diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPAttributeMapper.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPAttributeMapper.java index f4f7e3d94c..035c623713 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPAttributeMapper.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPAttributeMapper.java @@ -99,6 +99,10 @@ public class HardcodedLDAPAttributeMapper extends AbstractLDAPStorageMapper { @Override public UserModel proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm) { + // Don't update attribute in LDAP later. It's supposed to be written just at registration time + String ldapAttrName = mapperModel.get(LDAP_ATTRIBUTE_NAME); + ldapUser.addReadOnlyAttributeName(ldapAttrName); + return delegate; } diff --git a/server-spi-private/src/main/java/org/keycloak/events/admin/ResourceType.java b/server-spi-private/src/main/java/org/keycloak/events/admin/ResourceType.java index 045258c08b..cba5ed6672 100644 --- a/server-spi-private/src/main/java/org/keycloak/events/admin/ResourceType.java +++ b/server-spi-private/src/main/java/org/keycloak/events/admin/ResourceType.java @@ -151,5 +151,10 @@ public enum ResourceType { /** * */ - , CLUSTER_NODE; + , CLUSTER_NODE + + /** + * + */ + , COMPONENT; } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java index daffd90086..2f7362bb94 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java @@ -221,7 +221,7 @@ public class AuthenticationManagementResource { flow.setId(createdModel.getId()); adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, createdModel.getId()).representation(flow).success(); - return Response.status(201).build(); + return Response.created(uriInfo.getAbsolutePathBuilder().path(flow.getId()).build()).build(); } /** diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java index c5e1edbe00..b39b773522 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java @@ -25,6 +25,7 @@ import org.keycloak.component.ComponentModel; import org.keycloak.component.ComponentValidationException; import org.keycloak.component.SubComponentFactory; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.utils.ModelToRepresentation; @@ -93,7 +94,7 @@ public class ComponentResource { public ComponentResource(RealmModel realm, RealmAuth auth, AdminEventBuilder adminEvent) { this.auth = auth; this.realm = realm; - this.adminEvent = adminEvent; + this.adminEvent = adminEvent.resource(ResourceType.COMPONENT); auth.init(RealmAuth.Resource.REALM); } @@ -175,7 +176,7 @@ public class ComponentResource { throw new NotFoundException("Could not find component"); } RepresentationToModel.updateComponent(session, rep, model, false); - adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo, model.getId()).representation(StripSecretsUtils.strip(session, rep)).success(); + adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(StripSecretsUtils.strip(session, rep)).success(); realm.updateComponent(model); return Response.noContent().build(); } catch (ComponentValidationException e) { @@ -192,7 +193,7 @@ public class ComponentResource { if (model == null) { throw new NotFoundException("Could not find component"); } - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo, model.getId()).success(); + adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); realm.removeComponent(model); } diff --git a/testsuite/integration-arquillian/HOW-TO-RUN.md b/testsuite/integration-arquillian/HOW-TO-RUN.md index 0fb9b4b13f..c1341fb3d7 100644 --- a/testsuite/integration-arquillian/HOW-TO-RUN.md +++ b/testsuite/integration-arquillian/HOW-TO-RUN.md @@ -21,8 +21,10 @@ Adding this system property when running any test: -Darquillian.debug=true -will add lots of info to the log. Especially about all the triggered arquillian lifecycle events and executed observers listening to those events. -Also the bootstrap of WebDriver will be unlimited (by default there is 1 minute timeout and test is cancelled when WebDriver is not bootstrapped within it.) +will add lots of info to the log. Especially about: +* The test method names, which will be executed for each test class, will be written at the proper running order to the log at the beginning of each test (done by KcArquillian class). +* All the triggered arquillian lifecycle events and executed observers listening to those events will be written to the log +* The bootstrap of WebDriver will be unlimited. By default there is just 1 minute timeout and test is cancelled when WebDriver is not bootstrapped within it. ### WebDriver timeout @@ -41,7 +43,7 @@ and adapter are all in the same JVM and you can debug them easily. If it is not -Dmaven.surefire.debug=true -and you will be able to attach remote debugger to the test. Unfortunately server and adapter are running in different JVMs, so you won't be able to debug them. +and you will be able to attach remote debugger to the test. Unfortunately server and adapter are running in different JVMs, so this won't help to debug those. TODO: Improve and add more info about Wildfly debugging... diff --git a/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java b/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java index bdbd4d92ce..5f7520fc44 100644 --- a/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java +++ b/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java @@ -146,6 +146,11 @@ public class KeycloakOnUndertow implements DeployableContainer archive) throws DeploymentException { Field containerField = Reflections.findDeclaredField(UndertowJaxrsServer.class, "container"); diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java index ccc4f8046a..6ca5135402 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java @@ -28,9 +28,13 @@ import org.jboss.arquillian.core.api.annotation.Inject; import org.jboss.arquillian.core.api.annotation.Observes; import org.jboss.arquillian.test.spi.annotation.ClassScoped; import org.jboss.arquillian.test.spi.annotation.SuiteScoped; +import org.jboss.arquillian.test.spi.event.suite.AfterClass; import org.jboss.arquillian.test.spi.event.suite.BeforeClass; import org.jboss.arquillian.test.spi.event.suite.BeforeSuite; import org.jboss.logging.Logger; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.testsuite.client.KeycloakTestingClient; import org.keycloak.testsuite.util.LogChecker; import org.keycloak.testsuite.util.OAuthClient; @@ -38,8 +42,11 @@ import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; import java.util.LinkedHashSet; +import java.util.List; import