keycloak-scim/js/apps/admin-ui/cypress/e2e/client_authorization_test.spec.ts

287 lines
8.8 KiB
TypeScript
Raw Normal View History

import { v4 as uuid } from "uuid";
import { keycloakBefore } from "../support/util/keycloak_hooks";
import adminClient from "../support/util/AdminClient";
import LoginPage from "../support/pages/LoginPage";
import ListingPage from "../support/pages/admin-ui/ListingPage";
import Masthead from "../support/pages/admin-ui/Masthead";
import SidebarPage from "../support/pages/admin-ui/SidebarPage";
import AuthorizationTab from "../support/pages/admin-ui/manage/clients/client_details/tabs/AuthorizationTab";
import ModalUtils from "../support/util/ModalUtils";
import ClientDetailsPage from "../support/pages/admin-ui/manage/clients/client_details/ClientDetailsPage";
import PoliciesTab from "../support/pages/admin-ui/manage/clients/client_details/tabs/authorization_subtabs/PoliciesTab";
import PermissionsTab from "../support/pages/admin-ui/manage/clients/client_details/tabs/authorization_subtabs/PermissionsTab";
import CreateResourcePage from "../support/pages/admin-ui/manage/clients/client_details/CreateResourcePage";
2022-04-08 08:56:20 +00:00
describe("Client authentication subtab", () => {
const loginPage = new LoginPage();
const listingPage = new ListingPage();
const masthead = new Masthead();
const sidebarPage = new SidebarPage();
const authenticationTab = new AuthorizationTab();
2022-04-19 12:25:57 +00:00
const clientDetailsPage = new ClientDetailsPage();
const policiesSubTab = new PoliciesTab();
const permissionsSubTab = new PermissionsTab();
const clientId = "client-authentication-" + uuid();
2023-02-10 10:10:35 +00:00
before(() =>
adminClient.createClient({
protocol: "openid-connect",
clientId,
publicClient: false,
authorizationServicesEnabled: true,
serviceAccountsEnabled: true,
standardFlowEnabled: true,
}),
2023-02-10 10:10:35 +00:00
);
after(() => {
adminClient.deleteClient(clientId);
});
beforeEach(() => {
loginPage.logIn();
2023-02-10 10:10:35 +00:00
keycloakBefore();
sidebarPage.goToClients();
listingPage.searchItem(clientId).goToItemDetails(clientId);
2022-04-19 12:25:57 +00:00
clientDetailsPage.goToAuthorizationTab();
});
it("Should update the resource server settings", () => {
2022-04-19 12:25:57 +00:00
policiesSubTab.setPolicy("DISABLED").formUtils().save();
2022-03-15 09:45:02 +00:00
masthead.checkNotificationMessage("Resource successfully updated", true);
});
it("Should create a resource", () => {
2022-04-19 12:25:57 +00:00
const resourcesSubtab = authenticationTab.goToResourcesSubTab();
listingPage.assertDefaultResource();
resourcesSubtab
.createResource()
.fillResourceForm({
name: "Resource",
displayName: "The display name",
type: "type",
uris: ["one", "two"],
})
2022-04-19 12:25:57 +00:00
.formUtils()
.save();
2022-03-15 09:45:02 +00:00
masthead.checkNotificationMessage("Resource created successfully", true);
2022-04-08 08:56:20 +00:00
sidebarPage.waitForPageLoad();
2022-04-19 12:25:57 +00:00
authenticationTab.formUtils().cancel();
});
it("Edit a resource", () => {
authenticationTab.goToResourcesSubTab();
listingPage.goToItemDetails("Resource");
new CreateResourcePage()
.fillResourceForm({
displayName: "updated",
})
.formUtils()
.save();
masthead.checkNotificationMessage("Resource successfully updated");
sidebarPage.waitForPageLoad();
authenticationTab.formUtils().cancel();
});
it("Should create a scope", () => {
authenticationTab
2022-04-19 12:25:57 +00:00
.goToScopesSubTab()
.createAuthorizationScope()
.fillScopeForm({
name: "The scope",
displayName: "Display something",
iconUri: "res://something",
})
2022-04-19 12:25:57 +00:00
.formUtils()
.save();
masthead.checkNotificationMessage(
2022-03-15 09:45:02 +00:00
"Authorization scope created successfully",
true,
);
2022-04-19 12:25:57 +00:00
authenticationTab.goToScopesSubTab();
listingPage.itemExist("The scope");
});
2022-03-15 09:45:02 +00:00
it("Should create a policy", () => {
2022-04-19 12:25:57 +00:00
authenticationTab.goToPoliciesSubTab();
cy.intercept(
"GET",
"/admin/realms/master/clients/*/authz/resource-server/policy/regex/*",
).as("get");
2022-04-19 12:25:57 +00:00
policiesSubTab
.createPolicy("regex")
.fillBasePolicyForm({
name: "Regex policy",
description: "Policy for regex",
targetClaim: "I don't know",
pattern: ".*?",
})
2022-04-19 12:25:57 +00:00
.formUtils()
.save();
cy.wait(["@get"]);
2022-03-15 09:45:02 +00:00
masthead.checkNotificationMessage("Successfully created the policy", true);
2022-04-19 12:25:57 +00:00
2022-04-08 08:56:20 +00:00
sidebarPage.waitForPageLoad();
2022-04-19 12:25:57 +00:00
authenticationTab.formUtils().cancel();
});
