From 9bd81bc32970754341e007d33c17db6abe3fe480 Mon Sep 17 00:00:00 2001 From: Niraj Acharya Date: Tue, 17 Mar 2026 14:51:13 +0545 Subject: [PATCH] test: add test for mfa --- .drone.star | 25 +- package.json | 3 + pnpm-lock.yaml | 562 ++++ .../ocis_keycloak/ocis-mfa-ci-realm.dist.json | 2934 +++++++++++++++++ .../helpers/setAccessAndRefreshToken.ts | 10 +- .../e2e-playwright/specs/keycloak/mfa.spec.ts | 19 + .../e2e-playwright/steps/ui/adminSettings.ts | 14 + tests/e2e-playwright/steps/ui/session.ts | 33 + tests/e2e-playwright/support/test.ts | 31 +- .../e2e/support/api/keycloak/ocisUserToken.ts | 3 +- .../app-admin-settings/general/actions.ts | 14 + .../app-admin-settings/general/index.ts | 3 + tests/e2e/support/objects/runtime/session.ts | 6 + tests/e2e/support/utils/mfa.ts | 17 + 14 files changed, 3650 insertions(+), 24 deletions(-) create mode 100644 tests/drone/ocis_keycloak/ocis-mfa-ci-realm.dist.json create mode 100644 tests/e2e-playwright/specs/keycloak/mfa.spec.ts create mode 100644 tests/e2e/support/utils/mfa.ts diff --git a/.drone.star b/.drone.star index 043182be1ed..a2ebcf037f6 100644 --- a/.drone.star +++ b/.drone.star @@ -243,6 +243,29 @@ config = { "IDP_ACCESS_TOKEN_EXPIRATION": 30, }, }, + "keycloak": { + "earlyFail": True, + "skip": False, + "features": [ + "specs/keycloak/mfa.spec.ts", + ], + "extraServerEnvironment": { + "PROXY_AUTOPROVISION_ACCOUNTS": "true", + "PROXY_ROLE_ASSIGNMENT_DRIVER": "oidc", + "OCIS_OIDC_ISSUER": "https://keycloak:8443/realms/oCIS", + "PROXY_OIDC_REWRITE_WELLKNOWN": "true", + "WEB_OIDC_CLIENT_ID": "web", + "PROXY_USER_OIDC_CLAIM": "preferred_username", + "PROXY_USER_CS3_CLAIM": "username", + "OCIS_ADMIN_USER_ID": "", + "OCIS_EXCLUDE_RUN_SERVICES": "idp", + "GRAPH_ASSIGN_DEFAULT_USER_ROLE": "false", + "GRAPH_USERNAME_MATCH": "none", + "KEYCLOAK_DOMAIN": "keycloak:8443", + "OCIS_MFA_ENABLED": "true", + "WEB_OIDC_SCOPE": "openid profile email acr", + }, + }, }, "build": True, } @@ -1973,7 +1996,7 @@ def keycloakService(): }, "commands": [ "mkdir -p /opt/keycloak/data/import", - "cp tests/drone/ocis_keycloak/ocis-ci-realm.dist.json /opt/keycloak/data/import/oCIS-realm.json", + "cp tests/drone/ocis_keycloak/ocis-mfa-ci-realm.dist.json /opt/keycloak/data/import/oCIS-realm.json", "/opt/keycloak/bin/kc.sh start-dev --proxy-headers xforwarded --spi-connections-http-client-default-disable-trust-manager=true --import-realm --health-enabled=true", ], "volumes": [ diff --git a/package.json b/package.json index 44c4abb1467..39392236c5a 100644 --- a/package.json +++ b/package.json @@ -67,7 +67,9 @@ "git-repo-info": "2.1.1", "globals": "^16.5.0", "happy-dom": "20.0.10", + "jimp": "^1.6.0", "jsdom": "^27.2.0", + "jsqr": "^1.4.0", "license-checker-rseidelsohn": "4.4.2", "multiple-cucumber-html-reporter": "^3.9.3", "node-fetch": "3.3.2", @@ -79,6 +81,7 @@ "rollup-plugin-gzip": "^4.1.1", "rollup-plugin-visualizer": "6.0.5", "simple-git": "3.30.0", + "speakeasy": "^2.0.0", "ts-node": "10.9.2", "tslib": "2.8.1", "typescript": "5.9.3", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 83c8b69d607..a2842a26538 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -138,9 +138,15 @@ importers: happy-dom: specifier: 20.0.10 version: 20.0.10 + jimp: + specifier: ^1.6.0 + version: 1.6.0 jsdom: specifier: ^27.2.0 version: 27.2.0 + jsqr: + specifier: ^1.4.0 + version: 1.4.0 license-checker-rseidelsohn: specifier: 4.4.2 version: 4.4.2 @@ -174,6 +180,9 @@ importers: simple-git: specifier: 3.30.0 version: 3.30.0 + speakeasy: + specifier: ^2.0.0 + version: 2.0.0 ts-node: specifier: 10.9.2 version: 10.9.2(@types/node@25.3.2)(typescript@5.9.3) @@ -2344,6 +2353,118 @@ packages: resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==} engines: {node: '>=12'} + '@jimp/core@1.6.0': + resolution: {integrity: sha512-EQQlKU3s9QfdJqiSrZWNTxBs3rKXgO2W+GxNXDtwchF3a4IqxDheFX1ti+Env9hdJXDiYLp2jTRjlxhPthsk8w==} + engines: {node: '>=18'} + + '@jimp/diff@1.6.0': + resolution: {integrity: sha512-+yUAQ5gvRC5D1WHYxjBHZI7JBRusGGSLf8AmPRPCenTzh4PA+wZ1xv2+cYqQwTfQHU5tXYOhA0xDytfHUf1Zyw==} + engines: {node: '>=18'} + + '@jimp/file-ops@1.6.0': + resolution: {integrity: sha512-Dx/bVDmgnRe1AlniRpCKrGRm5YvGmUwbDzt+MAkgmLGf+jvBT75hmMEZ003n9HQI/aPnm/YKnXjg/hOpzNCpHQ==} + engines: {node: '>=18'} + + '@jimp/js-bmp@1.6.0': + resolution: {integrity: sha512-FU6Q5PC/e3yzLyBDXupR3SnL3htU7S3KEs4e6rjDP6gNEOXRFsWs6YD3hXuXd50jd8ummy+q2WSwuGkr8wi+Gw==} + engines: {node: '>=18'} + + '@jimp/js-gif@1.6.0': + resolution: {integrity: sha512-N9CZPHOrJTsAUoWkWZstLPpwT5AwJ0wge+47+ix3++SdSL/H2QzyMqxbcDYNFe4MoI5MIhATfb0/dl/wmX221g==} + engines: {node: '>=18'} + + '@jimp/js-jpeg@1.6.0': + resolution: {integrity: sha512-6vgFDqeusblf5Pok6B2DUiMXplH8RhIKAryj1yn+007SIAQ0khM1Uptxmpku/0MfbClx2r7pnJv9gWpAEJdMVA==} + engines: {node: '>=18'} + + '@jimp/js-png@1.6.0': + resolution: {integrity: sha512-AbQHScy3hDDgMRNfG0tPjL88AV6qKAILGReIa3ATpW5QFjBKpisvUaOqhzJ7Reic1oawx3Riyv152gaPfqsBVg==} + engines: {node: '>=18'} + + '@jimp/js-tiff@1.6.0': + resolution: {integrity: sha512-zhReR8/7KO+adijj3h0ZQUOiun3mXUv79zYEAKvE0O+rP7EhgtKvWJOZfRzdZSNv0Pu1rKtgM72qgtwe2tFvyw==} + engines: {node: '>=18'} + + '@jimp/plugin-blit@1.6.0': + resolution: {integrity: sha512-M+uRWl1csi7qilnSK8uxK4RJMSuVeBiO1AY0+7APnfUbQNZm6hCe0CCFv1Iyw1D/Dhb8ph8fQgm5mwM0eSxgVA==} + engines: {node: '>=18'} + + '@jimp/plugin-blur@1.6.0': + resolution: {integrity: sha512-zrM7iic1OTwUCb0g/rN5y+UnmdEsT3IfuCXCJJNs8SZzP0MkZ1eTvuwK9ZidCuMo4+J3xkzCidRwYXB5CyGZTw==} + engines: {node: '>=18'} + + '@jimp/plugin-circle@1.6.0': + resolution: {integrity: sha512-xt1Gp+LtdMKAXfDp3HNaG30SPZW6AQ7dtAtTnoRKorRi+5yCJjKqXRgkewS5bvj8DEh87Ko1ydJfzqS3P2tdWw==} + engines: {node: '>=18'} + + '@jimp/plugin-color@1.6.0': + resolution: {integrity: sha512-J5q8IVCpkBsxIXM+45XOXTrsyfblyMZg3a9eAo0P7VPH4+CrvyNQwaYatbAIamSIN1YzxmO3DkIZXzRjFSz1SA==} + engines: {node: '>=18'} + + '@jimp/plugin-contain@1.6.0': + resolution: {integrity: sha512-oN/n+Vdq/Qg9bB4yOBOxtY9IPAtEfES8J1n9Ddx+XhGBYT1/QTU/JYkGaAkIGoPnyYvmLEDqMz2SGihqlpqfzQ==} + engines: {node: '>=18'} + + '@jimp/plugin-cover@1.6.0': + resolution: {integrity: sha512-Iow0h6yqSC269YUJ8HC3Q/MpCi2V55sMlbkkTTx4zPvd8mWZlC0ykrNDeAy9IJegrQ7v5E99rJwmQu25lygKLA==} + engines: {node: '>=18'} + + '@jimp/plugin-crop@1.6.0': + resolution: {integrity: sha512-KqZkEhvs+21USdySCUDI+GFa393eDIzbi1smBqkUPTE+pRwSWMAf01D5OC3ZWB+xZsNla93BDS9iCkLHA8wang==} + engines: {node: '>=18'} + + '@jimp/plugin-displace@1.6.0': + resolution: {integrity: sha512-4Y10X9qwr5F+Bo5ME356XSACEF55485j5nGdiyJ9hYzjQP9nGgxNJaZ4SAOqpd+k5sFaIeD7SQ0Occ26uIng5Q==} + engines: {node: '>=18'} + + '@jimp/plugin-dither@1.6.0': + resolution: {integrity: sha512-600d1RxY0pKwgyU0tgMahLNKsqEcxGdbgXadCiVCoGd6V6glyCvkNrnnwC0n5aJ56Htkj88PToSdF88tNVZEEQ==} + engines: {node: '>=18'} + + '@jimp/plugin-fisheye@1.6.0': + resolution: {integrity: sha512-E5QHKWSCBFtpgZarlmN3Q6+rTQxjirFqo44ohoTjzYVrDI6B6beXNnPIThJgPr0Y9GwfzgyarKvQuQuqCnnfbA==} + engines: {node: '>=18'} + + '@jimp/plugin-flip@1.6.0': + resolution: {integrity: sha512-/+rJVDuBIVOgwoyVkBjUFHtP+wmW0r+r5OQ2GpatQofToPVbJw1DdYWXlwviSx7hvixTWLKVgRWQ5Dw862emDg==} + engines: {node: '>=18'} + + '@jimp/plugin-hash@1.6.0': + resolution: {integrity: sha512-wWzl0kTpDJgYVbZdajTf+4NBSKvmI3bRI8q6EH9CVeIHps9VWVsUvEyb7rpbcwVLWYuzDtP2R0lTT6WeBNQH9Q==} + engines: {node: '>=18'} + + '@jimp/plugin-mask@1.6.0': + resolution: {integrity: sha512-Cwy7ExSJMZszvkad8NV8o/Z92X2kFUFM8mcDAhNVxU0Q6tA0op2UKRJY51eoK8r6eds/qak3FQkXakvNabdLnA==} + engines: {node: '>=18'} + + '@jimp/plugin-print@1.6.0': + resolution: {integrity: sha512-zarTIJi8fjoGMSI/M3Xh5yY9T65p03XJmPsuNet19K/Q7mwRU6EV2pfj+28++2PV2NJ+htDF5uecAlnGyxFN2A==} + engines: {node: '>=18'} + + '@jimp/plugin-quantize@1.6.0': + resolution: {integrity: sha512-EmzZ/s9StYQwbpG6rUGBCisc3f64JIhSH+ncTJd+iFGtGo0YvSeMdAd+zqgiHpfZoOL54dNavZNjF4otK+mvlg==} + engines: {node: '>=18'} + + '@jimp/plugin-resize@1.6.0': + resolution: {integrity: sha512-uSUD1mqXN9i1SGSz5ov3keRZ7S9L32/mAQG08wUwZiEi5FpbV0K8A8l1zkazAIZi9IJzLlTauRNU41Mi8IF9fA==} + engines: {node: '>=18'} + + '@jimp/plugin-rotate@1.6.0': + resolution: {integrity: sha512-JagdjBLnUZGSG4xjCLkIpQOZZ3Mjbg8aGCCi4G69qR+OjNpOeGI7N2EQlfK/WE8BEHOW5vdjSyglNqcYbQBWRw==} + engines: {node: '>=18'} + + '@jimp/plugin-threshold@1.6.0': + resolution: {integrity: sha512-M59m5dzLoHOVWdM41O8z9SyySzcDn43xHseOH0HavjsfQsT56GGCC4QzU1banJidbUrePhzoEdS42uFE8Fei8w==} + engines: {node: '>=18'} + + '@jimp/types@1.6.0': + resolution: {integrity: sha512-7UfRsiKo5GZTAATxm2qQ7jqmUXP0DxTArztllTcYdyw6Xi5oT4RaoXynVtCD4UyLK5gJgkZJcwonoijrhYFKfg==} + engines: {node: '>=18'} + + '@jimp/utils@1.6.0': + resolution: {integrity: sha512-gqFTGEosKbOkYF/WFj26jMHOI5OH2jeP1MmC/zbK6BF6VJBf8rIC5898dPfSzZEbSA0wbbV5slbntWVc5PKLFA==} + engines: {node: '>=18'} + '@jridgewell/gen-mapping@0.3.13': resolution: {integrity: sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==} @@ -2878,6 +2999,9 @@ packages: resolution: {integrity: sha512-ID7fosbc50TbT0MK0EG12O+gAP3W3Aa/Pz4DaTtQtEvlc9Odaqi0de+xuZ7Li2GtK4HzEX7IuRWS/JmZLksR3Q==} engines: {node: '>=14'} + '@tokenizer/token@0.3.0': + resolution: {integrity: sha512-OvjF+z51L3ov0OyAU0duzsYuvO01PH7x4t6DJx+guahgTnBHkhJdG7soQeTSFLWN3efnHyibZ4Z8l2EuWwJN3A==} + '@transloadit/prettier-bytes@0.3.5': resolution: {integrity: sha512-xF4A3d/ZyX2LJWeQZREZQw+qFX4TGQ8bGVP97OLRt6sPO6T0TNHBFTuRHOJh7RNmYOBmQ9MHxpolD9bXihpuVA==} @@ -3044,6 +3168,9 @@ packages: '@types/minimatch@5.1.2': resolution: {integrity: sha512-K0VQKziLUWkVKiRVrx4a40iPaxTUefQmjtkQofBkYRcoaaL/8rhwDWww9qWbrgicNOgnpIsMxyNIUM4+n6dUIA==} + '@types/node@16.9.1': + resolution: {integrity: sha512-QpLcX9ZSsq3YYUUnD3nFDY8H7wctAhQj/TFKL8Ya8v5fMm3CFXxo8zStsLAl780ltoYoo1WvKUVGBQK+1ifr7g==} + '@types/node@20.19.1': resolution: {integrity: sha512-jJD50LtlD2dodAEO653i3YF04NWak6jN3ky+Ri3Em3mGR39/glWiboM/IePaRbgwSfqM1TpGXfAg8ohn/4dTgA==} @@ -3442,6 +3569,10 @@ packages: resolution: {integrity: sha512-6/mh1E2u2YgEsCHdY0Yx5oW+61gZU+1vXaoiHHrpKeuRNNgFvS+/jrwHiQhB5apAf5oB7UB7E19ol2R2LKH8hQ==} engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} + abort-controller@3.0.0: + resolution: {integrity: sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg==} + engines: {node: '>=6.5'} + acorn-jsx@5.3.2: resolution: {integrity: sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==} peerDependencies: @@ -3536,6 +3667,9 @@ packages: resolution: {integrity: sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==} engines: {node: '>=12'} + any-base@1.1.0: + resolution: {integrity: sha512-uMgjozySS8adZZYePpaWs8cxB9/kdzmpX6SgJZ+wbz1K5eYk5QMYDVJaZKhxyIHUdnnJkfR7SVgStgH7LkGUyg==} + any-promise@1.3.0: resolution: {integrity: sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A==} @@ -3623,6 +3757,10 @@ packages: resolution: {integrity: sha512-wvUjBtSGN7+7SjNpq/9M2Tg350UZD3q62IFZLbRAR1bSMlCo1ZaeW+BJ+D090e4hIIZLBcTDWe4Mh4jvUDajzQ==} engines: {node: '>= 0.4'} + await-to-js@3.0.0: + resolution: {integrity: sha512-zJAaP9zxTcvTHRlejau3ZOY4V7SRpiByf3/dxx2uyKxxor19tpmpV2QRsTKikckwhaPmr2dVpxxMr7jOCYVp5g==} + engines: {node: '>=6.0.0'} + axe-core@4.11.0: resolution: {integrity: sha512-ilYanEU8vxxBexpJd8cWM4ElSQq4QctCLKih0TSfjIfCQTeyH/6zVrmIJfLPrKTKJRbiG+cfnZbQIjAlJmF1jQ==} engines: {node: '>=4'} @@ -3670,6 +3808,9 @@ packages: base-64@1.0.0: resolution: {integrity: sha512-kwDPIFCGx0NZHog36dj+tHiwP4QMzsZ3AgMViUBKI0+V5n4U0ufTCUMhnQ04diaRI8EX/QcPfql7zlhZ7j4zgg==} + base32.js@0.0.1: + resolution: {integrity: sha512-EGHIRiegFa62/SsA1J+Xs2tIzludPdzM064N9wjbiEgHnGnJ1V0WEpA4pEwCYT5nDvZk3ubf0shqaCS7k6xeUQ==} + base64-arraybuffer@1.0.2: resolution: {integrity: sha512-I3yl4r9QB5ZRY3XuJVEPfc2XhZO6YweFPI+UovAzn+8/hb3oJ6lnysaFcjVpkCPfVWFUDvoZ8kmVDP7WyRtYtQ==} engines: {node: '>= 0.6.0'} @@ -3694,6 +3835,9 @@ packages: birpc@2.9.0: resolution: {integrity: sha512-KrayHS5pBi69Xi9JmvoqrIgYGDkD6mcSe/i6YKi3w5kekCLzrX4+nawcXqrj2tIp50Kw/mT/s3p+GVK0A0sKxw==} + bmp-ts@1.0.9: + resolution: {integrity: sha512-cTEHk2jLrPyi+12M3dhpEbnnPOsaZuq7C45ylbbQIiWgDFZq4UVYPEY5mlqjvsj/6gJv9qX5sa+ebDzLXT28Vw==} + bn.js@4.12.2: resolution: {integrity: sha512-n4DSx829VRTRByMRGdjQ9iqsN0Bh4OolPsFnaZBLcbi8iXcB+kJ9s7EnRt4wILZNV3kPLHkRVfOc/HvhC3ovDw==} @@ -4568,6 +4712,10 @@ packages: event-emitter@0.3.5: resolution: {integrity: sha512-D9rRn9y7kLPnJ+hMq7S/nhvoKwwvVJahBi2BPmx3bvbsEdK3W9ii8cBSGjP+72/LnM4n6fo3+dkCX5FeTQruXA==} + event-target-shim@5.0.1: + resolution: {integrity: sha512-i/2XbnSz/uxRCU6+NdVJgKWDTM427+MqYbkQzD321DuCQJUqOuJKIA0IM2+W2xtYHdKOmZ4dR6fExsd4SXL+WQ==} + engines: {node: '>=6'} + eventemitter3@5.0.1: resolution: {integrity: sha512-GWkBvjiSZK87ELrYOSESUYeVIc9mvLLf/nXalMOS5dYrgZq9o5OVkbZAVM06CVxYsCwH9BDZFPlQTlPA1j4ahA==} @@ -4582,6 +4730,9 @@ packages: resolution: {integrity: sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==} engines: {node: '>=10'} + exif-parser@0.1.12: + resolution: {integrity: sha512-c2bQfLNbMzLPmzQuOr8fy0csy84WmwnER81W88DzTp9CYNPJ6yzOj2EZAh9pywYpqHnshVLHQJ8WzldAyfY+Iw==} + expect-type@1.3.0: resolution: {integrity: sha512-knvyeauYhqjOYvQ66MznSMs83wmHrCycNEN6Ao+2AeYEfxUIkuiVxdEa1qlGEPK+We3n0THiDciYSsCcgW/DoA==} engines: {node: '>=12.0.0'} @@ -4649,6 +4800,10 @@ packages: resolution: {integrity: sha512-XXTUwCvisa5oacNGRP9SfNtYBNAMi+RPwBFmblZEF7N7swHYQS6/Zfk7SRwx4D5j3CH211YNRco1DEMNVfZCnQ==} engines: {node: '>=16.0.0'} + file-type@16.5.4: + resolution: {integrity: sha512-/yFHK0aGjFEgDJjEKP0pWCplsPFPhwyfwevf/pVxiN0tmE4L9LmwWxWukdJSHdoCli4VgQLehjJtwQBnqmsKcw==} + engines: {node: '>=10'} + filelist@1.0.4: resolution: {integrity: sha512-w1cEuf3S+DrLCQL7ET6kz+gmlJdbq9J7yXCSjK/OZCPA+qEN1WyF4ZAf0YYJa4/shHJra2t/d/r8SV4Ji+x+8Q==} @@ -4788,6 +4943,9 @@ packages: resolution: {integrity: sha512-i/3mDQufQoJd2/EKm/B+VlaYrt3yGjVfLZu8DQpESKH29klNiW6z2S89FVCIEB85bDNgtGCeM/3A/yR1njr/Lw==} engines: {node: '>=6'} + gifwrap@0.10.1: + resolution: {integrity: sha512-2760b1vpJHNmLzZ/ubTtNnEx5WApN/PYWJvXvgS+tL1egTTthayFYIQQNi136FLEDcN/IyEY2EcGpIITD6eYUw==} + git-repo-info@2.1.1: resolution: {integrity: sha512-8aCohiDo4jwjOwma4FmYFd3i97urZulL8XL24nIPxuE+GZnfsAyy/g2Shqx6OjUiFKUXZM+Yy+KHnOmmA3FVcg==} engines: {node: '>= 4.0'} @@ -4994,6 +5152,9 @@ packages: resolution: {integrity: sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==} engines: {node: '>= 4'} + image-q@4.0.0: + resolution: {integrity: sha512-PfJGVgIfKQJuq3s0tTDOKtztksibuUEbJQIYT3by6wctQo+Rdlh7ef4evJ5NCdxY4CfMbvFkocEwbl4BF8RlJw==} + immediate@3.0.6: resolution: {integrity: sha512-XXOFtyqDjNDAQxVfYxuF7g9Il/IbWmmlQg2MYKOH8ExIT1qg6xc4zyS3HaEEATgs1btfzxq15ciUiY7gjSXRGQ==} @@ -5198,6 +5359,10 @@ packages: resolution: {integrity: sha512-7vuh85V5cdDofPyxn58nrPjBktZo0u9x1g8WtjQol+jZDaE+fhN+cIvTj11GndBnMnyfrUOG1sZQxCdjKh+DKg==} engines: {node: '>= 10.13.0'} + jimp@1.6.0: + resolution: {integrity: sha512-YcwCHw1kiqEeI5xRpDlPPBGL2EOpBKLwO4yIBJcXWHPj5PnA5urGq0jbyhM5KoNpypQ6VboSoxc9D8HyfvngSg==} + engines: {node: '>=18'} + jju@1.4.0: resolution: {integrity: sha512-8wb9Yw966OSxApiCt0K3yNJL8pnNeIv+OEq2YMidz4FKP6nonSRoOXc80iXY4JaN2FC11B9qsNmDsm+ZOfMROA==} @@ -5208,6 +5373,9 @@ packages: resolution: {integrity: sha512-34wB/Y7MW7bzjKRjUKTa46I2Z7eV62Rkhva+KkopW7Qvv/OSWBqvkSY7vusOPrNuZcUG3tApvdVgNB8POj3SPw==} engines: {node: '>=10'} + jpeg-js@0.4.4: + resolution: {integrity: sha512-WZzeDOEtTOBK4Mdsar0IqEU5sMr3vSV2RqkAIzUEV2BHnUfKGyswWFPFwK5EeDo93K3FohSHbLAjj0s1Wzd+dg==} + js-base64@3.7.7: resolution: {integrity: sha512-7rCnleh0z2CkXhH67J8K1Ytz0b2Y+yxTPL+/KOJoa20hfnVQ/3/T6W/KflYI4bRHRagNeXeU2bkNGI3v1oS/lw==} @@ -5276,6 +5444,9 @@ packages: jsonfile@6.2.0: resolution: {integrity: sha512-FGuPw30AdOIUTRMC2OMRtQV+jkVj2cfPqSeWXv1NEAJ1qZ5zb1X6z1mFhbfOB/iy3ssJCD+3KuZ8r8C3uVFlAg==} + jsqr@1.4.0: + resolution: {integrity: sha512-dxLob7q65Xg2DvstYkRpkYtmKm2sPJ9oFhrhmudT1dZvNFFTlroai3AWSpLey/w5vMcLBXRgOJsbXpdN9HzU/A==} + jszip@3.10.1: resolution: {integrity: sha512-xXDvecyTpGLrqFrvkrUSoxxfJI5AH7U8zxxtVclpsUtMCq4JQ290LY8AW5c7Ggnr/Y/oK+bQMbqK2qmtk3pN4g==} @@ -5790,6 +5961,9 @@ packages: resolution: {integrity: sha512-jNdst/U28Iasukx/L5MP6b274Vr7ftQs6qAhPBCvz6Wt5rPCA+Q/tUmCzfCHHWweWw5szeMy2Gfrm1rITwUKrw==} engines: {node: '>=18'} + omggif@1.0.10: + resolution: {integrity: sha512-LMJTtvgc/nugXj0Vcrrs68Mn2D1r0zf630VNtqtpI1FEO7e+O9FP4gqs9AcnBaSEeoHIPm28u6qgPR0oyEpGSw==} + on-exit-leak-free@2.1.2: resolution: {integrity: sha512-0eJJY6hXLGf1udHwfNftBqH+g73EU4B504nZeKpz1sYRKafAghwxEJunB2O7rDZkL4PGfsMVnTXZ2EjibbqcsA==} engines: {node: '>=14.0.0'} @@ -5880,6 +6054,15 @@ packages: resolution: {integrity: sha512-CTM5kuWR3sx9IFamcl5ErfPl6ea/N8IYwiJ+vpeB2g+1iknv7zBl5uPwbMbRVznRVbrNY6lGuDoE5b30grmbqg==} engines: {node: '>= 0.10'} + parse-bmfont-ascii@1.0.6: + resolution: {integrity: sha512-U4RrVsUFCleIOBsIGYOMKjn9PavsGOXxbvYGtMOEfnId0SVNsgehXh1DxUdVPLoxd5mvcEtvmKs2Mmf0Mpa1ZA==} + + parse-bmfont-binary@1.0.6: + resolution: {integrity: sha512-GxmsRea0wdGdYthjuUeWTMWPqm2+FAd4GI8vCvhgJsFnoGhTrLhXDDupwTo7rXVAgaLIGoVHDZS9p/5XbSqeWA==} + + parse-bmfont-xml@1.1.6: + resolution: {integrity: sha512-0cEliVMZEhrFDwMh4SxIyVJpqYoOWDJ9P895tFuS+XuNzI5UBmBk5U5O4KuJdTnZpSBI4LFA2+ZiJaiwfSwlMA==} + parse-json@5.2.0: resolution: {integrity: sha512-ayCKvm/phCGxOkYRSCM82iDwct8/EonSEgCSxWxD7ve6jHggsFl4fZVQBPRNgQoKiuV/odhFrGzQXZwbifC8Rg==} engines: {node: '>=8'} @@ -5959,6 +6142,10 @@ packages: pdf-lib@1.17.1: resolution: {integrity: sha512-V/mpyJAoTsN4cnP31vc0wfNA1+p20evqqnap0KLoRUN0Yk/p3wN52DOEsL4oBFcLdb76hlpKPtzJIgo67j/XLw==} + peek-readable@4.1.0: + resolution: {integrity: sha512-ZI3LnwUv5nOGbQzD9c2iDG6toheuXSZP5esSHBjopsXH4dg19soufvpUGA3uohi5anFtGb2lhAVdHzH6R/Evvg==} + engines: {node: '>=8'} + perfect-debounce@1.0.0: resolution: {integrity: sha512-xCy9V055GLEqoFaHoC1SoLIaLmWctgCUaBaWxDZ7/Zx4CTyX7cJQLJOok/orfjZAh9kEYpjJa4d0KcJmCbctZA==} @@ -6007,6 +6194,10 @@ packages: resolution: {integrity: sha512-TfySrs/5nm8fQJDcBDuUng3VOUKsd7S+zqvbOTiGXHfxX4wK31ard+hoNuvkicM/2YFzlpDgABOevKSsB4G/FA==} engines: {node: '>= 6'} + pixelmatch@5.3.0: + resolution: {integrity: sha512-o8mkY4E/+LNUf6LzX96ht6k6CEDi65k9G2rjMtBe9Oo+VPKSvl+0GKHuH/AlG+GA5LPG/i5hrekkxUc3s2HU+Q==} + hasBin: true + pkg-dir@3.0.0: resolution: {integrity: sha512-/E57AYkoeQ25qkxMj5PBOVgF8Kiu/h7cYS30Z5+R7WaiCCBfLq58ZI/dSeaEKb9WVJV5n/03QwrN3IeWIFllvw==} engines: {node: '>=6'} @@ -6031,6 +6222,14 @@ packages: engines: {node: '>=18'} hasBin: true + pngjs@6.0.0: + resolution: {integrity: sha512-TRzzuFRRmEoSW/p1KVAmiOgPco2Irlah+bGFCeNfJXxxYGwSw7YwAOAcd7X28K/m5bjBWKsC29KyoMfHbypayg==} + engines: {node: '>=12.13.0'} + + pngjs@7.0.0: + resolution: {integrity: sha512-LKWqWJRhstyYo9pGvgor/ivk2w94eSjE3RGVuzLGlr3NmD8bf7RcYGze1mNdEHRP6TRP6rMuDHk5t44hnTRyow==} + engines: {node: '>=14.19.0'} + pofile@1.0.11: resolution: {integrity: sha512-Vy9eH1dRD9wHjYt/QqXcTz+RnX/zg53xK+KljFSX30PvdDMb2z+c6uDUeblUGqqJgz3QFsdlA0IJvHziPmWtQg==} @@ -6217,6 +6416,14 @@ packages: resolution: {integrity: sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==} engines: {node: '>= 6'} + readable-stream@4.7.0: + resolution: {integrity: sha512-oIGGmcpTLwPga8Bn6/Z75SVaH1z5dUut2ibSyAMVhmUggWpmDn2dapB0n7f8nwaSiRtepAsfJyfXIO5DCVAODg==} + engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} + + readable-web-to-node-stream@3.0.4: + resolution: {integrity: sha512-9nX56alTf5bwXQ3ZDipHJhusu9NTQJ/CVPtb/XHAJCXihZeitfJvIRS4GqQ/mfIoOE3IelHMrpayVrosdHBuLw==} + engines: {node: '>=8'} + readdirp@3.6.0: resolution: {integrity: sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==} engines: {node: '>=8.10.0'} @@ -6486,6 +6693,10 @@ packages: simple-git@3.30.0: resolution: {integrity: sha512-q6lxyDsCmEal/MEGhP1aVyQ3oxnagGlBDOVSIB4XUVLl1iZh0Pah6ebC9V4xBap/RfgP2WlI8EKs0WS0rMEJHg==} + simple-xml-to-json@1.2.3: + resolution: {integrity: sha512-kWJDCr9EWtZ+/EYYM5MareWj2cRnZGF93YDNpH4jQiHB+hBIZnfPFSQiVMzZOdk+zXWqTZ/9fTeQNu2DqeiudA==} + engines: {node: '>=20.12.2'} + slash@5.1.0: resolution: {integrity: sha512-ZA6oR3T/pEyuqwMgAKT0/hAv8oAXckzbkmR0UkUosQ+Mc4RxGoJkRmwHgHufaenlyAgE1Mxgpdcrf75y6XcnDg==} engines: {node: '>=14.16'} @@ -6536,6 +6747,10 @@ packages: spdx-satisfies@5.0.1: resolution: {integrity: sha512-Nwor6W6gzFp8XX4neaKQ7ChV4wmpSh2sSDemMFSzHxpTw460jxFYeOn+jq4ybnSSw/5sc3pjka9MQPouksQNpw==} + speakeasy@2.0.0: + resolution: {integrity: sha512-lW2A2s5LKi8rwu77ewisuUOtlCydF/hmQSOJjpTqTj1gZLkNgTaYnyvfxy2WBr4T/h+9c4g8HIITfj83OkFQFw==} + engines: {node: '>= 0.10.0'} + speakingurl@14.0.1: resolution: {integrity: sha512-1POYv7uv2gXoyGFpBCmpDVSNV74IfsWlDW216UPjbWufNf+bSU6GdbDsxdcxtfwb4xlI3yxzOTKClUosxARYrQ==} engines: {node: '>=0.10.0'} @@ -6614,6 +6829,10 @@ packages: strnum@2.1.2: resolution: {integrity: sha512-l63NF9y/cLROq/yqKXSLtcMeeyOfnSQlfMSlzFt/K73oIaD8DGaQWd7Z34X9GPiKqP5rbSh84Hl4bOlLcjiSrQ==} + strtok3@6.3.0: + resolution: {integrity: sha512-fZtbhtvI9I48xDSywd/somNqgUHl2L2cstmXCCif0itOf96jeW18MBSyrLuNicYQVkvpOxkZtkzujiTJ9LW5Jw==} + engines: {node: '>=10'} + style-dictionary@5.1.1: resolution: {integrity: sha512-scRFwr2VrerXy6BzO2Ym8AI0dRGkAIoS2YhooagytxCFkoXPYCLhvIxg3VO/yD2i4VeU4aGmHG80+ZLdPDb0uw==} engines: {node: '>=22.0.0'} @@ -6785,6 +7004,10 @@ packages: resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==} engines: {node: '>=8.0'} + token-types@4.2.1: + resolution: {integrity: sha512-6udB24Q737UD/SDsKAHI9FCRP7Bqc9D/MQUV02ORQg5iskjtLJlZJNdN4kKtcdtwCeWIwIHDGaUsTsCCAa8sFQ==} + engines: {node: '>=10'} + toposort@2.0.2: resolution: {integrity: sha512-0a5EOkAUp8D4moMi2W8ZF8jcga7BgZd91O/yabJCFY8az+XSzeGyTKs0Aoo897iV1Nj6guFq8orWDS96z91oGg==} @@ -7003,6 +7226,9 @@ packages: utf8@3.0.0: resolution: {integrity: sha512-E8VjFIQ/TyQgp+TZfS6l8yp/xWppSAHzidGiRrqe4bK4XP9pTRyKFgGJpO3SN7zdX4DeomTrwaseCHovfpFcqQ==} + utif2@4.1.0: + resolution: {integrity: sha512-+oknB9FHrJ7oW7A2WZYajOcv4FcDR4CfoGB0dPNfxbi4GO05RRnFmt5oa23+9w32EanrYcSJWspUiJkLMs+37w==} + util-arity@1.1.0: resolution: {integrity: sha512-kkyIsXKwemfSy8ZEoaIz06ApApnWsk5hQO0vLjZS6UkBiGiW++Jsyb8vSBoc0WKlffGoGs5yYy/j5pp8zckrFA==} @@ -7392,6 +7618,17 @@ packages: resolution: {integrity: sha512-EvGK8EJ3DhaHfbRlETOWAS5pO9MZITeauHKJyb8wyajUfQUenkIg2MvLDTZ4T/TgIcm3HU0TFBgWWboAZ30UHg==} engines: {node: '>=18'} + xml-parse-from-string@1.0.1: + resolution: {integrity: sha512-ErcKwJTF54uRzzNMXq2X5sMIy88zJvfN2DmdoQvy7PAFJ+tPRU6ydWuOKNMyfmOjdyBQTFREi60s0Y0SyI0G0g==} + + xml2js@0.5.0: + resolution: {integrity: sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA==} + engines: {node: '>=4.0.0'} + + xmlbuilder@11.0.1: + resolution: {integrity: sha512-fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA==} + engines: {node: '>=4.0'} + xmlbuilder@15.1.1: resolution: {integrity: sha512-yMqGBqtXyeN1e3TGYvgNgDVZ3j84W4cwkOXQswghol6APgZWaff9lnbvN7MHYJOiXsvGPXtjTYJEiC9J2wv9Eg==} engines: {node: '>=8.0'} @@ -7449,6 +7686,9 @@ packages: zhead@2.2.4: resolution: {integrity: sha512-8F0OI5dpWIA5IGG5NHUg9staDwz/ZPxZtvGVf01j7vHqSyZ0raHY+78atOVxRqb73AotX22uV1pXt3gYSstGag==} + zod@3.25.76: + resolution: {integrity: sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==} + zod@4.3.6: resolution: {integrity: sha512-rftlrkhHZOcjDwkGlnUtZZkvaPHCsDATp4pGpuOOMDaTdDDXF91wuVDJoWoPsKX/3YPQ5fHuF3STjcYyKr+Qhg==} @@ -8862,6 +9102,195 @@ snapshots: wrap-ansi: 8.1.0 wrap-ansi-cjs: wrap-ansi@7.0.0 + '@jimp/core@1.6.0': + dependencies: + '@jimp/file-ops': 1.6.0 + '@jimp/types': 1.6.0 + '@jimp/utils': 1.6.0 + await-to-js: 3.0.0 + exif-parser: 0.1.12 + file-type: 16.5.4 + mime: 3.0.0 + + '@jimp/diff@1.6.0': + dependencies: + '@jimp/plugin-resize': 1.6.0 + '@jimp/types': 1.6.0 + '@jimp/utils': 1.6.0 + pixelmatch: 5.3.0 + + '@jimp/file-ops@1.6.0': {} + + '@jimp/js-bmp@1.6.0': + dependencies: + '@jimp/core': 1.6.0 + '@jimp/types': 1.6.0 + '@jimp/utils': 1.6.0 + bmp-ts: 1.0.9 + + '@jimp/js-gif@1.6.0': + dependencies: + '@jimp/core': 1.6.0 + '@jimp/types': 1.6.0 + gifwrap: 0.10.1 + omggif: 1.0.10 + + '@jimp/js-jpeg@1.6.0': + dependencies: + '@jimp/core': 1.6.0 + '@jimp/types': 1.6.0 + jpeg-js: 0.4.4 + + '@jimp/js-png@1.6.0': + dependencies: + '@jimp/core': 1.6.0 + '@jimp/types': 1.6.0 + pngjs: 7.0.0 + + '@jimp/js-tiff@1.6.0': + dependencies: + '@jimp/core': 1.6.0 + '@jimp/types': 1.6.0 + utif2: 4.1.0 + + '@jimp/plugin-blit@1.6.0': + dependencies: + '@jimp/types': 1.6.0 + '@jimp/utils': 1.6.0 + zod: 3.25.76 + + '@jimp/plugin-blur@1.6.0': + dependencies: + '@jimp/core': 1.6.0 + '@jimp/utils': 1.6.0 + + '@jimp/plugin-circle@1.6.0': + dependencies: + '@jimp/types': 1.6.0 + zod: 3.25.76 + + '@jimp/plugin-color@1.6.0': + dependencies: + '@jimp/core': 1.6.0 + '@jimp/types': 1.6.0 + '@jimp/utils': 1.6.0 + tinycolor2: 1.6.0 + zod: 3.25.76 + + '@jimp/plugin-contain@1.6.0': + dependencies: + '@jimp/core': 1.6.0 + '@jimp/plugin-blit': 1.6.0 + '@jimp/plugin-resize': 1.6.0 + '@jimp/types': 1.6.0 + '@jimp/utils': 1.6.0 + zod: 3.25.76 + + '@jimp/plugin-cover@1.6.0': + dependencies: + '@jimp/core': 1.6.0 + '@jimp/plugin-crop': 1.6.0 + '@jimp/plugin-resize': 1.6.0 + '@jimp/types': 1.6.0 + zod: 3.25.76 + + '@jimp/plugin-crop@1.6.0': + dependencies: + '@jimp/core': 1.6.0 + '@jimp/types': 1.6.0 + '@jimp/utils': 1.6.0 + zod: 3.25.76 + + '@jimp/plugin-displace@1.6.0': + dependencies: + '@jimp/types': 1.6.0 + '@jimp/utils': 1.6.0 + zod: 3.25.76 + + '@jimp/plugin-dither@1.6.0': + dependencies: + '@jimp/types': 1.6.0 + + '@jimp/plugin-fisheye@1.6.0': + dependencies: + '@jimp/types': 1.6.0 + '@jimp/utils': 1.6.0 + zod: 3.25.76 + + '@jimp/plugin-flip@1.6.0': + dependencies: + '@jimp/types': 1.6.0 + zod: 3.25.76 + + '@jimp/plugin-hash@1.6.0': + dependencies: + '@jimp/core': 1.6.0 + '@jimp/js-bmp': 1.6.0 + '@jimp/js-jpeg': 1.6.0 + '@jimp/js-png': 1.6.0 + '@jimp/js-tiff': 1.6.0 + '@jimp/plugin-color': 1.6.0 + '@jimp/plugin-resize': 1.6.0 + '@jimp/types': 1.6.0 + '@jimp/utils': 1.6.0 + any-base: 1.1.0 + + '@jimp/plugin-mask@1.6.0': + dependencies: + '@jimp/types': 1.6.0 + zod: 3.25.76 + + '@jimp/plugin-print@1.6.0': + dependencies: + '@jimp/core': 1.6.0 + '@jimp/js-jpeg': 1.6.0 + '@jimp/js-png': 1.6.0 + '@jimp/plugin-blit': 1.6.0 + '@jimp/types': 1.6.0 + parse-bmfont-ascii: 1.0.6 + parse-bmfont-binary: 1.0.6 + parse-bmfont-xml: 1.1.6 + simple-xml-to-json: 1.2.3 + zod: 3.25.76 + + '@jimp/plugin-quantize@1.6.0': + dependencies: + image-q: 4.0.0 + zod: 3.25.76 + + '@jimp/plugin-resize@1.6.0': + dependencies: + '@jimp/core': 1.6.0 + '@jimp/types': 1.6.0 + zod: 3.25.76 + + '@jimp/plugin-rotate@1.6.0': + dependencies: + '@jimp/core': 1.6.0 + '@jimp/plugin-crop': 1.6.0 + '@jimp/plugin-resize': 1.6.0 + '@jimp/types': 1.6.0 + '@jimp/utils': 1.6.0 + zod: 3.25.76 + + '@jimp/plugin-threshold@1.6.0': + dependencies: + '@jimp/core': 1.6.0 + '@jimp/plugin-color': 1.6.0 + '@jimp/plugin-hash': 1.6.0 + '@jimp/types': 1.6.0 + '@jimp/utils': 1.6.0 + zod: 3.25.76 + + '@jimp/types@1.6.0': + dependencies: + zod: 3.25.76 + + '@jimp/utils@1.6.0': + dependencies: + '@jimp/types': 1.6.0 + tinycolor2: 1.6.0 + '@jridgewell/gen-mapping@0.3.13': dependencies: '@jridgewell/sourcemap-codec': 1.5.5 @@ -9378,6 +9807,8 @@ snapshots: '@teppeis/multimaps@3.0.0': {} + '@tokenizer/token@0.3.0': {} + '@transloadit/prettier-bytes@0.3.5': {} '@tsconfig/node10@1.0.11': {} @@ -9566,6 +9997,8 @@ snapshots: '@types/minimatch@5.1.2': {} + '@types/node@16.9.1': {} + '@types/node@20.19.1': dependencies: undici-types: 6.21.0 @@ -10121,6 +10554,10 @@ snapshots: abbrev@2.0.0: {} + abort-controller@3.0.0: + dependencies: + event-target-shim: 5.0.1 + acorn-jsx@5.3.2(acorn@8.16.0): dependencies: acorn: 8.16.0 @@ -10200,6 +10637,8 @@ snapshots: ansi-styles@6.2.3: {} + any-base@1.1.0: {} + any-promise@1.3.0: {} anymatch@3.1.3: @@ -10287,6 +10726,8 @@ snapshots: dependencies: possible-typed-array-names: 1.1.0 + await-to-js@3.0.0: {} + axe-core@4.11.0: {} axios@1.13.6(debug@4.4.3): @@ -10339,6 +10780,8 @@ snapshots: base-64@1.0.0: {} + base32.js@0.0.1: {} + base64-arraybuffer@1.0.2: {} base64-js@1.5.1: {} @@ -10355,6 +10798,8 @@ snapshots: birpc@2.9.0: {} + bmp-ts@1.0.9: {} + bn.js@4.12.2: {} bn.js@5.2.2: {} @@ -11406,6 +11851,8 @@ snapshots: d: 1.0.2 es5-ext: 0.10.64 + event-target-shim@5.0.1: {} + eventemitter3@5.0.1: {} events@3.3.0: {} @@ -11427,6 +11874,8 @@ snapshots: signal-exit: 3.0.7 strip-final-newline: 2.0.0 + exif-parser@0.1.12: {} + expect-type@1.3.0: {} exsolve@1.0.7: {} @@ -11486,6 +11935,12 @@ snapshots: dependencies: flat-cache: 4.0.1 + file-type@16.5.4: + dependencies: + readable-web-to-node-stream: 3.0.4 + strtok3: 6.3.0 + token-types: 4.2.1 + filelist@1.0.4: dependencies: minimatch: 5.1.6 @@ -11630,6 +12085,11 @@ snapshots: pofile: 1.0.11 typescript: 5.9.3 + gifwrap@0.10.1: + dependencies: + image-q: 4.0.0 + omggif: 1.0.10 + git-repo-info@2.1.1: {} glob-parent@5.1.2: @@ -11829,6 +12289,10 @@ snapshots: ignore@7.0.5: {} + image-q@4.0.0: + dependencies: + '@types/node': 16.9.1 + immediate@3.0.6: {} immutable@5.1.2: {} @@ -12002,6 +12466,36 @@ snapshots: merge-stream: 2.0.0 supports-color: 8.1.1 + jimp@1.6.0: + dependencies: + '@jimp/core': 1.6.0 + '@jimp/diff': 1.6.0 + '@jimp/js-bmp': 1.6.0 + '@jimp/js-gif': 1.6.0 + '@jimp/js-jpeg': 1.6.0 + '@jimp/js-png': 1.6.0 + '@jimp/js-tiff': 1.6.0 + '@jimp/plugin-blit': 1.6.0 + '@jimp/plugin-blur': 1.6.0 + '@jimp/plugin-circle': 1.6.0 + '@jimp/plugin-color': 1.6.0 + '@jimp/plugin-contain': 1.6.0 + '@jimp/plugin-cover': 1.6.0 + '@jimp/plugin-crop': 1.6.0 + '@jimp/plugin-displace': 1.6.0 + '@jimp/plugin-dither': 1.6.0 + '@jimp/plugin-fisheye': 1.6.0 + '@jimp/plugin-flip': 1.6.0 + '@jimp/plugin-hash': 1.6.0 + '@jimp/plugin-mask': 1.6.0 + '@jimp/plugin-print': 1.6.0 + '@jimp/plugin-quantize': 1.6.0 + '@jimp/plugin-resize': 1.6.0 + '@jimp/plugin-rotate': 1.6.0 + '@jimp/plugin-threshold': 1.6.0 + '@jimp/types': 1.6.0 + '@jimp/utils': 1.6.0 + jju@1.4.0: {} join-path@1.1.1: @@ -12012,6 +12506,8 @@ snapshots: joycon@3.1.1: {} + jpeg-js@0.4.4: {} + js-base64@3.7.7: {} js-beautify@1.15.4: @@ -12083,6 +12579,8 @@ snapshots: optionalDependencies: graceful-fs: 4.2.11 + jsqr@1.4.0: {} + jszip@3.10.1: dependencies: lie: 3.3.0 @@ -12639,6 +13137,8 @@ snapshots: dependencies: jwt-decode: 4.0.0 + omggif@1.0.10: {} + on-exit-leak-free@2.1.2: {} once@1.4.0: @@ -12736,6 +13236,15 @@ snapshots: pbkdf2: 3.1.2 safe-buffer: 5.2.1 + parse-bmfont-ascii@1.0.6: {} + + parse-bmfont-binary@1.0.6: {} + + parse-bmfont-xml@1.1.6: + dependencies: + xml-parse-from-string: 1.0.1 + xml2js: 0.5.0 + parse-json@5.2.0: dependencies: '@babel/code-frame': 7.27.1 @@ -12815,6 +13324,8 @@ snapshots: pako: 1.0.11 tslib: 1.14.1 + peek-readable@4.1.0: {} + perfect-debounce@1.0.0: {} perfect-debounce@2.1.0: {} @@ -12872,6 +13383,10 @@ snapshots: pirates@4.0.7: {} + pixelmatch@5.3.0: + dependencies: + pngjs: 6.0.0 + pkg-dir@3.0.0: dependencies: find-up: 3.0.0 @@ -12900,6 +13415,10 @@ snapshots: optionalDependencies: fsevents: 2.3.2 + pngjs@6.0.0: {} + + pngjs@7.0.0: {} + pofile@1.0.11: {} pofile@1.1.4: {} @@ -13084,6 +13603,18 @@ snapshots: string_decoder: 1.3.0 util-deprecate: 1.0.2 + readable-stream@4.7.0: + dependencies: + abort-controller: 3.0.0 + buffer: 6.0.3 + events: 3.3.0 + process: 0.11.10 + string_decoder: 1.3.0 + + readable-web-to-node-stream@3.0.4: + dependencies: + readable-stream: 4.7.0 + readdirp@3.6.0: dependencies: picomatch: 2.3.1 @@ -13361,6 +13892,8 @@ snapshots: transitivePeerDependencies: - supports-color + simple-xml-to-json@1.2.3: {} + slash@5.1.0: {} slice-ansi@4.0.0: @@ -13414,6 +13947,10 @@ snapshots: spdx-expression-parse: 3.0.1 spdx-ranges: 2.1.1 + speakeasy@2.0.0: + dependencies: + base32.js: 0.0.1 + speakingurl@14.0.1: {} split2@4.2.0: {} @@ -13487,6 +14024,11 @@ snapshots: strnum@2.1.2: {} + strtok3@6.3.0: + dependencies: + '@tokenizer/token': 0.3.0 + peek-readable: 4.1.0 + style-dictionary@5.1.1: dependencies: '@bundled-es-modules/deepmerge': 4.3.1 @@ -13698,6 +14240,11 @@ snapshots: dependencies: is-number: 7.0.0 + token-types@4.2.1: + dependencies: + '@tokenizer/token': 0.3.0 + ieee754: 1.2.1 + toposort@2.0.2: {} tough-cookie@6.0.0: @@ -13886,6 +14433,10 @@ snapshots: utf8@3.0.0: {} + utif2@4.1.0: + dependencies: + pako: 1.0.11 + util-arity@1.1.0: {} util-deprecate@1.0.2: {} @@ -14288,6 +14839,15 @@ snapshots: xml-name-validator@5.0.0: {} + xml-parse-from-string@1.0.1: {} + + xml2js@0.5.0: + dependencies: + sax: 1.4.1 + xmlbuilder: 11.0.1 + + xmlbuilder@11.0.1: {} + xmlbuilder@15.1.1: {} xmlchars@2.2.0: {} @@ -14334,4 +14894,6 @@ snapshots: zhead@2.2.4: {} + zod@3.25.76: {} + zod@4.3.6: {} diff --git a/tests/drone/ocis_keycloak/ocis-mfa-ci-realm.dist.json b/tests/drone/ocis_keycloak/ocis-mfa-ci-realm.dist.json new file mode 100644 index 00000000000..63200a3ac07 --- /dev/null +++ b/tests/drone/ocis_keycloak/ocis-mfa-ci-realm.dist.json @@ -0,0 +1,2934 @@ +{ + "id": "ownCloud Infinite Scale Test", + "realm": "oCIS", + "displayName": "ownCloud Infinite Scale", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": true, + "permanentLockout": false, + "maxTemporaryLockouts": 0, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "0bb40fa2-4490-4687-9159-b1d27ec7423a", + "name": "ocisAdmin", + "description": "", + "composite": false, + "clientRole": false, + "containerId": "ownCloud Infinite Scale Test", + "attributes": {} + }, + { + "id": "2d576514-4aae-46aa-9d9c-075f55f4d988", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "ownCloud Infinite Scale Test", + "attributes": {} + }, + { + "id": "8c79ff81-c256-48fd-b0b9-795c7941eedf", + "name": "ocisUser", + "description": "", + "composite": false, + "clientRole": false, + "containerId": "ownCloud Infinite Scale Test", + "attributes": {} + }, + { + "id": "bd5f5012-48bb-4ea4-bfe6-0623e3ca0552", + "name": "ocisSpaceAdmin", + "description": "", + "composite": false, + "clientRole": false, + "containerId": "ownCloud Infinite Scale Test", + "attributes": {} + }, + { + "id": "e2145b30-bf6f-49fb-af3f-1b40168bfcef", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "ownCloud Infinite Scale Test", + "attributes": {} + }, + { + "id": "82e13ea7-aac4-4d2c-9fc7-cff8333dbe19", + "name": "default-roles-ocis", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": [ + "offline_access", + "uma_authorization" + ], + "client": { + "account": [ + "manage-account", + "view-profile" + ] + } + }, + "clientRole": false, + "containerId": "ownCloud Infinite Scale Test", + "attributes": {} + }, + { + "id": "7eedfa6d-a2d9-4296-b6db-e75e4e9c0963", + "name": "ocisGuest", + "description": "", + "composite": false, + "clientRole": false, + "containerId": "ownCloud Infinite Scale Test", + "attributes": {} + } + ], + "client": { + "_system": [], + "realm-management": [ + { + "id": "979ce053-a671-4b50-81d5-da4bdf7404c9", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", + "attributes": {} + }, + { + "id": "4bec4791-e888-4dac-bc95-71720d5981b9", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", + "attributes": {} + }, + { + "id": "955b4406-b04f-432d-a61a-571675874341", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", + "attributes": {} + }, + { + "id": "baa219af-2773-4d59-b06b-485f10fbbab3", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", + "attributes": {} + }, + { + "id": "f280bc03-d079-478d-be06-3590580b25e9", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", + "attributes": {} + }, + { + "id": "db698163-84ad-46c9-958f-bb5f80ae78b5", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", + "attributes": {} + }, + { + "id": "36c04d89-abf7-4a2c-a808-8efa9aca1435", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", + "attributes": {} + }, + { + "id": "06eae953-11d5-4344-b089-ffce1e68d5d8", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", + "attributes": {} + }, + { + "id": "afe8aa78-2f06-43a5-8c99-cf68a1f5a86a", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "view-clients", + "query-users", + "manage-authorization", + "view-events", + "manage-users", + "query-clients", + "manage-clients", + "query-realms", + "impersonation", + "manage-realm", + "manage-identity-providers", + "view-authorization", + "create-client", + "query-groups", + "view-users", + "view-realm", + "view-identity-providers", + "manage-events" + ] + } + }, + "clientRole": true, + "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", + "attributes": {} + }, + { + "id": "22ee128a-b28e-4c6a-aa8e-ad4136d74e1b", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", + "attributes": {} + }, + { + "id": "89d4f119-7f87-44d9-8eef-d207304de778", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", + "attributes": {} + }, + { + "id": "ebffeff4-6794-4003-a2ab-a79eff7d1baa", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", + "attributes": {} + }, + { + "id": "2361a7ff-d2b3-43f5-b360-ad0e44fba65c", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", + "attributes": {} + }, + { + "id": "f7bf6d7a-a861-49c6-8f6f-225c18d0a03a", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", + "attributes": {} + }, + { + "id": "34ccce1c-5a7e-4268-8836-2276545be900", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", + "attributes": {} + }, + { + "id": "430f7831-8f22-4518-bd15-2998eae45a51", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-groups", + "query-users" + ] + } + }, + "clientRole": true, + "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", + "attributes": {} + }, + { + "id": "371a31e6-4494-4b74-b3ea-d030663423ed", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", + "attributes": {} + }, + { + "id": "e875775b-7a3e-4a5d-9e4e-376351b78626", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", + "attributes": {} + }, + { + "id": "3dce7929-ee1f-40cd-9be1-7addcae92cef", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", + "attributes": {} + } + ], + "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69": [], + "web": [], + "security-admin-console": [], + "e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD": [], + "admin-cli": [], + "mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1": [], + "account-console": [], + "broker": [ + { + "id": "81fad68a-8dd8-4d79-9a8f-206a82460145", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "002faf0a-716c-4230-81c7-ce22d1eb832c", + "attributes": {} + } + ], + "account": [ + { + "id": "c49a49da-8ad0-44cb-b518-6d7d72cbe494", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "9850adad-7910-4b67-a790-da6444361618", + "attributes": {} + }, + { + "id": "9dc2244e-b8a7-44f1-b173-d2b929fedcca", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "9850adad-7910-4b67-a790-da6444361618", + "attributes": {} + }, + { + "id": "ce115327-99c9-44d4-ba7d-820397dc11e6", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "9850adad-7910-4b67-a790-da6444361618", + "attributes": {} + }, + { + "id": "2ffdf854-084b-467a-91c6-7f07844efc9a", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "9850adad-7910-4b67-a790-da6444361618", + "attributes": {} + }, + { + "id": "8c45ca71-32aa-4547-932d-412da5e371ed", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "9850adad-7910-4b67-a790-da6444361618", + "attributes": {} + }, + { + "id": "cbeecf6d-9af8-4746-877b-74800a894c35", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "9850adad-7910-4b67-a790-da6444361618", + "attributes": {} + }, + { + "id": "ea798f64-b5f8-417f-9fe0-d3cd9172884f", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "9850adad-7910-4b67-a790-da6444361618", + "attributes": {} + }, + { + "id": "e73aaf6d-e67b-491a-9cc3-78c32c82b42c", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ + "view-consent" + ] + } + }, + "clientRole": true, + "containerId": "9850adad-7910-4b67-a790-da6444361618", + "attributes": {} + } + ] + } + }, + "groups": [ + { + "id": "99187f82-71b6-4f21-a255-0d87bb286607", + "name": "philosophy-haters", + "path": "/philosophy-haters", + "subGroups": [], + "attributes": {}, + "realmRoles": [], + "clientRoles": {} + }, + { + "id": "2129ab43-0221-40e1-871a-394a8c9b6434", + "name": "physics-lovers", + "path": "/physics-lovers", + "subGroups": [], + "attributes": {}, + "realmRoles": [], + "clientRoles": {} + }, + { + "id": "8246d8bc-8e35-4b11-916e-f8d7729d6a23", + "name": "polonium-lovers", + "path": "/polonium-lovers", + "subGroups": [], + "attributes": {}, + "realmRoles": [], + "clientRoles": {} + }, + { + "id": "fabf9b54-c27e-495e-961d-9c9f2ebfd482", + "name": "quantum-lovers", + "path": "/quantum-lovers", + "subGroups": [], + "attributes": {}, + "realmRoles": [], + "clientRoles": {} + }, + { + "id": "f5613e5a-84b6-4e85-bcb3-0fff9fa6a191", + "name": "radium-lovers", + "path": "/radium-lovers", + "subGroups": [], + "attributes": {}, + "realmRoles": [], + "clientRoles": {} + }, + { + "id": "32031f61-035e-4355-b7bf-17ff314581f3", + "name": "sailing-lovers", + "path": "/sailing-lovers", + "subGroups": [], + "attributes": {}, + "realmRoles": [], + "clientRoles": {} + }, + { + "id": "8520544b-eb76-449d-8498-fbe0e1e62a97", + "name": "users", + "path": "/users", + "subGroups": [], + "attributes": {}, + "realmRoles": [], + "clientRoles": {} + }, + { + "id": "d0a10993-e532-49b7-b2b4-009f9b31d43a", + "name": "violin-haters", + "path": "/violin-haters", + "subGroups": [], + "attributes": {}, + "realmRoles": [], + "clientRoles": {} + } + ], + "defaultRole": { + "id": "82e13ea7-aac4-4d2c-9fc7-cff8333dbe19", + "name": "default-roles-ocis", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "ownCloud Infinite Scale Test" + }, + "requiredCredentials": [ + "password" + ], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, + "otpSupportedApplications": [ + "totpAppFreeOTPName", + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName" + ], + "localizationTexts": {}, + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyExtraOrigins": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "webAuthnPolicyPasswordlessExtraOrigins": [], + "users": [ + { + "id": "389845cd-65b9-47fc-b723-ba75940bcbd7", + "username": "admin", + "firstName": "Admin", + "lastName": "Admin", + "email": "admin@example.org", + "emailVerified": true, + "createdTimestamp": 1611912383386, + "enabled": true, + "totp": false, + "credentials": [ + { + "id": "499e0fbe-1c10-4588-9db4-e8a1012b9246", + "type": "password", + "createdDate": 1611912393787, + "secretData": "{\"value\":\"WUdGHYxGqrEBqg8Y3v+CKCzkzXkboMI6VmpWAYqvD7pIcP9z1zzDTqwlXrVFytoZMpcceT3Xm1hAGh7CZcSoHQ==\",\"salt\":\"pxP1MdkG//50Lv81WsQ5FA==\",\"additionalParameters\":{}}", + "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "uma_authorization", + "ocisAdmin", + "offline_access" + ], + "clientRoles": { + "account": [ + "manage-account", + "view-profile" + ] + }, + "notBefore": 0, + "groups": [ + "/users" + ] + }, + { + "id": "0a9f434c-4864-49cf-ac15-46ed0f49d59b", + "username": "einstein", + "firstName": "Albert", + "lastName": "Einstein", + "email": "einstein@example.org", + "emailVerified": true, + "createdTimestamp": 1611912153544, + "enabled": true, + "totp": false, + "credentials": [ + { + "id": "19efcb24-c5ec-42ed-97e1-2475ca025f40", + "type": "password", + "createdDate": 1611912169712, + "secretData": "{\"value\":\"5+ofM8OpvpiPZyi4ZJuB2Pa3jGOIcY2uXui2p8KRWCs=\",\"salt\":\"wfhXLZScHStB14ZxML9d7g==\",\"additionalParameters\":{}}", + "credentialData": "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "uma_authorization", + "ocisUser", + "offline_access" + ], + "clientRoles": { + "account": [ + "manage-account", + "view-profile" + ] + }, + "notBefore": 0, + "groups": [ + "/physics-lovers", + "/sailing-lovers", + "/users", + "/violin-haters" + ] + }, + { + "id": "b44a81e2-e3ed-4241-a9ce-44604f7ac9eb", + "username": "katherine", + "firstName": "Katherine", + "lastName": "Johnson", + "email": "katherine@example.org", + "emailVerified": true, + "createdTimestamp": 1678101111607, + "enabled": true, + "totp": false, + "credentials": [ + { + "id": "be18ccc9-b80f-4895-bf06-8e8e4605c634", + "type": "password", + "userLabel": "My password", + "createdDate": 1678101159924, + "secretData": "{\"value\":\"/E/1yfcgM8deq6V544gEsTfsXZuUnzaofmM+AK+MpAsvRoNRtEyRN1pajhIpGDtEuPa/KVBDbcALE7WMbFhO1w==\",\"salt\":\"TXapvlOYBWqabQRo+fINFQ==\",\"additionalParameters\":{}}", + "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "ocisSpaceAdmin", + "default-roles-ocis" + ], + "notBefore": 0, + "groups": [] + }, + { + "id": "48016357-346a-443e-bf7a-945c9448a99b", + "username": "marie", + "firstName": "Marie", + "lastName": "Curie", + "email": "marie@example.org", + "emailVerified": true, + "createdTimestamp": 1611912241951, + "enabled": true, + "totp": false, + "credentials": [ + { + "id": "ff304f90-a934-4bf1-9cfe-bd165751c110", + "type": "password", + "createdDate": 1611912318408, + "secretData": "{\"value\":\"DN7g/etlfzHfd6tfF4g50xdPGy+aUboAXmjB06R0NzhGhwhOxiUh7KNWre2pqZOiu28iGXfDFWMP2xDCNid+Mg==\",\"salt\":\"ZFYXUMBaZm/XspifJgH9Tg==\",\"additionalParameters\":{}}", + "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "uma_authorization", + "ocisUser", + "offline_access" + ], + "clientRoles": { + "account": [ + "manage-account", + "view-profile" + ] + }, + "notBefore": 0, + "groups": [ + "/physics-lovers", + "/polonium-lovers", + "/radium-lovers", + "/users" + ] + }, + { + "id": "d18c3689-b816-455a-9728-cd8c9797f315", + "username": "moss", + "firstName": "Maurice", + "lastName": "Moss", + "email": "moss@example.org", + "emailVerified": true, + "createdTimestamp": 1611912340085, + "enabled": true, + "totp": false, + "credentials": [ + { + "id": "273679bf-80ef-4c83-ac23-0ee569c3bece", + "type": "password", + "createdDate": 1611912354500, + "secretData": "{\"value\":\"f22la+Ghr2xDBOA1tJrMlc2GFy9ZiGcTJuto2U9KaHE=\",\"salt\":\"fjwq6/u6YI+r1xdZL0UtxA==\",\"additionalParameters\":{}}", + "credentialData": "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "uma_authorization", + "ocisAdmin", + "offline_access" + ], + "clientRoles": { + "account": [ + "manage-account", + "view-profile" + ] + }, + "notBefore": 0, + "groups": [ + "/users" + ] + }, + { + "id": "373be4c5-7f65-4e91-ba0e-bfb618c96046", + "username": "richard", + "firstName": "Richard", + "lastName": "Feynman", + "email": "richard@example.org", + "emailVerified": true, + "createdTimestamp": 1611912442173, + "enabled": true, + "totp": false, + "credentials": [ + { + "id": "2fb1bcd7-8a51-4732-b695-dc4aa14b1dca", + "type": "password", + "createdDate": 1611912452192, + "secretData": "{\"value\":\"uzN0AO66tnEoLM5SpHmJ3rNb4Gj9sXJMafn68EbDwVtQmbOR0uY7L/ePU7i5pVTvhgRN7XMj0P9Fc+iV7C+Pzw==\",\"salt\":\"PqLW9Cu52hOW9b2cVTF+Sg==\",\"additionalParameters\":{}}", + "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "uma_authorization", + "ocisUser", + "offline_access" + ], + "clientRoles": { + "account": [ + "manage-account", + "view-profile" + ] + }, + "notBefore": 0, + "groups": [ + "/philosophy-haters", + "/physics-lovers", + "/quantum-lovers", + "/users" + ] + } + ], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": [ + "offline_access" + ] + }, + { + "clientScope": "roles", + "roles": [ + "ocisSpaceAdmin", + "ocisGuest", + "ocisUser", + "ocisAdmin" + ] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": [ + "manage-account", + "view-groups" + ] + } + ] + }, + "clients": [ + { + "id": "294b6cf4-b646-4f6c-bab2-616546ec3167", + "clientId": "_system", + "name": "_system", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "pIw3cF77kEYSYR2r1HfOzySTBLO7aYeM", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "client.secret.creation.time": "1718778122", + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "profile", + "roles", + "basic", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "9850adad-7910-4b67-a790-da6444361618", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/oCIS/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "PY3vaoPyw7VCfHxDf41JKbGtR2WOV85S", + "redirectUris": [ + "/realms/oCIS/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "client.secret.creation.time": "1718778122", + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "basic" + ], + "optionalClientScopes": [] + }, + { + "id": "55bb4cdc-045b-422a-8830-61245949d6aa", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/oCIS/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/oCIS/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "9bf413ed-402f-438d-a72c-033f3c45dab2", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "basic", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "2969b8ff-2ab3-4907-aaa7-091a7a627ccb", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "basic" + ], + "optionalClientScopes": [] + }, + { + "id": "002faf0a-716c-4230-81c7-ce22d1eb832c", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "3mksmxreyii6xcc6N2JRGLT4fehwE1HT", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "client.secret.creation.time": "1718778122", + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "basic" + ], + "optionalClientScopes": [] + }, + { + "id": "c8367556-1d13-4979-b4f6-5e2cff1f82ae", + "clientId": "e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD", + "name": "ownCloud Android app", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD", + "redirectUris": [ + "oc://android.owncloud.com" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "post.logout.redirect.uris": "+", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "profile", + "roles", + "groups", + "basic", + "email" + ], + "optionalClientScopes": [ + "acr", + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "6ae0e3da-38ff-47a4-a76e-b59eec0a2de9", + "clientId": "mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1", + "name": "ownCloud