new file: scripts/setup/keycloak/test_realm.js

scripts/setup/keycloak/test_realm.js

@@ -0,0 +1,105 @@
+import axios from 'axios';
+import dotenv from 'dotenv';
+
+dotenv.config();
+
+const KEYCLOAK_URL = process.env.KEYCLOAK_URL || 'https://auth.mrx8086.com';
+const NEXTCLOUD_CLIENT_ID = process.env.NEXTCLOUD_CLIENT_ID || 'nextcloud';
+const CLIENT_SECRET = process.env.KEYCLOAK_NEXTCLOUD_CLIENT_SECRET;
+const TESTADMIN_USERNAME = "testadmin@mrx8086.com";
+const TESTADMIN_PASSWORD = process.env.TESTADMIN_PASSWORD || "initial123!";
+const REALM_NAME = 'office-automation';
+
+
+
+
+// Hilfsfunktion für API-Fehlerbehandlung
+const handleAxiosError = (error, operation, config, response) => {
+     console.error(`Error during ${operation}:`);
+    if (config) {
+      console.error('Request:', {
+          method: config.method,
+          url: config.url,
+          headers: config.headers,
+          data: config.data,
+      });
+    }
+    if (error.response) {
+        console.error('Response:', {
+            status: error.response.status,
+            data: error.response.data
+        });
+    } else {
+        console.error('Error Message:', error.message);
+    }
+    throw error;
+};
+
+// Funktion um den Access Token abzufragen
+async function getAccessToken(username, password) {
+    try {
+      const response = await axios.post(
+        `${KEYCLOAK_URL}/realms/${REALM_NAME}/protocol/openid-connect/token`,
+        new URLSearchParams({
+          client_id: NEXTCLOUD_CLIENT_ID,
+          client_secret: CLIENT_SECRET,
+          grant_type: 'password',
+          username: username,
+          password: password,
+          scope: "openid profile email groups",
+        }),
+        {
+          headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+          },
+        }
+      );
+      return response.data.access_token;
+    } catch (error) {
+        handleAxiosError(error, 'getting access token', error.config, error.response);
+        return null;
+    }
+  }
+
+
+// Funktion zum Decodieren eines JWT-Tokens
+function decodeToken(token) {
+    try {
+        const base64Url = token.split('.')[1];
+        const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
+        const jsonPayload = decodeURIComponent(atob(base64).split('').map(function (c) {
+            return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
+        }).join(''));
+
+        return JSON.parse(jsonPayload);
+    } catch (error) {
+        console.error("Error decoding token:", error.message);
+        return null;
+    }
+}
+
+async function testKeycloakLogin() {
+  try {
+    const accessToken = await getAccessToken(TESTADMIN_USERNAME, TESTADMIN_PASSWORD);
+
+    if (!accessToken) {
+      console.error('Failed to get access token.');
+      return;
+    }
+    console.log('Access Token:', accessToken);
+    const decodedToken = decodeToken(accessToken);
+    if (decodedToken) {
+      console.log('Decoded Access Token:', decodedToken);
+      if (decodedToken.groups.includes('/Administrators')){
+        console.log("Admin Group is set correctly!")
+      } else {
+          console.error("Admin Group is not set correctly!")
+      }
+    }
+
+  } catch (error) {
+    console.error('An error occurred:', error);
+  }
+}
+
+testKeycloakLogin();