org.keycloak.storage.user.UserQueryMethodsProvider Maven / Gradle / Ivy
/*
* Copyright 2023 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.storage.user;
import org.keycloak.models.GroupModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.utils.StringUtil;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Stream;
/**
* This is an optional capability interface that is intended to be implemented by any
* UserStorageProvider
that supports complex user querying. You must
* implement this interface if you want to view and manage users from the administration console.
*
* Note that all methods in this interface should limit search only to data available within the storage that is
* represented by this provider. They should not lookup other storage providers for additional information.
*
* @author Bill Burke
* @version $Revision: 1 $
*/
public interface UserQueryMethodsProvider {
/**
* Searches for users whose username, email, first name or last name contain any of the strings in {@code search} separated by whitespace.
*
* If possible, implementations should treat the parameter values as partial match patterns (i.e. in RDMBS terms use LIKE).
*
* This method is used by the admin console search box
*
* @param realm a reference to the realm.
* @param search case insensitive list of string separated by whitespaces.
* @return a non-null {@link Stream} of users that match the search string.
* @deprecated Use {@link #searchForUserStream(RealmModel, Map)} with an {@code params} map containing {@link UserModel#SEARCH} instead.
*/
@Deprecated
default Stream searchForUserStream(RealmModel realm, String search) {
return searchForUserStream(realm, Map.of(UserModel.SEARCH, search), null, null);
}
/**
* Searches for users whose username, email, first name or last name contain any of the strings in {@code search} separated by whitespace.
*
* If possible, implementations should treat the parameter values as partial match patterns (i.e. in RDMBS terms use LIKE).
*
* This method is used by the admin console search box
*
* @param realm a reference to the realm.
* @param search case insensitive list of string separated by whitespaces.
* @param firstResult first result to return. Ignored if negative, zero, or {@code null}.
* @param maxResults maximum number of results to return. Ignored if negative or {@code null}.
* @return a non-null {@link Stream} of users that match the search criteria.
* @deprecated Use {@link #searchForUserStream(RealmModel, Map, Integer, Integer)} with an {@code params} map containing {@link UserModel#SEARCH} instead.
*/
@Deprecated
default Stream searchForUserStream(RealmModel realm, String search, Integer firstResult, Integer maxResults) {
return searchForUserStream(realm, Map.of(UserModel.SEARCH, search), firstResult, maxResults);
}
/**
* Searches for user by parameter.
* If possible, implementations should treat the parameter values as partial match patterns (i.e. in RDMBS terms use LIKE).
*
* Valid parameters are:
*
* - {@link UserModel#SEARCH} - search for users whose username, email, first name or last name contain any of the strings in {@code search} separated by whitespace, when {@code SEARCH} is set all other params are ignored
* - {@link UserModel#FIRST_NAME} - first name (case insensitive string)
* - {@link UserModel#LAST_NAME} - last name (case insensitive string)
* - {@link UserModel#EMAIL} - email (case insensitive string)
* - {@link UserModel#USERNAME} - username (case insensitive string)
* - {@link UserModel#EXACT} - whether search with FIRST_NAME, LAST_NAME, USERNAME or EMAIL should be exact match
* - {@link UserModel#EMAIL_VERIFIED} - search only for users with verified/non-verified email (true/false)
* - {@link UserModel#ENABLED} - search only for enabled/disabled users (true/false)
* - {@link UserModel#IDP_ALIAS} - search only for users that have a federated identity
* from idp with the given alias configured (case sensitive string)
* - {@link UserModel#IDP_USER_ID} - search for users with federated identity with
* the given userId (case sensitive string)
*
*
* Any other parameters will be treated as custom user attributes.
*
* This method is used by the REST API when querying users.
*
* @param realm a reference to the realm.
* @param params a map containing the search parameters.
* @return a non-null {@link Stream} of users that match the search parameters.
*/
default Stream searchForUserStream(RealmModel realm, Map params) {
return searchForUserStream(realm, params, null, null);
}
/**
* Searches for user by parameter. If possible, implementations should treat the parameter values as partial match patterns
* (i.e. in RDMBS terms use LIKE).
*
* Valid parameters are:
*
* - {@link UserModel#SEARCH} - search for users whose username, email, first name or last name contain any of the strings in {@code search} separated by whitespace, when {@code SEARCH} is set all other params are ignored
* - {@link UserModel#FIRST_NAME} - first name (case insensitive string)
* - {@link UserModel#LAST_NAME} - last name (case insensitive string)
* - {@link UserModel#EMAIL} - email (case insensitive string)
* - {@link UserModel#USERNAME} - username (case insensitive string)
* - {@link UserModel#EXACT} - whether search with FIRST_NAME, LAST_NAME, USERNAME or EMAIL should be exact match
* - {@link UserModel#EMAIL_VERIFIED} - search only for users with verified/non-verified email (true/false)
* - {@link UserModel#ENABLED} - search only for enabled/disabled users (true/false)
* - {@link UserModel#IDP_ALIAS} - search only for users that have a federated identity
* from idp with the given alias configured (case sensitive string)
* - {@link UserModel#IDP_USER_ID} - search for users with federated identity with
* the given userId (case sensitive string)
*
*
* Any other parameters will be treated as custom user attributes.
