2023-02-03 10:45:11 +00:00
|
|
|
// tslint:disable:no-unused-expression
|
|
|
|
import { faker } from "@faker-js/faker";
|
|
|
|
import * as chai from "chai";
|
|
|
|
import { omit, pick } from "lodash-es";
|
|
|
|
import { KeycloakAdminClient } from "../src/client.js";
|
|
|
|
import type ClientRepresentation from "../src/defs/clientRepresentation.js";
|
|
|
|
import type GroupRepresentation from "../src/defs/groupRepresentation.js";
|
|
|
|
import type PolicyRepresentation from "../src/defs/policyRepresentation.js";
|
|
|
|
import { DecisionStrategy, Logic } from "../src/defs/policyRepresentation.js";
|
|
|
|
import type UserRepresentation from "../src/defs/userRepresentation.js";
|
|
|
|
import { credentials } from "./constants.js";
|
|
|
|
|
|
|
|
const expect = chai.expect;
|
|
|
|
|
|
|
|
describe("Group user integration", () => {
|
|
|
|
let kcAdminClient: KeycloakAdminClient;
|
|
|
|
let currentGroup: GroupRepresentation;
|
|
|
|
let currentUser: UserRepresentation;
|
|
|
|
let managementClient: ClientRepresentation;
|
|
|
|
let currentUserPolicy: PolicyRepresentation;
|
|
|
|
let currentPolicy: PolicyRepresentation;
|
|
|
|
|
|
|
|
before(async () => {
|
2024-10-30 11:14:02 +00:00
|
|
|
const groupName = faker.internet.username();
|
2023-02-03 10:45:11 +00:00
|
|
|
kcAdminClient = new KeycloakAdminClient();
|
|
|
|
await kcAdminClient.auth(credentials);
|
|
|
|
// create group
|
|
|
|
const group = await kcAdminClient.groups.create({
|
|
|
|
name: groupName,
|
|
|
|
});
|
|
|
|
currentGroup = (await kcAdminClient.groups.findOne({ id: group.id }))!;
|
|
|
|
|
|
|
|
// create user
|
2024-10-30 11:14:02 +00:00
|
|
|
const username = faker.internet.username();
|
2023-02-03 10:45:11 +00:00
|
|
|
const user = await kcAdminClient.users.create({
|
|
|
|
username,
|
|
|
|
email: "test@keycloak.org",
|
|
|
|
enabled: true,
|
|
|
|
});
|
|
|
|
currentUser = (await kcAdminClient.users.findOne({ id: user.id }))!;
|
|
|
|
});
|
|
|
|
|
|
|
|
after(async () => {
|
|
|
|
await kcAdminClient.groups.del({
|
|
|
|
id: currentGroup.id!,
|
|
|
|
});
|
|
|
|
await kcAdminClient.users.del({
|
|
|
|
id: currentUser.id!,
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it("should list user's group and expect empty", async () => {
|
|
|
|
const groups = await kcAdminClient.users.listGroups({
|
|
|
|
id: currentUser.id!,
|
|
|
|
});
|
|
|
|
expect(groups).to.be.eql([]);
|
|
|
|
});
|
|
|
|
|
|
|
|
it("should add user to group", async () => {
|
|
|
|
await kcAdminClient.users.addToGroup({
|
|
|
|
id: currentUser.id!,
|
|
|
|
groupId: currentGroup.id!,
|
|
|
|
});
|
|
|
|
|
|
|
|
const groups = await kcAdminClient.users.listGroups({
|
|
|
|
id: currentUser.id!,
|
|
|
|
});
|
|
|
|
// expect id,name,path to be the same
|
|
|
|
expect(groups[0]).to.be.eql(pick(currentGroup, ["id", "name", "path"]));
|
|
|
|
});
|
|
|
|
|
|
|
|
it("should list members using group api", async () => {
|
|
|
|
const members = await kcAdminClient.groups.listMembers({
|
|
|
|
id: currentGroup.id!,
|
|
|
|
});
|
|
|
|
// access will not returned from member api
|
|
|
|
expect(members[0]).to.be.eql(omit(currentUser, ["access"]));
|
|
|
|
});
|
|
|
|
|
|
|
|
it("should remove user from group", async () => {
|
|
|
|
await kcAdminClient.users.delFromGroup({
|
|
|
|
id: currentUser.id!,
|
|
|
|
groupId: currentGroup.id!,
|
|
|
|
});
|
|
|
|
|
|
|
|
const groups = await kcAdminClient.users.listGroups({
|
|
|
|
id: currentUser.id!,
|
|
|
|
});
|
|
|
|
expect(groups).to.be.eql([]);
|
|
|
|
});
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Authorization permissions
|
|
|
|
*/
|
|
|
|
describe.skip("authorization permissions", () => {
|
|
|
|
before(async () => {
|
|
|
|
const clients = await kcAdminClient.clients.find();
|
|
|
|
managementClient = clients.find(
|
2023-07-11 14:03:21 +00:00
|
|
|