iOS app", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx", + "redirectUris": [ + "oc://ios.owncloud.com" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "post.logout.redirect.uris": "+", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "profile", + "roles", + "groups", + "basic", + "email" + ], + "optionalClientScopes": [ + "acr", + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [], + "optionalClientScopes": [] + }, + { + "id": "97264f49-a8c1-4585-99b6-e706339c62f8", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/oCIS/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/admin/oCIS/console/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "96092024-21dd-4d31-a004-2c5b96031da3", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + } + ], + "defaultClientScopes": [ + "basic" + ], + "optionalClientScopes": [] + }, + { + "id": "54b18eca-cf79-4263-9db9-2d79f8a1c831", + "clientId": "web", + "name": "", + "description": "", + "rootUrl": "https://ocis.owncloud.test", + "adminUrl": "https://ocis.owncloud.test", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "https://ocis.owncloud.test/*" + ], + "webOrigins": [ + "https://ocis.owncloud.test" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "post.logout.redirect.uris": "+", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "oidc.ciba.grant.enabled": "false", + "backchannel.logout.url": "https://ocis.owncloud.test/backchannel_logout", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "profile", + "roles", + "groups", + "basic", + "email" + ], + "optionalClientScopes": [ + "acr", + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "fc7d8a8e-cb92-4cb0-b404-d723c07d8d4f", + "clientId": "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69", + "name": "ownCloud Desktop Client", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh", + "redirectUris": [ + "http://127.0.0.1:*", + "http://localhost:*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "post.logout.redirect.uris": "+", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "profile", + "roles", + "groups", + "basic", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + } + ], + "clientScopes": [ + { + "id": "258e56a8-1eeb-49ea-957b-aff8df4656ba", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${emailScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "068bcfb6-4a17-4c20-b083-ae542a7f76c8", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean", + "userinfo.token.claim": "true" + } + }, + { + "id": "c00d6c21-2fd1-435f-9ee9-87e011048cbe", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + } + ] + }, + { + "id": "b3e1e47e-3912-4b55-ba89-b0198e767682", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${addressScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "876baab9-39d1-4845-abb4-561a58aa152d", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "9cae7ced-e7d9-4f7b-8e54-7402125f6ead", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "8eb1f69b-b941-4185-bca1-f916953f7cf5", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "fb587847-806f-4443-bab0-501efc0f0b46", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "947da1ff-f614-48fc-9ecb-c98cbcfd3390", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${profileScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "46fec552-2f92-408a-84cf-ba98bf8e35fd", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "c7ed5458-4d32-423e-8ea1-d112c45045d4", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "e18d1ce4-3969-4ec1-9941-a27fd7555245", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "dab85a5e-9af8-4fcd-88e4-9d3ae50dd5b6", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "7484f47e-3bb1-48d0-ba64-e8330dcefe6e", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "fcd00995-9693-4803-8f41-c84044be83ed", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "f09e7268-5284-449b-849b-cf8225523584", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "0317f4b3-3f7b-47ab-88d3-5d6f604d944d", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "db81244c-e739-461b-8822-52ceaa11bdf4", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "c6a16bf9-9370-4dff-a718-be53131bb238", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "32d76647-b542-484c-9062-edc34eb350e0", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "ac6530db-6463-446b-99da-32d5298b5fa0", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "ed10983b-8700-415e-933e-226ce3f397a6", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "8205ccd0-1266-4060-b5df-3a6eb229d91e", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + } + ] + }, + { + "id": "79713daf-89ca-4ed4-ad97-a88b13ee9a18", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "consent.screen.text": "${phoneScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "b5f4f5ed-1008-42ba-8b3b-7d8851a2a680", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + }, + { + "id": "08a246f1-2b4c-4def-af5c-aefc31b4820d", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean", + "userinfo.token.claim": "true" + } + } + ] + }, + { + "id": "c3a6224b-49aa-4a25-953d-7e326d66893d", + "name": "basic", + "description": "OpenID Connect scope for add all basic claims to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "2d4f3f17-1ab7-429e-88e1-cdf08d3533c6", + "name": "auth_time", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "AUTH_TIME", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "auth_time", + "jsonType.label": "long" + } + }, + { + "id": "3e7da934-3de3-4bd1-a565-8ac62419c138", + "name": "sub", + "protocol": "openid-connect", + "protocolMapper": "oidc-sub-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "0c72b80b-28d5-48d8-b593-c99030aab58d", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "consent.screen.text": "${rolesScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "bc7f015e-329f-4e99-be6b-72382f4310c7", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "215f645f-ad0b-4523-9ece-f09f69ead5c4", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + }, + { + "id": "4a10b958-d34d-413a-b349-1415d02cdcde", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "roles", + "jsonType.label": "String", + "userinfo.token.claim": "true", + "multivalued": "true" + } + } + ] + }, + { + "id": "7438d93e-b07a-4913-9419-3273be364c4b", + "name": "groups", + "description": "OpenID Connect scope for add user groups to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "gui.order": "", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "5349faf2-64a6-481f-b207-39ffef2cd597", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-group-membership-mapper", + "consentRequired": false, + "config": { + "full.path": "false", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "lightweight.claim": "false", + "access.token.claim": "true", + "claim.name": "groups" + } + } + ] + }, + { + "id": "5ce87358-3bca-4874-a6f0-6dccae6209a8", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "consent.screen.text": "", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "bbd23c51-918d-4ea6-9ac0-db68b512fb0a", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": {} + } + ] + }, + { + "id": "86883395-e439-4cab-9d8d-31d71389969c", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "b849b14b-7c9c-4b7b-9329-c56debefb47c", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ] + }, + { + "id": "bdb3e320-76c8-4ad7-9d0f-a08efc060101", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "1d08316c-493b-42ab-afa3-66f621860661", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "userinfo.token.claim": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + }, + { + "id": "52061d2d-7a41-4f1d-ba1b-3c4a53e739e4", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String", + "userinfo.token.claim": "true" + } + } + ] + } + ], + "defaultDefaultClientScopes": [ + "role_list", + "profile", + "email", + "roles", + "web-origins", + "acr", + "basic", + "groups" + ], + "defaultOptionalClientScopes": [ + "offline_access", + "address", + "phone", + "microprofile-jwt" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "eventsEnabled": false, + "eventsListeners": [ + "jboss-logging" + ], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "identityProviders": [], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "4682fe74-f3a9-445a-a7ab-557fb532fe6b", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "c46009e5-c8b5-4051-bf7f-7b1481a9aa86", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "43edf979-28d2-46c8-9f93-48b3de185570", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-property-mapper", + "saml-role-list-mapper", + "oidc-address-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-property-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-full-name-mapper", + "saml-user-attribute-mapper" + ] + } + }, + { + "id": "6fc7d765-7da8-4985-ba0b-e83827b04bd3", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "5a9aef85-98a6-4e90-b30f-8aa715e1f5e6", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-attribute-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-address-mapper", + "saml-role-list-mapper", + "oidc-full-name-mapper", + "saml-user-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-property-mapper" + ] + } + }, + { + "id": "e3eadb04-8862-4567-869c-a76485268159", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "c788e6bf-2f57-4a82-b32e-ac8d48a4f676", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + } + ], + "org.keycloak.userprofile.UserProfileProvider": [ + { + "id": "28d6b4ce-33d4-40c0-adef-b27e35b7e122", + "providerId": "declarative-user-profile", + "subComponents": {}, + "config": { + "kc.user.profile.config": [ + "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}" + ] + } + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "0e3d0048-cb16-49c3-8a9a-05d83f0daeca", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "privateKey": [ + "MIIEowIBAAKCAQEAtddPjTKbLAv02Zh3CTCfZHbgCi4M0dFOU1OJ8tHvxt7nuDz7DTA//V0T4WSgdMOLDNVs6J5KNO7ddF6aB1laCWwfGG/ZAxHyrIzTI+iFK5qG19jnvPGBzPbdffxKyC6TcUwTz6z01pbovLftwXyNtAqxwgJvfjdg4j7PYvabk97ketRWw1uH+Jlqa/TOFlbQuweea2w9CJJmofJ/lzgHk5JAyYm/oT0gVB/ukCSgh+So+AtZ8fzwawdS9uQZhvu3sU//M9j+liT+mv5Dq+uB+NIx24xWPW/hWgPlqBBZ0o1ZEbK4jtyxjDOTAs6w6/IT+OO8a9z0BsMC7nl1EzA1LQIDAQABAoIBABl/HknmMci8HRxSMEVLGoZRKWUerjB7QG1sQLhEhHImOL0QsS4uY5fdxaxXBNfqanmlsUwalGgV+ATZljpNO9PSDmLJnVbnXNdMivcKzXq0LjpfUPr2rU8KbDsT4CkaaBUSPZLjJZSzJeCpiijqPco5V6b5hXLf8Uc31wdWxwYKv4XYBOgXZGkHk27f6CdqjCzNYWhJYIHeBqISUMDEQoZx9YxemudbdNF8Vo/Keyj/vqYXdLwyyJf9A7DY/A6mZWp3XMQtlL0CykVjnbgm/EzYaXuwZSCY1sYHl7AhOu83AjPR7aYpkY662l1VuwaGliKk2+iIrIhYWDAOaluSBvcCgYEA/2vPm67piTw3umNca1EZqYC/Sta2d4yKthYh+gXzbWDDeVI63Kn1d2cWau0qV9SLwpY+UcTVReiqf5EHxOdhUzm7H7kcAUPydIOFX78BJ7sYa8TW/iZ+pvrAx/43EqCsdNMHcNVsqKMmJhpAozCMyG0BxFTsesuG4o3fCEBjoFcCgYEAtkDPeLZWw1ClocHcgTFSNRZF+wIYPpItS2NG0fRJk4jTv10nVoHRGflqhH3052iZkMpHMrB8YtbcOWET9nh3oJq3wB5VpQigPWjkmo00hNLQ36MbTbBuinmIPdy2SknoiojfSfgYcxmi3f8RHqPOLLkyAZjclJj6lAbq/aJklBsCgYBdV3rhPASgYF9FQDZwCY1FQoWlxd2cxsGSVXhJNI+HM0t8NK7KIVpRLl0k6lMFEemZTOqtWy9Ngv976vZZ4OzSS1C1ASLY24npRn8hRF4ZtOfxyld/PXYfc5er/p0Fs64Sa2RWucghwK2aUxG4EXABdsSkiRx6q5I5jPsqus0ttQKBgQCwvcs1cgZT5OqrIng3ZWAmkVIOKKrgSxvXxw/P3cpYY9GM+8aBUuU3/jN5BzkwDLUXv8Ip+xK1O05X6rfURmEkg8X8bq55nBLhWs6Ovq8Wu+bJacC5p4abjV49N8Qj6Oa1KiT387uqK0tRY+DzSMFRh8th1x7akDw4vzi1/PzyzwKBgG2C0QFuJqoVQlRnAB8Jid7ChliuPP+1KhZMd4mJ7yOaU1r+TKWPPIk5iNd3zkjc0UZGg/6h1WvZQazHAxn1/BMHR7ZY3zmBsCQ1TiRRfyr18v9rBRUS3GwmXgToJwl65aNO6cGAIvS/7TH2Zfmdjc5rkjWCv4U32+tpCGNtoaPC" + ], + "certificate": [ + "MIIClzCCAX8CBgGQLyjUfjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARvQ0lTMB4XDTI0MDYxOTA2MjAyM1oXDTM0MDYxOTA2MjIwM1owDzENMAsGA1UEAwwEb0NJUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALXXT40ymywL9NmYdwkwn2R24AouDNHRTlNTifLR78be57g8+w0wP/1dE+FkoHTDiwzVbOieSjTu3XRemgdZWglsHxhv2QMR8qyM0yPohSuahtfY57zxgcz23X38Ssguk3FME8+s9NaW6Ly37cF8jbQKscICb343YOI+z2L2m5Pe5HrUVsNbh/iZamv0zhZW0LsHnmtsPQiSZqHyf5c4B5OSQMmJv6E9IFQf7pAkoIfkqPgLWfH88GsHUvbkGYb7t7FP/zPY/pYk/pr+Q6vrgfjSMduMVj1v4VoD5agQWdKNWRGyuI7csYwzkwLOsOvyE/jjvGvc9AbDAu55dRMwNS0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEApg4N+/dI+UimwbpW7nsJWFu/FA8GgbEEBqbbjatgqeUJNuvi0jFueiYFnO/Pppp++PQDvKKwE7XfnEuippNNKWFQnwJQf9ZRnysNlYMq+vBT37+QIps2z772pq7bway5t7YlwjBhILNGIA9mzbsFK2SnyY0V5y0qQgEaZePMP/2cq5Ur9tKMUIIsTfBgkk3YLpxgq/rwTOtxfo6me5WpD5dXT57NXV9wmtxStE9z6INvMjp7FPZO8mai97X/SfgNhuGkN+EclvYEM/5/xfNR4rhPSnlsHwX2jjVuVuJZQKKY7DlVDohKMJzLf1Ocfe44mSRkQWCeGnJpg8NrtaxYTg==" + ], + "priority": [ + "100" + ] + } + }, + { + "id": "f92ecf31-c3c7-4c3b-af20-839fc05bcf99", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "kid": [ + "a25fabf6-4224-4e0e-876b-cbfcb0a79628" + ], + "secret": [ + "4TbJ63S8xc-vEmTtAtd0YQbO9sCqeUs9B0SpOiokavNFWwRq5hrxcyXsG1GKpCAcEheGKnjNgkNAOR3jvnKDVnq-jJd9II2G6-A6G-XH7HMG7REWi2OVDf7a5eGmdFeRNdI5kQhGceS-H03hF3Q9uI4tv1mlgoeBpVxfWrS5_dQ" + ], + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } + }, + { + "id": "a137a686-5876-4faf-8d1e-e3a59f55095e", + "name": "hmac-generated-hs512", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "kid": [ + "f00e19d2-5070-4730-a68a-2a14912ef7a8" + ], + "secret": [ + "nXZiaEzaQQUrFkmkq7vRPbZ54_m-u5zo5o9j-5WxtbdwCaHGNN3hGHOjq_4z4zfB4ooRVcUtzQL_48kOoRYmvJy7_w-rfIIooxN5yGU4sVJRj3wV3cVwxPqNAVLj_pAxJnTLXGC-cckpFkWw9XfIPLG-D3Nkv05WEgVSnIuNXOo" + ], + "priority": [ + "100" + ], + "algorithm": [ + "HS512" + ] + } + }, + { + "id": "992dcc80-dc41-4b00-bab8-6ec1c839f3a4", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "kid": [ + "aec7cbf7-7e70-4acd-b1b6-adc7a0d58e2f" + ], + "secret": [ + "-WfcWG4blS3bT0nsLsj-Rw" + ], + "priority": [ + "100" + ] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "5392b282-096e-4994-a3ad-780eb4023d27", + "alias": "step up flow", + "description": "browser login flow with step-up mechanism", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": false, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 31, + "autheticatorFlow": true, + "flowAlias": "base step up", + "userSetupAllowed": false + } + ] + }, + { + "id": "00e79c8a-93b3-4c0d-857f-7bf5be19d0cb", + "alias": "base step up", + "description": "base step up flow", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": false, + "authenticationExecutions": [ + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 2, + "autheticatorFlow": true, + "flowAlias": "step up level 1", + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 3, + "autheticatorFlow": true, + "flowAlias": "step up level 2", + "userSetupAllowed": false + } + ] + }, + { + "id": "32ec29d9-dd12-45ce-bdbc-3e597aca4b51", + "alias": "step up level 1", + "description": "loa 1 with username and password", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": false, + "authenticationExecutions": [ + { + "authenticatorConfig": "loa level 1", + "authenticator": "conditional-level-of-authentication", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 0, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 1, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "b8c46bfb-cf9e-414a-a773-b17e0fdaa475", + "alias": "step up level 2", + "description": "loa 2 with totp", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": false, + "authenticationExecutions": [ + { + "authenticatorConfig": "loa level 2", + "authenticator": "conditional-level-of-authentication", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 0, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 1, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "8964f931-b866-4a05-ab1c-89331a566887", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false + } + ] + }, + { + "id": "123e5711-1ee5-4f7e-ac9c-64c644daaea9", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "be73b7f5-9a66-487c-b7dd-80e0f7ac0c7c", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "597ca917-91fc-4898-a279-cd592af286e3", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "3daadb6b-4d63-4be1-a89e-ec8e41e72afa", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Account verification options", + "userSetupAllowed": false + } + ] + }, + { + "id": "5942598c-d7e9-4941-b13e-4a8a75e2c2a3", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "6e4b336e-eb5f-423c-8d32-4ab94d1122e6", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false + } + ] + }, + { + "id": "35ac1997-b6af-44ff-ab27-c34f9be32e56", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "a3473070-fe69-4de1-a0b2-dd54b8a769d5", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "forms", + "userSetupAllowed": false + } + ] + }, + { + "id": "cc714857-b114-4df6-9030-b464bbb3964d", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "0ebe891c-1a72-4842-bf29-a9abe9c2a4d2", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "d97d5579-b3d4-49c4-a60e-0e1e6b1c9d79", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "009f7c28-0f41-4237-9911-9091c3d751b7", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "User creation or linking", + "userSetupAllowed": false + } + ] + }, + { + "id": "f9911022-b3cf-4d96-9a96-51bc53c437eb", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "c53eb19d-49e9-4252-8a10-4d5c6a12e61b", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "registration form", + "userSetupAllowed": false + } + ] + }, + { + "id": "3b4f48d3-1706-4630-80e0-e0542780a1f7", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "5520aa89-cd76-438a-abae-7ccd3a2d7615", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "autheticatorFlow": true, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "cce548d6-9bef-4449-88ea-99b949488fe7", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "0848606c-7510-4b09-ba0e-4dc2ef3d63f8", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "91a8dee7-c679-4202-866e-234eb4164cfd", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + }, + { + "id": "5b7b9811-6a2d-47ba-8722-7a4a5cb67cc3", + "alias": "loa level 2", + "config": { + "loa-condition-level": "2", + "loa-max-age": "36000" + } + }, + { + "id": "fc6ac583-5601-4c97-a57b-3b044dc4007f", + "alias": "loa level 1", + "config": { + "loa-condition-level": "1", + "loa-max-age": "36000" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "TERMS_AND_CONDITIONS", + "name": "Terms and Conditions", + "providerId": "TERMS_AND_CONDITIONS", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "delete_credential", + "name": "Delete Credential", + "providerId": "delete_credential", + "enabled": true, + "defaultAction": false, + "priority": 100, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "step up flow", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "firstBrokerLoginFlow": "first broker login", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaAuthRequestedUserHint": "login_hint", + "clientOfflineSessionMaxLifespan": "0", + "oauth2DevicePollingInterval": "5", + "clientSessionIdleTimeout": "0", + "clientOfflineSessionIdleTimeout": "0", + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", + "organizationsEnabled": "false", + "acr.loa.map": "{\"regular\":\"1\",\"advanced\":\"2\"}" + }, + "keycloakVersion": "25.0.0", + "userManagedAccessAllowed": false, + "organizationsEnabled": false, + "clientProfiles": { + "profiles": [] + }, + "clientPolicies": { + "policies": [] + } +} \ No newline at end of file diff --git a/tests/e2e-playwright/helpers/setAccessAndRefreshToken.ts b/tests/e2e-playwright/helpers/setAccessAndRefreshToken.ts index effe52e9971..6b5b2d9950e 100644 --- a/tests/e2e-playwright/helpers/setAccessAndRefreshToken.ts +++ b/tests/e2e-playwright/helpers/setAccessAndRefreshToken.ts @@ -4,7 +4,13 @@ import { UsersEnvironment } from '../../e2e/support/environment' export async function