From 00405cc212e856dbdc79744afc7548b47918c202 Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Fri, 27 Sep 2013 14:54:34 +0100 Subject: [PATCH] Check username on social login --- .../org/keycloak/testsuite/OAuthClient.java | 15 ++++++++++++++- .../testsuite/oauth/AccessTokenTest.java | 18 ++---------------- .../testsuite/social/SocialLoginTest.java | 19 +++++++++++++++++-- 3 files changed, 33 insertions(+), 19 deletions(-) diff --git a/testsuite/src/test/java/org/keycloak/testsuite/OAuthClient.java b/testsuite/src/test/java/org/keycloak/testsuite/OAuthClient.java index 42d2c32394..59d178ae6b 100644 --- a/testsuite/src/test/java/org/keycloak/testsuite/OAuthClient.java +++ b/testsuite/src/test/java/org/keycloak/testsuite/OAuthClient.java @@ -24,6 +24,7 @@ package org.keycloak.testsuite; import java.net.URI; import java.net.URISyntaxException; import java.nio.charset.Charset; +import java.security.PublicKey; import java.util.HashMap; import java.util.LinkedList; import java.util.List; @@ -40,8 +41,11 @@ import org.apache.http.client.methods.HttpPost; import org.apache.http.client.utils.URLEncodedUtils; import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.message.BasicNameValuePair; +import org.jboss.resteasy.security.PemUtils; import org.json.JSONObject; import org.junit.Assert; +import org.keycloak.RSATokenVerifier; +import org.keycloak.representations.SkeletonKeyToken; import org.openqa.selenium.By; import org.openqa.selenium.WebDriver; @@ -68,8 +72,13 @@ public class OAuthClient { private String state; - public OAuthClient(WebDriver driver) { + private PublicKey realmPublicKey; + + public OAuthClient(WebDriver driver) throws Exception { this.driver = driver; + + JSONObject realmJson = new JSONObject(IOUtils.toString(getClass().getResourceAsStream("/testrealm.json"))); + realmPublicKey = PemUtils.decodePublicKey(realmJson.getString("publicKey")); } public AuthorizationCodeResponse doLogin(String username, String password) { @@ -109,6 +118,10 @@ public class OAuthClient { return new AccessTokenResponse(client.execute(post)); } + public SkeletonKeyToken verifyToken(String token) throws Exception { + return RSATokenVerifier.verifyToken(token, realmPublicKey, realm); + } + public boolean isAuthorizationResponse() { return getCurrentRequest().equals(redirectUri) && getCurrentQuery().containsKey("code"); } diff --git a/testsuite/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java b/testsuite/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java index 16177675ce..15f1cbf9d2 100644 --- a/testsuite/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java +++ b/testsuite/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java @@ -21,17 +21,10 @@ */ package org.keycloak.testsuite.oauth; -import java.security.PublicKey; - -import org.apache.commons.io.IOUtils; -import org.jboss.resteasy.security.PemUtils; -import org.json.JSONObject; import org.junit.Assert; -import org.junit.Before; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; -import org.keycloak.RSATokenVerifier; import org.keycloak.representations.SkeletonKeyToken; import org.keycloak.testsuite.OAuthClient; import org.keycloak.testsuite.OAuthClient.AccessTokenResponse; @@ -61,14 +54,6 @@ public class AccessTokenTest { @WebResource protected LoginPage loginPage; - private PublicKey realmPublicKey; - - @Before - public void before() throws Exception { - JSONObject realmJson = new JSONObject(IOUtils.toString(getClass().getResourceAsStream("/testrealm.json"))); - realmPublicKey = PemUtils.decodePublicKey(realmJson.getString("publicKey")); - } - @Test public void accessTokenRequest() throws Exception { oauth.doLogin("test-user@localhost", "password"); @@ -82,7 +67,8 @@ public class AccessTokenTest { Assert.assertEquals("bearer", response.getTokenType()); - SkeletonKeyToken token = RSATokenVerifier.verifyToken(response.getAccessToken(), realmPublicKey, oauth.getRealm()); + SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken()); + Assert.assertEquals("test-user@localhost", token.getPrincipal()); Assert.assertEquals(1, token.getRealmAccess().getRoles().size()); diff --git a/testsuite/src/test/java/org/keycloak/testsuite/social/SocialLoginTest.java b/testsuite/src/test/java/org/keycloak/testsuite/social/SocialLoginTest.java index 7cb41787eb..f4cc01ce89 100755 --- a/testsuite/src/test/java/org/keycloak/testsuite/social/SocialLoginTest.java +++ b/testsuite/src/test/java/org/keycloak/testsuite/social/SocialLoginTest.java @@ -26,12 +26,15 @@ import org.junit.BeforeClass; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; +import org.keycloak.representations.SkeletonKeyToken; import org.keycloak.services.managers.RealmManager; import org.keycloak.models.RealmModel; import org.keycloak.testsuite.DummySocialServlet; +import org.keycloak.testsuite.OAuthClient; +import org.keycloak.testsuite.OAuthClient.AccessTokenResponse; import org.keycloak.testsuite.pages.AppPage; -import org.keycloak.testsuite.pages.LoginPage; import org.keycloak.testsuite.pages.AppPage.RequestType; +import org.keycloak.testsuite.pages.LoginPage; import org.keycloak.testsuite.rule.KeycloakRule; import org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup; import org.keycloak.testsuite.rule.WebResource; @@ -65,13 +68,16 @@ public class SocialLoginTest { @WebResource protected LoginPage loginPage; + @WebResource + protected OAuthClient oauth; + @BeforeClass public static void before() { keycloakRule.deployServlet("dummy-social", "/dummy-social", DummySocialServlet.class); } @Test - public void loginSuccess() { + public void loginSuccess() throws Exception { loginPage.open(); loginPage.clickSocial("dummy"); @@ -80,6 +86,15 @@ public class SocialLoginTest { driver.findElement(By.id("submit")).click(); Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType()); + + AccessTokenResponse response = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get("code"), "password"); + + SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken()); + + Assert.assertEquals("dummy-user", token.getPrincipal()); + + Assert.assertEquals(1, token.getRealmAccess().getRoles().size()); + Assert.assertTrue(token.getRealmAccess().isUserInRole("user")); } }