(client) => client.clientId === "master-realm",
|
2023-02-03 10:45:11 +00:00
|
|
|
)!;
|
|
|
|
});
|
|
|
|
after(async () => {
|
|
|
|
await kcAdminClient.clients.delPolicy({
|
|
|
|
id: managementClient.id!,
|
|
|
|
policyId: currentUserPolicy.id!,
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it("Enable permissions", async () => {
|
|
|
|
const permission = await kcAdminClient.groups.updatePermission(
|
|
|
|
{ id: currentGroup.id! },
|
2023-07-11 14:03:21 +00:00
|
|
|
{ enabled: true },
|
2023-02-03 10:45:11 +00:00
|
|
|
);
|
|
|
|
expect(permission).to.include({
|
|
|
|
enabled: true,
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it("list of users in policy management", async () => {
|
|
|
|
const userPolicyData: PolicyRepresentation = {
|
|
|
|
type: "user",
|
|
|
|
logic: Logic.POSITIVE,
|
|
|
|
decisionStrategy: DecisionStrategy.UNANIMOUS,
|
|
|
|
name: `policy.manager.${currentGroup.id}`,
|
|
|
|
users: [currentUser.id!],
|
|
|
|
};
|
|
|
|
currentUserPolicy = await kcAdminClient.clients.createPolicy(
|
|
|
|
{ id: managementClient.id!, type: userPolicyData.type! },
|
2023-07-11 14:03:21 +00:00
|
|
|
userPolicyData,
|
2023-02-03 10:45:11 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
expect(currentUserPolicy).to.include({
|
|
|
|
type: "user",
|
|
|
|
logic: Logic.POSITIVE,
|
|
|
|
decisionStrategy: DecisionStrategy.UNANIMOUS,
|
|
|
|
name: `policy.manager.${currentGroup.id}`,
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it("list the roles available for this group", async () => {
|
|
|
|
const permissions = (await kcAdminClient.groups.listPermissions({
|
|
|
|
id: currentGroup.id!,
|
|
|
|
}))!;
|
|
|
|
|
|
|
|
expect(permissions.scopePermissions).to.be.an("object");
|
|
|
|
|
|
|
|
const scopes = (await kcAdminClient.clients.listScopesByResource({
|
|
|
|
id: managementClient.id!,
|
|
|
|
resourceName: permissions.resource!,
|
|
|
|
}))!;
|
|
|
|
|
|
|
|
const policies = await kcAdminClient.clients.listPolicies({
|
|
|
|
id: managementClient.id,
|
|
|
|
resource: permissions.resource,
|
|
|
|
max: 2,
|
|
|
|
});
|
|
|
|
expect(policies).to.have.length(2);
|
|
|
|
|
|
|
|
expect(scopes).to.have.length(5);
|
|
|
|
|
|
|
|
// Search for the id of the management role
|
|
|
|
const roleId = scopes.find((scope) => scope.name === "manage")!.id;
|
|
|
|
|
|
|
|
const userPolicy = await kcAdminClient.clients.findPolicyByName({
|
|
|
|
id: managementClient.id!,
|
|
|
|
name: `policy.manager.${currentGroup.id}`,
|
|
|
|
});
|
|
|
|
|
|
|
|
expect(userPolicy).to.deep.include({
|
|
|
|
name: `policy.manager.${currentGroup.id}`,
|
|
|
|
});
|
|
|
|
|
|
|
|
// Update of the role with the above modifications
|
|
|
|
const policyData: PolicyRepresentation = {
|
|
|
|
id: permissions.scopePermissions!.manage!,
|
|
|
|
name: `manage.permission.group.${currentGroup.id}`,
|
|
|
|
type: "scope",
|
|
|
|
logic: Logic.POSITIVE,
|
|
|
|
decisionStrategy: DecisionStrategy.UNANIMOUS,
|
|
|
|
resources: [permissions.resource!],
|
|
|
|
scopes: [roleId],
|
|
|
|
policies: [userPolicy.id!],
|
|
|
|
};
|
|
|
|
await kcAdminClient.clients.updatePermission(
|
|
|
|
{
|
|
|
|
id: managementClient.id!,
|
|
|
|
permissionId: permissions.scopePermissions!.manage,
|
|
|
|
type: "scope",
|
|
|
|
},
|
2023-07-11 14:03:21 +00:00
|
|
|
policyData,
|
2023-02-03 10:45:11 +00:00
|
|
|
);
|
|
|
|
currentPolicy = (await kcAdminClient.clients.findOnePermission({
|
|
|
|
id: managementClient.id!,
|
|
|
|
permissionId: permissions.scopePermissions!.manage,
|
|
|
|
type: "scope",
|
|
|
|
}))!;
|
|
|
|
expect(currentPolicy).to.deep.include({
|
|
|
|
id: permissions.scopePermissions!.manage,
|
|
|
|
name: `manage.permission.group.${currentGroup.id}`,
|
|
|
|
type: "scope",
|
|
|
|
logic: Logic.POSITIVE,
|
|
|
|
decisionStrategy: DecisionStrategy.UNANIMOUS,
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|