the PlanVacationController... + ... + this.onDestinationChanged = function onDestinationChanged(destination) { + // We don't care about any pending request for hotels + // in a different destination any more + this.availableHotels.$cancelRequest(); + + // Let's query for hotels in '' + // (calls: /api/hotel?location=) + this.availableHotels = Hotel.query({location: destination}); + }; + ``` + * + */ +angular.module('ngResource', ['ng']). + info({ angularVersion: '1.6.4' }). + provider('$resource', function ResourceProvider() { + var PROTOCOL_AND_IPV6_REGEX = /^https?:\/\/\[[^\]]*][^/]*/; + + var provider = this; + + /** + * @ngdoc property + * @name $resourceProvider#defaults + * @description + * Object containing default options used when creating `$resource` instances. + * + * The default values satisfy a wide range of usecases, but you may choose to overwrite any of + * them to further customize your instances. The available properties are: + * + * - **stripTrailingSlashes** – `{boolean}` – If true, then the trailing slashes from any + * calculated URL will be stripped.
    + * (Defaults to true.) + * - **cancellable** – `{boolean}` – If true, the request made by a "non-instance" call will be + * cancelled (if not already completed) by calling `$cancelRequest()` on the call's return + * value. For more details, see {@link ngResource.$resource}. This can be overwritten per + * resource class or action.
    + * (Defaults to false.) + * - **actions** - `{Object.}` - A hash with default actions declarations. Actions are + * high-level methods corresponding to RESTful actions/methods on resources. An action may + * specify what HTTP method to use, what URL to hit, if the return value will be a single + * object or a collection (array) of objects etc. For more details, see + * {@link ngResource.$resource}. The actions can also be enhanced or overwritten per resource + * class.
    + * The default actions are: + * ```js + * { + * get: {method: 'GET'}, + * save: {method: 'POST'}, + * query: {method: 'GET', isArray: true}, + * remove: {method: 'DELETE'}, + * delete: {method: 'DELETE'} + * } + * ``` + * + * #### Example + * + * For example, you can specify a new `update` action that uses the `PUT` HTTP verb: + * + * ```js + * angular. + * module('myApp'). + * config(['$resourceProvider', function ($resourceProvider) { + * $resourceProvider.defaults.actions.update = { + * method: 'PUT' + * }; + * }); + * ``` + * + * Or you can even overwrite the whole `actions` list and specify your own: + * + * ```js + * angular. + * module('myApp'). + * config(['$resourceProvider', function ($resourceProvider) { + * $resourceProvider.defaults.actions = { + * create: {method: 'POST'}, + * get: {method: 'GET'}, + * getAll: {method: 'GET', isArray:true}, + * update: {method: 'PUT'}, + * delete: {method: 'DELETE'} + * }; + * }); + * ``` + * + */ + this.defaults = { + // Strip slashes by default + stripTrailingSlashes: true, + + // Make non-instance requests cancellable (via `$cancelRequest()`) + cancellable: false, + + // Default actions configuration + actions: { + 'get': {method: 'GET'}, + 'save': {method: 'POST'}, + 'query': {method: 'GET', isArray: true}, + 'remove': {method: 'DELETE'}, + 'delete': {method: 'DELETE'} + } + }; + + this.$get = ['$http', '$log', '$q', '$timeout', function($http, $log, $q, $timeout) { + + var noop = angular.noop, + forEach = angular.forEach, + extend = angular.extend, + copy = angular.copy, + isArray = angular.isArray, + isDefined = angular.isDefined, + isFunction = angular.isFunction, + isNumber = angular.isNumber, + encodeUriQuery = angular.$$encodeUriQuery, + encodeUriSegment = angular.$$encodeUriSegment; + + function Route(template, defaults) { + this.template = template; + this.defaults = extend({}, provider.defaults, defaults); + this.urlParams = {}; + } + + Route.prototype = { + setUrlParams: function(config, params, actionUrl) { + var self = this, + url = actionUrl || self.template, + val, + encodedVal, + protocolAndIpv6 = ''; + + var urlParams = self.urlParams = Object.create(null); + forEach(url.split(/\W/), function(param) { + if (param === 'hasOwnProperty') { + throw $resourceMinErr('badname', 'hasOwnProperty is not a valid parameter name.'); + } + if (!(new RegExp('^\\d+$').test(param)) && param && + (new RegExp('(^|[^\\\\]):' + param + '(\\W|$)').test(url))) { + urlParams[param] = { + isQueryParamValue: (new RegExp('\\?.*=:' + param + '(?:\\W|$)')).test(url) + }; + } + }); + url = url.replace(/\\:/g, ':'); + url = url.replace(PROTOCOL_AND_IPV6_REGEX, function(match) { + protocolAndIpv6 = match; + return ''; + }); + + params = params || {}; + forEach(self.urlParams, function(paramInfo, urlParam) { + val = params.hasOwnProperty(urlParam) ? params[urlParam] : self.defaults[urlParam]; + if (isDefined(val) && val !== null) { + if (paramInfo.isQueryParamValue) { + encodedVal = encodeUriQuery(val, true); + } else { + encodedVal = encodeUriSegment(val); + } + url = url.replace(new RegExp(':' + urlParam + '(\\W|$)', 'g'), function(match, p1) { + return encodedVal + p1; + }); + } else { + url = url.replace(new RegExp('(/?):' + urlParam + '(\\W|$)', 'g'), function(match, + leadingSlashes, tail) { + if (tail.charAt(0) === '/') { + return tail; + } else { + return leadingSlashes + tail; + } + }); + } + }); + + // strip trailing slashes and set the url (unless this behavior is specifically disabled) + if (self.defaults.stripTrailingSlashes) { + url = url.replace(/\/+$/, '') || '/'; + } + + // Collapse `/.` if found in the last URL path segment before the query. + // E.g. `http://url.com/id/.format?q=x` becomes `http://url.com/id.format?q=x`. + url = url.replace(/\/\.(?=\w+($|\?))/, '.'); + // Replace escaped `/\.` with `/.`. + // (If `\.` comes from a param value, it will be encoded as `%5C.`.) + config.url = protocolAndIpv6 + url.replace(/\/(\\|%5C)\./, '/.'); + + + // set params - delegate param encoding to $http + forEach(params, function(value, key) { + if (!self.urlParams[key]) { + config.params = config.params || {}; + config.params[key] = value; + } + }); + } + }; + + + function resourceFactory(url, paramDefaults, actions, options) { + var route = new Route(url, options); + + actions = extend({}, provider.defaults.actions, actions); + + function extractParams(data, actionParams) { + var ids = {}; + actionParams = extend({}, paramDefaults, actionParams); + forEach(actionParams, function(value, key) { + if (isFunction(value)) { value = value(data); } + ids[key] = value && value.charAt && value.charAt(0) === '@' ? + lookupDottedPath(data, value.substr(1)) : value; + }); + return ids; + } + + function defaultResponseInterceptor(response) { + return response.resource; + } + + function Resource(value) { + shallowClearAndCopy(value || {}, this); + } + + Resource.prototype.toJSON = function() { + var data = extend({}, this); + delete data.$promise; + delete data.$resolved; + delete data.$cancelRequest; + return data; + }; + + forEach(actions, function(action, name) { + var hasBody = action.hasBody === true || (action.hasBody !== false && /^(POST|PUT|PATCH)$/i.test(action.method)); + var numericTimeout = action.timeout; + var cancellable = isDefined(action.cancellable) ? + action.cancellable : route.defaults.cancellable; + + if (numericTimeout && !isNumber(numericTimeout)) { + $log.debug('ngResource:\n' + + ' Only numeric values are allowed as `timeout`.\n' + + ' Promises are not supported in $resource, because the same value would ' + + 'be used for multiple requests. If you are looking for a way to cancel ' + + 'requests, you should use the `cancellable` option.'); + delete action.timeout; + numericTimeout = null; + } + + Resource[name] = function(a1, a2, a3, a4) { + var params = {}, data, success, error; + + switch (arguments.length) { + case 4: + error = a4; + success = a3; + // falls through + case 3: + case 2: + if (isFunction(a2)) { + if (isFunction(a1)) { + success = a1; + error = a2; + break; + } + + success = a2; + error = a3; + // falls through + } else { + params = a1; + data = a2; + success = a3; + break; + } + // falls through + case 1: + if (isFunction(a1)) success = a1; + else if (hasBody) data = a1; + else params = a1; + break; + case 0: break; + default: + throw $resourceMinErr('badargs', + 'Expected up to 4 arguments [params, data, success, error], got {0} arguments', + arguments.length); + } + + var isInstanceCall = this instanceof Resource; + var value = isInstanceCall ? data : (action.isArray ? [] : new Resource(data)); + var httpConfig = {}; + var responseInterceptor = action.interceptor && action.interceptor.response || + defaultResponseInterceptor; + var responseErrorInterceptor = action.interceptor && action.interceptor.responseError || + undefined; + var hasError = !!error; + var hasResponseErrorInterceptor = !!responseErrorInterceptor; + var timeoutDeferred; + var numericTimeoutPromise; + + forEach(action, function(value, key) { + switch (key) { + default: + httpConfig[key] = copy(value); + break; + case 'params': + case 'isArray': + case 'interceptor': + case 'cancellable': + break; + } + }); + + if (!isInstanceCall && cancellable) { + timeoutDeferred = $q.defer(); + httpConfig.timeout = timeoutDeferred.promise; + + if (numericTimeout) { + numericTimeoutPromise = $timeout(timeoutDeferred.resolve, numericTimeout); + } + } + + if (hasBody) httpConfig.data = data; + route.setUrlParams(httpConfig, + extend({}, extractParams(data, action.params || {}), params), + action.url); + + var promise = $http(httpConfig).then(function(response) { + var data = response.data; + + if (data) { + // Need to convert action.isArray to boolean in case it is undefined + if (isArray(data) !== (!!action.isArray)) { + throw $resourceMinErr('badcfg', + 'Error in resource configuration for action `{0}`. Expected response to ' + + 'contain an {1} but got an {2} (Request: {3} {4})', name, action.isArray ? 'array' : 'object', + isArray(data) ? 'array' : 'object', httpConfig.method, httpConfig.url); + } + if (action.isArray) { + value.length = 0; + forEach(data, function(item) { + if (typeof item === 'object') { + value.push(new Resource(item)); + } else { + // Valid JSON values may be string literals, and these should not be converted + // into objects. These items will not have access to the Resource prototype + // methods, but unfortunately there + value.push(item); + } + }); + } else { + var promise = value.$promise; // Save the promise + shallowClearAndCopy(data, value); + value.$promise = promise; // Restore the promise + } + } + response.resource = value; + + return response; + }); + + promise = promise['finally'](function() { + value.$resolved = true; + if (!isInstanceCall && cancellable) { + value.$cancelRequest = noop; + $timeout.cancel(numericTimeoutPromise); + timeoutDeferred = numericTimeoutPromise = httpConfig.timeout = null; + } + }); + + promise = promise.then( + function(response) { + var value = responseInterceptor(response); + (success || noop)(value, response.headers, response.status, response.statusText); + return value; + }, + (hasError || hasResponseErrorInterceptor) ? + function(response) { + if (hasError && !hasResponseErrorInterceptor) { + // Avoid `Possibly Unhandled Rejection` error, + // but still fulfill the returned promise with a rejection + promise.catch(noop); + } + if (hasError) error(response); + return hasResponseErrorInterceptor ? + responseErrorInterceptor(response) : + $q.reject(response); + } : + undefined); + + if (!isInstanceCall) { + // we are creating instance / collection + // - set the initial promise + // - return the instance / collection + value.$promise = promise; + value.$resolved = false; + if (cancellable) value.$cancelRequest = cancelRequest; + + return value; + } + + // instance call + return promise; + + function cancelRequest(value) { + promise.catch(noop); + timeoutDeferred.resolve(value); + } + }; + + + Resource.prototype['$' + name] = function(params, success, error) { + if (isFunction(params)) { + error = success; success = params; params = {}; + } + var result = Resource[name].call(this, params, this, success, error); + return result.$promise || result; + }; + }); + + Resource.bind = function(additionalParamDefaults) { + var extendedParamDefaults = extend({}, paramDefaults, additionalParamDefaults); + return resourceFactory(url, extendedParamDefaults, actions, options); + }; + + return Resource; + } + + return resourceFactory; + }]; + }); + + +})(window, window.angular); diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-resource/angular-resource.min.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-resource/angular-resource.min.js new file mode 100644 index 00000000000..9a6687d53b2 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-resource/angular-resource.min.js @@ -0,0 +1,15 @@ +/* + AngularJS v1.6.4 + (c) 2010-2017 Google, Inc. http://angularjs.org + License: MIT +*/ +(function(W,b){'use strict';function K(q,g){g=g||{};b.forEach(g,function(b,h){delete g[h]});for(var h in q)!q.hasOwnProperty(h)||"$"===h.charAt(0)&&"$"===h.charAt(1)||(g[h]=q[h]);return g}var B=b.$$minErr("$resource"),Q=/^(\.[a-zA-Z_$@][0-9a-zA-Z_$@]*)+$/;b.module("ngResource",["ng"]).info({angularVersion:"1.6.4"}).provider("$resource",function(){var q=/^https?:\/\/\[[^\]]*][^/]*/,g=this;this.defaults={stripTrailingSlashes:!0,cancellable:!1,actions:{get:{method:"GET"},save:{method:"POST"},query:{method:"GET", +isArray:!0},remove:{method:"DELETE"},"delete":{method:"DELETE"}}};this.$get=["$http","$log","$q","$timeout",function(h,P,L,M){function C(b,e){this.template=b;this.defaults=p({},g.defaults,e);this.urlParams={}}function x(D,e,u,m){function c(a,d){var c={};d=p({},e,d);t(d,function(d,l){y(d)&&(d=d(a));var f;if(d&&d.charAt&&"@"===d.charAt(0)){f=a;var k=d.substr(1);if(null==k||""===k||"hasOwnProperty"===k||!Q.test("."+k))throw B("badmember",k);for(var k=k.split("."),e=0,g=k.length;e", + "license": "MIT", + "bugs": { + "url": "https://github.com/angular/angular.js/issues" + }, + "homepage": "http://angularjs.org", + "jspm": { + "shim": { + "angular-resource": { + "deps": ["angular"] + } + } + } +} diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-route/LICENSE.md b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-route/LICENSE.md new file mode 100644 index 00000000000..2c395eef1ba --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-route/LICENSE.md @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2016 Angular + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-route/README.md b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-route/README.md new file mode 100644 index 00000000000..2cd4f9091d4 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-route/README.md @@ -0,0 +1,68 @@ +# packaged angular-route + +This repo is for distribution on `npm` and `bower`. The source for this module is in the +[main AngularJS repo](https://github.com/angular/angular.js/tree/master/src/ngRoute). +Please file issues and pull requests against that repo. + +## Install + +You can install this package either with `npm` or with `bower`. + +### npm + +```shell +npm install angular-route +``` + +Then add `ngRoute` as a dependency for your app: + +```javascript +angular.module('myApp', [require('angular-route')]); +``` + +### bower + +```shell +bower install angular-route +``` + +Add a ` +``` + +Then add `ngRoute` as a dependency for your app: + +```javascript +angular.module('myApp', ['ngRoute']); +``` + +## Documentation + +Documentation is available on the +[AngularJS docs site](http://docs.angularjs.org/api/ngRoute). + +## License + +The MIT License + +Copyright (c) 2010-2015 Google, Inc. http://angularjs.org + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-route/angular-route.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-route/angular-route.js new file mode 100644 index 00000000000..0fc3404b8f9 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-route/angular-route.js @@ -0,0 +1,1229 @@ +/** + * @license AngularJS v1.6.4 + * (c) 2010-2017 Google, Inc. http://angularjs.org + * License: MIT + */ +(function(window, angular) {'use strict'; + +/* global shallowCopy: true */ + +/** + * Creates a shallow copy of an object, an array or a primitive. + * + * Assumes that there are no proto properties for objects. + */ +function shallowCopy(src, dst) { + if (isArray(src)) { + dst = dst || []; + + for (var i = 0, ii = src.length; i < ii; i++) { + dst[i] = src[i]; + } + } else if (isObject(src)) { + dst = dst || {}; + + for (var key in src) { + if (!(key.charAt(0) === '$' && key.charAt(1) === '$')) { + dst[key] = src[key]; + } + } + } + + return dst || src; +} + +/* global shallowCopy: false */ + +// `isArray` and `isObject` are necessary for `shallowCopy()` (included via `src/shallowCopy.js`). +// They are initialized inside the `$RouteProvider`, to ensure `window.angular` is available. +var isArray; +var isObject; +var isDefined; +var noop; + +/** + * @ngdoc module + * @name ngRoute + * @description + * + * # ngRoute + * + * The `ngRoute` module provides routing and deeplinking services and directives for angular apps. + * + * ## Example + * See {@link ngRoute.$route#example $route} for an example of configuring and using `ngRoute`. + * + * + *
    + */ +/* global -ngRouteModule */ +var ngRouteModule = angular. + module('ngRoute', []). + info({ angularVersion: '1.6.4' }). + provider('$route', $RouteProvider). + // Ensure `$route` will be instantiated in time to capture the initial `$locationChangeSuccess` + // event (unless explicitly disabled). This is necessary in case `ngView` is included in an + // asynchronously loaded template. + run(instantiateRoute); +var $routeMinErr = angular.$$minErr('ngRoute'); +var isEagerInstantiationEnabled; + + +/** + * @ngdoc provider + * @name $routeProvider + * @this + * + * @description + * + * Used for configuring routes. + * + * ## Example + * See {@link ngRoute.$route#example $route} for an example of configuring and using `ngRoute`. + * + * ## Dependencies + * Requires the {@link ngRoute `ngRoute`} module to be installed. + */ +function $RouteProvider() { + isArray = angular.isArray; + isObject = angular.isObject; + isDefined = angular.isDefined; + noop = angular.noop; + + function inherit(parent, extra) { + return angular.extend(Object.create(parent), extra); + } + + var routes = {}; + + /** + * @ngdoc method + * @name $routeProvider#when + * + * @param {string} path Route path (matched against `$location.path`). If `$location.path` + * contains redundant trailing slash or is missing one, the route will still match and the + * `$location.path` will be updated to add or drop the trailing slash to exactly match the + * route definition. + * + * * `path` can contain named groups starting with a colon: e.g. `:name`. All characters up + * to the next slash are matched and stored in `$routeParams` under the given `name` + * when the route matches. + * * `path` can contain named groups starting with a colon and ending with a star: + * e.g.`:name*`. All characters are eagerly stored in `$routeParams` under the given `name` + * when the route matches. + * * `path` can contain optional named groups with a question mark: e.g.`:name?`. + * + * For example, routes like `/color/:color/largecode/:largecode*\/edit` will match + * `/color/brown/largecode/code/with/slashes/edit` and extract: + * + * * `color: brown` + * * `largecode: code/with/slashes`. + * + * + * @param {Object} route Mapping information to be assigned to `$route.current` on route + * match. + * + * Object properties: + * + * - `controller` – `{(string|Function)=}` – Controller fn that should be associated with + * newly created scope or the name of a {@link angular.Module#controller registered + * controller} if passed as a string. + * - `controllerAs` – `{string=}` – An identifier name for a reference to the controller. + * If present, the controller will be published to scope under the `controllerAs` name. + * - `template` – `{(string|Function)=}` – html template as a string or a function that + * returns an html template as a string which should be used by {@link + * ngRoute.directive:ngView ngView} or {@link ng.directive:ngInclude ngInclude} directives. + * This property takes precedence over `templateUrl`. + * + * If `template` is a function, it will be called with the following parameters: + * + * - `{Array.}` - route parameters extracted from the current + * `$location.path()` by applying the current route + * + * One of `template` or `templateUrl` is required. + * + * - `templateUrl` – `{(string|Function)=}` – path or function that returns a path to an html + * template that should be used by {@link ngRoute.directive:ngView ngView}. + * + * If `templateUrl` is a function, it will be called with the following parameters: + * + * - `{Array.}` - route parameters extracted from the current + * `$location.path()` by applying the current route + * + * One of `templateUrl` or `template` is required. + * + * - `resolve` - `{Object.=}` - An optional map of dependencies which should + * be injected into the controller. If any of these dependencies are promises, the router + * will wait for them all to be resolved or one to be rejected before the controller is + * instantiated. + * If all the promises are resolved successfully, the values of the resolved promises are + * injected and {@link ngRoute.$route#$routeChangeSuccess $routeChangeSuccess} event is + * fired. If any of the promises are rejected the + * {@link ngRoute.$route#$routeChangeError $routeChangeError} event is fired. + * For easier access to the resolved dependencies from the template, the `resolve` map will + * be available on the scope of the route, under `$resolve` (by default) or a custom name + * specified by the `resolveAs` property (see below). This can be particularly useful, when + * working with {@link angular.Module#component components} as route templates.
    + *
    + * **Note:** If your scope already contains a property with this name, it will be hidden + * or overwritten. Make sure, you specify an appropriate name for this property, that + * does not collide with other properties on the scope. + *
    + * The map object is: + * + * - `key` – `{string}`: a name of a dependency to be injected into the controller. + * - `factory` - `{string|Function}`: If `string` then it is an alias for a service. + * Otherwise if function, then it is {@link auto.$injector#invoke injected} + * and the return value is treated as the dependency. If the result is a promise, it is + * resolved before its value is injected into the controller. Be aware that + * `ngRoute.$routeParams` will still refer to the previous route within these resolve + * functions. Use `$route.current.params` to access the new route parameters, instead. + * + * - `resolveAs` - `{string=}` - The name under which the `resolve` map will be available on + * the scope of the route. If omitted, defaults to `$resolve`. + * + * - `redirectTo` – `{(string|Function)=}` – value to update + * {@link ng.$location $location} path with and trigger route redirection. + * + * If `redirectTo` is a function, it will be called with the following parameters: + * + * - `{Object.}` - route parameters extracted from the current + * `$location.path()` by applying the current route templateUrl. + * - `{string}` - current `$location.path()` + * - `{Object}` - current `$location.search()` + * + * The custom `redirectTo` function is expected to return a string which will be used + * to update `$location.url()`. If the function throws an error, no further processing will + * take place and the {@link ngRoute.$route#$routeChangeError $routeChangeError} event will + * be fired. + * + * Routes that specify `redirectTo` will not have their controllers, template functions + * or resolves called, the `$location` will be changed to the redirect url and route + * processing will stop. The exception to this is if the `redirectTo` is a function that + * returns `undefined`. In this case the route transition occurs as though there was no + * redirection. + * + * - `resolveRedirectTo` – `{Function=}` – a function that will (eventually) return the value + * to update {@link ng.$location $location} URL with and trigger route redirection. In + * contrast to `redirectTo`, dependencies can be injected into `resolveRedirectTo` and the + * return value can be either a string or a promise that will be resolved to a string. + * + * Similar to `redirectTo`, if the return value is `undefined` (or a promise that gets + * resolved to `undefined`), no redirection takes place and the route transition occurs as + * though there was no redirection. + * + * If the function throws an error or the returned promise gets rejected, no further + * processing will take place and the + * {@link ngRoute.$route#$routeChangeError $routeChangeError} event will be fired. + * + * `redirectTo` takes precedence over `resolveRedirectTo`, so specifying both on the same + * route definition, will cause the latter to be ignored. + * + * - `[reloadOnSearch=true]` - `{boolean=}` - reload route when only `$location.search()` + * or `$location.hash()` changes. + * + * If the option is set to `false` and url in the browser changes, then + * `$routeUpdate` event is broadcasted on the root scope. + * + * - `[caseInsensitiveMatch=false]` - `{boolean=}` - match routes without being case sensitive + * + * If the option is set to `true`, then the particular route can be matched without being + * case sensitive + * + * @returns {Object} self + * + * @description + * Adds a new route definition to the `$route` service. + */ + this.when = function(path, route) { + //copy original route object to preserve params inherited from proto chain + var routeCopy = shallowCopy(route); + if (angular.isUndefined(routeCopy.reloadOnSearch)) { + routeCopy.reloadOnSearch = true; + } + if (angular.isUndefined(routeCopy.caseInsensitiveMatch)) { + routeCopy.caseInsensitiveMatch = this.caseInsensitiveMatch; + } + routes[path] = angular.extend( + routeCopy, + path && pathRegExp(path, routeCopy) + ); + + // create redirection for trailing slashes + if (path) { + var redirectPath = (path[path.length - 1] === '/') + ? path.substr(0, path.length - 1) + : path + '/'; + + routes[redirectPath] = angular.extend( + {redirectTo: path}, + pathRegExp(redirectPath, routeCopy) + ); + } + + return this; + }; + + /** + * @ngdoc property + * @name $routeProvider#caseInsensitiveMatch + * @description + * + * A boolean property indicating if routes defined + * using this provider should be matched using a case insensitive + * algorithm. Defaults to `false`. + */ + this.caseInsensitiveMatch = false; + + /** + * @param path {string} path + * @param opts {Object} options + * @return {?Object} + * + * @description + * Normalizes the given path, returning a regular expression + * and the original path. + * + * Inspired by pathRexp in visionmedia/express/lib/utils.js. + */ + function pathRegExp(path, opts) { + var insensitive = opts.caseInsensitiveMatch, + ret = { + originalPath: path, + regexp: path + }, + keys = ret.keys = []; + + path = path + .replace(/([().])/g, '\\$1') + .replace(/(\/)?:(\w+)(\*\?|[?*])?/g, function(_, slash, key, option) { + var optional = (option === '?' || option === '*?') ? '?' : null; + var star = (option === '*' || option === '*?') ? '*' : null; + keys.push({ name: key, optional: !!optional }); + slash = slash || ''; + return '' + + (optional ? '' : slash) + + '(?:' + + (optional ? slash : '') + + (star && '(.+?)' || '([^/]+)') + + (optional || '') + + ')' + + (optional || ''); + }) + .replace(/([/$*])/g, '\\$1'); + + ret.regexp = new RegExp('^' + path + '$', insensitive ? 'i' : ''); + return ret; + } + + /** + * @ngdoc method + * @name $routeProvider#otherwise + * + * @description + * Sets route definition that will be used on route change when no other route definition + * is matched. + * + * @param {Object|string} params Mapping information to be assigned to `$route.current`. + * If called with a string, the value maps to `redirectTo`. + * @returns {Object} self + */ + this.otherwise = function(params) { + if (typeof params === 'string') { + params = {redirectTo: params}; + } + this.when(null, params); + return this; + }; + + /** + * @ngdoc method + * @name $routeProvider#eagerInstantiationEnabled + * @kind function + * + * @description + * Call this method as a setter to enable/disable eager instantiation of the + * {@link ngRoute.$route $route} service upon application bootstrap. You can also call it as a + * getter (i.e. without any arguments) to get the current value of the + * `eagerInstantiationEnabled` flag. + * + * Instantiating `$route` early is necessary for capturing the initial + * {@link ng.$location#$locationChangeStart $locationChangeStart} event and navigating to the + * appropriate route. Usually, `$route` is instantiated in time by the + * {@link ngRoute.ngView ngView} directive. Yet, in cases where `ngView` is included in an + * asynchronously loaded template (e.g. in another directive's template), the directive factory + * might not be called soon enough for `$route` to be instantiated _before_ the initial + * `$locationChangeSuccess` event is fired. Eager instantiation ensures that `$route` is always + * instantiated in time, regardless of when `ngView` will be loaded. + * + * The default value is true. + * + * **Note**:
    + * You may want to disable the default behavior when unit-testing modules that depend on + * `ngRoute`, in order to avoid an unexpected request for the default route's template. + * + * @param {boolean=} enabled - If provided, update the internal `eagerInstantiationEnabled` flag. + * + * @returns {*} The current value of the `eagerInstantiationEnabled` flag if used as a getter or + * itself (for chaining) if used as a setter. + */ + isEagerInstantiationEnabled = true; + this.eagerInstantiationEnabled = function eagerInstantiationEnabled(enabled) { + if (isDefined(enabled)) { + isEagerInstantiationEnabled = enabled; + return this; + } + + return isEagerInstantiationEnabled; + }; + + + this.$get = ['$rootScope', + '$location', + '$routeParams', + '$q', + '$injector', + '$templateRequest', + '$sce', + '$browser', + function($rootScope, $location, $routeParams, $q, $injector, $templateRequest, $sce, $browser) { + + /** + * @ngdoc service + * @name $route + * @requires $location + * @requires $routeParams + * + * @property {Object} current Reference to the current route definition. + * The route definition contains: + * + * - `controller`: The controller constructor as defined in the route definition. + * - `locals`: A map of locals which is used by {@link ng.$controller $controller} service for + * controller instantiation. The `locals` contain + * the resolved values of the `resolve` map. Additionally the `locals` also contain: + * + * - `$scope` - The current route scope. + * - `$template` - The current route template HTML. + * + * The `locals` will be assigned to the route scope's `$resolve` property. You can override + * the property name, using `resolveAs` in the route definition. See + * {@link ngRoute.$routeProvider $routeProvider} for more info. + * + * @property {Object} routes Object with all route configuration Objects as its properties. + * + * @description + * `$route` is used for deep-linking URLs to controllers and views (HTML partials). + * It watches `$location.url()` and tries to map the path to an existing route definition. + * + * Requires the {@link ngRoute `ngRoute`} module to be installed. + * + * You can define routes through {@link ngRoute.$routeProvider $routeProvider}'s API. + * + * The `$route` service is typically used in conjunction with the + * {@link ngRoute.directive:ngView `ngView`} directive and the + * {@link ngRoute.$routeParams `$routeParams`} service. + * + * @example + * This example shows how changing the URL hash causes the `$route` to match a route against the + * URL, and the `ngView` pulls in the partial. + * + * + * + *
    + * Choose: + * Moby | + * Moby: Ch1 | + * Gatsby | + * Gatsby: Ch4 | + * Scarlet Letter
    + * + *
    + * + *
    + * + *
    $location.path() = {{$location.path()}}
    + *
    $route.current.templateUrl = {{$route.current.templateUrl}}
    + *
    $route.current.params = {{$route.current.params}}
    + *
    $route.current.scope.name = {{$route.current.scope.name}}
    + *
    $routeParams = {{$routeParams}}
    + *
    + *
    + * + * + * controller: {{name}}
    + * Book Id: {{params.bookId}}
    + *
    + * + * + * controller: {{name}}
    + * Book Id: {{params.bookId}}
    + * Chapter Id: {{params.chapterId}} + *
    + * + * + * angular.module('ngRouteExample', ['ngRoute']) + * + * .controller('MainController', function($scope, $route, $routeParams, $location) { + * $scope.$route = $route; + * $scope.$location = $location; + * $scope.$routeParams = $routeParams; + * }) + * + * .controller('BookController', function($scope, $routeParams) { + * $scope.name = 'BookController'; + * $scope.params = $routeParams; + * }) + * + * .controller('ChapterController', function($scope, $routeParams) { + * $scope.name = 'ChapterController'; + * $scope.params = $routeParams; + * }) + * + * .config(function($routeProvider, $locationProvider) { + * $routeProvider + * .when('/Book/:bookId', { + * templateUrl: 'book.html', + * controller: 'BookController', + * resolve: { + * // I will cause a 1 second delay + * delay: function($q, $timeout) { + * var delay = $q.defer(); + * $timeout(delay.resolve, 1000); + * return delay.promise; + * } + * } + * }) + * .when('/Book/:bookId/ch/:chapterId', { + * templateUrl: 'chapter.html', + * controller: 'ChapterController' + * }); + * + * // configure html5 to get links working on jsfiddle + * $locationProvider.html5Mode(true); + * }); + * + * + * + * + * it('should load and compile correct template', function() { + * element(by.linkText('Moby: Ch1')).click(); + * var content = element(by.css('[ng-view]')).getText(); + * expect(content).toMatch(/controller: ChapterController/); + * expect(content).toMatch(/Book Id: Moby/); + * expect(content).toMatch(/Chapter Id: 1/); + * + * element(by.partialLinkText('Scarlet')).click(); + * + * content = element(by.css('[ng-view]')).getText(); + * expect(content).toMatch(/controller: BookController/); + * expect(content).toMatch(/Book Id: Scarlet/); + * }); + * + *
    + */ + + /** + * @ngdoc event + * @name $route#$routeChangeStart + * @eventType broadcast on root scope + * @description + * Broadcasted before a route change. At this point the route services starts + * resolving all of the dependencies needed for the route change to occur. + * Typically this involves fetching the view template as well as any dependencies + * defined in `resolve` route property. Once all of the dependencies are resolved + * `$routeChangeSuccess` is fired. + * + * The route change (and the `$location` change that triggered it) can be prevented + * by calling `preventDefault` method of the event. See {@link ng.$rootScope.Scope#$on} + * for more details about event object. + * + * @param {Object} angularEvent Synthetic event object. + * @param {Route} next Future route information. + * @param {Route} current Current route information. + */ + + /** + * @ngdoc event + * @name $route#$routeChangeSuccess + * @eventType broadcast on root scope + * @description + * Broadcasted after a route change has happened successfully. + * The `resolve` dependencies are now available in the `current.locals` property. + * + * {@link ngRoute.directive:ngView ngView} listens for the directive + * to instantiate the controller and render the view. + * + * @param {Object} angularEvent Synthetic event object. + * @param {Route} current Current route information. + * @param {Route|Undefined} previous Previous route information, or undefined if current is + * first route entered. + */ + + /** + * @ngdoc event + * @name $route#$routeChangeError + * @eventType broadcast on root scope + * @description + * Broadcasted if a redirection function fails or any redirection or resolve promises are + * rejected. + * + * @param {Object} angularEvent Synthetic event object + * @param {Route} current Current route information. + * @param {Route} previous Previous route information. + * @param {Route} rejection The thrown error or the rejection reason of the promise. Usually + * the rejection reason is the error that caused the promise to get rejected. + */ + + /** + * @ngdoc event + * @name $route#$routeUpdate + * @eventType broadcast on root scope + * @description + * The `reloadOnSearch` property has been set to false, and we are reusing the same + * instance of the Controller. + * + * @param {Object} angularEvent Synthetic event object + * @param {Route} current Current/previous route information. + */ + + var forceReload = false, + preparedRoute, + preparedRouteIsUpdateOnly, + $route = { + routes: routes, + + /** + * @ngdoc method + * @name $route#reload + * + * @description + * Causes `$route` service to reload the current route even if + * {@link ng.$location $location} hasn't changed. + * + * As a result of that, {@link ngRoute.directive:ngView ngView} + * creates new scope and reinstantiates the controller. + */ + reload: function() { + forceReload = true; + + var fakeLocationEvent = { + defaultPrevented: false, + preventDefault: function fakePreventDefault() { + this.defaultPrevented = true; + forceReload = false; + } + }; + + $rootScope.$evalAsync(function() { + prepareRoute(fakeLocationEvent); + if (!fakeLocationEvent.defaultPrevented) commitRoute(); + }); + }, + + /** + * @ngdoc method + * @name $route#updateParams + * + * @description + * Causes `$route` service to update the current URL, replacing + * current route parameters with those specified in `newParams`. + * Provided property names that match the route's path segment + * definitions will be interpolated into the location's path, while + * remaining properties will be treated as query params. + * + * @param {!Object} newParams mapping of URL parameter names to values + */ + updateParams: function(newParams) { + if (this.current && this.current.$$route) { + newParams = angular.extend({}, this.current.params, newParams); + $location.path(interpolate(this.current.$$route.originalPath, newParams)); + // interpolate modifies newParams, only query params are left + $location.search(newParams); + } else { + throw $routeMinErr('norout', 'Tried updating route when with no current route'); + } + } + }; + + $rootScope.$on('$locationChangeStart', prepareRoute); + $rootScope.$on('$locationChangeSuccess', commitRoute); + + return $route; + + ///////////////////////////////////////////////////// + + /** + * @param on {string} current url + * @param route {Object} route regexp to match the url against + * @return {?Object} + * + * @description + * Check if the route matches the current url. + * + * Inspired by match in + * visionmedia/express/lib/router/router.js. + */ + function switchRouteMatcher(on, route) { + var keys = route.keys, + params = {}; + + if (!route.regexp) return null; + + var m = route.regexp.exec(on); + if (!m) return null; + + for (var i = 1, len = m.length; i < len; ++i) { + var key = keys[i - 1]; + + var val = m[i]; + + if (key && val) { + params[key.name] = val; + } + } + return params; + } + + function prepareRoute($locationEvent) { + var lastRoute = $route.current; + + preparedRoute = parseRoute(); + preparedRouteIsUpdateOnly = preparedRoute && lastRoute && preparedRoute.$$route === lastRoute.$$route + && angular.equals(preparedRoute.pathParams, lastRoute.pathParams) + && !preparedRoute.reloadOnSearch && !forceReload; + + if (!preparedRouteIsUpdateOnly && (lastRoute || preparedRoute)) { + if ($rootScope.$broadcast('$routeChangeStart', preparedRoute, lastRoute).defaultPrevented) { + if ($locationEvent) { + $locationEvent.preventDefault(); + } + } + } + } + + function commitRoute() { + var lastRoute = $route.current; + var nextRoute = preparedRoute; + + if (preparedRouteIsUpdateOnly) { + lastRoute.params = nextRoute.params; + angular.copy(lastRoute.params, $routeParams); + $rootScope.$broadcast('$routeUpdate', lastRoute); + } else if (nextRoute || lastRoute) { + forceReload = false; + $route.current = nextRoute; + + var nextRoutePromise = $q.resolve(nextRoute); + + $browser.$$incOutstandingRequestCount(); + + nextRoutePromise. + then(getRedirectionData). + then(handlePossibleRedirection). + then(function(keepProcessingRoute) { + return keepProcessingRoute && nextRoutePromise. + then(resolveLocals). + then(function(locals) { + // after route change + if (nextRoute === $route.current) { + if (nextRoute) { + nextRoute.locals = locals; + angular.copy(nextRoute.params, $routeParams); + } + $rootScope.$broadcast('$routeChangeSuccess', nextRoute, lastRoute); + } + }); + }).catch(function(error) { + if (nextRoute === $route.current) { + $rootScope.$broadcast('$routeChangeError', nextRoute, lastRoute, error); + } + }).finally(function() { + // Because `commitRoute()` is called from a `$rootScope.$evalAsync` block (see + // `$locationWatch`), this `$$completeOutstandingRequest()` call will not cause + // `outstandingRequestCount` to hit zero. This is important in case we are redirecting + // to a new route which also requires some asynchronous work. + + $browser.$$completeOutstandingRequest(noop); + }); + } + } + + function getRedirectionData(route) { + var data = { + route: route, + hasRedirection: false + }; + + if (route) { + if (route.redirectTo) { + if (angular.isString(route.redirectTo)) { + data.path = interpolate(route.redirectTo, route.params); + data.search = route.params; + data.hasRedirection = true; + } else { + var oldPath = $location.path(); + var oldSearch = $location.search(); + var newUrl = route.redirectTo(route.pathParams, oldPath, oldSearch); + + if (angular.isDefined(newUrl)) { + data.url = newUrl; + data.hasRedirection = true; + } + } + } else if (route.resolveRedirectTo) { + return $q. + resolve($injector.invoke(route.resolveRedirectTo)). + then(function(newUrl) { + if (angular.isDefined(newUrl)) { + data.url = newUrl; + data.hasRedirection = true; + } + + return data; + }); + } + } + + return data; + } + + function handlePossibleRedirection(data) { + var keepProcessingRoute = true; + + if (data.route !== $route.current) { + keepProcessingRoute = false; + } else if (data.hasRedirection) { + var oldUrl = $location.url(); + var newUrl = data.url; + + if (newUrl) { + $location. + url(newUrl). + replace(); + } else { + newUrl = $location. + path(data.path). + search(data.search). + replace(). + url(); + } + + if (newUrl !== oldUrl) { + // Exit out and don't process current next value, + // wait for next location change from redirect + keepProcessingRoute = false; + } + } + + return keepProcessingRoute; + } + + function resolveLocals(route) { + if (route) { + var locals = angular.extend({}, route.resolve); + angular.forEach(locals, function(value, key) { + locals[key] = angular.isString(value) ? + $injector.get(value) : + $injector.invoke(value, null, null, key); + }); + var template = getTemplateFor(route); + if (angular.isDefined(template)) { + locals['$template'] = template; + } + return $q.all(locals); + } + } + + function getTemplateFor(route) { + var template, templateUrl; + if (angular.isDefined(template = route.template)) { + if (angular.isFunction(template)) { + template = template(route.params); + } + } else if (angular.isDefined(templateUrl = route.templateUrl)) { + if (angular.isFunction(templateUrl)) { + templateUrl = templateUrl(route.params); + } + if (angular.isDefined(templateUrl)) { + route.loadedTemplateUrl = $sce.valueOf(templateUrl); + template = $templateRequest(templateUrl); + } + } + return template; + } + + /** + * @returns {Object} the current active route, by matching it against the URL + */ + function parseRoute() { + // Match a route + var params, match; + angular.forEach(routes, function(route, path) { + if (!match && (params = switchRouteMatcher($location.path(), route))) { + match = inherit(route, { + params: angular.extend({}, $location.search(), params), + pathParams: params}); + match.$$route = route; + } + }); + // No route matched; fallback to "otherwise" route + return match || routes[null] && inherit(routes[null], {params: {}, pathParams:{}}); + } + + /** + * @returns {string} interpolation of the redirect path with the parameters + */ + function interpolate(string, params) { + var result = []; + angular.forEach((string || '').split(':'), function(segment, i) { + if (i === 0) { + result.push(segment); + } else { + var segmentMatch = segment.match(/(\w+)(?:[?*])?(.*)/); + var key = segmentMatch[1]; + result.push(params[key]); + result.push(segmentMatch[2] || ''); + delete params[key]; + } + }); + return result.join(''); + } + }]; +} + +instantiateRoute.$inject = ['$injector']; +function instantiateRoute($injector) { + if (isEagerInstantiationEnabled) { + // Instantiate `$route` + $injector.get('$route'); + } +} + +ngRouteModule.provider('$routeParams', $RouteParamsProvider); + + +/** + * @ngdoc service + * @name $routeParams + * @requires $route + * @this + * + * @description + * The `$routeParams` service allows you to retrieve the current set of route parameters. + * + * Requires the {@link ngRoute `ngRoute`} module to be installed. + * + * The route parameters are a combination of {@link ng.$location `$location`}'s + * {@link ng.$location#search `search()`} and {@link ng.$location#path `path()`}. + * The `path` parameters are extracted when the {@link ngRoute.$route `$route`} path is matched. + * + * In case of parameter name collision, `path` params take precedence over `search` params. + * + * The service guarantees that the identity of the `$routeParams` object will remain unchanged + * (but its properties will likely change) even when a route change occurs. + * + * Note that the `$routeParams` are only updated *after* a route change completes successfully. + * This means that you cannot rely on `$routeParams` being correct in route resolve functions. + * Instead you can use `$route.current.params` to access the new route's parameters. + * + * @example + * ```js + * // Given: + * // URL: http://server.com/index.html#/Chapter/1/Section/2?search=moby + * // Route: /Chapter/:chapterId/Section/:sectionId + * // + * // Then + * $routeParams ==> {chapterId:'1', sectionId:'2', search:'moby'} + * ``` + */ +function $RouteParamsProvider() { + this.$get = function() { return {}; }; +} + +ngRouteModule.directive('ngView', ngViewFactory); +ngRouteModule.directive('ngView', ngViewFillContentFactory); + + +/** + * @ngdoc directive + * @name ngView + * @restrict ECA + * + * @description + * # Overview + * `ngView` is a directive that complements the {@link ngRoute.$route $route} service by + * including the rendered template of the current route into the main layout (`index.html`) file. + * Every time the current route changes, the included view changes with it according to the + * configuration of the `$route` service. + * + * Requires the {@link ngRoute `ngRoute`} module to be installed. + * + * @animations + * | Animation | Occurs | + * |----------------------------------|-------------------------------------| + * | {@link ng.$animate#enter enter} | when the new element is inserted to the DOM | + * | {@link ng.$animate#leave leave} | when the old element is removed from to the DOM | + * + * The enter and leave animation occur concurrently. + * + * @scope + * @priority 400 + * @param {string=} onload Expression to evaluate whenever the view updates. + * + * @param {string=} autoscroll Whether `ngView` should call {@link ng.$anchorScroll + * $anchorScroll} to scroll the viewport after the view is updated. + * + * - If the attribute is not set, disable scrolling. + * - If the attribute is set without value, enable scrolling. + * - Otherwise enable scrolling only if the `autoscroll` attribute value evaluated + * as an expression yields a truthy value. + * @example + + +
    + Choose: + Moby | + Moby: Ch1 | + Gatsby | + Gatsby: Ch4 | + Scarlet Letter
    + +
    +
    +
    +
    + +
    $location.path() = {{main.$location.path()}}
    +
    $route.current.templateUrl = {{main.$route.current.templateUrl}}
    +
    $route.current.params = {{main.$route.current.params}}
    +
    $routeParams = {{main.$routeParams}}
    +
    +
    + + +
    + controller: {{book.name}}
    + Book Id: {{book.params.bookId}}
    +
    +
    + + +
    + controller: {{chapter.name}}
    + Book Id: {{chapter.params.bookId}}
    + Chapter Id: {{chapter.params.chapterId}} +
    +
    + + + .view-animate-container { + position:relative; + height:100px!important; + background:white; + border:1px solid black; + height:40px; + overflow:hidden; + } + + .view-animate { + padding:10px; + } + + .view-animate.ng-enter, .view-animate.ng-leave { + transition:all cubic-bezier(0.250, 0.460, 0.450, 0.940) 1.5s; + + display:block; + width:100%; + border-left:1px solid black; + + position:absolute; + top:0; + left:0; + right:0; + bottom:0; + padding:10px; + } + + .view-animate.ng-enter { + left:100%; + } + .view-animate.ng-enter.ng-enter-active { + left:0; + } + .view-animate.ng-leave.ng-leave-active { + left:-100%; + } + + + + angular.module('ngViewExample', ['ngRoute', 'ngAnimate']) + .config(['$routeProvider', '$locationProvider', + function($routeProvider, $locationProvider) { + $routeProvider + .when('/Book/:bookId', { + templateUrl: 'book.html', + controller: 'BookCtrl', + controllerAs: 'book' + }) + .when('/Book/:bookId/ch/:chapterId', { + templateUrl: 'chapter.html', + controller: 'ChapterCtrl', + controllerAs: 'chapter' + }); + + $locationProvider.html5Mode(true); + }]) + .controller('MainCtrl', ['$route', '$routeParams', '$location', + function MainCtrl($route, $routeParams, $location) { + this.$route = $route; + this.$location = $location; + this.$routeParams = $routeParams; + }]) + .controller('BookCtrl', ['$routeParams', function BookCtrl($routeParams) { + this.name = 'BookCtrl'; + this.params = $routeParams; + }]) + .controller('ChapterCtrl', ['$routeParams', function ChapterCtrl($routeParams) { + this.name = 'ChapterCtrl'; + this.params = $routeParams; + }]); + + + + + it('should load and compile correct template', function() { + element(by.linkText('Moby: Ch1')).click(); + var content = element(by.css('[ng-view]')).getText(); + expect(content).toMatch(/controller: ChapterCtrl/); + expect(content).toMatch(/Book Id: Moby/); + expect(content).toMatch(/Chapter Id: 1/); + + element(by.partialLinkText('Scarlet')).click(); + + content = element(by.css('[ng-view]')).getText(); + expect(content).toMatch(/controller: BookCtrl/); + expect(content).toMatch(/Book Id: Scarlet/); + }); + +
    + */ + + +/** + * @ngdoc event + * @name ngView#$viewContentLoaded + * @eventType emit on the current ngView scope + * @description + * Emitted every time the ngView content is reloaded. + */ +ngViewFactory.$inject = ['$route', '$anchorScroll', '$animate']; +function ngViewFactory($route, $anchorScroll, $animate) { + return { + restrict: 'ECA', + terminal: true, + priority: 400, + transclude: 'element', + link: function(scope, $element, attr, ctrl, $transclude) { + var currentScope, + currentElement, + previousLeaveAnimation, + autoScrollExp = attr.autoscroll, + onloadExp = attr.onload || ''; + + scope.$on('$routeChangeSuccess', update); + update(); + + function cleanupLastView() { + if (previousLeaveAnimation) { + $animate.cancel(previousLeaveAnimation); + previousLeaveAnimation = null; + } + + if (currentScope) { + currentScope.$destroy(); + currentScope = null; + } + if (currentElement) { + previousLeaveAnimation = $animate.leave(currentElement); + previousLeaveAnimation.done(function(response) { + if (response !== false) previousLeaveAnimation = null; + }); + currentElement = null; + } + } + + function update() { + var locals = $route.current && $route.current.locals, + template = locals && locals.$template; + + if (angular.isDefined(template)) { + var newScope = scope.$new(); + var current = $route.current; + + // Note: This will also link all children of ng-view that were contained in the original + // html. If that content contains controllers, ... they could pollute/change the scope. + // However, using ng-view on an element with additional content does not make sense... + // Note: We can't remove them in the cloneAttchFn of $transclude as that + // function is called before linking the content, which would apply child + // directives to non existing elements. + var clone = $transclude(newScope, function(clone) { + $animate.enter(clone, null, currentElement || $element).done(function onNgViewEnter(response) { + if (response !== false && angular.isDefined(autoScrollExp) + && (!autoScrollExp || scope.$eval(autoScrollExp))) { + $anchorScroll(); + } + }); + cleanupLastView(); + }); + + currentElement = clone; + currentScope = current.scope = newScope; + currentScope.$emit('$viewContentLoaded'); + currentScope.$eval(onloadExp); + } else { + cleanupLastView(); + } + } + } + }; +} + +// This directive is called during the $transclude call of the first `ngView` directive. +// It will replace and compile the content of the element with the loaded template. +// We need this directive so that the element content is already filled when +// the link function of another directive on the same element as ngView +// is called. +ngViewFillContentFactory.$inject = ['$compile', '$controller', '$route']; +function ngViewFillContentFactory($compile, $controller, $route) { + return { + restrict: 'ECA', + priority: -400, + link: function(scope, $element) { + var current = $route.current, + locals = current.locals; + + $element.html(locals.$template); + + var link = $compile($element.contents()); + + if (current.controller) { + locals.$scope = scope; + var controller = $controller(current.controller, locals); + if (current.controllerAs) { + scope[current.controllerAs] = controller; + } + $element.data('$ngControllerController', controller); + $element.children().data('$ngControllerController', controller); + } + scope[current.resolveAs || '$resolve'] = locals; + + link(scope); + } + }; +} + + +})(window, window.angular); diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-route/angular-route.min.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-route/angular-route.min.js new file mode 100644 index 00000000000..3f985d1422b --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-route/angular-route.min.js @@ -0,0 +1,17 @@ +/* + AngularJS v1.6.4 + (c) 2010-2017 Google, Inc. http://angularjs.org + License: MIT +*/ +(function(J,d){'use strict';function A(d){k&&d.get("$route")}function B(t,u,g){return{restrict:"ECA",terminal:!0,priority:400,transclude:"element",link:function(a,f,b,c,m){function v(){l&&(g.cancel(l),l=null);n&&(n.$destroy(),n=null);p&&(l=g.leave(p),l.done(function(a){!1!==a&&(l=null)}),p=null)}function E(){var b=t.current&&t.current.locals;if(d.isDefined(b&&b.$template)){var b=a.$new(),c=t.current;p=m(b,function(b){g.enter(b,null,p||f).done(function(b){!1===b||!d.isDefined(w)||w&&!a.$eval(w)||u()}); +v()});n=c.scope=b;n.$emit("$viewContentLoaded");n.$eval(k)}else v()}var n,p,l,w=b.autoscroll,k=b.onload||"";a.$on("$routeChangeSuccess",E);E()}}}function C(d,k,g){return{restrict:"ECA",priority:-400,link:function(a,f){var b=g.current,c=b.locals;f.html(c.$template);var m=d(f.contents());if(b.controller){c.$scope=a;var v=k(b.controller,c);b.controllerAs&&(a[b.controllerAs]=v);f.data("$ngControllerController",v);f.children().data("$ngControllerController",v)}a[b.resolveAs||"$resolve"]=c;m(a)}}}var x, +y,F,G,z=d.module("ngRoute",[]).info({angularVersion:"1.6.4"}).provider("$route",function(){function t(a,f){return d.extend(Object.create(a),f)}function u(a,d){var b=d.caseInsensitiveMatch,c={originalPath:a,regexp:a},g=c.keys=[];a=a.replace(/([().])/g,"\\$1").replace(/(\/)?:(\w+)(\*\?|[?*])?/g,function(a,b,d,c){a="?"===c||"*?"===c?"?":null;c="*"===c||"*?"===c?"*":null;g.push({name:d,optional:!!a});b=b||"";return""+(a?"":b)+"(?:"+(a?b:"")+(c&&"(.+?)"||"([^/]+)")+(a||"")+")"+(a||"")}).replace(/([/$*])/g, +"\\$1");c.regexp=new RegExp("^"+a+"$",b?"i":"");return c}x=d.isArray;y=d.isObject;F=d.isDefined;G=d.noop;var g={};this.when=function(a,f){var b;b=void 0;if(x(f)){b=b||[];for(var c=0,m=f.length;c", + "license": "MIT", + "bugs": { + "url": "https://github.com/angular/angular.js/issues" + }, + "homepage": "http://angularjs.org", + "jspm": { + "shim": { + "angular-route": { + "deps": ["angular"] + } + } + } +} diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/LICENSE.md b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/LICENSE.md new file mode 100644 index 00000000000..2c395eef1ba --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/LICENSE.md @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2016 Angular + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/README.md b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/README.md new file mode 100644 index 00000000000..b84aaf6dbf1 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/README.md @@ -0,0 +1,68 @@ +# packaged angular-sanitize + +This repo is for distribution on `npm` and `bower`. The source for this module is in the +[main AngularJS repo](https://github.com/angular/angular.js/tree/master/src/ngSanitize). +Please file issues and pull requests against that repo. + +## Install + +You can install this package either with `npm` or with `bower`. + +### npm + +```shell +npm install angular-sanitize +``` + +Then add `ngSanitize` as a dependency for your app: + +```javascript +angular.module('myApp', [require('angular-sanitize')]); +``` + +### bower + +```shell +bower install angular-sanitize +``` + +Add a ` +``` + +Then add `ngSanitize` as a dependency for your app: + +```javascript +angular.module('myApp', ['ngSanitize']); +``` + +## Documentation + +Documentation is available on the +[AngularJS docs site](http://docs.angularjs.org/api/ngSanitize). + +## License + +The MIT License + +Copyright (c) 2010-2015 Google, Inc. http://angularjs.org + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/angular-sanitize.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/angular-sanitize.js new file mode 100644 index 00000000000..1d60fdb9db9 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/angular-sanitize.js @@ -0,0 +1,756 @@ +/** + * @license AngularJS v1.6.4 + * (c) 2010-2017 Google, Inc. http://angularjs.org + * License: MIT + */ +(function(window, angular) {'use strict'; + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * Any commits to this file should be reviewed with security in mind. * + * Changes to this file can potentially create security vulnerabilities. * + * An approval from 2 Core members with history of modifying * + * this file is required. * + * * + * Does the change somehow allow for arbitrary javascript to be executed? * + * Or allows for someone to change the prototype of built-in objects? * + * Or gives undesired access to variables likes document or window? * + * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ + +var $sanitizeMinErr = angular.$$minErr('$sanitize'); +var bind; +var extend; +var forEach; +var isDefined; +var lowercase; +var noop; +var nodeContains; +var htmlParser; +var htmlSanitizeWriter; + +/** + * @ngdoc module + * @name ngSanitize + * @description + * + * # ngSanitize + * + * The `ngSanitize` module provides functionality to sanitize HTML. + * + * + *
    + * + * See {@link ngSanitize.$sanitize `$sanitize`} for usage. + */ + +/** + * @ngdoc service + * @name $sanitize + * @kind function + * + * @description + * Sanitizes an html string by stripping all potentially dangerous tokens. + * + * The input is sanitized by parsing the HTML into tokens. All safe tokens (from a whitelist) are + * then serialized back to properly escaped html string. This means that no unsafe input can make + * it into the returned string. + * + * The whitelist for URL sanitization of attribute values is configured using the functions + * `aHrefSanitizationWhitelist` and `imgSrcSanitizationWhitelist` of {@link ng.$compileProvider + * `$compileProvider`}. + * + * The input may also contain SVG markup if this is enabled via {@link $sanitizeProvider}. + * + * @param {string} html HTML input. + * @returns {string} Sanitized HTML. + * + * @example + + + +
    + Snippet: + + + + + + + + + + + + + + + + + + + + + + + + + +
    DirectiveHowSourceRendered
    ng-bind-htmlAutomatically uses $sanitize
    <div ng-bind-html="snippet">
    </div>
    ng-bind-htmlBypass $sanitize by explicitly trusting the dangerous value +
    <div ng-bind-html="deliberatelyTrustDangerousSnippet()">
    +</div>
    +
    ng-bindAutomatically escapes
    <div ng-bind="snippet">
    </div>
    +
    +
    + + it('should sanitize the html snippet by default', function() { + expect(element(by.css('#bind-html-with-sanitize div')).getAttribute('innerHTML')). + toBe('

    an html\nclick here\nsnippet

    '); + }); + + it('should inline raw snippet if bound to a trusted value', function() { + expect(element(by.css('#bind-html-with-trust div')).getAttribute('innerHTML')). + toBe("

    an html\n" + + "click here\n" + + "snippet

    "); + }); + + it('should escape snippet without any filter', function() { + expect(element(by.css('#bind-default div')).getAttribute('innerHTML')). + toBe("<p style=\"color:blue\">an html\n" + + "<em onmouseover=\"this.textContent='PWN3D!'\">click here</em>\n" + + "snippet</p>"); + }); + + it('should update', function() { + element(by.model('snippet')).clear(); + element(by.model('snippet')).sendKeys('new text'); + expect(element(by.css('#bind-html-with-sanitize div')).getAttribute('innerHTML')). + toBe('new text'); + expect(element(by.css('#bind-html-with-trust div')).getAttribute('innerHTML')).toBe( + 'new text'); + expect(element(by.css('#bind-default div')).getAttribute('innerHTML')).toBe( + "new <b onclick=\"alert(1)\">text</b>"); + }); +
    +
    + */ + + +/** + * @ngdoc provider + * @name $sanitizeProvider + * @this + * + * @description + * Creates and configures {@link $sanitize} instance. + */ +function $SanitizeProvider() { + var svgEnabled = false; + + this.$get = ['$$sanitizeUri', function($$sanitizeUri) { + if (svgEnabled) { + extend(validElements, svgElements); + } + return function(html) { + var buf = []; + htmlParser(html, htmlSanitizeWriter(buf, function(uri, isImage) { + return !/^unsafe:/.test($$sanitizeUri(uri, isImage)); + })); + return buf.join(''); + }; + }]; + + + /** + * @ngdoc method + * @name $sanitizeProvider#enableSvg + * @kind function + * + * @description + * Enables a subset of svg to be supported by the sanitizer. + * + *
    + *

    By enabling this setting without taking other precautions, you might expose your + * application to click-hijacking attacks. In these attacks, sanitized svg elements could be positioned + * outside of the containing element and be rendered over other elements on the page (e.g. a login + * link). Such behavior can then result in phishing incidents.

    + * + *

    To protect against these, explicitly setup `overflow: hidden` css rule for all potential svg + * tags within the sanitized content:

    + * + *
    + * + *
    
    +   *   .rootOfTheIncludedContent svg {
    +   *     overflow: hidden !important;
    +   *   }
    +   *   
    + *
    + * + * @param {boolean=} flag Enable or disable SVG support in the sanitizer. + * @returns {boolean|ng.$sanitizeProvider} Returns the currently configured value if called + * without an argument or self for chaining otherwise. + */ + this.enableSvg = function(enableSvg) { + if (isDefined(enableSvg)) { + svgEnabled = enableSvg; + return this; + } else { + return svgEnabled; + } + }; + + ////////////////////////////////////////////////////////////////////////////////////////////////// + // Private stuff + ////////////////////////////////////////////////////////////////////////////////////////////////// + + bind = angular.bind; + extend = angular.extend; + forEach = angular.forEach; + isDefined = angular.isDefined; + lowercase = angular.lowercase; + noop = angular.noop; + + htmlParser = htmlParserImpl; + htmlSanitizeWriter = htmlSanitizeWriterImpl; + + nodeContains = window.Node.prototype.contains || /** @this */ function(arg) { + // eslint-disable-next-line no-bitwise + return !!(this.compareDocumentPosition(arg) & 16); + }; + + // Regular Expressions for parsing tags and attributes + var SURROGATE_PAIR_REGEXP = /[\uD800-\uDBFF][\uDC00-\uDFFF]/g, + // Match everything outside of normal chars and " (quote character) + NON_ALPHANUMERIC_REGEXP = /([^#-~ |!])/g; + + + // Good source of info about elements and attributes + // http://dev.w3.org/html5/spec/Overview.html#semantics + // http://simon.html5.org/html-elements + + // Safe Void Elements - HTML5 + // http://dev.w3.org/html5/spec/Overview.html#void-elements + var voidElements = toMap('area,br,col,hr,img,wbr'); + + // Elements that you can, intentionally, leave open (and which close themselves) + // http://dev.w3.org/html5/spec/Overview.html#optional-tags + var optionalEndTagBlockElements = toMap('colgroup,dd,dt,li,p,tbody,td,tfoot,th,thead,tr'), + optionalEndTagInlineElements = toMap('rp,rt'), + optionalEndTagElements = extend({}, + optionalEndTagInlineElements, + optionalEndTagBlockElements); + + // Safe Block Elements - HTML5 + var blockElements = extend({}, optionalEndTagBlockElements, toMap('address,article,' + + 'aside,blockquote,caption,center,del,dir,div,dl,figure,figcaption,footer,h1,h2,h3,h4,h5,' + + 'h6,header,hgroup,hr,ins,map,menu,nav,ol,pre,section,table,ul')); + + // Inline Elements - HTML5 + var inlineElements = extend({}, optionalEndTagInlineElements, toMap('a,abbr,acronym,b,' + + 'bdi,bdo,big,br,cite,code,del,dfn,em,font,i,img,ins,kbd,label,map,mark,q,ruby,rp,rt,s,' + + 'samp,small,span,strike,strong,sub,sup,time,tt,u,var')); + + // SVG Elements + // https://wiki.whatwg.org/wiki/Sanitization_rules#svg_Elements + // Note: the elements animate,animateColor,animateMotion,animateTransform,set are intentionally omitted. + // They can potentially allow for arbitrary javascript to be executed. See #11290 + var svgElements = toMap('circle,defs,desc,ellipse,font-face,font-face-name,font-face-src,g,glyph,' + + 'hkern,image,linearGradient,line,marker,metadata,missing-glyph,mpath,path,polygon,polyline,' + + 'radialGradient,rect,stop,svg,switch,text,title,tspan'); + + // Blocked Elements (will be stripped) + var blockedElements = toMap('script,style'); + + var validElements = extend({}, + voidElements, + blockElements, + inlineElements, + optionalEndTagElements); + + //Attributes that have href and hence need to be sanitized + var uriAttrs = toMap('background,cite,href,longdesc,src,xlink:href'); + + var htmlAttrs = toMap('abbr,align,alt,axis,bgcolor,border,cellpadding,cellspacing,class,clear,' + + 'color,cols,colspan,compact,coords,dir,face,headers,height,hreflang,hspace,' + + 'ismap,lang,language,nohref,nowrap,rel,rev,rows,rowspan,rules,' + + 'scope,scrolling,shape,size,span,start,summary,tabindex,target,title,type,' + + 'valign,value,vspace,width'); + + // SVG attributes (without "id" and "name" attributes) + // https://wiki.whatwg.org/wiki/Sanitization_rules#svg_Attributes + var svgAttrs = toMap('accent-height,accumulate,additive,alphabetic,arabic-form,ascent,' + + 'baseProfile,bbox,begin,by,calcMode,cap-height,class,color,color-rendering,content,' + + 'cx,cy,d,dx,dy,descent,display,dur,end,fill,fill-rule,font-family,font-size,font-stretch,' + + 'font-style,font-variant,font-weight,from,fx,fy,g1,g2,glyph-name,gradientUnits,hanging,' + + 'height,horiz-adv-x,horiz-origin-x,ideographic,k,keyPoints,keySplines,keyTimes,lang,' + + 'marker-end,marker-mid,marker-start,markerHeight,markerUnits,markerWidth,mathematical,' + + 'max,min,offset,opacity,orient,origin,overline-position,overline-thickness,panose-1,' + + 'path,pathLength,points,preserveAspectRatio,r,refX,refY,repeatCount,repeatDur,' + + 'requiredExtensions,requiredFeatures,restart,rotate,rx,ry,slope,stemh,stemv,stop-color,' + + 'stop-opacity,strikethrough-position,strikethrough-thickness,stroke,stroke-dasharray,' + + 'stroke-dashoffset,stroke-linecap,stroke-linejoin,stroke-miterlimit,stroke-opacity,' + + 'stroke-width,systemLanguage,target,text-anchor,to,transform,type,u1,u2,underline-position,' + + 'underline-thickness,unicode,unicode-range,units-per-em,values,version,viewBox,visibility,' + + 'width,widths,x,x-height,x1,x2,xlink:actuate,xlink:arcrole,xlink:role,xlink:show,xlink:title,' + + 'xlink:type,xml:base,xml:lang,xml:space,xmlns,xmlns:xlink,y,y1,y2,zoomAndPan', true); + + var validAttrs = extend({}, + uriAttrs, + svgAttrs, + htmlAttrs); + + function toMap(str, lowercaseKeys) { + var obj = {}, items = str.split(','), i; + for (i = 0; i < items.length; i++) { + obj[lowercaseKeys ? lowercase(items[i]) : items[i]] = true; + } + return obj; + } + + var inertBodyElement; + (function(window) { + var doc; + if (window.document && window.document.implementation) { + doc = window.document.implementation.createHTMLDocument('inert'); + } else { + throw $sanitizeMinErr('noinert', 'Can\'t create an inert html document'); + } + var docElement = doc.documentElement || doc.getDocumentElement(); + var bodyElements = docElement.getElementsByTagName('body'); + + // usually there should be only one body element in the document, but IE doesn't have any, so we need to create one + if (bodyElements.length === 1) { + inertBodyElement = bodyElements[0]; + } else { + var html = doc.createElement('html'); + inertBodyElement = doc.createElement('body'); + html.appendChild(inertBodyElement); + doc.appendChild(html); + } + })(window); + + /** + * @example + * htmlParser(htmlString, { + * start: function(tag, attrs) {}, + * end: function(tag) {}, + * chars: function(text) {}, + * comment: function(text) {} + * }); + * + * @param {string} html string + * @param {object} handler + */ + function htmlParserImpl(html, handler) { + if (html === null || html === undefined) { + html = ''; + } else if (typeof html !== 'string') { + html = '' + html; + } + inertBodyElement.innerHTML = html; + + //mXSS protection + var mXSSAttempts = 5; + do { + if (mXSSAttempts === 0) { + throw $sanitizeMinErr('uinput', 'Failed to sanitize html because the input is unstable'); + } + mXSSAttempts--; + + // strip custom-namespaced attributes on IE<=11 + if (window.document.documentMode) { + stripCustomNsAttrs(inertBodyElement); + } + html = inertBodyElement.innerHTML; //trigger mXSS + inertBodyElement.innerHTML = html; + } while (html !== inertBodyElement.innerHTML); + + var node = inertBodyElement.firstChild; + while (node) { + switch (node.nodeType) { + case 1: // ELEMENT_NODE + handler.start(node.nodeName.toLowerCase(), attrToMap(node.attributes)); + break; + case 3: // TEXT NODE + handler.chars(node.textContent); + break; + } + + var nextNode; + if (!(nextNode = node.firstChild)) { + if (node.nodeType === 1) { + handler.end(node.nodeName.toLowerCase()); + } + nextNode = getNonDescendant('nextSibling', node); + if (!nextNode) { + while (nextNode == null) { + node = getNonDescendant('parentNode', node); + if (node === inertBodyElement) break; + nextNode = getNonDescendant('nextSibling', node); + if (node.nodeType === 1) { + handler.end(node.nodeName.toLowerCase()); + } + } + } + } + node = nextNode; + } + + while ((node = inertBodyElement.firstChild)) { + inertBodyElement.removeChild(node); + } + } + + function attrToMap(attrs) { + var map = {}; + for (var i = 0, ii = attrs.length; i < ii; i++) { + var attr = attrs[i]; + map[attr.name] = attr.value; + } + return map; + } + + + /** + * Escapes all potentially dangerous characters, so that the + * resulting string can be safely inserted into attribute or + * element text. + * @param value + * @returns {string} escaped text + */ + function encodeEntities(value) { + return value. + replace(/&/g, '&'). + replace(SURROGATE_PAIR_REGEXP, function(value) { + var hi = value.charCodeAt(0); + var low = value.charCodeAt(1); + return '&#' + (((hi - 0xD800) * 0x400) + (low - 0xDC00) + 0x10000) + ';'; + }). + replace(NON_ALPHANUMERIC_REGEXP, function(value) { + return '&#' + value.charCodeAt(0) + ';'; + }). + replace(//g, '>'); + } + + /** + * create an HTML/XML writer which writes to buffer + * @param {Array} buf use buf.join('') to get out sanitized html string + * @returns {object} in the form of { + * start: function(tag, attrs) {}, + * end: function(tag) {}, + * chars: function(text) {}, + * comment: function(text) {} + * } + */ + function htmlSanitizeWriterImpl(buf, uriValidator) { + var ignoreCurrentElement = false; + var out = bind(buf, buf.push); + return { + start: function(tag, attrs) { + tag = lowercase(tag); + if (!ignoreCurrentElement && blockedElements[tag]) { + ignoreCurrentElement = tag; + } + if (!ignoreCurrentElement && validElements[tag] === true) { + out('<'); + out(tag); + forEach(attrs, function(value, key) { + var lkey = lowercase(key); + var isImage = (tag === 'img' && lkey === 'src') || (lkey === 'background'); + if (validAttrs[lkey] === true && + (uriAttrs[lkey] !== true || uriValidator(value, isImage))) { + out(' '); + out(key); + out('="'); + out(encodeEntities(value)); + out('"'); + } + }); + out('>'); + } + }, + end: function(tag) { + tag = lowercase(tag); + if (!ignoreCurrentElement && validElements[tag] === true && voidElements[tag] !== true) { + out(''); + } + // eslint-disable-next-line eqeqeq + if (tag == ignoreCurrentElement) { + ignoreCurrentElement = false; + } + }, + chars: function(chars) { + if (!ignoreCurrentElement) { + out(encodeEntities(chars)); + } + } + }; + } + + + /** + * When IE9-11 comes across an unknown namespaced attribute e.g. 'xlink:foo' it adds 'xmlns:ns1' attribute to declare + * ns1 namespace and prefixes the attribute with 'ns1' (e.g. 'ns1:xlink:foo'). This is undesirable since we don't want + * to allow any of these custom attributes. This method strips them all. + * + * @param node Root element to process + */ + function stripCustomNsAttrs(node) { + while (node) { + if (node.nodeType === window.Node.ELEMENT_NODE) { + var attrs = node.attributes; + for (var i = 0, l = attrs.length; i < l; i++) { + var attrNode = attrs[i]; + var attrName = attrNode.name.toLowerCase(); + if (attrName === 'xmlns:ns1' || attrName.lastIndexOf('ns1:', 0) === 0) { + node.removeAttributeNode(attrNode); + i--; + l--; + } + } + } + + var nextNode = node.firstChild; + if (nextNode) { + stripCustomNsAttrs(nextNode); + } + + node = getNonDescendant('nextSibling', node); + } + } + + function getNonDescendant(propName, node) { + // An element is clobbered if its `propName` property points to one of its descendants + var nextNode = node[propName]; + if (nextNode && nodeContains.call(node, nextNode)) { + throw $sanitizeMinErr('elclob', 'Failed to sanitize html because the element is clobbered: {0}', node.outerHTML || node.outerText); + } + return nextNode; + } +} + +function sanitizeText(chars) { + var buf = []; + var writer = htmlSanitizeWriter(buf, noop); + writer.chars(chars); + return buf.join(''); +} + + +// define ngSanitize module and register $sanitize service +angular.module('ngSanitize', []) + .provider('$sanitize', $SanitizeProvider) + .info({ angularVersion: '1.6.4' }); + +/** + * @ngdoc filter + * @name linky + * @kind function + * + * @description + * Finds links in text input and turns them into html links. Supports `http/https/ftp/mailto` and + * plain email address links. + * + * Requires the {@link ngSanitize `ngSanitize`} module to be installed. + * + * @param {string} text Input text. + * @param {string} target Window (`_blank|_self|_parent|_top`) or named frame to open links in. + * @param {object|function(url)} [attributes] Add custom attributes to the link element. + * + * Can be one of: + * + * - `object`: A map of attributes + * - `function`: Takes the url as a parameter and returns a map of attributes + * + * If the map of attributes contains a value for `target`, it overrides the value of + * the target parameter. + * + * + * @returns {string} Html-linkified and {@link $sanitize sanitized} text. + * + * @usage + + * + * @example + + +
    + Snippet: + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FilterSourceRendered
    linky filter +
    <div ng-bind-html="snippet | linky">
    </div>
    +
    +
    +
    linky target +
    <div ng-bind-html="snippetWithSingleURL | linky:'_blank'">
    </div>
    +
    +
    +
    linky custom attributes +
    <div ng-bind-html="snippetWithSingleURL | linky:'_self':{rel: 'nofollow'}">
    </div>
    +
    +
    +
    no filter
    <div ng-bind="snippet">
    </div>
    + + + angular.module('linkyExample', ['ngSanitize']) + .controller('ExampleController', ['$scope', function($scope) { + $scope.snippet = + 'Pretty text with some links:\n' + + 'http://angularjs.org/,\n' + + 'mailto:us@somewhere.org,\n' + + 'another@somewhere.org,\n' + + 'and one more: ftp://127.0.0.1/.'; + $scope.snippetWithSingleURL = 'http://angularjs.org/'; + }]); + + + it('should linkify the snippet with urls', function() { + expect(element(by.id('linky-filter')).element(by.binding('snippet | linky')).getText()). + toBe('Pretty text with some links: http://angularjs.org/, us@somewhere.org, ' + + 'another@somewhere.org, and one more: ftp://127.0.0.1/.'); + expect(element.all(by.css('#linky-filter a')).count()).toEqual(4); + }); + + it('should not linkify snippet without the linky filter', function() { + expect(element(by.id('escaped-html')).element(by.binding('snippet')).getText()). + toBe('Pretty text with some links: http://angularjs.org/, mailto:us@somewhere.org, ' + + 'another@somewhere.org, and one more: ftp://127.0.0.1/.'); + expect(element.all(by.css('#escaped-html a')).count()).toEqual(0); + }); + + it('should update', function() { + element(by.model('snippet')).clear(); + element(by.model('snippet')).sendKeys('new http://link.'); + expect(element(by.id('linky-filter')).element(by.binding('snippet | linky')).getText()). + toBe('new http://link.'); + expect(element.all(by.css('#linky-filter a')).count()).toEqual(1); + expect(element(by.id('escaped-html')).element(by.binding('snippet')).getText()) + .toBe('new http://link.'); + }); + + it('should work with the target property', function() { + expect(element(by.id('linky-target')). + element(by.binding("snippetWithSingleURL | linky:'_blank'")).getText()). + toBe('http://angularjs.org/'); + expect(element(by.css('#linky-target a')).getAttribute('target')).toEqual('_blank'); + }); + + it('should optionally add custom attributes', function() { + expect(element(by.id('linky-custom-attributes')). + element(by.binding("snippetWithSingleURL | linky:'_self':{rel: 'nofollow'}")).getText()). + toBe('http://angularjs.org/'); + expect(element(by.css('#linky-custom-attributes a')).getAttribute('rel')).toEqual('nofollow'); + }); + + + */ +angular.module('ngSanitize').filter('linky', ['$sanitize', function($sanitize) { + var LINKY_URL_REGEXP = + /((ftp|https?):\/\/|(www\.)|(mailto:)?[A-Za-z0-9._%+-]+@)\S*[^\s.;,(){}<>"\u201d\u2019]/i, + MAILTO_REGEXP = /^mailto:/i; + + var linkyMinErr = angular.$$minErr('linky'); + var isDefined = angular.isDefined; + var isFunction = angular.isFunction; + var isObject = angular.isObject; + var isString = angular.isString; + + return function(text, target, attributes) { + if (text == null || text === '') return text; + if (!isString(text)) throw linkyMinErr('notstring', 'Expected string but received: {0}', text); + + var attributesFn = + isFunction(attributes) ? attributes : + isObject(attributes) ? function getAttributesObject() {return attributes;} : + function getEmptyAttributesObject() {return {};}; + + var match; + var raw = text; + var html = []; + var url; + var i; + while ((match = raw.match(LINKY_URL_REGEXP))) { + // We can not end in these as they are sometimes found at the end of the sentence + url = match[0]; + // if we did not match ftp/http/www/mailto then assume mailto + if (!match[2] && !match[4]) { + url = (match[3] ? 'http://' : 'mailto:') + url; + } + i = match.index; + addText(raw.substr(0, i)); + addLink(url, match[0].replace(MAILTO_REGEXP, '')); + raw = raw.substring(i + match[0].length); + } + addText(raw); + return $sanitize(html.join('')); + + function addText(text) { + if (!text) { + return; + } + html.push(sanitizeText(text)); + } + + function addLink(url, text) { + var key, linkAttributes = attributesFn(url); + html.push(''); + addText(text); + html.push(''); + } + }; +}]); + + +})(window, window.angular); diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/angular-sanitize.min.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/angular-sanitize.min.js new file mode 100644 index 00000000000..b60ba73ccf6 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/angular-sanitize.min.js @@ -0,0 +1,16 @@ +/* + AngularJS v1.6.4 + (c) 2010-2017 Google, Inc. http://angularjs.org + License: MIT +*/ +(function(s,f){'use strict';function J(f){var k=[];v(k,B).chars(f);return k.join("")}var w=f.$$minErr("$sanitize"),C,k,D,E,q,B,F,G,v;f.module("ngSanitize",[]).provider("$sanitize",function(){function h(a,c){var b={},d=a.split(","),l;for(l=0;l/g,">")}function I(a){for(;a;){if(a.nodeType===s.Node.ELEMENT_NODE)for(var c=a.attributes,b=0,d=c.length;b"))},end:function(a){a=q(a);b||!0!==p[a]||!0===e[a]||(d(""));a==b&&(b=!1)},chars:function(a){b||d(H(a))}}};F=s.Node.prototype.contains||function(a){return!!(this.compareDocumentPosition(a)&16)};var L=/[\uD800-\uDBFF][\uDC00-\uDFFF]/g,M=/([^#-~ |!])/g,e=h("area,br,col,hr,img,wbr"),y=h("colgroup,dd,dt,li,p,tbody,td,tfoot,th,thead,tr"),m=h("rp,rt"),r=k({},m,y),y=k({},y,h("address,article,aside,blockquote,caption,center,del,dir,div,dl,figure,figcaption,footer,h1,h2,h3,h4,h5,h6,header,hgroup,hr,ins,map,menu,nav,ol,pre,section,table,ul")), +m=k({},m,h("a,abbr,acronym,b,bdi,bdo,big,br,cite,code,del,dfn,em,font,i,img,ins,kbd,label,map,mark,q,ruby,rp,rt,s,samp,small,span,strike,strong,sub,sup,time,tt,u,var")),z=h("circle,defs,desc,ellipse,font-face,font-face-name,font-face-src,g,glyph,hkern,image,linearGradient,line,marker,metadata,missing-glyph,mpath,path,polygon,polyline,radialGradient,rect,stop,svg,switch,text,title,tspan"),A=h("script,style"),p=k({},e,y,m,r),n=h("background,cite,href,longdesc,src,xlink:href"),r=h("abbr,align,alt,axis,bgcolor,border,cellpadding,cellspacing,class,clear,color,cols,colspan,compact,coords,dir,face,headers,height,hreflang,hspace,ismap,lang,language,nohref,nowrap,rel,rev,rows,rowspan,rules,scope,scrolling,shape,size,span,start,summary,tabindex,target,title,type,valign,value,vspace,width"), +m=h("accent-height,accumulate,additive,alphabetic,arabic-form,ascent,baseProfile,bbox,begin,by,calcMode,cap-height,class,color,color-rendering,content,cx,cy,d,dx,dy,descent,display,dur,end,fill,fill-rule,font-family,font-size,font-stretch,font-style,font-variant,font-weight,from,fx,fy,g1,g2,glyph-name,gradientUnits,hanging,height,horiz-adv-x,horiz-origin-x,ideographic,k,keyPoints,keySplines,keyTimes,lang,marker-end,marker-mid,marker-start,markerHeight,markerUnits,markerWidth,mathematical,max,min,offset,opacity,orient,origin,overline-position,overline-thickness,panose-1,path,pathLength,points,preserveAspectRatio,r,refX,refY,repeatCount,repeatDur,requiredExtensions,requiredFeatures,restart,rotate,rx,ry,slope,stemh,stemv,stop-color,stop-opacity,strikethrough-position,strikethrough-thickness,stroke,stroke-dasharray,stroke-dashoffset,stroke-linecap,stroke-linejoin,stroke-miterlimit,stroke-opacity,stroke-width,systemLanguage,target,text-anchor,to,transform,type,u1,u2,underline-position,underline-thickness,unicode,unicode-range,units-per-em,values,version,viewBox,visibility,width,widths,x,x-height,x1,x2,xlink:actuate,xlink:arcrole,xlink:role,xlink:show,xlink:title,xlink:type,xml:base,xml:lang,xml:space,xmlns,xmlns:xlink,y,y1,y2,zoomAndPan", +!0),u=k({},n,m,r),g;(function(a){if(a.document&&a.document.implementation)a=a.document.implementation.createHTMLDocument("inert");else throw w("noinert");var c=(a.documentElement||a.getDocumentElement()).getElementsByTagName("body");1===c.length?g=c[0]:(c=a.createElement("html"),g=a.createElement("body"),c.appendChild(g),a.appendChild(c))})(s)}).info({angularVersion:"1.6.4"});f.module("ngSanitize").filter("linky",["$sanitize",function(h){var k=/((ftp|https?):\/\/|(www\.)|(mailto:)?[A-Za-z0-9._%+-]+@)\S*[^\s.;,(){}<>"\u201d\u2019]/i, +q=/^mailto:/i,s=f.$$minErr("linky"),t=f.isDefined,x=f.isFunction,v=f.isObject,w=f.isString;return function(e,f,m){function r(a){a&&n.push(J(a))}function z(a,c){var b,d=A(a);n.push("');r(c);n.push("")}if(null==e||""===e)return e;if(!w(e))throw s("notstring",e);for(var A=x(m)?m:v(m)?function(){return m}:function(){return{}},p=e,n=[],u,g;e=p.match(k);)u=e[0],e[2]|| +e[4]||(u=(e[3]?"http://":"mailto:")+u),g=e.index,r(p.substr(0,g)),z(u,e[0].replace(q,"")),p=p.substring(g+e[0].length);r(p);return h(n.join(""))}}])})(window,window.angular); +//# sourceMappingURL=angular-sanitize.min.js.map diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/angular-sanitize.min.js.map b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/angular-sanitize.min.js.map new file mode 100644 index 00000000000..da32f79b31d --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/angular-sanitize.min.js.map @@ -0,0 +1,8 @@ +{ +"version":3, +"file":"angular-sanitize.min.js", +"lineCount":15, +"mappings":"A;;;;;aAKC,SAAQ,CAACA,CAAD,CAASC,CAAT,CAAkB,CA4hB3BC,QAASA,EAAY,CAACC,CAAD,CAAQ,CAC3B,IAAIC,EAAM,EACGC,EAAAC,CAAmBF,CAAnBE,CAAwBC,CAAxBD,CACbH,MAAA,CAAaA,CAAb,CACA,OAAOC,EAAAI,KAAA,CAAS,EAAT,CAJoB,CA/gB7B,IAAIC,EAAkBR,CAAAS,SAAA,CAAiB,WAAjB,CAAtB,CACIC,CADJ,CAEIC,CAFJ,CAGIC,CAHJ,CAIIC,CAJJ,CAKIC,CALJ,CAMIR,CANJ,CAOIS,CAPJ,CAQIC,CARJ,CASIZ,CA+gBJJ,EAAAiB,OAAA,CAAe,YAAf,CAA6B,EAA7B,CAAAC,SAAA,CACY,WADZ,CA9YAC,QAA0B,EAAG,CA4J3BC,QAASA,EAAK,CAACC,CAAD,CAAMC,CAAN,CAAqB,CAAA,IAC7BC,EAAM,EADuB,CACnBC,EAAQH,CAAAI,MAAA,CAAU,GAAV,CADW,CACKC,CACtC,KAAKA,CAAL,CAAS,CAAT,CAAYA,CAAZ,CAAgBF,CAAAG,OAAhB,CAA8BD,CAAA,EAA9B,CACEH,CAAA,CAAID,CAAA,CAAgBR,CAAA,CAAUU,CAAA,CAAME,CAAN,CAAV,CAAhB,CAAsCF,CAAA,CAAME,CAAN,CAA1C,CAAA,CAAsD,CAAA,CAExD,OAAOH,EAL0B,CAsGnCK,QAASA,EAAS,CAACC,CAAD,CAAQ,CAExB,IADA,IAAIC,EAAM,EAAV,CACSJ,EAAI,CADb,CACgBK,EAAKF,CAAAF,OAArB,CAAmCD,CAAnC,CAAuCK,CAAvC,CAA2CL,CAAA,EAA3C,CAAgD,CAC9C,IAAIM,EAAOH,CAAA,CAAMH,CAAN,CACXI,EAAA,CAAIE,CAAAC,KAAJ,CAAA,CAAiBD,CAAAE,MAF6B,CAIhD,MAAOJ,EANiB,CAiB1BK,QAASA,EAAc,CAACD,CAAD,CAAQ,CAC7B,MAAOA,EAAAE,QAAA,CACG,IADH,CACS,OADT,CAAAA,QAAA,CAEGC,CAFH,CAE0B,QAAQ,CAACH,CAAD,CAAQ,CAC7C,IAAII,EAAKJ,CAAAK,WAAA,CAAiB,CAAjB,CACLC,EAAAA,CAAMN,CAAAK,WAAA,CAAiB,CAAjB,CACV,OAAO,IAAP,EAAgC,IAAhC,EAAiBD,CAAjB;AAAsB,KAAtB,GAA0CE,CAA1C,CAAgD,KAAhD,EAA0D,KAA1D,EAAqE,GAHxB,CAF1C,CAAAJ,QAAA,CAOGK,CAPH,CAO4B,QAAQ,CAACP,CAAD,CAAQ,CAC/C,MAAO,IAAP,CAAcA,CAAAK,WAAA,CAAiB,CAAjB,CAAd,CAAoC,GADW,CAP5C,CAAAH,QAAA,CAUG,IAVH,CAUS,MAVT,CAAAA,QAAA,CAWG,IAXH,CAWS,MAXT,CADsB,CAgF/BM,QAASA,EAAkB,CAACC,CAAD,CAAO,CAChC,IAAA,CAAOA,CAAP,CAAA,CAAa,CACX,GAAIA,CAAAC,SAAJ,GAAsB7C,CAAA8C,KAAAC,aAAtB,CAEE,IADA,IAAIjB,EAAQc,CAAAI,WAAZ,CACSrB,EAAI,CADb,CACgBsB,EAAInB,CAAAF,OAApB,CAAkCD,CAAlC,CAAsCsB,CAAtC,CAAyCtB,CAAA,EAAzC,CAA8C,CAC5C,IAAIuB,EAAWpB,CAAA,CAAMH,CAAN,CAAf,CACIwB,EAAWD,CAAAhB,KAAAkB,YAAA,EACf,IAAiB,WAAjB,GAAID,CAAJ,EAAoE,CAApE,GAAgCA,CAAAE,YAAA,CAAqB,MAArB,CAA6B,CAA7B,CAAhC,CACET,CAAAU,oBAAA,CAAyBJ,CAAzB,CAEA,CADAvB,CAAA,EACA,CAAAsB,CAAA,EAN0C,CAYhD,CADIM,CACJ,CADeX,CAAAY,WACf,GACEb,CAAA,CAAmBY,CAAnB,CAGFX,EAAA,CAAOa,CAAA,CAAiB,aAAjB,CAAgCb,CAAhC,CAnBI,CADmB,CAwBlCa,QAASA,EAAgB,CAACC,CAAD,CAAWd,CAAX,CAAiB,CAExC,IAAIW,EAAWX,CAAA,CAAKc,CAAL,CACf,IAAIH,CAAJ,EAAgBvC,CAAA2C,KAAA,CAAkBf,CAAlB,CAAwBW,CAAxB,CAAhB,CACE,KAAM9C,EAAA,CAAgB,QAAhB,CAA2FmC,CAAAgB,UAA3F,EAA6GhB,CAAAiB,UAA7G,CAAN,CAEF,MAAON,EANiC,CA1X1C,IAAIO,EAAa,CAAA,CAEjB,KAAAC,KAAA;AAAY,CAAC,eAAD,CAAkB,QAAQ,CAACC,CAAD,CAAgB,CAChDF,CAAJ,EACElD,CAAA,CAAOqD,CAAP,CAAsBC,CAAtB,CAEF,OAAO,SAAQ,CAACC,CAAD,CAAO,CACpB,IAAI/D,EAAM,EACVa,EAAA,CAAWkD,CAAX,CAAiB9D,CAAA,CAAmBD,CAAnB,CAAwB,QAAQ,CAACgE,CAAD,CAAMC,CAAN,CAAe,CAC9D,MAAO,CAAC,UAAAC,KAAA,CAAgBN,CAAA,CAAcI,CAAd,CAAmBC,CAAnB,CAAhB,CADsD,CAA/C,CAAjB,CAGA,OAAOjE,EAAAI,KAAA,CAAS,EAAT,CALa,CAJ8B,CAA1C,CA4CZ,KAAA+D,UAAA,CAAiBC,QAAQ,CAACD,CAAD,CAAY,CACnC,MAAIzD,EAAA,CAAUyD,CAAV,CAAJ,EACET,CACO,CADMS,CACN,CAAA,IAFT,EAIST,CAL0B,CAarCnD,EAAA,CAAOV,CAAAU,KACPC,EAAA,CAASX,CAAAW,OACTC,EAAA,CAAUZ,CAAAY,QACVC,EAAA,CAAYb,CAAAa,UACZC,EAAA,CAAYd,CAAAc,UACZR,EAAA,CAAON,CAAAM,KAEPU,EAAA,CAmIAwD,QAAuB,CAACN,CAAD,CAAOO,CAAP,CAAgB,CACxB,IAAb,GAAIP,CAAJ,EAA8BQ,IAAAA,EAA9B,GAAqBR,CAArB,CACEA,CADF,CACS,EADT,CAE2B,QAF3B,GAEW,MAAOA,EAFlB,GAGEA,CAHF,CAGS,EAHT,CAGcA,CAHd,CAKAS,EAAAC,UAAA,CAA6BV,CAG7B,KAAIW,EAAe,CACnB,GAAG,CACD,GAAqB,CAArB,GAAIA,CAAJ,CACE,KAAMrE,EAAA,CAAgB,QAAhB,CAAN,CAEFqE,CAAA,EAGI9E,EAAA+E,SAAAC,aAAJ,EACErC,CAAA,CAAmBiC,CAAnB,CAEFT,EAAA,CAAOS,CAAAC,UACPD,EAAAC,UAAA,CAA6BV,CAX5B,CAAH,MAYSA,CAZT,GAYkBS,CAAAC,UAZlB,CAeA,KADIjC,CACJ,CADWgC,CAAApB,WACX,CAAOZ,CAAP,CAAA,CAAa,CACX,OAAQA,CAAAC,SAAR,EACE,KAAK,CAAL,CACE6B,CAAAO,MAAA,CAAcrC,CAAAsC,SAAA9B,YAAA,EAAd;AAA2CvB,CAAA,CAAUe,CAAAI,WAAV,CAA3C,CACA,MACF,MAAK,CAAL,CACE0B,CAAAvE,MAAA,CAAcyC,CAAAuC,YAAd,CALJ,CASA,IAAI5B,CACJ,IAAM,EAAAA,CAAA,CAAWX,CAAAY,WAAX,CAAN,GACwB,CAIjBD,GAJDX,CAAAC,SAICU,EAHHmB,CAAAU,IAAA,CAAYxC,CAAAsC,SAAA9B,YAAA,EAAZ,CAGGG,CADLA,CACKA,CADME,CAAA,CAAiB,aAAjB,CAAgCb,CAAhC,CACNW,CAAAA,CAAAA,CALP,EAMI,IAAA,CAAmB,IAAnB,EAAOA,CAAP,CAAA,CAAyB,CACvBX,CAAA,CAAOa,CAAA,CAAiB,YAAjB,CAA+Bb,CAA/B,CACP,IAAIA,CAAJ,GAAagC,CAAb,CAA+B,KAC/BrB,EAAA,CAAWE,CAAA,CAAiB,aAAjB,CAAgCb,CAAhC,CACW,EAAtB,GAAIA,CAAAC,SAAJ,EACE6B,CAAAU,IAAA,CAAYxC,CAAAsC,SAAA9B,YAAA,EAAZ,CALqB,CAU7BR,CAAA,CAAOW,CA3BI,CA8Bb,IAAA,CAAQX,CAAR,CAAegC,CAAApB,WAAf,CAAA,CACEoB,CAAAS,YAAA,CAA6BzC,CAA7B,CAxDmC,CAlIvCvC,EAAA,CAwOAiF,QAA+B,CAAClF,CAAD,CAAMmF,CAAN,CAAoB,CACjD,IAAIC,EAAuB,CAAA,CAA3B,CACIC,EAAM9E,CAAA,CAAKP,CAAL,CAAUA,CAAAsF,KAAV,CACV,OAAO,CACLT,MAAOA,QAAQ,CAACU,CAAD,CAAM7D,CAAN,CAAa,CAC1B6D,CAAA,CAAM5E,CAAA,CAAU4E,CAAV,CACDH,EAAAA,CAAL,EAA6BI,CAAA,CAAgBD,CAAhB,CAA7B,GACEH,CADF,CACyBG,CADzB,CAGKH,EAAL,EAAoD,CAAA,CAApD,GAA6BvB,CAAA,CAAc0B,CAAd,CAA7B,GACEF,CAAA,CAAI,GAAJ,CAcA,CAbAA,CAAA,CAAIE,CAAJ,CAaA,CAZA9E,CAAA,CAAQiB,CAAR,CAAe,QAAQ,CAACK,CAAD,CAAQ0D,CAAR,CAAa,CAClC,IAAIC,EAAO/E,CAAA,CAAU8E,CAAV,CAAX,CACIxB,EAAmB,KAAnBA,GAAWsB,CAAXtB,EAAqC,KAArCA,GAA4ByB,CAA5BzB,EAAyD,YAAzDA;AAAgDyB,CAC3B,EAAA,CAAzB,GAAIC,CAAA,CAAWD,CAAX,CAAJ,EACsB,CAAA,CADtB,GACGE,CAAA,CAASF,CAAT,CADH,EAC8B,CAAAP,CAAA,CAAapD,CAAb,CAAoBkC,CAApB,CAD9B,GAEEoB,CAAA,CAAI,GAAJ,CAIA,CAHAA,CAAA,CAAII,CAAJ,CAGA,CAFAJ,CAAA,CAAI,IAAJ,CAEA,CADAA,CAAA,CAAIrD,CAAA,CAAeD,CAAf,CAAJ,CACA,CAAAsD,CAAA,CAAI,GAAJ,CANF,CAHkC,CAApC,CAYA,CAAAA,CAAA,CAAI,GAAJ,CAfF,CAL0B,CADvB,CAwBLL,IAAKA,QAAQ,CAACO,CAAD,CAAM,CACjBA,CAAA,CAAM5E,CAAA,CAAU4E,CAAV,CACDH,EAAL,EAAoD,CAAA,CAApD,GAA6BvB,CAAA,CAAc0B,CAAd,CAA7B,EAAkF,CAAA,CAAlF,GAA4DM,CAAA,CAAaN,CAAb,CAA5D,GACEF,CAAA,CAAI,IAAJ,CAEA,CADAA,CAAA,CAAIE,CAAJ,CACA,CAAAF,CAAA,CAAI,GAAJ,CAHF,CAMIE,EAAJ,EAAWH,CAAX,GACEA,CADF,CACyB,CAAA,CADzB,CARiB,CAxBd,CAoCLrF,MAAOA,QAAQ,CAACA,CAAD,CAAQ,CAChBqF,CAAL,EACEC,CAAA,CAAIrD,CAAA,CAAejC,CAAf,CAAJ,CAFmB,CApClB,CAH0C,CAtOnDa,EAAA,CAAehB,CAAA8C,KAAAoD,UAAAC,SAAf,EAA8D,QAAQ,CAACC,CAAD,CAAM,CAE1E,MAAO,CAAG,EAAA,IAAAC,wBAAA,CAA6BD,CAA7B,CAAA,CAAoC,EAApC,CAFgE,CAtEjD,KA4EvB9D,EAAwB,iCA5ED,CA8EzBI,EAA0B,cA9ED,CAuFvBuD,EAAe5E,CAAA,CAAM,wBAAN,CAvFQ,CA2FvBiF,EAA8BjF,CAAA,CAAM,gDAAN,CA3FP,CA4FvBkF,EAA+BlF,CAAA,CAAM,OAAN,CA5FR,CA6FvBmF,EAAyB5F,CAAA,CAAO,EAAP,CACe2F,CADf,CAEeD,CAFf,CA7FF,CAkGvBG,EAAgB7F,CAAA,CAAO,EAAP,CAAW0F,CAAX,CAAwCjF,CAAA,CAAM,qKAAN,CAAxC,CAlGO;AAuGvBqF,EAAiB9F,CAAA,CAAO,EAAP,CAAW2F,CAAX,CAAyClF,CAAA,CAAM,2JAAN,CAAzC,CAvGM,CA+GvB6C,EAAc7C,CAAA,CAAM,wNAAN,CA/GS,CAoHvBuE,EAAkBvE,CAAA,CAAM,cAAN,CApHK,CAsHvB4C,EAAgBrD,CAAA,CAAO,EAAP,CACeqF,CADf,CAEeQ,CAFf,CAGeC,CAHf,CAIeF,CAJf,CAtHO,CA6HvBR,EAAW3E,CAAA,CAAM,8CAAN,CA7HY,CA+HvBsF,EAAYtF,CAAA,CAAM,kTAAN,CA/HW;AAuIvBuF,EAAWvF,CAAA,CAAM,guCAAN;AAcoE,CAAA,CAdpE,CAvIY,CAuJvB0E,EAAanF,CAAA,CAAO,EAAP,CACeoF,CADf,CAEeY,CAFf,CAGeD,CAHf,CAvJU,CAoKvB/B,CACH,UAAQ,CAAC5E,CAAD,CAAS,CAEhB,GAAIA,CAAA+E,SAAJ,EAAuB/E,CAAA+E,SAAA8B,eAAvB,CACEC,CAAA,CAAM9G,CAAA+E,SAAA8B,eAAAE,mBAAA,CAAkD,OAAlD,CADR,KAGE,MAAMtG,EAAA,CAAgB,SAAhB,CAAN,CAGF,IAAIuG,EAAeC,CADFH,CAAAI,gBACED,EADqBH,CAAAK,mBAAA,EACrBF,sBAAA,CAAgC,MAAhC,CAGS,EAA5B,GAAID,CAAApF,OAAJ,CACEgD,CADF,CACqBoC,CAAA,CAAa,CAAb,CADrB,EAGM7C,CAGJ,CAHW2C,CAAAM,cAAA,CAAkB,MAAlB,CAGX,CAFAxC,CAEA,CAFmBkC,CAAAM,cAAA,CAAkB,MAAlB,CAEnB,CADAjD,CAAAkD,YAAA,CAAiBzC,CAAjB,CACA,CAAAkC,CAAAO,YAAA,CAAgBlD,CAAhB,CANF,CAXgB,CAAjB,CAAD,CAmBGnE,CAnBH,CArK2B,CA8Y7B,CAAAsH,KAAA,CAEQ,CAAEC,eAAgB,OAAlB,CAFR,CAmIAtH,EAAAiB,OAAA,CAAe,YAAf,CAAAsG,OAAA,CAAoC,OAApC,CAA6C,CAAC,WAAD,CAAc,QAAQ,CAACC,CAAD,CAAY,CAAA,IACzEC,EACE,yFAFuE;AAGzEC,EAAgB,WAHyD,CAKzEC,EAAc3H,CAAAS,SAAA,CAAiB,OAAjB,CAL2D,CAMzEI,EAAYb,CAAAa,UAN6D,CAOzE+G,EAAa5H,CAAA4H,WAP4D,CAQzEC,EAAW7H,CAAA6H,SAR8D,CASzEC,EAAW9H,CAAA8H,SAEf,OAAO,SAAQ,CAACC,CAAD,CAAOC,CAAP,CAAejF,CAAf,CAA2B,CA6BxCkF,QAASA,EAAO,CAACF,CAAD,CAAO,CAChBA,CAAL,EAGA7D,CAAAuB,KAAA,CAAUxF,CAAA,CAAa8H,CAAb,CAAV,CAJqB,CAOvBG,QAASA,EAAO,CAACC,CAAD,CAAMJ,CAAN,CAAY,CAAA,IACtBnC,CADsB,CACjBwC,EAAiBC,CAAA,CAAaF,CAAb,CAC1BjE,EAAAuB,KAAA,CAAU,KAAV,CAEA,KAAKG,CAAL,GAAYwC,EAAZ,CACElE,CAAAuB,KAAA,CAAUG,CAAV,CAAgB,IAAhB,CAAuBwC,CAAA,CAAexC,CAAf,CAAvB,CAA6C,IAA7C,CAGE,EAAA/E,CAAA,CAAUmH,CAAV,CAAJ,EAA2B,QAA3B,EAAuCI,EAAvC,EACElE,CAAAuB,KAAA,CAAU,UAAV,CACUuC,CADV,CAEU,IAFV,CAIF9D,EAAAuB,KAAA,CAAU,QAAV,CACU0C,CAAA/F,QAAA,CAAY,IAAZ,CAAkB,QAAlB,CADV,CAEU,IAFV,CAGA6F,EAAA,CAAQF,CAAR,CACA7D,EAAAuB,KAAA,CAAU,MAAV,CAjB0B,CAnC5B,GAAY,IAAZ,EAAIsC,CAAJ,EAA6B,EAA7B,GAAoBA,CAApB,CAAiC,MAAOA,EACxC,IAAK,CAAAD,CAAA,CAASC,CAAT,CAAL,CAAqB,KAAMJ,EAAA,CAAY,WAAZ,CAA8DI,CAA9D,CAAN,CAYrB,IAVA,IAAIM,EACFT,CAAA,CAAW7E,CAAX,CAAA,CAAyBA,CAAzB,CACA8E,CAAA,CAAS9E,CAAT,CAAA,CAAuBuF,QAA4B,EAAG,CAAC,MAAOvF,EAAR,CAAtD,CACAwF,QAAiC,EAAG,CAAC,MAAO,EAAR,CAHtC,CAMIC,EAAMT,CANV,CAOI7D,EAAO,EAPX,CAQIiE,CARJ,CASIzG,CACJ,CAAQ+G,CAAR,CAAgBD,CAAAC,MAAA,CAAUhB,CAAV,CAAhB,CAAA,CAEEU,CAQA,CARMM,CAAA,CAAM,CAAN,CAQN,CANKA,CAAA,CAAM,CAAN,CAML;AANkBA,CAAA,CAAM,CAAN,CAMlB,GALEN,CAKF,EALSM,CAAA,CAAM,CAAN,CAAA,CAAW,SAAX,CAAuB,SAKhC,EAL6CN,CAK7C,EAHAzG,CAGA,CAHI+G,CAAAC,MAGJ,CAFAT,CAAA,CAAQO,CAAAG,OAAA,CAAW,CAAX,CAAcjH,CAAd,CAAR,CAEA,CADAwG,CAAA,CAAQC,CAAR,CAAaM,CAAA,CAAM,CAAN,CAAArG,QAAA,CAAiBsF,CAAjB,CAAgC,EAAhC,CAAb,CACA,CAAAc,CAAA,CAAMA,CAAAI,UAAA,CAAclH,CAAd,CAAkB+G,CAAA,CAAM,CAAN,CAAA9G,OAAlB,CAERsG,EAAA,CAAQO,CAAR,CACA,OAAOhB,EAAA,CAAUtD,CAAA3D,KAAA,CAAU,EAAV,CAAV,CA3BiC,CAXmC,CAAlC,CAA7C,CAxqB2B,CAA1B,CAAD,CA8uBGR,MA9uBH,CA8uBWA,MAAAC,QA9uBX;", +"sources":["angular-sanitize.js"], +"names":["window","angular","sanitizeText","chars","buf","htmlSanitizeWriter","writer","noop","join","$sanitizeMinErr","$$minErr","bind","extend","forEach","isDefined","lowercase","nodeContains","htmlParser","module","provider","$SanitizeProvider","toMap","str","lowercaseKeys","obj","items","split","i","length","attrToMap","attrs","map","ii","attr","name","value","encodeEntities","replace","SURROGATE_PAIR_REGEXP","hi","charCodeAt","low","NON_ALPHANUMERIC_REGEXP","stripCustomNsAttrs","node","nodeType","Node","ELEMENT_NODE","attributes","l","attrNode","attrName","toLowerCase","lastIndexOf","removeAttributeNode","nextNode","firstChild","getNonDescendant","propName","call","outerHTML","outerText","svgEnabled","$get","$$sanitizeUri","validElements","svgElements","html","uri","isImage","test","enableSvg","this.enableSvg","htmlParserImpl","handler","undefined","inertBodyElement","innerHTML","mXSSAttempts","document","documentMode","start","nodeName","textContent","end","removeChild","htmlSanitizeWriterImpl","uriValidator","ignoreCurrentElement","out","push","tag","blockedElements","key","lkey","validAttrs","uriAttrs","voidElements","prototype","contains","arg","compareDocumentPosition","optionalEndTagBlockElements","optionalEndTagInlineElements","optionalEndTagElements","blockElements","inlineElements","htmlAttrs","svgAttrs","implementation","doc","createHTMLDocument","bodyElements","getElementsByTagName","documentElement","getDocumentElement","createElement","appendChild","info","angularVersion","filter","$sanitize","LINKY_URL_REGEXP","MAILTO_REGEXP","linkyMinErr","isFunction","isObject","isString","text","target","addText","addLink","url","linkAttributes","attributesFn","getAttributesObject","getEmptyAttributesObject","raw","match","index","substr","substring"] +} diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/bower.json b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/bower.json new file mode 100644 index 00000000000..f4b46c9bafc --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/bower.json @@ -0,0 +1,10 @@ +{ + "name": "angular-sanitize", + "version": "1.6.4", + "license": "MIT", + "main": "./angular-sanitize.js", + "ignore": [], + "dependencies": { + "angular": "1.6.4" + } +} diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/index.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/index.js new file mode 100644 index 00000000000..dd5d22e4a5b --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/index.js @@ -0,0 +1,2 @@ +require('./angular-sanitize'); +module.exports = 'ngSanitize'; diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/package.json b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/package.json new file mode 100644 index 00000000000..6739401d7cb --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-sanitize/package.json @@ -0,0 +1,33 @@ +{ + "name": "angular-sanitize", + "version": "1.6.4", + "description": "AngularJS module for sanitizing HTML", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "repository": { + "type": "git", + "url": "https://github.com/angular/angular.js.git" + }, + "keywords": [ + "angular", + "framework", + "browser", + "html", + "client-side" + ], + "author": "Angular Core Team ", + "license": "MIT", + "bugs": { + "url": "https://github.com/angular/angular.js/issues" + }, + "homepage": "http://angularjs.org", + "jspm": { + "shim": { + "angular-sanitize": { + "deps": ["angular"] + } + } + } +} diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate-loader-url/README.md b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate-loader-url/README.md new file mode 100644 index 00000000000..a3c5374e691 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate-loader-url/README.md @@ -0,0 +1,29 @@ +# angular-translate-loader-url (bower shadow repository) + +This is the _Bower shadow_ repository for *angular-translate-loader-url*. + +## Bugs and issues + +Please file any issues and bugs in our main repository at [angular-translate/angular-translate](https://github.com/angular-translate/angular-translate/issues). + +## Usage + +### via Bower + +```bash +$ bower install angular-translate-loader-url +``` + +### via NPM + +```bash +$ npm install angular-translate-loader-url +``` + +### via cdnjs + +Please have a look at https://cdnjs.com/libraries/angular-translate-loader-url for specific versions. + +## License + +Licensed under MIT. See more details at [angular-translate/angular-translate](https://github.com/angular-translate/angular-translate). diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate-loader-url/angular-translate-loader-url.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate-loader-url/angular-translate-loader-url.js new file mode 100644 index 00000000000..e71c8bdbaf0 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate-loader-url/angular-translate-loader-url.js @@ -0,0 +1,73 @@ +/*! + * angular-translate - v2.15.1 - 2017-03-04 + * + * Copyright (c) 2017 The angular-translate team, Pascal Precht; Licensed MIT + */ +(function (root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module unless amdModuleId is set + define([], function () { + return (factory()); + }); + } else if (typeof exports === 'object') { + // Node. Does not work with strict CommonJS, but + // only CommonJS-like environments that support module.exports, + // like Node. + module.exports = factory(); + } else { + factory(); + } +}(this, function () { + +$translateUrlLoader.$inject = ['$q', '$http']; +angular.module('pascalprecht.translate') +/** + * @ngdoc object + * @name pascalprecht.translate.$translateUrlLoader + * @requires $q + * @requires $http + * + * @description + * Creates a loading function for a typical dynamic url pattern: + * "locale.php?lang=en_US", "locale.php?lang=de_DE", "locale.php?language=nl_NL" etc. + * Prefixing the specified url, the current requested, language id will be applied + * with "?{queryParameter}={key}". + * Using this service, the response of these urls must be an object of + * key-value pairs. + * + * @param {object} options Options object, which gets the url, key and + * optional queryParameter ('lang' is used by default). + */ +.factory('$translateUrlLoader', $translateUrlLoader); + +function $translateUrlLoader($q, $http) { + + 'use strict'; + + return function (options) { + + if (!options || !options.url) { + throw new Error('Couldn\'t use urlLoader since no url is given!'); + } + + var requestParams = {}; + + requestParams[options.queryParameter || 'lang'] = options.key; + + return $http(angular.extend({ + url: options.url, + params: requestParams, + method: 'GET' + }, options.$http)) + .then(function(result) { + return result.data; + }, function () { + return $q.reject(options.key); + }); + }; +} + +$translateUrlLoader.displayName = '$translateUrlLoader'; +return 'pascalprecht.translate'; + +})); diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate-loader-url/angular-translate-loader-url.min.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate-loader-url/angular-translate-loader-url.min.js new file mode 100644 index 00000000000..3d955c755dd --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate-loader-url/angular-translate-loader-url.min.js @@ -0,0 +1,6 @@ +/*! + * angular-translate - v2.15.1 - 2017-03-04 + * + * Copyright (c) 2017 The angular-translate team, Pascal Precht; Licensed MIT + */ +!function(a,b){"function"==typeof define&&define.amd?define([],function(){return b()}):"object"==typeof exports?module.exports=b():b()}(this,function(){function a(a,b){"use strict";return function(c){if(!c||!c.url)throw new Error("Couldn't use urlLoader since no url is given!");var d={};return d[c.queryParameter||"lang"]=c.key,b(angular.extend({url:c.url,params:d,method:"GET"},c.$http)).then(function(a){return a.data},function(){return a.reject(c.key)})}}return a.$inject=["$q","$http"],angular.module("pascalprecht.translate").factory("$translateUrlLoader",a),a.displayName="$translateUrlLoader","pascalprecht.translate"}); \ No newline at end of file diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate-loader-url/bower.json b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate-loader-url/bower.json new file mode 100644 index 00000000000..7a20af9b0e5 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate-loader-url/bower.json @@ -0,0 +1,12 @@ +{ + "name": "angular-translate-loader-url", + "description": "A plugin for Angular Translate", + "version": "2.15.1", + "main": "./angular-translate-loader-url.js", + "ignore": [], + "author": "Pascal Precht", + "license": "MIT", + "dependencies": { + "angular-translate": "~2.15.1" + } +} diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate-loader-url/package.json b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate-loader-url/package.json new file mode 100644 index 00000000000..693175e5b19 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate-loader-url/package.json @@ -0,0 +1,24 @@ +{ + "name": "angular-translate-loader-url", + "version": "2.15.1", + "description": "Creates a loading function for a typical dynamic url pattern: \"locale.php?lang=en_US\", \"locale.php?lang=de_DE\", \"locale.php?language=nl_NL\" etc. Prefixing the specified url, the current requested, language id will be applied with \"?{queryParameter}={key}\". Using this service, the response of these urls must be an object of key-value pairs.", + "main": "angular-translate-loader-url.js", + "repository": { + "type": "git", + "url": "https://github.com/angular-translate/bower-angular-translate-loader-url.git" + }, + "keywords": [ + "angular", + "translate", + "loader" + ], + "author": "Pascal Precht", + "license": "MIT", + "bugs": { + "url": "https://github.com/angular-translate/angular-translate/issues" + }, + "homepage": "https://angular-translate.github.io", + "dependencies": { + "angular-translate": "~2.15.1" + } +} diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/.npmignore b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/.npmignore new file mode 100644 index 00000000000..a2b37487e87 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/.npmignore @@ -0,0 +1,26 @@ +/bower_components/ +/build_tools/ +/demo/ +/docs/ +/identity/ +/src/ +/test/ +/test_scopes/ +/tmp +/.bowerrc +/.editorconfig +/.jshintrc +/.github +/.travis.yml +/bower.json +/CONTRIBUTING.md +/*.sh +/*.js +/*.png +/build/ + +# IntelliJ stuff +.idea +*.iml +# Eclipse (plugins) +/atlassian-ide-plugin.xml diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/.nvmrc b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/.nvmrc new file mode 100644 index 00000000000..12e41412939 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/.nvmrc @@ -0,0 +1 @@ +6.9 diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/CHANGELOG.md b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/CHANGELOG.md new file mode 100644 index 00000000000..bb2f665ee2c --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/CHANGELOG.md @@ -0,0 +1,916 @@ + +## [2.15.1](https://github.com/angular-translate/angular-translate/compare/2.15.0...v2.15.1) (2017-03-04) + + +### Bug Fixes + +* **cloak:** fix missing decloak introduced by optimize [#1694](https://github.com/angular-translate/angular-translate/issues/1694) ([a9ec123](https://github.com/angular-translate/angular-translate/commit/a9ec123)), closes [#1705](https://github.com/angular-translate/angular-translate/issues/1705) + + + + +# [2.15.0](https://github.com/angular-translate/angular-translate/compare/2.14.0...v2.15.0) (2017-02-27) + + +### Features + +* **cookies:** use $cookies (1.4+) or $cookieStore (<1.4) ([51330f5](https://github.com/angular-translate/angular-translate/commit/51330f5)) +* **filter:** ensure no this==undefined will be injected ([5cb94cb](https://github.com/angular-translate/angular-translate/commit/5cb94cb)) + + + + +# [2.14.0](https://github.com/angular-translate/angular-translate/compare/2.13.1...v2.14.0) (2017-02-11) + + +### Bug Fixes + +* **$translate:** reassign language promises in refresh, update translation tables at the appropriate time, and simplify the routine ([351eb8f](https://github.com/angular-translate/angular-translate/commit/351eb8f)) +* **$translatePartialLoader:** prevent duplicate simultaneous HTTP requests ([8b2cea8](https://github.com/angular-translate/angular-translate/commit/8b2cea8)) +* **service:** add explicit promise rejection handler for $translate.use ([f4dc14a](https://github.com/angular-translate/angular-translate/commit/f4dc14a)) +* **service:** avoid sanitize/esape calls on null/undefined param values ([331e0dd](https://github.com/angular-translate/angular-translate/commit/331e0dd)) +* **service:** fix missing promise rejection handlers ([776993b](https://github.com/angular-translate/angular-translate/commit/776993b)) +* **staticFilesLoader:** do not use empty string as $http params ([ac2a038](https://github.com/angular-translate/angular-translate/commit/ac2a038)), closes [#1646](https://github.com/angular-translate/angular-translate/issues/1646) +* **tests:** rewrite tests for AJS 1.6 compatibility ([7c9d2c9](https://github.com/angular-translate/angular-translate/commit/7c9d2c9)) +* **translate:** handle null translation ([1e57b4f](https://github.com/angular-translate/angular-translate/commit/1e57b4f)), closes [#665](https://github.com/angular-translate/angular-translate/issues/665) +* **translateCloak:** incorrect element reference, inappropriate decloak at onReady, inappropriate decloak at $translateChangeSuccess ([a4d2795](https://github.com/angular-translate/angular-translate/commit/a4d2795)) + + +### Features + +* **dependencies:** update to messageformat 1.0.2 ([d4a0468](https://github.com/angular-translate/angular-translate/commit/d4a0468)) +* **service:** add translationId as param of custom interpolation service interface ([5de40de](https://github.com/angular-translate/angular-translate/commit/5de40de)) +* **tests:** add current AngularJS 1.6 in test scopes ([d8abdc5](https://github.com/angular-translate/angular-translate/commit/d8abdc5)) + + + + +## [2.13.1](https://github.com/angular-translate/angular-translate/compare/2.13.0...v2.13.1) (2016-12-06) + + + + +# [2.13.0](https://github.com/angular-translate/angular-translate/compare/2.12.1...v2.13.0) (2016-10-30) + + +### Bug Fixes + +* **service:** fix .instant() not handling TrustedValueHolderType correctly ([1ede55e](https://github.com/angular-translate/angular-translate/commit/1ede55e)), closes [#1618](https://github.com/angular-translate/angular-translate/issues/1618) +* **service:** reject promise if handler returns undefined ([8fe6f23](https://github.com/angular-translate/angular-translate/commit/8fe6f23)), closes [#1600](https://github.com/angular-translate/angular-translate/issues/1600) +* **service:** return empty string when found in fallback ([d76227e](https://github.com/angular-translate/angular-translate/commit/d76227e)) + + +### Features + +* **sanitize:** sanitize override on instant call ([01fecd0](https://github.com/angular-translate/angular-translate/commit/01fecd0)) +* **service:** add $translate.getTranslationTable(langKey) ([40f9e35](https://github.com/angular-translate/angular-translate/commit/40f9e35)) +* **service:** add file map lookup into static-files loader ([132e49a](https://github.com/angular-translate/angular-translate/commit/132e49a)) +* **service:** add mf configurer [#1619](https://github.com/angular-translate/angular-translate/issues/1619) ([676114b](https://github.com/angular-translate/angular-translate/commit/676114b)) + + + + +## [2.12.1](https://github.com/angular-translate/angular-translate/compare/2.12.0...v2.12.1) (2016-09-15) + + +### Bug Fixes + +* **build:** Add missing translate-attr directive to Gruntfile.js ([e70e9ad](https://github.com/angular-translate/angular-translate/commit/e70e9ad)), closes [#1577](https://github.com/angular-translate/angular-translate/issues/1577) +* **style:** fix code style issues in ~-attr directive ([1848bc8](https://github.com/angular-translate/angular-translate/commit/1848bc8)) + + + + +# [2.12.0](https://github.com/angular-translate/angular-translate/compare/2.11.1...v2.12.0) (2016-09-05) + + +### Bug Fixes + +* **service:** fix infinite loop when fallback language async loading fails ([233f30c](https://github.com/angular-translate/angular-translate/commit/233f30c)) +* **service:** treat date param as-is (no sanitize/escape) ([ab1ecce](https://github.com/angular-translate/angular-translate/commit/ab1ecce)), closes [#1560](https://github.com/angular-translate/angular-translate/issues/1560) + + +### Features + +* **directive:** introduce standalone translate-attr directive ([bcb0f2c](https://github.com/angular-translate/angular-translate/commit/bcb0f2c)) +* **partial loader:** add error response to errorHandler ([e3aba1c](https://github.com/angular-translate/angular-translate/commit/e3aba1c)) +* **service:** introduce new sanitize strategies: sce/sceParameters ([1624df5](https://github.com/angular-translate/angular-translate/commit/1624df5)) +* **service:** provide for sanitize/escape strategy 3rd argument context ([8504c60](https://github.com/angular-translate/angular-translate/commit/8504c60)) + + + + +## [2.11.1](https://github.com/angular-translate/angular-translate/compare/2.11.0...v2.11.1) (2016-07-17) + + +### Bug Fixes + +* **dependencies:** Update messageformat to ~0.3.1 ([04e11c9](https://github.com/angular-translate/angular-translate/commit/04e11c9)) +* **grunt:** add work-around for uglify preserveComments as expected ([32cdedb](https://github.com/angular-translate/angular-translate/commit/32cdedb)), closes [#1461](https://github.com/angular-translate/angular-translate/issues/1461) +* **service:** allow instant function to also take care of post process configuration ([b7d7907](https://github.com/angular-translate/angular-translate/commit/b7d7907)) +* **service:** avoid sanitizing of functions ([492d8e5](https://github.com/angular-translate/angular-translate/commit/492d8e5)), closes [#1529](https://github.com/angular-translate/angular-translate/issues/1529) +* **service:** Correct descriptive ngdocs to match parameters on the service calls ([91711f7](https://github.com/angular-translate/angular-translate/commit/91711f7)) +* **service:** fix interpolation issue with non-string as input ([fa4a80e](https://github.com/angular-translate/angular-translate/commit/fa4a80e)), closes [#1511](https://github.com/angular-translate/angular-translate/issues/1511) +* **service:** fix lost of data in async loader / error in runtime ([5ee0c3e](https://github.com/angular-translate/angular-translate/commit/5ee0c3e)) + + +### Features + +* **directive:** introduce a global keepContent setting ([2015f79](https://github.com/angular-translate/angular-translate/commit/2015f79)) + + + + +# [2.11.0](https://github.com/angular-translate/angular-translate/compare/2.10.0...v2.11.0) (2016-03-20) + + +### Bug Fixes + +* **directive:** reduced number of watchers by applying translateLanguage watcher only when direc ([961fc92](https://github.com/angular-translate/angular-translate/commit/961fc92)) +* **service:** add missing hasOwnProperty check ([823afc0](https://github.com/angular-translate/angular-translate/commit/823afc0)) +* **service:** avoid try to load languages which are explicitly not wanted ([bde935e](https://github.com/angular-translate/angular-translate/commit/bde935e)), closes [#1390](https://github.com/angular-translate/angular-translate/issues/1390) +* **service:** fix edge-case with .use() and .preferredLanguage() ([02688f2](https://github.com/angular-translate/angular-translate/commit/02688f2)) +* **service:** translations for `forceLanguage` will be loaded on demand ([14bc956](https://github.com/angular-translate/angular-translate/commit/14bc956)), closes [#1389](https://github.com/angular-translate/angular-translate/issues/1389) + +### Features + +* **depenceny:** Update messageformat.js to current 0.3.0 release ([fb48f78](https://github.com/angular-translate/angular-translate/commit/fb48f78)) +* **directive:** introduce attr translate-keep-content ([b2cf8a3](https://github.com/angular-translate/angular-translate/commit/b2cf8a3)) +* **service:** add `$translate.resolveClientLocale()` (also at provider) ([d0469ac](https://github.com/angular-translate/angular-translate/commit/d0469ac)) +* **service:** add support for uniformLanguageTag('iso639-1') ([1e037ec](https://github.com/angular-translate/angular-translate/commit/1e037ec)), closes [#1181](https://github.com/angular-translate/angular-translate/issues/1181) +* **service:** improve messageformat.js output caching ([cb31608](https://github.com/angular-translate/angular-translate/commit/cb31608)) +* **service:** introduce getter returning available languages ([3988af0](https://github.com/angular-translate/angular-translate/commit/3988af0)), closes [#1304](https://github.com/angular-translate/angular-translate/issues/1304) +* **service:** introduce post processing for translations ([f0c4874](https://github.com/angular-translate/angular-translate/commit/f0c4874)) +* **service:** support for default translation in missingTranslationHandler ([8c5044c](https://github.com/angular-translate/angular-translate/commit/8c5044c)) + + + + +# [2.10.0](https://github.com/angular-translate/angular-translate/compare/2.9.2...v2.10.0) (2016-02-28) + + +### Bug Fixes + +* **service:** make the fallback $uses / $translate.use work in a correct manner ([7e71a5a](https://github.com/angular-translate/angular-translate/commit/7e71a5a)) + + + + +## [2.9.2](https://github.com/angular-translate/angular-translate/compare/2.9.1...v2.9.2) (2016-02-21) + + +### Bug Fixes + +* **package:** redefine dependency version range (AJS 1.5) ([94eb844](https://github.com/angular-translate/angular-translate/commit/94eb844)), closes [#1394](https://github.com/angular-translate/angular-translate/issues/1394) [#1395](https://github.com/angular-translate/angular-translate/issues/1395) [#1397](https://github.com/angular-translate/angular-translate/issues/1397) +* **package:** redefine dependency version range (AJS 1.5) (fixup) ([20da73d](https://github.com/angular-translate/angular-translate/commit/20da73d)), closes [#1394](https://github.com/angular-translate/angular-translate/issues/1394) [#1395](https://github.com/angular-translate/angular-translate/issues/1395) [#1397](https://github.com/angular-translate/angular-translate/issues/1397) +* **service:** avoid call stack size error, print proper message ([73ea6e3](https://github.com/angular-translate/angular-translate/commit/73ea6e3)) +* **service:** ensure fallback language can be selected as `$uses` ([40ad523](https://github.com/angular-translate/angular-translate/commit/40ad523)) +* **service:** remove invalid argument for promise.finally ([2d72908](https://github.com/angular-translate/angular-translate/commit/2d72908)) + + + + +## [2.9.1](https://github.com/angular-translate/angular-translate/compare/2.9.0...v2.9.1) (2016-02-13) + + +### Bug Fixes + +* **package:** redefine dependency version range (AJS 1.5) ([9ccce6b](https://github.com/angular-translate/angular-translate/commit/9ccce6b)), closes [#1394](https://github.com/angular-translate/angular-translate/issues/1394) [#1395](https://github.com/angular-translate/angular-translate/issues/1395) [#1397](https://github.com/angular-translate/angular-translate/issues/1397) + + + + +# [2.9.0](https://github.com/angular-translate/angular-translate/compare/2.8.1...v2.9.0) (2016-01-24) + + +### Bug Fixes + +* **$translate:** apply notFoundIndicators only when all configured language checked in $translate ([25b13c4](https://github.com/angular-translate/angular-translate/commit/25b13c4)), closes [#1314](https://github.com/angular-translate/angular-translate/issues/1314) +* **directive:** add additional watcher validating cloak ([e7536b5](https://github.com/angular-translate/angular-translate/commit/e7536b5)), closes [#1287](https://github.com/angular-translate/angular-translate/issues/1287) +* **directive:** enforce update on default text change only ([ea94acd](https://github.com/angular-translate/angular-translate/commit/ea94acd)) +* **docs:** correct all occurrences of language names PR #1243 ([5f89d55](https://github.com/angular-translate/angular-translate/commit/5f89d55)) +* **docs:** fix broken link ([e641fe4](https://github.com/angular-translate/angular-translate/commit/e641fe4)) +* **docs:** Fix some typos in spanish ([830a84b](https://github.com/angular-translate/angular-translate/commit/830a84b)) +* **docs:** refresh outdated link ([392cab0](https://github.com/angular-translate/angular-translate/commit/392cab0)) +* **package:** add missing run-scriptlet "clean-test-scopes" ([c22c727](https://github.com/angular-translate/angular-translate/commit/c22c727)) +* **service:** partial loader service refetches list of parts ([069eafd](https://github.com/angular-translate/angular-translate/commit/069eafd)), closes [#1326](https://github.com/angular-translate/angular-translate/issues/1326) + +### Features + +* **build:** update test scope "AJS 1.5" using rc0 ([26cdc05](https://github.com/angular-translate/angular-translate/commit/26cdc05)) +* **dependencies:** add `angular` as the required dependency ([475a9b6](https://github.com/angular-translate/angular-translate/commit/475a9b6)) +* **service:** expose `$translate.negotiateLocale` being public ([9247000](https://github.com/angular-translate/angular-translate/commit/9247000)) +* **service:** force language used for translating ([e591462](https://github.com/angular-translate/angular-translate/commit/e591462)) + + + + +## [2.8.1](https://github.com/angular-translate/angular-translate/compare/2.8.0...v2.8.1) (2015-10-01) + + +### Bug Fixes + +* **service:** Fix `$translate.isReady()` won't return true if ready ([b40a344](https://github.com/angular-translate/angular-translate/commit/b40a344)), closes [#1239](https://github.com/angular-translate/angular-translate/issues/1239) +* **service:** should not abort fallback languages (feature #1070) ([cc410b1](https://github.com/angular-translate/angular-translate/commit/cc410b1)), closes [#1070](https://github.com/angular-translate/angular-translate/issues/1070) + + + + +# [2.8.0](https://github.com/angular-translate/angular-translate/compare/2.7.2...2.8.0) (2015-09-18) + + +### Bug Fixes + +* **build:** ensure MessageFormat will be added correctly when using UMD ([f5e039c](https://github.com/angular-translate/angular-translate/commit/f5e039c)) +* **directive:** Fix behavior of translate-cloak timing ([a6adf47](https://github.com/angular-translate/angular-translate/commit/a6adf47)), closes [#929](https://github.com/angular-translate/angular-translate/issues/929) [#1175](https://github.com/angular-translate/angular-translate/issues/1175) +* **directive:** Fix special IE11 issue #925 ([c4b16d3](https://github.com/angular-translate/angular-translate/commit/c4b16d3)), closes [#925](https://github.com/angular-translate/angular-translate/issues/925) +* **docs:** avoid using absolute links in lang chooser #1136 ([2cdc902](https://github.com/angular-translate/angular-translate/commit/2cdc902)) +* **docs:** Fix more typos in CONTRIBUTING.md, add some infos about tests ([e88b990](https://github.com/angular-translate/angular-translate/commit/e88b990)) +* **docs:** Fix typo in CONTRIBUTING.md ([1c2ac47](https://github.com/angular-translate/angular-translate/commit/1c2ac47)) +* **docs:** Fix typo in zh-cn docs ([2a16eb6](https://github.com/angular-translate/angular-translate/commit/2a16eb6)) +* **service:** abort the last loader if not finished #1070 ([dd4a8b4](https://github.com/angular-translate/angular-translate/commit/dd4a8b4)) +* **service:** update storage before triggering $translateChangeSuccess ([77dd5a2](https://github.com/angular-translate/angular-translate/commit/77dd5a2)) +* **service provider:** change/fix return of preferredLanguage() ([6014a81](https://github.com/angular-translate/angular-translate/commit/6014a81)) + +### Features + +* **directive:** translate-namespace directive ([45523bb](https://github.com/angular-translate/angular-translate/commit/45523bb)) +* **loaders:** addition to e7516dc #1080 (disable legacy $http cbs) ([233a012](https://github.com/angular-translate/angular-translate/commit/233a012)) +* **loaders:** remove use of legacy methods on $http promises #1080 ([e7516dc](https://github.com/angular-translate/angular-translate/commit/e7516dc)) +* **meta:** enrich copyright header with a leagl person ([21da61c](https://github.com/angular-translate/angular-translate/commit/21da61c)) +* **sanitize:** Allow sanitize strategy defined as a service ([8a6cc07](https://github.com/angular-translate/angular-translate/commit/8a6cc07)) +* **service:** add option to customize the nested delimiter ([78161f8](https://github.com/angular-translate/angular-translate/commit/78161f8)) +* **service:** introduce `isReady()` and `onReady()` with event ([9a4bd0d](https://github.com/angular-translate/angular-translate/commit/9a4bd0d)) + + + + +## [2.7.2](https://github.com/angular-translate/angular-translate/compare/2.7.1...2.7.2) (2015-06-01) + + +### Bug Fixes + +* **directive:** ensure value of `translate` will be translated always ([454d702](https://github.com/angular-translate/angular-translate/commit/454d702)) +* **sanitization:** fix/workaround issue when jQuery is not available ([ef1b10a](https://github.com/angular-translate/angular-translate/commit/ef1b10a)) +* **service:** fix silence on error, add missing catch on `refresh()` ([f3ec956](https://github.com/angular-translate/angular-translate/commit/f3ec956)) +* **service:** fix silence on error, add missing catch on `refresh()` ([5a85a64](https://github.com/angular-translate/angular-translate/commit/5a85a64)) +* **service:** make provider's storageKey chainable ([de8c253](https://github.com/angular-translate/angular-translate/commit/de8c253)) + + + + +## [2.7.1](https://github.com/angular-translate/angular-translate/compare/2.7.0...2.7.1) (2015-06-01) + + +### Bug Fixes + +* **docs:** fix typo in $translateChangeSuccess ([89e2569](https://github.com/angular-translate/angular-translate/commit/89e2569)) +* **service:** handle error "this.replace is not a function" ([8616dca](https://github.com/angular-translate/angular-translate/commit/8616dca)) +* **service:** integrate translationCache into service distribution file ([2fcbc60](https://github.com/angular-translate/angular-translate/commit/2fcbc60)) + +### Features + +* **$translateProvider:** add a new option to force async reload ([bdee77f](https://github.com/angular-translate/angular-translate/commit/bdee77f)) + + + + +# [2.7.0](https://github.com/angular-translate/angular-translate/compare/2.6.1...2.7.0) (2015-05-02) + + +### Bug Fixes + +* **directive:** fix issue with `data-` prefixed attributes #954 ([ee253bc](https://github.com/angular-translate/angular-translate/commit/ee253bc)), closes [#954](https://github.com/angular-translate/angular-translate/issues/954) +* **directive:** fix translate-value-* weren't be available on init ([98e8279](https://github.com/angular-translate/angular-translate/commit/98e8279)) +* **directive:** fix wrong initial translation causing overloading ([657ed8a](https://github.com/angular-translate/angular-translate/commit/657ed8a)) +* **directive:** handle interpolation of undefined keys correctly in updateTranslations, fixes is ([3f7cf4c](https://github.com/angular-translate/angular-translate/commit/3f7cf4c)), closes [#971](https://github.com/angular-translate/angular-translate/issues/971) +* **directive:** Make interpolate message format work smoothly also on message format > 0.1.7 - f ([2533f2d](https://github.com/angular-translate/angular-translate/commit/2533f2d)), closes [#789](https://github.com/angular-translate/angular-translate/issues/789) +* **directive:** make translate-values interpolate correctly with newer MessageFormat.js ([887dc1b](https://github.com/angular-translate/angular-translate/commit/887dc1b)) +* **docs:** bug in "Flash of untranslated content" section ([af5d746](https://github.com/angular-translate/angular-translate/commit/af5d746)) +* **docs:** fix invalid link in directive ([985cfd5](https://github.com/angular-translate/angular-translate/commit/985cfd5)) +* **docs:** typo in module type ([f0527b1](https://github.com/angular-translate/angular-translate/commit/f0527b1)) +* **feat:** export module name improving usage module loaders #944 ([cb33f63](https://github.com/angular-translate/angular-translate/commit/cb33f63)) +* **messageformat:** add duck type check for numbers #789 ([bbc1cbe](https://github.com/angular-translate/angular-translate/commit/bbc1cbe)) +* **refresh:** it has to clear all tables if no language key is specified ([3cce795](https://github.com/angular-translate/angular-translate/commit/3cce795)) +* **service:** always remove stored ref for lang promises ([dbd5be9](https://github.com/angular-translate/angular-translate/commit/dbd5be9)), closes [#824](https://github.com/angular-translate/angular-translate/issues/824) [#969](https://github.com/angular-translate/angular-translate/issues/969) +* **service:** do not try to load a predefined fallback language ([3be14df](https://github.com/angular-translate/angular-translate/commit/3be14df)) +* **service:** fix an issue resolving after missing translations ([a13899f](https://github.com/angular-translate/angular-translate/commit/a13899f)) +* **service:** fix possible npe ([1aaab98](https://github.com/angular-translate/angular-translate/commit/1aaab98)) +* **test/refresh:** fix current table refreshing test ([a298ed8](https://github.com/angular-translate/angular-translate/commit/a298ed8)) + +### Features + +* **$translatePartialLoader:** accept function in urlTemplate ([401204a](https://github.com/angular-translate/angular-translate/commit/401204a)) +* **build:** introduce module definition ([00b73ff](https://github.com/angular-translate/angular-translate/commit/00b73ff)) +* **filter:** add new option `$translate.statefulFilter()` ([dec4bf3](https://github.com/angular-translate/angular-translate/commit/dec4bf3)) +* **missingTranslationHandlerFactory:** pass interpolationParams to missingTranslationHandlerFactory ([a361fd0](https://github.com/angular-translate/angular-translate/commit/a361fd0)) +* **sanitization:** refactored, fixed and extended sanitization #993 ([12dbc57](https://github.com/angular-translate/angular-translate/commit/12dbc57)), closes [#993](https://github.com/angular-translate/angular-translate/issues/993) +* **service:** add uniformLanguageTagResolver ([b534e1a](https://github.com/angular-translate/angular-translate/commit/b534e1a)) + +### Performance Improvements + +* **directive:** watch parameters only if exist ([f0e2585](https://github.com/angular-translate/angular-translate/commit/f0e2585)) + + +### BREAKING CHANGES + +* You will get a warning message when using the default setting (not escaping the content). +You can fix (and remove) this warning by explicit set a sanitization strategy +within your config phase configuring $translateProvider. Even configuring the `null` mode will let the +warning disapper. You are highly encouraged specifing any mode except `null` because of security concerns. + + + +## [2.6.1](https://github.com/angular-translate/angular-translate/compare/2.6.0...2.6.1) (2015-03-01) + + +### Bug Fixes + +* **bower spec:** fix bower main property #922 ([3a1ad10](https://github.com/angular-translate/angular-translate/commit/3a1ad10)), closes [#922](https://github.com/angular-translate/angular-translate/issues/922) +* **custom interpolator:** improve handling of interpolator ids which don't exist ([373b46f](https://github.com/angular-translate/angular-translate/commit/373b46f)) +* **static-files-loader:** fix multiple files definition (docu update) #923, pr #936 ([e637c01](https://github.com/angular-translate/angular-translate/commit/e637c01)), closes [#923](https://github.com/angular-translate/angular-translate/issues/923) [#936](https://github.com/angular-translate/angular-translate/issues/936) +* **static-files-loader:** fix multiple files definition #923 ([1b6256a](https://github.com/angular-translate/angular-translate/commit/1b6256a)), closes [#923](https://github.com/angular-translate/angular-translate/issues/923) + + + + +# [2.6.0](https://github.com/angular-translate/angular-translate/compare/2.5.2...2.6.0) (2015-02-08) + + +### Bug Fixes + +* **directive:** ensure internal watcher will be removed ([e69f4a1](https://github.com/angular-translate/angular-translate/commit/e69f4a1)) +* **directive:** fix minor memory leak ([5e4533a](https://github.com/angular-translate/angular-translate/commit/5e4533a)) +* **directive:** fix missing update using dynamic translationIds ([faebe19](https://github.com/angular-translate/angular-translate/commit/faebe19)), closes [#854](https://github.com/angular-translate/angular-translate/issues/854) +* **directive:** newlines before/after translation ids should be ignored ([8dcf3e2](https://github.com/angular-translate/angular-translate/commit/8dcf3e2)), closes [#909](https://github.com/angular-translate/angular-translate/issues/909) +* **directive, service:** return value of translate-default also in case fallback languages are used - rel ([fcd6b3e](https://github.com/angular-translate/angular-translate/commit/fcd6b3e)) +* **filter:** apply notFoundIndicators also for instant translations correctly ([5a9f436](https://github.com/angular-translate/angular-translate/commit/5a9f436)), closes [#866](https://github.com/angular-translate/angular-translate/issues/866) +* **service:** fallback languages follow shortcuts (fixes #758) ([cce897a](https://github.com/angular-translate/angular-translate/commit/cce897a)), closes [#758](https://github.com/angular-translate/angular-translate/issues/758) +* **service:** fix an issue with default interpolator and expressions ([75b7381](https://github.com/angular-translate/angular-translate/commit/75b7381)) +* **service:** use $window/$windowProvider instead of window ([bfa7b7b](https://github.com/angular-translate/angular-translate/commit/bfa7b7b)) + +### Features + +* **$translatePartialLoader:** adds optional priority param to the addPart function ([570617c](https://github.com/angular-translate/angular-translate/commit/570617c)) +* **directive:** add $translateProvider.directityPriority ([b0b7716](https://github.com/angular-translate/angular-translate/commit/b0b7716)) +* **loader:** support for multiple static translation files ([c462ee6](https://github.com/angular-translate/angular-translate/commit/c462ee6)) +* **service:** extend loader api: add isPartLoaded and getRegisteredParts to $translatePartialL ([54f8ab3](https://github.com/angular-translate/angular-translate/commit/54f8ab3)) + + + + +## [2.5.2](https://github.com/angular-translate/angular-translate/compare/2.5.0...2.5.2) (2014-12-10) + + +### Bug Fixes + +* **directive:** missing watch for expression within elements text nodes ([31c0356](https://github.com/angular-translate/angular-translate/commit/31c0356)), closes [#701](https://github.com/angular-translate/angular-translate/issues/701) + + + + +# [2.5.0](https://github.com/angular-translate/angular-translate/compare/2.4.2...2.5.0) (2014-12-07) + + +### Bug Fixes + +* **directive:** ensure directive's text will be parsed at least once ([49cfef0](https://github.com/angular-translate/angular-translate/commit/49cfef0)) +* **loader:** under circum understances translation table got lost ([df37381](https://github.com/angular-translate/angular-translate/commit/df37381)) +* **messageformat-interpolation:** fix support for messageformat 0.2.* ([ac8d5ed](https://github.com/angular-translate/angular-translate/commit/ac8d5ed)) +* **service:** apply fix for empty strings in `navigator.language` ([5b4edd9](https://github.com/angular-translate/angular-translate/commit/5b4edd9)) +* **service:** fix npe when resolving fallback language for `instant` ([7c09d89](https://github.com/angular-translate/angular-translate/commit/7c09d89)) + +### Features + +* **$translateUrlLoader:** allow to use custom query parameter name for url loader ([e360bf8](https://github.com/angular-translate/angular-translate/commit/e360bf8)) +* **module:** use same fallback for module.run when no storage key is set ([247253d](https://github.com/angular-translate/angular-translate/commit/247253d)), closes [#739](https://github.com/angular-translate/angular-translate/issues/739) +* **storage:** rename set() into put() ([ef6a613](https://github.com/angular-translate/angular-translate/commit/ef6a613)) + + +### BREAKING CHANGES + +* This marks storage.set() as deprecated. In the +next major release v3, the old method `set()` will be dropped in favor +of `put()`. +Relates #772 + + + +## [2.4.2](https://github.com/angular-translate/angular-translate/compare/2.4.1...2.4.2) (2014-10-21) + + +### Bug Fixes + +* **partialloader:** fix possible circular dependency ([25f252c](https://github.com/angular-translate/angular-translate/commit/25f252c)), closes [#766](https://github.com/angular-translate/angular-translate/issues/766) + +### Features + +* **directive:** translate attributes (optimize process flow) ([508fd32](https://github.com/angular-translate/angular-translate/commit/508fd32)) +* **directive:** translate attributes using directive ([1d06d2a](https://github.com/angular-translate/angular-translate/commit/1d06d2a)), closes [#568](https://github.com/angular-translate/angular-translate/issues/568) +* **directive:** translate-cloak supports optional value for cloaking ([f7ccb7f](https://github.com/angular-translate/angular-translate/commit/f7ccb7f)) + + + + +## [2.4.1](https://github.com/angular-translate/angular-translate/compare/2.4.0...2.4.1) (2014-10-03) + + +### Bug Fixes + +* **service:** add missing final event on new (async) translations ([22cc8b4](https://github.com/angular-translate/angular-translate/commit/22cc8b4)) +* **service:** constructor `useUrlLoader()` missed optional options ([22f5c4b](https://github.com/angular-translate/angular-translate/commit/22f5c4b)) +* **service, loaders:** the loader options ($http) have been merged wrong ([0c35a95](https://github.com/angular-translate/angular-translate/commit/0c35a95)), closes [#754](https://github.com/angular-translate/angular-translate/issues/754) [#547](https://github.com/angular-translate/angular-translate/issues/547) + + + + +# [2.4.0](https://github.com/angular-translate/angular-translate/compare/2.3.0...2.4.0) (2014-09-22) + + +### Bug Fixes + +* **filter:** interpolated params w/ scope aren't possible starting AJS1.3 ([9465318](https://github.com/angular-translate/angular-translate/commit/9465318)) +* **filter:** mark filter being stateful required since Angular 1.3 rc2 ([bffbf04](https://github.com/angular-translate/angular-translate/commit/bffbf04)) +* **service:** `$nextLang` should be not unset parallel loadings ([d1745e4](https://github.com/angular-translate/angular-translate/commit/d1745e4)), closes [#647](https://github.com/angular-translate/angular-translate/issues/647) +* **service:** avoid possible doubled requested on refresh() ([98d429d](https://github.com/angular-translate/angular-translate/commit/98d429d)) +* **service:** avoid possible npe in internal getTranslationTable() ([9aaa9a0](https://github.com/angular-translate/angular-translate/commit/9aaa9a0)) +* **service:** correctly iterate in fallback languages (fixes #690) ([ac2f35c](https://github.com/angular-translate/angular-translate/commit/ac2f35c)), closes [#690](https://github.com/angular-translate/angular-translate/issues/690) + +### Features + +* **loader:** apply support for loaderOptions.$http ([8613bef](https://github.com/angular-translate/angular-translate/commit/8613bef)) +* **loaders:** introduce loader cache ([b685601](https://github.com/angular-translate/angular-translate/commit/b685601)), closes [#529](https://github.com/angular-translate/angular-translate/issues/529) +* **service:** enrich events with the currently handled language key ([73b289d](https://github.com/angular-translate/angular-translate/commit/73b289d)) +* **service:** interpolate translationId in case of rejected translation ([3efaac5](https://github.com/angular-translate/angular-translate/commit/3efaac5)), closes [#730](https://github.com/angular-translate/angular-translate/issues/730) +* **service:** introduce `versionInfo` function ([e37d89c](https://github.com/angular-translate/angular-translate/commit/e37d89c)) +* **service:** prefer detecting language by `navigator.languages` #722 ([2204f4f](https://github.com/angular-translate/angular-translate/commit/2204f4f)) + + +### BREAKING CHANGES + +* Since filters are stateless and have no access to its scope anymore (see https://github.com/angular/angular.js/commit/8863b9d04c722b278fa93c5d66ad1e578ad6eb1f), a context must be given explicitly. This removes the feature of an interpolation based on the scope (context), even without the $rootScope. +However, the feature will still work in AJS <=1.2, so we won't remove it completely yet. Handle the feature as slightly deprecated. + + + +# [2.3.0](https://github.com/angular-translate/angular-translate/compare/2.2.0...2.3.0) (2014-09-16) + + +### Bug Fixes + +* **$translate:** return $missingTranslationHandler result when no translation was found ([7625951](https://github.com/angular-translate/angular-translate/commit/7625951)) +* **bower.json:** Avoid 'invalid-meta angular-bootstrap-affix is missing "ignore" entry in bower.j ([595501a](https://github.com/angular-translate/angular-translate/commit/595501a)), closes [bower/bower#1388](https://github.com/bower/bower/issues/1388) +* **demo:** fixes wrong method call in demo ([47fc943](https://github.com/angular-translate/angular-translate/commit/47fc943)) +* **directive:** change event for listening to `$translateChangeEnd` ([98fe649](https://github.com/angular-translate/angular-translate/commit/98fe649)), closes [#658](https://github.com/angular-translate/angular-translate/issues/658) +* **directive:** improve the cloak-directive's performance ([acab18a](https://github.com/angular-translate/angular-translate/commit/acab18a)) +* **docs:** fix example in directive ngdoc-documentation (fixes #678) ([176b3e9](https://github.com/angular-translate/angular-translate/commit/176b3e9)), closes [#678](https://github.com/angular-translate/angular-translate/issues/678) +* **docs:** Fix typo ([6c2ab30](https://github.com/angular-translate/angular-translate/commit/6c2ab30)) +* **package.json:** remove unnecessary relative paths from package.json ([8e5b87e](https://github.com/angular-translate/angular-translate/commit/8e5b87e)) +* **service:** add shim for indexOf and trim #638 ([b951fd5](https://github.com/angular-translate/angular-translate/commit/b951fd5)) +* **service:** addition of preferred language to fallback language stack is now preventing dupl ([b2bb166](https://github.com/angular-translate/angular-translate/commit/b2bb166)) +* **service:** load fallback languages also for instant and filter ([ed6023a](https://github.com/angular-translate/angular-translate/commit/ed6023a)) +* **service:** use hasOwnProperty of prototype #638 ([d8a5060](https://github.com/angular-translate/angular-translate/commit/d8a5060)) +* **storage:** fix 'DOM Exception 18' at feature detection ([75504cb](https://github.com/angular-translate/angular-translate/commit/75504cb)), closes [#629](https://github.com/angular-translate/angular-translate/issues/629) +* **storage:** fixup 75504cbe ([53a8bad](https://github.com/angular-translate/angular-translate/commit/53a8bad)) +* **translateService:** fixup/rewrite for b48f6bb (specs) ([45ac14d](https://github.com/angular-translate/angular-translate/commit/45ac14d)) +* **translateService:** prevent multiple XHR calls ([b48f6bb](https://github.com/angular-translate/angular-translate/commit/b48f6bb)) + +### Features + +* **directive:** add possibility to mix translation interpolation with other text in element body ([be62131](https://github.com/angular-translate/angular-translate/commit/be62131)), closes [#461](https://github.com/angular-translate/angular-translate/issues/461) + + + + +# [2.2.0](https://github.com/angular-translate/angular-translate/compare/2.1.0...2.2.0) (2014-06-03) + + +### Bug Fixes + +* **$translate:** checks modification ([b91e4de](https://github.com/angular-translate/angular-translate/commit/b91e4de)) +* **$translate:** if translation exists, use the translated string even if it's empty ([4ba736f](https://github.com/angular-translate/angular-translate/commit/4ba736f)) +* **$translate:** if translation exists, use the translated string even if it's empty ([eeb8c2a](https://github.com/angular-translate/angular-translate/commit/eeb8c2a)) +* **$translate:** use case-insensitive check for language key aliases ([09a8bf1](https://github.com/angular-translate/angular-translate/commit/09a8bf1)), closes [#431](https://github.com/angular-translate/angular-translate/issues/431) +* **$translate:** use case-insensitive check for language key aliases ([26ec308](https://github.com/angular-translate/angular-translate/commit/26ec308)), closes [#431](https://github.com/angular-translate/angular-translate/issues/431) +* **$translateProvider:** determinePreferredLanguage was not chainable ([7c29f2f](https://github.com/angular-translate/angular-translate/commit/7c29f2f)), closes [#487](https://github.com/angular-translate/angular-translate/issues/487) +* **$translateProvider:** fix comparison in one case of negotiateLocale() ([c2b94ca](https://github.com/angular-translate/angular-translate/commit/c2b94ca)) +* **$translateProvider:** fix comparison in one case of negotiateLocale() ([fe04c72](https://github.com/angular-translate/angular-translate/commit/fe04c72)) +* **demo:** correct demo of `translate-values` ([efa74fa](https://github.com/angular-translate/angular-translate/commit/efa74fa)) +* **demo:** correct demo of `translate-values` ([7de2ae2](https://github.com/angular-translate/angular-translate/commit/7de2ae2)) +* **demo:** use `.instant()` ([6bea192](https://github.com/angular-translate/angular-translate/commit/6bea192)) +* **directive:** Make translate-value-* work inside ng-if and ng-repeat ([e07eea7](https://github.com/angular-translate/angular-translate/commit/e07eea7)), closes [#433](https://github.com/angular-translate/angular-translate/issues/433) +* **directive:** Make translate-value-* work inside ng-if and ng-repeat ([f22624b](https://github.com/angular-translate/angular-translate/commit/f22624b)), closes [#433](https://github.com/angular-translate/angular-translate/issues/433) +* **docs:** removes explicit protocol declaration for assets ([eaa9bf7](https://github.com/angular-translate/angular-translate/commit/eaa9bf7)), closes [#513](https://github.com/angular-translate/angular-translate/issues/513) +* **gruntfile:** fix image link ([65fc8be](https://github.com/angular-translate/angular-translate/commit/65fc8be)) +* **package.json:** fix repository url ([40af7ce](https://github.com/angular-translate/angular-translate/commit/40af7ce)) +* **package.json:** fix repository url ([a410c9a](https://github.com/angular-translate/angular-translate/commit/a410c9a)) +* **partialLoader:** fixes deprecated usage of arguments.callee ([1ac3a0a](https://github.com/angular-translate/angular-translate/commit/1ac3a0a)) +* **service:** docs annotation ([8ef0415](https://github.com/angular-translate/angular-translate/commit/8ef0415)) +* **service:** docs annotation ([839c4e8](https://github.com/angular-translate/angular-translate/commit/839c4e8)) +* **service:** use the aliased language key if available ([675e9a2](https://github.com/angular-translate/angular-translate/commit/675e9a2)), closes [#530](https://github.com/angular-translate/angular-translate/issues/530) +* **storageLocal:** fixes QUOTAEXCEEDEDERROR (safari private browsing) ([59aa2a0](https://github.com/angular-translate/angular-translate/commit/59aa2a0)) +* fix npe on empty strings (trim()) ([c69de7b](https://github.com/angular-translate/angular-translate/commit/c69de7b)) +* **translateInterpolator:** make it work with 1.3-beta ([97e2241](https://github.com/angular-translate/angular-translate/commit/97e2241)) + +### Features + +* **directive:** add option to define a default translation text ([a802665](https://github.com/angular-translate/angular-translate/commit/a802665)) +* **directive:** add option to define a default translation text ([fc57d26](https://github.com/angular-translate/angular-translate/commit/fc57d26)) +* **directive:** Support for camel casing interpolation variables. ([b345041](https://github.com/angular-translate/angular-translate/commit/b345041)) +* **directive:** Support for camel casing interpolation variables. ([4791e25](https://github.com/angular-translate/angular-translate/commit/4791e25)) +* **messageformat-support:** enhancing for sanitization like default ([ad01686](https://github.com/angular-translate/angular-translate/commit/ad01686)) +* **missingFallbackDefaultText:** enables a feature to return a default text for displaying in case of missing tra ([f24b15e](https://github.com/angular-translate/angular-translate/commit/f24b15e)) +* **service:** add possibility to translate a set of translation ids ([612dc27](https://github.com/angular-translate/angular-translate/commit/612dc27)) +* **service:** add possibility to translate a set of translation ids ([57bd07c](https://github.com/angular-translate/angular-translate/commit/57bd07c)) +* **service:** allow using wildcards in language aliases ([6f0ae3b](https://github.com/angular-translate/angular-translate/commit/6f0ae3b)), closes [#426](https://github.com/angular-translate/angular-translate/issues/426) + + + + +## [2.0.1](https://github.com/angular-translate/angular-translate/compare/2.0.0...2.0.1) (2014-02-25) + + +### Bug Fixes + +* **$translate:** Ensuring that languages will be set based on the order they are requested, not t ([c909cd2](https://github.com/angular-translate/angular-translate/commit/c909cd2)) +* **$translate:** Ensuring that languages will be set based on the order they are requested, not t ([ebd62af](https://github.com/angular-translate/angular-translate/commit/ebd62af)) +* **$translate:** Ensuring that languages will be set based on the order they are requested, not t ([32e1851](https://github.com/angular-translate/angular-translate/commit/32e1851)) +* **instant:** $translate.instant(id) does not return correct fallback ([eec1d77](https://github.com/angular-translate/angular-translate/commit/eec1d77)) +* **instant:** fix possible npe in case of filters with undefineds ([61a9490](https://github.com/angular-translate/angular-translate/commit/61a9490)) +* **refresh:** fix bug in refresh if using partial loader ([95c43b4](https://github.com/angular-translate/angular-translate/commit/95c43b4)) + +### Features + +* **instant:** invoke missing handler within `$translate.instant(id)` ([aaf52b5](https://github.com/angular-translate/angular-translate/commit/aaf52b5)) + + + + +# [2.0.0](https://github.com/angular-translate/angular-translate/compare/1.1.1...2.0.0) (2014-02-16) + + +### Bug Fixes + +* ***:** jshint fixes ([1e3f8a6](https://github.com/angular-translate/angular-translate/commit/1e3f8a6)) +* **$translate:** check for fallbacklanguage ([321803d](https://github.com/angular-translate/angular-translate/commit/321803d)) +* **$translate:** Trim whitespace off translationId ([4939424](https://github.com/angular-translate/angular-translate/commit/4939424)) +* **$translatePartialLoader:** fixes docs annotation ([d6ea84b](https://github.com/angular-translate/angular-translate/commit/d6ea84b)) +* **demo:** fix server routes + add index page ([eb0a2dc](https://github.com/angular-translate/angular-translate/commit/eb0a2dc)) +* **demo:** links to demo resources updated to new locactions ([fddaa49](https://github.com/angular-translate/angular-translate/commit/fddaa49)) +* **deps:** add missing resolution ([a98a2f6](https://github.com/angular-translate/angular-translate/commit/a98a2f6)) +* **docs:** fixes links for languages ([265490f](https://github.com/angular-translate/angular-translate/commit/265490f)) +* **fallbackLanguage:** Fix fallback languages loading and applying ([4c5c47c](https://github.com/angular-translate/angular-translate/commit/4c5c47c)) +* **grunt:** includes translate-cloak directive ([84a59d2](https://github.com/angular-translate/angular-translate/commit/84a59d2)) +* avoid calls with empty translationId (sub issue of #298) ([08f087b](https://github.com/angular-translate/angular-translate/commit/08f087b)) +* fix npe introduced in 4939424a30 (#281) ([173a9bc](https://github.com/angular-translate/angular-translate/commit/173a9bc)), closes [(#281](https://github.com/(/issues/281) [#298](https://github.com/angular-translate/angular-translate/issues/298) +* **guide/ru,uk:** Fix uses->use in multi language ([af59c6a](https://github.com/angular-translate/angular-translate/commit/af59c6a)) +* **instant:** remove language-preload if there were used within instant ([9a3eda6](https://github.com/angular-translate/angular-translate/commit/9a3eda6)) +* **loader-static-files.js:** Now allows empty string as prefix and postfix. ([051f431](https://github.com/angular-translate/angular-translate/commit/051f431)) +* **service:** fallback languages could not load when using `instant()` ([26de486](https://github.com/angular-translate/angular-translate/commit/26de486)) +* **translateCloak:** makes jshint happy ([2058fd3](https://github.com/angular-translate/angular-translate/commit/2058fd3)) +* **translateDirective:** fixes bad coding convention ([d5db4ad](https://github.com/angular-translate/angular-translate/commit/d5db4ad)) + +### Features + +* **$translateProvider:** adds determinePreferredLanguage() ([7cbfabe](https://github.com/angular-translate/angular-translate/commit/7cbfabe)) +* **$translateProvider:** adds registerAvailableLanguagesKeys for negotiation ([6bef6bd](https://github.com/angular-translate/angular-translate/commit/6bef6bd)) +* **filter:** filter now use $translate.instant() since promises could not use ([a1b8a17](https://github.com/angular-translate/angular-translate/commit/a1b8a17)) +* **service:** add $translate.instant() for instant translations ([3a855eb](https://github.com/angular-translate/angular-translate/commit/3a855eb)) +* add an option for post processing compiling ([d5cd943](https://github.com/angular-translate/angular-translate/commit/d5cd943)) +* add option to html escape all values ([e042c44](https://github.com/angular-translate/angular-translate/commit/e042c44)) +* **translateCloak:** adds translate-cloak directive ([c125c56](https://github.com/angular-translate/angular-translate/commit/c125c56)) +* **translateDirective:** teaches directive custom translate-value-* attr ([5c27467](https://github.com/angular-translate/angular-translate/commit/5c27467)), closes [#188](https://github.com/angular-translate/angular-translate/issues/188) + + + + +## [1.1.1](https://github.com/angular-translate/angular-translate/compare/1.1.0...1.1.1) (2013-11-24) + + +### Bug Fixes + +* fixes encoding ([084f08c](https://github.com/angular-translate/angular-translate/commit/084f08c)) +* **docs:** fixes typo ([7e1c4e9](https://github.com/angular-translate/angular-translate/commit/7e1c4e9)) +* **docs:** fixes typo in landing page ([0b999ab](https://github.com/angular-translate/angular-translate/commit/0b999ab)) +* **grunt:** fixes missing storage-key ([635d290](https://github.com/angular-translate/angular-translate/commit/635d290)) +* **translateDirective:** fixes occuring 'translation id undefined' erros ([bb5a2c4](https://github.com/angular-translate/angular-translate/commit/bb5a2c4)) + +### Features + +* add option to html escape all values ([fe94c1f](https://github.com/angular-translate/angular-translate/commit/fe94c1f)) +* shortcuts and links\n\nShortcuts creates a shorter translationId if the last key ([f9f2cf2](https://github.com/angular-translate/angular-translate/commit/f9f2cf2)) +* Update required Node up `0.10` ([b7cf5f4](https://github.com/angular-translate/angular-translate/commit/b7cf5f4)) + + + + +# [1.1.0](https://github.com/angular-translate/angular-translate/compare/1.0.2...1.1.0) (2013-09-02) + + +### Bug Fixes + +* **translateDirective:** fixes bug that directive writes into scope ([4e06468](https://github.com/angular-translate/angular-translate/commit/4e06468)), closes [#128](https://github.com/angular-translate/angular-translate/issues/128) +* **translateDirective:** fixes scope handling ([c566586](https://github.com/angular-translate/angular-translate/commit/c566586)) +* **translateService:** reset proposed language if there's no pending loader ([6b477fc](https://github.com/angular-translate/angular-translate/commit/6b477fc)) + +### Features + +* **$translatePartialLoader:** Basic implementation ([81222bf](https://github.com/angular-translate/angular-translate/commit/81222bf)) +* **invalidate:** added invalidate() method ([d41f91e](https://github.com/angular-translate/angular-translate/commit/d41f91e)) +* **translateProvider:** makes methods chainable ([cdc9e9e](https://github.com/angular-translate/angular-translate/commit/cdc9e9e)) + + + + +## [1.0.2](https://github.com/angular-translate/angular-translate/compare/1.0.1...1.0.2) (2013-08-07) + + +### Bug Fixes + +* **fallbackLanguage:** fixes bug that fallbackLanguage is loaded without loader ([6aa3747](https://github.com/angular-translate/angular-translate/commit/6aa3747)) +* **translateService:** uses should only load if a loader is registered ([604daec](https://github.com/angular-translate/angular-translate/commit/604daec)) +* **typo:** remove unnecessary semicolon ([54cb232](https://github.com/angular-translate/angular-translate/commit/54cb232)) + + + + +## [1.0.1](https://github.com/angular-translate/angular-translate/compare/1.0.0...1.0.1) (2013-07-26) + + +### Bug Fixes + +* **demo:** change src to angular-translate script ([4be93b6](https://github.com/angular-translate/angular-translate/commit/4be93b6)) +* **dependency:** add 'angular-cookies' as bower devDependency ([b6f1426](https://github.com/angular-translate/angular-translate/commit/b6f1426)) +* **platolink:** deep link ([d368bf3](https://github.com/angular-translate/angular-translate/commit/d368bf3)) + + + + +# [1.0.0](https://github.com/angular-translate/angular-translate/compare/0.9.4...1.0.0) (2013-07-23) + + +### Bug Fixes + +* **docs:** fixes methodOf declaration of addInterpolation method ([f1eeba7](https://github.com/angular-translate/angular-translate/commit/f1eeba7)) +* **gh-pages:** plato report ([b85e19b](https://github.com/angular-translate/angular-translate/commit/b85e19b)) +* **tests:** travis CI ([c8624bf](https://github.com/angular-translate/angular-translate/commit/c8624bf)) +* **tests:** travis CI ([629bb8d](https://github.com/angular-translate/angular-translate/commit/629bb8d)) +* fixes gruntfile ([0d500db](https://github.com/angular-translate/angular-translate/commit/0d500db)) + +### Features + +* **messageformat-interpolation:** implements usage of messageformat ([5596e8b](https://github.com/angular-translate/angular-translate/commit/5596e8b)) +* **translateDirective:** teaches directives to use custom interpolation ([bf3dbbb](https://github.com/angular-translate/angular-translate/commit/bf3dbbb)) +* **translateFilter:** teaches filter to use custom interpolation ([46f03cc](https://github.com/angular-translate/angular-translate/commit/46f03cc)) +* **translateService:** adds method to configure indicators for not found translations ([52a039f](https://github.com/angular-translate/angular-translate/commit/52a039f)), closes [#77](https://github.com/angular-translate/angular-translate/issues/77) +* **translateService:** extracts default interpolation in standalone service ([5d8cb56](https://github.com/angular-translate/angular-translate/commit/5d8cb56)) +* **translateService:** implements proposedLanguage() ([6d34792](https://github.com/angular-translate/angular-translate/commit/6d34792)) +* **translateService:** implements usage of different interpolation services ([5e20e24](https://github.com/angular-translate/angular-translate/commit/5e20e24)) +* **translateService:** informs interpolator when locale has changed ([e59b141](https://github.com/angular-translate/angular-translate/commit/e59b141)) +* **translateService:** missingTranslationHandler receives language ([6fe6bb1](https://github.com/angular-translate/angular-translate/commit/6fe6bb1)) + + + + +## [0.9.4](https://github.com/angular-translate/angular-translate/compare/0.9.3...0.9.4) (2013-06-21) + + +### Bug Fixes + +* **translateService:** fixes missingTranslationHandler-invokation bug ([525b353](https://github.com/angular-translate/angular-translate/commit/525b353)), closes [#74](https://github.com/angular-translate/angular-translate/issues/74) + +### Features + +* **translateService:** removes empty options object requirement for loaders ([c09d1db](https://github.com/angular-translate/angular-translate/commit/c09d1db)) + + + + +## [0.9.3](https://github.com/angular-translate/angular-translate/compare/0.9.2...0.9.3) (2013-06-10) + + +### Features + +* **translateService:** let translate service handle multiple promises ([0e5d6d9](https://github.com/angular-translate/angular-translate/commit/0e5d6d9)), closes [#70](https://github.com/angular-translate/angular-translate/issues/70) + + + + +## [0.9.2](https://github.com/angular-translate/angular-translate/compare/0.9.1...0.9.2) (2013-05-30) + + +### Bug Fixes + +* fix bower.json ([c389882](https://github.com/angular-translate/angular-translate/commit/c389882)) + +### Features + +* **translateProvider:** add fallbackLanguage() method ([018991e](https://github.com/angular-translate/angular-translate/commit/018991e)), closes [#67](https://github.com/angular-translate/angular-translate/issues/67) + + + + +## [0.9.1](https://github.com/angular-translate/angular-translate/compare/0.9.0...0.9.1) (2013-05-25) + + +### Bug Fixes + +* **translate.js:** Allow blank translation values ([97591a8](https://github.com/angular-translate/angular-translate/commit/97591a8)) + + + + +# [0.9.0](https://github.com/angular-translate/angular-translate/compare/0.8.1...0.9.0) (2013-05-22) + + +### Features + +* **translateProvider:** add use*() methods for async loaders ([f2329cc](https://github.com/angular-translate/angular-translate/commit/f2329cc)), closes [#58](https://github.com/angular-translate/angular-translate/issues/58) + + + + +## [0.8.1](https://github.com/angular-translate/angular-translate/compare/0.8.0...0.8.1) (2013-05-16) + + +### Bug Fixes + +* **translate.js:** corrected typo ([82569f0](https://github.com/angular-translate/angular-translate/commit/82569f0)) + +### Features + +* **translateProvider:** add methods to use different missingTranslationHandlers ([f6ed3e3](https://github.com/angular-translate/angular-translate/commit/f6ed3e3)) + + +### BREAKING CHANGES + +* S: missingTranslationHandler is no longer supported since its functionality will be replaced with useMissingTranslationHandlerLog. + + + +# [0.8.0](https://github.com/angular-translate/angular-translate/compare/0.7.1...0.8.0) (2013-05-14) + + + + + +## [0.7.1](https://github.com/angular-translate/angular-translate/compare/0.7.0...0.7.1) (2013-05-13) + + +### Features + +* **chore:** rename ngTranslate folder to src ([65012d9](https://github.com/angular-translate/angular-translate/commit/65012d9)) + + + + +# [0.7.0](https://github.com/angular-translate/angular-translate/compare/0.6.0...0.7.0) (2013-05-12) + + +### Bug Fixes + +* **directive:** trim off white space around element.text() ([e10173a](https://github.com/angular-translate/angular-translate/commit/e10173a)) +* **tests:** Fix preferredLanguage tests ([73efcfc](https://github.com/angular-translate/angular-translate/commit/73efcfc)) +* **tests:** fix tests for preferredLanguage() ([f1b5084](https://github.com/angular-translate/angular-translate/commit/f1b5084)) +* **tests:** Old values won't be ignored, so they have to be discarded ([625b1d6](https://github.com/angular-translate/angular-translate/commit/625b1d6)) + +### Features + +* nested objects will be transformed when using `$translateProvider.translations` ([b15cee4](https://github.com/angular-translate/angular-translate/commit/b15cee4)) +* **docs:** add documentation comments ([b1efbca](https://github.com/angular-translate/angular-translate/commit/b1efbca)) +* **storageKey:** add a storageKey method ([dabf822](https://github.com/angular-translate/angular-translate/commit/dabf822)) +* **translateProvider:** add a preferredLanguage property ([563e9bf](https://github.com/angular-translate/angular-translate/commit/563e9bf)) +* **translateProvider:** add storagePrefix() method ([64cd99b](https://github.com/angular-translate/angular-translate/commit/64cd99b)) +* **translateProvider:** add useLoaderFactory() as shortcut method ([2915e8b](https://github.com/angular-translate/angular-translate/commit/2915e8b)) +* **translateProvider:** make translationTable extendable ([8e3a455](https://github.com/angular-translate/angular-translate/commit/8e3a455)), closes [#33](https://github.com/angular-translate/angular-translate/issues/33) +* **translateProvider:** missingTranslationHandler ([3a5819e](https://github.com/angular-translate/angular-translate/commit/3a5819e)) +* **translateService:** add storage() method ([98c2b12](https://github.com/angular-translate/angular-translate/commit/98c2b12)) + + +### BREAKING CHANGES + +* The $STORAGE_KEY isn't represent a current storage key +from now. To discover which key is used now you have to call the storageKey +method without params. + + + +# [0.6.0](https://github.com/angular-translate/angular-translate/compare/0.5.2...0.6.0) (2013-05-03) + + +### Features + +* **ngmin:** add grunt-ngmin ([f630958](https://github.com/angular-translate/angular-translate/commit/f630958)), closes [#20](https://github.com/angular-translate/angular-translate/issues/20) + + + + +## [0.5.2](https://github.com/angular-translate/angular-translate/compare/0.5.1...0.5.2) (2013-04-30) + + +### Bug Fixes + +* **translateDirective:** check for truthy value in watch callback ([98087c7](https://github.com/angular-translate/angular-translate/commit/98087c7)), closes [#18](https://github.com/angular-translate/angular-translate/issues/18) + + + + +## [0.5.1](https://github.com/angular-translate/angular-translate/compare/0.5.0...0.5.1) (2013-04-29) + + +### Features + +* **.bowerrc:** add .bowerrc ([42363ee](https://github.com/angular-translate/angular-translate/commit/42363ee)), closes [#16](https://github.com/angular-translate/angular-translate/issues/16) +* **.jshintrc:** add .jshintrc ([0c8d3da](https://github.com/angular-translate/angular-translate/commit/0c8d3da)), closes [#17](https://github.com/angular-translate/angular-translate/issues/17) +* **bower.json:** rename component.json to bower.json ([17acd10](https://github.com/angular-translate/angular-translate/commit/17acd10)) + + + + +# [0.5.0](https://github.com/angular-translate/angular-translate/compare/0.4.4...0.5.0) (2013-04-25) + + +### Features + +* **conventional-changelogs:** Add grunt-conventional-changelog task ([c8093a7](https://github.com/angular-translate/angular-translate/commit/c8093a7)), closes [#11](https://github.com/angular-translate/angular-translate/issues/11) + + + + +## [0.4.4](https://github.com/angular-translate/angular-translate/compare/0.4.2...0.4.4) (2013-04-23) + + + + + +## [0.4.2](https://github.com/angular-translate/angular-translate/compare/0.4.0...0.4.2) (2013-04-17) + + + + + +# [0.4.0](https://github.com/angular-translate/angular-translate/compare/0.3.0...0.4.0) (2013-04-07) + + + + + +# [0.3.0](https://github.com/angular-translate/angular-translate/compare/0.2.1...0.3.0) (2013-04-06) + + + + + +## [0.2.1](https://github.com/angular-translate/angular-translate/compare/0.2.0...0.2.1) (2013-04-05) + + + + + +# [0.2.0](https://github.com/angular-translate/angular-translate/compare/0.1.2...0.2.0) (2013-04-03) + + + + + +## [0.1.2](https://github.com/angular-translate/angular-translate/compare/0.1.1...0.1.2) (2013-04-02) + + + + + +## [0.1.1](https://github.com/angular-translate/angular-translate/compare/0.1.0...0.1.1) (2013-04-01) + + + + + +# [0.1.0](https://github.com/angular-translate/angular-translate/compare/0.0.5...0.1.0) (2013-04-01) + + + + + +## [0.0.5](https://github.com/angular-translate/angular-translate/compare/0.0.4...0.0.5) (2013-04-01) + + + + + +## [0.0.4](https://github.com/angular-translate/angular-translate/compare/0.0.2...0.0.4) (2013-04-01) + + + + + +## [0.0.2](https://github.com/angular-translate/angular-translate/compare/0.0.1...0.0.2) (2013-03-30) + + + + + +## 0.0.1 (2013-03-28) + + + + diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/LICENSE b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/LICENSE new file mode 100644 index 00000000000..d4d931c2954 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2013-2017 The angular-translate team and Pascal Precht + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/README.md b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/README.md new file mode 100644 index 00000000000..04fa04ad704 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/README.md @@ -0,0 +1,88 @@ +# [![angular-translate](https://raw.github.com/angular-translate/angular-translate/canary/identity/logo/angular-translate-alternative/angular-translate_alternative_medium2.png)](http://angular-translate.github.io) + +![Bower](https://img.shields.io/bower/v/angular-translate.svg) [![NPM](https://img.shields.io/npm/v/angular-translate.svg)](https://www.npmjs.com/package/angular-translate) [![cdnjs](https://img.shields.io/cdnjs/v/angular-translate.svg)](https://cdnjs.com/libraries/angular-translate) [![Build Status](https://img.shields.io/travis/angular-translate/angular-translate.svg)](https://travis-ci.org/angular-translate/angular-translate) ![License](https://img.shields.io/npm/l/angular-translate.svg) ![Code Climate](https://img.shields.io/codeclimate/github/angular-translate/angular-translate.svg) ![Code Coverage](https://img.shields.io/codeclimate/coverage/github/angular-translate/angular-translate.svg) + +This is the repository for angular-translate. + +angular-translate is a JavaScript translation library for AngularJS 1.x app. + +For more information about the angular-translate project, please visit our [website](https://angular-translate.github.io). + +## Status +| Branch | Status | +| ------------- |:-------------:| +| master | [![Build Status](https://travis-ci.org/angular-translate/angular-translate.svg?branch=master)](https://travis-ci.org/angular-translate/angular-translate) | +| canary |[![Build Status](https://travis-ci.org/angular-translate/angular-translate.svg?branch=canary)](https://travis-ci.org/angular-translate/angular-translate) | + +## Install +We strongly *recommend* using a package manager like NPM and Bower, or even variants like Yarn or jspm. + +### NPM +``` +npm install --save-dev angular-translate +``` + +### Bower +``` +bower install --save-dev angular-translate +``` + +For more information please visit [chapter "Installation" at our website](https://angular-translate.github.io/docs/#/guide/00_installation). + +## Get started +Check out out [chapter "Getting started" at out website](https://angular-translate.github.io/docs/#/guide/02_getting-started). + +## Get support +Most of the time, we are getting support questions of invalid configurations. We encourage everyone to have a look at our [documentation website](https://angular-translate.github.io/docs/#/guide). If you think the documentation is not correct (bug) or should be optimized (enhancement) please file an issue. + +If you are still having difficulty after looking over your configuration carefully, please post a question to [StackOverflow with a specific tag](http://stackoverflow.com/questions/tagged/angular-translate). Especially if the question are related to AngularJS or even JavaScript/browser basic technologies (maybe your issue is not related to angular-translate after all). + +If you have discovered a bug or have a feature suggestion, feel free to create an issue on GitHub. Please follow the guideline within the issue template. See also next headline. + +*Please note: We cannot provide support for neither JavaScript nor AngularJS itself. In both cases, a platform like StackOverflow is much more ideal.* + +# Contribute +We got a lot of great feedback from the community so far! More and more people +use this module and they are always thankful for it and the awesome support they +get. I just want to make sure that you guys know: All this wouldn't have been +possible without these [great contributors](https://github.com/angular-translate/angular-translate/contributors) +and everybody who comes with new ideas and feature requests! So **THANK YOU**! + +Contributing to angular-translate is fairly easy. + +[This document](CONTRIBUTING.md) shows you how to +get the project, run all provided tests and generate a production ready build. + + +## Public talks +[![Dutch AngularJS Meetup 2013](presentation.png)](https://www.youtube.com/watch?v=9CWifOK_Wi8) +[![Kod.io 2014](presentation2.png)](https://www.youtube.com/watch?v=C7xqaExvaQ4) + +### Links +* Website [angular-translate.github.io](https://angular-translate.github.io/) +* API Reference [angular-translate.github.io/docs/#/api](https://angular-translate.github.io/docs/#/api) +* [Contribution Guidelines](https://github.com/angular-translate/angular-translate/blob/master/CONTRIBUTING.md) + +### Useful resources +There are some very useful things on the web that might be interesting for you, +so make sure to check this list. + +- [Tutorial on ng-newsletter.com](http://ng-newsletter.com/posts/angular-translate.html) +- [Examples and demos](https://github.com/angular-translate/angular-translate/wiki/Demos) - Currently on plnkr.co +- [Tutorial on angularjs.de](http://angularjs.de/artikel/angularjs-i18n-ng-translate) - German article +- [angular-translate on GitHub](https://github.com/angular-translate/angular-translate) - The GitHub repository +- [angular-translate on ngmodules.org](http://ngmodules.org/modules/angular-translate) +- [angular-translate mailinglist](https://groups.google.com/forum/#!forum/angular-translate) - Discuss, ask et al! +- [angular-translate-quality](https://www.npmjs.com/package/angular-translate-quality) - Quality check at build time + +## Tests + +### Unit tests + +Note: Check that dependencies are be installed (`npm install`). + +The *unit tests* are available with `npm test` which is actually a shortcut for `grunt test`. It performs tests under the current primary target version of AngularJS. Use `npm run-script test-scopes` for testing other scoped versions as well. + +## License + +Licensed under MIT. diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-handler-log/angular-translate-handler-log.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-handler-log/angular-translate-handler-log.js new file mode 100644 index 00000000000..e06d9d98629 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-handler-log/angular-translate-handler-log.js @@ -0,0 +1,50 @@ +/*! + * angular-translate - v2.15.1 - 2017-03-04 + * + * Copyright (c) 2017 The angular-translate team, Pascal Precht; Licensed MIT + */ +(function (root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module unless amdModuleId is set + define([], function () { + return (factory()); + }); + } else if (typeof exports === 'object') { + // Node. Does not work with strict CommonJS, but + // only CommonJS-like environments that support module.exports, + // like Node. + module.exports = factory(); + } else { + factory(); + } +}(this, function () { + +$translateMissingTranslationHandlerLog.$inject = ['$log']; +angular.module('pascalprecht.translate') + +/** + * @ngdoc object + * @name pascalprecht.translate.$translateMissingTranslationHandlerLog + * @requires $log + * + * @description + * Uses angular's `$log` service to give a warning when trying to translate a + * translation id which doesn't exist. + * + * @returns {function} Handler function + */ +.factory('$translateMissingTranslationHandlerLog', $translateMissingTranslationHandlerLog); + +function $translateMissingTranslationHandlerLog ($log) { + + 'use strict'; + + return function (translationId) { + $log.warn('Translation for ' + translationId + ' doesn\'t exist'); + }; +} + +$translateMissingTranslationHandlerLog.displayName = '$translateMissingTranslationHandlerLog'; +return 'pascalprecht.translate'; + +})); diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-handler-log/angular-translate-handler-log.min.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-handler-log/angular-translate-handler-log.min.js new file mode 100644 index 00000000000..39cfdea978b --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-handler-log/angular-translate-handler-log.min.js @@ -0,0 +1,6 @@ +/*! + * angular-translate - v2.15.1 - 2017-03-04 + * + * Copyright (c) 2017 The angular-translate team, Pascal Precht; Licensed MIT + */ +!function(a,b){"function"==typeof define&&define.amd?define([],function(){return b()}):"object"==typeof exports?module.exports=b():b()}(this,function(){function a(a){"use strict";return function(b){a.warn("Translation for "+b+" doesn't exist")}}return a.$inject=["$log"],angular.module("pascalprecht.translate").factory("$translateMissingTranslationHandlerLog",a),a.displayName="$translateMissingTranslationHandlerLog","pascalprecht.translate"}); \ No newline at end of file diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-interpolation-messageformat/angular-translate-interpolation-messageformat.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-interpolation-messageformat/angular-translate-interpolation-messageformat.js new file mode 100644 index 00000000000..e7bad11852d --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-interpolation-messageformat/angular-translate-interpolation-messageformat.js @@ -0,0 +1,197 @@ +/*! + * angular-translate - v2.15.1 - 2017-03-04 + * + * Copyright (c) 2017 The angular-translate team, Pascal Precht; Licensed MIT + */ +(function (root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module unless amdModuleId is set + define(["messageformat"], function (a0) { + return (factory(a0)); + }); + } else if (typeof exports === 'object') { + // Node. Does not work with strict CommonJS, but + // only CommonJS-like environments that support module.exports, + // like Node. + module.exports = factory(require("messageformat")); + } else { + factory(root["MessageFormat"]); + } +}(this, function (MessageFormat) { + +angular.module('pascalprecht.translate') + +/** + * @ngdoc property + * @name pascalprecht.translate.TRANSLATE_MF_INTERPOLATION_CACHE + * @requires TRANSLATE_MF_INTERPOLATION_CACHE + * + * @description + * Uses MessageFormat.js to interpolate strings against some values. + */ +.constant('TRANSLATE_MF_INTERPOLATION_CACHE', '$translateMessageFormatInterpolation') + +/** + * @ngdoc object + * @name pascalprecht.translate.$translateMessageFormatInterpolationProvider + * + * @description + * Configurations for $translateMessageFormatInterpolation + */ +.provider('$translateMessageFormatInterpolation', $translateMessageFormatInterpolationProvider); + +function $translateMessageFormatInterpolationProvider() { + + 'use strict'; + + var configurer; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateMessageFormatInterpolationProvider#messageFormatConfigurer + * @methodOf pascalprecht.translate.$translateMessageFormatInterpolationProvider + * + * @description + * Defines an optional configurer for the MessageFormat instance. + * + * Note: This hook will be called whenever a new instance of MessageFormat will be created. + * + * @param {function} fn callback with the instance as argument + */ + this.messageFormatConfigurer = function (fn) { + configurer = fn; + }; + + /** + * @ngdoc object + * @name pascalprecht.translate.$translateMessageFormatInterpolation + * @requires pascalprecht.translate.TRANSLATE_MF_INTERPOLATION_CACHE + * + * @description + * Uses MessageFormat.js to interpolate strings against some values. + * + * Be aware to configure a proper sanitization strategy. + * + * See also: + * * {@link pascalprecht.translate.$translateSanitization} + * * {@link https://github.com/SlexAxton/messageformat.js} + * + * @return {object} $translateMessageFormatInterpolation Interpolator service + */ + this.$get = ['$translateSanitization', '$cacheFactory', 'TRANSLATE_MF_INTERPOLATION_CACHE', function ($translateSanitization, $cacheFactory, TRANSLATE_MF_INTERPOLATION_CACHE) { + return $translateMessageFormatInterpolation($translateSanitization, $cacheFactory, TRANSLATE_MF_INTERPOLATION_CACHE, configurer); + }]; + +} + +function $translateMessageFormatInterpolation($translateSanitization, $cacheFactory, TRANSLATE_MF_INTERPOLATION_CACHE, messageFormatConfigurer) { + + 'use strict'; + + var $translateInterpolator = {}, + $cache = $cacheFactory.get(TRANSLATE_MF_INTERPOLATION_CACHE), + // instantiate with default locale (which is 'en') + $mf = new MessageFormat('en'), + $identifier = 'messageformat'; + + if (angular.isFunction(messageFormatConfigurer)) { + messageFormatConfigurer($mf); + } + + if (!$cache) { + // create cache if it doesn't exist already + $cache = $cacheFactory(TRANSLATE_MF_INTERPOLATION_CACHE); + } + + $cache.put('en', $mf); + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateMessageFormatInterpolation#setLocale + * @methodOf pascalprecht.translate.$translateMessageFormatInterpolation + * + * @description + * Sets current locale (this is currently not use in this interpolation). + * + * @param {string} locale Language key or locale. + */ + $translateInterpolator.setLocale = function (locale) { + $mf = $cache.get(locale); + if (!$mf) { + $mf = new MessageFormat(locale); + if (angular.isFunction(messageFormatConfigurer)) { + messageFormatConfigurer($mf); + } + $cache.put(locale, $mf); + } + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateMessageFormatInterpolation#getInterpolationIdentifier + * @methodOf pascalprecht.translate.$translateMessageFormatInterpolation + * + * @description + * Returns an identifier for this interpolation service. + * + * @returns {string} $identifier + */ + $translateInterpolator.getInterpolationIdentifier = function () { + return $identifier; + }; + + /** + * @deprecated will be removed in 3.0 + * @see {@link pascalprecht.translate.$translateSanitization} + */ + $translateInterpolator.useSanitizeValueStrategy = function (value) { + $translateSanitization.useStrategy(value); + return this; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateMessageFormatInterpolation#interpolate + * @methodOf pascalprecht.translate.$translateMessageFormatInterpolation + * + * @description + * Interpolates given string against given interpolate params using MessageFormat.js. + * + * @returns {string} interpolated string. + */ + $translateInterpolator.interpolate = function (string, interpolationParams, context, sanitizeStrategy) { + interpolationParams = interpolationParams || {}; + interpolationParams = $translateSanitization.sanitize(interpolationParams, 'params', sanitizeStrategy); + + var compiledFunction = $cache.get('mf:' + string); + + // if given string wasn't compiled yet, we do so now and never have to do it again + if (!compiledFunction) { + + // Ensure explicit type if possible + // MessageFormat checks the actual type (i.e. for amount based conditions) + for (var key in interpolationParams) { + if (interpolationParams.hasOwnProperty(key)) { + // ensure number + var number = parseInt(interpolationParams[key], 10); + if (angular.isNumber(number) && ('' + number) === interpolationParams[key]) { + interpolationParams[key] = number; + } + } + } + + compiledFunction = $mf.compile(string); + $cache.put('mf:' + string, compiledFunction); + } + + var interpolatedText = compiledFunction(interpolationParams); + return $translateSanitization.sanitize(interpolatedText, 'text', sanitizeStrategy); + }; + + return $translateInterpolator; +} + +$translateMessageFormatInterpolation.displayName = '$translateMessageFormatInterpolation'; +return 'pascalprecht.translate'; + +})); diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-interpolation-messageformat/angular-translate-interpolation-messageformat.min.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-interpolation-messageformat/angular-translate-interpolation-messageformat.min.js new file mode 100644 index 00000000000..a0147a6f25a --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-interpolation-messageformat/angular-translate-interpolation-messageformat.min.js @@ -0,0 +1,6 @@ +/*! + * angular-translate - v2.15.1 - 2017-03-04 + * + * Copyright (c) 2017 The angular-translate team, Pascal Precht; Licensed MIT + */ +!function(a,b){"function"==typeof define&&define.amd?define(["messageformat"],function(a){return b(a)}):"object"==typeof exports?module.exports=b(require("messageformat")):b(a.MessageFormat)}(this,function(a){function b(){"use strict";var a;this.messageFormatConfigurer=function(b){a=b},this.$get=["$translateSanitization","$cacheFactory","TRANSLATE_MF_INTERPOLATION_CACHE",function(b,d,e){return c(b,d,e,a)}]}function c(b,c,d,e){"use strict";var f={},g=c.get(d),h=new a("en"),i="messageformat";return angular.isFunction(e)&&e(h),g||(g=c(d)),g.put("en",h),f.setLocale=function(b){h=g.get(b),h||(h=new a(b),angular.isFunction(e)&&e(h),g.put(b,h))},f.getInterpolationIdentifier=function(){return i},f.useSanitizeValueStrategy=function(a){return b.useStrategy(a),this},f.interpolate=function(a,c,d,e){c=c||{},c=b.sanitize(c,"params",e);var f=g.get("mf:"+a);if(!f){for(var i in c)if(c.hasOwnProperty(i)){var j=parseInt(c[i],10);angular.isNumber(j)&&""+j===c[i]&&(c[i]=j)}f=h.compile(a),g.put("mf:"+a,f)}var k=f(c);return b.sanitize(k,"text",e)},f}return angular.module("pascalprecht.translate").constant("TRANSLATE_MF_INTERPOLATION_CACHE","$translateMessageFormatInterpolation").provider("$translateMessageFormatInterpolation",b),c.displayName="$translateMessageFormatInterpolation","pascalprecht.translate"}); \ No newline at end of file diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-loader-partial/angular-translate-loader-partial.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-loader-partial/angular-translate-loader-partial.js new file mode 100644 index 00000000000..3410f694901 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-loader-partial/angular-translate-loader-partial.js @@ -0,0 +1,557 @@ +/*! + * angular-translate - v2.15.1 - 2017-03-04 + * + * Copyright (c) 2017 The angular-translate team, Pascal Precht; Licensed MIT + */ +(function (root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module unless amdModuleId is set + define([], function () { + return (factory()); + }); + } else if (typeof exports === 'object') { + // Node. Does not work with strict CommonJS, but + // only CommonJS-like environments that support module.exports, + // like Node. + module.exports = factory(); + } else { + factory(); + } +}(this, function () { + +angular.module('pascalprecht.translate') +/** + * @ngdoc object + * @name pascalprecht.translate.$translatePartialLoaderProvider + * + * @description + * By using a $translatePartialLoaderProvider you can configure a list of a needed + * translation parts directly during the configuration phase of your application's + * lifetime. All parts you add by using this provider would be loaded by + * angular-translate at the startup as soon as possible. + */ + .provider('$translatePartialLoader', $translatePartialLoader); + +function $translatePartialLoader() { + + 'use strict'; + + /** + * @constructor + * @name Part + * + * @description + * Represents Part object to add and set parts at runtime. + */ + function Part(name, priority) { + this.name = name; + this.isActive = true; + this.tables = {}; + this.priority = priority || 0; + this.langPromises = {}; + } + + /** + * @name parseUrl + * @method + * + * @description + * Returns a parsed url template string and replaces given target lang + * and part name it. + * + * @param {string|function} urlTemplate - Either a string containing an url pattern (with + * '{part}' and '{lang}') or a function(part, lang) + * returning a string. + * @param {string} targetLang - Language key for language to be used. + * @return {string} Parsed url template string + */ + Part.prototype.parseUrl = function (urlTemplate, targetLang) { + if (angular.isFunction(urlTemplate)) { + return urlTemplate(this.name, targetLang); + } + return urlTemplate.replace(/\{part\}/g, this.name).replace(/\{lang\}/g, targetLang); + }; + + Part.prototype.getTable = function (lang, $q, $http, $httpOptions, urlTemplate, errorHandler) { + + //locals + var self = this; + var lastLangPromise = this.langPromises[lang]; + var deferred = $q.defer(); + + //private helper helpers + var fetchData = function () { + return $http( + angular.extend({ + method : 'GET', + url : self.parseUrl(urlTemplate, lang) + }, + $httpOptions) + ); + }; + + //private helper + var handleNewData = function (data) { + self.tables[lang] = data; + deferred.resolve(data); + }; + + //private helper + var rejectDeferredWithPartName = function () { + deferred.reject(self.name); + }; + + //private helper + var tryGettingThisTable = function () { + //data fetching logic + fetchData().then( + function (result) { + handleNewData(result.data); + }, + function (errorResponse) { + if (errorHandler) { + errorHandler(self.name, lang, errorResponse).then(handleNewData, rejectDeferredWithPartName); + } else { + rejectDeferredWithPartName(); + } + }); + }; + + //loading logic + if (!this.tables[lang]) { + //let's try loading the data + if (!lastLangPromise) { + //this is the first request - just go ahead and hit the server + tryGettingThisTable(); + } else { + //this is an additional request after one or more unfinished or failed requests + //chain the deferred off the previous request's promise so that this request conditionally executes + //if the previous request succeeds then the result will be passed through, but if it fails then this request will try again and hit the server + lastLangPromise.then(deferred.resolve, tryGettingThisTable); + } + //retain a reference to the last promise so we can continue the chain if another request is made before any succeed + //you can picture the promise chain as a singly-linked list (formed by the .then handler queues) that's traversed by the execution context + this.langPromises[lang] = deferred.promise; + } + else { + //the part has already been loaded - if lastLangPromise is also undefined then the table has been populated using setPart + //this breaks the promise chain because we're not tying langDeferred's outcome to a previous call's promise handler queues, but we don't care because there's no asynchronous execution context to keep track of anymore + deferred.resolve(this.tables[lang]); + } + return deferred.promise; + }; + + var parts = {}; + + function hasPart(name) { + return Object.prototype.hasOwnProperty.call(parts, name); + } + + function isStringValid(str) { + return angular.isString(str) && str !== ''; + } + + function isPartAvailable(name) { + if (!isStringValid(name)) { + throw new TypeError('Invalid type of a first argument, a non-empty string expected.'); + } + + return (hasPart(name) && parts[name].isActive); + } + + function deepExtend(dst, src) { + for (var property in src) { + if (src[property] && src[property].constructor && + src[property].constructor === Object) { + dst[property] = dst[property] || {}; + deepExtend(dst[property], src[property]); + } else { + dst[property] = src[property]; + } + } + return dst; + } + + function getPrioritizedParts() { + var prioritizedParts = []; + for (var part in parts) { + if (parts[part].isActive) { + prioritizedParts.push(parts[part]); + } + } + prioritizedParts.sort(function (a, b) { + return a.priority - b.priority; + }); + return prioritizedParts; + } + + + /** + * @ngdoc function + * @name pascalprecht.translate.$translatePartialLoaderProvider#addPart + * @methodOf pascalprecht.translate.$translatePartialLoaderProvider + * + * @description + * Registers a new part of the translation table to be loaded once the + * `angular-translate` gets into runtime phase. It does not actually load any + * translation data, but only registers a part to be loaded in the future. + * + * @param {string} name A name of the part to add + * @param {int} [priority=0] Sets the load priority of this part. + * + * @returns {object} $translatePartialLoaderProvider, so this method is chainable + * @throws {TypeError} The method could throw a **TypeError** if you pass the param + * of the wrong type. Please, note that the `name` param has to be a + * non-empty **string**. + */ + this.addPart = function (name, priority) { + if (!isStringValid(name)) { + throw new TypeError('Couldn\'t add part, part name has to be a string!'); + } + + if (!hasPart(name)) { + parts[name] = new Part(name, priority); + } + parts[name].isActive = true; + + return this; + }; + + /** + * @ngdocs function + * @name pascalprecht.translate.$translatePartialLoaderProvider#setPart + * @methodOf pascalprecht.translate.$translatePartialLoaderProvider + * + * @description + * Sets a translation table to the specified part. This method does not make the + * specified part available, but only avoids loading this part from the server. + * + * @param {string} lang A language of the given translation table + * @param {string} part A name of the target part + * @param {object} table A translation table to set to the specified part + * + * @return {object} $translatePartialLoaderProvider, so this method is chainable + * @throws {TypeError} The method could throw a **TypeError** if you pass params + * of the wrong type. Please, note that the `lang` and `part` params have to be a + * non-empty **string**s and the `table` param has to be an object. + */ + this.setPart = function (lang, part, table) { + if (!isStringValid(lang)) { + throw new TypeError('Couldn\'t set part.`lang` parameter has to be a string!'); + } + if (!isStringValid(part)) { + throw new TypeError('Couldn\'t set part.`part` parameter has to be a string!'); + } + if (typeof table !== 'object' || table === null) { + throw new TypeError('Couldn\'t set part. `table` parameter has to be an object!'); + } + + if (!hasPart(part)) { + parts[part] = new Part(part); + parts[part].isActive = false; + } + + parts[part].tables[lang] = table; + return this; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translatePartialLoaderProvider#deletePart + * @methodOf pascalprecht.translate.$translatePartialLoaderProvider + * + * @description + * Removes the previously added part of the translation data. So, `angular-translate` will not + * load it at the startup. + * + * @param {string} name A name of the part to delete + * + * @returns {object} $translatePartialLoaderProvider, so this method is chainable + * + * @throws {TypeError} The method could throw a **TypeError** if you pass the param of the wrong + * type. Please, note that the `name` param has to be a non-empty **string**. + */ + this.deletePart = function (name) { + if (!isStringValid(name)) { + throw new TypeError('Couldn\'t delete part, first arg has to be string.'); + } + + if (hasPart(name)) { + parts[name].isActive = false; + } + + return this; + }; + + + /** + * @ngdoc function + * @name pascalprecht.translate.$translatePartialLoaderProvider#isPartAvailable + * @methodOf pascalprecht.translate.$translatePartialLoaderProvider + * + * @description + * Checks if the specific part is available. A part becomes available after it was added by the + * `addPart` method. Available parts would be loaded from the server once the `angular-translate` + * asks the loader to that. + * + * @param {string} name A name of the part to check + * + * @returns {boolean} Returns **true** if the part is available now and **false** if not. + * + * @throws {TypeError} The method could throw a **TypeError** if you pass the param of the wrong + * type. Please, note that the `name` param has to be a non-empty **string**. + */ + this.isPartAvailable = isPartAvailable; + + /** + * @ngdoc object + * @name pascalprecht.translate.$translatePartialLoader + * + * @requires $q + * @requires $http + * @requires $injector + * @requires $rootScope + * @requires $translate + * + * @description + * + * @param {object} options Options object + * + * @throws {TypeError} + */ + this.$get = ['$rootScope', '$injector', '$q', '$http', + function ($rootScope, $injector, $q, $http) { + + /** + * @ngdoc event + * @name pascalprecht.translate.$translatePartialLoader#$translatePartialLoaderStructureChanged + * @eventOf pascalprecht.translate.$translatePartialLoader + * @eventType broadcast on root scope + * + * @description + * A $translatePartialLoaderStructureChanged event is called when a state of the loader was + * changed somehow. It could mean either some part is added or some part is deleted. Anyway when + * you get this event the translation table is not longer current and has to be updated. + * + * @param {string} name A name of the part which is a reason why the event was fired + */ + + var service = function (options) { + if (!isStringValid(options.key)) { + throw new TypeError('Unable to load data, a key is not a non-empty string.'); + } + + if (!isStringValid(options.urlTemplate) && !angular.isFunction(options.urlTemplate)) { + throw new TypeError('Unable to load data, a urlTemplate is not a non-empty string or not a function.'); + } + + var errorHandler = options.loadFailureHandler; + if (errorHandler !== undefined) { + if (!angular.isString(errorHandler)) { + throw new Error('Unable to load data, a loadFailureHandler is not a string.'); + } else { + errorHandler = $injector.get(errorHandler); + } + } + + var loaders = [], + prioritizedParts = getPrioritizedParts(); + + angular.forEach(prioritizedParts, function (part) { + loaders.push( + part.getTable(options.key, $q, $http, options.$http, options.urlTemplate, errorHandler) + ); + part.urlTemplate = options.urlTemplate; + }); + + return $q.all(loaders) + .then(function () { + var table = {}; + prioritizedParts = getPrioritizedParts(); + angular.forEach(prioritizedParts, function (part) { + deepExtend(table, part.tables[options.key]); + }); + return table; + }, function () { + return $q.reject(options.key); + }); + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translatePartialLoader#addPart + * @methodOf pascalprecht.translate.$translatePartialLoader + * + * @description + * Registers a new part of the translation table. This method does not actually perform any xhr + * requests to get translation data. The new parts will be loaded in order of priority from the server next time + * `angular-translate` asks the loader to load translations. + * + * @param {string} name A name of the part to add + * @param {int} [priority=0] Sets the load priority of this part. + * + * @returns {object} $translatePartialLoader, so this method is chainable + * + * @fires {$translatePartialLoaderStructureChanged} The $translatePartialLoaderStructureChanged + * event would be fired by this method in case the new part affected somehow on the loaders + * state. This way it means that there are a new translation data available to be loaded from + * the server. + * + * @throws {TypeError} The method could throw a **TypeError** if you pass the param of the wrong + * type. Please, note that the `name` param has to be a non-empty **string**. + */ + service.addPart = function (name, priority) { + if (!isStringValid(name)) { + throw new TypeError('Couldn\'t add part, first arg has to be a string'); + } + + if (!hasPart(name)) { + parts[name] = new Part(name, priority); + $rootScope.$emit('$translatePartialLoaderStructureChanged', name); + } else if (!parts[name].isActive) { + parts[name].isActive = true; + $rootScope.$emit('$translatePartialLoaderStructureChanged', name); + } + + return service; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translatePartialLoader#deletePart + * @methodOf pascalprecht.translate.$translatePartialLoader + * + * @description + * Deletes the previously added part of the translation data. The target part could be deleted + * either logically or physically. When the data is deleted logically it is not actually deleted + * from the browser, but the loader marks it as not active and prevents it from affecting on the + * translations. If the deleted in such way part is added again, the loader will use the + * previously loaded data rather than loading it from the server once more time. But if the data + * is deleted physically, the loader will completely remove all information about it. So in case + * of recycling this part will be loaded from the server again. + * + * @param {string} name A name of the part to delete + * @param {boolean=} [removeData=false] An indicator if the loader has to remove a loaded + * translation data physically. If the `removeData` if set to **false** the loaded data will not be + * deleted physically and might be reused in the future to prevent an additional xhr requests. + * + * @returns {object} $translatePartialLoader, so this method is chainable + * + * @fires {$translatePartialLoaderStructureChanged} The $translatePartialLoaderStructureChanged + * event would be fired by this method in case a part deletion process affects somehow on the + * loaders state. This way it means that some part of the translation data is now deprecated and + * the translation table has to be recompiled with the remaining translation parts. + * + * @throws {TypeError} The method could throw a **TypeError** if you pass some param of the + * wrong type. Please, note that the `name` param has to be a non-empty **string** and + * the `removeData` param has to be either **undefined** or **boolean**. + */ + service.deletePart = function (name, removeData) { + if (!isStringValid(name)) { + throw new TypeError('Couldn\'t delete part, first arg has to be string'); + } + + if (removeData === undefined) { + removeData = false; + } else if (typeof removeData !== 'boolean') { + throw new TypeError('Invalid type of a second argument, a boolean expected.'); + } + + if (hasPart(name)) { + var wasActive = parts[name].isActive; + if (removeData) { + var $translate = $injector.get('$translate'); + var cache = $translate.loaderCache(); + if (typeof(cache) === 'string') { + // getting on-demand instance of loader + cache = $injector.get(cache); + } + // Purging items from cache... + if (typeof(cache) === 'object') { + angular.forEach(parts[name].tables, function (value, key) { + cache.remove(parts[name].parseUrl(parts[name].urlTemplate, key)); + }); + } + delete parts[name]; + } else { + parts[name].isActive = false; + } + if (wasActive) { + $rootScope.$emit('$translatePartialLoaderStructureChanged', name); + } + } + + return service; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translatePartialLoader#isPartLoaded + * @methodOf pascalprecht.translate.$translatePartialLoader + * + * @description + * Checks if the registered translation part is loaded into the translation table. + * + * @param {string} name A name of the part + * @param {string} lang A key of the language + * + * @returns {boolean} Returns **true** if the translation of the part is loaded to the translation table and **false** if not. + * + * @throws {TypeError} The method could throw a **TypeError** if you pass the param of the wrong + * type. Please, note that the `name` and `lang` params have to be non-empty **string**. + */ + service.isPartLoaded = function (name, lang) { + return angular.isDefined(parts[name]) && angular.isDefined(parts[name].tables[lang]); + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translatePartialLoader#getRegisteredParts + * @methodOf pascalprecht.translate.$translatePartialLoader + * + * @description + * Gets names of the parts that were added with the `addPart`. + * + * @returns {array} Returns array of registered parts, if none were registered then an empty array is returned. + */ + service.getRegisteredParts = function () { + var registeredParts = []; + angular.forEach(parts, function (p) { + if (p.isActive) { + registeredParts.push(p.name); + } + }); + return registeredParts; + }; + + + /** + * @ngdoc function + * @name pascalprecht.translate.$translatePartialLoader#isPartAvailable + * @methodOf pascalprecht.translate.$translatePartialLoader + * + * @description + * Checks if a target translation part is available. The part becomes available just after it was + * added by the `addPart` method. Part's availability does not mean that it was loaded from the + * server, but only that it was added to the loader. The available part might be loaded next + * time the loader is called. + * + * @param {string} name A name of the part to delete + * + * @returns {boolean} Returns **true** if the part is available now and **false** if not. + * + * @throws {TypeError} The method could throw a **TypeError** if you pass the param of the wrong + * type. Please, note that the `name` param has to be a non-empty **string**. + */ + service.isPartAvailable = isPartAvailable; + + return service; + + }]; + +} + +$translatePartialLoader.displayName = '$translatePartialLoader'; +return 'pascalprecht.translate'; + +})); diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-loader-partial/angular-translate-loader-partial.min.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-loader-partial/angular-translate-loader-partial.min.js new file mode 100644 index 00000000000..a7bfd99aed1 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-loader-partial/angular-translate-loader-partial.min.js @@ -0,0 +1,6 @@ +/*! + * angular-translate - v2.15.1 - 2017-03-04 + * + * Copyright (c) 2017 The angular-translate team, Pascal Precht; Licensed MIT + */ +!function(a,b){"function"==typeof define&&define.amd?define([],function(){return b()}):"object"==typeof exports?module.exports=b():b()}(this,function(){function a(){"use strict";function a(a,b){this.name=a,this.isActive=!0,this.tables={},this.priority=b||0,this.langPromises={}}function b(a){return Object.prototype.hasOwnProperty.call(g,a)}function c(a){return angular.isString(a)&&""!==a}function d(a){if(!c(a))throw new TypeError("Invalid type of a first argument, a non-empty string expected.");return b(a)&&g[a].isActive}function e(a,b){for(var c in b)b[c]&&b[c].constructor&&b[c].constructor===Object?(a[c]=a[c]||{},e(a[c],b[c])):a[c]=b[c];return a}function f(){var a=[];for(var b in g)g[b].isActive&&a.push(g[b]);return a.sort(function(a,b){return a.priority-b.priority}),a}a.prototype.parseUrl=function(a,b){return angular.isFunction(a)?a(this.name,b):a.replace(/\{part\}/g,this.name).replace(/\{lang\}/g,b)},a.prototype.getTable=function(a,b,c,d,e,f){var g=this,h=this.langPromises[a],i=b.defer(),j=function(){return c(angular.extend({method:"GET",url:g.parseUrl(e,a)},d))},k=function(b){g.tables[a]=b,i.resolve(b)},l=function(){i.reject(g.name)},m=function(){j().then(function(a){k(a.data)},function(b){f?f(g.name,a,b).then(k,l):l()})};return this.tables[a]?i.resolve(this.tables[a]):(h?h.then(i.resolve,m):m(),this.langPromises[a]=i.promise),i.promise};var g={};this.addPart=function(d,e){if(!c(d))throw new TypeError("Couldn't add part, part name has to be a string!");return b(d)||(g[d]=new a(d,e)),g[d].isActive=!0,this},this.setPart=function(d,e,f){if(!c(d))throw new TypeError("Couldn't set part.`lang` parameter has to be a string!");if(!c(e))throw new TypeError("Couldn't set part.`part` parameter has to be a string!");if("object"!=typeof f||null===f)throw new TypeError("Couldn't set part. `table` parameter has to be an object!");return b(e)||(g[e]=new a(e),g[e].isActive=!1),g[e].tables[d]=f,this},this.deletePart=function(a){if(!c(a))throw new TypeError("Couldn't delete part, first arg has to be string.");return b(a)&&(g[a].isActive=!1),this},this.isPartAvailable=d,this.$get=["$rootScope","$injector","$q","$http",function(h,i,j,k){var l=function(a){if(!c(a.key))throw new TypeError("Unable to load data, a key is not a non-empty string.");if(!c(a.urlTemplate)&&!angular.isFunction(a.urlTemplate))throw new TypeError("Unable to load data, a urlTemplate is not a non-empty string or not a function.");var b=a.loadFailureHandler;if(void 0!==b){if(!angular.isString(b))throw new Error("Unable to load data, a loadFailureHandler is not a string.");b=i.get(b)}var d=[],g=f();return angular.forEach(g,function(c){d.push(c.getTable(a.key,j,k,a.$http,a.urlTemplate,b)),c.urlTemplate=a.urlTemplate}),j.all(d).then(function(){var b={};return g=f(),angular.forEach(g,function(c){e(b,c.tables[a.key])}),b},function(){return j.reject(a.key)})};return l.addPart=function(d,e){if(!c(d))throw new TypeError("Couldn't add part, first arg has to be a string");return b(d)?g[d].isActive||(g[d].isActive=!0,h.$emit("$translatePartialLoaderStructureChanged",d)):(g[d]=new a(d,e),h.$emit("$translatePartialLoaderStructureChanged",d)),l},l.deletePart=function(a,d){if(!c(a))throw new TypeError("Couldn't delete part, first arg has to be string");if(void 0===d)d=!1;else if("boolean"!=typeof d)throw new TypeError("Invalid type of a second argument, a boolean expected.");if(b(a)){var e=g[a].isActive;if(d){var f=i.get("$translate"),j=f.loaderCache();"string"==typeof j&&(j=i.get(j)),"object"==typeof j&&angular.forEach(g[a].tables,function(b,c){j.remove(g[a].parseUrl(g[a].urlTemplate,c))}),delete g[a]}else g[a].isActive=!1;e&&h.$emit("$translatePartialLoaderStructureChanged",a)}return l},l.isPartLoaded=function(a,b){return angular.isDefined(g[a])&&angular.isDefined(g[a].tables[b])},l.getRegisteredParts=function(){var a=[];return angular.forEach(g,function(b){b.isActive&&a.push(b.name)}),a},l.isPartAvailable=d,l}]}return angular.module("pascalprecht.translate").provider("$translatePartialLoader",a),a.displayName="$translatePartialLoader","pascalprecht.translate"}); \ No newline at end of file diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-loader-static-files/angular-translate-loader-static-files.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-loader-static-files/angular-translate-loader-static-files.js new file mode 100644 index 00000000000..a68fbc7fbdb --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-loader-static-files/angular-translate-loader-static-files.js @@ -0,0 +1,112 @@ +/*! + * angular-translate - v2.15.1 - 2017-03-04 + * + * Copyright (c) 2017 The angular-translate team, Pascal Precht; Licensed MIT + */ +(function (root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module unless amdModuleId is set + define([], function () { + return (factory()); + }); + } else if (typeof exports === 'object') { + // Node. Does not work with strict CommonJS, but + // only CommonJS-like environments that support module.exports, + // like Node. + module.exports = factory(); + } else { + factory(); + } +}(this, function () { + +$translateStaticFilesLoader.$inject = ['$q', '$http']; +angular.module('pascalprecht.translate') +/** + * @ngdoc object + * @name pascalprecht.translate.$translateStaticFilesLoader + * @requires $q + * @requires $http + * + * @description + * Creates a loading function for a typical static file url pattern: + * "lang-en_US.json", "lang-de_DE.json", etc. Using this builder, + * the response of these urls must be an object of key-value pairs. + * + * @param {object} options Options object, which gets prefix, suffix, key, and fileMap + */ +.factory('$translateStaticFilesLoader', $translateStaticFilesLoader); + +function $translateStaticFilesLoader($q, $http) { + + 'use strict'; + + return function (options) { + + if (!options || (!angular.isArray(options.files) && (!angular.isString(options.prefix) || !angular.isString(options.suffix)))) { + throw new Error('Couldn\'t load static files, no files and prefix or suffix specified!'); + } + + if (!options.files) { + options.files = [{ + prefix: options.prefix, + suffix: options.suffix + }]; + } + + var load = function (file) { + if (!file || (!angular.isString(file.prefix) || !angular.isString(file.suffix))) { + throw new Error('Couldn\'t load static file, no prefix or suffix specified!'); + } + + var fileUrl = [ + file.prefix, + options.key, + file.suffix + ].join(''); + + if (angular.isObject(options.fileMap) && options.fileMap[fileUrl]) { + fileUrl = options.fileMap[fileUrl]; + } + + return $http(angular.extend({ + url: fileUrl, + method: 'GET' + }, options.$http)) + .then(function(result) { + return result.data; + }, function () { + return $q.reject(options.key); + }); + }; + + var promises = [], + length = options.files.length; + + for (var i = 0; i < length; i++) { + promises.push(load({ + prefix: options.files[i].prefix, + key: options.key, + suffix: options.files[i].suffix + })); + } + + return $q.all(promises) + .then(function (data) { + var length = data.length, + mergedData = {}; + + for (var i = 0; i < length; i++) { + for (var key in data[i]) { + mergedData[key] = data[i][key]; + } + } + + return mergedData; + }); + }; +} + +$translateStaticFilesLoader.displayName = '$translateStaticFilesLoader'; +return 'pascalprecht.translate'; + +})); diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js new file mode 100644 index 00000000000..8ba0b602aff --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js @@ -0,0 +1,6 @@ +/*! + * angular-translate - v2.15.1 - 2017-03-04 + * + * Copyright (c) 2017 The angular-translate team, Pascal Precht; Licensed MIT + */ +!function(a,b){"function"==typeof define&&define.amd?define([],function(){return b()}):"object"==typeof exports?module.exports=b():b()}(this,function(){function a(a,b){"use strict";return function(c){if(!(c&&(angular.isArray(c.files)||angular.isString(c.prefix)&&angular.isString(c.suffix))))throw new Error("Couldn't load static files, no files and prefix or suffix specified!");c.files||(c.files=[{prefix:c.prefix,suffix:c.suffix}]);for(var d=function(d){if(!d||!angular.isString(d.prefix)||!angular.isString(d.suffix))throw new Error("Couldn't load static file, no prefix or suffix specified!");var e=[d.prefix,c.key,d.suffix].join("");return angular.isObject(c.fileMap)&&c.fileMap[e]&&(e=c.fileMap[e]),b(angular.extend({url:e,method:"GET"},c.$http)).then(function(a){return a.data},function(){return a.reject(c.key)})},e=[],f=c.files.length,g=0;g= 4) { + var $cookies = $injector.get('$cookies'); + delegate = { + get : function (key) { + return $cookies.get(key); + }, + put : function (key, value) { + $cookies.put(key, value); + } + }; + } else { + var $cookieStore = $injector.get('$cookieStore'); + delegate = { + get : function (key) { + return $cookieStore.get(key); + }, + put : function (key, value) { + $cookieStore.put(key, value); + } + }; + } + + var $translateCookieStorage = { + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateCookieStorage#get + * @methodOf pascalprecht.translate.$translateCookieStorage + * + * @description + * Returns an item from cookieStorage by given name. + * + * @param {string} name Item name + * @return {string} Value of item name + */ + get : function (name) { + return delegate.get(name); + }, + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateCookieStorage#set + * @methodOf pascalprecht.translate.$translateCookieStorage + * + * @description + * Sets an item in cookieStorage by given name. + * + * @deprecated use #put + * + * @param {string} name Item name + * @param {string} value Item value + */ + set : function (name, value) { + delegate.put(name, value); + }, + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateCookieStorage#put + * @methodOf pascalprecht.translate.$translateCookieStorage + * + * @description + * Sets an item in cookieStorage by given name. + * + * @param {string} name Item name + * @param {string} value Item value + */ + put : function (name, value) { + delegate.put(name, value); + } + }; + + return $translateCookieStorage; +} + +$translateCookieStorageFactory.displayName = '$translateCookieStorage'; +return 'pascalprecht.translate'; + +})); diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-storage-cookie/angular-translate-storage-cookie.min.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-storage-cookie/angular-translate-storage-cookie.min.js new file mode 100644 index 00000000000..54467c58acf --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-storage-cookie/angular-translate-storage-cookie.min.js @@ -0,0 +1,6 @@ +/*! + * angular-translate - v2.15.1 - 2017-03-04 + * + * Copyright (c) 2017 The angular-translate team, Pascal Precht; Licensed MIT + */ +!function(a,b){"function"==typeof define&&define.amd?define([],function(){return b()}):"object"==typeof exports?module.exports=b():b()}(this,function(){function a(a){"use strict";var b;if(1===angular.version.major&&angular.version.minor>=4){var c=a.get("$cookies");b={get:function(a){return c.get(a)},put:function(a,b){c.put(a,b)}}}else{var d=a.get("$cookieStore");b={get:function(a){return d.get(a)},put:function(a,b){d.put(a,b)}}}var e={get:function(a){return b.get(a)},set:function(a,c){b.put(a,c)},put:function(a,c){b.put(a,c)}};return e}return a.$inject=["$injector"],angular.module("pascalprecht.translate").factory("$translateCookieStorage",a),a.displayName="$translateCookieStorage","pascalprecht.translate"}); \ No newline at end of file diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-storage-local/angular-translate-storage-local.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-storage-local/angular-translate-storage-local.js new file mode 100644 index 00000000000..e8998ed9c97 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-storage-local/angular-translate-storage-local.js @@ -0,0 +1,123 @@ +/*! + * angular-translate - v2.15.1 - 2017-03-04 + * + * Copyright (c) 2017 The angular-translate team, Pascal Precht; Licensed MIT + */ +(function (root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module unless amdModuleId is set + define([], function () { + return (factory()); + }); + } else if (typeof exports === 'object') { + // Node. Does not work with strict CommonJS, but + // only CommonJS-like environments that support module.exports, + // like Node. + module.exports = factory(); + } else { + factory(); + } +}(this, function () { + +$translateLocalStorageFactory.$inject = ['$window', '$translateCookieStorage']; +angular.module('pascalprecht.translate') + +/** + * @ngdoc object + * @name pascalprecht.translate.$translateLocalStorage + * @requires $window + * @requires $translateCookieStorage + * + * @description + * Abstraction layer for localStorage. This service is used when telling angular-translate + * to use localStorage as storage. + * + */ +.factory('$translateLocalStorage', $translateLocalStorageFactory); + +function $translateLocalStorageFactory($window, $translateCookieStorage) { + + 'use strict'; + + // Setup adapter + var localStorageAdapter = (function(){ + var langKey; + return { + /** + * @ngdoc function + * @name pascalprecht.translate.$translateLocalStorage#get + * @methodOf pascalprecht.translate.$translateLocalStorage + * + * @description + * Returns an item from localStorage by given name. + * + * @param {string} name Item name + * @return {string} Value of item name + */ + get: function (name) { + if(!langKey) { + langKey = $window.localStorage.getItem(name); + } + + return langKey; + }, + /** + * @ngdoc function + * @name pascalprecht.translate.$translateLocalStorage#set + * @methodOf pascalprecht.translate.$translateLocalStorage + * + * @description + * Sets an item in localStorage by given name. + * + * @deprecated use #put + * + * @param {string} name Item name + * @param {string} value Item value + */ + set: function (name, value) { + langKey=value; + $window.localStorage.setItem(name, value); + }, + /** + * @ngdoc function + * @name pascalprecht.translate.$translateLocalStorage#put + * @methodOf pascalprecht.translate.$translateLocalStorage + * + * @description + * Sets an item in localStorage by given name. + * + * @param {string} name Item name + * @param {string} value Item value + */ + put: function (name, value) { + langKey=value; + $window.localStorage.setItem(name, value); + } + }; + }()); + + var hasLocalStorageSupport = 'localStorage' in $window; + if (hasLocalStorageSupport) { + var testKey = 'pascalprecht.translate.storageTest'; + try { + // this check have to be wrapped within a try/catch because on + // a SecurityError: Dom Exception 18 on iOS + if ($window.localStorage !== null) { + $window.localStorage.setItem(testKey, 'foo'); + $window.localStorage.removeItem(testKey); + hasLocalStorageSupport = true; + } else { + hasLocalStorageSupport = false; + } + } catch (e){ + hasLocalStorageSupport = false; + } + } + var $translateLocalStorage = hasLocalStorageSupport ? localStorageAdapter : $translateCookieStorage; + return $translateLocalStorage; +} + +$translateLocalStorageFactory.displayName = '$translateLocalStorageFactory'; +return 'pascalprecht.translate'; + +})); diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-storage-local/angular-translate-storage-local.min.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-storage-local/angular-translate-storage-local.min.js new file mode 100644 index 00000000000..785ca42d146 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-storage-local/angular-translate-storage-local.min.js @@ -0,0 +1,6 @@ +/*! + * angular-translate - v2.15.1 - 2017-03-04 + * + * Copyright (c) 2017 The angular-translate team, Pascal Precht; Licensed MIT + */ +!function(a,b){"function"==typeof define&&define.amd?define([],function(){return b()}):"object"==typeof exports?module.exports=b():b()}(this,function(){function a(a,b){"use strict";var c=function(){var b;return{get:function(c){return b||(b=a.localStorage.getItem(c)),b},set:function(c,d){b=d,a.localStorage.setItem(c,d)},put:function(c,d){b=d,a.localStorage.setItem(c,d)}}}(),d="localStorage"in a;if(d){var e="pascalprecht.translate.storageTest";try{null!==a.localStorage?(a.localStorage.setItem(e,"foo"),a.localStorage.removeItem(e),d=!0):d=!1}catch(a){d=!1}}var f=d?c:b;return f}return a.$inject=["$window","$translateCookieStorage"],angular.module("pascalprecht.translate").factory("$translateLocalStorage",a),a.displayName="$translateLocalStorageFactory","pascalprecht.translate"}); \ No newline at end of file diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate.js new file mode 100644 index 00000000000..c2e2e142dc6 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate.js @@ -0,0 +1,3709 @@ +/*! + * angular-translate - v2.15.1 - 2017-03-04 + * + * Copyright (c) 2017 The angular-translate team, Pascal Precht; Licensed MIT + */ +(function (root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module unless amdModuleId is set + define([], function () { + return (factory()); + }); + } else if (typeof exports === 'object') { + // Node. Does not work with strict CommonJS, but + // only CommonJS-like environments that support module.exports, + // like Node. + module.exports = factory(); + } else { + factory(); + } +}(this, function () { + +/** + * @ngdoc overview + * @name pascalprecht.translate + * + * @description + * The main module which holds everything together. + */ +runTranslate.$inject = ['$translate']; +$translate.$inject = ['$STORAGE_KEY', '$windowProvider', '$translateSanitizationProvider', 'pascalprechtTranslateOverrider']; +$translateDefaultInterpolation.$inject = ['$interpolate', '$translateSanitization']; +translateDirective.$inject = ['$translate', '$interpolate', '$compile', '$parse', '$rootScope']; +translateAttrDirective.$inject = ['$translate', '$rootScope']; +translateCloakDirective.$inject = ['$translate', '$rootScope']; +translateFilterFactory.$inject = ['$parse', '$translate']; +$translationCache.$inject = ['$cacheFactory']; +angular.module('pascalprecht.translate', ['ng']) + .run(runTranslate); + +function runTranslate($translate) { + + 'use strict'; + + var key = $translate.storageKey(), + storage = $translate.storage(); + + var fallbackFromIncorrectStorageValue = function () { + var preferred = $translate.preferredLanguage(); + if (angular.isString(preferred)) { + $translate.use(preferred); + // $translate.use() will also remember the language. + // So, we don't need to call storage.put() here. + } else { + storage.put(key, $translate.use()); + } + }; + + fallbackFromIncorrectStorageValue.displayName = 'fallbackFromIncorrectStorageValue'; + + if (storage) { + if (!storage.get(key)) { + fallbackFromIncorrectStorageValue(); + } else { + $translate.use(storage.get(key))['catch'](fallbackFromIncorrectStorageValue); + } + } else if (angular.isString($translate.preferredLanguage())) { + $translate.use($translate.preferredLanguage()); + } +} + +runTranslate.displayName = 'runTranslate'; + +/** + * @ngdoc object + * @name pascalprecht.translate.$translateSanitizationProvider + * + * @description + * + * Configurations for $translateSanitization + */ +angular.module('pascalprecht.translate').provider('$translateSanitization', $translateSanitizationProvider); + +function $translateSanitizationProvider () { + + 'use strict'; + + var $sanitize, + $sce, + currentStrategy = null, // TODO change to either 'sanitize', 'escape' or ['sanitize', 'escapeParameters'] in 3.0. + hasConfiguredStrategy = false, + hasShownNoStrategyConfiguredWarning = false, + strategies; + + /** + * Definition of a sanitization strategy function + * @callback StrategyFunction + * @param {string|object} value - value to be sanitized (either a string or an interpolated value map) + * @param {string} mode - either 'text' for a string (translation) or 'params' for the interpolated params + * @return {string|object} + */ + + /** + * @ngdoc property + * @name strategies + * @propertyOf pascalprecht.translate.$translateSanitizationProvider + * + * @description + * Following strategies are built-in: + *
    + *
    sanitize
    + *
    Sanitizes HTML in the translation text using $sanitize
    + *
    escape
    + *
    Escapes HTML in the translation
    + *
    sanitizeParameters
    + *
    Sanitizes HTML in the values of the interpolation parameters using $sanitize
    + *
    escapeParameters
    + *
    Escapes HTML in the values of the interpolation parameters
    + *
    escaped
    + *
    Support legacy strategy name 'escaped' for backwards compatibility (will be removed in 3.0)
    + *
    + * + */ + + strategies = { + sanitize: function (value, mode/*, context*/) { + if (mode === 'text') { + value = htmlSanitizeValue(value); + } + return value; + }, + escape: function (value, mode/*, context*/) { + if (mode === 'text') { + value = htmlEscapeValue(value); + } + return value; + }, + sanitizeParameters: function (value, mode/*, context*/) { + if (mode === 'params') { + value = mapInterpolationParameters(value, htmlSanitizeValue); + } + return value; + }, + escapeParameters: function (value, mode/*, context*/) { + if (mode === 'params') { + value = mapInterpolationParameters(value, htmlEscapeValue); + } + return value; + }, + sce: function (value, mode, context) { + if (mode === 'text') { + value = htmlTrustValue(value); + } else if (mode === 'params') { + if (context !== 'filter') { + // do html escape in filter context #1101 + value = mapInterpolationParameters(value, htmlEscapeValue); + } + } + return value; + }, + sceParameters: function (value, mode/*, context*/) { + if (mode === 'params') { + value = mapInterpolationParameters(value, htmlTrustValue); + } + return value; + } + }; + // Support legacy strategy name 'escaped' for backwards compatibility. + // TODO should be removed in 3.0 + strategies.escaped = strategies.escapeParameters; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateSanitizationProvider#addStrategy + * @methodOf pascalprecht.translate.$translateSanitizationProvider + * + * @description + * Adds a sanitization strategy to the list of known strategies. + * + * @param {string} strategyName - unique key for a strategy + * @param {StrategyFunction} strategyFunction - strategy function + * @returns {object} this + */ + this.addStrategy = function (strategyName, strategyFunction) { + strategies[strategyName] = strategyFunction; + return this; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateSanitizationProvider#removeStrategy + * @methodOf pascalprecht.translate.$translateSanitizationProvider + * + * @description + * Removes a sanitization strategy from the list of known strategies. + * + * @param {string} strategyName - unique key for a strategy + * @returns {object} this + */ + this.removeStrategy = function (strategyName) { + delete strategies[strategyName]; + return this; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateSanitizationProvider#useStrategy + * @methodOf pascalprecht.translate.$translateSanitizationProvider + * + * @description + * Selects a sanitization strategy. When an array is provided the strategies will be executed in order. + * + * @param {string|StrategyFunction|array} strategy The sanitization strategy / strategies which should be used. Either a name of an existing strategy, a custom strategy function, or an array consisting of multiple names and / or custom functions. + * @returns {object} this + */ + this.useStrategy = function (strategy) { + hasConfiguredStrategy = true; + currentStrategy = strategy; + return this; + }; + + /** + * @ngdoc object + * @name pascalprecht.translate.$translateSanitization + * @requires $injector + * @requires $log + * + * @description + * Sanitizes interpolation parameters and translated texts. + * + */ + this.$get = ['$injector', '$log', function ($injector, $log) { + + var cachedStrategyMap = {}; + + var applyStrategies = function (value, mode, context, selectedStrategies) { + angular.forEach(selectedStrategies, function (selectedStrategy) { + if (angular.isFunction(selectedStrategy)) { + value = selectedStrategy(value, mode, context); + } else if (angular.isFunction(strategies[selectedStrategy])) { + value = strategies[selectedStrategy](value, mode, context); + } else if (angular.isString(strategies[selectedStrategy])) { + if (!cachedStrategyMap[strategies[selectedStrategy]]) { + try { + cachedStrategyMap[strategies[selectedStrategy]] = $injector.get(strategies[selectedStrategy]); + } catch (e) { + cachedStrategyMap[strategies[selectedStrategy]] = function() {}; + throw new Error('pascalprecht.translate.$translateSanitization: Unknown sanitization strategy: \'' + selectedStrategy + '\''); + } + } + value = cachedStrategyMap[strategies[selectedStrategy]](value, mode, context); + } else { + throw new Error('pascalprecht.translate.$translateSanitization: Unknown sanitization strategy: \'' + selectedStrategy + '\''); + } + }); + return value; + }; + + // TODO: should be removed in 3.0 + var showNoStrategyConfiguredWarning = function () { + if (!hasConfiguredStrategy && !hasShownNoStrategyConfiguredWarning) { + $log.warn('pascalprecht.translate.$translateSanitization: No sanitization strategy has been configured. This can have serious security implications. See http://angular-translate.github.io/docs/#/guide/19_security for details.'); + hasShownNoStrategyConfiguredWarning = true; + } + }; + + if ($injector.has('$sanitize')) { + $sanitize = $injector.get('$sanitize'); + } + if ($injector.has('$sce')) { + $sce = $injector.get('$sce'); + } + + return { + /** + * @ngdoc function + * @name pascalprecht.translate.$translateSanitization#useStrategy + * @methodOf pascalprecht.translate.$translateSanitization + * + * @description + * Selects a sanitization strategy. When an array is provided the strategies will be executed in order. + * + * @param {string|StrategyFunction|array} strategy The sanitization strategy / strategies which should be used. Either a name of an existing strategy, a custom strategy function, or an array consisting of multiple names and / or custom functions. + */ + useStrategy: (function (self) { + return function (strategy) { + self.useStrategy(strategy); + }; + })(this), + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateSanitization#sanitize + * @methodOf pascalprecht.translate.$translateSanitization + * + * @description + * Sanitizes a value. + * + * @param {string|object} value The value which should be sanitized. + * @param {string} mode The current sanitization mode, either 'params' or 'text'. + * @param {string|StrategyFunction|array} [strategy] Optional custom strategy which should be used instead of the currently selected strategy. + * @param {string} [context] The context of this call: filter, service. Default is service + * @returns {string|object} sanitized value + */ + sanitize: function (value, mode, strategy, context) { + if (!currentStrategy) { + showNoStrategyConfiguredWarning(); + } + + if (!strategy && strategy !== null) { + strategy = currentStrategy; + } + + if (!strategy) { + return value; + } + + if (!context) { + context = 'service'; + } + + var selectedStrategies = angular.isArray(strategy) ? strategy : [strategy]; + return applyStrategies(value, mode, context, selectedStrategies); + } + }; + }]; + + var htmlEscapeValue = function (value) { + var element = angular.element('
    '); + element.text(value); // not chainable, see #1044 + return element.html(); + }; + + var htmlSanitizeValue = function (value) { + if (!$sanitize) { + throw new Error('pascalprecht.translate.$translateSanitization: Error cannot find $sanitize service. Either include the ngSanitize module (https://docs.angularjs.org/api/ngSanitize) or use a sanitization strategy which does not depend on $sanitize, such as \'escape\'.'); + } + return $sanitize(value); + }; + + var htmlTrustValue = function (value) { + if (!$sce) { + throw new Error('pascalprecht.translate.$translateSanitization: Error cannot find $sce service.'); + } + return $sce.trustAsHtml(value); + }; + + var mapInterpolationParameters = function (value, iteratee, stack) { + if (angular.isDate(value)) { + return value; + } else if (angular.isObject(value)) { + var result = angular.isArray(value) ? [] : {}; + + if (!stack) { + stack = []; + } else { + if (stack.indexOf(value) > -1) { + throw new Error('pascalprecht.translate.$translateSanitization: Error cannot interpolate parameter due recursive object'); + } + } + + stack.push(value); + angular.forEach(value, function (propertyValue, propertyKey) { + + /* Skipping function properties. */ + if (angular.isFunction(propertyValue)) { + return; + } + + result[propertyKey] = mapInterpolationParameters(propertyValue, iteratee, stack); + }); + stack.splice(-1, 1); // remove last + + return result; + } else if (angular.isNumber(value)) { + return value; + } else if (!angular.isUndefined(value) && value !== null) { + return iteratee(value); + } else { + return value; + } + }; +} + +/** + * @ngdoc object + * @name pascalprecht.translate.$translateProvider + * @description + * + * $translateProvider allows developers to register translation-tables, asynchronous loaders + * and similar to configure translation behavior directly inside of a module. + * + */ +angular.module('pascalprecht.translate') + .constant('pascalprechtTranslateOverrider', {}) + .provider('$translate', $translate); + +function $translate($STORAGE_KEY, $windowProvider, $translateSanitizationProvider, pascalprechtTranslateOverrider) { + + 'use strict'; + + var $translationTable = {}, + $preferredLanguage, + $availableLanguageKeys = [], + $languageKeyAliases, + $fallbackLanguage, + $fallbackWasString, + $uses, + $nextLang, + $storageFactory, + $storageKey = $STORAGE_KEY, + $storagePrefix, + $missingTranslationHandlerFactory, + $interpolationFactory, + $interpolatorFactories = [], + $loaderFactory, + $cloakClassName = 'translate-cloak', + $loaderOptions, + $notFoundIndicatorLeft, + $notFoundIndicatorRight, + $postCompilingEnabled = false, + $forceAsyncReloadEnabled = false, + $nestedObjectDelimeter = '.', + $isReady = false, + $keepContent = false, + loaderCache, + directivePriority = 0, + statefulFilter = true, + postProcessFn, + uniformLanguageTagResolver = 'default', + languageTagResolver = { + 'default' : function (tag) { + return (tag || '').split('-').join('_'); + }, + java : function (tag) { + var temp = (tag || '').split('-').join('_'); + var parts = temp.split('_'); + return parts.length > 1 ? (parts[0].toLowerCase() + '_' + parts[1].toUpperCase()) : temp; + }, + bcp47 : function (tag) { + var temp = (tag || '').split('_').join('-'); + var parts = temp.split('-'); + return parts.length > 1 ? (parts[0].toLowerCase() + '-' + parts[1].toUpperCase()) : temp; + }, + 'iso639-1' : function (tag) { + var temp = (tag || '').split('_').join('-'); + var parts = temp.split('-'); + return parts[0].toLowerCase(); + } + }; + + var version = '2.15.1'; + + // tries to determine the browsers language + var getFirstBrowserLanguage = function () { + + // internal purpose only + if (angular.isFunction(pascalprechtTranslateOverrider.getLocale)) { + return pascalprechtTranslateOverrider.getLocale(); + } + + var nav = $windowProvider.$get().navigator, + browserLanguagePropertyKeys = ['language', 'browserLanguage', 'systemLanguage', 'userLanguage'], + i, + language; + + // support for HTML 5.1 "navigator.languages" + if (angular.isArray(nav.languages)) { + for (i = 0; i < nav.languages.length; i++) { + language = nav.languages[i]; + if (language && language.length) { + return language; + } + } + } + + // support for other well known properties in browsers + for (i = 0; i < browserLanguagePropertyKeys.length; i++) { + language = nav[browserLanguagePropertyKeys[i]]; + if (language && language.length) { + return language; + } + } + + return null; + }; + getFirstBrowserLanguage.displayName = 'angular-translate/service: getFirstBrowserLanguage'; + + // tries to determine the browsers locale + var getLocale = function () { + var locale = getFirstBrowserLanguage() || ''; + if (languageTagResolver[uniformLanguageTagResolver]) { + locale = languageTagResolver[uniformLanguageTagResolver](locale); + } + return locale; + }; + getLocale.displayName = 'angular-translate/service: getLocale'; + + /** + * @name indexOf + * @private + * + * @description + * indexOf polyfill. Kinda sorta. + * + * @param {array} array Array to search in. + * @param {string} searchElement Element to search for. + * + * @returns {int} Index of search element. + */ + var indexOf = function (array, searchElement) { + for (var i = 0, len = array.length; i < len; i++) { + if (array[i] === searchElement) { + return i; + } + } + return -1; + }; + + /** + * @name trim + * @private + * + * @description + * trim polyfill + * + * @returns {string} The string stripped of whitespace from both ends + */ + var trim = function () { + return this.toString().replace(/^\s+|\s+$/g, ''); + }; + + var negotiateLocale = function (preferred) { + if (!preferred) { + return; + } + + var avail = [], + locale = angular.lowercase(preferred), + i = 0, + n = $availableLanguageKeys.length; + + for (; i < n; i++) { + avail.push(angular.lowercase($availableLanguageKeys[i])); + } + + // Check for an exact match in our list of available keys + if (indexOf(avail, locale) > -1) { + return preferred; + } + + if ($languageKeyAliases) { + var alias; + for (var langKeyAlias in $languageKeyAliases) { + if ($languageKeyAliases.hasOwnProperty(langKeyAlias)) { + var hasWildcardKey = false; + var hasExactKey = Object.prototype.hasOwnProperty.call($languageKeyAliases, langKeyAlias) && + angular.lowercase(langKeyAlias) === angular.lowercase(preferred); + + if (langKeyAlias.slice(-1) === '*') { + hasWildcardKey = langKeyAlias.slice(0, -1) === preferred.slice(0, langKeyAlias.length - 1); + } + if (hasExactKey || hasWildcardKey) { + alias = $languageKeyAliases[langKeyAlias]; + if (indexOf(avail, angular.lowercase(alias)) > -1) { + return alias; + } + } + } + } + } + + // Check for a language code without region + var parts = preferred.split('_'); + + if (parts.length > 1 && indexOf(avail, angular.lowercase(parts[0])) > -1) { + return parts[0]; + } + + // If everything fails, return undefined. + return; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#translations + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Registers a new translation table for specific language key. + * + * To register a translation table for specific language, pass a defined language + * key as first parameter. + * + *
    +   *  // register translation table for language: 'de_DE'
    +   *  $translateProvider.translations('de_DE', {
    +   *    'GREETING': 'Hallo Welt!'
    +   *  });
    +   *
    +   *  // register another one
    +   *  $translateProvider.translations('en_US', {
    +   *    'GREETING': 'Hello world!'
    +   *  });
    +   * 
    + * + * When registering multiple translation tables for for the same language key, + * the actual translation table gets extended. This allows you to define module + * specific translation which only get added, once a specific module is loaded in + * your app. + * + * Invoking this method with no arguments returns the translation table which was + * registered with no language key. Invoking it with a language key returns the + * related translation table. + * + * @param {string} langKey A language key. + * @param {object} translationTable A plain old JavaScript object that represents a translation table. + * + */ + var translations = function (langKey, translationTable) { + + if (!langKey && !translationTable) { + return $translationTable; + } + + if (langKey && !translationTable) { + if (angular.isString(langKey)) { + return $translationTable[langKey]; + } + } else { + if (!angular.isObject($translationTable[langKey])) { + $translationTable[langKey] = {}; + } + angular.extend($translationTable[langKey], flatObject(translationTable)); + } + return this; + }; + + this.translations = translations; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#cloakClassName + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * + * Let's you change the class name for `translate-cloak` directive. + * Default class name is `translate-cloak`. + * + * @param {string} name translate-cloak class name + */ + this.cloakClassName = function (name) { + if (!name) { + return $cloakClassName; + } + $cloakClassName = name; + return this; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#nestedObjectDelimeter + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * + * Let's you change the delimiter for namespaced translations. + * Default delimiter is `.`. + * + * @param {string} delimiter namespace separator + */ + this.nestedObjectDelimeter = function (delimiter) { + if (!delimiter) { + return $nestedObjectDelimeter; + } + $nestedObjectDelimeter = delimiter; + return this; + }; + + /** + * @name flatObject + * @private + * + * @description + * Flats an object. This function is used to flatten given translation data with + * namespaces, so they are later accessible via dot notation. + */ + var flatObject = function (data, path, result, prevKey) { + var key, keyWithPath, keyWithShortPath, val; + + if (!path) { + path = []; + } + if (!result) { + result = {}; + } + for (key in data) { + if (!Object.prototype.hasOwnProperty.call(data, key)) { + continue; + } + val = data[key]; + if (angular.isObject(val)) { + flatObject(val, path.concat(key), result, key); + } else { + keyWithPath = path.length ? ('' + path.join($nestedObjectDelimeter) + $nestedObjectDelimeter + key) : key; + if (path.length && key === prevKey) { + // Create shortcut path (foo.bar == foo.bar.bar) + keyWithShortPath = '' + path.join($nestedObjectDelimeter); + // Link it to original path + result[keyWithShortPath] = '@:' + keyWithPath; + } + result[keyWithPath] = val; + } + } + return result; + }; + flatObject.displayName = 'flatObject'; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#addInterpolation + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Adds interpolation services to angular-translate, so it can manage them. + * + * @param {object} factory Interpolation service factory + */ + this.addInterpolation = function (factory) { + $interpolatorFactories.push(factory); + return this; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#useMessageFormatInterpolation + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Tells angular-translate to use interpolation functionality of messageformat.js. + * This is useful when having high level pluralization and gender selection. + */ + this.useMessageFormatInterpolation = function () { + return this.useInterpolation('$translateMessageFormatInterpolation'); + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#useInterpolation + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Tells angular-translate which interpolation style to use as default, application-wide. + * Simply pass a factory/service name. The interpolation service has to implement + * the correct interface. + * + * @param {string} factory Interpolation service name. + */ + this.useInterpolation = function (factory) { + $interpolationFactory = factory; + return this; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#useSanitizeStrategy + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Simply sets a sanitation strategy type. + * + * @param {string} value Strategy type. + */ + this.useSanitizeValueStrategy = function (value) { + $translateSanitizationProvider.useStrategy(value); + return this; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#preferredLanguage + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Tells the module which of the registered translation tables to use for translation + * at initial startup by passing a language key. Similar to `$translateProvider#use` + * only that it says which language to **prefer**. + * + * @param {string} langKey A language key. + */ + this.preferredLanguage = function (langKey) { + if (langKey) { + setupPreferredLanguage(langKey); + return this; + } + return $preferredLanguage; + }; + var setupPreferredLanguage = function (langKey) { + if (langKey) { + $preferredLanguage = langKey; + } + return $preferredLanguage; + }; + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#translationNotFoundIndicator + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Sets an indicator which is used when a translation isn't found. E.g. when + * setting the indicator as 'X' and one tries to translate a translation id + * called `NOT_FOUND`, this will result in `X NOT_FOUND X`. + * + * Internally this methods sets a left indicator and a right indicator using + * `$translateProvider.translationNotFoundIndicatorLeft()` and + * `$translateProvider.translationNotFoundIndicatorRight()`. + * + * **Note**: These methods automatically add a whitespace between the indicators + * and the translation id. + * + * @param {string} indicator An indicator, could be any string. + */ + this.translationNotFoundIndicator = function (indicator) { + this.translationNotFoundIndicatorLeft(indicator); + this.translationNotFoundIndicatorRight(indicator); + return this; + }; + + /** + * ngdoc function + * @name pascalprecht.translate.$translateProvider#translationNotFoundIndicatorLeft + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Sets an indicator which is used when a translation isn't found left to the + * translation id. + * + * @param {string} indicator An indicator. + */ + this.translationNotFoundIndicatorLeft = function (indicator) { + if (!indicator) { + return $notFoundIndicatorLeft; + } + $notFoundIndicatorLeft = indicator; + return this; + }; + + /** + * ngdoc function + * @name pascalprecht.translate.$translateProvider#translationNotFoundIndicatorLeft + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Sets an indicator which is used when a translation isn't found right to the + * translation id. + * + * @param {string} indicator An indicator. + */ + this.translationNotFoundIndicatorRight = function (indicator) { + if (!indicator) { + return $notFoundIndicatorRight; + } + $notFoundIndicatorRight = indicator; + return this; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#fallbackLanguage + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Tells the module which of the registered translation tables to use when missing translations + * at initial startup by passing a language key. Similar to `$translateProvider#use` + * only that it says which language to **fallback**. + * + * @param {string||array} langKey A language key. + * + */ + this.fallbackLanguage = function (langKey) { + fallbackStack(langKey); + return this; + }; + + var fallbackStack = function (langKey) { + if (langKey) { + if (angular.isString(langKey)) { + $fallbackWasString = true; + $fallbackLanguage = [langKey]; + } else if (angular.isArray(langKey)) { + $fallbackWasString = false; + $fallbackLanguage = langKey; + } + if (angular.isString($preferredLanguage) && indexOf($fallbackLanguage, $preferredLanguage) < 0) { + $fallbackLanguage.push($preferredLanguage); + } + + return this; + } else { + if ($fallbackWasString) { + return $fallbackLanguage[0]; + } else { + return $fallbackLanguage; + } + } + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#use + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Set which translation table to use for translation by given language key. When + * trying to 'use' a language which isn't provided, it'll throw an error. + * + * You actually don't have to use this method since `$translateProvider#preferredLanguage` + * does the job too. + * + * @param {string} langKey A language key. + */ + this.use = function (langKey) { + if (langKey) { + if (!$translationTable[langKey] && (!$loaderFactory)) { + // only throw an error, when not loading translation data asynchronously + throw new Error('$translateProvider couldn\'t find translationTable for langKey: \'' + langKey + '\''); + } + $uses = langKey; + return this; + } + return $uses; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#resolveClientLocale + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * This returns the current browser/client's language key. The result is processed with the configured uniform tag resolver. + * + * @returns {string} the current client/browser language key + */ + this.resolveClientLocale = function () { + return getLocale(); + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#storageKey + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Tells the module which key must represent the choosed language by a user in the storage. + * + * @param {string} key A key for the storage. + */ + var storageKey = function (key) { + if (!key) { + if ($storagePrefix) { + return $storagePrefix + $storageKey; + } + return $storageKey; + } + $storageKey = key; + return this; + }; + + this.storageKey = storageKey; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#useUrlLoader + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Tells angular-translate to use `$translateUrlLoader` extension service as loader. + * + * @param {string} url Url + * @param {Object=} options Optional configuration object + */ + this.useUrlLoader = function (url, options) { + return this.useLoader('$translateUrlLoader', angular.extend({url : url}, options)); + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#useStaticFilesLoader + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Tells angular-translate to use `$translateStaticFilesLoader` extension service as loader. + * + * @param {Object=} options Optional configuration object + */ + this.useStaticFilesLoader = function (options) { + return this.useLoader('$translateStaticFilesLoader', options); + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#useLoader + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Tells angular-translate to use any other service as loader. + * + * @param {string} loaderFactory Factory name to use + * @param {Object=} options Optional configuration object + */ + this.useLoader = function (loaderFactory, options) { + $loaderFactory = loaderFactory; + $loaderOptions = options || {}; + return this; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#useLocalStorage + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Tells angular-translate to use `$translateLocalStorage` service as storage layer. + * + */ + this.useLocalStorage = function () { + return this.useStorage('$translateLocalStorage'); + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#useCookieStorage + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Tells angular-translate to use `$translateCookieStorage` service as storage layer. + */ + this.useCookieStorage = function () { + return this.useStorage('$translateCookieStorage'); + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#useStorage + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Tells angular-translate to use custom service as storage layer. + */ + this.useStorage = function (storageFactory) { + $storageFactory = storageFactory; + return this; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#storagePrefix + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Sets prefix for storage key. + * + * @param {string} prefix Storage key prefix + */ + this.storagePrefix = function (prefix) { + if (!prefix) { + return prefix; + } + $storagePrefix = prefix; + return this; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#useMissingTranslationHandlerLog + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Tells angular-translate to use built-in log handler when trying to translate + * a translation Id which doesn't exist. + * + * This is actually a shortcut method for `useMissingTranslationHandler()`. + * + */ + this.useMissingTranslationHandlerLog = function () { + return this.useMissingTranslationHandler('$translateMissingTranslationHandlerLog'); + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#useMissingTranslationHandler + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Expects a factory name which later gets instantiated with `$injector`. + * This method can be used to tell angular-translate to use a custom + * missingTranslationHandler. Just build a factory which returns a function + * and expects a translation id as argument. + * + * Example: + *
    +   *  app.config(function ($translateProvider) {
    +   *    $translateProvider.useMissingTranslationHandler('customHandler');
    +   *  });
    +   *
    +   *  app.factory('customHandler', function (dep1, dep2) {
    +   *    return function (translationId) {
    +   *      // something with translationId and dep1 and dep2
    +   *    };
    +   *  });
    +   * 
    + * + * @param {string} factory Factory name + */ + this.useMissingTranslationHandler = function (factory) { + $missingTranslationHandlerFactory = factory; + return this; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#usePostCompiling + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * If post compiling is enabled, all translated values will be processed + * again with AngularJS' $compile. + * + * Example: + *
    +   *  app.config(function ($translateProvider) {
    +   *    $translateProvider.usePostCompiling(true);
    +   *  });
    +   * 
    + * + * @param {string} factory Factory name + */ + this.usePostCompiling = function (value) { + $postCompilingEnabled = !(!value); + return this; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#forceAsyncReload + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * If force async reload is enabled, async loader will always be called + * even if $translationTable already contains the language key, adding + * possible new entries to the $translationTable. + * + * Example: + *
    +   *  app.config(function ($translateProvider) {
    +   *    $translateProvider.forceAsyncReload(true);
    +   *  });
    +   * 
    + * + * @param {boolean} value - valid values are true or false + */ + this.forceAsyncReload = function (value) { + $forceAsyncReloadEnabled = !(!value); + return this; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#uniformLanguageTag + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Tells angular-translate which language tag should be used as a result when determining + * the current browser language. + * + * This setting must be set before invoking {@link pascalprecht.translate.$translateProvider#methods_determinePreferredLanguage determinePreferredLanguage()}. + * + *
    +   * $translateProvider
    +   *   .uniformLanguageTag('bcp47')
    +   *   .determinePreferredLanguage()
    +   * 
    + * + * The resolver currently supports: + * * default + * (traditionally: hyphens will be converted into underscores, i.e. en-US => en_US) + * en-US => en_US + * en_US => en_US + * en-us => en_us + * * java + * like default, but the second part will be always in uppercase + * en-US => en_US + * en_US => en_US + * en-us => en_US + * * BCP 47 (RFC 4646 & 4647) + * en-US => en-US + * en_US => en-US + * en-us => en-US + * + * See also: + * * http://en.wikipedia.org/wiki/IETF_language_tag + * * http://www.w3.org/International/core/langtags/ + * * http://tools.ietf.org/html/bcp47 + * + * @param {string|object} options - options (or standard) + * @param {string} options.standard - valid values are 'default', 'bcp47', 'java' + */ + this.uniformLanguageTag = function (options) { + + if (!options) { + options = {}; + } else if (angular.isString(options)) { + options = { + standard : options + }; + } + + uniformLanguageTagResolver = options.standard; + + return this; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#determinePreferredLanguage + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Tells angular-translate to try to determine on its own which language key + * to set as preferred language. When `fn` is given, angular-translate uses it + * to determine a language key, otherwise it uses the built-in `getLocale()` + * method. + * + * The `getLocale()` returns a language key in the format `[lang]_[country]` or + * `[lang]` depending on what the browser provides. + * + * Use this method at your own risk, since not all browsers return a valid + * locale (see {@link pascalprecht.translate.$translateProvider#methods_uniformLanguageTag uniformLanguageTag()}). + * + * @param {Function=} fn Function to determine a browser's locale + */ + this.determinePreferredLanguage = function (fn) { + + var locale = (fn && angular.isFunction(fn)) ? fn() : getLocale(); + + if (!$availableLanguageKeys.length) { + $preferredLanguage = locale; + } else { + $preferredLanguage = negotiateLocale(locale) || locale; + } + + return this; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#registerAvailableLanguageKeys + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Registers a set of language keys the app will work with. Use this method in + * combination with + * {@link pascalprecht.translate.$translateProvider#determinePreferredLanguage determinePreferredLanguage}. + * When available languages keys are registered, angular-translate + * tries to find the best fitting language key depending on the browsers locale, + * considering your language key convention. + * + * @param {object} languageKeys Array of language keys the your app will use + * @param {object=} aliases Alias map. + */ + this.registerAvailableLanguageKeys = function (languageKeys, aliases) { + if (languageKeys) { + $availableLanguageKeys = languageKeys; + if (aliases) { + $languageKeyAliases = aliases; + } + return this; + } + return $availableLanguageKeys; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#useLoaderCache + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Registers a cache for internal $http based loaders. + * {@link pascalprecht.translate.$translationCache $translationCache}. + * When false the cache will be disabled (default). When true or undefined + * the cache will be a default (see $cacheFactory). When an object it will + * be treat as a cache object itself: the usage is $http({cache: cache}) + * + * @param {object} cache boolean, string or cache-object + */ + this.useLoaderCache = function (cache) { + if (cache === false) { + // disable cache + loaderCache = undefined; + } else if (cache === true) { + // enable cache using AJS defaults + loaderCache = true; + } else if (typeof(cache) === 'undefined') { + // enable cache using default + loaderCache = '$translationCache'; + } else if (cache) { + // enable cache using given one (see $cacheFactory) + loaderCache = cache; + } + return this; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#directivePriority + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Sets the default priority of the translate directive. The standard value is `0`. + * Calling this function without an argument will return the current value. + * + * @param {number} priority for the translate-directive + */ + this.directivePriority = function (priority) { + if (priority === undefined) { + // getter + return directivePriority; + } else { + // setter with chaining + directivePriority = priority; + return this; + } + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#statefulFilter + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * Since AngularJS 1.3, filters which are not stateless (depending at the scope) + * have to explicit define this behavior. + * Sets whether the translate filter should be stateful or stateless. The standard value is `true` + * meaning being stateful. + * Calling this function without an argument will return the current value. + * + * @param {boolean} state - defines the state of the filter + */ + this.statefulFilter = function (state) { + if (state === undefined) { + // getter + return statefulFilter; + } else { + // setter with chaining + statefulFilter = state; + return this; + } + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#postProcess + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * The post processor will be intercept right after the translation result. It can modify the result. + * + * @param {object} fn Function or service name (string) to be called after the translation value has been set / resolved. The function itself will enrich every value being processed and then continue the normal resolver process + */ + this.postProcess = function (fn) { + if (fn) { + postProcessFn = fn; + } else { + postProcessFn = undefined; + } + return this; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateProvider#keepContent + * @methodOf pascalprecht.translate.$translateProvider + * + * @description + * If keepContent is set to true than translate directive will always use innerHTML + * as a default translation + * + * Example: + *
    +   *  app.config(function ($translateProvider) {
    +   *    $translateProvider.keepContent(true);
    +   *  });
    +   * 
    + * + * @param {boolean} value - valid values are true or false + */ + this.keepContent = function (value) { + $keepContent = !(!value); + return this; + }; + + /** + * @ngdoc object + * @name pascalprecht.translate.$translate + * @requires $interpolate + * @requires $log + * @requires $rootScope + * @requires $q + * + * @description + * The `$translate` service is the actual core of angular-translate. It expects a translation id + * and optional interpolate parameters to translate contents. + * + *
    +   *  $translate('HEADLINE_TEXT').then(function (translation) {
    +   *    $scope.translatedText = translation;
    +   *  });
    +   * 
    + * + * @param {string|array} translationId A token which represents a translation id + * This can be optionally an array of translation ids which + * results that the function returns an object where each key + * is the translation id and the value the translation. + * @param {object=} interpolateParams An object hash for dynamic values + * @param {string} interpolationId The id of the interpolation to use + * @param {string} defaultTranslationText the optional default translation text that is written as + * as default text in case it is not found in any configured language + * @param {string} forceLanguage A language to be used instead of the current language + * @returns {object} promise + */ + this.$get = ['$log', '$injector', '$rootScope', '$q', function ($log, $injector, $rootScope, $q) { + + var Storage, + defaultInterpolator = $injector.get($interpolationFactory || '$translateDefaultInterpolation'), + pendingLoader = false, + interpolatorHashMap = {}, + langPromises = {}, + fallbackIndex, + startFallbackIteration; + + var $translate = function (translationId, interpolateParams, interpolationId, defaultTranslationText, forceLanguage) { + if (!$uses && $preferredLanguage) { + $uses = $preferredLanguage; + } + var uses = (forceLanguage && forceLanguage !== $uses) ? // we don't want to re-negotiate $uses + (negotiateLocale(forceLanguage) || forceLanguage) : $uses; + + // Check forceLanguage is present + if (forceLanguage) { + loadTranslationsIfMissing(forceLanguage); + } + + // Duck detection: If the first argument is an array, a bunch of translations was requested. + // The result is an object. + if (angular.isArray(translationId)) { + // Inspired by Q.allSettled by Kris Kowal + // https://github.com/kriskowal/q/blob/b0fa72980717dc202ffc3cbf03b936e10ebbb9d7/q.js#L1553-1563 + // This transforms all promises regardless resolved or rejected + var translateAll = function (translationIds) { + var results = {}; // storing the actual results + var promises = []; // promises to wait for + // Wraps the promise a) being always resolved and b) storing the link id->value + var translate = function (translationId) { + var deferred = $q.defer(); + var regardless = function (value) { + results[translationId] = value; + deferred.resolve([translationId, value]); + }; + // we don't care whether the promise was resolved or rejected; just store the values + $translate(translationId, interpolateParams, interpolationId, defaultTranslationText, forceLanguage).then(regardless, regardless); + return deferred.promise; + }; + for (var i = 0, c = translationIds.length; i < c; i++) { + promises.push(translate(translationIds[i])); + } + // wait for all (including storing to results) + return $q.all(promises).then(function () { + // return the results + return results; + }); + }; + return translateAll(translationId); + } + + var deferred = $q.defer(); + + // trim off any whitespace + if (translationId) { + translationId = trim.apply(translationId); + } + + var promiseToWaitFor = (function () { + var promise = $preferredLanguage ? + langPromises[$preferredLanguage] : + langPromises[uses]; + + fallbackIndex = 0; + + if ($storageFactory && !promise) { + // looks like there's no pending promise for $preferredLanguage or + // $uses. Maybe there's one pending for a language that comes from + // storage. + var langKey = Storage.get($storageKey); + promise = langPromises[langKey]; + + if ($fallbackLanguage && $fallbackLanguage.length) { + var index = indexOf($fallbackLanguage, langKey); + // maybe the language from storage is also defined as fallback language + // we increase the fallback language index to not search in that language + // as fallback, since it's probably the first used language + // in that case the index starts after the first element + fallbackIndex = (index === 0) ? 1 : 0; + + // but we can make sure to ALWAYS fallback to preferred language at least + if (indexOf($fallbackLanguage, $preferredLanguage) < 0) { + $fallbackLanguage.push($preferredLanguage); + } + } + } + return promise; + }()); + + if (!promiseToWaitFor) { + // no promise to wait for? okay. Then there's no loader registered + // nor is a one pending for language that comes from storage. + // We can just translate. + determineTranslation(translationId, interpolateParams, interpolationId, defaultTranslationText, uses).then(deferred.resolve, deferred.reject); + } else { + var promiseResolved = function () { + // $uses may have changed while waiting + if (!forceLanguage) { + uses = $uses; + } + determineTranslation(translationId, interpolateParams, interpolationId, defaultTranslationText, uses).then(deferred.resolve, deferred.reject); + }; + promiseResolved.displayName = 'promiseResolved'; + + promiseToWaitFor['finally'](promiseResolved) + .catch(angular.noop); // we don't care about errors here, already handled + } + return deferred.promise; + }; + + /** + * @name applyNotFoundIndicators + * @private + * + * @description + * Applies not fount indicators to given translation id, if needed. + * This function gets only executed, if a translation id doesn't exist, + * which is why a translation id is expected as argument. + * + * @param {string} translationId Translation id. + * @returns {string} Same as given translation id but applied with not found + * indicators. + */ + var applyNotFoundIndicators = function (translationId) { + // applying notFoundIndicators + if ($notFoundIndicatorLeft) { + translationId = [$notFoundIndicatorLeft, translationId].join(' '); + } + if ($notFoundIndicatorRight) { + translationId = [translationId, $notFoundIndicatorRight].join(' '); + } + return translationId; + }; + + /** + * @name useLanguage + * @private + * + * @description + * Makes actual use of a language by setting a given language key as used + * language and informs registered interpolators to also use the given + * key as locale. + * + * @param {string} key Locale key. + */ + var useLanguage = function (key) { + $uses = key; + + // make sure to store new language key before triggering success event + if ($storageFactory) { + Storage.put($translate.storageKey(), $uses); + } + + $rootScope.$emit('$translateChangeSuccess', {language : key}); + + // inform default interpolator + defaultInterpolator.setLocale($uses); + + var eachInterpolator = function (interpolator, id) { + interpolatorHashMap[id].setLocale($uses); + }; + eachInterpolator.displayName = 'eachInterpolatorLocaleSetter'; + + // inform all others too! + angular.forEach(interpolatorHashMap, eachInterpolator); + $rootScope.$emit('$translateChangeEnd', {language : key}); + }; + + /** + * @name loadAsync + * @private + * + * @description + * Kicks off registered async loader using `$injector` and applies existing + * loader options. When resolved, it updates translation tables accordingly + * or rejects with given language key. + * + * @param {string} key Language key. + * @return {Promise} A promise. + */ + var loadAsync = function (key) { + if (!key) { + throw 'No language key specified for loading.'; + } + + var deferred = $q.defer(); + + $rootScope.$emit('$translateLoadingStart', {language : key}); + pendingLoader = true; + + var cache = loaderCache; + if (typeof(cache) === 'string') { + // getting on-demand instance of loader + cache = $injector.get(cache); + } + + var loaderOptions = angular.extend({}, $loaderOptions, { + key : key, + $http : angular.extend({}, { + cache : cache + }, $loaderOptions.$http) + }); + + var onLoaderSuccess = function (data) { + var translationTable = {}; + $rootScope.$emit('$translateLoadingSuccess', {language : key}); + + if (angular.isArray(data)) { + angular.forEach(data, function (table) { + angular.extend(translationTable, flatObject(table)); + }); + } else { + angular.extend(translationTable, flatObject(data)); + } + pendingLoader = false; + deferred.resolve({ + key : key, + table : translationTable + }); + $rootScope.$emit('$translateLoadingEnd', {language : key}); + }; + onLoaderSuccess.displayName = 'onLoaderSuccess'; + + var onLoaderError = function (key) { + $rootScope.$emit('$translateLoadingError', {language : key}); + deferred.reject(key); + $rootScope.$emit('$translateLoadingEnd', {language : key}); + }; + onLoaderError.displayName = 'onLoaderError'; + + $injector.get($loaderFactory)(loaderOptions) + .then(onLoaderSuccess, onLoaderError); + + return deferred.promise; + }; + + if ($storageFactory) { + Storage = $injector.get($storageFactory); + + if (!Storage.get || !Storage.put) { + throw new Error('Couldn\'t use storage \'' + $storageFactory + '\', missing get() or put() method!'); + } + } + + // if we have additional interpolations that were added via + // $translateProvider.addInterpolation(), we have to map'em + if ($interpolatorFactories.length) { + var eachInterpolationFactory = function (interpolatorFactory) { + var interpolator = $injector.get(interpolatorFactory); + // setting initial locale for each interpolation service + interpolator.setLocale($preferredLanguage || $uses); + // make'em recognizable through id + interpolatorHashMap[interpolator.getInterpolationIdentifier()] = interpolator; + }; + eachInterpolationFactory.displayName = 'interpolationFactoryAdder'; + + angular.forEach($interpolatorFactories, eachInterpolationFactory); + } + + /** + * @name getTranslationTable + * @private + * + * @description + * Returns a promise that resolves to the translation table + * or is rejected if an error occurred. + * + * @param langKey + * @returns {Q.promise} + */ + var getTranslationTable = function (langKey) { + var deferred = $q.defer(); + if (Object.prototype.hasOwnProperty.call($translationTable, langKey)) { + deferred.resolve($translationTable[langKey]); + } else if (langPromises[langKey]) { + var onResolve = function (data) { + translations(data.key, data.table); + deferred.resolve(data.table); + }; + onResolve.displayName = 'translationTableResolver'; + langPromises[langKey].then(onResolve, deferred.reject); + } else { + deferred.reject(); + } + return deferred.promise; + }; + + /** + * @name getFallbackTranslation + * @private + * + * @description + * Returns a promise that will resolve to the translation + * or be rejected if no translation was found for the language. + * This function is currently only used for fallback language translation. + * + * @param langKey The language to translate to. + * @param translationId + * @param interpolateParams + * @param Interpolator + * @param sanitizeStrategy + * @returns {Q.promise} + */ + var getFallbackTranslation = function (langKey, translationId, interpolateParams, Interpolator, sanitizeStrategy) { + var deferred = $q.defer(); + + var onResolve = function (translationTable) { + if (Object.prototype.hasOwnProperty.call(translationTable, translationId) && translationTable[translationId] !== null) { + Interpolator.setLocale(langKey); + var translation = translationTable[translationId]; + if (translation.substr(0, 2) === '@:') { + getFallbackTranslation(langKey, translation.substr(2), interpolateParams, Interpolator, sanitizeStrategy) + .then(deferred.resolve, deferred.reject); + } else { + var interpolatedValue = Interpolator.interpolate(translationTable[translationId], interpolateParams, 'service', sanitizeStrategy, translationId); + interpolatedValue = applyPostProcessing(translationId, translationTable[translationId], interpolatedValue, interpolateParams, langKey); + + deferred.resolve(interpolatedValue); + + } + Interpolator.setLocale($uses); + } else { + deferred.reject(); + } + }; + onResolve.displayName = 'fallbackTranslationResolver'; + + getTranslationTable(langKey).then(onResolve, deferred.reject); + + return deferred.promise; + }; + + /** + * @name getFallbackTranslationInstant + * @private + * + * @description + * Returns a translation + * This function is currently only used for fallback language translation. + * + * @param langKey The language to translate to. + * @param translationId + * @param interpolateParams + * @param Interpolator + * @param sanitizeStrategy sanitize strategy override + * + * @returns {string} translation + */ + var getFallbackTranslationInstant = function (langKey, translationId, interpolateParams, Interpolator, sanitizeStrategy) { + var result, translationTable = $translationTable[langKey]; + + if (translationTable && Object.prototype.hasOwnProperty.call(translationTable, translationId) && translationTable[translationId] !== null) { + Interpolator.setLocale(langKey); + result = Interpolator.interpolate(translationTable[translationId], interpolateParams, 'filter', sanitizeStrategy, translationId); + result = applyPostProcessing(translationId, translationTable[translationId], result, interpolateParams, langKey, sanitizeStrategy); + // workaround for TrustedValueHolderType + if (!angular.isString(result) && angular.isFunction(result.$$unwrapTrustedValue)) { + var result2 = result.$$unwrapTrustedValue(); + if (result2.substr(0, 2) === '@:') { + return getFallbackTranslationInstant(langKey, result2.substr(2), interpolateParams, Interpolator, sanitizeStrategy); + } + } else if (result.substr(0, 2) === '@:') { + return getFallbackTranslationInstant(langKey, result.substr(2), interpolateParams, Interpolator, sanitizeStrategy); + } + Interpolator.setLocale($uses); + } + + return result; + }; + + + /** + * @name translateByHandler + * @private + * + * Translate by missing translation handler. + * + * @param translationId + * @param interpolateParams + * @param defaultTranslationText + * @param sanitizeStrategy sanitize strategy override + * + * @returns translation created by $missingTranslationHandler or translationId is $missingTranslationHandler is + * absent + */ + var translateByHandler = function (translationId, interpolateParams, defaultTranslationText, sanitizeStrategy) { + // If we have a handler factory - we might also call it here to determine if it provides + // a default text for a translationid that can't be found anywhere in our tables + if ($missingTranslationHandlerFactory) { + return $injector.get($missingTranslationHandlerFactory)(translationId, $uses, interpolateParams, defaultTranslationText, sanitizeStrategy); + } else { + return translationId; + } + }; + + /** + * @name resolveForFallbackLanguage + * @private + * + * Recursive helper function for fallbackTranslation that will sequentially look + * for a translation in the fallbackLanguages starting with fallbackLanguageIndex. + * + * @param fallbackLanguageIndex + * @param translationId + * @param interpolateParams + * @param Interpolator + * @param defaultTranslationText + * @param sanitizeStrategy + * @returns {Q.promise} Promise that will resolve to the translation. + */ + var resolveForFallbackLanguage = function (fallbackLanguageIndex, translationId, interpolateParams, Interpolator, defaultTranslationText, sanitizeStrategy) { + var deferred = $q.defer(); + + if (fallbackLanguageIndex < $fallbackLanguage.length) { + var langKey = $fallbackLanguage[fallbackLanguageIndex]; + getFallbackTranslation(langKey, translationId, interpolateParams, Interpolator, sanitizeStrategy).then( + function (data) { + deferred.resolve(data); + }, + function () { + // Look in the next fallback language for a translation. + // It delays the resolving by passing another promise to resolve. + return resolveForFallbackLanguage(fallbackLanguageIndex + 1, translationId, interpolateParams, Interpolator, defaultTranslationText, sanitizeStrategy).then(deferred.resolve, deferred.reject); + } + ); + } else { + // No translation found in any fallback language + // if a default translation text is set in the directive, then return this as a result + if (defaultTranslationText) { + deferred.resolve(defaultTranslationText); + } else { + var missingTranslationHandlerTranslation = translateByHandler(translationId, interpolateParams, defaultTranslationText); + + // if no default translation is set and an error handler is defined, send it to the handler + // and then return the result if it isn't undefined + if ($missingTranslationHandlerFactory && missingTranslationHandlerTranslation) { + deferred.resolve(missingTranslationHandlerTranslation); + } else { + deferred.reject(applyNotFoundIndicators(translationId)); + } + } + } + return deferred.promise; + }; + + /** + * @name resolveForFallbackLanguageInstant + * @private + * + * Recursive helper function for fallbackTranslation that will sequentially look + * for a translation in the fallbackLanguages starting with fallbackLanguageIndex. + * + * @param fallbackLanguageIndex + * @param translationId + * @param interpolateParams + * @param Interpolator + * @param sanitizeStrategy + * @returns {string} translation + */ + var resolveForFallbackLanguageInstant = function (fallbackLanguageIndex, translationId, interpolateParams, Interpolator, sanitizeStrategy) { + var result; + + if (fallbackLanguageIndex < $fallbackLanguage.length) { + var langKey = $fallbackLanguage[fallbackLanguageIndex]; + result = getFallbackTranslationInstant(langKey, translationId, interpolateParams, Interpolator, sanitizeStrategy); + if (!result && result !== '') { + result = resolveForFallbackLanguageInstant(fallbackLanguageIndex + 1, translationId, interpolateParams, Interpolator); + } + } + return result; + }; + + /** + * Translates with the usage of the fallback languages. + * + * @param translationId + * @param interpolateParams + * @param Interpolator + * @param defaultTranslationText + * @param sanitizeStrategy + * @returns {Q.promise} Promise, that resolves to the translation. + */ + var fallbackTranslation = function (translationId, interpolateParams, Interpolator, defaultTranslationText, sanitizeStrategy) { + // Start with the fallbackLanguage with index 0 + return resolveForFallbackLanguage((startFallbackIteration > 0 ? startFallbackIteration : fallbackIndex), translationId, interpolateParams, Interpolator, defaultTranslationText, sanitizeStrategy); + }; + + /** + * Translates with the usage of the fallback languages. + * + * @param translationId + * @param interpolateParams + * @param Interpolator + * @param sanitizeStrategy + * @returns {String} translation + */ + var fallbackTranslationInstant = function (translationId, interpolateParams, Interpolator, sanitizeStrategy) { + // Start with the fallbackLanguage with index 0 + return resolveForFallbackLanguageInstant((startFallbackIteration > 0 ? startFallbackIteration : fallbackIndex), translationId, interpolateParams, Interpolator, sanitizeStrategy); + }; + + var determineTranslation = function (translationId, interpolateParams, interpolationId, defaultTranslationText, uses, sanitizeStrategy) { + + var deferred = $q.defer(); + + var table = uses ? $translationTable[uses] : $translationTable, + Interpolator = (interpolationId) ? interpolatorHashMap[interpolationId] : defaultInterpolator; + + // if the translation id exists, we can just interpolate it + if (table && Object.prototype.hasOwnProperty.call(table, translationId) && table[translationId] !== null) { + var translation = table[translationId]; + + // If using link, rerun $translate with linked translationId and return it + if (translation.substr(0, 2) === '@:') { + + $translate(translation.substr(2), interpolateParams, interpolationId, defaultTranslationText, uses) + .then(deferred.resolve, deferred.reject); + } else { + // + var resolvedTranslation = Interpolator.interpolate(translation, interpolateParams, 'service', sanitizeStrategy, translationId); + resolvedTranslation = applyPostProcessing(translationId, translation, resolvedTranslation, interpolateParams, uses); + deferred.resolve(resolvedTranslation); + } + } else { + var missingTranslationHandlerTranslation; + // for logging purposes only (as in $translateMissingTranslationHandlerLog), value is not returned to promise + if ($missingTranslationHandlerFactory && !pendingLoader) { + missingTranslationHandlerTranslation = translateByHandler(translationId, interpolateParams, defaultTranslationText); + } + + // since we couldn't translate the inital requested translation id, + // we try it now with one or more fallback languages, if fallback language(s) is + // configured. + if (uses && $fallbackLanguage && $fallbackLanguage.length) { + fallbackTranslation(translationId, interpolateParams, Interpolator, defaultTranslationText, sanitizeStrategy) + .then(function (translation) { + deferred.resolve(translation); + }, function (_translationId) { + deferred.reject(applyNotFoundIndicators(_translationId)); + }); + } else if ($missingTranslationHandlerFactory && !pendingLoader && missingTranslationHandlerTranslation) { + // looks like the requested translation id doesn't exists. + // Now, if there is a registered handler for missing translations and no + // asyncLoader is pending, we execute the handler + if (defaultTranslationText) { + deferred.resolve(defaultTranslationText); + } else { + deferred.resolve(missingTranslationHandlerTranslation); + } + } else { + if (defaultTranslationText) { + deferred.resolve(defaultTranslationText); + } else { + deferred.reject(applyNotFoundIndicators(translationId)); + } + } + } + return deferred.promise; + }; + + var determineTranslationInstant = function (translationId, interpolateParams, interpolationId, uses, sanitizeStrategy) { + + var result, table = uses ? $translationTable[uses] : $translationTable, + Interpolator = defaultInterpolator; + + // if the interpolation id exists use custom interpolator + if (interpolatorHashMap && Object.prototype.hasOwnProperty.call(interpolatorHashMap, interpolationId)) { + Interpolator = interpolatorHashMap[interpolationId]; + } + + // if the translation id exists, we can just interpolate it + if (table && Object.prototype.hasOwnProperty.call(table, translationId) && table[translationId] !== null) { + var translation = table[translationId]; + + // If using link, rerun $translate with linked translationId and return it + if (translation.substr(0, 2) === '@:') { + result = determineTranslationInstant(translation.substr(2), interpolateParams, interpolationId, uses, sanitizeStrategy); + } else { + result = Interpolator.interpolate(translation, interpolateParams, 'filter', sanitizeStrategy, translationId); + result = applyPostProcessing(translationId, translation, result, interpolateParams, uses, sanitizeStrategy); + } + } else { + var missingTranslationHandlerTranslation; + // for logging purposes only (as in $translateMissingTranslationHandlerLog), value is not returned to promise + if ($missingTranslationHandlerFactory && !pendingLoader) { + missingTranslationHandlerTranslation = translateByHandler(translationId, interpolateParams, sanitizeStrategy); + } + + // since we couldn't translate the inital requested translation id, + // we try it now with one or more fallback languages, if fallback language(s) is + // configured. + if (uses && $fallbackLanguage && $fallbackLanguage.length) { + fallbackIndex = 0; + result = fallbackTranslationInstant(translationId, interpolateParams, Interpolator, sanitizeStrategy); + } else if ($missingTranslationHandlerFactory && !pendingLoader && missingTranslationHandlerTranslation) { + // looks like the requested translation id doesn't exists. + // Now, if there is a registered handler for missing translations and no + // asyncLoader is pending, we execute the handler + result = missingTranslationHandlerTranslation; + } else { + result = applyNotFoundIndicators(translationId); + } + } + + return result; + }; + + var clearNextLangAndPromise = function (key) { + if ($nextLang === key) { + $nextLang = undefined; + } + langPromises[key] = undefined; + }; + + var applyPostProcessing = function (translationId, translation, resolvedTranslation, interpolateParams, uses, sanitizeStrategy) { + var fn = postProcessFn; + + if (fn) { + + if (typeof(fn) === 'string') { + // getting on-demand instance + fn = $injector.get(fn); + } + if (fn) { + return fn(translationId, translation, resolvedTranslation, interpolateParams, uses, sanitizeStrategy); + } + } + + return resolvedTranslation; + }; + + var loadTranslationsIfMissing = function (key) { + if (!$translationTable[key] && $loaderFactory && !langPromises[key]) { + langPromises[key] = loadAsync(key).then(function (translation) { + translations(translation.key, translation.table); + return translation; + }); + } + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#preferredLanguage + * @methodOf pascalprecht.translate.$translate + * + * @description + * Returns the language key for the preferred language. + * + * @param {string} langKey language String or Array to be used as preferredLanguage (changing at runtime) + * + * @return {string} preferred language key + */ + $translate.preferredLanguage = function (langKey) { + if (langKey) { + setupPreferredLanguage(langKey); + } + return $preferredLanguage; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#cloakClassName + * @methodOf pascalprecht.translate.$translate + * + * @description + * Returns the configured class name for `translate-cloak` directive. + * + * @return {string} cloakClassName + */ + $translate.cloakClassName = function () { + return $cloakClassName; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#nestedObjectDelimeter + * @methodOf pascalprecht.translate.$translate + * + * @description + * Returns the configured delimiter for nested namespaces. + * + * @return {string} nestedObjectDelimeter + */ + $translate.nestedObjectDelimeter = function () { + return $nestedObjectDelimeter; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#fallbackLanguage + * @methodOf pascalprecht.translate.$translate + * + * @description + * Returns the language key for the fallback languages or sets a new fallback stack. + * + * @param {string=} langKey language String or Array of fallback languages to be used (to change stack at runtime) + * + * @return {string||array} fallback language key + */ + $translate.fallbackLanguage = function (langKey) { + if (langKey !== undefined && langKey !== null) { + fallbackStack(langKey); + + // as we might have an async loader initiated and a new translation language might have been defined + // we need to add the promise to the stack also. So - iterate. + if ($loaderFactory) { + if ($fallbackLanguage && $fallbackLanguage.length) { + for (var i = 0, len = $fallbackLanguage.length; i < len; i++) { + if (!langPromises[$fallbackLanguage[i]]) { + langPromises[$fallbackLanguage[i]] = loadAsync($fallbackLanguage[i]); + } + } + } + } + $translate.use($translate.use()); + } + if ($fallbackWasString) { + return $fallbackLanguage[0]; + } else { + return $fallbackLanguage; + } + + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#useFallbackLanguage + * @methodOf pascalprecht.translate.$translate + * + * @description + * Sets the first key of the fallback language stack to be used for translation. + * Therefore all languages in the fallback array BEFORE this key will be skipped! + * + * @param {string=} langKey Contains the langKey the iteration shall start with. Set to false if you want to + * get back to the whole stack + */ + $translate.useFallbackLanguage = function (langKey) { + if (langKey !== undefined && langKey !== null) { + if (!langKey) { + startFallbackIteration = 0; + } else { + var langKeyPosition = indexOf($fallbackLanguage, langKey); + if (langKeyPosition > -1) { + startFallbackIteration = langKeyPosition; + } + } + + } + + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#proposedLanguage + * @methodOf pascalprecht.translate.$translate + * + * @description + * Returns the language key of language that is currently loaded asynchronously. + * + * @return {string} language key + */ + $translate.proposedLanguage = function () { + return $nextLang; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#storage + * @methodOf pascalprecht.translate.$translate + * + * @description + * Returns registered storage. + * + * @return {object} Storage + */ + $translate.storage = function () { + return Storage; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#negotiateLocale + * @methodOf pascalprecht.translate.$translate + * + * @description + * Returns a language key based on available languages and language aliases. If a + * language key cannot be resolved, returns undefined. + * + * If no or a falsy key is given, returns undefined. + * + * @param {string} [key] Language key + * @return {string|undefined} Language key or undefined if no language key is found. + */ + $translate.negotiateLocale = negotiateLocale; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#use + * @methodOf pascalprecht.translate.$translate + * + * @description + * Tells angular-translate which language to use by given language key. This method is + * used to change language at runtime. It also takes care of storing the language + * key in a configured store to let your app remember the choosed language. + * + * When trying to 'use' a language which isn't available it tries to load it + * asynchronously with registered loaders. + * + * Returns promise object with loaded language file data or string of the currently used language. + * + * If no or a falsy key is given it returns the currently used language key. + * The returned string will be ```undefined``` if setting up $translate hasn't finished. + * @example + * $translate.use("en_US").then(function(data){ + * $scope.text = $translate("HELLO"); + * }); + * + * @param {string} [key] Language key + * @return {object|string} Promise with loaded language data or the language key if a falsy param was given. + */ + $translate.use = function (key) { + if (!key) { + return $uses; + } + + var deferred = $q.defer(); + deferred.promise.then(null, angular.noop); // AJS "Possibly unhandled rejection" + + $rootScope.$emit('$translateChangeStart', {language : key}); + + // Try to get the aliased language key + var aliasedKey = negotiateLocale(key); + // Ensure only registered language keys will be loaded + if ($availableLanguageKeys.length > 0 && !aliasedKey) { + return $q.reject(key); + } + + if (aliasedKey) { + key = aliasedKey; + } + + // if there isn't a translation table for the language we've requested, + // we load it asynchronously + $nextLang = key; + if (($forceAsyncReloadEnabled || !$translationTable[key]) && $loaderFactory && !langPromises[key]) { + langPromises[key] = loadAsync(key).then(function (translation) { + translations(translation.key, translation.table); + deferred.resolve(translation.key); + if ($nextLang === key) { + useLanguage(translation.key); + } + return translation; + }, function (key) { + $rootScope.$emit('$translateChangeError', {language : key}); + deferred.reject(key); + $rootScope.$emit('$translateChangeEnd', {language : key}); + return $q.reject(key); + }); + langPromises[key]['finally'](function () { + clearNextLangAndPromise(key); + }).catch(angular.noop); // we don't care about errors (clearing) + } else if (langPromises[key]) { + // we are already loading this asynchronously + // resolve our new deferred when the old langPromise is resolved + langPromises[key].then(function (translation) { + if ($nextLang === translation.key) { + useLanguage(translation.key); + } + deferred.resolve(translation.key); + return translation; + }, function (key) { + // find first available fallback language if that request has failed + if (!$uses && $fallbackLanguage && $fallbackLanguage.length > 0 && $fallbackLanguage[0] !== key) { + return $translate.use($fallbackLanguage[0]).then(deferred.resolve, deferred.reject); + } else { + return deferred.reject(key); + } + }); + } else { + deferred.resolve(key); + useLanguage(key); + } + + return deferred.promise; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#resolveClientLocale + * @methodOf pascalprecht.translate.$translate + * + * @description + * This returns the current browser/client's language key. The result is processed with the configured uniform tag resolver. + * + * @returns {string} the current client/browser language key + */ + $translate.resolveClientLocale = function () { + return getLocale(); + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#storageKey + * @methodOf pascalprecht.translate.$translate + * + * @description + * Returns the key for the storage. + * + * @return {string} storage key + */ + $translate.storageKey = function () { + return storageKey(); + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#isPostCompilingEnabled + * @methodOf pascalprecht.translate.$translate + * + * @description + * Returns whether post compiling is enabled or not + * + * @return {bool} storage key + */ + $translate.isPostCompilingEnabled = function () { + return $postCompilingEnabled; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#isForceAsyncReloadEnabled + * @methodOf pascalprecht.translate.$translate + * + * @description + * Returns whether force async reload is enabled or not + * + * @return {boolean} forceAsyncReload value + */ + $translate.isForceAsyncReloadEnabled = function () { + return $forceAsyncReloadEnabled; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#isKeepContent + * @methodOf pascalprecht.translate.$translate + * + * @description + * Returns whether keepContent or not + * + * @return {boolean} keepContent value + */ + $translate.isKeepContent = function () { + return $keepContent; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#refresh + * @methodOf pascalprecht.translate.$translate + * + * @description + * Refreshes a translation table pointed by the given langKey. If langKey is not specified, + * the module will drop all existent translation tables and load new version of those which + * are currently in use. + * + * Refresh means that the module will drop target translation table and try to load it again. + * + * In case there are no loaders registered the refresh() method will throw an Error. + * + * If the module is able to refresh translation tables refresh() method will broadcast + * $translateRefreshStart and $translateRefreshEnd events. + * + * @example + * // this will drop all currently existent translation tables and reload those which are + * // currently in use + * $translate.refresh(); + * // this will refresh a translation table for the en_US language + * $translate.refresh('en_US'); + * + * @param {string} langKey A language key of the table, which has to be refreshed + * + * @return {promise} Promise, which will be resolved in case a translation tables refreshing + * process is finished successfully, and reject if not. + */ + $translate.refresh = function (langKey) { + if (!$loaderFactory) { + throw new Error('Couldn\'t refresh translation table, no loader registered!'); + } + + $rootScope.$emit('$translateRefreshStart', {language : langKey}); + + var deferred = $q.defer(), updatedLanguages = {}; + + //private helper + function loadNewData(languageKey) { + var promise = loadAsync(languageKey); + //update the load promise cache for this language + langPromises[languageKey] = promise; + //register a data handler for the promise + promise.then(function (data) { + //clear the cache for this language + $translationTable[languageKey] = {}; + //add the new data for this language + translations(languageKey, data.table); + //track that we updated this language + updatedLanguages[languageKey] = true; + }, + //handle rejection to appease the $q validation + angular.noop); + return promise; + } + + //set up post-processing + deferred.promise.then( + function () { + for (var key in $translationTable) { + if ($translationTable.hasOwnProperty(key)) { + //delete cache entries that were not updated + if (!(key in updatedLanguages)) { + delete $translationTable[key]; + } + } + } + if ($uses) { + useLanguage($uses); + } + }, + //handle rejection to appease the $q validation + angular.noop + ).finally( + function () { + $rootScope.$emit('$translateRefreshEnd', {language : langKey}); + } + ); + + if (!langKey) { + // if there's no language key specified we refresh ALL THE THINGS! + var languagesToReload = $fallbackLanguage && $fallbackLanguage.slice() || []; + if ($uses && languagesToReload.indexOf($uses) === -1) { + languagesToReload.push($uses); + } + $q.all(languagesToReload.map(loadNewData)).then(deferred.resolve, deferred.reject); + + } else if ($translationTable[langKey]) { + //just refresh the specified language cache + loadNewData(langKey).then(deferred.resolve, deferred.reject); + + } else { + deferred.reject(); + } + + return deferred.promise; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#instant + * @methodOf pascalprecht.translate.$translate + * + * @description + * Returns a translation instantly from the internal state of loaded translation. All rules + * regarding the current language, the preferred language of even fallback languages will be + * used except any promise handling. If a language was not found, an asynchronous loading + * will be invoked in the background. + * + * @param {string|array} translationId A token which represents a translation id + * This can be optionally an array of translation ids which + * results that the function's promise returns an object where + * each key is the translation id and the value the translation. + * @param {object} interpolateParams Params + * @param {string} interpolationId The id of the interpolation to use + * @param {string} forceLanguage A language to be used instead of the current language + * @param {string} sanitizeStrategy force sanitize strategy for this call instead of using the configured one + * + * @return {string|object} translation + */ + $translate.instant = function (translationId, interpolateParams, interpolationId, forceLanguage, sanitizeStrategy) { + + // we don't want to re-negotiate $uses + var uses = (forceLanguage && forceLanguage !== $uses) ? // we don't want to re-negotiate $uses + (negotiateLocale(forceLanguage) || forceLanguage) : $uses; + + // Detect undefined and null values to shorten the execution and prevent exceptions + if (translationId === null || angular.isUndefined(translationId)) { + return translationId; + } + + // Check forceLanguage is present + if (forceLanguage) { + loadTranslationsIfMissing(forceLanguage); + } + + // Duck detection: If the first argument is an array, a bunch of translations was requested. + // The result is an object. + if (angular.isArray(translationId)) { + var results = {}; + for (var i = 0, c = translationId.length; i < c; i++) { + results[translationId[i]] = $translate.instant(translationId[i], interpolateParams, interpolationId, forceLanguage, sanitizeStrategy); + } + return results; + } + + // We discarded unacceptable values. So we just need to verify if translationId is empty String + if (angular.isString(translationId) && translationId.length < 1) { + return translationId; + } + + // trim off any whitespace + if (translationId) { + translationId = trim.apply(translationId); + } + + var result, possibleLangKeys = []; + if ($preferredLanguage) { + possibleLangKeys.push($preferredLanguage); + } + if (uses) { + possibleLangKeys.push(uses); + } + if ($fallbackLanguage && $fallbackLanguage.length) { + possibleLangKeys = possibleLangKeys.concat($fallbackLanguage); + } + for (var j = 0, d = possibleLangKeys.length; j < d; j++) { + var possibleLangKey = possibleLangKeys[j]; + if ($translationTable[possibleLangKey]) { + if (typeof $translationTable[possibleLangKey][translationId] !== 'undefined') { + result = determineTranslationInstant(translationId, interpolateParams, interpolationId, uses, sanitizeStrategy); + } + } + if (typeof result !== 'undefined') { + break; + } + } + + if (!result && result !== '') { + if ($notFoundIndicatorLeft || $notFoundIndicatorRight) { + result = applyNotFoundIndicators(translationId); + } else { + // Return translation of default interpolator if not found anything. + result = defaultInterpolator.interpolate(translationId, interpolateParams, 'filter', sanitizeStrategy); + + // looks like the requested translation id doesn't exists. + // Now, if there is a registered handler for missing translations and no + // asyncLoader is pending, we execute the handler + var missingTranslationHandlerTranslation; + if ($missingTranslationHandlerFactory && !pendingLoader) { + missingTranslationHandlerTranslation = translateByHandler(translationId, interpolateParams, sanitizeStrategy); + } + + if ($missingTranslationHandlerFactory && !pendingLoader && missingTranslationHandlerTranslation) { + result = missingTranslationHandlerTranslation; + } + } + } + + return result; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#versionInfo + * @methodOf pascalprecht.translate.$translate + * + * @description + * Returns the current version information for the angular-translate library + * + * @return {string} angular-translate version + */ + $translate.versionInfo = function () { + return version; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#loaderCache + * @methodOf pascalprecht.translate.$translate + * + * @description + * Returns the defined loaderCache. + * + * @return {boolean|string|object} current value of loaderCache + */ + $translate.loaderCache = function () { + return loaderCache; + }; + + // internal purpose only + $translate.directivePriority = function () { + return directivePriority; + }; + + // internal purpose only + $translate.statefulFilter = function () { + return statefulFilter; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#isReady + * @methodOf pascalprecht.translate.$translate + * + * @description + * Returns whether the service is "ready" to translate (i.e. loading 1st language). + * + * See also {@link pascalprecht.translate.$translate#methods_onReady onReady()}. + * + * @return {boolean} current value of ready + */ + $translate.isReady = function () { + return $isReady; + }; + + var $onReadyDeferred = $q.defer(); + $onReadyDeferred.promise.then(function () { + $isReady = true; + }); + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#onReady + * @methodOf pascalprecht.translate.$translate + * + * @description + * Calls the function provided or resolved the returned promise after the service is "ready" to translate (i.e. loading 1st language). + * + * See also {@link pascalprecht.translate.$translate#methods_isReady isReady()}. + * + * @param {Function=} fn Function to invoke when service is ready + * @return {object} Promise resolved when service is ready + */ + $translate.onReady = function (fn) { + var deferred = $q.defer(); + if (angular.isFunction(fn)) { + deferred.promise.then(fn); + } + if ($isReady) { + deferred.resolve(); + } else { + $onReadyDeferred.promise.then(deferred.resolve); + } + return deferred.promise; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#getAvailableLanguageKeys + * @methodOf pascalprecht.translate.$translate + * + * @description + * This function simply returns the registered language keys being defined before in the config phase + * With this, an application can use the array to provide a language selection dropdown or similar + * without any additional effort + * + * @returns {object} returns the list of possibly registered language keys and mapping or null if not defined + */ + $translate.getAvailableLanguageKeys = function () { + if ($availableLanguageKeys.length > 0) { + return $availableLanguageKeys; + } + return null; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translate#getTranslationTable + * @methodOf pascalprecht.translate.$translate + * + * @description + * Returns translation table by the given language key. + * + * Unless a language is provided it returns a translation table of the current one. + * Note: If translation dictionary is currently downloading or in progress + * it will return null. + * + * @param {string} langKey A token which represents a translation id + * + * @return {object} a copy of angular-translate $translationTable + */ + $translate.getTranslationTable = function (langKey) { + langKey = langKey || $translate.use(); + if (langKey && $translationTable[langKey]) { + return angular.copy($translationTable[langKey]); + } + return null; + }; + + // Whenever $translateReady is being fired, this will ensure the state of $isReady + var globalOnReadyListener = $rootScope.$on('$translateReady', function () { + $onReadyDeferred.resolve(); + globalOnReadyListener(); // one time only + globalOnReadyListener = null; + }); + var globalOnChangeListener = $rootScope.$on('$translateChangeEnd', function () { + $onReadyDeferred.resolve(); + globalOnChangeListener(); // one time only + globalOnChangeListener = null; + }); + + if ($loaderFactory) { + + // If at least one async loader is defined and there are no + // (default) translations available we should try to load them. + if (angular.equals($translationTable, {})) { + if ($translate.use()) { + $translate.use($translate.use()); + } + } + + // Also, if there are any fallback language registered, we start + // loading them asynchronously as soon as we can. + if ($fallbackLanguage && $fallbackLanguage.length) { + var processAsyncResult = function (translation) { + translations(translation.key, translation.table); + $rootScope.$emit('$translateChangeEnd', {language : translation.key}); + return translation; + }; + for (var i = 0, len = $fallbackLanguage.length; i < len; i++) { + var fallbackLanguageId = $fallbackLanguage[i]; + if ($forceAsyncReloadEnabled || !$translationTable[fallbackLanguageId]) { + langPromises[fallbackLanguageId] = loadAsync(fallbackLanguageId).then(processAsyncResult); + } + } + } + } else { + $rootScope.$emit('$translateReady', {language : $translate.use()}); + } + + return $translate; + }]; +} + +$translate.displayName = 'displayName'; + +/** + * @ngdoc object + * @name pascalprecht.translate.$translateDefaultInterpolation + * @requires $interpolate + * + * @description + * Uses angular's `$interpolate` services to interpolate strings against some values. + * + * Be aware to configure a proper sanitization strategy. + * + * See also: + * * {@link pascalprecht.translate.$translateSanitization} + * + * @return {object} $translateDefaultInterpolation Interpolator service + */ +angular.module('pascalprecht.translate').factory('$translateDefaultInterpolation', $translateDefaultInterpolation); + +function $translateDefaultInterpolation ($interpolate, $translateSanitization) { + + 'use strict'; + + var $translateInterpolator = {}, + $locale, + $identifier = 'default'; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateDefaultInterpolation#setLocale + * @methodOf pascalprecht.translate.$translateDefaultInterpolation + * + * @description + * Sets current locale (this is currently not use in this interpolation). + * + * @param {string} locale Language key or locale. + */ + $translateInterpolator.setLocale = function (locale) { + $locale = locale; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateDefaultInterpolation#getInterpolationIdentifier + * @methodOf pascalprecht.translate.$translateDefaultInterpolation + * + * @description + * Returns an identifier for this interpolation service. + * + * @returns {string} $identifier + */ + $translateInterpolator.getInterpolationIdentifier = function () { + return $identifier; + }; + + /** + * @deprecated will be removed in 3.0 + * @see {@link pascalprecht.translate.$translateSanitization} + */ + $translateInterpolator.useSanitizeValueStrategy = function (value) { + $translateSanitization.useStrategy(value); + return this; + }; + + /** + * @ngdoc function + * @name pascalprecht.translate.$translateDefaultInterpolation#interpolate + * @methodOf pascalprecht.translate.$translateDefaultInterpolation + * + * @description + * Interpolates given value agains given interpolate params using angulars + * `$interpolate` service. + * + * Since AngularJS 1.5, `value` must not be a string but can be anything input. + * + * @param {string} value translation + * @param {object} interpolationParams interpolation params + * @param {string} context current context (filter, directive, service) + * @param {string} sanitizeStrategy sanitize strategy + * @param {string} translationId current translationId + * + * @returns {string} interpolated string + */ + $translateInterpolator.interpolate = function (value, interpolationParams, context, sanitizeStrategy, translationId) { // jshint ignore:line + interpolationParams = interpolationParams || {}; + interpolationParams = $translateSanitization.sanitize(interpolationParams, 'params', sanitizeStrategy, context); + + var interpolatedText; + if (angular.isNumber(value)) { + // numbers are safe + interpolatedText = '' + value; + } else if (angular.isString(value)) { + // strings must be interpolated (that's the job here) + interpolatedText = $interpolate(value)(interpolationParams); + interpolatedText = $translateSanitization.sanitize(interpolatedText, 'text', sanitizeStrategy, context); + } else { + // neither a number or a string, cant interpolate => empty string + interpolatedText = ''; + } + + return interpolatedText; + }; + + return $translateInterpolator; +} + +$translateDefaultInterpolation.displayName = '$translateDefaultInterpolation'; + +angular.module('pascalprecht.translate').constant('$STORAGE_KEY', 'NG_TRANSLATE_LANG_KEY'); + +angular.module('pascalprecht.translate') +/** + * @ngdoc directive + * @name pascalprecht.translate.directive:translate + * @requires $interpolate, + * @requires $compile, + * @requires $parse, + * @requires $rootScope + * @restrict AE + * + * @description + * Translates given translation id either through attribute or DOM content. + * Internally it uses $translate service to translate the translation id. It possible to + * pass an optional `translate-values` object literal as string into translation id. + * + * @param {string=} translate Translation id which could be either string or interpolated string. + * @param {string=} translate-values Values to pass into translation id. Can be passed as object literal string or interpolated object. + * @param {string=} translate-attr-ATTR translate Translation id and put it into ATTR attribute. + * @param {string=} translate-default will be used unless translation was successful + * @param {boolean=} translate-compile (default true if present) defines locally activation of {@link pascalprecht.translate.$translateProvider#methods_usePostCompiling} + * @param {boolean=} translate-keep-content (default true if present) defines that in case a KEY could not be translated, that the existing content is left in the innerHTML} + * + * @example + + +
    + +
    