setAccessAndRefreshToken(usersEnvironment: UsersEnvironment) { if (!config.basicAuth && !config.predefinedUsers) { - const user = usersEnvironment.getUser({ key: config.adminUsername }) - await api.token.setAccessAndRefreshToken(user) + let user = usersEnvironment.getUser({ key: config.adminUsername }) + if (config.keycloak) { + user = usersEnvironment.getUser({ key: config.keycloakAdminUser }) + await api.keycloak.setAccessTokenForKeycloakOcisUser(user) + await api.keycloak.setAccessTokenForKeycloakUser(user) + } else { + await api.token.setAccessAndRefreshToken(user) + } } } diff --git a/tests/e2e-playwright/specs/keycloak/mfa.spec.ts b/tests/e2e-playwright/specs/keycloak/mfa.spec.ts new file mode 100644 index 00000000000..ec20f0d370c --- /dev/null +++ b/tests/e2e-playwright/specs/keycloak/mfa.spec.ts @@ -0,0 +1,19 @@ +import { test } from '../../support/test' +import * as ui from '../../steps/ui/index' + +test.describe('general management', () => { + test('mfa', async ({ world }) => { + await ui.userLogsIn({ world, stepUser: 'Admin' }) + await ui.userOpensApplication({ world, stepUser: 'Admin', name: 'admin-settings' }) + await ui.userAuthenticatesWithOTP({ + world, + stepUser: 'Admin', + deviceName: 'test' + }) + await ui.userLogsOut({ world, stepUser: 'Admin' }) + await ui.userLogsIn({ world, stepUser: 'Admin' }) + await ui.userOpensApplication({ world, stepUser: 'Admin', name: 'admin-settings' }) + await ui.logInWithOTP({ world, stepUser: 'Admin' }) + await ui.userNavigatesToProjectSpaceManagementPage({ world, stepUser: 'Admin' }) + }) +}) diff --git a/tests/e2e-playwright/steps/ui/adminSettings.ts b/tests/e2e-playwright/steps/ui/adminSettings.ts index 6e347617fd6..68d76712e4e 100644 --- a/tests/e2e-playwright/steps/ui/adminSettings.ts +++ b/tests/e2e-playwright/steps/ui/adminSettings.ts @@ -202,3 +202,17 @@ export async function userChangesUserQuota({ const usersObject = new objects.applicationAdminSettings.Users({ page }) await usersObject.changeQuota({ key, value, action: 'context-menu' }) } + +export async function userAuthenticatesWithOTP({ + world, + stepUser, + deviceName +}: { + world: World + stepUser: string + deviceName: string +}): Promise { + const { page } = world.actorsEnvironment.getActor({ key: stepUser }) + const generalObject = new objects.applicationAdminSettings.General({ page }) + await generalObject.userAuthenticatesWithOTP({ deviceName }) +} diff --git a/tests/e2e-playwright/steps/ui/session.ts b/tests/e2e-playwright/steps/ui/session.ts index 26446b0336e..548d877b16a 100644 --- a/tests/e2e-playwright/steps/ui/session.ts +++ b/tests/e2e-playwright/steps/ui/session.ts @@ -5,6 +5,8 @@ import { listenSSE } from '../../../e2e/support/environment/sse.js' import { test } from '@playwright/test' import { waitForSSEEvent } from '../../../e2e/support/utils/locator.js' import { World } from '../../support/world' +import { Jimp } from 'jimp' +import { getOtpFromImage } from '../../../e2e/support/utils/mfa.js' async function createNewSession(world: World, stepUser: string) { const { page } = await world.actorsEnvironment.createActor({ @@ -65,6 +67,37 @@ export async function userLogsIn({ } } +export async function logInWithOTP({ + world, + stepUser +}: { + world: World + stepUser: string +}): Promise { + const sessionObject = await createNewSession(world, stepUser) + const { page } = world.actorsEnvironment.getActor({ key: stepUser }) + + let user = null + if (stepUser === 'Admin' || config.predefinedUsers) { + user = world.usersEnvironment.getUser({ key: stepUser }) + } else { + user = world.usersEnvironment.getCreatedUser({ key: stepUser }) + } + const image = await Jimp.read('./qr.png') + const { data, width, height } = image.bitmap + const errorLocator = page.locator('#input-error-otp') + for (let attempt = 0; attempt < 2; attempt++) { + const otp = await getOtpFromImage(data, width, height) + console.log(otp) + await sessionObject.keycloakOTPSignIn(user, String(otp)) + if (!(await errorLocator.isVisible())) { + break + } else { + await page.waitForTimeout(25000) + } + } +} + export async function userLogsOut({ world, stepUser diff --git a/tests/e2e-playwright/support/test.ts b/tests/e2e-playwright/support/test.ts index 2e8ee633601..5259995de28 100644 --- a/tests/e2e-playwright/support/test.ts +++ b/tests/e2e-playwright/support/test.ts @@ -23,34 +23,25 @@ export const test = base.extend<{ config.federatedServer = false await world.actorsEnvironment.close() - const adminUser = world.usersEnvironment.getUser({ key: config.adminUsername }) - - if (!config.predefinedUsers && adminUser) { + if (!config.predefinedUsers) { + let adminUser = world.usersEnvironment.getUser({ key: config.adminUsername }) if (config.keycloak) { - const keycloakAdminUser = world.usersEnvironment.getUser({ + adminUser = world.usersEnvironment.getUser({ key: config.keycloakAdminUser }) - await api.keycloak.refreshAccessTokenForKeycloakUser(keycloakAdminUser) - await api.keycloak.refreshAccessTokenForKeycloakOcisUser(keycloakAdminUser) + await api.keycloak.refreshAccessTokenForKeycloakUser(adminUser) + await api.keycloak.refreshAccessTokenForKeycloakOcisUser(adminUser) } else { await api.token.refreshAccessToken(adminUser) } - - if (isOcm(testInfo)) { - // need to set federatedServer config to true to delete federated oCIS users - config.federatedServer = true - await api.token.refreshAccessToken(adminUser) - await cleanUpUser( - store.federatedUserStore, - world.usersEnvironment.getUser({ key: config.adminUsername }) - ) - config.federatedServer = false - } } - await cleanUpUser(store.createdUserStore, adminUser) - await cleanUpGroup(adminUser) - await cleanUpSpaces(adminUser) + await cleanUpUser( + store.createdUserStore, + world.usersEnvironment.getUser({ key: config.adminUsername }) + ) + await cleanUpGroup(world.usersEnvironment.getUser({ key: config.adminUsername })) + await cleanUpSpaces(world.usersEnvironment.getUser({ key: config.adminUsername })) store.createdLinkStore.clear() store.createdTokenStore.clear() diff --git a/tests/e2e/support/api/keycloak/ocisUserToken.ts b/tests/e2e/support/api/keycloak/ocisUserToken.ts index f97544a0bec..f5b324b2e13 100644 --- a/tests/e2e/support/api/keycloak/ocisUserToken.ts +++ b/tests/e2e/support/api/keycloak/ocisUserToken.ts @@ -18,7 +18,8 @@ async function getAuthorizationEndPoint() { redirect_uri: redirectUrl, response_mode: 'query', response_type: 'code', - scope: 'openid profile email' + scope: 'openid profile email', + grant_type: 'authorization_code' } const queryString = new URLSearchParams(loginParams).toString() const authorizationUrl = `${authorizationEndpoint}?${queryString}` diff --git a/tests/e2e/support/objects/app-admin-settings/general/actions.ts b/tests/e2e/support/objects/app-admin-settings/general/actions.ts index 7f9c93a6885..9773456858b 100644 --- a/tests/e2e/support/objects/app-admin-settings/general/actions.ts +++ b/tests/e2e/support/objects/app-admin-settings/general/actions.ts @@ -1,6 +1,8 @@ import { basename } from 'path' import { Page, expect } from '@playwright/test' import { objects } from '../../..' +import { getOtpFromImage } from '../../../utils/mfa' +import { Jimp } from 'jimp' export const uploadLogo = async (path: string, page: Page): Promise => { await page.click('#logo-context-btn') @@ -61,3 +63,15 @@ export const resetLogo = async (page: Page): Promise => { const srcAfter = await imgAfter.getAttribute('src') expect(srcAfter).not.toEqual(srcBefore) } + +export const userAuthenticatesWithOTP = async (page: Page, deviceName: string): Promise => { + // await new Promise((resolve) => setTimeout(resolve, 5000)) + const element = page.locator('#kc-totp-secret-qr-code') + await element.screenshot({ path: 'qr.png' }) + const image = await Jimp.read('./qr.png') + const { data, width, height } = image.bitmap + const otp = await getOtpFromImage(data, width, height) + await page.locator('#totp').fill(String(otp)) + await page.locator('#userLabel').fill(deviceName) + await page.locator('#saveTOTPBtn').click() +} diff --git a/tests/e2e/support/objects/app-admin-settings/general/index.ts b/tests/e2e/support/objects/app-admin-settings/general/index.ts index 8a69af9446e..007786b66f7 100644 --- a/tests/e2e/support/objects/app-admin-settings/general/index.ts +++ b/tests/e2e/support/objects/app-admin-settings/general/index.ts @@ -12,4 +12,7 @@ export class General { async resetLogo(): Promise { await po.resetLogo(this.#page) } + async userAuthenticatesWithOTP({ deviceName }: { deviceName: string }): Promise { + await po.userAuthenticatesWithOTP(this.#page, deviceName) + } } diff --git a/tests/e2e/support/objects/runtime/session.ts b/tests/e2e/support/objects/runtime/session.ts index 7b61d7d3050..cabc10a03cc 100644 --- a/tests/e2e/support/objects/runtime/session.ts +++ b/tests/e2e/support/objects/runtime/session.ts @@ -42,6 +42,12 @@ export class Session { await this.#page.locator('#kc-login').click() } + async keycloakOTPSignIn(username: string, otp: string): Promise { + await this.#page.locator('#kc-attempted-username').waitFor() + await this.#page.locator('#otp').fill(otp) + await this.#page.locator('#kc-login').click() + } + async login(user: User): Promise { const { id, password } = user diff --git a/tests/e2e/support/utils/mfa.ts b/tests/e2e/support/utils/mfa.ts new file mode 100644 index 00000000000..4f3a84e2940 --- /dev/null +++ b/tests/e2e/support/utils/mfa.ts @@ -0,0 +1,17 @@ +import jsQR from 'jsqr' +import speakeasy from 'speakeasy' + +export const getOtpFromImage = async ( + data: Buffer, + width: number, + height: number +): Promise => { + const code = jsQR(new Uint8ClampedArray(data), width, height) + const url = new URL(code.data) + const secret = url.searchParams.get('secret') + const token = speakeasy.totp({ + secret: secret, + encoding: 'base32' + }) + return token +}