java.util.Set; +import javax.ws.rs.NotFoundException; + /** * * @author tkyjovsk @@ -203,4 +210,33 @@ public class AuthServerTestEnricher { oAuthClientProducer.set(oAuthClient); } + public void afterClass(@Observes(precedence = 2) AfterClass event) { + TestContext testContext = testContextProducer.get(); + + List testRealmReps = testContext.getTestRealmReps(); + Keycloak adminClient = testContext.getAdminClient(); + KeycloakTestingClient testingClient = testContext.getTestingClient(); + + if (testRealmReps != null) { + log.info("removing test realms after test class"); + for (RealmRepresentation testRealm : testRealmReps) { + String realmName = testRealm.getRealm(); + log.info("removing realm: " + realmName); + try { + adminClient.realms().realm(realmName).remove(); + } catch (NotFoundException e) { + // Ignore + } + } + } + + if (adminClient != null) { + adminClient.close(); + } + + if (testingClient != null) { + testingClient.close(); + } + } + } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KcArquillian.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KcArquillian.java new file mode 100644 index 0000000000..c743ca8c3b --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KcArquillian.java @@ -0,0 +1,53 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.arquillian; + +import java.util.List; + +import org.jboss.arquillian.junit.Arquillian; +import org.jboss.logging.Logger; +import org.junit.runners.model.FrameworkMethod; +import org.junit.runners.model.InitializationError; + +/** + * @author Marek Posolda + */ +public class KcArquillian extends Arquillian { + + protected final Logger log = Logger.getLogger(this.getClass()); + + public static final boolean ARQUILLIAN_DEBUG = "true".equals(System.getProperty("arquillian.debug")); + + public KcArquillian(Class testClass) throws InitializationError + { + super(testClass); + } + + @Override + protected List getChildren() { + List children = super.getChildren(); + + if (ARQUILLIAN_DEBUG) { + for (FrameworkMethod method : children) { + log.info(method.getName()); + } + } + + return children; + } +} diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/TestContext.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/TestContext.java index fc63b2291b..30b0405c51 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/TestContext.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/TestContext.java @@ -21,6 +21,13 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import javax.ws.rs.NotFoundException; + +import org.keycloak.admin.client.Keycloak; +import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.testsuite.client.KeycloakTestingClient; +import org.keycloak.testsuite.util.TestCleanup; + /** * * @author tkyjovsk @@ -38,6 +45,17 @@ public final class TestContext { private final Map customContext = new HashMap<>(); + private Keycloak adminClient; + private KeycloakTestingClient testingClient; + private List testRealmReps; + + // Track if particular test was initialized. What exactly means "initialized" is test dependent (Eg. some user in @Before method was created, so we can set initialized to true + // to avoid creating user when @Before method is executed for 2nd time) + private boolean initialized; + + // Key is realmName, value are objects to clean after the test method + private Map cleanups = new HashMap<>(); + public TestContext(SuiteContext suiteContext, Class testClass) { this.suiteContext = suiteContext; this.testClass = testClass; @@ -92,6 +110,52 @@ public final class TestContext { + (isAdapterTest() ? "App server container: " + getAppServerInfo() + "\n" : ""); } + public Keycloak getAdminClient() { + return adminClient; + } + + public void setAdminClient(Keycloak adminClient) { + this.adminClient = adminClient; + } + + public KeycloakTestingClient getTestingClient() { + return testingClient; + } + + public void setTestingClient(KeycloakTestingClient testingClient) { + this.testingClient = testingClient; + } + + public List getTestRealmReps() { + return testRealmReps; + } + + public void setTestRealmReps(List testRealmReps) { + this.testRealmReps = testRealmReps; + } + + public boolean isInitialized() { + return initialized; + } + + public void setInitialized(boolean initialized) { + this.initialized = initialized; + } + + public TestCleanup getOrCreateCleanup(String realmName) { + TestCleanup cleanup = cleanups.get(realmName); + if (cleanup == null) { + cleanup = new TestCleanup(adminClient, realmName); + cleanups.put(realmName, cleanup); + } + return cleanup; + } + + public Map getCleanups() { + return cleanups; + } + + public Object getCustomValue(Object key) { return customContext.get(key); } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestApplicationResource.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestApplicationResource.java index a89d70c32b..afefde3833 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestApplicationResource.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestApplicationResource.java @@ -53,7 +53,7 @@ public interface TestApplicationResource { @POST @Path("/clear-admin-actions") - Response clearAdminActions(); + void clearAdminActions(); @GET @Produces(MediaType.TEXT_HTML) diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingExportImportResource.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingExportImportResource.java index 0c2f106b24..a66fce5e13 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingExportImportResource.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingExportImportResource.java @@ -35,12 +35,12 @@ public interface TestingExportImportResource { @GET @Path("/run-import") @Produces(MediaType.APPLICATION_JSON) - public Response runImport(); + void runImport(); @GET @Path("/run-export") @Produces(MediaType.APPLICATION_JSON) - public Response runExport(); + void runExport(); @GET @Path("/get-users-per-file") diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java index 02d889ffc7..32b05e7b8e 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java @@ -72,27 +72,27 @@ public interface TestingResource { @POST @Path("/clear-event-queue") @Produces(MediaType.APPLICATION_JSON) - Response clearEventQueue(); + void clearEventQueue(); @POST @Path("/clear-admin-event-queue") @Produces(MediaType.APPLICATION_JSON) - Response clearAdminEventQueue(); + void clearAdminEventQueue(); @GET @Path("/clear-event-store") @Produces(MediaType.APPLICATION_JSON) - public Response clearEventStore(); + void