    +        
    TRANSLATION_ID
    +
    
    +        
    
    +        
    {{translationId}}
    +
    
    +        
    WITH_VALUES
    +
    
    +        
    WITH_VALUES
    +
    
    +        
    
    +
    +      
    +
    + + angular.module('ngView', ['pascalprecht.translate']) + + .config(function ($translateProvider) { + + $translateProvider.translations('en',{ + 'TRANSLATION_ID': 'Hello there!', + 'WITH_VALUES': 'The following value is dynamic: {{value}}', + 'WITH_CAMEL_CASE_KEY': 'The interpolation key is camel cased: {{camelCaseKey}}' + }).preferredLanguage('en'); + + }); + + angular.module('ngView').controller('TranslateCtrl', function ($scope) { + $scope.translationId = 'TRANSLATION_ID'; + + $scope.values = { + value: 78 + }; + }); + + + it('should translate', function () { + inject(function ($rootScope, $compile) { + $rootScope.translationId = 'TRANSLATION_ID'; + + element = $compile('

    ')($rootScope); + $rootScope.$digest(); + expect(element.text()).toBe('Hello there!'); + + element = $compile('

    ')($rootScope); + $rootScope.$digest(); + expect(element.text()).toBe('Hello there!'); + + element = $compile('

    TRANSLATION_ID

    ')($rootScope); + $rootScope.$digest(); + expect(element.text()).toBe('Hello there!'); + + element = $compile('

    {{translationId}}

    ')($rootScope); + $rootScope.$digest(); + expect(element.text()).toBe('Hello there!'); + + element = $compile('

    ')($rootScope); + $rootScope.$digest(); + expect(element.attr('title')).toBe('Hello there!'); + + element = $compile('

    ')($rootScope); + $rootScope.$digest(); + expect(element.text()).toBe('The interpolation key is camel cased: Hello'); + }); + }); +
    +
    + */ +.directive('translate', translateDirective); +function translateDirective($translate, $interpolate, $compile, $parse, $rootScope) { + + 'use strict'; + + /** + * @name trim + * @private + * + * @description + * trim polyfill + * + * @returns {string} The string stripped of whitespace from both ends + */ + var trim = function() { + return this.toString().replace(/^\s+|\s+$/g, ''); + }; + + return { + restrict: 'AE', + scope: true, + priority: $translate.directivePriority(), + compile: function (tElement, tAttr) { + + var translateValuesExist = (tAttr.translateValues) ? + tAttr.translateValues : undefined; + + var translateInterpolation = (tAttr.translateInterpolation) ? + tAttr.translateInterpolation : undefined; + + var translateValueExist = tElement[0].outerHTML.match(/translate-value-+/i); + + var interpolateRegExp = '^(.*)(' + $interpolate.startSymbol() + '.*' + $interpolate.endSymbol() + ')(.*)', + watcherRegExp = '^(.*)' + $interpolate.startSymbol() + '(.*)' + $interpolate.endSymbol() + '(.*)'; + + return function linkFn(scope, iElement, iAttr) { + + scope.interpolateParams = {}; + scope.preText = ''; + scope.postText = ''; + scope.translateNamespace = getTranslateNamespace(scope); + var translationIds = {}; + + var initInterpolationParams = function (interpolateParams, iAttr, tAttr) { + // initial setup + if (iAttr.translateValues) { + angular.extend(interpolateParams, $parse(iAttr.translateValues)(scope.$parent)); + } + // initially fetch all attributes if existing and fill the params + if (translateValueExist) { + for (var attr in tAttr) { + if (Object.prototype.hasOwnProperty.call(iAttr, attr) && attr.substr(0, 14) === 'translateValue' && attr !== 'translateValues') { + var attributeName = angular.lowercase(attr.substr(14, 1)) + attr.substr(15); + interpolateParams[attributeName] = tAttr[attr]; + } + } + } + }; + + // Ensures any change of the attribute "translate" containing the id will + // be re-stored to the scope's "translationId". + // If the attribute has no content, the element's text value (white spaces trimmed off) will be used. + var observeElementTranslation = function (translationId) { + + // Remove any old watcher + if (angular.isFunction(observeElementTranslation._unwatchOld)) { + observeElementTranslation._unwatchOld(); + observeElementTranslation._unwatchOld = undefined; + } + + if (angular.equals(translationId , '') || !angular.isDefined(translationId)) { + var iElementText = trim.apply(iElement.text()); + + // Resolve translation id by inner html if required + var interpolateMatches = iElementText.match(interpolateRegExp); + // Interpolate translation id if required + if (angular.isArray(interpolateMatches)) { + scope.preText = interpolateMatches[1]; + scope.postText = interpolateMatches[3]; + translationIds.translate = $interpolate(interpolateMatches[2])(scope.$parent); + var watcherMatches = iElementText.match(watcherRegExp); + if (angular.isArray(watcherMatches) && watcherMatches[2] && watcherMatches[2].length) { + observeElementTranslation._unwatchOld = scope.$watch(watcherMatches[2], function (newValue) { + translationIds.translate = newValue; + updateTranslations(); + }); + } + } else { + // do not assigne the translation id if it is empty. + translationIds.translate = !iElementText ? undefined : iElementText; + } + } else { + translationIds.translate = translationId; + } + updateTranslations(); + }; + + var observeAttributeTranslation = function (translateAttr) { + iAttr.$observe(translateAttr, function (translationId) { + translationIds[translateAttr] = translationId; + updateTranslations(); + }); + }; + + // initial setup with values + initInterpolationParams(scope.interpolateParams, iAttr, tAttr); + + var firstAttributeChangedEvent = true; + iAttr.$observe('translate', function (translationId) { + if (typeof translationId === 'undefined') { + // case of element "xyz" + observeElementTranslation(''); + } else { + // case of regular attribute + if (translationId !== '' || !firstAttributeChangedEvent) { + translationIds.translate = translationId; + updateTranslations(); + } + } + firstAttributeChangedEvent = false; + }); + + for (var translateAttr in iAttr) { + if (iAttr.hasOwnProperty(translateAttr) && translateAttr.substr(0, 13) === 'translateAttr' && translateAttr.length > 13) { + observeAttributeTranslation(translateAttr); + } + } + + iAttr.$observe('translateDefault', function (value) { + scope.defaultText = value; + updateTranslations(); + }); + + if (translateValuesExist) { + iAttr.$observe('translateValues', function (interpolateParams) { + if (interpolateParams) { + scope.$parent.$watch(function () { + angular.extend(scope.interpolateParams, $parse(interpolateParams)(scope.$parent)); + }); + } + }); + } + + if (translateValueExist) { + var observeValueAttribute = function (attrName) { + iAttr.$observe(attrName, function (value) { + var attributeName = angular.lowercase(attrName.substr(14, 1)) + attrName.substr(15); + scope.interpolateParams[attributeName] = value; + }); + }; + for (var attr in iAttr) { + if (Object.prototype.hasOwnProperty.call(iAttr, attr) && attr.substr(0, 14) === 'translateValue' && attr !== 'translateValues') { + observeValueAttribute(attr); + } + } + } + + // Master update function + var updateTranslations = function () { + for (var key in translationIds) { + if (translationIds.hasOwnProperty(key) && translationIds[key] !== undefined) { + updateTranslation(key, translationIds[key], scope, scope.interpolateParams, scope.defaultText, scope.translateNamespace); + } + } + }; + + // Put translation processing function outside loop + var updateTranslation = function(translateAttr, translationId, scope, interpolateParams, defaultTranslationText, translateNamespace) { + if (translationId) { + // if translation id starts with '.' and translateNamespace given, prepend namespace + if (translateNamespace && translationId.charAt(0) === '.') { + translationId = translateNamespace + translationId; + } + + $translate(translationId, interpolateParams, translateInterpolation, defaultTranslationText, scope.translateLanguage) + .then(function (translation) { + applyTranslation(translation, scope, true, translateAttr); + }, function (translationId) { + applyTranslation(translationId, scope, false, translateAttr); + }); + } else { + // as an empty string cannot be translated, we can solve this using successful=false + applyTranslation(translationId, scope, false, translateAttr); + } + }; + + var applyTranslation = function (value, scope, successful, translateAttr) { + if (!successful) { + if (typeof scope.defaultText !== 'undefined') { + value = scope.defaultText; + } + } + if (translateAttr === 'translate') { + // default translate into innerHTML + if (successful || (!successful && !$translate.isKeepContent() && typeof iAttr.translateKeepContent === 'undefined')) { + iElement.empty().append(scope.preText + value + scope.postText); + } + var globallyEnabled = $translate.isPostCompilingEnabled(); + var locallyDefined = typeof tAttr.translateCompile !== 'undefined'; + var locallyEnabled = locallyDefined && tAttr.translateCompile !== 'false'; + if ((globallyEnabled && !locallyDefined) || locallyEnabled) { + $compile(iElement.contents())(scope); + } + } else { + // translate attribute + var attributeName = iAttr.$attr[translateAttr]; + if (attributeName.substr(0, 5) === 'data-') { + // ensure html5 data prefix is stripped + attributeName = attributeName.substr(5); + } + attributeName = attributeName.substr(15); + iElement.attr(attributeName, value); + } + }; + + if (translateValuesExist || translateValueExist || iAttr.translateDefault) { + scope.$watch('interpolateParams', updateTranslations, true); + } + + // Replaced watcher on translateLanguage with event listener + scope.$on('translateLanguageChanged', updateTranslations); + + // Ensures the text will be refreshed after the current language was changed + // w/ $translate.use(...) + var unbind = $rootScope.$on('$translateChangeSuccess', updateTranslations); + + // ensure translation will be looked up at least one + if (iElement.text().length) { + if (iAttr.translate) { + observeElementTranslation(iAttr.translate); + } else { + observeElementTranslation(''); + } + } else if (iAttr.translate) { + // ensure attribute will be not skipped + observeElementTranslation(iAttr.translate); + } + updateTranslations(); + scope.$on('$destroy', unbind); + }; + } + }; +} + +/** + * Returns the scope's namespace. + * @private + * @param scope + * @returns {string} + */ +function getTranslateNamespace(scope) { + 'use strict'; + if (scope.translateNamespace) { + return scope.translateNamespace; + } + if (scope.$parent) { + return getTranslateNamespace(scope.$parent); + } +} + +translateDirective.displayName = 'translateDirective'; + +angular.module('pascalprecht.translate') +/** + * @ngdoc directive + * @name pascalprecht.translate.directive:translate-attr + * @restrict A + * + * @description + * Translates attributes like translate-attr-ATTR, but with an object like ng-class. + * Internally it uses `translate` service to translate translation id. It possible to + * pass an optional `translate-values` object literal as string into translation id. + * + * @param {string=} translate-attr Object literal mapping attributes to translation ids. + * @param {string=} translate-values Values to pass into the translation ids. Can be passed as object literal string. + * + * @example + + +
    + + + +
    +
    + + angular.module('ngView', ['pascalprecht.translate']) + + .config(function ($translateProvider) { + + $translateProvider.translations('en',{ + 'TRANSLATION_ID': 'Hello there!', + 'WITH_VALUES': 'The following value is dynamic: {{value}}', + }).preferredLanguage('en'); + + }); + + angular.module('ngView').controller('TranslateCtrl', function ($scope) { + $scope.translationId = 'TRANSLATION_ID'; + + $scope.values = { + value: 78 + }; + }); + + + it('should translate', function () { + inject(function ($rootScope, $compile) { + $rootScope.translationId = 'TRANSLATION_ID'; + + element = $compile('')($rootScope); + $rootScope.$digest(); + expect(element.attr('placeholder)).toBe('Hello there!'); + expect(element.attr('title)).toBe('The following value is dynamic: 5'); + }); + }); + +
    + */ +.directive('translateAttr', translateAttrDirective); +function translateAttrDirective($translate, $rootScope) { + + 'use strict'; + + return { + restrict: 'A', + priority: $translate.directivePriority(), + link: function linkFn(scope, element, attr) { + + var translateAttr, + translateValues, + previousAttributes = {}; + + // Main update translations function + var updateTranslations = function () { + angular.forEach(translateAttr, function (translationId, attributeName) { + if (!translationId) { + return; + } + previousAttributes[attributeName] = true; + + // if translation id starts with '.' and translateNamespace given, prepend namespace + if (scope.translateNamespace && translationId.charAt(0) === '.') { + translationId = scope.translateNamespace + translationId; + } + $translate(translationId, translateValues, attr.translateInterpolation, undefined, scope.translateLanguage) + .then(function (translation) { + element.attr(attributeName, translation); + }, function (translationId) { + element.attr(attributeName, translationId); + }); + }); + + // Removing unused attributes that were previously used + angular.forEach(previousAttributes, function (flag, attributeName) { + if (!translateAttr[attributeName]) { + element.removeAttr(attributeName); + delete previousAttributes[attributeName]; + } + }); + }; + + // Watch for attribute changes + watchAttribute( + scope, + attr.translateAttr, + function (newValue) { translateAttr = newValue; }, + updateTranslations + ); + // Watch for value changes + watchAttribute( + scope, + attr.translateValues, + function (newValue) { translateValues = newValue; }, + updateTranslations + ); + + if (attr.translateValues) { + scope.$watch(attr.translateValues, updateTranslations, true); + } + + // Replaced watcher on translateLanguage with event listener + scope.$on('translateLanguageChanged', updateTranslations); + + // Ensures the text will be refreshed after the current language was changed + // w/ $translate.use(...) + var unbind = $rootScope.$on('$translateChangeSuccess', updateTranslations); + + updateTranslations(); + scope.$on('$destroy', unbind); + } + }; +} + +function watchAttribute(scope, attribute, valueCallback, changeCallback) { + 'use strict'; + if (!attribute) { + return; + } + if (attribute.substr(0, 2) === '::') { + attribute = attribute.substr(2); + } else { + scope.$watch(attribute, function(newValue) { + valueCallback(newValue); + changeCallback(); + }, true); + } + valueCallback(scope.$eval(attribute)); +} + +translateAttrDirective.displayName = 'translateAttrDirective'; + +angular.module('pascalprecht.translate') +/** + * @ngdoc directive + * @name pascalprecht.translate.directive:translateCloak + * @requires $translate + * @restrict A + * + * $description + * Adds a `translate-cloak` class name to the given element where this directive + * is applied initially and removes it, once a loader has finished loading. + * + * This directive can be used to prevent initial flickering when loading translation + * data asynchronously. + * + * The class name is defined in + * {@link pascalprecht.translate.$translateProvider#cloakClassName $translate.cloakClassName()}. + * + * @param {string=} translate-cloak If a translationId is provided, it will be used for showing + * or hiding the cloak. Basically it relies on the translation + * resolve. + */ +.directive('translateCloak', translateCloakDirective); + +function translateCloakDirective($translate, $rootScope) { + + 'use strict'; + + return { + compile : function (tElement) { + var applyCloak = function (element) { + element.addClass($translate.cloakClassName()); + }, + removeCloak = function (element) { + element.removeClass($translate.cloakClassName()); + }; + applyCloak(tElement); + + return function linkFn(scope, iElement, iAttr) { + //Create bound functions that incorporate the active DOM element. + var iRemoveCloak = removeCloak.bind(this, iElement), iApplyCloak = applyCloak.bind(this, iElement); + if (iAttr.translateCloak && iAttr.translateCloak.length) { + // Register a watcher for the defined translation allowing a fine tuned cloak + iAttr.$observe('translateCloak', function (translationId) { + $translate(translationId).then(iRemoveCloak, iApplyCloak); + }); + $rootScope.$on('$translateChangeSuccess', function () { + $translate(iAttr.translateCloak).then(iRemoveCloak, iApplyCloak); + }); + } else { + $translate.onReady(iRemoveCloak); + } + }; + } + }; +} + +translateCloakDirective.displayName = 'translateCloakDirective'; + +angular.module('pascalprecht.translate') +/** + * @ngdoc directive + * @name pascalprecht.translate.directive:translateNamespace + * @restrict A + * + * @description + * Translates given translation id either through attribute or DOM content. + * Internally it uses `translate` filter to translate translation id. It possible to + * pass an optional `translate-values` object literal as string into translation id. + * + * @param {string=} translate namespace name which could be either string or interpolated string. + * + * @example + + +
    + +
    +

    .HEADERS.TITLE

    +

    .HEADERS.WELCOME

    +
    + +
    +

    .TITLE

    +

    .WELCOME

    +
    + +
    +
    + + angular.module('ngView', ['pascalprecht.translate']) + + .config(function ($translateProvider) { + + $translateProvider.translations('en',{ + 'TRANSLATION_ID': 'Hello there!', + 'CONTENT': { + 'HEADERS': { + TITLE: 'Title' + } + }, + 'CONTENT.HEADERS.WELCOME': 'Welcome' + }).preferredLanguage('en'); + + }); + + +
    + */ +.directive('translateNamespace', translateNamespaceDirective); + +function translateNamespaceDirective() { + + 'use strict'; + + return { + restrict: 'A', + scope: true, + compile: function () { + return { + pre: function (scope, iElement, iAttrs) { + scope.translateNamespace = getTranslateNamespace(scope); + + if (scope.translateNamespace && iAttrs.translateNamespace.charAt(0) === '.') { + scope.translateNamespace += iAttrs.translateNamespace; + } else { + scope.translateNamespace = iAttrs.translateNamespace; + } + } + }; + } + }; +} + +/** + * Returns the scope's namespace. + * @private + * @param scope + * @returns {string} + */ +function getTranslateNamespace(scope) { + 'use strict'; + if (scope.translateNamespace) { + return scope.translateNamespace; + } + if (scope.$parent) { + return getTranslateNamespace(scope.$parent); + } +} + +translateNamespaceDirective.displayName = 'translateNamespaceDirective'; + +angular.module('pascalprecht.translate') +/** + * @ngdoc directive + * @name pascalprecht.translate.directive:translateLanguage + * @restrict A + * + * @description + * Forces the language to the directives in the underlying scope. + * + * @param {string=} translate language that will be negotiated. + * + * @example + + +
    + +
    +

    HELLO

    +
    + +
    +

    HELLO

    +
    + +
    +
    + + angular.module('ngView', ['pascalprecht.translate']) + + .config(function ($translateProvider) { + + $translateProvider + .translations('en',{ + 'HELLO': 'Hello world!' + }) + .translations('de',{ + 'HELLO': 'Hallo Welt!' + }) + .preferredLanguage('en'); + + }); + + +
    + */ +.directive('translateLanguage', translateLanguageDirective); + +function translateLanguageDirective() { + + 'use strict'; + + return { + restrict: 'A', + scope: true, + compile: function () { + return function linkFn(scope, iElement, iAttrs) { + + iAttrs.$observe('translateLanguage', function (newTranslateLanguage) { + scope.translateLanguage = newTranslateLanguage; + }); + + scope.$watch('translateLanguage', function(){ + scope.$broadcast('translateLanguageChanged'); + }); + }; + } + }; +} + +translateLanguageDirective.displayName = 'translateLanguageDirective'; + +angular.module('pascalprecht.translate') +/** + * @ngdoc filter + * @name pascalprecht.translate.filter:translate + * @requires $parse + * @requires pascalprecht.translate.$translate + * @function + * + * @description + * Uses `$translate` service to translate contents. Accepts interpolate parameters + * to pass dynamized values though translation. + * + * @param {string} translationId A translation id to be translated. + * @param {*=} interpolateParams Optional object literal (as hash or string) to pass values into translation. + * + * @returns {string} Translated text. + * + * @example + + +
    + +
    {{ 'TRANSLATION_ID' | translate }}
    +
    {{ translationId | translate }}
    +
    {{ 'WITH_VALUES' | translate:'{value: 5}' }}
    +
    {{ 'WITH_VALUES' | translate:values }}
    + +
    +
    + + angular.module('ngView', ['pascalprecht.translate']) + + .config(function ($translateProvider) { + + $translateProvider.translations('en', { + 'TRANSLATION_ID': 'Hello there!', + 'WITH_VALUES': 'The following value is dynamic: {{value}}' + }); + $translateProvider.preferredLanguage('en'); + + }); + + angular.module('ngView').controller('TranslateCtrl', function ($scope) { + $scope.translationId = 'TRANSLATION_ID'; + + $scope.values = { + value: 78 + }; + }); + +
    + */ +.filter('translate', translateFilterFactory); + +function translateFilterFactory($parse, $translate) { + + 'use strict'; + + var translateFilter = function (translationId, interpolateParams, interpolation, forceLanguage) { + if (!angular.isObject(interpolateParams)) { + var ctx = this || { + '__SCOPE_IS_NOT_AVAILABLE': 'More info at https://github.com/angular/angular.js/commit/8863b9d04c722b278fa93c5d66ad1e578ad6eb1f' + }; + interpolateParams = $parse(interpolateParams)(ctx); + } + + return $translate.instant(translationId, interpolateParams, interpolation, forceLanguage); + }; + + if ($translate.statefulFilter()) { + translateFilter.$stateful = true; + } + + return translateFilter; +} + +translateFilterFactory.displayName = 'translateFilterFactory'; + +angular.module('pascalprecht.translate') + +/** + * @ngdoc object + * @name pascalprecht.translate.$translationCache + * @requires $cacheFactory + * + * @description + * The first time a translation table is used, it is loaded in the translation cache for quick retrieval. You + * can load translation tables directly into the cache by consuming the + * `$translationCache` service directly. + * + * @return {object} $cacheFactory object. + */ + .factory('$translationCache', $translationCache); + +function $translationCache($cacheFactory) { + + 'use strict'; + + return $cacheFactory('translations'); +} + +$translationCache.displayName = '$translationCache'; +return 'pascalprecht.translate'; + +})); diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate.min.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate.min.js new file mode 100644 index 00000000000..8549ef9e5f1 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate.min.js @@ -0,0 +1,6 @@ +/*! + * angular-translate - v2.15.1 - 2017-03-04 + * + * Copyright (c) 2017 The angular-translate team, Pascal Precht; Licensed MIT + */ +!function(a,b){"function"==typeof define&&define.amd?define([],function(){return b()}):"object"==typeof exports?module.exports=b():b()}(this,function(){function a(a){"use strict";var b=a.storageKey(),c=a.storage(),d=function(){var d=a.preferredLanguage();angular.isString(d)?a.use(d):c.put(b,a.use())};d.displayName="fallbackFromIncorrectStorageValue",c?c.get(b)?a.use(c.get(b)).catch(d):d():angular.isString(a.preferredLanguage())&&a.use(a.preferredLanguage())}function b(){"use strict";var a,b,c,d=null,e=!1,f=!1;c={sanitize:function(a,b){return"text"===b&&(a=h(a)),a},escape:function(a,b){return"text"===b&&(a=g(a)),a},sanitizeParameters:function(a,b){return"params"===b&&(a=j(a,h)),a},escapeParameters:function(a,b){return"params"===b&&(a=j(a,g)),a},sce:function(a,b,c){return"text"===b?a=i(a):"params"===b&&"filter"!==c&&(a=j(a,g)),a},sceParameters:function(a,b){return"params"===b&&(a=j(a,i)),a}},c.escaped=c.escapeParameters,this.addStrategy=function(a,b){return c[a]=b,this},this.removeStrategy=function(a){return delete c[a],this},this.useStrategy=function(a){return e=!0,d=a,this},this.$get=["$injector","$log",function(g,h){var i={},j=function(a,b,d,e){return angular.forEach(e,function(e){if(angular.isFunction(e))a=e(a,b,d);else if(angular.isFunction(c[e]))a=c[e](a,b,d);else{if(!angular.isString(c[e]))throw new Error("pascalprecht.translate.$translateSanitization: Unknown sanitization strategy: '"+e+"'");if(!i[c[e]])try{i[c[e]]=g.get(c[e])}catch(a){throw i[c[e]]=function(){},new Error("pascalprecht.translate.$translateSanitization: Unknown sanitization strategy: '"+e+"'")}a=i[c[e]](a,b,d)}}),a},k=function(){e||f||(h.warn("pascalprecht.translate.$translateSanitization: No sanitization strategy has been configured. This can have serious security implications. See http://angular-translate.github.io/docs/#/guide/19_security for details."),f=!0)};return g.has("$sanitize")&&(a=g.get("$sanitize")),g.has("$sce")&&(b=g.get("$sce")),{useStrategy:function(a){return function(b){a.useStrategy(b)}}(this),sanitize:function(a,b,c,e){if(d||k(),c||null===c||(c=d),!c)return a;e||(e="service");var f=angular.isArray(c)?c:[c];return j(a,b,e,f)}}}];var g=function(a){var b=angular.element("
    ");return b.text(a),b.html()},h=function(b){if(!a)throw new Error("pascalprecht.translate.$translateSanitization: Error cannot find $sanitize service. Either include the ngSanitize module (https://docs.angularjs.org/api/ngSanitize) or use a sanitization strategy which does not depend on $sanitize, such as 'escape'.");return a(b)},i=function(a){if(!b)throw new Error("pascalprecht.translate.$translateSanitization: Error cannot find $sce service.");return b.trustAsHtml(a)},j=function(a,b,c){if(angular.isDate(a))return a;if(angular.isObject(a)){var d=angular.isArray(a)?[]:{};if(c){if(c.indexOf(a)>-1)throw new Error("pascalprecht.translate.$translateSanitization: Error cannot interpolate parameter due recursive object")}else c=[];return c.push(a),angular.forEach(a,function(a,e){angular.isFunction(a)||(d[e]=j(a,b,c))}),c.splice(-1,1),d}return angular.isNumber(a)?a:angular.isUndefined(a)||null===a?a:b(a)}}function c(a,b,c,d){"use strict";var e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u={},v=[],w=a,x=[],y="translate-cloak",z=!1,A=!1,B=".",C=!1,D=!1,E=0,F=!0,G="default",H={default:function(a){return(a||"").split("-").join("_")},java:function(a){var b=(a||"").split("-").join("_"),c=b.split("_");return c.length>1?c[0].toLowerCase()+"_"+c[1].toUpperCase():b},bcp47:function(a){var b=(a||"").split("_").join("-"),c=b.split("-");return c.length>1?c[0].toLowerCase()+"-"+c[1].toUpperCase():b},"iso639-1":function(a){var b=(a||"").split("_").join("-"),c=b.split("-");return c[0].toLowerCase()}},I="2.15.1",J=function(){if(angular.isFunction(d.getLocale))return d.getLocale();var a,c,e=b.$get().navigator,f=["language","browserLanguage","systemLanguage","userLanguage"];if(angular.isArray(e.languages))for(a=0;a-1)return a;if(f){var g;for(var h in f)if(f.hasOwnProperty(h)){var i=!1,j=Object.prototype.hasOwnProperty.call(f,h)&&angular.lowercase(h)===angular.lowercase(a);if("*"===h.slice(-1)&&(i=h.slice(0,-1)===a.slice(0,h.length-1)),(j||i)&&(g=f[h],L(b,angular.lowercase(g))>-1))return g}}var k=a.split("_");return k.length>1&&L(b,angular.lowercase(k[0]))>-1?k[0]:void 0}},O=function(a,b){if(!a&&!b)return u;if(a&&!b){if(angular.isString(a))return u[a]}else angular.isObject(u[a])||(u[a]={}),angular.extend(u[a],P(b));return this};this.translations=O,this.cloakClassName=function(a){return a?(y=a,this):y},this.nestedObjectDelimeter=function(a){return a?(B=a,this):B};var P=function(a,b,c,d){var e,f,g,h;b||(b=[]),c||(c={});for(e in a)Object.prototype.hasOwnProperty.call(a,e)&&(h=a[e],angular.isObject(h)?P(h,b.concat(e),c,e):(f=b.length?""+b.join(B)+B+e:e,b.length&&e===d&&(g=""+b.join(B),c[g]="@:"+f),c[f]=h));return c};P.displayName="flatObject",this.addInterpolation=function(a){return x.push(a),this},this.useMessageFormatInterpolation=function(){return this.useInterpolation("$translateMessageFormatInterpolation")},this.useInterpolation=function(a){return n=a,this},this.useSanitizeValueStrategy=function(a){return c.useStrategy(a),this},this.preferredLanguage=function(a){return a?(Q(a),this):e};var Q=function(a){return a&&(e=a),e};this.translationNotFoundIndicator=function(a){return this.translationNotFoundIndicatorLeft(a),this.translationNotFoundIndicatorRight(a),this},this.translationNotFoundIndicatorLeft=function(a){return a?(q=a,this):q},this.translationNotFoundIndicatorRight=function(a){return a?(r=a,this):r},this.fallbackLanguage=function(a){return R(a),this};var R=function(a){return a?(angular.isString(a)?(h=!0,g=[a]):angular.isArray(a)&&(h=!1,g=a),angular.isString(e)&&L(g,e)<0&&g.push(e),this):h?g[0]:g};this.use=function(a){if(a){if(!u[a]&&!o)throw new Error("$translateProvider couldn't find translationTable for langKey: '"+a+"'");return i=a,this}return i},this.resolveClientLocale=function(){return K()};var S=function(a){return a?(w=a,this):l?l+w:w};this.storageKey=S,this.useUrlLoader=function(a,b){return this.useLoader("$translateUrlLoader",angular.extend({url:a},b))},this.useStaticFilesLoader=function(a){return this.useLoader("$translateStaticFilesLoader",a)},this.useLoader=function(a,b){return o=a,p=b||{},this},this.useLocalStorage=function(){return this.useStorage("$translateLocalStorage")},this.useCookieStorage=function(){return this.useStorage("$translateCookieStorage")},this.useStorage=function(a){return k=a,this},this.storagePrefix=function(a){return a?(l=a,this):a},this.useMissingTranslationHandlerLog=function(){return this.useMissingTranslationHandler("$translateMissingTranslationHandlerLog")},this.useMissingTranslationHandler=function(a){return m=a,this},this.usePostCompiling=function(a){return z=!!a,this},this.forceAsyncReload=function(a){return A=!!a,this},this.uniformLanguageTag=function(a){return a?angular.isString(a)&&(a={standard:a}):a={},G=a.standard,this},this.determinePreferredLanguage=function(a){var b=a&&angular.isFunction(a)?a():K();return e=v.length?N(b)||b:b,this},this.registerAvailableLanguageKeys=function(a,b){return a?(v=a,b&&(f=b),this):v},this.useLoaderCache=function(a){return a===!1?s=void 0:a===!0?s=!0:"undefined"==typeof a?s="$translationCache":a&&(s=a),this},this.directivePriority=function(a){return void 0===a?E:(E=a,this)},this.statefulFilter=function(a){return void 0===a?F:(F=a,this)},this.postProcess=function(a){return t=a?a:void 0,this},this.keepContent=function(a){return D=!!a,this},this.$get=["$log","$injector","$rootScope","$q",function(a,b,c,d){var f,l,G,H=b.get(n||"$translateDefaultInterpolation"),J=!1,T={},U={},V=function(a,b,c,h,j){!i&&e&&(i=e);var m=j&&j!==i?N(j)||j:i;if(j&&ka(j),angular.isArray(a)){var n=function(a){for(var e={},f=[],g=function(a){var f=d.defer(),g=function(b){e[a]=b,f.resolve([a,b])};return V(a,b,c,h,j).then(g,g),f.promise},i=0,k=a.length;i0?G:l,a,b,c,d,e)},fa=function(a,b,c,d){return da(G>0?G:l,a,b,c,d)},ga=function(a,b,c,e,f,h){var i=d.defer(),j=f?u[f]:u,k=c?T[c]:H;if(j&&Object.prototype.hasOwnProperty.call(j,a)&&null!==j[a]){var l=j[a];if("@:"===l.substr(0,2))V(l.substr(2),b,c,e,f).then(i.resolve,i.reject);else{var n=k.interpolate(l,b,"service",h,a);n=ja(a,l,n,b,f),i.resolve(n)}}else{var o;m&&!J&&(o=ba(a,b,e)),f&&g&&g.length?ea(a,b,k,e,h).then(function(a){i.resolve(a)},function(a){i.reject(W(a))}):m&&!J&&o?e?i.resolve(e):i.resolve(o):e?i.resolve(e):i.reject(W(a))}return i.promise},ha=function(a,b,c,d,e){var f,h=d?u[d]:u,i=H;if(T&&Object.prototype.hasOwnProperty.call(T,c)&&(i=T[c]),h&&Object.prototype.hasOwnProperty.call(h,a)&&null!==h[a]){var j=h[a];"@:"===j.substr(0,2)?f=ha(j.substr(2),b,c,d,e):(f=i.interpolate(j,b,"filter",e,a),f=ja(a,j,f,b,d,e))}else{var k;m&&!J&&(k=ba(a,b,e)),d&&g&&g.length?(l=0,f=fa(a,b,i,e)):f=m&&!J&&k?k:W(a)}return f},ia=function(a){j===a&&(j=void 0),U[a]=void 0},ja=function(a,c,d,e,f,g){var h=t;return h&&("string"==typeof h&&(h=b.get(h)),h)?h(a,c,d,e,f,g):d},ka=function(a){u[a]||!o||U[a]||(U[a]=Y(a).then(function(a){return O(a.key,a.table),a}))};V.preferredLanguage=function(a){return a&&Q(a),e},V.cloakClassName=function(){return y},V.nestedObjectDelimeter=function(){return B},V.fallbackLanguage=function(a){if(void 0!==a&&null!==a){if(R(a),o&&g&&g.length)for(var b=0,c=g.length;b-1&&(G=b)}else G=0},V.proposedLanguage=function(){return j},V.storage=function(){return f},V.negotiateLocale=N,V.use=function(a){if(!a)return i;var b=d.defer();b.promise.then(null,angular.noop),c.$emit("$translateChangeStart",{language:a});var e=N(a);return v.length>0&&!e?d.reject(a):(e&&(a=e),j=a,!A&&u[a]||!o||U[a]?U[a]?U[a].then(function(a){return j===a.key&&X(a.key),b.resolve(a.key),a},function(a){return!i&&g&&g.length>0&&g[0]!==a?V.use(g[0]).then(b.resolve,b.reject):b.reject(a)}):(b.resolve(a),X(a)):(U[a]=Y(a).then(function(c){return O(c.key,c.table),b.resolve(c.key),j===a&&X(c.key),c},function(a){return c.$emit("$translateChangeError",{language:a}),b.reject(a),c.$emit("$translateChangeEnd",{language:a}),d.reject(a)}),U[a].finally(function(){ia(a)}).catch(angular.noop)),b.promise)},V.resolveClientLocale=function(){return K()},V.storageKey=function(){return S()},V.isPostCompilingEnabled=function(){return z},V.isForceAsyncReloadEnabled=function(){return A},V.isKeepContent=function(){return D},V.refresh=function(a){function b(a){var b=Y(a);return U[a]=b,b.then(function(b){u[a]={},O(a,b.table),f[a]=!0},angular.noop),b}if(!o)throw new Error("Couldn't refresh translation table, no loader registered!");c.$emit("$translateRefreshStart",{language:a});var e=d.defer(),f={};if(e.promise.then(function(){for(var a in u)u.hasOwnProperty(a)&&(a in f||delete u[a]);i&&X(i)},angular.noop).finally(function(){c.$emit("$translateRefreshEnd",{language:a})}),a)u[a]?b(a).then(e.resolve,e.reject):e.reject();else{var h=g&&g.slice()||[];i&&h.indexOf(i)===-1&&h.push(i),d.all(h.map(b)).then(e.resolve,e.reject)}return e.promise},V.instant=function(a,b,c,d,f){var h=d&&d!==i?N(d)||d:i;if(null===a||angular.isUndefined(a))return a;if(d&&ka(d),angular.isArray(a)){for(var j={},k=0,l=a.length;k0?v:null},V.getTranslationTable=function(a){return a=a||V.use(),a&&u[a]?angular.copy(u[a]):null};var ma=c.$on("$translateReady",function(){la.resolve(),ma(),ma=null}),na=c.$on("$translateChangeEnd",function(){la.resolve(),na(),na=null});if(o){if(angular.equals(u,{})&&V.use()&&V.use(V.use()),g&&g.length)for(var oa=function(a){return O(a.key,a.table),c.$emit("$translateChangeEnd",{language:a.key}),a},pa=0,qa=g.length;pa13&&t(v);if(p.$observe("translateDefault",function(a){h.defaultText=a,y()}),j&&p.$observe("translateValues",function(a){a&&h.$parent.$watch(function(){angular.extend(h.interpolateParams,d(a)(h.$parent))})}),l){var w=function(a){p.$observe(a,function(b){var c=angular.lowercase(a.substr(14,1))+a.substr(15);h.interpolateParams[c]=b})};for(var x in p)Object.prototype.hasOwnProperty.call(p,x)&&"translateValue"===x.substr(0,14)&&"translateValues"!==x&&w(x)}var y=function(){for(var a in q)q.hasOwnProperty(a)&&void 0!==q[a]&&z(a,q[a],h,h.interpolateParams,h.defaultText,h.translateNamespace)},z=function(b,c,d,e,f,g){c?(g&&"."===c.charAt(0)&&(c=g+c),a(c,e,k,f,d.translateLanguage).then(function(a){A(a,d,!0,b)},function(a){A(a,d,!1,b)})):A(c,d,!1,b)},A=function(b,d,e,f){if(e||"undefined"!=typeof d.defaultText&&(b=d.defaultText),"translate"===f){(e||!e&&!a.isKeepContent()&&"undefined"==typeof p.translateKeepContent)&&o.empty().append(d.preText+b+d.postText);var g=a.isPostCompilingEnabled(),h="undefined"!=typeof i.translateCompile,j=h&&"false"!==i.translateCompile;(g&&!h||j)&&c(o.contents())(d)}else{var k=p.$attr[f];"data-"===k.substr(0,5)&&(k=k.substr(5)),k=k.substr(15),o.attr(k,b)}};(j||l||p.translateDefault)&&h.$watch("interpolateParams",y,!0),h.$on("translateLanguageChanged",y);var B=e.$on("$translateChangeSuccess",y);o.text().length?s(p.translate?p.translate:""):p.translate&&s(p.translate),y(),h.$on("$destroy",B)}}}}function f(a){"use strict";return a.translateNamespace?a.translateNamespace:a.$parent?f(a.$parent):void 0}function g(a,b){"use strict";return{restrict:"A",priority:a.directivePriority(),link:function(c,d,e){var f,g,i={},j=function(){angular.forEach(f,function(b,f){b&&(i[f]=!0,c.translateNamespace&&"."===b.charAt(0)&&(b=c.translateNamespace+b),a(b,g,e.translateInterpolation,void 0,c.translateLanguage).then(function(a){d.attr(f,a)},function(a){d.attr(f,a)}))}),angular.forEach(i,function(a,b){f[b]||(d.removeAttr(b),delete i[b])})};h(c,e.translateAttr,function(a){f=a},j),h(c,e.translateValues,function(a){g=a},j),e.translateValues&&c.$watch(e.translateValues,j,!0),c.$on("translateLanguageChanged",j);var k=b.$on("$translateChangeSuccess",j);j(),c.$on("$destroy",k)}}}function h(a,b,c,d){"use strict";b&&("::"===b.substr(0,2)?b=b.substr(2):a.$watch(b,function(a){c(a),d()},!0),c(a.$eval(b)))}function i(a,b){"use strict";return{compile:function(c){var d=function(b){b.addClass(a.cloakClassName())},e=function(b){b.removeClass(a.cloakClassName())};return d(c),function(c,f,g){var h=e.bind(this,f),i=d.bind(this,f);g.translateCloak&&g.translateCloak.length?(g.$observe("translateCloak",function(b){a(b).then(h,i)}),b.$on("$translateChangeSuccess",function(){a(g.translateCloak).then(h,i)})):a.onReady(h)}}}}function j(){"use strict";return{restrict:"A",scope:!0,compile:function(){return{pre:function(a,b,c){a.translateNamespace=f(a),a.translateNamespace&&"."===c.translateNamespace.charAt(0)?a.translateNamespace+=c.translateNamespace:a.translateNamespace=c.translateNamespace}}}}}function f(a){"use strict";return a.translateNamespace?a.translateNamespace:a.$parent?f(a.$parent):void 0}function k(){"use strict";return{restrict:"A",scope:!0,compile:function(){return function(a,b,c){c.$observe("translateLanguage",function(b){a.translateLanguage=b}),a.$watch("translateLanguage",function(){a.$broadcast("translateLanguageChanged")})}}}}function l(a,b){"use strict";var c=function(c,d,e,f){if(!angular.isObject(d)){var g=this||{__SCOPE_IS_NOT_AVAILABLE:"More info at https://github.com/angular/angular.js/commit/8863b9d04c722b278fa93c5d66ad1e578ad6eb1f"};d=a(d)(g)}return b.instant(c,d,e,f)};return b.statefulFilter()&&(c.$stateful=!0),c}function m(a){"use strict";return a("translations")}return a.$inject=["$translate"],c.$inject=["$STORAGE_KEY","$windowProvider","$translateSanitizationProvider","pascalprechtTranslateOverrider"],d.$inject=["$interpolate","$translateSanitization"],e.$inject=["$translate","$interpolate","$compile","$parse","$rootScope"],g.$inject=["$translate","$rootScope"],i.$inject=["$translate","$rootScope"],l.$inject=["$parse","$translate"],m.$inject=["$cacheFactory"],angular.module("pascalprecht.translate",["ng"]).run(a),a.displayName="runTranslate",angular.module("pascalprecht.translate").provider("$translateSanitization",b),angular.module("pascalprecht.translate").constant("pascalprechtTranslateOverrider",{}).provider("$translate",c),c.displayName="displayName",angular.module("pascalprecht.translate").factory("$translateDefaultInterpolation",d),d.displayName="$translateDefaultInterpolation",angular.module("pascalprecht.translate").constant("$STORAGE_KEY","NG_TRANSLATE_LANG_KEY"),angular.module("pascalprecht.translate").directive("translate",e),e.displayName="translateDirective",angular.module("pascalprecht.translate").directive("translateAttr",g),g.displayName="translateAttrDirective",angular.module("pascalprecht.translate").directive("translateCloak",i),i.displayName="translateCloakDirective",angular.module("pascalprecht.translate").directive("translateNamespace",j),j.displayName="translateNamespaceDirective",angular.module("pascalprecht.translate").directive("translateLanguage",k),k.displayName="translateLanguageDirective",angular.module("pascalprecht.translate").filter("translate",l),l.displayName="translateFilterFactory",angular.module("pascalprecht.translate").factory("$translationCache",m),m.displayName="$translationCache","pascalprecht.translate"}); \ No newline at end of file diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/package.json b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/package.json new file mode 100644 index 00000000000..5c919fc2863 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-translate/package.json @@ -0,0 +1,107 @@ +{ + "name": "angular-translate", + "version": "2.15.1", + "description": "A translation module for AngularJS", + "main": "dist/angular-translate.js", + "repository": { + "type": "git", + "url": "http://github.com/angular-translate/angular-translate" + }, + "keywords": [ + "angular-translate", + "angular", + "AngularJS", + "translation" + ], + "engines": { + "node": "*" + }, + "devEngines": { + "node": ">=6.9", + "npm": ">=3" + }, + "scripts": { + "prepublish": "bower install", + "check-env": "node node_modules/fbjs-scripts/node/check-dev-engines.js package.json", + "shipit": "npm run-script -s check-env && bower install && bower update && grunt prepare-release", + "lint": "grunt lint", + "test": "npm run-script -s check-env && grunt install-test && grunt test", + "test-headless": "npm run-script -s check-env && grunt test-headless", + "test-scopes": "npm run-script -s check-env && grunt install-test && for f in test_scopes/*; do TEST_SCOPE=\"`basename $f`\" grunt test; done", + "clean-test-scopes": "for f in test_scopes/*; do (cd $f; rm -rf bower_components); done", + "compile": "npm run-script -s check-env && grunt compile", + "build": "npm run-script -s check-env && grunt build", + "build-site": "npm run -s build-site-all-languages; npm run -s build-site-plato-report", + "build-site-all-languages": "./build_tools/generate_site.sh", + "build-site-by-language": "./build_tools/generate_site_by_language.sh", + "build-site-plato-report": "rm -rf ./site/plato && plato -d plato -l .jshintrc src/*.js src/**/*.js && mv plato site", + "upload-github-release": "node build_tools/upload-github-release.js", + "start-demo": "node build_tools/server.js" + }, + "author": { + "name": "Pascal Precht" + }, + "contributors": [ + { + "name": "Jan Philipp", + "email": "knallisworld@googlemail.com", + "url": "https://github.com/knalli" + }, + { + "name": "Max Prichinenko" + }, + { + "name": "Thorsten S" + } + ], + "license": "MIT", + "devDependencies": { + "adm-zip": "^0.4.7", + "body-parser": "^1.16.0", + "bower": "^1.7.9", + "errorhandler": "^1.5.0", + "express": "^4.14.1", + "express-session": "^1.15.0", + "fbjs-scripts": "^0.7.1", + "grunt": "~1.0.1", + "grunt-bower-install-simple": "^1.0.3", + "grunt-bump": "^0.8.0", + "grunt-cli": "^1.2.0", + "grunt-contrib-clean": "^1.0.0", + "grunt-contrib-concat": "^1.0.0", + "grunt-contrib-copy": "^1.0.0", + "grunt-contrib-jshint": "^1.0.0", + "grunt-contrib-uglify": "^2.0.0", + "grunt-contrib-watch": "^1.0.0", + "grunt-conventional-changelog": "^6.1.0", + "grunt-file-append": "0.0.6", + "grunt-karma": "^2.0.0", + "grunt-ng-annotate": "^3.0.0", + "grunt-ngdocs": "~0.2.5", + "grunt-parallel": "^0.5.1", + "grunt-umd": "^2.3.3", + "grunt-version": "^1.0.0", + "inquirer": "^3.0.1", + "jasmine-core": "^2.1.3", + "karma": "^1.3.0", + "karma-chrome-launcher": "^2.0.0", + "karma-coverage": "^1.1.1", + "karma-firefox-launcher": "~1.0.0", + "karma-jasmine": "^1.0.2", + "karma-phantomjs-launcher": "^1.0.0", + "load-grunt-tasks": "^3.4.1", + "local-web-server": "^1.2.6", + "method-override": "^2.3.7", + "morgan": "^1.8.0", + "multer": "^1.3.0", + "phantomjs-prebuilt": "^2.1.4", + "plato": "^1.5.0", + "publish-release": "^1.3.3", + "pug": "^2.0.0-beta11", + "serve-favicon": "^2.3.2", + "tar.gz": "^1.0.5" + }, + "dependencies": { + "angular": ">=1.2.26 <=1.6" + } +} diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/.npmignore b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/.npmignore new file mode 100644 index 00000000000..007aa77b3d3 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/.npmignore @@ -0,0 +1,38 @@ +# Logs +logs +*.log +npm-debug.log* + +# Runtime data +pids +*.pid +*.seed + +# Directory for instrumented libs generated by jscoverage/JSCover +lib-cov + +# Coverage directory used by tools like istanbul +coverage + +# nyc test coverage +.nyc_output + +# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) +.grunt + +# node-waf configuration +.lock-wscript + +# Compiled binary addons (http://nodejs.org/api/addons.html) +build/Release + +# Dependency directories +node_modules +jspm_packages + +# Optional npm cache directory +.npm + +# Optional REPL history +.node_repl_history +.idea diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/LICENSE b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/LICENSE new file mode 100644 index 00000000000..3a8b61bf734 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2016 it-ailen + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/README.md b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/README.md new file mode 100644 index 00000000000..a65b0abe72e --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/README.md @@ -0,0 +1 @@ +# angular-treeview \ No newline at end of file diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/build/webpack.config.base.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/build/webpack.config.base.js new file mode 100644 index 00000000000..c4deb062e99 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/build/webpack.config.base.js @@ -0,0 +1,52 @@ +/** + * Created by hyku on 16/9/29. + */ +var path = require("path"); +var webpack = require("webpack"); + +var config = { + entry: { + tree: "./src/tree.js" + }, + output: { + path: path.resolve(__dirname, ".."), + filename: "[name].js" + }, + // resolve: { + // root: path.resolve(__dirname, "./src") + // }, + module: { + loaders: [ + { + test: /\.less$/i, + loaders: ["style", "css", "less"] + }, + { + test: /\.html$/i, + loaders: ["html"] + }, + { + test: /\.css$/i, + loaders: ["style", "css"] + }, + { + test: /\.(jpe?g|png|gif|svg)$/i, + loader: "url-loader?limit=10000&name=images/[name].[ext]" + }, + { + test: /\.(ttf|eot|woff2?)$/, + loader: 'file?name=etc/[name].[ext]' + } + ] + }, + plugins: [ + new webpack.optimize.DedupePlugin(), + new webpack.ProvidePlugin({ + $: "jquery", + jQuery: "jquery" + }), + new webpack.optimize.OccurenceOrderPlugin() + ] +}; + +module.exports = config; diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/images/plus.png b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/images/plus.png new file mode 100644 index 00000000000..d3e74e624ba Binary files /dev/null and b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/images/plus.png differ diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/index.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/index.js new file mode 100644 index 00000000000..345b1c0d568 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/index.js @@ -0,0 +1,7 @@ +/** + * Created by hyku on 2016/10/13. + */ + +"use strict"; +require("./tree"); +module.exports = "angular.tree"; diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/package.json b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/package.json new file mode 100644 index 00000000000..3fc653efde8 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/package.json @@ -0,0 +1,32 @@ +{ + "name": "angular-treeview", + "version": "0.1.5", + "description": "Treeview with angular.", + "main": "index.js", + "devDependencies": { + "css-loader": "^0.25.0", + "html-loader": "^0.4.4", + "less": "^2.7.1", + "less-loader": "^2.2.3", + "style-loader": "^0.13.1", + "url-loader": "^0.5.7", + "webpack": "^1.13.2" + }, + "scripts": { + "build": "webpack --config build/webpack.config.base.js" + }, + "repository": { + "type": "git", + "url": "git+https://github.com/it-ailen/angular-treeview.git" + }, + "keywords": [ + "angular", + "treeview" + ], + "author": "Allen Zou", + "license": "MIT", + "bugs": { + "url": "https://github.com/it-ailen/angular-treeview/issues" + }, + "homepage": "https://github.com/it-ailen/angular-treeview#readme" +} diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/tree.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/tree.js new file mode 100644 index 00000000000..cf34cdb2d5a --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/tree.js @@ -0,0 +1,164 @@ +/** + * Created by Allen Zou on 2016/10/13. + */ + +"use strict"; + +require("./view/tree.less"); +var fileIcon = require("./view/imgs/file.png"); +var folderIcon = require("./view/imgs/folder.png"); +var closedFolderIcon = require("./view/imgs/folder-closed.png"); +var plusIcon = require("./view/imgs/plus.png"); +var removeIcon = require("./view/imgs/remove.png"); + +var tree = angular.module("angular.tree", []); +tree + .directive("treeNode", function () { + return { + scope: { + item: "=", + adapter: "=", + icon: "=", + folderOpen: "=", + folderClose: "=", + nodeClick: "=", + childrenLoader: "=", + addItem: "=", + removeItem: "=", + editItem: "=" + }, + require: [], + restrict: "E", + // templateUrl: "directive/tree/node.html", + template: require("./view/node.html"), + link: function($scope, element, attributes, controllers) { + $scope.open = false; + $scope.add_btn = plusIcon; + $scope.remove_btn = removeIcon; + function load_children() { + if ($scope.childrenLoader) { + $scope.childrenLoader($scope.item) + .then(function(children) { + $scope.subNodes = children; + }) + .catch(function(error) { + console.error(error); + $scope.subNodes = []; + }) + } else { + $scope.subNodes = []; + } + } + $scope.wrap_node_click = function() { + if ($scope.item) { + var adaptedItem = $scope.adapter($scope.item); + if (adaptedItem.type === "branch") { + if ($scope.open) { + $scope.open = false; + $scope.folderClose && $scope.folderClose($scope.item); + } + else { + $scope.open = true; + $scope.folderOpen && $scope.folderOpen($scope.item); + load_children(); + } + } + $scope.nodeClick && $scope.nodeClick($scope.item); + + } + return false; + }; + $scope.resolve_icon = function() { + var icon = null; + var adaptedItem = $scope.adapter($scope.item); + if (adaptedItem.type === 'branch') { + icon = ($scope.icon && $scope.icon($scope.item, $scope.open)) + || (!$scope.open && closedFolderIcon) + || ($scope.open && folderIcon); + } + else { + icon = ($scope.icon && $scope.icon($scope.item)) + || fileIcon; + } + return icon; + }; + $scope.node_class = function() { + var classes = ["node"]; + var adaptedItem = $scope.adapter($scope.item); + if (adaptedItem.type === 'branch') { + classes.push("branch"); + if ($scope.open) { + classes.push("open"); + } + else { + classes.push("closed"); + } + } + else { + classes.push("leaf"); + } + return classes; + }; + $scope.add_child = function() { + if ($scope.addItem) { + $scope.addItem($scope.item) + .then(function() { + load_children(); + }) + ; + } + return false; + }; + $scope.remove_self = function() { + if ($scope.removeItem) { + $scope.removeItem($scope.item) + .then(function() { + load_children(); + }) + ; + } + return false; + }; + $scope.edit = function() { + console.log("edit:::"); + console.log($scope.editItem); + $scope.editItem && $scope.editItem($scope.item); + return false; + }; + } + }; + }) + .directive("tree", function () { + var link = function($scope, element, attributes, controllers) { + $scope.itemAdapter = $scope.adapter || function(item) { + console.log("in tree .adapter"); + return item; + }; + $scope.tree_class = function() { + var classes = ["tree"]; + return classes; + } + }; + return { + scope: { + root: "=root", + adapter: "=", + icon: "=", + folderOpen: "=", + folderClose: "=", + nodeClick: "=", + childrenLoader: "=", + addItem: "=", + removeItem: "=", + editItem: "=" + }, + require: [], + restrict: "E", + // templateUrl: "directive/tree/tree.html", + template: require("./view/tree.html"), + link: link + } + }) +; + +module.exports = tree; diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/imgs/file.png b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/imgs/file.png new file mode 100644 index 00000000000..ffd22db2cc6 Binary files /dev/null and b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/imgs/file.png differ diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/imgs/folder-closed.png b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/imgs/folder-closed.png new file mode 100644 index 00000000000..9c8489c12d2 Binary files /dev/null and b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/imgs/folder-closed.png differ diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/imgs/folder.png b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/imgs/folder.png new file mode 100644 index 00000000000..fdad546d716 Binary files /dev/null and b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/imgs/folder.png differ diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/imgs/plus.png b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/imgs/plus.png new file mode 100644 index 00000000000..0aac69bf1a3 Binary files /dev/null and b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/imgs/plus.png differ diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/imgs/remove.png b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/imgs/remove.png new file mode 100644 index 00000000000..9e081451c0f Binary files /dev/null and b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/imgs/remove.png differ diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/node.html b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/node.html new file mode 100644 index 00000000000..101147d649c --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/node.html @@ -0,0 +1,24 @@ +
    +
    + + {{ adapter(item).text }} + +
    +
    + + +
    +
    \ No newline at end of file diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/tree.html b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/tree.html new file mode 100644 index 00000000000..7717002dc7b --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/tree.html @@ -0,0 +1,7 @@ +
    + + +
    \ No newline at end of file diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/tree.less b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/tree.less new file mode 100644 index 00000000000..c6373c88175 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/src/view/tree.less @@ -0,0 +1,33 @@ +.tree { + @node-height: 16px; + overflow: auto; + .node { + width: 100%; + .directory-level { + position: relative; + padding-right: 4px; + white-space: nowrap; + font-size: @node-height; + line-height: @node-height; + >.icon { + height: @node-height; + } + .operation { + display: inline; + margin-left: 20px; + visibility: hidden; + img { + height: @node-height; + } + } + &:hover { + .operation { + visibility: visible; + } + } + } + .sub-node { + padding-left: 14px; + } + } +} \ No newline at end of file diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/tree.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/tree.js new file mode 100644 index 00000000000..a121bb0e449 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-treeview/tree.js @@ -0,0 +1,604 @@ +/******/ (function(modules) { // webpackBootstrap +/******/ // The module cache +/******/ var installedModules = {}; + +/******/ // The require function +/******/ function __webpack_require__(moduleId) { + +/******/ // Check if module is in cache +/******/ if(installedModules[moduleId]) +/******/ return installedModules[moduleId].exports; + +/******/ // Create a new module (and put it into the cache) +/******/ var module = installedModules[moduleId] = { +/******/ exports: {}, +/******/ id: moduleId, +/******/ loaded: false +/******/ }; + +/******/ // Execute the module function +/******/ modules[moduleId].call(module.exports, module, module.exports, __webpack_require__); + +/******/ // Flag the module as loaded +/******/ module.loaded = true; + +/******/ // Return the exports of the module +/******/ return module.exports; +/******/ } + + +/******/ // expose the modules object (__webpack_modules__) +/******/ __webpack_require__.m = modules; + +/******/ // expose the module cache +/******/ __webpack_require__.c = installedModules; + +/******/ // __webpack_public_path__ +/******/ __webpack_require__.p = ""; + +/******/ // Load entry module and return exports +/******/ return __webpack_require__(0); +/******/ }) +/************************************************************************/ +/******/ ([ +/* 0 */ +/***/ function(module, exports, __webpack_require__) { + + /** + * Created by Allen Zou on 2016/10/13. + */ + + "use strict"; + + __webpack_require__(6); + var fileIcon = __webpack_require__(7); + var folderIcon = __webpack_require__(9); + var closedFolderIcon = __webpack_require__(8); + var plusIcon = __webpack_require__(10); + var removeIcon = __webpack_require__(11); + + var tree = angular.module("angular.tree", []); + tree + .directive("treeNode", function () { + return { + scope: { + item: "=", + adapter: "=", + icon: "=", + folderOpen: "=", + folderClose: "=", + nodeClick: "=", + childrenLoader: "=", + addItem: "=", + removeItem: "=", + editItem: "=" + }, + require: [], + restrict: "E", + // templateUrl: "directive/tree/node.html", + template: __webpack_require__(3), + link: function($scope, element, attributes, controllers) { + $scope.open = false; + $scope.add_btn = plusIcon; + $scope.remove_btn = removeIcon; + function load_children() { + if ($scope.childrenLoader) { + $scope.childrenLoader($scope.item) + .then(function(children) { + $scope.subNodes = children; + }) + .catch(function(error) { + console.error(error); + $scope.subNodes = []; + }) + } else { + $scope.subNodes = []; + } + } + $scope.wrap_node_click = function() { + if ($scope.item) { + var adaptedItem = $scope.adapter($scope.item); + if (adaptedItem.type === "branch") { + if ($scope.open) { + $scope.open = false; + $scope.folderClose && $scope.folderClose($scope.item); + } + else { + $scope.open = true; + $scope.folderOpen && $scope.folderOpen($scope.item); + load_children(); + } + } + $scope.nodeClick && $scope.nodeClick($scope.item); + + } + return false; + }; + $scope.resolve_icon = function() { + var icon = null; + var adaptedItem = $scope.adapter($scope.item); + if (adaptedItem.type === 'branch') { + icon = ($scope.icon && $scope.icon($scope.item, $scope.open)) + || (!$scope.open && closedFolderIcon) + || ($scope.open && folderIcon); + } + else { + icon = ($scope.icon && $scope.icon($scope.item)) + || fileIcon; + } + return icon; + }; + $scope.node_class = function() { + var classes = ["node"]; + var adaptedItem = $scope.adapter($scope.item); + if (adaptedItem.type === 'branch') { + classes.push("branch"); + if ($scope.open) { + classes.push("open"); + } + else { + classes.push("closed"); + } + } + else { + classes.push("leaf"); + } + return classes; + }; + $scope.add_child = function() { + if ($scope.addItem) { + $scope.addItem($scope.item) + .then(function() { + load_children(); + }) + ; + } + return false; + }; + $scope.remove_self = function() { + if ($scope.removeItem) { + $scope.removeItem($scope.item) + .then(function() { + load_children(); + }) + ; + } + return false; + }; + $scope.edit = function() { + console.log("edit:::"); + console.log($scope.editItem); + $scope.editItem && $scope.editItem($scope.item); + return false; + }; + } + }; + }) + .directive("tree", function () { + var link = function($scope, element, attributes, controllers) { + $scope.itemAdapter = $scope.adapter || function(item) { + console.log("in tree .adapter"); + return item; + }; + $scope.tree_class = function() { + var classes = ["tree"]; + return classes; + } + }; + return { + scope: { + root: "=root", + adapter: "=", + icon: "=", + folderOpen: "=", + folderClose: "=", + nodeClick: "=", + childrenLoader: "=", + addItem: "=", + removeItem: "=", + editItem: "=" + }, + require: [], + restrict: "E", + // templateUrl: "directive/tree/tree.html", + template: __webpack_require__(4), + link: link + } + }) + ; + + module.exports = tree; + + +/***/ }, +/* 1 */ +/***/ function(module, exports, __webpack_require__) { + + exports = module.exports = __webpack_require__(2)(); + // imports + + + // module + exports.push([module.id, ".tree {\n overflow: auto;\n}\n.tree .node {\n width: 100%;\n}\n.tree .node .directory-level {\n position: relative;\n padding-right: 4px;\n white-space: nowrap;\n font-size: 16px;\n line-height: 16px;\n}\n.tree .node .directory-level > .icon {\n height: 16px;\n}\n.tree .node .directory-level .operation {\n display: inline;\n margin-left: 20px;\n visibility: hidden;\n}\n.tree .node .directory-level .operation img {\n height: 16px;\n}\n.tree .node .directory-level:hover .operation {\n visibility: visible;\n}\n.tree .node .sub-node {\n padding-left: 14px;\n}\n", ""]); + + // exports + + +/***/ }, +/* 2 */ +/***/ function(module, exports) { + + /* + MIT License http://www.opensource.org/licenses/mit-license.php + Author Tobias Koppers @sokra + */ + // css base code, injected by the css-loader + module.exports = function() { + var list = []; + + // return the list of modules as css string + list.toString = function toString() { + var result = []; + for(var i = 0; i < this.length; i++) { + var item = this[i]; + if(item[2]) { + result.push("@media " + item[2] + "{" + item[1] + "}"); + } else { + result.push(item[1]); + } + } + return result.join(""); + }; + + // import a list of modules into the list + list.i = function(modules, mediaQuery) { + if(typeof modules === "string") + modules = [[null, modules, ""]]; + var alreadyImportedModules = {}; + for(var i = 0; i < this.length; i++) { + var id = this[i][0]; + if(typeof id === "number") + alreadyImportedModules[id] = true; + } + for(i = 0; i < modules.length; i++) { + var item = modules[i]; + // skip already imported module + // this implementation is not 100% perfect for weird media query combinations + // when a module is imported multiple times with different media queries. + // I hope this will never occur (Hey this way we have smaller bundles) + if(typeof item[0] !== "number" || !alreadyImportedModules[item[0]]) { + if(mediaQuery && !item[2]) { + item[2] = mediaQuery; + } else if(mediaQuery) { + item[2] = "(" + item[2] + ") and (" + mediaQuery + ")"; + } + list.push(item); + } + } + }; + return list; + }; + + +/***/ }, +/* 3 */ +/***/ function(module, exports) { + + module.exports = "
    \n
    \n \n {{ adapter(item).text }}\n
    \n \n \n \n \n \n \n \n \n \n
    \n
    \n
    \n \n \n
    \n
    "; + +/***/ }, +/* 4 */ +/***/ function(module, exports) { + + module.exports = "
    \n \n \n
    "; + +/***/ }, +/* 5 */ +/***/ function(module, exports, __webpack_require__) { + + /* + MIT License http://www.opensource.org/licenses/mit-license.php + Author Tobias Koppers @sokra + */ + var stylesInDom = {}, + memoize = function(fn) { + var memo; + return function () { + if (typeof memo === "undefined") memo = fn.apply(this, arguments); + return memo; + }; + }, + isOldIE = memoize(function() { + return /msie [6-9]\b/.test(window.navigator.userAgent.toLowerCase()); + }), + getHeadElement = memoize(function () { + return document.head || document.getElementsByTagName("head")[0]; + }), + singletonElement = null, + singletonCounter = 0, + styleElementsInsertedAtTop = []; + + module.exports = function(list, options) { + if(false) { + if(typeof document !== "object") throw new Error("The style-loader cannot be used in a non-browser environment"); + } + + options = options || {}; + // Force single-tag solution on IE6-9, which has a hard limit on the # of + + + + + + + + +
    + +
    +

    The Basics

    +
    +
    + + +
    +
    +

    Value

    +
    {{ basicsValue }}
    +
    +
    +
    + +
    +

    Multi-Value

    +
    +
    + + +
    +
    +

    Value

    +
    {{ multiValue }}
    +
    +
    +
    +
    + + +
    +
    +

    Config

    +
    {
    +    multiple: true,
    +    query: function (query) {
    +      query.callback({ results: states });
    +    },
    +    initSelection: function(element, callback) {
    +      var val = $(element).select2('val'),
    +        results = [];
    +      for (var i=0; i<val.length; i++) {
    +        results.push(findState(val[i]));
    +      }
    +      callback(results);
    +    }
    +  }
    +

    Value

    +
    {{ multi2Value }}
    +
    +
    +
    + +
    +

    Placeholders

    +
    +
    + + +
    +
    +

    Value

    +
    {{ placeholdersValue }}
    +
    +
    +
    +
    + + +
    +
    +

    Config

    +
    {{ placeholders }}
    +

    Value

    +
    {{ placeholdersMultiValue }}
    +
    +
    +
    + +
    +

    Array Data

    +
    +
    + + +
    +
    +

    Config

    +
    {{ array }}
    +

    Value

    +
    {{ arrayValue }}
    +
    +
    +
    +
    + + +
    +
    +

    Config

    +
    {
    +    query: function (query) {
    +      query.callback({ results: states });
    +    },
    +    initSelection: function(element, callback) {
    +      var val = $(element).select2('val');
    +      return callback(findState(val));
    +    }
    +  }
    +

    Value

    +
    {{ arrayAsyncValue }}
    +
    +
    +
    + +
    + + diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-ui-select2/docs/index.html b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-ui-select2/docs/index.html new file mode 100644 index 00000000000..ff373e78217 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-ui-select2/docs/index.html @@ -0,0 +1,47 @@ +
    + +
    +
    +

    Demo

    +
    +

    Value is: {{select2}} (choose second)

    + +
    + +
    +

    Value is: {{select2multiple}} (choose second)

    + +
    +
    +
    +

    Options

    +

    You can pass an object to Select2 as the expression: ui-select2="{allowClear:true}" that will be passed directly to $.fn.select2(). You can read more about the supported list of options and what they do on the Select2 Documentation Page. AngularUI will leverage properties passed to Select2 for any complex behavior, there are no parameters necessary for that are specific to AngularUI.

    +
    +
    +

    ui-select2 is incompatible with <select ng-options>. For the best results use <option ng-repeat> instead

    +

    In order to properly support the Select2 placeholder, create an empty <option> tag at the top of the <select> and either set a data-placeholder on the select element or pass a placeholder option to Select2.

    + +

    How?

    +
    +<p>Value is: {{select2}} <a ng-click="select2='two'">(choose second)</a></p>
    +<select ui-select2 ng-model="select2">
    +<option value="">Pick a number</option>
    +<option value="one">First</option>
    +<option value="two">Second</option>
    +<option value="three">Third</option>
    +</select>
    +
    +

    Or try playing around with this sandbox demo to see how AJAX works

    +
    \ No newline at end of file diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-ui-select2/docs/styles.css b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-ui-select2/docs/styles.css new file mode 100644 index 00000000000..08611a479d9 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-ui-select2/docs/styles.css @@ -0,0 +1,4 @@ + +#directives-select2 select { + width: 200px; +} \ No newline at end of file diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-ui-select2/package.json b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-ui-select2/package.json new file mode 100644 index 00000000000..9b831360803 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-ui-select2/package.json @@ -0,0 +1,30 @@ +{ + "author": "https://github.com/angular-ui/ui-select2/graphs/contributors", + "name": "angular-ui-select2", + "keywords": [ + "angular", + "angularui", + "select2" + ], + "description": "AngularUI - The companion suite for AngularJS", + "version": "0.0.5", + "homepage": "http://angular-ui.github.com", + "repository": { + "type": "git", + "url": "git://github.com/angular-ui/ui-select2.git" + }, + "engines": { + "node": ">= 0.8.4" + }, + "dependencies": {}, + "devDependencies": { + "async": "0.1.x", + "grunt": "~0.4.1", + "grunt-contrib-jshint": "~0.6.4", + "grunt-contrib-watch": "~0.5.3", + "grunt-karma": "~0.6.2", + "karma": "~0.10.2", + "grunt-conventional-changelog": "~1.0.0", + "load-grunt-tasks": "~0.2.0" + } +} diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-ui-select2/src/select2.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-ui-select2/src/select2.js new file mode 100644 index 00000000000..c3b99ae96aa --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular-ui-select2/src/select2.js @@ -0,0 +1,238 @@ +/** + * Enhanced Select2 Dropmenus + * + * @AJAX Mode - When in this mode, your value will be an object (or array of objects) of the data used by Select2 + * This change is so that you do not have to do an additional query yourself on top of Select2's own query + * @params [options] {object} The configuration options passed to $.fn.select2(). Refer to the documentation + */ +angular.module('ui.select2', []).value('uiSelect2Config', {}).directive('uiSelect2', ['uiSelect2Config', '$timeout', function (uiSelect2Config, $timeout) { + var options = {}; + if (uiSelect2Config) { + angular.extend(options, uiSelect2Config); + } + return { + require: 'ngModel', + priority: 1, + compile: function (tElm, tAttrs) { + var watch, + repeatOption, + repeatAttr, + isSelect = tElm.is('select'), + isMultiple = angular.isDefined(tAttrs.multiple); + + // Enable watching of the options dataset if in use + if (tElm.is('select')) { + repeatOption = tElm.find( 'optgroup[ng-repeat], optgroup[data-ng-repeat], option[ng-repeat], option[data-ng-repeat]'); + + if (repeatOption.length) { + repeatAttr = repeatOption.attr('ng-repeat') || repeatOption.attr('data-ng-repeat'); + watch = jQuery.trim(repeatAttr.split('|')[0]).split(' ').pop(); + } + } + + return function (scope, elm, attrs, controller) { + // instance-specific options + var opts = angular.extend({}, options, scope.$eval(attrs.uiSelect2)); + + /* + Convert from Select2 view-model to Angular view-model. + */ + var convertToAngularModel = function(select2_data) { + var model; + if (opts.simple_tags) { + model = []; + angular.forEach(select2_data, function(value, index) { + model.push(value.id); + }); + } else { + model = select2_data; + } + return model; + }; + + /* + Convert from Angular view-model to Select2 view-model. + */ + var convertToSelect2Model = function(angular_data) { + var model = []; + if (!angular_data) { + return model; + } + + if (opts.simple_tags) { + model = []; + angular.forEach( + angular_data, + function(value, index) { + model.push({'id': value, 'text': value}); + }); + } else { + model = angular_data; + } + return model; + }; + + if (isSelect) { + // Use element', function () { + describe('compiling this directive', function () { + it('should throw an error if we have no model defined', function () { + expect(function(){ + compile(''); + }).toThrow(); + }); + it('should create proper DOM structure', function () { + var element = compile(''); + expect(element.siblings().is('div.select2-container')).toBe(true); + }); + it('should not modify the model if there is no initial value', function(){ + //TODO + }); + }); + describe('when model is changed programmatically', function(){ + describe('for single select', function(){ + it('should set select2 to the value', function(){ + scope.foo = 'First'; + var element = compile(''); + expect(element.select2('val')).toBe('First'); + scope.$apply('foo = "Second"'); + expect(element.select2('val')).toBe('Second'); + }); + it('should handle falsey values', function(){ + scope.foo = 'First'; + var element = compile(''); + expect(element.select2('val')).toBe('First'); + scope.$apply('foo = false'); + expect(element.select2('val')).toBe(null); + scope.$apply('foo = "Second"'); + scope.$apply('foo = null'); + expect(element.select2('val')).toBe(null); + scope.$apply('foo = "Second"'); + scope.$apply('foo = undefined'); + expect(element.select2('val')).toBe(null); + }); + }); + describe('for multiple select', function(){ + it('should set select2 to multiple value', function(){ + scope.foo = ['First']; + var element = compile(''); + expect(element.select2('val')).toEqual(['First']); + scope.$apply('foo = ["Second"]'); + expect(element.select2('val')).toEqual(['Second']); + scope.$apply('foo = ["Second","Third"]'); + expect(element.select2('val')).toEqual(['Second','Third']); + }); + it('should handle falsey values', function(){ + scope.foo = ['First']; + var element = compile(''); + expect(element.val()).toEqual(['First']); + scope.$apply('foo = ["Second"]'); + scope.$apply('foo = false'); + expect(element.select2('val')).toEqual([]); + scope.$apply('foo = ["Second"]'); + scope.$apply('foo = null'); + expect(element.select2('val')).toEqual([]); + scope.$apply('foo = ["Second"]'); + scope.$apply('foo = undefined'); + expect(element.select2('val')).toEqual([]); + }); + }); + }); + it('should observe the disabled attribute', function () { + var element = compile(''); + expect(element.siblings().hasClass('select2-container-disabled')).toBe(false); + scope.$apply('disabled = true'); + expect(element.siblings().hasClass('select2-container-disabled')).toBe(true); + scope.$apply('disabled = false'); + expect(element.siblings().hasClass('select2-container-disabled')).toBe(false); + }); + it('should observe the multiple attribute', function () { + var element = $compile('')(scope); + + expect(element.siblings().hasClass('select2-container-multi')).toBe(false); + scope.$apply('multiple = true'); + expect(element.siblings().hasClass('select2-container-multi')).toBe(true); + scope.$apply('multiple = false'); + expect(element.siblings().hasClass('select2-container-multi')).toBe(false); + }); + it('should observe an option with ng-repeat for changes', function(){ + scope.items = ['first', 'second', 'third']; + scope.foo = 'fourth'; + var element = compile(''); + expect(element.select2('val')).toBe(null); + scope.$apply('foo="fourth";items=["fourth"]'); + $timeout.flush(); + expect(element.select2('val')).toBe('fourth'); + }); + }); + describe('with an element', function () { + describe('compiling this directive', function () { + it('should throw an error if we have no model defined', function () { + expect(function() { + compile(''); + }).toThrow(); + }); + it('should create proper DOM structure', function () { + var element = compile(''); + expect(element.siblings().is('div.select2-container')).toBe(true); + }); + it('should not modify the model if there is no initial value', function(){ + //TODO + }); + }); + describe('when model is changed programmatically', function(){ + describe('for single-select', function(){ + it('should call select2(data, ...) for objects', function(){ + var element = compile(''); + spyOn($.fn, 'select2'); + scope.$apply('foo={ id: 1, text: "first" }'); + expect(element.select2).toHaveBeenCalledWith('data', { id: 1, text: "first" }); + }); + it('should call select2(val, ...) for strings', function(){ + var element = compile(''); + spyOn($.fn, 'select2'); + scope.$apply('foo="first"'); + expect(element.select2).toHaveBeenCalledWith('val', 'first'); + }); + }); + describe('for multi-select', function(){ + it('should call select2(data, ...) for arrays', function(){ + var element = compile(''); + spyOn($.fn, 'select2'); + scope.$apply('foo=[{ id: 1, text: "first" },{ id: 2, text: "second" }]'); + expect(element.select2).toHaveBeenCalledWith('data', [{ id: 1, text: "first" },{ id: 2, text: "second" }]); + }); + it('should call select2(data, []) for falsey values', function(){ + var element = compile(''); + spyOn($.fn, 'select2'); + scope.$apply('foo=[]'); + expect(element.select2).toHaveBeenCalledWith('data', []); + }); + xit('should call select2(val, ...) for strings', function(){ + var element = compile(''); + spyOn($.fn, 'select2'); + scope.$apply('foo="first,second"'); + expect(element.select2).toHaveBeenCalledWith('val', 'first,second'); + }); + }); + }); + describe('consumers of ngModel should correctly use $viewValue', function() { + it('should use any formatters if present (select - single select)', function(){ + scope.foo = 'First'; + var element = compile(''); + expect(element.select2('val')).toBe('First - I\'ve been formatted'); + scope.$apply('foo = "Second"'); + expect(element.select2('val')).toBe('Second - I\'ve been formatted'); + }); + + // isMultiple && falsey + it('should use any formatters if present (input multi select - falsey value)', function() { + // need special function to hit this case + // old code checked modelValue... can't just pass undefined to model value because view value will be the same + scope.transformers.fromModel = function(modelValue) { + if (modelValue === "magic") { + return undefined; + } + + return modelValue; + }; + + var element = compile(''); + spyOn($.fn, 'select2'); + scope.$apply('foo="magic"'); + expect(element.select2).toHaveBeenCalledWith('data', []); + }); + // isMultiple && isArray + it('should use any formatters if present (input multi select)', function() { + var element = compile(''); + spyOn($.fn, 'select2'); + scope.$apply('foo=[{ id: 1, text: "first" },{ id: 2, text: "second" }]'); + expect(element.select2).toHaveBeenCalledWith('data', [{ id: 1, text: "first - I've been formatted" },{ id: 2, text: "second - I've been formatted" }]); + }); + // isMultiple... + xit('should use any formatters if present (input multi select - non array)', function() { + var element = compile(''); + spyOn($.fn, 'select2'); + scope.$apply('foo={ id: 1, text: "first" }'); + expect(element.select2).toHaveBeenCalledWith('val', { id: 1, text: "first - I've been formatted" }); + }); + + // !isMultiple + it('should use any formatters if present (input - single select - object)', function() { + var element = compile(''); + spyOn($.fn, 'select2'); + scope.$apply('foo={ id: 1, text: "first" }'); + expect(element.select2).toHaveBeenCalledWith('data', { id: 1, text: "first - I've been formatted" }); + }); + it('should use any formatters if present (input - single select - non object)', function() { + var element = compile(''); + spyOn($.fn, 'select2'); + scope.$apply('foo="first"'); + expect(element.select2).toHaveBeenCalledWith('val', "first - I've been formatted"); + }); + + it('should not set the default value using scope.$eval', function() { + // testing directive instantiation - change order of test + spyOn($.fn, 'select2'); + spyOn($.fn, 'val'); + scope.$apply('foo=[{ id: 1, text: "first" },{ id: 2, text: "second" }]'); + + var element = compile(''); + expect(element.val).not.toHaveBeenCalledWith([{ id: 1, text: "first" },{ id: 2, text: "second" }]); + }); + it('should expect a default value to be set with a call to the render method', function() { + // this should monitor the events after init, when the timeout callback executes + var opts = angular.copy(scope.options); + opts.multiple = true; + + scope.$apply('foo=[{ id: 1, text: "first" },{ id: 2, text: "second" }]'); + + spyOn($.fn, 'select2'); + var element = compile(''); + + // select 2 init + expect(element.select2).toHaveBeenCalledWith(opts); + + // callback setting + expect(element.select2).toHaveBeenCalledWith('data', [{ id: 1, text: "first - I've been formatted" },{ id: 2, text: "second - I've been formatted" }]); + + // retieve data + expect(element.select2).toHaveBeenCalledWith('data'); + }); + + }); + it('should set the model when the user selects an item', function(){ + var element = compile(''); + // TODO: programmactically select an option + // expect(scope.foo).toBe(/* selected val */) ; + }); + + it('updated the view when model changes with complex object', function(){ + scope.foo = [{'id': '0', 'text': '0'}]; + scope.options['multiple'] = true; + var element = compile(''); + scope.$digest(); + + scope.foo.push({'id': '1', 'text': '1'}); + scope.$digest(); + + expect(element.select2('data')).toEqual( + [{'id': '0', 'text': '0'}, {'id': '1', 'text': '1'}]); + }); + + + describe('simple_tags', function() { + + beforeEach(function() { + scope.options['multiple'] = true; + scope.options['simple_tags'] = true; + scope.options['tags'] = []; + }); + + it('Initialize the select2 view based on list of strings.', function() { + scope.foo = ['tag1', 'tag2']; + + var element = compile(''); + scope.$digest(); + + expect(element.select2('data')).toEqual([ + {'id': 'tag1', 'text': 'tag1'}, + {'id': 'tag2', 'text': 'tag2'} + ]); + }); + + it( + 'When list is empty select2 view model is also initialized as empty', + function() { + scope.foo = []; + + var element = compile(''); + scope.$digest(); + + expect(element.select2('data')).toEqual([]); + }); + + it( + 'Updating the model with a string will update the select2 view model.', + function() { + scope.foo = []; + var element = compile(''); + scope.$digest(); + + scope.foo.push('tag1'); + scope.$digest(); + + expect(element.select2('data')).toEqual([ + {'id': 'tag1', 'text': 'tag1'} + ]); + }); + + it( + 'Updating the select2 model will update AngularJS model with a string.', + function() { + scope.foo = []; + var element = compile(''); + scope.$digest(); + + element.select2('data', [ + {'id':'tag1', 'text': 'tag1'}, + {'id':'tag2', 'text': 'tag2'} + ]); + element.trigger('change'); + + expect(scope.foo).toEqual(['tag1', 'tag2']); + }); + + }); + + }); +}); \ No newline at end of file diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular/LICENSE.md b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular/LICENSE.md new file mode 100644 index 00000000000..2c395eef1ba --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular/LICENSE.md @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2016 Angular + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular/README.md b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular/README.md new file mode 100644 index 00000000000..d1bc0eddf44 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular/README.md @@ -0,0 +1,64 @@ +# packaged angular + +This repo is for distribution on `npm` and `bower`. The source for this module is in the +[main AngularJS repo](https://github.com/angular/angular.js). +Please file issues and pull requests against that repo. + +## Install + +You can install this package either with `npm` or with `bower`. + +### npm + +```shell +npm install angular +``` + +Then add a ` +``` + +Or `require('angular')` from your code. + +### bower + +```shell +bower install angular +``` + +Then add a ` +``` + +## Documentation + +Documentation is available on the +[AngularJS docs site](http://docs.angularjs.org/). + +## License + +The MIT License + +Copyright (c) 2010-2015 Google, Inc. http://angularjs.org + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular/angular-csp.css b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular/angular-csp.css new file mode 100644 index 00000000000..f3cd926cb36 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular/angular-csp.css @@ -0,0 +1,21 @@ +/* Include this file in your html if you are using the CSP mode. */ + +@charset "UTF-8"; + +[ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], +.ng-cloak, .x-ng-cloak, +.ng-hide:not(.ng-hide-animate) { + display: none !important; +} + +ng\:form { + display: block; +} + +.ng-animate-shim { + visibility:hidden; +} + +.ng-anchor { + position:absolute; +} diff --git a/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular/angular.js b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular/angular.js new file mode 100644 index 00000000000..29458ca9cdb --- /dev/null +++ b/themes/src/main/resources/theme/keycloak/common/resources/node_modules/angular/angular.js @@ -0,0 +1,33372 @@ +/** + * @license AngularJS v1.6.4 + * (c) 2010-2017 Google, Inc. http://angularjs.org + * License: MIT + */ +(function(window) {'use strict'; + +/** + * @description + * + * This object provides a utility for producing rich Error messages within + * Angular. It can be called as follows: + * + * var exampleMinErr = minErr('example'); + * throw exampleMinErr('one', 'This {0} is {1}', foo, bar); + * + * The above creates an instance of minErr in the example namespace. The + * resulting error will have a namespaced error code of example.one. The + * resulting error will replace {0} with the value of foo, and {1} with the + * value of bar. The object is not restricted in the number of arguments it can + * take. + * + * If fewer arguments are specified than necessary for interpolation, the extra + * interpolation markers will be preserved in the final string. + * + * Since data will be parsed statically during a build step, some restrictions + * are applied with respect to how minErr instances are created and called. + * Instances should have names of the form namespaceMinErr for a minErr created + * using minErr('namespace') . Error codes, namespaces and template strings + * should all be static strings, not variables or general expressions. + * + * @param {string} module The namespace to use for the new minErr instance. + * @param {function} ErrorConstructor Custom error constructor to be instantiated when returning + * error from returned function, for cases when a particular type of error is useful. + * @returns {function(code:string, template:string, ...templateArgs): Error} minErr instance + */ + +function minErr(module, ErrorConstructor) { + ErrorConstructor = ErrorConstructor || Error; + return function() { + var code = arguments[0], + template = arguments[1], + message = '[' + (module ? module + ':' : '') + code + '] ', + templateArgs = sliceArgs(arguments, 2).map(function(arg) { + return toDebugString(arg, minErrConfig.objectMaxDepth); + }), + paramPrefix, i; + + message += template.replace(/\{\d+\}/g, function(match) { + var index = +match.slice(1, -1); + + if (index < templateArgs.length) { + return templateArgs[index]; + } + + return match; + }); + + message += '\nhttp://errors.angularjs.org/1.6.4/' + + (module ? module + '/' : '') + code; + + for (i = 0, paramPrefix = '?'; i < templateArgs.length; i++, paramPrefix = '&') { + message += paramPrefix + 'p' + i + '=' + encodeURIComponent(templateArgs[i]); + } + + return new ErrorConstructor(message); + }; +} + +/* We need to tell ESLint what variables are being exported */ +/* exported + angular, + msie, + jqLite, + jQuery, + slice, + splice, + push, + toString, + minErrConfig, + errorHandlingConfig, + isValidObjectMaxDepth, + ngMinErr, + angularModule, + uid, + REGEX_STRING_REGEXP, + VALIDITY_STATE_PROPERTY, + + lowercase, + uppercase, + manualLowercase, + manualUppercase, + nodeName_, + isArrayLike, + forEach, + forEachSorted, + reverseParams, + nextUid, + setHashKey, + extend, + toInt, + inherit, + merge, + noop, + identity, + valueFn, + isUndefined, + isDefined, + isObject, + isBlankObject, + isString, + isNumber, + isNumberNaN, + isDate, + isArray, + isFunction, + isRegExp, + isWindow, + isScope, + isFile, + isFormData, + isBlob, + isBoolean, + isPromiseLike, + trim, + escapeForRegexp, + isElement, + makeMap, + includes, + arrayRemove, + copy, + simpleCompare, + equals, + csp, + jq, + concat, + sliceArgs, + bind, + toJsonReplacer, + toJson, + fromJson, + convertTimezoneToLocal, + timezoneToOffset, + startingTag, + tryDecodeURIComponent, + parseKeyValue, + toKeyValue, + encodeUriSegment, + encodeUriQuery, + angularInit, + bootstrap, + getTestability, + snake_case, + bindJQuery, + assertArg, + assertArgFn, + assertNotHasOwnProperty, + getter, + getBlockNodes, + hasOwnProperty, + createMap, + stringify, + + NODE_TYPE_ELEMENT, + NODE_TYPE_ATTRIBUTE, + NODE_TYPE_TEXT, + NODE_TYPE_COMMENT, + NODE_TYPE_DOCUMENT, + NODE_TYPE_DOCUMENT_FRAGMENT +*/ + +//////////////////////////////////// + +/** + * @ngdoc module + * @name ng + * @module ng + * @installation + * @description + * + * # ng (core module) + * The ng module is loaded by default when an AngularJS application is started. The module itself + * contains the essential components for an AngularJS application to function. The table below + * lists a high level breakdown of each of the services/factories, filters, directives and testing + * components available within this core module. + * + *
    + */ + +var REGEX_STRING_REGEXP = /^\/(.+)\/([a-z]*)$/; + +// The name of a form control's ValidityState property. +// This is used so that it's possible for internal tests to create mock ValidityStates. +var VALIDITY_STATE_PROPERTY = 'validity'; + + +var hasOwnProperty = Object.prototype.hasOwnProperty; + +var minErrConfig = { + objectMaxDepth: 5 +}; + + /** + * @ngdoc function + * @name angular.errorHandlingConfig + * @module ng + * @kind function + * + * @description + * Configure several aspects of error handling in AngularJS if used as a setter or return the + * current configuration if used as a getter. The following options are supported: + * + * - **objectMaxDepth**: The maximum depth to which objects are traversed when stringified for error messages. + * + * Omitted or undefined options will leave the corresponding configuration values unchanged. + * + * @param {Object=} config - The configuration object. May only contain the options that need to be + * updated. Supported keys: + * + * * `objectMaxDepth` **{Number}** - The max depth for stringifying objects. Setting to a + * non-positive or non-numeric value, removes the max depth limit. + * Default: 5 + */ +function errorHandlingConfig(config) { + if (isObject(config)) { + if (isDefined(config.objectMaxDepth)) { + minErrConfig.objectMaxDepth = isValidObjectMaxDepth(config.objectMaxDepth) ? config.objectMaxDepth : NaN; + } + } else { + return minErrConfig; + } +} + +/** + * @private + * @param {Number} maxDepth + * @return {boolean} + */ +function isValidObjectMaxDepth(maxDepth) { + return isNumber(maxDepth) && maxDepth > 0; +} + +/** + * @ngdoc function + * @name angular.lowercase + * @module ng + * @kind function + * + * @deprecated + * sinceVersion="1.5.0" + * removeVersion="1.7.0" + * Use [String.prototype.toLowerCase](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String/toLowerCase) instead. + * + * @description Converts the specified string to lowercase. + * @param {string} string String to be converted to lowercase. + * @returns {string} Lowercased string. + */ +var lowercase = function(string) {return isString(string) ? string.toLowerCase() : string;}; + +/** + * @ngdoc function + * @name angular.uppercase + * @module ng + * @kind function + * + * @deprecated + * sinceVersion="1.5.0" + * removeVersion="1.7.0" + * Use [String.prototype.toUpperCase](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String/toUpperCase) instead. + * + * @description Converts the specified string to uppercase. + * @param {string} string String to be converted to uppercase. + * @returns {string} Uppercased string. + */ +var uppercase = function(string) {return isString(string) ? string.toUpperCase() : string;}; + + +var manualLowercase = function(s) { + /* eslint-disable no-bitwise */ + return isString(s) + ? s.replace(/[A-Z]/g, function(ch) {return String.fromCharCode(ch.charCodeAt(0) | 32);}) + : s; + /* eslint-enable */ +}; +var manualUppercase = function(s) { + /* eslint-disable no-bitwise */ + return isString(s) + ? s.replace(/[a-z]/g, function(ch) {return String.fromCharCode(ch.charCodeAt(0) & ~32);}) + : s; + /* eslint-enable */ +}; + + +// String#toLowerCase and String#toUpperCase don't produce correct results in browsers with Turkish +// locale, for this reason we need to detect this case and redefine lowercase/uppercase methods +// with correct but slower alternatives. See https://github.com/angular/angular.js/issues/11387 +if ('i' !== 'I'.toLowerCase()) { + lowercase = manualLowercase; + uppercase = manualUppercase; +} + + +var + msie, // holds major version number for IE, or NaN if UA is not IE. + jqLite, // delay binding since jQuery could be loaded after us. + jQuery, // delay binding + slice = [].slice, + splice = [].splice, + push = [].push, + toString = Object.prototype.toString, + getPrototypeOf = Object.getPrototypeOf, + ngMinErr = minErr('ng'), + + /** @name angular */ + angular = window.angular || (window.angular = {}), + angularModule, + uid = 0; + +// Support: IE 9-11 only +/** + * documentMode is an IE-only property + * http://msdn.microsoft.com/en-us/library/ie/cc196988(v=vs.85).aspx + */ +msie = window.document.documentMode; + + +/** + * @private + * @param {*} obj + * @return {boolean} Returns true if `obj` is an array or array-like object (NodeList, Arguments, + * String ...) + */ +function isArrayLike(obj) { + + // `null`, `undefined` and `window` are not array-like + if (obj == null || isWindow(obj)) return false; + + // arrays, strings and jQuery/jqLite objects are array like + // * jqLite is either the jQuery or jqLite constructor function + // * we have to check the existence of jqLite first as this method is called + // via the forEach method when constructing the jqLite object in the first place + if (isArray(obj) || isString(obj) || (jqLite && obj instanceof jqLite)) return true; + + // Support: iOS 8.2 (not reproducible in simulator) + // "length" in obj used to prevent JIT error (gh-11508) + var length = 'length' in Object(obj) && obj.length; + + // NodeList objects (with `item` method) and + // other objects with suitable length characteristics are array-like + return isNumber(length) && + (length >= 0 && ((length - 1) in obj || obj instanceof Array) || typeof obj.item === 'function'); + +} + +/** + * @ngdoc function + * @name angular.forEach + * @module ng + * @kind function + * + * @description + * Invokes the `iterator` function once for each item in `obj` collection, which can be either an + * object or an array. The `iterator` function is invoked with `iterator(value, key, obj)`, where `value` + * is the value of an object property or an array element, `key` is the object property key or + * array element index and obj is the `obj` itself. Specifying a `context` for the function is optional. + * + * It is worth noting that `.forEach` does not iterate over inherited properties because it filters + * using the `hasOwnProperty` method. + * + * Unlike ES262's + * [Array.prototype.forEach](http://www.ecma-international.org/ecma-262/5.1/#sec-15.4.4.18), + * providing 'undefined' or 'null' values for `obj` will not throw a TypeError, but rather just + * return the value provided. + * + ```js + var values = {name: 'misko', gender: 'male'}; + var log = []; + angular.forEach(values, function(value, key) { + this.push(key + ': ' + value); + }, log); + expect(log).toEqual(['name: misko', 'gender: male']); + ``` + * + * @param {Object|Array} obj Object to iterate over. + * @param {Function} iterator Iterator function. + * @param {Object=} context Object to become context (`this`) for the iterator function. + * @returns {Object|Array} Reference to `obj`. + */ + +function forEach(obj, iterator, context) { + var key, length; + if (obj) { + if (isFunction(obj)) { + for (key in obj) { + if (key !== 'prototype' && key !== 'length' && key !== 'name' && obj.hasOwnProperty(key)) { + iterator.call(context, obj[key], key, obj); + } + } + } else if (isArray(obj) || isArrayLike(obj)) { + var isPrimitive = typeof obj !== 'object'; + for (key = 0, length = obj.length; key < length; key++) { + if (isPrimitive || key in obj) { + iterator.call(context, obj[key], key, obj); + } + } + } else if (obj.forEach && obj.forEach !== forEach) { + obj.forEach(iterator, context, obj); + } else if (isBlankObject(obj)) { + // createMap() fast path --- Safe to avoid hasOwnProperty check because prototype chain is empty + for (key in obj) { + iterator.call(context, obj[key], key, obj); + } + } else if (typeof obj.hasOwnProperty === 'function') { + // Slow path for objects inheriting Object.prototype, hasOwnProperty check needed + for (key in obj) { + if (obj.hasOwnProperty(key)) { + iterator.call(context, obj[key], key, obj); + } + } + } else { + // Slow path for objects which do not have a method `hasOwnProperty` + for (key in obj) { + if (hasOwnProperty.call(obj, key)) { + iterator.call(context, obj[key], key, obj); + } + } + } + } + return obj; +} + +function forEachSorted(obj, iterator, context) { + var keys = Object.keys(obj).sort(); + for (var i = 0; i < keys.length; i++) { + iterator.call(context, obj[keys[i]], keys[i]); + } + return keys; +} + + +/** + * when using forEach the params are value, key, but it is often useful to have key, value. + * @param {function(string, *)} iteratorFn + * @returns {function(*, string)} + */ +function reverseParams(iteratorFn) { + return function(value, key) {iteratorFn(key, value);}; +} + +/** + * A consistent way of creating unique IDs in angular. + * + * Using simple numbers allows us to generate 28.6 million unique ids per second for 10 years before + * we hit number precision issues in JavaScript. + * + * Math.pow(2,53) / 60 / 60 / 24 / 365 / 10 = 28.6M + * + * @returns {number} an unique alpha-numeric string + */ +function nextUid() { + return ++uid; +} + + +/** + * Set or clear the hashkey for an object. + * @param obj object + * @param h the hashkey (!truthy to delete the hashkey) + */ +function setHashKey(obj, h) { + if (h) { + obj.$$hashKey = h; + } else { + delete obj.$$hashKey; + } +} + + +function baseExtend(dst, objs, deep) { + var h = dst.$$hashKey; + + for (var i = 0, ii = objs.length; i < ii; ++i) { + var obj = objs[i]; + if (!isObject(obj) && !isFunction(obj)) continue; + var keys = Object.keys(obj); + for (var j = 0, jj = keys.length; j < jj; j++) { + var key = keys[j]; + var src = obj[key]; + + if (deep && isObject(src)) { + if (isDate(src)) { + dst[key] = new Date(src.valueOf()); + } else if (isRegExp(src)) { + dst[key] = new RegExp(src); + } else if (src.nodeName) { + dst[key] = src.cloneNode(true); + } else if (isElement(src)) { + dst[key] = src.clone(); + } else { + if (!isObject(dst[key])) dst[key] = isArray(src) ? [] : {}; + baseExtend(dst[key], [src], true); + } + } else { + dst[key] = src; + } + } + } + + setHashKey(dst, h); + return dst; +} + +/** + * @ngdoc function + * @name angular.extend + * @module ng + * @kind function + * + * @description + * Extends the destination object `dst` by copying own enumerable properties from the `src` object(s) + * to `dst`. You can specify multiple `src` objects. If you want to preserve original objects, you can do so + * by passing an empty object as the target: `var object = angular.extend({}, object1, object2)`. + * + * **Note:** Keep in mind that `angular.extend` does not support recursive merge (deep copy). Use + * {@link angular.merge} for this. + * + * @param {Object} dst Destination object. + * @param {...Object} src Source object(s). + * @returns {Object} Reference to `dst`. + */ +function extend(dst) { + return baseExtend(dst, slice.call(arguments, 1), false); +} + + +/** +* @ngdoc function +* @name angular.merge +* @module ng +* @kind function +* +* @description +* Deeply extends the destination object `dst` by copying own enumerable properties from the `src` object(s) +* to `dst`. You can specify multiple `src` objects. If you want to preserve original objects, you can do so +* by passing an empty object as the target: `var object = angular.merge({}, object1, object2)`. +* +* Unlike {@link angular.extend extend()}, `merge()` recursively descends into object properties of source +* objects, performing a deep copy. +* +* @param {Object} dst Destination object. +* @param {...Object} src Source object(s). +* @returns {Object} Reference to `dst`. +*/ +function merge(dst) { + return baseExtend(dst, slice.call(arguments, 1), true); +} + + + +function toInt(str) { + return parseInt(str, 10); +} + +var isNumberNaN = Number.isNaN || function isNumberNaN(num) { + // eslint-disable-next-line no-self-compare + return num !== num; +}; + + +function inherit(parent, extra) { + return extend(Object.create(parent), extra); +} + +/** + * @ngdoc function + * @name angular.noop + * @module ng + * @kind function + * + * @description + * A function that performs no operations. This function can be useful when writing code in the + * functional style. + ```js + function foo(callback) { + var result = calculateResult(); + (callback || angular.noop)(result); + } + ``` + */ +function noop() {} +noop.$inject = []; + + +/** + * @ngdoc function + * @name angular.identity + * @module ng + * @kind function + * + * @description + * A function that returns its first argument. This function is useful when writing code in the + * functional style. + * + ```js + function transformer(transformationFn, value) { + return (transformationFn || angular.identity)(value); + }; + + // E.g. + function getResult(fn, input) { + return (fn || angular.identity)(input); + }; + + getResult(function(n) { return n * 2; }, 21); // returns 42 + getResult(null, 21); // returns 21 + getResult(undefined, 21); // returns 21 + ``` + * + * @param {*} value to be returned. + * @returns {*} the value passed in. + */ +function identity($) {return $;} +identity.$inject = []; + + +function valueFn(value) {return function valueRef() {return value;};} + +function hasCustomToString(obj) { + return isFunction(obj.toString) && obj.toString !== toString; +} + + +/** + * @ngdoc function + * @name angular.isUndefined + * @module ng + * @kind function + * + * @description + * Determines if a reference is undefined. + * + * @param {*} value Reference to check. + * @returns {boolean} True if `value` is undefined. + */ +function isUndefined(value) {return typeof value === 'undefined';} + + +/** + * @ngdoc function + * @name angular.isDefined + * @module ng + * @kind function + * + * @description + * Determines if a reference is defined. + * + * @param {*} value Reference to check. + * @returns {boolean} True if `value` is defined. + */ +function isDefined(value) {return typeof value !== 'undefined';} + + +/** + * @ngdoc function + * @name angular.isObject + * @module ng + * @kind function + * + * @description + * Determines if a reference is an `Object`. Unlike `typeof` in JavaScript, `null`s are not + * considered to be objects. Note that JavaScript arrays are objects. + * + * @param {*} value Reference to check. + * @returns {boolean} True if `value` is an `Object` but not `null`. + */ +function isObject(value) { + // http://jsperf.com/isobject4 + return value !== null && typeof value === 'object'; +} + + +/** + * Determine if a value is an object with a null prototype + * + * @returns {boolean} True if `value` is an `Object` with a null prototype + */ +function isBlankObject(value) { + return value !== null && typeof value === 'object' && !getPrototypeOf(value); +} + + +/** + * @ngdoc function + * @name angular.isString + * @module ng + * @kind function + * + * @description + * Determines if a reference is a `String`. + * + * @param {*} value Reference to check. + * @returns {boolean} True if `value` is a `String`. + */ +function isString(value) {return typeof value === 'string';} + + +/** + * @ngdoc function + * @name angular.isNumber + * @module ng + * @kind function + * + * @description + * Determines if a reference is a `Number`. + * + * This includes the "special" numbers `NaN`, `+Infinity` and `-Infinity`. + * + * If you wish to exclude these then you can use the native + * [`isFinite'](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/isFinite) + * method. + * + * @param {*} value Reference to check. + * @returns {boolean} True if `value` is a `Number`. + */ +function isNumber(value) {return typeof value === 'number';} + + +/** + * @ngdoc function + * @name angular.isDate + * @module ng + * @kind function + * + * @description + * Determines if a value is a date. + * + * @param {*} value Reference to check. + * @returns {boolean} True if `value` is a `Date`. + */ +function isDate(value) { + return toString.call(value) === '[object Date]'; +} + + +/** + * @ngdoc function + * @name angular.isArray + * @module ng + * @kind function + * + * @description + * Determines if a reference is an `Array`. Alias of Array.isArray. + * + * @param {*} value Reference to check. + * @returns {boolean} True if `value` is an `Array`. + */ +var isArray = Array.isArray; + +/** + * @ngdoc function + * @name angular.isFunction + * @module ng + * @kind function + * + * @description + * Determines if a reference is a `Function`. + * + * @param {*} value Reference to check. + * @returns {boolean} True if `value` is a `Function`. + */ +function isFunction(value) {return typeof value === 'function';} + + +/** + * Determines if a value is a regular expression object. + * + * @private + * @param {*} value Reference to check. + * @returns {boolean} True if `value` is a `RegExp`. + */ +function isRegExp(value) { + return toString.call(value) === '[object RegExp]'; +} + + +/** + * Checks if `obj` is a window object. + * + * @private + * @param {*} obj Object to check + * @returns {boolean} True if `obj` is a window obj. + */ +function isWindow(obj) { + return obj && obj.window === obj; +} + + +function isScope(obj) { + return obj && obj.$evalAsync && obj.$watch; +} + + +function isFile(obj) { + return toString.call(obj) === '[object File]'; +} + + +function isFormData(obj) { + return toString.call(obj) === '[object FormData]'; +} + + +function isBlob(obj) { + return toString.call(obj) === '[object Blob]'; +} + + +function isBoolean(value) { + return typeof value === 'boolean'; +} + + +function isPromiseLike(obj) { + return obj && isFunction(obj.then); +} + + +var TYPED_ARRAY_REGEXP = /^\[object (?:Uint8|Uint8Clamped|Uint16|Uint32|Int8|Int16|Int32|Float32|Float64)Array]$/; +function isTypedArray(value) { + return value && isNumber(value.length) && TYPED_ARRAY_REGEXP.test(toString.call(value)); +} + +function isArrayBuffer(obj) { + return toString.call(obj) === '[object ArrayBuffer]'; +} + + +var trim = function(value) { + return isString(value) ? value.trim() : value; +}; + +// Copied from: +// http://docs.closure-library.googlecode.com/git/local_closure_goog_string_string.js.source.html#line1021 +// Prereq: s is a string. +var escapeForRegexp = function(s) { + return s + .replace(/([-()[\]{}+?*.$^|,:#= 0) { + array.splice(index, 1); + } + return index; +} + +/** + * @ngdoc function + * @name angular.copy + * @module ng + * @kind function + * + * @description + * Creates a deep copy of `source`, which should be an object or an array. + * + * * If no destination is supplied, a copy of the object or array is created. + * * If a destination is provided, all of its elements (for arrays) or properties (for objects) + * are deleted and then all elements/properties from the source are copied to it. + * * If `source` is not an object or array (inc. `null` and `undefined`), `source` is returned. + * * If `source` is identical to `destination` an exception will be thrown. + * + *
    + *
    + * Only enumerable properties are taken into account. Non-enumerable properties (both on `source` + * and on `destination`) will be ignored. + *
    + * + * @param {*} source The source that will be used to make a copy. + * Can be any type, including primitives, `null`, and `undefined`. + * @param {(Object|Array)=} destination Destination into which the source is copied. If + * provided, must be of the same type as `source`. + * @returns {*} The copy or updated `destination`, if `destination` was specified. + * + * @example + + +
    +
    +
    +
    + Gender: +
    + + +
    +
    form = {{user | json}}
    +
    master = {{master | json}}
    +
    +
    + + // Module: copyExample + angular. + module('copyExample', []). + controller('ExampleController', ['$scope', function($scope) { + $scope.master = {}; + + $scope.reset = function() { + // Example with 1 argument + $scope.user = angular.copy($scope.master); + }; + + $scope.update = function(user) { + // Example with 2 arguments + angular.copy(user, $scope.master); + }; + + $scope.reset(); + }]); + +
    + */ +function copy(source, destination, maxDepth) { + var stackSource = []; + var stackDest = []; + maxDepth = isValidObjectMaxDepth(maxDepth) ? maxDepth : NaN; + + if (destination) { + if (isTypedArray(destination) || isArrayBuffer(destination)) { + throw ngMinErr('cpta', 'Can\'t copy! TypedArray destination cannot be mutated.'); + } + if (source === destination) { + throw ngMinErr('cpi', 'Can\'t copy! Source and destination are identical.'); + } + + // Empty the destination object + if (isArray(destination)) { + destination.length = 0; + } else { + forEach(destination, function(value, key) { + if (key !== '$$hashKey') { + delete destination[key]; + } + }); + } + + stackSource.push(source); + stackDest.push(destination); + return copyRecurse(source, destination, maxDepth); + } + + return copyElement(source, maxDepth); + + function copyRecurse(source, destination, maxDepth) { + maxDepth--; + if (maxDepth < 0) { + return '...'; + } + var h = destination.$$hashKey; + var key; + if (isArray(source)) { + for (var i = 0, ii = source.length; i < ii; i++) { + destination.push(copyElement(source[i], maxDepth)); + } + } else if (isBlankObject(source)) { + // createMap() fast path --- Safe to avoid hasOwnProperty check because prototype chain is empty + for (key in source) { + destination[key] = copyElement(source[key], maxDepth); + } + } else if (source && typeof source.hasOwnProperty === 'function') { + // Slow path, which must rely on hasOwnProperty + for (key in source) { + if (source.hasOwnProperty(key)) { + destination[key] = copyElement(source[key], maxDepth); + } + } + } else { + // Slowest path --- hasOwnProperty can't be called as a method + for (key in source) { + if (hasOwnProperty.call(source, key)) { + destination[key] = copyElement(source[key], maxDepth); + } + } + } + setHashKey(destination, h); + return destination; + } + + function copyElement(source, maxDepth) { + // Simple values + if (!isObject(source)) { + return source; + } + + // Already copied values + var index = stackSource.indexOf(source); + if (index !== -1) { + return stackDest[index]; + } + + if (isWindow(source) || isScope(source)) { + throw ngMinErr('cpws', + 'Can\'t copy! Making copies of Window or Scope instances is not supported.'); + } + + var needsRecurse = false; + var destination = copyType(source); + + if (destination === undefined) { + destination = isArray(source) ? [] : Object.create(getPrototypeOf(source)); + needsRecurse = true; + } + + stackSource.push(source); + stackDest.push(destination); + + return needsRecurse + ? copyRecurse(source, destination, maxDepth) + : destination; + } + + function copyType(source) { + switch (toString.call(source)) { + case '[object Int8Array]': + case '[object Int16Array]': + case '[object Int32Array]': + case '[object Float32Array]': + case '[object Float64Array]': + case '[object Uint8Array]': + case '[object Uint8ClampedArray]': + case '[object Uint16Array]': + case '[object Uint32Array]': + return new source.constructor(copyElement(source.buffer), source.byteOffset, source.length); + + case '[object ArrayBuffer]': + // Support: IE10 + if (!source.slice) { + // If we're in this case we know the environment supports ArrayBuffer + /* eslint-disable no-undef */ + var copied = new ArrayBuffer(source.byteLength); + new Uint8Array(copied).set(new Uint8Array(source)); + /* eslint-enable */ + return copied; + } + return source.slice(0); + + case '[object Boolean]': + case '[object Number]': + case '[object String]': + case '[object Date]': + return new source.constructor(source.valueOf()); + + case '[object RegExp]': + var re = new RegExp(source.source, source.toString().match(/[^/]*$/)[0]); + re.lastIndex = source.lastIndex; + return re; + + case '[object Blob]': + return new source.constructor([source], {type: source.type}); + } + + if (isFunction(source.cloneNode)) { + return source.cloneNode(true); + } + } +} + + +// eslint-disable-next-line no-self-compare +function simpleCompare(a, b) { return a === b || (a !== a && b !== b); } + + +/** + * @ngdoc function + * @name angular.equals + * @module ng + * @kind function + * + * @description + * Determines if two objects or two values are equivalent. Supports value types, regular + * expressions, arrays and objects. + * + * Two objects or values are considered equivalent if at least one of the following is true: + * + * * Both objects or values pass `===` comparison. + * * Both objects or values are of the same type and all of their properties are equal by + * comparing them with `angular.equals`. + * * Both values are NaN. (In JavaScript, NaN == NaN => false. But we consider two NaN as equal) + * * Both values represent the same regular expression (In JavaScript, + * /abc/ == /abc/ => false. But we consider two regular expressions as equal when their textual + * representation matches). + * + * During a property comparison, properties of `function` type and properties with names + * that begin with `$` are ignored. + * + * Scope and DOMWindow objects are being compared only by identify (`===`). + * + * @param {*} o1 Object or value to compare. + * @param {*} o2 Object or value to compare. + * @returns {boolean} True if arguments are equal. + * + * @example + + +
    +
    +

    User 1

    + Name: + Age: + +

    User 2

    + Name: + Age: + +
    +
    + +
    + User 1:
    {{user1 | json}}
    + User 2:
    {{user2 | json}}
    + Equal:
    {{result}}
    +
    +
    +
    + + angular.module('equalsExample', []).controller('ExampleController', ['$scope', function($scope) { + $scope.user1 = {}; + $scope.user2 = {}; + $scope.compare = function() { + $scope.result = angular.equals($scope.user1, $scope.user2); + }; + }]); + +
    + */ +function equals(o1, o2) { + if (o1 === o2) return true; + if (o1 === null || o2 === null) return false; + // eslint-disable-next-line no-self-compare + if (o1 !== o1 && o2 !== o2) return true; // NaN === NaN + var t1 = typeof o1, t2 = typeof o2, length, key, keySet; + if (t1 === t2 && t1 === 'object') { + if (isArray(o1)) { + if (!isArray(o2)) return false; + if ((length = o1.length) === o2.length) { + for (key = 0; key < length; key++) { + if (!equals(o1[key], o2[key])) return false; + } + return true; + } + } else if (isDate(o1)) { + if (!isDate(o2)) return false; + return simpleCompare(o1.getTime(), o2.getTime()); + } else if (isRegExp(o1)) { + if (!isRegExp(o2)) return false; + return o1.toString() === o2.toString(); + } else { + if (isScope(o1) || isScope(o2) || isWindow(o1) || isWindow(o2) || + isArray(o2) || isDate(o2) || isRegExp(o2)) return false; + keySet = createMap(); + for (key in o1) { + if (key.charAt(0) === '$' || isFunction(o1[key])) continue; + if (!equals(o1[key], o2[key])) return false; + keySet[key] = true; + } + for (key in o2) { + if (!(key in keySet) && + key.charAt(0) !== '$' && + isDefined(o2[key]) && + !isFunction(o2[key])) return false; + } + return true; + } + } + return false; +} + +var csp = function() { + if (!isDefined(csp.rules)) { + + + var ngCspElement = (window.document.querySelector('[ng-csp]') || + window.document.querySelector('[data-ng-csp]')); + + if (ngCspElement) { + var ngCspAttribute = ngCspElement.getAttribute('ng-csp') || + ngCspElement.getAttribute('data-ng-csp'); + csp.rules = { + noUnsafeEval: !ngCspAttribute || (ngCspAttribute.indexOf('no-unsafe-eval') !== -1), + noInlineStyle: !ngCspAttribute || (ngCspAttribute.indexOf('no-inline-style') !== -1) + }; + } else { + csp.rules = { + noUnsafeEval: noUnsafeEval(), + noInlineStyle: false + }; + } + } + + return csp.rules; + + function noUnsafeEval() { + try { + // eslint-disable-next-line no-new, no-new-func + new Function(''); + return false; + } catch (e) { + return true; + } + } +}; + +/** + * @ngdoc directive + * @module ng + * @name ngJq + * + * @element ANY + * @param {string=} ngJq the name of the library available under `window` + * to be used for angular.element + * @description + * Use this directive to force the angular.element library. This should be + * used to force either jqLite by leaving ng-jq blank or setting the name of + * the jquery variable under window (eg. jQuery). + * + * Since angular looks for this directive when it is loaded (doesn't wait for the + * DOMContentLoaded event), it must be placed on an element that comes before the script + * which loads angular. Also, only the first instance of `ng-jq` will be used and all + * others ignored. + * + * @example + * This example shows how to force jqLite using the `ngJq` directive to the `html` tag. + ```html + + + ... + ... + + ``` + * @example + * This example shows how to use a jQuery based library of a different name. + * The library name must be available at the top most 'window'. + ```html + + + ... + ... + + ``` + */ +var jq = function() { + if (isDefined(jq.name_)) return jq.name_; + var el; + var i, ii = ngAttrPrefixes.length, prefix, name; + for (i = 0; i < ii; ++i) { + prefix = ngAttrPrefixes[i]; + el = window.document.querySelector('[' + prefix.replace(':', '\\:') + 'jq]'); + if (el) { + name = el.getAttribute(prefix + 'jq'); + break; + } + } + + return (jq.name_ = name); +}; + +function concat(array1, array2, index) { + return array1.concat(slice.call(array2, index)); +} + +function sliceArgs(args, startIndex) { + return slice.call(args, startIndex || 0); +} + + +/** + * @ngdoc function + * @name angular.bind + * @module ng + * @kind function + * + * @description + * Returns a function which calls function `fn` bound to `self` (`self` becomes the `this` for + * `fn`). You can supply optional `args` that are prebound to the function. This feature is also + * known as [partial application](http://en.wikipedia.org/wiki/Partial_application), as + * distinguished from [function currying](http://en.wikipedia.org/wiki/Currying#Contrast_with_partial_function_application). + * + * @param {Object} self Context which `fn` should be evaluated in. + * @param {function()} fn Function to be bound. + * @param {...*} args Optional arguments to be prebound to the `fn` function call. + * @returns {function()} Function that wraps the `fn` with all the specified bindings. + */ +function bind(self, fn) { + var curryArgs = arguments.length > 2 ? sliceArgs(arguments, 2) : []; + if (isFunction(fn) && !(fn instanceof RegExp)) { + return curryArgs.length + ? function() { + return arguments.length + ? fn.apply(self, concat(curryArgs, arguments, 0)) + : fn.apply(self, curryArgs); + } + : function() { + return arguments.length + ? fn.apply(self, arguments) + : fn.call(self); + }; + } else { + // In IE, native methods are not functions so they cannot be bound (note: they don't need to be). + return fn; + } +} + + +function toJsonReplacer(key, value) { + var val = value; + + if (typeof key === 'string' && key.charAt(0) === '$' && key.charAt(1) === '$') { + val = undefined; + } else if (isWindow(value)) { + val = '$WINDOW'; + } else if (value && window.document === value) { + val = '$DOCUMENT'; + } else if (isScope(value)) { + val = '$SCOPE'; + } + + return val; +} + + +/** + * @ngdoc function + * @name angular.toJson + * @module ng + * @kind function + * + * @description + * Serializes input into a JSON-formatted string. Properties with leading $$ characters will be + * stripped since angular uses this notation internally. + * + * @param {Object|Array|Date|string|number|boolean} obj Input to be serialized into JSON. + * @param {boolean|number} [pretty=2] If set to true, the JSON output will contain newlines and whitespace. + * If set to an integer, the JSON output will contain that many spaces per indentation. + * @returns {string|undefined} JSON-ified string representing `obj`. + * @knownIssue + * + * The Safari browser throws a `RangeError` instead of returning `null` when it tries to stringify a `Date` + * object with an invalid date value. The only reliable way to prevent this is to monkeypatch the + * `Date.prototype.toJSON` method as follows: + * + * ``` + * var _DatetoJSON = Date.prototype.toJSON; + * Date.prototype.toJSON = function() { + * try { + * return _DatetoJSON.call(this); + * } catch(e) { + * if (e instanceof RangeError) { + * return null; + * } + * throw e; + * } + * }; + * ``` + * + * See https://github.com/angular/angular.js/pull/14221 for more information. + */ +function toJson(obj, pretty) { + if (isUndefined(obj)) return undefined; + if (!isNumber(pretty)) { + pretty = pretty ? 2 : null; + } + return JSON.stringify(obj, toJsonReplacer, pretty); +} + + +/** + * @ngdoc function + * @name angular.fromJson + * @module ng + * @kind function + * + * @description + * Deserializes a JSON string. + * + * @param {string} json JSON string to deserialize. + * @returns {Object|Array|string|number} Deserialized JSON string. + */ +function fromJson(json) { + return isString(json) + ? JSON.parse(json) + : json; +} + + +var ALL_COLONS = /:/g; +function timezoneToOffset(timezone, fallback) { + // Support: IE 9-11 only, Edge 13-14+ + // IE/Edge do not "understand" colon (`:`) in timezone + timezone = timezone.replace(ALL_COLONS, ''); + var requestedTimezoneOffset = Date.parse('Jan 01, 1970 00:00:00 ' + timezone) / 60000; + return isNumberNaN(requestedTimezoneOffset) ? fallback : requestedTimezoneOffset; +} + + +function addDateMinutes(date, minutes) { + date = new Date(date.getTime()); + date.setMinutes(date.getMinutes() + minutes); + return date; +} + + +function convertTimezoneToLocal(date, timezone, reverse) { + reverse = reverse ? -1 : 1; + var dateTimezoneOffset = date.getTimezoneOffset(); + var timezoneOffset = timezoneToOffset(timezone, dateTimezoneOffset); + return addDateMinutes(date, reverse * (timezoneOffset - dateTimezoneOffset)); +} + + +/** + * @returns {string} Returns the string representation of the element. + */ +function startingTag(element) { + element = jqLite(element).clone(); + try { + // turns out IE does not let you set .html() on elements which + // are not allowed to have children. So we just ignore it. + element.empty(); + } catch (e) { /* empty */ } + var elemHtml = jqLite('
    ').append(element).html(); + try { + return element[0].nodeType === NODE_TYPE_TEXT ? lowercase(elemHtml) : + elemHtml. + match(/^(<[^>]+>)/)[1]. + replace(/^<([\w-]+)/, function(match, nodeName) {return '<' + lowercase(nodeName);}); + } catch (e) { + return lowercase(elemHtml); + } + +} + + +///////////////////////////////////////////////// + +/** + * Tries to decode the URI component without throwing an exception. + * + * @private + * @param str value potential URI component to check. + * @returns {boolean} True if `value` can be decoded + * with the decodeURIComponent function. + */ +function tryDecodeURIComponent(value) { + try { + return decodeURIComponent(value); + } catch (e) { + // Ignore any invalid uri component. + } +} + + +/** + * Parses an escaped url query string into key-value pairs. + * @returns {Object.} + */ +function parseKeyValue(/**string*/keyValue) { + var obj = {}; + forEach((keyValue || '').split('&'), function(keyValue) { + var splitPoint, key, val; + if (keyValue) { + key = keyValue = keyValue.replace(/\+/g,'%20'); + splitPoint = keyValue.indexOf('='); + if (splitPoint !== -1) { + key = keyValue.substring(0, splitPoint); + val = keyValue.substring(splitPoint + 1); + } + key = tryDecodeURIComponent(key); + if (isDefined(key)) { + val = isDefined(val) ? tryDecodeURIComponent(val) : true; + if (!hasOwnProperty.call(obj, key)) { + obj[key] = val; + } else if (isArray(obj[key])) { + obj[key].push(val); + } else { + obj[key] = [obj[key],val]; + } + } + } + }); + return obj; +} + +function toKeyValue(obj) { + var parts = []; + forEach(obj, function(value, key) { + if (isArray(value)) { + forEach(value, function(arrayValue) { + parts.push(encodeUriQuery(key, true) + + (arrayValue === true ? '' : '=' + encodeUriQuery(arrayValue, true))); + }); + } else { + parts.push(encodeUriQuery(key, true) + + (value === true ? '' : '=' + encodeUriQuery(value, true))); + } + }); + return parts.length ? parts.join('&') : ''; +} + + +/** + * We need our custom method because encodeURIComponent is too aggressive and doesn't follow + * http://www.ietf.org/rfc/rfc3986.txt with regards to the character set (pchar) allowed in path + * segments: + * segment = *pchar + * pchar = unreserved / pct-encoded / sub-delims / ":" / "@" + * pct-encoded = "%" HEXDIG HEXDIG + * unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" + * sub-delims = "!" / "$" / "&" / "'" / "(" / ")" + * / "*" / "+" / "," / ";" / "=" + */ +function encodeUriSegment(val) { + return encodeUriQuery(val, true). + replace(/%26/gi, '&'). + replace(/%3D/gi, '='). + replace(/%2B/gi, '+'); +} + + +/** + * This method is intended for encoding *key* or *value* parts of query component. We need a custom + * method because encodeURIComponent is too aggressive and encodes stuff that doesn't have to be + * encoded per http://tools.ietf.org/html/rfc3986: + * query = *( pchar / "/" / "?" ) + * pchar = unreserved / pct-encoded / sub-delims / ":" / "@" + * unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" + * pct-encoded = "%" HEXDIG HEXDIG + * sub-delims = "!" / "$" / "&" / "'" / "(" / ")" + * / "*" / "+" / "," / ";" / "=" + */ +function encodeUriQuery(val, pctEncodeSpaces) { + return encodeURIComponent(val). + replace(/%40/gi, '@'). + replace(/%3A/gi, ':'). + replace(/%24/g, '$'). + replace(/%2C/gi, ','). + replace(/%3B/gi, ';'). + replace(/%20/g, (pctEncodeSpaces ? '%20' : '+')); +} + +var ngAttrPrefixes = ['ng-', 'data-ng-', 'ng:', 'x-ng-']; + +function getNgAttribute(element, ngAttr) { + var attr, i, ii = ngAttrPrefixes.length; + for (i = 0; i < ii; ++i) { + attr = ngAttrPrefixes[i] + ngAttr; + if (isString(attr = element.getAttribute(attr))) { + return attr; + } + } + return null; +} + +function allowAutoBootstrap(document) { + var script = document.currentScript; + + if (!script) { + // IE does not have `document.currentScript` + return true; + } + + // If the `currentScript` property has been clobbered just return false, since this indicates a probable attack + if (!(script instanceof window.HTMLScriptElement || script instanceof window.SVGScriptElement)) { + return false; + } + + var attributes = script.attributes; + var srcs = [attributes.getNamedItem('src'), attributes.getNamedItem('href'), attributes.getNamedItem('xlink:href')]; + + return srcs.every(function(src) { + if (!src) { + return true; + } + if (!src.value) { + return false; + } + + var link = document.createElement('a'); + link.href = src.value; + + if (document.location.origin === link.origin) { + // Same-origin resources are always allowed, even for non-whitelisted schemes. + return true; + } + // Disabled bootstrapping unless angular.js was loaded from a known scheme used on the web. + // This is to prevent angular.js bundled with browser extensions from being used to bypass the + // content security policy in web pages and other browser extensions. + switch (link.protocol) { + case 'http:': + case 'https:': + case 'ftp:': + case 'blob:': + case 'file:': + case 'data:': + return true; + default: + return false; + } + }); +} + +// Cached as it has to run during loading so that document.currentScript is available. +var isAutoBootstrapAllowed = allowAutoBootstrap(window.document); + +/** + * @ngdoc directive + * @name ngApp + * @module ng + * + * @element ANY + * @param {angular.Module} ngApp an optional application + * {@link angular.module module} name to load. + * @param {boolean=} ngStrictDi if this attribute is present on the app element, the injector will be + * created in "strict-di" mode. This means that the application will fail to invoke functions which + * do not use explicit function annotation (and are thus unsuitable for minification), as described + * in {@link guide/di the Dependency Injection guide}, and useful debugging info will assist in + * tracking down the root of these bugs. + * + * @description + * + * Use this directive to **auto-bootstrap** an AngularJS application. The `ngApp` directive + * designates the **root element** of the application and is typically placed near the root element + * of the page - e.g. on the `` or `` tags. + * + * There are a few things to keep in mind when using `ngApp`: + * - only one AngularJS application can be auto-bootstrapped per HTML document. The first `ngApp` + * found in the document will be used to define the root element to auto-bootstrap as an + * application. To run multiple applications in an HTML document you must manually bootstrap them using + * {@link angular.bootstrap} instead. + * - AngularJS applications cannot be nested within each other. + * - Do not use a directive that uses {@link ng.$compile#transclusion transclusion} on the same element as `ngApp`. + * This includes directives such as {@link ng.ngIf `ngIf`}, {@link ng.ngInclude `ngInclude`} and + * {@link ngRoute.ngView `ngView`}. + * Doing this misplaces the app {@link ng.$rootElement `$rootElement`} and the app's {@link auto.$injector injector}, + * causing animations to stop working and making the injector inaccessible from outside the app. + * + * You can specify an **AngularJS module** to be used as the root module for the application. This + * module will be loaded into the {@link auto.$injector} when the application is bootstrapped. It + * should contain the application code needed or have dependencies on other modules that will + * contain the code. See {@link angular.module} for more information. + * + * In the example below if the `ngApp` directive were not placed on the `html` element then the + * document would not be compiled, the `AppController` would not be instantiated and the `{{ a+b }}` + * would not be resolved to `3`. + * + * `ngApp` is the easiest, and most common way to bootstrap an application. + * + + +
    + I can add: {{a}} + {{b}} = {{ a+b }} +
    +
    + + angular.module('ngAppDemo', []).controller('ngAppDemoController', function($scope) { + $scope.a = 1; + $scope.b = 2; + }); + +
    + * + * Using `ngStrictDi`, you would see something like this: + * + + +
    +
    + I can add: {{a}} + {{b}} = {{ a+b }} + +

    This renders because the controller does not fail to + instantiate, by using explicit annotation style (see + script.js for details) +

    +
    + +
    + Name:
    + Hello, {{name}}! + +

    This renders because the controller does not fail to + instantiate, by using explicit annotation style + (see script.js for details) +

    +
    + +
    + I can add: {{a}} + {{b}} = {{ a+b }} + +

    The controller could not be instantiated, due to relying + on automatic function annotations (which are disabled in + strict mode). As such, the content of this section is not + interpolated, and there should be an error in your web console. +

