keycloak-scim/js/libs/keycloak-admin-client/test/authenticationManagement.spec.ts

475 lines
16 KiB
TypeScript
Raw Normal View History

// tslint:disable:no-unused-expression
import { faker } from "@faker-js/faker";
import { fail } from "assert";
import * as chai from "chai";
import { KeycloakAdminClient } from "../src/client.js";
import { RequiredActionAlias } from "../src/defs/requiredActionProviderRepresentation.js";
import { credentials } from "./constants.js";
const expect = chai.expect;
describe("Authentication management", () => {
let kcAdminClient: KeycloakAdminClient;
let currentRealm: string;
let requiredActionProvider: Record<string, any>;
before(async () => {
kcAdminClient = new KeycloakAdminClient();
await kcAdminClient.auth(credentials);
const realmName = faker.internet.userName().toLowerCase();
await kcAdminClient.realms.create({
id: realmName,
realm: realmName,
enabled: true,
});
currentRealm = realmName;
kcAdminClient.setConfig({
realmName,
});
});
after(async () => {
// delete test realm
await kcAdminClient.realms.del({ realm: currentRealm });
const realm = await kcAdminClient.realms.findOne({
realm: currentRealm,
});
expect(realm).to.be.null;
});
/**
* Required Actions
*/
describe("Required Actions", () => {
it("should delete required action by alias", async () => {
await kcAdminClient.authenticationManagement.deleteRequiredAction({
alias: RequiredActionAlias.UPDATE_PROFILE,
});
});
it("should get unregistered required actions", async () => {
const unregisteredReqActions =
await kcAdminClient.authenticationManagement.getUnregisteredRequiredActions();
expect(unregisteredReqActions).to.be.an("array");
expect(unregisteredReqActions.length).to.be.least(1);
requiredActionProvider = unregisteredReqActions[0];
});
it("should register new required action", async () => {
const requiredAction =
await kcAdminClient.authenticationManagement.registerRequiredAction({
providerId: requiredActionProvider.providerId,
name: requiredActionProvider.name,
});
expect(requiredAction).to.be.empty;
});
it("should get required actions", async () => {
const requiredActions =
await kcAdminClient.authenticationManagement.getRequiredActions();
expect(requiredActions).to.be.an("array");
});
it("should get required action by alias", async () => {
const requiredAction =
await kcAdminClient.authenticationManagement.getRequiredActionForAlias({
alias: requiredActionProvider.providerId,
});
expect(requiredAction).to.be.ok;
});
it("should update required action by alias", async () => {
const requiredAction =
await kcAdminClient.authenticationManagement.getRequiredActionForAlias({
alias: requiredActionProvider.providerId,
});
const response =
await kcAdminClient.authenticationManagement.updateRequiredAction(
{ alias: requiredActionProvider.providerId },
{
...requiredAction,
enabled: true,
priority: 10,
},
);
expect(response).to.be.empty;
});
it("should lower required action priority", async () => {
const requiredAction =
await kcAdminClient.authenticationManagement.getRequiredActionForAlias({
alias: requiredActionProvider.providerId,
});
const response =
await kcAdminClient.authenticationManagement.lowerRequiredActionPriority(
{ alias: requiredActionProvider.providerId },
);
expect(response).to.be.empty;
const requiredActionUpdated =
await kcAdminClient.authenticationManagement.getRequiredActionForAlias({
alias: requiredActionProvider.providerId,
});
expect(requiredActionUpdated.priority).to.be.greaterThan(
requiredAction.priority,
);
});
it("should raise required action priority", async () => {
const requiredAction =
await kcAdminClient.authenticationManagement.getRequiredActionForAlias({
alias: requiredActionProvider.providerId,
});
const response =
await kcAdminClient.authenticationManagement.raiseRequiredActionPriority(
{ alias: requiredActionProvider.providerId },
);
expect(response).to.be.empty;
const requiredActionUpdated =
await kcAdminClient.authenticationManagement.getRequiredActionForAlias({
alias: requiredActionProvider.providerId,
});
expect(requiredActionUpdated.priority).to.be.lessThan(
requiredAction.priority,
);
});
it("should fetch config description for required action", async () => {
const configDescription =
await kcAdminClient.authenticationManagement.getRequiredActionConfigDescription(
{
alias: "UPDATE_PASSWORD",
},
);
expect(configDescription).is.ok;
expect(configDescription.properties).is.ok;
});
it("should fetch required action config for update password", async () => {