clearEventStore(); @GET @Path("/clear-event-store-for-realm") @Produces(MediaType.APPLICATION_JSON) - public Response clearEventStore(@QueryParam("realmId") String realmId); + void clearEventStore(@QueryParam("realmId") String realmId); @GET @Path("/clear-event-store-older-than") @Produces(MediaType.APPLICATION_JSON) - public Response clearEventStore(@QueryParam("realmId") String realmId, @QueryParam("olderThan") long olderThan); + void clearEventStore(@QueryParam("realmId") String realmId, @QueryParam("olderThan") long olderThan); /** * Query events @@ -127,17 +127,17 @@ public interface TestingResource { @GET @Path("/clear-admin-event-store") @Produces(MediaType.APPLICATION_JSON) - public Response clearAdminEventStore(); + void clearAdminEventStore(); @GET @Path("/clear-admin-event-store-for-realm") @Produces(MediaType.APPLICATION_JSON) - public Response clearAdminEventStore(@QueryParam("realmId") String realmId); + void clearAdminEventStore(@QueryParam("realmId") String realmId); @GET @Path("/clear-admin-event-store-older-than") @Produces(MediaType.APPLICATION_JSON) - public Response clearAdminEventStore(@QueryParam("realmId") String realmId, @QueryParam("olderThan") long olderThan); + void clearAdminEventStore(@QueryParam("realmId") String realmId, @QueryParam("olderThan") long olderThan); /** * Get admin events @@ -170,17 +170,17 @@ public interface TestingResource { @POST @Path("/on-admin-event") @Consumes(MediaType.APPLICATION_JSON) - public void onAdminEvent(final AdminEventRepresentation rep, @QueryParam("includeRepresentation") boolean includeRepresentation); + void onAdminEvent(final AdminEventRepresentation rep, @QueryParam("includeRepresentation") boolean includeRepresentation); @POST @Path("/remove-user-session") @Produces(MediaType.APPLICATION_JSON) - Response removeUserSession(@QueryParam("realm") final String realm, @QueryParam("session") final String sessionId); + void removeUserSession(@QueryParam("realm") final String realm, @QueryParam("session") final String sessionId); @POST @Path("/remove-user-sessions") @Produces(MediaType.APPLICATION_JSON) - Response removeUserSessions(@QueryParam("realm") final String realm); + void removeUserSessions(@QueryParam("realm") final String realm); @GET @Path("/get-user-session") @@ -190,7 +190,7 @@ public interface TestingResource { @POST @Path("/remove-expired") @Produces(MediaType.APPLICATION_JSON) - Response removeExpired(@QueryParam("realm") final String realm); + void removeExpired(@QueryParam("realm") final String realm); @Path("/cache/{cache}") TestingCacheResource cache(@PathParam("cache") String cacheName); diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java new file mode 100644 index 0000000000..9543373960 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java @@ -0,0 +1,66 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.util; + +import java.io.File; +import java.io.IOException; +import java.security.KeyManagementException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; + +import javax.net.ssl.SSLContext; + +import org.apache.http.ssl.SSLContexts; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.models.Constants; +import org.keycloak.testsuite.arquillian.AuthServerTestEnricher; + +import static org.keycloak.testsuite.auth.page.AuthRealm.ADMIN; +import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER; +import static org.keycloak.testsuite.util.IOUtil.PROJECT_BUILD_DIRECTORY; + + +public class AdminClientUtil { + + public static Keycloak createAdminClient() throws Exception { + SSLContext ssl = null; + if ("true".equals(System.getProperty("auth.server.ssl.required"))) { + File trustore = new File(PROJECT_BUILD_DIRECTORY, "dependency/keystore/keycloak.truststore"); + ssl = getSSLContextWithTrustore(trustore, "secret"); + + System.setProperty("javax.net.ssl.trustStore", trustore.getAbsolutePath()); + } + + return Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", + MASTER, ADMIN, ADMIN, Constants.ADMIN_CLI_CLIENT_ID, null, ssl); + } + + + private static SSLContext getSSLContextWithTrustore(File file, String password) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException { + if (!file.isFile()) { + throw new RuntimeException("Truststore file not found: " + file.getAbsolutePath()); + } + SSLContext theContext = SSLContexts.custom() + .useProtocol("TLS") + .loadTrustMaterial(file, password == null ? null : password.toCharArray()) + .build(); + return theContext; + } + +} diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java index d7509eddd5..d54924bc9c 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java @@ -54,6 +54,8 @@ import org.openqa.selenium.By; import org.openqa.selenium.WebDriver; import javax.ws.rs.core.UriBuilder; + +import java.io.Closeable; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.URI; @@ -271,7 +273,9 @@ public class OAuthClient { try { ByteArrayOutputStream out = new ByteArrayOutputStream(); - client.execute(post).getEntity().writeTo(out); + CloseableHttpResponse response = client.execute(post); + response.getEntity().writeTo(out); + response.close(); return new String(out.toByteArray()); } catch (Exception e) { @@ -776,28 +780,32 @@ public class OAuthClient { private String error; private String errorDescription; - public AccessTokenResponse(HttpResponse response) throws Exception { - statusCode = response.getStatusLine().getStatusCode(); - if (!"application/json".equals(response.getHeaders("Content-Type")[0].getValue())) { - Assert.fail("Invalid content type"); - } - - String s = IOUtils.toString(response.getEntity().getContent()); - Map responseJson = JsonSerialization.readValue(s, Map.class); - - if (statusCode == 200) { - idToken = (String)responseJson.get("id_token"); - accessToken = (String)responseJson.get("access_token"); - tokenType = (String)responseJson.get("token_type"); - expiresIn = (Integer)responseJson.get("expires_in"); - refreshExpiresIn = (Integer)responseJson.get("refresh_expires_in"); - - if (responseJson.containsKey(OAuth2Constants.REFRESH_TOKEN)) { - refreshToken = (String)responseJson.get(OAuth2Constants.REFRESH_TOKEN); + public AccessTokenResponse(CloseableHttpResponse response) throws Exception { + try { + statusCode = response.getStatusLine().getStatusCode(); + if (!"application/json".equals(response.getHeaders("Content-Type")[0].getValue())) { + Assert.fail("Invalid content type"); } - } else { - error = (String)responseJson.get(OAuth2Constants.ERROR); - errorDescription = responseJson.containsKey(OAuth2Constants.ERROR_DESCRIPTION) ? (String)responseJson.get(OAuth2Constants.ERROR_DESCRIPTION) : null; + + String s = IOUtils.toString(response.getEntity().getContent()); + Map responseJson = JsonSerialization.readValue(s, Map.class); + + if (statusCode == 200) { + idToken = (String) responseJson.get("id_token"); + accessToken = (String) responseJson.get("access_token"); + tokenType = (String) responseJson.get("token_type"); + expiresIn = (Integer) responseJson.get("expires_in"); + refreshExpiresIn = (Integer) responseJson.get("refresh_expires_in"); + + if (responseJson.containsKey(OAuth2Constants.REFRESH_TOKEN)) { + refreshToken = (String) responseJson.get(OAuth2Constants.REFRESH_TOKEN); + } + } else { + error = (String) responseJson.get(OAuth2Constants.ERROR); + errorDescription = responseJson.containsKey(OAuth2Constants.ERROR_DESCRIPTION) ? (String) responseJson.get(OAuth2Constants.ERROR_DESCRIPTION) : null; + } + } finally { + response.close(); } } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/TestCleanup.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/TestCleanup.java new file mode 100644 index 0000000000..17ff44a9c6 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/TestCleanup.java @@ -0,0 +1,202 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.util; + +import java.util.LinkedList; +import java.util.List; + +import javax.ws.rs.NotFoundException; + +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.resource.RealmResource; + +/** + * Enlist resources to be cleaned after test method + * + * @author Marek Posolda + */ +public class TestCleanup { + + private final Keycloak adminClient; + private final String realmName; + + + private List identityProviderAliases; + private List userIds; + private List componentIds; + private List clientUuids; + private List roleIds; + private List groupIds; + private List authFlowIds; + private List authConfigIds; + + public TestCleanup(Keycloak adminClient, String realmName) { + this.adminClient = adminClient; + this.realmName = realmName; + } + + + public void addUserId(String userId) { + if (userIds == null) { + userIds = new LinkedList<>(); + } + userIds.add(userId); + } + + + public void addIdentityProviderAlias(String identityProviderAlias) { + if (identityProviderAliases == null) { + identityProviderAliases = new LinkedList<>(); + } + identityProviderAliases.add(identityProviderAlias); + } + + + public void addComponentId(String componentId) { + if (componentIds == null) { + componentIds = new LinkedList<>(); + } + componentIds.add(componentId); + } + + + public void addClientUuid(String clientUuid) { + if (clientUuids == null) { + clientUuids = new LinkedList<>(); + } + clientUuids.add(clientUuid); + } + + + public void addRoleId(String roleId) { + if (roleIds == null) { + roleIds = new LinkedList<>(); + } + roleIds.add(roleId); + } + + + public void addGroupId(String groupId) { + if (groupIds == null) { + groupIds = new LinkedList<>(); + } + groupIds.add(groupId); + } + + + public void addAuthenticationFlowId(String flowId) { + if (authFlowIds == null) { + authFlowIds = new LinkedList<>(); + } + authFlowIds.add(flowId); + } + + + public void addAuthenticationConfigId(String executionConfigId) { + if (authConfigIds == null) { + authConfigIds = new LinkedList<>(); + } + authConfigIds.add(executionConfigId); + } + + + public void executeCleanup() { + RealmResource realm = adminClient.realm(realmName); + + if (userIds != null) { + for (String userId : userIds) { + try { + realm.users().get(userId).remove(); + } catch (NotFoundException nfe) { + // User might be already deleted in the test + } + } + } + + if (identityProviderAliases != null) { + for (String idpAlias : identityProviderAliases) { + try { + realm.identityProviders().get(idpAlias).remove(); + } catch (NotFoundException nfe) { + // Idp might be already deleted in the test + } + } + } + + if (componentIds != null) { + for (String componentId : componentIds) { + try { + realm.components().component(componentId).remove(); + } catch (NotFoundException nfe) { + // Idp might be already deleted in the test + } + } + } + + if (clientUuids != null) { + for (String clientUuId : clientUuids) { + try { + realm.clients().get(clientUuId).remove(); + } catch (NotFoundException nfe) { + // Idp might be already deleted in the test + } + } + } + + if (roleIds != null) { + for (String roleId : roleIds) { + try { + realm.rolesById().deleteRole(roleId); + } catch (NotFoundException nfe) { + // Idp might be already deleted in the test + } + } + } + + if (groupIds != null) { + for (String groupId : groupIds) { + try { + realm.groups().group(groupId).remove(); + } catch (NotFoundException nfe) { + // Idp might be already deleted in the test + } + } + } + + if (authFlowIds != null) { + for (String flowId : authFlowIds) { + try { + realm.flows().deleteFlow(flowId); + } catch (NotFoundException nfe) { + // Idp might be already deleted in the test + } + } + } + + if (authConfigIds != null) { + for (String configId : authConfigIds) { + try { + realm.flows().removeAuthenticatorConfig(configId); + } catch (NotFoundException nfe) { + // Idp might be already deleted in the test + } + } + } + } + +} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractAuthTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractAuthTest.java index 7fbab6a8b7..4e6d767a5b 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractAuthTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractAuthTest.java @@ -21,6 +21,7 @@ import org.junit.Before; import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.UserRepresentation; +import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.auth.page.AuthRealm; import org.keycloak.testsuite.auth.page.account.Account; import org.keycloak.testsuite.auth.page.login.OIDCLogin; @@ -63,6 +64,7 @@ public abstract class AbstractAuthTest extends AbstractKeycloakTest { @Override public void addTestRealms(List testRealms) { RealmRepresentation testRealmRep = new RealmRepresentation(); + testRealmRep.setId(TEST); testRealmRep.setRealm(TEST); testRealmRep.setEnabled(true); testRealms.add(testRealmRep); @@ -89,6 +91,8 @@ public abstract class AbstractAuthTest extends AbstractKeycloakTest { public void createTestUserWithAdminClient() { + ApiUtil.removeUserByUsername(testRealmResource(), "test"); + log.debug("creating test user"); String id = createUserAndResetPasswordWithAdminClient(testRealmResource(), testUser, PASSWORD); testUser.setId(id); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java index 2d61388a73..136a1454e7 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java @@ -19,19 +19,15 @@ package org.keycloak.testsuite; import org.apache.commons.configuration.ConfigurationException; import org.apache.commons.configuration.PropertiesConfiguration; import org.apache.http.ssl.SSLContexts; -import org.h2.util.IOUtils; import org.keycloak.common.util.KeycloakUriBuilder; import org.keycloak.common.util.Time; -import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest; +import org.keycloak.testsuite.arquillian.KcArquillian; import org.keycloak.testsuite.arquillian.TestContext; import java.io.File; -import java.io.FileOutputStream; import java.io.IOException; -import java.io.InputStream; import java.net.URI; import java.net.URISyntaxException; -import java.net.URL; import java.security.KeyManagementException; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; @@ -46,7 +42,6 @@ import javax.ws.rs.NotFoundException; import org.jboss.arquillian.container.test.api.RunAsClient; import org.jboss.arquillian.drone.api.annotation.Drone; import org.jboss.arquillian.graphene.page.Page; -import org.jboss.arquillian.junit.Arquillian; import org.jboss.arquillian.test.api.ArquillianResource; import org.jboss.logging.Logger; import org.junit.After; @@ -73,7 +68,9 @@ import org.keycloak.testsuite.auth.page.account.Account; import org.keycloak.testsuite.auth.page.login.OIDCLogin; import org.keycloak.testsuite.auth.page.login.UpdatePassword; import org.keycloak.testsuite.client.KeycloakTestingClient; +import org.keycloak.testsuite.util.AdminClientUtil; import org.keycloak.testsuite.util.OAuthClient; +import org.keycloak.testsuite.util.TestCleanup; import org.keycloak.testsuite.util.TestEventsLogger; import org.openqa.selenium.WebDriver; @@ -86,7 +83,7 @@ import static org.keycloak.testsuite.util.IOUtil.PROJECT_BUILD_DIRECTORY; * * @author tkyjovsk */ -@RunWith(Arquillian.class) +@RunWith(KcArquillian.class) @RunAsClient public abstract class AbstractKeycloakTest { @@ -136,17 +133,12 @@ public abstract class AbstractKeycloakTest { @Before public void beforeAbstractKeycloakTest() throws Exception { - SSLContext ssl = null; - if ("true".equals(System.getProperty("auth.server.ssl.required"))) { - File trustore = new File(PROJECT_BUILD_DIRECTORY, "dependency/keystore/keycloak.truststore"); - ssl = getSSLContextWithTrustore(trustore, "secret"); - - System.setProperty("javax.net.ssl.trustStore", trustore.getAbsolutePath()); + adminClient = testContext.getAdminClient(); + if (adminClient == null) { + adminClient = AdminClientUtil.createAdminClient(); + testContext.setAdminClient(adminClient); } - adminClient = Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", - MASTER, ADMIN, ADMIN, Constants.ADMIN_CLI_CLIENT_ID, null, ssl); - getTestingClient(); adminUser = createAdminUserRepresentation(); @@ -161,7 +153,13 @@ public abstract class AbstractKeycloakTest { suiteContext.setAdminPasswordUpdated(true); } - importTestRealms(); + if (testContext.getTestRealmReps() == null) { + importTestRealms(); + + if (!isImportAfterEachMethod()) { + testContext.setTestRealmReps(testRealmReps); + } + } oauth.init(adminClient, driver); } @@ -172,8 +170,36 @@ public abstract class AbstractKeycloakTest { resetTimeOffset(); } - removeTestRealms(); // Remove realms after tests. Tests should cleanup after themselves! - adminClient.close(); // don't keep admin connection open + if (isImportAfterEachMethod()) { + log.info("removing test realms after test method"); + for (RealmRepresentation testRealm : testRealmReps) { + removeRealm(testRealm.getRealm()); + } + } else { + // Logout all users after the test + List realms = testContext.getTestRealmReps(); + for (RealmRepresentation realm : realms) { + adminClient.realm(realm.getRealm()).logoutAll(); + } + + // Cleanup objects + for (TestCleanup cleanup : testContext.getCleanups().values()) { + cleanup.executeCleanup(); + } + testContext.getCleanups().clear(); + } + } + + protected TestCleanup getCleanup(String realmName) { + return testContext.getOrCreateCleanup(realmName); + } + + protected TestCleanup getCleanup() { + return getCleanup("test"); + } + + protected boolean isImportAfterEachMethod() { + return false; } private void updateMasterAdminPassword() { @@ -194,6 +220,13 @@ public abstract class AbstractKeycloakTest { driver.manage().deleteAllCookies(); } + protected void deleteAllCookiesForRealm(String realmName) { + // masterRealmPage.navigateTo(); + driver.navigate().to(oauth.AUTH_SERVER_ROOT + "/realms/" + realmName + "/account"); // Because IE webdriver freezes when loading a JSON page (realm page), we need to use this alternative + log.info("deleting cookies in '" + realmName + "' realm"); + driver.manage().deleteAllCookies(); + } + public void setDefaultPageUriParameters() { masterRealmPage.setAuthRealm(MASTER); loginPage.setAuthRealm(MASTER); @@ -201,11 +234,19 @@ public abstract class AbstractKeycloakTest { public KeycloakTestingClient getTestingClient() { if (testingClient == null) { - testingClient = KeycloakTestingClient.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth"); + testingClient = testContext.getTestingClient(); + if (testingClient == null) { + testingClient = KeycloakTestingClient.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth"); + testContext.setTestingClient(testingClient); + } } return testingClient; } + public TestContext getTestContext() { + return testContext; + } + public Keycloak getAdminClient() { return adminClient; } @@ -230,13 +271,6 @@ public abstract class AbstractKeycloakTest { } } - public void removeTestRealms() { - log.info("removing test realms"); - for (RealmRepresentation testRealm : testRealmReps) { - removeRealm(testRealm); - } - } - private UserRepresentation createAdminUserRepresentation() { UserRepresentation adminUserRep = new UserRepresentation(); adminUserRep.setUsername(ADMIN); @@ -264,10 +298,6 @@ public abstract class AbstractKeycloakTest { } catch (NotFoundException e) { } } - - public void removeRealm(RealmRepresentation realm) { - removeRealm(realm.getRealm()); - } public RealmsResource realmsResouce() { return adminClient.realms(); @@ -360,15 +390,4 @@ public abstract class AbstractKeycloakTest { throw new RuntimeException(e); } } - - public static SSLContext getSSLContextWithTrustore(File file, String password) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException { - if (!file.isFile()) { - throw new RuntimeException("Truststore file not found: " + file.getAbsolutePath()); - } - SSLContext theContext = SSLContexts.custom() - .useProtocol("TLS") - .loadTrustMaterial(file, password == null ? null : password.toCharArray()) - .build(); - return theContext; - } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractTestRealmKeycloakTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractTestRealmKeycloakTest.java index a2d23f75b3..692f149cf5 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractTestRealmKeycloakTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractTestRealmKeycloakTest.java @@ -17,6 +17,7 @@ package org.keycloak.testsuite; +import org.junit.After; import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.common.util.reflections.Reflections; import org.keycloak.events.Details; @@ -71,6 +72,13 @@ public abstract class AbstractTestRealmKeycloakTest extends AbstractKeycloakTest configureTestRealm(testRealm); } + + // Logout user after test + @After + public void deleteCookies() { + deleteAllCookiesForRealm("test"); + } + /** * This allows a subclass to change the configuration of the testRealm before * it is imported. This method will be called prior to any @Before methods diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AssertEvents.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AssertEvents.java index d9a0291aa9..4445de9647 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AssertEvents.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AssertEvents.java @@ -64,7 +64,7 @@ public class AssertEvents implements TestRule { @Override public void evaluate() throws Throwable { // TODO: Ideally clear the queue just before testClass rather then before each method - context.getTestingClient().testing().clearEventQueue(); + clear(); base.evaluate(); // TODO Test should fail if there are leftover events } @@ -84,12 +84,7 @@ public class AssertEvents implements TestRule { } public void clear() { - Response res = context.testingClient.testing().clearEventQueue(); - try { - Assert.assertEquals("clear-event-queue success", res.getStatus(), 200); - } finally { - res.close(); - } + context.getTestingClient().testing().clearEventQueue(); } public ExpectedEvent expectRequiredAction(EventType event) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java index db5c4edd9c..40fd420ad8 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java @@ -18,6 +18,7 @@ package org.keycloak.testsuite.account; import org.jboss.arquillian.drone.api.annotation.Drone; import org.jboss.arquillian.graphene.page.Page; +import org.junit.After; import org.junit.Assert; import org.junit.Before; import org.junit.Rule; @@ -159,6 +160,10 @@ public class AccountTest extends AbstractTestRealmKeycloakTest { public void before() { oauth.state("mystate"); // keycloak enforces that a state param has been sent by client userId = findUser("test-user@localhost").getId(); + + // Revert any password policy and user password changes + setPasswordPolicy(""); + ApiUtil.resetUserPassword(testRealm().users().get(userId), "password", false); } @Test @@ -399,18 +404,18 @@ public class AccountTest extends AbstractTestRealmKeycloakTest { events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent(); assertChangePasswordFails ("password", "password"); // current: password - assertChangePasswordSucceeds("password", "password1"); // current: password + assertChangePasswordSucceeds("password", "password3"); // current: password - assertChangePasswordFails ("password1", "password"); // current: password1, history: password - assertChangePasswordFails ("password1", "password1"); // current: password1, history: password - assertChangePasswordSucceeds("password1", "password2"); // current: password1, history: password + assertChangePasswordFails ("password3", "password"); // current: password1, history: password + assertChangePasswordFails ("password3", "password3"); // current: password1, history: password + assertChangePasswordSucceeds("password3", "password4"); // current: password1, history: password - assertChangePasswordFails ("password2", "password"); // current: password2, history: password, password1 - assertChangePasswordFails ("password2", "password1"); // current: password2, history: password, password1 - assertChangePasswordFails ("password2", "password2"); // current: password2, history: password, password1 - assertChangePasswordSucceeds("password2", "password3"); // current: password2, history: password, password1 + assertChangePasswordFails ("password4", "password"); // current: password2, history: password, password1 + assertChangePasswordFails ("password4", "password3"); // current: password2, history: password, password1 + assertChangePasswordFails ("password4", "password4"); // current: password2, history: password, password1 + assertChangePasswordSucceeds("password4", "password5"); // current: password2, history: password, password1 - assertChangePasswordSucceeds("password3", "password"); // current: password3, history: password1, password2 + assertChangePasswordSucceeds("password5", "password"); // current: password3, history: password1, password2 } @Test @@ -443,10 +448,10 @@ public class AccountTest extends AbstractTestRealmKeycloakTest { events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent(); assertChangePasswordFails ("password", "password"); // current: password - assertChangePasswordSucceeds("password", "password1"); // current: password + assertChangePasswordSucceeds("password", "password6"); // current: password - assertChangePasswordFails ("password1", "password1"); // current: password1 - assertChangePasswordSucceeds("password1", "password"); // current: password1 + assertChangePasswordFails ("password6", "password6"); // current: password1 + assertChangePasswordSucceeds("password6", "password"); // current: password1 } @Test @@ -611,6 +616,9 @@ public class AccountTest extends AbstractTestRealmKeycloakTest { Assert.assertEquals("New first", profilePage.getFirstName()); Assert.assertEquals("New last", profilePage.getLastName()); Assert.assertEquals("new@email.com", profilePage.getEmail()); + + // Revert + profilePage.updateProfile("test-user@localhost", "Tom", "Brady", "test-user@localhost"); } private void addUser(String username, String email) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ProfileTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ProfileTest.java