    +
    +
    +
    + + angular.module('ngAppStrictDemo', []) + // BadController will fail to instantiate, due to relying on automatic function annotation, + // rather than an explicit annotation + .controller('BadController', function($scope) { + $scope.a = 1; + $scope.b = 2; + }) + // Unlike BadController, GoodController1 and GoodController2 will not fail to be instantiated, + // due to using explicit annotations using the array style and $inject property, respectively. + .controller('GoodController1', ['$scope', function($scope) { + $scope.a = 1; + $scope.b = 2; + }]) + .controller('GoodController2', GoodController2); + function GoodController2($scope) { + $scope.name = 'World'; + } + GoodController2.$inject = ['$scope']; + + + div[ng-controller] { + margin-bottom: 1em; + -webkit-border-radius: 4px; + border-radius: 4px; + border: 1px solid; + padding: .5em; + } + div[ng-controller^=Good] { + border-color: #d6e9c6; + background-color: #dff0d8; + color: #3c763d; + } + div[ng-controller^=Bad] { + border-color: #ebccd1; + background-color: #f2dede; + color: #a94442; + margin-bottom: 0; + } + +
    + */ +function angularInit(element, bootstrap) { + var appElement, + module, + config = {}; + + // The element `element` has priority over any other element. + forEach(ngAttrPrefixes, function(prefix) { + var name = prefix + 'app'; + + if (!appElement && element.hasAttribute && element.hasAttribute(name)) { + appElement = element; + module = element.getAttribute(name); + } + }); + forEach(ngAttrPrefixes, function(prefix) { + var name = prefix + 'app'; + var candidate; + + if (!appElement && (candidate = element.querySelector('[' + name.replace(':', '\\:') + ']'))) { + appElement = candidate; + module = candidate.getAttribute(name); + } + }); + if (appElement) { + if (!isAutoBootstrapAllowed) { + window.console.error('Angular: disabling automatic bootstrap. + * + * + * + * ``` + * + * @param {DOMElement} element DOM element which is the root of angular application. + * @param {Array=} modules an array of modules to load into the application. + * Each item in the array should be the name of a predefined module or a (DI annotated) + * function that will be invoked by the injector as a `config` block. + * See: {@link angular.module modules} + * @param {Object=} config an object for defining configuration options for the application. The + * following keys are supported: + * + * * `strictDi` - disable automatic function annotation for the application. This is meant to + * assist in finding bugs which break minified code. Defaults to `false`. + * + * @returns {auto.$injector} Returns the newly created injector for this app. + */ +function bootstrap(element, modules, config) { + if (!isObject(config)) config = {}; + var defaultConfig = { + strictDi: false + }; + config = extend(defaultConfig, config); + var doBootstrap = function() { + element = jqLite(element); + + if (element.injector()) { + var tag = (element[0] === window.document) ? 'document' : startingTag(element); + // Encode angle brackets to prevent input from being sanitized to empty string #8683. + throw ngMinErr( + 'btstrpd', + 'App already bootstrapped with this element \'{0}\'', + tag.replace(//,'>')); + } + + modules = modules || []; + modules.unshift(['$provide', function($provide) { + $provide.value('$rootElement', element); + }]); + + if (config.debugInfoEnabled) { + // Pushing so that this overrides `debugInfoEnabled` setting defined in user's `modules`. + modules.push(['$compileProvider', function($compileProvider) { + $compileProvider.debugInfoEnabled(true); + }]); + } + + modules.unshift('ng'); + var injector = createInjector(modules, config.strictDi); + injector.invoke(['$rootScope', '$rootElement', '$compile', '$injector', + function bootstrapApply(scope, element, compile, injector) { + scope.$apply(function() { + element.data('$injector', injector); + compile(element)(scope); + }); + }] + ); + return injector; + }; + + var NG_ENABLE_DEBUG_INFO = /^NG_ENABLE_DEBUG_INFO!/; + var NG_DEFER_BOOTSTRAP = /^NG_DEFER_BOOTSTRAP!/; + + if (window && NG_ENABLE_DEBUG_INFO.test(window.name)) { + config.debugInfoEnabled = true; + window.name = window.name.replace(NG_ENABLE_DEBUG_INFO, ''); + } + + if (window && !NG_DEFER_BOOTSTRAP.test(window.name)) { + return doBootstrap(); + } + + window.name = window.name.replace(NG_DEFER_BOOTSTRAP, ''); + angular.resumeBootstrap = function(extraModules) { + forEach(extraModules, function(module) { + modules.push(module); + }); + return doBootstrap(); + }; + + if (isFunction(angular.resumeDeferredBootstrap)) { + angular.resumeDeferredBootstrap(); + } +} + +/** + * @ngdoc function + * @name angular.reloadWithDebugInfo + * @module ng + * @description + * Use this function to reload the current application with debug information turned on. + * This takes precedence over a call to `$compileProvider.debugInfoEnabled(false)`. + * + * See {@link ng.$compileProvider#debugInfoEnabled} for more. + */ +function reloadWithDebugInfo() { + window.name = 'NG_ENABLE_DEBUG_INFO!' + window.name; + window.location.reload(); +} + +/** + * @name angular.getTestability + * @module ng + * @description + * Get the testability service for the instance of Angular on the given + * element. + * @param {DOMElement} element DOM element which is the root of angular application. + */ +function getTestability(rootElement) { + var injector = angular.element(rootElement).injector(); + if (!injector) { + throw ngMinErr('test', + 'no injector found for element argument to getTestability'); + } + return injector.get('$$testability'); +} + +var SNAKE_CASE_REGEXP = /[A-Z]/g; +function snake_case(name, separator) { + separator = separator || '_'; + return name.replace(SNAKE_CASE_REGEXP, function(letter, pos) { + return (pos ? separator : '') + letter.toLowerCase(); + }); +} + +var bindJQueryFired = false; +function bindJQuery() { + var originalCleanData; + + if (bindJQueryFired) { + return; + } + + // bind to jQuery if present; + var jqName = jq(); + jQuery = isUndefined(jqName) ? window.jQuery : // use jQuery (if present) + !jqName ? undefined : // use jqLite + window[jqName]; // use jQuery specified by `ngJq` + + // Use jQuery if it exists with proper functionality, otherwise default to us. + // Angular 1.2+ requires jQuery 1.7+ for on()/off() support. + // Angular 1.3+ technically requires at least jQuery 2.1+ but it may work with older + // versions. It will not work for sure with jQuery <1.7, though. + if (jQuery && jQuery.fn.on) { + jqLite = jQuery; + extend(jQuery.fn, { + scope: JQLitePrototype.scope, + isolateScope: JQLitePrototype.isolateScope, + controller: /** @type {?} */ (JQLitePrototype).controller, + injector: JQLitePrototype.injector, + inheritedData: JQLitePrototype.inheritedData + }); + + // All nodes removed from the DOM via various jQuery APIs like .remove() + // are passed through jQuery.cleanData. Monkey-patch this method to fire + // the $destroy event on all removed nodes. + originalCleanData = jQuery.cleanData; + jQuery.cleanData = function(elems) { + var events; + for (var i = 0, elem; (elem = elems[i]) != null; i++) { + events = jQuery._data(elem, 'events'); + if (events && events.$destroy) { + jQuery(elem).triggerHandler('$destroy'); + } + } + originalCleanData(elems); + }; + } else { + jqLite = JQLite; + } + + angular.element = jqLite; + + // Prevent double-proxying. + bindJQueryFired = true; +} + +/** + * throw error if the argument is falsy. + */ +function assertArg(arg, name, reason) { + if (!arg) { + throw ngMinErr('areq', 'Argument \'{0}\' is {1}', (name || '?'), (reason || 'required')); + } + return arg; +} + +function assertArgFn(arg, name, acceptArrayAnnotation) { + if (acceptArrayAnnotation && isArray(arg)) { + arg = arg[arg.length - 1]; + } + + assertArg(isFunction(arg), name, 'not a function, got ' + + (arg && typeof arg === 'object' ? arg.constructor.name || 'Object' : typeof arg)); + return arg; +} + +/** + * throw error if the name given is hasOwnProperty + * @param {String} name the name to test + * @param {String} context the context in which the name is used, such as module or directive + */ +function assertNotHasOwnProperty(name, context) { + if (name === 'hasOwnProperty') { + throw ngMinErr('badname', 'hasOwnProperty is not a valid {0} name', context); + } +} + +/** + * Return the value accessible from the object by path. Any undefined traversals are ignored + * @param {Object} obj starting object + * @param {String} path path to traverse + * @param {boolean} [bindFnToScope=true] + * @returns {Object} value as accessible by path + */ +//TODO(misko): this function needs to be removed +function getter(obj, path, bindFnToScope) { + if (!path) return obj; + var keys = path.split('.'); + var key; + var lastInstance = obj; + var len = keys.length; + + for (var i = 0; i < len; i++) { + key = keys[i]; + if (obj) { + obj = (lastInstance = obj)[key]; + } + } + if (!bindFnToScope && isFunction(obj)) { + return bind(lastInstance, obj); + } + return obj; +} + +/** + * Return the DOM siblings between the first and last node in the given array. + * @param {Array} array like object + * @returns {Array} the inputted object or a jqLite collection containing the nodes + */ +function getBlockNodes(nodes) { + // TODO(perf): update `nodes` instead of creating a new object? + var node = nodes[0]; + var endNode = nodes[nodes.length - 1]; + var blockNodes; + + for (var i = 1; node !== endNode && (node = node.nextSibling); i++) { + if (blockNodes || nodes[i] !== node) { + if (!blockNodes) { + blockNodes = jqLite(slice.call(nodes, 0, i)); + } + blockNodes.push(node); + } + } + + return blockNodes || nodes; +} + + +/** + * Creates a new object without a prototype. This object is useful for lookup without having to + * guard against prototypically inherited properties via hasOwnProperty. + * + * Related micro-benchmarks: + * - http://jsperf.com/object-create2 + * - http://jsperf.com/proto-map-lookup/2 + * - http://jsperf.com/for-in-vs-object-keys2 + * + * @returns {Object} + */ +function createMap() { + return Object.create(null); +} + +function stringify(value) { + if (value == null) { // null || undefined + return ''; + } + switch (typeof value) { + case 'string': + break; + case 'number': + value = '' + value; + break; + default: + if (hasCustomToString(value) && !isArray(value) && !isDate(value)) { + value = value.toString(); + } else { + value = toJson(value); + } + } + + return value; +} + +var NODE_TYPE_ELEMENT = 1; +var NODE_TYPE_ATTRIBUTE = 2; +var NODE_TYPE_TEXT = 3; +var NODE_TYPE_COMMENT = 8; +var NODE_TYPE_DOCUMENT = 9; +var NODE_TYPE_DOCUMENT_FRAGMENT = 11; + +/** + * @ngdoc type + * @name angular.Module + * @module ng + * @description + * + * Interface for configuring angular {@link angular.module modules}. + */ + +function setupModuleLoader(window) { + + var $injectorMinErr = minErr('$injector'); + var ngMinErr = minErr('ng'); + + function ensure(obj, name, factory) { + return obj[name] || (obj[name] = factory()); + } + + var angular = ensure(window, 'angular', Object); + + // We need to expose `angular.$$minErr` to modules such as `ngResource` that reference it during bootstrap + angular.$$minErr = angular.$$minErr || minErr; + + return ensure(angular, 'module', function() { + /** @type {Object.} */ + var modules = {}; + + /** + * @ngdoc function + * @name angular.module + * @module ng + * @description + * + * The `angular.module` is a global place for creating, registering and retrieving Angular + * modules. + * All modules (angular core or 3rd party) that should be available to an application must be + * registered using this mechanism. + * + * Passing one argument retrieves an existing {@link angular.Module}, + * whereas passing more than one argument creates a new {@link angular.Module} + * + * + * # Module + * + * A module is a collection of services, directives, controllers, filters, and configuration information. + * `angular.module` is used to configure the {@link auto.$injector $injector}. + * + * ```js + * // Create a new module + * var myModule = angular.module('myModule', []); + * + * // register a new service + * myModule.value('appName', 'MyCoolApp'); + * + * // configure existing services inside initialization blocks. + * myModule.config(['$locationProvider', function($locationProvider) { + * // Configure existing providers + * $locationProvider.hashPrefix('!'); + * }]); + * ``` + * + * Then you can create an injector and load your modules like this: + * + * ```js + * var injector = angular.injector(['ng', 'myModule']) + * ``` + * + * However it's more likely that you'll just use + * {@link ng.directive:ngApp ngApp} or + * {@link angular.bootstrap} to simplify this process for you. + * + * @param {!string} name The name of the module to create or retrieve. + * @param {!Array.=} requires If specified then new module is being created. If + * unspecified then the module is being retrieved for further configuration. + * @param {Function=} configFn Optional configuration function for the module. Same as + * {@link angular.Module#config Module#config()}. + * @returns {angular.Module} new module with the {@link angular.Module} api. + */ + return function module(name, requires, configFn) { + + var info = {}; + + var assertNotHasOwnProperty = function(name, context) { + if (name === 'hasOwnProperty') { + throw ngMinErr('badname', 'hasOwnProperty is not a valid {0} name', context); + } + }; + + assertNotHasOwnProperty(name, 'module'); + if (requires && modules.hasOwnProperty(name)) { + modules[name] = null; + } + return ensure(modules, name, function() { + if (!requires) { + throw $injectorMinErr('nomod', 'Module \'{0}\' is not available! You either misspelled ' + + 'the module name or forgot to load it. If registering a module ensure that you ' + + 'specify the dependencies as the second argument.', name); + } + + /** @type {!Array.>} */ + var invokeQueue = []; + + /** @type {!Array.} */ + var configBlocks = []; + + /** @type {!Array.} */ + var runBlocks = []; + + var config = invokeLater('$injector', 'invoke', 'push', configBlocks); + + /** @type {angular.Module} */ + var moduleInstance = { + // Private state + _invokeQueue: invokeQueue, + _configBlocks: configBlocks, + _runBlocks: runBlocks, + + /** + * @ngdoc method + * @name angular.Module#info + * @module ng + * + * @param {Object=} info Information about the module + * @returns {Object|Module} The current info object for this module if called as a getter, + * or `this` if called as a setter. + * + * @description + * Read and write custom information about this module. + * For example you could put the version of the module in here. + * + * ```js + * angular.module('myModule', []).info({ version: '1.0.0' }); + * ``` + * + * The version could then be read back out by accessing the module elsewhere: + * + * ``` + * var version = angular.module('myModule').info().version; + * ``` + * + * You can also retrieve this information during runtime via the + * {@link $injector#modules `$injector.modules`} property: + * + * ```js + * var version = $injector.modules['myModule'].info().version; + * ``` + */ + info: function(value) { + if (isDefined(value)) { + if (!isObject(value)) throw ngMinErr('aobj', 'Argument \'{0}\' must be an object', 'value'); + info = value; + return this; + } + return info; + }, + + /** + * @ngdoc property + * @name angular.Module#requires + * @module ng + * + * @description + * Holds the list of modules which the injector will load before the current module is + * loaded. + */ + requires: requires, + + /** + * @ngdoc property + * @name angular.Module#name + * @module ng + * + * @description + * Name of the module. + */ + name: name, + + + /** + * @ngdoc method + * @name angular.Module#provider + * @module ng + * @param {string} name service name + * @param {Function} providerType Construction function for creating new instance of the + * service. + * @description + * See {@link auto.$provide#provider $provide.provider()}. + */ + provider: invokeLaterAndSetModuleName('$provide', 'provider'), + + /** + * @ngdoc method + * @name angular.Module#factory + * @module ng + * @param {string} name service name + * @param {Function} providerFunction Function for creating new instance of the service. + * @description + * See {@link auto.$provide#factory $provide.factory()}. + */ + factory: invokeLaterAndSetModuleName('$provide', 'factory'), + + /** + * @ngdoc method + * @name angular.Module#service + * @module ng + * @param {string} name service name + * @param {Function} constructor A constructor function that will be instantiated. + * @description + * See {@link auto.$provide#service $provide.service()}. + */ + service: invokeLaterAndSetModuleName('$provide', 'service'), + + /** + * @ngdoc method + * @name angular.Module#value + * @module ng + * @param {string} name service name + * @param {*} object Service instance object. + * @description + * See {@link auto.$provide#value $provide.value()}. + */ + value: invokeLater('$provide', 'value'), + + /** + * @ngdoc method + * @name angular.Module#constant + * @module ng + * @param {string} name constant name + * @param {*} object Constant value. + * @description + * Because the constants are fixed, they get applied before other provide methods. + * See {@link auto.$provide#constant $provide.constant()}. + */ + constant: invokeLater('$provide', 'constant', 'unshift'), + + /** + * @ngdoc method + * @name angular.Module#decorator + * @module ng + * @param {string} name The name of the service to decorate. + * @param {Function} decorFn This function will be invoked when the service needs to be + * instantiated and should return the decorated service instance. + * @description + * See {@link auto.$provide#decorator $provide.decorator()}. + */ + decorator: invokeLaterAndSetModuleName('$provide', 'decorator', configBlocks), + + /** + * @ngdoc method + * @name angular.Module#animation + * @module ng + * @param {string} name animation name + * @param {Function} animationFactory Factory function for creating new instance of an + * animation. + * @description + * + * **NOTE**: animations take effect only if the **ngAnimate** module is loaded. + * + * + * Defines an animation hook that can be later used with + * {@link $animate $animate} service and directives that use this service. + * + * ```js + * module.animation('.animation-name', function($inject1, $inject2) { + * return { + * eventName : function(element, done) { + * //code to run the animation + * //once complete, then run done() + * return function cancellationFunction(element) { + * //code to cancel the animation + * } + * } + * } + * }) + * ``` + * + * See {@link ng.$animateProvider#register $animateProvider.register()} and + * {@link ngAnimate ngAnimate module} for more information. + */ + animation: invokeLaterAndSetModuleName('$animateProvider', 'register'), + + /** + * @ngdoc method + * @name angular.Module#filter + * @module ng + * @param {string} name Filter name - this must be a valid angular expression identifier + * @param {Function} filterFactory Factory function for creating new instance of filter. + * @description + * See {@link ng.$filterProvider#register $filterProvider.register()}. + * + *
    + * **Note:** Filter names must be valid angular {@link expression} identifiers, such as `uppercase` or `orderBy`. + * Names with special characters, such as hyphens and dots, are not allowed. If you wish to namespace + * your filters, then you can use capitalization (`myappSubsectionFilterx`) or underscores + * (`myapp_subsection_filterx`). + *
    + */ + filter: invokeLaterAndSetModuleName('$filterProvider', 'register'), + + /** + * @ngdoc method + * @name angular.Module#controller + * @module ng + * @param {string|Object} name Controller name, or an object map of controllers where the + * keys are the names and the values are the constructors. + * @param {Function} constructor Controller constructor function. + * @description + * See {@link ng.$controllerProvider#register $controllerProvider.register()}. + */ + controller: invokeLaterAndSetModuleName('$controllerProvider', 'register'), + + /** + * @ngdoc method + * @name angular.Module#directive + * @module ng + * @param {string|Object} name Directive name, or an object map of directives where the + * keys are the names and the values are the factories. + * @param {Function} directiveFactory Factory function for creating new instance of + * directives. + * @description + * See {@link ng.$compileProvider#directive $compileProvider.directive()}. + */ + directive: invokeLaterAndSetModuleName('$compileProvider', 'directive'), + + /** + * @ngdoc method + * @name angular.Module#component + * @module ng + * @param {string} name Name of the component in camel-case (i.e. myComp which will match as my-comp) + * @param {Object} options Component definition object (a simplified + * {@link ng.$compile#directive-definition-object directive definition object}) + * + * @description + * See {@link ng.$compileProvider#component $compileProvider.component()}. + */ + component: invokeLaterAndSetModuleName('$compileProvider', 'component'), + + /** + * @ngdoc method + * @name angular.Module#config + * @module ng + * @param {Function} configFn Execute this function on module load. Useful for service + * configuration. + * @description + * Use this method to register work which needs to be performed on module loading. + * For more about how to configure services, see + * {@link providers#provider-recipe Provider Recipe}. + */ + config: config, + + /** + * @ngdoc method + * @name angular.Module#run + * @module ng + * @param {Function} initializationFn Execute this function after injector creation. + * Useful for application initialization. + * @description + * Use this method to register work which should be performed when the injector is done + * loading all modules. + */ + run: function(block) { + runBlocks.push(block); + return this; + } + }; + + if (configFn) { + config(configFn); + } + + return moduleInstance; + + /** + * @param {string} provider + * @param {string} method + * @param {String=} insertMethod + * @returns {angular.Module} + */ + function invokeLater(provider, method, insertMethod, queue) { + if (!queue) queue = invokeQueue; + return function() { + queue[insertMethod || 'push']([provider, method, arguments]); + return moduleInstance; + }; + } + + /** + * @param {string} provider + * @param {string} method + * @returns {angular.Module} + */ + function invokeLaterAndSetModuleName(provider, method, queue) { + if (!queue) queue = invokeQueue; + return function(recipeName, factoryFunction) { + if (factoryFunction && isFunction(factoryFunction)) factoryFunction.$$moduleName = name; + queue.push([provider, method, arguments]); + return moduleInstance; + }; + } + }); + }; + }); + +} + +/* global shallowCopy: true */ + +/** + * Creates a shallow copy of an object, an array or a primitive. + * + * Assumes that there are no proto properties for objects. + */ +function shallowCopy(src, dst) { + if (isArray(src)) { + dst = dst || []; + + for (var i = 0, ii = src.length; i < ii; i++) { + dst[i] = src[i]; + } + } else if (isObject(src)) { + dst = dst || {}; + + for (var key in src) { + if (!(key.charAt(0) === '$' && key.charAt(1) === '$')) { + dst[key] = src[key]; + } + } + } + + return dst || src; +} + +/* global toDebugString: true */ + +function serializeObject(obj, maxDepth) { + var seen = []; + + // There is no direct way to stringify object until reaching a specific depth + // and a very deep object can cause a performance issue, so we copy the object + // based on this specific depth and then stringify it. + if (isValidObjectMaxDepth(maxDepth)) { + obj = copy(obj, null, maxDepth); + } + return JSON.stringify(obj, function(key, val) { + val = toJsonReplacer(key, val); + if (isObject(val)) { + + if (seen.indexOf(val) >= 0) return '...'; + + seen.push(val); + } + return val; + }); +} + +function toDebugString(obj, maxDepth) { + if (typeof obj === 'function') { + return obj.toString().replace(/ \{[\s\S]*$/, ''); + } else if (isUndefined(obj)) { + return 'undefined'; + } else if (typeof obj !== 'string') { + return serializeObject(obj, maxDepth); + } + return obj; +} + +/* global angularModule: true, + version: true, + + $CompileProvider, + + htmlAnchorDirective, + inputDirective, + inputDirective, + formDirective, + scriptDirective, + selectDirective, + optionDirective, + ngBindDirective, + ngBindHtmlDirective, + ngBindTemplateDirective, + ngClassDirective, + ngClassEvenDirective, + ngClassOddDirective, + ngCloakDirective, + ngControllerDirective, + ngFormDirective, + ngHideDirective, + ngIfDirective, + ngIncludeDirective, + ngIncludeFillContentDirective, + ngInitDirective, + ngNonBindableDirective, + ngPluralizeDirective, + ngRepeatDirective, + ngShowDirective, + ngStyleDirective, + ngSwitchDirective, + ngSwitchWhenDirective, + ngSwitchDefaultDirective, + ngOptionsDirective, + ngTranscludeDirective, + ngModelDirective, + ngListDirective, + ngChangeDirective, + patternDirective, + patternDirective, + requiredDirective, + requiredDirective, + minlengthDirective, + minlengthDirective, + maxlengthDirective, + maxlengthDirective, + ngValueDirective, + ngModelOptionsDirective, + ngAttributeAliasDirectives, + ngEventDirectives, + + $AnchorScrollProvider, + $AnimateProvider, + $CoreAnimateCssProvider, + $$CoreAnimateJsProvider, + $$CoreAnimateQueueProvider, + $$AnimateRunnerFactoryProvider, + $$AnimateAsyncRunFactoryProvider, + $BrowserProvider, + $CacheFactoryProvider, + $ControllerProvider, + $DateProvider, + $DocumentProvider, + $$IsDocumentHiddenProvider, + $ExceptionHandlerProvider, + $FilterProvider, + $$ForceReflowProvider, + $InterpolateProvider, + $IntervalProvider, + $HttpProvider, + $HttpParamSerializerProvider, + $HttpParamSerializerJQLikeProvider, + $HttpBackendProvider, + $xhrFactoryProvider, + $jsonpCallbacksProvider, + $LocationProvider, + $LogProvider, + $$MapProvider, + $ParseProvider, + $RootScopeProvider, + $QProvider, + $$QProvider, + $$SanitizeUriProvider, + $SceProvider, + $SceDelegateProvider, + $SnifferProvider, + $TemplateCacheProvider, + $TemplateRequestProvider, + $$TestabilityProvider, + $TimeoutProvider, + $$RAFProvider, + $WindowProvider, + $$jqLiteProvider, + $$CookieReaderProvider +*/ + + +/** + * @ngdoc object + * @name angular.version + * @module ng + * @description + * An object that contains information about the current AngularJS version. + * + * This object has the following properties: + * + * - `full` – `{string}` – Full version string, such as "0.9.18". + * - `major` – `{number}` – Major version number, such as "0". + * - `minor` – `{number}` – Minor version number, such as "9". + * - `dot` – `{number}` – Dot version number, such as "18". + * - `codeName` – `{string}` – Code name of the release, such as "jiggling-armfat". + */ +var version = { + // These placeholder strings will be replaced by grunt's `build` task. + // They need to be double- or single-quoted. + full: '1.6.4', + major: 1, + minor: 6, + dot: 4, + codeName: 'phenomenal-footnote' +}; + + +function publishExternalAPI(angular) { + extend(angular, { + 'errorHandlingConfig': errorHandlingConfig, + 'bootstrap': bootstrap, + 'copy': copy, + 'extend': extend, + 'merge': merge, + 'equals': equals, + 'element': jqLite, + 'forEach': forEach, + 'injector': createInjector, + 'noop': noop, + 'bind': bind, + 'toJson': toJson, + 'fromJson': fromJson, + 'identity': identity, + 'isUndefined': isUndefined, + 'isDefined': isDefined, + 'isString': isString, + 'isFunction': isFunction, + 'isObject': isObject, + 'isNumber': isNumber, + 'isElement': isElement, + 'isArray': isArray, + 'version': version, + 'isDate': isDate, + 'lowercase': lowercase, + 'uppercase': uppercase, + 'callbacks': {$$counter: 0}, + 'getTestability': getTestability, + 'reloadWithDebugInfo': reloadWithDebugInfo, + '$$minErr': minErr, + '$$csp': csp, + '$$encodeUriSegment': encodeUriSegment, + '$$encodeUriQuery': encodeUriQuery, + '$$stringify': stringify + }); + + angularModule = setupModuleLoader(window); + + angularModule('ng', ['ngLocale'], ['$provide', + function ngModule($provide) { + // $$sanitizeUriProvider needs to be before $compileProvider as it is used by it. + $provide.provider({ + $$sanitizeUri: $$SanitizeUriProvider + }); + $provide.provider('$compile', $CompileProvider). + directive({ + a: htmlAnchorDirective, + input: inputDirective, + textarea: inputDirective, + form: formDirective, + script: scriptDirective, + select: selectDirective, + option: optionDirective, + ngBind: ngBindDirective, + ngBindHtml: ngBindHtmlDirective, + ngBindTemplate: ngBindTemplateDirective, + ngClass: ngClassDirective, + ngClassEven: ngClassEvenDirective, + ngClassOdd: ngClassOddDirective, + ngCloak: ngCloakDirective, + ngController: ngControllerDirective, + ngForm: ngFormDirective, + ngHide: ngHideDirective, + ngIf: ngIfDirective, + ngInclude: ngIncludeDirective, + ngInit: ngInitDirective, + ngNonBindable: ngNonBindableDirective, + ngPluralize: ngPluralizeDirective, + ngRepeat: ngRepeatDirective, + ngShow: ngShowDirective, + ngStyle: ngStyleDirective, + ngSwitch: ngSwitchDirective, + ngSwitchWhen: ngSwitchWhenDirective, + ngSwitchDefault: ngSwitchDefaultDirective, + ngOptions: ngOptionsDirective, + ngTransclude: ngTranscludeDirective, + ngModel: ngModelDirective, + ngList: ngListDirective, + ngChange: ngChangeDirective, + pattern: patternDirective, + ngPattern: patternDirective, + required: requiredDirective, + ngRequired: requiredDirective, + minlength: minlengthDirective, + ngMinlength: minlengthDirective, + maxlength: maxlengthDirective, + ngMaxlength: maxlengthDirective, + ngValue: ngValueDirective, + ngModelOptions: ngModelOptionsDirective + }). + directive({ + ngInclude: ngIncludeFillContentDirective + }). + directive(ngAttributeAliasDirectives). + directive(ngEventDirectives); + $provide.provider({ + $anchorScroll: $AnchorScrollProvider, + $animate: $AnimateProvider, + $animateCss: $CoreAnimateCssProvider, + $$animateJs: $$CoreAnimateJsProvider, + $$animateQueue: $$CoreAnimateQueueProvider, + $$AnimateRunner: $$AnimateRunnerFactoryProvider, + $$animateAsyncRun: $$AnimateAsyncRunFactoryProvider, + $browser: $BrowserProvider, + $cacheFactory: $CacheFactoryProvider, + $controller: $ControllerProvider, + $document: $DocumentProvider, + $$isDocumentHidden: $$IsDocumentHiddenProvider, + $exceptionHandler: $ExceptionHandlerProvider, + $filter: $FilterProvider, + $$forceReflow: $$ForceReflowProvider, + $interpolate: $InterpolateProvider, + $interval: $IntervalProvider, + $http: $HttpProvider, + $httpParamSerializer: $HttpParamSerializerProvider, + $httpParamSerializerJQLike: $HttpParamSerializerJQLikeProvider, + $httpBackend: $HttpBackendProvider, + $xhrFactory: $xhrFactoryProvider, + $jsonpCallbacks: $jsonpCallbacksProvider, + $location: $LocationProvider, + $log: $LogProvider, + $parse: $ParseProvider, + $rootScope: $RootScopeProvider, + $q: $QProvider, + $$q: $$QProvider, + $sce: $SceProvider, + $sceDelegate: $SceDelegateProvider, + $sniffer: $SnifferProvider, + $templateCache: $TemplateCacheProvider, + $templateRequest: $TemplateRequestProvider, + $$testability: $$TestabilityProvider, + $timeout: $TimeoutProvider, + $window: $WindowProvider, + $$rAF: $$RAFProvider, + $$jqLite: $$jqLiteProvider, + $$Map: $$MapProvider, + $$cookieReader: $$CookieReaderProvider + }); + } + ]) + .info({ angularVersion: '1.6.4' }); +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * Any commits to this file should be reviewed with security in mind. * + * Changes to this file can potentially create security vulnerabilities. * + * An approval from 2 Core members with history of modifying * + * this file is required. * + * * + * Does the change somehow allow for arbitrary javascript to be executed? * + * Or allows for someone to change the prototype of built-in objects? * + * Or gives undesired access to variables likes document or window? * + * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ + +/* global + JQLitePrototype: true, + BOOLEAN_ATTR: true, + ALIASED_ATTR: true +*/ + +////////////////////////////////// +//JQLite +////////////////////////////////// + +/** + * @ngdoc function + * @name angular.element + * @module ng + * @kind function + * + * @description + * Wraps a raw DOM element or HTML string as a [jQuery](http://jquery.com) element. + * + * If jQuery is available, `angular.element` is an alias for the + * [jQuery](http://api.jquery.com/jQuery/) function. If jQuery is not available, `angular.element` + * delegates to Angular's built-in subset of jQuery, called "jQuery lite" or **jqLite**. + * + * jqLite is a tiny, API-compatible subset of jQuery that allows + * Angular to manipulate the DOM in a cross-browser compatible way. jqLite implements only the most + * commonly needed functionality with the goal of having a very small footprint. + * + * To use `jQuery`, simply ensure it is loaded before the `angular.js` file. You can also use the + * {@link ngJq `ngJq`} directive to specify that jqlite should be used over jQuery, or to use a + * specific version of jQuery if multiple versions exist on the page. + * + *
    **Note:** All element references in Angular are always wrapped with jQuery or + * jqLite (such as the element argument in a directive's compile / link function). They are never raw DOM references.
    + * + *
    **Note:** Keep in mind that this function will not find elements + * by tag name / CSS selector. For lookups by tag name, try instead `angular.element(document).find(...)` + * or `$document.find()`, or use the standard DOM APIs, e.g. `document.querySelectorAll()`.
    + * + * ## Angular's jqLite + * jqLite provides only the following jQuery methods: + * + * - [`addClass()`](http://api.jquery.com/addClass/) - Does not support a function as first argument + * - [`after()`](http://api.jquery.com/after/) + * - [`append()`](http://api.jquery.com/append/) + * - [`attr()`](http://api.jquery.com/attr/) - Does not support functions as parameters + * - [`bind()`](http://api.jquery.com/bind/) (_deprecated_, use [`on()`](http://api.jquery.com/on/)) - Does not support namespaces, selectors or eventData + * - [`children()`](http://api.jquery.com/children/) - Does not support selectors + * - [`clone()`](http://api.jquery.com/clone/) + * - [`contents()`](http://api.jquery.com/contents/) + * - [`css()`](http://api.jquery.com/css/) - Only retrieves inline-styles, does not call `getComputedStyle()`. + * As a setter, does not convert numbers to strings or append 'px', and also does not have automatic property prefixing. + * - [`data()`](http://api.jquery.com/data/) + * - [`detach()`](http://api.jquery.com/detach/) + * - [`empty()`](http://api.jquery.com/empty/) + * - [`eq()`](http://api.jquery.com/eq/) + * - [`find()`](http://api.jquery.com/find/) - Limited to lookups by tag name + * - [`hasClass()`](http://api.jquery.com/hasClass/) + * - [`html()`](http://api.jquery.com/html/) + * - [`next()`](http://api.jquery.com/next/) - Does not support selectors + * - [`on()`](http://api.jquery.com/on/) - Does not support namespaces, selectors or eventData + * - [`off()`](http://api.jquery.com/off/) - Does not support namespaces, selectors or event object as parameter + * - [`one()`](http://api.jquery.com/one/) - Does not support namespaces or selectors + * - [`parent()`](http://api.jquery.com/parent/) - Does not support selectors + * - [`prepend()`](http://api.jquery.com/prepend/) + * - [`prop()`](http://api.jquery.com/prop/) + * - [`ready()`](http://api.jquery.com/ready/) (_deprecated_, use `angular.element(callback)` instead of `angular.element(document).ready(callback)`) + * - [`remove()`](http://api.jquery.com/remove/) + * - [`removeAttr()`](http://api.jquery.com/removeAttr/) - Does not support multiple attributes + * - [`removeClass()`](http://api.jquery.com/removeClass/) - Does not support a function as first argument + * - [`removeData()`](http://api.jquery.com/removeData/) + * - [`replaceWith()`](http://api.jquery.com/replaceWith/) + * - [`text()`](http://api.jquery.com/text/) + * - [`toggleClass()`](http://api.jquery.com/toggleClass/) - Does not support a function as first argument + * - [`triggerHandler()`](http://api.jquery.com/triggerHandler/) - Passes a dummy event object to handlers + * - [`unbind()`](http://api.jquery.com/unbind/) (_deprecated_, use [`off()`](http://api.jquery.com/off/)) - Does not support namespaces or event object as parameter + * - [`val()`](http://api.jquery.com/val/) + * - [`wrap()`](http://api.jquery.com/wrap/) + * + * ## jQuery/jqLite Extras + * Angular also provides the following additional methods and events to both jQuery and jqLite: + * + * ### Events + * - `$destroy` - AngularJS intercepts all jqLite/jQuery's DOM destruction apis and fires this event + * on all DOM nodes being removed. This can be used to clean up any 3rd party bindings to the DOM + * element before it is removed. + * + * ### Methods + * - `controller(name)` - retrieves the controller of the current element or its parent. By default + * retrieves controller associated with the `ngController` directive. If `name` is provided as + * camelCase directive name, then the controller for this directive will be retrieved (e.g. + * `'ngModel'`). + * - `injector()` - retrieves the injector of the current element or its parent. + * - `scope()` - retrieves the {@link ng.$rootScope.Scope scope} of the current + * element or its parent. Requires {@link guide/production#disabling-debug-data Debug Data} to + * be enabled. + * - `isolateScope()` - retrieves an isolate {@link ng.$rootScope.Scope scope} if one is attached directly to the + * current element. This getter should be used only on elements that contain a directive which starts a new isolate + * scope. Calling `scope()` on this element always returns the original non-isolate scope. + * Requires {@link guide/production#disabling-debug-data Debug Data} to be enabled. + * - `inheritedData()` - same as `data()`, but walks up the DOM until a value is found or the top + * parent element is reached. + * + * @knownIssue You cannot spy on `angular.element` if you are using Jasmine version 1.x. See + * https://github.com/angular/angular.js/issues/14251 for more information. + * + * @param {string|DOMElement} element HTML string or DOMElement to be wrapped into jQuery. + * @returns {Object} jQuery object. + */ + +JQLite.expando = 'ng339'; + +var jqCache = JQLite.cache = {}, + jqId = 1; + +/* + * !!! This is an undocumented "private" function !!! + */ +JQLite._data = function(node) { + //jQuery always returns an object on cache miss + return this.cache[node[this.expando]] || {}; +}; + +function jqNextId() { return ++jqId; } + + +var DASH_LOWERCASE_REGEXP = /-([a-z])/g; +var MS_HACK_REGEXP = /^-ms-/; +var MOUSE_EVENT_MAP = { mouseleave: 'mouseout', mouseenter: 'mouseover' }; +var jqLiteMinErr = minErr('jqLite'); + +/** + * Converts kebab-case to camelCase. + * There is also a special case for the ms prefix starting with a lowercase letter. + * @param name Name to normalize + */ +function cssKebabToCamel(name) { + return kebabToCamel(name.replace(MS_HACK_REGEXP, 'ms-')); +} + +function fnCamelCaseReplace(all, letter) { + return letter.toUpperCase(); +} + +/** + * Converts kebab-case to camelCase. + * @param name Name to normalize + */ +function kebabToCamel(name) { + return name + .replace(DASH_LOWERCASE_REGEXP, fnCamelCaseReplace); +} + +var SINGLE_TAG_REGEXP = /^<([\w-]+)\s*\/?>(?:<\/\1>|)$/; +var HTML_REGEXP = /<|&#?\w+;/; +var TAG_NAME_REGEXP = /<([\w:-]+)/; +var XHTML_TAG_REGEXP = /<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:-]+)[^>]*)\/>/gi; + +var wrapMap = { + 'option': [1, ''], + + 'thead': [1, '', '
    '], + 'col': [2, '', '
    '], + 'tr': [2, '', '
    '], + 'td': [3, '', '
    '], + '_default': [0, '', ''] +}; + +wrapMap.optgroup = wrapMap.option; +wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead; +wrapMap.th = wrapMap.td; + + +function jqLiteIsTextNode(html) { + return !HTML_REGEXP.test(html); +} + +function jqLiteAcceptsData(node) { + // The window object can accept data but has no nodeType + // Otherwise we are only interested in elements (1) and documents (9) + var nodeType = node.nodeType; + return nodeType === NODE_TYPE_ELEMENT || !nodeType || nodeType === NODE_TYPE_DOCUMENT; +} + +function jqLiteHasData(node) { + for (var key in jqCache[node.ng339]) { + return true; + } + return false; +} + +function jqLiteBuildFragment(html, context) { + var tmp, tag, wrap, + fragment = context.createDocumentFragment(), + nodes = [], i; + + if (jqLiteIsTextNode(html)) { + // Convert non-html into a text node + nodes.push(context.createTextNode(html)); + } else { + // Convert html into DOM nodes + tmp = fragment.appendChild(context.createElement('div')); + tag = (TAG_NAME_REGEXP.exec(html) || ['', ''])[1].toLowerCase(); + wrap = wrapMap[tag] || wrapMap._default; + tmp.innerHTML = wrap[1] + html.replace(XHTML_TAG_REGEXP, '<$1>') + wrap[2]; + + // Descend through wrappers to the right content + i = wrap[0]; + while (i--) { + tmp = tmp.lastChild; + } + + nodes = concat(nodes, tmp.childNodes); + + tmp = fragment.firstChild; + tmp.textContent = ''; + } + + // Remove wrapper from fragment + fragment.textContent = ''; + fragment.innerHTML = ''; // Clear inner HTML + forEach(nodes, function(node) { + fragment.appendChild(node); + }); + + return fragment; +} + +function jqLiteParseHTML(html, context) { + context = context || window.document; + var parsed; + + if ((parsed = SINGLE_TAG_REGEXP.exec(html))) { + return [context.createElement(parsed[1])]; + } + + if ((parsed = jqLiteBuildFragment(html, context))) { + return parsed.childNodes; + } + + return []; +} + +function jqLiteWrapNode(node, wrapper) { + var parent = node.parentNode; + + if (parent) { + parent.replaceChild(wrapper, node); + } + + wrapper.appendChild(node); +} + + +// IE9-11 has no method "contains" in SVG element and in Node.prototype. Bug #10259. +var jqLiteContains = window.Node.prototype.contains || /** @this */ function(arg) { + // eslint-disable-next-line no-bitwise + return !!(this.compareDocumentPosition(arg) & 16); +}; + +///////////////////////////////////////////// +function JQLite(element) { + if (element instanceof JQLite) { + return element; + } + + var argIsString; + + if (isString(element)) { + element = trim(element); + argIsString = true; + } + if (!(this instanceof JQLite)) { + if (argIsString && element.charAt(0) !== '<') { + throw jqLiteMinErr('nosel', 'Looking up elements via selectors is not supported by jqLite! See: http://docs.angularjs.org/api/angular.element'); + } + return new JQLite(element); + } + + if (argIsString) { + jqLiteAddNodes(this, jqLiteParseHTML(element)); + } else if (isFunction(element)) { + jqLiteReady(element); + } else { + jqLiteAddNodes(this, element); + } +} + +function jqLiteClone(element) { + return element.cloneNode(true); +} + +function jqLiteDealoc(element, onlyDescendants) { + if (!onlyDescendants && jqLiteAcceptsData(element)) jqLite.cleanData([element]); + + if (element.querySelectorAll) { + jqLite.cleanData(element.querySelectorAll('*')); + } +} + +function jqLiteOff(element, type, fn, unsupported) { + if (isDefined(unsupported)) throw jqLiteMinErr('offargs', 'jqLite#off() does not support the `selector` argument'); + + var expandoStore = jqLiteExpandoStore(element); + var events = expandoStore && expandoStore.events; + var handle = expandoStore && expandoStore.handle; + + if (!handle) return; //no listeners registered + + if (!type) { + for (type in events) { + if (type !== '$destroy') { + element.removeEventListener(type, handle); + } + delete events[type]; + } + } else { + + var removeHandler = function(type) { + var listenerFns = events[type]; + if (isDefined(fn)) { + arrayRemove(listenerFns || [], fn); + } + if (!(isDefined(fn) && listenerFns && listenerFns.length > 0)) { + element.removeEventListener(type, handle); + delete events[type]; + } + }; + + forEach(type.split(' '), function(type) { + removeHandler(type); + if (MOUSE_EVENT_MAP[type]) { + removeHandler(MOUSE_EVENT_MAP[type]); + } + }); + } +} + +function jqLiteRemoveData(element, name) { + var expandoId = element.ng339; + var expandoStore = expandoId && jqCache[expandoId]; + + if (expandoStore) { + if (name) { + delete expandoStore.data[name]; + return; + } + + if (expandoStore.handle) { + if (expandoStore.events.$destroy) { + expandoStore.handle({}, '$destroy'); + } + jqLiteOff(element); + } + delete jqCache[expandoId]; + element.ng339 = undefined; // don't delete DOM expandos. IE and Chrome don't like it + } +} + + +function jqLiteExpandoStore(element, createIfNecessary) { + var expandoId = element.ng339, + expandoStore = expandoId && jqCache[expandoId]; + + if (createIfNecessary && !expandoStore) { + element.ng339 = expandoId = jqNextId(); + expandoStore = jqCache[expandoId] = {events: {}, data: {}, handle: undefined}; + } + + return expandoStore; +} + + +function jqLiteData(element, key, value) { + if (jqLiteAcceptsData(element)) { + var prop; + + var isSimpleSetter = isDefined(value); + var isSimpleGetter = !isSimpleSetter && key && !isObject(key); + var massGetter = !key; + var expandoStore = jqLiteExpandoStore(element, !isSimpleGetter); + var data = expandoStore && expandoStore.data; + + if (isSimpleSetter) { // data('key', value) + data[kebabToCamel(key)] = value; + } else { + if (massGetter) { // data() + return data; + } else { + if (isSimpleGetter) { // data('key') + // don't force creation of expandoStore if it doesn't exist yet + return data && data[kebabToCamel(key)]; + } else { // mass-setter: data({key1: val1, key2: val2}) + for (prop in key) { + data[kebabToCamel(prop)] = key[prop]; + } + } + } + } + } +} + +function jqLiteHasClass(element, selector) { + if (!element.getAttribute) return false; + return ((' ' + (element.getAttribute('class') || '') + ' ').replace(/[\n\t]/g, ' '). + indexOf(' ' + selector + ' ') > -1); +} + +function jqLiteRemoveClass(element, cssClasses) { + if (cssClasses && element.setAttribute) { + forEach(cssClasses.split(' '), function(cssClass) { + element.setAttribute('class', trim( + (' ' + (element.getAttribute('class') || '') + ' ') + .replace(/[\n\t]/g, ' ') + .replace(' ' + trim(cssClass) + ' ', ' ')) + ); + }); + } +} + +function jqLiteAddClass(element, cssClasses) { + if (cssClasses && element.setAttribute) { + var existingClasses = (' ' + (element.getAttribute('class') || '') + ' ') + .replace(/[\n\t]/g, ' '); + + forEach(cssClasses.split(' '), function(cssClass) { + cssClass = trim(cssClass); + if (existingClasses.indexOf(' ' + cssClass + ' ') === -1) { + existingClasses += cssClass + ' '; + } + }); + + element.setAttribute('class', trim(existingClasses)); + } +} + + +function jqLiteAddNodes(root, elements) { + // THIS CODE IS VERY HOT. Don't make changes without benchmarking. + + if (elements) { + + // if a Node (the most common case) + if (elements.nodeType) { + root[root.length++] = elements; + } else { + var length = elements.length; + + // if an Array or NodeList and not a Window + if (typeof length === 'number' && elements.window !== elements) { + if (length) { + for (var i = 0; i < length; i++) { + root[root.length++] = elements[i]; + } + } + } else { + root[root.length++] = elements; + } + } + } +} + + +function jqLiteController(element, name) { + return jqLiteInheritedData(element, '$' + (name || 'ngController') + 'Controller'); +} + +function jqLiteInheritedData(element, name, value) { + // if element is the document object work with the html element instead + // this makes $(document).scope() possible + if (element.nodeType === NODE_TYPE_DOCUMENT) { + element = element.documentElement; + } + var names = isArray(name) ? name : [name]; + + while (element) { + for (var i = 0, ii = names.length; i < ii; i++) { + if (isDefined(value = jqLite.data(element, names[i]))) return value; + } + + // If dealing with a document fragment node with a host element, and no parent, use the host + // element as the parent. This enables directives within a Shadow DOM or polyfilled Shadow DOM + // to lookup parent controllers. + element = element.parentNode || (element.nodeType === NODE_TYPE_DOCUMENT_FRAGMENT && element.host); + } +} + +function jqLiteEmpty(element) { + jqLiteDealoc(element, true); + while (element.firstChild) { + element.removeChild(element.firstChild); + } +} + +function jqLiteRemove(element, keepData) { + if (!keepData) jqLiteDealoc(element); + var parent = element.parentNode; + if (parent) parent.removeChild(element); +} + + +function jqLiteDocumentLoaded(action, win) { + win = win || window; + if (win.document.readyState === 'complete') { + // Force the action to be run async for consistent behavior + // from the action's point of view + // i.e. it will definitely not be in a $apply + win.setTimeout(action); + } else { + // No need to unbind this handler as load is only ever called once + jqLite(win).on('load', action); + } +} + +function jqLiteReady(fn) { + function trigger() { + window.document.removeEventListener('DOMContentLoaded', trigger); + window.removeEventListener('load', trigger); + fn(); + } + + // check if document is already loaded + if (window.document.readyState === 'complete') { + window.setTimeout(fn); + } else { + // We can not use jqLite since we are not done loading and jQuery could be loaded later. + + // Works for modern browsers and IE9 + window.document.addEventListener('DOMContentLoaded', trigger); + + // Fallback to window.onload for others + window.addEventListener('load', trigger); + } +} + +////////////////////////////////////////// +// Functions which are declared directly. +////////////////////////////////////////// +var JQLitePrototype = JQLite.prototype = { + ready: jqLiteReady, + toString: function() { + var value = []; + forEach(this, function(e) { value.push('' + e);}); + return '[' + value.join(', ') + ']'; + }, + + eq: function(index) { + return (index >= 0) ? jqLite(this[index]) : jqLite(this[this.length + index]); + }, + + length: 0, + push: push, + sort: [].sort, + splice: [].splice +}; + +////////////////////////////////////////// +// Functions iterating getter/setters. +// these functions return self on setter and +// value on get. +////////////////////////////////////////// +var BOOLEAN_ATTR = {}; +forEach('multiple,selected,checked,disabled,readOnly,required,open'.split(','), function(value) { + BOOLEAN_ATTR[lowercase(value)] = value; +}); +var BOOLEAN_ELEMENTS = {}; +forEach('input,select,option,textarea,button,form,details'.split(','), function(value) { + BOOLEAN_ELEMENTS[value] = true; +}); +var ALIASED_ATTR = { + 'ngMinlength': 'minlength', + 'ngMaxlength': 'maxlength', + 'ngMin': 'min', + 'ngMax': 'max', + 'ngPattern': 'pattern', + 'ngStep': 'step' +}; + +function getBooleanAttrName(element, name) { + // check dom last since we will most likely fail on name + var booleanAttr = BOOLEAN_ATTR[name.toLowerCase()]; + + // booleanAttr is here twice to minimize DOM access + return booleanAttr && BOOLEAN_ELEMENTS[nodeName_(element)] && booleanAttr; +} + +function getAliasedAttrName(name) { + return ALIASED_ATTR[name]; +} + +forEach({ + data: jqLiteData, + removeData: jqLiteRemoveData, + hasData: jqLiteHasData, + cleanData: function jqLiteCleanData(nodes) { + for (var i = 0, ii = nodes.length; i < ii; i++) { + jqLiteRemoveData(nodes[i]); + } + } +}, function(fn, name) { + JQLite[name] = fn; +}); + +forEach({ + data: jqLiteData, + inheritedData: jqLiteInheritedData, + + scope: function(element) { + // Can't use jqLiteData here directly so we stay compatible with jQuery! + return jqLite.data(element, '$scope') || jqLiteInheritedData(element.parentNode || element, ['$isolateScope', '$scope']); + }, + + isolateScope: function(element) { + // Can't use jqLiteData here directly so we stay compatible with jQuery! + return jqLite.data(element, '$isolateScope') || jqLite.data(element, '$isolateScopeNoTemplate'); + }, + + controller: jqLiteController, + + injector: function(element) { + return jqLiteInheritedData(element, '$injector'); + }, + + removeAttr: function(element, name) { + element.removeAttribute(name); + }, + + hasClass: jqLiteHasClass, + + css: function(element, name, value) { + name = cssKebabToCamel(name); + + if (isDefined(value)) { + element.style[name] = value; + } else { + return element.style[name]; + } + }, + + attr: function(element, name, value) { + var ret; + var nodeType = element.nodeType; + if (nodeType === NODE_TYPE_TEXT || nodeType === NODE_TYPE_ATTRIBUTE || nodeType === NODE_TYPE_COMMENT || + !element.getAttribute) { + return; + } + + var lowercasedName = lowercase(name); + var isBooleanAttr = BOOLEAN_ATTR[lowercasedName]; + + if (isDefined(value)) { + // setter + + if (value === null || (value === false && isBooleanAttr)) { + element.removeAttribute(name); + } else { + element.setAttribute(name, isBooleanAttr ? lowercasedName : value); + } + } else { + // getter + + ret = element.getAttribute(name); + + if (isBooleanAttr && ret !== null) { + ret = lowercasedName; + } + // Normalize non-existing attributes to undefined (as jQuery). + return ret === null ? undefined : ret; + } + }, + + prop: function(element, name, value) { + if (isDefined(value)) { + element[name] = value; + } else { + return element[name]; + } + }, + + text: (function() { + getText.$dv = ''; + return getText; + + function getText(element, value) { + if (isUndefined(value)) { + var nodeType = element.nodeType; + return (nodeType === NODE_TYPE_ELEMENT || nodeType === NODE_TYPE_TEXT) ? element.textContent : ''; + } + element.textContent = value; + } + })(), + + val: function(element, value) { + if (isUndefined(value)) { + if (element.multiple && nodeName_(element) === 'select') { + var result = []; + forEach(element.options, function(option) { + if (option.selected) { + result.push(option.value || option.text); + } + }); + return result; + } + return element.value; + } + element.value = value; + }, + + html: function(element, value) { + if (isUndefined(value)) { + return element.innerHTML; + } + jqLiteDealoc(element, true); + element.innerHTML = value; + }, + + empty: jqLiteEmpty +}, function(fn, name) { + /** + * Properties: writes return selection, reads return first value + */ + JQLite.prototype[name] = function(arg1, arg2) { + var i, key; + var nodeCount = this.length; + + // jqLiteHasClass has only two arguments, but is a getter-only fn, so we need to special-case it + // in a way that survives minification. + // jqLiteEmpty takes no arguments but is a setter. + if (fn !== jqLiteEmpty && + (isUndefined((fn.length === 2 && (fn !== jqLiteHasClass && fn !== jqLiteController)) ? arg1 : arg2))) { + if (isObject(arg1)) { + + // we are a write, but the object properties are the key/values + for (i = 0; i < nodeCount; i++) { + if (fn === jqLiteData) { + // data() takes the whole object in jQuery + fn(this[i], arg1); + } else { + for (key in arg1) { + fn(this[i], key, arg1[key]); + } + } + } + // return self for chaining + return this; + } else { + // we are a read, so read the first child. + // TODO: do we still need this? + var value = fn.$dv; + // Only if we have $dv do we iterate over all, otherwise it is just the first element. + var jj = (isUndefined(value)) ? Math.min(nodeCount, 1) : nodeCount; + for (var j = 0; j < jj; j++) { + var nodeValue = fn(this[j], arg1, arg2); + value = value ? value + nodeValue : nodeValue; + } + return value; + } + } else { + // we are a write, so apply to all children + for (i = 0; i < nodeCount; i++) { + fn(this[i], arg1, arg2); + } + // return self for chaining + return this; + } + }; +}); + +function createEventHandler(element, events) { + var eventHandler = function(event, type) { + // jQuery specific api + event.isDefaultPrevented = function() { + return event.defaultPrevented; + }; + + var eventFns = events[type || event.type]; + var eventFnsLength = eventFns ? eventFns.length : 0; + + if (!eventFnsLength) return; + + if (isUndefined(event.immediatePropagationStopped)) { + var originalStopImmediatePropagation = event.stopImmediatePropagation; + event.stopImmediatePropagation = function() { + event.immediatePropagationStopped = true; + + if (event.stopPropagation) { + event.stopPropagation(); + } + + if (originalStopImmediatePropagation) { + originalStopImmediatePropagation.call(event); + } + }; + } + + event.isImmediatePropagationStopped = function() { + return event.immediatePropagationStopped === true; + }; + + // Some events have special handlers that wrap the real handler + var handlerWrapper = eventFns.specialHandlerWrapper || defaultHandlerWrapper; + + // Copy event handlers in case event handlers array is modified during execution. + if ((eventFnsLength > 1)) { + eventFns = shallowCopy(eventFns); + } + + for (var i = 0; i < eventFnsLength; i++) { + if (!event.isImmediatePropagationStopped()) { + handlerWrapper(element, event, eventFns[i]); + } + } + }; + + // TODO: this is a hack for angularMocks/clearDataCache that makes it possible to deregister all + // events on `element` + eventHandler.elem = element; + return eventHandler; +} + +function defaultHandlerWrapper(element, event, handler) { + handler.call(element, event); +} + +function specialMouseHandlerWrapper(target, event, handler) { + // Refer to jQuery's implementation of mouseenter & mouseleave + // Read about mouseenter and mouseleave: + // http://www.quirksmode.org/js/events_mouse.html#link8 + var related = event.relatedTarget; + // For mousenter/leave call the handler if related is outside the target. + // NB: No relatedTarget if the mouse left/entered the browser window + if (!related || (related !== target && !jqLiteContains.call(target, related))) { + handler.call(target, event); + } +} + +////////////////////////////////////////// +// Functions iterating traversal. +// These functions chain results into a single +// selector. +////////////////////////////////////////// +forEach({ + removeData: jqLiteRemoveData, + + on: function jqLiteOn(element, type, fn, unsupported) { + if (isDefined(unsupported)) throw jqLiteMinErr('onargs', 'jqLite#on() does not support the `selector` or `eventData` parameters'); + + // Do not add event handlers to non-elements because they will not be cleaned up. + if (!jqLiteAcceptsData(element)) { + return; + } + + var expandoStore = jqLiteExpandoStore(element, true); + var events = expandoStore.events; + var handle = expandoStore.handle; + + if (!handle) { + handle = expandoStore.handle = createEventHandler(element, events); + } + + // http://jsperf.com/string-indexof-vs-split + var types = type.indexOf(' ') >= 0 ? type.split(' ') : [type]; + var i = types.length; + + var addHandler = function(type, specialHandlerWrapper, noEventListener) { + var eventFns = events[type]; + + if (!eventFns) { + eventFns = events[type] = []; + eventFns.specialHandlerWrapper = specialHandlerWrapper; + if (type !== '$destroy' && !noEventListener) { + element.addEventListener(type, handle); + } + } + + eventFns.push(fn); + }; + + while (i--) { + type = types[i]; + if (MOUSE_EVENT_MAP[type]) { + addHandler(MOUSE_EVENT_MAP[type], specialMouseHandlerWrapper); + addHandler(type, undefined, true); + } else { + addHandler(type); + } + } + }, + + off: jqLiteOff, + + one: function(element, type, fn) { + element = jqLite(element); + + //add the listener twice so that when it is called + //you can remove the original function and still be + //able to call element.off(ev, fn) normally + element.on(type, function onFn() { + element.off(type, fn); + element.off(type, onFn); + }); + element.on(type, fn); + }, + + replaceWith: function(element, replaceNode) { + var index, parent = element.parentNode; + jqLiteDealoc(element); + forEach(new JQLite(replaceNode), function(node) { + if (index) { + parent.insertBefore(node, index.nextSibling); + } else { + parent.replaceChild(node, element); + } + index = node; + }); + }, + + children: function(element) { + var children = []; + forEach(element.childNodes, function(element) { + if (element.nodeType === NODE_TYPE_ELEMENT) { + children.push(element); + } + }); + return children; + }, + + contents: function(element) { + return element.contentDocument || element.childNodes || []; + }, + + append: function(element, node) { + var nodeType = element.nodeType; + if (nodeType !== NODE_TYPE_ELEMENT && nodeType !== NODE_TYPE_DOCUMENT_FRAGMENT) return; + + node = new JQLite(node); + + for (var i = 0, ii = node.length; i < ii; i++) { + var child = node[i]; + element.appendChild(child); + } + }, + + prepend: function(element, node) { + if (element.nodeType === NODE_TYPE_ELEMENT) { + var index = element.firstChild; + forEach(new JQLite(node), function(child) { + element.insertBefore(child, index); + }); + } + }, + + wrap: function(element, wrapNode) { + jqLiteWrapNode(element, jqLite(wrapNode).eq(0).clone()[0]); + }, + + remove: jqLiteRemove, + + detach: function(element) { + jqLiteRemove(element, true); + }, + + after: function(element, newElement) { + var index = element, parent = element.parentNode; + + if (parent) { + newElement = new JQLite(newElement); + + for (var i = 0, ii = newElement.length; i < ii; i++) { + var node = newElement[i]; + parent.insertBefore(node, index.nextSibling); + index = node; + } + } + }, + + addClass: jqLiteAddClass, + removeClass: jqLiteRemoveClass, + + toggleClass: function(element, selector, condition) { + if (selector) { + forEach(selector.split(' '), function(className) { + var classCondition = condition; + if (isUndefined(classCondition)) { + classCondition = !jqLiteHasClass(element, className); + } + (classCondition ? jqLiteAddClass : jqLiteRemoveClass)(element, className); + }); + } + }, + + parent: function(element) { + var parent = element.parentNode; + return parent && parent.nodeType !== NODE_TYPE_DOCUMENT_FRAGMENT ? parent : null; + }, + + next: function(element) { + return element.nextElementSibling; + }, + + find: function(element, selector) { + if (element.getElementsByTagName) { + return element.getElementsByTagName(selector); + } else { + return []; + } + }, + + clone: jqLiteClone, + + triggerHandler: function(element, event, extraParameters) { + + var dummyEvent, eventFnsCopy, handlerArgs; + var eventName = event.type || event; + var expandoStore = jqLiteExpandoStore(element); + var events = expandoStore && expandoStore.events; + var eventFns = events && events[eventName]; + + if (eventFns) { + // Create a dummy event to pass to the handlers + dummyEvent = { + preventDefault: function() { this.defaultPrevented = true; }, + isDefaultPrevented: function() { return this.defaultPrevented === true; }, + stopImmediatePropagation: function() { this.immediatePropagationStopped = true; }, + isImmediatePropagationStopped: function() { return this.immediatePropagationStopped === true; }, + stopPropagation: noop, + type: eventName, + target: element + }; + + // If a custom event was provided then extend our dummy event with it + if (event.type) { + dummyEvent = extend(dummyEvent, event); + } + + // Copy event handlers in case event handlers array is modified during execution. + eventFnsCopy = shallowCopy(eventFns); + handlerArgs = extraParameters ? [dummyEvent].concat(extraParameters) : [dummyEvent]; + + forEach(eventFnsCopy, function(fn) { + if (!dummyEvent.isImmediatePropagationStopped()) { + fn.apply(element, handlerArgs); + } + }); + } + } +}, function(fn, name) { + /** + * chaining functions + */ + JQLite.prototype[name] = function(arg1, arg2, arg3) { + var value; + + for (var i = 0, ii = this.length; i < ii; i++) { + if (isUndefined(value)) { + value = fn(this[i], arg1, arg2, arg3); + if (isDefined(value)) { + // any function which returns a value needs to be wrapped + value = jqLite(value); + } + } else { + jqLiteAddNodes(value, fn(this[i], arg1, arg2, arg3)); + } + } + return isDefined(value) ? value : this; + }; +}); + +// bind legacy bind/unbind to on/off +JQLite.prototype.bind = JQLite.prototype.on; +JQLite.prototype.unbind = JQLite.prototype.off; + + +// Provider for private $$jqLite service +/** @this */ +function $$jqLiteProvider() { + this.$get = function $$jqLite() { + return extend(JQLite, { + hasClass: function(node, classes) { + if (node.attr) node = node[0]; + return jqLiteHasClass(node, classes); + }, + addClass: function(node, classes) { + if (node.attr) node = node[0]; + return jqLiteAddClass(node, classes); + }, + removeClass: function(node, classes) { + if (node.attr) node = node[0]; + return jqLiteRemoveClass(node, classes); + } + }); + }; +} + +/** + * Computes a hash of an 'obj'. + * Hash of a: + * string is string + * number is number as string + * object is either result of calling $$hashKey function on the object or uniquely generated id, + * that is also assigned to the $$hashKey property of the object. + * + * @param obj + * @returns {string} hash string such that the same input will have the same hash string. + * The resulting string key is in 'type:hashKey' format. + */ +function hashKey(obj, nextUidFn) { + var key = obj && obj.$$hashKey; + + if (key) { + if (typeof key === 'function') { + key = obj.$$hashKey(); + } + return key; + } + + var objType = typeof obj; + if (objType === 'function' || (objType === 'object' && obj !== null)) { + key = obj.$$hashKey = objType + ':' + (nextUidFn || nextUid)(); + } else { + key = objType + ':' + obj; + } + + return key; +} + +// A minimal ES2015 Map implementation. +// Should be bug/feature equivalent to the native implementations of supported browsers +// (for the features required in Angular). +// See https://kangax.github.io/compat-table/es6/#test-Map +var nanKey = Object.create(null); +function NgMapShim() { + this._keys = []; + this._values = []; + this._lastKey = NaN; + this._lastIndex = -1; +} +NgMapShim.prototype = { + _idx: function(key) { + if (key === this._lastKey) { + return this._lastIndex; + } + this._lastKey = key; + this._lastIndex = this._keys.indexOf(key); + return this._lastIndex; + }, + _transformKey: function(key) { + return isNumberNaN(key) ? nanKey : key; + }, + get: function(key) { + key = this._transformKey(key); + var idx = this._idx(key); + if (idx !== -1) { + return this._values[idx]; + } + }, + set: function(key, value) { + key = this._transformKey(key); + var idx = this._idx(key); + if (idx === -1) { + idx = this._lastIndex = this._keys.length; + } + this._keys[idx] = key; + this._values[idx] = value; + + // Support: IE11 + // Do not `return this` to simulate the partial IE11 implementation + }, + delete: function(key) { + key = this._transformKey(key); + var idx = this._idx(key); + if (idx === -1) { + return false; + } + this._keys.splice(idx, 1); + this._values.splice(idx, 1); + this._lastKey = NaN; + this._lastIndex = -1; + return true; + } +}; + +// For now, always use `NgMapShim`, even if `window.Map` is available. Some native implementations +// are still buggy (often in subtle ways) and can cause hard-to-debug failures. When native `Map` +// implementations get more stable, we can reconsider switching to `window.Map` (when available). +var NgMap = NgMapShim; + +var $$MapProvider = [/** @this */function() { + this.$get = [function() { + return NgMap; + }]; +}]; + +/** + * @ngdoc function + * @module ng + * @name angular.injector + * @kind function + * + * @description + * Creates an injector object that can be used for retrieving services as well as for + * dependency injection (see {@link guide/di dependency injection}). + * + * @param {Array.} modules A list of module functions or their aliases. See + * {@link angular.module}. The `ng` module must be explicitly added. + * @param {boolean=} [strictDi=false] Whether the injector should be in strict mode, which + * disallows argument name annotation inference. + * @returns {injector} Injector object. See {@link auto.$injector $injector}. + * + * @example + * Typical usage + * ```js + * // create an injector + * var $injector = angular.injector(['ng']); + * + * // use the injector to kick off your application + * // use the type inference to auto inject arguments, or use implicit injection + * $injector.invoke(function($rootScope, $compile, $document) { + * $compile($document)($rootScope); + * $rootScope.$digest(); + * }); + * ``` + * + * Sometimes you want to get access to the injector of a currently running Angular app + * from outside Angular. Perhaps, you want to inject and compile some markup after the + * application has been bootstrapped. You can do this using the extra `injector()` added + * to JQuery/jqLite elements. See {@link angular.element}. + * + * *This is fairly rare but could be the case if a third party library is injecting the + * markup.* + * + * In the following example a new block of HTML containing a `ng-controller` + * directive is added to the end of the document body by JQuery. We then compile and link + * it into the current AngularJS scope. + * + * ```js + * var $div = $('
    {{content.label}}
    '); + * $(document.body).append($div); + * + * angular.element(document).injector().invoke(function($compile) { + * var scope = angular.element($div).scope(); + * $compile($div)(scope); + * }); + * ``` + */ + + +/** + * @ngdoc module + * @name auto + * @installation + * @description + * + * Implicit module which gets automatically added to each {@link auto.$injector $injector}. + */ + +var ARROW_ARG = /^([^(]+?)=>/; +var FN_ARGS = /^[^(]*\(\s*([^)]*)\)/m; +var FN_ARG_SPLIT = /,/; +var FN_ARG = /^\s*(_?)(\S+?)\1\s*$/; +var STRIP_COMMENTS = /((\/\/.*$)|(\/\*[\s\S]*?\*\/))/mg; +var $injectorMinErr = minErr('$injector'); + +function stringifyFn(fn) { + return Function.prototype.toString.call(fn); +} + +function extractArgs(fn) { + var fnText = stringifyFn(fn).replace(STRIP_COMMENTS, ''), + args = fnText.match(ARROW_ARG) || fnText.match(FN_ARGS); + return args; +} + +function anonFn(fn) { + // For anonymous functions, showing at the very least the function signature can help in + // debugging. + var args = extractArgs(fn); + if (args) { + return 'function(' + (args[1] || '').replace(/[\s\r\n]+/, ' ') + ')'; + } + return 'fn'; +} + +function annotate(fn, strictDi, name) { + var $inject, + argDecl, + last; + + if (typeof fn === 'function') { + if (!($inject = fn.$inject)) { + $inject = []; + if (fn.length) { + if (strictDi) { + if (!isString(name) || !name) { + name = fn.name || anonFn(fn); + } + throw $injectorMinErr('strictdi', + '{0} is not using explicit annotation and cannot be invoked in strict mode', name); + } + argDecl = extractArgs(fn); + forEach(argDecl[1].split(FN_ARG_SPLIT), function(arg) { + arg.replace(FN_ARG, function(all, underscore, name) { + $inject.push(name); + }); + }); + } + fn.$inject = $inject; + } + } else if (isArray(fn)) { + last = fn.length - 1; + assertArgFn(fn[last], 'fn'); + $inject = fn.slice(0, last); + } else { + assertArgFn(fn, 'fn', true); + } + return $inject; +} + +/////////////////////////////////////// + +/** + * @ngdoc service + * @name $injector + * + * @description + * + * `$injector` is used to retrieve object instances as defined by + * {@link auto.$provide provider}, instantiate types, invoke methods, + * and load modules. + * + * The following always holds true: + * + * ```js + * var $injector = angular.injector(); + * expect($injector.get('$injector')).toBe($injector); + * expect($injector.invoke(function($injector) { + * return $injector; + * })).toBe($injector); + * ``` + * + * # Injection Function Annotation + * + * JavaScript does not have annotations, and annotations are needed for dependency injection. The + * following are all valid ways of annotating function with injection arguments and are equivalent. + * + * ```js + * // inferred (only works if code not minified/obfuscated) + * $injector.invoke(function(serviceA){}); + * + * // annotated + * function explicit(serviceA) {}; + * explicit.$inject = ['serviceA']; + * $injector.invoke(explicit); + * + * // inline + * $injector.invoke(['serviceA', function(serviceA){}]); + * ``` + * + * ## Inference + * + * In JavaScript calling `toString()` on a function returns the function definition. The definition + * can then be parsed and the function arguments can be extracted. This method of discovering + * annotations is disallowed when the injector is in strict mode. + * *NOTE:* This does not work with minification, and obfuscation tools since these tools change the + * argument names. + * + * ## `$inject` Annotation + * By adding an `$inject` property onto a function the injection parameters can be specified. + * + * ## Inline + * As an array of injection names, where the last item in the array is the function to call. + */ + +/** + * @ngdoc property + * @name $injector#modules + * @type {Object} + * @description + * A hash containing all the modules that have been loaded into the + * $injector. + * + * You can use this property to find out information about a module via the + * {@link angular.Module#info `myModule.info(...)`} method. + * + * For example: + * + * ``` + * var info = $injector.modules['ngAnimate'].info(); + * ``` + * + * **Do not use this property to attempt to modify the modules after the application + * has been bootstrapped.** + */ + + +/** + * @ngdoc method + * @name $injector#get + * + * @description + * Return an instance of the service. + * + * @param {string} name The name of the instance to retrieve. + * @param {string=} caller An optional string to provide the origin of the function call for error messages. + * @return {*} The instance. + */ + +/** + * @ngdoc method + * @name $injector#invoke + * + * @description + * Invoke the method and supply the method arguments from the `$injector`. + * + * @param {Function|Array.} fn The injectable function to invoke. Function parameters are + * injected according to the {@link guide/di $inject Annotation} rules. + * @param {Object=} self The `this` for the invoked method. + * @param {Object=} locals Optional object. If preset then any argument names are read from this + * object first, before the `$injector` is consulted. + * @returns {*} the value returned by the invoked `fn` function. + */ + +/** + * @ngdoc method + * @name $injector#has + * + * @description + * Allows the user to query if the particular service exists. + * + * @param {string} name Name of the service to query. + * @returns {boolean} `true` if injector has given service. + */ + +/** + * @ngdoc method + * @name $injector#instantiate + * @description + * Create a new instance of JS type. The method takes a constructor function, invokes the new + * operator, and supplies all of the arguments to the constructor function as specified by the + * constructor annotation. + * + * @param {Function} Type Annotated constructor function. + * @param {Object=} locals Optional object. If preset then any argument names are read from this + * object first, before the `$injector` is consulted. + * @returns {Object} new instance of `Type`. + */ + +/** + * @ngdoc method + * @name $injector#annotate + * + * @description + * Returns an array of service names which the function is requesting for injection. This API is + * used by the injector to determine which services need to be injected into the function when the + * function is invoked. There are three ways in which the function can be annotated with the needed + * dependencies. + * + * # Argument names + * + * The simplest form is to extract the dependencies from the arguments of the function. This is done + * by converting the function into a string using `toString()` method and extracting the argument + * names. + * ```js + * // Given + * function MyController($scope, $route) { + * // ... + * } + * + * // Then + * expect(injector.annotate(MyController)).toEqual(['$scope', '$route']); + * ``` + * + * You can disallow this method by using strict injection mode. + * + * This method does not work with code minification / obfuscation. For this reason the following + * annotation strategies are supported. + * + * # The `$inject` property + * + * If a function has an `$inject` property and its value is an array of strings, then the strings + * represent names of services to be injected into the function. + * ```js + * // Given + * var MyController = function(obfuscatedScope, obfuscatedRoute) { + * // ... + * } + * // Define function dependencies + * MyController['$inject'] = ['$scope', '$route']; + * + * // Then + * expect(injector.annotate(MyController)).toEqual(['$scope', '$route']); + * ``` + * + * # The array notation + * + * It is often desirable to inline Injected functions and that's when setting the `$inject` property + * is very inconvenient. In these situations using the array notation to specify the dependencies in + * a way that survives minification is a better choice: + * + * ```js + * // We wish to write this (not minification / obfuscation safe) + * injector.invoke(function($compile, $rootScope) { + * // ... + * }); + * + * // We are forced to write break inlining + * var tmpFn = function(obfuscatedCompile, obfuscatedRootScope) { + * // ... + * }; + * tmpFn.$inject = ['$compile', '$rootScope']; + * injector.invoke(tmpFn); + * + * // To better support inline function the inline annotation is supported + * injector.invoke(['$compile', '$rootScope', function(obfCompile, obfRootScope) { + * // ... + * }]); + * + * // Therefore + * expect(injector.annotate( + * ['$compile', '$rootScope', function(obfus_$compile, obfus_$rootScope) {}]) + * ).toEqual(['$compile', '$rootScope']); + * ``` + * + * @param {Function|Array.} fn Function for which dependent service names need to + * be retrieved as described above. + * + * @param {boolean=} [strictDi=false] Disallow argument name annotation inference. + * + * @returns {Array.} The names of the services which the function requires. + */ + + + +/** + * @ngdoc service + * @name $provide + * + * @description + * + * The {@link auto.$provide $provide} service has a number of methods for registering components + * with the {@link auto.$injector $injector}. Many of these functions are also exposed on + * {@link angular.Module}. + * + * An Angular **service** is a singleton object created by a **service factory**. These **service + * factories** are functions which, in turn, are created by a **service provider**. + * The **service providers** are constructor functions. When instantiated they must contain a + * property called `$get`, which holds the **service factory** function. + * + * When you request a service, the {@link auto.$injector $injector} is responsible for finding the + * correct **service provider**, instantiating it and then calling its `$get` **service factory** + * function to get the instance of the **service**. + * + * Often services have no configuration options and there is no need to add methods to the service + * provider. The provider will be no more than a constructor function with a `$get` property. For + * these cases the {@link auto.$provide $provide} service has additional helper methods to register + * services without specifying a provider. + * + * * {@link auto.$provide#provider provider(name, provider)} - registers a **service provider** with the + * {@link auto.$injector $injector} + * * {@link auto.$provide#constant constant(name, obj)} - registers a value/object that can be accessed by + * providers and services. + * * {@link auto.$provide#value value(name, obj)} - registers a value/object that can only be accessed by + * services, not providers. + * * {@link auto.$provide#factory factory(name, fn)} - registers a service **factory function** + * that will be wrapped in a **service provider** object, whose `$get` property will contain the + * given factory function. + * * {@link auto.$provide#service service(name, Fn)} - registers a **constructor function** + * that will be wrapped in a **service provider** object, whose `$get` property will instantiate + * a new object using the given constructor function. + * * {@link auto.$provide#decorator decorator(name, decorFn)} - registers a **decorator function** that + * will be able to modify or replace the implementation of another service. + * + * See the individual methods for more information and examples. + */ + +/** + * @ngdoc method + * @name $provide#provider + * @description + * + * Register a **provider function** with the {@link auto.$injector $injector}. Provider functions + * are constructor functions, whose instances are responsible for "providing" a factory for a + * service. + * + * Service provider names start with the name of the service they provide followed by `Provider`. + * For example, the {@link ng.$log $log} service has a provider called + * {@link ng.$logProvider $logProvider}. + * + * Service provider objects can have additional methods which allow configuration of the provider + * and its service. Importantly, you can configure what kind of service is created by the `$get` + * method, or how that service will act. For example, the {@link ng.$logProvider $logProvider} has a + * method {@link ng.$logProvider#debugEnabled debugEnabled} + * which lets you specify whether the {@link ng.$log $log} service will log debug messages to the + * console or not. + * + * @param {string} name The name of the instance. NOTE: the provider will be available under `name + + 'Provider'` key. + * @param {(Object|function())} provider If the provider is: + * + * - `Object`: then it should have a `$get` method. The `$get` method will be invoked using + * {@link auto.$injector#invoke $injector.invoke()} when an instance needs to be created. + * - `Constructor`: a new instance of the provider will be created using + * {@link auto.$injector#instantiate $injector.instantiate()}, then treated as `object`. + * + * @returns {Object} registered provider instance + + * @example + * + * The following example shows how to create a simple event tracking service and register it using + * {@link auto.$provide#provider $provide.provider()}. + * + * ```js + * // Define the eventTracker provider + * function EventTrackerProvider() { + * var trackingUrl = '/track'; + * + * // A provider method for configuring where the tracked events should been saved + * this.setTrackingUrl = function(url) { + * trackingUrl = url; + * }; + * + * // The service factory function + * this.$get = ['$http', function($http) { + * var trackedEvents = {}; + * return { + * // Call this to track an event + * event: function(event) { + * var count = trackedEvents[event] || 0; + * count += 1; + * trackedEvents[event] = count; + * return count; + * }, + * // Call this to save the tracked events to the trackingUrl + * save: function() { + * $http.post(trackingUrl, trackedEvents); + * } + * }; + * }]; + * } + * + * describe('eventTracker', function() { + * var postSpy; + * + * beforeEach(module(function($provide) { + * // Register the eventTracker provider + * $provide.provider('eventTracker', EventTrackerProvider); + * })); + * + * beforeEach(module(function(eventTrackerProvider) { + * // Configure eventTracker provider + * eventTrackerProvider.setTrackingUrl('/custom-track'); + * })); + * + * it('tracks events', inject(function(eventTracker) { + * expect(eventTracker.event('login')).toEqual(1); + * expect(eventTracker.event('login')).toEqual(2); + * })); + * + * it('saves to the tracking url', inject(function(eventTracker, $http) { + * postSpy = spyOn($http, 'post'); + * eventTracker.event('login'); + * eventTracker.save(); + * expect(postSpy).toHaveBeenCalled(); + * expect(postSpy.mostRecentCall.args[0]).not.toEqual('/track'); + * expect(postSpy.mostRecentCall.args[0]).toEqual('/custom-track'); + * expect(postSpy.mostRecentCall.args[1]).toEqual({ 'login': 1 }); + * })); + * }); + * ``` + */ + +/** + * @ngdoc method + * @name $provide#factory + * @description + * + * Register a **service factory**, which will be called to return the service instance. + * This is short for registering a service where its provider consists of only a `$get` property, + * which is the given service factory function. + * You should use {@link auto.$provide#factory $provide.factory(getFn)} if you do not need to + * configure your service in a provider. + * + * @param {string} name The name of the instance. + * @param {Function|Array.} $getFn The injectable $getFn for the instance creation. + * Internally this is a short hand for `$provide.provider(name, {$get: $getFn})`. + * @returns {Object} registered provider instance + * + * @example + * Here is an example of registering a service + * ```js + * $provide.factory('ping', ['$http', function($http) { + * return function ping() { + * return $http.send('/ping'); + * }; + * }]); + * ``` + * You would then inject and use this service like this: + * ```js + * someModule.controller('Ctrl', ['ping', function(ping) { + * ping(); + * }]); + * ``` + */ + + +/** + * @ngdoc method + * @name $provide#service + * @description + * + * Register a **service constructor**, which will be invoked with `new` to create the service + * instance. + * This is short for registering a service where its provider's `$get` property is a factory + * function that returns an instance instantiated by the injector from the service constructor + * function. + * + * Internally it looks a bit like this: + * + * ``` + * { + * $get: function() { + * return $injector.instantiate(constructor); + * } + * } + * ``` + * + * + * You should use {@link auto.$provide#service $provide.service(class)} if you define your service + * as a type/class. + * + * @param {string} name The name of the instance. + * @param {Function|Array.} constructor An injectable class (constructor function) + * that will be instantiated. + * @returns {Object} registered provider instance + * + * @example + * Here is an example of registering a service using + * {@link auto.$provide#service $provide.service(class)}. + * ```js + * var Ping = function($http) { + * this.$http = $http; + * }; + * + * Ping.$inject = ['$http']; + * + * Ping.prototype.send = function() { + * return this.$http.get('/ping'); + * }; + * $provide.service('ping', Ping); + * ``` + * You would then inject and use this service like this: + * ```js + * someModule.controller('Ctrl', ['ping', function(ping) { + * ping.send(); + * }]); + * ``` + */ + + +/** + * @ngdoc method + * @name $provide#value + * @description + * + * Register a **value service** with the {@link auto.$injector $injector}, such as a string, a + * number, an array, an object or a function. This is short for registering a service where its + * provider's `$get` property is a factory function that takes no arguments and returns the **value + * service**. That also means it is not possible to inject other services into a value service. + * + * Value services are similar to constant services, except that they cannot be injected into a + * module configuration function (see {@link angular.Module#config}) but they can be overridden by + * an Angular {@link auto.$provide#decorator decorator}. + * + * @param {string} name The name of the instance. + * @param {*} value The value. + * @returns {Object} registered provider instance + * + * @example + * Here are some examples of creating value services. + * ```js + * $provide.value('ADMIN_USER', 'admin'); + * + * $provide.value('RoleLookup', { admin: 0, writer: 1, reader: 2 }); + * + * $provide.value('halfOf', function(value) { + * return value / 2; + * }); + * ``` + */ + + +/** + * @ngdoc method + * @name $provide#constant + * @description + * + * Register a **constant service** with the {@link auto.$injector $injector}, such as a string, + * a number, an array, an object or a function. Like the {@link auto.$provide#value value}, it is not + * possible to inject other services into a constant. + * + * But unlike {@link auto.$provide#value value}, a constant can be + * injected into a module configuration function (see {@link angular.Module#config}) and it cannot + * be overridden by an Angular {@link auto.$provide#decorator decorator}. + * + * @param {string} name The name of the constant. + * @param {*} value The constant value. + * @returns {Object} registered instance + * + * @example + * Here a some examples of creating constants: + * ```js + * $provide.constant('SHARD_HEIGHT', 306); + * + * $provide.constant('MY_COLOURS', ['red', 'blue', 'grey']); + * + * $provide.constant('double', function(value) { + * return value * 2; + * }); + * ``` + */ + + +/** + * @ngdoc method + * @name $provide#decorator + * @description + * + * Register a **decorator function** with the {@link auto.$injector $injector}. A decorator function + * intercepts the creation of a service, allowing it to override or modify the behavior of the + * service. The return value of the decorator function may be the original service, or a new service + * that replaces (or wraps and delegates to) the original service. + * + * You can find out more about using decorators in the {@link guide/decorators} guide. + * + * @param {string} name The name of the service to decorate. + * @param {Function|Array.} decorator This function will be invoked when the service needs to be + * provided and should return the decorated service instance. The function is called using + * the {@link auto.$injector#invoke injector.invoke} method and is therefore fully injectable. + * Local injection arguments: + * + * * `$delegate` - The original service instance, which can be replaced, monkey patched, configured, + * decorated or delegated to. + * + * @example + * Here we decorate the {@link ng.$log $log} service to convert warnings to errors by intercepting + * calls to {@link ng.$log#error $log.warn()}. + * ```js + * $provide.decorator('$log', ['$delegate', function($delegate) { + * $delegate.warn = $delegate.error; + * return $delegate; + * }]); + * ``` + */ + + +function createInjector(modulesToLoad, strictDi) { + strictDi = (strictDi === true); + var INSTANTIATING = {}, + providerSuffix = 'Provider', + path = [], + loadedModules = new NgMap(), + providerCache = { + $provide: { + provider: supportObject(provider), + factory: supportObject(factory), + service: supportObject(service), + value: supportObject(value), + constant: supportObject(constant), + decorator: decorator + } + }, + providerInjector = (providerCache.$injector = + createInternalInjector(providerCache, function(serviceName, caller) { + if (angular.isString(caller)) { + path.push(caller); + } + throw $injectorMinErr('unpr', 'Unknown provider: {0}', path.join(' <- ')); + })), + instanceCache = {}, + protoInstanceInjector = + createInternalInjector(instanceCache, function(serviceName, caller) { + var provider = providerInjector.get(serviceName + providerSuffix, caller); + return instanceInjector.invoke( + provider.$get, provider, undefined, serviceName); + }), + instanceInjector = protoInstanceInjector; + + providerCache['$injector' + providerSuffix] = { $get: valueFn(protoInstanceInjector) }; + instanceInjector.modules = providerInjector.modules = createMap(); + var runBlocks = loadModules(modulesToLoad); + instanceInjector = protoInstanceInjector.get('$injector'); + instanceInjector.strictDi = strictDi; + forEach(runBlocks, function(fn) { if (fn) instanceInjector.invoke(fn); }); + + return instanceInjector; + + //////////////////////////////////// + // $provider + //////////////////////////////////// + + function supportObject(delegate) { + return function(key, value) { + if (isObject(key)) { + forEach(key, reverseParams(delegate)); + } else { + return delegate(key, value); + } + }; + } + + function provider(name, provider_) { + assertNotHasOwnProperty(name, 'service'); + if (isFunction(provider_) || isArray(provider_)) { + provider_ = providerInjector.instantiate(provider_); + } + if (!provider_.$get) { + throw $injectorMinErr('pget', 'Provider \'{0}\' must define $get factory method.', name); + } + return (providerCache[name + providerSuffix] = provider_); + } + + function enforceReturnValue(name, factory) { + return /** @this */ function enforcedReturnValue() { + var result = instanceInjector.invoke(factory, this); + if (isUndefined(result)) { + throw $injectorMinErr('undef', 'Provider \'{0}\' must return a value from $get factory method.', name); + } + return result; + }; + } + + function factory(name, factoryFn, enforce) { + return provider(name, { + $get: enforce !== false ? enforceReturnValue(name, factoryFn) : factoryFn + }); + } + + function service(name, constructor) { + return factory(name, ['$injector', function($injector) { + return $injector.instantiate(constructor); + }]); + } + + function value(name, val) { return factory(name, valueFn(val), false); } + + function constant(name, value) { + assertNotHasOwnProperty(name, 'constant'); + providerCache[name] = value; + instanceCache[name] = value; + } + + function decorator(serviceName, decorFn) { + var origProvider = providerInjector.get(serviceName + providerSuffix), + orig$get = origProvider.$get; + + origProvider.$get = function() { + var origInstance = instanceInjector.invoke(orig$get, origProvider); + return instanceInjector.invoke(decorFn, null, {$delegate: origInstance}); + }; + } + + //////////////////////////////////// + // Module Loading + //////////////////////////////////// + function loadModules(modulesToLoad) { + assertArg(isUndefined(modulesToLoad) || isArray(modulesToLoad), 'modulesToLoad', 'not an array'); + var runBlocks = [], moduleFn; + forEach(modulesToLoad, function(module) { + if (loadedModules.get(module)) return; + loadedModules.set(module, true); + + function runInvokeQueue(queue) { + var i, ii; + for (i = 0, ii = queue.length; i < ii; i++) { + var invokeArgs = queue[i], + provider = providerInjector.get(invokeArgs[0]); + + provider[invokeArgs[1]].apply(provider, invokeArgs[2]); + } + } + + try { + if (isString(module)) { + moduleFn = angularModule(module); + instanceInjector.modules[module] = moduleFn; + runBlocks = runBlocks.concat(loadModules(moduleFn.requires)).concat(moduleFn._runBlocks); + runInvokeQueue(moduleFn._invokeQueue); + runInvokeQueue(moduleFn._configBlocks); + } else if (isFunction(module)) { + runBlocks.push(providerInjector.invoke(module)); + } else if (isArray(module)) { + runBlocks.push(providerInjector.invoke(module)); + } else { + assertArgFn(module, 'module'); + } + } catch (e) { + if (isArray(module)) { + module = module[module.length - 1]; + } + if (e.message && e.stack && e.stack.indexOf(e.message) === -1) { + // Safari & FF's stack traces don't contain error.message content + // unlike those of Chrome and IE + // So if stack doesn't contain message, we create a new string that contains both. + // Since error.stack is read-only in Safari, I'm overriding e and not e.stack here. + // eslint-disable-next-line no-ex-assign + e = e.message + '\n' + e.stack; + } + throw $injectorMinErr('modulerr', 'Failed to instantiate module {0} due to:\n{1}', + module, e.stack || e.message || e); + } + }); + return runBlocks; + } + + //////////////////////////////////// + // internal Injector + //////////////////////////////////// + + function createInternalInjector(cache, factory) { + + function getService(serviceName, caller) { + if (cache.hasOwnProperty(serviceName)) { + if (cache[serviceName] === INSTANTIATING) { + throw $injectorMinErr('cdep', 'Circular dependency found: {0}', + serviceName + ' <- ' + path.join(' <- ')); + } + return cache[serviceName]; + } else { + try { + path.unshift(serviceName); + cache[serviceName] = INSTANTIATING; + cache[serviceName] = factory(serviceName, caller); + return cache[serviceName]; + } catch (err) { + if (cache[serviceName] === INSTANTIATING) { + delete cache[serviceName]; + } + throw err; + } finally { + path.shift(); + } + } + } + + + function injectionArgs(fn, locals, serviceName) { + var args = [], + $inject = createInjector.$$annotate(fn, strictDi, serviceName); + + for (var i = 0, length = $inject.length; i < length; i++) { + var key = $inject[i]; + if (typeof key !== 'string') { + throw $injectorMinErr('itkn', + 'Incorrect injection token! Expected service name as string, got {0}', key); + } + args.push(locals && locals.hasOwnProperty(key) ? locals[key] : + getService(key, serviceName)); + } + return args; + } + + function isClass(func) { + // Support: IE 9-11 only + // IE 9-11 do not support classes and IE9 leaks with the code below. + if (msie || typeof func !== 'function') { + return false; + } + var result = func.$$ngIsClass; + if (!isBoolean(result)) { + // Support: Edge 12-13 only + // See: https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/6156135/ + result = func.$$ngIsClass = /^(?:class\b|constructor\()/.test(stringifyFn(func)); + } + return result; + } + + function invoke(fn, self, locals, serviceName) { + if (typeof locals === 'string') { + serviceName = locals; + locals = null; + } + + var args = injectionArgs(fn, locals, serviceName); + if (isArray(fn)) { + fn = fn[fn.length - 1]; + } + + if (!isClass(fn)) { + // http://jsperf.com/angularjs-invoke-apply-vs-switch + // #5388 + return fn.apply(self, args); + } else { + args.unshift(null); + return new (Function.prototype.bind.apply(fn, args))(); + } + } + + + function instantiate(Type, locals, serviceName) { + // Check if Type is annotated and use just the given function at n-1 as parameter + // e.g. someModule.factory('greeter', ['$window', function(renamed$window) {}]); + var ctor = (isArray(Type) ? Type[Type.length - 1] : Type); + var args = injectionArgs(Type, locals, serviceName); + // Empty object at position 0 is ignored for invocation with `new`, but required. + args.unshift(null); + return new (Function.prototype.bind.apply(ctor, args))(); + } + + + return { + invoke: invoke, + instantiate: instantiate, + get: getService, + annotate: createInjector.$$annotate, + has: function(name) { + return providerCache.hasOwnProperty(name + providerSuffix) || cache.hasOwnProperty(name); + } + }; + } +} + +createInjector.$$annotate = annotate; + +/** + * @ngdoc provider + * @name $anchorScrollProvider + * @this + * + * @description + * Use `$anchorScrollProvider` to disable automatic scrolling whenever + * {@link ng.$location#hash $location.hash()} changes. + */ +function $AnchorScrollProvider() { + + var autoScrollingEnabled = true; + + /** + * @ngdoc method + * @name $anchorScrollProvider#disableAutoScrolling + * + * @description + * By default, {@link ng.$anchorScroll $anchorScroll()} will automatically detect changes to + * {@link ng.$location#hash $location.hash()} and scroll to the element matching the new hash.
    + * Use this method to disable automatic scrolling. + * + * If automatic scrolling is disabled, one must explicitly call + * {@link ng.$anchorScroll $anchorScroll()} in order to scroll to the element related to the + * current hash. + */ + this.disableAutoScrolling = function() { + autoScrollingEnabled = false; + }; + + /** + * @ngdoc service + * @name $anchorScroll + * @kind function + * @requires $window + * @requires $location + * @requires $rootScope + * + * @description + * When called, it scrolls to the element related to the specified `hash` or (if omitted) to the + * current value of {@link ng.$location#hash $location.hash()}, according to the rules specified + * in the + * [HTML5 spec](http://www.w3.org/html/wg/drafts/html/master/browsers.html#an-indicated-part-of-the-document). + * + * It also watches the {@link ng.$location#hash $location.hash()} and automatically scrolls to + * match any anchor whenever it changes. This can be disabled by calling + * {@link ng.$anchorScrollProvider#disableAutoScrolling $anchorScrollProvider.disableAutoScrolling()}. + * + * Additionally, you can use its {@link ng.$anchorScroll#yOffset yOffset} property to specify a + * vertical scroll-offset (either fixed or dynamic). + * + * @param {string=} hash The hash specifying the element to scroll to. If omitted, the value of + * {@link ng.$location#hash $location.hash()} will be used. + * + * @property {(number|function|jqLite)} yOffset + * If set, specifies a vertical scroll-offset. This is often useful when there are fixed + * positioned elements at the top of the page, such as navbars, headers etc. + * + * `yOffset` can be specified in various ways: + * - **number**: A fixed number of pixels to be used as offset.

    + * - **function**: A getter function called everytime `$anchorScroll()` is executed. Must return + * a number representing the offset (in pixels).

    + * - **jqLite**: A jqLite/jQuery element to be used for specifying the offset. The distance from + * the top of the page to the element's bottom will be used as offset.
    + * **Note**: The element will be taken into account only as long as its `position` is set to + * `fixed`. This option is useful, when dealing with responsive navbars/headers that adjust + * their height and/or positioning according to the viewport's size. + * + *
    + *
    + * In order for `yOffset` to work properly, scrolling should take place on the document's root and + * not some child element. + *
    + * + * @example + + +
    + Go to bottom + You're at the bottom! +
    +
    + + angular.module('anchorScrollExample', []) + .controller('ScrollController', ['$scope', '$location', '$anchorScroll', + function($scope, $location, $anchorScroll) { + $scope.gotoBottom = function() { + // set the location.hash to the id of + // the element you wish to scroll to. + $location.hash('bottom'); + + // call $anchorScroll() + $anchorScroll(); + }; + }]); + + + #scrollArea { + height: 280px; + overflow: auto; + } + + #bottom { + display: block; + margin-top: 2000px; + } + +
    + * + *
    + * The example below illustrates the use of a vertical scroll-offset (specified as a fixed value). + * See {@link ng.$anchorScroll#yOffset $anchorScroll.yOffset} for more details. + * + * @example + + + +
    + Anchor {{x}} of 5 +
    +
    + + angular.module('anchorScrollOffsetExample', []) + .run(['$anchorScroll', function($anchorScroll) { + $anchorScroll.yOffset = 50; // always scroll by 50 extra pixels + }]) + .controller('headerCtrl', ['$anchorScroll', '$location', '$scope', + function($anchorScroll, $location, $scope) { + $scope.gotoAnchor = function(x) { + var newHash = 'anchor' + x; + if ($location.hash() !== newHash) { + // set the $location.hash to `newHash` and + // $anchorScroll will automatically scroll to it + $location.hash('anchor' + x); + } else { + // call $anchorScroll() explicitly, + // since $location.hash hasn't changed + $anchorScroll(); + } + }; + } + ]); + + + body { + padding-top: 50px; + } + + .anchor { + border: 2px dashed DarkOrchid; + padding: 10px 10px 200px 10px; + } + + .fixed-header { + background-color: rgba(0, 0, 0, 0.2); + height: 50px; + position: fixed; + top: 0; left: 0; right: 0; + } + + .fixed-header > a { + display: inline-block; + margin: 5px 15px; + } + +
    + */ + this.$get = ['$window', '$location', '$rootScope', function($window, $location, $rootScope) { + var document = $window.document; + + // Helper function to get first anchor from a NodeList + // (using `Array#some()` instead of `angular#forEach()` since it's more performant + // and working in all supported browsers.) + function getFirstAnchor(list) { + var result = null; + Array.prototype.some.call(list, function(element) { + if (nodeName_(element) === 'a') { + result = element; + return true; + } + }); + return result; + } + + function getYOffset() { + + var offset = scroll.yOffset; + + if (isFunction(offset)) { + offset = offset(); + } else if (isElement(offset)) { + var elem = offset[0]; + var style = $window.getComputedStyle(elem); + if (style.position !== 'fixed') { + offset = 0; + } else { + offset = elem.getBoundingClientRect().bottom; + } + } else if (!isNumber(offset)) { + offset = 0; + } + + return offset; + } + + function scrollTo(elem) { + if (elem) { + elem.scrollIntoView(); + + var offset = getYOffset(); + + if (offset) { + // `offset` is the number of pixels we should scroll UP in order to align `elem` properly. + // This is true ONLY if the call to `elem.scrollIntoView()` initially aligns `elem` at the + // top of the viewport. + // + // IF the number of pixels from the top of `elem` to the end of the page's content is less + // than the height of the viewport, then `elem.scrollIntoView()` will align the `elem` some + // way down the page. + // + // This is often the case for elements near the bottom of the page. + // + // In such cases we do not need to scroll the whole `offset` up, just the difference between + // the top of the element and the offset, which is enough to align the top of `elem` at the + // desired position. + var elemTop = elem.getBoundingClientRect().top; + $window.scrollBy(0, elemTop - offset); + } + } else { + $window.scrollTo(0, 0); + } + } + + function scroll(hash) { + // Allow numeric hashes + hash = isString(hash) ? hash : isNumber(hash) ? hash.toString() : $location.hash(); + var elm; + + // empty hash, scroll to the top of the page + if (!hash) scrollTo(null); + + // element with given id + else if ((elm = document.getElementById(hash))) scrollTo(elm); + + // first anchor with given name :-D + else if ((elm = getFirstAnchor(document.getElementsByName(hash)))) scrollTo(elm); + + // no element and hash === 'top', scroll to the top of the page + else if (hash === 'top') scrollTo(null); + } + + // does not scroll when user clicks on anchor link that is currently on + // (no url change, no $location.hash() change), browser native does scroll + if (autoScrollingEnabled) { + $rootScope.$watch(function autoScrollWatch() {return $location.hash();}, + function autoScrollWatchAction(newVal, oldVal) { + // skip the initial scroll if $location.hash is empty + if (newVal === oldVal && newVal === '') return; + + jqLiteDocumentLoaded(function() { + $rootScope.$evalAsync(scroll); + }); + }); + } + + return scroll; + }]; +} + +var $animateMinErr = minErr('$animate'); +var ELEMENT_NODE = 1; +var NG_ANIMATE_CLASSNAME = 'ng-animate'; + +function mergeClasses(a,b) { + if (!a && !b) return ''; + if (!a) return b; + if (!b) return a; + if (isArray(a)) a = a.join(' '); + if (isArray(b)) b = b.join(' '); + return a + ' ' + b; +} + +function extractElementNode(element) { + for (var i = 0; i < element.length; i++) { + var elm = element[i]; + if (elm.nodeType === ELEMENT_NODE) { + return elm; + } + } +} + +function splitClasses(classes) { + if (isString(classes)) { + classes = classes.split(' '); + } + + // Use createMap() to prevent class assumptions involving property names in + // Object.prototype + var obj = createMap(); + forEach(classes, function(klass) { + // sometimes the split leaves empty string values + // incase extra spaces were applied to the options + if (klass.length) { + obj[klass] = true; + } + }); + return obj; +} + +// if any other type of options value besides an Object value is +// passed into the $animate.method() animation then this helper code +// will be run which will ignore it. While this patch is not the +// greatest solution to this, a lot of existing plugins depend on +// $animate to either call the callback (< 1.2) or return a promise +// that can be changed. This helper function ensures that the options +// are wiped clean incase a callback function is provided. +function prepareAnimateOptions(options) { + return isObject(options) + ? options + : {}; +} + +var $$CoreAnimateJsProvider = /** @this */ function() { + this.$get = noop; +}; + +// this is prefixed with Core since it conflicts with +// the animateQueueProvider defined in ngAnimate/animateQueue.js +var $$CoreAnimateQueueProvider = /** @this */ function() { + var postDigestQueue = new NgMap(); + var postDigestElements = []; + + this.$get = ['$$AnimateRunner', '$rootScope', + function($$AnimateRunner, $rootScope) { + return { + enabled: noop, + on: noop, + off: noop, + pin: noop, + + push: function(element, event, options, domOperation) { + if (domOperation) { + domOperation(); + } + + options = options || {}; + if (options.from) { + element.css(options.from); + } + if (options.to) { + element.css(options.to); + } + + if (options.addClass || options.removeClass) { + addRemoveClassesPostDigest(element, options.addClass, options.removeClass); + } + + var runner = new $$AnimateRunner(); + + // since there are no animations to run the runner needs to be + // notified that the animation call is complete. + runner.complete(); + return runner; + } + }; + + + function updateData(data, classes, value) { + var changed = false; + if (classes) { + classes = isString(classes) ? classes.split(' ') : + isArray(classes) ? classes : []; + forEach(classes, function(className) { + if (className) { + changed = true; + data[className] = value; + } + }); + } + return changed; + } + + function handleCSSClassChanges() { + forEach(postDigestElements, function(element) { + var data = postDigestQueue.get(element); + if (data) { + var existing = splitClasses(element.attr('class')); + var toAdd = ''; + var toRemove = ''; + forEach(data, function(status, className) { + var hasClass = !!existing[className]; + if (status !== hasClass) { + if (status) { + toAdd += (toAdd.length ? ' ' : '') + className; + } else { + toRemove += (toRemove.length ? ' ' : '') + className; + } + } + }); + + forEach(element, function(elm) { + if (toAdd) { + jqLiteAddClass(elm, toAdd); + } + if (toRemove) { + jqLiteRemoveClass(elm, toRemove); + } + }); + postDigestQueue.delete(element); + } + }); + postDigestElements.length = 0; + } + + + function addRemoveClassesPostDigest(element, add, remove) { + var data = postDigestQueue.get(element) || {}; + + var classesAdded = updateData(data, add, true); + var classesRemoved = updateData(data, remove, false); + + if (classesAdded || classesRemoved) { + + postDigestQueue.set(element, data); + postDigestElements.push(element); + + if (postDigestElements.length === 1) { + $rootScope.$$postDigest(handleCSSClassChanges); + } + } + } + }]; +}; + +/** + * @ngdoc provider + * @name $animateProvider + * + * @description + * Default implementation of $animate that doesn't perform any animations, instead just + * synchronously performs DOM updates and resolves the returned runner promise. + * + * In order to enable animations the `ngAnimate` module has to be loaded. + * + * To see the functional implementation check out `src/ngAnimate/animate.js`. + */ +var $AnimateProvider = ['$provide', /** @this */ function($provide) { + var provider = this; + var classNameFilter = null; + + this.$$registeredAnimations = Object.create(null); + + /** + * @ngdoc method + * @name $animateProvider#register + * + * @description + * Registers a new injectable animation factory function. The factory function produces the + * animation object which contains callback functions for each event that is expected to be + * animated. + * + * * `eventFn`: `function(element, ... , doneFunction, options)` + * The element to animate, the `doneFunction` and the options fed into the animation. Depending + * on the type of animation additional arguments will be injected into the animation function. The + * list below explains the function signatures for the different animation methods: + * + * - setClass: function(element, addedClasses, removedClasses, doneFunction, options) + * - addClass: function(element, addedClasses, doneFunction, options) + * - removeClass: function(element, removedClasses, doneFunction, options) + * - enter, leave, move: function(element, doneFunction, options) + * - animate: function(element, fromStyles, toStyles, doneFunction, options) + * + * Make sure to trigger the `doneFunction` once the animation is fully complete. + * + * ```js + * return { + * //enter, leave, move signature + * eventFn : function(element, done, options) { + * //code to run the animation + * //once complete, then run done() + * return function endFunction(wasCancelled) { + * //code to cancel the animation + * } + * } + * } + * ``` + * + * @param {string} name The name of the animation (this is what the class-based CSS value will be compared to). + * @param {Function} factory The factory function that will be executed to return the animation + * object. + */ + this.register = function(name, factory) { + if (name && name.charAt(0) !== '.') { + throw $animateMinErr('notcsel', 'Expecting class selector starting with \'.\' got \'{0}\'.', name); + } + + var key = name + '-animation'; + provider.$$registeredAnimations[name.substr(1)] = key; + $provide.factory(key, factory); + }; + + /** + * @ngdoc method + * @name $animateProvider#classNameFilter + * + * @description + * Sets and/or returns the CSS class regular expression that is checked when performing + * an animation. Upon bootstrap the classNameFilter value is not set at all and will + * therefore enable $animate to attempt to perform an animation on any element that is triggered. + * When setting the `classNameFilter` value, animations will only be performed on elements + * that successfully match the filter expression. This in turn can boost performance + * for low-powered devices as well as applications containing a lot of structural operations. + * @param {RegExp=} expression The className expression which will be checked against all animations + * @return {RegExp} The current CSS className expression value. If null then there is no expression value + */ + this.classNameFilter = function(expression) { + if (arguments.length === 1) { + classNameFilter = (expression instanceof RegExp) ? expression : null; + if (classNameFilter) { + var reservedRegex = new RegExp('[(\\s|\\/)]' + NG_ANIMATE_CLASSNAME + '[(\\s|\\/)]'); + if (reservedRegex.test(classNameFilter.toString())) { + classNameFilter = null; + throw $animateMinErr('nongcls', '$animateProvider.classNameFilter(regex) prohibits accepting a regex value which matches/contains the "{0}" CSS class.', NG_ANIMATE_CLASSNAME); + } + } + } + return classNameFilter; + }; + + this.$get = ['$$animateQueue', function($$animateQueue) { + function domInsert(element, parentElement, afterElement) { + // if for some reason the previous element was removed + // from the dom sometime before this code runs then let's + // just stick to using the parent element as the anchor + if (afterElement) { + var afterNode = extractElementNode(afterElement); + if (afterNode && !afterNode.parentNode && !afterNode.previousElementSibling) { + afterElement = null; + } + } + if (afterElement) { + afterElement.after(element); + } else { + parentElement.prepend(element); + } + } + + /** + * @ngdoc service + * @name $animate + * @description The $animate service exposes a series of DOM utility methods that provide support + * for animation hooks. The default behavior is the application of DOM operations, however, + * when an animation is detected (and animations are enabled), $animate will do the heavy lifting + * to ensure that animation runs with the triggered DOM operation. + * + * By default $animate doesn't trigger any animations. This is because the `ngAnimate` module isn't + * included and only when it is active then the animation hooks that `$animate` triggers will be + * functional. Once active then all structural `ng-` directives will trigger animations as they perform + * their DOM-related operations (enter, leave and move). Other directives such as `ngClass`, + * `ngShow`, `ngHide` and `ngMessages` also provide support for animations. + * + * It is recommended that the`$animate` service is always used when executing DOM-related procedures within directives. + * + * To learn more about enabling animation support, click here to visit the + * {@link ngAnimate ngAnimate module page}. + */ + return { + // we don't call it directly since non-existant arguments may + // be interpreted as null within the sub enabled function + + /** + * + * @ngdoc method + * @name $animate#on + * @kind function + * @description Sets up an event listener to fire whenever the animation event (enter, leave, move, etc...) + * has fired on the given element or among any of its children. Once the listener is fired, the provided callback + * is fired with the following params: + * + * ```js + * $animate.on('enter', container, + * function callback(element, phase) { + * // cool we detected an enter animation within the container + * } + * ); + * ``` + * + * @param {string} event the animation event that will be captured (e.g. enter, leave, move, addClass, removeClass, etc...) + * @param {DOMElement} container the container element that will capture each of the animation events that are fired on itself + * as well as among its children + * @param {Function} callback the callback function that will be fired when the listener is triggered + * + * The arguments present in the callback function are: + * * `element` - The captured DOM element that the animation was fired on. + * * `phase` - The phase of the animation. The two possible phases are **start** (when the animation starts) and **close** (when it ends). + */ + on: $$animateQueue.on, + + /** + * + * @ngdoc method + * @name $animate#off + * @kind function + * @description Deregisters an event listener based on the event which has been associated with the provided element. This method + * can be used in three different ways depending on the arguments: + * + * ```js + * // remove all the animation event listeners listening for `enter` + * $animate.off('enter'); + * + * // remove listeners for all animation events from the container element + * $animate.off(container); + * + * // remove all the animation event listeners listening for `enter` on the given element and its children + * $animate.off('enter', container); + * + * // remove the event listener function provided by `callback` that is set + * // to listen for `enter` on the given `container` as well as its children + * $animate.off('enter', container, callback); + * ``` + * + * @param {string|DOMElement} event|container the animation event (e.g. enter, leave, move, + * addClass, removeClass, etc...), or the container element. If it is the element, all other + * arguments are ignored. + * @param {DOMElement=} container the container element the event listener was placed on + * @param {Function=} callback the callback function that was registered as the listener + */ + off: $$animateQueue.off, + + /** + * @ngdoc method + * @name $animate#pin + * @kind function + * @description Associates the provided element with a host parent element to allow the element to be animated even if it exists + * outside of the DOM structure of the Angular application. By doing so, any animation triggered via `$animate` can be issued on the + * element despite being outside the realm of the application or within another application. Say for example if the application + * was bootstrapped on an element that is somewhere inside of the `` tag, but we wanted to allow for an element to be situated + * as a direct child of `document.body`, then this can be achieved by pinning the element via `$animate.pin(element)`. Keep in mind + * that calling `$animate.pin(element, parentElement)` will not actually insert into the DOM anywhere; it will just create the association. + * + * Note that this feature is only active when the `ngAnimate` module is used. + * + * @param {DOMElement} element the external element that will be pinned + * @param {DOMElement} parentElement the host parent element that will be associated with the external element + */ + pin: $$animateQueue.pin, + + /** + * + * @ngdoc method + * @name $animate#enabled + * @kind function + * @description Used to get and set whether animations are enabled or not on the entire application or on an element and its children. This + * function can be called in four ways: + * + * ```js + * // returns true or false + * $animate.enabled(); + * + * // changes the enabled state for all animations + * $animate.enabled(false); + * $animate.enabled(true); + * + * // returns true or false if animations are enabled for an element + * $animate.enabled(element); + * + * // changes the enabled state for an element and its children + * $animate.enabled(element, true); + * $animate.enabled(element, false); + * ``` + * + * @param {DOMElement=} element the element that will be considered for checking/setting the enabled state + * @param {boolean=} enabled whether or not the animations will be enabled for the element + * + * @return {boolean} whether or not animations are enabled + */ + enabled: $$animateQueue.enabled, + + /** + * @ngdoc method + * @name $animate#cancel + * @kind function + * @description Cancels the provided animation. + * + * @param {Promise} animationPromise The animation promise that is returned when an animation is started. + */ + cancel: function(runner) { + if (runner.end) { + runner.end(); + } + }, + + /** + * + * @ngdoc method + * @name $animate#enter + * @kind function + * @description Inserts the element into the DOM either after the `after` element (if provided) or + * as the first child within the `parent` element and then triggers an animation. + * A promise is returned that will be resolved during the next digest once the animation + * has completed. + * + * @param {DOMElement} element the element which will be inserted into the DOM + * @param {DOMElement} parent the parent element which will append the element as + * a child (so long as the after element is not present) + * @param {DOMElement=} after the sibling element after which the element will be appended + * @param {object=} options an optional collection of options/styles that will be applied to the element. + * The object can have the following properties: + * + * - **addClass** - `{string}` - space-separated CSS classes to add to element + * - **from** - `{Object}` - CSS properties & values at the beginning of animation. Must have matching `to` + * - **removeClass** - `{string}` - space-separated CSS classes to remove from element + * - **to** - `{Object}` - CSS properties & values at end of animation. Must have matching `from` + * + * @return {Promise} the animation callback promise + */ + enter: function(element, parent, after, options) { + parent = parent && jqLite(parent); + after = after && jqLite(after); + parent = parent || after.parent(); + domInsert(element, parent, after); + return $$animateQueue.push(element, 'enter', prepareAnimateOptions(options)); + }, + + /** + * + * @ngdoc method + * @name $animate#move + * @kind function + * @description Inserts (moves) the element into its new position in the DOM either after + * the `after` element (if provided) or as the first child within the `parent` element + * and then triggers an animation. A promise is returned that will be resolved + * during the next digest once the animation has completed. + * + * @param {DOMElement} element the element which will be moved into the new DOM position + * @param {DOMElement} parent the parent element which will append the element as + * a child (so long as the after element is not present) + * @param {DOMElement=} after the sibling element after which the element will be appended + * @param {object=} options an optional collection of options/styles that will be applied to the element. + * The object can have the following properties: + * + * - **addClass** - `{string}` - space-separated CSS classes to add to element + * - **from** - `{Object}` - CSS properties & values at the beginning of animation. Must have matching `to` + * - **removeClass** - `{string}` - space-separated CSS classes to remove from element + * - **to** - `{Object}` - CSS properties & values at end of animation. Must have matching `from` + * + * @return {Promise} the animation callback promise + */ + move: function(element, parent, after, options) { + parent = parent && jqLite(parent); + after = after && jqLite(after); + parent = parent || after.parent(); + domInsert(element, parent, after); + return $$animateQueue.push(element, 'move', prepareAnimateOptions(options)); + }, + + /** + * @ngdoc method + * @name $animate#leave + * @kind function + * @description Triggers an animation and then removes the element from the DOM. + * When the function is called a promise is returned that will be resolved during the next + * digest once the animation has completed. + * + * @param {DOMElement} element the element which will be removed from the DOM + * @param {object=} options an optional collection of options/styles that will be applied to the element. + * The object can have the following properties: + * + * - **addClass** - `{string}` - space-separated CSS classes to add to element + * - **from** - `{Object}` - CSS properties & values at the beginning of animation. Must have matching `to` + * - **removeClass** - `{string}` - space-separated CSS classes to remove from element + * - **to** - `{Object}` - CSS properties & values at end of animation. Must have matching `from` + * + * @return {Promise} the animation callback promise + */ + leave: function(element, options) { + return $$animateQueue.push(element, 'leave', prepareAnimateOptions(options), function() { + element.remove(); + }); + }, + + /** + * @ngdoc method + * @name $animate#addClass + * @kind function + * + * @description Triggers an addClass animation surrounding the addition of the provided CSS class(es). Upon + * execution, the addClass operation will only be handled after the next digest and it will not trigger an + * animation if element already contains the CSS class or if the class is removed at a later step. + * Note that class-based animations are treated differently compared to structural animations + * (like enter, move and leave) since the CSS classes may be added/removed at different points + * depending if CSS or JavaScript animations are used. + * + * @param {DOMElement} element the element which the CSS classes will be applied to + * @param {string} className the CSS class(es) that will be added (multiple classes are separated via spaces) + * @param {object=} options an optional collection of options/styles that will be applied to the element. + * The object can have the following properties: + * + * - **addClass** - `{string}` - space-separated CSS classes to add to element + * - **from** - `{Object}` - CSS properties & values at the beginning of animation. Must have matching `to` + * - **removeClass** - `{string}` - space-separated CSS classes to remove from element + * - **to** - `{Object}` - CSS properties & values at end of animation. Must have matching `from` + * + * @return {Promise} the animation callback promise + */ + addClass: function(element, className, options) { + options = prepareAnimateOptions(options); + options.addClass = mergeClasses(options.addclass, className); + return $$animateQueue.push(element, 'addClass', options); + }, + + /** + * @ngdoc method + * @name $animate#removeClass + * @kind function + * + * @description Triggers a removeClass animation surrounding the removal of the provided CSS class(es). Upon + * execution, the removeClass operation will only be handled after the next digest and it will not trigger an + * animation if element does not contain the CSS class or if the class is added at a later step. + * Note that class-based animations are treated differently compared to structural animations + * (like enter, move and leave) since the CSS classes may be added/removed at different points + * depending if CSS or JavaScript animations are used. + * + * @param {DOMElement} element the element which the CSS classes will be applied to + * @param {string} className the CSS class(es) that will be removed (multiple classes are separated via spaces) + * @param {object=} options an optional collection of options/styles that will be applied to the element. + * The object can have the following properties: + * + * - **addClass** - `{string}` - space-separated CSS classes to add to element + * - **from** - `{Object}` - CSS properties & values at the beginning of animation. Must have matching `to` + * - **removeClass** - `{string}` - space-separated CSS classes to remove from element + * - **to** - `{Object}` - CSS properties & values at end of animation. Must have matching `from` + * + * @return {Promise} the animation callback promise + */ + removeClass: function(element, className, options) { + options = prepareAnimateOptions(options); + options.removeClass = mergeClasses(options.removeClass, className); + return $$animateQueue.push(element, 'removeClass', options); + }, + + /** + * @ngdoc method + * @name $animate#setClass + * @kind function + * + * @description Performs both the addition and removal of a CSS classes on an element and (during the process) + * triggers an animation surrounding the class addition/removal. Much like `$animate.addClass` and + * `$animate.removeClass`, `setClass` will only evaluate the classes being added/removed once a digest has + * passed. Note that class-based animations are treated differently compared to structural animations + * (like enter, move and leave) since the CSS classes may be added/removed at different points + * depending if CSS or JavaScript animations are used. + * + * @param {DOMElement} element the element which the CSS classes will be applied to + * @param {string} add the CSS class(es) that will be added (multiple classes are separated via spaces) + * @param {string} remove the CSS class(es) that will be removed (multiple classes are separated via spaces) + * @param {object=} options an optional collection of options/styles that will be applied to the element. + * The object can have the following properties: + * + * - **addClass** - `{string}` - space-separated CSS classes to add to element + * - **from** - `{Object}` - CSS properties & values at the beginning of animation. Must have matching `to` + * - **removeClass** - `{string}` - space-separated CSS classes to remove from element + * - **to** - `{Object}` - CSS properties & values at end of animation. Must have matching `from` + * + * @return {Promise} the animation callback promise + */ + setClass: function(element, add, remove, options) { + options = prepareAnimateOptions(options); + options.addClass = mergeClasses(options.addClass, add); + options.removeClass = mergeClasses(options.removeClass, remove); + return $$animateQueue.push(element, 'setClass', options); + }, + + /** + * @ngdoc method + * @name $animate#animate + * @kind function + * + * @description Performs an inline animation on the element which applies the provided to and from CSS styles to the element. + * If any detected CSS transition, keyframe or JavaScript matches the provided className value, then the animation will take + * on the provided styles. For example, if a transition animation is set for the given className, then the provided `from` and + * `to` styles will be applied alongside the given transition. If the CSS style provided in `from` does not have a corresponding + * style in `to`, the style in `from` is applied immediately, and no animation is run. + * If a JavaScript animation is detected then the provided styles will be given in as function parameters into the `animate` + * method (or as part of the `options` parameter): + * + * ```js + * ngModule.animation('.my-inline-animation', function() { + * return { + * animate : function(element, from, to, done, options) { + * //animation + * done(); + * } + * } + * }); + * ``` + * + * @param {DOMElement} element the element which the CSS styles will be applied to + * @param {object} from the from (starting) CSS styles that will be applied to the element and across the animation. + * @param {object} to the to (destination) CSS styles that will be applied to the element and across the animation. + * @param {string=} className an optional CSS class that will be applied to the element for the duration of the animation. If + * this value is left as empty then a CSS class of `ng-inline-animate` will be applied to the element. + * (Note that if no animation is detected then this value will not be applied to the element.) + * @param {object=} options an optional collection of options/styles that will be applied to the element. + * The object can have the following properties: + * + * - **addClass** - `{string}` - space-separated CSS classes to add to element + * - **from** - `{Object}` - CSS properties & values at the beginning of animation. Must have matching `to` + * - **removeClass** - `{string}` - space-separated CSS classes to remove from element + * - **to** - `{Object}` - CSS properties & values at end of animation. Must have matching `from` + * + * @return {Promise} the animation callback promise + */ + animate: function(element, from, to, className, options) { + options = prepareAnimateOptions(options); + options.from = options.from ? extend(options.from, from) : from; + options.to = options.to ? extend(options.to, to) : to; + + className = className || 'ng-inline-animate'; + options.tempClasses = mergeClasses(options.tempClasses, className); + return $$animateQueue.push(element, 'animate', options); + } + }; + }]; +}]; + +var $$AnimateAsyncRunFactoryProvider = /** @this */ function() { + this.$get = ['$$rAF', function($$rAF) { + var waitQueue = []; + + function waitForTick(fn) { + waitQueue.push(fn); + if (waitQueue.length > 1) return; + $$rAF(function() { + for (var i = 0; i < waitQueue.length; i++) { + waitQueue[i](); + } + waitQueue = []; + }); + } + + return function() { + var passed = false; + waitForTick(function() { + passed = true; + }); + return function(callback) { + if (passed) { + callback(); + } else { + waitForTick(callback); + } + }; + }; + }]; +}; + +var $$AnimateRunnerFactoryProvider = /** @this */ function() { + this.$get = ['$q', '$sniffer', '$$animateAsyncRun', '$$isDocumentHidden', '$timeout', + function($q, $sniffer, $$animateAsyncRun, $$isDocumentHidden, $timeout) { + + var INITIAL_STATE = 0; + var DONE_PENDING_STATE = 1; + var DONE_COMPLETE_STATE = 2; + + AnimateRunner.chain = function(chain, callback) { + var index = 0; + + next(); + function next() { + if (index === chain.length) { + callback(true); + return; + } + + chain[index](function(response) { + if (response === false) { + callback(false); + return; + } + index++; + next(); + }); + } + }; + + AnimateRunner.all = function(runners, callback) { + var count = 0; + var status = true; + forEach(runners, function(runner) { + runner.done(onProgress); + }); + + function onProgress(response) { + status = status && response; + if (++count === runners.length) { + callback(status); + } + } + }; + + function AnimateRunner(host) { + this.setHost(host); + + var rafTick = $$animateAsyncRun(); + var timeoutTick = function(fn) { + $timeout(fn, 0, false); + }; + + this._doneCallbacks = []; + this._tick = function(fn) { + if ($$isDocumentHidden()) { + timeoutTick(fn); + } else { + rafTick(fn); + } + }; + this._state = 0; + } + + AnimateRunner.prototype = { + setHost: function(host) { + this.host = host || {}; + }, + + done: function(fn) { + if (this._state === DONE_COMPLETE_STATE) { + fn(); + } else { + this._doneCallbacks.push(fn); + } + }, + + progress: noop, + + getPromise: function() { + if (!this.promise) { + var self = this; + this.promise = $q(function(resolve, reject) { + self.done(function(status) { + if (status === false) { + reject(); + } else { + resolve(); + } + }); + }); + } + return this.promise; + }, + + then: function(resolveHandler, rejectHandler) { + return this.getPromise().then(resolveHandler, rejectHandler); + }, + + 'catch': function(handler) { + return this.getPromise()['catch'](handler); + }, + + 'finally': function(handler) { + return this.getPromise()['finally'](handler); + }, + + pause: function() { + if (this.host.pause) { + this.host.pause(); + } + }, + + resume: function() { + if (this.host.resume) { + this.host.resume(); + } + }, + + end: function() { + if (this.host.end) { + this.host.end(); + } + this._resolve(true); + }, + + cancel: function() { + if (this.host.cancel) { + this.host.cancel(); + } + this._resolve(false); + }, + + complete: function(response) { + var self = this; + if (self._state === INITIAL_STATE) { + self._state = DONE_PENDING_STATE; + self._tick(function() { + self._resolve(response); + }); + } + }, + + _resolve: function(response) { + if (this._state !== DONE_COMPLETE_STATE) { + forEach(this._doneCallbacks, function(fn) { + fn(response); + }); + this._doneCallbacks.length = 0; + this._state = DONE_COMPLETE_STATE; + } + } + }; + + return AnimateRunner; + }]; +}; + +/* exported $CoreAnimateCssProvider */ + +/** + * @ngdoc service + * @name $animateCss + * @kind object + * @this + * + * @description + * This is the core version of `$animateCss`. By default, only when the `ngAnimate` is included, + * then the `$animateCss` service will actually perform animations. + * + * Click here {@link ngAnimate.$animateCss to read the documentation for $animateCss}. + */ +var $CoreAnimateCssProvider = function() { + this.$get = ['$$rAF', '$q', '$$AnimateRunner', function($$rAF, $q, $$AnimateRunner) { + + return function(element, initialOptions) { + // all of the animation functions should create + // a copy of the options data, however, if a + // parent service has already created a copy then + // we should stick to using that + var options = initialOptions || {}; + if (!options.$$prepared) { + options = copy(options); + } + + // there is no point in applying the styles since + // there is no animation that goes on at all in + // this version of $animateCss. + if (options.cleanupStyles) { + options.from = options.to = null; + } + + if (options.from) { + element.css(options.from); + options.from = null; + } + + var closed, runner = new $$AnimateRunner(); + return { + start: run, + end: run + }; + + function run() { + $$rAF(function() { + applyAnimationContents(); + if (!closed) { + runner.complete(); + } + closed = true; + }); + return runner; + } + + function applyAnimationContents() { + if (options.addClass) { + element.addClass(options.addClass); + options.addClass = null; + } + if (options.removeClass) { + element.removeClass(options.removeClass); + options.removeClass = null; + } + if (options.to) { + element.css(options.to); + options.to = null; + } + } + }; + }]; +}; + +/* global stripHash: true */ + +/** + * ! This is a private undocumented service ! + * + * @name $browser + * @requires $log + * @description + * This object has two goals: + * + * - hide all the global state in the browser caused by the window object + * - abstract away all the browser specific features and inconsistencies + * + * For tests we provide {@link ngMock.$browser mock implementation} of the `$browser` + * service, which can be used for convenient testing of the application without the interaction with + * the real browser apis. + */ +/** + * @param {object} window The global window object. + * @param {object} document jQuery wrapped document. + * @param {object} $log window.console or an object with the same interface. + * @param {object} $sniffer $sniffer service + */ +function Browser(window, document, $log, $sniffer) { + var self = this, + location = window.location, + history = window.history, + setTimeout = window.setTimeout, + clearTimeout = window.clearTimeout, + pendingDeferIds = {}; + + self.isMock = false; + + var outstandingRequestCount = 0; + var outstandingRequestCallbacks = []; + + // TODO(vojta): remove this temporary api + self.$$completeOutstandingRequest = completeOutstandingRequest; + self.$$incOutstandingRequestCount = function() { outstandingRequestCount++; }; + + /** + * Executes the `fn` function(supports currying) and decrements the `outstandingRequestCallbacks` + * counter. If the counter reaches 0, all the `outstandingRequestCallbacks` are executed. + */ + function completeOutstandingRequest(fn) { + try { + fn.apply(null, sliceArgs(arguments, 1)); + } finally { + outstandingRequestCount--; + if (outstandingRequestCount === 0) { + while (outstandingRequestCallbacks.length) { + try { + outstandingRequestCallbacks.pop()(); + } catch (e) { + $log.error(e); + } + } + } + } + } + + function getHash(url) { + var index = url.indexOf('#'); + return index === -1 ? '' : url.substr(index); + } + + /** + * @private + * Note: this method is used only by scenario runner + * TODO(vojta): prefix this method with $$ ? + * @param {function()} callback Function that will be called when no outstanding request + */ + self.notifyWhenNoOutstandingRequests = function(callback) { + if (outstandingRequestCount === 0) { + callback(); + } else { + outstandingRequestCallbacks.push(callback); + } + }; + + ////////////////////////////////////////////////////////////// + // URL API + ////////////////////////////////////////////////////////////// + + var cachedState, lastHistoryState, + lastBrowserUrl = location.href, + baseElement = document.find('base'), + pendingLocation = null, + getCurrentState = !$sniffer.history ? noop : function getCurrentState() { + try { + return history.state; + } catch (e) { + // MSIE can reportedly throw when there is no state (UNCONFIRMED). + } + }; + + cacheState(); + + /** + * @name $browser#url + * + * @description + * GETTER: + * Without any argument, this method just returns current value of location.href. + * + * SETTER: + * With at least one argument, this method sets url to new value. + * If html5 history api supported, pushState/replaceState is used, otherwise + * location.href/location.replace is used. + * Returns its own instance to allow chaining + * + * NOTE: this api is intended for use only by the $location service. Please use the + * {@link ng.$location $location service} to change url. + * + * @param {string} url New url (when used as setter) + * @param {boolean=} replace Should new url replace current history record? + * @param {object=} state object to use with pushState/replaceState + */ + self.url = function(url, replace, state) { + // In modern browsers `history.state` is `null` by default; treating it separately + // from `undefined` would cause `$browser.url('/foo')` to change `history.state` + // to undefined via `pushState`. Instead, let's change `undefined` to `null` here. + if (isUndefined(state)) { + state = null; + } + + // Android Browser BFCache causes location, history reference to become stale. + if (location !== window.location) location = window.location; + if (history !== window.history) history = window.history; + + // setter + if (url) { + var sameState = lastHistoryState === state; + + // Don't change anything if previous and current URLs and states match. This also prevents + // IE<10 from getting into redirect loop when in LocationHashbangInHtml5Url mode. + // See https://github.com/angular/angular.js/commit/ffb2701 + if (lastBrowserUrl === url && (!$sniffer.history || sameState)) { + return self; + } + var sameBase = lastBrowserUrl && stripHash(lastBrowserUrl) === stripHash(url); + lastBrowserUrl = url; + lastHistoryState = state; + // Don't use history API if only the hash changed + // due to a bug in IE10/IE11 which leads + // to not firing a `hashchange` nor `popstate` event + // in some cases (see #9143). + if ($sniffer.history && (!sameBase || !sameState)) { + history[replace ? 'replaceState' : 'pushState'](state, '', url); + cacheState(); + } else { + if (!sameBase) { + pendingLocation = url; + } + if (replace) { + location.replace(url); + } else if (!sameBase) { + location.href = url; + } else { + location.hash = getHash(url); + } + if (location.href !== url) { + pendingLocation = url; + } + } + if (pendingLocation) { + pendingLocation = url; + } + return self; + // getter + } else { + // - pendingLocation is needed as browsers don't allow to read out + // the new location.href if a reload happened or if there is a bug like in iOS 9 (see + // https://openradar.appspot.com/22186109). + // - the replacement is a workaround for https://bugzilla.mozilla.org/show_bug.cgi?id=407172 + return pendingLocation || location.href.replace(/%27/g,'\''); + } + }; + + /** + * @name $browser#state + * + * @description + * This method is a getter. + * + * Return history.state or null if history.state is undefined. + * + * @returns {object} state + */ + self.state = function() { + return cachedState; + }; + + var urlChangeListeners = [], + urlChangeInit = false; + + function cacheStateAndFireUrlChange() { + pendingLocation = null; + fireStateOrUrlChange(); + } + + // This variable should be used *only* inside the cacheState function. + var lastCachedState = null; + function cacheState() { + // This should be the only place in $browser where `history.state` is read. + cachedState = getCurrentState(); + cachedState = isUndefined(cachedState) ? null : cachedState; + + // Prevent callbacks fo fire twice if both hashchange & popstate were fired. + if (equals(cachedState, lastCachedState)) { + cachedState = lastCachedState; + } + + lastCachedState = cachedState; + lastHistoryState = cachedState; + } + + function fireStateOrUrlChange() { + var prevLastHistoryState = lastHistoryState; + cacheState(); + + if (lastBrowserUrl === self.url() && prevLastHistoryState === cachedState) { + return; + } + + lastBrowserUrl = self.url(); + lastHistoryState = cachedState; + forEach(urlChangeListeners, function(listener) { + listener(self.url(), cachedState); + }); + } + + /** + * @name $browser#onUrlChange + * + * @description + * Register callback function that will be called, when url changes. + * + * It's only called when the url is changed from outside of angular: + * - user types different url into address bar + * - user clicks on history (forward/back) button + * - user clicks on a link + * + * It's not called when url is changed by $browser.url() method + * + * The listener gets called with new url as parameter. + * + * NOTE: this api is intended for use only by the $location service. Please use the + * {@link ng.$location $location service} to monitor url changes in angular apps. + * + * @param {function(string)} listener Listener function to be called when url changes. + * @return {function(string)} Returns the registered listener fn - handy if the fn is anonymous. + */ + self.onUrlChange = function(callback) { + // TODO(vojta): refactor to use node's syntax for events + if (!urlChangeInit) { + // We listen on both (hashchange/popstate) when available, as some browsers don't + // fire popstate when user changes the address bar and don't fire hashchange when url + // changed by push/replaceState + + // html5 history api - popstate event + if ($sniffer.history) jqLite(window).on('popstate', cacheStateAndFireUrlChange); + // hashchange event + jqLite(window).on('hashchange', cacheStateAndFireUrlChange); + + urlChangeInit = true; + } + + urlChangeListeners.push(callback); + return callback; + }; + + /** + * @private + * Remove popstate and hashchange handler from window. + * + * NOTE: this api is intended for use only by $rootScope. + */ + self.$$applicationDestroyed = function() { + jqLite(window).off('hashchange popstate', cacheStateAndFireUrlChange); + }; + + /** + * Checks whether the url has changed outside of Angular. + * Needs to be exported to be able to check for changes that have been done in sync, + * as hashchange/popstate events fire in async. + */ + self.$$checkUrlChange = fireStateOrUrlChange; + + ////////////////////////////////////////////////////////////// + // Misc API + ////////////////////////////////////////////////////////////// + + /** + * @name $browser#baseHref + * + * @description + * Returns current + * (always relative - without domain) + * + * @returns {string} The current base href + */ + self.baseHref = function() { + var href = baseElement.attr('href'); + return href ? href.replace(/^(https?:)?\/\/[^/]*/, '') : ''; + }; + + /** + * @name $browser#defer + * @param {function()} fn A function, who's execution should be deferred. + * @param {number=} [delay=0] of milliseconds to defer the function execution. + * @returns {*} DeferId that can be used to cancel the task via `$browser.defer.cancel()`. + * + * @description + * Executes a fn asynchronously via `setTimeout(fn, delay)`. + * + * Unlike when calling `setTimeout` directly, in test this function is mocked and instead of using + * `setTimeout` in tests, the fns are queued in an array, which can be programmatically flushed + * via `$browser.defer.flush()`. + * + */ + self.defer = function(fn, delay) { + var timeoutId; + outstandingRequestCount++; + timeoutId = setTimeout(function() { + delete pendingDeferIds[timeoutId]; + completeOutstandingRequest(fn); + }, delay || 0); + pendingDeferIds[timeoutId] = true; + return timeoutId; + }; + + + /** + * @name $browser#defer.cancel + * + * @description + * Cancels a deferred task identified with `deferId`. + * + * @param {*} deferId Token returned by the `$browser.defer` function. + * @returns {boolean} Returns `true` if the task hasn't executed yet and was successfully + * canceled. + */ + self.defer.cancel = function(deferId) { + if (pendingDeferIds[deferId]) { + delete pendingDeferIds[deferId]; + clearTimeout(deferId); + completeOutstandingRequest(noop); + return true; + } + return false; + }; + +} + +/** @this */ +function $BrowserProvider() { + this.$get = ['$window', '$log', '$sniffer', '$document', + function($window, $log, $sniffer, $document) { + return new Browser($window, $document, $log, $sniffer); + }]; +} + +/** + * @ngdoc service + * @name $cacheFactory + * @this + * + * @description + * Factory that constructs {@link $cacheFactory.Cache Cache} objects and gives access to + * them. + * + * ```js + * + * var cache = $cacheFactory('cacheId'); + * expect($cacheFactory.get('cacheId')).toBe(cache); + * expect($cacheFactory.get('noSuchCacheId')).not.toBeDefined(); + * + * cache.put("key", "value"); + * cache.put("another key", "another value"); + * + * // We've specified no options on creation + * expect(cache.info()).toEqual({id: 'cacheId', size: 2}); + * + * ``` + * + * + * @param {string} cacheId Name or id of the newly created cache. + * @param {object=} options Options object that specifies the cache behavior. Properties: + * + * - `{number=}` `capacity` — turns the cache into LRU cache. + * + * @returns {object} Newly created cache object with the following set of methods: + * + * - `{object}` `info()` — Returns id, size, and options of cache. + * - `{{*}}` `put({string} key, {*} value)` — Puts a new key-value pair into the cache and returns + * it. + * - `{{*}}` `get({string} key)` — Returns cached value for `key` or undefined for cache miss. + * - `{void}` `remove({string} key)` — Removes a key-value pair from the cache. + * - `{void}` `removeAll()` — Removes all cached values. + * - `{void}` `destroy()` — Removes references to this cache from $cacheFactory. + * + * @example + + +
    + + + + +

    Cached Values

    +
    + + : + +
    + +

    Cache Info

    +
    + + : + +
    +
    +
    + + angular.module('cacheExampleApp', []). + controller('CacheController', ['$scope', '$cacheFactory', function($scope, $cacheFactory) { + $scope.keys = []; + $scope.cache = $cacheFactory('cacheId'); + $scope.put = function(key, value) { + if (angular.isUndefined($scope.cache.get(key))) { + $scope.keys.push(key); + } + $scope.cache.put(key, angular.isUndefined(value) ? null : value); + }; + }]); + + + p { + margin: 10px 0 3px; + } + +
    + */ +function $CacheFactoryProvider() { + + this.$get = function() { + var caches = {}; + + function cacheFactory(cacheId, options) { + if (cacheId in caches) { + throw minErr('$cacheFactory')('iid', 'CacheId \'{0}\' is already taken!', cacheId); + } + + var size = 0, + stats = extend({}, options, {id: cacheId}), + data = createMap(), + capacity = (options && options.capacity) || Number.MAX_VALUE, + lruHash = createMap(), + freshEnd = null, + staleEnd = null; + + /** + * @ngdoc type + * @name $cacheFactory.Cache + * + * @description + * A cache object used to store and retrieve data, primarily used by + * {@link $http $http} and the {@link ng.directive:script script} directive to cache + * templates and other data. + * + * ```js + * angular.module('superCache') + * .factory('superCache', ['$cacheFactory', function($cacheFactory) { + * return $cacheFactory('super-cache'); + * }]); + * ``` + * + * Example test: + * + * ```js + * it('should behave like a cache', inject(function(superCache) { + * superCache.put('key', 'value'); + * superCache.put('another key', 'another value'); + * + * expect(superCache.info()).toEqual({ + * id: 'super-cache', + * size: 2 + * }); + * + * superCache.remove('another key'); + * expect(superCache.get('another key')).toBeUndefined(); + * + * superCache.removeAll(); + * expect(superCache.info()).toEqual({ + * id: 'super-cache', + * size: 0 + * }); + * })); + * ``` + */ + return (caches[cacheId] = { + + /** + * @ngdoc method + * @name $cacheFactory.Cache#put + * @kind function + * + * @description + * Inserts a named entry into the {@link $cacheFactory.Cache Cache} object to be + * retrieved later, and incrementing the size of the cache if the key was not already + * present in the cache. If behaving like an LRU cache, it will also remove stale + * entries from the set. + * + * It will not insert undefined values into the cache. + * + * @param {string} key the key under which the cached data is stored. + * @param {*} value the value to store alongside the key. If it is undefined, the key + * will not be stored. + * @returns {*} the value stored. + */ + put: function(key, value) { + if (isUndefined(value)) return; + if (capacity < Number.MAX_VALUE) { + var lruEntry = lruHash[key] || (lruHash[key] = {key: key}); + + refresh(lruEntry); + } + + if (!(key in data)) size++; + data[key] = value; + + if (size > capacity) { + this.remove(staleEnd.key); + } + + return value; + }, + + /** + * @ngdoc method + * @name $cacheFactory.Cache#get + * @kind function + * + * @description + * Retrieves named data stored in the {@link $cacheFactory.Cache Cache} object. + * + * @param {string} key the key of the data to be retrieved + * @returns {*} the value stored. + */ + get: function(key) { + if (capacity < Number.MAX_VALUE) { + var lruEntry = lruHash[key]; + + if (!lruEntry) return; + + refresh(lruEntry); + } + + return data[key]; + }, + + + /** + * @ngdoc method + * @name $cacheFactory.Cache#remove + * @kind function + * + * @description + * Removes an entry from the {@link $cacheFactory.Cache Cache} object. + * + * @param {string} key the key of the entry to be removed + */ + remove: function(key) { + if (capacity < Number.MAX_VALUE) { + var lruEntry = lruHash[key]; + + if (!lruEntry) return; + + if (lruEntry === freshEnd) freshEnd = lruEntry.p; + if (lruEntry === staleEnd) staleEnd = lruEntry.n; + link(lruEntry.n,lruEntry.p); + + delete lruHash[key]; + } + + if (!(key in data)) return; + + delete data[key]; + size--; + }, + + + /** + * @ngdoc method + * @name $cacheFactory.Cache#removeAll + * @kind function + * + * @description + * Clears the cache object of any entries. + */ + removeAll: function() { + data = createMap(); + size = 0; + lruHash = createMap(); + freshEnd = staleEnd = null; + }, + + + /** + * @ngdoc method + * @name $cacheFactory.Cache#destroy + * @kind function + * + * @description + * Destroys the {@link $cacheFactory.Cache Cache} object entirely, + * removing it from the {@link $cacheFactory $cacheFactory} set. + */ + destroy: function() { + data = null; + stats = null; + lruHash = null; + delete caches[cacheId]; + }, + + + /** + * @ngdoc method + * @name $cacheFactory.Cache#info + * @kind function + * + * @description + * Retrieve information regarding a particular {@link $cacheFactory.Cache Cache}. + * + * @returns {object} an object with the following properties: + *
      + *
    • **id**: the id of the cache instance
    • + *
    • **size**: the number of entries kept in the cache instance
    • + *
    • **...**: any additional properties from the options object when creating the + * cache.
    • + *
    + */ + info: function() { + return extend({}, stats, {size: size}); + } + }); + + + /** + * makes the `entry` the freshEnd of the LRU linked list + */ + function refresh(entry) { + if (entry !== freshEnd) { + if (!staleEnd) { + staleEnd = entry; + } else if (staleEnd === entry) { + staleEnd = entry.n; + } + + link(entry.n, entry.p); + link(entry, freshEnd); + freshEnd = entry; + freshEnd.n = null; + } + } + + + /** + * bidirectionally links two entries of the LRU linked list + */ + function link(nextEntry, prevEntry) { + if (nextEntry !== prevEntry) { + if (nextEntry) nextEntry.p = prevEntry; //p stands for previous, 'prev' didn't minify + if (prevEntry) prevEntry.n = nextEntry; //n stands for next, 'next' didn't minify + } + } + } + + + /** + * @ngdoc method + * @name $cacheFactory#info + * + * @description + * Get information about all the caches that have been created + * + * @returns {Object} - key-value map of `cacheId` to the result of calling `cache#info` + */ + cacheFactory.info = function() { + var info = {}; + forEach(caches, function(cache, cacheId) { + info[cacheId] = cache.info(); + }); + return info; + }; + + + /** + * @ngdoc method + * @name $cacheFactory#get + * + * @description + * Get access to a cache object by the `cacheId` used when it was created. + * + * @param {string} cacheId Name or id of a cache to access. + * @returns {object} Cache object identified by the cacheId or undefined if no such cache. + */ + cacheFactory.get = function(cacheId) { + return caches[cacheId]; + }; + + + return cacheFactory; + }; +} + +/** + * @ngdoc service + * @name $templateCache + * @this + * + * @description + * The first time a template is used, it is loaded in the template cache for quick retrieval. You + * can load templates directly into the cache in a `script` tag, or by consuming the + * `$templateCache` service directly. + * + * Adding via the `script` tag: + * + * ```html + * + * ``` + * + * **Note:** the `script` tag containing the template does not need to be included in the `head` of + * the document, but it must be a descendent of the {@link ng.$rootElement $rootElement} (IE, + * element with ng-app attribute), otherwise the template will be ignored. + * + * Adding via the `$templateCache` service: + * + * ```js + * var myApp = angular.module('myApp', []); + * myApp.run(function($templateCache) { + * $templateCache.put('templateId.html', 'This is the content of the template'); + * }); + * ``` + * + * To retrieve the template later, simply use it in your component: + * ```js + * myApp.component('myComponent', { + * templateUrl: 'templateId.html' + * }); + * ``` + * + * or get it via the `$templateCache` service: + * ```js + * $templateCache.get('templateId.html') + * ``` + * + * See {@link ng.$cacheFactory $cacheFactory}. + * + */ +function $TemplateCacheProvider() { + this.$get = ['$cacheFactory', function($cacheFactory) { + return $cacheFactory('templates'); + }]; +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * Any commits to this file should be reviewed with security in mind. * + * Changes to this file can potentially create security vulnerabilities. * + * An approval from 2 Core members with history of modifying * + * this file is required. * + * * + * Does the change somehow allow for arbitrary javascript to be executed? * + * Or allows for someone to change the prototype of built-in objects? * + * Or gives undesired access to variables like document or window? * + * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ + +/* ! VARIABLE/FUNCTION NAMING CONVENTIONS THAT APPLY TO THIS FILE! + * + * DOM-related variables: + * + * - "node" - DOM Node + * - "element" - DOM Element or Node + * - "$node" or "$element" - jqLite-wrapped node or element + * + * + * Compiler related stuff: + * + * - "linkFn" - linking fn of a single directive + * - "nodeLinkFn" - function that aggregates all linking fns for a particular node + * - "childLinkFn" - function that aggregates all linking fns for child nodes of a particular node + * - "compositeLinkFn" - function that aggregates all linking fns for a compilation root (nodeList) + */ + + +/** + * @ngdoc service + * @name $compile + * @kind function + * + * @description + * Compiles an HTML string or DOM into a template and produces a template function, which + * can then be used to link {@link ng.$rootScope.Scope `scope`} and the template together. + * + * The compilation is a process of walking the DOM tree and matching DOM elements to + * {@link ng.$compileProvider#directive directives}. + * + *
    + * **Note:** This document is an in-depth reference of all directive options. + * For a gentle introduction to directives with examples of common use cases, + * see the {@link guide/directive directive guide}. + *
    + * + * ## Comprehensive Directive API + * + * There are many different options for a directive. + * + * The difference resides in the return value of the factory function. + * You can either return a {@link $compile#directive-definition-object Directive Definition Object (see below)} + * that defines the directive properties, or just the `postLink` function (all other properties will have + * the default values). + * + *
    + * **Best Practice:** It's recommended to use the "directive definition object" form. + *
    + * + * Here's an example directive declared with a Directive Definition Object: + * + * ```js + * var myModule = angular.module(...); + * + * myModule.directive('directiveName', function factory(injectables) { + * var directiveDefinitionObject = { + * {@link $compile#-priority- priority}: 0, + * {@link $compile#-template- template}: '
    ', // or // function(tElement, tAttrs) { ... }, + * // or + * // {@link $compile#-templateurl- templateUrl}: 'directive.html', // or // function(tElement, tAttrs) { ... }, + * {@link $compile#-transclude- transclude}: false, + * {@link $compile#-restrict- restrict}: 'A', + * {@link $compile#-templatenamespace- templateNamespace}: 'html', + * {@link $compile#-scope- scope}: false, + * {@link $compile#-controller- controller}: function($scope, $element, $attrs, $transclude, otherInjectables) { ... }, + * {@link $compile#-controlleras- controllerAs}: 'stringIdentifier', + * {@link $compile#-bindtocontroller- bindToController}: false, + * {@link $compile#-require- require}: 'siblingDirectiveName', // or // ['^parentDirectiveName', '?optionalDirectiveName', '?^optionalParent'], + * {@link $compile#-multielement- multiElement}: false, + * {@link $compile#-compile- compile}: function compile(tElement, tAttrs, transclude) { + * return { + * {@link $compile#pre-linking-function pre}: function preLink(scope, iElement, iAttrs, controller) { ... }, + * {@link $compile#post-linking-function post}: function postLink(scope, iElement, iAttrs, controller) { ... } + * } + * // or + * // return function postLink( ... ) { ... } + * }, + * // or + * // {@link $compile#-link- link}: { + * // {@link $compile#pre-linking-function pre}: function preLink(scope, iElement, iAttrs, controller) { ... }, + * // {@link $compile#post-linking-function post}: function postLink(scope, iElement, iAttrs, controller) { ... } + * // } + * // or + * // {@link $compile#-link- link}: function postLink( ... ) { ... } + * }; + * return directiveDefinitionObject; + * }); + * ``` + * + *
    + * **Note:** Any unspecified options will use the default value. You can see the default values below. + *
    + * + * Therefore the above can be simplified as: + * + * ```js + * var myModule = angular.module(...); + * + * myModule.directive('directiveName', function factory(injectables) { + * var directiveDefinitionObject = { + * link: function postLink(scope, iElement, iAttrs) { ... } + * }; + * return directiveDefinitionObject; + * // or + * // return function postLink(scope, iElement, iAttrs) { ... } + * }); + * ``` + * + * ### Life-cycle hooks + * Directive controllers can provide the following methods that are called by Angular at points in the life-cycle of the + * directive: + * * `$onInit()` - Called on each controller after all the controllers on an element have been constructed and + * had their bindings initialized (and before the pre & post linking functions for the directives on + * this element). This is a good place to put initialization code for your controller. + * * `$onChanges(changesObj)` - Called whenever one-way (`<`) or interpolation (`@`) bindings are updated. The + * `changesObj` is a hash whose keys are the names of the bound properties that have changed, and the values are an + * object of the form `{ currentValue, previousValue, isFirstChange() }`. Use this hook to trigger updates within a + * component such as cloning the bound value to prevent accidental mutation of the outer value. Note that this will + * also be called when your bindings are initialized. + * * `$doCheck()` - Called on each turn of the digest cycle. Provides an opportunity to detect and act on + * changes. Any actions that you wish to take in response to the changes that you detect must be + * invoked from this hook; implementing this has no effect on when `$onChanges` is called. For example, this hook + * could be useful if you wish to perform a deep equality check, or to check a Date object, changes to which would not + * be detected by Angular's change detector and thus not trigger `$onChanges`. This hook is invoked with no arguments; + * if detecting changes, you must store the previous value(s) for comparison to the current values. + * * `$onDestroy()` - Called on a controller when its containing scope is destroyed. Use this hook for releasing + * external resources, watches and event handlers. Note that components have their `$onDestroy()` hooks called in + * the same order as the `$scope.$broadcast` events are triggered, which is top down. This means that parent + * components will have their `$onDestroy()` hook called before child components. + * * `$postLink()` - Called after this controller's element and its children have been linked. Similar to the post-link + * function this hook can be used to set up DOM event handlers and do direct DOM manipulation. + * Note that child elements that contain `templateUrl` directives will not have been compiled and linked since + * they are waiting for their template to load asynchronously and their own compilation and linking has been + * suspended until that occurs. + * + * #### Comparison with Angular 2 life-cycle hooks + * Angular 2 also uses life-cycle hooks for its components. While the Angular 1 life-cycle hooks are similar there are + * some differences that you should be aware of, especially when it comes to moving your code from Angular 1 to Angular 2: + * + * * Angular 1 hooks are prefixed with `$`, such as `$onInit`. Angular 2 hooks are prefixed with `ng`, such as `ngOnInit`. + * * Angular 1 hooks can be defined on the controller prototype or added to the controller inside its constructor. + * In Angular 2 you can only define hooks on the prototype of the Component class. + * * Due to the differences in change-detection, you may get many more calls to `$doCheck` in Angular 1 than you would to + * `ngDoCheck` in Angular 2 + * * Changes to the model inside `$doCheck` will trigger new turns of the digest loop, which will cause the changes to be + * propagated throughout the application. + * Angular 2 does not allow the `ngDoCheck` hook to trigger a change outside of the component. It will either throw an + * error or do nothing depending upon the state of `enableProdMode()`. + * + * #### Life-cycle hook examples + * + * This example shows how you can check for mutations to a Date object even though the identity of the object + * has not changed. + * + * + * + * angular.module('do-check-module', []) + * .component('app', { + * template: + * 'Month: ' + + * 'Date: {{ $ctrl.date }}' + + * '', + * controller: function() { + * this.date = new Date(); + * this.month = this.date.getMonth(); + * this.updateDate = function() { + * this.date.setMonth(this.month); + * }; + * } + * }) + * .component('test', { + * bindings: { date: '<' }, + * template: + * '
    {{ $ctrl.log | json }}
    ', + * controller: function() { + * var previousValue; + * this.log = []; + * this.$doCheck = function() { + * var currentValue = this.date && this.date.valueOf(); + * if (previousValue !== currentValue) { + * this.log.push('doCheck: date mutated: ' + this.date); + * previousValue = currentValue; + * } + * }; + * } + * }); + *
    + * + * + * + *
    + * + * This example show how you might use `$doCheck` to trigger changes in your component's inputs even if the + * actual identity of the component doesn't change. (Be aware that cloning and deep equality checks on large + * arrays or objects can have a negative impact on your application performance) + * + * + * + *
    + * + * + *
    {{ items }}
    + * + *
    + *
    + * + * angular.module('do-check-module', []) + * .component('test', { + * bindings: { items: '<' }, + * template: + * '
    {{ $ctrl.log | json }}
    ', + * controller: function() { + * this.log = []; + * + * this.$doCheck = function() { + * if (this.items_ref !== this.items) { + * this.log.push('doCheck: items changed'); + * this.items_ref = this.items; + * } + * if (!angular.equals(this.items_clone, this.items)) { + * this.log.push('doCheck: items mutated'); + * this.items_clone = angular.copy(this.items); + * } + * }; + * } + * }); + *
    + *
    + * + * + * ### Directive Definition Object + * + * The directive definition object provides instructions to the {@link ng.$compile + * compiler}. The attributes are: + * + * #### `multiElement` + * When this property is set to true (default is `false`), the HTML compiler will collect DOM nodes between + * nodes with the attributes `directive-name-start` and `directive-name-end`, and group them + * together as the directive elements. It is recommended that this feature be used on directives + * which are not strictly behavioral (such as {@link ngClick}), and which + * do not manipulate or replace child nodes (such as {@link ngInclude}). + * + * #### `priority` + * When there are multiple directives defined on a single DOM element, sometimes it + * is necessary to specify the order in which the directives are applied. The `priority` is used + * to sort the directives before their `compile` functions get called. Priority is defined as a + * number. Directives with greater numerical `priority` are compiled first. Pre-link functions + * are also run in priority order, but post-link functions are run in reverse order. The order + * of directives with the same priority is undefined. The default priority is `0`. + * + * #### `terminal` + * If set to true then the current `priority` will be the last set of directives + * which will execute (any directives at the current priority will still execute + * as the order of execution on same `priority` is undefined). Note that expressions + * and other directives used in the directive's template will also be excluded from execution. + * + * #### `scope` + * The scope property can be `false`, `true`, or an object: + * + * * **`false` (default):** No scope will be created for the directive. The directive will use its + * parent's scope. + * + * * **`true`:** A new child scope that prototypically inherits from its parent will be created for + * the directive's element. If multiple directives on the same element request a new scope, + * only one new scope is created. + * + * * **`{...}` (an object hash):** A new "isolate" scope is created for the directive's template. + * The 'isolate' scope differs from normal scope in that it does not prototypically + * inherit from its parent scope. This is useful when creating reusable components, which should not + * accidentally read or modify data in the parent scope. Note that an isolate scope + * directive without a `template` or `templateUrl` will not apply the isolate scope + * to its children elements. + * + * The 'isolate' scope object hash defines a set of local scope properties derived from attributes on the + * directive's element. These local properties are useful for aliasing values for templates. The keys in + * the object hash map to the name of the property on the isolate scope; the values define how the property + * is bound to the parent scope, via matching attributes on the directive's element: + * + * * `@` or `@attr` - bind a local scope property to the value of DOM attribute. The result is + * always a string since DOM attributes are strings. If no `attr` name is specified then the + * attribute name is assumed to be the same as the local name. Given `` and the isolate scope definition `scope: { localName:'@myAttr' }`, + * the directive's scope property `localName` will reflect the interpolated value of `hello + * {{name}}`. As the `name` attribute changes so will the `localName` property on the directive's + * scope. The `name` is read from the parent scope (not the directive's scope). + * + * * `=` or `=attr` - set up a bidirectional binding between a local scope property and an expression + * passed via the attribute `attr`. The expression is evaluated in the context of the parent scope. + * If no `attr` name is specified then the attribute name is assumed to be the same as the local + * name. Given `` and the isolate scope definition `scope: { + * localModel: '=myAttr' }`, the property `localModel` on the directive's scope will reflect the + * value of `parentModel` on the parent scope. Changes to `parentModel` will be reflected in + * `localModel` and vice versa. Optional attributes should be marked as such with a question mark: + * `=?` or `=?attr`. If the binding expression is non-assignable, or if the attribute isn't + * optional and doesn't exist, an exception ({@link error/$compile/nonassign `$compile:nonassign`}) + * will be thrown upon discovering changes to the local value, since it will be impossible to sync + * them back to the parent scope. By default, the {@link ng.$rootScope.Scope#$watch `$watch`} + * method is used for tracking changes, and the equality check is based on object identity. + * However, if an object literal or an array literal is passed as the binding expression, the + * equality check is done by value (using the {@link angular.equals} function). It's also possible + * to watch the evaluated value shallowly with {@link ng.$rootScope.Scope#$watchCollection + * `$watchCollection`}: use `=*` or `=*attr` (`=*?` or `=*?attr` if the attribute is optional). + * + * * `<` or `` and directive definition of + * `scope: { localModel:'` and the isolate scope definition `scope: { + * localFn:'&myAttr' }`, the isolate scope property `localFn` will point to a function wrapper for + * the `count = count + value` expression. Often it's desirable to pass data from the isolated scope + * via an expression to the parent scope. This can be done by passing a map of local variable names + * and values into the expression wrapper fn. For example, if the expression is `increment(amount)` + * then we can specify the amount value by calling the `localFn` as `localFn({amount: 22})`. + * + * In general it's possible to apply more than one directive to one element, but there might be limitations + * depending on the type of scope required by the directives. The following points will help explain these limitations. + * For simplicity only two directives are taken into account, but it is also applicable for several directives: + * + * * **no scope** + **no scope** => Two directives which don't require their own scope will use their parent's scope + * * **child scope** + **no scope** => Both directives will share one single child scope + * * **child scope** + **child scope** => Both directives will share one single child scope + * * **isolated scope** + **no scope** => The isolated directive will use it's own created isolated scope. The other directive will use + * its parent's scope + * * **isolated scope** + **child scope** => **Won't work!** Only one scope can be related to one element. Therefore these directives cannot + * be applied to the same element. + * * **isolated scope** + **isolated scope** => **Won't work!** Only one scope can be related to one element. Therefore these directives + * cannot be applied to the same element. + * + * + * #### `bindToController` + * This property is used to bind scope properties directly to the controller. It can be either + * `true` or an object hash with the same format as the `scope` property. + * + * When an isolate scope is used for a directive (see above), `bindToController: true` will + * allow a component to have its properties bound to the controller, rather than to scope. + * + * After the controller is instantiated, the initial values of the isolate scope bindings will be bound to the controller + * properties. You can access these bindings once they have been initialized by providing a controller method called + * `$onInit`, which is called after all the controllers on an element have been constructed and had their bindings + * initialized. + * + *
    + * **Deprecation warning:** if `$compileProcvider.preAssignBindingsEnabled(true)` was called, bindings for non-ES6 class + * controllers are bound to `this` before the controller constructor is called but this use is now deprecated. Please + * place initialization code that relies upon bindings inside a `$onInit` method on the controller, instead. + *
    + * + * It is also possible to set `bindToController` to an object hash with the same format as the `scope` property. + * This will set up the scope bindings to the controller directly. Note that `scope` can still be used + * to define which kind of scope is created. By default, no scope is created. Use `scope: {}` to create an isolate + * scope (useful for component directives). + * + * If both `bindToController` and `scope` are defined and have object hashes, `bindToController` overrides `scope`. + * + * + * #### `controller` + * Controller constructor function. The controller is instantiated before the + * pre-linking phase and can be accessed by other directives (see + * `require` attribute). This allows the directives to communicate with each other and augment + * each other's behavior. The controller is injectable (and supports bracket notation) with the following locals: + * + * * `$scope` - Current scope associated with the element + * * `$element` - Current element + * * `$attrs` - Current attributes object for the element + * * `$transclude` - A transclude linking function pre-bound to the correct transclusion scope: + * `function([scope], cloneLinkingFn, futureParentElement, slotName)`: + * * `scope`: (optional) override the scope. + * * `cloneLinkingFn`: (optional) argument to create clones of the original transcluded content. + * * `futureParentElement` (optional): + * * defines the parent to which the `cloneLinkingFn` will add the cloned elements. + * * default: `$element.parent()` resp. `$element` for `transclude:'element'` resp. `transclude:true`. + * * only needed for transcludes that are allowed to contain non html elements (e.g. SVG elements) + * and when the `cloneLinkingFn` is passed, + * as those elements need to created and cloned in a special way when they are defined outside their + * usual containers (e.g. like ``). + * * See also the `directive.templateNamespace` property. + * * `slotName`: (optional) the name of the slot to transclude. If falsy (e.g. `null`, `undefined` or `''`) + * then the default transclusion is provided. + * The `$transclude` function also has a method on it, `$transclude.isSlotFilled(slotName)`, which returns + * `true` if the specified slot contains content (i.e. one or more DOM nodes). + * + * #### `require` + * Require another directive and inject its controller as the fourth argument to the linking function. The + * `require` property can be a string, an array or an object: + * * a **string** containing the name of the directive to pass to the linking function + * * an **array** containing the names of directives to pass to the linking function. The argument passed to the + * linking function will be an array of controllers in the same order as the names in the `require` property + * * an **object** whose property values are the names of the directives to pass to the linking function. The argument + * passed to the linking function will also be an object with matching keys, whose values will hold the corresponding + * controllers. + * + * If the `require` property is an object and `bindToController` is truthy, then the required controllers are + * bound to the controller using the keys of the `require` property. This binding occurs after all the controllers + * have been constructed but before `$onInit` is called. + * If the name of the required controller is the same as the local name (the key), the name can be + * omitted. For example, `{parentDir: '^^'}` is equivalent to `{parentDir: '^^parentDir'}`. + * See the {@link $compileProvider#component} helper for an example of how this can be used. + * If no such required directive(s) can be found, or if the directive does not have a controller, then an error is + * raised (unless no link function is specified and the required controllers are not being bound to the directive + * controller, in which case error checking is skipped). The name can be prefixed with: + * + * * (no prefix) - Locate the required controller on the current element. Throw an error if not found. + * * `?` - Attempt to locate the required controller or pass `null` to the `link` fn if not found. + * * `^` - Locate the required controller by searching the element and its parents. Throw an error if not found. + * * `^^` - Locate the required controller by searching the element's parents. Throw an error if not found. + * * `?^` - Attempt to locate the required controller by searching the element and its parents or pass + * `null` to the `link` fn if not found. + * * `?^^` - Attempt to locate the required controller by searching the element's parents, or pass + * `null` to the `link` fn if not found. + * + * + * #### `controllerAs` + * Identifier name for a reference to the controller in the directive's scope. + * This allows the controller to be referenced from the directive template. This is especially + * useful when a directive is used as component, i.e. with an `isolate` scope. It's also possible + * to use it in a directive without an `isolate` / `new` scope, but you need to be aware that the + * `controllerAs` reference might overwrite a property that already exists on the parent scope. + * + * + * #### `restrict` + * String of subset of `EACM` which restricts the directive to a specific directive + * declaration style. If omitted, the defaults (elements and attributes) are used. + * + * * `E` - Element name (default): `` + * * `A` - Attribute (default): `
    ` + * * `C` - Class: `
    ` + * * `M` - Comment: `` + * + * + * #### `templateNamespace` + * String representing the document type used by the markup in the template. + * AngularJS needs this information as those elements need to be created and cloned + * in a special way when they are defined outside their usual containers like `` and ``. + * + * * `html` - All root nodes in the template are HTML. Root nodes may also be + * top-level elements such as `` or ``. + * * `svg` - The root nodes in the template are SVG elements (excluding ``). + * * `math` - The root nodes in the template are MathML elements (excluding ``). + * + * If no `templateNamespace` is specified, then the namespace is considered to be `html`. + * + * #### `template` + * HTML markup that may: + * * Replace the contents of the directive's element (default). + * * Replace the directive's element itself (if `replace` is true - DEPRECATED). + * * Wrap the contents of the directive's element (if `transclude` is true). + * + * Value may be: + * + * * A string. For example `
    {{delete_str}}
    `. + * * A function which takes two arguments `tElement` and `tAttrs` (described in the `compile` + * function api below) and returns a string value. + * + * + * #### `templateUrl` + * This is similar to `template` but the template is loaded from the specified URL, asynchronously. + * + * Because template loading is asynchronous the compiler will suspend compilation of directives on that element + * for later when the template has been resolved. In the meantime it will continue to compile and link + * sibling and parent elements as though this element had not contained any directives. + * + * The compiler does not suspend the entire compilation to wait for templates to be loaded because this + * would result in the whole app "stalling" until all templates are loaded asynchronously - even in the + * case when only one deeply nested directive has `templateUrl`. + * + * Template loading is asynchronous even if the template has been preloaded into the {@link $templateCache} + * + * You can specify `templateUrl` as a string representing the URL or as a function which takes two + * arguments `tElement` and `tAttrs` (described in the `compile` function api below) and returns + * a string value representing the url. In either case, the template URL is passed through {@link + * $sce#getTrustedResourceUrl $sce.getTrustedResourceUrl}. + * + * + * #### `replace` ([*DEPRECATED*!], will be removed in next major release - i.e. v2.0) + * specify what the template should replace. Defaults to `false`. + * + * * `true` - the template will replace the directive's element. + * * `false` - the template will replace the contents of the directive's element. + * + * The replacement process migrates all of the attributes / classes from the old element to the new + * one. See the {@link guide/directive#template-expanding-directive + * Directives Guide} for an example. + * + * There are very few scenarios where element replacement is required for the application function, + * the main one being reusable custom components that are used within SVG contexts + * (because SVG doesn't work with custom elements in the DOM tree). + * + * #### `transclude` + * Extract the contents of the element where the directive appears and make it available to the directive. + * The contents are compiled and provided to the directive as a **transclusion function**. See the + * {@link $compile#transclusion Transclusion} section below. + * + * + * #### `compile` + * + * ```js + * function compile(tElement, tAttrs, transclude) { ... } + * ``` + * + * The compile function deals with transforming the template DOM. Since most directives do not do + * template transformation, it is not used often. The compile function takes the following arguments: + * + * * `tElement` - template element - The element where the directive has been declared. It is + * safe to do template transformation on the element and child elements only. + * + * * `tAttrs` - template attributes - Normalized list of attributes declared on this element shared + * between all directive compile functions. + * + * * `transclude` - [*DEPRECATED*!] A transclude linking function: `function(scope, cloneLinkingFn)` + * + *
    + * **Note:** The template instance and the link instance may be different objects if the template has + * been cloned. For this reason it is **not** safe to do anything other than DOM transformations that + * apply to all cloned DOM nodes within the compile function. Specifically, DOM listener registration + * should be done in a linking function rather than in a compile function. + *
    + + *
    + * **Note:** The compile function cannot handle directives that recursively use themselves in their + * own templates or compile functions. Compiling these directives results in an infinite loop and + * stack overflow errors. + * + * This can be avoided by manually using $compile in the postLink function to imperatively compile + * a directive's template instead of relying on automatic template compilation via `template` or + * `templateUrl` declaration or manual compilation inside the compile function. + *
    + * + *
    + * **Note:** The `transclude` function that is passed to the compile function is deprecated, as it + * e.g. does not know about the right outer scope. Please use the transclude function that is passed + * to the link function instead. + *
    + + * A compile function can have a return value which can be either a function or an object. + * + * * returning a (post-link) function - is equivalent to registering the linking function via the + * `link` property of the config object when the compile function is empty. + * + * * returning an object with function(s) registered via `pre` and `post` properties - allows you to + * control when a linking function should be called during the linking phase. See info about + * pre-linking and post-linking functions below. + * + * + * #### `link` + * This property is used only if the `compile` property is not defined. + * + * ```js + * function link(scope, iElement, iAttrs, controller, transcludeFn) { ... } + * ``` + * + * The link function is responsible for registering DOM listeners as well as updating the DOM. It is + * executed after the template has been cloned. This is where most of the directive logic will be + * put. + * + * * `scope` - {@link ng.$rootScope.Scope Scope} - The scope to be used by the + * directive for registering {@link ng.$rootScope.Scope#$watch watches}. + * + * * `iElement` - instance element - The element where the directive is to be used. It is safe to + * manipulate the children of the element only in `postLink` function since the children have + * already been linked. + * + * * `iAttrs` - instance attributes - Normalized list of attributes declared on this element shared + * between all directive linking functions. + * + * * `controller` - the directive's required controller instance(s) - Instances are shared + * among all directives, which allows the directives to use the controllers as a communication + * channel. The exact value depends on the directive's `require` property: + * * no controller(s) required: the directive's own controller, or `undefined` if it doesn't have one + * * `string`: the controller instance + * * `array`: array of controller instances + * + * If a required controller cannot be found, and it is optional, the instance is `null`, + * otherwise the {@link error:$compile:ctreq Missing Required Controller} error is thrown. + * + * Note that you can also require the directive's own controller - it will be made available like + * any other controller. + * + * * `transcludeFn` - A transclude linking function pre-bound to the correct transclusion scope. + * This is the same as the `$transclude` parameter of directive controllers, + * see {@link ng.$compile#-controller- the controller section for details}. + * `function([scope], cloneLinkingFn, futureParentElement)`. + * + * #### Pre-linking function + * + * Executed before the child elements are linked. Not safe to do DOM transformation since the + * compiler linking function will fail to locate the correct elements for linking. + * + * #### Post-linking function + * + * Executed after the child elements are linked. + * + * Note that child elements that contain `templateUrl` directives will not have been compiled + * and linked since they are waiting for their template to load asynchronously and their own + * compilation and linking has been suspended until that occurs. + * + * It is safe to do DOM transformation in the post-linking function on elements that are not waiting + * for their async templates to be resolved. + * + * + * ### Transclusion + * + * Transclusion is the process of extracting a collection of DOM elements from one part of the DOM and + * copying them to another part of the DOM, while maintaining their connection to the original AngularJS + * scope from where they were taken. + * + * Transclusion is used (often with {@link ngTransclude}) to insert the + * original contents of a directive's element into a specified place in the template of the directive. + * The benefit of transclusion, over simply moving the DOM elements manually, is that the transcluded + * content has access to the properties on the scope from which it was taken, even if the directive + * has isolated scope. + * See the {@link guide/directive#creating-a-directive-that-wraps-other-elements Directives Guide}. + * + * This makes it possible for the widget to have private state for its template, while the transcluded + * content has access to its originating scope. + * + *
    + * **Note:** When testing an element transclude directive you must not place the directive at the root of the + * DOM fragment that is being compiled. See {@link guide/unit-testing#testing-transclusion-directives + * Testing Transclusion Directives}. + *
    + * + * There are three kinds of transclusion depending upon whether you want to transclude just the contents of the + * directive's element, the entire element or multiple parts of the element contents: + * + * * `true` - transclude the content (i.e. the child nodes) of the directive's element. + * * `'element'` - transclude the whole of the directive's element including any directives on this + * element that defined at a lower priority than this directive. When used, the `template` + * property is ignored. + * * **`{...}` (an object hash):** - map elements of the content onto transclusion "slots" in the template. + * + * **Mult-slot transclusion** is declared by providing an object for the `transclude` property. + * + * This object is a map where the keys are the name of the slot to fill and the value is an element selector + * used to match the HTML to the slot. The element selector should be in normalized form (e.g. `myElement`) + * and will match the standard element variants (e.g. `my-element`, `my:element`, `data-my-element`, etc). + * + * For further information check out the guide on {@link guide/directive#matching-directives Matching Directives} + * + * If the element selector is prefixed with a `?` then that slot is optional. + * + * For example, the transclude object `{ slotA: '?myCustomElement' }` maps `` elements to + * the `slotA` slot, which can be accessed via the `$transclude` function or via the {@link ngTransclude} directive. + * + * Slots that are not marked as optional (`?`) will trigger a compile time error if there are no matching elements + * in the transclude content. If you wish to know if an optional slot was filled with content, then you can call + * `$transclude.isSlotFilled(slotName)` on the transclude function passed to the directive's link function and + * injectable into the directive's controller. + * + * + * #### Transclusion Functions + * + * When a directive requests transclusion, the compiler extracts its contents and provides a **transclusion + * function** to the directive's `link` function and `controller`. This transclusion function is a special + * **linking function** that will return the compiled contents linked to a new transclusion scope. + * + *
    + * If you are just using {@link ngTransclude} then you don't need to worry about this function, since + * ngTransclude will deal with it for us. + *
    + * + * If you want to manually control the insertion and removal of the transcluded content in your directive + * then you must use this transclude function. When you call a transclude function it returns a a jqLite/JQuery + * object that contains the compiled DOM, which is linked to the correct transclusion scope. + * + * When you call a transclusion function you can pass in a **clone attach function**. This function accepts + * two parameters, `function(clone, scope) { ... }`, where the `clone` is a fresh compiled copy of your transcluded + * content and the `scope` is the newly created transclusion scope, which the clone will be linked to. + * + *
    + * **Best Practice**: Always provide a `cloneFn` (clone attach function) when you call a transclude function + * since you then get a fresh clone of the original DOM and also have access to the new transclusion scope. + *
    + * + * It is normal practice to attach your transcluded content (`clone`) to the DOM inside your **clone + * attach function**: + * + * ```js + * var transcludedContent, transclusionScope; + * + * $transclude(function(clone, scope) { + * element.append(clone); + * transcludedContent = clone; + * transclusionScope = scope; + * }); + * ``` + * + * Later, if you want to remove the transcluded content from your DOM then you should also destroy the + * associated transclusion scope: + * + * ```js + * transcludedContent.remove(); + * transclusionScope.$destroy(); + * ``` + * + *
    + * **Best Practice**: if you intend to add and remove transcluded content manually in your directive + * (by calling the transclude function to get the DOM and calling `element.remove()` to remove it), + * then you are also responsible for calling `$destroy` on the transclusion scope. + *
    + * + * The built-in DOM manipulation directives, such as {@link ngIf}, {@link ngSwitch} and {@link ngRepeat} + * automatically destroy their transcluded clones as necessary so you do not need to worry about this if + * you are simply using {@link ngTransclude} to inject the transclusion into your directive. + * + * + * #### Transclusion Scopes + * + * When you call a transclude function it returns a DOM fragment that is pre-bound to a **transclusion + * scope**. This scope is special, in that it is a child of the directive's scope (and so gets destroyed + * when the directive's scope gets destroyed) but it inherits the properties of the scope from which it + * was taken. + * + * For example consider a directive that uses transclusion and isolated scope. The DOM hierarchy might look + * like this: + * + * ```html + *
    + *
    + *
    + *
    + *
    + *
    + * ``` + * + * The `$parent` scope hierarchy will look like this: + * + ``` + - $rootScope + - isolate + - transclusion + ``` + * + * but the scopes will inherit prototypically from different scopes to their `$parent`. + * + ``` + - $rootScope + - transclusion + - isolate + ``` + * + * + * ### Attributes + * + * The {@link ng.$compile.directive.Attributes Attributes} object - passed as a parameter in the + * `link()` or `compile()` functions. It has a variety of uses. + * + * * *Accessing normalized attribute names:* Directives like 'ngBind' can be expressed in many ways: + * 'ng:bind', `data-ng-bind`, or 'x-ng-bind'. The attributes object allows for normalized access + * to the attributes. + * + * * *Directive inter-communication:* All directives share the same instance of the attributes + * object which allows the directives to use the attributes object as inter directive + * communication. + * + * * *Supports interpolation:* Interpolation attributes are assigned to the attribute object + * allowing other directives to read the interpolated value. + * + * * *Observing interpolated attributes:* Use `$observe` to observe the value changes of attributes + * that contain interpolation (e.g. `src="{{bar}}"`). Not only is this very efficient but it's also + * the only way to easily get the actual value because during the linking phase the interpolation + * hasn't been evaluated yet and so the value is at this time set to `undefined`. + * + * ```js + * function linkingFn(scope, elm, attrs, ctrl) { + * // get the attribute value + * console.log(attrs.ngModel); + * + * // change the attribute + * attrs.$set('ngModel', 'new value'); + * + * // observe changes to interpolated attribute + * attrs.$observe('ngModel', function(value) { + * console.log('ngModel has changed value to ' + value); + * }); + * } + * ``` + * + * ## Example + * + *
    + * **Note**: Typically directives are registered with `module.directive`. The example below is + * to illustrate how `$compile` works. + *
    + * + + + +
    +
    +
    +
    +
    +
    + + it('should auto compile', function() { + var textarea = $('textarea'); + var output = $('div[compile]'); + // The initial state reads 'Hello Angular'. + expect(output.getText()).toBe('Hello Angular'); + textarea.clear(); + textarea.sendKeys('{{name}}!'); + expect(output.getText()).toBe('Angular!'); + }); + +
    + + * + * + * @param {string|DOMElement} element Element or HTML string to compile into a template function. + * @param {function(angular.Scope, cloneAttachFn=)} transclude function available to directives - DEPRECATED. + * + *
    + * **Note:** Passing a `transclude` function to the $compile function is deprecated, as it + * e.g. will not use the right outer scope. Please pass the transclude function as a + * `parentBoundTranscludeFn` to the link function instead. + *
    + * + * @param {number} maxPriority only apply directives lower than given priority (Only effects the + * root element(s), not their children) + * @returns {function(scope, cloneAttachFn=, options=)} a link function which is used to bind template + * (a DOM element/tree) to a scope. Where: + * + * * `scope` - A {@link ng.$rootScope.Scope Scope} to bind to. + * * `cloneAttachFn` - If `cloneAttachFn` is provided, then the link function will clone the + * `template` and call the `cloneAttachFn` function allowing the caller to attach the + * cloned elements to the DOM document at the appropriate place. The `cloneAttachFn` is + * called as:
    `cloneAttachFn(clonedElement, scope)` where: + * + * * `clonedElement` - is a clone of the original `element` passed into the compiler. + * * `scope` - is the current scope with which the linking function is working with. + * + * * `options` - An optional object hash with linking options. If `options` is provided, then the following + * keys may be used to control linking behavior: + * + * * `parentBoundTranscludeFn` - the transclude function made available to + * directives; if given, it will be passed through to the link functions of + * directives found in `element` during compilation. + * * `transcludeControllers` - an object hash with keys that map controller names + * to a hash with the key `instance`, which maps to the controller instance; + * if given, it will make the controllers available to directives on the compileNode: + * ``` + * { + * parent: { + * instance: parentControllerInstance + * } + * } + * ``` + * * `futureParentElement` - defines the parent to which the `cloneAttachFn` will add + * the cloned elements; only needed for transcludes that are allowed to contain non html + * elements (e.g. SVG elements). See also the directive.controller property. + * + * Calling the linking function returns the element of the template. It is either the original + * element passed in, or the clone of the element if the `cloneAttachFn` is provided. + * + * After linking the view is not updated until after a call to $digest which typically is done by + * Angular automatically. + * + * If you need access to the bound view, there are two ways to do it: + * + * - If you are not asking the linking function to clone the template, create the DOM element(s) + * before you send them to the compiler and keep this reference around. + * ```js + * var element = $compile('