2022-03-15 09:45:02 +00:00
it("Should delete a policy", () => {
2022-04-19 12:25:57 +00:00
authenticationTab.goToPoliciesSubTab();
listingPage.deleteItem("Regex policy");
new ModalUtils().confirmModal();
2022-03-15 09:45:02 +00:00
masthead.checkNotificationMessage("The Policy successfully deleted", true);
});
2022-03-15 09:45:02 +00:00
it("Should create a client policy", () => {
2022-04-19 12:25:57 +00:00
authenticationTab.goToPoliciesSubTab();
cy.intercept(
"GET",
"/admin/realms/master/clients/*/authz/resource-server/policy/client/*",
).as("get");
2022-04-19 12:25:57 +00:00
policiesSubTab
.createPolicy("client")
.fillBasePolicyForm({
name: "Client policy",
description: "Extra client field",
})
.inputClient("master-realm")
2022-04-19 12:25:57 +00:00
.formUtils()
.save();
cy.wait(["@get"]);
2022-03-15 09:45:02 +00:00
masthead.checkNotificationMessage("Successfully created the policy", true);
2022-04-19 12:25:57 +00:00
2022-04-08 08:56:20 +00:00
sidebarPage.waitForPageLoad();
2022-04-19 12:25:57 +00:00
authenticationTab.formUtils().cancel();
});
it("Should create a permission", () => {
authenticationTab.goToPermissionsSubTab();
2022-04-19 12:25:57 +00:00
permissionsSubTab.createPermission("resource").fillPermissionForm({
name: "Permission name",
description: "Something describing this permission",
});
permissionsSubTab.selectResource("Default Resource").formUtils().save();
2022-03-15 09:45:02 +00:00
cy.intercept(
"/admin/realms/master/clients/*/authz/resource-server/resource?first=0&max=10&permission=false",
2022-03-15 09:45:02 +00:00
).as("load");
masthead.checkNotificationMessage(
"Successfully created the permission",
true,
2022-03-15 09:45:02 +00:00
);
2022-04-19 12:25:57 +00:00
authenticationTab.formUtils().cancel();
});
2022-04-08 08:56:20 +00:00
it.skip("Should copy auth details", () => {
2022-04-19 12:25:57 +00:00
const exportTab = authenticationTab.goToExportSubTab();
2022-04-08 08:56:20 +00:00
sidebarPage.waitForPageLoad();
2022-04-19 12:25:57 +00:00
exportTab.copy();
2022-03-15 09:45:02 +00:00
masthead.checkNotificationMessage("Authorization details copied.", true);
});
2022-03-15 09:45:02 +00:00
it("Should export auth details", () => {
2022-04-19 12:25:57 +00:00
const exportTab = authenticationTab.goToExportSubTab();
2022-04-08 08:56:20 +00:00
sidebarPage.waitForPageLoad();
2022-04-19 12:25:57 +00:00
exportTab.export();
masthead.checkNotificationMessage(
2022-03-15 09:45:02 +00:00
"Successfully exported authorization details.",
true,
);
});
describe("Client authorization tab access for view-realm-authorization", () => {
const clientId = "realm-view-authz-client-" + uuid();
beforeEach(async () => {
const [, testUser] = await Promise.all([
adminClient.createRealm("realm-view-authz"),
adminClient.createUser({
// Create user in master realm
username: "test-view-authz-user",
enabled: true,
credentials: [{ type: "password", value: "password" }],
}),
]);
await Promise.all([
adminClient.addClientRoleToUser(
testUser.id!,
"realm-view-authz-realm",
["view-realm", "view-users", "view-authorization", "view-clients"],
),
adminClient.createClient({
realm: "realm-view-authz",
clientId,
authorizationServicesEnabled: true,
serviceAccountsEnabled: true,
standardFlowEnabled: true,
}),
]);
});
after(() =>
Promise.all([
adminClient.deleteClient(clientId),
adminClient.deleteUser("test-view-authz-user"),
adminClient.deleteRealm("realm-view-authz"),
]),
);
it("Should view autorization tab", () => {
sidebarPage.waitForPageLoad();
masthead.signOut();
sidebarPage.waitForPageLoad();
loginPage.logIn("test-view-authz-user", "password");
keycloakBefore();
sidebarPage
.waitForPageLoad()
.goToRealm("realm-view-authz")
.waitForPageLoad()
.goToClients();
listingPage
.searchItem(clientId, true, "realm-view-authz")
.goToItemDetails(clientId);
clientDetailsPage.goToAuthorizationTab();
authenticationTab.goToResourcesSubTab();
sidebarPage.waitForPageLoad();
listingPage.goToItemDetails("Resource");
sidebarPage.waitForPageLoad();
cy.go("back");
authenticationTab.goToScopesSubTab();
sidebarPage.waitForPageLoad();
authenticationTab.goToPoliciesSubTab();
sidebarPage.waitForPageLoad();
authenticationTab.goToPermissionsSubTab();
sidebarPage.waitForPageLoad();
authenticationTab.goToEvaluateSubTab();
sidebarPage.waitForPageLoad();
});
});
describe("Accessibility tests for client authorization", () => {
beforeEach(() => {
loginPage.logIn();
keycloakBefore();
sidebarPage.goToClients();
listingPage.searchItem(clientId).goToItemDetails(clientId);
clientDetailsPage.goToAuthorizationTab();
cy.injectAxe();
});
it("Check a11y violations on load/ client authorization", () => {
cy.checkA11y();
});
});
});