*
* This method is used by the REST API when querying users.
*
* @param realm a reference to the realm.
* @param params a map containing the search parameters.
* @param firstResult first result to return. Ignored if negative, zero, or {@code null}.
* @param maxResults maximum number of results to return. Ignored if negative or {@code null}.
* @return a non-null {@link Stream} of users that match the search criteria.
*/
Stream searchForUserStream(RealmModel realm, Map params, Integer firstResult, Integer maxResults);
/**
* Obtains users that belong to a specific group.
*
* @param realm a reference to the realm.
* @param group a reference to the group.
* @return a non-null {@link Stream} of users that belong to the group.
*/
default Stream getGroupMembersStream(RealmModel realm, GroupModel group) {
return getGroupMembersStream(realm, group, null, null);
}
/**
* Obtains users that belong to a specific group.
*
* @param realm a reference to the realm.
* @param group a reference to the group.
* @param firstResult first result to return. Ignored if negative, zero, or {@code null}.
* @param maxResults maximum number of results to return. Ignored if negative or {@code null}.
* @return a non-null {@link Stream} of users that belong to the group.
*/
Stream getGroupMembersStream(RealmModel realm, GroupModel group, Integer firstResult, Integer maxResults);
/**
* Obtains users that belong to a specific group, filtered according to the search parameters.
*
* @param realm a reference to the realm.
* @param group a reference to the group.
* @param search the search string. It can represent either the user's username, e-mail, first name, or last name.
* @param exact a boolean indicating if the search should be exact or not. If {@code true}, it selects only users
* whose main attributes (username, e-mail, first name, or last name) exactly match the search string.
* If {@code false}, it selects the users whose main attributes partially match the search string.
* @param first the position of the first result to be processed (pagination offset). Ignored if negative or {@code null}.
* @param max the maximum number of results to be returned. Ignored if negative or {@code null}.
* @return a non-null {@link Stream} of filtered users that belong to the group.
*/
default Stream getGroupMembersStream(RealmModel realm, GroupModel group, String search, Boolean exact,
Integer first, Integer max) {
Stream groupMembers = getGroupMembersStream(realm, group).filter(user -> {
if (StringUtil.isBlank(search)) return true;
if (Boolean.TRUE.equals(exact)) {
return search.equals(user.getUsername()) || search.equals(user.getEmail())
|| search.equals(user.getFirstName()) || search.equals(user.getLastName());
} else {
return Optional.ofNullable(user.getUsername()).orElse("").toLowerCase().contains(search.toLowerCase()) ||
Optional.ofNullable(user.getEmail()).orElse("").toLowerCase().contains(search.toLowerCase()) ||
Optional.ofNullable(user.getFirstName()).orElse("").toLowerCase().contains(search.toLowerCase()) ||
Optional.ofNullable(user.getLastName()).orElse("").toLowerCase().contains(search.toLowerCase());
}
});
// Copied over from StreamsUtil from server-spi-private which is not available here
if (first != null && first > 0) {
groupMembers = groupMembers.skip(first);
}
if (max != null && max >= 0) {
groupMembers = groupMembers.limit(max);
}
return groupMembers;
}
/**
* Obtains users that have the specified role.
*
* @param realm a reference to the realm.
* @param role a reference to the role.
* @return a non-null {@link Stream} of users that have the specified role.
*/
default Stream getRoleMembersStream(RealmModel realm, RoleModel role) {
return getRoleMembersStream(realm, role, null, null);
}
/**
* Searches for users that have the specified role.
*
* @param realm a reference to the realm.
* @param role a reference to the role.
* @param firstResult first result to return. Ignored if negative or {@code null}.
* @param maxResults maximum number of results to return. Ignored if negative or {@code null}.
* @return a non-null {@link Stream} of users that have the specified role.
*/
default Stream getRoleMembersStream(RealmModel realm, RoleModel role, Integer firstResult, Integer maxResults) {
return Stream.empty();
}
/**
* Searches for users that have a specific attribute with a specific value.
*
* @param realm a reference to the realm.
* @param attrName the attribute name.
* @param attrValue the attribute value.
* @return a non-null {@link Stream} of users that match the search criteria.
*/
Stream searchForUserByUserAttributeStream(RealmModel realm, String attrName, String attrValue);
}