    {{total}}

    ')(scope); + * ``` + * + * - if on the other hand, you need the element to be cloned, the view reference from the original + * example would not point to the clone, but rather to the original template that was cloned. In + * this case, you can access the clone via the cloneAttachFn: + * ```js + * var templateElement = angular.element('

    {{total}}

    '), + * scope = ....; + * + * var clonedElement = $compile(templateElement)(scope, function(clonedElement, scope) { + * //attach the clone to DOM document at the right place + * }); + * + * //now we have reference to the cloned DOM via `clonedElement` + * ``` + * + * + * For information on how the compiler works, see the + * {@link guide/compiler Angular HTML Compiler} section of the Developer Guide. + * + * @knownIssue + * + * ### Double Compilation + * + Double compilation occurs when an already compiled part of the DOM gets + compiled again. This is an undesired effect and can lead to misbehaving directives, performance issues, + and memory leaks. Refer to the Compiler Guide {@link guide/compiler#double-compilation-and-how-to-avoid-it + section on double compilation} for an in-depth explanation and ways to avoid it. + * + */ + +var $compileMinErr = minErr('$compile'); + +function UNINITIALIZED_VALUE() {} +var _UNINITIALIZED_VALUE = new UNINITIALIZED_VALUE(); + +/** + * @ngdoc provider + * @name $compileProvider + * + * @description + */ +$CompileProvider.$inject = ['$provide', '$$sanitizeUriProvider']; +/** @this */ +function $CompileProvider($provide, $$sanitizeUriProvider) { + var hasDirectives = {}, + Suffix = 'Directive', + COMMENT_DIRECTIVE_REGEXP = /^\s*directive:\s*([\w-]+)\s+(.*)$/, + CLASS_DIRECTIVE_REGEXP = /(([\w-]+)(?::([^;]+))?;?)/, + ALL_OR_NOTHING_ATTRS = makeMap('ngSrc,ngSrcset,src,srcset'), + REQUIRE_PREFIX_REGEXP = /^(?:(\^\^?)?(\?)?(\^\^?)?)?/; + + // Ref: http://developers.whatwg.org/webappapis.html#event-handler-idl-attributes + // The assumption is that future DOM event attribute names will begin with + // 'on' and be composed of only English letters. + var EVENT_HANDLER_ATTR_REGEXP = /^(on[a-z]+|formaction)$/; + var bindingCache = createMap(); + + function parseIsolateBindings(scope, directiveName, isController) { + var LOCAL_REGEXP = /^\s*([@&<]|=(\*?))(\??)\s*([\w$]*)\s*$/; + + var bindings = createMap(); + + forEach(scope, function(definition, scopeName) { + if (definition in bindingCache) { + bindings[scopeName] = bindingCache[definition]; + return; + } + var match = definition.match(LOCAL_REGEXP); + + if (!match) { + throw $compileMinErr('iscp', + 'Invalid {3} for directive \'{0}\'.' + + ' Definition: {... {1}: \'{2}\' ...}', + directiveName, scopeName, definition, + (isController ? 'controller bindings definition' : + 'isolate scope definition')); + } + + bindings[scopeName] = { + mode: match[1][0], + collection: match[2] === '*', + optional: match[3] === '?', + attrName: match[4] || scopeName + }; + if (match[4]) { + bindingCache[definition] = bindings[scopeName]; + } + }); + + return bindings; + } + + function parseDirectiveBindings(directive, directiveName) { + var bindings = { + isolateScope: null, + bindToController: null + }; + if (isObject(directive.scope)) { + if (directive.bindToController === true) { + bindings.bindToController = parseIsolateBindings(directive.scope, + directiveName, true); + bindings.isolateScope = {}; + } else { + bindings.isolateScope = parseIsolateBindings(directive.scope, + directiveName, false); + } + } + if (isObject(directive.bindToController)) { + bindings.bindToController = + parseIsolateBindings(directive.bindToController, directiveName, true); + } + if (bindings.bindToController && !directive.controller) { + // There is no controller + throw $compileMinErr('noctrl', + 'Cannot bind to controller without directive \'{0}\'s controller.', + directiveName); + } + return bindings; + } + + function assertValidDirectiveName(name) { + var letter = name.charAt(0); + if (!letter || letter !== lowercase(letter)) { + throw $compileMinErr('baddir', 'Directive/Component name \'{0}\' is invalid. The first character must be a lowercase letter', name); + } + if (name !== name.trim()) { + throw $compileMinErr('baddir', + 'Directive/Component name \'{0}\' is invalid. The name should not contain leading or trailing whitespaces', + name); + } + } + + function getDirectiveRequire(directive) { + var require = directive.require || (directive.controller && directive.name); + + if (!isArray(require) && isObject(require)) { + forEach(require, function(value, key) { + var match = value.match(REQUIRE_PREFIX_REGEXP); + var name = value.substring(match[0].length); + if (!name) require[key] = match[0] + key; + }); + } + + return require; + } + + function getDirectiveRestrict(restrict, name) { + if (restrict && !(isString(restrict) && /[EACM]/.test(restrict))) { + throw $compileMinErr('badrestrict', + 'Restrict property \'{0}\' of directive \'{1}\' is invalid', + restrict, + name); + } + + return restrict || 'EA'; + } + + /** + * @ngdoc method + * @name $compileProvider#directive + * @kind function + * + * @description + * Register a new directive with the compiler. + * + * @param {string|Object} name Name of the directive in camel-case (i.e. ngBind which + * will match as ng-bind), or an object map of directives where the keys are the + * names and the values are the factories. + * @param {Function|Array} directiveFactory An injectable directive factory function. See the + * {@link guide/directive directive guide} and the {@link $compile compile API} for more info. + * @returns {ng.$compileProvider} Self for chaining. + */ + this.directive = function registerDirective(name, directiveFactory) { + assertArg(name, 'name'); + assertNotHasOwnProperty(name, 'directive'); + if (isString(name)) { + assertValidDirectiveName(name); + assertArg(directiveFactory, 'directiveFactory'); + if (!hasDirectives.hasOwnProperty(name)) { + hasDirectives[name] = []; + $provide.factory(name + Suffix, ['$injector', '$exceptionHandler', + function($injector, $exceptionHandler) { + var directives = []; + forEach(hasDirectives[name], function(directiveFactory, index) { + try { + var directive = $injector.invoke(directiveFactory); + if (isFunction(directive)) { + directive = { compile: valueFn(directive) }; + } else if (!directive.compile && directive.link) { + directive.compile = valueFn(directive.link); + } + directive.priority = directive.priority || 0; + directive.index = index; + directive.name = directive.name || name; + directive.require = getDirectiveRequire(directive); + directive.restrict = getDirectiveRestrict(directive.restrict, name); + directive.$$moduleName = directiveFactory.$$moduleName; + directives.push(directive); + } catch (e) { + $exceptionHandler(e); + } + }); + return directives; + }]); + } + hasDirectives[name].push(directiveFactory); + } else { + forEach(name, reverseParams(registerDirective)); + } + return this; + }; + + /** + * @ngdoc method + * @name $compileProvider#component + * @module ng + * @param {string} name Name of the component in camelCase (i.e. `myComp` which will match ``) + * @param {Object} options Component definition object (a simplified + * {@link ng.$compile#directive-definition-object directive definition object}), + * with the following properties (all optional): + * + * - `controller` – `{(string|function()=}` – controller constructor function that should be + * associated with newly created scope or the name of a {@link ng.$compile#-controller- + * registered controller} if passed as a string. An empty `noop` function by default. + * - `controllerAs` – `{string=}` – identifier name for to reference the controller in the component's scope. + * If present, the controller will be published to scope under the `controllerAs` name. + * If not present, this will default to be `$ctrl`. + * - `template` – `{string=|function()=}` – html template as a string or a function that + * returns an html template as a string which should be used as the contents of this component. + * Empty string by default. + * + * If `template` is a function, then it is {@link auto.$injector#invoke injected} with + * the following locals: + * + * - `$element` - Current element + * - `$attrs` - Current attributes object for the element + * + * - `templateUrl` – `{string=|function()=}` – path or function that returns a path to an html + * template that should be used as the contents of this component. + * + * If `templateUrl` is a function, then it is {@link auto.$injector#invoke injected} with + * the following locals: + * + * - `$element` - Current element + * - `$attrs` - Current attributes object for the element + * + * - `bindings` – `{object=}` – defines bindings between DOM attributes and component properties. + * Component properties are always bound to the component controller and not to the scope. + * See {@link ng.$compile#-bindtocontroller- `bindToController`}. + * - `transclude` – `{boolean=}` – whether {@link $compile#transclusion content transclusion} is enabled. + * Disabled by default. + * - `require` - `{Object=}` - requires the controllers of other directives and binds them to + * this component's controller. The object keys specify the property names under which the required + * controllers (object values) will be bound. See {@link ng.$compile#-require- `require`}. + * - `$...` – additional properties to attach to the directive factory function and the controller + * constructor function. (This is used by the component router to annotate) + * + * @returns {ng.$compileProvider} the compile provider itself, for chaining of function calls. + * @description + * Register a **component definition** with the compiler. This is a shorthand for registering a special + * type of directive, which represents a self-contained UI component in your application. Such components + * are always isolated (i.e. `scope: {}`) and are always restricted to elements (i.e. `restrict: 'E'`). + * + * Component definitions are very simple and do not require as much configuration as defining general + * directives. Component definitions usually consist only of a template and a controller backing it. + * + * In order to make the definition easier, components enforce best practices like use of `controllerAs`, + * `bindToController`. They always have **isolate scope** and are restricted to elements. + * + * Here are a few examples of how you would usually define components: + * + * ```js + * var myMod = angular.module(...); + * myMod.component('myComp', { + * template: '
    My name is {{$ctrl.name}}
    ', + * controller: function() { + * this.name = 'shahar'; + * } + * }); + * + * myMod.component('myComp', { + * template: '
    My name is {{$ctrl.name}}
    ', + * bindings: {name: '@'} + * }); + * + * myMod.component('myComp', { + * templateUrl: 'views/my-comp.html', + * controller: 'MyCtrl', + * controllerAs: 'ctrl', + * bindings: {name: '@'} + * }); + * + * ``` + * For more examples, and an in-depth guide, see the {@link guide/component component guide}. + * + *
    + * See also {@link ng.$compileProvider#directive $compileProvider.directive()}. + */ + this.component = function registerComponent(name, options) { + var controller = options.controller || function() {}; + + function factory($injector) { + function makeInjectable(fn) { + if (isFunction(fn) || isArray(fn)) { + return /** @this */ function(tElement, tAttrs) { + return $injector.invoke(fn, this, {$element: tElement, $attrs: tAttrs}); + }; + } else { + return fn; + } + } + + var template = (!options.template && !options.templateUrl ? '' : options.template); + var ddo = { + controller: controller, + controllerAs: identifierForController(options.controller) || options.controllerAs || '$ctrl', + template: makeInjectable(template), + templateUrl: makeInjectable(options.templateUrl), + transclude: options.transclude, + scope: {}, + bindToController: options.bindings || {}, + restrict: 'E', + require: options.require + }; + + // Copy annotations (starting with $) over to the DDO + forEach(options, function(val, key) { + if (key.charAt(0) === '$') ddo[key] = val; + }); + + return ddo; + } + + // TODO(pete) remove the following `forEach` before we release 1.6.0 + // The component-router@0.2.0 looks for the annotations on the controller constructor + // Nothing in Angular looks for annotations on the factory function but we can't remove + // it from 1.5.x yet. + + // Copy any annotation properties (starting with $) over to the factory and controller constructor functions + // These could be used by libraries such as the new component router + forEach(options, function(val, key) { + if (key.charAt(0) === '$') { + factory[key] = val; + // Don't try to copy over annotations to named controller + if (isFunction(controller)) controller[key] = val; + } + }); + + factory.$inject = ['$injector']; + + return this.directive(name, factory); + }; + + + /** + * @ngdoc method + * @name $compileProvider#aHrefSanitizationWhitelist + * @kind function + * + * @description + * Retrieves or overrides the default regular expression that is used for whitelisting of safe + * urls during a[href] sanitization. + * + * The sanitization is a security measure aimed at preventing XSS attacks via html links. + * + * Any url about to be assigned to a[href] via data-binding is first normalized and turned into + * an absolute url. Afterwards, the url is matched against the `aHrefSanitizationWhitelist` + * regular expression. If a match is found, the original url is written into the dom. Otherwise, + * the absolute url is prefixed with `'unsafe:'` string and only then is it written into the DOM. + * + * @param {RegExp=} regexp New regexp to whitelist urls with. + * @returns {RegExp|ng.$compileProvider} Current RegExp if called without value or self for + * chaining otherwise. + */ + this.aHrefSanitizationWhitelist = function(regexp) { + if (isDefined(regexp)) { + $$sanitizeUriProvider.aHrefSanitizationWhitelist(regexp); + return this; + } else { + return $$sanitizeUriProvider.aHrefSanitizationWhitelist(); + } + }; + + + /** + * @ngdoc method + * @name $compileProvider#imgSrcSanitizationWhitelist + * @kind function + * + * @description + * Retrieves or overrides the default regular expression that is used for whitelisting of safe + * urls during img[src] sanitization. + * + * The sanitization is a security measure aimed at prevent XSS attacks via html links. + * + * Any url about to be assigned to img[src] via data-binding is first normalized and turned into + * an absolute url. Afterwards, the url is matched against the `imgSrcSanitizationWhitelist` + * regular expression. If a match is found, the original url is written into the dom. Otherwise, + * the absolute url is prefixed with `'unsafe:'` string and only then is it written into the DOM. + * + * @param {RegExp=} regexp New regexp to whitelist urls with. + * @returns {RegExp|ng.$compileProvider} Current RegExp if called without value or self for + * chaining otherwise. + */ + this.imgSrcSanitizationWhitelist = function(regexp) { + if (isDefined(regexp)) { + $$sanitizeUriProvider.imgSrcSanitizationWhitelist(regexp); + return this; + } else { + return $$sanitizeUriProvider.imgSrcSanitizationWhitelist(); + } + }; + + /** + * @ngdoc method + * @name $compileProvider#debugInfoEnabled + * + * @param {boolean=} enabled update the debugInfoEnabled state if provided, otherwise just return the + * current debugInfoEnabled state + * @returns {*} current value if used as getter or itself (chaining) if used as setter + * + * @kind function + * + * @description + * Call this method to enable/disable various debug runtime information in the compiler such as adding + * binding information and a reference to the current scope on to DOM elements. + * If enabled, the compiler will add the following to DOM elements that have been bound to the scope + * * `ng-binding` CSS class + * * `$binding` data property containing an array of the binding expressions + * + * You may want to disable this in production for a significant performance boost. See + * {@link guide/production#disabling-debug-data Disabling Debug Data} for more. + * + * The default value is true. + */ + var debugInfoEnabled = true; + this.debugInfoEnabled = function(enabled) { + if (isDefined(enabled)) { + debugInfoEnabled = enabled; + return this; + } + return debugInfoEnabled; + }; + + /** + * @ngdoc method + * @name $compileProvider#preAssignBindingsEnabled + * + * @param {boolean=} enabled update the preAssignBindingsEnabled state if provided, otherwise just return the + * current preAssignBindingsEnabled state + * @returns {*} current value if used as getter or itself (chaining) if used as setter + * + * @kind function + * + * @description + * Call this method to enable/disable whether directive controllers are assigned bindings before + * calling the controller's constructor. + * If enabled (true), the compiler assigns the value of each of the bindings to the + * properties of the controller object before the constructor of this object is called. + * + * If disabled (false), the compiler calls the constructor first before assigning bindings. + * + * The default value is false. + * + * @deprecated + * sinceVersion="1.6.0" + * removeVersion="1.7.0" + * + * This method and the option to assign the bindings before calling the controller's constructor + * will be removed in v1.7.0. + */ + var preAssignBindingsEnabled = false; + this.preAssignBindingsEnabled = function(enabled) { + if (isDefined(enabled)) { + preAssignBindingsEnabled = enabled; + return this; + } + return preAssignBindingsEnabled; + }; + + + var TTL = 10; + /** + * @ngdoc method + * @name $compileProvider#onChangesTtl + * @description + * + * Sets the number of times `$onChanges` hooks can trigger new changes before giving up and + * assuming that the model is unstable. + * + * The current default is 10 iterations. + * + * In complex applications it's possible that dependencies between `$onChanges` hooks and bindings will result + * in several iterations of calls to these hooks. However if an application needs more than the default 10 + * iterations to stabilize then you should investigate what is causing the model to continuously change during + * the `$onChanges` hook execution. + * + * Increasing the TTL could have performance implications, so you should not change it without proper justification. + * + * @param {number} limit The number of `$onChanges` hook iterations. + * @returns {number|object} the current limit (or `this` if called as a setter for chaining) + */ + this.onChangesTtl = function(value) { + if (arguments.length) { + TTL = value; + return this; + } + return TTL; + }; + + var commentDirectivesEnabledConfig = true; + /** + * @ngdoc method + * @name $compileProvider#commentDirectivesEnabled + * @description + * + * It indicates to the compiler + * whether or not directives on comments should be compiled. + * Defaults to `true`. + * + * Calling this function with false disables the compilation of directives + * on comments for the whole application. + * This results in a compilation performance gain, + * as the compiler doesn't have to check comments when looking for directives. + * This should however only be used if you are sure that no comment directives are used in + * the application (including any 3rd party directives). + * + * @param {boolean} enabled `false` if the compiler may ignore directives on comments + * @returns {boolean|object} the current value (or `this` if called as a setter for chaining) + */ + this.commentDirectivesEnabled = function(value) { + if (arguments.length) { + commentDirectivesEnabledConfig = value; + return this; + } + return commentDirectivesEnabledConfig; + }; + + + var cssClassDirectivesEnabledConfig = true; + /** + * @ngdoc method + * @name $compileProvider#cssClassDirectivesEnabled + * @description + * + * It indicates to the compiler + * whether or not directives on element classes should be compiled. + * Defaults to `true`. + * + * Calling this function with false disables the compilation of directives + * on element classes for the whole application. + * This results in a compilation performance gain, + * as the compiler doesn't have to check element classes when looking for directives. + * This should however only be used if you are sure that no class directives are used in + * the application (including any 3rd party directives). + * + * @param {boolean} enabled `false` if the compiler may ignore directives on element classes + * @returns {boolean|object} the current value (or `this` if called as a setter for chaining) + */ + this.cssClassDirectivesEnabled = function(value) { + if (arguments.length) { + cssClassDirectivesEnabledConfig = value; + return this; + } + return cssClassDirectivesEnabledConfig; + }; + + this.$get = [ + '$injector', '$interpolate', '$exceptionHandler', '$templateRequest', '$parse', + '$controller', '$rootScope', '$sce', '$animate', '$$sanitizeUri', + function($injector, $interpolate, $exceptionHandler, $templateRequest, $parse, + $controller, $rootScope, $sce, $animate, $$sanitizeUri) { + + var SIMPLE_ATTR_NAME = /^\w/; + var specialAttrHolder = window.document.createElement('div'); + + + var commentDirectivesEnabled = commentDirectivesEnabledConfig; + var cssClassDirectivesEnabled = cssClassDirectivesEnabledConfig; + + + var onChangesTtl = TTL; + // The onChanges hooks should all be run together in a single digest + // When changes occur, the call to trigger their hooks will be added to this queue + var onChangesQueue; + + // This function is called in a $$postDigest to trigger all the onChanges hooks in a single digest + function flushOnChangesQueue() { + try { + if (!(--onChangesTtl)) { + // We have hit the TTL limit so reset everything + onChangesQueue = undefined; + throw $compileMinErr('infchng', '{0} $onChanges() iterations reached. Aborting!\n', TTL); + } + // We must run this hook in an apply since the $$postDigest runs outside apply + $rootScope.$apply(function() { + var errors = []; + for (var i = 0, ii = onChangesQueue.length; i < ii; ++i) { + try { + onChangesQueue[i](); + } catch (e) { + errors.push(e); + } + } + // Reset the queue to trigger a new schedule next time there is a change + onChangesQueue = undefined; + if (errors.length) { + throw errors; + } + }); + } finally { + onChangesTtl++; + } + } + + + function Attributes(element, attributesToCopy) { + if (attributesToCopy) { + var keys = Object.keys(attributesToCopy); + var i, l, key; + + for (i = 0, l = keys.length; i < l; i++) { + key = keys[i]; + this[key] = attributesToCopy[key]; + } + } else { + this.$attr = {}; + } + + this.$$element = element; + } + + Attributes.prototype = { + /** + * @ngdoc method + * @name $compile.directive.Attributes#$normalize + * @kind function + * + * @description + * Converts an attribute name (e.g. dash/colon/underscore-delimited string, optionally prefixed with `x-` or + * `data-`) to its normalized, camelCase form. + * + * Also there is special case for Moz prefix starting with upper case letter. + * + * For further information check out the guide on {@link guide/directive#matching-directives Matching Directives} + * + * @param {string} name Name to normalize + */ + $normalize: directiveNormalize, + + + /** + * @ngdoc method + * @name $compile.directive.Attributes#$addClass + * @kind function + * + * @description + * Adds the CSS class value specified by the classVal parameter to the element. If animations + * are enabled then an animation will be triggered for the class addition. + * + * @param {string} classVal The className value that will be added to the element + */ + $addClass: function(classVal) { + if (classVal && classVal.length > 0) { + $animate.addClass(this.$$element, classVal); + } + }, + + /** + * @ngdoc method + * @name $compile.directive.Attributes#$removeClass + * @kind function + * + * @description + * Removes the CSS class value specified by the classVal parameter from the element. If + * animations are enabled then an animation will be triggered for the class removal. + * + * @param {string} classVal The className value that will be removed from the element + */ + $removeClass: function(classVal) { + if (classVal && classVal.length > 0) { + $animate.removeClass(this.$$element, classVal); + } + }, + + /** + * @ngdoc method + * @name $compile.directive.Attributes#$updateClass + * @kind function + * + * @description + * Adds and removes the appropriate CSS class values to the element based on the difference + * between the new and old CSS class values (specified as newClasses and oldClasses). + * + * @param {string} newClasses The current CSS className value + * @param {string} oldClasses The former CSS className value + */ + $updateClass: function(newClasses, oldClasses) { + var toAdd = tokenDifference(newClasses, oldClasses); + if (toAdd && toAdd.length) { + $animate.addClass(this.$$element, toAdd); + } + + var toRemove = tokenDifference(oldClasses, newClasses); + if (toRemove && toRemove.length) { + $animate.removeClass(this.$$element, toRemove); + } + }, + + /** + * Set a normalized attribute on the element in a way such that all directives + * can share the attribute. This function properly handles boolean attributes. + * @param {string} key Normalized key. (ie ngAttribute) + * @param {string|boolean} value The value to set. If `null` attribute will be deleted. + * @param {boolean=} writeAttr If false, does not write the value to DOM element attribute. + * Defaults to true. + * @param {string=} attrName Optional none normalized name. Defaults to key. + */ + $set: function(key, value, writeAttr, attrName) { + // TODO: decide whether or not to throw an error if "class" + //is set through this function since it may cause $updateClass to + //become unstable. + + var node = this.$$element[0], + booleanKey = getBooleanAttrName(node, key), + aliasedKey = getAliasedAttrName(key), + observer = key, + nodeName; + + if (booleanKey) { + this.$$element.prop(key, value); + attrName = booleanKey; + } else if (aliasedKey) { + this[aliasedKey] = value; + observer = aliasedKey; + } + + this[key] = value; + + // translate normalized key to actual key + if (attrName) { + this.$attr[key] = attrName; + } else { + attrName = this.$attr[key]; + if (!attrName) { + this.$attr[key] = attrName = snake_case(key, '-'); + } + } + + nodeName = nodeName_(this.$$element); + + if ((nodeName === 'a' && (key === 'href' || key === 'xlinkHref')) || + (nodeName === 'img' && key === 'src')) { + // sanitize a[href] and img[src] values + this[key] = value = $$sanitizeUri(value, key === 'src'); + } else if (nodeName === 'img' && key === 'srcset' && isDefined(value)) { + // sanitize img[srcset] values + var result = ''; + + // first check if there are spaces because it's not the same pattern + var trimmedSrcset = trim(value); + // ( 999x ,| 999w ,| ,|, ) + var srcPattern = /(\s+\d+x\s*,|\s+\d+w\s*,|\s+,|,\s+)/; + var pattern = /\s/.test(trimmedSrcset) ? srcPattern : /(,)/; + + // split srcset into tuple of uri and descriptor except for the last item + var rawUris = trimmedSrcset.split(pattern); + + // for each tuples + var nbrUrisWith2parts = Math.floor(rawUris.length / 2); + for (var i = 0; i < nbrUrisWith2parts; i++) { + var innerIdx = i * 2; + // sanitize the uri + result += $$sanitizeUri(trim(rawUris[innerIdx]), true); + // add the descriptor + result += (' ' + trim(rawUris[innerIdx + 1])); + } + + // split the last item into uri and descriptor + var lastTuple = trim(rawUris[i * 2]).split(/\s/); + + // sanitize the last uri + result += $$sanitizeUri(trim(lastTuple[0]), true); + + // and add the last descriptor if any + if (lastTuple.length === 2) { + result += (' ' + trim(lastTuple[1])); + } + this[key] = value = result; + } + + if (writeAttr !== false) { + if (value === null || isUndefined(value)) { + this.$$element.removeAttr(attrName); + } else { + if (SIMPLE_ATTR_NAME.test(attrName)) { + this.$$element.attr(attrName, value); + } else { + setSpecialAttr(this.$$element[0], attrName, value); + } + } + } + + // fire observers + var $$observers = this.$$observers; + if ($$observers) { + forEach($$observers[observer], function(fn) { + try { + fn(value); + } catch (e) { + $exceptionHandler(e); + } + }); + } + }, + + + /** + * @ngdoc method + * @name $compile.directive.Attributes#$observe + * @kind function + * + * @description + * Observes an interpolated attribute. + * + * The observer function will be invoked once during the next `$digest` following + * compilation. The observer is then invoked whenever the interpolated value + * changes. + * + * @param {string} key Normalized key. (ie ngAttribute) . + * @param {function(interpolatedValue)} fn Function that will be called whenever + the interpolated value of the attribute changes. + * See the {@link guide/interpolation#how-text-and-attribute-bindings-work Interpolation + * guide} for more info. + * @returns {function()} Returns a deregistration function for this observer. + */ + $observe: function(key, fn) { + var attrs = this, + $$observers = (attrs.$$observers || (attrs.$$observers = createMap())), + listeners = ($$observers[key] || ($$observers[key] = [])); + + listeners.push(fn); + $rootScope.$evalAsync(function() { + if (!listeners.$$inter && attrs.hasOwnProperty(key) && !isUndefined(attrs[key])) { + // no one registered attribute interpolation function, so lets call it manually + fn(attrs[key]); + } + }); + + return function() { + arrayRemove(listeners, fn); + }; + } + }; + + function setSpecialAttr(element, attrName, value) { + // Attributes names that do not start with letters (such as `(click)`) cannot be set using `setAttribute` + // so we have to jump through some hoops to get such an attribute + // https://github.com/angular/angular.js/pull/13318 + specialAttrHolder.innerHTML = ''; + var attributes = specialAttrHolder.firstChild.attributes; + var attribute = attributes[0]; + // We have to remove the attribute from its container element before we can add it to the destination element + attributes.removeNamedItem(attribute.name); + attribute.value = value; + element.attributes.setNamedItem(attribute); + } + + function safeAddClass($element, className) { + try { + $element.addClass(className); + } catch (e) { + // ignore, since it means that we are trying to set class on + // SVG element, where class name is read-only. + } + } + + + var startSymbol = $interpolate.startSymbol(), + endSymbol = $interpolate.endSymbol(), + denormalizeTemplate = (startSymbol === '{{' && endSymbol === '}}') + ? identity + : function denormalizeTemplate(template) { + return template.replace(/\{\{/g, startSymbol).replace(/}}/g, endSymbol); + }, + NG_ATTR_BINDING = /^ngAttr[A-Z]/; + var MULTI_ELEMENT_DIR_RE = /^(.+)Start$/; + + compile.$$addBindingInfo = debugInfoEnabled ? function $$addBindingInfo($element, binding) { + var bindings = $element.data('$binding') || []; + + if (isArray(binding)) { + bindings = bindings.concat(binding); + } else { + bindings.push(binding); + } + + $element.data('$binding', bindings); + } : noop; + + compile.$$addBindingClass = debugInfoEnabled ? function $$addBindingClass($element) { + safeAddClass($element, 'ng-binding'); + } : noop; + + compile.$$addScopeInfo = debugInfoEnabled ? function $$addScopeInfo($element, scope, isolated, noTemplate) { + var dataName = isolated ? (noTemplate ? '$isolateScopeNoTemplate' : '$isolateScope') : '$scope'; + $element.data(dataName, scope); + } : noop; + + compile.$$addScopeClass = debugInfoEnabled ? function $$addScopeClass($element, isolated) { + safeAddClass($element, isolated ? 'ng-isolate-scope' : 'ng-scope'); + } : noop; + + compile.$$createComment = function(directiveName, comment) { + var content = ''; + if (debugInfoEnabled) { + content = ' ' + (directiveName || '') + ': '; + if (comment) content += comment + ' '; + } + return window.document.createComment(content); + }; + + return compile; + + //================================ + + function compile($compileNodes, transcludeFn, maxPriority, ignoreDirective, + previousCompileContext) { + if (!($compileNodes instanceof jqLite)) { + // jquery always rewraps, whereas we need to preserve the original selector so that we can + // modify it. + $compileNodes = jqLite($compileNodes); + } + var compositeLinkFn = + compileNodes($compileNodes, transcludeFn, $compileNodes, + maxPriority, ignoreDirective, previousCompileContext); + compile.$$addScopeClass($compileNodes); + var namespace = null; + return function publicLinkFn(scope, cloneConnectFn, options) { + if (!$compileNodes) { + throw $compileMinErr('multilink', 'This element has already been linked.'); + } + assertArg(scope, 'scope'); + + if (previousCompileContext && previousCompileContext.needsNewScope) { + // A parent directive did a replace and a directive on this element asked + // for transclusion, which caused us to lose a layer of element on which + // we could hold the new transclusion scope, so we will create it manually + // here. + scope = scope.$parent.$new(); + } + + options = options || {}; + var parentBoundTranscludeFn = options.parentBoundTranscludeFn, + transcludeControllers = options.transcludeControllers, + futureParentElement = options.futureParentElement; + + // When `parentBoundTranscludeFn` is passed, it is a + // `controllersBoundTransclude` function (it was previously passed + // as `transclude` to directive.link) so we must unwrap it to get + // its `boundTranscludeFn` + if (parentBoundTranscludeFn && parentBoundTranscludeFn.$$boundTransclude) { + parentBoundTranscludeFn = parentBoundTranscludeFn.$$boundTransclude; + } + + if (!namespace) { + namespace = detectNamespaceForChildElements(futureParentElement); + } + var $linkNode; + if (namespace !== 'html') { + // When using a directive with replace:true and templateUrl the $compileNodes + // (or a child element inside of them) + // might change, so we need to recreate the namespace adapted compileNodes + // for call to the link function. + // Note: This will already clone the nodes... + $linkNode = jqLite( + wrapTemplate(namespace, jqLite('
    ').append($compileNodes).html()) + ); + } else if (cloneConnectFn) { + // important!!: we must call our jqLite.clone() since the jQuery one is trying to be smart + // and sometimes changes the structure of the DOM. + $linkNode = JQLitePrototype.clone.call($compileNodes); + } else { + $linkNode = $compileNodes; + } + + if (transcludeControllers) { + for (var controllerName in transcludeControllers) { + $linkNode.data('$' + controllerName + 'Controller', transcludeControllers[controllerName].instance); + } + } + + compile.$$addScopeInfo($linkNode, scope); + + if (cloneConnectFn) cloneConnectFn($linkNode, scope); + if (compositeLinkFn) compositeLinkFn(scope, $linkNode, $linkNode, parentBoundTranscludeFn); + + if (!cloneConnectFn) { + $compileNodes = compositeLinkFn = null; + } + return $linkNode; + }; + } + + function detectNamespaceForChildElements(parentElement) { + // TODO: Make this detect MathML as well... + var node = parentElement && parentElement[0]; + if (!node) { + return 'html'; + } else { + return nodeName_(node) !== 'foreignobject' && toString.call(node).match(/SVG/) ? 'svg' : 'html'; + } + } + + /** + * Compile function matches each node in nodeList against the directives. Once all directives + * for a particular node are collected their compile functions are executed. The compile + * functions return values - the linking functions - are combined into a composite linking + * function, which is the a linking function for the node. + * + * @param {NodeList} nodeList an array of nodes or NodeList to compile + * @param {function(angular.Scope, cloneAttachFn=)} transcludeFn A linking function, where the + * scope argument is auto-generated to the new child of the transcluded parent scope. + * @param {DOMElement=} $rootElement If the nodeList is the root of the compilation tree then + * the rootElement must be set the jqLite collection of the compile root. This is + * needed so that the jqLite collection items can be replaced with widgets. + * @param {number=} maxPriority Max directive priority. + * @returns {Function} A composite linking function of all of the matched directives or null. + */ + function compileNodes(nodeList, transcludeFn, $rootElement, maxPriority, ignoreDirective, + previousCompileContext) { + var linkFns = [], + // `nodeList` can be either an element's `.childNodes` (live NodeList) + // or a jqLite/jQuery collection or an array + notLiveList = isArray(nodeList) || (nodeList instanceof jqLite), + attrs, directives, nodeLinkFn, childNodes, childLinkFn, linkFnFound, nodeLinkFnFound; + + + for (var i = 0; i < nodeList.length; i++) { + attrs = new Attributes(); + + // Support: IE 11 only + // Workaround for #11781 and #14924 + if (msie === 11) { + mergeConsecutiveTextNodes(nodeList, i, notLiveList); + } + + // We must always refer to `nodeList[i]` hereafter, + // since the nodes can be replaced underneath us. + directives = collectDirectives(nodeList[i], [], attrs, i === 0 ? maxPriority : undefined, + ignoreDirective); + + nodeLinkFn = (directives.length) + ? applyDirectivesToNode(directives, nodeList[i], attrs, transcludeFn, $rootElement, + null, [], [], previousCompileContext) + : null; + + if (nodeLinkFn && nodeLinkFn.scope) { + compile.$$addScopeClass(attrs.$$element); + } + + childLinkFn = (nodeLinkFn && nodeLinkFn.terminal || + !(childNodes = nodeList[i].childNodes) || + !childNodes.length) + ? null + : compileNodes(childNodes, + nodeLinkFn ? ( + (nodeLinkFn.transcludeOnThisElement || !nodeLinkFn.templateOnThisElement) + && nodeLinkFn.transclude) : transcludeFn); + + if (nodeLinkFn || childLinkFn) { + linkFns.push(i, nodeLinkFn, childLinkFn); + linkFnFound = true; + nodeLinkFnFound = nodeLinkFnFound || nodeLinkFn; + } + + //use the previous context only for the first element in the virtual group + previousCompileContext = null; + } + + // return a linking function if we have found anything, null otherwise + return linkFnFound ? compositeLinkFn : null; + + function compositeLinkFn(scope, nodeList, $rootElement, parentBoundTranscludeFn) { + var nodeLinkFn, childLinkFn, node, childScope, i, ii, idx, childBoundTranscludeFn; + var stableNodeList; + + + if (nodeLinkFnFound) { + // copy nodeList so that if a nodeLinkFn removes or adds an element at this DOM level our + // offsets don't get screwed up + var nodeListLength = nodeList.length; + stableNodeList = new Array(nodeListLength); + + // create a sparse array by only copying the elements which have a linkFn + for (i = 0; i < linkFns.length; i += 3) { + idx = linkFns[i]; + stableNodeList[idx] = nodeList[idx]; + } + } else { + stableNodeList = nodeList; + } + + for (i = 0, ii = linkFns.length; i < ii;) { + node = stableNodeList[linkFns[i++]]; + nodeLinkFn = linkFns[i++]; + childLinkFn = linkFns[i++]; + + if (nodeLinkFn) { + if (nodeLinkFn.scope) { + childScope = scope.$new(); + compile.$$addScopeInfo(jqLite(node), childScope); + } else { + childScope = scope; + } + + if (nodeLinkFn.transcludeOnThisElement) { + childBoundTranscludeFn = createBoundTranscludeFn( + scope, nodeLinkFn.transclude, parentBoundTranscludeFn); + + } else if (!nodeLinkFn.templateOnThisElement && parentBoundTranscludeFn) { + childBoundTranscludeFn = parentBoundTranscludeFn; + + } else if (!parentBoundTranscludeFn && transcludeFn) { + childBoundTranscludeFn = createBoundTranscludeFn(scope, transcludeFn); + + } else { + childBoundTranscludeFn = null; + } + + nodeLinkFn(childLinkFn, childScope, node, $rootElement, childBoundTranscludeFn); + + } else if (childLinkFn) { + childLinkFn(scope, node.childNodes, undefined, parentBoundTranscludeFn); + } + } + } + } + + function mergeConsecutiveTextNodes(nodeList, idx, notLiveList) { + var node = nodeList[idx]; + var parent = node.parentNode; + var sibling; + + if (node.nodeType !== NODE_TYPE_TEXT) { + return; + } + + while (true) { + sibling = parent ? node.nextSibling : nodeList[idx + 1]; + if (!sibling || sibling.nodeType !== NODE_TYPE_TEXT) { + break; + } + + node.nodeValue = node.nodeValue + sibling.nodeValue; + + if (sibling.parentNode) { + sibling.parentNode.removeChild(sibling); + } + if (notLiveList && sibling === nodeList[idx + 1]) { + nodeList.splice(idx + 1, 1); + } + } + } + + function createBoundTranscludeFn(scope, transcludeFn, previousBoundTranscludeFn) { + function boundTranscludeFn(transcludedScope, cloneFn, controllers, futureParentElement, containingScope) { + + if (!transcludedScope) { + transcludedScope = scope.$new(false, containingScope); + transcludedScope.$$transcluded = true; + } + + return transcludeFn(transcludedScope, cloneFn, { + parentBoundTranscludeFn: previousBoundTranscludeFn, + transcludeControllers: controllers, + futureParentElement: futureParentElement + }); + } + + // We need to attach the transclusion slots onto the `boundTranscludeFn` + // so that they are available inside the `controllersBoundTransclude` function + var boundSlots = boundTranscludeFn.$$slots = createMap(); + for (var slotName in transcludeFn.$$slots) { + if (transcludeFn.$$slots[slotName]) { + boundSlots[slotName] = createBoundTranscludeFn(scope, transcludeFn.$$slots[slotName], previousBoundTranscludeFn); + } else { + boundSlots[slotName] = null; + } + } + + return boundTranscludeFn; + } + + /** + * Looks for directives on the given node and adds them to the directive collection which is + * sorted. + * + * @param node Node to search. + * @param directives An array to which the directives are added to. This array is sorted before + * the function returns. + * @param attrs The shared attrs object which is used to populate the normalized attributes. + * @param {number=} maxPriority Max directive priority. + */ + function collectDirectives(node, directives, attrs, maxPriority, ignoreDirective) { + var nodeType = node.nodeType, + attrsMap = attrs.$attr, + match, + nodeName, + className; + + switch (nodeType) { + case NODE_TYPE_ELEMENT: /* Element */ + + nodeName = nodeName_(node); + + // use the node name: + addDirective(directives, + directiveNormalize(nodeName), 'E', maxPriority, ignoreDirective); + + // iterate over the attributes + for (var attr, name, nName, ngAttrName, value, isNgAttr, nAttrs = node.attributes, + j = 0, jj = nAttrs && nAttrs.length; j < jj; j++) { + var attrStartName = false; + var attrEndName = false; + + attr = nAttrs[j]; + name = attr.name; + value = attr.value; + + // support ngAttr attribute binding + ngAttrName = directiveNormalize(name); + isNgAttr = NG_ATTR_BINDING.test(ngAttrName); + if (isNgAttr) { + name = name.replace(PREFIX_REGEXP, '') + .substr(8).replace(/_(.)/g, function(match, letter) { + return letter.toUpperCase(); + }); + } + + var multiElementMatch = ngAttrName.match(MULTI_ELEMENT_DIR_RE); + if (multiElementMatch && directiveIsMultiElement(multiElementMatch[1])) { + attrStartName = name; + attrEndName = name.substr(0, name.length - 5) + 'end'; + name = name.substr(0, name.length - 6); + } + + nName = directiveNormalize(name.toLowerCase()); + attrsMap[nName] = name; + if (isNgAttr || !attrs.hasOwnProperty(nName)) { + attrs[nName] = value; + if (getBooleanAttrName(node, nName)) { + attrs[nName] = true; // presence means true + } + } + addAttrInterpolateDirective(node, directives, value, nName, isNgAttr); + addDirective(directives, nName, 'A', maxPriority, ignoreDirective, attrStartName, + attrEndName); + } + + if (nodeName === 'input' && node.getAttribute('type') === 'hidden') { + // Hidden input elements can have strange behaviour when navigating back to the page + // This tells the browser not to try to cache and reinstate previous values + node.setAttribute('autocomplete', 'off'); + } + + // use class as directive + if (!cssClassDirectivesEnabled) break; + className = node.className; + if (isObject(className)) { + // Maybe SVGAnimatedString + className = className.animVal; + } + if (isString(className) && className !== '') { + while ((match = CLASS_DIRECTIVE_REGEXP.exec(className))) { + nName = directiveNormalize(match[2]); + if (addDirective(directives, nName, 'C', maxPriority, ignoreDirective)) { + attrs[nName] = trim(match[3]); + } + className = className.substr(match.index + match[0].length); + } + } + break; + case NODE_TYPE_TEXT: /* Text Node */ + addTextInterpolateDirective(directives, node.nodeValue); + break; + case NODE_TYPE_COMMENT: /* Comment */ + if (!commentDirectivesEnabled) break; + collectCommentDirectives(node, directives, attrs, maxPriority, ignoreDirective); + break; + } + + directives.sort(byPriority); + return directives; + } + + function collectCommentDirectives(node, directives, attrs, maxPriority, ignoreDirective) { + // function created because of performance, try/catch disables + // the optimization of the whole function #14848 + try { + var match = COMMENT_DIRECTIVE_REGEXP.exec(node.nodeValue); + if (match) { + var nName = directiveNormalize(match[1]); + if (addDirective(directives, nName, 'M', maxPriority, ignoreDirective)) { + attrs[nName] = trim(match[2]); + } + } + } catch (e) { + // turns out that under some circumstances IE9 throws errors when one attempts to read + // comment's node value. + // Just ignore it and continue. (Can't seem to reproduce in test case.) + } + } + + /** + * Given a node with a directive-start it collects all of the siblings until it finds + * directive-end. + * @param node + * @param attrStart + * @param attrEnd + * @returns {*} + */ + function groupScan(node, attrStart, attrEnd) { + var nodes = []; + var depth = 0; + if (attrStart && node.hasAttribute && node.hasAttribute(attrStart)) { + do { + if (!node) { + throw $compileMinErr('uterdir', + 'Unterminated attribute, found \'{0}\' but no matching \'{1}\' found.', + attrStart, attrEnd); + } + if (node.nodeType === NODE_TYPE_ELEMENT) { + if (node.hasAttribute(attrStart)) depth++; + if (node.hasAttribute(attrEnd)) depth--; + } + nodes.push(node); + node = node.nextSibling; + } while (depth > 0); + } else { + nodes.push(node); + } + + return jqLite(nodes); + } + + /** + * Wrapper for linking function which converts normal linking function into a grouped + * linking function. + * @param linkFn + * @param attrStart + * @param attrEnd + * @returns {Function} + */ + function groupElementsLinkFnWrapper(linkFn, attrStart, attrEnd) { + return function groupedElementsLink(scope, element, attrs, controllers, transcludeFn) { + element = groupScan(element[0], attrStart, attrEnd); + return linkFn(scope, element, attrs, controllers, transcludeFn); + }; + } + + /** + * A function generator that is used to support both eager and lazy compilation + * linking function. + * @param eager + * @param $compileNodes + * @param transcludeFn + * @param maxPriority + * @param ignoreDirective + * @param previousCompileContext + * @returns {Function} + */ + function compilationGenerator(eager, $compileNodes, transcludeFn, maxPriority, ignoreDirective, previousCompileContext) { + var compiled; + + if (eager) { + return compile($compileNodes, transcludeFn, maxPriority, ignoreDirective, previousCompileContext); + } + return /** @this */ function lazyCompilation() { + if (!compiled) { + compiled = compile($compileNodes, transcludeFn, maxPriority, ignoreDirective, previousCompileContext); + + // Null out all of these references in order to make them eligible for garbage collection + // since this is a potentially long lived closure + $compileNodes = transcludeFn = previousCompileContext = null; + } + return compiled.apply(this, arguments); + }; + } + + /** + * Once the directives have been collected, their compile functions are executed. This method + * is responsible for inlining directive templates as well as terminating the application + * of the directives if the terminal directive has been reached. + * + * @param {Array} directives Array of collected directives to execute their compile function. + * this needs to be pre-sorted by priority order. + * @param {Node} compileNode The raw DOM node to apply the compile functions to + * @param {Object} templateAttrs The shared attribute function + * @param {function(angular.Scope, cloneAttachFn=)} transcludeFn A linking function, where the + * scope argument is auto-generated to the new + * child of the transcluded parent scope. + * @param {JQLite} jqCollection If we are working on the root of the compile tree then this + * argument has the root jqLite array so that we can replace nodes + * on it. + * @param {Object=} originalReplaceDirective An optional directive that will be ignored when + * compiling the transclusion. + * @param {Array.} preLinkFns + * @param {Array.} postLinkFns + * @param {Object} previousCompileContext Context used for previous compilation of the current + * node + * @returns {Function} linkFn + */ + function applyDirectivesToNode(directives, compileNode, templateAttrs, transcludeFn, + jqCollection, originalReplaceDirective, preLinkFns, postLinkFns, + previousCompileContext) { + previousCompileContext = previousCompileContext || {}; + + var terminalPriority = -Number.MAX_VALUE, + newScopeDirective = previousCompileContext.newScopeDirective, + controllerDirectives = previousCompileContext.controllerDirectives, + newIsolateScopeDirective = previousCompileContext.newIsolateScopeDirective, + templateDirective = previousCompileContext.templateDirective, + nonTlbTranscludeDirective = previousCompileContext.nonTlbTranscludeDirective, + hasTranscludeDirective = false, + hasTemplate = false, + hasElementTranscludeDirective = previousCompileContext.hasElementTranscludeDirective, + $compileNode = templateAttrs.$$element = jqLite(compileNode), + directive, + directiveName, + $template, + replaceDirective = originalReplaceDirective, + childTranscludeFn = transcludeFn, + linkFn, + didScanForMultipleTransclusion = false, + mightHaveMultipleTransclusionError = false, + directiveValue; + + // executes all directives on the current element + for (var i = 0, ii = directives.length; i < ii; i++) { + directive = directives[i]; + var attrStart = directive.$$start; + var attrEnd = directive.$$end; + + // collect multiblock sections + if (attrStart) { + $compileNode = groupScan(compileNode, attrStart, attrEnd); + } + $template = undefined; + + if (terminalPriority > directive.priority) { + break; // prevent further processing of directives + } + + directiveValue = directive.scope; + + if (directiveValue) { + + // skip the check for directives with async templates, we'll check the derived sync + // directive when the template arrives + if (!directive.templateUrl) { + if (isObject(directiveValue)) { + // This directive is trying to add an isolated scope. + // Check that there is no scope of any kind already + assertNoDuplicate('new/isolated scope', newIsolateScopeDirective || newScopeDirective, + directive, $compileNode); + newIsolateScopeDirective = directive; + } else { + // This directive is trying to add a child scope. + // Check that there is no isolated scope already + assertNoDuplicate('new/isolated scope', newIsolateScopeDirective, directive, + $compileNode); + } + } + + newScopeDirective = newScopeDirective || directive; + } + + directiveName = directive.name; + + // If we encounter a condition that can result in transclusion on the directive, + // then scan ahead in the remaining directives for others that may cause a multiple + // transclusion error to be thrown during the compilation process. If a matching directive + // is found, then we know that when we encounter a transcluded directive, we need to eagerly + // compile the `transclude` function rather than doing it lazily in order to throw + // exceptions at the correct time + if (!didScanForMultipleTransclusion && ((directive.replace && (directive.templateUrl || directive.template)) + || (directive.transclude && !directive.$$tlb))) { + var candidateDirective; + + for (var scanningIndex = i + 1; (candidateDirective = directives[scanningIndex++]);) { + if ((candidateDirective.transclude && !candidateDirective.$$tlb) + || (candidateDirective.replace && (candidateDirective.templateUrl || candidateDirective.template))) { + mightHaveMultipleTransclusionError = true; + break; + } + } + + didScanForMultipleTransclusion = true; + } + + if (!directive.templateUrl && directive.controller) { + controllerDirectives = controllerDirectives || createMap(); + assertNoDuplicate('\'' + directiveName + '\' controller', + controllerDirectives[directiveName], directive, $compileNode); + controllerDirectives[directiveName] = directive; + } + + directiveValue = directive.transclude; + + if (directiveValue) { + hasTranscludeDirective = true; + + // Special case ngIf and ngRepeat so that we don't complain about duplicate transclusion. + // This option should only be used by directives that know how to safely handle element transclusion, + // where the transcluded nodes are added or replaced after linking. + if (!directive.$$tlb) { + assertNoDuplicate('transclusion', nonTlbTranscludeDirective, directive, $compileNode); + nonTlbTranscludeDirective = directive; + } + + if (directiveValue === 'element') { + hasElementTranscludeDirective = true; + terminalPriority = directive.priority; + $template = $compileNode; + $compileNode = templateAttrs.$$element = + jqLite(compile.$$createComment(directiveName, templateAttrs[directiveName])); + compileNode = $compileNode[0]; + replaceWith(jqCollection, sliceArgs($template), compileNode); + + // Support: Chrome < 50 + // https://github.com/angular/angular.js/issues/14041 + + // In the versions of V8 prior to Chrome 50, the document fragment that is created + // in the `replaceWith` function is improperly garbage collected despite still + // being referenced by the `parentNode` property of all of the child nodes. By adding + // a reference to the fragment via a different property, we can avoid that incorrect + // behavior. + // TODO: remove this line after Chrome 50 has been released + $template[0].$$parentNode = $template[0].parentNode; + + childTranscludeFn = compilationGenerator(mightHaveMultipleTransclusionError, $template, transcludeFn, terminalPriority, + replaceDirective && replaceDirective.name, { + // Don't pass in: + // - controllerDirectives - otherwise we'll create duplicates controllers + // - newIsolateScopeDirective or templateDirective - combining templates with + // element transclusion doesn't make sense. + // + // We need only nonTlbTranscludeDirective so that we prevent putting transclusion + // on the same element more than once. + nonTlbTranscludeDirective: nonTlbTranscludeDirective + }); + } else { + + var slots = createMap(); + + if (!isObject(directiveValue)) { + $template = jqLite(jqLiteClone(compileNode)).contents(); + } else { + + // We have transclusion slots, + // collect them up, compile them and store their transclusion functions + $template = []; + + var slotMap = createMap(); + var filledSlots = createMap(); + + // Parse the element selectors + forEach(directiveValue, function(elementSelector, slotName) { + // If an element selector starts with a ? then it is optional + var optional = (elementSelector.charAt(0) === '?'); + elementSelector = optional ? elementSelector.substring(1) : elementSelector; + + slotMap[elementSelector] = slotName; + + // We explicitly assign `null` since this implies that a slot was defined but not filled. + // Later when calling boundTransclusion functions with a slot name we only error if the + // slot is `undefined` + slots[slotName] = null; + + // filledSlots contains `true` for all slots that are either optional or have been + // filled. This is used to check that we have not missed any required slots + filledSlots[slotName] = optional; + }); + + // Add the matching elements into their slot + forEach($compileNode.contents(), function(node) { + var slotName = slotMap[directiveNormalize(nodeName_(node))]; + if (slotName) { + filledSlots[slotName] = true; + slots[slotName] = slots[slotName] || []; + slots[slotName].push(node); + } else { + $template.push(node); + } + }); + + // Check for required slots that were not filled + forEach(filledSlots, function(filled, slotName) { + if (!filled) { + throw $compileMinErr('reqslot', 'Required transclusion slot `{0}` was not filled.', slotName); + } + }); + + for (var slotName in slots) { + if (slots[slotName]) { + // Only define a transclusion function if the slot was filled + slots[slotName] = compilationGenerator(mightHaveMultipleTransclusionError, slots[slotName], transcludeFn); + } + } + } + + $compileNode.empty(); // clear contents + childTranscludeFn = compilationGenerator(mightHaveMultipleTransclusionError, $template, transcludeFn, undefined, + undefined, { needsNewScope: directive.$$isolateScope || directive.$$newScope}); + childTranscludeFn.$$slots = slots; + } + } + + if (directive.template) { + hasTemplate = true; + assertNoDuplicate('template', templateDirective, directive, $compileNode); + templateDirective = directive; + + directiveValue = (isFunction(directive.template)) + ? directive.template($compileNode, templateAttrs) + : directive.template; + + directiveValue = denormalizeTemplate(directiveValue); + + if (directive.replace) { + replaceDirective = directive; + if (jqLiteIsTextNode(directiveValue)) { + $template = []; + } else { + $template = removeComments(wrapTemplate(directive.templateNamespace, trim(directiveValue))); + } + compileNode = $template[0]; + + if ($template.length !== 1 || compileNode.nodeType !== NODE_TYPE_ELEMENT) { + throw $compileMinErr('tplrt', + 'Template for directive \'{0}\' must have exactly one root element. {1}', + directiveName, ''); + } + + replaceWith(jqCollection, $compileNode, compileNode); + + var newTemplateAttrs = {$attr: {}}; + + // combine directives from the original node and from the template: + // - take the array of directives for this element + // - split it into two parts, those that already applied (processed) and those that weren't (unprocessed) + // - collect directives from the template and sort them by priority + // - combine directives as: processed + template + unprocessed + var templateDirectives = collectDirectives(compileNode, [], newTemplateAttrs); + var unprocessedDirectives = directives.splice(i + 1, directives.length - (i + 1)); + + if (newIsolateScopeDirective || newScopeDirective) { + // The original directive caused the current element to be replaced but this element + // also needs to have a new scope, so we need to tell the template directives + // that they would need to get their scope from further up, if they require transclusion + markDirectiveScope(templateDirectives, newIsolateScopeDirective, newScopeDirective); + } + directives = directives.concat(templateDirectives).concat(unprocessedDirectives); + mergeTemplateAttributes(templateAttrs, newTemplateAttrs); + + ii = directives.length; + } else { + $compileNode.html(directiveValue); + } + } + + if (directive.templateUrl) { + hasTemplate = true; + assertNoDuplicate('template', templateDirective, directive, $compileNode); + templateDirective = directive; + + if (directive.replace) { + replaceDirective = directive; + } + + // eslint-disable-next-line no-func-assign + nodeLinkFn = compileTemplateUrl(directives.splice(i, directives.length - i), $compileNode, + templateAttrs, jqCollection, hasTranscludeDirective && childTranscludeFn, preLinkFns, postLinkFns, { + controllerDirectives: controllerDirectives, + newScopeDirective: (newScopeDirective !== directive) && newScopeDirective, + newIsolateScopeDirective: newIsolateScopeDirective, + templateDirective: templateDirective, + nonTlbTranscludeDirective: nonTlbTranscludeDirective + }); + ii = directives.length; + } else if (directive.compile) { + try { + linkFn = directive.compile($compileNode, templateAttrs, childTranscludeFn); + var context = directive.$$originalDirective || directive; + if (isFunction(linkFn)) { + addLinkFns(null, bind(context, linkFn), attrStart, attrEnd); + } else if (linkFn) { + addLinkFns(bind(context, linkFn.pre), bind(context, linkFn.post), attrStart, attrEnd); + } + } catch (e) { + $exceptionHandler(e, startingTag($compileNode)); + } + } + + if (directive.terminal) { + nodeLinkFn.terminal = true; + terminalPriority = Math.max(terminalPriority, directive.priority); + } + + } + + nodeLinkFn.scope = newScopeDirective && newScopeDirective.scope === true; + nodeLinkFn.transcludeOnThisElement = hasTranscludeDirective; + nodeLinkFn.templateOnThisElement = hasTemplate; + nodeLinkFn.transclude = childTranscludeFn; + + previousCompileContext.hasElementTranscludeDirective = hasElementTranscludeDirective; + + // might be normal or delayed nodeLinkFn depending on if templateUrl is present + return nodeLinkFn; + + //////////////////// + + function addLinkFns(pre, post, attrStart, attrEnd) { + if (pre) { + if (attrStart) pre = groupElementsLinkFnWrapper(pre, attrStart, attrEnd); + pre.require = directive.require; + pre.directiveName = directiveName; + if (newIsolateScopeDirective === directive || directive.$$isolateScope) { + pre = cloneAndAnnotateFn(pre, {isolateScope: true}); + } + preLinkFns.push(pre); + } + if (post) { + if (attrStart) post = groupElementsLinkFnWrapper(post, attrStart, attrEnd); + post.require = directive.require; + post.directiveName = directiveName; + if (newIsolateScopeDirective === directive || directive.$$isolateScope) { + post = cloneAndAnnotateFn(post, {isolateScope: true}); + } + postLinkFns.push(post); + } + } + + function nodeLinkFn(childLinkFn, scope, linkNode, $rootElement, boundTranscludeFn) { + var i, ii, linkFn, isolateScope, controllerScope, elementControllers, transcludeFn, $element, + attrs, scopeBindingInfo; + + if (compileNode === linkNode) { + attrs = templateAttrs; + $element = templateAttrs.$$element; + } else { + $element = jqLite(linkNode); + attrs = new Attributes($element, templateAttrs); + } + + controllerScope = scope; + if (newIsolateScopeDirective) { + isolateScope = scope.$new(true); + } else if (newScopeDirective) { + controllerScope = scope.$parent; + } + + if (boundTranscludeFn) { + // track `boundTranscludeFn` so it can be unwrapped if `transcludeFn` + // is later passed as `parentBoundTranscludeFn` to `publicLinkFn` + transcludeFn = controllersBoundTransclude; + transcludeFn.$$boundTransclude = boundTranscludeFn; + // expose the slots on the `$transclude` function + transcludeFn.isSlotFilled = function(slotName) { + return !!boundTranscludeFn.$$slots[slotName]; + }; + } + + if (controllerDirectives) { + elementControllers = setupControllers($element, attrs, transcludeFn, controllerDirectives, isolateScope, scope, newIsolateScopeDirective); + } + + if (newIsolateScopeDirective) { + // Initialize isolate scope bindings for new isolate scope directive. + compile.$$addScopeInfo($element, isolateScope, true, !(templateDirective && (templateDirective === newIsolateScopeDirective || + templateDirective === newIsolateScopeDirective.$$originalDirective))); + compile.$$addScopeClass($element, true); + isolateScope.$$isolateBindings = + newIsolateScopeDirective.$$isolateBindings; + scopeBindingInfo = initializeDirectiveBindings(scope, attrs, isolateScope, + isolateScope.$$isolateBindings, + newIsolateScopeDirective); + if (scopeBindingInfo.removeWatches) { + isolateScope.$on('$destroy', scopeBindingInfo.removeWatches); + } + } + + // Initialize bindToController bindings + for (var name in elementControllers) { + var controllerDirective = controllerDirectives[name]; + var controller = elementControllers[name]; + var bindings = controllerDirective.$$bindings.bindToController; + + if (preAssignBindingsEnabled) { + if (bindings) { + controller.bindingInfo = + initializeDirectiveBindings(controllerScope, attrs, controller.instance, bindings, controllerDirective); + } else { + controller.bindingInfo = {}; + } + + var controllerResult = controller(); + if (controllerResult !== controller.instance) { + // If the controller constructor has a return value, overwrite the instance + // from setupControllers + controller.instance = controllerResult; + $element.data('$' + controllerDirective.name + 'Controller', controllerResult); + if (controller.bindingInfo.removeWatches) { + controller.bindingInfo.removeWatches(); + } + controller.bindingInfo = + initializeDirectiveBindings(controllerScope, attrs, controller.instance, bindings, controllerDirective); + } + } else { + controller.instance = controller(); + $element.data('$' + controllerDirective.name + 'Controller', controller.instance); + controller.bindingInfo = + initializeDirectiveBindings(controllerScope, attrs, controller.instance, bindings, controllerDirective); + } + } + + // Bind the required controllers to the controller, if `require` is an object and `bindToController` is truthy + forEach(controllerDirectives, function(controllerDirective, name) { + var require = controllerDirective.require; + if (controllerDirective.bindToController && !isArray(require) && isObject(require)) { + extend(elementControllers[name].instance, getControllers(name, require, $element, elementControllers)); + } + }); + + // Handle the init and destroy lifecycle hooks on all controllers that have them + forEach(elementControllers, function(controller) { + var controllerInstance = controller.instance; + if (isFunction(controllerInstance.$onChanges)) { + try { + controllerInstance.$onChanges(controller.bindingInfo.initialChanges); + } catch (e) { + $exceptionHandler(e); + } + } + if (isFunction(controllerInstance.$onInit)) { + try { + controllerInstance.$onInit(); + } catch (e) { + $exceptionHandler(e); + } + } + if (isFunction(controllerInstance.$doCheck)) { + controllerScope.$watch(function() { controllerInstance.$doCheck(); }); + controllerInstance.$doCheck(); + } + if (isFunction(controllerInstance.$onDestroy)) { + controllerScope.$on('$destroy', function callOnDestroyHook() { + controllerInstance.$onDestroy(); + }); + } + }); + + // PRELINKING + for (i = 0, ii = preLinkFns.length; i < ii; i++) { + linkFn = preLinkFns[i]; + invokeLinkFn(linkFn, + linkFn.isolateScope ? isolateScope : scope, + $element, + attrs, + linkFn.require && getControllers(linkFn.directiveName, linkFn.require, $element, elementControllers), + transcludeFn + ); + } + + // RECURSION + // We only pass the isolate scope, if the isolate directive has a template, + // otherwise the child elements do not belong to the isolate directive. + var scopeToChild = scope; + if (newIsolateScopeDirective && (newIsolateScopeDirective.template || newIsolateScopeDirective.templateUrl === null)) { + scopeToChild = isolateScope; + } + if (childLinkFn) { + childLinkFn(scopeToChild, linkNode.childNodes, undefined, boundTranscludeFn); + } + + // POSTLINKING + for (i = postLinkFns.length - 1; i >= 0; i--) { + linkFn = postLinkFns[i]; + invokeLinkFn(linkFn, + linkFn.isolateScope ? isolateScope : scope, + $element, + attrs, + linkFn.require && getControllers(linkFn.directiveName, linkFn.require, $element, elementControllers), + transcludeFn + ); + } + + // Trigger $postLink lifecycle hooks + forEach(elementControllers, function(controller) { + var controllerInstance = controller.instance; + if (isFunction(controllerInstance.$postLink)) { + controllerInstance.$postLink(); + } + }); + + // This is the function that is injected as `$transclude`. + // Note: all arguments are optional! + function controllersBoundTransclude(scope, cloneAttachFn, futureParentElement, slotName) { + var transcludeControllers; + // No scope passed in: + if (!isScope(scope)) { + slotName = futureParentElement; + futureParentElement = cloneAttachFn; + cloneAttachFn = scope; + scope = undefined; + } + + if (hasElementTranscludeDirective) { + transcludeControllers = elementControllers; + } + if (!futureParentElement) { + futureParentElement = hasElementTranscludeDirective ? $element.parent() : $element; + } + if (slotName) { + // slotTranscludeFn can be one of three things: + // * a transclude function - a filled slot + // * `null` - an optional slot that was not filled + // * `undefined` - a slot that was not declared (i.e. invalid) + var slotTranscludeFn = boundTranscludeFn.$$slots[slotName]; + if (slotTranscludeFn) { + return slotTranscludeFn(scope, cloneAttachFn, transcludeControllers, futureParentElement, scopeToChild); + } else if (isUndefined(slotTranscludeFn)) { + throw $compileMinErr('noslot', + 'No parent directive that requires a transclusion with slot name "{0}". ' + + 'Element: {1}', + slotName, startingTag($element)); + } + } else { + return boundTranscludeFn(scope, cloneAttachFn, transcludeControllers, futureParentElement, scopeToChild); + } + } + } + } + + function getControllers(directiveName, require, $element, elementControllers) { + var value; + + if (isString(require)) { + var match = require.match(REQUIRE_PREFIX_REGEXP); + var name = require.substring(match[0].length); + var inheritType = match[1] || match[3]; + var optional = match[2] === '?'; + + //If only parents then start at the parent element + if (inheritType === '^^') { + $element = $element.parent(); + //Otherwise attempt getting the controller from elementControllers in case + //the element is transcluded (and has no data) and to avoid .data if possible + } else { + value = elementControllers && elementControllers[name]; + value = value && value.instance; + } + + if (!value) { + var dataName = '$' + name + 'Controller'; + value = inheritType ? $element.inheritedData(dataName) : $element.data(dataName); + } + + if (!value && !optional) { + throw $compileMinErr('ctreq', + 'Controller \'{0}\', required by directive \'{1}\', can\'t be found!', + name, directiveName); + } + } else if (isArray(require)) { + value = []; + for (var i = 0, ii = require.length; i < ii; i++) { + value[i] = getControllers(directiveName, require[i], $element, elementControllers); + } + } else if (isObject(require)) { + value = {}; + forEach(require, function(controller, property) { + value[property] = getControllers(directiveName, controller, $element, elementControllers); + }); + } + + return value || null; + } + + function setupControllers($element, attrs, transcludeFn, controllerDirectives, isolateScope, scope, newIsolateScopeDirective) { + var elementControllers = createMap(); + for (var controllerKey in controllerDirectives) { + var directive = controllerDirectives[controllerKey]; + var locals = { + $scope: directive === newIsolateScopeDirective || directive.$$isolateScope ? isolateScope : scope, + $element: $element, + $attrs: attrs, + $transclude: transcludeFn + }; + + var controller = directive.controller; + if (controller === '@') { + controller = attrs[directive.name]; + } + + var controllerInstance = $controller(controller, locals, true, directive.controllerAs); + + // For directives with element transclusion the element is a comment. + // In this case .data will not attach any data. + // Instead, we save the controllers for the element in a local hash and attach to .data + // later, once we have the actual element. + elementControllers[directive.name] = controllerInstance; + $element.data('$' + directive.name + 'Controller', controllerInstance.instance); + } + return elementControllers; + } + + // Depending upon the context in which a directive finds itself it might need to have a new isolated + // or child scope created. For instance: + // * if the directive has been pulled into a template because another directive with a higher priority + // asked for element transclusion + // * if the directive itself asks for transclusion but it is at the root of a template and the original + // element was replaced. See https://github.com/angular/angular.js/issues/12936 + function markDirectiveScope(directives, isolateScope, newScope) { + for (var j = 0, jj = directives.length; j < jj; j++) { + directives[j] = inherit(directives[j], {$$isolateScope: isolateScope, $$newScope: newScope}); + } + } + + /** + * looks up the directive and decorates it with exception handling and proper parameters. We + * call this the boundDirective. + * + * @param {string} name name of the directive to look up. + * @param {string} location The directive must be found in specific format. + * String containing any of theses characters: + * + * * `E`: element name + * * `A': attribute + * * `C`: class + * * `M`: comment + * @returns {boolean} true if directive was added. + */ + function addDirective(tDirectives, name, location, maxPriority, ignoreDirective, startAttrName, + endAttrName) { + if (name === ignoreDirective) return null; + var match = null; + if (hasDirectives.hasOwnProperty(name)) { + for (var directive, directives = $injector.get(name + Suffix), + i = 0, ii = directives.length; i < ii; i++) { + directive = directives[i]; + if ((isUndefined(maxPriority) || maxPriority > directive.priority) && + directive.restrict.indexOf(location) !== -1) { + if (startAttrName) { + directive = inherit(directive, {$$start: startAttrName, $$end: endAttrName}); + } + if (!directive.$$bindings) { + var bindings = directive.$$bindings = + parseDirectiveBindings(directive, directive.name); + if (isObject(bindings.isolateScope)) { + directive.$$isolateBindings = bindings.isolateScope; + } + } + tDirectives.push(directive); + match = directive; + } + } + } + return match; + } + + + /** + * looks up the directive and returns true if it is a multi-element directive, + * and therefore requires DOM nodes between -start and -end markers to be grouped + * together. + * + * @param {string} name name of the directive to look up. + * @returns true if directive was registered as multi-element. + */ + function directiveIsMultiElement(name) { + if (hasDirectives.hasOwnProperty(name)) { + for (var directive, directives = $injector.get(name + Suffix), + i = 0, ii = directives.length; i < ii; i++) { + directive = directives[i]; + if (directive.multiElement) { + return true; + } + } + } + return false; + } + + /** + * When the element is replaced with HTML template then the new attributes + * on the template need to be merged with the existing attributes in the DOM. + * The desired effect is to have both of the attributes present. + * + * @param {object} dst destination attributes (original DOM) + * @param {object} src source attributes (from the directive template) + */ + function mergeTemplateAttributes(dst, src) { + var srcAttr = src.$attr, + dstAttr = dst.$attr; + + // reapply the old attributes to the new element + forEach(dst, function(value, key) { + if (key.charAt(0) !== '$') { + if (src[key] && src[key] !== value) { + if (value.length) { + value += (key === 'style' ? ';' : ' ') + src[key]; + } else { + value = src[key]; + } + } + dst.$set(key, value, true, srcAttr[key]); + } + }); + + // copy the new attributes on the old attrs object + forEach(src, function(value, key) { + // Check if we already set this attribute in the loop above. + // `dst` will never contain hasOwnProperty as DOM parser won't let it. + // You will get an "InvalidCharacterError: DOM Exception 5" error if you + // have an attribute like "has-own-property" or "data-has-own-property", etc. + if (!dst.hasOwnProperty(key) && key.charAt(0) !== '$') { + dst[key] = value; + + if (key !== 'class' && key !== 'style') { + dstAttr[key] = srcAttr[key]; + } + } + }); + } + + + function compileTemplateUrl(directives, $compileNode, tAttrs, + $rootElement, childTranscludeFn, preLinkFns, postLinkFns, previousCompileContext) { + var linkQueue = [], + afterTemplateNodeLinkFn, + afterTemplateChildLinkFn, + beforeTemplateCompileNode = $compileNode[0], + origAsyncDirective = directives.shift(), + derivedSyncDirective = inherit(origAsyncDirective, { + templateUrl: null, transclude: null, replace: null, $$originalDirective: origAsyncDirective + }), + templateUrl = (isFunction(origAsyncDirective.templateUrl)) + ? origAsyncDirective.templateUrl($compileNode, tAttrs) + : origAsyncDirective.templateUrl, + templateNamespace = origAsyncDirective.templateNamespace; + + $compileNode.empty(); + + $templateRequest(templateUrl) + .then(function(content) { + var compileNode, tempTemplateAttrs, $template, childBoundTranscludeFn; + + content = denormalizeTemplate(content); + + if (origAsyncDirective.replace) { + if (jqLiteIsTextNode(content)) { + $template = []; + } else { + $template = removeComments(wrapTemplate(templateNamespace, trim(content))); + } + compileNode = $template[0]; + + if ($template.length !== 1 || compileNode.nodeType !== NODE_TYPE_ELEMENT) { + throw $compileMinErr('tplrt', + 'Template for directive \'{0}\' must have exactly one root element. {1}', + origAsyncDirective.name, templateUrl); + } + + tempTemplateAttrs = {$attr: {}}; + replaceWith($rootElement, $compileNode, compileNode); + var templateDirectives = collectDirectives(compileNode, [], tempTemplateAttrs); + + if (isObject(origAsyncDirective.scope)) { + // the original directive that caused the template to be loaded async required + // an isolate scope + markDirectiveScope(templateDirectives, true); + } + directives = templateDirectives.concat(directives); + mergeTemplateAttributes(tAttrs, tempTemplateAttrs); + } else { + compileNode = beforeTemplateCompileNode; + $compileNode.html(content); + } + + directives.unshift(derivedSyncDirective); + + afterTemplateNodeLinkFn = applyDirectivesToNode(directives, compileNode, tAttrs, + childTranscludeFn, $compileNode, origAsyncDirective, preLinkFns, postLinkFns, + previousCompileContext); + forEach($rootElement, function(node, i) { + if (node === compileNode) { + $rootElement[i] = $compileNode[0]; + } + }); + afterTemplateChildLinkFn = compileNodes($compileNode[0].childNodes, childTranscludeFn); + + while (linkQueue.length) { + var scope = linkQueue.shift(), + beforeTemplateLinkNode = linkQueue.shift(), + linkRootElement = linkQueue.shift(), + boundTranscludeFn = linkQueue.shift(), + linkNode = $compileNode[0]; + + if (scope.$$destroyed) continue; + + if (beforeTemplateLinkNode !== beforeTemplateCompileNode) { + var oldClasses = beforeTemplateLinkNode.className; + + if (!(previousCompileContext.hasElementTranscludeDirective && + origAsyncDirective.replace)) { + // it was cloned therefore we have to clone as well. + linkNode = jqLiteClone(compileNode); + } + replaceWith(linkRootElement, jqLite(beforeTemplateLinkNode), linkNode); + + // Copy in CSS classes from original node + safeAddClass(jqLite(linkNode), oldClasses); + } + if (afterTemplateNodeLinkFn.transcludeOnThisElement) { + childBoundTranscludeFn = createBoundTranscludeFn(scope, afterTemplateNodeLinkFn.transclude, boundTranscludeFn); + } else { + childBoundTranscludeFn = boundTranscludeFn; + } + afterTemplateNodeLinkFn(afterTemplateChildLinkFn, scope, linkNode, $rootElement, + childBoundTranscludeFn); + } + linkQueue = null; + }).catch(function(error) { + if (error instanceof Error) { + $exceptionHandler(error); + } + }); + + return function delayedNodeLinkFn(ignoreChildLinkFn, scope, node, rootElement, boundTranscludeFn) { + var childBoundTranscludeFn = boundTranscludeFn; + if (scope.$$destroyed) return; + if (linkQueue) { + linkQueue.push(scope, + node, + rootElement, + childBoundTranscludeFn); + } else { + if (afterTemplateNodeLinkFn.transcludeOnThisElement) { + childBoundTranscludeFn = createBoundTranscludeFn(scope, afterTemplateNodeLinkFn.transclude, boundTranscludeFn); + } + afterTemplateNodeLinkFn(afterTemplateChildLinkFn, scope, node, rootElement, childBoundTranscludeFn); + } + }; + } + + + /** + * Sorting function for bound directives. + */ + function byPriority(a, b) { + var diff = b.priority - a.priority; + if (diff !== 0) return diff; + if (a.name !== b.name) return (a.name < b.name) ? -1 : 1; + return a.index - b.index; + } + + function assertNoDuplicate(what, previousDirective, directive, element) { + + function wrapModuleNameIfDefined(moduleName) { + return moduleName ? + (' (module: ' + moduleName + ')') : + ''; + } + + if (previousDirective) { + throw $compileMinErr('multidir', 'Multiple directives [{0}{1}, {2}{3}] asking for {4} on: {5}', + previousDirective.name, wrapModuleNameIfDefined(previousDirective.$$moduleName), + directive.name, wrapModuleNameIfDefined(directive.$$moduleName), what, startingTag(element)); + } + } + + + function addTextInterpolateDirective(directives, text) { + var interpolateFn = $interpolate(text, true); + if (interpolateFn) { + directives.push({ + priority: 0, + compile: function textInterpolateCompileFn(templateNode) { + var templateNodeParent = templateNode.parent(), + hasCompileParent = !!templateNodeParent.length; + + // When transcluding a template that has bindings in the root + // we don't have a parent and thus need to add the class during linking fn. + if (hasCompileParent) compile.$$addBindingClass(templateNodeParent); + + return function textInterpolateLinkFn(scope, node) { + var parent = node.parent(); + if (!hasCompileParent) compile.$$addBindingClass(parent); + compile.$$addBindingInfo(parent, interpolateFn.expressions); + scope.$watch(interpolateFn, function interpolateFnWatchAction(value) { + node[0].nodeValue = value; + }); + }; + } + }); + } + } + + + function wrapTemplate(type, template) { + type = lowercase(type || 'html'); + switch (type) { + case 'svg': + case 'math': + var wrapper = window.document.createElement('div'); + wrapper.innerHTML = '<' + type + '>' + template + ''; + return wrapper.childNodes[0].childNodes; + default: + return template; + } + } + + + function getTrustedContext(node, attrNormalizedName) { + if (attrNormalizedName === 'srcdoc') { + return $sce.HTML; + } + var tag = nodeName_(node); + // All tags with src attributes require a RESOURCE_URL value, except for + // img and various html5 media tags. + if (attrNormalizedName === 'src' || attrNormalizedName === 'ngSrc') { + if (['img', 'video', 'audio', 'source', 'track'].indexOf(tag) === -1) { + return $sce.RESOURCE_URL; + } + // maction[xlink:href] can source SVG. It's not limited to . + } else if (attrNormalizedName === 'xlinkHref' || + (tag === 'form' && attrNormalizedName === 'action') || + // links can be stylesheets or imports, which can run script in the current origin + (tag === 'link' && attrNormalizedName === 'href') + ) { + return $sce.RESOURCE_URL; + } + } + + + function addAttrInterpolateDirective(node, directives, value, name, isNgAttr) { + var trustedContext = getTrustedContext(node, name); + var mustHaveExpression = !isNgAttr; + var allOrNothing = ALL_OR_NOTHING_ATTRS[name] || isNgAttr; + + var interpolateFn = $interpolate(value, mustHaveExpression, trustedContext, allOrNothing); + + // no interpolation found -> ignore + if (!interpolateFn) return; + + if (name === 'multiple' && nodeName_(node) === 'select') { + throw $compileMinErr('selmulti', + 'Binding to the \'multiple\' attribute is not supported. Element: {0}', + startingTag(node)); + } + + if (EVENT_HANDLER_ATTR_REGEXP.test(name)) { + throw $compileMinErr('nodomevents', + 'Interpolations for HTML DOM event attributes are disallowed. Please use the ' + + 'ng- versions (such as ng-click instead of onclick) instead.'); + } + + directives.push({ + priority: 100, + compile: function() { + return { + pre: function attrInterpolatePreLinkFn(scope, element, attr) { + var $$observers = (attr.$$observers || (attr.$$observers = createMap())); + + // If the attribute has changed since last $interpolate()ed + var newValue = attr[name]; + if (newValue !== value) { + // we need to interpolate again since the attribute value has been updated + // (e.g. by another directive's compile function) + // ensure unset/empty values make interpolateFn falsy + interpolateFn = newValue && $interpolate(newValue, true, trustedContext, allOrNothing); + value = newValue; + } + + // if attribute was updated so that there is no interpolation going on we don't want to + // register any observers + if (!interpolateFn) return; + + // initialize attr object so that it's ready in case we need the value for isolate + // scope initialization, otherwise the value would not be available from isolate + // directive's linking fn during linking phase + attr[name] = interpolateFn(scope); + + ($$observers[name] || ($$observers[name] = [])).$$inter = true; + (attr.$$observers && attr.$$observers[name].$$scope || scope). + $watch(interpolateFn, function interpolateFnWatchAction(newValue, oldValue) { + //special case for class attribute addition + removal + //so that class changes can tap into the animation + //hooks provided by the $animate service. Be sure to + //skip animations when the first digest occurs (when + //both the new and the old values are the same) since + //the CSS classes are the non-interpolated values + if (name === 'class' && newValue !== oldValue) { + attr.$updateClass(newValue, oldValue); + } else { + attr.$set(name, newValue); + } + }); + } + }; + } + }); + } + + + /** + * This is a special jqLite.replaceWith, which can replace items which + * have no parents, provided that the containing jqLite collection is provided. + * + * @param {JqLite=} $rootElement The root of the compile tree. Used so that we can replace nodes + * in the root of the tree. + * @param {JqLite} elementsToRemove The jqLite element which we are going to replace. We keep + * the shell, but replace its DOM node reference. + * @param {Node} newNode The new DOM node. + */ + function replaceWith($rootElement, elementsToRemove, newNode) { + var firstElementToRemove = elementsToRemove[0], + removeCount = elementsToRemove.length, + parent = firstElementToRemove.parentNode, + i, ii; + + if ($rootElement) { + for (i = 0, ii = $rootElement.length; i < ii; i++) { + if ($rootElement[i] === firstElementToRemove) { + $rootElement[i++] = newNode; + for (var j = i, j2 = j + removeCount - 1, + jj = $rootElement.length; + j < jj; j++, j2++) { + if (j2 < jj) { + $rootElement[j] = $rootElement[j2]; + } else { + delete $rootElement[j]; + } + } + $rootElement.length -= removeCount - 1; + + // If the replaced element is also the jQuery .context then replace it + // .context is a deprecated jQuery api, so we should set it only when jQuery set it + // http://api.jquery.com/context/ + if ($rootElement.context === firstElementToRemove) { + $rootElement.context = newNode; + } + break; + } + } + } + + if (parent) { + parent.replaceChild(newNode, firstElementToRemove); + } + + // Append all the `elementsToRemove` to a fragment. This will... + // - remove them from the DOM + // - allow them to still be traversed with .nextSibling + // - allow a single fragment.qSA to fetch all elements being removed + var fragment = window.document.createDocumentFragment(); + for (i = 0; i < removeCount; i++) { + fragment.appendChild(elementsToRemove[i]); + } + + if (jqLite.hasData(firstElementToRemove)) { + // Copy over user data (that includes Angular's $scope etc.). Don't copy private + // data here because there's no public interface in jQuery to do that and copying over + // event listeners (which is the main use of private data) wouldn't work anyway. + jqLite.data(newNode, jqLite.data(firstElementToRemove)); + + // Remove $destroy event listeners from `firstElementToRemove` + jqLite(firstElementToRemove).off('$destroy'); + } + + // Cleanup any data/listeners on the elements and children. + // This includes invoking the $destroy event on any elements with listeners. + jqLite.cleanData(fragment.querySelectorAll('*')); + + // Update the jqLite collection to only contain the `newNode` + for (i = 1; i < removeCount; i++) { + delete elementsToRemove[i]; + } + elementsToRemove[0] = newNode; + elementsToRemove.length = 1; + } + + + function cloneAndAnnotateFn(fn, annotation) { + return extend(function() { return fn.apply(null, arguments); }, fn, annotation); + } + + + function invokeLinkFn(linkFn, scope, $element, attrs, controllers, transcludeFn) { + try { + linkFn(scope, $element, attrs, controllers, transcludeFn); + } catch (e) { + $exceptionHandler(e, startingTag($element)); + } + } + + + // Set up $watches for isolate scope and controller bindings. + function initializeDirectiveBindings(scope, attrs, destination, bindings, directive) { + var removeWatchCollection = []; + var initialChanges = {}; + var changes; + forEach(bindings, function initializeBinding(definition, scopeName) { + var attrName = definition.attrName, + optional = definition.optional, + mode = definition.mode, // @, =, <, or & + lastValue, + parentGet, parentSet, compare, removeWatch; + + switch (mode) { + + case '@': + if (!optional && !hasOwnProperty.call(attrs, attrName)) { + destination[scopeName] = attrs[attrName] = undefined; + } + removeWatch = attrs.$observe(attrName, function(value) { + if (isString(value) || isBoolean(value)) { + var oldValue = destination[scopeName]; + recordChanges(scopeName, value, oldValue); + destination[scopeName] = value; + } + }); + attrs.$$observers[attrName].$$scope = scope; + lastValue = attrs[attrName]; + if (isString(lastValue)) { + // If the attribute has been provided then we trigger an interpolation to ensure + // the value is there for use in the link fn + destination[scopeName] = $interpolate(lastValue)(scope); + } else if (isBoolean(lastValue)) { + // If the attributes is one of the BOOLEAN_ATTR then Angular will have converted + // the value to boolean rather than a string, so we special case this situation + destination[scopeName] = lastValue; + } + initialChanges[scopeName] = new SimpleChange(_UNINITIALIZED_VALUE, destination[scopeName]); + removeWatchCollection.push(removeWatch); + break; + + case '=': + if (!hasOwnProperty.call(attrs, attrName)) { + if (optional) break; + attrs[attrName] = undefined; + } + if (optional && !attrs[attrName]) break; + + parentGet = $parse(attrs[attrName]); + if (parentGet.literal) { + compare = equals; + } else { + compare = simpleCompare; + } + parentSet = parentGet.assign || function() { + // reset the change, or we will throw this exception on every $digest + lastValue = destination[scopeName] = parentGet(scope); + throw $compileMinErr('nonassign', + 'Expression \'{0}\' in attribute \'{1}\' used with directive \'{2}\' is non-assignable!', + attrs[attrName], attrName, directive.name); + }; + lastValue = destination[scopeName] = parentGet(scope); + var parentValueWatch = function parentValueWatch(parentValue) { + if (!compare(parentValue, destination[scopeName])) { + // we are out of sync and need to copy + if (!compare(parentValue, lastValue)) { + // parent changed and it has precedence + destination[scopeName] = parentValue; + } else { + // if the parent can be assigned then do so + parentSet(scope, parentValue = destination[scopeName]); + } + } + lastValue = parentValue; + return lastValue; + }; + parentValueWatch.$stateful = true; + if (definition.collection) { + removeWatch = scope.$watchCollection(attrs[attrName], parentValueWatch); + } else { + removeWatch = scope.$watch($parse(attrs[attrName], parentValueWatch), null, parentGet.literal); + } + removeWatchCollection.push(removeWatch); + break; + + case '<': + if (!hasOwnProperty.call(attrs, attrName)) { + if (optional) break; + attrs[attrName] = undefined; + } + if (optional && !attrs[attrName]) break; + + parentGet = $parse(attrs[attrName]); + var deepWatch = parentGet.literal; + + var initialValue = destination[scopeName] = parentGet(scope); + initialChanges[scopeName] = new SimpleChange(_UNINITIALIZED_VALUE, destination[scopeName]); + + removeWatch = scope.$watch(parentGet, function parentValueWatchAction(newValue, oldValue) { + if (oldValue === newValue) { + if (oldValue === initialValue || (deepWatch && equals(oldValue, initialValue))) { + return; + } + oldValue = initialValue; + } + recordChanges(scopeName, newValue, oldValue); + destination[scopeName] = newValue; + }, deepWatch); + + removeWatchCollection.push(removeWatch); + break; + + case '&': + // Don't assign Object.prototype method to scope + parentGet = attrs.hasOwnProperty(attrName) ? $parse(attrs[attrName]) : noop; + + // Don't assign noop to destination if expression is not valid + if (parentGet === noop && optional) break; + + destination[scopeName] = function(locals) { + return parentGet(scope, locals); + }; + break; + } + }); + + function recordChanges(key, currentValue, previousValue) { + if (isFunction(destination.$onChanges) && !simpleCompare(currentValue, previousValue)) { + // If we have not already scheduled the top level onChangesQueue handler then do so now + if (!onChangesQueue) { + scope.$$postDigest(flushOnChangesQueue); + onChangesQueue = []; + } + // If we have not already queued a trigger of onChanges for this controller then do so now + if (!changes) { + changes = {}; + onChangesQueue.push(triggerOnChangesHook); + } + // If the has been a change on this property already then we need to reuse the previous value + if (changes[key]) { + previousValue = changes[key].previousValue; + } + // Store this change + changes[key] = new SimpleChange(previousValue, currentValue); + } + } + + function triggerOnChangesHook() { + destination.$onChanges(changes); + // Now clear the changes so that we schedule onChanges when more changes arrive + changes = undefined; + } + + return { + initialChanges: initialChanges, + removeWatches: removeWatchCollection.length && function removeWatches() { + for (var i = 0, ii = removeWatchCollection.length; i < ii; ++i) { + removeWatchCollection[i](); + } + } + }; + } + }]; +} + +function SimpleChange(previous, current) { + this.previousValue = previous; + this.currentValue = current; +} +SimpleChange.prototype.isFirstChange = function() { return this.previousValue === _UNINITIALIZED_VALUE; }; + + +var PREFIX_REGEXP = /^((?:x|data)[:\-_])/i; +var SPECIAL_CHARS_REGEXP = /[:\-_]+(.)/g; + +/** + * Converts all accepted directives format into proper directive name. + * @param name Name to normalize + */ +function directiveNormalize(name) { + return name + .replace(PREFIX_REGEXP, '') + .replace(SPECIAL_CHARS_REGEXP, fnCamelCaseReplace); +} + +/** + * @ngdoc type + * @name $compile.directive.Attributes + * + * @description + * A shared object between directive compile / linking functions which contains normalized DOM + * element attributes. The values reflect current binding state `{{ }}`. The normalization is + * needed since all of these are treated as equivalent in Angular: + * + * ``` + * + * ``` + */ + +/** + * @ngdoc property + * @name $compile.directive.Attributes#$attr + * + * @description + * A map of DOM element attribute names to the normalized name. This is + * needed to do reverse lookup from normalized name back to actual name. + */ + + +/** + * @ngdoc method + * @name $compile.directive.Attributes#$set + * @kind function + * + * @description + * Set DOM element attribute value. + * + * + * @param {string} name Normalized element attribute name of the property to modify. The name is + * reverse-translated using the {@link ng.$compile.directive.Attributes#$attr $attr} + * property to the original name. + * @param {string} value Value to set the attribute to. The value can be an interpolated string. + */ + + + +/** + * Closure compiler type information + */ + +function nodesetLinkingFn( + /* angular.Scope */ scope, + /* NodeList */ nodeList, + /* Element */ rootElement, + /* function(Function) */ boundTranscludeFn +) {} + +function directiveLinkingFn( + /* nodesetLinkingFn */ nodesetLinkingFn, + /* angular.Scope */ scope, + /* Node */ node, + /* Element */ rootElement, + /* function(Function) */ boundTranscludeFn +) {} + +function tokenDifference(str1, str2) { + var values = '', + tokens1 = str1.split(/\s+/), + tokens2 = str2.split(/\s+/); + + outer: + for (var i = 0; i < tokens1.length; i++) { + var token = tokens1[i]; + for (var j = 0; j < tokens2.length; j++) { + if (token === tokens2[j]) continue outer; + } + values += (values.length > 0 ? ' ' : '') + token; + } + return values; +} + +function removeComments(jqNodes) { + jqNodes = jqLite(jqNodes); + var i = jqNodes.length; + + if (i <= 1) { + return jqNodes; + } + + while (i--) { + var node = jqNodes[i]; + if (node.nodeType === NODE_TYPE_COMMENT || + (node.nodeType === NODE_TYPE_TEXT && node.nodeValue.trim() === '')) { + splice.call(jqNodes, i, 1); + } + } + return jqNodes; +} + +var $controllerMinErr = minErr('$controller'); + + +var CNTRL_REG = /^(\S+)(\s+as\s+([\w$]+))?$/; +function identifierForController(controller, ident) { + if (ident && isString(ident)) return ident; + if (isString(controller)) { + var match = CNTRL_REG.exec(controller); + if (match) return match[3]; + } +} + + +/** + * @ngdoc provider + * @name $controllerProvider + * @this + * + * @description + * The {@link ng.$controller $controller service} is used by Angular to create new + * controllers. + * + * This provider allows controller registration via the + * {@link ng.$controllerProvider#register register} method. + */ +function $ControllerProvider() { + var controllers = {}, + globals = false; + + /** + * @ngdoc method + * @name $controllerProvider#has + * @param {string} name Controller name to check. + */ + this.has = function(name) { + return controllers.hasOwnProperty(name); + }; + + /** + * @ngdoc method + * @name $controllerProvider#register + * @param {string|Object} name Controller name, or an object map of controllers where the keys are + * the names and the values are the constructors. + * @param {Function|Array} constructor Controller constructor fn (optionally decorated with DI + * annotations in the array notation). + */ + this.register = function(name, constructor) { + assertNotHasOwnProperty(name, 'controller'); + if (isObject(name)) { + extend(controllers, name); + } else { + controllers[name] = constructor; + } + }; + + /** + * @ngdoc method + * @name $controllerProvider#allowGlobals + * @description If called, allows `$controller` to find controller constructors on `window` + * + * @deprecated + * sinceVersion="v1.3.0" + * removeVersion="v1.7.0" + * This method of finding controllers has been deprecated. + */ + this.allowGlobals = function() { + globals = true; + }; + + + this.$get = ['$injector', '$window', function($injector, $window) { + + /** + * @ngdoc service + * @name $controller + * @requires $injector + * + * @param {Function|string} constructor If called with a function then it's considered to be the + * controller constructor function. Otherwise it's considered to be a string which is used + * to retrieve the controller constructor using the following steps: + * + * * check if a controller with given name is registered via `$controllerProvider` + * * check if evaluating the string on the current scope returns a constructor + * * if $controllerProvider#allowGlobals, check `window[constructor]` on the global + * `window` object (deprecated, not recommended) + * + * The string can use the `controller as property` syntax, where the controller instance is published + * as the specified property on the `scope`; the `scope` must be injected into `locals` param for this + * to work correctly. + * + * @param {Object} locals Injection locals for Controller. + * @return {Object} Instance of given controller. + * + * @description + * `$controller` service is responsible for instantiating controllers. + * + * It's just a simple call to {@link auto.$injector $injector}, but extracted into + * a service, so that one can override this service with [BC version](https://gist.github.com/1649788). + */ + return function $controller(expression, locals, later, ident) { + // PRIVATE API: + // param `later` --- indicates that the controller's constructor is invoked at a later time. + // If true, $controller will allocate the object with the correct + // prototype chain, but will not invoke the controller until a returned + // callback is invoked. + // param `ident` --- An optional label which overrides the label parsed from the controller + // expression, if any. + var instance, match, constructor, identifier; + later = later === true; + if (ident && isString(ident)) { + identifier = ident; + } + + if (isString(expression)) { + match = expression.match(CNTRL_REG); + if (!match) { + throw $controllerMinErr('ctrlfmt', + 'Badly formed controller string \'{0}\'. ' + + 'Must match `__name__ as __id__` or `__name__`.', expression); + } + constructor = match[1]; + identifier = identifier || match[3]; + expression = controllers.hasOwnProperty(constructor) + ? controllers[constructor] + : getter(locals.$scope, constructor, true) || + (globals ? getter($window, constructor, true) : undefined); + + if (!expression) { + throw $controllerMinErr('ctrlreg', + 'The controller with the name \'{0}\' is not registered.', constructor); + } + + assertArgFn(expression, constructor, true); + } + + if (later) { + // Instantiate controller later: + // This machinery is used to create an instance of the object before calling the + // controller's constructor itself. + // + // This allows properties to be added to the controller before the constructor is + // invoked. Primarily, this is used for isolate scope bindings in $compile. + // + // This feature is not intended for use by applications, and is thus not documented + // publicly. + // Object creation: http://jsperf.com/create-constructor/2 + var controllerPrototype = (isArray(expression) ? + expression[expression.length - 1] : expression).prototype; + instance = Object.create(controllerPrototype || null); + + if (identifier) { + addIdentifier(locals, identifier, instance, constructor || expression.name); + } + + return extend(function $controllerInit() { + var result = $injector.invoke(expression, instance, locals, constructor); + if (result !== instance && (isObject(result) || isFunction(result))) { + instance = result; + if (identifier) { + // If result changed, re-assign controllerAs value to scope. + addIdentifier(locals, identifier, instance, constructor || expression.name); + } + } + return instance; + }, { + instance: instance, + identifier: identifier + }); + } + + instance = $injector.instantiate(expression, locals, constructor); + + if (identifier) { + addIdentifier(locals, identifier, instance, constructor || expression.name); + } + + return instance; + }; + + function addIdentifier(locals, identifier, instance, name) { + if (!(locals && isObject(locals.$scope))) { + throw minErr('$controller')('noscp', + 'Cannot export controller \'{0}\' as \'{1}\'! No $scope object provided via `locals`.', + name, identifier); + } + + locals.$scope[identifier] = instance; + } + }]; +} + +/** + * @ngdoc service + * @name $document + * @requires $window + * @this + * + * @description + * A {@link angular.element jQuery or jqLite} wrapper for the browser's `window.document` object. + * + * @example + + +
    +

    $document title:

    +

    window.document title:

    +
    +
    + + angular.module('documentExample', []) + .controller('ExampleController', ['$scope', '$document', function($scope, $document) { + $scope.title = $document[0].title; + $scope.windowTitle = angular.element(window.document)[0].title; + }]); + +
    + */ +function $DocumentProvider() { + this.$get = ['$window', function(window) { + return jqLite(window.document); + }]; +} + + +/** + * @private + * @this + * Listens for document visibility change and makes the current status accessible. + */ +function $$IsDocumentHiddenProvider() { + this.$get = ['$document', '$rootScope', function($document, $rootScope) { + var doc = $document[0]; + var hidden = doc && doc.hidden; + + $document.on('visibilitychange', changeListener); + + $rootScope.$on('$destroy', function() { + $document.off('visibilitychange', changeListener); + }); + + function changeListener() { + hidden = doc.hidden; + } + + return function() { + return hidden; + }; + }]; +} + +/** + * @ngdoc service + * @name $exceptionHandler + * @requires ng.$log + * @this + * + * @description + * Any uncaught exception in angular expressions is delegated to this service. + * The default implementation simply delegates to `$log.error` which logs it into + * the browser console. + * + * In unit tests, if `angular-mocks.js` is loaded, this service is overridden by + * {@link ngMock.$exceptionHandler mock $exceptionHandler} which aids in testing. + * + * ## Example: + * + * The example below will overwrite the default `$exceptionHandler` in order to (a) log uncaught + * errors to the backend for later inspection by the developers and (b) to use `$log.warn()` instead + * of `$log.error()`. + * + * ```js + * angular. + * module('exceptionOverwrite', []). + * factory('$exceptionHandler', ['$log', 'logErrorsToBackend', function($log, logErrorsToBackend) { + * return function myExceptionHandler(exception, cause) { + * logErrorsToBackend(exception, cause); + * $log.warn(exception, cause); + * }; + * }]); + * ``` + * + *
    + * Note, that code executed in event-listeners (even those registered using jqLite's `on`/`bind` + * methods) does not delegate exceptions to the {@link ng.$exceptionHandler $exceptionHandler} + * (unless executed during a digest). + * + * If you wish, you can manually delegate exceptions, e.g. + * `try { ... } catch(e) { $exceptionHandler(e); }` + * + * @param {Error} exception Exception associated with the error. + * @param {string=} cause Optional information about the context in which + * the error was thrown. + * + */ +function $ExceptionHandlerProvider() { + this.$get = ['$log', function($log) { + return function(exception, cause) { + $log.error.apply($log, arguments); + }; + }]; +} + +var $$ForceReflowProvider = /** @this */ function() { + this.$get = ['$document', function($document) { + return function(domNode) { + //the line below will force the browser to perform a repaint so + //that all the animated elements within the animation frame will + //be properly updated and drawn on screen. This is required to + //ensure that the preparation animation is properly flushed so that + //the active state picks up from there. DO NOT REMOVE THIS LINE. + //DO NOT OPTIMIZE THIS LINE. THE MINIFIER WILL REMOVE IT OTHERWISE WHICH + //WILL RESULT IN AN UNPREDICTABLE BUG THAT IS VERY HARD TO TRACK DOWN AND + //WILL TAKE YEARS AWAY FROM YOUR LIFE. + if (domNode) { + if (!domNode.nodeType && domNode instanceof jqLite) { + domNode = domNode[0]; + } + } else { + domNode = $document[0].body; + } + return domNode.offsetWidth + 1; + }; + }]; +}; + +var APPLICATION_JSON = 'application/json'; +var CONTENT_TYPE_APPLICATION_JSON = {'Content-Type': APPLICATION_JSON + ';charset=utf-8'}; +var JSON_START = /^\[|^\{(?!\{)/; +var JSON_ENDS = { + '[': /]$/, + '{': /}$/ +}; +var JSON_PROTECTION_PREFIX = /^\)]\}',?\n/; +var $httpMinErr = minErr('$http'); + +function serializeValue(v) { + if (isObject(v)) { + return isDate(v) ? v.toISOString() : toJson(v); + } + return v; +} + + +/** @this */ +function $HttpParamSerializerProvider() { + /** + * @ngdoc service + * @name $httpParamSerializer + * @description + * + * Default {@link $http `$http`} params serializer that converts objects to strings + * according to the following rules: + * + * * `{'foo': 'bar'}` results in `foo=bar` + * * `{'foo': Date.now()}` results in `foo=2015-04-01T09%3A50%3A49.262Z` (`toISOString()` and encoded representation of a Date object) + * * `{'foo': ['bar', 'baz']}` results in `foo=bar&foo=baz` (repeated key for each array element) + * * `{'foo': {'bar':'baz'}}` results in `foo=%7B%22bar%22%3A%22baz%22%7D` (stringified and encoded representation of an object) + * + * Note that serializer will sort the request parameters alphabetically. + * */ + + this.$get = function() { + return function ngParamSerializer(params) { + if (!params) return ''; + var parts = []; + forEachSorted(params, function(value, key) { + if (value === null || isUndefined(value)) return; + if (isArray(value)) { + forEach(value, function(v) { + parts.push(encodeUriQuery(key) + '=' + encodeUriQuery(serializeValue(v))); + }); + } else { + parts.push(encodeUriQuery(key) + '=' + encodeUriQuery(serializeValue(value))); + } + }); + + return parts.join('&'); + }; + }; +} + +/** @this */ +function $HttpParamSerializerJQLikeProvider() { + /** + * @ngdoc service + * @name $httpParamSerializerJQLike + * + * @description + * + * Alternative {@link $http `$http`} params serializer that follows + * jQuery's [`param()`](http://api.jquery.com/jquery.param/) method logic. + * The serializer will also sort the params alphabetically. + * + * To use it for serializing `$http` request parameters, set it as the `paramSerializer` property: + * + * ```js + * $http({ + * url: myUrl, + * method: 'GET', + * params: myParams, + * paramSerializer: '$httpParamSerializerJQLike' + * }); + * ``` + * + * It is also possible to set it as the default `paramSerializer` in the + * {@link $httpProvider#defaults `$httpProvider`}. + * + * Additionally, you can inject the serializer and use it explicitly, for example to serialize + * form data for submission: + * + * ```js + * .controller(function($http, $httpParamSerializerJQLike) { + * //... + * + * $http({ + * url: myUrl, + * method: 'POST', + * data: $httpParamSerializerJQLike(myData), + * headers: { + * 'Content-Type': 'application/x-www-form-urlencoded' + * } + * }); + * + * }); + * ``` + * + * */ + this.$get = function() { + return function jQueryLikeParamSerializer(params) { + if (!params) return ''; + var parts = []; + serialize(params, '', true); + return parts.join('&'); + + function serialize(toSerialize, prefix, topLevel) { + if (toSerialize === null || isUndefined(toSerialize)) return; + if (isArray(toSerialize)) { + forEach(toSerialize, function(value, index) { + serialize(value, prefix + '[' + (isObject(value) ? index : '') + ']'); + }); + } else if (isObject(toSerialize) && !isDate(toSerialize)) { + forEachSorted(toSerialize, function(value, key) { + serialize(value, prefix + + (topLevel ? '' : '[') + + key + + (topLevel ? '' : ']')); + }); + } else { + parts.push(encodeUriQuery(prefix) + '=' + encodeUriQuery(serializeValue(toSerialize))); + } + } + }; + }; +} + +function defaultHttpResponseTransform(data, headers) { + if (isString(data)) { + // Strip json vulnerability protection prefix and trim whitespace + var tempData = data.replace(JSON_PROTECTION_PREFIX, '').trim(); + + if (tempData) { + var contentType = headers('Content-Type'); + if ((contentType && (contentType.indexOf(APPLICATION_JSON) === 0)) || isJsonLike(tempData)) { + try { + data = fromJson(tempData); + } catch (e) { + throw $httpMinErr('baddata', 'Data must be a valid JSON object. Received: "{0}". ' + + 'Parse error: "{1}"', data, e); + } + } + } + } + + return data; +} + +function isJsonLike(str) { + var jsonStart = str.match(JSON_START); + return jsonStart && JSON_ENDS[jsonStart[0]].test(str); +} + +/** + * Parse headers into key value object + * + * @param {string} headers Raw headers as a string + * @returns {Object} Parsed headers as key value object + */ +function parseHeaders(headers) { + var parsed = createMap(), i; + + function fillInParsed(key, val) { + if (key) { + parsed[key] = parsed[key] ? parsed[key] + ', ' + val : val; + } + } + + if (isString(headers)) { + forEach(headers.split('\n'), function(line) { + i = line.indexOf(':'); + fillInParsed(lowercase(trim(line.substr(0, i))), trim(line.substr(i + 1))); + }); + } else if (isObject(headers)) { + forEach(headers, function(headerVal, headerKey) { + fillInParsed(lowercase(headerKey), trim(headerVal)); + }); + } + + return parsed; +} + + +/** + * Returns a function that provides access to parsed headers. + * + * Headers are lazy parsed when first requested. + * @see parseHeaders + * + * @param {(string|Object)} headers Headers to provide access to. + * @returns {function(string=)} Returns a getter function which if called with: + * + * - if called with an argument returns a single header value or null + * - if called with no arguments returns an object containing all headers. + */ +function headersGetter(headers) { + var headersObj; + + return function(name) { + if (!headersObj) headersObj = parseHeaders(headers); + + if (name) { + var value = headersObj[lowercase(name)]; + if (value === undefined) { + value = null; + } + return value; + } + + return headersObj; + }; +} + + +/** + * Chain all given functions + * + * This function is used for both request and response transforming + * + * @param {*} data Data to transform. + * @param {function(string=)} headers HTTP headers getter fn. + * @param {number} status HTTP status code of the response. + * @param {(Function|Array.)} fns Function or an array of functions. + * @returns {*} Transformed data. + */ +function transformData(data, headers, status, fns) { + if (isFunction(fns)) { + return fns(data, headers, status); + } + + forEach(fns, function(fn) { + data = fn(data, headers, status); + }); + + return data; +} + + +function isSuccess(status) { + return 200 <= status && status < 300; +} + + +/** + * @ngdoc provider + * @name $httpProvider + * @this + * + * @description + * Use `$httpProvider` to change the default behavior of the {@link ng.$http $http} service. + * */ +function $HttpProvider() { + /** + * @ngdoc property + * @name $httpProvider#defaults + * @description + * + * Object containing default values for all {@link ng.$http $http} requests. + * + * - **`defaults.cache`** - {boolean|Object} - A boolean value or object created with + * {@link ng.$cacheFactory `$cacheFactory`} to enable or disable caching of HTTP responses + * by default. See {@link $http#caching $http Caching} for more information. + * + * - **`defaults.xsrfCookieName`** - {string} - Name of cookie containing the XSRF token. + * Defaults value is `'XSRF-TOKEN'`. + * + * - **`defaults.xsrfHeaderName`** - {string} - Name of HTTP header to populate with the + * XSRF token. Defaults value is `'X-XSRF-TOKEN'`. + * + * - **`defaults.headers`** - {Object} - Default headers for all $http requests. + * Refer to {@link ng.$http#setting-http-headers $http} for documentation on + * setting default headers. + * - **`defaults.headers.common`** + * - **`defaults.headers.post`** + * - **`defaults.headers.put`** + * - **`defaults.headers.patch`** + * + * + * - **`defaults.paramSerializer`** - `{string|function(Object):string}` - A function + * used to the prepare string representation of request parameters (specified as an object). + * If specified as string, it is interpreted as a function registered with the {@link auto.$injector $injector}. + * Defaults to {@link ng.$httpParamSerializer $httpParamSerializer}. + * + * - **`defaults.jsonpCallbackParam`** - `{string}` - the name of the query parameter that passes the name of the + * callback in a JSONP request. The value of this parameter will be replaced with the expression generated by the + * {@link $jsonpCallbacks} service. Defaults to `'callback'`. + * + **/ + var defaults = this.defaults = { + // transform incoming response data + transformResponse: [defaultHttpResponseTransform], + + // transform outgoing request data + transformRequest: [function(d) { + return isObject(d) && !isFile(d) && !isBlob(d) && !isFormData(d) ? toJson(d) : d; + }], + + // default headers + headers: { + common: { + 'Accept': 'application/json, text/plain, */*' + }, + post: shallowCopy(CONTENT_TYPE_APPLICATION_JSON), + put: shallowCopy(CONTENT_TYPE_APPLICATION_JSON), + patch: shallowCopy(CONTENT_TYPE_APPLICATION_JSON) + }, + + xsrfCookieName: 'XSRF-TOKEN', + xsrfHeaderName: 'X-XSRF-TOKEN', + + paramSerializer: '$httpParamSerializer', + + jsonpCallbackParam: 'callback' + }; + + var useApplyAsync = false; + /** + * @ngdoc method + * @name $httpProvider#useApplyAsync + * @description + * + * Configure $http service to combine processing of multiple http responses received at around + * the same time via {@link ng.$rootScope.Scope#$applyAsync $rootScope.$applyAsync}. This can result in + * significant performance improvement for bigger applications that make many HTTP requests + * concurrently (common during application bootstrap). + * + * Defaults to false. If no value is specified, returns the current configured value. + * + * @param {boolean=} value If true, when requests are loaded, they will schedule a deferred + * "apply" on the next tick, giving time for subsequent requests in a roughly ~10ms window + * to load and share the same digest cycle. + * + * @returns {boolean|Object} If a value is specified, returns the $httpProvider for chaining. + * otherwise, returns the current configured value. + **/ + this.useApplyAsync = function(value) { + if (isDefined(value)) { + useApplyAsync = !!value; + return this; + } + return useApplyAsync; + }; + + /** + * @ngdoc property + * @name $httpProvider#interceptors + * @description + * + * Array containing service factories for all synchronous or asynchronous {@link ng.$http $http} + * pre-processing of request or postprocessing of responses. + * + * These service factories are ordered by request, i.e. they are applied in the same order as the + * array, on request, but reverse order, on response. + * + * {@link ng.$http#interceptors Interceptors detailed info} + **/ + var interceptorFactories = this.interceptors = []; + + this.$get = ['$browser', '$httpBackend', '$$cookieReader', '$cacheFactory', '$rootScope', '$q', '$injector', '$sce', + function($browser, $httpBackend, $$cookieReader, $cacheFactory, $rootScope, $q, $injector, $sce) { + + var defaultCache = $cacheFactory('$http'); + + /** + * Make sure that default param serializer is exposed as a function + */ + defaults.paramSerializer = isString(defaults.paramSerializer) ? + $injector.get(defaults.paramSerializer) : defaults.paramSerializer; + + /** + * Interceptors stored in reverse order. Inner interceptors before outer interceptors. + * The reversal is needed so that we can build up the interception chain around the + * server request. + */ + var reversedInterceptors = []; + + forEach(interceptorFactories, function(interceptorFactory) { + reversedInterceptors.unshift(isString(interceptorFactory) + ? $injector.get(interceptorFactory) : $injector.invoke(interceptorFactory)); + }); + + /** + * @ngdoc service + * @kind function + * @name $http + * @requires ng.$httpBackend + * @requires $cacheFactory + * @requires $rootScope + * @requires $q + * @requires $injector + * + * @description + * The `$http` service is a core Angular service that facilitates communication with the remote + * HTTP servers via the browser's [XMLHttpRequest](https://developer.mozilla.org/en/xmlhttprequest) + * object or via [JSONP](http://en.wikipedia.org/wiki/JSONP). + * + * For unit testing applications that use `$http` service, see + * {@link ngMock.$httpBackend $httpBackend mock}. + * + * For a higher level of abstraction, please check out the {@link ngResource.$resource + * $resource} service. + * + * The $http API is based on the {@link ng.$q deferred/promise APIs} exposed by + * the $q service. While for simple usage patterns this doesn't matter much, for advanced usage + * it is important to familiarize yourself with these APIs and the guarantees they provide. + * + * + * ## General usage + * The `$http` service is a function which takes a single argument — a {@link $http#usage configuration object} — + * that is used to generate an HTTP request and returns a {@link ng.$q promise}. + * + * ```js + * // Simple GET request example: + * $http({ + * method: 'GET', + * url: '/someUrl' + * }).then(function successCallback(response) { + * // this callback will be called asynchronously + * // when the response is available + * }, function errorCallback(response) { + * // called asynchronously if an error occurs + * // or server returns response with an error status. + * }); + * ``` + * + * The response object has these properties: + * + * - **data** – `{string|Object}` – The response body transformed with the transform + * functions. + * - **status** – `{number}` – HTTP status code of the response. + * - **headers** – `{function([headerName])}` – Header getter function. + * - **config** – `{Object}` – The configuration object that was used to generate the request. + * - **statusText** – `{string}` – HTTP status text of the response. + * + * A response status code between 200 and 299 is considered a success status and will result in + * the success callback being called. Any response status code outside of that range is + * considered an error status and will result in the error callback being called. + * Also, status codes less than -1 are normalized to zero. -1 usually means the request was + * aborted, e.g. using a `config.timeout`. + * Note that if the response is a redirect, XMLHttpRequest will transparently follow it, meaning + * that the outcome (success or error) will be determined by the final response status code. + * + * + * ## Shortcut methods + * + * Shortcut methods are also available. All shortcut methods require passing in the URL, and + * request data must be passed in for POST/PUT requests. An optional config can be passed as the + * last argument. + * + * ```js + * $http.get('/someUrl', config).then(successCallback, errorCallback); + * $http.post('/someUrl', data, config).then(successCallback, errorCallback); + * ``` + * + * Complete list of shortcut methods: + * + * - {@link ng.$http#get $http.get} + * - {@link ng.$http#head $http.head} + * - {@link ng.$http#post $http.post} + * - {@link ng.$http#put $http.put} + * - {@link ng.$http#delete $http.delete} + * - {@link ng.$http#jsonp $http.jsonp} + * - {@link ng.$http#patch $http.patch} + * + * + * ## Writing Unit Tests that use $http + * When unit testing (using {@link ngMock ngMock}), it is necessary to call + * {@link ngMock.$httpBackend#flush $httpBackend.flush()} to flush each pending + * request using trained responses. + * + * ``` + * $httpBackend.expectGET(...); + * $http.get(...); + * $httpBackend.flush(); + * ``` + * + * ## Setting HTTP Headers + * + * The $http service will automatically add certain HTTP headers to all requests. These defaults + * can be fully configured by accessing the `$httpProvider.defaults.headers` configuration + * object, which currently contains this default configuration: + * + * - `$httpProvider.defaults.headers.common` (headers that are common for all requests): + * - Accept: application/json, text/plain, \*/\* + * - `$httpProvider.defaults.headers.post`: (header defaults for POST requests) + * - `Content-Type: application/json` + * - `$httpProvider.defaults.headers.put` (header defaults for PUT requests) + * - `Content-Type: application/json` + * + * To add or overwrite these defaults, simply add or remove a property from these configuration + * objects. To add headers for an HTTP method other than POST or PUT, simply add a new object + * with the lowercased HTTP method name as the key, e.g. + * `$httpProvider.defaults.headers.get = { 'My-Header' : 'value' }`. + * + * The defaults can also be set at runtime via the `$http.defaults` object in the same + * fashion. For example: + * + * ``` + * module.run(function($http) { + * $http.defaults.headers.common.Authorization = 'Basic YmVlcDpib29w'; + * }); + * ``` + * + * In addition, you can supply a `headers` property in the config object passed when + * calling `$http(config)`, which overrides the defaults without changing them globally. + * + * To explicitly remove a header automatically added via $httpProvider.defaults.headers on a per request basis, + * Use the `headers` property, setting the desired header to `undefined`. For example: + * + * ```js + * var req = { + * method: 'POST', + * url: 'http://example.com', + * headers: { + * 'Content-Type': undefined + * }, + * data: { test: 'test' } + * } + * + * $http(req).then(function(){...}, function(){...}); + * ``` + * + * ## Transforming Requests and Responses + * + * Both requests and responses can be transformed using transformation functions: `transformRequest` + * and `transformResponse`. These properties can be a single function that returns + * the transformed value (`function(data, headersGetter, status)`) or an array of such transformation functions, + * which allows you to `push` or `unshift` a new transformation function into the transformation chain. + * + *
    + * **Note:** Angular does not make a copy of the `data` parameter before it is passed into the `transformRequest` pipeline. + * That means changes to the properties of `data` are not local to the transform function (since Javascript passes objects by reference). + * For example, when calling `$http.get(url, $scope.myObject)`, modifications to the object's properties in a transformRequest + * function will be reflected on the scope and in any templates where the object is data-bound. + * To prevent this, transform functions should have no side-effects. + * If you need to modify properties, it is recommended to make a copy of the data, or create new object to return. + *
    + * + * ### Default Transformations + * + * The `$httpProvider` provider and `$http` service expose `defaults.transformRequest` and + * `defaults.transformResponse` properties. If a request does not provide its own transformations + * then these will be applied. + * + * You can augment or replace the default transformations by modifying these properties by adding to or + * replacing the array. + * + * Angular provides the following default transformations: + * + * Request transformations (`$httpProvider.defaults.transformRequest` and `$http.defaults.transformRequest`): + * + * - If the `data` property of the request configuration object contains an object, serialize it + * into JSON format. + * + * Response transformations (`$httpProvider.defaults.transformResponse` and `$http.defaults.transformResponse`): + * + * - If XSRF prefix is detected, strip it (see Security Considerations section below). + * - If JSON response is detected, deserialize it using a JSON parser. + * + * + * ### Overriding the Default Transformations Per Request + * + * If you wish to override the request/response transformations only for a single request then provide + * `transformRequest` and/or `transformResponse` properties on the configuration object passed + * into `$http`. + * + * Note that if you provide these properties on the config object the default transformations will be + * overwritten. If you wish to augment the default transformations then you must include them in your + * local transformation array. + * + * The following code demonstrates adding a new response transformation to be run after the default response + * transformations have been run. + * + * ```js + * function appendTransform(defaults, transform) { + * + * // We can't guarantee that the default transformation is an array + * defaults = angular.isArray(defaults) ? defaults : [defaults]; + * + * // Append the new transformation to the defaults + * return defaults.concat(transform); + * } + * + * $http({ + * url: '...', + * method: 'GET', + * transformResponse: appendTransform($http.defaults.transformResponse, function(value) { + * return doTransform(value); + * }) + * }); + * ``` + * + * + * ## Caching + * + * {@link ng.$http `$http`} responses are not cached by default. To enable caching, you must + * set the config.cache value or the default cache value to TRUE or to a cache object (created + * with {@link ng.$cacheFactory `$cacheFactory`}). If defined, the value of config.cache takes + * precedence over the default cache value. + * + * In order to: + * * cache all responses - set the default cache value to TRUE or to a cache object + * * cache a specific response - set config.cache value to TRUE or to a cache object + * + * If caching is enabled, but neither the default cache nor config.cache are set to a cache object, + * then the default `$cacheFactory("$http")` object is used. + * + * The default cache value can be set by updating the + * {@link ng.$http#defaults `$http.defaults.cache`} property or the + * {@link $httpProvider#defaults `$httpProvider.defaults.cache`} property. + * + * When caching is enabled, {@link ng.$http `$http`} stores the response from the server using + * the relevant cache object. The next time the same request is made, the response is returned + * from the cache without sending a request to the server. + * + * Take note that: + * + * * Only GET and JSONP requests are cached. + * * The cache key is the request URL including search parameters; headers are not considered. + * * Cached responses are returned asynchronously, in the same way as responses from the server. + * * If multiple identical requests are made using the same cache, which is not yet populated, + * one request will be made to the server and remaining requests will return the same response. + * * A cache-control header on the response does not affect if or how responses are cached. + * + * + * ## Interceptors + * + * Before you start creating interceptors, be sure to understand the + * {@link ng.$q $q and deferred/promise APIs}. + * + * For purposes of global error handling, authentication, or any kind of synchronous or + * asynchronous pre-processing of request or postprocessing of responses, it is desirable to be + * able to intercept requests before they are handed to the server and + * responses before they are handed over to the application code that + * initiated these requests. The interceptors leverage the {@link ng.$q + * promise APIs} to fulfill this need for both synchronous and asynchronous pre-processing. + * + * The interceptors are service factories that are registered with the `$httpProvider` by + * adding them to the `$httpProvider.interceptors` array. The factory is called and + * injected with dependencies (if specified) and returns the interceptor. + * + * There are two kinds of interceptors (and two kinds of rejection interceptors): + * + * * `request`: interceptors get called with a http {@link $http#usage config} object. The function is free to + * modify the `config` object or create a new one. The function needs to return the `config` + * object directly, or a promise containing the `config` or a new `config` object. + * * `requestError`: interceptor gets called when a previous interceptor threw an error or + * resolved with a rejection. + * * `response`: interceptors get called with http `response` object. The function is free to + * modify the `response` object or create a new one. The function needs to return the `response` + * object directly, or as a promise containing the `response` or a new `response` object. + * * `responseError`: interceptor gets called when a previous interceptor threw an error or + * resolved with a rejection. + * + * + * ```js + * // register the interceptor as a service + * $provide.factory('myHttpInterceptor', function($q, dependency1, dependency2) { + * return { + * // optional method + * 'request': function(config) { + * // do something on success + * return config; + * }, + * + * // optional method + * 'requestError': function(rejection) { + * // do something on error + * if (canRecover(rejection)) { + * return responseOrNewPromise + * } + * return $q.reject(rejection); + * }, + * + * + * + * // optional method + * 'response': function(response) { + * // do something on success + * return response; + * }, + * + * // optional method + * 'responseError': function(rejection) { + * // do something on error + * if (canRecover(rejection)) { + * return responseOrNewPromise + * } + * return $q.reject(rejection); + * } + * }; + * }); + * + * $httpProvider.interceptors.push('myHttpInterceptor'); + * + * + * // alternatively, register the interceptor via an anonymous factory + * $httpProvider.interceptors.push(function($q, dependency1, dependency2) { + * return { + * 'request': function(config) { + * // same as above + * }, + * + * 'response': function(response) { + * // same as above + * } + * }; + * }); + * ``` + * + * ## Security Considerations + * + * When designing web applications, consider security threats from: + * + * - [JSON vulnerability](http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx) + * - [XSRF](http://en.wikipedia.org/wiki/Cross-site_request_forgery) + * + * Both server and the client must cooperate in order to eliminate these threats. Angular comes + * pre-configured with strategies that address these issues, but for this to work backend server + * cooperation is required. + * + * ### JSON Vulnerability Protection + * + * A [JSON vulnerability](http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx) + * allows third party website to turn your JSON resource URL into + * [JSONP](http://en.wikipedia.org/wiki/JSONP) request under some conditions. To + * counter this your server can prefix all JSON requests with following string `")]}',\n"`. + * Angular will automatically strip the prefix before processing it as JSON. + * + * For example if your server needs to return: + * ```js + * ['one','two'] + * ``` + * + * which is vulnerable to attack, your server can return: + * ```js + * )]}', + * ['one','two'] + * ``` + * + * Angular will strip the prefix, before processing the JSON. + * + * + * ### Cross Site Request Forgery (XSRF) Protection + * + * [XSRF](http://en.wikipedia.org/wiki/Cross-site_request_forgery) is an attack technique by + * which the attacker can trick an authenticated user into unknowingly executing actions on your + * website. Angular provides a mechanism to counter XSRF. When performing XHR requests, the + * $http service reads a token from a cookie (by default, `XSRF-TOKEN`) and sets it as an HTTP + * header (`X-XSRF-TOKEN`). Since only JavaScript that runs on your domain could read the + * cookie, your server can be assured that the XHR came from JavaScript running on your domain. + * The header will not be set for cross-domain requests. + * + * To take advantage of this, your server needs to set a token in a JavaScript readable session + * cookie called `XSRF-TOKEN` on the first HTTP GET request. On subsequent XHR requests the + * server can verify that the cookie matches `X-XSRF-TOKEN` HTTP header, and therefore be sure + * that only JavaScript running on your domain could have sent the request. The token must be + * unique for each user and must be verifiable by the server (to prevent the JavaScript from + * making up its own tokens). We recommend that the token is a digest of your site's + * authentication cookie with a [salt](https://en.wikipedia.org/wiki/Salt_(cryptography)) + * for added security. + * + * The name of the headers can be specified using the xsrfHeaderName and xsrfCookieName + * properties of either $httpProvider.defaults at config-time, $http.defaults at run-time, + * or the per-request config object. + * + * In order to prevent collisions in environments where multiple Angular apps share the + * same domain or subdomain, we recommend that each application uses unique cookie name. + * + * @param {object} config Object describing the request to be made and how it should be + * processed. The object has following properties: + * + * - **method** – `{string}` – HTTP method (e.g. 'GET', 'POST', etc) + * - **url** – `{string|TrustedObject}` – Absolute or relative URL of the resource that is being requested; + * or an object created by a call to `$sce.trustAsResourceUrl(url)`. + * - **params** – `{Object.}` – Map of strings or objects which will be serialized + * with the `paramSerializer` and appended as GET parameters. + * - **data** – `{string|Object}` – Data to be sent as the request message data. + * - **headers** – `{Object}` – Map of strings or functions which return strings representing + * HTTP headers to send to the server. If the return value of a function is null, the + * header will not be sent. Functions accept a config object as an argument. + * - **eventHandlers** - `{Object}` - Event listeners to be bound to the XMLHttpRequest object. + * To bind events to the XMLHttpRequest upload object, use `uploadEventHandlers`. + * The handler will be called in the context of a `$apply` block. + * - **uploadEventHandlers** - `{Object}` - Event listeners to be bound to the XMLHttpRequest upload + * object. To bind events to the XMLHttpRequest object, use `eventHandlers`. + * The handler will be called in the context of a `$apply` block. + * - **xsrfHeaderName** – `{string}` – Name of HTTP header to populate with the XSRF token. + * - **xsrfCookieName** – `{string}` – Name of cookie containing the XSRF token. + * - **transformRequest** – + * `{function(data, headersGetter)|Array.}` – + * transform function or an array of such functions. The transform function takes the http + * request body and headers and returns its transformed (typically serialized) version. + * See {@link ng.$http#overriding-the-default-transformations-per-request + * Overriding the Default Transformations} + * - **transformResponse** – + * `{function(data, headersGetter, status)|Array.}` – + * transform function or an array of such functions. The transform function takes the http + * response body, headers and status and returns its transformed (typically deserialized) version. + * See {@link ng.$http#overriding-the-default-transformations-per-request + * Overriding the Default Transformations} + * - **paramSerializer** - `{string|function(Object):string}` - A function used to + * prepare the string representation of request parameters (specified as an object). + * If specified as string, it is interpreted as function registered with the + * {@link $injector $injector}, which means you can create your own serializer + * by registering it as a {@link auto.$provide#service service}. + * The default serializer is the {@link $httpParamSerializer $httpParamSerializer}; + * alternatively, you can use the {@link $httpParamSerializerJQLike $httpParamSerializerJQLike} + * - **cache** – `{boolean|Object}` – A boolean value or object created with + * {@link ng.$cacheFactory `$cacheFactory`} to enable or disable caching of the HTTP response. + * See {@link $http#caching $http Caching} for more information. + * - **timeout** – `{number|Promise}` – timeout in milliseconds, or {@link ng.$q promise} + * that should abort the request when resolved. + * - **withCredentials** - `{boolean}` - whether to set the `withCredentials` flag on the + * XHR object. See [requests with credentials](https://developer.mozilla.org/docs/Web/HTTP/Access_control_CORS#Requests_with_credentials) + * for more information. + * - **responseType** - `{string}` - see + * [XMLHttpRequest.responseType](https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest#xmlhttprequest-responsetype). + * + * @returns {HttpPromise} Returns a {@link ng.$q `Promise}` that will be resolved to a response object + * when the request succeeds or fails. + * + * + * @property {Array.} pendingRequests Array of config objects for currently pending + * requests. This is primarily meant to be used for debugging purposes. + * + * + * @example + + +
    + + +
    + + + +
    http status code: {{status}}
    +
    http response data: {{data}}
    +
    +
    + + angular.module('httpExample', []) + .config(['$sceDelegateProvider', function($sceDelegateProvider) { + // We must whitelist the JSONP endpoint that we are using to show that we trust it + $sceDelegateProvider.resourceUrlWhitelist([ + 'self', + 'https://angularjs.org/**' + ]); + }]) + .controller('FetchController', ['$scope', '$http', '$templateCache', + function($scope, $http, $templateCache) { + $scope.method = 'GET'; + $scope.url = 'http-hello.html'; + + $scope.fetch = function() { + $scope.code = null; + $scope.response = null; + + $http({method: $scope.method, url: $scope.url, cache: $templateCache}). + then(function(response) { + $scope.status = response.status; + $scope.data = response.data; + }, function(response) { + $scope.data = response.data || 'Request failed'; + $scope.status = response.status; + }); + }; + + $scope.updateModel = function(method, url) { + $scope.method = method; + $scope.url = url; + }; + }]); + + + Hello, $http! + + + var status = element(by.binding('status')); + var data = element(by.binding('data')); + var fetchBtn = element(by.id('fetchbtn')); + var sampleGetBtn = element(by.id('samplegetbtn')); + var invalidJsonpBtn = element(by.id('invalidjsonpbtn')); + + it('should make an xhr GET request', function() { + sampleGetBtn.click(); + fetchBtn.click(); + expect(status.getText()).toMatch('200'); + expect(data.getText()).toMatch(/Hello, \$http!/); + }); + +// Commented out due to flakes. See https://github.com/angular/angular.js/issues/9185 +// it('should make a JSONP request to angularjs.org', function() { +// var sampleJsonpBtn = element(by.id('samplejsonpbtn')); +// sampleJsonpBtn.click(); +// fetchBtn.click(); +// expect(status.getText()).toMatch('200'); +// expect(data.getText()).toMatch(/Super Hero!/); +// }); + + it('should make JSONP request to invalid URL and invoke the error handler', + function() { + invalidJsonpBtn.click(); + fetchBtn.click(); + expect(status.getText()).toMatch('0'); + expect(data.getText()).toMatch('Request failed'); + }); + +
    + */ + function $http(requestConfig) { + + if (!isObject(requestConfig)) { + throw minErr('$http')('badreq', 'Http request configuration must be an object. Received: {0}', requestConfig); + } + + if (!isString($sce.valueOf(requestConfig.url))) { + throw minErr('$http')('badreq', 'Http request configuration url must be a string or a $sce trusted object. Received: {0}', requestConfig.url); + } + + var config = extend({ + method: 'get', + transformRequest: defaults.transformRequest, + transformResponse: defaults.transformResponse, + paramSerializer: defaults.paramSerializer, + jsonpCallbackParam: defaults.jsonpCallbackParam + }, requestConfig); + + config.headers = mergeHeaders(requestConfig); + config.method = uppercase(config.method); + config.paramSerializer = isString(config.paramSerializer) ? + $injector.get(config.paramSerializer) : config.paramSerializer; + + $browser.$$incOutstandingRequestCount(); + + var requestInterceptors = []; + var responseInterceptors = []; + var promise = $q.resolve(config); + + // apply interceptors + forEach(reversedInterceptors, function(interceptor) { + if (interceptor.request || interceptor.requestError) { + requestInterceptors.unshift(interceptor.request, interceptor.requestError); + } + if (interceptor.response || interceptor.responseError) { + responseInterceptors.push(interceptor.response, interceptor.responseError); + } + }); + + promise = chainInterceptors(promise, requestInterceptors); + promise = promise.then(serverRequest); + promise = chainInterceptors(promise, responseInterceptors); + promise = promise.finally(completeOutstandingRequest); + + return promise; + + + function chainInterceptors(promise, interceptors) { + for (var i = 0, ii = interceptors.length; i < ii;) { + var thenFn = interceptors[i++]; + var rejectFn = interceptors[i++]; + + promise = promise.then(thenFn, rejectFn); + } + + interceptors.length = 0; + + return promise; + } + + function completeOutstandingRequest() { + $browser.$$completeOutstandingRequest(noop); + } + + function executeHeaderFns(headers, config) { + var headerContent, processedHeaders = {}; + + forEach(headers, function(headerFn, header) { + if (isFunction(headerFn)) { + headerContent = headerFn(config); + if (headerContent != null) { + processedHeaders[header] = headerContent; + } + } else { + processedHeaders[header] = headerFn; + } + }); + + return processedHeaders; + } + + function mergeHeaders(config) { + var defHeaders = defaults.headers, + reqHeaders = extend({}, config.headers), + defHeaderName, lowercaseDefHeaderName, reqHeaderName; + + defHeaders = extend({}, defHeaders.common, defHeaders[lowercase(config.method)]); + + // using for-in instead of forEach to avoid unnecessary iteration after header has been found + defaultHeadersIteration: + for (defHeaderName in defHeaders) { + lowercaseDefHeaderName = lowercase(defHeaderName); + + for (reqHeaderName in reqHeaders) { + if (lowercase(reqHeaderName) === lowercaseDefHeaderName) { + continue defaultHeadersIteration; + } + } + + reqHeaders[defHeaderName] = defHeaders[defHeaderName]; + } + + // execute if header value is a function for merged headers + return executeHeaderFns(reqHeaders, shallowCopy(config)); + } + + function serverRequest(config) { + var headers = config.headers; + var reqData = transformData(config.data, headersGetter(headers), undefined, config.transformRequest); + + // strip content-type if data is undefined + if (isUndefined(reqData)) { + forEach(headers, function(value, header) { + if (lowercase(header) === 'content-type') { + delete headers[header]; + } + }); + } + + if (isUndefined(config.withCredentials) && !isUndefined(defaults.withCredentials)) { + config.withCredentials = defaults.withCredentials; + } + + // send request + return sendReq(config, reqData).then(transformResponse, transformResponse); + } + + function transformResponse(response) { + // make a copy since the response must be cacheable + var resp = extend({}, response); + resp.data = transformData(response.data, response.headers, response.status, + config.transformResponse); + return (isSuccess(response.status)) + ? resp + : $q.reject(resp); + } + } + + $http.pendingRequests = []; + + /** + * @ngdoc method + * @name $http#get + * + * @description + * Shortcut method to perform `GET` request. + * + * @param {string|TrustedObject} url Absolute or relative URL of the resource that is being requested; + * or an object created by a call to `$sce.trustAsResourceUrl(url)`. + * @param {Object=} config Optional configuration object + * @returns {HttpPromise} Future object + */ + + /** + * @ngdoc method + * @name $http#delete + * + * @description + * Shortcut method to perform `DELETE` request. + * + * @param {string|TrustedObject} url Absolute or relative URL of the resource that is being requested; + * or an object created by a call to `$sce.trustAsResourceUrl(url)`. + * @param {Object=} config Optional configuration object + * @returns {HttpPromise} Future object + */ + + /** + * @ngdoc method + * @name $http#head + * + * @description + * Shortcut method to perform `HEAD` request. + * + * @param {string|TrustedObject} url Absolute or relative URL of the resource that is being requested; + * or an object created by a call to `$sce.trustAsResourceUrl(url)`. + * @param {Object=} config Optional configuration object + * @returns {HttpPromise} Future object + */ + + /** + * @ngdoc method + * @name $http#jsonp + * + * @description + * Shortcut method to perform `JSONP` request. + * + * Note that, since JSONP requests are sensitive because the response is given full access to the browser, + * the url must be declared, via {@link $sce} as a trusted resource URL. + * You can trust a URL by adding it to the whitelist via + * {@link $sceDelegateProvider#resourceUrlWhitelist `$sceDelegateProvider.resourceUrlWhitelist`} or + * by explicitly trusting the URL via {@link $sce#trustAsResourceUrl `$sce.trustAsResourceUrl(url)`}. + * + * JSONP requests must specify a callback to be used in the response from the server. This callback + * is passed as a query parameter in the request. You must specify the name of this parameter by + * setting the `jsonpCallbackParam` property on the request config object. + * + * ``` + * $http.jsonp('some/trusted/url', {jsonpCallbackParam: 'callback'}) + * ``` + * + * You can also specify a default callback parameter name in `$http.defaults.jsonpCallbackParam`. + * Initially this is set to `'callback'`. + * + *
    + * You can no longer use the `JSON_CALLBACK` string as a placeholder for specifying where the callback + * parameter value should go. + *
    + * + * If you would like to customise where and how the callbacks are stored then try overriding + * or decorating the {@link $jsonpCallbacks} service. + * + * @param {string|TrustedObject} url Absolute or relative URL of the resource that is being requested; + * or an object created by a call to `$sce.trustAsResourceUrl(url)`. + * @param {Object=} config Optional configuration object + * @returns {HttpPromise} Future object + */ + createShortMethods('get', 'delete', 'head', 'jsonp'); + + /** + * @ngdoc method + * @name $http#post + * + * @description + * Shortcut method to perform `POST` request. + * + * @param {string} url Relative or absolute URL specifying the destination of the request + * @param {*} data Request content + * @param {Object=} config Optional configuration object + * @returns {HttpPromise} Future object + */ + + /** + * @ngdoc method + * @name $http#put + * + * @description + * Shortcut method to perform `PUT` request. + * + * @param {string} url Relative or absolute URL specifying the destination of the request + * @param {*} data Request content + * @param {Object=} config Optional configuration object + * @returns {HttpPromise} Future object + */ + + /** + * @ngdoc method + * @name $http#patch + * + * @description + * Shortcut method to perform `PATCH` request. + * + * @param {string} url Relative or absolute URL specifying the destination of the request + * @param {*} data Request content + * @param {Object=} config Optional configuration object + * @returns {HttpPromise} Future object + */ + createShortMethodsWithData('post', 'put', 'patch'); + + /** + * @ngdoc property + * @name $http#defaults + * + * @description + * Runtime equivalent of the `$httpProvider.defaults` property. Allows configuration of + * default headers, withCredentials as well as request and response transformations. + * + * See "Setting HTTP Headers" and "Transforming Requests and Responses" sections above. + */ + $http.defaults = defaults; + + + return $http; + + + function createShortMethods(names) { + forEach(arguments, function(name) { + $http[name] = function(url, config) { + return $http(extend({}, config || {}, { + method: name, + url: url + })); + }; + }); + } + + + function createShortMethodsWithData(name) { + forEach(arguments, function(name) { + $http[name] = function(url, data, config) { + return $http(extend({}, config || {}, { + method: name, + url: url, + data: data + })); + }; + }); + } + + + /** + * Makes the request. + * + * !!! ACCESSES CLOSURE VARS: + * $httpBackend, defaults, $log, $rootScope, defaultCache, $http.pendingRequests + */ + function sendReq(config, reqData) { + var deferred = $q.defer(), + promise = deferred.promise, + cache, + cachedResp, + reqHeaders = config.headers, + isJsonp = lowercase(config.method) === 'jsonp', + url = config.url; + + if (isJsonp) { + // JSONP is a pretty sensitive operation where we're allowing a script to have full access to + // our DOM and JS space. So we require that the URL satisfies SCE.RESOURCE_URL. + url = $sce.getTrustedResourceUrl(url); + } else if (!isString(url)) { + // If it is not a string then the URL must be a $sce trusted object + url = $sce.valueOf(url); + } + + url = buildUrl(url, config.paramSerializer(config.params)); + + if (isJsonp) { + // Check the url and add the JSONP callback placeholder + url = sanitizeJsonpCallbackParam(url, config.jsonpCallbackParam); + } + + $http.pendingRequests.push(config); + promise.then(removePendingReq, removePendingReq); + + if ((config.cache || defaults.cache) && config.cache !== false && + (config.method === 'GET' || config.method === 'JSONP')) { + cache = isObject(config.cache) ? config.cache + : isObject(/** @type {?} */ (defaults).cache) + ? /** @type {?} */ (defaults).cache + : defaultCache; + } + + if (cache) { + cachedResp = cache.get(url); + if (isDefined(cachedResp)) { + if (isPromiseLike(cachedResp)) { + // cached request has already been sent, but there is no response yet + cachedResp.then(resolvePromiseWithResult, resolvePromiseWithResult); + } else { + // serving from cache + if (isArray(cachedResp)) { + resolvePromise(cachedResp[1], cachedResp[0], shallowCopy(cachedResp[2]), cachedResp[3]); + } else { + resolvePromise(cachedResp, 200, {}, 'OK'); + } + } + } else { + // put the promise for the non-transformed response into cache as a placeholder + cache.put(url, promise); + } + } + + + // if we won't have the response in cache, set the xsrf headers and + // send the request to the backend + if (isUndefined(cachedResp)) { + var xsrfValue = urlIsSameOrigin(config.url) + ? $$cookieReader()[config.xsrfCookieName || defaults.xsrfCookieName] + : undefined; + if (xsrfValue) { + reqHeaders[(config.xsrfHeaderName || defaults.xsrfHeaderName)] = xsrfValue; + } + + $httpBackend(config.method, url, reqData, done, reqHeaders, config.timeout, + config.withCredentials, config.responseType, + createApplyHandlers(config.eventHandlers), + createApplyHandlers(config.uploadEventHandlers)); + } + + return promise; + + function createApplyHandlers(eventHandlers) { + if (eventHandlers) { + var applyHandlers = {}; + forEach(eventHandlers, function(eventHandler, key) { + applyHandlers[key] = function(event) { + if (useApplyAsync) { + $rootScope.$applyAsync(callEventHandler); + } else if ($rootScope.$$phase) { + callEventHandler(); + } else { + $rootScope.$apply(callEventHandler); + } + + function callEventHandler() { + eventHandler(event); + } + }; + }); + return applyHandlers; + } + } + + + /** + * Callback registered to $httpBackend(): + * - caches the response if desired + * - resolves the raw $http promise + * - calls $apply + */ + function done(status, response, headersString, statusText) { + if (cache) { + if (isSuccess(status)) { + cache.put(url, [status, response, parseHeaders(headersString), statusText]); + } else { + // remove promise from the cache + cache.remove(url); + } + } + + function resolveHttpPromise() { + resolvePromise(response, status, headersString, statusText); + } + + if (useApplyAsync) { + $rootScope.$applyAsync(resolveHttpPromise); + } else { + resolveHttpPromise(); + if (!$rootScope.$$phase) $rootScope.$apply(); + } + } + + + /** + * Resolves the raw $http promise. + */ + function resolvePromise(response, status, headers, statusText) { + //status: HTTP response status code, 0, -1 (aborted by timeout / promise) + status = status >= -1 ? status : 0; + + (isSuccess(status) ? deferred.resolve : deferred.reject)({ + data: response, + status: status, + headers: headersGetter(headers), + config: config, + statusText: statusText + }); + } + + function resolvePromiseWithResult(result) { + resolvePromise(result.data, result.status, shallowCopy(result.headers()), result.statusText); + } + + function removePendingReq() { + var idx = $http.pendingRequests.indexOf(config); + if (idx !== -1) $http.pendingRequests.splice(idx, 1); + } + } + + + function buildUrl(url, serializedParams) { + if (serializedParams.length > 0) { + url += ((url.indexOf('?') === -1) ? '?' : '&') + serializedParams; + } + return url; + } + + function sanitizeJsonpCallbackParam(url, key) { + if (/[&?][^=]+=JSON_CALLBACK/.test(url)) { + // Throw if the url already contains a reference to JSON_CALLBACK + throw $httpMinErr('badjsonp', 'Illegal use of JSON_CALLBACK in url, "{0}"', url); + } + + var callbackParamRegex = new RegExp('[&?]' + key + '='); + if (callbackParamRegex.test(url)) { + // Throw if the callback param was already provided + throw $httpMinErr('badjsonp', 'Illegal use of callback param, "{0}", in url, "{1}"', key, url); + } + + // Add in the JSON_CALLBACK callback param value + url += ((url.indexOf('?') === -1) ? '?' : '&') + key + '=JSON_CALLBACK'; + + return url; + } + }]; +} + +/** + * @ngdoc service + * @name $xhrFactory + * @this + * + * @description + * Factory function used to create XMLHttpRequest objects. + * + * Replace or decorate this service to create your own custom XMLHttpRequest objects. + * + * ``` + * angular.module('myApp', []) + * .factory('$xhrFactory', function() { + * return function createXhr(method, url) { + * return new window.XMLHttpRequest({mozSystem: true}); + * }; + * }); + * ``` + * + * @param {string} method HTTP method of the request (GET, POST, PUT, ..) + * @param {string} url URL of the request. + */ +function $xhrFactoryProvider() { + this.$get = function() { + return function createXhr() { + return new window.XMLHttpRequest(); + }; + }; +} + +/** + * @ngdoc service + * @name $httpBackend + * @requires $jsonpCallbacks + * @requires $document + * @requires $xhrFactory + * @this + * + * @description + * HTTP backend used by the {@link ng.$http service} that delegates to + * XMLHttpRequest object or JSONP and deals with browser incompatibilities. + * + * You should never need to use this service directly, instead use the higher-level abstractions: + * {@link ng.$http $http} or {@link ngResource.$resource $resource}. + * + * During testing this implementation is swapped with {@link ngMock.$httpBackend mock + * $httpBackend} which can be trained with responses. + */ +function $HttpBackendProvider() { + this.$get = ['$browser', '$jsonpCallbacks', '$document', '$xhrFactory', function($browser, $jsonpCallbacks, $document, $xhrFactory) { + return createHttpBackend($browser, $xhrFactory, $browser.defer, $jsonpCallbacks, $document[0]); + }]; +} + +function createHttpBackend($browser, createXhr, $browserDefer, callbacks, rawDocument) { + // TODO(vojta): fix the signature + return function(method, url, post, callback, headers, timeout, withCredentials, responseType, eventHandlers, uploadEventHandlers) { + url = url || $browser.url(); + + if (lowercase(method) === 'jsonp') { + var callbackPath = callbacks.createCallback(url); + var jsonpDone = jsonpReq(url, callbackPath, function(status, text) { + // jsonpReq only ever sets status to 200 (OK), 404 (ERROR) or -1 (WAITING) + var response = (status === 200) && callbacks.getResponse(callbackPath); + completeRequest(callback, status, response, '', text); + callbacks.removeCallback(callbackPath); + }); + } else { + + var xhr = createXhr(method, url); + + xhr.open(method, url, true); + forEach(headers, function(value, key) { + if (isDefined(value)) { + xhr.setRequestHeader(key, value); + } + }); + + xhr.onload = function requestLoaded() { + var statusText = xhr.statusText || ''; + + // responseText is the old-school way of retrieving response (supported by IE9) + // response/responseType properties were introduced in XHR Level2 spec (supported by IE10) + var response = ('response' in xhr) ? xhr.response : xhr.responseText; + + // normalize IE9 bug (http://bugs.jquery.com/ticket/1450) + var status = xhr.status === 1223 ? 204 : xhr.status; + + // fix status code when it is 0 (0 status is undocumented). + // Occurs when accessing file resources or on Android 4.1 stock browser + // while retrieving files from application cache. + if (status === 0) { + status = response ? 200 : urlResolve(url).protocol === 'file' ? 404 : 0; + } + + completeRequest(callback, + status, + response, + xhr.getAllResponseHeaders(), + statusText); + }; + + var requestError = function() { + // The response is always empty + // See https://xhr.spec.whatwg.org/#request-error-steps and https://fetch.spec.whatwg.org/#concept-network-error + completeRequest(callback, -1, null, null, ''); + }; + + xhr.onerror = requestError; + xhr.onabort = requestError; + xhr.ontimeout = requestError; + + forEach(eventHandlers, function(value, key) { + xhr.addEventListener(key, value); + }); + + forEach(uploadEventHandlers, function(value, key) { + xhr.upload.addEventListener(key, value); + }); + + if (withCredentials) { + xhr.withCredentials = true; + } + + if (responseType) { + try { + xhr.responseType = responseType; + } catch (e) { + // WebKit added support for the json responseType value on 09/03/2013 + // https://bugs.webkit.org/show_bug.cgi?id=73648. Versions of Safari prior to 7 are + // known to throw when setting the value "json" as the response type. Other older + // browsers implementing the responseType + // + // The json response type can be ignored if not supported, because JSON payloads are + // parsed on the client-side regardless. + if (responseType !== 'json') { + throw e; + } + } + } + + xhr.send(isUndefined(post) ? null : post); + } + + if (timeout > 0) { + var timeoutId = $browserDefer(timeoutRequest, timeout); + } else if (isPromiseLike(timeout)) { + timeout.then(timeoutRequest); + } + + + function timeoutRequest() { + if (jsonpDone) { + jsonpDone(); + } + if (xhr) { + xhr.abort(); + } + } + + function completeRequest(callback, status, response, headersString, statusText) { + // cancel timeout and subsequent timeout promise resolution + if (isDefined(timeoutId)) { + $browserDefer.cancel(timeoutId); + } + jsonpDone = xhr = null; + + callback(status, response, headersString, statusText); + } + }; + + function jsonpReq(url, callbackPath, done) { + url = url.replace('JSON_CALLBACK', callbackPath); + // we can't use jQuery/jqLite here because jQuery does crazy stuff with script elements, e.g.: + // - fetches local scripts via XHR and evals them + // - adds and immediately removes script elements from the document + var script = rawDocument.createElement('script'), callback = null; + script.type = 'text/javascript'; + script.src = url; + script.async = true; + + callback = function(event) { + script.removeEventListener('load', callback); + script.removeEventListener('error', callback); + rawDocument.body.removeChild(script); + script = null; + var status = -1; + var text = 'unknown'; + + if (event) { + if (event.type === 'load' && !callbacks.wasCalled(callbackPath)) { + event = { type: 'error' }; + } + text = event.type; + status = event.type === 'error' ? 404 : 200; + } + + if (done) { + done(status, text); + } + }; + + script.addEventListener('load', callback); + script.addEventListener('error', callback); + rawDocument.body.appendChild(script); + return callback; + } +} + +var $interpolateMinErr = angular.$interpolateMinErr = minErr('$interpolate'); +$interpolateMinErr.throwNoconcat = function(text) { + throw $interpolateMinErr('noconcat', + 'Error while interpolating: {0}\nStrict Contextual Escaping disallows ' + + 'interpolations that concatenate multiple expressions when a trusted value is ' + + 'required. See http://docs.angularjs.org/api/ng.$sce', text); +}; + +$interpolateMinErr.interr = function(text, err) { + return $interpolateMinErr('interr', 'Can\'t interpolate: {0}\n{1}', text, err.toString()); +}; + +/** + * @ngdoc provider + * @name $interpolateProvider + * @this + * + * @description + * + * Used for configuring the interpolation markup. Defaults to `{{` and `}}`. + * + *
    + * This feature is sometimes used to mix different markup languages, e.g. to wrap an Angular + * template within a Python Jinja template (or any other template language). Mixing templating + * languages is **very dangerous**. The embedding template language will not safely escape Angular + * expressions, so any user-controlled values in the template will cause Cross Site Scripting (XSS) + * security bugs! + *
    + * + * @example + + + +
    + //demo.label// +
    +
    + + it('should interpolate binding with custom symbols', function() { + expect(element(by.binding('demo.label')).getText()).toBe('This binding is brought you by // interpolation symbols.'); + }); + +
    + */ +function $InterpolateProvider() { + var startSymbol = '{{'; + var endSymbol = '}}'; + + /** + * @ngdoc method + * @name $interpolateProvider#startSymbol + * @description + * Symbol to denote start of expression in the interpolated string. Defaults to `{{`. + * + * @param {string=} value new value to set the starting symbol to. + * @returns {string|self} Returns the symbol when used as getter and self if used as setter. + */ + this.startSymbol = function(value) { + if (value) { + startSymbol = value; + return this; + } else { + return startSymbol; + } + }; + + /** + * @ngdoc method + * @name $interpolateProvider#endSymbol + * @description + * Symbol to denote the end of expression in the interpolated string. Defaults to `}}`. + * + * @param {string=} value new value to set the ending symbol to. + * @returns {string|self} Returns the symbol when used as getter and self if used as setter. + */ + this.endSymbol = function(value) { + if (value) { + endSymbol = value; + return this; + } else { + return endSymbol; + } + }; + + + this.$get = ['$parse', '$exceptionHandler', '$sce', function($parse, $exceptionHandler, $sce) { + var startSymbolLength = startSymbol.length, + endSymbolLength = endSymbol.length, + escapedStartRegexp = new RegExp(startSymbol.replace(/./g, escape), 'g'), + escapedEndRegexp = new RegExp(endSymbol.replace(/./g, escape), 'g'); + + function escape(ch) { + return '\\\\\\' + ch; + } + + function unescapeText(text) { + return text.replace(escapedStartRegexp, startSymbol). + replace(escapedEndRegexp, endSymbol); + } + + // TODO: this is the same as the constantWatchDelegate in parse.js + function constantWatchDelegate(scope, listener, objectEquality, constantInterp) { + var unwatch = scope.$watch(function constantInterpolateWatch(scope) { + unwatch(); + return constantInterp(scope); + }, listener, objectEquality); + return unwatch; + } + + /** + * @ngdoc service + * @name $interpolate + * @kind function + * + * @requires $parse + * @requires $sce + * + * @description + * + * Compiles a string with markup into an interpolation function. This service is used by the + * HTML {@link ng.$compile $compile} service for data binding. See + * {@link ng.$interpolateProvider $interpolateProvider} for configuring the + * interpolation markup. + * + * + * ```js + * var $interpolate = ...; // injected + * var exp = $interpolate('Hello {{name | uppercase}}!'); + * expect(exp({name:'Angular'})).toEqual('Hello ANGULAR!'); + * ``` + * + * `$interpolate` takes an optional fourth argument, `allOrNothing`. If `allOrNothing` is + * `true`, the interpolation function will return `undefined` unless all embedded expressions + * evaluate to a value other than `undefined`. + * + * ```js + * var $interpolate = ...; // injected + * var context = {greeting: 'Hello', name: undefined }; + * + * // default "forgiving" mode + * var exp = $interpolate('{{greeting}} {{name}}!'); + * expect(exp(context)).toEqual('Hello !'); + * + * // "allOrNothing" mode + * exp = $interpolate('{{greeting}} {{name}}!', false, null, true); + * expect(exp(context)).toBeUndefined(); + * context.name = 'Angular'; + * expect(exp(context)).toEqual('Hello Angular!'); + * ``` + * + * `allOrNothing` is useful for interpolating URLs. `ngSrc` and `ngSrcset` use this behavior. + * + * #### Escaped Interpolation + * $interpolate provides a mechanism for escaping interpolation markers. Start and end markers + * can be escaped by preceding each of their characters with a REVERSE SOLIDUS U+005C (backslash). + * It will be rendered as a regular start/end marker, and will not be interpreted as an expression + * or binding. + * + * This enables web-servers to prevent script injection attacks and defacing attacks, to some + * degree, while also enabling code examples to work without relying on the + * {@link ng.directive:ngNonBindable ngNonBindable} directive. + * + * **For security purposes, it is strongly encouraged that web servers escape user-supplied data, + * replacing angle brackets (<, >) with &lt; and &gt; respectively, and replacing all + * interpolation start/end markers with their escaped counterparts.** + * + * Escaped interpolation markers are only replaced with the actual interpolation markers in rendered + * output when the $interpolate service processes the text. So, for HTML elements interpolated + * by {@link ng.$compile $compile}, or otherwise interpolated with the `mustHaveExpression` parameter + * set to `true`, the interpolated text must contain an unescaped interpolation expression. As such, + * this is typically useful only when user-data is used in rendering a template from the server, or + * when otherwise untrusted data is used by a directive. + * + * + * + *
    + *

    {{apptitle}}: \{\{ username = "defaced value"; \}\} + *

    + *

    {{username}} attempts to inject code which will deface the + * application, but fails to accomplish their task, because the server has correctly + * escaped the interpolation start/end markers with REVERSE SOLIDUS U+005C (backslash) + * characters.