const actionConfig =
await kcAdminClient.authenticationManagement.getRequiredActionConfig({
alias: "UPDATE_PASSWORD",
});
expect(actionConfig).is.ok;
expect(actionConfig.config).is.ok;
expect(actionConfig.config!["max_auth_age"]).to.be.eq(300); // default max_auth_age for update password
});
it("should update required action config for update password", async () => {
await kcAdminClient.authenticationManagement.updateRequiredActionConfig(
{
alias: "UPDATE_PASSWORD",
},
{
config: {
max_auth_age: "301",
},
},
);
const actionConfig =
await kcAdminClient.authenticationManagement.getRequiredActionConfig({
alias: "UPDATE_PASSWORD",
});
expect(actionConfig).is.ok;
expect(actionConfig.config).is.ok;
expect(actionConfig.config!["max_auth_age"]).to.be.eq(301); // updated value max_auth_age for update password
});
it("should reset required action config for update password", async () => {
await kcAdminClient.authenticationManagement.removeRequiredActionConfig({
alias: "UPDATE_PASSWORD",
});
const actionConfig =
await kcAdminClient.authenticationManagement.getRequiredActionConfig({
alias: "UPDATE_PASSWORD",
});
expect(actionConfig).is.ok;
expect(actionConfig.config).is.ok;
expect(actionConfig.config!["max_auth_age"]).to.be.eq(300); // default max_auth_age for update password
});
it("should get client authenticator providers", async () => {
const authenticationProviders =
await kcAdminClient.authenticationManagement.getClientAuthenticatorProviders();
expect(authenticationProviders).is.ok;
expect(authenticationProviders.length).to.be.equal(4);
});
it("should fetch form providers", async () => {
const formProviders =
await kcAdminClient.authenticationManagement.getFormActionProviders();
expect(formProviders).is.ok;
expect(formProviders.length).to.be.eq(4);
});
it("should fetch authenticator providers", async () => {
const providers =
await kcAdminClient.authenticationManagement.getAuthenticatorProviders();
expect(providers).is.ok;
expect(providers.length).to.be.greaterThan(1);
});
});
describe("Flows", () => {
it("should get the registered form providers", async () => {
const formProviders =
await kcAdminClient.authenticationManagement.getFormProviders();
expect(formProviders).to.be.ok;
expect(formProviders.length).to.be.eq(1);
expect(formProviders[0].displayName).to.be.eq("Registration Page");
});
it("should get authentication flows", async () => {
const flows = await kcAdminClient.authenticationManagement.getFlows();
expect(flows.map((flow) => flow.alias)).to.be.deep.eq([
"browser",
"direct grant",
"registration",
"reset credentials",
"clients",
"first broker login",
"docker auth",
]);
});
it("should get authentication flow", async () => {
const flows = await kcAdminClient.authenticationManagement.getFlows();
const flow = await kcAdminClient.authenticationManagement.getFlow({
flowId: flows[0].id!,
});
expect(flow.alias).to.be.eq("browser");
});
it("should create new authentication flow", async () => {
const flow = "test";
await kcAdminClient.authenticationManagement.createFlow({
alias: flow,
providerId: "basic-flow",
description: "",
topLevel: true,
builtIn: false,
});
const flows = await kcAdminClient.authenticationManagement.getFlows();
expect(flows.find((f) => f.alias === flow)).to.be.ok;
});
const flowName = "copy of browser";
it("should copy existing authentication flow", async () => {
await kcAdminClient.authenticationManagement.copyFlow({
flow: "browser",
newName: flowName,
});
const flows = await kcAdminClient.authenticationManagement.getFlows();
const flow = flows.find((f) => f.alias === flowName);
expect(flow).to.be.ok;
});
it("should update authentication flow", async () => {
const flows = await kcAdminClient.authenticationManagement.getFlows();
const flow = flows.find((f) => f.alias === flowName)!;
const description = "Updated description";
flow.description = description;
const updatedFlow =
await kcAdminClient.authenticationManagement.updateFlow(
{ flowId: flow.id! },
flow,
);
expect(updatedFlow.description).to.be.eq(description);
});
it("should delete authentication flow", async () => {
let flows = await kcAdminClient.authenticationManagement.getFlows();
const flow = flows.find((f) => f.alias === flowName)!;
await kcAdminClient.authenticationManagement.deleteFlow({
flowId: flow.id!,
});
flows = await kcAdminClient.authenticationManagement.getFlows();
expect(flows.find((f) => f.alias === flowName)).to.be.undefined;
});
});