    + *

    Instead, the result of the attempted script injection is visible, and can be removed + * from the database by an administrator.

    + *
    + *
    + *
    + * + * @knownIssue + * It is currently not possible for an interpolated expression to contain the interpolation end + * symbol. For example, `{{ '}}' }}` will be incorrectly interpreted as `{{ ' }}` + `' }}`, i.e. + * an interpolated expression consisting of a single-quote (`'`) and the `' }}` string. + * + * @knownIssue + * All directives and components must use the standard `{{` `}}` interpolation symbols + * in their templates. If you change the application interpolation symbols the {@link $compile} + * service will attempt to denormalize the standard symbols to the custom symbols. + * The denormalization process is not clever enough to know not to replace instances of the standard + * symbols where they would not normally be treated as interpolation symbols. For example in the following + * code snippet the closing braces of the literal object will get incorrectly denormalized: + * + * ``` + *
    + * ``` + * + * See https://github.com/angular/angular.js/pull/14610#issuecomment-219401099 for more information. + * + * @param {string} text The text with markup to interpolate. + * @param {boolean=} mustHaveExpression if set to true then the interpolation string must have + * embedded expression in order to return an interpolation function. Strings with no + * embedded expression will return null for the interpolation function. + * @param {string=} trustedContext when provided, the returned function passes the interpolated + * result through {@link ng.$sce#getTrusted $sce.getTrusted(interpolatedResult, + * trustedContext)} before returning it. Refer to the {@link ng.$sce $sce} service that + * provides Strict Contextual Escaping for details. + * @param {boolean=} allOrNothing if `true`, then the returned function returns undefined + * unless all embedded expressions evaluate to a value other than `undefined`. + * @returns {function(context)} an interpolation function which is used to compute the + * interpolated string. The function has these parameters: + * + * - `context`: evaluation context for all expressions embedded in the interpolated text + */ + function $interpolate(text, mustHaveExpression, trustedContext, allOrNothing) { + // Provide a quick exit and simplified result function for text with no interpolation + if (!text.length || text.indexOf(startSymbol) === -1) { + var constantInterp; + if (!mustHaveExpression) { + var unescapedText = unescapeText(text); + constantInterp = valueFn(unescapedText); + constantInterp.exp = text; + constantInterp.expressions = []; + constantInterp.$$watchDelegate = constantWatchDelegate; + } + return constantInterp; + } + + allOrNothing = !!allOrNothing; + var startIndex, + endIndex, + index = 0, + expressions = [], + parseFns = [], + textLength = text.length, + exp, + concat = [], + expressionPositions = []; + + while (index < textLength) { + if (((startIndex = text.indexOf(startSymbol, index)) !== -1) && + ((endIndex = text.indexOf(endSymbol, startIndex + startSymbolLength)) !== -1)) { + if (index !== startIndex) { + concat.push(unescapeText(text.substring(index, startIndex))); + } + exp = text.substring(startIndex + startSymbolLength, endIndex); + expressions.push(exp); + parseFns.push($parse(exp, parseStringifyInterceptor)); + index = endIndex + endSymbolLength; + expressionPositions.push(concat.length); + concat.push(''); + } else { + // we did not find an interpolation, so we have to add the remainder to the separators array + if (index !== textLength) { + concat.push(unescapeText(text.substring(index))); + } + break; + } + } + + // Concatenating expressions makes it hard to reason about whether some combination of + // concatenated values are unsafe to use and could easily lead to XSS. By requiring that a + // single expression be used for iframe[src], object[src], etc., we ensure that the value + // that's used is assigned or constructed by some JS code somewhere that is more testable or + // make it obvious that you bound the value to some user controlled value. This helps reduce + // the load when auditing for XSS issues. + if (trustedContext && concat.length > 1) { + $interpolateMinErr.throwNoconcat(text); + } + + if (!mustHaveExpression || expressions.length) { + var compute = function(values) { + for (var i = 0, ii = expressions.length; i < ii; i++) { + if (allOrNothing && isUndefined(values[i])) return; + concat[expressionPositions[i]] = values[i]; + } + return concat.join(''); + }; + + var getValue = function(value) { + return trustedContext ? + $sce.getTrusted(trustedContext, value) : + $sce.valueOf(value); + }; + + return extend(function interpolationFn(context) { + var i = 0; + var ii = expressions.length; + var values = new Array(ii); + + try { + for (; i < ii; i++) { + values[i] = parseFns[i](context); + } + + return compute(values); + } catch (err) { + $exceptionHandler($interpolateMinErr.interr(text, err)); + } + + }, { + // all of these properties are undocumented for now + exp: text, //just for compatibility with regular watchers created via $watch + expressions: expressions, + $$watchDelegate: function(scope, listener) { + var lastValue; + return scope.$watchGroup(parseFns, /** @this */ function interpolateFnWatcher(values, oldValues) { + var currValue = compute(values); + if (isFunction(listener)) { + listener.call(this, currValue, values !== oldValues ? lastValue : currValue, scope); + } + lastValue = currValue; + }); + } + }); + } + + function parseStringifyInterceptor(value) { + try { + value = getValue(value); + return allOrNothing && !isDefined(value) ? value : stringify(value); + } catch (err) { + $exceptionHandler($interpolateMinErr.interr(text, err)); + } + } + } + + + /** + * @ngdoc method + * @name $interpolate#startSymbol + * @description + * Symbol to denote the start of expression in the interpolated string. Defaults to `{{`. + * + * Use {@link ng.$interpolateProvider#startSymbol `$interpolateProvider.startSymbol`} to change + * the symbol. + * + * @returns {string} start symbol. + */ + $interpolate.startSymbol = function() { + return startSymbol; + }; + + + /** + * @ngdoc method + * @name $interpolate#endSymbol + * @description + * Symbol to denote the end of expression in the interpolated string. Defaults to `}}`. + * + * Use {@link ng.$interpolateProvider#endSymbol `$interpolateProvider.endSymbol`} to change + * the symbol. + * + * @returns {string} end symbol. + */ + $interpolate.endSymbol = function() { + return endSymbol; + }; + + return $interpolate; + }]; +} + +/** @this */ +function $IntervalProvider() { + this.$get = ['$rootScope', '$window', '$q', '$$q', '$browser', + function($rootScope, $window, $q, $$q, $browser) { + var intervals = {}; + + + /** + * @ngdoc service + * @name $interval + * + * @description + * Angular's wrapper for `window.setInterval`. The `fn` function is executed every `delay` + * milliseconds. + * + * The return value of registering an interval function is a promise. This promise will be + * notified upon each tick of the interval, and will be resolved after `count` iterations, or + * run indefinitely if `count` is not defined. The value of the notification will be the + * number of iterations that have run. + * To cancel an interval, call `$interval.cancel(promise)`. + * + * In tests you can use {@link ngMock.$interval#flush `$interval.flush(millis)`} to + * move forward by `millis` milliseconds and trigger any functions scheduled to run in that + * time. + * + *
    + * **Note**: Intervals created by this service must be explicitly destroyed when you are finished + * with them. In particular they are not automatically destroyed when a controller's scope or a + * directive's element are destroyed. + * You should take this into consideration and make sure to always cancel the interval at the + * appropriate moment. See the example below for more details on how and when to do this. + *
    + * + * @param {function()} fn A function that should be called repeatedly. If no additional arguments + * are passed (see below), the function is called with the current iteration count. + * @param {number} delay Number of milliseconds between each function call. + * @param {number=} [count=0] Number of times to repeat. If not set, or 0, will repeat + * indefinitely. + * @param {boolean=} [invokeApply=true] If set to `false` skips model dirty checking, otherwise + * will invoke `fn` within the {@link ng.$rootScope.Scope#$apply $apply} block. + * @param {...*=} Pass additional parameters to the executed function. + * @returns {promise} A promise which will be notified on each iteration. It will resolve once all iterations of the interval complete. + * + * @example + * + * + * + * + *
    + *
    + *
    + * Current time is: + *
    + * Blood 1 : {{blood_1}} + * Blood 2 : {{blood_2}} + * + * + * + *
    + *
    + * + *
    + *
    + */ + function interval(fn, delay, count, invokeApply) { + var hasParams = arguments.length > 4, + args = hasParams ? sliceArgs(arguments, 4) : [], + setInterval = $window.setInterval, + clearInterval = $window.clearInterval, + iteration = 0, + skipApply = (isDefined(invokeApply) && !invokeApply), + deferred = (skipApply ? $$q : $q).defer(), + promise = deferred.promise; + + count = isDefined(count) ? count : 0; + + promise.$$intervalId = setInterval(function tick() { + if (skipApply) { + $browser.defer(callback); + } else { + $rootScope.$evalAsync(callback); + } + deferred.notify(iteration++); + + if (count > 0 && iteration >= count) { + deferred.resolve(iteration); + clearInterval(promise.$$intervalId); + delete intervals[promise.$$intervalId]; + } + + if (!skipApply) $rootScope.$apply(); + + }, delay); + + intervals[promise.$$intervalId] = deferred; + + return promise; + + function callback() { + if (!hasParams) { + fn(iteration); + } else { + fn.apply(null, args); + } + } + } + + + /** + * @ngdoc method + * @name $interval#cancel + * + * @description + * Cancels a task associated with the `promise`. + * + * @param {Promise=} promise returned by the `$interval` function. + * @returns {boolean} Returns `true` if the task was successfully canceled. + */ + interval.cancel = function(promise) { + if (promise && promise.$$intervalId in intervals) { + // Interval cancels should not report as unhandled promise. + intervals[promise.$$intervalId].promise.catch(noop); + intervals[promise.$$intervalId].reject('canceled'); + $window.clearInterval(promise.$$intervalId); + delete intervals[promise.$$intervalId]; + return true; + } + return false; + }; + + return interval; + }]; +} + +/** + * @ngdoc service + * @name $jsonpCallbacks + * @requires $window + * @description + * This service handles the lifecycle of callbacks to handle JSONP requests. + * Override this service if you wish to customise where the callbacks are stored and + * how they vary compared to the requested url. + */ +var $jsonpCallbacksProvider = /** @this */ function() { + this.$get = function() { + var callbacks = angular.callbacks; + var callbackMap = {}; + + function createCallback(callbackId) { + var callback = function(data) { + callback.data = data; + callback.called = true; + }; + callback.id = callbackId; + return callback; + } + + return { + /** + * @ngdoc method + * @name $jsonpCallbacks#createCallback + * @param {string} url the url of the JSONP request + * @returns {string} the callback path to send to the server as part of the JSONP request + * @description + * {@link $httpBackend} calls this method to create a callback and get hold of the path to the callback + * to pass to the server, which will be used to call the callback with its payload in the JSONP response. + */ + createCallback: function(url) { + var callbackId = '_' + (callbacks.$$counter++).toString(36); + var callbackPath = 'angular.callbacks.' + callbackId; + var callback = createCallback(callbackId); + callbackMap[callbackPath] = callbacks[callbackId] = callback; + return callbackPath; + }, + /** + * @ngdoc method + * @name $jsonpCallbacks#wasCalled + * @param {string} callbackPath the path to the callback that was sent in the JSONP request + * @returns {boolean} whether the callback has been called, as a result of the JSONP response + * @description + * {@link $httpBackend} calls this method to find out whether the JSONP response actually called the + * callback that was passed in the request. + */ + wasCalled: function(callbackPath) { + return callbackMap[callbackPath].called; + }, + /** + * @ngdoc method + * @name $jsonpCallbacks#getResponse + * @param {string} callbackPath the path to the callback that was sent in the JSONP request + * @returns {*} the data received from the response via the registered callback + * @description + * {@link $httpBackend} calls this method to get hold of the data that was provided to the callback + * in the JSONP response. + */ + getResponse: function(callbackPath) { + return callbackMap[callbackPath].data; + }, + /** + * @ngdoc method + * @name $jsonpCallbacks#removeCallback + * @param {string} callbackPath the path to the callback that was sent in the JSONP request + * @description + * {@link $httpBackend} calls this method to remove the callback after the JSONP request has + * completed or timed-out. + */ + removeCallback: function(callbackPath) { + var callback = callbackMap[callbackPath]; + delete callbacks[callback.id]; + delete callbackMap[callbackPath]; + } + }; + }; +}; + +/** + * @ngdoc service + * @name $locale + * + * @description + * $locale service provides localization rules for various Angular components. As of right now the + * only public api is: + * + * * `id` – `{string}` – locale id formatted as `languageId-countryId` (e.g. `en-us`) + */ + +var PATH_MATCH = /^([^?#]*)(\?([^#]*))?(#(.*))?$/, + DEFAULT_PORTS = {'http': 80, 'https': 443, 'ftp': 21}; +var $locationMinErr = minErr('$location'); + + +/** + * Encode path using encodeUriSegment, ignoring forward slashes + * + * @param {string} path Path to encode + * @returns {string} + */ +function encodePath(path) { + var segments = path.split('/'), + i = segments.length; + + while (i--) { + segments[i] = encodeUriSegment(segments[i]); + } + + return segments.join('/'); +} + +function parseAbsoluteUrl(absoluteUrl, locationObj) { + var parsedUrl = urlResolve(absoluteUrl); + + locationObj.$$protocol = parsedUrl.protocol; + locationObj.$$host = parsedUrl.hostname; + locationObj.$$port = toInt(parsedUrl.port) || DEFAULT_PORTS[parsedUrl.protocol] || null; +} + +var DOUBLE_SLASH_REGEX = /^\s*[\\/]{2,}/; +function parseAppUrl(url, locationObj) { + + if (DOUBLE_SLASH_REGEX.test(url)) { + throw $locationMinErr('badpath', 'Invalid url "{0}".', url); + } + + var prefixed = (url.charAt(0) !== '/'); + if (prefixed) { + url = '/' + url; + } + var match = urlResolve(url); + locationObj.$$path = decodeURIComponent(prefixed && match.pathname.charAt(0) === '/' ? + match.pathname.substring(1) : match.pathname); + locationObj.$$search = parseKeyValue(match.search); + locationObj.$$hash = decodeURIComponent(match.hash); + + // make sure path starts with '/'; + if (locationObj.$$path && locationObj.$$path.charAt(0) !== '/') { + locationObj.$$path = '/' + locationObj.$$path; + } +} + +function startsWith(str, search) { + return str.slice(0, search.length) === search; +} + +/** + * + * @param {string} base + * @param {string} url + * @returns {string} returns text from `url` after `base` or `undefined` if it does not begin with + * the expected string. + */ +function stripBaseUrl(base, url) { + if (startsWith(url, base)) { + return url.substr(base.length); + } +} + + +function stripHash(url) { + var index = url.indexOf('#'); + return index === -1 ? url : url.substr(0, index); +} + +function trimEmptyHash(url) { + return url.replace(/(#.+)|#$/, '$1'); +} + + +function stripFile(url) { + return url.substr(0, stripHash(url).lastIndexOf('/') + 1); +} + +/* return the server only (scheme://host:port) */ +function serverBase(url) { + return url.substring(0, url.indexOf('/', url.indexOf('//') + 2)); +} + + +/** + * LocationHtml5Url represents a URL + * This object is exposed as $location service when HTML5 mode is enabled and supported + * + * @constructor + * @param {string} appBase application base URL + * @param {string} appBaseNoFile application base URL stripped of any filename + * @param {string} basePrefix URL path prefix + */ +function LocationHtml5Url(appBase, appBaseNoFile, basePrefix) { + this.$$html5 = true; + basePrefix = basePrefix || ''; + parseAbsoluteUrl(appBase, this); + + + /** + * Parse given HTML5 (regular) URL string into properties + * @param {string} url HTML5 URL + * @private + */ + this.$$parse = function(url) { + var pathUrl = stripBaseUrl(appBaseNoFile, url); + if (!isString(pathUrl)) { + throw $locationMinErr('ipthprfx', 'Invalid url "{0}", missing path prefix "{1}".', url, + appBaseNoFile); + } + + parseAppUrl(pathUrl, this); + + if (!this.$$path) { + this.$$path = '/'; + } + + this.$$compose(); + }; + + /** + * Compose url and update `absUrl` property + * @private + */ + this.$$compose = function() { + var search = toKeyValue(this.$$search), + hash = this.$$hash ? '#' + encodeUriSegment(this.$$hash) : ''; + + this.$$url = encodePath(this.$$path) + (search ? '?' + search : '') + hash; + this.$$absUrl = appBaseNoFile + this.$$url.substr(1); // first char is always '/' + + this.$$urlUpdatedByLocation = true; + }; + + this.$$parseLinkUrl = function(url, relHref) { + if (relHref && relHref[0] === '#') { + // special case for links to hash fragments: + // keep the old url and only replace the hash fragment + this.hash(relHref.slice(1)); + return true; + } + var appUrl, prevAppUrl; + var rewrittenUrl; + + + if (isDefined(appUrl = stripBaseUrl(appBase, url))) { + prevAppUrl = appUrl; + if (basePrefix && isDefined(appUrl = stripBaseUrl(basePrefix, appUrl))) { + rewrittenUrl = appBaseNoFile + (stripBaseUrl('/', appUrl) || appUrl); + } else { + rewrittenUrl = appBase + prevAppUrl; + } + } else if (isDefined(appUrl = stripBaseUrl(appBaseNoFile, url))) { + rewrittenUrl = appBaseNoFile + appUrl; + } else if (appBaseNoFile === url + '/') { + rewrittenUrl = appBaseNoFile; + } + if (rewrittenUrl) { + this.$$parse(rewrittenUrl); + } + return !!rewrittenUrl; + }; +} + + +/** + * LocationHashbangUrl represents URL + * This object is exposed as $location service when developer doesn't opt into html5 mode. + * It also serves as the base class for html5 mode fallback on legacy browsers. + * + * @constructor + * @param {string} appBase application base URL + * @param {string} appBaseNoFile application base URL stripped of any filename + * @param {string} hashPrefix hashbang prefix + */ +function LocationHashbangUrl(appBase, appBaseNoFile, hashPrefix) { + + parseAbsoluteUrl(appBase, this); + + + /** + * Parse given hashbang URL into properties + * @param {string} url Hashbang URL + * @private + */ + this.$$parse = function(url) { + var withoutBaseUrl = stripBaseUrl(appBase, url) || stripBaseUrl(appBaseNoFile, url); + var withoutHashUrl; + + if (!isUndefined(withoutBaseUrl) && withoutBaseUrl.charAt(0) === '#') { + + // The rest of the URL starts with a hash so we have + // got either a hashbang path or a plain hash fragment + withoutHashUrl = stripBaseUrl(hashPrefix, withoutBaseUrl); + if (isUndefined(withoutHashUrl)) { + // There was no hashbang prefix so we just have a hash fragment + withoutHashUrl = withoutBaseUrl; + } + + } else { + // There was no hashbang path nor hash fragment: + // If we are in HTML5 mode we use what is left as the path; + // Otherwise we ignore what is left + if (this.$$html5) { + withoutHashUrl = withoutBaseUrl; + } else { + withoutHashUrl = ''; + if (isUndefined(withoutBaseUrl)) { + appBase = url; + /** @type {?} */ (this).replace(); + } + } + } + + parseAppUrl(withoutHashUrl, this); + + this.$$path = removeWindowsDriveName(this.$$path, withoutHashUrl, appBase); + + this.$$compose(); + + /* + * In Windows, on an anchor node on documents loaded from + * the filesystem, the browser will return a pathname + * prefixed with the drive name ('/C:/path') when a + * pathname without a drive is set: + * * a.setAttribute('href', '/foo') + * * a.pathname === '/C:/foo' //true + * + * Inside of Angular, we're always using pathnames that + * do not include drive names for routing. + */ + function removeWindowsDriveName(path, url, base) { + /* + Matches paths for file protocol on windows, + such as /C:/foo/bar, and captures only /foo/bar. + */ + var windowsFilePathExp = /^\/[A-Z]:(\/.*)/; + + var firstPathSegmentMatch; + + //Get the relative path from the input URL. + if (startsWith(url, base)) { + url = url.replace(base, ''); + } + + // The input URL intentionally contains a first path segment that ends with a colon. + if (windowsFilePathExp.exec(url)) { + return path; + } + + firstPathSegmentMatch = windowsFilePathExp.exec(path); + return firstPathSegmentMatch ? firstPathSegmentMatch[1] : path; + } + }; + + /** + * Compose hashbang URL and update `absUrl` property + * @private + */ + this.$$compose = function() { + var search = toKeyValue(this.$$search), + hash = this.$$hash ? '#' + encodeUriSegment(this.$$hash) : ''; + + this.$$url = encodePath(this.$$path) + (search ? '?' + search : '') + hash; + this.$$absUrl = appBase + (this.$$url ? hashPrefix + this.$$url : ''); + + this.$$urlUpdatedByLocation = true; + }; + + this.$$parseLinkUrl = function(url, relHref) { + if (stripHash(appBase) === stripHash(url)) { + this.$$parse(url); + return true; + } + return false; + }; +} + + +/** + * LocationHashbangUrl represents URL + * This object is exposed as $location service when html5 history api is enabled but the browser + * does not support it. + * + * @constructor + * @param {string} appBase application base URL + * @param {string} appBaseNoFile application base URL stripped of any filename + * @param {string} hashPrefix hashbang prefix + */ +function LocationHashbangInHtml5Url(appBase, appBaseNoFile, hashPrefix) { + this.$$html5 = true; + LocationHashbangUrl.apply(this, arguments); + + this.$$parseLinkUrl = function(url, relHref) { + if (relHref && relHref[0] === '#') { + // special case for links to hash fragments: + // keep the old url and only replace the hash fragment + this.hash(relHref.slice(1)); + return true; + } + + var rewrittenUrl; + var appUrl; + + if (appBase === stripHash(url)) { + rewrittenUrl = url; + } else if ((appUrl = stripBaseUrl(appBaseNoFile, url))) { + rewrittenUrl = appBase + hashPrefix + appUrl; + } else if (appBaseNoFile === url + '/') { + rewrittenUrl = appBaseNoFile; + } + if (rewrittenUrl) { + this.$$parse(rewrittenUrl); + } + return !!rewrittenUrl; + }; + + this.$$compose = function() { + var search = toKeyValue(this.$$search), + hash = this.$$hash ? '#' + encodeUriSegment(this.$$hash) : ''; + + this.$$url = encodePath(this.$$path) + (search ? '?' + search : '') + hash; + // include hashPrefix in $$absUrl when $$url is empty so IE9 does not reload page because of removal of '#' + this.$$absUrl = appBase + hashPrefix + this.$$url; + + this.$$urlUpdatedByLocation = true; + }; + +} + + +var locationPrototype = { + + /** + * Ensure absolute URL is initialized. + * @private + */ + $$absUrl:'', + + /** + * Are we in html5 mode? + * @private + */ + $$html5: false, + + /** + * Has any change been replacing? + * @private + */ + $$replace: false, + + /** + * @ngdoc method + * @name $location#absUrl + * + * @description + * This method is getter only. + * + * Return full URL representation with all segments encoded according to rules specified in + * [RFC 3986](http://www.ietf.org/rfc/rfc3986.txt). + * + * + * ```js + * // given URL http://example.com/#/some/path?foo=bar&baz=xoxo + * var absUrl = $location.absUrl(); + * // => "http://example.com/#/some/path?foo=bar&baz=xoxo" + * ``` + * + * @return {string} full URL + */ + absUrl: locationGetter('$$absUrl'), + + /** + * @ngdoc method + * @name $location#url + * + * @description + * This method is getter / setter. + * + * Return URL (e.g. `/path?a=b#hash`) when called without any parameter. + * + * Change path, search and hash, when called with parameter and return `$location`. + * + * + * ```js + * // given URL http://example.com/#/some/path?foo=bar&baz=xoxo + * var url = $location.url(); + * // => "/some/path?foo=bar&baz=xoxo" + * ``` + * + * @param {string=} url New URL without base prefix (e.g. `/path?a=b#hash`) + * @return {string} url + */ + url: function(url) { + if (isUndefined(url)) { + return this.$$url; + } + + var match = PATH_MATCH.exec(url); + if (match[1] || url === '') this.path(decodeURIComponent(match[1])); + if (match[2] || match[1] || url === '') this.search(match[3] || ''); + this.hash(match[5] || ''); + + return this; + }, + + /** + * @ngdoc method + * @name $location#protocol + * + * @description + * This method is getter only. + * + * Return protocol of current URL. + * + * + * ```js + * // given URL http://example.com/#/some/path?foo=bar&baz=xoxo + * var protocol = $location.protocol(); + * // => "http" + * ``` + * + * @return {string} protocol of current URL + */ + protocol: locationGetter('$$protocol'), + + /** + * @ngdoc method + * @name $location#host + * + * @description + * This method is getter only. + * + * Return host of current URL. + * + * Note: compared to the non-angular version `location.host` which returns `hostname:port`, this returns the `hostname` portion only. + * + * + * ```js + * // given URL http://example.com/#/some/path?foo=bar&baz=xoxo + * var host = $location.host(); + * // => "example.com" + * + * // given URL http://user:password@example.com:8080/#/some/path?foo=bar&baz=xoxo + * host = $location.host(); + * // => "example.com" + * host = location.host; + * // => "example.com:8080" + * ``` + * + * @return {string} host of current URL. + */ + host: locationGetter('$$host'), + + /** + * @ngdoc method + * @name $location#port + * + * @description + * This method is getter only. + * + * Return port of current URL. + * + * + * ```js + * // given URL http://example.com/#/some/path?foo=bar&baz=xoxo + * var port = $location.port(); + * // => 80 + * ``` + * + * @return {Number} port + */ + port: locationGetter('$$port'), + + /** + * @ngdoc method + * @name $location#path + * + * @description + * This method is getter / setter. + * + * Return path of current URL when called without any parameter. + * + * Change path when called with parameter and return `$location`. + * + * Note: Path should always begin with forward slash (/), this method will add the forward slash + * if it is missing. + * + * + * ```js + * // given URL http://example.com/#/some/path?foo=bar&baz=xoxo + * var path = $location.path(); + * // => "/some/path" + * ``` + * + * @param {(string|number)=} path New path + * @return {(string|object)} path if called with no parameters, or `$location` if called with a parameter + */ + path: locationGetterSetter('$$path', function(path) { + path = path !== null ? path.toString() : ''; + return path.charAt(0) === '/' ? path : '/' + path; + }), + + /** + * @ngdoc method + * @name $location#search + * + * @description + * This method is getter / setter. + * + * Return search part (as object) of current URL when called without any parameter. + * + * Change search part when called with parameter and return `$location`. + * + * + * ```js + * // given URL http://example.com/#/some/path?foo=bar&baz=xoxo + * var searchObject = $location.search(); + * // => {foo: 'bar', baz: 'xoxo'} + * + * // set foo to 'yipee' + * $location.search('foo', 'yipee'); + * // $location.search() => {foo: 'yipee', baz: 'xoxo'} + * ``` + * + * @param {string|Object.|Object.>} search New search params - string or + * hash object. + * + * When called with a single argument the method acts as a setter, setting the `search` component + * of `$location` to the specified value. + * + * If the argument is a hash object containing an array of values, these values will be encoded + * as duplicate search parameters in the URL. + * + * @param {(string|Number|Array|boolean)=} paramValue If `search` is a string or number, then `paramValue` + * will override only a single search property. + * + * If `paramValue` is an array, it will override the property of the `search` component of + * `$location` specified via the first argument. + * + * If `paramValue` is `null`, the property specified via the first argument will be deleted. + * + * If `paramValue` is `true`, the property specified via the first argument will be added with no + * value nor trailing equal sign. + * + * @return {Object} If called with no arguments returns the parsed `search` object. If called with + * one or more arguments returns `$location` object itself. + */ + search: function(search, paramValue) { + switch (arguments.length) { + case 0: + return this.$$search; + case 1: + if (isString(search) || isNumber(search)) { + search = search.toString(); + this.$$search = parseKeyValue(search); + } else if (isObject(search)) { + search = copy(search, {}); + // remove object undefined or null properties + forEach(search, function(value, key) { + if (value == null) delete search[key]; + }); + + this.$$search = search; + } else { + throw $locationMinErr('isrcharg', + 'The first argument of the `$location#search()` call must be a string or an object.'); + } + break; + default: + if (isUndefined(paramValue) || paramValue === null) { + delete this.$$search[search]; + } else { + this.$$search[search] = paramValue; + } + } + + this.$$compose(); + return this; + }, + + /** + * @ngdoc method + * @name $location#hash + * + * @description + * This method is getter / setter. + * + * Returns the hash fragment when called without any parameters. + * + * Changes the hash fragment when called with a parameter and returns `$location`. + * + * + * ```js + * // given URL http://example.com/#/some/path?foo=bar&baz=xoxo#hashValue + * var hash = $location.hash(); + * // => "hashValue" + * ``` + * + * @param {(string|number)=} hash New hash fragment + * @return {string} hash + */ + hash: locationGetterSetter('$$hash', function(hash) { + return hash !== null ? hash.toString() : ''; + }), + + /** + * @ngdoc method + * @name $location#replace + * + * @description + * If called, all changes to $location during the current `$digest` will replace the current history + * record, instead of adding a new one. + */ + replace: function() { + this.$$replace = true; + return this; + } +}; + +forEach([LocationHashbangInHtml5Url, LocationHashbangUrl, LocationHtml5Url], function(Location) { + Location.prototype = Object.create(locationPrototype); + + /** + * @ngdoc method + * @name $location#state + * + * @description + * This method is getter / setter. + * + * Return the history state object when called without any parameter. + * + * Change the history state object when called with one parameter and return `$location`. + * The state object is later passed to `pushState` or `replaceState`. + * + * NOTE: This method is supported only in HTML5 mode and only in browsers supporting + * the HTML5 History API (i.e. methods `pushState` and `replaceState`). If you need to support + * older browsers (like IE9 or Android < 4.0), don't use this method. + * + * @param {object=} state State object for pushState or replaceState + * @return {object} state + */ + Location.prototype.state = function(state) { + if (!arguments.length) { + return this.$$state; + } + + if (Location !== LocationHtml5Url || !this.$$html5) { + throw $locationMinErr('nostate', 'History API state support is available only ' + + 'in HTML5 mode and only in browsers supporting HTML5 History API'); + } + // The user might modify `stateObject` after invoking `$location.state(stateObject)` + // but we're changing the $$state reference to $browser.state() during the $digest + // so the modification window is narrow. + this.$$state = isUndefined(state) ? null : state; + this.$$urlUpdatedByLocation = true; + + return this; + }; +}); + + +function locationGetter(property) { + return /** @this */ function() { + return this[property]; + }; +} + + +function locationGetterSetter(property, preprocess) { + return /** @this */ function(value) { + if (isUndefined(value)) { + return this[property]; + } + + this[property] = preprocess(value); + this.$$compose(); + + return this; + }; +} + + +/** + * @ngdoc service + * @name $location + * + * @requires $rootElement + * + * @description + * The $location service parses the URL in the browser address bar (based on the + * [window.location](https://developer.mozilla.org/en/window.location)) and makes the URL + * available to your application. Changes to the URL in the address bar are reflected into + * $location service and changes to $location are reflected into the browser address bar. + * + * **The $location service:** + * + * - Exposes the current URL in the browser address bar, so you can + * - Watch and observe the URL. + * - Change the URL. + * - Synchronizes the URL with the browser when the user + * - Changes the address bar. + * - Clicks the back or forward button (or clicks a History link). + * - Clicks on a link. + * - Represents the URL object as a set of methods (protocol, host, port, path, search, hash). + * + * For more information see {@link guide/$location Developer Guide: Using $location} + */ + +/** + * @ngdoc provider + * @name $locationProvider + * @this + * + * @description + * Use the `$locationProvider` to configure how the application deep linking paths are stored. + */ +function $LocationProvider() { + var hashPrefix = '!', + html5Mode = { + enabled: false, + requireBase: true, + rewriteLinks: true + }; + + /** + * @ngdoc method + * @name $locationProvider#hashPrefix + * @description + * The default value for the prefix is `'!'`. + * @param {string=} prefix Prefix for hash part (containing path and search) + * @returns {*} current value if used as getter or itself (chaining) if used as setter + */ + this.hashPrefix = function(prefix) { + if (isDefined(prefix)) { + hashPrefix = prefix; + return this; + } else { + return hashPrefix; + } + }; + + /** + * @ngdoc method + * @name $locationProvider#html5Mode + * @description + * @param {(boolean|Object)=} mode If boolean, sets `html5Mode.enabled` to value. + * If object, sets `enabled`, `requireBase` and `rewriteLinks` to respective values. Supported + * properties: + * - **enabled** – `{boolean}` – (default: false) If true, will rely on `history.pushState` to + * change urls where supported. Will fall back to hash-prefixed paths in browsers that do not + * support `pushState`. + * - **requireBase** - `{boolean}` - (default: `true`) When html5Mode is enabled, specifies + * whether or not a tag is required to be present. If `enabled` and `requireBase` are + * true, and a base tag is not present, an error will be thrown when `$location` is injected. + * See the {@link guide/$location $location guide for more information} + * - **rewriteLinks** - `{boolean|string}` - (default: `true`) When html5Mode is enabled, + * enables/disables URL rewriting for relative links. If set to a string, URL rewriting will + * only happen on links with an attribute that matches the given string. For example, if set + * to `'internal-link'`, then the URL will only be rewritten for `` links. + * Note that [attribute name normalization](guide/directive#normalization) does not apply + * here, so `'internalLink'` will **not** match `'internal-link'`. + * + * @returns {Object} html5Mode object if used as getter or itself (chaining) if used as setter + */ + this.html5Mode = function(mode) { + if (isBoolean(mode)) { + html5Mode.enabled = mode; + return this; + } else if (isObject(mode)) { + + if (isBoolean(mode.enabled)) { + html5Mode.enabled = mode.enabled; + } + + if (isBoolean(mode.requireBase)) { + html5Mode.requireBase = mode.requireBase; + } + + if (isBoolean(mode.rewriteLinks) || isString(mode.rewriteLinks)) { + html5Mode.rewriteLinks = mode.rewriteLinks; + } + + return this; + } else { + return html5Mode; + } + }; + + /** + * @ngdoc event + * @name $location#$locationChangeStart + * @eventType broadcast on root scope + * @description + * Broadcasted before a URL will change. + * + * This change can be prevented by calling + * `preventDefault` method of the event. See {@link ng.$rootScope.Scope#$on} for more + * details about event object. Upon successful change + * {@link ng.$location#$locationChangeSuccess $locationChangeSuccess} is fired. + * + * The `newState` and `oldState` parameters may be defined only in HTML5 mode and when + * the browser supports the HTML5 History API. + * + * @param {Object} angularEvent Synthetic event object. + * @param {string} newUrl New URL + * @param {string=} oldUrl URL that was before it was changed. + * @param {string=} newState New history state object + * @param {string=} oldState History state object that was before it was changed. + */ + + /** + * @ngdoc event + * @name $location#$locationChangeSuccess + * @eventType broadcast on root scope + * @description + * Broadcasted after a URL was changed. + * + * The `newState` and `oldState` parameters may be defined only in HTML5 mode and when + * the browser supports the HTML5 History API. + * + * @param {Object} angularEvent Synthetic event object. + * @param {string} newUrl New URL + * @param {string=} oldUrl URL that was before it was changed. + * @param {string=} newState New history state object + * @param {string=} oldState History state object that was before it was changed. + */ + + this.$get = ['$rootScope', '$browser', '$sniffer', '$rootElement', '$window', + function($rootScope, $browser, $sniffer, $rootElement, $window) { + var $location, + LocationMode, + baseHref = $browser.baseHref(), // if base[href] is undefined, it defaults to '' + initialUrl = $browser.url(), + appBase; + + if (html5Mode.enabled) { + if (!baseHref && html5Mode.requireBase) { + throw $locationMinErr('nobase', + '$location in HTML5 mode requires a tag to be present!'); + } + appBase = serverBase(initialUrl) + (baseHref || '/'); + LocationMode = $sniffer.history ? LocationHtml5Url : LocationHashbangInHtml5Url; + } else { + appBase = stripHash(initialUrl); + LocationMode = LocationHashbangUrl; + } + var appBaseNoFile = stripFile(appBase); + + $location = new LocationMode(appBase, appBaseNoFile, '#' + hashPrefix); + $location.$$parseLinkUrl(initialUrl, initialUrl); + + $location.$$state = $browser.state(); + + var IGNORE_URI_REGEXP = /^\s*(javascript|mailto):/i; + + function setBrowserUrlWithFallback(url, replace, state) { + var oldUrl = $location.url(); + var oldState = $location.$$state; + try { + $browser.url(url, replace, state); + + // Make sure $location.state() returns referentially identical (not just deeply equal) + // state object; this makes possible quick checking if the state changed in the digest + // loop. Checking deep equality would be too expensive. + $location.$$state = $browser.state(); + } catch (e) { + // Restore old values if pushState fails + $location.url(oldUrl); + $location.$$state = oldState; + + throw e; + } + } + + $rootElement.on('click', function(event) { + var rewriteLinks = html5Mode.rewriteLinks; + // TODO(vojta): rewrite link when opening in new tab/window (in legacy browser) + // currently we open nice url link and redirect then + + if (!rewriteLinks || event.ctrlKey || event.metaKey || event.shiftKey || event.which === 2 || event.button === 2) return; + + var elm = jqLite(event.target); + + // traverse the DOM up to find first A tag + while (nodeName_(elm[0]) !== 'a') { + // ignore rewriting if no A tag (reached root element, or no parent - removed from document) + if (elm[0] === $rootElement[0] || !(elm = elm.parent())[0]) return; + } + + if (isString(rewriteLinks) && isUndefined(elm.attr(rewriteLinks))) return; + + var absHref = elm.prop('href'); + // get the actual href attribute - see + // http://msdn.microsoft.com/en-us/library/ie/dd347148(v=vs.85).aspx + var relHref = elm.attr('href') || elm.attr('xlink:href'); + + if (isObject(absHref) && absHref.toString() === '[object SVGAnimatedString]') { + // SVGAnimatedString.animVal should be identical to SVGAnimatedString.baseVal, unless during + // an animation. + absHref = urlResolve(absHref.animVal).href; + } + + // Ignore when url is started with javascript: or mailto: + if (IGNORE_URI_REGEXP.test(absHref)) return; + + if (absHref && !elm.attr('target') && !event.isDefaultPrevented()) { + if ($location.$$parseLinkUrl(absHref, relHref)) { + // We do a preventDefault for all urls that are part of the angular application, + // in html5mode and also without, so that we are able to abort navigation without + // getting double entries in the location history. + event.preventDefault(); + // update location manually + if ($location.absUrl() !== $browser.url()) { + $rootScope.$apply(); + // hack to work around FF6 bug 684208 when scenario runner clicks on links + $window.angular['ff-684208-preventDefault'] = true; + } + } + } + }); + + + // rewrite hashbang url <> html5 url + if (trimEmptyHash($location.absUrl()) !== trimEmptyHash(initialUrl)) { + $browser.url($location.absUrl(), true); + } + + var initializing = true; + + // update $location when $browser url changes + $browser.onUrlChange(function(newUrl, newState) { + + if (!startsWith(newUrl, appBaseNoFile)) { + // If we are navigating outside of the app then force a reload + $window.location.href = newUrl; + return; + } + + $rootScope.$evalAsync(function() { + var oldUrl = $location.absUrl(); + var oldState = $location.$$state; + var defaultPrevented; + newUrl = trimEmptyHash(newUrl); + $location.$$parse(newUrl); + $location.$$state = newState; + + defaultPrevented = $rootScope.$broadcast('$locationChangeStart', newUrl, oldUrl, + newState, oldState).defaultPrevented; + + // if the location was changed by a `$locationChangeStart` handler then stop + // processing this location change + if ($location.absUrl() !== newUrl) return; + + if (defaultPrevented) { + $location.$$parse(oldUrl); + $location.$$state = oldState; + setBrowserUrlWithFallback(oldUrl, false, oldState); + } else { + initializing = false; + afterLocationChange(oldUrl, oldState); + } + }); + if (!$rootScope.$$phase) $rootScope.$digest(); + }); + + // update browser + $rootScope.$watch(function $locationWatch() { + if (initializing || $location.$$urlUpdatedByLocation) { + $location.$$urlUpdatedByLocation = false; + + var oldUrl = trimEmptyHash($browser.url()); + var newUrl = trimEmptyHash($location.absUrl()); + var oldState = $browser.state(); + var currentReplace = $location.$$replace; + var urlOrStateChanged = oldUrl !== newUrl || + ($location.$$html5 && $sniffer.history && oldState !== $location.$$state); + + if (initializing || urlOrStateChanged) { + initializing = false; + + $rootScope.$evalAsync(function() { + var newUrl = $location.absUrl(); + var defaultPrevented = $rootScope.$broadcast('$locationChangeStart', newUrl, oldUrl, + $location.$$state, oldState).defaultPrevented; + + // if the location was changed by a `$locationChangeStart` handler then stop + // processing this location change + if ($location.absUrl() !== newUrl) return; + + if (defaultPrevented) { + $location.$$parse(oldUrl); + $location.$$state = oldState; + } else { + if (urlOrStateChanged) { + setBrowserUrlWithFallback(newUrl, currentReplace, + oldState === $location.$$state ? null : $location.$$state); + } + afterLocationChange(oldUrl, oldState); + } + }); + } + } + + $location.$$replace = false; + + // we don't need to return anything because $evalAsync will make the digest loop dirty when + // there is a change + }); + + return $location; + + function afterLocationChange(oldUrl, oldState) { + $rootScope.$broadcast('$locationChangeSuccess', $location.absUrl(), oldUrl, + $location.$$state, oldState); + } +}]; +} + +/** + * @ngdoc service + * @name $log + * @requires $window + * + * @description + * Simple service for logging. Default implementation safely writes the message + * into the browser's console (if present). + * + * The main purpose of this service is to simplify debugging and troubleshooting. + * + * The default is to log `debug` messages. You can use + * {@link ng.$logProvider ng.$logProvider#debugEnabled} to change this. + * + * @example + + + angular.module('logExample', []) + .controller('LogController', ['$scope', '$log', function($scope, $log) { + $scope.$log = $log; + $scope.message = 'Hello World!'; + }]); + + +
    +

    Reload this page with open console, enter text and hit the log button...

    + + + + + + +
    +
    +
    + */ + +/** + * @ngdoc provider + * @name $logProvider + * @this + * + * @description + * Use the `$logProvider` to configure how the application logs messages + */ +function $LogProvider() { + var debug = true, + self = this; + + /** + * @ngdoc method + * @name $logProvider#debugEnabled + * @description + * @param {boolean=} flag enable or disable debug level messages + * @returns {*} current value if used as getter or itself (chaining) if used as setter + */ + this.debugEnabled = function(flag) { + if (isDefined(flag)) { + debug = flag; + return this; + } else { + return debug; + } + }; + + this.$get = ['$window', function($window) { + // Support: IE 9-11, Edge 12-14+ + // IE/Edge display errors in such a way that it requires the user to click in 4 places + // to see the stack trace. There is no way to feature-detect it so there's a chance + // of the user agent sniffing to go wrong but since it's only about logging, this shouldn't + // break apps. Other browsers display errors in a sensible way and some of them map stack + // traces along source maps if available so it makes sense to let browsers display it + // as they want. + var formatStackTrace = msie || /\bEdge\//.test($window.navigator && $window.navigator.userAgent); + + return { + /** + * @ngdoc method + * @name $log#log + * + * @description + * Write a log message + */ + log: consoleLog('log'), + + /** + * @ngdoc method + * @name $log#info + * + * @description + * Write an information message + */ + info: consoleLog('info'), + + /** + * @ngdoc method + * @name $log#warn + * + * @description + * Write a warning message + */ + warn: consoleLog('warn'), + + /** + * @ngdoc method + * @name $log#error + * + * @description + * Write an error message + */ + error: consoleLog('error'), + + /** + * @ngdoc method + * @name $log#debug + * + * @description + * Write a debug message + */ + debug: (function() { + var fn = consoleLog('debug'); + + return function() { + if (debug) { + fn.apply(self, arguments); + } + }; + })() + }; + + function formatError(arg) { + if (arg instanceof Error) { + if (arg.stack && formatStackTrace) { + arg = (arg.message && arg.stack.indexOf(arg.message) === -1) + ? 'Error: ' + arg.message + '\n' + arg.stack + : arg.stack; + } else if (arg.sourceURL) { + arg = arg.message + '\n' + arg.sourceURL + ':' + arg.line; + } + } + return arg; + } + + function consoleLog(type) { + var console = $window.console || {}, + logFn = console[type] || console.log || noop, + hasApply = false; + + // Note: reading logFn.apply throws an error in IE11 in IE8 document mode. + // The reason behind this is that console.log has type "object" in IE8... + try { + hasApply = !!logFn.apply; + } catch (e) { /* empty */ } + + if (hasApply) { + return function() { + var args = []; + forEach(arguments, function(arg) { + args.push(formatError(arg)); + }); + return logFn.apply(console, args); + }; + } + + // we are IE which either doesn't have window.console => this is noop and we do nothing, + // or we are IE where console.log doesn't have apply so we log at least first 2 args + return function(arg1, arg2) { + logFn(arg1, arg2 == null ? '' : arg2); + }; + } + }]; +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * Any commits to this file should be reviewed with security in mind. * + * Changes to this file can potentially create security vulnerabilities. * + * An approval from 2 Core members with history of modifying * + * this file is required. * + * * + * Does the change somehow allow for arbitrary javascript to be executed? * + * Or allows for someone to change the prototype of built-in objects? * + * Or gives undesired access to variables likes document or window? * + * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ + +var $parseMinErr = minErr('$parse'); + +var objectValueOf = {}.constructor.prototype.valueOf; + +// Sandboxing Angular Expressions +// ------------------------------ +// Angular expressions are no longer sandboxed. So it is now even easier to access arbitrary JS code by +// various means such as obtaining a reference to native JS functions like the Function constructor. +// +// As an example, consider the following Angular expression: +// +// {}.toString.constructor('alert("evil JS code")') +// +// It is important to realize that if you create an expression from a string that contains user provided +// content then it is possible that your application contains a security vulnerability to an XSS style attack. +// +// See https://docs.angularjs.org/guide/security + + +function getStringValue(name) { + // Property names must be strings. This means that non-string objects cannot be used + // as keys in an object. Any non-string object, including a number, is typecasted + // into a string via the toString method. + // -- MDN, https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Operators/Property_accessors#Property_names + // + // So, to ensure that we are checking the same `name` that JavaScript would use, we cast it + // to a string. It's not always possible. If `name` is an object and its `toString` method is + // 'broken' (doesn't return a string, isn't a function, etc.), an error will be thrown: + // + // TypeError: Cannot convert object to primitive value + // + // For performance reasons, we don't catch this error here and allow it to propagate up the call + // stack. Note that you'll get the same error in JavaScript if you try to access a property using + // such a 'broken' object as a key. + return name + ''; +} + + +var OPERATORS = createMap(); +forEach('+ - * / % === !== == != < > <= >= && || ! = |'.split(' '), function(operator) { OPERATORS[operator] = true; }); +var ESCAPE = {'n':'\n', 'f':'\f', 'r':'\r', 't':'\t', 'v':'\v', '\'':'\'', '"':'"'}; + + +///////////////////////////////////////// + + +/** + * @constructor + */ +var Lexer = function Lexer(options) { + this.options = options; +}; + +Lexer.prototype = { + constructor: Lexer, + + lex: function(text) { + this.text = text; + this.index = 0; + this.tokens = []; + + while (this.index < this.text.length) { + var ch = this.text.charAt(this.index); + if (ch === '"' || ch === '\'') { + this.readString(ch); + } else if (this.isNumber(ch) || ch === '.' && this.isNumber(this.peek())) { + this.readNumber(); + } else if (this.isIdentifierStart(this.peekMultichar())) { + this.readIdent(); + } else if (this.is(ch, '(){}[].,;:?')) { + this.tokens.push({index: this.index, text: ch}); + this.index++; + } else if (this.isWhitespace(ch)) { + this.index++; + } else { + var ch2 = ch + this.peek(); + var ch3 = ch2 + this.peek(2); + var op1 = OPERATORS[ch]; + var op2 = OPERATORS[ch2]; + var op3 = OPERATORS[ch3]; + if (op1 || op2 || op3) { + var token = op3 ? ch3 : (op2 ? ch2 : ch); + this.tokens.push({index: this.index, text: token, operator: true}); + this.index += token.length; + } else { + this.throwError('Unexpected next character ', this.index, this.index + 1); + } + } + } + return this.tokens; + }, + + is: function(ch, chars) { + return chars.indexOf(ch) !== -1; + }, + + peek: function(i) { + var num = i || 1; + return (this.index + num < this.text.length) ? this.text.charAt(this.index + num) : false; + }, + + isNumber: function(ch) { + return ('0' <= ch && ch <= '9') && typeof ch === 'string'; + }, + + isWhitespace: function(ch) { + // IE treats non-breaking space as \u00A0 + return (ch === ' ' || ch === '\r' || ch === '\t' || + ch === '\n' || ch === '\v' || ch === '\u00A0'); + }, + + isIdentifierStart: function(ch) { + return this.options.isIdentifierStart ? + this.options.isIdentifierStart(ch, this.codePointAt(ch)) : + this.isValidIdentifierStart(ch); + }, + + isValidIdentifierStart: function(ch) { + return ('a' <= ch && ch <= 'z' || + 'A' <= ch && ch <= 'Z' || + '_' === ch || ch === '$'); + }, + + isIdentifierContinue: function(ch) { + return this.options.isIdentifierContinue ? + this.options.isIdentifierContinue(ch, this.codePointAt(ch)) : + this.isValidIdentifierContinue(ch); + }, + + isValidIdentifierContinue: function(ch, cp) { + return this.isValidIdentifierStart(ch, cp) || this.isNumber(ch); + }, + + codePointAt: function(ch) { + if (ch.length === 1) return ch.charCodeAt(0); + // eslint-disable-next-line no-bitwise + return (ch.charCodeAt(0) << 10) + ch.charCodeAt(1) - 0x35FDC00; + }, + + peekMultichar: function() { + var ch = this.text.charAt(this.index); + var peek = this.peek(); + if (!peek) { + return ch; + } + var cp1 = ch.charCodeAt(0); + var cp2 = peek.charCodeAt(0); + if (cp1 >= 0xD800 && cp1 <= 0xDBFF && cp2 >= 0xDC00 && cp2 <= 0xDFFF) { + return ch + peek; + } + return ch; + }, + + isExpOperator: function(ch) { + return (ch === '-' || ch === '+' || this.isNumber(ch)); + }, + + throwError: function(error, start, end) { + end = end || this.index; + var colStr = (isDefined(start) + ? 's ' + start + '-' + this.index + ' [' + this.text.substring(start, end) + ']' + : ' ' + end); + throw $parseMinErr('lexerr', 'Lexer Error: {0} at column{1} in expression [{2}].', + error, colStr, this.text); + }, + + readNumber: function() { + var number = ''; + var start = this.index; + while (this.index < this.text.length) { + var ch = lowercase(this.text.charAt(this.index)); + if (ch === '.' || this.isNumber(ch)) { + number += ch; + } else { + var peekCh = this.peek(); + if (ch === 'e' && this.isExpOperator(peekCh)) { + number += ch; + } else if (this.isExpOperator(ch) && + peekCh && this.isNumber(peekCh) && + number.charAt(number.length - 1) === 'e') { + number += ch; + } else if (this.isExpOperator(ch) && + (!peekCh || !this.isNumber(peekCh)) && + number.charAt(number.length - 1) === 'e') { + this.throwError('Invalid exponent'); + } else { + break; + } + } + this.index++; + } + this.tokens.push({ + index: start, + text: number, + constant: true, + value: Number(number) + }); + }, + + readIdent: function() { + var start = this.index; + this.index += this.peekMultichar().length; + while (this.index < this.text.length) { + var ch = this.peekMultichar(); + if (!this.isIdentifierContinue(ch)) { + break; + } + this.index += ch.length; + } + this.tokens.push({ + index: start, + text: this.text.slice(start, this.index), + identifier: true + }); + }, + + readString: function(quote) { + var start = this.index; + this.index++; + var string = ''; + var rawString = quote; + var escape = false; + while (this.index < this.text.length) { + var ch = this.text.charAt(this.index); + rawString += ch; + if (escape) { + if (ch === 'u') { + var hex = this.text.substring(this.index + 1, this.index + 5); + if (!hex.match(/[\da-f]{4}/i)) { + this.throwError('Invalid unicode escape [\\u' + hex + ']'); + } + this.index += 4; + string += String.fromCharCode(parseInt(hex, 16)); + } else { + var rep = ESCAPE[ch]; + string = string + (rep || ch); + } + escape = false; + } else if (ch === '\\') { + escape = true; + } else if (ch === quote) { + this.index++; + this.tokens.push({ + index: start, + text: rawString, + constant: true, + value: string + }); + return; + } else { + string += ch; + } + this.index++; + } + this.throwError('Unterminated quote', start); + } +}; + +var AST = function AST(lexer, options) { + this.lexer = lexer; + this.options = options; +}; + +AST.Program = 'Program'; +AST.ExpressionStatement = 'ExpressionStatement'; +AST.AssignmentExpression = 'AssignmentExpression'; +AST.ConditionalExpression = 'ConditionalExpression'; +AST.LogicalExpression = 'LogicalExpression'; +AST.BinaryExpression = 'BinaryExpression'; +AST.UnaryExpression = 'UnaryExpression'; +AST.CallExpression = 'CallExpression'; +AST.MemberExpression = 'MemberExpression'; +AST.Identifier = 'Identifier'; +AST.Literal = 'Literal'; +AST.ArrayExpression = 'ArrayExpression'; +AST.Property = 'Property'; +AST.ObjectExpression = 'ObjectExpression'; +AST.ThisExpression = 'ThisExpression'; +AST.LocalsExpression = 'LocalsExpression'; + +// Internal use only +AST.NGValueParameter = 'NGValueParameter'; + +AST.prototype = { + ast: function(text) { + this.text = text; + this.tokens = this.lexer.lex(text); + + var value = this.program(); + + if (this.tokens.length !== 0) { + this.throwError('is an unexpected token', this.tokens[0]); + } + + return value; + }, + + program: function() { + var body = []; + while (true) { + if (this.tokens.length > 0 && !this.peek('}', ')', ';', ']')) + body.push(this.expressionStatement()); + if (!this.expect(';')) { + return { type: AST.Program, body: body}; + } + } + }, + + expressionStatement: function() { + return { type: AST.ExpressionStatement, expression: this.filterChain() }; + }, + + filterChain: function() { + var left = this.expression(); + while (this.expect('|')) { + left = this.filter(left); + } + return left; + }, + + expression: function() { + return this.assignment(); + }, + + assignment: function() { + var result = this.ternary(); + if (this.expect('=')) { + if (!isAssignable(result)) { + throw $parseMinErr('lval', 'Trying to assign a value to a non l-value'); + } + + result = { type: AST.AssignmentExpression, left: result, right: this.assignment(), operator: '='}; + } + return result; + }, + + ternary: function() { + var test = this.logicalOR(); + var alternate; + var consequent; + if (this.expect('?')) { + alternate = this.expression(); + if (this.consume(':')) { + consequent = this.expression(); + return { type: AST.ConditionalExpression, test: test, alternate: alternate, consequent: consequent}; + } + } + return test; + }, + + logicalOR: function() { + var left = this.logicalAND(); + while (this.expect('||')) { + left = { type: AST.LogicalExpression, operator: '||', left: left, right: this.logicalAND() }; + } + return left; + }, + + logicalAND: function() { + var left = this.equality(); + while (this.expect('&&')) { + left = { type: AST.LogicalExpression, operator: '&&', left: left, right: this.equality()}; + } + return left; + }, + + equality: function() { + var left = this.relational(); + var token; + while ((token = this.expect('==','!=','===','!=='))) { + left = { type: AST.BinaryExpression, operator: token.text, left: left, right: this.relational() }; + } + return left; + }, + + relational: function() { + var left = this.additive(); + var token; + while ((token = this.expect('<', '>', '<=', '>='))) { + left = { type: AST.BinaryExpression, operator: token.text, left: left, right: this.additive() }; + } + return left; + }, + + additive: function() { + var left = this.multiplicative(); + var token; + while ((token = this.expect('+','-'))) { + left = { type: AST.BinaryExpression, operator: token.text, left: left, right: this.multiplicative() }; + } + return left; + }, + + multiplicative: function() { + var left = this.unary(); + var token; + while ((token = this.expect('*','/','%'))) { + left = { type: AST.BinaryExpression, operator: token.text, left: left, right: this.unary() }; + } + return left; + }, + + unary: function() { + var token; + if ((token = this.expect('+', '-', '!'))) { + return { type: AST.UnaryExpression, operator: token.text, prefix: true, argument: this.unary() }; + } else { + return this.primary(); + } + }, + + primary: function() { + var primary; + if (this.expect('(')) { + primary = this.filterChain(); + this.consume(')'); + } else if (this.expect('[')) { + primary = this.arrayDeclaration(); + } else if (this.expect('{')) { + primary = this.object(); + } else if (this.selfReferential.hasOwnProperty(this.peek().text)) { + primary = copy(this.selfReferential[this.consume().text]); + } else if (this.options.literals.hasOwnProperty(this.peek().text)) { + primary = { type: AST.Literal, value: this.options.literals[this.consume().text]}; + } else if (this.peek().identifier) { + primary = this.identifier(); + } else if (this.peek().constant) { + primary = this.constant(); + } else { + this.throwError('not a primary expression', this.peek()); + } + + var next; + while ((next = this.expect('(', '[', '.'))) { + if (next.text === '(') { + primary = {type: AST.CallExpression, callee: primary, arguments: this.parseArguments() }; + this.consume(')'); + } else if (next.text === '[') { + primary = { type: AST.MemberExpression, object: primary, property: this.expression(), computed: true }; + this.consume(']'); + } else if (next.text === '.') { + primary = { type: AST.MemberExpression, object: primary, property: this.identifier(), computed: false }; + } else { + this.throwError('IMPOSSIBLE'); + } + } + return primary; + }, + + filter: function(baseExpression) { + var args = [baseExpression]; + var result = {type: AST.CallExpression, callee: this.identifier(), arguments: args, filter: true}; + + while (this.expect(':')) { + args.push(this.expression()); + } + + return result; + }, + + parseArguments: function() { + var args = []; + if (this.peekToken().text !== ')') { + do { + args.push(this.filterChain()); + } while (this.expect(',')); + } + return args; + }, + + identifier: function() { + var token = this.consume(); + if (!token.identifier) { + this.throwError('is not a valid identifier', token); + } + return { type: AST.Identifier, name: token.text }; + }, + + constant: function() { + // TODO check that it is a constant + return { type: AST.Literal, value: this.consume().value }; + }, + + arrayDeclaration: function() { + var elements = []; + if (this.peekToken().text !== ']') { + do { + if (this.peek(']')) { + // Support trailing commas per ES5.1. + break; + } + elements.push(this.expression()); + } while (this.expect(',')); + } + this.consume(']'); + + return { type: AST.ArrayExpression, elements: elements }; + }, + + object: function() { + var properties = [], property; + if (this.peekToken().text !== '}') { + do { + if (this.peek('}')) { + // Support trailing commas per ES5.1. + break; + } + property = {type: AST.Property, kind: 'init'}; + if (this.peek().constant) { + property.key = this.constant(); + property.computed = false; + this.consume(':'); + property.value = this.expression(); + } else if (this.peek().identifier) { + property.key = this.identifier(); + property.computed = false; + if (this.peek(':')) { + this.consume(':'); + property.value = this.expression(); + } else { + property.value = property.key; + } + } else if (this.peek('[')) { + this.consume('['); + property.key = this.expression(); + this.consume(']'); + property.computed = true; + this.consume(':'); + property.value = this.expression(); + } else { + this.throwError('invalid key', this.peek()); + } + properties.push(property); + } while (this.expect(',')); + } + this.consume('}'); + + return {type: AST.ObjectExpression, properties: properties }; + }, + + throwError: function(msg, token) { + throw $parseMinErr('syntax', + 'Syntax Error: Token \'{0}\' {1} at column {2} of the expression [{3}] starting at [{4}].', + token.text, msg, (token.index + 1), this.text, this.text.substring(token.index)); + }, + + consume: function(e1) { + if (this.tokens.length === 0) { + throw $parseMinErr('ueoe', 'Unexpected end of expression: {0}', this.text); + } + + var token = this.expect(e1); + if (!token) { + this.throwError('is unexpected, expecting [' + e1 + ']', this.peek()); + } + return token; + }, + + peekToken: function() { + if (this.tokens.length === 0) { + throw $parseMinErr('ueoe', 'Unexpected end of expression: {0}', this.text); + } + return this.tokens[0]; + }, + + peek: function(e1, e2, e3, e4) { + return this.peekAhead(0, e1, e2, e3, e4); + }, + + peekAhead: function(i, e1, e2, e3, e4) { + if (this.tokens.length > i) { + var token = this.tokens[i]; + var t = token.text; + if (t === e1 || t === e2 || t === e3 || t === e4 || + (!e1 && !e2 && !e3 && !e4)) { + return token; + } + } + return false; + }, + + expect: function(e1, e2, e3, e4) { + var token = this.peek(e1, e2, e3, e4); + if (token) { + this.tokens.shift(); + return token; + } + return false; + }, + + selfReferential: { + 'this': {type: AST.ThisExpression }, + '$locals': {type: AST.LocalsExpression } + } +}; + +function ifDefined(v, d) { + return typeof v !== 'undefined' ? v : d; +} + +function plusFn(l, r) { + if (typeof l === 'undefined') return r; + if (typeof r === 'undefined') return l; + return l + r; +} + +function isStateless($filter, filterName) { + var fn = $filter(filterName); + return !fn.$stateful; +} + +function findConstantAndWatchExpressions(ast, $filter) { + var allConstants; + var argsToWatch; + var isStatelessFilter; + switch (ast.type) { + case AST.Program: + allConstants = true; + forEach(ast.body, function(expr) { + findConstantAndWatchExpressions(expr.expression, $filter); + allConstants = allConstants && expr.expression.constant; + }); + ast.constant = allConstants; + break; + case AST.Literal: + ast.constant = true; + ast.toWatch = []; + break; + case AST.UnaryExpression: + findConstantAndWatchExpressions(ast.argument, $filter); + ast.constant = ast.argument.constant; + ast.toWatch = ast.argument.toWatch; + break; + case AST.BinaryExpression: + findConstantAndWatchExpressions(ast.left, $filter); + findConstantAndWatchExpressions(ast.right, $filter); + ast.constant = ast.left.constant && ast.right.constant; + ast.toWatch = ast.left.toWatch.concat(ast.right.toWatch); + break; + case AST.LogicalExpression: + findConstantAndWatchExpressions(ast.left, $filter); + findConstantAndWatchExpressions(ast.right, $filter); + ast.constant = ast.left.constant && ast.right.constant; + ast.toWatch = ast.constant ? [] : [ast]; + break; + case AST.ConditionalExpression: + findConstantAndWatchExpressions(ast.test, $filter); + findConstantAndWatchExpressions(ast.alternate, $filter); + findConstantAndWatchExpressions(ast.consequent, $filter); + ast.constant = ast.test.constant && ast.alternate.constant && ast.consequent.constant; + ast.toWatch = ast.constant ? [] : [ast]; + break; + case AST.Identifier: + ast.constant = false; + ast.toWatch = [ast]; + break; + case AST.MemberExpression: + findConstantAndWatchExpressions(ast.object, $filter); + if (ast.computed) { + findConstantAndWatchExpressions(ast.property, $filter); + } + ast.constant = ast.object.constant && (!ast.computed || ast.property.constant); + ast.toWatch = [ast]; + break; + case AST.CallExpression: + isStatelessFilter = ast.filter ? isStateless($filter, ast.callee.name) : false; + allConstants = isStatelessFilter; + argsToWatch = []; + forEach(ast.arguments, function(expr) { + findConstantAndWatchExpressions(expr, $filter); + allConstants = allConstants && expr.constant; + if (!expr.constant) { + argsToWatch.push.apply(argsToWatch, expr.toWatch); + } + }); + ast.constant = allConstants; + ast.toWatch = isStatelessFilter ? argsToWatch : [ast]; + break; + case AST.AssignmentExpression: + findConstantAndWatchExpressions(ast.left, $filter); + findConstantAndWatchExpressions(ast.right, $filter); + ast.constant = ast.left.constant && ast.right.constant; + ast.toWatch = [ast]; + break; + case AST.ArrayExpression: + allConstants = true; + argsToWatch = []; + forEach(ast.elements, function(expr) { + findConstantAndWatchExpressions(expr, $filter); + allConstants = allConstants && expr.constant; + if (!expr.constant) { + argsToWatch.push.apply(argsToWatch, expr.toWatch); + } + }); + ast.constant = allConstants; + ast.toWatch = argsToWatch; + break; + case AST.ObjectExpression: + allConstants = true; + argsToWatch = []; + forEach(ast.properties, function(property) { + findConstantAndWatchExpressions(property.value, $filter); + allConstants = allConstants && property.value.constant && !property.computed; + if (!property.value.constant) { + argsToWatch.push.apply(argsToWatch, property.value.toWatch); + } + if (property.computed) { + findConstantAndWatchExpressions(property.key, $filter); + if (!property.key.constant) { + argsToWatch.push.apply(argsToWatch, property.key.toWatch); + } + } + + }); + ast.constant = allConstants; + ast.toWatch = argsToWatch; + break; + case AST.ThisExpression: + ast.constant = false; + ast.toWatch = []; + break; + case AST.LocalsExpression: + ast.constant = false; + ast.toWatch = []; + break; + } +} + +function getInputs(body) { + if (body.length !== 1) return; + var lastExpression = body[0].expression; + var candidate = lastExpression.toWatch; + if (candidate.length !== 1) return candidate; + return candidate[0] !== lastExpression ? candidate : undefined; +} + +function isAssignable(ast) { + return ast.type === AST.Identifier || ast.type === AST.MemberExpression; +} + +function assignableAST(ast) { + if (ast.body.length === 1 && isAssignable(ast.body[0].expression)) { + return {type: AST.AssignmentExpression, left: ast.body[0].expression, right: {type: AST.NGValueParameter}, operator: '='}; + } +} + +function isLiteral(ast) { + return ast.body.length === 0 || + ast.body.length === 1 && ( + ast.body[0].expression.type === AST.Literal || + ast.body[0].expression.type === AST.ArrayExpression || + ast.body[0].expression.type === AST.ObjectExpression); +} + +function isConstant(ast) { + return ast.constant; +} + +function ASTCompiler($filter) { + this.$filter = $filter; +} + +ASTCompiler.prototype = { + compile: function(ast) { + var self = this; + this.state = { + nextId: 0, + filters: {}, + fn: {vars: [], body: [], own: {}}, + assign: {vars: [], body: [], own: {}}, + inputs: [] + }; + findConstantAndWatchExpressions(ast, self.$filter); + var extra = ''; + var assignable; + this.stage = 'assign'; + if ((assignable = assignableAST(ast))) { + this.state.computing = 'assign'; + var result = this.nextId(); + this.recurse(assignable, result); + this.return_(result); + extra = 'fn.assign=' + this.generateFunction('assign', 's,v,l'); + } + var toWatch = getInputs(ast.body); + self.stage = 'inputs'; + forEach(toWatch, function(watch, key) { + var fnKey = 'fn' + key; + self.state[fnKey] = {vars: [], body: [], own: {}}; + self.state.computing = fnKey; + var intoId = self.nextId(); + self.recurse(watch, intoId); + self.return_(intoId); + self.state.inputs.push(fnKey); + watch.watchId = key; + }); + this.state.computing = 'fn'; + this.stage = 'main'; + this.recurse(ast); + var fnString = + // The build and minification steps remove the string "use strict" from the code, but this is done using a regex. + // This is a workaround for this until we do a better job at only removing the prefix only when we should. + '"' + this.USE + ' ' + this.STRICT + '";\n' + + this.filterPrefix() + + 'var fn=' + this.generateFunction('fn', 's,l,a,i') + + extra + + this.watchFns() + + 'return fn;'; + + // eslint-disable-next-line no-new-func + var fn = (new Function('$filter', + 'getStringValue', + 'ifDefined', + 'plus', + fnString))( + this.$filter, + getStringValue, + ifDefined, + plusFn); + this.state = this.stage = undefined; + return fn; + }, + + USE: 'use', + + STRICT: 'strict', + + watchFns: function() { + var result = []; + var fns = this.state.inputs; + var self = this; + forEach(fns, function(name) { + result.push('var ' + name + '=' + self.generateFunction(name, 's')); + }); + if (fns.length) { + result.push('fn.inputs=[' + fns.join(',') + '];'); + } + return result.join(''); + }, + + generateFunction: function(name, params) { + return 'function(' + params + '){' + + this.varsPrefix(name) + + this.body(name) + + '};'; + }, + + filterPrefix: function() { + var parts = []; + var self = this; + forEach(this.state.filters, function(id, filter) { + parts.push(id + '=$filter(' + self.escape(filter) + ')'); + }); + if (parts.length) return 'var ' + parts.join(',') + ';'; + return ''; + }, + + varsPrefix: function(section) { + return this.state[section].vars.length ? 'var ' + this.state[section].vars.join(',') + ';' : ''; + }, + + body: function(section) { + return this.state[section].body.join(''); + }, + + recurse: function(ast, intoId, nameId, recursionFn, create, skipWatchIdCheck) { + var left, right, self = this, args, expression, computed; + recursionFn = recursionFn || noop; + if (!skipWatchIdCheck && isDefined(ast.watchId)) { + intoId = intoId || this.nextId(); + this.if_('i', + this.lazyAssign(intoId, this.computedMember('i', ast.watchId)), + this.lazyRecurse(ast, intoId, nameId, recursionFn, create, true) + ); + return; + } + switch (ast.type) { + case AST.Program: + forEach(ast.body, function(expression, pos) { + self.recurse(expression.expression, undefined, undefined, function(expr) { right = expr; }); + if (pos !== ast.body.length - 1) { + self.current().body.push(right, ';'); + } else { + self.return_(right); + } + }); + break; + case AST.Literal: + expression = this.escape(ast.value); + this.assign(intoId, expression); + recursionFn(intoId || expression); + break; + case AST.UnaryExpression: + this.recurse(ast.argument, undefined, undefined, function(expr) { right = expr; }); + expression = ast.operator + '(' + this.ifDefined(right, 0) + ')'; + this.assign(intoId, expression); + recursionFn(expression); + break; + case AST.BinaryExpression: + this.recurse(ast.left, undefined, undefined, function(expr) { left = expr; }); + this.recurse(ast.right, undefined, undefined, function(expr) { right = expr; }); + if (ast.operator === '+') { + expression = this.plus(left, right); + } else if (ast.operator === '-') { + expression = this.ifDefined(left, 0) + ast.operator + this.ifDefined(right, 0); + } else { + expression = '(' + left + ')' + ast.operator + '(' + right + ')'; + } + this.assign(intoId, expression); + recursionFn(expression); + break; + case AST.LogicalExpression: + intoId = intoId || this.nextId(); + self.recurse(ast.left, intoId); + self.if_(ast.operator === '&&' ? intoId : self.not(intoId), self.lazyRecurse(ast.right, intoId)); + recursionFn(intoId); + break; + case AST.ConditionalExpression: + intoId = intoId || this.nextId(); + self.recurse(ast.test, intoId); + self.if_(intoId, self.lazyRecurse(ast.alternate, intoId), self.lazyRecurse(ast.consequent, intoId)); + recursionFn(intoId); + break; + case AST.Identifier: + intoId = intoId || this.nextId(); + if (nameId) { + nameId.context = self.stage === 'inputs' ? 's' : this.assign(this.nextId(), this.getHasOwnProperty('l', ast.name) + '?l:s'); + nameId.computed = false; + nameId.name = ast.name; + } + self.if_(self.stage === 'inputs' || self.not(self.getHasOwnProperty('l', ast.name)), + function() { + self.if_(self.stage === 'inputs' || 's', function() { + if (create && create !== 1) { + self.if_( + self.isNull(self.nonComputedMember('s', ast.name)), + self.lazyAssign(self.nonComputedMember('s', ast.name), '{}')); + } + self.assign(intoId, self.nonComputedMember('s', ast.name)); + }); + }, intoId && self.lazyAssign(intoId, self.nonComputedMember('l', ast.name)) + ); + recursionFn(intoId); + break; + case AST.MemberExpression: + left = nameId && (nameId.context = this.nextId()) || this.nextId(); + intoId = intoId || this.nextId(); + self.recurse(ast.object, left, undefined, function() { + self.if_(self.notNull(left), function() { + if (ast.computed) { + right = self.nextId(); + self.recurse(ast.property, right); + self.getStringValue(right); + if (create && create !== 1) { + self.if_(self.not(self.computedMember(left, right)), self.lazyAssign(self.computedMember(left, right), '{}')); + } + expression = self.computedMember(left, right); + self.assign(intoId, expression); + if (nameId) { + nameId.computed = true; + nameId.name = right; + } + } else { + if (create && create !== 1) { + self.if_(self.isNull(self.nonComputedMember(left, ast.property.name)), self.lazyAssign(self.nonComputedMember(left, ast.property.name), '{}')); + } + expression = self.nonComputedMember(left, ast.property.name); + self.assign(intoId, expression); + if (nameId) { + nameId.computed = false; + nameId.name = ast.property.name; + } + } + }, function() { + self.assign(intoId, 'undefined'); + }); + recursionFn(intoId); + }, !!create); + break; + case AST.CallExpression: + intoId = intoId || this.nextId(); + if (ast.filter) { + right = self.filter(ast.callee.name); + args = []; + forEach(ast.arguments, function(expr) { + var argument = self.nextId(); + self.recurse(expr, argument); + args.push(argument); + }); + expression = right + '(' + args.join(',') + ')'; + self.assign(intoId, expression); + recursionFn(intoId); + } else { + right = self.nextId(); + left = {}; + args = []; + self.recurse(ast.callee, right, left, function() { + self.if_(self.notNull(right), function() { + forEach(ast.arguments, function(expr) { + self.recurse(expr, ast.constant ? undefined : self.nextId(), undefined, function(argument) { + args.push(argument); + }); + }); + if (left.name) { + expression = self.member(left.context, left.name, left.computed) + '(' + args.join(',') + ')'; + } else { + expression = right + '(' + args.join(',') + ')'; + } + self.assign(intoId, expression); + }, function() { + self.assign(intoId, 'undefined'); + }); + recursionFn(intoId); + }); + } + break; + case AST.AssignmentExpression: + right = this.nextId(); + left = {}; + this.recurse(ast.left, undefined, left, function() { + self.if_(self.notNull(left.context), function() { + self.recurse(ast.right, right); + expression = self.member(left.context, left.name, left.computed) + ast.operator + right; + self.assign(intoId, expression); + recursionFn(intoId || expression); + }); + }, 1); + break; + case AST.ArrayExpression: + args = []; + forEach(ast.elements, function(expr) { + self.recurse(expr, ast.constant ? undefined : self.nextId(), undefined, function(argument) { + args.push(argument); + }); + }); + expression = '[' + args.join(',') + ']'; + this.assign(intoId, expression); + recursionFn(intoId || expression); + break; + case AST.ObjectExpression: + args = []; + computed = false; + forEach(ast.properties, function(property) { + if (property.computed) { + computed = true; + } + }); + if (computed) { + intoId = intoId || this.nextId(); + this.assign(intoId, '{}'); + forEach(ast.properties, function(property) { + if (property.computed) { + left = self.nextId(); + self.recurse(property.key, left); + } else { + left = property.key.type === AST.Identifier ? + property.key.name : + ('' + property.key.value); + } + right = self.nextId(); + self.recurse(property.value, right); + self.assign(self.member(intoId, left, property.computed), right); + }); + } else { + forEach(ast.properties, function(property) { + self.recurse(property.value, ast.constant ? undefined : self.nextId(), undefined, function(expr) { + args.push(self.escape( + property.key.type === AST.Identifier ? property.key.name : + ('' + property.key.value)) + + ':' + expr); + }); + }); + expression = '{' + args.join(',') + '}'; + this.assign(intoId, expression); + } + recursionFn(intoId || expression); + break; + case AST.ThisExpression: + this.assign(intoId, 's'); + recursionFn(intoId || 's'); + break; + case AST.LocalsExpression: + this.assign(intoId, 'l'); + recursionFn(intoId || 'l'); + break; + case AST.NGValueParameter: + this.assign(intoId, 'v'); + recursionFn(intoId || 'v'); + break; + } + }, + + getHasOwnProperty: function(element, property) { + var key = element + '.' + property; + var own = this.current().own; + if (!own.hasOwnProperty(key)) { + own[key] = this.nextId(false, element + '&&(' + this.escape(property) + ' in ' + element + ')'); + } + return own[key]; + }, + + assign: function(id, value) { + if (!id) return; + this.current().body.push(id, '=', value, ';'); + return id; + }, + + filter: function(filterName) { + if (!this.state.filters.hasOwnProperty(filterName)) { + this.state.filters[filterName] = this.nextId(true); + } + return this.state.filters[filterName]; + }, + + ifDefined: function(id, defaultValue) { + return 'ifDefined(' + id + ',' + this.escape(defaultValue) + ')'; + }, + + plus: function(left, right) { + return 'plus(' + left + ',' + right + ')'; + }, + + return_: function(id) { + this.current().body.push('return ', id, ';'); + }, + + if_: function(test, alternate, consequent) { + if (test === true) { + alternate(); + } else { + var body = this.current().body; + body.push('if(', test, '){'); + alternate(); + body.push('}'); + if (consequent) { + body.push('else{'); + consequent(); + body.push('}'); + } + } + }, + + not: function(expression) { + return '!(' + expression + ')'; + }, + + isNull: function(expression) { + return expression + '==null'; + }, + + notNull: function(expression) { + return expression + '!=null'; + }, + + nonComputedMember: function(left, right) { + var SAFE_IDENTIFIER = /^[$_a-zA-Z][$_a-zA-Z0-9]*$/; + var UNSAFE_CHARACTERS = /[^$_a-zA-Z0-9]/g; + if (SAFE_IDENTIFIER.test(right)) { + return left + '.' + right; + } else { + return left + '["' + right.replace(UNSAFE_CHARACTERS, this.stringEscapeFn) + '"]'; + } + }, + + computedMember: function(left, right) { + return left + '[' + right + ']'; + }, + + member: function(left, right, computed) { + if (computed) return this.computedMember(left, right); + return this.nonComputedMember(left, right); + }, + + getStringValue: function(item) { + this.assign(item, 'getStringValue(' + item + ')'); + }, + + lazyRecurse: function(ast, intoId, nameId, recursionFn, create, skipWatchIdCheck) { + var self = this; + return function() { + self.recurse(ast, intoId, nameId, recursionFn, create, skipWatchIdCheck); + }; + }, + + lazyAssign: function(id, value) { + var self = this; + return function() { + self.assign(id, value); + }; + }, + + stringEscapeRegex: /[^ a-zA-Z0-9]/g, + + stringEscapeFn: function(c) { + return '\\u' + ('0000' + c.charCodeAt(0).toString(16)).slice(-4); + }, + + escape: function(value) { + if (isString(value)) return '\'' + value.replace(this.stringEscapeRegex, this.stringEscapeFn) + '\''; + if (isNumber(value)) return value.toString(); + if (value === true) return 'true'; + if (value === false) return 'false'; + if (value === null) return 'null'; + if (typeof value === 'undefined') return 'undefined'; + + throw $parseMinErr('esc', 'IMPOSSIBLE'); + }, + + nextId: function(skip, init) { + var id = 'v' + (this.state.nextId++); + if (!skip) { + this.current().vars.push(id + (init ? '=' + init : '')); + } + return id; + }, + + current: function() { + return this.state[this.state.computing]; + } +}; + + +function ASTInterpreter($filter) { + this.$filter = $filter; +} + +ASTInterpreter.prototype = { + compile: function(ast) { + var self = this; + findConstantAndWatchExpressions(ast, self.$filter); + var assignable; + var assign; + if ((assignable = assignableAST(ast))) { + assign = this.recurse(assignable); + } + var toWatch = getInputs(ast.body); + var inputs; + if (toWatch) { + inputs = []; + forEach(toWatch, function(watch, key) { + var input = self.recurse(watch); + watch.input = input; + inputs.push(input); + watch.watchId = key; + }); + } + var expressions = []; + forEach(ast.body, function(expression) { + expressions.push(self.recurse(expression.expression)); + }); + var fn = ast.body.length === 0 ? noop : + ast.body.length === 1 ? expressions[0] : + function(scope, locals) { + var lastValue; + forEach(expressions, function(exp) { + lastValue = exp(scope, locals); + }); + return lastValue; + }; + if (assign) { + fn.assign = function(scope, value, locals) { + return assign(scope, locals, value); + }; + } + if (inputs) { + fn.inputs = inputs; + } + return fn; + }, + + recurse: function(ast, context, create) { + var left, right, self = this, args; + if (ast.input) { + return this.inputs(ast.input, ast.watchId); + } + switch (ast.type) { + case AST.Literal: + return this.value(ast.value, context); + case AST.UnaryExpression: + right = this.recurse(ast.argument); + return this['unary' + ast.operator](right, context); + case AST.BinaryExpression: + left = this.recurse(ast.left); + right = this.recurse(ast.right); + return this['binary' + ast.operator](left, right, context); + case AST.LogicalExpression: + left = this.recurse(ast.left); + right = this.recurse(ast.right); + return this['binary' + ast.operator](left, right, context); + case AST.ConditionalExpression: + return this['ternary?:']( + this.recurse(ast.test), + this.recurse(ast.alternate), + this.recurse(ast.consequent), + context + ); + case AST.Identifier: + return self.identifier(ast.name, context, create); + case AST.MemberExpression: + left = this.recurse(ast.object, false, !!create); + if (!ast.computed) { + right = ast.property.name; + } + if (ast.computed) right = this.recurse(ast.property); + return ast.computed ? + this.computedMember(left, right, context, create) : + this.nonComputedMember(left, right, context, create); + case AST.CallExpression: + args = []; + forEach(ast.arguments, function(expr) { + args.push(self.recurse(expr)); + }); + if (ast.filter) right = this.$filter(ast.callee.name); + if (!ast.filter) right = this.recurse(ast.callee, true); + return ast.filter ? + function(scope, locals, assign, inputs) { + var values = []; + for (var i = 0; i < args.length; ++i) { + values.push(args[i](scope, locals, assign, inputs)); + } + var value = right.apply(undefined, values, inputs); + return context ? {context: undefined, name: undefined, value: value} : value; + } : + function(scope, locals, assign, inputs) { + var rhs = right(scope, locals, assign, inputs); + var value; + if (rhs.value != null) { + var values = []; + for (var i = 0; i < args.length; ++i) { + values.push(args[i](scope, locals, assign, inputs)); + } + value = rhs.value.apply(rhs.context, values); + } + return context ? {value: value} : value; + }; + case AST.AssignmentExpression: + left = this.recurse(ast.left, true, 1); + right = this.recurse(ast.right); + return function(scope, locals, assign, inputs) { + var lhs = left(scope, locals, assign, inputs); + var rhs = right(scope, locals, assign, inputs); + lhs.context[lhs.name] = rhs; + return context ? {value: rhs} : rhs; + }; + case AST.ArrayExpression: + args = []; + forEach(ast.elements, function(expr) { + args.push(self.recurse(expr)); + }); + return function(scope, locals, assign, inputs) { + var value = []; + for (var i = 0; i < args.length; ++i) { + value.push(args[i](scope, locals, assign, inputs)); + } + return context ? {value: value} : value; + }; + case AST.ObjectExpression: + args = []; + forEach(ast.properties, function(property) { + if (property.computed) { + args.push({key: self.recurse(property.key), + computed: true, + value: self.recurse(property.value) + }); + } else { + args.push({key: property.key.type === AST.Identifier ? + property.key.name : + ('' + property.key.value), + computed: false, + value: self.recurse(property.value) + }); + } + }); + return function(scope, locals, assign, inputs) { + var value = {}; + for (var i = 0; i < args.length; ++i) { + if (args[i].computed) { + value[args[i].key(scope, locals, assign, inputs)] = args[i].value(scope, locals, assign, inputs); + } else { + value[args[i].key] = args[i].value(scope, locals, assign, inputs); + } + } + return context ? {value: value} : value; + }; + case AST.ThisExpression: + return function(scope) { + return context ? {value: scope} : scope; + }; + case AST.LocalsExpression: + return function(scope, locals) { + return context ? {value: locals} : locals; + }; + case AST.NGValueParameter: + return function(scope, locals, assign) { + return context ? {value: assign} : assign; + }; + } + }, + + 'unary+': function(argument, context) { + return function(scope, locals, assign, inputs) { + var arg = argument(scope, locals, assign, inputs); + if (isDefined(arg)) { + arg = +arg; + } else { + arg = 0; + } + return context ? {value: arg} : arg; + }; + }, + 'unary-': function(argument, context) { + return function(scope, locals, assign, inputs) { + var arg = argument(scope, locals, assign, inputs); + if (isDefined(arg)) { + arg = -arg; + } else { + arg = -0; + } + return context ? {value: arg} : arg; + }; + }, + 'unary!': function(argument, context) { + return function(scope, locals, assign, inputs) { + var arg = !argument(scope, locals, assign, inputs); + return context ? {value: arg} : arg; + }; + }, + 'binary+': function(left, right, context) { + return function(scope, locals, assign, inputs) { + var lhs = left(scope, locals, assign, inputs); + var rhs = right(scope, locals, assign, inputs); + var arg = plusFn(lhs, rhs); + return context ? {value: arg} : arg; + }; + }, + 'binary-': function(left, right, context) { + return function(scope, locals, assign, inputs) { + var lhs = left(scope, locals, assign, inputs); + var rhs = right(scope, locals, assign, inputs); + var arg = (isDefined(lhs) ? lhs : 0) - (isDefined(rhs) ? rhs : 0); + return context ? {value: arg} : arg; + }; + }, + 'binary*': function(left, right, context) { + return function(scope, locals, assign, inputs) { + var arg = left(scope, locals, assign, inputs) * right(scope, locals, assign, inputs); + return context ? {value: arg} : arg; + }; + }, + 'binary/': function(left, right, context) { + return function(scope, locals, assign, inputs) { + var arg = left(scope, locals, assign, inputs) / right(scope, locals, assign, inputs); + return context ? {value: arg} : arg; + }; + }, + 'binary%': function(left, right, context) { + return function(scope, locals, assign, inputs) { + var arg = left(scope, locals, assign, inputs) % right(scope, locals, assign, inputs); + return context ? {value: arg} : arg; + }; + }, + 'binary===': function(left, right, context) { + return function(scope, locals, assign, inputs) { + var arg = left(scope, locals, assign, inputs) === right(scope, locals, assign, inputs); + return context ? {value: arg} : arg; + }; + }, + 'binary!==': function(left, right, context) { + return function(scope, locals, assign, inputs) { + var arg = left(scope, locals, assign, inputs) !== right(scope, locals, assign, inputs); + return context ? {value: arg} : arg; + }; + }, + 'binary==': function(left, right, context) { + return function(scope, locals, assign, inputs) { + // eslint-disable-next-line eqeqeq + var arg = left(scope, locals, assign, inputs) == right(scope, locals, assign, inputs); + return context ? {value: arg} : arg; + }; + }, + 'binary!=': function(left, right, context) { + return function(scope, locals, assign, inputs) { + // eslint-disable-next-line eqeqeq + var arg = left(scope, locals, assign, inputs) != right(scope, locals, assign, inputs); + return context ? {value: arg} : arg; + }; + }, + 'binary<': function(left, right, context) { + return function(scope, locals, assign, inputs) { + var arg = left(scope, locals, assign, inputs) < right(scope, locals, assign, inputs); + return context ? {value: arg} : arg; + }; + }, + 'binary>': function(left, right, context) { + return function(scope, locals, assign, inputs) { + var arg = left(scope, locals, assign, inputs) > right(scope, locals, assign, inputs); + return context ? {value: arg} : arg; + }; + }, + 'binary<=': function(left, right, context) { + return function(scope, locals, assign, inputs) { + var arg = left(scope, locals, assign, inputs) <= right(scope, locals, assign, inputs); + return context ? {value: arg} : arg; + }; + }, + 'binary>=': function(left, right, context) { + return function(scope, locals, assign, inputs) { + var arg = left(scope, locals, assign, inputs) >= right(scope, locals, assign, inputs); + return context ? {value: arg} : arg; + }; + }, + 'binary&&': function(left, right, context) { + return function(scope, locals, assign, inputs) { + var arg = left(scope, locals, assign, inputs) && right(scope, locals, assign, inputs); + return context ? {value: arg} : arg; + }; + }, + 'binary||': function(left, right, context) { + return function(scope, locals, assign, inputs) { + var arg = left(scope, locals, assign, inputs) || right(scope, locals, assign, inputs); + return context ? {value: arg} : arg; + }; + }, + 'ternary?:': function(test, alternate, consequent, context) { + return function(scope, locals, assign, inputs) { + var arg = test(scope, locals, assign, inputs) ? alternate(scope, locals, assign, inputs) : consequent(scope, locals, assign, inputs); + return context ? {value: arg} : arg; + }; + }, + value: function(value, context) { + return function() { return context ? {context: undefined, name: undefined, value: value} : value; }; + }, + identifier: function(name, context, create) { + return function(scope, locals, assign, inputs) { + var base = locals && (name in locals) ? locals : scope; + if (create && create !== 1 && base && base[name] == null) { + base[name] = {}; + } + var value = base ? base[name] : undefined; + if (context) { + return {context: base, name: name, value: value}; + } else { + return value; + } + }; + }, + computedMember: function(left, right, context, create) { + return function(scope, locals, assign, inputs) { + var lhs = left(scope, locals, assign, inputs); + var rhs; + var value; + if (lhs != null) { + rhs = right(scope, locals, assign, inputs); + rhs = getStringValue(rhs); + if (create && create !== 1) { + if (lhs && !(lhs[rhs])) { + lhs[rhs] = {}; + } + } + value = lhs[rhs]; + } + if (context) { + return {context: lhs, name: rhs, value: value}; + } else { + return value; + } + }; + }, + nonComputedMember: function(left, right, context, create) { + return function(scope, locals, assign, inputs) { + var lhs = left(scope, locals, assign, inputs); + if (create && create !== 1) { + if (lhs && lhs[right] == null) { + lhs[right] = {}; + } + } + var value = lhs != null ? lhs[right] : undefined; + if (context) { + return {context: lhs, name: right, value: value}; + } else { + return value; + } + }; + }, + inputs: function(input, watchId) { + return function(scope, value, locals, inputs) { + if (inputs) return inputs[watchId]; + return input(scope, value, locals); + }; + } +}; + +/** + * @constructor + */ +function Parser(lexer, $filter, options) { + this.ast = new AST(lexer, options); + this.astCompiler = options.csp ? new ASTInterpreter($filter) : + new ASTCompiler($filter); +} + +Parser.prototype = { + constructor: Parser, + + parse: function(text) { + var ast = this.ast.ast(text); + var fn = this.astCompiler.compile(ast); + fn.literal = isLiteral(ast); + fn.constant = isConstant(ast); + return fn; + } +}; + +function getValueOf(value) { + return isFunction(value.valueOf) ? value.valueOf() : objectValueOf.call(value); +} + +/////////////////////////////////// + +/** + * @ngdoc service + * @name $parse + * @kind function + * + * @description + * + * Converts Angular {@link guide/expression expression} into a function. + * + * ```js + * var getter = $parse('user.name'); + * var setter = getter.assign; + * var context = {user:{name:'angular'}}; + * var locals = {user:{name:'local'}}; + * + * expect(getter(context)).toEqual('angular'); + * setter(context, 'newValue'); + * expect(context.user.name).toEqual('newValue'); + * expect(getter(context, locals)).toEqual('local'); + * ``` + * + * + * @param {string} expression String expression to compile. + * @returns {function(context, locals)} a function which represents the compiled expression: + * + * * `context` – `{object}` – an object against which any expressions embedded in the strings + * are evaluated against (typically a scope object). + * * `locals` – `{object=}` – local variables context object, useful for overriding values in + * `context`. + * + * The returned function also has the following properties: + * * `literal` – `{boolean}` – whether the expression's top-level node is a JavaScript + * literal. + * * `constant` – `{boolean}` – whether the expression is made entirely of JavaScript + * constant literals. + * * `assign` – `{?function(context, value)}` – if the expression is assignable, this will be + * set to a function to change its value on the given context. + * + */ + + +/** + * @ngdoc provider + * @name $parseProvider + * @this + * + * @description + * `$parseProvider` can be used for configuring the default behavior of the {@link ng.$parse $parse} + * service. + */ +function $ParseProvider() { + var cache = createMap(); + var literals = { + 'true': true, + 'false': false, + 'null': null, + 'undefined': undefined + }; + var identStart, identContinue; + + /** + * @ngdoc method + * @name $parseProvider#addLiteral + * @description + * + * Configure $parse service to add literal values that will be present as literal at expressions. + * + * @param {string} literalName Token for the literal value. The literal name value must be a valid literal name. + * @param {*} literalValue Value for this literal. All literal values must be primitives or `undefined`. + * + **/ + this.addLiteral = function(literalName, literalValue) { + literals[literalName] = literalValue; + }; + + /** + * @ngdoc method + * @name $parseProvider#setIdentifierFns + * + * @description + * + * Allows defining the set of characters that are allowed in Angular expressions. The function + * `identifierStart` will get called to know if a given character is a valid character to be the + * first character for an identifier. The function `identifierContinue` will get called to know if + * a given character is a valid character to be a follow-up identifier character. The functions + * `identifierStart` and `identifierContinue` will receive as arguments the single character to be + * identifier and the character code point. These arguments will be `string` and `numeric`. Keep in + * mind that the `string` parameter can be two characters long depending on the character + * representation. It is expected for the function to return `true` or `false`, whether that + * character is allowed or not. + * + * Since this function will be called extensively, keep the implementation of these functions fast, + * as the performance of these functions have a direct impact on the expressions parsing speed. + * + * @param {function=} identifierStart The function that will decide whether the given character is + * a valid identifier start character. + * @param {function=} identifierContinue The function that will decide whether the given character is + * a valid identifier continue character. + */ + this.setIdentifierFns = function(identifierStart, identifierContinue) { + identStart = identifierStart; + identContinue = identifierContinue; + return this; + }; + + this.$get = ['$filter', function($filter) { + var noUnsafeEval = csp().noUnsafeEval; + var $parseOptions = { + csp: noUnsafeEval, + literals: copy(literals), + isIdentifierStart: isFunction(identStart) && identStart, + isIdentifierContinue: isFunction(identContinue) && identContinue + }; + return $parse; + + function $parse(exp, interceptorFn) { + var parsedExpression, oneTime, cacheKey; + + switch (typeof exp) { + case 'string': + exp = exp.trim(); + cacheKey = exp; + + parsedExpression = cache[cacheKey]; + + if (!parsedExpression) { + if (exp.charAt(0) === ':' && exp.charAt(1) === ':') { + oneTime = true; + exp = exp.substring(2); + } + var lexer = new Lexer($parseOptions); + var parser = new Parser(lexer, $filter, $parseOptions); + parsedExpression = parser.parse(exp); + if (parsedExpression.constant) { + parsedExpression.$$watchDelegate = constantWatchDelegate; + } else if (oneTime) { + parsedExpression.oneTime = true; + parsedExpression.$$watchDelegate = oneTimeWatchDelegate; + } else if (parsedExpression.inputs) { + parsedExpression.$$watchDelegate = inputsWatchDelegate; + } + cache[cacheKey] = parsedExpression; + } + return addInterceptor(parsedExpression, interceptorFn); + + case 'function': + return addInterceptor(exp, interceptorFn); + + default: + return addInterceptor(noop, interceptorFn); + } + } + + function expressionInputDirtyCheck(newValue, oldValueOfValue, compareObjectIdentity) { + + if (newValue == null || oldValueOfValue == null) { // null/undefined + return newValue === oldValueOfValue; + } + + if (typeof newValue === 'object') { + + // attempt to convert the value to a primitive type + // TODO(docs): add a note to docs that by implementing valueOf even objects and arrays can + // be cheaply dirty-checked + newValue = getValueOf(newValue); + + if (typeof newValue === 'object' && !compareObjectIdentity) { + // objects/arrays are not supported - deep-watching them would be too expensive + return false; + } + + // fall-through to the primitive equality check + } + + //Primitive or NaN + // eslint-disable-next-line no-self-compare + return newValue === oldValueOfValue || (newValue !== newValue && oldValueOfValue !== oldValueOfValue); + } + + function inputsWatchDelegate(scope, listener, objectEquality, parsedExpression, prettyPrintExpression) { + var inputExpressions = parsedExpression.inputs; + var lastResult; + + if (inputExpressions.length === 1) { + var oldInputValueOf = expressionInputDirtyCheck; // init to something unique so that equals check fails + inputExpressions = inputExpressions[0]; + return scope.$watch(function expressionInputWatch(scope) { + var newInputValue = inputExpressions(scope); + if (!expressionInputDirtyCheck(newInputValue, oldInputValueOf, parsedExpression.literal)) { + lastResult = parsedExpression(scope, undefined, undefined, [newInputValue]); + oldInputValueOf = newInputValue && getValueOf(newInputValue); + } + return lastResult; + }, listener, objectEquality, prettyPrintExpression); + } + + var oldInputValueOfValues = []; + var oldInputValues = []; + for (var i = 0, ii = inputExpressions.length; i < ii; i++) { + oldInputValueOfValues[i] = expressionInputDirtyCheck; // init to something unique so that equals check fails + oldInputValues[i] = null; + } + + return scope.$watch(function expressionInputsWatch(scope) { + var changed = false; + + for (var i = 0, ii = inputExpressions.length; i < ii; i++) { + var newInputValue = inputExpressions[i](scope); + if (changed || (changed = !expressionInputDirtyCheck(newInputValue, oldInputValueOfValues[i], parsedExpression.literal))) { + oldInputValues[i] = newInputValue; + oldInputValueOfValues[i] = newInputValue && getValueOf(newInputValue); + } + } + + if (changed) { + lastResult = parsedExpression(scope, undefined, undefined, oldInputValues); + } + + return lastResult; + }, listener, objectEquality, prettyPrintExpression); + } + + function oneTimeWatchDelegate(scope, listener, objectEquality, parsedExpression, prettyPrintExpression) { + var isDone = parsedExpression.literal ? isAllDefined : isDefined; + var unwatch, lastValue; + if (parsedExpression.inputs) { + unwatch = inputsWatchDelegate(scope, oneTimeListener, objectEquality, parsedExpression, prettyPrintExpression); + } else { + unwatch = scope.$watch(oneTimeWatch, oneTimeListener, objectEquality); + } + return unwatch; + + function oneTimeWatch(scope) { + return parsedExpression(scope); + } + function oneTimeListener(value, old, scope) { + lastValue = value; + if (isFunction(listener)) { + listener(value, old, scope); + } + if (isDone(value)) { + scope.$$postDigest(function() { + if (isDone(lastValue)) { + unwatch(); + } + }); + } + } + } + + function isAllDefined(value) { + var allDefined = true; + forEach(value, function(val) { + if (!isDefined(val)) allDefined = false; + }); + return allDefined; + } + + function constantWatchDelegate(scope, listener, objectEquality, parsedExpression) { + var unwatch = scope.$watch(function constantWatch(scope) { + unwatch(); + return parsedExpression(scope); + }, listener, objectEquality); + return unwatch; + } + + function addInterceptor(parsedExpression, interceptorFn) { + if (!interceptorFn) return parsedExpression; + var watchDelegate = parsedExpression.$$watchDelegate; + var useInputs = false; + + var isDone = parsedExpression.literal ? isAllDefined : isDefined; + + function regularInterceptedExpression(scope, locals, assign, inputs) { + var value = useInputs && inputs ? inputs[0] : parsedExpression(scope, locals, assign, inputs); + return interceptorFn(value, scope, locals); + } + + function oneTimeInterceptedExpression(scope, locals, assign, inputs) { + var value = useInputs && inputs ? inputs[0] : parsedExpression(scope, locals, assign, inputs); + var result = interceptorFn(value, scope, locals); + // we only return the interceptor's result if the + // initial value is defined (for bind-once) + return isDone(value) ? result : value; + } + + var fn = parsedExpression.oneTime ? oneTimeInterceptedExpression : regularInterceptedExpression; + + // Propogate the literal/oneTime attributes + fn.literal = parsedExpression.literal; + fn.oneTime = parsedExpression.oneTime; + + // Propagate or create inputs / $$watchDelegates + useInputs = !parsedExpression.inputs; + if (watchDelegate && watchDelegate !== inputsWatchDelegate) { + fn.$$watchDelegate = watchDelegate; + fn.inputs = parsedExpression.inputs; + } else if (!interceptorFn.$stateful) { + // If there is an interceptor, but no watchDelegate then treat the interceptor like + // we treat filters - it is assumed to be a pure function unless flagged with $stateful + fn.$$watchDelegate = inputsWatchDelegate; + fn.inputs = parsedExpression.inputs ? parsedExpression.inputs : [parsedExpression]; + } + + return fn; + } + }]; +} + +/** + * @ngdoc service + * @name $q + * @requires $rootScope + * + * @description + * A service that helps you run functions asynchronously, and use their return values (or exceptions) + * when they are done processing. + * + * This is a [Promises/A+](https://promisesaplus.com/)-compliant implementation of promises/deferred + * objects inspired by [Kris Kowal's Q](https://github.com/kriskowal/q). + * + * $q can be used in two fashions --- one which is more similar to Kris Kowal's Q or jQuery's Deferred + * implementations, and the other which resembles ES6 (ES2015) promises to some degree. + * + * # $q constructor + * + * The streamlined ES6 style promise is essentially just using $q as a constructor which takes a `resolver` + * function as the first argument. This is similar to the native Promise implementation from ES6, + * see [MDN](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise). + * + * While the constructor-style use is supported, not all of the supporting methods from ES6 promises are + * available yet. + * + * It can be used like so: + * + * ```js + * // for the purpose of this example let's assume that variables `$q` and `okToGreet` + * // are available in the current lexical scope (they could have been injected or passed in). + * + * function asyncGreet(name) { + * // perform some asynchronous operation, resolve or reject the promise when appropriate. + * return $q(function(resolve, reject) { + * setTimeout(function() { + * if (okToGreet(name)) { + * resolve('Hello, ' + name + '!'); + * } else { + * reject('Greeting ' + name + ' is not allowed.'); + * } + * }, 1000); + * }); + * } + * + * var promise = asyncGreet('Robin Hood'); + * promise.then(function(greeting) { + * alert('Success: ' + greeting); + * }, function(reason) { + * alert('Failed: ' + reason); + * }); + * ``` + * + * Note: progress/notify callbacks are not currently supported via the ES6-style interface. + * + * Note: unlike ES6 behavior, an exception thrown in the constructor function will NOT implicitly reject the promise. + * + * However, the more traditional CommonJS-style usage is still available, and documented below. + * + * [The CommonJS Promise proposal](http://wiki.commonjs.org/wiki/Promises) describes a promise as an + * interface for interacting with an object that represents the result of an action that is + * performed asynchronously, and may or may not be finished at any given point in time. + * + * From the perspective of dealing with error handling, deferred and promise APIs are to + * asynchronous programming what `try`, `catch` and `throw` keywords are to synchronous programming. + * + * ```js + * // for the purpose of this example let's assume that variables `$q` and `okToGreet` + * // are available in the current lexical scope (they could have been injected or passed in). + * + * function asyncGreet(name) { + * var deferred = $q.defer(); + * + * setTimeout(function() { + * deferred.notify('About to greet ' + name + '.'); + * + * if (okToGreet(name)) { + * deferred.resolve('Hello, ' + name + '!'); + * } else { + * deferred.reject('Greeting ' + name + ' is not allowed.'); + * } + * }, 1000); + * + * return deferred.promise; + * } + * + * var promise = asyncGreet('Robin Hood'); + * promise.then(function(greeting) { + * alert('Success: ' + greeting); + * }, function(reason) { + * alert('Failed: ' + reason); + * }, function(update) { + * alert('Got notification: ' + update); + * }); + * ``` + * + * At first it might not be obvious why this extra complexity is worth the trouble. The payoff + * comes in the way of guarantees that promise and deferred APIs make, see + * https://github.com/kriskowal/uncommonjs/blob/master/promises/specification.md. + * + * Additionally the promise api allows for composition that is very hard to do with the + * traditional callback ([CPS](http://en.wikipedia.org/wiki/Continuation-passing_style)) approach. + * For more on this please see the [Q documentation](https://github.com/kriskowal/q) especially the + * section on serial or parallel joining of promises. + * + * # The Deferred API + * + * A new instance of deferred is constructed by calling `$q.defer()`. + * + * The purpose of the deferred object is to expose the associated Promise instance as well as APIs + * that can be used for signaling the successful or unsuccessful completion, as well as the status + * of the task. + * + * **Methods** + * + * - `resolve(value)` – resolves the derived promise with the `value`. If the value is a rejection + * constructed via `$q.reject`, the promise will be rejected instead. + * - `reject(reason)` – rejects the derived promise with the `reason`. This is equivalent to + * resolving it with a rejection constructed via `$q.reject`. + * - `notify(value)` - provides updates on the status of the promise's execution. This may be called + * multiple times before the promise is either resolved or rejected. + * + * **Properties** + * + * - promise – `{Promise}` – promise object associated with this deferred. + * + * + * # The Promise API + * + * A new promise instance is created when a deferred instance is created and can be retrieved by + * calling `deferred.promise`. + * + * The purpose of the promise object is to allow for interested parties to get access to the result + * of the deferred task when it completes. + * + * **Methods** + * + * - `then(successCallback, [errorCallback], [notifyCallback])` – regardless of when the promise was or + * will be resolved or rejected, `then` calls one of the success or error callbacks asynchronously + * as soon as the result is available. The callbacks are called with a single argument: the result + * or rejection reason. Additionally, the notify callback may be called zero or more times to + * provide a progress indication, before the promise is resolved or rejected. + * + * This method *returns a new promise* which is resolved or rejected via the return value of the + * `successCallback`, `errorCallback` (unless that value is a promise, in which case it is resolved + * with the value which is resolved in that promise using + * [promise chaining](http://www.html5rocks.com/en/tutorials/es6/promises/#toc-promises-queues)). + * It also notifies via the return value of the `notifyCallback` method. The promise cannot be + * resolved or rejected from the notifyCallback method. The errorCallback and notifyCallback + * arguments are optional. + * + * - `catch(errorCallback)` – shorthand for `promise.then(null, errorCallback)` + * + * - `finally(callback, notifyCallback)` – allows you to observe either the fulfillment or rejection of a promise, + * but to do so without modifying the final value. This is useful to release resources or do some + * clean-up that needs to be done whether the promise was rejected or resolved. See the [full + * specification](https://github.com/kriskowal/q/wiki/API-Reference#promisefinallycallback) for + * more information. + * + * # Chaining promises + * + * Because calling the `then` method of a promise returns a new derived promise, it is easily + * possible to create a chain of promises: + * + * ```js + * promiseB = promiseA.then(function(result) { + * return result + 1; + * }); + * + * // promiseB will be resolved immediately after promiseA is resolved and its value + * // will be the result of promiseA incremented by 1 + * ``` + * + * It is possible to create chains of any length and since a promise can be resolved with another + * promise (which will defer its resolution further), it is possible to pause/defer resolution of + * the promises at any point in the chain. This makes it possible to implement powerful APIs like + * $http's response interceptors. + * + * + * # Differences between Kris Kowal's Q and $q + * + * There are two main differences: + * + * - $q is integrated with the {@link ng.$rootScope.Scope} Scope model observation + * mechanism in angular, which means faster propagation of resolution or rejection into your + * models and avoiding unnecessary browser repaints, which would result in flickering UI. + * - Q has many more features than $q, but that comes at a cost of bytes. $q is tiny, but contains + * all the important functionality needed for common async tasks. + * + * # Testing + * + * ```js + * it('should simulate promise', inject(function($q, $rootScope) { + * var deferred = $q.defer(); + * var promise = deferred.promise; + * var resolvedValue; + * + * promise.then(function(value) { resolvedValue = value; }); + * expect(resolvedValue).toBeUndefined(); + * + * // Simulate resolving of promise + * deferred.resolve(123); + * // Note that the 'then' function does not get called synchronously. + * // This is because we want the promise API to always be async, whether or not + * // it got called synchronously or asynchronously. + * expect(resolvedValue).toBeUndefined(); + * + * // Propagate promise resolution to 'then' functions using $apply(). + * $rootScope.$apply(); + * expect(resolvedValue).toEqual(123); + * })); + * ``` + * + * @param {function(function, function)} resolver Function which is responsible for resolving or + * rejecting the newly created promise. The first parameter is a function which resolves the + * promise, the second parameter is a function which rejects the promise. + * + * @returns {Promise} The newly created promise. + */ +/** + * @ngdoc provider + * @name $qProvider + * @this + * + * @description + */ +function $QProvider() { + var errorOnUnhandledRejections = true; + this.$get = ['$rootScope', '$exceptionHandler', function($rootScope, $exceptionHandler) { + return qFactory(function(callback) { + $rootScope.$evalAsync(callback); + }, $exceptionHandler, errorOnUnhandledRejections); + }]; + + /** + * @ngdoc method + * @name $qProvider#errorOnUnhandledRejections + * @kind function + * + * @description + * Retrieves or overrides whether to generate an error when a rejected promise is not handled. + * This feature is enabled by default. + * + * @param {boolean=} value Whether to generate an error when a rejected promise is not handled. + * @returns {boolean|ng.$qProvider} Current value when called without a new value or self for + * chaining otherwise. + */ + this.errorOnUnhandledRejections = function(value) { + if (isDefined(value)) { + errorOnUnhandledRejections = value; + return this; + } else { + return errorOnUnhandledRejections; + } + }; +} + +/** @this */ +function $$QProvider() { + var errorOnUnhandledRejections = true; + this.$get = ['$browser', '$exceptionHandler', function($browser, $exceptionHandler) { + return qFactory(function(callback) { + $browser.defer(callback); + }, $exceptionHandler, errorOnUnhandledRejections); + }]; + + this.errorOnUnhandledRejections = function(value) { + if (isDefined(value)) { + errorOnUnhandledRejections = value; + return this; + } else { + return errorOnUnhandledRejections; + } + }; +} + +/** + * Constructs a promise manager. + * + * @param {function(function)} nextTick Function for executing functions in the next turn. + * @param {function(...*)} exceptionHandler Function into which unexpected exceptions are passed for + * debugging purposes. + @ param {=boolean} errorOnUnhandledRejections Whether an error should be generated on unhandled + * promises rejections. + * @returns {object} Promise manager. + */ +function qFactory(nextTick, exceptionHandler, errorOnUnhandledRejections) { + var $qMinErr = minErr('$q', TypeError); + var queueSize = 0; + var checkQueue = []; + + /** + * @ngdoc method + * @name ng.$q#defer + * @kind function + * + * @description + * Creates a `Deferred` object which represents a task which will finish in the future. + * + * @returns {Deferred} Returns a new instance of deferred. + */ + function defer() { + return new Deferred(); + } + + function Deferred() { + var promise = this.promise = new Promise(); + //Non prototype methods necessary to support unbound execution :/ + this.resolve = function(val) { resolvePromise(promise, val); }; + this.reject = function(reason) { rejectPromise(promise, reason); }; + this.notify = function(progress) { notifyPromise(promise, progress); }; + } + + + function Promise() { + this.$$state = { status: 0 }; + } + + extend(Promise.prototype, { + then: function(onFulfilled, onRejected, progressBack) { + if (isUndefined(onFulfilled) && isUndefined(onRejected) && isUndefined(progressBack)) { + return this; + } + var result = new Promise(); + + this.$$state.pending = this.$$state.pending || []; + this.$$state.pending.push([result, onFulfilled, onRejected, progressBack]); + if (this.$$state.status > 0) scheduleProcessQueue(this.$$state); + + return result; + }, + + 'catch': function(callback) { + return this.then(null, callback); + }, + + 'finally': function(callback, progressBack) { + return this.then(function(value) { + return handleCallback(value, resolve, callback); + }, function(error) { + return handleCallback(error, reject, callback); + }, progressBack); + } + }); + + function processQueue(state) { + var fn, promise, pending; + + pending = state.pending; + state.processScheduled = false; + state.pending = undefined; + try { + for (var i = 0, ii = pending.length; i < ii; ++i) { + state.pur = true; + promise = pending[i][0]; + fn = pending[i][state.status]; + try { + if (isFunction(fn)) { + resolvePromise(promise, fn(state.value)); + } else if (state.status === 1) { + resolvePromise(promise, state.value); + } else { + rejectPromise(promise, state.value); + } + } catch (e) { + rejectPromise(promise, e); + } + } + } finally { + --queueSize; + if (errorOnUnhandledRejections && queueSize === 0) { + nextTick(processChecks); + } + } + } + + function processChecks() { + // eslint-disable-next-line no-unmodified-loop-condition + while (!queueSize && checkQueue.length) { + var toCheck = checkQueue.shift(); + if (!toCheck.pur) { + toCheck.pur = true; + var errorMessage = 'Possibly unhandled rejection: ' + toDebugString(toCheck.value); + if (toCheck.value instanceof Error) { + exceptionHandler(toCheck.value, errorMessage); + } else { + exceptionHandler(errorMessage); + } + } + } + } + + function scheduleProcessQueue(state) { + if (errorOnUnhandledRejections && !state.pending && state.status === 2 && !state.pur) { + if (queueSize === 0 && checkQueue.length === 0) { + nextTick(processChecks); + } + checkQueue.push(state); + } + if (state.processScheduled || !state.pending) return; + state.processScheduled = true; + ++queueSize; + nextTick(function() { processQueue(state); }); + } + + function resolvePromise(promise, val) { + if (promise.$$state.status) return; + if (val === promise) { + $$reject(promise, $qMinErr( + 'qcycle', + 'Expected promise to be resolved with value other than itself \'{0}\'', + val)); + } else { + $$resolve(promise, val); + } + + } + + function $$resolve(promise, val) { + var then; + var done = false; + try { + if (isObject(val) || isFunction(val)) then = val.then; + if (isFunction(then)) { + promise.$$state.status = -1; + then.call(val, doResolve, doReject, doNotify); + } else { + promise.$$state.value = val; + promise.$$state.status = 1; + scheduleProcessQueue(promise.$$state); + } + } catch (e) { + doReject(e); + } + + function doResolve(val) { + if (done) return; + done = true; + $$resolve(promise, val); + } + function doReject(val) { + if (done) return; + done = true; + $$reject(promise, val); + } + function doNotify(progress) { + notifyPromise(promise, progress); + } + } + + function rejectPromise(promise, reason) { + if (promise.$$state.status) return; + $$reject(promise, reason); + } + + function $$reject(promise, reason) { + promise.$$state.value = reason; + promise.$$state.status = 2; + scheduleProcessQueue(promise.$$state); + } + + function notifyPromise(promise, progress) { + var callbacks = promise.$$state.pending; + + if ((promise.$$state.status <= 0) && callbacks && callbacks.length) { + nextTick(function() { + var callback, result; + for (var i = 0, ii = callbacks.length; i < ii; i++) { + result = callbacks[i][0]; + callback = callbacks[i][3]; + try { + notifyPromise(result, isFunction(callback) ? callback(progress) : progress); + } catch (e) { + exceptionHandler(e); + } + } + }); + } + } + + /** + * @ngdoc method + * @name $q#reject + * @kind function + * + * @description + * Creates a promise that is resolved as rejected with the specified `reason`. This api should be + * used to forward rejection in a chain of promises. If you are dealing with the last promise in + * a promise chain, you don't need to worry about it. + * + * When comparing deferreds/promises to the familiar behavior of try/catch/throw, think of + * `reject` as the `throw` keyword in JavaScript. This also means that if you "catch" an error via + * a promise error callback and you want to forward the error to the promise derived from the + * current promise, you have to "rethrow" the error by returning a rejection constructed via + * `reject`. + * + * ```js + * promiseB = promiseA.then(function(result) { + * // success: do something and resolve promiseB + * // with the old or a new result + * return result; + * }, function(reason) { + * // error: handle the error if possible and + * // resolve promiseB with newPromiseOrValue, + * // otherwise forward the rejection to promiseB + * if (canHandle(reason)) { + * // handle the error and recover + * return newPromiseOrValue; + * } + * return $q.reject(reason); + * }); + * ``` + * + * @param {*} reason Constant, message, exception or an object representing the rejection reason. + * @returns {Promise} Returns a promise that was already resolved as rejected with the `reason`. + */ + function reject(reason) { + var result = new Promise(); + rejectPromise(result, reason); + return result; + } + + function handleCallback(value, resolver, callback) { + var callbackOutput = null; + try { + if (isFunction(callback)) callbackOutput = callback(); + } catch (e) { + return reject(e); + } + if (isPromiseLike(callbackOutput)) { + return callbackOutput.then(function() { + return resolver(value); + }, reject); + } else { + return resolver(value); + } + } + + /** + * @ngdoc method + * @name $q#when + * @kind function + * + * @description + * Wraps an object that might be a value or a (3rd party) then-able promise into a $q promise. + * This is useful when you are dealing with an object that might or might not be a promise, or if + * the promise comes from a source that can't be trusted. + * + * @param {*} value Value or a promise + * @param {Function=} successCallback + * @param {Function=} errorCallback + * @param {Function=} progressCallback + * @returns {Promise} Returns a promise of the passed value or promise + */ + + + function when(value, callback, errback, progressBack) { + var result = new Promise(); + resolvePromise(result, value); + return result.then(callback, errback, progressBack); + } + + /** + * @ngdoc method + * @name $q#resolve + * @kind function + * + * @description + * Alias of {@link ng.$q#when when} to maintain naming consistency with ES6. + * + * @param {*} value Value or a promise + * @param {Function=} successCallback + * @param {Function=} errorCallback + * @param {Function=} progressCallback + * @returns {Promise} Returns a promise of the passed value or promise + */ + var resolve = when; + + /** + * @ngdoc method + * @name $q#all + * @kind function + * + * @description + * Combines multiple promises into a single promise that is resolved when all of the input + * promises are resolved. + * + * @param {Array.|Object.} promises An array or hash of promises. + * @returns {Promise} Returns a single promise that will be resolved with an array/hash of values, + * each value corresponding to the promise at the same index/key in the `promises` array/hash. + * If any of the promises is resolved with a rejection, this resulting promise will be rejected + * with the same rejection value. + */ + + function all(promises) { + var result = new Promise(), + counter = 0, + results = isArray(promises) ? [] : {}; + + forEach(promises, function(promise, key) { + counter++; + when(promise).then(function(value) { + results[key] = value; + if (!(--counter)) resolvePromise(result, results); + }, function(reason) { + rejectPromise(result, reason); + }); + }); + + if (counter === 0) { + resolvePromise(result, results); + } + + return result; + } + + /** + * @ngdoc method + * @name $q#race + * @kind function + * + * @description + * Returns a promise that resolves or rejects as soon as one of those promises + * resolves or rejects, with the value or reason from that promise. + * + * @param {Array.|Object.} promises An array or hash of promises. + * @returns {Promise} a promise that resolves or rejects as soon as one of the `promises` + * resolves or rejects, with the value or reason from that promise. + */ + + function race(promises) { + var deferred = defer(); + + forEach(promises, function(promise) { + when(promise).then(deferred.resolve, deferred.reject); + }); + + return deferred.promise; + } + + function $Q(resolver) { + if (!isFunction(resolver)) { + throw $qMinErr('norslvr', 'Expected resolverFn, got \'{0}\'', resolver); + } + + var promise = new Promise(); + + function resolveFn(value) { + resolvePromise(promise, value); + } + + function rejectFn(reason) { + rejectPromise(promise, reason); + } + + resolver(resolveFn, rejectFn); + + return promise; + } + + // Let's make the instanceof operator work for promises, so that + // `new $q(fn) instanceof $q` would evaluate to true. + $Q.prototype = Promise.prototype; + + $Q.defer = defer; + $Q.reject = reject; + $Q.when = when; + $Q.resolve = resolve; + $Q.all = all; + $Q.race = race; + + return $Q; +} + +/** @this */ +function $$RAFProvider() { //rAF + this.$get = ['$window', '$timeout', function($window, $timeout) { + var requestAnimationFrame = $window.requestAnimationFrame || + $window.webkitRequestAnimationFrame; + + var cancelAnimationFrame = $window.cancelAnimationFrame || + $window.webkitCancelAnimationFrame || + $window.webkitCancelRequestAnimationFrame; + + var rafSupported = !!requestAnimationFrame; + var raf = rafSupported + ? function(fn) { + var id = requestAnimationFrame(fn); + return function() { + cancelAnimationFrame(id); + }; + } + : function(fn) { + var timer = $timeout(fn, 16.66, false); // 1000 / 60 = 16.666 + return function() { + $timeout.cancel(timer); + }; + }; + + raf.supported = rafSupported; + + return raf; + }]; +} + +/** + * DESIGN NOTES + * + * The design decisions behind the scope are heavily favored for speed and memory consumption. + * + * The typical use of scope is to watch the expressions, which most of the time return the same + * value as last time so we optimize the operation. + * + * Closures construction is expensive in terms of speed as well as memory: + * - No closures, instead use prototypical inheritance for API + * - Internal state needs to be stored on scope directly, which means that private state is + * exposed as $$____ properties + * + * Loop operations are optimized by using while(count--) { ... } + * - This means that in order to keep the same order of execution as addition we have to add + * items to the array at the beginning (unshift) instead of at the end (push) + * + * Child scopes are created and removed often + * - Using an array would be slow since inserts in the middle are expensive; so we use linked lists + * + * There are fewer watches than observers. This is why you don't want the observer to be implemented + * in the same way as watch. Watch requires return of the initialization function which is expensive + * to construct. + */ + + +/** + * @ngdoc provider + * @name $rootScopeProvider + * @description + * + * Provider for the $rootScope service. + */ + +/** + * @ngdoc method + * @name $rootScopeProvider#digestTtl + * @description + * + * Sets the number of `$digest` iterations the scope should attempt to execute before giving up and + * assuming that the model is unstable. + * + * The current default is 10 iterations. + * + * In complex applications it's possible that the dependencies between `$watch`s will result in + * several digest iterations. However if an application needs more than the default 10 digest + * iterations for its model to stabilize then you should investigate what is causing the model to + * continuously change during the digest. + * + * Increasing the TTL could have performance implications, so you should not change it without + * proper justification. + * + * @param {number} limit The number of digest iterations. + */ + + +/** + * @ngdoc service + * @name $rootScope + * @this + * + * @description + * + * Every application has a single root {@link ng.$rootScope.Scope scope}. + * All other scopes are descendant scopes of the root scope. Scopes provide separation + * between the model and the view, via a mechanism for watching the model for changes. + * They also provide event emission/broadcast and subscription facility. See the + * {@link guide/scope developer guide on scopes}. + */ +function $RootScopeProvider() { + var TTL = 10; + var $rootScopeMinErr = minErr('$rootScope'); + var lastDirtyWatch = null; + var applyAsyncId = null; + + this.digestTtl = function(value) { + if (arguments.length) { + TTL = value; + } + return TTL; + }; + + function createChildScopeClass(parent) { + function ChildScope() { + this.$$watchers = this.$$nextSibling = + this.$$childHead = this.$$childTail = null; + this.$$listeners = {}; + this.$$listenerCount = {}; + this.$$watchersCount = 0; + this.$id = nextUid(); + this.$$ChildScope = null; + } + ChildScope.prototype = parent; + return ChildScope; + } + + this.$get = ['$exceptionHandler', '$parse', '$browser', + function($exceptionHandler, $parse, $browser) { + + function destroyChildScope($event) { + $event.currentScope.$$destroyed = true; + } + + function cleanUpScope($scope) { + + // Support: IE 9 only + if (msie === 9) { + // There is a memory leak in IE9 if all child scopes are not disconnected + // completely when a scope is destroyed. So this code will recurse up through + // all this scopes children + // + // See issue https://github.com/angular/angular.js/issues/10706 + if ($scope.$$childHead) { + cleanUpScope($scope.$$childHead); + } + if ($scope.$$nextSibling) { + cleanUpScope($scope.$$nextSibling); + } + } + + // The code below works around IE9 and V8's memory leaks + // + // See: + // - https://code.google.com/p/v8/issues/detail?id=2073#c26 + // - https://github.com/angular/angular.js/issues/6794#issuecomment-38648909 + // - https://github.com/angular/angular.js/issues/1313#issuecomment-10378451 + + $scope.$parent = $scope.$$nextSibling = $scope.$$prevSibling = $scope.$$childHead = + $scope.$$childTail = $scope.$root = $scope.$$watchers = null; + } + + /** + * @ngdoc type + * @name $rootScope.Scope + * + * @description + * A root scope can be retrieved using the {@link ng.$rootScope $rootScope} key from the + * {@link auto.$injector $injector}. Child scopes are created using the + * {@link ng.$rootScope.Scope#$new $new()} method. (Most scopes are created automatically when + * compiled HTML template is executed.) See also the {@link guide/scope Scopes guide} for + * an in-depth introduction and usage examples. + * + * + * # Inheritance + * A scope can inherit from a parent scope, as in this example: + * ```js + var parent = $rootScope; + var child = parent.$new(); + + parent.salutation = "Hello"; + expect(child.salutation).toEqual('Hello'); + + child.salutation = "Welcome"; + expect(child.salutation).toEqual('Welcome'); + expect(parent.salutation).toEqual('Hello'); + * ``` + * + * When interacting with `Scope` in tests, additional helper methods are available on the + * instances of `Scope` type. See {@link ngMock.$rootScope.Scope ngMock Scope} for additional + * details. + * + * + * @param {Object.=} providers Map of service factory which need to be + * provided for the current scope. Defaults to {@link ng}. + * @param {Object.=} instanceCache Provides pre-instantiated services which should + * append/override services provided by `providers`. This is handy + * when unit-testing and having the need to override a default + * service. + * @returns {Object} Newly created scope. + * + */ + function Scope() { + this.$id = nextUid(); + this.$$phase = this.$parent = this.$$watchers = + this.$$nextSibling = this.$$prevSibling = + this.$$childHead = this.$$childTail = null; + this.$root = this; + this.$$destroyed = false; + this.$$listeners = {}; + this.$$listenerCount = {}; + this.$$watchersCount = 0; + this.$$isolateBindings = null; + } + + /** + * @ngdoc property + * @name $rootScope.Scope#$id + * + * @description + * Unique scope ID (monotonically increasing) useful for debugging. + */ + + /** + * @ngdoc property + * @name $rootScope.Scope#$parent + * + * @description + * Reference to the parent scope. + */ + + /** + * @ngdoc property + * @name $rootScope.Scope#$root + * + * @description + * Reference to the root scope. + */ + + Scope.prototype = { + constructor: Scope, + /** + * @ngdoc method + * @name $rootScope.Scope#$new + * @kind function + * + * @description + * Creates a new child {@link ng.$rootScope.Scope scope}. + * + * The parent scope will propagate the {@link ng.$rootScope.Scope#$digest $digest()} event. + * The scope can be removed from the scope hierarchy using {@link ng.$rootScope.Scope#$destroy $destroy()}. + * + * {@link ng.$rootScope.Scope#$destroy $destroy()} must be called on a scope when it is + * desired for the scope and its child scopes to be permanently detached from the parent and + * thus stop participating in model change detection and listener notification by invoking. + * + * @param {boolean} isolate If true, then the scope does not prototypically inherit from the + * parent scope. The scope is isolated, as it can not see parent scope properties. + * When creating widgets, it is useful for the widget to not accidentally read parent + * state. + * + * @param {Scope} [parent=this] The {@link ng.$rootScope.Scope `Scope`} that will be the `$parent` + * of the newly created scope. Defaults to `this` scope if not provided. + * This is used when creating a transclude scope to correctly place it + * in the scope hierarchy while maintaining the correct prototypical + * inheritance. + * + * @returns {Object} The newly created child scope. + * + */ + $new: function(isolate, parent) { + var child; + + parent = parent || this; + + if (isolate) { + child = new Scope(); + child.$root = this.$root; + } else { + // Only create a child scope class if somebody asks for one, + // but cache it to allow the VM to optimize lookups. + if (!this.$$ChildScope) { + this.$$ChildScope = createChildScopeClass(this); + } + child = new this.$$ChildScope(); + } + child.$parent = parent; + child.$$prevSibling = parent.$$childTail; + if (parent.$$childHead) { + parent.$$childTail.$$nextSibling = child; + parent.$$childTail = child; + } else { + parent.$$childHead = parent.$$childTail = child; + } + + // When the new scope is not isolated or we inherit from `this`, and + // the parent scope is destroyed, the property `$$destroyed` is inherited + // prototypically. In all other cases, this property needs to be set + // when the parent scope is destroyed. + // The listener needs to be added after the parent is set + if (isolate || parent !== this) child.$on('$destroy', destroyChildScope); + + return child; + }, + + /** + * @ngdoc method + * @name $rootScope.Scope#$watch + * @kind function + * + * @description + * Registers a `listener` callback to be executed whenever the `watchExpression` changes. + * + * - The `watchExpression` is called on every call to {@link ng.$rootScope.Scope#$digest + * $digest()} and should return the value that will be watched. (`watchExpression` should not change + * its value when executed multiple times with the same input because it may be executed multiple + * times by {@link ng.$rootScope.Scope#$digest $digest()}. That is, `watchExpression` should be + * [idempotent](http://en.wikipedia.org/wiki/Idempotence).) + * - The `listener` is called only when the value from the current `watchExpression` and the + * previous call to `watchExpression` are not equal (with the exception of the initial run, + * see below). Inequality is determined according to reference inequality, + * [strict comparison](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Comparison_Operators) + * via the `!==` Javascript operator, unless `objectEquality == true` + * (see next point) + * - When `objectEquality == true`, inequality of the `watchExpression` is determined + * according to the {@link angular.equals} function. To save the value of the object for + * later comparison, the {@link angular.copy} function is used. This therefore means that + * watching complex objects will have adverse memory and performance implications. + * - This should not be used to watch for changes in objects that are + * or contain [File](https://developer.mozilla.org/docs/Web/API/File) objects due to limitations with {@link angular.copy `angular.copy`}. + * - The watch `listener` may change the model, which may trigger other `listener`s to fire. + * This is achieved by rerunning the watchers until no changes are detected. The rerun + * iteration limit is 10 to prevent an infinite loop deadlock. + * + * + * If you want to be notified whenever {@link ng.$rootScope.Scope#$digest $digest} is called, + * you can register a `watchExpression` function with no `listener`. (Be prepared for + * multiple calls to your `watchExpression` because it will execute multiple times in a + * single {@link ng.$rootScope.Scope#$digest $digest} cycle if a change is detected.) + * + * After a watcher is registered with the scope, the `listener` fn is called asynchronously + * (via {@link ng.$rootScope.Scope#$evalAsync $evalAsync}) to initialize the + * watcher. In rare cases, this is undesirable because the listener is called when the result + * of `watchExpression` didn't change. To detect this scenario within the `listener` fn, you + * can compare the `newVal` and `oldVal`. If these two values are identical (`===`) then the + * listener was called due to initialization. + * + * + * + * # Example + * ```js + // let's assume that scope was dependency injected as the $rootScope + var scope = $rootScope; + scope.name = 'misko'; + scope.counter = 0; + + expect(scope.counter).toEqual(0); + scope.$watch('name', function(newValue, oldValue) { + scope.counter = scope.counter + 1; + }); + expect(scope.counter).toEqual(0); + + scope.$digest(); + // the listener is always called during the first $digest loop after it was registered + expect(scope.counter).toEqual(1); + + scope.$digest(); + // but now it will not be called unless the value changes + expect(scope.counter).toEqual(1); + + scope.name = 'adam'; + scope.$digest(); + expect(scope.counter).toEqual(2); + + + + // Using a function as a watchExpression + var food; + scope.foodCounter = 0; + expect(scope.foodCounter).toEqual(0); + scope.$watch( + // This function returns the value being watched. It is called for each turn of the $digest loop + function() { return food; }, + // This is the change listener, called when the value returned from the above function changes + function(newValue, oldValue) { + if ( newValue !== oldValue ) { + // Only increment the counter if the value changed + scope.foodCounter = scope.foodCounter + 1; + } + } + ); + // No digest has been run so the counter will be zero + expect(scope.foodCounter).toEqual(0); + + // Run the digest but since food has not changed count will still be zero + scope.$digest(); + expect(scope.foodCounter).toEqual(0); + + // Update food and run digest. Now the counter will increment + food = 'cheeseburger'; + scope.$digest(); + expect(scope.foodCounter).toEqual(1); + + * ``` + * + * + * + * @param {(function()|string)} watchExpression Expression that is evaluated on each + * {@link ng.$rootScope.Scope#$digest $digest} cycle. A change in the return value triggers + * a call to the `listener`. + * + * - `string`: Evaluated as {@link guide/expression expression} + * - `function(scope)`: called with current `scope` as a parameter. + * @param {function(newVal, oldVal, scope)} listener Callback called whenever the value + * of `watchExpression` changes. + * + * - `newVal` contains the current value of the `watchExpression` + * - `oldVal` contains the previous value of the `watchExpression` + * - `scope` refers to the current scope + * @param {boolean=} [objectEquality=false] Compare for object equality using {@link angular.equals} instead of + * comparing for reference equality. + * @returns {function()} Returns a deregistration function for this listener. + */ + $watch: function(watchExp, listener, objectEquality, prettyPrintExpression) { + var get = $parse(watchExp); + + if (get.$$watchDelegate) { + return get.$$watchDelegate(this, listener, objectEquality, get, watchExp); + } + var scope = this, + array = scope.$$watchers, + watcher = { + fn: listener, + last: initWatchVal, + get: get, + exp: prettyPrintExpression || watchExp, + eq: !!objectEquality + }; + + lastDirtyWatch = null; + + if (!isFunction(listener)) { + watcher.fn = noop; + } + + if (!array) { + array = scope.$$watchers = []; + array.$$digestWatchIndex = -1; + } + // we use unshift since we use a while loop in $digest for speed. + // the while loop reads in reverse order. + array.unshift(watcher); + array.$$digestWatchIndex++; + incrementWatchersCount(this, 1); + + return function deregisterWatch() { + var index = arrayRemove(array, watcher); + if (index >= 0) { + incrementWatchersCount(scope, -1); + if (index < array.$$digestWatchIndex) { + array.$$digestWatchIndex--; + } + } + lastDirtyWatch = null; + }; + }, + + /** + * @ngdoc method + * @name $rootScope.Scope#$watchGroup + * @kind function + * + * @description + * A variant of {@link ng.$rootScope.Scope#$watch $watch()} where it watches an array of `watchExpressions`. + * If any one expression in the collection changes the `listener` is executed. + * + * - The items in the `watchExpressions` array are observed via the standard `$watch` operation. Their return + * values are examined for changes on every call to `$digest`. + * - The `listener` is called whenever any expression in the `watchExpressions` array changes. + * + * @param {Array.} watchExpressions Array of expressions that will be individually + * watched using {@link ng.$rootScope.Scope#$watch $watch()} + * + * @param {function(newValues, oldValues, scope)} listener Callback called whenever the return value of any + * expression in `watchExpressions` changes + * The `newValues` array contains the current values of the `watchExpressions`, with the indexes matching + * those of `watchExpression` + * and the `oldValues` array contains the previous values of the `watchExpressions`, with the indexes matching + * those of `watchExpression` + * The `scope` refers to the current scope. + * @returns {function()} Returns a de-registration function for all listeners. + */ + $watchGroup: function(watchExpressions, listener) { + var oldValues = new Array(watchExpressions.length); + var newValues = new Array(watchExpressions.length); + var deregisterFns = []; + var self = this; + var changeReactionScheduled = false; + var firstRun = true; + + if (!watchExpressions.length) { + // No expressions means we call the listener ASAP + var shouldCall = true; + self.$evalAsync(function() { + if (shouldCall) listener(newValues, newValues, self); + }); + return function deregisterWatchGroup() { + shouldCall = false; + }; + } + + if (watchExpressions.length === 1) { + // Special case size of one + return this.$watch(watchExpressions[0], function watchGroupAction(value, oldValue, scope) { + newValues[0] = value; + oldValues[0] = oldValue; + listener(newValues, (value === oldValue) ? newValues : oldValues, scope); + }); + } + + forEach(watchExpressions, function(expr, i) { + var unwatchFn = self.$watch(expr, function watchGroupSubAction(value, oldValue) { + newValues[i] = value; + oldValues[i] = oldValue; + if (!changeReactionScheduled) { + changeReactionScheduled = true; + self.$evalAsync(watchGroupAction); + } + }); + deregisterFns.push(unwatchFn); + }); + + function watchGroupAction() { + changeReactionScheduled = false; + + if (firstRun) { + firstRun = false; + listener(newValues, newValues, self); + } else { + listener(newValues, oldValues, self); + } + } + + return function deregisterWatchGroup() { + while (deregisterFns.length) { + deregisterFns.shift()(); + } + }; + }, + + + /** + * @ngdoc method + * @name $rootScope.Scope#$watchCollection + * @kind function + * + * @description + * Shallow watches the properties of an object and fires whenever any of the properties change + * (for arrays, this implies watching the array items; for object maps, this implies watching + * the properties). If a change is detected, the `listener` callback is fired. + * + * - The `obj` collection is observed via standard $watch operation and is examined on every + * call to $digest() to see if any items have been added, removed, or moved. + * - The `listener` is called whenever anything within the `obj` has changed. Examples include + * adding, removing, and moving items belonging to an object or array. + * + * + * # Example + * ```js + $scope.names = ['igor', 'matias', 'misko', 'james']; + $scope.dataCount = 4; + + $scope.$watchCollection('names', function(newNames, oldNames) { + $scope.dataCount = newNames.length; + }); + + expect($scope.dataCount).toEqual(4); + $scope.$digest(); + + //still at 4 ... no changes + expect($scope.dataCount).toEqual(4); + + $scope.names.pop(); + $scope.$digest(); + + //now there's been a change + expect($scope.dataCount).toEqual(3); + * ``` + * + * + * @param {string|function(scope)} obj Evaluated as {@link guide/expression expression}. The + * expression value should evaluate to an object or an array which is observed on each + * {@link ng.$rootScope.Scope#$digest $digest} cycle. Any shallow change within the + * collection will trigger a call to the `listener`. + * + * @param {function(newCollection, oldCollection, scope)} listener a callback function called + * when a change is detected. + * - The `newCollection` object is the newly modified data obtained from the `obj` expression + * - The `oldCollection` object is a copy of the former collection data. + * Due to performance considerations, the`oldCollection` value is computed only if the + * `listener` function declares two or more arguments. + * - The `scope` argument refers to the current scope. + * + * @returns {function()} Returns a de-registration function for this listener. When the + * de-registration function is executed, the internal watch operation is terminated. + */ + $watchCollection: function(obj, listener) { + $watchCollectionInterceptor.$stateful = true; + + var self = this; + // the current value, updated on each dirty-check run + var newValue; + // a shallow copy of the newValue from the last dirty-check run, + // updated to match newValue during dirty-check run + var oldValue; + // a shallow copy of the newValue from when the last change happened + var veryOldValue; + // only track veryOldValue if the listener is asking for it + var trackVeryOldValue = (listener.length > 1); + var changeDetected = 0; + var changeDetector = $parse(obj, $watchCollectionInterceptor); + var internalArray = []; + var internalObject = {}; + var initRun = true; + var oldLength = 0; + + function $watchCollectionInterceptor(_value) { + newValue = _value; + var newLength, key, bothNaN, newItem, oldItem; + + // If the new value is undefined, then return undefined as the watch may be a one-time watch + if (isUndefined(newValue)) return; + + if (!isObject(newValue)) { // if primitive + if (oldValue !== newValue) { + oldValue = newValue; + changeDetected++; + } + } else if (isArrayLike(newValue)) { + if (oldValue !== internalArray) { + // we are transitioning from something which was not an array into array. + oldValue = internalArray; + oldLength = oldValue.length = 0; + changeDetected++; + } + + newLength = newValue.length; + + if (oldLength !== newLength) { + // if lengths do not match we need to trigger change notification + changeDetected++; + oldValue.length = oldLength = newLength; + } + // copy the items to oldValue and look for changes. + for (var i = 0; i < newLength; i++) { + oldItem = oldValue[i]; + newItem = newValue[i]; + + // eslint-disable-next-line no-self-compare + bothNaN = (oldItem !== oldItem) && (newItem !== newItem); + if (!bothNaN && (oldItem !== newItem)) { + changeDetected++; + oldValue[i] = newItem; + } + } + } else { + if (oldValue !== internalObject) { + // we are transitioning from something which was not an object into object. + oldValue = internalObject = {}; + oldLength = 0; + changeDetected++; + } + // copy the items to oldValue and look for changes. + newLength = 0; + for (key in newValue) { + if (hasOwnProperty.call(newValue, key)) { + newLength++; + newItem = newValue[key]; + oldItem = oldValue[key]; + + if (key in oldValue) { + // eslint-disable-next-line no-self-compare + bothNaN = (oldItem !== oldItem) && (newItem !== newItem); + if (!bothNaN && (oldItem !== newItem)) { + changeDetected++; + oldValue[key] = newItem; + } + } else { + oldLength++; + oldValue[key] = newItem; + changeDetected++; + } + } + } + if (oldLength > newLength) { + // we used to have more keys, need to find them and destroy them. + changeDetected++; + for (key in oldValue) { + if (!hasOwnProperty.call(newValue, key)) { + oldLength--; + delete oldValue[key]; + } + } + } + } + return changeDetected; + } + + function $watchCollectionAction() { + if (initRun) { + initRun = false; + listener(newValue, newValue, self); + } else { + listener(newValue, veryOldValue, self); + } + + // make a copy for the next time a collection is changed + if (trackVeryOldValue) { + if (!isObject(newValue)) { + //primitive + veryOldValue = newValue; + } else if (isArrayLike(newValue)) { + veryOldValue = new Array(newValue.length); + for (var i = 0; i < newValue.length; i++) { + veryOldValue[i] = newValue[i]; + } + } else { // if object + veryOldValue = {}; + for (var key in newValue) { + if (hasOwnProperty.call(newValue, key)) { + veryOldValue[key] = newValue[key]; + } + } + } + } + } + + return this.$watch(changeDetector, $watchCollectionAction); + }, + + /** + * @ngdoc method + * @name $rootScope.Scope#$digest + * @kind function + * + * @description + * Processes all of the {@link ng.$rootScope.Scope#$watch watchers} of the current scope and + * its children. Because a {@link ng.$rootScope.Scope#$watch watcher}'s listener can change + * the model, the `$digest()` keeps calling the {@link ng.$rootScope.Scope#$watch watchers} + * until no more listeners are firing. This means that it is possible to get into an infinite + * loop. This function will throw `'Maximum iteration limit exceeded.'` if the number of + * iterations exceeds 10. + * + * Usually, you don't call `$digest()` directly in + * {@link ng.directive:ngController controllers} or in + * {@link ng.$compileProvider#directive directives}. + * Instead, you should call {@link ng.$rootScope.Scope#$apply $apply()} (typically from within + * a {@link ng.$compileProvider#directive directive}), which will force a `$digest()`. + * + * If you want to be notified whenever `$digest()` is called, + * you can register a `watchExpression` function with + * {@link ng.$rootScope.Scope#$watch $watch()} with no `listener`. + * + * In unit tests, you may need to call `$digest()` to simulate the scope life cycle. + * + * # Example + * ```js + var scope = ...; + scope.name = 'misko'; + scope.counter = 0; + + expect(scope.counter).toEqual(0); + scope.$watch('name', function(newValue, oldValue) { + scope.counter = scope.counter + 1; + }); + expect(scope.counter).toEqual(0); + + scope.$digest(); + // the listener is always called during the first $digest loop after it was registered + expect(scope.counter).toEqual(1); + + scope.$digest(); + // but now it will not be called unless the value changes + expect(scope.counter).toEqual(1); + + scope.name = 'adam'; + scope.$digest(); + expect(scope.counter).toEqual(2); + * ``` + * + */ + $digest: function() { + var watch, value, last, fn, get, + watchers, + dirty, ttl = TTL, + next, current, target = this, + watchLog = [], + logIdx, asyncTask; + + beginPhase('$digest'); + // Check for changes to browser url that happened in sync before the call to $digest + $browser.$$checkUrlChange(); + + if (this === $rootScope && applyAsyncId !== null) { + // If this is the root scope, and $applyAsync has scheduled a deferred $apply(), then + // cancel the scheduled $apply and flush the queue of expressions to be evaluated. + $browser.defer.cancel(applyAsyncId); + flushApplyAsync(); + } + + lastDirtyWatch = null; + + do { // "while dirty" loop + dirty = false; + current = target; + + // It's safe for asyncQueuePosition to be a local variable here because this loop can't + // be reentered recursively. Calling $digest from a function passed to $evalAsync would + // lead to a '$digest already in progress' error. + for (var asyncQueuePosition = 0; asyncQueuePosition < asyncQueue.length; asyncQueuePosition++) { + try { + asyncTask = asyncQueue[asyncQueuePosition]; + fn = asyncTask.fn; + fn(asyncTask.scope, asyncTask.locals); + } catch (e) { + $exceptionHandler(e); + } + lastDirtyWatch = null; + } + asyncQueue.length = 0; + + traverseScopesLoop: + do { // "traverse the scopes" loop + if ((watchers = current.$$watchers)) { + // process our watches + watchers.$$digestWatchIndex = watchers.length; + while (watchers.$$digestWatchIndex--) { + try { + watch = watchers[watchers.$$digestWatchIndex]; + // Most common watches are on primitives, in which case we can short + // circuit it with === operator, only when === fails do we use .equals + if (watch) { + get = watch.get; + if ((value = get(current)) !== (last = watch.last) && + !(watch.eq + ? equals(value, last) + : (isNumberNaN(value) && isNumberNaN(last)))) { + dirty = true; + lastDirtyWatch = watch; + watch.last = watch.eq ? copy(value, null) : value; + fn = watch.fn; + fn(value, ((last === initWatchVal) ? value : last), current); + if (ttl < 5) { + logIdx = 4 - ttl; + if (!watchLog[logIdx]) watchLog[logIdx] = []; + watchLog[logIdx].push({ + msg: isFunction(watch.exp) ? 'fn: ' + (watch.exp.name || watch.exp.toString()) : watch.exp, + newVal: value, + oldVal: last + }); + } + } else if (watch === lastDirtyWatch) { + // If the most recently dirty watcher is now clean, short circuit since the remaining watchers + // have already been tested. + dirty = false; + break traverseScopesLoop; + } + } + } catch (e) { + $exceptionHandler(e); + } + } + } + + // Insanity Warning: scope depth-first traversal + // yes, this code is a bit crazy, but it works and we have tests to prove it! + // this piece should be kept in sync with the traversal in $broadcast + if (!(next = ((current.$$watchersCount && current.$$childHead) || + (current !== target && current.$$nextSibling)))) { + while (current !== target && !(next = current.$$nextSibling)) { + current = current.$parent; + } + } + } while ((current = next)); + + // `break traverseScopesLoop;` takes us to here + + if ((dirty || asyncQueue.length) && !(ttl--)) { + clearPhase(); + throw $rootScopeMinErr('infdig', + '{0} $digest() iterations reached. Aborting!\n' + + 'Watchers fired in the last 5 iterations: {1}', + TTL, watchLog); + } + + } while (dirty || asyncQueue.length); + + clearPhase(); + + // postDigestQueuePosition isn't local here because this loop can be reentered recursively. + while (postDigestQueuePosition < postDigestQueue.length) { + try { + postDigestQueue[postDigestQueuePosition++](); + } catch (e) { + $exceptionHandler(e); + } + } + postDigestQueue.length = postDigestQueuePosition = 0; + + // Check for changes to browser url that happened during the $digest + // (for which no event is fired; e.g. via `history.pushState()`) + $browser.$$checkUrlChange(); + }, + + + /** + * @ngdoc event + * @name $rootScope.Scope#$destroy + * @eventType broadcast on scope being destroyed + * + * @description + * Broadcasted when a scope and its children are being destroyed. + * + * Note that, in AngularJS, there is also a `$destroy` jQuery event, which can be used to + * clean up DOM bindings before an element is removed from the DOM. + */ + + /** + * @ngdoc method + * @name $rootScope.Scope#$destroy + * @kind function + * + * @description + * Removes the current scope (and all of its children) from the parent scope. Removal implies + * that calls to {@link ng.$rootScope.Scope#$digest $digest()} will no longer + * propagate to the current scope and its children. Removal also implies that the current + * scope is eligible for garbage collection. + * + * The `$destroy()` is usually used by directives such as + * {@link ng.directive:ngRepeat ngRepeat} for managing the + * unrolling of the loop. + * + * Just before a scope is destroyed, a `$destroy` event is broadcasted on this scope. + * Application code can register a `$destroy` event handler that will give it a chance to + * perform any necessary cleanup. + * + * Note that, in AngularJS, there is also a `$destroy` jQuery event, which can be used to + * clean up DOM bindings before an element is removed from the DOM. + */ + $destroy: function() { + // We can't destroy a scope that has been already destroyed. + if (this.$$destroyed) return; + var parent = this.$parent; + + this.$broadcast('$destroy'); + this.$$destroyed = true; + + if (this === $rootScope) { + //Remove handlers attached to window when $rootScope is removed + $browser.$$applicationDestroyed(); + } + + incrementWatchersCount(this, -this.$$watchersCount); + for (var eventName in this.$$listenerCount) { + decrementListenerCount(this, this.$$listenerCount[eventName], eventName); + } + + // sever all the references to parent scopes (after this cleanup, the current scope should + // not be retained by any of our references and should be eligible for garbage collection) + if (parent && parent.$$childHead === this) parent.$$childHead = this.$$nextSibling; + if (parent && parent.$$childTail === this) parent.$$childTail = this.$$prevSibling; + if (this.$$prevSibling) this.$$prevSibling.$$nextSibling = this.$$nextSibling; + if (this.$$nextSibling) this.$$nextSibling.$$prevSibling = this.$$prevSibling; + + // Disable listeners, watchers and apply/digest methods + this.$destroy = this.$digest = this.$apply = this.$evalAsync = this.$applyAsync = noop; + this.$on = this.$watch = this.$watchGroup = function() { return noop; }; + this.$$listeners = {}; + + // Disconnect the next sibling to prevent `cleanUpScope` destroying those too + this.$$nextSibling = null; + cleanUpScope(this); + }, + + /** + * @ngdoc method + * @name $rootScope.Scope#$eval + * @kind function + * + * @description + * Executes the `expression` on the current scope and returns the result. Any exceptions in + * the expression are propagated (uncaught). This is useful when evaluating Angular + * expressions. + * + * # Example + * ```js + var scope = ng.$rootScope.Scope(); + scope.a = 1; + scope.b = 2; + + expect(scope.$eval('a+b')).toEqual(3); + expect(scope.$eval(function(scope){ return scope.a + scope.b; })).toEqual(3); + * ``` + * + * @param {(string|function())=} expression An angular expression to be executed. + * + * - `string`: execute using the rules as defined in {@link guide/expression expression}. + * - `function(scope)`: execute the function with the current `scope` parameter. + * + * @param {(object)=} locals Local variables object, useful for overriding values in scope. + * @returns {*} The result of evaluating the expression. + */ + $eval: function(expr, locals) { + return $parse(expr)(this, locals); + }, + + /** + * @ngdoc method + * @name $rootScope.Scope#$evalAsync + * @kind function + * + * @description + * Executes the expression on the current scope at a later point in time. + * + * The `$evalAsync` makes no guarantees as to when the `expression` will be executed, only + * that: + * + * - it will execute after the function that scheduled the evaluation (preferably before DOM + * rendering). + * - at least one {@link ng.$rootScope.Scope#$digest $digest cycle} will be performed after + * `expression` execution. + * + * Any exceptions from the execution of the expression are forwarded to the + * {@link ng.$exceptionHandler $exceptionHandler} service. + * + * __Note:__ if this function is called outside of a `$digest` cycle, a new `$digest` cycle + * will be scheduled. However, it is encouraged to always call code that changes the model + * from within an `$apply` call. That includes code evaluated via `$evalAsync`. + * + * @param {(string|function())=} expression An angular expression to be executed. + * + * - `string`: execute using the rules as defined in {@link guide/expression expression}. + * - `function(scope)`: execute the function with the current `scope` parameter. + * + * @param {(object)=} locals Local variables object, useful for overriding values in scope. + */ + $evalAsync: function(expr, locals) { + // if we are outside of an $digest loop and this is the first time we are scheduling async + // task also schedule async auto-flush + if (!$rootScope.$$phase && !asyncQueue.length) { + $browser.defer(function() { + if (asyncQueue.length) { + $rootScope.$digest(); + } + }); + } + + asyncQueue.push({scope: this, fn: $parse(expr), locals: locals}); + }, + + $$postDigest: function(fn) { + postDigestQueue.push(fn); + }, + + /** + * @ngdoc method + * @name $rootScope.Scope#$apply + * @kind function + * + * @description + * `$apply()` is used to execute an expression in angular from outside of the angular + * framework. (For example from browser DOM events, setTimeout, XHR or third party libraries). + * Because we are calling into the angular framework we need to perform proper scope life + * cycle of {@link ng.$exceptionHandler exception handling}, + * {@link ng.$rootScope.Scope#$digest executing watches}. + * + * ## Life cycle + * + * # Pseudo-Code of `$apply()` + * ```js + function $apply(expr) { + try { + return $eval(expr); + } catch (e) { + $exceptionHandler(e); + } finally { + $root.$digest(); + } + } + * ``` + * + * + * Scope's `$apply()` method transitions through the following stages: + * + * 1. The {@link guide/expression expression} is executed using the + * {@link ng.$rootScope.Scope#$eval $eval()} method. + * 2. Any exceptions from the execution of the expression are forwarded to the + * {@link ng.$exceptionHandler $exceptionHandler} service. + * 3. The {@link ng.$rootScope.Scope#$watch watch} listeners are fired immediately after the + * expression was executed using the {@link ng.$rootScope.Scope#$digest $digest()} method. + * + * + * @param {(string|function())=} exp An angular expression to be executed. + * + * - `string`: execute using the rules as defined in {@link guide/expression expression}. + * - `function(scope)`: execute the function with current `scope` parameter. + * + * @returns {*} The result of evaluating the expression. + */ + $apply: function(expr) { + try { + beginPhase('$apply'); + try { + return this.$eval(expr); + } finally { + clearPhase(); + } + } catch (e) { + $exceptionHandler(e); + } finally { + try { + $rootScope.$digest(); + } catch (e) { + $exceptionHandler(e); + // eslint-disable-next-line no-unsafe-finally + throw e; + } + } + }, + + /** + * @ngdoc method + * @name $rootScope.Scope#$applyAsync + * @kind function + * + * @description + * Schedule the invocation of $apply to occur at a later time. The actual time difference + * varies across browsers, but is typically around ~10 milliseconds. + * + * This can be used to queue up multiple expressions which need to be evaluated in the same + * digest. + * + * @param {(string|function())=} exp An angular expression to be executed. + * + * - `string`: execute using the rules as defined in {@link guide/expression expression}. + * - `function(scope)`: execute the function with current `scope` parameter. + */ + $applyAsync: function(expr) { + var scope = this; + if (expr) { + applyAsyncQueue.push($applyAsyncExpression); + } + expr = $parse(expr); + scheduleApplyAsync(); + + function $applyAsyncExpression() { + scope.$eval(expr); + } + }, + + /** + * @ngdoc method + * @name $rootScope.Scope#$on + * @kind function + * + * @description + * Listens on events of a given type. See {@link ng.$rootScope.Scope#$emit $emit} for + * discussion of event life cycle. + * + * The event listener function format is: `function(event, args...)`. The `event` object + * passed into the listener has the following attributes: + * + * - `targetScope` - `{Scope}`: the scope on which the event was `$emit`-ed or + * `$broadcast`-ed. + * - `currentScope` - `{Scope}`: the scope that is currently handling the event. Once the + * event propagates through the scope hierarchy, this property is set to null. + * - `name` - `{string}`: name of the event. + * - `stopPropagation` - `{function=}`: calling `stopPropagation` function will cancel + * further event propagation (available only for events that were `$emit`-ed). + * - `preventDefault` - `{function}`: calling `preventDefault` sets `defaultPrevented` flag + * to true. + * - `defaultPrevented` - `{boolean}`: true if `preventDefault` was called. + * + * @param {string} name Event name to listen on. + * @param {function(event, ...args)} listener Function to call when the event is emitted. + * @returns {function()} Returns a deregistration function for this listener. + */ + $on: function(name, listener) { + var namedListeners = this.$$listeners[name]; + if (!namedListeners) { + this.$$listeners[name] = namedListeners = []; + } + namedListeners.push(listener); + + var current = this; + do { + if (!current.$$listenerCount[name]) { + current.$$listenerCount[name] = 0; + } + current.$$listenerCount[name]++; + } while ((current = current.$parent)); + + var self = this; + return function() { + var indexOfListener = namedListeners.indexOf(listener); + if (indexOfListener !== -1) { + namedListeners[indexOfListener] = null; + decrementListenerCount(self, 1, name); + } + }; + }, + + + /** + * @ngdoc method + * @name $rootScope.Scope#$emit + * @kind function + * + * @description + * Dispatches an event `name` upwards through the scope hierarchy notifying the + * registered {@link ng.$rootScope.Scope#$on} listeners. + * + * The event life cycle starts at the scope on which `$emit` was called. All + * {@link ng.$rootScope.Scope#$on listeners} listening for `name` event on this scope get + * notified. Afterwards, the event traverses upwards toward the root scope and calls all + * registered listeners along the way. The event will stop propagating if one of the listeners + * cancels it. + * + * Any exception emitted from the {@link ng.$rootScope.Scope#$on listeners} will be passed + * onto the {@link ng.$exceptionHandler $exceptionHandler} service. + * + * @param {string} name Event name to emit. + * @param {...*} args Optional one or more arguments which will be passed onto the event listeners. + * @return {Object} Event object (see {@link ng.$rootScope.Scope#$on}). + */ + $emit: function(name, args) { + var empty = [], + namedListeners, + scope = this, + stopPropagation = false, + event = { + name: name, + targetScope: scope, + stopPropagation: function() {stopPropagation = true;}, + preventDefault: function() { + event.defaultPrevented = true; + }, + defaultPrevented: false + }, + listenerArgs = concat([event], arguments, 1), + i, length; + + do { + namedListeners = scope.$$listeners[name] || empty; + event.currentScope = scope; + for (i = 0, length = namedListeners.length; i < length; i++) { + + // if listeners were deregistered, defragment the array + if (!namedListeners[i]) { + namedListeners.splice(i, 1); + i--; + length--; + continue; + } + try { + //allow all listeners attached to the current scope to run + namedListeners[i].apply(null, listenerArgs); + } catch (e) { + $exceptionHandler(e); + } + } + //if any listener on the current scope stops propagation, prevent bubbling + if (stopPropagation) { + event.currentScope = null; + return event; + } + //traverse upwards + scope = scope.$parent; + } while (scope); + + event.currentScope = null; + + return event; + }, + + + /** + * @ngdoc method + * @name $rootScope.Scope#$broadcast + * @kind function + * + * @description + * Dispatches an event `name` downwards to all child scopes (and their children) notifying the + * registered {@link ng.$rootScope.Scope#$on} listeners. + * + * The event life cycle starts at the scope on which `$broadcast` was called. All + * {@link ng.$rootScope.Scope#$on listeners} listening for `name` event on this scope get + * notified. Afterwards, the event propagates to all direct and indirect scopes of the current + * scope and calls all registered listeners along the way. The event cannot be canceled. + * + * Any exception emitted from the {@link ng.$rootScope.Scope#$on listeners} will be passed + * onto the {@link ng.$exceptionHandler $exceptionHandler} service. + * + * @param {string} name Event name to broadcast. + * @param {...*} args Optional one or more arguments which will be passed onto the event listeners. + * @return {Object} Event object, see {@link ng.$rootScope.Scope#$on} + */ + $broadcast: function(name, args) { + var target = this, + current = target, + next = target, + event = { + name: name, + targetScope: target, + preventDefault: function() { + event.defaultPrevented = true; + }, + defaultPrevented: false + }; + + if (!target.$$listenerCount[name]) return event; + + var listenerArgs = concat([event], arguments, 1), + listeners, i, length; + + //down while you can, then up and next sibling or up and next sibling until back at root + while ((current = next)) { + event.currentScope = current; + listeners = current.$$listeners[name] || []; + for (i = 0, length = listeners.length; i < length; i++) { + // if listeners were deregistered, defragment the array + if (!listeners[i]) { + listeners.splice(i, 1); + i--; + length--; + continue; + } + + try { + listeners[i].apply(null, listenerArgs); + } catch (e) { + $exceptionHandler(e); + } + } + + // Insanity Warning: scope depth-first traversal + // yes, this code is a bit crazy, but it works and we have tests to prove it! + // this piece should be kept in sync with the traversal in $digest + // (though it differs due to having the extra check for $$listenerCount) + if (!(next = ((current.$$listenerCount[name] && current.$$childHead) || + (current !== target && current.$$nextSibling)))) { + while (current !== target && !(next = current.$$nextSibling)) { + current = current.$parent; + } + } + } + + event.currentScope = null; + return event; + } + }; + + var $rootScope = new Scope(); + + //The internal queues. Expose them on the $rootScope for debugging/testing purposes. + var asyncQueue = $rootScope.$$asyncQueue = []; + var postDigestQueue = $rootScope.$$postDigestQueue = []; + var applyAsyncQueue = $rootScope.$$applyAsyncQueue = []; + + var postDigestQueuePosition = 0; + + return $rootScope; + + + function beginPhase(phase) { + if ($rootScope.$$phase) { + throw $rootScopeMinErr('inprog', '{0} already in progress', $rootScope.$$phase); + } + + $rootScope.$$phase = phase; + } + + function clearPhase() { + $rootScope.$$phase = null; + } + + function incrementWatchersCount(current, count) { + do { + current.$$watchersCount += count; + } while ((current = current.$parent)); + } + + function decrementListenerCount(current, count, name) { + do { + current.$$listenerCount[name] -= count; + + if (current.$$listenerCount[name] === 0) { + delete current.$$listenerCount[name]; + } + } while ((current = current.$parent)); + } + + /** + * function used as an initial value for watchers. + * because it's unique we can easily tell it apart from other values + */ + function initWatchVal() {} + + function flushApplyAsync() { + while (applyAsyncQueue.length) { + try { + applyAsyncQueue.shift()(); + } catch (e) { + $exceptionHandler(e); + } + } + applyAsyncId = null; + } + + function scheduleApplyAsync() { + if (applyAsyncId === null) { + applyAsyncId = $browser.defer(function() { + $rootScope.$apply(flushApplyAsync); + }); + } + } + }]; +} + +/** + * @ngdoc service + * @name $rootElement + * + * @description + * The root element of Angular application. This is either the element where {@link + * ng.directive:ngApp ngApp} was declared or the element passed into + * {@link angular.bootstrap}. The element represents the root element of application. It is also the + * location where the application's {@link auto.$injector $injector} service gets + * published, and can be retrieved using `$rootElement.injector()`. + */ + + +// the implementation is in angular.bootstrap + +/** + * @this + * @description + * Private service to sanitize uris for links and images. Used by $compile and $sanitize. + */ +function $$SanitizeUriProvider() { + var aHrefSanitizationWhitelist = /^\s*(https?|ftp|mailto|tel|file):/, + imgSrcSanitizationWhitelist = /^\s*((https?|ftp|file|blob):|data:image\/)/; + + /** + * @description + * Retrieves or overrides the default regular expression that is used for whitelisting of safe + * urls during a[href] sanitization. + * + * The sanitization is a security measure aimed at prevent XSS attacks via html links. + * + * Any url about to be assigned to a[href] via data-binding is first normalized and turned into + * an absolute url. Afterwards, the url is matched against the `aHrefSanitizationWhitelist` + * regular expression. If a match is found, the original url is written into the dom. Otherwise, + * the absolute url is prefixed with `'unsafe:'` string and only then is it written into the DOM. + * + * @param {RegExp=} regexp New regexp to whitelist urls with. + * @returns {RegExp|ng.$compileProvider} Current RegExp if called without value or self for + * chaining otherwise. + */ + this.aHrefSanitizationWhitelist = function(regexp) { + if (isDefined(regexp)) { + aHrefSanitizationWhitelist = regexp; + return this; + } + return aHrefSanitizationWhitelist; + }; + + + /** + * @description + * Retrieves or overrides the default regular expression that is used for whitelisting of safe + * urls during img[src] sanitization. + * + * The sanitization is a security measure aimed at prevent XSS attacks via html links. + * + * Any url about to be assigned to img[src] via data-binding is first normalized and turned into + * an absolute url. Afterwards, the url is matched against the `imgSrcSanitizationWhitelist` + * regular expression. If a match is found, the original url is written into the dom. Otherwise, + * the absolute url is prefixed with `'unsafe:'` string and only then is it written into the DOM. + * + * @param {RegExp=} regexp New regexp to whitelist urls with. + * @returns {RegExp|ng.$compileProvider} Current RegExp if called without value or self for + * chaining otherwise. + */ + this.imgSrcSanitizationWhitelist = function(regexp) { + if (isDefined(regexp)) { + imgSrcSanitizationWhitelist = regexp; + return this; + } + return imgSrcSanitizationWhitelist; + }; + + this.$get = function() { + return function sanitizeUri(uri, isImage) { + var regex = isImage ? imgSrcSanitizationWhitelist : aHrefSanitizationWhitelist; + var normalizedVal; + normalizedVal = urlResolve(uri).href; + if (normalizedVal !== '' && !normalizedVal.match(regex)) { + return 'unsafe:' + normalizedVal; + } + return uri; + }; + }; +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * Any commits to this file should be reviewed with security in mind. * + * Changes to this file can potentially create security vulnerabilities. * + * An approval from 2 Core members with history of modifying * + * this file is required. * + * * + * Does the change somehow allow for arbitrary javascript to be executed? * + * Or allows for someone to change the prototype of built-in objects? * + * Or gives undesired access to variables likes document or window? * + * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ + +/* exported $SceProvider, $SceDelegateProvider */ + +var $sceMinErr = minErr('$sce'); + +var SCE_CONTEXTS = { + // HTML is used when there's HTML rendered (e.g. ng-bind-html, iframe srcdoc binding). + HTML: 'html', + + // Style statements or stylesheets. Currently unused in AngularJS. + CSS: 'css', + + // An URL used in a context where it does not refer to a resource that loads code. Currently + // unused in AngularJS. + URL: 'url', + + // RESOURCE_URL is a subtype of URL used where the referred-to resource could be interpreted as + // code. (e.g. ng-include, script src binding, templateUrl) + RESOURCE_URL: 'resourceUrl', + + // Script. Currently unused in AngularJS. + JS: 'js' +}; + +// Helper functions follow. + +var UNDERSCORE_LOWERCASE_REGEXP = /_([a-z])/g; + +function snakeToCamel(name) { + return name + .replace(UNDERSCORE_LOWERCASE_REGEXP, fnCamelCaseReplace); +} + +function adjustMatcher(matcher) { + if (matcher === 'self') { + return matcher; + } else if (isString(matcher)) { + // Strings match exactly except for 2 wildcards - '*' and '**'. + // '*' matches any character except those from the set ':/.?&'. + // '**' matches any character (like .* in a RegExp). + // More than 2 *'s raises an error as it's ill defined. + if (matcher.indexOf('***') > -1) { + throw $sceMinErr('iwcard', + 'Illegal sequence *** in string matcher. String: {0}', matcher); + } + matcher = escapeForRegexp(matcher). + replace(/\\\*\\\*/g, '.*'). + replace(/\\\*/g, '[^:/.?&;]*'); + return new RegExp('^' + matcher + '$'); + } else if (isRegExp(matcher)) { + // The only other type of matcher allowed is a Regexp. + // Match entire URL / disallow partial matches. + // Flags are reset (i.e. no global, ignoreCase or multiline) + return new RegExp('^' + matcher.source + '$'); + } else { + throw $sceMinErr('imatcher', + 'Matchers may only be "self", string patterns or RegExp objects'); + } +} + + +function adjustMatchers(matchers) { + var adjustedMatchers = []; + if (isDefined(matchers)) { + forEach(matchers, function(matcher) { + adjustedMatchers.push(adjustMatcher(matcher)); + }); + } + return adjustedMatchers; +} + + +/** + * @ngdoc service + * @name $sceDelegate + * @kind function + * + * @description + * + * `$sceDelegate` is a service that is used by the `$sce` service to provide {@link ng.$sce Strict + * Contextual Escaping (SCE)} services to AngularJS. + * + * For an overview of this service and the functionnality it provides in AngularJS, see the main + * page for {@link ng.$sce SCE}. The current page is targeted for developers who need to alter how + * SCE works in their application, which shouldn't be needed in most cases. + * + *
    + * AngularJS strongly relies on contextual escaping for the security of bindings: disabling or + * modifying this might cause cross site scripting (XSS) vulnerabilities. For libraries owners, + * changes to this service will also influence users, so be extra careful and document your changes. + *
    + * + * Typically, you would configure or override the {@link ng.$sceDelegate $sceDelegate} instead of + * the `$sce` service to customize the way Strict Contextual Escaping works in AngularJS. This is + * because, while the `$sce` provides numerous shorthand methods, etc., you really only need to + * override 3 core functions (`trustAs`, `getTrusted` and `valueOf`) to replace the way things + * work because `$sce` delegates to `$sceDelegate` for these operations. + * + * Refer {@link ng.$sceDelegateProvider $sceDelegateProvider} to configure this service. + * + * The default instance of `$sceDelegate` should work out of the box with little pain. While you + * can override it completely to change the behavior of `$sce`, the common case would + * involve configuring the {@link ng.$sceDelegateProvider $sceDelegateProvider} instead by setting + * your own whitelists and blacklists for trusting URLs used for loading AngularJS resources such as + * templates. Refer {@link ng.$sceDelegateProvider#resourceUrlWhitelist + * $sceDelegateProvider.resourceUrlWhitelist} and {@link + * ng.$sceDelegateProvider#resourceUrlBlacklist $sceDelegateProvider.resourceUrlBlacklist} + */ + +/** + * @ngdoc provider + * @name $sceDelegateProvider + * @this + * + * @description + * + * The `$sceDelegateProvider` provider allows developers to configure the {@link ng.$sceDelegate + * $sceDelegate service}, used as a delegate for {@link ng.$sce Strict Contextual Escaping (SCE)}. + * + * The `$sceDelegateProvider` allows one to get/set the whitelists and blacklists used to ensure + * that the URLs used for sourcing AngularJS templates and other script-running URLs are safe (all + * places that use the `$sce.RESOURCE_URL` context). See + * {@link ng.$sceDelegateProvider#resourceUrlWhitelist $sceDelegateProvider.resourceUrlWhitelist} + * and + * {@link ng.$sceDelegateProvider#resourceUrlBlacklist $sceDelegateProvider.resourceUrlBlacklist}, + * + * For the general details about this service in Angular, read the main page for {@link ng.$sce + * Strict Contextual Escaping (SCE)}. + * + * **Example**: Consider the following case.
    + * + * - your app is hosted at url `http://myapp.example.com/` + * - but some of your templates are hosted on other domains you control such as + * `http://srv01.assets.example.com/`, `http://srv02.assets.example.com/`, etc. + * - and you have an open redirect at `http://myapp.example.com/clickThru?...`. + * + * Here is what a secure configuration for this scenario might look like: + * + * ``` + * angular.module('myApp', []).config(function($sceDelegateProvider) { + * $sceDelegateProvider.resourceUrlWhitelist([ + * // Allow same origin resource loads. + * 'self', + * // Allow loading from our assets domain. Notice the difference between * and **. + * 'http://srv*.assets.example.com/**' + * ]); + * + * // The blacklist overrides the whitelist so the open redirect here is blocked. + * $sceDelegateProvider.resourceUrlBlacklist([ + * 'http://myapp.example.com/clickThru**' + * ]); + * }); + * ``` + * Note that an empty whitelist will block every resource URL from being loaded, and will require + * you to manually mark each one as trusted with `$sce.trustAsResourceUrl`. However, templates + * requested by {@link ng.$templateRequest $templateRequest} that are present in + * {@link ng.$templateCache $templateCache} will not go through this check. If you have a mechanism + * to populate your templates in that cache at config time, then it is a good idea to remove 'self' + * from that whitelist. This helps to mitigate the security impact of certain types of issues, like + * for instance attacker-controlled `ng-includes`. + */ + +function $SceDelegateProvider() { + this.SCE_CONTEXTS = SCE_CONTEXTS; + + // Resource URLs can also be trusted by policy. + var resourceUrlWhitelist = ['self'], + resourceUrlBlacklist = []; + + /** + * @ngdoc method + * @name $sceDelegateProvider#resourceUrlWhitelist + * @kind function + * + * @param {Array=} whitelist When provided, replaces the resourceUrlWhitelist with the value + * provided. This must be an array or null. A snapshot of this array is used so further + * changes to the array are ignored. + * Follow {@link ng.$sce#resourceUrlPatternItem this link} for a description of the items + * allowed in this array. + * + * @return {Array} The currently set whitelist array. + * + * @description + * Sets/Gets the whitelist of trusted resource URLs. + * + * The **default value** when no whitelist has been explicitly set is `['self']` allowing only + * same origin resource requests. + * + *
    + * **Note:** the default whitelist of 'self' is not recommended if your app shares its origin + * with other apps! It is a good idea to limit it to only your application's directory. + *
    + */ + this.resourceUrlWhitelist = function(value) { + if (arguments.length) { + resourceUrlWhitelist = adjustMatchers(value); + } + return resourceUrlWhitelist; + }; + + /** + * @ngdoc method + * @name $sceDelegateProvider#resourceUrlBlacklist + * @kind function + * + * @param {Array=} blacklist When provided, replaces the resourceUrlBlacklist with the value + * provided. This must be an array or null. A snapshot of this array is used so further + * changes to the array are ignored.

    + * Follow {@link ng.$sce#resourceUrlPatternItem this link} for a description of the items + * allowed in this array.

    + * The typical usage for the blacklist is to **block + * [open redirects](http://cwe.mitre.org/data/definitions/601.html)** served by your domain as + * these would otherwise be trusted but actually return content from the redirected domain. + *

    + * Finally, **the blacklist overrides the whitelist** and has the final say. + * + * @return {Array} The currently set blacklist array. + * + * @description + * Sets/Gets the blacklist of trusted resource URLs. + * + * The **default value** when no whitelist has been explicitly set is the empty array (i.e. there + * is no blacklist.) + */ + + this.resourceUrlBlacklist = function(value) { + if (arguments.length) { + resourceUrlBlacklist = adjustMatchers(value); + } + return resourceUrlBlacklist; + }; + + this.$get = ['$injector', function($injector) { + + var htmlSanitizer = function htmlSanitizer(html) { + throw $sceMinErr('unsafe', 'Attempting to use an unsafe value in a safe context.'); + }; + + if ($injector.has('$sanitize')) { + htmlSanitizer = $injector.get('$sanitize'); + } + + + function matchUrl(matcher, parsedUrl) { + if (matcher === 'self') { + return urlIsSameOrigin(parsedUrl); + } else { + // definitely a regex. See adjustMatchers() + return !!matcher.exec(parsedUrl.href); + } + } + + function isResourceUrlAllowedByPolicy(url) { + var parsedUrl = urlResolve(url.toString()); + var i, n, allowed = false; + // Ensure that at least one item from the whitelist allows this url. + for (i = 0, n = resourceUrlWhitelist.length; i < n; i++) { + if (matchUrl(resourceUrlWhitelist[i], parsedUrl)) { + allowed = true; + break; + } + } + if (allowed) { + // Ensure that no item from the blacklist blocked this url. + for (i = 0, n = resourceUrlBlacklist.length; i < n; i++) { + if (matchUrl(resourceUrlBlacklist[i], parsedUrl)) { + allowed = false; + break; + } + } + } + return allowed; + } + + function generateHolderType(Base) { + var holderType = function TrustedValueHolderType(trustedValue) { + this.$$unwrapTrustedValue = function() { + return trustedValue; + }; + }; + if (Base) { + holderType.prototype = new Base(); + } + holderType.prototype.valueOf = function sceValueOf() { + return this.$$unwrapTrustedValue(); + }; + holderType.prototype.toString = function sceToString() { + return this.$$unwrapTrustedValue().toString(); + }; + return holderType; + } + + var trustedValueHolderBase = generateHolderType(), + byType = {}; + + byType[SCE_CONTEXTS.HTML] = generateHolderType(trustedValueHolderBase); + byType[SCE_CONTEXTS.CSS] = generateHolderType(trustedValueHolderBase); + byType[SCE_CONTEXTS.URL] = generateHolderType(trustedValueHolderBase); + byType[SCE_CONTEXTS.JS] = generateHolderType(trustedValueHolderBase); + byType[SCE_CONTEXTS.RESOURCE_URL] = generateHolderType(byType[SCE_CONTEXTS.URL]); + + /** + * @ngdoc method + * @name $sceDelegate#trustAs + * + * @description + * Returns a trusted representation of the parameter for the specified context. This trusted + * object will later on be used as-is, without any security check, by bindings or directives + * that require this security context. + * For instance, marking a string as trusted for the `$sce.HTML` context will entirely bypass + * the potential `$sanitize` call in corresponding `$sce.HTML` bindings or directives, such as + * `ng-bind-html`. Note that in most cases you won't need to call this function: if you have the + * sanitizer loaded, passing the value itself will render all the HTML that does not pose a + * security risk. + * + * See {@link ng.$sceDelegate#getTrusted getTrusted} for the function that will consume those + * trusted values, and {@link ng.$sce $sce} for general documentation about strict contextual + * escaping. + * + * @param {string} type The context in which this value is safe for use, e.g. `$sce.URL`, + * `$sce.RESOURCE_URL`, `$sce.HTML`, `$sce.JS` or `$sce.CSS`. + * + * @param {*} value The value that should be considered trusted. + * @return {*} A trusted representation of value, that can be used in the given context. + */ + function trustAs(type, trustedValue) { + var Constructor = (byType.hasOwnProperty(type) ? byType[type] : null); + if (!Constructor) { + throw $sceMinErr('icontext', + 'Attempted to trust a value in invalid context. Context: {0}; Value: {1}', + type, trustedValue); + } + if (trustedValue === null || isUndefined(trustedValue) || trustedValue === '') { + return trustedValue; + } + // All the current contexts in SCE_CONTEXTS happen to be strings. In order to avoid trusting + // mutable objects, we ensure here that the value passed in is actually a string. + if (typeof trustedValue !== 'string') { + throw $sceMinErr('itype', + 'Attempted to trust a non-string value in a content requiring a string: Context: {0}', + type); + } + return new Constructor(trustedValue); + } + + /** + * @ngdoc method + * @name $sceDelegate#valueOf + * + * @description + * If the passed parameter had been returned by a prior call to {@link ng.$sceDelegate#trustAs + * `$sceDelegate.trustAs`}, returns the value that had been passed to {@link + * ng.$sceDelegate#trustAs `$sceDelegate.trustAs`}. + * + * If the passed parameter is not a value that had been returned by {@link + * ng.$sceDelegate#trustAs `$sceDelegate.trustAs`}, it must be returned as-is. + * + * @param {*} value The result of a prior {@link ng.$sceDelegate#trustAs `$sceDelegate.trustAs`} + * call or anything else. + * @return {*} The `value` that was originally provided to {@link ng.$sceDelegate#trustAs + * `$sceDelegate.trustAs`} if `value` is the result of such a call. Otherwise, returns + * `value` unchanged. + */ + function valueOf(maybeTrusted) { + if (maybeTrusted instanceof trustedValueHolderBase) { + return maybeTrusted.$$unwrapTrustedValue(); + } else { + return maybeTrusted; + } + } + + /** + * @ngdoc method + * @name $sceDelegate#getTrusted + * + * @description + * Takes any input, and either returns a value that's safe to use in the specified context, or + * throws an exception. + * + * In practice, there are several cases. When given a string, this function runs checks + * and sanitization to make it safe without prior assumptions. When given the result of a {@link + * ng.$sceDelegate#trustAs `$sceDelegate.trustAs`} call, it returns the originally supplied + * value if that value's context is valid for this call's context. Finally, this function can + * also throw when there is no way to turn `maybeTrusted` in a safe value (e.g., no sanitization + * is available or possible.) + * + * @param {string} type The context in which this value is to be used (such as `$sce.HTML`). + * @param {*} maybeTrusted The result of a prior {@link ng.$sceDelegate#trustAs + * `$sceDelegate.trustAs`} call, or anything else (which will not be considered trusted.) + * @return {*} A version of the value that's safe to use in the given context, or throws an + * exception if this is impossible. + */ + function getTrusted(type, maybeTrusted) { + if (maybeTrusted === null || isUndefined(maybeTrusted) || maybeTrusted === '') { + return maybeTrusted; + } + var constructor = (byType.hasOwnProperty(type) ? byType[type] : null); + // If maybeTrusted is a trusted class instance or subclass instance, then unwrap and return + // as-is. + if (constructor && maybeTrusted instanceof constructor) { + return maybeTrusted.$$unwrapTrustedValue(); + } + // Otherwise, if we get here, then we may either make it safe, or throw an exception. This + // depends on the context: some are sanitizatible (HTML), some use whitelists (RESOURCE_URL), + // some are impossible to do (JS). This step isn't implemented for CSS and URL, as AngularJS + // has no corresponding sinks. + if (type === SCE_CONTEXTS.RESOURCE_URL) { + // RESOURCE_URL uses a whitelist. + if (isResourceUrlAllowedByPolicy(maybeTrusted)) { + return maybeTrusted; + } else { + throw $sceMinErr('insecurl', + 'Blocked loading resource from url not allowed by $sceDelegate policy. URL: {0}', + maybeTrusted.toString()); + } + } else if (type === SCE_CONTEXTS.HTML) { + // htmlSanitizer throws its own error when no sanitizer is available. + return htmlSanitizer(maybeTrusted); + } + // Default error when the $sce service has no way to make the input safe. + throw $sceMinErr('unsafe', 'Attempting to use an unsafe value in a safe context.'); + } + + return { trustAs: trustAs, + getTrusted: getTrusted, + valueOf: valueOf }; + }]; +} + + +/** + * @ngdoc provider + * @name $sceProvider + * @this + * + * @description + * + * The $sceProvider provider allows developers to configure the {@link ng.$sce $sce} service. + * - enable/disable Strict Contextual Escaping (SCE) in a module + * - override the default implementation with a custom delegate + * + * Read more about {@link ng.$sce Strict Contextual Escaping (SCE)}. + */ + +/** + * @ngdoc service + * @name $sce + * @kind function + * + * @description + * + * `$sce` is a service that provides Strict Contextual Escaping services to AngularJS. + * + * # Strict Contextual Escaping + * + * Strict Contextual Escaping (SCE) is a mode in which AngularJS constrains bindings to only render + * trusted values. Its goal is to assist in writing code in a way that (a) is secure by default, and + * (b) makes auditing for security vulnerabilities such as XSS, clickjacking, etc. a lot easier. + * + * ## Overview + * + * To systematically block XSS security bugs, AngularJS treats all values as untrusted by default in + * HTML or sensitive URL bindings. When binding untrusted values, AngularJS will automatically + * run security checks on them (sanitizations, whitelists, depending on context), or throw when it + * cannot guarantee the security of the result. That behavior depends strongly on contexts: HTML + * can be sanitized, but template URLs cannot, for instance. + * + * To illustrate this, consider the `ng-bind-html` directive. It renders its value directly as HTML: + * we call that the *context*. When given an untrusted input, AngularJS will attempt to sanitize it + * before rendering if a sanitizer is available, and throw otherwise. To bypass sanitization and + * render the input as-is, you will need to mark it as trusted for that context before attempting + * to bind it. + * + * As of version 1.2, AngularJS ships with SCE enabled by default. + * + * ## In practice + * + * Here's an example of a binding in a privileged context: + * + * ``` + * + *

    + * ``` + * + * Notice that `ng-bind-html` is bound to `userHtml` controlled by the user. With SCE + * disabled, this application allows the user to render arbitrary HTML into the DIV, which would + * be an XSS security bug. In a more realistic example, one may be rendering user comments, blog + * articles, etc. via bindings. (HTML is just one example of a context where rendering user + * controlled input creates security vulnerabilities.) + * + * For the case of HTML, you might use a library, either on the client side, or on the server side, + * to sanitize unsafe HTML before binding to the value and rendering it in the document. + * + * How would you ensure that every place that used these types of bindings was bound to a value that + * was sanitized by your library (or returned as safe for rendering by your server?) How can you + * ensure that you didn't accidentally delete the line that sanitized the value, or renamed some + * properties/fields and forgot to update the binding to the sanitized value? + * + * To be secure by default, AngularJS makes sure bindings go through that sanitization, or + * any similar validation process, unless there's a good reason to trust the given value in this + * context. That trust is formalized with a function call. This means that as a developer, you + * can assume all untrusted bindings are safe. Then, to audit your code for binding security issues, + * you just need to ensure the values you mark as trusted indeed are safe - because they were + * received from your server, sanitized by your library, etc. You can organize your codebase to + * help with this - perhaps allowing only the files in a specific directory to do this. + * Ensuring that the internal API exposed by that code doesn't markup arbitrary values as safe then + * becomes a more manageable task. + * + * In the case of AngularJS' SCE service, one uses {@link ng.$sce#trustAs $sce.trustAs} + * (and shorthand methods such as {@link ng.$sce#trustAsHtml $sce.trustAsHtml}, etc.) to + * build the trusted versions of your values. + * + * ## How does it work? + * + * In privileged contexts, directives and code will bind to the result of {@link ng.$sce#getTrusted + * $sce.getTrusted(context, value)} rather than to the value directly. Think of this function as + * a way to enforce the required security context in your data sink. Directives use {@link + * ng.$sce#parseAs $sce.parseAs} rather than `$parse` to watch attribute bindings, which performs + * the {@link ng.$sce#getTrusted $sce.getTrusted} behind the scenes on non-constant literals. Also, + * when binding without directives, AngularJS will understand the context of your bindings + * automatically. + * + * As an example, {@link ng.directive:ngBindHtml ngBindHtml} uses {@link + * ng.$sce#parseAsHtml $sce.parseAsHtml(binding expression)}. Here's the actual code (slightly + * simplified): + * + * ``` + * var ngBindHtmlDirective = ['$sce', function($sce) { + * return function(scope, element, attr) { + * scope.$watch($sce.parseAsHtml(attr.ngBindHtml), function(value) { + * element.html(value || ''); + * }); + * }; + * }]; + * ``` + * + * ## Impact on loading templates + * + * This applies both to the {@link ng.directive:ngInclude `ng-include`} directive as well as + * `templateUrl`'s specified by {@link guide/directive directives}. + * + * By default, Angular only loads templates from the same domain and protocol as the application + * document. This is done by calling {@link ng.$sce#getTrustedResourceUrl + * $sce.getTrustedResourceUrl} on the template URL. To load templates from other domains and/or + * protocols, you may either {@link ng.$sceDelegateProvider#resourceUrlWhitelist whitelist + * them} or {@link ng.$sce#trustAsResourceUrl wrap it} into a trusted value. + * + * *Please note*: + * The browser's + * [Same Origin Policy](https://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_XMLHttpRequest) + * and [Cross-Origin Resource Sharing (CORS)](http://www.w3.org/TR/cors/) + * policy apply in addition to this and may further restrict whether the template is successfully + * loaded. This means that without the right CORS policy, loading templates from a different domain + * won't work on all browsers. Also, loading templates from `file://` URL does not work on some + * browsers. + * + * ## This feels like too much overhead + * + * It's important to remember that SCE only applies to interpolation expressions. + * + * If your expressions are constant literals, they're automatically trusted and you don't need to + * call `$sce.trustAs` on them (e.g. + * `
    `) just works. The `$sceDelegate` will + * also use the `$sanitize` service if it is available when binding untrusted values to + * `$sce.HTML` context. AngularJS provides an implementation in `angular-sanitize.js`, and if you + * wish to use it, you will also need to depend on the {@link ngSanitize `ngSanitize`} module in + * your application. + * + * The included {@link ng.$sceDelegate $sceDelegate} comes with sane defaults to allow you to load + * templates in `ng-include` from your application's domain without having to even know about SCE. + * It blocks loading templates from other domains or loading templates over http from an https + * served document. You can change these by setting your own custom {@link + * ng.$sceDelegateProvider#resourceUrlWhitelist whitelists} and {@link + * ng.$sceDelegateProvider#resourceUrlBlacklist blacklists} for matching such URLs. + * + * This significantly reduces the overhead. It is far easier to pay the small overhead and have an + * application that's secure and can be audited to verify that with much more ease than bolting + * security onto an application later. + * + * + * ## What trusted context types are supported? + * + * | Context | Notes | + * |---------------------|----------------| + * | `$sce.HTML` | For HTML that's safe to source into the application. The {@link ng.directive:ngBindHtml ngBindHtml} directive uses this context for bindings. If an unsafe value is encountered, and the {@link ngSanitize.$sanitize $sanitize} service is available (implemented by the {@link ngSanitize ngSanitize} module) this will sanitize the value instead of throwing an error. | + * | `$sce.CSS` | For CSS that's safe to source into the application. Currently, no bindings require this context. Feel free to use it in your own directives. | + * | `$sce.URL` | For URLs that are safe to follow as links. Currently unused (`
    Note that `$sce.RESOURCE_URL` makes a stronger statement about the URL than `$sce.URL` does (it's not just the URL that matters, but also what is at the end of it), and therefore contexts requiring values trusted for `$sce.RESOURCE_URL` can be used anywhere that values trusted for `$sce.URL` are required. | + * | `$sce.JS` | For JavaScript that is safe to execute in your application's context. Currently, no bindings require this context. Feel free to use it in your own directives. | + * + * + * Be aware that `a[href]` and `img[src]` automatically sanitize their URLs and do not pass them + * through {@link ng.$sce#getTrusted $sce.getTrusted}. There's no CSS-, URL-, or JS-context bindings + * in AngularJS currently, so their corresponding `$sce.trustAs` functions aren't useful yet. This + * might evolve. + * + * ## Format of items in {@link ng.$sceDelegateProvider#resourceUrlWhitelist resourceUrlWhitelist}/{@link ng.$sceDelegateProvider#resourceUrlBlacklist Blacklist}
    + * + * Each element in these arrays must be one of the following: + * + * - **'self'** + * - The special **string**, `'self'`, can be used to match against all URLs of the **same + * domain** as the application document using the **same protocol**. + * - **String** (except the special value `'self'`) + * - The string is matched against the full *normalized / absolute URL* of the resource + * being tested (substring matches are not good enough.) + * - There are exactly **two wildcard sequences** - `*` and `**`. All other characters + * match themselves. + * - `*`: matches zero or more occurrences of any character other than one of the following 6 + * characters: '`:`', '`/`', '`.`', '`?`', '`&`' and '`;`'. It's a useful wildcard for use + * in a whitelist. + * - `**`: matches zero or more occurrences of *any* character. As such, it's not + * appropriate for use in a scheme, domain, etc. as it would match too much. (e.g. + * http://**.example.com/ would match http://evil.com/?ignore=.example.com/ and that might + * not have been the intention.) Its usage at the very end of the path is ok. (e.g. + * http://foo.example.com/templates/**). + * - **RegExp** (*see caveat below*) + * - *Caveat*: While regular expressions are powerful and offer great flexibility, their syntax + * (and all the inevitable escaping) makes them *harder to maintain*. It's easy to + * accidentally introduce a bug when one updates a complex expression (imho, all regexes should + * have good test coverage). For instance, the use of `.` in the regex is correct only in a + * small number of cases. A `.` character in the regex used when matching the scheme or a + * subdomain could be matched against a `:` or literal `.` that was likely not intended. It + * is highly recommended to use the string patterns and only fall back to regular expressions + * as a last resort. + * - The regular expression must be an instance of RegExp (i.e. not a string.) It is + * matched against the **entire** *normalized / absolute URL* of the resource being tested + * (even when the RegExp did not have the `^` and `$` codes.) In addition, any flags + * present on the RegExp (such as multiline, global, ignoreCase) are ignored. + * - If you are generating your JavaScript from some other templating engine (not + * recommended, e.g. in issue [#4006](https://github.com/angular/angular.js/issues/4006)), + * remember to escape your regular expression (and be aware that you might need more than + * one level of escaping depending on your templating engine and the way you interpolated + * the value.) Do make use of your platform's escaping mechanism as it might be good + * enough before coding your own. E.g. Ruby has + * [Regexp.escape(str)](http://www.ruby-doc.org/core-2.0.0/Regexp.html#method-c-escape) + * and Python has [re.escape](http://docs.python.org/library/re.html#re.escape). + * Javascript lacks a similar built in function for escaping. Take a look at Google + * Closure library's [goog.string.regExpEscape(s)]( + * http://docs.closure-library.googlecode.com/git/closure_goog_string_string.js.source.html#line962). + * + * Refer {@link ng.$sceDelegateProvider $sceDelegateProvider} for an example. + * + * ## Show me an example using SCE. + * + * + * + *
    + *

    + * User comments
    + * By default, HTML that isn't explicitly trusted (e.g. Alice's comment) is sanitized when + * $sanitize is available. If $sanitize isn't available, this results in an error instead of an + * exploit. + *
    + *
    + * {{userComment.name}}: + * + *
    + *
    + *
    + *
    + *
    + * + * + * angular.module('mySceApp', ['ngSanitize']) + * .controller('AppController', ['$http', '$templateCache', '$sce', + * function AppController($http, $templateCache, $sce) { + * var self = this; + * $http.get('test_data.json', {cache: $templateCache}).then(function(response) { + * self.userComments = response.data; + * }); + * self.explicitlyTrustedHtml = $sce.trustAsHtml( + * 'Hover over this text.'); + * }]); + * + * + * + * [ + * { "name": "Alice", + * "htmlComment": + * "Is anyone reading this?" + * }, + * { "name": "Bob", + * "htmlComment": "Yes! Am I the only other one?" + * } + * ] + * + * + * + * describe('SCE doc demo', function() { + * it('should sanitize untrusted values', function() { + * expect(element.all(by.css('.htmlComment')).first().getAttribute('innerHTML')) + * .toBe('Is anyone reading this?'); + * }); + * + * it('should NOT sanitize explicitly trusted values', function() { + * expect(element(by.id('explicitlyTrustedHtml')).getAttribute('innerHTML')).toBe( + * 'Hover over this text.'); + * }); + * }); + * + *
    + * + * + * + * ## Can I disable SCE completely? + * + * Yes, you can. However, this is strongly discouraged. SCE gives you a lot of security benefits + * for little coding overhead. It will be much harder to take an SCE disabled application and + * either secure it on your own or enable SCE at a later stage. It might make sense to disable SCE + * for cases where you have a lot of existing code that was written before SCE was introduced and + * you're migrating them a module at a time. Also do note that this is an app-wide setting, so if + * you are writing a library, you will cause security bugs applications using it. + * + * That said, here's how you can completely disable SCE: + * + * ``` + * angular.module('myAppWithSceDisabledmyApp', []).config(function($sceProvider) { + * // Completely disable SCE. For demonstration purposes only! + * // Do not use in new projects or libraries. + * $sceProvider.enabled(false); + * }); + * ``` + * + */ + +function $SceProvider() { + var enabled = true; + + /** + * @ngdoc method + * @name $sceProvider#enabled + * @kind function + * + * @param {boolean=} value If provided, then enables/disables SCE application-wide. + * @return {boolean} True if SCE is enabled, false otherwise. + * + * @description + * Enables/disables SCE and returns the current value. + */ + this.enabled = function(value) { + if (arguments.length) { + enabled = !!value; + } + return enabled; + }; + + + /* Design notes on the default implementation for SCE. + * + * The API contract for the SCE delegate + * ------------------------------------- + * The SCE delegate object must provide the following 3 methods: + * + * - trustAs(contextEnum, value) + * This method is used to tell the SCE service that the provided value is OK to use in the + * contexts specified by contextEnum. It must return an object that will be accepted by + * getTrusted() for a compatible contextEnum and return this value. + * + * - valueOf(value) + * For values that were not produced by trustAs(), return them as is. For values that were + * produced by trustAs(), return the corresponding input value to trustAs. Basically, if + * trustAs is wrapping the given values into some type, this operation unwraps it when given + * such a value. + * + * - getTrusted(contextEnum, value) + * This function should return the a value that is safe to use in the context specified by + * contextEnum or throw and exception otherwise. + * + * NOTE: This contract deliberately does NOT state that values returned by trustAs() must be + * opaque or wrapped in some holder object. That happens to be an implementation detail. For + * instance, an implementation could maintain a registry of all trusted objects by context. In + * such a case, trustAs() would return the same object that was passed in. getTrusted() would + * return the same object passed in if it was found in the registry under a compatible context or + * throw an exception otherwise. An implementation might only wrap values some of the time based + * on some criteria. getTrusted() might return a value and not throw an exception for special + * constants or objects even if not wrapped. All such implementations fulfill this contract. + * + * + * A note on the inheritance model for SCE contexts + * ------------------------------------------------ + * I've used inheritance and made RESOURCE_URL wrapped types a subtype of URL wrapped types. This + * is purely an implementation details. + * + * The contract is simply this: + * + * getTrusted($sce.RESOURCE_URL, value) succeeding implies that getTrusted($sce.URL, value) + * will also succeed. + * + * Inheritance happens to capture this in a natural way. In some future, we may not use + * inheritance anymore. That is OK because no code outside of sce.js and sceSpecs.js would need to + * be aware of this detail. + */ + + this.$get = ['$parse', '$sceDelegate', function( + $parse, $sceDelegate) { + // Support: IE 9-11 only + // Prereq: Ensure that we're not running in IE<11 quirks mode. In that mode, IE < 11 allow + // the "expression(javascript expression)" syntax which is insecure. + if (enabled && msie < 8) { + throw $sceMinErr('iequirks', + 'Strict Contextual Escaping does not support Internet Explorer version < 11 in quirks ' + + 'mode. You can fix this by adding the text to the top of your HTML ' + + 'document. See http://docs.angularjs.org/api/ng.$sce for more information.'); + } + + var sce = shallowCopy(SCE_CONTEXTS); + + /** + * @ngdoc method + * @name $sce#isEnabled + * @kind function + * + * @return {Boolean} True if SCE is enabled, false otherwise. If you want to set the value, you + * have to do it at module config time on {@link ng.$sceProvider $sceProvider}. + * + * @description + * Returns a boolean indicating if SCE is enabled. + */ + sce.isEnabled = function() { + return enabled; + }; + sce.trustAs = $sceDelegate.trustAs; + sce.getTrusted = $sceDelegate.getTrusted; + sce.valueOf = $sceDelegate.valueOf; + + if (!enabled) { + sce.trustAs = sce.getTrusted = function(type, value) { return value; }; + sce.valueOf = identity; + } + + /** + * @ngdoc method + * @name $sce#parseAs + * + * @description + * Converts Angular {@link guide/expression expression} into a function. This is like {@link + * ng.$parse $parse} and is identical when the expression is a literal constant. Otherwise, it + * wraps the expression in a call to {@link ng.$sce#getTrusted $sce.getTrusted(*type*, + * *result*)} + * + * @param {string} type The SCE context in which this result will be used. + * @param {string} expression String expression to compile. + * @return {function(context, locals)} A function which represents the compiled expression: + * + * * `context` – `{object}` – an object against which any expressions embedded in the + * strings are evaluated against (typically a scope object). + * * `locals` – `{object=}` – local variables context object, useful for overriding values + * in `context`. + */ + sce.parseAs = function sceParseAs(type, expr) { + var parsed = $parse(expr); + if (parsed.literal && parsed.constant) { + return parsed; + } else { + return $parse(expr, function(value) { + return sce.getTrusted(type, value); + }); + } + }; + + /** + * @ngdoc method + * @name $sce#trustAs + * + * @description + * Delegates to {@link ng.$sceDelegate#trustAs `$sceDelegate.trustAs`}. As such, returns a + * wrapped object that represents your value, and the trust you have in its safety for the given + * context. AngularJS can then use that value as-is in bindings of the specified secure context. + * This is used in bindings for `ng-bind-html`, `ng-include`, and most `src` attribute + * interpolations. See {@link ng.$sce $sce} for strict contextual escaping. + * + * @param {string} type The context in which this value is safe for use, e.g. `$sce.URL`, + * `$sce.RESOURCE_URL`, `$sce.HTML`, `$sce.JS` or `$sce.CSS`. + * + * @param {*} value The value that that should be considered trusted. + * @return {*} A wrapped version of value that can be used as a trusted variant of your `value` + * in the context you specified. + */ + + /** + * @ngdoc method + * @name $sce#trustAsHtml + * + * @description + * Shorthand method. `$sce.trustAsHtml(value)` → + * {@link ng.$sceDelegate#trustAs `$sceDelegate.trustAs($sce.HTML, value)`} + * + * @param {*} value The value to mark as trusted for `$sce.HTML` context. + * @return {*} A wrapped version of value that can be used as a trusted variant of your `value` + * in `$sce.HTML` context (like `ng-bind-html`). + */ + + /** + * @ngdoc method + * @name $sce#trustAsCss + * + * @description + * Shorthand method. `$sce.trustAsCss(value)` → + * {@link ng.$sceDelegate#trustAs `$sceDelegate.trustAs($sce.CSS, value)`} + * + * @param {*} value The value to mark as trusted for `$sce.CSS` context. + * @return {*} A wrapped version of value that can be used as a trusted variant + * of your `value` in `$sce.CSS` context. This context is currently unused, so there are + * almost no reasons to use this function so far. + */ + + /** + * @ngdoc method + * @name $sce#trustAsUrl + * + * @description + * Shorthand method. `$sce.trustAsUrl(value)` → + * {@link ng.$sceDelegate#trustAs `$sceDelegate.trustAs($sce.URL, value)`} + * + * @param {*} value The value to mark as trusted for `$sce.URL` context. + * @return {*} A wrapped version of value that can be used as a trusted variant of your `value` + * in `$sce.URL` context. That context is currently unused, so there are almost no reasons + * to use this function so far. + */ + + /** + * @ngdoc method + * @name $sce#trustAsResourceUrl + * + * @description + * Shorthand method. `$sce.trustAsResourceUrl(value)` → + * {@link ng.$sceDelegate#trustAs `$sceDelegate.trustAs($sce.RESOURCE_URL, value)`} + * + * @param {*} value The value to mark as trusted for `$sce.RESOURCE_URL` context. + * @return {*} A wrapped version of value that can be used as a trusted variant of your `value` + * in `$sce.RESOURCE_URL` context (template URLs in `ng-include`, most `src` attribute + * bindings, ...) + */ + + /** + * @ngdoc method + * @name $sce#trustAsJs + * + * @description + * Shorthand method. `$sce.trustAsJs(value)` → + * {@link ng.$sceDelegate#trustAs `$sceDelegate.trustAs($sce.JS, value)`} + * + * @param {*} value The value to mark as trusted for `$sce.JS` context. + * @return {*} A wrapped version of value that can be used as a trusted variant of your `value` + * in `$sce.JS` context. That context is currently unused, so there are almost no reasons to + * use this function so far. + */ + + /** + * @ngdoc method + * @name $sce#getTrusted + * + * @description + * Delegates to {@link ng.$sceDelegate#getTrusted `$sceDelegate.getTrusted`}. As such, + * takes any input, and either returns a value that's safe to use in the specified context, + * or throws an exception. This function is aware of trusted values created by the `trustAs` + * function and its shorthands, and when contexts are appropriate, returns the unwrapped value + * as-is. Finally, this function can also throw when there is no way to turn `maybeTrusted` in a + * safe value (e.g., no sanitization is available or possible.) + * + * @param {string} type The context in which this value is to be used. + * @param {*} maybeTrusted The result of a prior {@link ng.$sce#trustAs + * `$sce.trustAs`} call, or anything else (which will not be considered trusted.) + * @return {*} A version of the value that's safe to use in the given context, or throws an + * exception if this is impossible. + */ + + /** + * @ngdoc method + * @name $sce#getTrustedHtml + * + * @description + * Shorthand method. `$sce.getTrustedHtml(value)` → + * {@link ng.$sceDelegate#getTrusted `$sceDelegate.getTrusted($sce.HTML, value)`} + * + * @param {*} value The value to pass to `$sce.getTrusted`. + * @return {*} The return value of `$sce.getTrusted($sce.HTML, value)` + */ + + /** + * @ngdoc method + * @name $sce#getTrustedCss + * + * @description + * Shorthand method. `$sce.getTrustedCss(value)` → + * {@link ng.$sceDelegate#getTrusted `$sceDelegate.getTrusted($sce.CSS, value)`} + * + * @param {*} value The value to pass to `$sce.getTrusted`. + * @return {*} The return value of `$sce.getTrusted($sce.CSS, value)` + */ + + /** + * @ngdoc method + * @name $sce#getTrustedUrl + * + * @description + * Shorthand method. `$sce.getTrustedUrl(value)` → + * {@link ng.$sceDelegate#getTrusted `$sceDelegate.getTrusted($sce.URL, value)`} + * + * @param {*} value The value to pass to `$sce.getTrusted`. + * @return {*} The return value of `$sce.getTrusted($sce.URL, value)` + */ + + /** + * @ngdoc method + * @name $sce#getTrustedResourceUrl + * + * @description + * Shorthand method. `$sce.getTrustedResourceUrl(value)` → + * {@link ng.$sceDelegate#getTrusted `$sceDelegate.getTrusted($sce.RESOURCE_URL, value)`} + * + * @param {*} value The value to pass to `$sceDelegate.getTrusted`. + * @return {*} The return value of `$sce.getTrusted($sce.RESOURCE_URL, value)` + */ + + /** + * @ngdoc method + * @name $sce#getTrustedJs + * + * @description + * Shorthand method. `$sce.getTrustedJs(value)` → + * {@link ng.$sceDelegate#getTrusted `$sceDelegate.getTrusted($sce.JS, value)`} + * + * @param {*} value The value to pass to `$sce.getTrusted`. + * @return {*} The return value of `$sce.getTrusted($sce.JS, value)` + */ + + /** + * @ngdoc method + * @name $sce#parseAsHtml + * + * @description + * Shorthand method. `$sce.parseAsHtml(expression string)` → + * {@link ng.$sce#parseAs `$sce.parseAs($sce.HTML, value)`} + * + * @param {string} expression String expression to compile. + * @return {function(context, locals)} A function which represents the compiled expression: + * + * * `context` – `{object}` – an object against which any expressions embedded in the + * strings are evaluated against (typically a scope object). + * * `locals` – `{object=}` – local variables context object, useful for overriding values + * in `context`. + */ + + /** + * @ngdoc method + * @name $sce#parseAsCss + * + * @description + * Shorthand method. `$sce.parseAsCss(value)` → + * {@link ng.$sce#parseAs `$sce.parseAs($sce.CSS, value)`} + * + * @param {string} expression String expression to compile. + * @return {function(context, locals)} A function which represents the compiled expression: + * + * * `context` – `{object}` – an object against which any expressions embedded in the + * strings are evaluated against (typically a scope object). + * * `locals` – `{object=}` – local variables context object, useful for overriding values + * in `context`. + */ + + /** + * @ngdoc method + * @name $sce#parseAsUrl + * + * @description + * Shorthand method. `$sce.parseAsUrl(value)` → + * {@link ng.$sce#parseAs `$sce.parseAs($sce.URL, value)`} + * + * @param {string} expression String expression to compile. + * @return {function(context, locals)} A function which represents the compiled expression: + * + * * `context` – `{object}` – an object against which any expressions embedded in the + * strings are evaluated against (typically a scope object). + * * `locals` – `{object=}` – local variables context object, useful for overriding values + * in `context`. + */ + + /** + * @ngdoc method + * @name $sce#parseAsResourceUrl + * + * @description + * Shorthand method. `$sce.parseAsResourceUrl(value)` → + * {@link ng.$sce#parseAs `$sce.parseAs($sce.RESOURCE_URL, value)`} + * + * @param {string} expression String expression to compile. + * @return {function(context, locals)} A function which represents the compiled expression: + * + * * `context` – `{object}` – an object against which any expressions embedded in the + * strings are evaluated against (typically a scope object). + * * `locals` – `{object=}` – local variables context object, useful for overriding values + * in `context`. + */ + + /** + * @ngdoc method + * @name $sce#parseAsJs + * + * @description + * Shorthand method. `$sce.parseAsJs(value)` → + * {@link ng.$sce#parseAs `$sce.parseAs($sce.JS, value)`} + * + * @param {string} expression String expression to compile. + * @return {function(context, locals)} A function which represents the compiled expression: + * + * * `context` – `{object}` – an object against which any expressions embedded in the + * strings are evaluated against (typically a scope object). + * * `locals` – `{object=}` – local variables context object, useful for overriding values + * in `context`. + */ + + // Shorthand delegations. + var parse = sce.parseAs, + getTrusted = sce.getTrusted, + trustAs = sce.trustAs; + + forEach(SCE_CONTEXTS, function(enumValue, name) { + var lName = lowercase(name); + sce[snakeToCamel('parse_as_' + lName)] = function(expr) { + return parse(enumValue, expr); + }; + sce[snakeToCamel('get_trusted_' + lName)] = function(value) { + return getTrusted(enumValue, value); + }; + sce[snakeToCamel('trust_as_' + lName)] = function(value) { + return trustAs(enumValue, value); + }; + }); + + return sce; + }]; +} + +/* exported $SnifferProvider */ + +/** + * !!! This is an undocumented "private" service !!! + * + * @name $sniffer + * @requires $window + * @requires $document + * @this + * + * @property {boolean} history Does the browser support html5 history api ? + * @property {boolean} transitions Does the browser support CSS transition events ? + * @property {boolean} animations Does the browser support CSS animation events ? + * + * @description + * This is very simple implementation of testing browser's features. + */ +function $SnifferProvider() { + this.$get = ['$window', '$document', function($window, $document) { + var eventSupport = {}, + // Chrome Packaged Apps are not allowed to access `history.pushState`. + // If not sandboxed, they can be detected by the presence of `chrome.app.runtime` + // (see https://developer.chrome.com/apps/api_index). If sandboxed, they can be detected by + // the presence of an extension runtime ID and the absence of other Chrome runtime APIs + // (see https://developer.chrome.com/apps/manifest/sandbox). + // (NW.js apps have access to Chrome APIs, but do support `history`.) + isNw = $window.nw && $window.nw.process, + isChromePackagedApp = + !isNw && + $window.chrome && + ($window.chrome.app && $window.chrome.app.runtime || + !$window.chrome.app && $window.chrome.runtime && $window.chrome.runtime.id), + hasHistoryPushState = !isChromePackagedApp && $window.history && $window.history.pushState, + android = + toInt((/android (\d+)/.exec(lowercase(($window.navigator || {}).userAgent)) || [])[1]), + boxee = /Boxee/i.test(($window.navigator || {}).userAgent), + document = $document[0] || {}, + bodyStyle = document.body && document.body.style, + transitions = false, + animations = false; + + if (bodyStyle) { + // Support: Android <5, Blackberry Browser 10, default Chrome in Android 4.4.x + // Mentioned browsers need a -webkit- prefix for transitions & animations. + transitions = !!('transition' in bodyStyle || 'webkitTransition' in bodyStyle); + animations = !!('animation' in bodyStyle || 'webkitAnimation' in bodyStyle); + } + + + return { + // Android has history.pushState, but it does not update location correctly + // so let's not use the history API at all. + // http://code.google.com/p/android/issues/detail?id=17471 + // https://github.com/angular/angular.js/issues/904 + + // older webkit browser (533.9) on Boxee box has exactly the same problem as Android has + // so let's not use the history API also + // We are purposefully using `!(android < 4)` to cover the case when `android` is undefined + history: !!(hasHistoryPushState && !(android < 4) && !boxee), + hasEvent: function(event) { + // Support: IE 9-11 only + // IE9 implements 'input' event it's so fubared that we rather pretend that it doesn't have + // it. In particular the event is not fired when backspace or delete key are pressed or + // when cut operation is performed. + // IE10+ implements 'input' event but it erroneously fires under various situations, + // e.g. when placeholder changes, or a form is focused. + if (event === 'input' && msie) return false; + + if (isUndefined(eventSupport[event])) { + var divElm = document.createElement('div'); + eventSupport[event] = 'on' + event in divElm; + } + + return eventSupport[event]; + }, + csp: csp(), + transitions: transitions, + animations: animations, + android: android + }; + }]; +} + +var $templateRequestMinErr = minErr('$compile'); + +/** + * @ngdoc provider + * @name $templateRequestProvider + * @this + * + * @description + * Used to configure the options passed to the {@link $http} service when making a template request. + * + * For example, it can be used for specifying the "Accept" header that is sent to the server, when + * requesting a template. + */ +function $TemplateRequestProvider() { + + var httpOptions; + + /** + * @ngdoc method + * @name $templateRequestProvider#httpOptions + * @description + * The options to be passed to the {@link $http} service when making the request. + * You can use this to override options such as the "Accept" header for template requests. + * + * The {@link $templateRequest} will set the `cache` and the `transformResponse` properties of the + * options if not overridden here. + * + * @param {string=} value new value for the {@link $http} options. + * @returns {string|self} Returns the {@link $http} options when used as getter and self if used as setter. + */ + this.httpOptions = function(val) { + if (val) { + httpOptions = val; + return this; + } + return httpOptions; + }; + + /** + * @ngdoc service + * @name $templateRequest + * + * @description + * The `$templateRequest` service runs security checks then downloads the provided template using + * `$http` and, upon success, stores the contents inside of `$templateCache`. If the HTTP request + * fails or the response data of the HTTP request is empty, a `$compile` error will be thrown (the + * exception can be thwarted by setting the 2nd parameter of the function to true). Note that the + * contents of `$templateCache` are trusted, so the call to `$sce.getTrustedUrl(tpl)` is omitted + * when `tpl` is of type string and `$templateCache` has the matching entry. + * + * If you want to pass custom options to the `$http` service, such as setting the Accept header you + * can configure this via {@link $templateRequestProvider#httpOptions}. + * + * @param {string|TrustedResourceUrl} tpl The HTTP request template URL + * @param {boolean=} ignoreRequestError Whether or not to ignore the exception when the request fails or the template is empty + * + * @return {Promise} a promise for the HTTP response data of the given URL. + * + * @property {number} totalPendingRequests total amount of pending template requests being downloaded. + */ + this.$get = ['$exceptionHandler', '$templateCache', '$http', '$q', '$sce', + function($exceptionHandler, $templateCache, $http, $q, $sce) { + + function handleRequestFn(tpl, ignoreRequestError) { + handleRequestFn.totalPendingRequests++; + + // We consider the template cache holds only trusted templates, so + // there's no need to go through whitelisting again for keys that already + // are included in there. This also makes Angular accept any script + // directive, no matter its name. However, we still need to unwrap trusted + // types. + if (!isString(tpl) || isUndefined($templateCache.get(tpl))) { + tpl = $sce.getTrustedResourceUrl(tpl); + } + + var transformResponse = $http.defaults && $http.defaults.transformResponse; + + if (isArray(transformResponse)) { + transformResponse = transformResponse.filter(function(transformer) { + return transformer !== defaultHttpResponseTransform; + }); + } else if (transformResponse === defaultHttpResponseTransform) { + transformResponse = null; + } + + return $http.get(tpl, extend({ + cache: $templateCache, + transformResponse: transformResponse + }, httpOptions)) + .finally(function() { + handleRequestFn.totalPendingRequests--; + }) + .then(function(response) { + $templateCache.put(tpl, response.data); + return response.data; + }, handleError); + + function handleError(resp) { + if (!ignoreRequestError) { + resp = $templateRequestMinErr('tpload', + 'Failed to load template: {0} (HTTP status: {1} {2})', + tpl, resp.status, resp.statusText); + + $exceptionHandler(resp); + } + + return $q.reject(resp); + } + } + + handleRequestFn.totalPendingRequests = 0; + + return handleRequestFn; + } + ]; +} + +/** @this */ +function $$TestabilityProvider() { + this.$get = ['$rootScope', '$browser', '$location', + function($rootScope, $browser, $location) { + + /** + * @name $testability + * + * @description + * The private $$testability service provides a collection of methods for use when debugging + * or by automated test and debugging tools. + */ + var testability = {}; + + /** + * @name $$testability#findBindings + * + * @description + * Returns an array of elements that are bound (via ng-bind or {{}}) + * to expressions matching the input. + * + * @param {Element} element The element root to search from. + * @param {string} expression The binding expression to match. + * @param {boolean} opt_exactMatch If true, only returns exact matches + * for the expression. Filters and whitespace are ignored. + */ + testability.findBindings = function(element, expression, opt_exactMatch) { + var bindings = element.getElementsByClassName('ng-binding'); + var matches = []; + forEach(bindings, function(binding) { + var dataBinding = angular.element(binding).data('$binding'); + if (dataBinding) { + forEach(dataBinding, function(bindingName) { + if (opt_exactMatch) { + var matcher = new RegExp('(^|\\s)' + escapeForRegexp(expression) + '(\\s|\\||$)'); + if (matcher.test(bindingName)) { + matches.push(binding); + } + } else { + if (bindingName.indexOf(expression) !== -1) { + matches.push(binding); + } + } + }); + } + }); + return matches; + }; + + /** + * @name $$testability#findModels + * + * @description + * Returns an array of elements that are two-way found via ng-model to + * expressions matching the input. + * + * @param {Element} element The element root to search from. + * @param {string} expression The model expression to match. + * @param {boolean} opt_exactMatch If true, only returns exact matches + * for the expression. + */ + testability.findModels = function(element, expression, opt_exactMatch) { + var prefixes = ['ng-', 'data-ng-', 'ng\\:']; + for (var p = 0; p < prefixes.length; ++p) { + var attributeEquals = opt_exactMatch ? '=' : '*='; + var selector = '[' + prefixes[p] + 'model' + attributeEquals + '"' + expression + '"]'; + var elements = element.querySelectorAll(selector); + if (elements.length) { + return elements; + } + } + }; + + /** + * @name $$testability#getLocation + * + * @description + * Shortcut for getting the location in a browser agnostic way. Returns + * the path, search, and hash. (e.g. /path?a=b#hash) + */ + testability.getLocation = function() { + return $location.url(); + }; + + /** + * @name $$testability#setLocation + * + * @description + * Shortcut for navigating to a location without doing a full page reload. + * + * @param {string} url The location url (path, search and hash, + * e.g. /path?a=b#hash) to go to. + */ + testability.setLocation = function(url) { + if (url !== $location.url()) { + $location.url(url); + $rootScope.$digest(); + } + }; + + /** + * @name $$testability#whenStable + * + * @description + * Calls the callback when $timeout and $http requests are completed. + * + * @param {function} callback + */ + testability.whenStable = function(callback) { + $browser.notifyWhenNoOutstandingRequests(callback); + }; + + return testability; + }]; +} + +/** @this */ +function $TimeoutProvider() { + this.$get = ['$rootScope', '$browser', '$q', '$$q', '$exceptionHandler', + function($rootScope, $browser, $q, $$q, $exceptionHandler) { + + var deferreds = {}; + + + /** + * @ngdoc service + * @name $timeout + * + * @description + * Angular's wrapper for `window.setTimeout`. The `fn` function is wrapped into a try/catch + * block and delegates any exceptions to + * {@link ng.$exceptionHandler $exceptionHandler} service. + * + * The return value of calling `$timeout` is a promise, which will be resolved when + * the delay has passed and the timeout function, if provided, is executed. + * + * To cancel a timeout request, call `$timeout.cancel(promise)`. + * + * In tests you can use {@link ngMock.$timeout `$timeout.flush()`} to + * synchronously flush the queue of deferred functions. + * + * If you only want a promise that will be resolved after some specified delay + * then you can call `$timeout` without the `fn` function. + * + * @param {function()=} fn A function, whose execution should be delayed. + * @param {number=} [delay=0] Delay in milliseconds. + * @param {boolean=} [invokeApply=true] If set to `false` skips model dirty checking, otherwise + * will invoke `fn` within the {@link ng.$rootScope.Scope#$apply $apply} block. + * @param {...*=} Pass additional parameters to the executed function. + * @returns {Promise} Promise that will be resolved when the timeout is reached. The promise + * will be resolved with the return value of the `fn` function. + * + */ + function timeout(fn, delay, invokeApply) { + if (!isFunction(fn)) { + invokeApply = delay; + delay = fn; + fn = noop; + } + + var args = sliceArgs(arguments, 3), + skipApply = (isDefined(invokeApply) && !invokeApply), + deferred = (skipApply ? $$q : $q).defer(), + promise = deferred.promise, + timeoutId; + + timeoutId = $browser.defer(function() { + try { + deferred.resolve(fn.apply(null, args)); + } catch (e) { + deferred.reject(e); + $exceptionHandler(e); + } finally { + delete deferreds[promise.$$timeoutId]; + } + + if (!skipApply) $rootScope.$apply(); + }, delay); + + promise.$$timeoutId = timeoutId; + deferreds[timeoutId] = deferred; + + return promise; + } + + + /** + * @ngdoc method + * @name $timeout#cancel + * + * @description + * Cancels a task associated with the `promise`. As a result of this, the promise will be + * resolved with a rejection. + * + * @param {Promise=} promise Promise returned by the `$timeout` function. + * @returns {boolean} Returns `true` if the task hasn't executed yet and was successfully + * canceled. + */ + timeout.cancel = function(promise) { + if (promise && promise.$$timeoutId in deferreds) { + // Timeout cancels should not report an unhandled promise. + deferreds[promise.$$timeoutId].promise.catch(noop); + deferreds[promise.$$timeoutId].reject('canceled'); + delete deferreds[promise.$$timeoutId]; + return $browser.defer.cancel(promise.$$timeoutId); + } + return false; + }; + + return timeout; + }]; +} + +// NOTE: The usage of window and document instead of $window and $document here is +// deliberate. This service depends on the specific behavior of anchor nodes created by the +// browser (resolving and parsing URLs) that is unlikely to be provided by mock objects and +// cause us to break tests. In addition, when the browser resolves a URL for XHR, it +// doesn't know about mocked locations and resolves URLs to the real document - which is +// exactly the behavior needed here. There is little value is mocking these out for this +// service. +var urlParsingNode = window.document.createElement('a'); +var originUrl = urlResolve(window.location.href); + + +/** + * + * Implementation Notes for non-IE browsers + * ---------------------------------------- + * Assigning a URL to the href property of an anchor DOM node, even one attached to the DOM, + * results both in the normalizing and parsing of the URL. Normalizing means that a relative + * URL will be resolved into an absolute URL in the context of the application document. + * Parsing means that the anchor node's host, hostname, protocol, port, pathname and related + * properties are all populated to reflect the normalized URL. This approach has wide + * compatibility - Safari 1+, Mozilla 1+ etc. See + * http://www.aptana.com/reference/html/api/HTMLAnchorElement.html + * + * Implementation Notes for IE + * --------------------------- + * IE <= 10 normalizes the URL when assigned to the anchor node similar to the other + * browsers. However, the parsed components will not be set if the URL assigned did not specify + * them. (e.g. if you assign a.href = "foo", then a.protocol, a.host, etc. will be empty.) We + * work around that by performing the parsing in a 2nd step by taking a previously normalized + * URL (e.g. by assigning to a.href) and assigning it a.href again. This correctly populates the + * properties such as protocol, hostname, port, etc. + * + * References: + * http://developer.mozilla.org/en-US/docs/Web/API/HTMLAnchorElement + * http://www.aptana.com/reference/html/api/HTMLAnchorElement.html + * http://url.spec.whatwg.org/#urlutils + * https://github.com/angular/angular.js/pull/2902 + * http://james.padolsey.com/javascript/parsing-urls-with-the-dom/ + * + * @kind function + * @param {string} url The URL to be parsed. + * @description Normalizes and parses a URL. + * @returns {object} Returns the normalized URL as a dictionary. + * + * | member name | Description | + * |---------------|----------------| + * | href | A normalized version of the provided URL if it was not an absolute URL | + * | protocol | The protocol including the trailing colon | + * | host | The host and port (if the port is non-default) of the normalizedUrl | + * | search | The search params, minus the question mark | + * | hash | The hash string, minus the hash symbol + * | hostname | The hostname + * | port | The port, without ":" + * | pathname | The pathname, beginning with "/" + * + */ +function urlResolve(url) { + var href = url; + + // Support: IE 9-11 only + if (msie) { + // Normalize before parse. Refer Implementation Notes on why this is + // done in two steps on IE. + urlParsingNode.setAttribute('href', href); + href = urlParsingNode.href; + } + + urlParsingNode.setAttribute('href', href); + + // urlParsingNode provides the UrlUtils interface - http://url.spec.whatwg.org/#urlutils + return { + href: urlParsingNode.href, + protocol: urlParsingNode.protocol ? urlParsingNode.protocol.replace(/:$/, '') : '', + host: urlParsingNode.host, + search: urlParsingNode.search ? urlParsingNode.search.replace(/^\?/, '') : '', + hash: urlParsingNode.hash ? urlParsingNode.hash.replace(/^#/, '') : '', + hostname: urlParsingNode.hostname, + port: urlParsingNode.port, + pathname: (urlParsingNode.pathname.charAt(0) === '/') + ? urlParsingNode.pathname + : '/' + urlParsingNode.pathname + }; +} + +/** + * Parse a request URL and determine whether this is a same-origin request as the application document. + * + * @param {string|object} requestUrl The url of the request as a string that will be resolved + * or a parsed URL object. + * @returns {boolean} Whether the request is for the same origin as the application document. + */ +function urlIsSameOrigin(requestUrl) { + var parsed = (isString(requestUrl)) ? urlResolve(requestUrl) : requestUrl; + return (parsed.protocol === originUrl.protocol && + parsed.host === originUrl.host); +} + +/** + * @ngdoc service + * @name $window + * @this + * + * @description + * A reference to the browser's `window` object. While `window` + * is globally available in JavaScript, it causes testability problems, because + * it is a global variable. In angular we always refer to it through the + * `$window` service, so it may be overridden, removed or mocked for testing. + * + * Expressions, like the one defined for the `ngClick` directive in the example + * below, are evaluated with respect to the current scope. Therefore, there is + * no risk of inadvertently coding in a dependency on a global value in such an + * expression. + * + * @example + + + +
    + + +
    +
    + + it('should display the greeting in the input box', function() { + element(by.model('greeting')).sendKeys('Hello, E2E Tests'); + // If we click the button it will block the test runner + // element(':button').click(); + }); + +
    + */ +function $WindowProvider() { + this.$get = valueFn(window); +} + +/** + * @name $$cookieReader + * @requires $document + * + * @description + * This is a private service for reading cookies used by $http and ngCookies + * + * @return {Object} a key/value map of the current cookies + */ +function $$CookieReader($document) { + var rawDocument = $document[0] || {}; + var lastCookies = {}; + var lastCookieString = ''; + + function safeGetCookie(rawDocument) { + try { + return rawDocument.cookie || ''; + } catch (e) { + return ''; + } + } + + function safeDecodeURIComponent(str) { + try { + return decodeURIComponent(str); + } catch (e) { + return str; + } + } + + return function() { + var cookieArray, cookie, i, index, name; + var currentCookieString = safeGetCookie(rawDocument); + + if (currentCookieString !== lastCookieString) { + lastCookieString = currentCookieString; + cookieArray = lastCookieString.split('; '); + lastCookies = {}; + + for (i = 0; i < cookieArray.length; i++) { + cookie = cookieArray[i]; + index = cookie.indexOf('='); + if (index > 0) { //ignore nameless cookies + name = safeDecodeURIComponent(cookie.substring(0, index)); + // the first value that is seen for a cookie is the most + // specific one. values for the same cookie name that + // follow are for less specific paths. + if (isUndefined(lastCookies[name])) { + lastCookies[name] = safeDecodeURIComponent(cookie.substring(index + 1)); + } + } + } + } + return lastCookies; + }; +} + +$$CookieReader.$inject = ['$document']; + +/** @this */ +function $$CookieReaderProvider() { + this.$get = $$CookieReader; +} + +/* global currencyFilter: true, + dateFilter: true, + filterFilter: true, + jsonFilter: true, + limitToFilter: true, + lowercaseFilter: true, + numberFilter: true, + orderByFilter: true, + uppercaseFilter: true, + */ + +/** + * @ngdoc provider + * @name $filterProvider + * @description + * + * Filters are just functions which transform input to an output. However filters need to be + * Dependency Injected. To achieve this a filter definition consists of a factory function which is + * annotated with dependencies and is responsible for creating a filter function. + * + *
    + * **Note:** Filter names must be valid angular {@link expression} identifiers, such as `uppercase` or `orderBy`. + * Names with special characters, such as hyphens and dots, are not allowed. If you wish to namespace + * your filters, then you can use capitalization (`myappSubsectionFilterx`) or underscores + * (`myapp_subsection_filterx`). + *
    + * + * ```js + * // Filter registration + * function MyModule($provide, $filterProvider) { + * // create a service to demonstrate injection (not always needed) + * $provide.value('greet', function(name){ + * return 'Hello ' + name + '!'; + * }); + * + * // register a filter factory which uses the + * // greet service to demonstrate DI. + * $filterProvider.register('greet', function(greet){ + * // return the filter function which uses the greet service + * // to generate salutation + * return function(text) { + * // filters need to be forgiving so check input validity + * return text && greet(text) || text; + * }; + * }); + * } + * ``` + * + * The filter function is registered with the `$injector` under the filter name suffix with + * `Filter`. + * + * ```js + * it('should be the same instance', inject( + * function($filterProvider) { + * $filterProvider.register('reverse', function(){ + * return ...; + * }); + * }, + * function($filter, reverseFilter) { + * expect($filter('reverse')).toBe(reverseFilter); + * }); + * ``` + * + * + * For more information about how angular filters work, and how to create your own filters, see + * {@link guide/filter Filters} in the Angular Developer Guide. + */ + +/** + * @ngdoc service + * @name $filter + * @kind function + * @description + * Filters are used for formatting data displayed to the user. + * + * They can be used in view templates, controllers or services.Angular comes + * with a collection of [built-in filters](api/ng/filter), but it is easy to + * define your own as well. + * + * The general syntax in templates is as follows: + * + * ```html + * {{ expression [| filter_name[:parameter_value] ... ] }} + * ``` + * + * @param {String} name Name of the filter function to retrieve + * @return {Function} the filter function + * @example + + +
    +

    {{ originalText }}

    +

    {{ filteredText }}

    +
    +
    + + + angular.module('filterExample', []) + .controller('MainCtrl', function($scope, $filter) { + $scope.originalText = 'hello'; + $scope.filteredText = $filter('uppercase')($scope.originalText); + }); + +
    + */ +$FilterProvider.$inject = ['$provide']; +/** @this */ +function $FilterProvider($provide) { + var suffix = 'Filter'; + + /** + * @ngdoc method + * @name $filterProvider#register + * @param {string|Object} name Name of the filter function, or an object map of filters where + * the keys are the filter names and the values are the filter factories. + * + *
    + * **Note:** Filter names must be valid angular {@link expression} identifiers, such as `uppercase` or `orderBy`. + * Names with special characters, such as hyphens and dots, are not allowed. If you wish to namespace + * your filters, then you can use capitalization (`myappSubsectionFilterx`) or underscores + * (`myapp_subsection_filterx`). + *
    + * @param {Function} factory If the first argument was a string, a factory function for the filter to be registered. + * @returns {Object} Registered filter instance, or if a map of filters was provided then a map + * of the registered filter instances. + */ + function register(name, factory) { + if (isObject(name)) { + var filters = {}; + forEach(name, function(filter, key) { + filters[key] = register(key, filter); + }); + return filters; + } else { + return $provide.factory(name + suffix, factory); + } + } + this.register = register; + + this.$get = ['$injector', function($injector) { + return function(name) { + return $injector.get(name + suffix); + }; + }]; + + //////////////////////////////////////// + + /* global + currencyFilter: false, + dateFilter: false, + filterFilter: false, + jsonFilter: false, + limitToFilter: false, + lowercaseFilter: false, + numberFilter: false, + orderByFilter: false, + uppercaseFilter: false + */ + + register('currency', currencyFilter); + register('date', dateFilter); + register('filter', filterFilter); + register('json', jsonFilter); + register('limitTo', limitToFilter); + register('lowercase', lowercaseFilter); + register('number', numberFilter); + register('orderBy', orderByFilter); + register('uppercase', uppercaseFilter); +} + +/** + * @ngdoc filter + * @name filter + * @kind function + * + * @description + * Selects a subset of items from `array` and returns it as a new array. + * + * @param {Array} array The source array. + *
    + * **Note**: If the array contains objects that reference themselves, filtering is not possible. + *
    + * @param {string|Object|function()} expression The predicate to be used for selecting items from + * `array`. + * + * Can be one of: + * + * - `string`: The string is used for matching against the contents of the `array`. All strings or + * objects with string properties in `array` that match this string will be returned. This also + * applies to nested object properties. + * The predicate can be negated by prefixing the string with `!`. + * + * - `Object`: A pattern object can be used to filter specific properties on objects contained + * by `array`. For example `{name:"M", phone:"1"}` predicate will return an array of items + * which have property `name` containing "M" and property `phone` containing "1". A special + * property name (`$` by default) can be used (e.g. as in `{$: "text"}`) to accept a match + * against any property of the object or its nested object properties. That's equivalent to the + * simple substring match with a `string` as described above. The special property name can be + * overwritten, using the `anyPropertyKey` parameter. + * The predicate can be negated by prefixing the string with `!`. + * For example `{name: "!M"}` predicate will return an array of items which have property `name` + * not containing "M". + * + * Note that a named property will match properties on the same level only, while the special + * `$` property will match properties on the same level or deeper. E.g. an array item like + * `{name: {first: 'John', last: 'Doe'}}` will **not** be matched by `{name: 'John'}`, but + * **will** be matched by `{$: 'John'}`. + * + * - `function(value, index, array)`: A predicate function can be used to write arbitrary filters. + * The function is called for each element of the array, with the element, its index, and + * the entire array itself as arguments. + * + * The final result is an array of those elements that the predicate returned true for. + * + * @param {function(actual, expected)|true|false} [comparator] Comparator which is used in + * determining if values retrieved using `expression` (when it is not a function) should be + * considered a match based on the the expected value (from the filter expression) and actual + * value (from the object in the array). + * + * Can be one of: + * + * - `function(actual, expected)`: + * The function will be given the object value and the predicate value to compare and + * should return true if both values should be considered equal. + * + * - `true`: A shorthand for `function(actual, expected) { return angular.equals(actual, expected)}`. + * This is essentially strict comparison of expected and actual. + * + * - `false`: A short hand for a function which will look for a substring match in a case + * insensitive way. Primitive values are converted to strings. Objects are not compared against + * primitives, unless they have a custom `toString` method (e.g. `Date` objects). + * + * + * Defaults to `false`. + * + * @param {string} [anyPropertyKey] The special property name that matches against any property. + * By default `$`. + * + * @example + + +
    + + + + + + + + +
    NamePhone
    {{friend.name}}{{friend.phone}}
    +
    +
    +
    +
    +
    + + + + + + +
    NamePhone
    {{friendObj.name}}{{friendObj.phone}}
    +
    + + var expectFriendNames = function(expectedNames, key) { + element.all(by.repeater(key + ' in friends').column(key + '.name')).then(function(arr) { + arr.forEach(function(wd, i) { + expect(wd.getText()).toMatch(expectedNames[i]); + }); + }); + }; + + it('should search across all fields when filtering with a string', function() { + var searchText = element(by.model('searchText')); + searchText.clear(); + searchText.sendKeys('m'); + expectFriendNames(['Mary', 'Mike', 'Adam'], 'friend'); + + searchText.clear(); + searchText.sendKeys('76'); + expectFriendNames(['John', 'Julie'], 'friend'); + }); + + it('should search in specific fields when filtering with a predicate object', function() { + var searchAny = element(by.model('search.$')); + searchAny.clear(); + searchAny.sendKeys('i'); + expectFriendNames(['Mary', 'Mike', 'Julie', 'Juliette'], 'friendObj'); + }); + it('should use a equal comparison when comparator is true', function() { + var searchName = element(by.model('search.name')); + var strict = element(by.model('strict')); + searchName.clear(); + searchName.sendKeys('Julie'); + strict.click(); + expectFriendNames(['Julie'], 'friendObj'); + }); + +
    + */ + +function filterFilter() { + return function(array, expression, comparator, anyPropertyKey) { + if (!isArrayLike(array)) { + if (array == null) { + return array; + } else { + throw minErr('filter')('notarray', 'Expected array but received: {0}', array); + } + } + + anyPropertyKey = anyPropertyKey || '$'; + var expressionType = getTypeForFilter(expression); + var predicateFn; + var matchAgainstAnyProp; + + switch (expressionType) { + case 'function': + predicateFn = expression; + break; + case 'boolean': + case 'null': + case 'number': + case 'string': + matchAgainstAnyProp = true; + // falls through + case 'object': + predicateFn = createPredicateFn(expression, comparator, anyPropertyKey, matchAgainstAnyProp); + break; + default: + return array; + } + + return Array.prototype.filter.call(array, predicateFn); + }; +} + +// Helper functions for `filterFilter` +function createPredicateFn(expression, comparator, anyPropertyKey, matchAgainstAnyProp) { + var shouldMatchPrimitives = isObject(expression) && (anyPropertyKey in expression); + var predicateFn; + + if (comparator === true) { + comparator = equals; + } else if (!isFunction(comparator)) { + comparator = function(actual, expected) { + if (isUndefined(actual)) { + // No substring matching against `undefined` + return false; + } + if ((actual === null) || (expected === null)) { + // No substring matching against `null`; only match against `null` + return actual === expected; + } + if (isObject(expected) || (isObject(actual) && !hasCustomToString(actual))) { + // Should not compare primitives against objects, unless they have custom `toString` method + return false; + } + + actual = lowercase('' + actual); + expected = lowercase('' + expected); + return actual.indexOf(expected) !== -1; + }; + } + + predicateFn = function(item) { + if (shouldMatchPrimitives && !isObject(item)) { + return deepCompare(item, expression[anyPropertyKey], comparator, anyPropertyKey, false); + } + return deepCompare(item, expression, comparator, anyPropertyKey, matchAgainstAnyProp); + }; + + return predicateFn; +} + +function deepCompare(actual, expected, comparator, anyPropertyKey, matchAgainstAnyProp, dontMatchWholeObject) { + var actualType = getTypeForFilter(actual); + var expectedType = getTypeForFilter(expected); + + if ((expectedType === 'string') && (expected.charAt(0) === '!')) { + return !deepCompare(actual, expected.substring(1), comparator, anyPropertyKey, matchAgainstAnyProp); + } else if (isArray(actual)) { + // In case `actual` is an array, consider it a match + // if ANY of it's items matches `expected` + return actual.some(function(item) { + return deepCompare(item, expected, comparator, anyPropertyKey, matchAgainstAnyProp); + }); + } + + switch (actualType) { + case 'object': + var key; + if (matchAgainstAnyProp) { + for (key in actual) { + // Under certain, rare, circumstances, key may not be a string and `charAt` will be undefined + // See: https://github.com/angular/angular.js/issues/15644 + if (key.charAt && (key.charAt(0) !== '$') && + deepCompare(actual[key], expected, comparator, anyPropertyKey, true)) { + return true; + } + } + return dontMatchWholeObject ? false : deepCompare(actual, expected, comparator, anyPropertyKey, false); + } else if (expectedType === 'object') { + for (key in expected) { + var expectedVal = expected[key]; + if (isFunction(expectedVal) || isUndefined(expectedVal)) { + continue; + } + + var matchAnyProperty = key === anyPropertyKey; + var actualVal = matchAnyProperty ? actual : actual[key]; + if (!deepCompare(actualVal, expectedVal, comparator, anyPropertyKey, matchAnyProperty, matchAnyProperty)) { + return false; + } + } + return true; + } else { + return comparator(actual, expected); + } + case 'function': + return false; + default: + return comparator(actual, expected); + } +} + +// Used for easily differentiating between `null` and actual `object` +function getTypeForFilter(val) { + return (val === null) ? 'null' : typeof val; +} + +var MAX_DIGITS = 22; +var DECIMAL_SEP = '.'; +var ZERO_CHAR = '0'; + +/** + * @ngdoc filter + * @name currency + * @kind function + * + * @description + * Formats a number as a currency (ie $1,234.56). When no currency symbol is provided, default + * symbol for current locale is used. + * + * @param {number} amount Input to filter. + * @param {string=} symbol Currency symbol or identifier to be displayed. + * @param {number=} fractionSize Number of decimal places to round the amount to, defaults to default max fraction size for current locale + * @returns {string} Formatted number. + * + * + * @example + + + +
    +
    + default currency symbol ($): {{amount | currency}}
    + custom currency identifier (USD$): {{amount | currency:"USD$"}}
    + no fractions (0): {{amount | currency:"USD$":0}} +
    +
    + + it('should init with 1234.56', function() { + expect(element(by.id('currency-default')).getText()).toBe('$1,234.56'); + expect(element(by.id('currency-custom')).getText()).toBe('USD$1,234.56'); + expect(element(by.id('currency-no-fractions')).getText()).toBe('USD$1,235'); + }); + it('should update', function() { + if (browser.params.browser === 'safari') { + // Safari does not understand the minus key. See + // https://github.com/angular/protractor/issues/481 + return; + } + element(by.model('amount')).clear(); + element(by.model('amount')).sendKeys('-1234'); + expect(element(by.id('currency-default')).getText()).toBe('-$1,234.00'); + expect(element(by.id('currency-custom')).getText()).toBe('-USD$1,234.00'); + expect(element(by.id('currency-no-fractions')).getText()).toBe('-USD$1,234'); + }); + +
    + */ +currencyFilter.$inject = ['$locale']; +function currencyFilter($locale) { + var formats = $locale.NUMBER_FORMATS; + return function(amount, currencySymbol, fractionSize) { + if (isUndefined(currencySymbol)) { + currencySymbol = formats.CURRENCY_SYM; + } + + if (isUndefined(fractionSize)) { + fractionSize = formats.PATTERNS[1].maxFrac; + } + + // if null or undefined pass it through + return (amount == null) + ? amount + : formatNumber(amount, formats.PATTERNS[1], formats.GROUP_SEP, formats.DECIMAL_SEP, fractionSize). + replace(/\u00A4/g, currencySymbol); + }; +} + +/** + * @ngdoc filter + * @name number + * @kind function + * + * @description + * Formats a number as text. + * + * If the input is null or undefined, it will just be returned. + * If the input is infinite (Infinity or -Infinity), the Infinity symbol '∞' or '-∞' is returned, respectively. + * If the input is not a number an empty string is returned. + * + * + * @param {number|string} number Number to format. + * @param {(number|string)=} fractionSize Number of decimal places to round the number to. + * If this is not provided then the fraction size is computed from the current locale's number + * formatting pattern. In the case of the default locale, it will be 3. + * @returns {string} Number rounded to `fractionSize` appropriately formatted based on the current + * locale (e.g., in the en_US locale it will have "." as the decimal separator and + * include "," group separators after each third digit). + * + * @example + + + +
    +
    + Default formatting: {{val | number}}
    + No fractions: {{val | number:0}}
    + Negative number: {{-val | number:4}} +
    +
    + + it('should format numbers', function() { + expect(element(by.id('number-default')).getText()).toBe('1,234.568'); + expect(element(by.binding('val | number:0')).getText()).toBe('1,235'); + expect(element(by.binding('-val | number:4')).getText()).toBe('-1,234.5679'); + }); + + it('should update', function() { + element(by.model('val')).clear(); + element(by.model('val')).sendKeys('3374.333'); + expect(element(by.id('number-default')).getText()).toBe('3,374.333'); + expect(element(by.binding('val | number:0')).getText()).toBe('3,374'); + expect(element(by.binding('-val | number:4')).getText()).toBe('-3,374.3330'); + }); + +
    + */ +numberFilter.$inject = ['$locale']; +function numberFilter($locale) { + var formats = $locale.NUMBER_FORMATS; + return function(number, fractionSize) { + + // if null or undefined pass it through + return (number == null) + ? number + : formatNumber(number, formats.PATTERNS[0], formats.GROUP_SEP, formats.DECIMAL_SEP, + fractionSize); + }; +} + +/** + * Parse a number (as a string) into three components that can be used + * for formatting the number. + * + * (Significant bits of this parse algorithm came from https://github.com/MikeMcl/big.js/) + * + * @param {string} numStr The number to parse + * @return {object} An object describing this number, containing the following keys: + * - d : an array of digits containing leading zeros as necessary + * - i : the number of the digits in `d` that are to the left of the decimal point + * - e : the exponent for numbers that would need more than `MAX_DIGITS` digits in `d` + * + */ +function parse(numStr) { + var exponent = 0, digits, numberOfIntegerDigits; + var i, j, zeros; + + // Decimal point? + if ((numberOfIntegerDigits = numStr.indexOf(DECIMAL_SEP)) > -1) { + numStr = numStr.replace(DECIMAL_SEP, ''); + } + + // Exponential form? + if ((i = numStr.search(/e/i)) > 0) { + // Work out the exponent. + if (numberOfIntegerDigits < 0) numberOfIntegerDigits = i; + numberOfIntegerDigits += +numStr.slice(i + 1); + numStr = numStr.substring(0, i); + } else if (numberOfIntegerDigits < 0) { + // There was no decimal point or exponent so it is an integer. + numberOfIntegerDigits = numStr.length; + } + + // Count the number of leading zeros. + for (i = 0; numStr.charAt(i) === ZERO_CHAR; i++) { /* empty */ } + + if (i === (zeros = numStr.length)) { + // The digits are all zero. + digits = [0]; + numberOfIntegerDigits = 1; + } else { + // Count the number of trailing zeros + zeros--; + while (numStr.charAt(zeros) === ZERO_CHAR) zeros--; + + // Trailing zeros are insignificant so ignore them + numberOfIntegerDigits -= i; + digits = []; + // Convert string to array of digits without leading/trailing zeros. + for (j = 0; i <= zeros; i++, j++) { + digits[j] = +numStr.charAt(i); + } + } + + // If the number overflows the maximum allowed digits then use an exponent. + if (numberOfIntegerDigits > MAX_DIGITS) { + digits = digits.splice(0, MAX_DIGITS - 1); + exponent = numberOfIntegerDigits - 1; + numberOfIntegerDigits = 1; + } + + return { d: digits, e: exponent, i: numberOfIntegerDigits }; +} + +/** + * Round the parsed number to the specified number of decimal places + * This function changed the parsedNumber in-place + */ +function roundNumber(parsedNumber, fractionSize, minFrac, maxFrac) { + var digits = parsedNumber.d; + var fractionLen = digits.length - parsedNumber.i; + + // determine fractionSize if it is not specified; `+fractionSize` converts it to a number + fractionSize = (isUndefined(fractionSize)) ? Math.min(Math.max(minFrac, fractionLen), maxFrac) : +fractionSize; + + // The index of the digit to where rounding is to occur + var roundAt = fractionSize + parsedNumber.i; + var digit = digits[roundAt]; + + if (roundAt > 0) { + // Drop fractional digits beyond `roundAt` + digits.splice(Math.max(parsedNumber.i, roundAt)); + + // Set non-fractional digits beyond `roundAt` to 0 + for (var j = roundAt; j < digits.length; j++) { + digits[j] = 0; + } + } else { + // We rounded to zero so reset the parsedNumber + fractionLen = Math.max(0, fractionLen); + parsedNumber.i = 1; + digits.length = Math.max(1, roundAt = fractionSize + 1); + digits[0] = 0; + for (var i = 1; i < roundAt; i++) digits[i] = 0; + } + + if (digit >= 5) { + if (roundAt - 1 < 0) { + for (var k = 0; k > roundAt; k--) { + digits.unshift(0); + parsedNumber.i++; + } + digits.unshift(1); + parsedNumber.i++; + } else { + digits[roundAt - 1]++; + } + } + + // Pad out with zeros to get the required fraction length + for (; fractionLen < Math.max(0, fractionSize); fractionLen++) digits.push(0); + + + // Do any carrying, e.g. a digit was rounded up to 10 + var carry = digits.reduceRight(function(carry, d, i, digits) { + d = d + carry; + digits[i] = d % 10; + return Math.floor(d / 10); + }, 0); + if (carry) { + digits.unshift(carry); + parsedNumber.i++; + } +} + +/** + * Format a number into a string + * @param {number} number The number to format + * @param {{ + * minFrac, // the minimum number of digits required in the fraction part of the number + * maxFrac, // the maximum number of digits required in the fraction part of the number + * gSize, // number of digits in each group of separated digits + * lgSize, // number of digits in the last group of digits before the decimal separator + * negPre, // the string to go in front of a negative number (e.g. `-` or `(`)) + * posPre, // the string to go in front of a positive number + * negSuf, // the string to go after a negative number (e.g. `)`) + * posSuf // the string to go after a positive number + * }} pattern + * @param {string} groupSep The string to separate groups of number (e.g. `,`) + * @param {string} decimalSep The string to act as the decimal separator (e.g. `.`) + * @param {[type]} fractionSize The size of the fractional part of the number + * @return {string} The number formatted as a string + */ +function formatNumber(number, pattern, groupSep, decimalSep, fractionSize) { + + if (!(isString(number) || isNumber(number)) || isNaN(number)) return ''; + + var isInfinity = !isFinite(number); + var isZero = false; + var numStr = Math.abs(number) + '', + formattedText = '', + parsedNumber; + + if (isInfinity) { + formattedText = '\u221e'; + } else { + parsedNumber = parse(numStr); + + roundNumber(parsedNumber, fractionSize, pattern.minFrac, pattern.maxFrac); + + var digits = parsedNumber.d; + var integerLen = parsedNumber.i; + var exponent = parsedNumber.e; + var decimals = []; + isZero = digits.reduce(function(isZero, d) { return isZero && !d; }, true); + + // pad zeros for small numbers + while (integerLen < 0) { + digits.unshift(0); + integerLen++; + } + + // extract decimals digits + if (integerLen > 0) { + decimals = digits.splice(integerLen, digits.length); + } else { + decimals = digits; + digits = [0]; + } + + // format the integer digits with grouping separators + var groups = []; + if (digits.length >= pattern.lgSize) { + groups.unshift(digits.splice(-pattern.lgSize, digits.length).join('')); + } + while (digits.length > pattern.gSize) { + groups.unshift(digits.splice(-pattern.gSize, digits.length).join('')); + } + if (digits.length) { + groups.unshift(digits.join('')); + } + formattedText = groups.join(groupSep); + + // append the decimal digits + if (decimals.length) { + formattedText += decimalSep + decimals.join(''); + } + + if (exponent) { + formattedText += 'e+' + exponent; + } + } + if (number < 0 && !isZero) { + return pattern.negPre + formattedText + pattern.negSuf; + } else { + return pattern.posPre + formattedText + pattern.posSuf; + } +} + +function padNumber(num, digits, trim, negWrap) { + var neg = ''; + if (num < 0 || (negWrap && num <= 0)) { + if (negWrap) { + num = -num + 1; + } else { + num = -num; + neg = '-'; + } + } + num = '' + num; + while (num.length < digits) num = ZERO_CHAR + num; + if (trim) { + num = num.substr(num.length - digits); + } + return neg + num; +} + + +function dateGetter(name, size, offset, trim, negWrap) { + offset = offset || 0; + return function(date) { + var value = date['get' + name](); + if (offset > 0 || value > -offset) { + value += offset; + } + if (value === 0 && offset === -12) value = 12; + return padNumber(value, size, trim, negWrap); + }; +} + +function dateStrGetter(name, shortForm, standAlone) { + return function(date, formats) { + var value = date['get' + name](); + var propPrefix = (standAlone ? 'STANDALONE' : '') + (shortForm ? 'SHORT' : ''); + var get = uppercase(propPrefix + name); + + return formats[get][value]; + }; +} + +function timeZoneGetter(date, formats, offset) { + var zone = -1 * offset; + var paddedZone = (zone >= 0) ? '+' : ''; + + paddedZone += padNumber(Math[zone > 0 ? 'floor' : 'ceil'](zone / 60), 2) + + padNumber(Math.abs(zone % 60), 2); + + return paddedZone; +} + +function getFirstThursdayOfYear(year) { + // 0 = index of January + var dayOfWeekOnFirst = (new Date(year, 0, 1)).getDay(); + // 4 = index of Thursday (+1 to account for 1st = 5) + // 11 = index of *next* Thursday (+1 account for 1st = 12) + return new Date(year, 0, ((dayOfWeekOnFirst <= 4) ? 5 : 12) - dayOfWeekOnFirst); +} + +function getThursdayThisWeek(datetime) { + return new Date(datetime.getFullYear(), datetime.getMonth(), + // 4 = index of Thursday + datetime.getDate() + (4 - datetime.getDay())); +} + +function weekGetter(size) { + return function(date) { + var firstThurs = getFirstThursdayOfYear(date.getFullYear()), + thisThurs = getThursdayThisWeek(date); + + var diff = +thisThurs - +firstThurs, + result = 1 + Math.round(diff / 6.048e8); // 6.048e8 ms per week + + return padNumber(result, size); + }; +} + +function ampmGetter(date, formats) { + return date.getHours() < 12 ? formats.AMPMS[0] : formats.AMPMS[1]; +} + +function eraGetter(date, formats) { + return date.getFullYear() <= 0 ? formats.ERAS[0] : formats.ERAS[1]; +} + +function longEraGetter(date, formats) { + return date.getFullYear() <= 0 ? formats.ERANAMES[0] : formats.ERANAMES[1]; +} + +var DATE_FORMATS = { + yyyy: dateGetter('FullYear', 4, 0, false, true), + yy: dateGetter('FullYear', 2, 0, true, true), + y: dateGetter('FullYear', 1, 0, false, true), + MMMM: dateStrGetter('Month'), + MMM: dateStrGetter('Month', true), + MM: dateGetter('Month', 2, 1), + M: dateGetter('Month', 1, 1), + LLLL: dateStrGetter('Month', false, true), + dd: dateGetter('Date', 2), + d: dateGetter('Date', 1), + HH: dateGetter('Hours', 2), + H: dateGetter('Hours', 1), + hh: dateGetter('Hours', 2, -12), + h: dateGetter('Hours', 1, -12), + mm: dateGetter('Minutes', 2), + m: dateGetter('Minutes', 1), + ss: dateGetter('Seconds', 2), + s: dateGetter('Seconds', 1), + // while ISO 8601 requires fractions to be prefixed with `.` or `,` + // we can be just safely rely on using `sss` since we currently don't support single or two digit fractions + sss: dateGetter('Milliseconds', 3), + EEEE: dateStrGetter('Day'), + EEE: dateStrGetter('Day', true), + a: ampmGetter, + Z: timeZoneGetter, + ww: weekGetter(2), + w: weekGetter(1), + G: eraGetter, + GG: eraGetter, + GGG: eraGetter, + GGGG: longEraGetter +}; + +var DATE_FORMATS_SPLIT = /((?:[^yMLdHhmsaZEwG']+)|(?:'(?:[^']|'')*')|(?:E+|y+|M+|L+|d+|H+|h+|m+|s+|a|Z|G+|w+))([\s\S]*)/, + NUMBER_STRING = /^-?\d+$/; + +/** + * @ngdoc filter + * @name date + * @kind function + * + * @description + * Formats `date` to a string based on the requested `format`. + * + * `format` string can be composed of the following elements: + * + * * `'yyyy'`: 4 digit representation of year (e.g. AD 1 => 0001, AD 2010 => 2010) + * * `'yy'`: 2 digit representation of year, padded (00-99). (e.g. AD 2001 => 01, AD 2010 => 10) + * * `'y'`: 1 digit representation of year, e.g. (AD 1 => 1, AD 199 => 199) + * * `'MMMM'`: Month in year (January-December) + * * `'MMM'`: Month in year (Jan-Dec) + * * `'MM'`: Month in year, padded (01-12) + * * `'M'`: Month in year (1-12) + * * `'LLLL'`: Stand-alone month in year (January-December) + * * `'dd'`: Day in month, padded (01-31) + * * `'d'`: Day in month (1-31) + * * `'EEEE'`: Day in Week,(Sunday-Saturday) + * * `'EEE'`: Day in Week, (Sun-Sat) + * * `'HH'`: Hour in day, padded (00-23) + * * `'H'`: Hour in day (0-23) + * * `'hh'`: Hour in AM/PM, padded (01-12) + * * `'h'`: Hour in AM/PM, (1-12) + * * `'mm'`: Minute in hour, padded (00-59) + * * `'m'`: Minute in hour (0-59) + * * `'ss'`: Second in minute, padded (00-59) + * * `'s'`: Second in minute (0-59) + * * `'sss'`: Millisecond in second, padded (000-999) + * * `'a'`: AM/PM marker + * * `'Z'`: 4 digit (+sign) representation of the timezone offset (-1200-+1200) + * * `'ww'`: Week of year, padded (00-53). Week 01 is the week with the first Thursday of the year + * * `'w'`: Week of year (0-53). Week 1 is the week with the first Thursday of the year + * * `'G'`, `'GG'`, `'GGG'`: The abbreviated form of the era string (e.g. 'AD') + * * `'GGGG'`: The long form of the era string (e.g. 'Anno Domini') + * + * `format` string can also be one of the following predefined + * {@link guide/i18n localizable formats}: + * + * * `'medium'`: equivalent to `'MMM d, y h:mm:ss a'` for en_US locale + * (e.g. Sep 3, 2010 12:05:08 PM) + * * `'short'`: equivalent to `'M/d/yy h:mm a'` for en_US locale (e.g. 9/3/10 12:05 PM) + * * `'fullDate'`: equivalent to `'EEEE, MMMM d, y'` for en_US locale + * (e.g. Friday, September 3, 2010) + * * `'longDate'`: equivalent to `'MMMM d, y'` for en_US locale (e.g. September 3, 2010) + * * `'mediumDate'`: equivalent to `'MMM d, y'` for en_US locale (e.g. Sep 3, 2010) + * * `'shortDate'`: equivalent to `'M/d/yy'` for en_US locale (e.g. 9/3/10) + * * `'mediumTime'`: equivalent to `'h:mm:ss a'` for en_US locale (e.g. 12:05:08 PM) + * * `'shortTime'`: equivalent to `'h:mm a'` for en_US locale (e.g. 12:05 PM) + * + * `format` string can contain literal values. These need to be escaped by surrounding with single quotes (e.g. + * `"h 'in the morning'"`). In order to output a single quote, escape it - i.e., two single quotes in a sequence + * (e.g. `"h 'o''clock'"`). + * + * Any other characters in the `format` string will be output as-is. + * + * @param {(Date|number|string)} date Date to format either as Date object, milliseconds (string or + * number) or various ISO 8601 datetime string formats (e.g. yyyy-MM-ddTHH:mm:ss.sssZ and its + * shorter versions like yyyy-MM-ddTHH:mmZ, yyyy-MM-dd or yyyyMMddTHHmmssZ). If no timezone is + * specified in the string input, the time is considered to be in the local timezone. + * @param {string=} format Formatting rules (see Description). If not specified, + * `mediumDate` is used. + * @param {string=} timezone Timezone to be used for formatting. It understands UTC/GMT and the + * continental US time zone abbreviations, but for general use, use a time zone offset, for + * example, `'+0430'` (4 hours, 30 minutes east of the Greenwich meridian) + * If not specified, the timezone of the browser will be used. + * @returns {string} Formatted string or the input if input is not recognized as date/millis. + * + * @example + + + {{1288323623006 | date:'medium'}}: + {{1288323623006 | date:'medium'}}
    + {{1288323623006 | date:'yyyy-MM-dd HH:mm:ss Z'}}: + {{1288323623006 | date:'yyyy-MM-dd HH:mm:ss Z'}}
    + {{1288323623006 | date:'MM/dd/yyyy @ h:mma'}}: + {{'1288323623006' | date:'MM/dd/yyyy @ h:mma'}}
    + {{1288323623006 | date:"MM/dd/yyyy 'at' h:mma"}}: + {{'1288323623006' | date:"MM/dd/yyyy 'at' h:mma"}}
    +
    + + it('should format date', function() { + expect(element(by.binding("1288323623006 | date:'medium'")).getText()). + toMatch(/Oct 2\d, 2010 \d{1,2}:\d{2}:\d{2} (AM|PM)/); + expect(element(by.binding("1288323623006 | date:'yyyy-MM-dd HH:mm:ss Z'")).getText()). + toMatch(/2010-10-2\d \d{2}:\d{2}:\d{2} (-|\+)?\d{4}/); + expect(element(by.binding("'1288323623006' | date:'MM/dd/yyyy @ h:mma'")).getText()). + toMatch(/10\/2\d\/2010 @ \d{1,2}:\d{2}(AM|PM)/); + expect(element(by.binding("'1288323623006' | date:\"MM/dd/yyyy 'at' h:mma\"")).getText()). + toMatch(/10\/2\d\/2010 at \d{1,2}:\d{2}(AM|PM)/); + }); + +
    + */ +dateFilter.$inject = ['$locale']; +function dateFilter($locale) { + + + var R_ISO8601_STR = /^(\d{4})-?(\d\d)-?(\d\d)(?:T(\d\d)(?::?(\d\d)(?::?(\d\d)(?:\.(\d+))?)?)?(Z|([+-])(\d\d):?(\d\d))?)?$/; + // 1 2 3 4 5 6 7 8 9 10 11 + function jsonStringToDate(string) { + var match; + if ((match = string.match(R_ISO8601_STR))) { + var date = new Date(0), + tzHour = 0, + tzMin = 0, + dateSetter = match[8] ? date.setUTCFullYear : date.setFullYear, + timeSetter = match[8] ? date.setUTCHours : date.setHours; + + if (match[9]) { + tzHour = toInt(match[9] + match[10]); + tzMin = toInt(match[9] + match[11]); + } + dateSetter.call(date, toInt(match[1]), toInt(match[2]) - 1, toInt(match[3])); + var h = toInt(match[4] || 0) - tzHour; + var m = toInt(match[5] || 0) - tzMin; + var s = toInt(match[6] || 0); + var ms = Math.round(parseFloat('0.' + (match[7] || 0)) * 1000); + timeSetter.call(date, h, m, s, ms); + return date; + } + return string; + } + + + return function(date, format, timezone) { + var text = '', + parts = [], + fn, match; + + format = format || 'mediumDate'; + format = $locale.DATETIME_FORMATS[format] || format; + if (isString(date)) { + date = NUMBER_STRING.test(date) ? toInt(date) : jsonStringToDate(date); + } + + if (isNumber(date)) { + date = new Date(date); + } + + if (!isDate(date) || !isFinite(date.getTime())) { + return date; + } + + while (format) { + match = DATE_FORMATS_SPLIT.exec(format); + if (match) { + parts = concat(parts, match, 1); + format = parts.pop(); + } else { + parts.push(format); + format = null; + } + } + + var dateTimezoneOffset = date.getTimezoneOffset(); + if (timezone) { + dateTimezoneOffset = timezoneToOffset(timezone, dateTimezoneOffset); + date = convertTimezoneToLocal(date, timezone, true); + } + forEach(parts, function(value) { + fn = DATE_FORMATS[value]; + text += fn ? fn(date, $locale.DATETIME_FORMATS, dateTimezoneOffset) + : value === '\'\'' ? '\'' : value.replace(/(^'|'$)/g, '').replace(/''/g, '\''); + }); + + return text; + }; +} + + +/** + * @ngdoc filter + * @name json + * @kind function + * + * @description + * Allows you to convert a JavaScript object into JSON string. + * + * This filter is mostly useful for debugging. When using the double curly {{value}} notation + * the binding is automatically converted to JSON. + * + * @param {*} object Any JavaScript object (including arrays and primitive types) to filter. + * @param {number=} spacing The number of spaces to use per indentation, defaults to 2. + * @returns {string} JSON string. + * + * + * @example + + +
    {{ {'name':'value'} | json }}
    +
    {{ {'name':'value'} | json:4 }}
    +
    + + it('should jsonify filtered objects', function() { + expect(element(by.id('default-spacing')).getText()).toMatch(/\{\n {2}"name": ?"value"\n}/); + expect(element(by.id('custom-spacing')).getText()).toMatch(/\{\n {4}"name": ?"value"\n}/); + }); + +
    + * + */ +function jsonFilter() { + return function(object, spacing) { + if (isUndefined(spacing)) { + spacing = 2; + } + return toJson(object, spacing); + }; +} + + +/** + * @ngdoc filter + * @name lowercase + * @kind function + * @description + * Converts string to lowercase. + * @see angular.lowercase + */ +var lowercaseFilter = valueFn(lowercase); + + +/** + * @ngdoc filter + * @name uppercase + * @kind function + * @description + * Converts string to uppercase. + * @see angular.uppercase + */ +var uppercaseFilter = valueFn(uppercase); + +/** + * @ngdoc filter + * @name limitTo + * @kind function + * + * @description + * Creates a new array or string containing only a specified number of elements. The elements are + * taken from either the beginning or the end of the source array, string or number, as specified by + * the value and sign (positive or negative) of `limit`. Other array-like objects are also supported + * (e.g. array subclasses, NodeLists, jqLite/jQuery collections etc). If a number is used as input, + * it is converted to a string. + * + * @param {Array|ArrayLike|string|number} input - Array/array-like, string or number to be limited. + * @param {string|number} limit - The length of the returned array or string. If the `limit` number + * is positive, `limit` number of items from the beginning of the source array/string are copied. + * If the number is negative, `limit` number of items from the end of the source array/string + * are copied. The `limit` will be trimmed if it exceeds `array.length`. If `limit` is undefined, + * the input will be returned unchanged. + * @param {(string|number)=} begin - Index at which to begin limitation. As a negative index, + * `begin` indicates an offset from the end of `input`. Defaults to `0`. + * @returns {Array|string} A new sub-array or substring of length `limit` or less if the input had + * less than `limit` elements. + * + * @example + + + +
    + +

    Output numbers: {{ numbers | limitTo:numLimit }}

    + +

    Output letters: {{ letters | limitTo:letterLimit }}

    + +

    Output long number: {{ longNumber | limitTo:longNumberLimit }}

    +
    +
    + + var numLimitInput = element(by.model('numLimit')); + var letterLimitInput = element(by.model('letterLimit')); + var longNumberLimitInput = element(by.model('longNumberLimit')); + var limitedNumbers = element(by.binding('numbers | limitTo:numLimit')); + var limitedLetters = element(by.binding('letters | limitTo:letterLimit')); + var limitedLongNumber = element(by.binding('longNumber | limitTo:longNumberLimit')); + + it('should limit the number array to first three items', function() { + expect(numLimitInput.getAttribute('value')).toBe('3'); + expect(letterLimitInput.getAttribute('value')).toBe('3'); + expect(longNumberLimitInput.getAttribute('value')).toBe('3'); + expect(limitedNumbers.getText()).toEqual('Output numbers: [1,2,3]'); + expect(limitedLetters.getText()).toEqual('Output letters: abc'); + expect(limitedLongNumber.getText()).toEqual('Output long number: 234'); + }); + + // There is a bug in safari and protractor that doesn't like the minus key + // it('should update the output when -3 is entered', function() { + // numLimitInput.clear(); + // numLimitInput.sendKeys('-3'); + // letterLimitInput.clear(); + // letterLimitInput.sendKeys('-3'); + // longNumberLimitInput.clear(); + // longNumberLimitInput.sendKeys('-3'); + // expect(limitedNumbers.getText()).toEqual('Output numbers: [7,8,9]'); + // expect(limitedLetters.getText()).toEqual('Output letters: ghi'); + // expect(limitedLongNumber.getText()).toEqual('Output long number: 342'); + // }); + + it('should not exceed the maximum size of input array', function() { + numLimitInput.clear(); + numLimitInput.sendKeys('100'); + letterLimitInput.clear(); + letterLimitInput.sendKeys('100'); + longNumberLimitInput.clear(); + longNumberLimitInput.sendKeys('100'); + expect(limitedNumbers.getText()).toEqual('Output numbers: [1,2,3,4,5,6,7,8,9]'); + expect(limitedLetters.getText()).toEqual('Output letters: abcdefghi'); + expect(limitedLongNumber.getText()).toEqual('Output long number: 2345432342'); + }); + +
    +*/ +function limitToFilter() { + return function(input, limit, begin) { + if (Math.abs(Number(limit)) === Infinity) { + limit = Number(limit); + } else { + limit = toInt(limit); + } + if (isNumberNaN(limit)) return input; + + if (isNumber(input)) input = input.toString(); + if (!isArrayLike(input)) return input; + + begin = (!begin || isNaN(begin)) ? 0 : toInt(begin); + begin = (begin < 0) ? Math.max(0, input.length + begin) : begin; + + if (limit >= 0) { + return sliceFn(input, begin, begin + limit); + } else { + if (begin === 0) { + return sliceFn(input, limit, input.length); + } else { + return sliceFn(input, Math.max(0, begin + limit), begin); + } + } + }; +} + +function sliceFn(input, begin, end) { + if (isString(input)) return input.slice(begin, end); + + return slice.call(input, begin, end); +} + +/** + * @ngdoc filter + * @name orderBy + * @kind function + * + * @description + * Returns an array containing the items from the specified `collection`, ordered by a `comparator` + * function based on the values computed using the `expression` predicate. + * + * For example, `[{id: 'foo'}, {id: 'bar'}] | orderBy:'id'` would result in + * `[{id: 'bar'}, {id: 'foo'}]`. + * + * The `collection` can be an Array or array-like object (e.g. NodeList, jQuery object, TypedArray, + * String, etc). + * + * The `expression` can be a single predicate, or a list of predicates each serving as a tie-breaker + * for the preceding one. The `expression` is evaluated against each item and the output is used + * for comparing with other items. + * + * You can change the sorting order by setting `reverse` to `true`. By default, items are sorted in + * ascending order. + * + * The comparison is done using the `comparator` function. If none is specified, a default, built-in + * comparator is used (see below for details - in a nutshell, it compares numbers numerically and + * strings alphabetically). + * + * ### Under the hood + * + * Ordering the specified `collection` happens in two phases: + * + * 1. All items are passed through the predicate (or predicates), and the returned values are saved + * along with their type (`string`, `number` etc). For example, an item `{label: 'foo'}`, passed + * through a predicate that extracts the value of the `label` property, would be transformed to: + * ``` + * { + * value: 'foo', + * type: 'string', + * index: ... + * } + * ``` + * 2. The comparator function is used to sort the items, based on the derived values, types and + * indices. + * + * If you use a custom comparator, it will be called with pairs of objects of the form + * `{value: ..., type: '...', index: ...}` and is expected to return `0` if the objects are equal + * (as far as the comparator is concerned), `-1` if the 1st one should be ranked higher than the + * second, or `1` otherwise. + * + * In order to ensure that the sorting will be deterministic across platforms, if none of the + * specified predicates can distinguish between two items, `orderBy` will automatically introduce a + * dummy predicate that returns the item's index as `value`. + * (If you are using a custom comparator, make sure it can handle this predicate as well.) + * + * Finally, in an attempt to simplify things, if a predicate returns an object as the extracted + * value for an item, `orderBy` will try to convert that object to a primitive value, before passing + * it to the comparator. The following rules govern the conversion: + * + * 1. If the object has a `valueOf()` method that returns a primitive, its return value will be + * used instead.
    + * (If the object has a `valueOf()` method that returns another object, then the returned object + * will be used in subsequent steps.) + * 2. If the object has a custom `toString()` method (i.e. not the one inherited from `Object`) that + * returns a primitive, its return value will be used instead.
    + * (If the object has a `toString()` method that returns another object, then the returned object + * will be used in subsequent steps.) + * 3. No conversion; the object itself is used. + * + * ### The default comparator + * + * The default, built-in comparator should be sufficient for most usecases. In short, it compares + * numbers numerically, strings alphabetically (and case-insensitively), for objects falls back to + * using their index in the original collection, and sorts values of different types by type. + * + * More specifically, it follows these steps to determine the relative order of items: + * + * 1. If the compared values are of different types, compare the types themselves alphabetically. + * 2. If both values are of type `string`, compare them alphabetically in a case- and + * locale-insensitive way. + * 3. If both values are objects, compare their indices instead. + * 4. Otherwise, return: + * - `0`, if the values are equal (by strict equality comparison, i.e. using `===`). + * - `-1`, if the 1st value is "less than" the 2nd value (compared using the `<` operator). + * - `1`, otherwise. + * + * **Note:** If you notice numbers not being sorted as expected, make sure they are actually being + * saved as numbers and not strings. + * **Note:** For the purpose of sorting, `null` values are treated as the string `'null'` (i.e. + * `type: 'string'`, `value: 'null'`). This may cause unexpected sort order relative to + * other values. + * + * @param {Array|ArrayLike} collection - The collection (array or array-like object) to sort. + * @param {(Function|string|Array.)=} expression - A predicate (or list of + * predicates) to be used by the comparator to determine the order of elements. + * + * Can be one of: + * + * - `Function`: A getter function. This function will be called with each item as argument and + * the return value will be used for sorting. + * - `string`: An Angular expression. This expression will be evaluated against each item and the + * result will be used for sorting. For example, use `'label'` to sort by a property called + * `label` or `'label.substring(0, 3)'` to sort by the first 3 characters of the `label` + * property.
    + * (The result of a constant expression is interpreted as a property name to be used for + * comparison. For example, use `'"special name"'` (note the extra pair of quotes) to sort by a + * property called `special name`.)
    + * An expression can be optionally prefixed with `+` or `-` to control the sorting direction, + * ascending or descending. For example, `'+label'` or `'-label'`. If no property is provided, + * (e.g. `'+'` or `'-'`), the collection element itself is used in comparisons. + * - `Array`: An array of function and/or string predicates. If a predicate cannot determine the + * relative order of two items, the next predicate is used as a tie-breaker. + * + * **Note:** If the predicate is missing or empty then it defaults to `'+'`. + * + * @param {boolean=} reverse - If `true`, reverse the sorting order. + * @param {(Function)=} comparator - The comparator function used to determine the relative order of + * value pairs. If omitted, the built-in comparator will be used. + * + * @returns {Array} - The sorted array. + * + * + * @example + * ### Ordering a table with `ngRepeat` + * + * The example below demonstrates a simple {@link ngRepeat ngRepeat}, where the data is sorted by + * age in descending order (expression is set to `'-age'`). The `comparator` is not set, which means + * it defaults to the built-in comparator. + * + + +
    + + + + + + + + + + + +
    NamePhone NumberAge
    {{friend.name}}{{friend.phone}}{{friend.age}}
    +
    +
    + + angular.module('orderByExample1', []) + .controller('ExampleController', ['$scope', function($scope) { + $scope.friends = [ + {name: 'John', phone: '555-1212', age: 10}, + {name: 'Mary', phone: '555-9876', age: 19}, + {name: 'Mike', phone: '555-4321', age: 21}, + {name: 'Adam', phone: '555-5678', age: 35}, + {name: 'Julie', phone: '555-8765', age: 29} + ]; + }]); + + + .friends { + border-collapse: collapse; + } + + .friends th { + border-bottom: 1px solid; + } + .friends td, .friends th { + border-left: 1px solid; + padding: 5px 10px; + } + .friends td:first-child, .friends th:first-child { + border-left: none; + } + + + // Element locators + var names = element.all(by.repeater('friends').column('friend.name')); + + it('should sort friends by age in reverse order', function() { + expect(names.get(0).getText()).toBe('Adam'); + expect(names.get(1).getText()).toBe('Julie'); + expect(names.get(2).getText()).toBe('Mike'); + expect(names.get(3).getText()).toBe('Mary'); + expect(names.get(4).getText()).toBe('John'); + }); + +
    + *
    + * + * @example + * ### Changing parameters dynamically + * + * All parameters can be changed dynamically. The next example shows how you can make the columns of + * a table sortable, by binding the `expression` and `reverse` parameters to scope properties. + * + + +
    +
    Sort by = {{propertyName}}; reverse = {{reverse}}
    +
    + +
    + + + + + + + + + + + +
    + + + + + + + + +
    {{friend.name}}{{friend.phone}}{{friend.age}}
    +
    +
    + + angular.module('orderByExample2', []) + .controller('ExampleController', ['$scope', function($scope) { + var friends = [ + {name: 'John', phone: '555-1212', age: 10}, + {name: 'Mary', phone: '555-9876', age: 19}, + {name: 'Mike', phone: '555-4321', age: 21}, + {name: 'Adam', phone: '555-5678', age: 35}, + {name: 'Julie', phone: '555-8765', age: 29} + ]; + + $scope.propertyName = 'age'; + $scope.reverse = true; + $scope.friends = friends; + + $scope.sortBy = function(propertyName) { + $scope.reverse = ($scope.propertyName === propertyName) ? !$scope.reverse : false; + $scope.propertyName = propertyName; + }; + }]); + + + .friends { + border-collapse: collapse; + } + + .friends th { + border-bottom: 1px solid; + } + .friends td, .friends th { + border-left: 1px solid; + padding: 5px 10px; + } + .friends td:first-child, .friends th:first-child { + border-left: none; + } + + .sortorder:after { + content: '\25b2'; // BLACK UP-POINTING TRIANGLE + } + .sortorder.reverse:after { + content: '\25bc'; // BLACK DOWN-POINTING TRIANGLE + } + + + // Element locators + var unsortButton = element(by.partialButtonText('unsorted')); + var nameHeader = element(by.partialButtonText('Name')); + var phoneHeader = element(by.partialButtonText('Phone')); + var ageHeader = element(by.partialButtonText('Age')); + var firstName = element(by.repeater('friends').column('friend.name').row(0)); + var lastName = element(by.repeater('friends').column('friend.name').row(4)); + + it('should sort friends by some property, when clicking on the column header', function() { + expect(firstName.getText()).toBe('Adam'); + expect(lastName.getText()).toBe('John'); + + phoneHeader.click(); + expect(firstName.getText()).toBe('John'); + expect(lastName.getText()).toBe('Mary'); + + nameHeader.click(); + expect(firstName.getText()).toBe('Adam'); + expect(lastName.getText()).toBe('Mike'); + + ageHeader.click(); + expect(firstName.getText()).toBe('John'); + expect(lastName.getText()).toBe('Adam'); + }); + + it('should sort friends in reverse order, when clicking on the same column', function() { + expect(firstName.getText()).toBe('Adam'); + expect(lastName.getText()).toBe('John'); + + ageHeader.click(); + expect(firstName.getText()).toBe('John'); + expect(lastName.getText()).toBe('Adam'); + + ageHeader.click(); + expect(firstName.getText()).toBe('Adam'); + expect(lastName.getText()).toBe('John'); + }); + + it('should restore the original order, when clicking "Set to unsorted"', function() { + expect(firstName.getText()).toBe('Adam'); + expect(lastName.getText()).toBe('John'); + + unsortButton.click(); + expect(firstName.getText()).toBe('John'); + expect(lastName.getText()).toBe('Julie'); + }); + +
    + *
    + * + * @example + * ### Using `orderBy` inside a controller + * + * It is also possible to call the `orderBy` filter manually, by injecting `orderByFilter`, and + * calling it with the desired parameters. (Alternatively, you could inject the `$filter` factory + * and retrieve the `orderBy` filter with `$filter('orderBy')`.) + * + + +
    +
    Sort by = {{propertyName}}; reverse = {{reverse}}
    +
    + +
    + + + + + + + + + + + +
    + + + + + + + + +
    {{friend.name}}{{friend.phone}}{{friend.age}}
    +
    +
    + + angular.module('orderByExample3', []) + .controller('ExampleController', ['$scope', 'orderByFilter', function($scope, orderBy) { + var friends = [ + {name: 'John', phone: '555-1212', age: 10}, + {name: 'Mary', phone: '555-9876', age: 19}, + {name: 'Mike', phone: '555-4321', age: 21}, + {name: 'Adam', phone: '555-5678', age: 35}, + {name: 'Julie', phone: '555-8765', age: 29} + ]; + + $scope.propertyName = 'age'; + $scope.reverse = true; + $scope.friends = orderBy(friends, $scope.propertyName, $scope.reverse); + + $scope.sortBy = function(propertyName) { + $scope.reverse = (propertyName !== null && $scope.propertyName === propertyName) + ? !$scope.reverse : false; + $scope.propertyName = propertyName; + $scope.friends = orderBy(friends, $scope.propertyName, $scope.reverse); + }; + }]); + + + .friends { + border-collapse: collapse; + } + + .friends th { + border-bottom: 1px solid; + } + .friends td, .friends th { + border-left: 1px solid; + padding: 5px 10px; + } + .friends td:first-child, .friends th:first-child { + border-left: none; + } + + .sortorder:after { + content: '\25b2'; // BLACK UP-POINTING TRIANGLE + } + .sortorder.reverse:after { + content: '\25bc'; // BLACK DOWN-POINTING TRIANGLE + } + + + // Element locators + var unsortButton = element(by.partialButtonText('unsorted')); + var nameHeader = element(by.partialButtonText('Name')); + var phoneHeader = element(by.partialButtonText('Phone')); + var ageHeader = element(by.partialButtonText('Age')); + var firstName = element(by.repeater('friends').column('friend.name').row(0)); + var lastName = element(by.repeater('friends').column('friend.name').row(4)); + + it('should sort friends by some property, when clicking on the column header', function() { + expect(firstName.getText()).toBe('Adam'); + expect(lastName.getText()).toBe('John'); + + phoneHeader.click(); + expect(firstName.getText()).toBe('John'); + expect(lastName.getText()).toBe('Mary'); + + nameHeader.click(); + expect(firstName.getText()).toBe('Adam'); + expect(lastName.getText()).toBe('Mike'); + + ageHeader.click(); + expect(firstName.getText()).toBe('John'); + expect(lastName.getText()).toBe('Adam'); + }); + + it('should sort friends in reverse order, when clicking on the same column', function() { + expect(firstName.getText()).toBe('Adam'); + expect(lastName.getText()).toBe('John'); + + ageHeader.click(); + expect(firstName.getText()).toBe('John'); + expect(lastName.getText()).toBe('Adam'); + + ageHeader.click(); + expect(firstName.getText()).toBe('Adam'); + expect(lastName.getText()).toBe('John'); + }); + + it('should restore the original order, when clicking "Set to unsorted"', function() { + expect(firstName.getText()).toBe('Adam'); + expect(lastName.getText()).toBe('John'); + + unsortButton.click(); + expect(firstName.getText()).toBe('John'); + expect(lastName.getText()).toBe('Julie'); + }); + +
    + *
    + * + * @example + * ### Using a custom comparator + * + * If you have very specific requirements about the way items are sorted, you can pass your own + * comparator function. For example, you might need to compare some strings in a locale-sensitive + * way. (When specifying a custom comparator, you also need to pass a value for the `reverse` + * argument - passing `false` retains the default sorting order, i.e. ascending.) + * + + +
    +
    +

    Locale-sensitive Comparator

    + + + + + + + + + +
    NameFavorite Letter
    {{friend.name}}{{friend.favoriteLetter}}
    +
    +
    +