describe("Flow executions", () => {
it("should fetch all executions for a flow", async () => {
const executions =
await kcAdminClient.authenticationManagement.getExecutions({
flow: "browser",
});
expect(executions.length).to.be.gt(5);
});
const flowName = "executionTest";
it("should add execution to a flow", async () => {
await kcAdminClient.authenticationManagement.copyFlow({
flow: "browser",
newName: flowName,
});
const execution =
await kcAdminClient.authenticationManagement.addExecutionToFlow({
flow: flowName,
provider: "auth-otp-form",
});
expect(execution.id).to.be.ok;
});
it("should add flow to a flow", async () => {
const flow = await kcAdminClient.authenticationManagement.addFlowToFlow({
flow: flowName,
alias: "subFlow",
description: "",
provider: "registration-page-form",
type: "basic-flow",
});
const executions =
await kcAdminClient.authenticationManagement.getExecutions({
flow: flowName,
});
expect(flow.id).to.be.ok;
expect(executions.map((execution) => execution.displayName)).includes(
"subFlow",
);
});
it("should update execution to a flow", async () => {
let executions =
await kcAdminClient.authenticationManagement.getExecutions({
flow: flowName,
});
let execution = executions[executions.length - 1];
const choice = execution.requirementChoices![1];
execution.requirement = choice;
await kcAdminClient.authenticationManagement.updateExecution(
{ flow: flowName },
execution,
);
executions = await kcAdminClient.authenticationManagement.getExecutions({
flow: flowName,
});
execution = executions[executions.length - 1];
expect(execution.requirement).to.be.eq(choice);
});
it("should delete execution", async () => {
let executions =
await kcAdminClient.authenticationManagement.getExecutions({
flow: flowName,
});
const id = executions[0].id!;
await kcAdminClient.authenticationManagement.delExecution({ id });
executions = await kcAdminClient.authenticationManagement.getExecutions({
flow: flowName,
});
expect(executions.find((ex) => ex.id === id)).to.be.undefined;
});
it("should raise priority of execution", async () => {
let executions =
await kcAdminClient.authenticationManagement.getExecutions({
flow: flowName,
});
let execution = executions[executions.length - 1];
const priority = execution.index!;
await kcAdminClient.authenticationManagement.raisePriorityExecution({
id: execution.id!,
});
executions = await kcAdminClient.authenticationManagement.getExecutions({
flow: flowName,
});
execution = executions.find((ex) => ex.id === execution.id)!;
expect(execution.index).to.be.eq(priority - 1);
});
it("should lower priority of execution", async () => {
let executions =
await kcAdminClient.authenticationManagement.getExecutions({
flow: flowName,
});
let execution = executions[0];
const priority = execution.index!;
await kcAdminClient.authenticationManagement.lowerPriorityExecution({
id: execution.id!,
});
executions = await kcAdminClient.authenticationManagement.getExecutions({
flow: flowName,
});
execution = executions.find((ex) => ex.id === execution.id)!;
expect(execution.index).to.be.eq(priority + 1);
});
it("should create, update and delete config for execution", async () => {
const execution = (
await kcAdminClient.authenticationManagement.getExecutions({
flow: flowName,
})
)[0];
const alias = "test";
let config = await kcAdminClient.authenticationManagement.createConfig({
id: execution.id,
alias,
});
config = await kcAdminClient.authenticationManagement.getConfig({
id: config.id!,
});
expect(config.alias).to.be.eq(alias);
const extraConfig = { defaultProvider: "sdf" };
await kcAdminClient.authenticationManagement.updateConfig({
...config,
config: extraConfig,
});
config = await kcAdminClient.authenticationManagement.getConfig({
id: config.id!,
});
expect(config.config!.defaultProvider).to.be.eq(
extraConfig.defaultProvider,
);
await kcAdminClient.authenticationManagement.delConfig({
id: config.id!,
});
try {
await kcAdminClient.authenticationManagement.getConfig({
id: config.id!,
});
fail("should not find deleted config");
} catch (error) {
// ignore
}
});
it("should fetch config description for execution", async () => {
const execution = (
await kcAdminClient.authenticationManagement.getExecutions({
flow: flowName,
})
)[0];
const configDescription =
await kcAdminClient.authenticationManagement.getConfigDescription({
providerId: execution.providerId!,
});
expect(configDescription).is.ok;
expect(configDescription.providerId).to.be.eq(execution.providerId);
});
});
});