    Default Comparator

    + + + + + + + + + +
    NameFavorite Letter
    {{friend.name}}{{friend.favoriteLetter}}
    +
    +
    +
    + + angular.module('orderByExample4', []) + .controller('ExampleController', ['$scope', function($scope) { + $scope.friends = [ + {name: 'John', favoriteLetter: 'Ä'}, + {name: 'Mary', favoriteLetter: 'Ü'}, + {name: 'Mike', favoriteLetter: 'Ö'}, + {name: 'Adam', favoriteLetter: 'H'}, + {name: 'Julie', favoriteLetter: 'Z'} + ]; + + $scope.localeSensitiveComparator = function(v1, v2) { + // If we don't get strings, just compare by index + if (v1.type !== 'string' || v2.type !== 'string') { + return (v1.index < v2.index) ? -1 : 1; + } + + // Compare strings alphabetically, taking locale into account + return v1.value.localeCompare(v2.value); + }; + }]); + + + .friends-container { + display: inline-block; + margin: 0 30px; + } + + .friends { + border-collapse: collapse; + } + + .friends th { + border-bottom: 1px solid; + } + .friends td, .friends th { + border-left: 1px solid; + padding: 5px 10px; + } + .friends td:first-child, .friends th:first-child { + border-left: none; + } + + + // Element locators + var container = element(by.css('.custom-comparator')); + var names = container.all(by.repeater('friends').column('friend.name')); + + it('should sort friends by favorite letter (in correct alphabetical order)', function() { + expect(names.get(0).getText()).toBe('John'); + expect(names.get(1).getText()).toBe('Adam'); + expect(names.get(2).getText()).toBe('Mike'); + expect(names.get(3).getText()).toBe('Mary'); + expect(names.get(4).getText()).toBe('Julie'); + }); + +
    + * + */ +orderByFilter.$inject = ['$parse']; +function orderByFilter($parse) { + return function(array, sortPredicate, reverseOrder, compareFn) { + + if (array == null) return array; + if (!isArrayLike(array)) { + throw minErr('orderBy')('notarray', 'Expected array but received: {0}', array); + } + + if (!isArray(sortPredicate)) { sortPredicate = [sortPredicate]; } + if (sortPredicate.length === 0) { sortPredicate = ['+']; } + + var predicates = processPredicates(sortPredicate); + + var descending = reverseOrder ? -1 : 1; + + // Define the `compare()` function. Use a default comparator if none is specified. + var compare = isFunction(compareFn) ? compareFn : defaultCompare; + + // The next three lines are a version of a Swartzian Transform idiom from Perl + // (sometimes called the Decorate-Sort-Undecorate idiom) + // See https://en.wikipedia.org/wiki/Schwartzian_transform + var compareValues = Array.prototype.map.call(array, getComparisonObject); + compareValues.sort(doComparison); + array = compareValues.map(function(item) { return item.value; }); + + return array; + + function getComparisonObject(value, index) { + // NOTE: We are adding an extra `tieBreaker` value based on the element's index. + // This will be used to keep the sort stable when none of the input predicates can + // distinguish between two elements. + return { + value: value, + tieBreaker: {value: index, type: 'number', index: index}, + predicateValues: predicates.map(function(predicate) { + return getPredicateValue(predicate.get(value), index); + }) + }; + } + + function doComparison(v1, v2) { + for (var i = 0, ii = predicates.length; i < ii; i++) { + var result = compare(v1.predicateValues[i], v2.predicateValues[i]); + if (result) { + return result * predicates[i].descending * descending; + } + } + + return compare(v1.tieBreaker, v2.tieBreaker) * descending; + } + }; + + function processPredicates(sortPredicates) { + return sortPredicates.map(function(predicate) { + var descending = 1, get = identity; + + if (isFunction(predicate)) { + get = predicate; + } else if (isString(predicate)) { + if ((predicate.charAt(0) === '+' || predicate.charAt(0) === '-')) { + descending = predicate.charAt(0) === '-' ? -1 : 1; + predicate = predicate.substring(1); + } + if (predicate !== '') { + get = $parse(predicate); + if (get.constant) { + var key = get(); + get = function(value) { return value[key]; }; + } + } + } + return {get: get, descending: descending}; + }); + } + + function isPrimitive(value) { + switch (typeof value) { + case 'number': /* falls through */ + case 'boolean': /* falls through */ + case 'string': + return true; + default: + return false; + } + } + + function objectValue(value) { + // If `valueOf` is a valid function use that + if (isFunction(value.valueOf)) { + value = value.valueOf(); + if (isPrimitive(value)) return value; + } + // If `toString` is a valid function and not the one from `Object.prototype` use that + if (hasCustomToString(value)) { + value = value.toString(); + if (isPrimitive(value)) return value; + } + + return value; + } + + function getPredicateValue(value, index) { + var type = typeof value; + if (value === null) { + type = 'string'; + value = 'null'; + } else if (type === 'object') { + value = objectValue(value); + } + return {value: value, type: type, index: index}; + } + + function defaultCompare(v1, v2) { + var result = 0; + var type1 = v1.type; + var type2 = v2.type; + + if (type1 === type2) { + var value1 = v1.value; + var value2 = v2.value; + + if (type1 === 'string') { + // Compare strings case-insensitively + value1 = value1.toLowerCase(); + value2 = value2.toLowerCase(); + } else if (type1 === 'object') { + // For basic objects, use the position of the object + // in the collection instead of the value + if (isObject(value1)) value1 = v1.index; + if (isObject(value2)) value2 = v2.index; + } + + if (value1 !== value2) { + result = value1 < value2 ? -1 : 1; + } + } else { + result = type1 < type2 ? -1 : 1; + } + + return result; + } +} + +function ngDirective(directive) { + if (isFunction(directive)) { + directive = { + link: directive + }; + } + directive.restrict = directive.restrict || 'AC'; + return valueFn(directive); +} + +/** + * @ngdoc directive + * @name a + * @restrict E + * + * @description + * Modifies the default behavior of the html a tag so that the default action is prevented when + * the href attribute is empty. + * + * For dynamically creating `href` attributes for a tags, see the {@link ng.ngHref `ngHref`} directive. + */ +var htmlAnchorDirective = valueFn({ + restrict: 'E', + compile: function(element, attr) { + if (!attr.href && !attr.xlinkHref) { + return function(scope, element) { + // If the linked element is not an anchor tag anymore, do nothing + if (element[0].nodeName.toLowerCase() !== 'a') return; + + // SVGAElement does not use the href attribute, but rather the 'xlinkHref' attribute. + var href = toString.call(element.prop('href')) === '[object SVGAnimatedString]' ? + 'xlink:href' : 'href'; + element.on('click', function(event) { + // if we have no href url, then don't navigate anywhere. + if (!element.attr(href)) { + event.preventDefault(); + } + }); + }; + } + } +}); + +/** + * @ngdoc directive + * @name ngHref + * @restrict A + * @priority 99 + * + * @description + * Using Angular markup like `{{hash}}` in an href attribute will + * make the link go to the wrong URL if the user clicks it before + * Angular has a chance to replace the `{{hash}}` markup with its + * value. Until Angular replaces the markup the link will be broken + * and will most likely return a 404 error. The `ngHref` directive + * solves this problem. + * + * The wrong way to write it: + * ```html + * link1 + * ``` + * + * The correct way to write it: + * ```html + * link1 + * ``` + * + * @element A + * @param {template} ngHref any string which can contain `{{}}` markup. + * + * @example + * This example shows various combinations of `href`, `ng-href` and `ng-click` attributes + * in links and their different behaviors: + + +
    + link 1 (link, don't reload)
    + link 2 (link, don't reload)
    + link 3 (link, reload!)
    + anchor (link, don't reload)
    + anchor (no link)
    + link (link, change location) +
    + + it('should execute ng-click but not reload when href without value', function() { + element(by.id('link-1')).click(); + expect(element(by.model('value')).getAttribute('value')).toEqual('1'); + expect(element(by.id('link-1')).getAttribute('href')).toBe(''); + }); + + it('should execute ng-click but not reload when href empty string', function() { + element(by.id('link-2')).click(); + expect(element(by.model('value')).getAttribute('value')).toEqual('2'); + expect(element(by.id('link-2')).getAttribute('href')).toBe(''); + }); + + it('should execute ng-click and change url when ng-href specified', function() { + expect(element(by.id('link-3')).getAttribute('href')).toMatch(/\/123$/); + + element(by.id('link-3')).click(); + + // At this point, we navigate away from an Angular page, so we need + // to use browser.driver to get the base webdriver. + + browser.wait(function() { + return browser.driver.getCurrentUrl().then(function(url) { + return url.match(/\/123$/); + }); + }, 5000, 'page should navigate to /123'); + }); + + it('should execute ng-click but not reload when href empty string and name specified', function() { + element(by.id('link-4')).click(); + expect(element(by.model('value')).getAttribute('value')).toEqual('4'); + expect(element(by.id('link-4')).getAttribute('href')).toBe(''); + }); + + it('should execute ng-click but not reload when no href but name specified', function() { + element(by.id('link-5')).click(); + expect(element(by.model('value')).getAttribute('value')).toEqual('5'); + expect(element(by.id('link-5')).getAttribute('href')).toBe(null); + }); + + it('should only change url when only ng-href', function() { + element(by.model('value')).clear(); + element(by.model('value')).sendKeys('6'); + expect(element(by.id('link-6')).getAttribute('href')).toMatch(/\/6$/); + + element(by.id('link-6')).click(); + + // At this point, we navigate away from an Angular page, so we need + // to use browser.driver to get the base webdriver. + browser.wait(function() { + return browser.driver.getCurrentUrl().then(function(url) { + return url.match(/\/6$/); + }); + }, 5000, 'page should navigate to /6'); + }); + +
    + */ + +/** + * @ngdoc directive + * @name ngSrc + * @restrict A + * @priority 99 + * + * @description + * Using Angular markup like `{{hash}}` in a `src` attribute doesn't + * work right: The browser will fetch from the URL with the literal + * text `{{hash}}` until Angular replaces the expression inside + * `{{hash}}`. The `ngSrc` directive solves this problem. + * + * The buggy way to write it: + * ```html + * Description + * ``` + * + * The correct way to write it: + * ```html + * Description + * ``` + * + * @element IMG + * @param {template} ngSrc any string which can contain `{{}}` markup. + */ + +/** + * @ngdoc directive + * @name ngSrcset + * @restrict A + * @priority 99 + * + * @description + * Using Angular markup like `{{hash}}` in a `srcset` attribute doesn't + * work right: The browser will fetch from the URL with the literal + * text `{{hash}}` until Angular replaces the expression inside + * `{{hash}}`. The `ngSrcset` directive solves this problem. + * + * The buggy way to write it: + * ```html + * Description + * ``` + * + * The correct way to write it: + * ```html + * Description + * ``` + * + * @element IMG + * @param {template} ngSrcset any string which can contain `{{}}` markup. + */ + +/** + * @ngdoc directive + * @name ngDisabled + * @restrict A + * @priority 100 + * + * @description + * + * This directive sets the `disabled` attribute on the element (typically a form control, + * e.g. `input`, `button`, `select` etc.) if the + * {@link guide/expression expression} inside `ngDisabled` evaluates to truthy. + * + * A special directive is necessary because we cannot use interpolation inside the `disabled` + * attribute. See the {@link guide/interpolation interpolation guide} for more info. + * + * @example + + +
    + +
    + + it('should toggle button', function() { + expect(element(by.css('button')).getAttribute('disabled')).toBeFalsy(); + element(by.model('checked')).click(); + expect(element(by.css('button')).getAttribute('disabled')).toBeTruthy(); + }); + +
    + * + * @element INPUT + * @param {expression} ngDisabled If the {@link guide/expression expression} is truthy, + * then the `disabled` attribute will be set on the element + */ + + +/** + * @ngdoc directive + * @name ngChecked + * @restrict A + * @priority 100 + * + * @description + * Sets the `checked` attribute on the element, if the expression inside `ngChecked` is truthy. + * + * Note that this directive should not be used together with {@link ngModel `ngModel`}, + * as this can lead to unexpected behavior. + * + * A special directive is necessary because we cannot use interpolation inside the `checked` + * attribute. See the {@link guide/interpolation interpolation guide} for more info. + * + * @example + + +
    + +
    + + it('should check both checkBoxes', function() { + expect(element(by.id('checkSlave')).getAttribute('checked')).toBeFalsy(); + element(by.model('master')).click(); + expect(element(by.id('checkSlave')).getAttribute('checked')).toBeTruthy(); + }); + +
    + * + * @element INPUT + * @param {expression} ngChecked If the {@link guide/expression expression} is truthy, + * then the `checked` attribute will be set on the element + */ + + +/** + * @ngdoc directive + * @name ngReadonly + * @restrict A + * @priority 100 + * + * @description + * + * Sets the `readonly` attribute on the element, if the expression inside `ngReadonly` is truthy. + * Note that `readonly` applies only to `input` elements with specific types. [See the input docs on + * MDN](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input#attr-readonly) for more information. + * + * A special directive is necessary because we cannot use interpolation inside the `readonly` + * attribute. See the {@link guide/interpolation interpolation guide} for more info. + * + * @example + + +
    + +
    + + it('should toggle readonly attr', function() { + expect(element(by.css('[type="text"]')).getAttribute('readonly')).toBeFalsy(); + element(by.model('checked')).click(); + expect(element(by.css('[type="text"]')).getAttribute('readonly')).toBeTruthy(); + }); + +
    + * + * @element INPUT + * @param {expression} ngReadonly If the {@link guide/expression expression} is truthy, + * then special attribute "readonly" will be set on the element + */ + + +/** + * @ngdoc directive + * @name ngSelected + * @restrict A + * @priority 100 + * + * @description + * + * Sets the `selected` attribute on the element, if the expression inside `ngSelected` is truthy. + * + * A special directive is necessary because we cannot use interpolation inside the `selected` + * attribute. See the {@link guide/interpolation interpolation guide} for more info. + * + *
    + * **Note:** `ngSelected` does not interact with the `select` and `ngModel` directives, it only + * sets the `selected` attribute on the element. If you are using `ngModel` on the select, you + * should not use `ngSelected` on the options, as `ngModel` will set the select value and + * selected options. + *
    + * + * @example + + +
    + +
    + + it('should select Greetings!', function() { + expect(element(by.id('greet')).getAttribute('selected')).toBeFalsy(); + element(by.model('selected')).click(); + expect(element(by.id('greet')).getAttribute('selected')).toBeTruthy(); + }); + +
    + * + * @element OPTION + * @param {expression} ngSelected If the {@link guide/expression expression} is truthy, + * then special attribute "selected" will be set on the element + */ + +/** + * @ngdoc directive + * @name ngOpen + * @restrict A + * @priority 100 + * + * @description + * + * Sets the `open` attribute on the element, if the expression inside `ngOpen` is truthy. + * + * A special directive is necessary because we cannot use interpolation inside the `open` + * attribute. See the {@link guide/interpolation interpolation guide} for more info. + * + * ## A note about browser compatibility + * + * Edge, Firefox, and Internet Explorer do not support the `details` element, it is + * recommended to use {@link ng.ngShow} and {@link ng.ngHide} instead. + * + * @example + + +
    +
    + Show/Hide me +
    +
    + + it('should toggle open', function() { + expect(element(by.id('details')).getAttribute('open')).toBeFalsy(); + element(by.model('open')).click(); + expect(element(by.id('details')).getAttribute('open')).toBeTruthy(); + }); + +
    + * + * @element DETAILS + * @param {expression} ngOpen If the {@link guide/expression expression} is truthy, + * then special attribute "open" will be set on the element + */ + +var ngAttributeAliasDirectives = {}; + +// boolean attrs are evaluated +forEach(BOOLEAN_ATTR, function(propName, attrName) { + // binding to multiple is not supported + if (propName === 'multiple') return; + + function defaultLinkFn(scope, element, attr) { + scope.$watch(attr[normalized], function ngBooleanAttrWatchAction(value) { + attr.$set(attrName, !!value); + }); + } + + var normalized = directiveNormalize('ng-' + attrName); + var linkFn = defaultLinkFn; + + if (propName === 'checked') { + linkFn = function(scope, element, attr) { + // ensuring ngChecked doesn't interfere with ngModel when both are set on the same input + if (attr.ngModel !== attr[normalized]) { + defaultLinkFn(scope, element, attr); + } + }; + } + + ngAttributeAliasDirectives[normalized] = function() { + return { + restrict: 'A', + priority: 100, + link: linkFn + }; + }; +}); + +// aliased input attrs are evaluated +forEach(ALIASED_ATTR, function(htmlAttr, ngAttr) { + ngAttributeAliasDirectives[ngAttr] = function() { + return { + priority: 100, + link: function(scope, element, attr) { + //special case ngPattern when a literal regular expression value + //is used as the expression (this way we don't have to watch anything). + if (ngAttr === 'ngPattern' && attr.ngPattern.charAt(0) === '/') { + var match = attr.ngPattern.match(REGEX_STRING_REGEXP); + if (match) { + attr.$set('ngPattern', new RegExp(match[1], match[2])); + return; + } + } + + scope.$watch(attr[ngAttr], function ngAttrAliasWatchAction(value) { + attr.$set(ngAttr, value); + }); + } + }; + }; +}); + +// ng-src, ng-srcset, ng-href are interpolated +forEach(['src', 'srcset', 'href'], function(attrName) { + var normalized = directiveNormalize('ng-' + attrName); + ngAttributeAliasDirectives[normalized] = function() { + return { + priority: 99, // it needs to run after the attributes are interpolated + link: function(scope, element, attr) { + var propName = attrName, + name = attrName; + + if (attrName === 'href' && + toString.call(element.prop('href')) === '[object SVGAnimatedString]') { + name = 'xlinkHref'; + attr.$attr[name] = 'xlink:href'; + propName = null; + } + + attr.$observe(normalized, function(value) { + if (!value) { + if (attrName === 'href') { + attr.$set(name, null); + } + return; + } + + attr.$set(name, value); + + // Support: IE 9-11 only + // On IE, if "ng:src" directive declaration is used and "src" attribute doesn't exist + // then calling element.setAttribute('src', 'foo') doesn't do anything, so we need + // to set the property as well to achieve the desired effect. + // We use attr[attrName] value since $set can sanitize the url. + if (msie && propName) element.prop(propName, attr[name]); + }); + } + }; + }; +}); + +/* global -nullFormCtrl, -PENDING_CLASS, -SUBMITTED_CLASS + */ +var nullFormCtrl = { + $addControl: noop, + $$renameControl: nullFormRenameControl, + $removeControl: noop, + $setValidity: noop, + $setDirty: noop, + $setPristine: noop, + $setSubmitted: noop +}, +PENDING_CLASS = 'ng-pending', +SUBMITTED_CLASS = 'ng-submitted'; + +function nullFormRenameControl(control, name) { + control.$name = name; +} + +/** + * @ngdoc type + * @name form.FormController + * + * @property {boolean} $pristine True if user has not interacted with the form yet. + * @property {boolean} $dirty True if user has already interacted with the form. + * @property {boolean} $valid True if all of the containing forms and controls are valid. + * @property {boolean} $invalid True if at least one containing control or form is invalid. + * @property {boolean} $pending True if at least one containing control or form is pending. + * @property {boolean} $submitted True if user has submitted the form even if its invalid. + * + * @property {Object} $error Is an object hash, containing references to controls or + * forms with failing validators, where: + * + * - keys are validation tokens (error names), + * - values are arrays of controls or forms that have a failing validator for given error name. + * + * Built-in validation tokens: + * + * - `email` + * - `max` + * - `maxlength` + * - `min` + * - `minlength` + * - `number` + * - `pattern` + * - `required` + * - `url` + * - `date` + * - `datetimelocal` + * - `time` + * - `week` + * - `month` + * + * @description + * `FormController` keeps track of all its controls and nested forms as well as the state of them, + * such as being valid/invalid or dirty/pristine. + * + * Each {@link ng.directive:form form} directive creates an instance + * of `FormController`. + * + */ +//asks for $scope to fool the BC controller module +FormController.$inject = ['$element', '$attrs', '$scope', '$animate', '$interpolate']; +function FormController($element, $attrs, $scope, $animate, $interpolate) { + this.$$controls = []; + + // init state + this.$error = {}; + this.$$success = {}; + this.$pending = undefined; + this.$name = $interpolate($attrs.name || $attrs.ngForm || '')($scope); + this.$dirty = false; + this.$pristine = true; + this.$valid = true; + this.$invalid = false; + this.$submitted = false; + this.$$parentForm = nullFormCtrl; + + this.$$element = $element; + this.$$animate = $animate; + + setupValidity(this); +} + +FormController.prototype = { + /** + * @ngdoc method + * @name form.FormController#$rollbackViewValue + * + * @description + * Rollback all form controls pending updates to the `$modelValue`. + * + * Updates may be pending by a debounced event or because the input is waiting for a some future + * event defined in `ng-model-options`. This method is typically needed by the reset button of + * a form that uses `ng-model-options` to pend updates. + */ + $rollbackViewValue: function() { + forEach(this.$$controls, function(control) { + control.$rollbackViewValue(); + }); + }, + + /** + * @ngdoc method + * @name form.FormController#$commitViewValue + * + * @description + * Commit all form controls pending updates to the `$modelValue`. + * + * Updates may be pending by a debounced event or because the input is waiting for a some future + * event defined in `ng-model-options`. This method is rarely needed as `NgModelController` + * usually handles calling this in response to input events. + */ + $commitViewValue: function() { + forEach(this.$$controls, function(control) { + control.$commitViewValue(); + }); + }, + + /** + * @ngdoc method + * @name form.FormController#$addControl + * @param {object} control control object, either a {@link form.FormController} or an + * {@link ngModel.NgModelController} + * + * @description + * Register a control with the form. Input elements using ngModelController do this automatically + * when they are linked. + * + * Note that the current state of the control will not be reflected on the new parent form. This + * is not an issue with normal use, as freshly compiled and linked controls are in a `$pristine` + * state. + * + * However, if the method is used programmatically, for example by adding dynamically created controls, + * or controls that have been previously removed without destroying their corresponding DOM element, + * it's the developers responsibility to make sure the current state propagates to the parent form. + * + * For example, if an input control is added that is already `$dirty` and has `$error` properties, + * calling `$setDirty()` and `$validate()` afterwards will propagate the state to the parent form. + */ + $addControl: function(control) { + // Breaking change - before, inputs whose name was "hasOwnProperty" were quietly ignored + // and not added to the scope. Now we throw an error. + assertNotHasOwnProperty(control.$name, 'input'); + this.$$controls.push(control); + + if (control.$name) { + this[control.$name] = control; + } + + control.$$parentForm = this; + }, + + // Private API: rename a form control + $$renameControl: function(control, newName) { + var oldName = control.$name; + + if (this[oldName] === control) { + delete this[oldName]; + } + this[newName] = control; + control.$name = newName; + }, + + /** + * @ngdoc method + * @name form.FormController#$removeControl + * @param {object} control control object, either a {@link form.FormController} or an + * {@link ngModel.NgModelController} + * + * @description + * Deregister a control from the form. + * + * Input elements using ngModelController do this automatically when they are destroyed. + * + * Note that only the removed control's validation state (`$errors`etc.) will be removed from the + * form. `$dirty`, `$submitted` states will not be changed, because the expected behavior can be + * different from case to case. For example, removing the only `$dirty` control from a form may or + * may not mean that the form is still `$dirty`. + */ + $removeControl: function(control) { + if (control.$name && this[control.$name] === control) { + delete this[control.$name]; + } + forEach(this.$pending, function(value, name) { + // eslint-disable-next-line no-invalid-this + this.$setValidity(name, null, control); + }, this); + forEach(this.$error, function(value, name) { + // eslint-disable-next-line no-invalid-this + this.$setValidity(name, null, control); + }, this); + forEach(this.$$success, function(value, name) { + // eslint-disable-next-line no-invalid-this + this.$setValidity(name, null, control); + }, this); + + arrayRemove(this.$$controls, control); + control.$$parentForm = nullFormCtrl; + }, + + /** + * @ngdoc method + * @name form.FormController#$setDirty + * + * @description + * Sets the form to a dirty state. + * + * This method can be called to add the 'ng-dirty' class and set the form to a dirty + * state (ng-dirty class). This method will also propagate to parent forms. + */ + $setDirty: function() { + this.$$animate.removeClass(this.$$element, PRISTINE_CLASS); + this.$$animate.addClass(this.$$element, DIRTY_CLASS); + this.$dirty = true; + this.$pristine = false; + this.$$parentForm.$setDirty(); + }, + + /** + * @ngdoc method + * @name form.FormController#$setPristine + * + * @description + * Sets the form to its pristine state. + * + * This method sets the form's `$pristine` state to true, the `$dirty` state to false, removes + * the `ng-dirty` class and adds the `ng-pristine` class. Additionally, it sets the `$submitted` + * state to false. + * + * This method will also propagate to all the controls contained in this form. + * + * Setting a form back to a pristine state is often useful when we want to 'reuse' a form after + * saving or resetting it. + */ + $setPristine: function() { + this.$$animate.setClass(this.$$element, PRISTINE_CLASS, DIRTY_CLASS + ' ' + SUBMITTED_CLASS); + this.$dirty = false; + this.$pristine = true; + this.$submitted = false; + forEach(this.$$controls, function(control) { + control.$setPristine(); + }); + }, + + /** + * @ngdoc method + * @name form.FormController#$setUntouched + * + * @description + * Sets the form to its untouched state. + * + * This method can be called to remove the 'ng-touched' class and set the form controls to their + * untouched state (ng-untouched class). + * + * Setting a form controls back to their untouched state is often useful when setting the form + * back to its pristine state. + */ + $setUntouched: function() { + forEach(this.$$controls, function(control) { + control.$setUntouched(); + }); + }, + + /** + * @ngdoc method + * @name form.FormController#$setSubmitted + * + * @description + * Sets the form to its submitted state. + */ + $setSubmitted: function() { + this.$$animate.addClass(this.$$element, SUBMITTED_CLASS); + this.$submitted = true; + this.$$parentForm.$setSubmitted(); + } +}; + +/** + * @ngdoc method + * @name form.FormController#$setValidity + * + * @description + * Sets the validity of a form control. + * + * This method will also propagate to parent forms. + */ +addSetValidityMethod({ + clazz: FormController, + set: function(object, property, controller) { + var list = object[property]; + if (!list) { + object[property] = [controller]; + } else { + var index = list.indexOf(controller); + if (index === -1) { + list.push(controller); + } + } + }, + unset: function(object, property, controller) { + var list = object[property]; + if (!list) { + return; + } + arrayRemove(list, controller); + if (list.length === 0) { + delete object[property]; + } + } +}); + +/** + * @ngdoc directive + * @name ngForm + * @restrict EAC + * + * @description + * Nestable alias of {@link ng.directive:form `form`} directive. HTML + * does not allow nesting of form elements. It is useful to nest forms, for example if the validity of a + * sub-group of controls needs to be determined. + * + * Note: the purpose of `ngForm` is to group controls, + * but not to be a replacement for the `
    ` tag with all of its capabilities + * (e.g. posting to the server, ...). + * + * @param {string=} ngForm|name Name of the form. If specified, the form controller will be published into + * related scope, under this name. + * + */ + + /** + * @ngdoc directive + * @name form + * @restrict E + * + * @description + * Directive that instantiates + * {@link form.FormController FormController}. + * + * If the `name` attribute is specified, the form controller is published onto the current scope under + * this name. + * + * # Alias: {@link ng.directive:ngForm `ngForm`} + * + * In Angular, forms can be nested. This means that the outer form is valid when all of the child + * forms are valid as well. However, browsers do not allow nesting of `` elements, so + * Angular provides the {@link ng.directive:ngForm `ngForm`} directive, which behaves identically to + * `form` but can be nested. Nested forms can be useful, for example, if the validity of a sub-group + * of controls needs to be determined. + * + * # CSS classes + * - `ng-valid` is set if the form is valid. + * - `ng-invalid` is set if the form is invalid. + * - `ng-pending` is set if the form is pending. + * - `ng-pristine` is set if the form is pristine. + * - `ng-dirty` is set if the form is dirty. + * - `ng-submitted` is set if the form was submitted. + * + * Keep in mind that ngAnimate can detect each of these classes when added and removed. + * + * + * # Submitting a form and preventing the default action + * + * Since the role of forms in client-side Angular applications is different than in classical + * roundtrip apps, it is desirable for the browser not to translate the form submission into a full + * page reload that sends the data to the server. Instead some javascript logic should be triggered + * to handle the form submission in an application-specific way. + * + * For this reason, Angular prevents the default action (form submission to the server) unless the + * `` element has an `action` attribute specified. + * + * You can use one of the following two ways to specify what javascript method should be called when + * a form is submitted: + * + * - {@link ng.directive:ngSubmit ngSubmit} directive on the form element + * - {@link ng.directive:ngClick ngClick} directive on the first + * button or input field of type submit (input[type=submit]) + * + * To prevent double execution of the handler, use only one of the {@link ng.directive:ngSubmit ngSubmit} + * or {@link ng.directive:ngClick ngClick} directives. + * This is because of the following form submission rules in the HTML specification: + * + * - If a form has only one input field then hitting enter in this field triggers form submit + * (`ngSubmit`) + * - if a form has 2+ input fields and no buttons or input[type=submit] then hitting enter + * doesn't trigger submit + * - if a form has one or more input fields and one or more buttons or input[type=submit] then + * hitting enter in any of the input fields will trigger the click handler on the *first* button or + * input[type=submit] (`ngClick`) *and* a submit handler on the enclosing form (`ngSubmit`) + * + * Any pending `ngModelOptions` changes will take place immediately when an enclosing form is + * submitted. Note that `ngClick` events will occur before the model is updated. Use `ngSubmit` + * to have access to the updated model. + * + * ## Animation Hooks + * + * Animations in ngForm are triggered when any of the associated CSS classes are added and removed. + * These classes are: `.ng-pristine`, `.ng-dirty`, `.ng-invalid` and `.ng-valid` as well as any + * other validations that are performed within the form. Animations in ngForm are similar to how + * they work in ngClass and animations can be hooked into using CSS transitions, keyframes as well + * as JS animations. + * + * The following example shows a simple way to utilize CSS transitions to style a form element + * that has been rendered as invalid after it has been validated: + * + *
    + * //be sure to include ngAnimate as a module to hook into more
    + * //advanced animations
    + * .my-form {
    + *   transition:0.5s linear all;
    + *   background: white;
    + * }
    + * .my-form.ng-invalid {
    + *   background: red;
    + *   color:white;
    + * }
    + * 
    + * + * @example + + + + + + userType: + Required!
    + userType = {{userType}}
    + myForm.input.$valid = {{myForm.input.$valid}}
    + myForm.input.$error = {{myForm.input.$error}}
    + myForm.$valid = {{myForm.$valid}}
    + myForm.$error.required = {{!!myForm.$error.required}}
    + +
    + + it('should initialize to model', function() { + var userType = element(by.binding('userType')); + var valid = element(by.binding('myForm.input.$valid')); + + expect(userType.getText()).toContain('guest'); + expect(valid.getText()).toContain('true'); + }); + + it('should be invalid if empty', function() { + var userType = element(by.binding('userType')); + var valid = element(by.binding('myForm.input.$valid')); + var userInput = element(by.model('userType')); + + userInput.clear(); + userInput.sendKeys(''); + + expect(userType.getText()).toEqual('userType ='); + expect(valid.getText()).toContain('false'); + }); + +
    + * + * @param {string=} name Name of the form. If specified, the form controller will be published into + * related scope, under this name. + */ +var formDirectiveFactory = function(isNgForm) { + return ['$timeout', '$parse', function($timeout, $parse) { + var formDirective = { + name: 'form', + restrict: isNgForm ? 'EAC' : 'E', + require: ['form', '^^?form'], //first is the form's own ctrl, second is an optional parent form + controller: FormController, + compile: function ngFormCompile(formElement, attr) { + // Setup initial state of the control + formElement.addClass(PRISTINE_CLASS).addClass(VALID_CLASS); + + var nameAttr = attr.name ? 'name' : (isNgForm && attr.ngForm ? 'ngForm' : false); + + return { + pre: function ngFormPreLink(scope, formElement, attr, ctrls) { + var controller = ctrls[0]; + + // if `action` attr is not present on the form, prevent the default action (submission) + if (!('action' in attr)) { + // we can't use jq events because if a form is destroyed during submission the default + // action is not prevented. see #1238 + // + // IE 9 is not affected because it doesn't fire a submit event and try to do a full + // page reload if the form was destroyed by submission of the form via a click handler + // on a button in the form. Looks like an IE9 specific bug. + var handleFormSubmission = function(event) { + scope.$apply(function() { + controller.$commitViewValue(); + controller.$setSubmitted(); + }); + + event.preventDefault(); + }; + + formElement[0].addEventListener('submit', handleFormSubmission); + + // unregister the preventDefault listener so that we don't not leak memory but in a + // way that will achieve the prevention of the default action. + formElement.on('$destroy', function() { + $timeout(function() { + formElement[0].removeEventListener('submit', handleFormSubmission); + }, 0, false); + }); + } + + var parentFormCtrl = ctrls[1] || controller.$$parentForm; + parentFormCtrl.$addControl(controller); + + var setter = nameAttr ? getSetter(controller.$name) : noop; + + if (nameAttr) { + setter(scope, controller); + attr.$observe(nameAttr, function(newValue) { + if (controller.$name === newValue) return; + setter(scope, undefined); + controller.$$parentForm.$$renameControl(controller, newValue); + setter = getSetter(controller.$name); + setter(scope, controller); + }); + } + formElement.on('$destroy', function() { + controller.$$parentForm.$removeControl(controller); + setter(scope, undefined); + extend(controller, nullFormCtrl); //stop propagating child destruction handlers upwards + }); + } + }; + } + }; + + return formDirective; + + function getSetter(expression) { + if (expression === '') { + //create an assignable expression, so forms with an empty name can be renamed later + return $parse('this[""]').assign; + } + return $parse(expression).assign || noop; + } + }]; +}; + +var formDirective = formDirectiveFactory(); +var ngFormDirective = formDirectiveFactory(true); + + + +// helper methods +function setupValidity(instance) { + instance.$$classCache = {}; + instance.$$classCache[INVALID_CLASS] = !(instance.$$classCache[VALID_CLASS] = instance.$$element.hasClass(VALID_CLASS)); +} +function addSetValidityMethod(context) { + var clazz = context.clazz, + set = context.set, + unset = context.unset; + + clazz.prototype.$setValidity = function(validationErrorKey, state, controller) { + if (isUndefined(state)) { + createAndSet(this, '$pending', validationErrorKey, controller); + } else { + unsetAndCleanup(this, '$pending', validationErrorKey, controller); + } + if (!isBoolean(state)) { + unset(this.$error, validationErrorKey, controller); + unset(this.$$success, validationErrorKey, controller); + } else { + if (state) { + unset(this.$error, validationErrorKey, controller); + set(this.$$success, validationErrorKey, controller); + } else { + set(this.$error, validationErrorKey, controller); + unset(this.$$success, validationErrorKey, controller); + } + } + if (this.$pending) { + cachedToggleClass(this, PENDING_CLASS, true); + this.$valid = this.$invalid = undefined; + toggleValidationCss(this, '', null); + } else { + cachedToggleClass(this, PENDING_CLASS, false); + this.$valid = isObjectEmpty(this.$error); + this.$invalid = !this.$valid; + toggleValidationCss(this, '', this.$valid); + } + + // re-read the state as the set/unset methods could have + // combined state in this.$error[validationError] (used for forms), + // where setting/unsetting only increments/decrements the value, + // and does not replace it. + var combinedState; + if (this.$pending && this.$pending[validationErrorKey]) { + combinedState = undefined; + } else if (this.$error[validationErrorKey]) { + combinedState = false; + } else if (this.$$success[validationErrorKey]) { + combinedState = true; + } else { + combinedState = null; + } + + toggleValidationCss(this, validationErrorKey, combinedState); + this.$$parentForm.$setValidity(validationErrorKey, combinedState, this); + }; + + function createAndSet(ctrl, name, value, controller) { + if (!ctrl[name]) { + ctrl[name] = {}; + } + set(ctrl[name], value, controller); + } + + function unsetAndCleanup(ctrl, name, value, controller) { + if (ctrl[name]) { + unset(ctrl[name], value, controller); + } + if (isObjectEmpty(ctrl[name])) { + ctrl[name] = undefined; + } + } + + function cachedToggleClass(ctrl, className, switchValue) { + if (switchValue && !ctrl.$$classCache[className]) { + ctrl.$$animate.addClass(ctrl.$$element, className); + ctrl.$$classCache[className] = true; + } else if (!switchValue && ctrl.$$classCache[className]) { + ctrl.$$animate.removeClass(ctrl.$$element, className); + ctrl.$$classCache[className] = false; + } + } + + function toggleValidationCss(ctrl, validationErrorKey, isValid) { + validationErrorKey = validationErrorKey ? '-' + snake_case(validationErrorKey, '-') : ''; + + cachedToggleClass(ctrl, VALID_CLASS + validationErrorKey, isValid === true); + cachedToggleClass(ctrl, INVALID_CLASS + validationErrorKey, isValid === false); + } +} + +function isObjectEmpty(obj) { + if (obj) { + for (var prop in obj) { + if (obj.hasOwnProperty(prop)) { + return false; + } + } + } + return true; +} + +/* global + VALID_CLASS: false, + INVALID_CLASS: false, + PRISTINE_CLASS: false, + DIRTY_CLASS: false, + ngModelMinErr: false +*/ + +// Regex code was initially obtained from SO prior to modification: https://stackoverflow.com/questions/3143070/javascript-regex-iso-datetime#answer-3143231 +var ISO_DATE_REGEXP = /^\d{4,}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d:[0-5]\d\.\d+(?:[+-][0-2]\d:[0-5]\d|Z)$/; +// See valid URLs in RFC3987 (http://tools.ietf.org/html/rfc3987) +// Note: We are being more lenient, because browsers are too. +// 1. Scheme +// 2. Slashes +// 3. Username +// 4. Password +// 5. Hostname +// 6. Port +// 7. Path +// 8. Query +// 9. Fragment +// 1111111111111111 222 333333 44444 55555555555555555555555 666 77777777 8888888 999 +var URL_REGEXP = /^[a-z][a-z\d.+-]*:\/*(?:[^:@]+(?::[^@]+)?@)?(?:[^\s:/?#]+|\[[a-f\d:]+])(?::\d+)?(?:\/[^?#]*)?(?:\?[^#]*)?(?:#.*)?$/i; +// eslint-disable-next-line max-len +var EMAIL_REGEXP = /^(?=.{1,254}$)(?=.{1,64}@)[-!#$%&'*+/0-9=?A-Z^_`a-z{|}~]+(\.[-!#$%&'*+/0-9=?A-Z^_`a-z{|}~]+)*@[A-Za-z0-9]([A-Za-z0-9-]{0,61}[A-Za-z0-9])?(\.[A-Za-z0-9]([A-Za-z0-9-]{0,61}[A-Za-z0-9])?)*$/; +var NUMBER_REGEXP = /^\s*(-|\+)?(\d+|(\d*(\.\d*)))([eE][+-]?\d+)?\s*$/; +var DATE_REGEXP = /^(\d{4,})-(\d{2})-(\d{2})$/; +var DATETIMELOCAL_REGEXP = /^(\d{4,})-(\d\d)-(\d\d)T(\d\d):(\d\d)(?::(\d\d)(\.\d{1,3})?)?$/; +var WEEK_REGEXP = /^(\d{4,})-W(\d\d)$/; +var MONTH_REGEXP = /^(\d{4,})-(\d\d)$/; +var TIME_REGEXP = /^(\d\d):(\d\d)(?::(\d\d)(\.\d{1,3})?)?$/; + +var PARTIAL_VALIDATION_EVENTS = 'keydown wheel mousedown'; +var PARTIAL_VALIDATION_TYPES = createMap(); +forEach('date,datetime-local,month,time,week'.split(','), function(type) { + PARTIAL_VALIDATION_TYPES[type] = true; +}); + +var inputType = { + + /** + * @ngdoc input + * @name input[text] + * + * @description + * Standard HTML text input with angular data binding, inherited by most of the `input` elements. + * + * + * @param {string} ngModel Assignable angular expression to data-bind to. + * @param {string=} name Property name of the form under which the control is published. + * @param {string=} required Adds `required` validation error key if the value is not entered. + * @param {string=} ngRequired Adds `required` attribute and `required` validation constraint to + * the element when the ngRequired expression evaluates to true. Use `ngRequired` instead of + * `required` when you want to data-bind to the `required` attribute. + * @param {number=} ngMinlength Sets `minlength` validation error key if the value is shorter than + * minlength. + * @param {number=} ngMaxlength Sets `maxlength` validation error key if the value is longer than + * maxlength. Setting the attribute to a negative or non-numeric value, allows view values of + * any length. + * @param {string=} pattern Similar to `ngPattern` except that the attribute value is the actual string + * that contains the regular expression body that will be converted to a regular expression + * as in the ngPattern directive. + * @param {string=} ngPattern Sets `pattern` validation error key if the ngModel {@link ngModel.NgModelController#$viewValue $viewValue} + * does not match a RegExp found by evaluating the Angular expression given in the attribute value. + * If the expression evaluates to a RegExp object, then this is used directly. + * If the expression evaluates to a string, then it will be converted to a RegExp + * after wrapping it in `^` and `$` characters. For instance, `"abc"` will be converted to + * `new RegExp('^abc$')`.
    + * **Note:** Avoid using the `g` flag on the RegExp, as it will cause each successive search to + * start at the index of the last search's match, thus not taking the whole input value into + * account. + * @param {string=} ngChange Angular expression to be executed when input changes due to user + * interaction with the input element. + * @param {boolean=} [ngTrim=true] If set to false Angular will not automatically trim the input. + * This parameter is ignored for input[type=password] controls, which will never trim the + * input. + * + * @example + + + +
    + +
    + + Required! + + Single word only! +
    + text = {{example.text}}
    + myForm.input.$valid = {{myForm.input.$valid}}
    + myForm.input.$error = {{myForm.input.$error}}
    + myForm.$valid = {{myForm.$valid}}
    + myForm.$error.required = {{!!myForm.$error.required}}
    +
    +
    + + var text = element(by.binding('example.text')); + var valid = element(by.binding('myForm.input.$valid')); + var input = element(by.model('example.text')); + + it('should initialize to model', function() { + expect(text.getText()).toContain('guest'); + expect(valid.getText()).toContain('true'); + }); + + it('should be invalid if empty', function() { + input.clear(); + input.sendKeys(''); + + expect(text.getText()).toEqual('text ='); + expect(valid.getText()).toContain('false'); + }); + + it('should be invalid if multi word', function() { + input.clear(); + input.sendKeys('hello world'); + + expect(valid.getText()).toContain('false'); + }); + +
    + */ + 'text': textInputType, + + /** + * @ngdoc input + * @name input[date] + * + * @description + * Input with date validation and transformation. In browsers that do not yet support + * the HTML5 date input, a text element will be used. In that case, text must be entered in a valid ISO-8601 + * date format (yyyy-MM-dd), for example: `2009-01-06`. Since many + * modern browsers do not yet support this input type, it is important to provide cues to users on the + * expected input format via a placeholder or label. + * + * The model must always be a Date object, otherwise Angular will throw an error. + * Invalid `Date` objects (dates whose `getTime()` is `NaN`) will be rendered as an empty string. + * + * The timezone to be used to read/write the `Date` instance in the model can be defined using + * {@link ng.directive:ngModelOptions ngModelOptions}. By default, this is the timezone of the browser. + * + * @param {string} ngModel Assignable angular expression to data-bind to. + * @param {string=} name Property name of the form under which the control is published. + * @param {string=} min Sets the `min` validation error key if the value entered is less than `min`. This must be a + * valid ISO date string (yyyy-MM-dd). You can also use interpolation inside this attribute + * (e.g. `min="{{minDate | date:'yyyy-MM-dd'}}"`). Note that `min` will also add native HTML5 + * constraint validation. + * @param {string=} max Sets the `max` validation error key if the value entered is greater than `max`. This must be + * a valid ISO date string (yyyy-MM-dd). You can also use interpolation inside this attribute + * (e.g. `max="{{maxDate | date:'yyyy-MM-dd'}}"`). Note that `max` will also add native HTML5 + * constraint validation. + * @param {(date|string)=} ngMin Sets the `min` validation constraint to the Date / ISO date string + * the `ngMin` expression evaluates to. Note that it does not set the `min` attribute. + * @param {(date|string)=} ngMax Sets the `max` validation constraint to the Date / ISO date string + * the `ngMax` expression evaluates to. Note that it does not set the `max` attribute. + * @param {string=} required Sets `required` validation error key if the value is not entered. + * @param {string=} ngRequired Adds `required` attribute and `required` validation constraint to + * the element when the ngRequired expression evaluates to true. Use `ngRequired` instead of + * `required` when you want to data-bind to the `required` attribute. + * @param {string=} ngChange Angular expression to be executed when input changes due to user + * interaction with the input element. + * + * @example + + + +
    + + +
    + + Required! + + Not a valid date! +
    + value = {{example.value | date: "yyyy-MM-dd"}}
    + myForm.input.$valid = {{myForm.input.$valid}}
    + myForm.input.$error = {{myForm.input.$error}}
    + myForm.$valid = {{myForm.$valid}}
    + myForm.$error.required = {{!!myForm.$error.required}}
    +
    +
    + + var value = element(by.binding('example.value | date: "yyyy-MM-dd"')); + var valid = element(by.binding('myForm.input.$valid')); + + // currently protractor/webdriver does not support + // sending keys to all known HTML5 input controls + // for various browsers (see https://github.com/angular/protractor/issues/562). + function setInput(val) { + // set the value of the element and force validation. + var scr = "var ipt = document.getElementById('exampleInput'); " + + "ipt.value = '" + val + "';" + + "angular.element(ipt).scope().$apply(function(s) { s.myForm[ipt.name].$setViewValue('" + val + "'); });"; + browser.executeScript(scr); + } + + it('should initialize to model', function() { + expect(value.getText()).toContain('2013-10-22'); + expect(valid.getText()).toContain('myForm.input.$valid = true'); + }); + + it('should be invalid if empty', function() { + setInput(''); + expect(value.getText()).toEqual('value ='); + expect(valid.getText()).toContain('myForm.input.$valid = false'); + }); + + it('should be invalid if over max', function() { + setInput('2015-01-01'); + expect(value.getText()).toContain(''); + expect(valid.getText()).toContain('myForm.input.$valid = false'); + }); + +
    + */ + 'date': createDateInputType('date', DATE_REGEXP, + createDateParser(DATE_REGEXP, ['yyyy', 'MM', 'dd']), + 'yyyy-MM-dd'), + + /** + * @ngdoc input + * @name input[datetime-local] + * + * @description + * Input with datetime validation and transformation. In browsers that do not yet support + * the HTML5 date input, a text element will be used. In that case, the text must be entered in a valid ISO-8601 + * local datetime format (yyyy-MM-ddTHH:mm:ss), for example: `2010-12-28T14:57:00`. + * + * The model must always be a Date object, otherwise Angular will throw an error. + * Invalid `Date` objects (dates whose `getTime()` is `NaN`) will be rendered as an empty string. + * + * The timezone to be used to read/write the `Date` instance in the model can be defined using + * {@link ng.directive:ngModelOptions ngModelOptions}. By default, this is the timezone of the browser. + * + * @param {string} ngModel Assignable angular expression to data-bind to. + * @param {string=} name Property name of the form under which the control is published. + * @param {string=} min Sets the `min` validation error key if the value entered is less than `min`. + * This must be a valid ISO datetime format (yyyy-MM-ddTHH:mm:ss). You can also use interpolation + * inside this attribute (e.g. `min="{{minDatetimeLocal | date:'yyyy-MM-ddTHH:mm:ss'}}"`). + * Note that `min` will also add native HTML5 constraint validation. + * @param {string=} max Sets the `max` validation error key if the value entered is greater than `max`. + * This must be a valid ISO datetime format (yyyy-MM-ddTHH:mm:ss). You can also use interpolation + * inside this attribute (e.g. `max="{{maxDatetimeLocal | date:'yyyy-MM-ddTHH:mm:ss'}}"`). + * Note that `max` will also add native HTML5 constraint validation. + * @param {(date|string)=} ngMin Sets the `min` validation error key to the Date / ISO datetime string + * the `ngMin` expression evaluates to. Note that it does not set the `min` attribute. + * @param {(date|string)=} ngMax Sets the `max` validation error key to the Date / ISO datetime string + * the `ngMax` expression evaluates to. Note that it does not set the `max` attribute. + * @param {string=} required Sets `required` validation error key if the value is not entered. + * @param {string=} ngRequired Adds `required` attribute and `required` validation constraint to + * the element when the ngRequired expression evaluates to true. Use `ngRequired` instead of + * `required` when you want to data-bind to the `required` attribute. + * @param {string=} ngChange Angular expression to be executed when input changes due to user + * interaction with the input element. + * + * @example + + + +
    + + +
    + + Required! + + Not a valid date! +
    + value = {{example.value | date: "yyyy-MM-ddTHH:mm:ss"}}
    + myForm.input.$valid = {{myForm.input.$valid}}
    + myForm.input.$error = {{myForm.input.$error}}
    + myForm.$valid = {{myForm.$valid}}
    + myForm.$error.required = {{!!myForm.$error.required}}
    +
    +
    + + var value = element(by.binding('example.value | date: "yyyy-MM-ddTHH:mm:ss"')); + var valid = element(by.binding('myForm.input.$valid')); + + // currently protractor/webdriver does not support + // sending keys to all known HTML5 input controls + // for various browsers (https://github.com/angular/protractor/issues/562). + function setInput(val) { + // set the value of the element and force validation. + var scr = "var ipt = document.getElementById('exampleInput'); " + + "ipt.value = '" + val + "';" + + "angular.element(ipt).scope().$apply(function(s) { s.myForm[ipt.name].$setViewValue('" + val + "'); });"; + browser.executeScript(scr); + } + + it('should initialize to model', function() { + expect(value.getText()).toContain('2010-12-28T14:57:00'); + expect(valid.getText()).toContain('myForm.input.$valid = true'); + }); + + it('should be invalid if empty', function() { + setInput(''); + expect(value.getText()).toEqual('value ='); + expect(valid.getText()).toContain('myForm.input.$valid = false'); + }); + + it('should be invalid if over max', function() { + setInput('2015-01-01T23:59:00'); + expect(value.getText()).toContain(''); + expect(valid.getText()).toContain('myForm.input.$valid = false'); + }); + +
    + */ + 'datetime-local': createDateInputType('datetimelocal', DATETIMELOCAL_REGEXP, + createDateParser(DATETIMELOCAL_REGEXP, ['yyyy', 'MM', 'dd', 'HH', 'mm', 'ss', 'sss']), + 'yyyy-MM-ddTHH:mm:ss.sss'), + + /** + * @ngdoc input + * @name input[time] + * + * @description + * Input with time validation and transformation. In browsers that do not yet support + * the HTML5 time input, a text element will be used. In that case, the text must be entered in a valid ISO-8601 + * local time format (HH:mm:ss), for example: `14:57:00`. Model must be a Date object. This binding will always output a + * Date object to the model of January 1, 1970, or local date `new Date(1970, 0, 1, HH, mm, ss)`. + * + * The model must always be a Date object, otherwise Angular will throw an error. + * Invalid `Date` objects (dates whose `getTime()` is `NaN`) will be rendered as an empty string. + * + * The timezone to be used to read/write the `Date` instance in the model can be defined using + * {@link ng.directive:ngModelOptions ngModelOptions}. By default, this is the timezone of the browser. + * + * @param {string} ngModel Assignable angular expression to data-bind to. + * @param {string=} name Property name of the form under which the control is published. + * @param {string=} min Sets the `min` validation error key if the value entered is less than `min`. + * This must be a valid ISO time format (HH:mm:ss). You can also use interpolation inside this + * attribute (e.g. `min="{{minTime | date:'HH:mm:ss'}}"`). Note that `min` will also add + * native HTML5 constraint validation. + * @param {string=} max Sets the `max` validation error key if the value entered is greater than `max`. + * This must be a valid ISO time format (HH:mm:ss). You can also use interpolation inside this + * attribute (e.g. `max="{{maxTime | date:'HH:mm:ss'}}"`). Note that `max` will also add + * native HTML5 constraint validation. + * @param {(date|string)=} ngMin Sets the `min` validation constraint to the Date / ISO time string the + * `ngMin` expression evaluates to. Note that it does not set the `min` attribute. + * @param {(date|string)=} ngMax Sets the `max` validation constraint to the Date / ISO time string the + * `ngMax` expression evaluates to. Note that it does not set the `max` attribute. + * @param {string=} required Sets `required` validation error key if the value is not entered. + * @param {string=} ngRequired Adds `required` attribute and `required` validation constraint to + * the element when the ngRequired expression evaluates to true. Use `ngRequired` instead of + * `required` when you want to data-bind to the `required` attribute. + * @param {string=} ngChange Angular expression to be executed when input changes due to user + * interaction with the input element. + * + * @example + + + +
    + + +
    + + Required! + + Not a valid date! +
    + value = {{example.value | date: "HH:mm:ss"}}
    + myForm.input.$valid = {{myForm.input.$valid}}
    + myForm.input.$error = {{myForm.input.$error}}
    + myForm.$valid = {{myForm.$valid}}
    + myForm.$error.required = {{!!myForm.$error.required}}
    +
    +
    + + var value = element(by.binding('example.value | date: "HH:mm:ss"')); + var valid = element(by.binding('myForm.input.$valid')); + + // currently protractor/webdriver does not support + // sending keys to all known HTML5 input controls + // for various browsers (https://github.com/angular/protractor/issues/562). + function setInput(val) { + // set the value of the element and force validation. + var scr = "var ipt = document.getElementById('exampleInput'); " + + "ipt.value = '" + val + "';" + + "angular.element(ipt).scope().$apply(function(s) { s.myForm[ipt.name].$setViewValue('" + val + "'); });"; + browser.executeScript(scr); + } + + it('should initialize to model', function() { + expect(value.getText()).toContain('14:57:00'); + expect(valid.getText()).toContain('myForm.input.$valid = true'); + }); + + it('should be invalid if empty', function() { + setInput(''); + expect(value.getText()).toEqual('value ='); + expect(valid.getText()).toContain('myForm.input.$valid = false'); + }); + + it('should be invalid if over max', function() { + setInput('23:59:00'); + expect(value.getText()).toContain(''); + expect(valid.getText()).toContain('myForm.input.$valid = false'); + }); + +
    + */ + 'time': createDateInputType('time', TIME_REGEXP, + createDateParser(TIME_REGEXP, ['HH', 'mm', 'ss', 'sss']), + 'HH:mm:ss.sss'), + + /** + * @ngdoc input + * @name input[week] + * + * @description + * Input with week-of-the-year validation and transformation to Date. In browsers that do not yet support + * the HTML5 week input, a text element will be used. In that case, the text must be entered in a valid ISO-8601 + * week format (yyyy-W##), for example: `2013-W02`. + * + * The model must always be a Date object, otherwise Angular will throw an error. + * Invalid `Date` objects (dates whose `getTime()` is `NaN`) will be rendered as an empty string. + * + * The timezone to be used to read/write the `Date` instance in the model can be defined using + * {@link ng.directive:ngModelOptions ngModelOptions}. By default, this is the timezone of the browser. + * + * @param {string} ngModel Assignable angular expression to data-bind to. + * @param {string=} name Property name of the form under which the control is published. + * @param {string=} min Sets the `min` validation error key if the value entered is less than `min`. + * This must be a valid ISO week format (yyyy-W##). You can also use interpolation inside this + * attribute (e.g. `min="{{minWeek | date:'yyyy-Www'}}"`). Note that `min` will also add + * native HTML5 constraint validation. + * @param {string=} max Sets the `max` validation error key if the value entered is greater than `max`. + * This must be a valid ISO week format (yyyy-W##). You can also use interpolation inside this + * attribute (e.g. `max="{{maxWeek | date:'yyyy-Www'}}"`). Note that `max` will also add + * native HTML5 constraint validation. + * @param {(date|string)=} ngMin Sets the `min` validation constraint to the Date / ISO week string + * the `ngMin` expression evaluates to. Note that it does not set the `min` attribute. + * @param {(date|string)=} ngMax Sets the `max` validation constraint to the Date / ISO week string + * the `ngMax` expression evaluates to. Note that it does not set the `max` attribute. + * @param {string=} required Sets `required` validation error key if the value is not entered. + * @param {string=} ngRequired Adds `required` attribute and `required` validation constraint to + * the element when the ngRequired expression evaluates to true. Use `ngRequired` instead of + * `required` when you want to data-bind to the `required` attribute. + * @param {string=} ngChange Angular expression to be executed when input changes due to user + * interaction with the input element. + * + * @example + + + +
    + +
    + + Required! + + Not a valid date! +
    + value = {{example.value | date: "yyyy-Www"}}
    + myForm.input.$valid = {{myForm.input.$valid}}
    + myForm.input.$error = {{myForm.input.$error}}
    + myForm.$valid = {{myForm.$valid}}
    + myForm.$error.required = {{!!myForm.$error.required}}
    +
    +
    + + var value = element(by.binding('example.value | date: "yyyy-Www"')); + var valid = element(by.binding('myForm.input.$valid')); + + // currently protractor/webdriver does not support + // sending keys to all known HTML5 input controls + // for various browsers (https://github.com/angular/protractor/issues/562). + function setInput(val) { + // set the value of the element and force validation. + var scr = "var ipt = document.getElementById('exampleInput'); " + + "ipt.value = '" + val + "';" + + "angular.element(ipt).scope().$apply(function(s) { s.myForm[ipt.name].$setViewValue('" + val + "'); });"; + browser.executeScript(scr); + } + + it('should initialize to model', function() { + expect(value.getText()).toContain('2013-W01'); + expect(valid.getText()).toContain('myForm.input.$valid = true'); + }); + + it('should be invalid if empty', function() { + setInput(''); + expect(value.getText()).toEqual('value ='); + expect(valid.getText()).toContain('myForm.input.$valid = false'); + }); + + it('should be invalid if over max', function() { + setInput('2015-W01'); + expect(value.getText()).toContain(''); + expect(valid.getText()).toContain('myForm.input.$valid = false'); + }); + +
    + */ + 'week': createDateInputType('week', WEEK_REGEXP, weekParser, 'yyyy-Www'), + + /** + * @ngdoc input + * @name input[month] + * + * @description + * Input with month validation and transformation. In browsers that do not yet support + * the HTML5 month input, a text element will be used. In that case, the text must be entered in a valid ISO-8601 + * month format (yyyy-MM), for example: `2009-01`. + * + * The model must always be a Date object, otherwise Angular will throw an error. + * Invalid `Date` objects (dates whose `getTime()` is `NaN`) will be rendered as an empty string. + * If the model is not set to the first of the month, the next view to model update will set it + * to the first of the month. + * + * The timezone to be used to read/write the `Date` instance in the model can be defined using + * {@link ng.directive:ngModelOptions ngModelOptions}. By default, this is the timezone of the browser. + * + * @param {string} ngModel Assignable angular expression to data-bind to. + * @param {string=} name Property name of the form under which the control is published. + * @param {string=} min Sets the `min` validation error key if the value entered is less than `min`. + * This must be a valid ISO month format (yyyy-MM). You can also use interpolation inside this + * attribute (e.g. `min="{{minMonth | date:'yyyy-MM'}}"`). Note that `min` will also add + * native HTML5 constraint validation. + * @param {string=} max Sets the `max` validation error key if the value entered is greater than `max`. + * This must be a valid ISO month format (yyyy-MM). You can also use interpolation inside this + * attribute (e.g. `max="{{maxMonth | date:'yyyy-MM'}}"`). Note that `max` will also add + * native HTML5 constraint validation. + * @param {(date|string)=} ngMin Sets the `min` validation constraint to the Date / ISO week string + * the `ngMin` expression evaluates to. Note that it does not set the `min` attribute. + * @param {(date|string)=} ngMax Sets the `max` validation constraint to the Date / ISO week string + * the `ngMax` expression evaluates to. Note that it does not set the `max` attribute. + + * @param {string=} required Sets `required` validation error key if the value is not entered. + * @param {string=} ngRequired Adds `required` attribute and `required` validation constraint to + * the element when the ngRequired expression evaluates to true. Use `ngRequired` instead of + * `required` when you want to data-bind to the `required` attribute. + * @param {string=} ngChange Angular expression to be executed when input changes due to user + * interaction with the input element. + * + * @example + + + +
    + + +
    + + Required! + + Not a valid month! +
    + value = {{example.value | date: "yyyy-MM"}}
    + myForm.input.$valid = {{myForm.input.$valid}}
    + myForm.input.$error = {{myForm.input.$error}}
    + myForm.$valid = {{myForm.$valid}}
    + myForm.$error.required = {{!!myForm.$error.required}}
    +
    +
    + + var value = element(by.binding('example.value | date: "yyyy-MM"')); + var valid = element(by.binding('myForm.input.$valid')); + + // currently protractor/webdriver does not support + // sending keys to all known HTML5 input controls + // for various browsers (https://github.com/angular/protractor/issues/562). + function setInput(val) { + // set the value of the element and force validation. + var scr = "var ipt = document.getElementById('exampleInput'); " + + "ipt.value = '" + val + "';" + + "angular.element(ipt).scope().$apply(function(s) { s.myForm[ipt.name].$setViewValue('" + val + "'); });"; + browser.executeScript(scr); + } + + it('should initialize to model', function() { + expect(value.getText()).toContain('2013-10'); + expect(valid.getText()).toContain('myForm.input.$valid = true'); + }); + + it('should be invalid if empty', function() { + setInput(''); + expect(value.getText()).toEqual('value ='); + expect(valid.getText()).toContain('myForm.input.$valid = false'); + }); + + it('should be invalid if over max', function() { + setInput('2015-01'); + expect(value.getText()).toContain(''); + expect(valid.getText()).toContain('myForm.input.$valid = false'); + }); + +
    + */ + 'month': createDateInputType('month', MONTH_REGEXP, + createDateParser(MONTH_REGEXP, ['yyyy', 'MM']), + 'yyyy-MM'), + + /** + * @ngdoc input + * @name input[number] + * + * @description + * Text input with number validation and transformation. Sets the `number` validation + * error if not a valid number. + * + *
    + * The model must always be of type `number` otherwise Angular will throw an error. + * Be aware that a string containing a number is not enough. See the {@link ngModel:numfmt} + * error docs for more information and an example of how to convert your model if necessary. + *
    + * + * ## Issues with HTML5 constraint validation + * + * In browsers that follow the + * [HTML5 specification](https://html.spec.whatwg.org/multipage/forms.html#number-state-%28type=number%29), + * `input[number]` does not work as expected with {@link ngModelOptions `ngModelOptions.allowInvalid`}. + * If a non-number is entered in the input, the browser will report the value as an empty string, + * which means the view / model values in `ngModel` and subsequently the scope value + * will also be an empty string. + * + * + * @param {string} ngModel Assignable angular expression to data-bind to. + * @param {string=} name Property name of the form under which the control is published. + * @param {string=} min Sets the `min` validation error key if the value entered is less than `min`. + * Can be interpolated. + * @param {string=} max Sets the `max` validation error key if the value entered is greater than `max`. + * Can be interpolated. + * @param {string=} ngMin Like `min`, sets the `min` validation error key if the value entered is less than `ngMin`, + * but does not trigger HTML5 native validation. Takes an expression. + * @param {string=} ngMax Like `max`, sets the `max` validation error key if the value entered is greater than `ngMax`, + * but does not trigger HTML5 native validation. Takes an expression. + * @param {string=} step Sets the `step` validation error key if the value entered does not fit the `step` constraint. + * Can be interpolated. + * @param {string=} ngStep Like `step`, sets the `step` validation error key if the value entered does not fit the `ngStep` constraint, + * but does not trigger HTML5 native validation. Takes an expression. + * @param {string=} required Sets `required` validation error key if the value is not entered. + * @param {string=} ngRequired Adds `required` attribute and `required` validation constraint to + * the element when the ngRequired expression evaluates to true. Use `ngRequired` instead of + * `required` when you want to data-bind to the `required` attribute. + * @param {number=} ngMinlength Sets `minlength` validation error key if the value is shorter than + * minlength. + * @param {number=} ngMaxlength Sets `maxlength` validation error key if the value is longer than + * maxlength. Setting the attribute to a negative or non-numeric value, allows view values of + * any length. + * @param {string=} pattern Similar to `ngPattern` except that the attribute value is the actual string + * that contains the regular expression body that will be converted to a regular expression + * as in the ngPattern directive. + * @param {string=} ngPattern Sets `pattern` validation error key if the ngModel {@link ngModel.NgModelController#$viewValue $viewValue} + * does not match a RegExp found by evaluating the Angular expression given in the attribute value. + * If the expression evaluates to a RegExp object, then this is used directly. + * If the expression evaluates to a string, then it will be converted to a RegExp + * after wrapping it in `^` and `$` characters. For instance, `"abc"` will be converted to + * `new RegExp('^abc$')`.
    + * **Note:** Avoid using the `g` flag on the RegExp, as it will cause each successive search to + * start at the index of the last search's match, thus not taking the whole input value into + * account. + * @param {string=} ngChange Angular expression to be executed when input changes due to user + * interaction with the input element. + * + * @example + + + +
    + +
    + + Required! + + Not valid number! +
    + value = {{example.value}}
    + myForm.input.$valid = {{myForm.input.$valid}}
    + myForm.input.$error = {{myForm.input.$error}}
    + myForm.$valid = {{myForm.$valid}}
    + myForm.$error.required = {{!!myForm.$error.required}}
    +
    +
    + + var value = element(by.binding('example.value')); + var valid = element(by.binding('myForm.input.$valid')); + var input = element(by.model('example.value')); + + it('should initialize to model', function() { + expect(value.getText()).toContain('12'); + expect(valid.getText()).toContain('true'); + }); + + it('should be invalid if empty', function() { + input.clear(); + input.sendKeys(''); + expect(value.getText()).toEqual('value ='); + expect(valid.getText()).toContain('false'); + }); + + it('should be invalid if over max', function() { + input.clear(); + input.sendKeys('123'); + expect(value.getText()).toEqual('value ='); + expect(valid.getText()).toContain('false'); + }); + +
    + */ + 'number': numberInputType, + + + /** + * @ngdoc input + * @name input[url] + * + * @description + * Text input with URL validation. Sets the `url` validation error key if the content is not a + * valid URL. + * + *
    + * **Note:** `input[url]` uses a regex to validate urls that is derived from the regex + * used in Chromium. If you need stricter validation, you can use `ng-pattern` or modify + * the built-in validators (see the {@link guide/forms Forms guide}) + *
    + * + * @param {string} ngModel Assignable angular expression to data-bind to. + * @param {string=} name Property name of the form under which the control is published. + * @param {string=} required Sets `required` validation error key if the value is not entered. + * @param {string=} ngRequired Adds `required` attribute and `required` validation constraint to + * the element when the ngRequired expression evaluates to true. Use `ngRequired` instead of + * `required` when you want to data-bind to the `required` attribute. + * @param {number=} ngMinlength Sets `minlength` validation error key if the value is shorter than + * minlength. + * @param {number=} ngMaxlength Sets `maxlength` validation error key if the value is longer than + * maxlength. Setting the attribute to a negative or non-numeric value, allows view values of + * any length. + * @param {string=} pattern Similar to `ngPattern` except that the attribute value is the actual string + * that contains the regular expression body that will be converted to a regular expression + * as in the ngPattern directive. + * @param {string=} ngPattern Sets `pattern` validation error key if the ngModel {@link ngModel.NgModelController#$viewValue $viewValue} + * does not match a RegExp found by evaluating the Angular expression given in the attribute value. + * If the expression evaluates to a RegExp object, then this is used directly. + * If the expression evaluates to a string, then it will be converted to a RegExp + * after wrapping it in `^` and `$` characters. For instance, `"abc"` will be converted to + * `new RegExp('^abc$')`.
    + * **Note:** Avoid using the `g` flag on the RegExp, as it will cause each successive search to + * start at the index of the last search's match, thus not taking the whole input value into + * account. + * @param {string=} ngChange Angular expression to be executed when input changes due to user + * interaction with the input element. + * + * @example + + + +
    +
    + + var text = element(by.binding('url.text')); + var valid = element(by.binding('myForm.input.$valid')); + var input = element(by.model('url.text')); + + it('should initialize to model', function() { + expect(text.getText()).toContain('http://google.com'); + expect(valid.getText()).toContain('true'); + }); + + it('should be invalid if empty', function() { + input.clear(); + input.sendKeys(''); + + expect(text.getText()).toEqual('text ='); + expect(valid.getText()).toContain('false'); + }); + + it('should be invalid if not url', function() { + input.clear(); + input.sendKeys('box'); + + expect(valid.getText()).toContain('false'); + }); + +
    + */ + 'url': urlInputType, + + + /** + * @ngdoc input + * @name input[email] + * + * @description + * Text input with email validation. Sets the `email` validation error key if not a valid email + * address. + * + *
    + * **Note:** `input[email]` uses a regex to validate email addresses that is derived from the regex + * used in Chromium. If you need stricter validation (e.g. requiring a top-level domain), you can + * use `ng-pattern` or modify the built-in validators (see the {@link guide/forms Forms guide}) + *
    + * + * @param {string} ngModel Assignable angular expression to data-bind to. + * @param {string=} name Property name of the form under which the control is published. + * @param {string=} required Sets `required` validation error key if the value is not entered. + * @param {string=} ngRequired Adds `required` attribute and `required` validation constraint to + * the element when the ngRequired expression evaluates to true. Use `ngRequired` instead of + * `required` when you want to data-bind to the `required` attribute. + * @param {number=} ngMinlength Sets `minlength` validation error key if the value is shorter than + * minlength. + * @param {number=} ngMaxlength Sets `maxlength` validation error key if the value is longer than + * maxlength. Setting the attribute to a negative or non-numeric value, allows view values of + * any length. + * @param {string=} pattern Similar to `ngPattern` except that the attribute value is the actual string + * that contains the regular expression body that will be converted to a regular expression + * as in the ngPattern directive. + * @param {string=} ngPattern Sets `pattern` validation error key if the ngModel {@link ngModel.NgModelController#$viewValue $viewValue} + * does not match a RegExp found by evaluating the Angular expression given in the attribute value. + * If the expression evaluates to a RegExp object, then this is used directly. + * If the expression evaluates to a string, then it will be converted to a RegExp + * after wrapping it in `^` and `$` characters. For instance, `"abc"` will be converted to + * `new RegExp('^abc$')`.
    + * **Note:** Avoid using the `g` flag on the RegExp, as it will cause each successive search to + * start at the index of the last search's match, thus not taking the whole input value into + * account. + * @param {string=} ngChange Angular expression to be executed when input changes due to user + * interaction with the input element. + * + * @example + + + +
    + +
    + + Required! + + Not valid email! +
    + text = {{email.text}}
    + myForm.input.$valid = {{myForm.input.$valid}}
    + myForm.input.$error = {{myForm.input.$error}}
    + myForm.$valid = {{myForm.$valid}}
    + myForm.$error.required = {{!!myForm.$error.required}}
    + myForm.$error.email = {{!!myForm.$error.email}}
    +
    +
    + + var text = element(by.binding('email.text')); + var valid = element(by.binding('myForm.input.$valid')); + var input = element(by.model('email.text')); + + it('should initialize to model', function() { + expect(text.getText()).toContain('me@example.com'); + expect(valid.getText()).toContain('true'); + }); + + it('should be invalid if empty', function() { + input.clear(); + input.sendKeys(''); + expect(text.getText()).toEqual('text ='); + expect(valid.getText()).toContain('false'); + }); + + it('should be invalid if not email', function() { + input.clear(); + input.sendKeys('xxx'); + + expect(valid.getText()).toContain('false'); + }); + +
    + */ + 'email': emailInputType, + + + /** + * @ngdoc input + * @name input[radio] + * + * @description + * HTML radio button. + * + * @param {string} ngModel Assignable angular expression to data-bind to. + * @param {string} value The value to which the `ngModel` expression should be set when selected. + * Note that `value` only supports `string` values, i.e. the scope model needs to be a string, + * too. Use `ngValue` if you need complex models (`number`, `object`, ...). + * @param {string=} name Property name of the form under which the control is published. + * @param {string=} ngChange Angular expression to be executed when input changes due to user + * interaction with the input element. + * @param {string} ngValue Angular expression to which `ngModel` will be be set when the radio + * is selected. Should be used instead of the `value` attribute if you need + * a non-string `ngModel` (`boolean`, `array`, ...). + * + * @example + + + +
    +
    +
    +
    + color = {{color.name | json}}
    +
    + Note that `ng-value="specialValue"` sets radio item's value to be the value of `$scope.specialValue`. +
    + + it('should change state', function() { + var inputs = element.all(by.model('color.name')); + var color = element(by.binding('color.name')); + + expect(color.getText()).toContain('blue'); + + inputs.get(0).click(); + expect(color.getText()).toContain('red'); + + inputs.get(1).click(); + expect(color.getText()).toContain('green'); + }); + +
    + */ + 'radio': radioInputType, + + /** + * @ngdoc input + * @name input[range] + * + * @description + * Native range input with validation and transformation. + * + * The model for the range input must always be a `Number`. + * + * IE9 and other browsers that do not support the `range` type fall back + * to a text input without any default values for `min`, `max` and `step`. Model binding, + * validation and number parsing are nevertheless supported. + * + * Browsers that support range (latest Chrome, Safari, Firefox, Edge) treat `input[range]` + * in a way that never allows the input to hold an invalid value. That means: + * - any non-numerical value is set to `(max + min) / 2`. + * - any numerical value that is less than the current min val, or greater than the current max val + * is set to the min / max val respectively. + * - additionally, the current `step` is respected, so the nearest value that satisfies a step + * is used. + * + * See the [HTML Spec on input[type=range]](https://www.w3.org/TR/html5/forms.html#range-state-(type=range)) + * for more info. + * + * This has the following consequences for Angular: + * + * Since the element value should always reflect the current model value, a range input + * will set the bound ngModel expression to the value that the browser has set for the + * input element. For example, in the following input ``, + * if the application sets `model.value = null`, the browser will set the input to `'50'`. + * Angular will then set the model to `50`, to prevent input and model value being out of sync. + * + * That means the model for range will immediately be set to `50` after `ngModel` has been + * initialized. It also means a range input can never have the required error. + * + * This does not only affect changes to the model value, but also to the values of the `min`, + * `max`, and `step` attributes. When these change in a way that will cause the browser to modify + * the input value, Angular will also update the model value. + * + * Automatic value adjustment also means that a range input element can never have the `required`, + * `min`, or `max` errors. + * + * However, `step` is currently only fully implemented by Firefox. Other browsers have problems + * when the step value changes dynamically - they do not adjust the element value correctly, but + * instead may set the `stepMismatch` error. If that's the case, the Angular will set the `step` + * error on the input, and set the model to `undefined`. + * + * Note that `input[range]` is not compatible with`ngMax`, `ngMin`, and `ngStep`, because they do + * not set the `min` and `max` attributes, which means that the browser won't automatically adjust + * the input value based on their values, and will always assume min = 0, max = 100, and step = 1. + * + * @param {string} ngModel Assignable angular expression to data-bind to. + * @param {string=} name Property name of the form under which the control is published. + * @param {string=} min Sets the `min` validation to ensure that the value entered is greater + * than `min`. Can be interpolated. + * @param {string=} max Sets the `max` validation to ensure that the value entered is less than `max`. + * Can be interpolated. + * @param {string=} step Sets the `step` validation to ensure that the value entered matches the `step` + * Can be interpolated. + * @param {string=} ngChange Angular expression to be executed when the ngModel value changes due + * to user interaction with the input element. + * @param {expression=} ngChecked If the expression is truthy, then the `checked` attribute will be set on the + * element. **Note** : `ngChecked` should not be used alongside `ngModel`. + * Checkout {@link ng.directive:ngChecked ngChecked} for usage. + * + * @example + + + +
    + + Model as range: +
    + Model as number:
    + Min:
    + Max:
    + value = {{value}}
    + myForm.range.$valid = {{myForm.range.$valid}}
    + myForm.range.$error = {{myForm.range.$error}} +
    +
    +
    + + * ## Range Input with ngMin & ngMax attributes + + * @example + + + +
    + Model as range: +
    + Model as number:
    + Min:
    + Max:
    + value = {{value}}
    + myForm.range.$valid = {{myForm.range.$valid}}
    + myForm.range.$error = {{myForm.range.$error}} +
    +
    +
    + + */ + 'range': rangeInputType, + + /** + * @ngdoc input + * @name input[checkbox] + * + * @description + * HTML checkbox. + * + * @param {string} ngModel Assignable angular expression to data-bind to. + * @param {string=} name Property name of the form under which the control is published. + * @param {expression=} ngTrueValue The value to which the expression should be set when selected. + * @param {expression=} ngFalseValue The value to which the expression should be set when not selected. + * @param {string=} ngChange Angular expression to be executed when input changes due to user + * interaction with the input element. + * + * @example + + + +
    +
    +
    + value1 = {{checkboxModel.value1}}
    + value2 = {{checkboxModel.value2}}
    +
    +
    + + it('should change state', function() { + var value1 = element(by.binding('checkboxModel.value1')); + var value2 = element(by.binding('checkboxModel.value2')); + + expect(value1.getText()).toContain('true'); + expect(value2.getText()).toContain('YES'); + + element(by.model('checkboxModel.value1')).click(); + element(by.model('checkboxModel.value2')).click(); + + expect(value1.getText()).toContain('false'); + expect(value2.getText()).toContain('NO'); + }); + +
    + */ + 'checkbox': checkboxInputType, + + 'hidden': noop, + 'button': noop, + 'submit': noop, + 'reset': noop, + 'file': noop +}; + +function stringBasedInputType(ctrl) { + ctrl.$formatters.push(function(value) { + return ctrl.$isEmpty(value) ? value : value.toString(); + }); +} + +function textInputType(scope, element, attr, ctrl, $sniffer, $browser) { + baseInputType(scope, element, attr, ctrl, $sniffer, $browser); + stringBasedInputType(ctrl); +} + +function baseInputType(scope, element, attr, ctrl, $sniffer, $browser) { + var type = lowercase(element[0].type); + + // In composition mode, users are still inputting intermediate text buffer, + // hold the listener until composition is done. + // More about composition events: https://developer.mozilla.org/en-US/docs/Web/API/CompositionEvent + if (!$sniffer.android) { + var composing = false; + + element.on('compositionstart', function() { + composing = true; + }); + + element.on('compositionend', function() { + composing = false; + listener(); + }); + } + + var timeout; + + var listener = function(ev) { + if (timeout) { + $browser.defer.cancel(timeout); + timeout = null; + } + if (composing) return; + var value = element.val(), + event = ev && ev.type; + + // By default we will trim the value + // If the attribute ng-trim exists we will avoid trimming + // If input type is 'password', the value is never trimmed + if (type !== 'password' && (!attr.ngTrim || attr.ngTrim !== 'false')) { + value = trim(value); + } + + // If a control is suffering from bad input (due to native validators), browsers discard its + // value, so it may be necessary to revalidate (by calling $setViewValue again) even if the + // control's value is the same empty value twice in a row. + if (ctrl.$viewValue !== value || (value === '' && ctrl.$$hasNativeValidators)) { + ctrl.$setViewValue(value, event); + } + }; + + // if the browser does support "input" event, we are fine - except on IE9 which doesn't fire the + // input event on backspace, delete or cut + if ($sniffer.hasEvent('input')) { + element.on('input', listener); + } else { + var deferListener = function(ev, input, origValue) { + if (!timeout) { + timeout = $browser.defer(function() { + timeout = null; + if (!input || input.value !== origValue) { + listener(ev); + } + }); + } + }; + + element.on('keydown', /** @this */ function(event) { + var key = event.keyCode; + + // ignore + // command modifiers arrows + if (key === 91 || (15 < key && key < 19) || (37 <= key && key <= 40)) return; + + deferListener(event, this, this.value); + }); + + // if user modifies input value using context menu in IE, we need "paste" and "cut" events to catch it + if ($sniffer.hasEvent('paste')) { + element.on('paste cut', deferListener); + } + } + + // if user paste into input using mouse on older browser + // or form autocomplete on newer browser, we need "change" event to catch it + element.on('change', listener); + + // Some native input types (date-family) have the ability to change validity without + // firing any input/change events. + // For these event types, when native validators are present and the browser supports the type, + // check for validity changes on various DOM events. + if (PARTIAL_VALIDATION_TYPES[type] && ctrl.$$hasNativeValidators && type === attr.type) { + element.on(PARTIAL_VALIDATION_EVENTS, /** @this */ function(ev) { + if (!timeout) { + var validity = this[VALIDITY_STATE_PROPERTY]; + var origBadInput = validity.badInput; + var origTypeMismatch = validity.typeMismatch; + timeout = $browser.defer(function() { + timeout = null; + if (validity.badInput !== origBadInput || validity.typeMismatch !== origTypeMismatch) { + listener(ev); + } + }); + } + }); + } + + ctrl.$render = function() { + // Workaround for Firefox validation #12102. + var value = ctrl.$isEmpty(ctrl.$viewValue) ? '' : ctrl.$viewValue; + if (element.val() !== value) { + element.val(value); + } + }; +} + +function weekParser(isoWeek, existingDate) { + if (isDate(isoWeek)) { + return isoWeek; + } + + if (isString(isoWeek)) { + WEEK_REGEXP.lastIndex = 0; + var parts = WEEK_REGEXP.exec(isoWeek); + if (parts) { + var year = +parts[1], + week = +parts[2], + hours = 0, + minutes = 0, + seconds = 0, + milliseconds = 0, + firstThurs = getFirstThursdayOfYear(year), + addDays = (week - 1) * 7; + + if (existingDate) { + hours = existingDate.getHours(); + minutes = existingDate.getMinutes(); + seconds = existingDate.getSeconds(); + milliseconds = existingDate.getMilliseconds(); + } + + return new Date(year, 0, firstThurs.getDate() + addDays, hours, minutes, seconds, milliseconds); + } + } + + return NaN; +} + +function createDateParser(regexp, mapping) { + return function(iso, date) { + var parts, map; + + if (isDate(iso)) { + return iso; + } + + if (isString(iso)) { + // When a date is JSON'ified to wraps itself inside of an extra + // set of double quotes. This makes the date parsing code unable + // to match the date string and parse it as a date. + if (iso.charAt(0) === '"' && iso.charAt(iso.length - 1) === '"') { + iso = iso.substring(1, iso.length - 1); + } + if (ISO_DATE_REGEXP.test(iso)) { + return new Date(iso); + } + regexp.lastIndex = 0; + parts = regexp.exec(iso); + + if (parts) { + parts.shift(); + if (date) { + map = { + yyyy: date.getFullYear(), + MM: date.getMonth() + 1, + dd: date.getDate(), + HH: date.getHours(), + mm: date.getMinutes(), + ss: date.getSeconds(), + sss: date.getMilliseconds() / 1000 + }; + } else { + map = { yyyy: 1970, MM: 1, dd: 1, HH: 0, mm: 0, ss: 0, sss: 0 }; + } + + forEach(parts, function(part, index) { + if (index < mapping.length) { + map[mapping[index]] = +part; + } + }); + return new Date(map.yyyy, map.MM - 1, map.dd, map.HH, map.mm, map.ss || 0, map.sss * 1000 || 0); + } + } + + return NaN; + }; +} + +function createDateInputType(type, regexp, parseDate, format) { + return function dynamicDateInputType(scope, element, attr, ctrl, $sniffer, $browser, $filter) { + badInputChecker(scope, element, attr, ctrl); + baseInputType(scope, element, attr, ctrl, $sniffer, $browser); + var timezone = ctrl && ctrl.$options.getOption('timezone'); + var previousDate; + + ctrl.$$parserName = type; + ctrl.$parsers.push(function(value) { + if (ctrl.$isEmpty(value)) return null; + if (regexp.test(value)) { + // Note: We cannot read ctrl.$modelValue, as there might be a different + // parser/formatter in the processing chain so that the model + // contains some different data format! + var parsedDate = parseDate(value, previousDate); + if (timezone) { + parsedDate = convertTimezoneToLocal(parsedDate, timezone); + } + return parsedDate; + } + return undefined; + }); + + ctrl.$formatters.push(function(value) { + if (value && !isDate(value)) { + throw ngModelMinErr('datefmt', 'Expected `{0}` to be a date', value); + } + if (isValidDate(value)) { + previousDate = value; + if (previousDate && timezone) { + previousDate = convertTimezoneToLocal(previousDate, timezone, true); + } + return $filter('date')(value, format, timezone); + } else { + previousDate = null; + return ''; + } + }); + + if (isDefined(attr.min) || attr.ngMin) { + var minVal; + ctrl.$validators.min = function(value) { + return !isValidDate(value) || isUndefined(minVal) || parseDate(value) >= minVal; + }; + attr.$observe('min', function(val) { + minVal = parseObservedDateValue(val); + ctrl.$validate(); + }); + } + + if (isDefined(attr.max) || attr.ngMax) { + var maxVal; + ctrl.$validators.max = function(value) { + return !isValidDate(value) || isUndefined(maxVal) || parseDate(value) <= maxVal; + }; + attr.$observe('max', function(val) { + maxVal = parseObservedDateValue(val); + ctrl.$validate(); + }); + } + + function isValidDate(value) { + // Invalid Date: getTime() returns NaN + return value && !(value.getTime && value.getTime() !== value.getTime()); + } + + function parseObservedDateValue(val) { + return isDefined(val) && !isDate(val) ? parseDate(val) || undefined : val; + } + }; +} + +function badInputChecker(scope, element, attr, ctrl) { + var node = element[0]; + var nativeValidation = ctrl.$$hasNativeValidators = isObject(node.validity); + if (nativeValidation) { + ctrl.$parsers.push(function(value) { + var validity = element.prop(VALIDITY_STATE_PROPERTY) || {}; + return validity.badInput || validity.typeMismatch ? undefined : value; + }); + } +} + +function numberFormatterParser(ctrl) { + ctrl.$$parserName = 'number'; + ctrl.$parsers.push(function(value) { + if (ctrl.$isEmpty(value)) return null; + if (NUMBER_REGEXP.test(value)) return parseFloat(value); + return undefined; + }); + + ctrl.$formatters.push(function(value) { + if (!ctrl.$isEmpty(value)) { + if (!isNumber(value)) { + throw ngModelMinErr('numfmt', 'Expected `{0}` to be a number', value); + } + value = value.toString(); + } + return value; + }); +} + +function parseNumberAttrVal(val) { + if (isDefined(val) && !isNumber(val)) { + val = parseFloat(val); + } + return !isNumberNaN(val) ? val : undefined; +} + +function isNumberInteger(num) { + // See http://stackoverflow.com/questions/14636536/how-to-check-if-a-variable-is-an-integer-in-javascript#14794066 + // (minus the assumption that `num` is a number) + + // eslint-disable-next-line no-bitwise + return (num | 0) === num; +} + +function countDecimals(num) { + var numString = num.toString(); + var decimalSymbolIndex = numString.indexOf('.'); + + if (decimalSymbolIndex === -1) { + if (-1 < num && num < 1) { + // It may be in the exponential notation format (`1e-X`) + var match = /e-(\d+)$/.exec(numString); + + if (match) { + return Number(match[1]); + } + } + + return 0; + } + + return numString.length - decimalSymbolIndex - 1; +} + +function isValidForStep(viewValue, stepBase, step) { + // At this point `stepBase` and `step` are expected to be non-NaN values + // and `viewValue` is expected to be a valid stringified number. + var value = Number(viewValue); + + var isNonIntegerValue = !isNumberInteger(value); + var isNonIntegerStepBase = !isNumberInteger(stepBase); + var isNonIntegerStep = !isNumberInteger(step); + + // Due to limitations in Floating Point Arithmetic (e.g. `0.3 - 0.2 !== 0.1` or + // `0.5 % 0.1 !== 0`), we need to convert all numbers to integers. + if (isNonIntegerValue || isNonIntegerStepBase || isNonIntegerStep) { + var valueDecimals = isNonIntegerValue ? countDecimals(value) : 0; + var stepBaseDecimals = isNonIntegerStepBase ? countDecimals(stepBase) : 0; + var stepDecimals = isNonIntegerStep ? countDecimals(step) : 0; + + var decimalCount = Math.max(valueDecimals, stepBaseDecimals, stepDecimals); + var multiplier = Math.pow(10, decimalCount); + + value = value * multiplier; + stepBase = stepBase * multiplier; + step = step * multiplier; + + if (isNonIntegerValue) value = Math.round(value); + if (isNonIntegerStepBase) stepBase = Math.round(stepBase); + if (isNonIntegerStep) step = Math.round(step); + } + + return (value - stepBase) % step === 0; +} + +function numberInputType(scope, element, attr, ctrl, $sniffer, $browser) { + badInputChecker(scope, element, attr, ctrl); + numberFormatterParser(ctrl); + baseInputType(scope, element, attr, ctrl, $sniffer, $browser); + + var minVal; + var maxVal; + + if (isDefined(attr.min) || attr.ngMin) { + ctrl.$validators.min = function(value) { + return ctrl.$isEmpty(value) || isUndefined(minVal) || value >= minVal; + }; + + attr.$observe('min', function(val) { + minVal = parseNumberAttrVal(val); + // TODO(matsko): implement validateLater to reduce number of validations + ctrl.$validate(); + }); + } + + if (isDefined(attr.max) || attr.ngMax) { + ctrl.$validators.max = function(value) { + return ctrl.$isEmpty(value) || isUndefined(maxVal) || value <= maxVal; + }; + + attr.$observe('max', function(val) { + maxVal = parseNumberAttrVal(val); + // TODO(matsko): implement validateLater to reduce number of validations + ctrl.$validate(); + }); + } + + if (isDefined(attr.step) || attr.ngStep) { + var stepVal; + ctrl.$validators.step = function(modelValue, viewValue) { + return ctrl.$isEmpty(viewValue) || isUndefined(stepVal) || + isValidForStep(viewValue, minVal || 0, stepVal); + }; + + attr.$observe('step', function(val) { + stepVal = parseNumberAttrVal(val); + // TODO(matsko): implement validateLater to reduce number of validations + ctrl.$validate(); + }); + } +} + +function rangeInputType(scope, element, attr, ctrl, $sniffer, $browser) { + badInputChecker(scope, element, attr, ctrl); + numberFormatterParser(ctrl); + baseInputType(scope, element, attr, ctrl, $sniffer, $browser); + + var supportsRange = ctrl.$$hasNativeValidators && element[0].type === 'range', + minVal = supportsRange ? 0 : undefined, + maxVal = supportsRange ? 100 : undefined, + stepVal = supportsRange ? 1 : undefined, + validity = element[0].validity, + hasMinAttr = isDefined(attr.min), + hasMaxAttr = isDefined(attr.max), + hasStepAttr = isDefined(attr.step); + + var originalRender = ctrl.$render; + + ctrl.$render = supportsRange && isDefined(validity.rangeUnderflow) && isDefined(validity.rangeOverflow) ? + //Browsers that implement range will set these values automatically, but reading the adjusted values after + //$render would cause the min / max validators to be applied with the wrong value + function rangeRender() { + originalRender(); + ctrl.$setViewValue(element.val()); + } : + originalRender; + + if (hasMinAttr) { + ctrl.$validators.min = supportsRange ? + // Since all browsers set the input to a valid value, we don't need to check validity + function noopMinValidator() { return true; } : + // non-support browsers validate the min val + function minValidator(modelValue, viewValue) { + return ctrl.$isEmpty(viewValue) || isUndefined(minVal) || viewValue >= minVal; + }; + + setInitialValueAndObserver('min', minChange); + } + + if (hasMaxAttr) { + ctrl.$validators.max = supportsRange ? + // Since all browsers set the input to a valid value, we don't need to check validity + function noopMaxValidator() { return true; } : + // non-support browsers validate the max val + function maxValidator(modelValue, viewValue) { + return ctrl.$isEmpty(viewValue) || isUndefined(maxVal) || viewValue <= maxVal; + }; + + setInitialValueAndObserver('max', maxChange); + } + + if (hasStepAttr) { + ctrl.$validators.step = supportsRange ? + function nativeStepValidator() { + // Currently, only FF implements the spec on step change correctly (i.e. adjusting the + // input element value to a valid value). It's possible that other browsers set the stepMismatch + // validity error instead, so we can at least report an error in that case. + return !validity.stepMismatch; + } : + // ngStep doesn't set the setp attr, so the browser doesn't adjust the input value as setting step would + function stepValidator(modelValue, viewValue) { + return ctrl.$isEmpty(viewValue) || isUndefined(stepVal) || + isValidForStep(viewValue, minVal || 0, stepVal); + }; + + setInitialValueAndObserver('step', stepChange); + } + + function setInitialValueAndObserver(htmlAttrName, changeFn) { + // interpolated attributes set the attribute value only after a digest, but we need the + // attribute value when the input is first rendered, so that the browser can adjust the + // input value based on the min/max value + element.attr(htmlAttrName, attr[htmlAttrName]); + attr.$observe(htmlAttrName, changeFn); + } + + function minChange(val) { + minVal = parseNumberAttrVal(val); + // ignore changes before model is initialized + if (isNumberNaN(ctrl.$modelValue)) { + return; + } + + if (supportsRange) { + var elVal = element.val(); + // IE11 doesn't set the el val correctly if the minVal is greater than the element value + if (minVal > elVal) { + elVal = minVal; + element.val(elVal); + } + ctrl.$setViewValue(elVal); + } else { + // TODO(matsko): implement validateLater to reduce number of validations + ctrl.$validate(); + } + } + + function maxChange(val) { + maxVal = parseNumberAttrVal(val); + // ignore changes before model is initialized + if (isNumberNaN(ctrl.$modelValue)) { + return; + } + + if (supportsRange) { + var elVal = element.val(); + // IE11 doesn't set the el val correctly if the maxVal is less than the element value + if (maxVal < elVal) { + element.val(maxVal); + // IE11 and Chrome don't set the value to the minVal when max < min + elVal = maxVal < minVal ? minVal : maxVal; + } + ctrl.$setViewValue(elVal); + } else { + // TODO(matsko): implement validateLater to reduce number of validations + ctrl.$validate(); + } + } + + function stepChange(val) { + stepVal = parseNumberAttrVal(val); + // ignore changes before model is initialized + if (isNumberNaN(ctrl.$modelValue)) { + return; + } + + // Some browsers don't adjust the input value correctly, but set the stepMismatch error + if (supportsRange && ctrl.$viewValue !== element.val()) { + ctrl.$setViewValue(element.val()); + } else { + // TODO(matsko): implement validateLater to reduce number of validations + ctrl.$validate(); + } + } +} + +function urlInputType(scope, element, attr, ctrl, $sniffer, $browser) { + // Note: no badInputChecker here by purpose as `url` is only a validation + // in browsers, i.e. we can always read out input.value even if it is not valid! + baseInputType(scope, element, attr, ctrl, $sniffer, $browser); + stringBasedInputType(ctrl); + + ctrl.$$parserName = 'url'; + ctrl.$validators.url = function(modelValue, viewValue) { + var value = modelValue || viewValue; + return ctrl.$isEmpty(value) || URL_REGEXP.test(value); + }; +} + +function emailInputType(scope, element, attr, ctrl, $sniffer, $browser) { + // Note: no badInputChecker here by purpose as `url` is only a validation + // in browsers, i.e. we can always read out input.value even if it is not valid! + baseInputType(scope, element, attr, ctrl, $sniffer, $browser); + stringBasedInputType(ctrl); + + ctrl.$$parserName = 'email'; + ctrl.$validators.email = function(modelValue, viewValue) { + var value = modelValue || viewValue; + return ctrl.$isEmpty(value) || EMAIL_REGEXP.test(value); + }; +} + +function radioInputType(scope, element, attr, ctrl) { + var doTrim = !attr.ngTrim || trim(attr.ngTrim) !== 'false'; + // make the name unique, if not defined + if (isUndefined(attr.name)) { + element.attr('name', nextUid()); + } + + var listener = function(ev) { + var value; + if (element[0].checked) { + value = attr.value; + if (doTrim) { + value = trim(value); + } + ctrl.$setViewValue(value, ev && ev.type); + } + }; + + element.on('click', listener); + + ctrl.$render = function() { + var value = attr.value; + if (doTrim) { + value = trim(value); + } + element[0].checked = (value === ctrl.$viewValue); + }; + + attr.$observe('value', ctrl.$render); +} + +function parseConstantExpr($parse, context, name, expression, fallback) { + var parseFn; + if (isDefined(expression)) { + parseFn = $parse(expression); + if (!parseFn.constant) { + throw ngModelMinErr('constexpr', 'Expected constant expression for `{0}`, but saw ' + + '`{1}`.', name, expression); + } + return parseFn(context); + } + return fallback; +} + +function checkboxInputType(scope, element, attr, ctrl, $sniffer, $browser, $filter, $parse) { + var trueValue = parseConstantExpr($parse, scope, 'ngTrueValue', attr.ngTrueValue, true); + var falseValue = parseConstantExpr($parse, scope, 'ngFalseValue', attr.ngFalseValue, false); + + var listener = function(ev) { + ctrl.$setViewValue(element[0].checked, ev && ev.type); + }; + + element.on('click', listener); + + ctrl.$render = function() { + element[0].checked = ctrl.$viewValue; + }; + + // Override the standard `$isEmpty` because the $viewValue of an empty checkbox is always set to `false` + // This is because of the parser below, which compares the `$modelValue` with `trueValue` to convert + // it to a boolean. + ctrl.$isEmpty = function(value) { + return value === false; + }; + + ctrl.$formatters.push(function(value) { + return equals(value, trueValue); + }); + + ctrl.$parsers.push(function(value) { + return value ? trueValue : falseValue; + }); +} + + +/** + * @ngdoc directive + * @name textarea + * @restrict E + * + * @description + * HTML textarea element control with angular data-binding. The data-binding and validation + * properties of this element are exactly the same as those of the + * {@link ng.directive:input input element}. + * + * @param {string} ngModel Assignable angular expression to data-bind to. + * @param {string=} name Property name of the form under which the control is published. + * @param {string=} required Sets `required` validation error key if the value is not entered. + * @param {string=} ngRequired Adds `required` attribute and `required` validation constraint to + * the element when the ngRequired expression evaluates to true. Use `ngRequired` instead of + * `required` when you want to data-bind to the `required` attribute. + * @param {number=} ngMinlength Sets `minlength` validation error key if the value is shorter than + * minlength. + * @param {number=} ngMaxlength Sets `maxlength` validation error key if the value is longer than + * maxlength. Setting the attribute to a negative or non-numeric value, allows view values of any + * length. + * @param {string=} ngPattern Sets `pattern` validation error key if the ngModel {@link ngModel.NgModelController#$viewValue $viewValue} + * does not match a RegExp found by evaluating the Angular expression given in the attribute value. + * If the expression evaluates to a RegExp object, then this is used directly. + * If the expression evaluates to a string, then it will be converted to a RegExp + * after wrapping it in `^` and `$` characters. For instance, `"abc"` will be converted to + * `new RegExp('^abc$')`.
    + * **Note:** Avoid using the `g` flag on the RegExp, as it will cause each successive search to + * start at the index of the last search's match, thus not taking the whole input value into + * account. + * @param {string=} ngChange Angular expression to be executed when input changes due to user + * interaction with the input element. + * @param {boolean=} [ngTrim=true] If set to false Angular will not automatically trim the input. + * + * @knownIssue + * + * When specifying the `placeholder` attribute of ` + *
    {{ list | json }}
    + * + * + * it("should split the text by newlines", function() { + * var listInput = element(by.model('list')); + * var output = element(by.binding('list | json')); + * listInput.sendKeys('abc\ndef\nghi'); + * expect(output.getText()).toContain('[\n "abc",\n "def",\n "ghi"\n]'); + * }); + * + * + * + * @element input + * @param {string=} ngList optional delimiter that should be used to split the value. + */ +var ngListDirective = function() { + return { + restrict: 'A', + priority: 100, + require: 'ngModel', + link: function(scope, element, attr, ctrl) { + var ngList = attr.ngList || ', '; + var trimValues = attr.ngTrim !== 'false'; + var separator = trimValues ? trim(ngList) : ngList; + + var parse = function(viewValue) { + // If the viewValue is invalid (say required but empty) it will be `undefined` + if (isUndefined(viewValue)) return; + + var list = []; + + if (viewValue) { + forEach(viewValue.split(separator), function(value) { + if (value) list.push(trimValues ? trim(value) : value); + }); + } + + return list; + }; + + ctrl.$parsers.push(parse); + ctrl.$formatters.push(function(value) { + if (isArray(value)) { + return value.join(ngList); + } + + return undefined; + }); + + // Override the standard $isEmpty because an empty array means the input is empty. + ctrl.$isEmpty = function(value) { + return !value || !value.length; + }; + } + }; +}; + +/* global VALID_CLASS: true, + INVALID_CLASS: true, + PRISTINE_CLASS: true, + DIRTY_CLASS: true, + UNTOUCHED_CLASS: true, + TOUCHED_CLASS: true, + PENDING_CLASS: true, + addSetValidityMethod: true, + setupValidity: true, + defaultModelOptions: false +*/ + + +var VALID_CLASS = 'ng-valid', + INVALID_CLASS = 'ng-invalid', + PRISTINE_CLASS = 'ng-pristine', + DIRTY_CLASS = 'ng-dirty', + UNTOUCHED_CLASS = 'ng-untouched', + TOUCHED_CLASS = 'ng-touched', + EMPTY_CLASS = 'ng-empty', + NOT_EMPTY_CLASS = 'ng-not-empty'; + +var ngModelMinErr = minErr('ngModel'); + +/** + * @ngdoc type + * @name ngModel.NgModelController + * + * @property {*} $viewValue The actual value from the control's view. For `input` elements, this is a + * String. See {@link ngModel.NgModelController#$setViewValue} for information about when the $viewValue + * is set. + * + * @property {*} $modelValue The value in the model that the control is bound to. + * + * @property {Array.} $parsers Array of functions to execute, as a pipeline, whenever + * the control updates the ngModelController with a new {@link ngModel.NgModelController#$viewValue + `$viewValue`} from the DOM, usually via user input. + See {@link ngModel.NgModelController#$setViewValue `$setViewValue()`} for a detailed lifecycle explanation. + Note that the `$parsers` are not called when the bound ngModel expression changes programmatically. + + The functions are called in array order, each passing + its return value through to the next. The last return value is forwarded to the + {@link ngModel.NgModelController#$validators `$validators`} collection. + + Parsers are used to sanitize / convert the {@link ngModel.NgModelController#$viewValue + `$viewValue`}. + + Returning `undefined` from a parser means a parse error occurred. In that case, + no {@link ngModel.NgModelController#$validators `$validators`} will run and the `ngModel` + will be set to `undefined` unless {@link ngModelOptions `ngModelOptions.allowInvalid`} + is set to `true`. The parse error is stored in `ngModel.$error.parse`. + + This simple example shows a parser that would convert text input value to lowercase: + * ```js + * function parse(value) { + * if (value) { + * return value.toLowerCase(); + * } + * } + * ngModelController.$parsers.push(parse); + * ``` + + * + * @property {Array.} $formatters Array of functions to execute, as a pipeline, whenever + the bound ngModel expression changes programmatically. The `$formatters` are not called when the + value of the control is changed by user interaction. + + Formatters are used to format / convert the {@link ngModel.NgModelController#$modelValue + `$modelValue`} for display in the control. + + The functions are called in reverse array order, each passing the value through to the + next. The last return value is used as the actual DOM value. + + This simple example shows a formatter that would convert the model value to uppercase: + + * ```js + * function format(value) { + * if (value) { + * return value.toUpperCase(); + * } + * } + * ngModel.$formatters.push(format); + * ``` + * + * @property {Object.} $validators A collection of validators that are applied + * whenever the model value changes. The key value within the object refers to the name of the + * validator while the function refers to the validation operation. The validation operation is + * provided with the model value as an argument and must return a true or false value depending + * on the response of that validation. + * + * ```js + * ngModel.$validators.validCharacters = function(modelValue, viewValue) { + * var value = modelValue || viewValue; + * return /[0-9]+/.test(value) && + * /[a-z]+/.test(value) && + * /[A-Z]+/.test(value) && + * /\W+/.test(value); + * }; + * ``` + * + * @property {Object.} $asyncValidators A collection of validations that are expected to + * perform an asynchronous validation (e.g. a HTTP request). The validation function that is provided + * is expected to return a promise when it is run during the model validation process. Once the promise + * is delivered then the validation status will be set to true when fulfilled and false when rejected. + * When the asynchronous validators are triggered, each of the validators will run in parallel and the model + * value will only be updated once all validators have been fulfilled. As long as an asynchronous validator + * is unfulfilled, its key will be added to the controllers `$pending` property. Also, all asynchronous validators + * will only run once all synchronous validators have passed. + * + * Please note that if $http is used then it is important that the server returns a success HTTP response code + * in order to fulfill the validation and a status level of `4xx` in order to reject the validation. + * + * ```js + * ngModel.$asyncValidators.uniqueUsername = function(modelValue, viewValue) { + * var value = modelValue || viewValue; + * + * // Lookup user by username + * return $http.get('/api/users/' + value). + * then(function resolved() { + * //username exists, this means validation fails + * return $q.reject('exists'); + * }, function rejected() { + * //username does not exist, therefore this validation passes + * return true; + * }); + * }; + * ``` + * + * @property {Array.} $viewChangeListeners Array of functions to execute whenever the + * view value has changed. It is called with no arguments, and its return value is ignored. + * This can be used in place of additional $watches against the model value. + * + * @property {Object} $error An object hash with all failing validator ids as keys. + * @property {Object} $pending An object hash with all pending validator ids as keys. + * + * @property {boolean} $untouched True if control has not lost focus yet. + * @property {boolean} $touched True if control has lost focus. + * @property {boolean} $pristine True if user has not interacted with the control yet. + * @property {boolean} $dirty True if user has already interacted with the control. + * @property {boolean} $valid True if there is no error. + * @property {boolean} $invalid True if at least one error on the control. + * @property {string} $name The name attribute of the control. + * + * @description + * + * `NgModelController` provides API for the {@link ngModel `ngModel`} directive. + * The controller contains services for data-binding, validation, CSS updates, and value formatting + * and parsing. It purposefully does not contain any logic which deals with DOM rendering or + * listening to DOM events. + * Such DOM related logic should be provided by other directives which make use of + * `NgModelController` for data-binding to control elements. + * Angular provides this DOM logic for most {@link input `input`} elements. + * At the end of this page you can find a {@link ngModel.NgModelController#custom-control-example + * custom control example} that uses `ngModelController` to bind to `contenteditable` elements. + * + * @example + * ### Custom Control Example + * This example shows how to use `NgModelController` with a custom control to achieve + * data-binding. Notice how different directives (`contenteditable`, `ng-model`, and `required`) + * collaborate together to achieve the desired result. + * + * `contenteditable` is an HTML5 attribute, which tells the browser to let the element + * contents be edited in place by the user. + * + * We are using the {@link ng.service:$sce $sce} service here and include the {@link ngSanitize $sanitize} + * module to automatically remove "bad" content like inline event listener (e.g. ``). + * However, as we are using `$sce` the model can still decide to provide unsafe content if it marks + * that content using the `$sce` service. + * + * + + [contenteditable] { + border: 1px solid black; + background-color: white; + min-height: 20px; + } + + .ng-invalid { + border: 1px solid red; + } + + + + angular.module('customControl', ['ngSanitize']). + directive('contenteditable', ['$sce', function($sce) { + return { + restrict: 'A', // only activate on element attribute + require: '?ngModel', // get a hold of NgModelController + link: function(scope, element, attrs, ngModel) { + if (!ngModel) return; // do nothing if no ng-model + + // Specify how UI should be updated + ngModel.$render = function() { + element.html($sce.getTrustedHtml(ngModel.$viewValue || '')); + }; + + // Listen for change events to enable binding + element.on('blur keyup change', function() { + scope.$evalAsync(read); + }); + read(); // initialize + + // Write data to the model + function read() { + var html = element.html(); + // When we clear the content editable the browser leaves a
    behind + // If strip-br attribute is provided then we strip this out + if (attrs.stripBr && html === '
    ') { + html = ''; + } + ngModel.$setViewValue(html); + } + } + }; + }]); +
    + +
    +
    Change me!
    + Required! +
    + +
    +
    + + it('should data-bind and become invalid', function() { + if (browser.params.browser === 'safari' || browser.params.browser === 'firefox') { + // SafariDriver can't handle contenteditable + // and Firefox driver can't clear contenteditables very well + return; + } + var contentEditable = element(by.css('[contenteditable]')); + var content = 'Change me!'; + + expect(contentEditable.getText()).toEqual(content); + + contentEditable.clear(); + contentEditable.sendKeys(protractor.Key.BACK_SPACE); + expect(contentEditable.getText()).toEqual(''); + expect(contentEditable.getAttribute('class')).toMatch(/ng-invalid-required/); + }); + + *
    + * + * + */ +NgModelController.$inject = ['$scope', '$exceptionHandler', '$attrs', '$element', '$parse', '$animate', '$timeout', '$q', '$interpolate']; +function NgModelController($scope, $exceptionHandler, $attr, $element, $parse, $animate, $timeout, $q, $interpolate) { + this.$viewValue = Number.NaN; + this.$modelValue = Number.NaN; + this.$$rawModelValue = undefined; // stores the parsed modelValue / model set from scope regardless of validity. + this.$validators = {}; + this.$asyncValidators = {}; + this.$parsers = []; + this.$formatters = []; + this.$viewChangeListeners = []; + this.$untouched = true; + this.$touched = false; + this.$pristine = true; + this.$dirty = false; + this.$valid = true; + this.$invalid = false; + this.$error = {}; // keep invalid keys here + this.$$success = {}; // keep valid keys here + this.$pending = undefined; // keep pending keys here + this.$name = $interpolate($attr.name || '', false)($scope); + this.$$parentForm = nullFormCtrl; + this.$options = defaultModelOptions; + + this.$$parsedNgModel = $parse($attr.ngModel); + this.$$parsedNgModelAssign = this.$$parsedNgModel.assign; + this.$$ngModelGet = this.$$parsedNgModel; + this.$$ngModelSet = this.$$parsedNgModelAssign; + this.$$pendingDebounce = null; + this.$$parserValid = undefined; + + this.$$currentValidationRunId = 0; + + // https://github.com/angular/angular.js/issues/15833 + // Prevent `$$scope` from being iterated over by `copy` when NgModelController is deep watched + Object.defineProperty(this, '$$scope', {value: $scope}); + this.$$attr = $attr; + this.$$element = $element; + this.$$animate = $animate; + this.$$timeout = $timeout; + this.$$parse = $parse; + this.$$q = $q; + this.$$exceptionHandler = $exceptionHandler; + + setupValidity(this); + setupModelWatcher(this); +} + +NgModelController.prototype = { + $$initGetterSetters: function() { + if (this.$options.getOption('getterSetter')) { + var invokeModelGetter = this.$$parse(this.$$attr.ngModel + '()'), + invokeModelSetter = this.$$parse(this.$$attr.ngModel + '($$$p)'); + + this.$$ngModelGet = function($scope) { + var modelValue = this.$$parsedNgModel($scope); + if (isFunction(modelValue)) { + modelValue = invokeModelGetter($scope); + } + return modelValue; + }; + this.$$ngModelSet = function($scope, newValue) { + if (isFunction(this.$$parsedNgModel($scope))) { + invokeModelSetter($scope, {$$$p: newValue}); + } else { + this.$$parsedNgModelAssign($scope, newValue); + } + }; + } else if (!this.$$parsedNgModel.assign) { + throw ngModelMinErr('nonassign', 'Expression \'{0}\' is non-assignable. Element: {1}', + this.$$attr.ngModel, startingTag(this.$$element)); + } + }, + + + /** + * @ngdoc method + * @name ngModel.NgModelController#$render + * + * @description + * Called when the view needs to be updated. It is expected that the user of the ng-model + * directive will implement this method. + * + * The `$render()` method is invoked in the following situations: + * + * * `$rollbackViewValue()` is called. If we are rolling back the view value to the last + * committed value then `$render()` is called to update the input control. + * * The value referenced by `ng-model` is changed programmatically and both the `$modelValue` and + * the `$viewValue` are different from last time. + * + * Since `ng-model` does not do a deep watch, `$render()` is only invoked if the values of + * `$modelValue` and `$viewValue` are actually different from their previous values. If `$modelValue` + * or `$viewValue` are objects (rather than a string or number) then `$render()` will not be + * invoked if you only change a property on the objects. + */ + $render: noop, + + /** + * @ngdoc method + * @name ngModel.NgModelController#$isEmpty + * + * @description + * This is called when we need to determine if the value of an input is empty. + * + * For instance, the required directive does this to work out if the input has data or not. + * + * The default `$isEmpty` function checks whether the value is `undefined`, `''`, `null` or `NaN`. + * + * You can override this for input directives whose concept of being empty is different from the + * default. The `checkboxInputType` directive does this because in its case a value of `false` + * implies empty. + * + * @param {*} value The value of the input to check for emptiness. + * @returns {boolean} True if `value` is "empty". + */ + $isEmpty: function(value) { + // eslint-disable-next-line no-self-compare + return isUndefined(value) || value === '' || value === null || value !== value; + }, + + $$updateEmptyClasses: function(value) { + if (this.$isEmpty(value)) { + this.$$animate.removeClass(this.$$element, NOT_EMPTY_CLASS); + this.$$animate.addClass(this.$$element, EMPTY_CLASS); + } else { + this.$$animate.removeClass(this.$$element, EMPTY_CLASS); + this.$$animate.addClass(this.$$element, NOT_EMPTY_CLASS); + } + }, + + /** + * @ngdoc method + * @name ngModel.NgModelController#$setPristine + * + * @description + * Sets the control to its pristine state. + * + * This method can be called to remove the `ng-dirty` class and set the control to its pristine + * state (`ng-pristine` class). A model is considered to be pristine when the control + * has not been changed from when first compiled. + */ + $setPristine: function() { + this.$dirty = false; + this.$pristine = true; + this.$$animate.removeClass(this.$$element, DIRTY_CLASS); + this.$$animate.addClass(this.$$element, PRISTINE_CLASS); + }, + + /** + * @ngdoc method + * @name ngModel.NgModelController#$setDirty + * + * @description + * Sets the control to its dirty state. + * + * This method can be called to remove the `ng-pristine` class and set the control to its dirty + * state (`ng-dirty` class). A model is considered to be dirty when the control has been changed + * from when first compiled. + */ + $setDirty: function() { + this.$dirty = true; + this.$pristine = false; + this.$$animate.removeClass(this.$$element, PRISTINE_CLASS); + this.$$animate.addClass(this.$$element, DIRTY_CLASS); + this.$$parentForm.$setDirty(); + }, + + /** + * @ngdoc method + * @name ngModel.NgModelController#$setUntouched + * + * @description + * Sets the control to its untouched state. + * + * This method can be called to remove the `ng-touched` class and set the control to its + * untouched state (`ng-untouched` class). Upon compilation, a model is set as untouched + * by default, however this function can be used to restore that state if the model has + * already been touched by the user. + */ + $setUntouched: function() { + this.$touched = false; + this.$untouched = true; + this.$$animate.setClass(this.$$element, UNTOUCHED_CLASS, TOUCHED_CLASS); + }, + + /** + * @ngdoc method + * @name ngModel.NgModelController#$setTouched + * + * @description + * Sets the control to its touched state. + * + * This method can be called to remove the `ng-untouched` class and set the control to its + * touched state (`ng-touched` class). A model is considered to be touched when the user has + * first focused the control element and then shifted focus away from the control (blur event). + */ + $setTouched: function() { + this.$touched = true; + this.$untouched = false; + this.$$animate.setClass(this.$$element, TOUCHED_CLASS, UNTOUCHED_CLASS); + }, + + /** + * @ngdoc method + * @name ngModel.NgModelController#$rollbackViewValue + * + * @description + * Cancel an update and reset the input element's value to prevent an update to the `$modelValue`, + * which may be caused by a pending debounced event or because the input is waiting for some + * future event. + * + * If you have an input that uses `ng-model-options` to set up debounced updates or updates that + * depend on special events such as `blur`, there can be a period when the `$viewValue` is out of + * sync with the ngModel's `$modelValue`. + * + * In this case, you can use `$rollbackViewValue()` to manually cancel the debounced / future update + * and reset the input to the last committed view value. + * + * It is also possible that you run into difficulties if you try to update the ngModel's `$modelValue` + * programmatically before these debounced/future events have resolved/occurred, because Angular's + * dirty checking mechanism is not able to tell whether the model has actually changed or not. + * + * The `$rollbackViewValue()` method should be called before programmatically changing the model of an + * input which may have such events pending. This is important in order to make sure that the + * input field will be updated with the new model value and any pending operations are cancelled. + * + * + * + * angular.module('cancel-update-example', []) + * + * .controller('CancelUpdateController', ['$scope', function($scope) { + * $scope.model = {value1: '', value2: ''}; + * + * $scope.setEmpty = function(e, value, rollback) { + * if (e.keyCode === 27) { + * e.preventDefault(); + * if (rollback) { + * $scope.myForm[value].$rollbackViewValue(); + * } + * $scope.model[value] = ''; + * } + * }; + * }]); + * + * + *
    + *

    Both of these inputs are only updated if they are blurred. Hitting escape should + * empty them. Follow these steps and observe the difference:

    + *
      + *
    1. Type something in the input. You will see that the model is not yet updated
    2. + *
    3. Press the Escape key. + *
        + *
      1. In the first example, nothing happens, because the model is already '', and no + * update is detected. If you blur the input, the model will be set to the current view. + *
      2. + *
      3. In the second example, the pending update is cancelled, and the input is set back + * to the last committed view value (''). Blurring the input does nothing. + *
      4. + *
      + *
    4. + *
    + * + *
    + *
    + *

    Without $rollbackViewValue():

    + * + * value1: "{{ model.value1 }}" + *
    + * + *
    + *

    With $rollbackViewValue():

    + * + * value2: "{{ model.value2 }}" + *
    + *
    + *
    + *
    + + div { + display: table-cell; + } + div:nth-child(1) { + padding-right: 30px; + } + + + *
    + */ + $rollbackViewValue: function() { + this.$$timeout.cancel(this.$$pendingDebounce); + this.$viewValue = this.$$lastCommittedViewValue; + this.$render(); + }, + + /** + * @ngdoc method + * @name ngModel.NgModelController#$validate + * + * @description + * Runs each of the registered validators (first synchronous validators and then + * asynchronous validators). + * If the validity changes to invalid, the model will be set to `undefined`, + * unless {@link ngModelOptions `ngModelOptions.allowInvalid`} is `true`. + * If the validity changes to valid, it will set the model to the last available valid + * `$modelValue`, i.e. either the last parsed value or the last value set from the scope. + */ + $validate: function() { + // ignore $validate before model is initialized + if (isNumberNaN(this.$modelValue)) { + return; + } + + var viewValue = this.$$lastCommittedViewValue; + // Note: we use the $$rawModelValue as $modelValue might have been + // set to undefined during a view -> model update that found validation + // errors. We can't parse the view here, since that could change + // the model although neither viewValue nor the model on the scope changed + var modelValue = this.$$rawModelValue; + + var prevValid = this.$valid; + var prevModelValue = this.$modelValue; + + var allowInvalid = this.$options.getOption('allowInvalid'); + + var that = this; + this.$$runValidators(modelValue, viewValue, function(allValid) { + // If there was no change in validity, don't update the model + // This prevents changing an invalid modelValue to undefined + if (!allowInvalid && prevValid !== allValid) { + // Note: Don't check this.$valid here, as we could have + // external validators (e.g. calculated on the server), + // that just call $setValidity and need the model value + // to calculate their validity. + that.$modelValue = allValid ? modelValue : undefined; + + if (that.$modelValue !== prevModelValue) { + that.$$writeModelToScope(); + } + } + }); + }, + + $$runValidators: function(modelValue, viewValue, doneCallback) { + this.$$currentValidationRunId++; + var localValidationRunId = this.$$currentValidationRunId; + var that = this; + + // check parser error + if (!processParseErrors()) { + validationDone(false); + return; + } + if (!processSyncValidators()) { + validationDone(false); + return; + } + processAsyncValidators(); + + function processParseErrors() { + var errorKey = that.$$parserName || 'parse'; + if (isUndefined(that.$$parserValid)) { + setValidity(errorKey, null); + } else { + if (!that.$$parserValid) { + forEach(that.$validators, function(v, name) { + setValidity(name, null); + }); + forEach(that.$asyncValidators, function(v, name) { + setValidity(name, null); + }); + } + // Set the parse error last, to prevent unsetting it, should a $validators key == parserName + setValidity(errorKey, that.$$parserValid); + return that.$$parserValid; + } + return true; + } + + function processSyncValidators() { + var syncValidatorsValid = true; + forEach(that.$validators, function(validator, name) { + var result = Boolean(validator(modelValue, viewValue)); + syncValidatorsValid = syncValidatorsValid && result; + setValidity(name, result); + }); + if (!syncValidatorsValid) { + forEach(that.$asyncValidators, function(v, name) { + setValidity(name, null); + }); + return false; + } + return true; + } + + function processAsyncValidators() { + var validatorPromises = []; + var allValid = true; + forEach(that.$asyncValidators, function(validator, name) { + var promise = validator(modelValue, viewValue); + if (!isPromiseLike(promise)) { + throw ngModelMinErr('nopromise', + 'Expected asynchronous validator to return a promise but got \'{0}\' instead.', promise); + } + setValidity(name, undefined); + validatorPromises.push(promise.then(function() { + setValidity(name, true); + }, function() { + allValid = false; + setValidity(name, false); + })); + }); + if (!validatorPromises.length) { + validationDone(true); + } else { + that.$$q.all(validatorPromises).then(function() { + validationDone(allValid); + }, noop); + } + } + + function setValidity(name, isValid) { + if (localValidationRunId === that.$$currentValidationRunId) { + that.$setValidity(name, isValid); + } + } + + function validationDone(allValid) { + if (localValidationRunId === that.$$currentValidationRunId) { + + doneCallback(allValid); + } + } + }, + + /** + * @ngdoc method + * @name ngModel.NgModelController#$commitViewValue + * + * @description + * Commit a pending update to the `$modelValue`. + * + * Updates may be pending by a debounced event or because the input is waiting for a some future + * event defined in `ng-model-options`. this method is rarely needed as `NgModelController` + * usually handles calling this in response to input events. + */ + $commitViewValue: function() { + var viewValue = this.$viewValue; + + this.$$timeout.cancel(this.$$pendingDebounce); + + // If the view value has not changed then we should just exit, except in the case where there is + // a native validator on the element. In this case the validation state may have changed even though + // the viewValue has stayed empty. + if (this.$$lastCommittedViewValue === viewValue && (viewValue !== '' || !this.$$hasNativeValidators)) { + return; + } + this.$$updateEmptyClasses(viewValue); + this.$$lastCommittedViewValue = viewValue; + + // change to dirty + if (this.$pristine) { + this.$setDirty(); + } + this.$$parseAndValidate(); + }, + + $$parseAndValidate: function() { + var viewValue = this.$$lastCommittedViewValue; + var modelValue = viewValue; + var that = this; + + this.$$parserValid = isUndefined(modelValue) ? undefined : true; + + if (this.$$parserValid) { + for (var i = 0; i < this.$parsers.length; i++) { + modelValue = this.$parsers[i](modelValue); + if (isUndefined(modelValue)) { + this.$$parserValid = false; + break; + } + } + } + if (isNumberNaN(this.$modelValue)) { + // this.$modelValue has not been touched yet... + this.$modelValue = this.$$ngModelGet(this.$$scope); + } + var prevModelValue = this.$modelValue; + var allowInvalid = this.$options.getOption('allowInvalid'); + this.$$rawModelValue = modelValue; + + if (allowInvalid) { + this.$modelValue = modelValue; + writeToModelIfNeeded(); + } + + // Pass the $$lastCommittedViewValue here, because the cached viewValue might be out of date. + // This can happen if e.g. $setViewValue is called from inside a parser + this.$$runValidators(modelValue, this.$$lastCommittedViewValue, function(allValid) { + if (!allowInvalid) { + // Note: Don't check this.$valid here, as we could have + // external validators (e.g. calculated on the server), + // that just call $setValidity and need the model value + // to calculate their validity. + that.$modelValue = allValid ? modelValue : undefined; + writeToModelIfNeeded(); + } + }); + + function writeToModelIfNeeded() { + if (that.$modelValue !== prevModelValue) { + that.$$writeModelToScope(); + } + } + }, + + $$writeModelToScope: function() { + this.$$ngModelSet(this.$$scope, this.$modelValue); + forEach(this.$viewChangeListeners, function(listener) { + try { + listener(); + } catch (e) { + // eslint-disable-next-line no-invalid-this + this.$$exceptionHandler(e); + } + }, this); + }, + + /** + * @ngdoc method + * @name ngModel.NgModelController#$setViewValue + * + * @description + * Update the view value. + * + * This method should be called when a control wants to change the view value; typically, + * this is done from within a DOM event handler. For example, the {@link ng.directive:input input} + * directive calls it when the value of the input changes and {@link ng.directive:select select} + * calls it when an option is selected. + * + * When `$setViewValue` is called, the new `value` will be staged for committing through the `$parsers` + * and `$validators` pipelines. If there are no special {@link ngModelOptions} specified then the staged + * value is sent directly for processing through the `$parsers` pipeline. After this, the `$validators` and + * `$asyncValidators` are called and the value is applied to `$modelValue`. + * Finally, the value is set to the **expression** specified in the `ng-model` attribute and + * all the registered change listeners, in the `$viewChangeListeners` list are called. + * + * In case the {@link ng.directive:ngModelOptions ngModelOptions} directive is used with `updateOn` + * and the `default` trigger is not listed, all those actions will remain pending until one of the + * `updateOn` events is triggered on the DOM element. + * All these actions will be debounced if the {@link ng.directive:ngModelOptions ngModelOptions} + * directive is used with a custom debounce for this particular event. + * Note that a `$digest` is only triggered once the `updateOn` events are fired, or if `debounce` + * is specified, once the timer runs out. + * + * When used with standard inputs, the view value will always be a string (which is in some cases + * parsed into another type, such as a `Date` object for `input[date]`.) + * However, custom controls might also pass objects to this method. In this case, we should make + * a copy of the object before passing it to `$setViewValue`. This is because `ngModel` does not + * perform a deep watch of objects, it only looks for a change of identity. If you only change + * the property of the object then ngModel will not realize that the object has changed and + * will not invoke the `$parsers` and `$validators` pipelines. For this reason, you should + * not change properties of the copy once it has been passed to `$setViewValue`. + * Otherwise you may cause the model value on the scope to change incorrectly. + * + *
    + * In any case, the value passed to the method should always reflect the current value + * of the control. For example, if you are calling `$setViewValue` for an input element, + * you should pass the input DOM value. Otherwise, the control and the scope model become + * out of sync. It's also important to note that `$setViewValue` does not call `$render` or change + * the control's DOM value in any way. If we want to change the control's DOM value + * programmatically, we should update the `ngModel` scope expression. Its new value will be + * picked up by the model controller, which will run it through the `$formatters`, `$render` it + * to update the DOM, and finally call `$validate` on it. + *
    + * + * @param {*} value value from the view. + * @param {string} trigger Event that triggered the update. + */ + $setViewValue: function(value, trigger) { + this.$viewValue = value; + if (this.$options.getOption('updateOnDefault')) { + this.$$debounceViewValueCommit(trigger); + } + }, + + $$debounceViewValueCommit: function(trigger) { + var debounceDelay = this.$options.getOption('debounce'); + + if (isNumber(debounceDelay[trigger])) { + debounceDelay = debounceDelay[trigger]; + } else if (isNumber(debounceDelay['default'])) { + debounceDelay = debounceDelay['default']; + } + + this.$$timeout.cancel(this.$$pendingDebounce); + var that = this; + if (debounceDelay > 0) { // this fails if debounceDelay is an object + this.$$pendingDebounce = this.$$timeout(function() { + that.$commitViewValue(); + }, debounceDelay); + } else if (this.$$scope.$root.$$phase) { + this.$commitViewValue(); + } else { + this.$$scope.$apply(function() { + that.$commitViewValue(); + }); + } + }, + + /** + * @ngdoc method + * + * @name ngModel.NgModelController#$overrideModelOptions + * + * @description + * + * Override the current model options settings programmatically. + * + * The previous `ModelOptions` value will not be modified. Instead, a + * new `ModelOptions` object will inherit from the previous one overriding + * or inheriting settings that are defined in the given parameter. + * + * See {@link ngModelOptions} for information about what options can be specified + * and how model option inheritance works. + * + * @param {Object} options a hash of settings to override the previous options + * + */ + $overrideModelOptions: function(options) { + this.$options = this.$options.createChild(options); + } +}; + +function setupModelWatcher(ctrl) { + // model -> value + // Note: we cannot use a normal scope.$watch as we want to detect the following: + // 1. scope value is 'a' + // 2. user enters 'b' + // 3. ng-change kicks in and reverts scope value to 'a' + // -> scope value did not change since the last digest as + // ng-change executes in apply phase + // 4. view should be changed back to 'a' + ctrl.$$scope.$watch(function ngModelWatch(scope) { + var modelValue = ctrl.$$ngModelGet(scope); + + // if scope model value and ngModel value are out of sync + // TODO(perf): why not move this to the action fn? + if (modelValue !== ctrl.$modelValue && + // checks for NaN is needed to allow setting the model to NaN when there's an asyncValidator + // eslint-disable-next-line no-self-compare + (ctrl.$modelValue === ctrl.$modelValue || modelValue === modelValue) + ) { + ctrl.$modelValue = ctrl.$$rawModelValue = modelValue; + ctrl.$$parserValid = undefined; + + var formatters = ctrl.$formatters, + idx = formatters.length; + + var viewValue = modelValue; + while (idx--) { + viewValue = formatters[idx](viewValue); + } + if (ctrl.$viewValue !== viewValue) { + ctrl.$$updateEmptyClasses(viewValue); + ctrl.$viewValue = ctrl.$$lastCommittedViewValue = viewValue; + ctrl.$render(); + + // It is possible that model and view value have been updated during render + ctrl.$$runValidators(ctrl.$modelValue, ctrl.$viewValue, noop); + } + } + + return modelValue; + }); +} + +/** + * @ngdoc method + * @name ngModel.NgModelController#$setValidity + * + * @description + * Change the validity state, and notify the form. + * + * This method can be called within $parsers/$formatters or a custom validation implementation. + * However, in most cases it should be sufficient to use the `ngModel.$validators` and + * `ngModel.$asyncValidators` collections which will call `$setValidity` automatically. + * + * @param {string} validationErrorKey Name of the validator. The `validationErrorKey` will be assigned + * to either `$error[validationErrorKey]` or `$pending[validationErrorKey]` + * (for unfulfilled `$asyncValidators`), so that it is available for data-binding. + * The `validationErrorKey` should be in camelCase and will get converted into dash-case + * for class name. Example: `myError` will result in `ng-valid-my-error` and `ng-invalid-my-error` + * class and can be bound to as `{{someForm.someControl.$error.myError}}` . + * @param {boolean} isValid Whether the current state is valid (true), invalid (false), pending (undefined), + * or skipped (null). Pending is used for unfulfilled `$asyncValidators`. + * Skipped is used by Angular when validators do not run because of parse errors and + * when `$asyncValidators` do not run because any of the `$validators` failed. + */ +addSetValidityMethod({ + clazz: NgModelController, + set: function(object, property) { + object[property] = true; + }, + unset: function(object, property) { + delete object[property]; + } +}); + + +/** + * @ngdoc directive + * @name ngModel + * + * @element input + * @priority 1 + * + * @description + * The `ngModel` directive binds an `input`,`select`, `textarea` (or custom form control) to a + * property on the scope using {@link ngModel.NgModelController NgModelController}, + * which is created and exposed by this directive. + * + * `ngModel` is responsible for: + * + * - Binding the view into the model, which other directives such as `input`, `textarea` or `select` + * require. + * - Providing validation behavior (i.e. required, number, email, url). + * - Keeping the state of the control (valid/invalid, dirty/pristine, touched/untouched, validation errors). + * - Setting related css classes on the element (`ng-valid`, `ng-invalid`, `ng-dirty`, `ng-pristine`, `ng-touched`, + * `ng-untouched`, `ng-empty`, `ng-not-empty`) including animations. + * - Registering the control with its parent {@link ng.directive:form form}. + * + * Note: `ngModel` will try to bind to the property given by evaluating the expression on the + * current scope. If the property doesn't already exist on this scope, it will be created + * implicitly and added to the scope. + * + * For best practices on using `ngModel`, see: + * + * - [Understanding Scopes](https://github.com/angular/angular.js/wiki/Understanding-Scopes) + * + * For basic examples, how to use `ngModel`, see: + * + * - {@link ng.directive:input input} + * - {@link input[text] text} + * - {@link input[checkbox] checkbox} + * - {@link input[radio] radio} + * - {@link input[number] number} + * - {@link input[email] email} + * - {@link input[url] url} + * - {@link input[date] date} + * - {@link input[datetime-local] datetime-local} + * - {@link input[time] time} + * - {@link input[month] month} + * - {@link input[week] week} + * - {@link ng.directive:select select} + * - {@link ng.directive:textarea textarea} + * + * # Complex Models (objects or collections) + * + * By default, `ngModel` watches the model by reference, not value. This is important to know when + * binding inputs to models that are objects (e.g. `Date`) or collections (e.g. arrays). If only properties of the + * object or collection change, `ngModel` will not be notified and so the input will not be re-rendered. + * + * The model must be assigned an entirely new object or collection before a re-rendering will occur. + * + * Some directives have options that will cause them to use a custom `$watchCollection` on the model expression + * - for example, `ngOptions` will do so when a `track by` clause is included in the comprehension expression or + * if the select is given the `multiple` attribute. + * + * The `$watchCollection()` method only does a shallow comparison, meaning that changing properties deeper than the + * first level of the object (or only changing the properties of an item in the collection if it's an array) will still + * not trigger a re-rendering of the model. + * + * # CSS classes + * The following CSS classes are added and removed on the associated input/select/textarea element + * depending on the validity of the model. + * + * - `ng-valid`: the model is valid + * - `ng-invalid`: the model is invalid + * - `ng-valid-[key]`: for each valid key added by `$setValidity` + * - `ng-invalid-[key]`: for each invalid key added by `$setValidity` + * - `ng-pristine`: the control hasn't been interacted with yet + * - `ng-dirty`: the control has been interacted with + * - `ng-touched`: the control has been blurred + * - `ng-untouched`: the control hasn't been blurred + * - `ng-pending`: any `$asyncValidators` are unfulfilled + * - `ng-empty`: the view does not contain a value or the value is deemed "empty", as defined + * by the {@link ngModel.NgModelController#$isEmpty} method + * - `ng-not-empty`: the view contains a non-empty value + * + * Keep in mind that ngAnimate can detect each of these classes when added and removed. + * + * ## Animation Hooks + * + * Animations within models are triggered when any of the associated CSS classes are added and removed + * on the input element which is attached to the model. These classes include: `.ng-pristine`, `.ng-dirty`, + * `.ng-invalid` and `.ng-valid` as well as any other validations that are performed on the model itself. + * The animations that are triggered within ngModel are similar to how they work in ngClass and + * animations can be hooked into using CSS transitions, keyframes as well as JS animations. + * + * The following example shows a simple way to utilize CSS transitions to style an input element + * that has been rendered as invalid after it has been validated: + * + *
    + * //be sure to include ngAnimate as a module to hook into more
    + * //advanced animations
    + * .my-input {
    + *   transition:0.5s linear all;
    + *   background: white;
    + * }
    + * .my-input.ng-invalid {
    + *   background: red;
    + *   color:white;
    + * }
    + * 
    + * + * @example + * + + + +

    + Update input to see transitions when valid/invalid. + Integer is a valid value. +

    +
    + +
    +
    + *
    + * + * ## Binding to a getter/setter + * + * Sometimes it's helpful to bind `ngModel` to a getter/setter function. A getter/setter is a + * function that returns a representation of the model when called with zero arguments, and sets + * the internal state of a model when called with an argument. It's sometimes useful to use this + * for models that have an internal representation that's different from what the model exposes + * to the view. + * + *
    + * **Best Practice:** It's best to keep getters fast because Angular is likely to call them more + * frequently than other parts of your code. + *
    + * + * You use this behavior by adding `ng-model-options="{ getterSetter: true }"` to an element that + * has `ng-model` attached to it. You can also add `ng-model-options="{ getterSetter: true }"` to + * a `
    `, which will enable this behavior for all ``s within it. See + * {@link ng.directive:ngModelOptions `ngModelOptions`} for more. + * + * The following example shows how to use `ngModel` with a getter/setter: + * + * @example + * + +
    + + + +
    user.name = 
    +
    +
    + + angular.module('getterSetterExample', []) + .controller('ExampleController', ['$scope', function($scope) { + var _name = 'Brian'; + $scope.user = { + name: function(newName) { + // Note that newName can be undefined for two reasons: + // 1. Because it is called as a getter and thus called with no arguments + // 2. Because the property should actually be set to undefined. This happens e.g. if the + // input is invalid + return arguments.length ? (_name = newName) : _name; + } + }; + }]); + + *
    + */ +var ngModelDirective = ['$rootScope', function($rootScope) { + return { + restrict: 'A', + require: ['ngModel', '^?form', '^?ngModelOptions'], + controller: NgModelController, + // Prelink needs to run before any input directive + // so that we can set the NgModelOptions in NgModelController + // before anyone else uses it. + priority: 1, + compile: function ngModelCompile(element) { + // Setup initial state of the control + element.addClass(PRISTINE_CLASS).addClass(UNTOUCHED_CLASS).addClass(VALID_CLASS); + + return { + pre: function ngModelPreLink(scope, element, attr, ctrls) { + var modelCtrl = ctrls[0], + formCtrl = ctrls[1] || modelCtrl.$$parentForm, + optionsCtrl = ctrls[2]; + + if (optionsCtrl) { + modelCtrl.$options = optionsCtrl.$options; + } + + modelCtrl.$$initGetterSetters(); + + // notify others, especially parent forms + formCtrl.$addControl(modelCtrl); + + attr.$observe('name', function(newValue) { + if (modelCtrl.$name !== newValue) { + modelCtrl.$$parentForm.$$renameControl(modelCtrl, newValue); + } + }); + + scope.$on('$destroy', function() { + modelCtrl.$$parentForm.$removeControl(modelCtrl); + }); + }, + post: function ngModelPostLink(scope, element, attr, ctrls) { + var modelCtrl = ctrls[0]; + if (modelCtrl.$options.getOption('updateOn')) { + element.on(modelCtrl.$options.getOption('updateOn'), function(ev) { + modelCtrl.$$debounceViewValueCommit(ev && ev.type); + }); + } + + function setTouched() { + modelCtrl.$setTouched(); + } + + element.on('blur', function() { + if (modelCtrl.$touched) return; + + if ($rootScope.$$phase) { + scope.$evalAsync(setTouched); + } else { + scope.$apply(setTouched); + } + }); + } + }; + } + }; +}]; + +/* exported defaultModelOptions */ +var defaultModelOptions; +var DEFAULT_REGEXP = /(\s+|^)default(\s+|$)/; + +/** + * @ngdoc type + * @name ModelOptions + * @description + * A container for the options set by the {@link ngModelOptions} directive + */ +function ModelOptions(options) { + this.$$options = options; +} + +ModelOptions.prototype = { + + /** + * @ngdoc method + * @name ModelOptions#getOption + * @param {string} name the name of the option to retrieve + * @returns {*} the value of the option + * @description + * Returns the value of the given option + */ + getOption: function(name) { + return this.$$options[name]; + }, + + /** + * @ngdoc method + * @name ModelOptions#createChild + * @param {Object} options a hash of options for the new child that will override the parent's options + * @return {ModelOptions} a new `ModelOptions` object initialized with the given options. + */ + createChild: function(options) { + var inheritAll = false; + + // make a shallow copy + options = extend({}, options); + + // Inherit options from the parent if specified by the value `"$inherit"` + forEach(options, /* @this */ function(option, key) { + if (option === '$inherit') { + if (key === '*') { + inheritAll = true; + } else { + options[key] = this.$$options[key]; + // `updateOn` is special so we must also inherit the `updateOnDefault` option + if (key === 'updateOn') { + options.updateOnDefault = this.$$options.updateOnDefault; + } + } + } else { + if (key === 'updateOn') { + // If the `updateOn` property contains the `default` event then we have to remove + // it from the event list and set the `updateOnDefault` flag. + options.updateOnDefault = false; + options[key] = trim(option.replace(DEFAULT_REGEXP, function() { + options.updateOnDefault = true; + return ' '; + })); + } + } + }, this); + + if (inheritAll) { + // We have a property of the form: `"*": "$inherit"` + delete options['*']; + defaults(options, this.$$options); + } + + // Finally add in any missing defaults + defaults(options, defaultModelOptions.$$options); + + return new ModelOptions(options); + } +}; + + +defaultModelOptions = new ModelOptions({ + updateOn: '', + updateOnDefault: true, + debounce: 0, + getterSetter: false, + allowInvalid: false, + timezone: null +}); + + +/** + * @ngdoc directive + * @name ngModelOptions + * + * @description + * This directive allows you to modify the behaviour of {@link ngModel} directives within your + * application. You can specify an `ngModelOptions` directive on any element. All {@link ngModel} + * directives will use the options of their nearest `ngModelOptions` ancestor. + * + * The `ngModelOptions` settings are found by evaluating the value of the attribute directive as + * an Angular expression. This expression should evaluate to an object, whose properties contain + * the settings. For example: `
    + *
    + * + *
    + *
    + * ``` + * + * the `input` element will have the following settings + * + * ```js + * { allowInvalid: true, updateOn: 'default', debounce: 0 } + * ``` + * + * Notice that the `debounce` setting was not inherited and used the default value instead. + * + * You can specify that all undefined settings are automatically inherited from an ancestor by + * including a property with key of `"*"` and value of `"$inherit"`. + * + * For example given the following fragment of HTML + * + * + * ```html + *
    + *
    + * + *
    + *
    + * ``` + * + * the `input` element will have the following settings + * + * ```js + * { allowInvalid: true, updateOn: 'default', debounce: 200 } + * ``` + * + * Notice that the `debounce` setting now inherits the value from the outer `
    ` element. + * + * If you are creating a reusable component then you should be careful when using `"*": "$inherit"` + * since you may inadvertently inherit a setting in the future that changes the behavior of your component. + * + * + * ## Triggering and debouncing model updates + * + * The `updateOn` and `debounce` properties allow you to specify a custom list of events that will + * trigger a model update and/or a debouncing delay so that the actual update only takes place when + * a timer expires; this timer will be reset after another change takes place. + * + * Given the nature of `ngModelOptions`, the value displayed inside input fields in the view might + * be different from the value in the actual model. This means that if you update the model you + * should also invoke {@link ngModel.NgModelController#$rollbackViewValue} on the relevant input field in + * order to make sure it is synchronized with the model and that any debounced action is canceled. + * + * The easiest way to reference the control's {@link ngModel.NgModelController#$rollbackViewValue} + * method is by making sure the input is placed inside a form that has a `name` attribute. This is + * important because `form` controllers are published to the related scope under the name in their + * `name` attribute. + * + * Any pending changes will take place immediately when an enclosing form is submitted via the + * `submit` event. Note that `ngClick` events will occur before the model is updated. Use `ngSubmit` + * to have access to the updated model. + * + * The following example shows how to override immediate updates. Changes on the inputs within the + * form will update the model only when the control loses focus (blur event). If `escape` key is + * pressed while the input field is focused, the value is reset to the value in the current model. + * + * + * + *
    + *
    + *
    + *
    + *
    + *
    user.name = 
    + *
    + *
    + * + * angular.module('optionsExample', []) + * .controller('ExampleController', ['$scope', function($scope) { + * $scope.user = { name: 'say', data: '' }; + * + * $scope.cancel = function(e) { + * if (e.keyCode === 27) { + * $scope.userForm.userName.$rollbackViewValue(); + * } + * }; + * }]); + * + * + * var model = element(by.binding('user.name')); + * var input = element(by.model('user.name')); + * var other = element(by.model('user.data')); + * + * it('should allow custom events', function() { + * input.sendKeys(' hello'); + * input.click(); + * expect(model.getText()).toEqual('say'); + * other.click(); + * expect(model.getText()).toEqual('say hello'); + * }); + * + * it('should $rollbackViewValue when model changes', function() { + * input.sendKeys(' hello'); + * expect(input.getAttribute('value')).toEqual('say hello'); + * input.sendKeys(protractor.Key.ESCAPE); + * expect(input.getAttribute('value')).toEqual('say'); + * other.click(); + * expect(model.getText()).toEqual('say'); + * }); + * + *
    + * + * The next example shows how to debounce model changes. Model will be updated only 1 sec after last change. + * If the `Clear` button is pressed, any debounced action is canceled and the value becomes empty. + * + * + * + *
    + *
    + * Name: + * + *
    + *
    + *
    user.name = 
    + *
    + *
    + * + * angular.module('optionsExample', []) + * .controller('ExampleController', ['$scope', function($scope) { + * $scope.user = { name: 'say' }; + * }]); + * + *
    + * + * ## Model updates and validation + * + * The default behaviour in `ngModel` is that the model value is set to `undefined` when the + * validation determines that the value is invalid. By setting the `allowInvalid` property to true, + * the model will still be updated even if the value is invalid. + * + * + * ## Connecting to the scope + * + * By setting the `getterSetter` property to true you are telling ngModel that the `ngModel` expression + * on the scope refers to a "getter/setter" function rather than the value itself. + * + * The following example shows how to bind to getter/setters: + * + * + * + *
    + *
    + * + *
    + *
    user.name = 
    + *
    + *
    + * + * angular.module('getterSetterExample', []) + * .controller('ExampleController', ['$scope', function($scope) { + * var _name = 'Brian'; + * $scope.user = { + * name: function(newName) { + * return angular.isDefined(newName) ? (_name = newName) : _name; + * } + * }; + * }]); + * + *
    + * + * + * ## Specifying timezones + * + * You can specify the timezone that date/time input directives expect by providing its name in the + * `timezone` property. + * + * @param {Object} ngModelOptions options to apply to {@link ngModel} directives on this element and + * and its descendents. Valid keys are: + * - `updateOn`: string specifying which event should the input be bound to. You can set several + * events using an space delimited list. There is a special event called `default` that + * matches the default events belonging to the control. + * - `debounce`: integer value which contains the debounce model update value in milliseconds. A + * value of 0 triggers an immediate update. If an object is supplied instead, you can specify a + * custom value for each event. For example: + * ``` + * ng-model-options="{ + * updateOn: 'default blur', + * debounce: { 'default': 500, 'blur': 0 } + * }" + * ``` + * - `allowInvalid`: boolean value which indicates that the model can be set with values that did + * not validate correctly instead of the default behavior of setting the model to undefined. + * - `getterSetter`: boolean value which determines whether or not to treat functions bound to + * `ngModel` as getters/setters. + * - `timezone`: Defines the timezone to be used to read/write the `Date` instance in the model for + * ``, ``, ... . It understands UTC/GMT and the + * continental US time zone abbreviations, but for general use, use a time zone offset, for + * example, `'+0430'` (4 hours, 30 minutes east of the Greenwich meridian) + * If not specified, the timezone of the browser will be used. + * + */ +var ngModelOptionsDirective = function() { + NgModelOptionsController.$inject = ['$attrs', '$scope']; + function NgModelOptionsController($attrs, $scope) { + this.$$attrs = $attrs; + this.$$scope = $scope; + } + NgModelOptionsController.prototype = { + $onInit: function() { + var parentOptions = this.parentCtrl ? this.parentCtrl.$options : defaultModelOptions; + var modelOptionsDefinition = this.$$scope.$eval(this.$$attrs.ngModelOptions); + + this.$options = parentOptions.createChild(modelOptionsDefinition); + } + }; + + return { + restrict: 'A', + // ngModelOptions needs to run before ngModel and input directives + priority: 10, + require: {parentCtrl: '?^^ngModelOptions'}, + bindToController: true, + controller: NgModelOptionsController + }; +}; + + +// shallow copy over values from `src` that are not already specified on `dst` +function defaults(dst, src) { + forEach(src, function(value, key) { + if (!isDefined(dst[key])) { + dst[key] = value; + } + }); +} + +/** + * @ngdoc directive + * @name ngNonBindable + * @restrict AC + * @priority 1000 + * + * @description + * The `ngNonBindable` directive tells Angular not to compile or bind the contents of the current + * DOM element. This is useful if the element contains what appears to be Angular directives and + * bindings but which should be ignored by Angular. This could be the case if you have a site that + * displays snippets of code, for instance. + * + * @element ANY + * + * @example + * In this example there are two locations where a simple interpolation binding (`{{}}`) is present, + * but the one wrapped in `ngNonBindable` is left alone. + * + * @example + + +
    Normal: {{1 + 2}}
    +
    Ignored: {{1 + 2}}
    +
    + + it('should check ng-non-bindable', function() { + expect(element(by.binding('1 + 2')).getText()).toContain('3'); + expect(element.all(by.css('div')).last().getText()).toMatch(/1 \+ 2/); + }); + +
    + */ +var ngNonBindableDirective = ngDirective({ terminal: true, priority: 1000 }); + +/* exported ngOptionsDirective */ + +/* global jqLiteRemove */ + +var ngOptionsMinErr = minErr('ngOptions'); + +/** + * @ngdoc directive + * @name ngOptions + * @restrict A + * + * @description + * + * The `ngOptions` attribute can be used to dynamically generate a list of `` + * DOM element. + * * `disable`: The result of this expression will be used to disable the rendered `