index 63a2315faf..95274c6b89 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ProfileTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ProfileTest.java @@ -191,6 +191,13 @@ public class ProfileTest extends AbstractTestRealmKeycloakTest { assertEquals("newemail@localhost", profile.getEmail()); assertEquals("NewFirst", profile.getFirstName()); assertEquals("NewLast", profile.getLastName()); + + // Revert + user.setFirstName("First"); + user.setLastName("Last"); + user.setEmail("test-user@localhost"); + doUpdateProfile(token, null, JsonSerialization.writeValueAsString(user)); + assertEquals(200, response.getStatusLine().getStatusCode()); } @Test diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/TrustStoreEmailTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/TrustStoreEmailTest.java index 9b03ccc3bd..59d277c76c 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/TrustStoreEmailTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/TrustStoreEmailTest.java @@ -22,6 +22,7 @@ import org.junit.Test; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; +import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.auth.page.AuthRealm; import org.keycloak.testsuite.auth.page.account.AccountManagement; import org.keycloak.testsuite.auth.page.login.OIDCLogin; @@ -53,13 +54,10 @@ public class TrustStoreEmailTest extends AbstractTestRealmKeycloakTest { @Page private VerifyEmail testRealmVerifyEmailPage; - private UserRepresentation user; - @Override public void configureTestRealm(RealmRepresentation testRealm) { log.info("enable verify email and configure smtp server to run with ssl in test realm"); - user = RealmRepUtil.findUser(testRealm, "test-user@localhost"); testRealm.setSmtpServer(SslMailServer.getServerConfiguration()); testRealm.setVerifyEmail(true); } @@ -82,6 +80,8 @@ public class TrustStoreEmailTest extends AbstractTestRealmKeycloakTest { @Test public void verifyEmailWithSslEnabled() { + UserRepresentation user = ApiUtil.findUserByUsername(testRealm(), "test-user@localhost"); + SslMailServer.startWithSsl(this.getClass().getClassLoader().getResource(SslMailServer.PRIVATE_KEY).getFile()); accountManagement.navigateTo(); testRealmLoginPage.form().login(user.getUsername(), "password"); @@ -98,15 +98,17 @@ public class TrustStoreEmailTest extends AbstractTestRealmKeycloakTest { assertCurrentUrlStartsWith(accountManagement); accountManagement.signOut(); - testRealmLoginPage.form().login(user); + testRealmLoginPage.form().login(user.getUsername(), "password"); assertCurrentUrlStartsWith(accountManagement); } @Test public void verifyEmailWithSslWrongCertificate() { + UserRepresentation user = ApiUtil.findUserByUsername(testRealm(), "test-user@localhost"); + SslMailServer.startWithSsl(this.getClass().getClassLoader().getResource(SslMailServer.INVALID_KEY).getFile()); accountManagement.navigateTo(); - loginPage.form().login(user); + loginPage.form().login(user.getUsername(), "password"); assertEquals("Failed to send email, please try again later.\n" + "« Back to Application", diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowCookieTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowCookieTest.java index aa86133777..b1ffef6467 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowCookieTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowCookieTest.java @@ -20,9 +20,12 @@ import org.junit.Before; import org.junit.Test; import org.keycloak.models.AuthenticationExecutionModel.Requirement; import org.keycloak.representations.idm.ClientRepresentation; +import org.keycloak.testsuite.admin.ApiUtil; import java.util.Arrays; +import javax.ws.rs.core.Response; + import static org.junit.Assert.assertEquals; import static org.keycloak.testsuite.util.OAuthClient.APP_ROOT; @@ -36,7 +39,7 @@ public class CustomAuthFlowCookieTest extends AbstractCustomAccountManagementTes @Override public void beforeTest() { super.beforeTest(); - + ClientRepresentation testApp = new ClientRepresentation(); testApp.setClientId("test-app"); testApp.setEnabled(true); @@ -44,7 +47,10 @@ public class CustomAuthFlowCookieTest extends AbstractCustomAccountManagementTes testApp.setRedirectUris(Arrays.asList(new String[]{APP_ROOT + "/*"})); testApp.setAdminUrl(APP_ROOT + "/logout"); testApp.setSecret("password"); - assertEquals(201, testRealmResource().clients().create(testApp).getStatus()); + Response response = testRealmResource().clients().create(testApp); + assertEquals(201, response.getStatus()); + getCleanup().addClientUuid(ApiUtil.getCreatedId(response)); + response.close(); } @Test diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowOTPTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowOTPTest.java index e492672b18..4f192e652d 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowOTPTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowOTPTest.java @@ -20,15 +20,18 @@ import org.jboss.arquillian.graphene.page.Page; import org.junit.Before; import org.junit.Test; import org.keycloak.models.AuthenticationExecutionModel.Requirement; +import org.keycloak.models.utils.DefaultAuthenticationFlows; import org.keycloak.models.utils.TimeBasedOTP; import org.keycloak.representations.idm.AuthenticationFlowRepresentation; import org.keycloak.representations.idm.AuthenticatorConfigRepresentation; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RoleRepresentation; +import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.Users; import org.keycloak.testsuite.auth.page.login.OneTimeCode; import org.keycloak.testsuite.pages.LoginConfigTotpPage; +import javax.ws.rs.NotFoundException; import javax.ws.rs.core.Response; import java.util.ArrayList; import java.util.HashMap; @@ -101,6 +104,10 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest { @Test public void requireOTPTest() { + //update realm browser flow + RealmRepresentation realm = testRealmResource().toRepresentation(); + realm.setBrowserFlow("browser"); + testRealmResource().update(realm); updateRequirement("browser", "auth-otp-form", Requirement.REQUIRED); testRealmAccountManagementPage.navigateTo(); @@ -225,10 +232,8 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest { setConditionalOTPForm(config); //create role - RoleRepresentation role = new RoleRepresentation("otp_role", "", false); - testRealmResource().roles().create(role); - //obtain id - role = testRealmResource().roles().get("otp_role").toRepresentation(); + RoleRepresentation role = getOrCreateOTPRole(); + //add role to user List realmRoles = new ArrayList<>(); realmRoles.add(role); @@ -250,10 +255,8 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest { setConditionalOTPForm(config); //create role - RoleRepresentation role = new RoleRepresentation("otp_role", "", false); - testRealmResource().roles().create(role); - //obtain id - role = testRealmResource().roles().get("otp_role").toRepresentation(); + RoleRepresentation role = getOrCreateOTPRole(); + //add role to user List realmRoles = new ArrayList<>(); realmRoles.add(role); @@ -273,6 +276,17 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest { assertCurrentUrlStartsWith(testLoginOneTimeCodePage); } + private RoleRepresentation getOrCreateOTPRole() { + try { + return testRealmResource().roles().get("otp_role").toRepresentation(); + } catch (NotFoundException ex) { + RoleRepresentation role = new RoleRepresentation("otp_role", "", false); + testRealmResource().roles().create(role); + //obtain id + return testRealmResource().roles().get("otp_role").toRepresentation(); + } + } + @Test public void conditionalOTPRequestHeaderSkip() { //prepare config - request header skip, default to force @@ -313,6 +327,19 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest { } private void setConditionalOTPForm(Map config) { + List authFlows = getAuthMgmtResource().getFlows(); + for (AuthenticationFlowRepresentation flow : authFlows) { + if ("ConditionalOTPFlow".equals(flow.getAlias())) { + //update realm browser flow + RealmRepresentation realm = testRealmResource().toRepresentation(); + realm.setBrowserFlow(DefaultAuthenticationFlows.BROWSER_FLOW); + testRealmResource().update(realm); + + getAuthMgmtResource().deleteFlow(flow.getId()); + break; + } + } + String flowAlias = "ConditionalOTPFlow"; String provider = "auth-conditional-otp-form"; @@ -335,7 +362,7 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest { //set username-password requirement to required updateRequirement(flowAlias, "auth-username-password-form", Requirement.REQUIRED); - + //add execution - conditional OTP data.clear(); data.put("provider", provider); @@ -360,6 +387,8 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest { //add auth config to the execution response = getAuthMgmtResource().newExecutionConfig(executionId, authConfig); assertEquals("new execution success", 201, response.getStatus()); + getCleanup().addAuthenticationConfigId(ApiUtil.getCreatedId(response)); response.close(); } + } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java index 16223e76ee..539267fa9e 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java @@ -27,8 +27,10 @@ import org.keycloak.events.Errors; import org.keycloak.events.EventType; import org.keycloak.representations.idm.EventRepresentation; import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; +import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.pages.AppPage.RequestType; import org.keycloak.testsuite.pages.ErrorPage; @@ -38,11 +40,13 @@ import org.keycloak.testsuite.pages.RegisterPage; import org.keycloak.testsuite.pages.VerifyEmailPage; import org.keycloak.testsuite.util.GreenMailRule; import org.keycloak.testsuite.util.MailUtils; +import org.keycloak.testsuite.util.UserBuilder; import javax.mail.MessagingException; import javax.mail.Multipart; import javax.mail.internet.MimeMessage; import java.io.IOException; +import java.util.Collections; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; @@ -85,6 +89,13 @@ public class RequiredActionEmailVerificationTest extends AbstractTestRealmKeyclo @Before public void before() { oauth.state("mystate"); // have to set this as keycloak validates that state is sent + + + ApiUtil.removeUserByUsername(testRealm(), "test-user@localhost"); + UserRepresentation user = UserBuilder.create().enabled(true) + .username("test-user@localhost") + .email("test-user@localhost").build(); + ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password"); } @Test diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java index f3d09040d7..f613087706 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java @@ -17,6 +17,7 @@ package org.keycloak.testsuite.actions; import org.jboss.arquillian.graphene.page.Page; +import org.jboss.arquillian.junit.InSequence; import org.junit.Assert; import org.junit.Before; import org.junit.Rule; @@ -32,8 +33,10 @@ import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentatio import org.keycloak.representations.idm.EventRepresentation; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RequiredActionProviderRepresentation; +import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; +import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.pages.AccountTotpPage; import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.pages.AppPage.RequestType; @@ -42,7 +45,9 @@ import org.keycloak.testsuite.pages.LoginPage; import org.keycloak.testsuite.pages.LoginTotpPage; import org.keycloak.testsuite.pages.RegisterPage; import org.keycloak.testsuite.util.RealmBuilder; +import org.keycloak.testsuite.util.UserBuilder; +import java.util.Collections; import java.util.LinkedList; import java.util.List; @@ -75,6 +80,15 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest { adminClient.realm("test").flows().updateExecutions("browser", execution); } } + + ApiUtil.removeUserByUsername(testRealm(), "test-user@localhost"); + UserRepresentation user = UserBuilder.create().enabled(true) + .username("test-user@localhost") + .email("test-user@localhost") + .firstName("Tom") + .lastName("Brady") + .requiredAction(UserModel.RequiredAction.UPDATE_PROFILE.name()).build(); + ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password"); } @@ -266,6 +280,12 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest { Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType()); events.expectLogin().assertEvent(); + + // Revert + realmRep = adminClient.realm("test").toRepresentation(); + RealmBuilder.edit(realmRep) + .otpDigits(6); + adminClient.realm("test").update(realmRep); } @Test @@ -334,6 +354,18 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest { Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType()); events.expectLogin().assertEvent(); + + // Revert + realmRep = adminClient.realm("test").toRepresentation(); + RealmBuilder.edit(realmRep) + .otpLookAheadWindow(1) + .otpDigits(6) + .otpPeriod(30) + .otpType(UserCredentialModel.TOTP) + .otpAlgorithm(HmacOTP.HMAC_SHA1) + .otpInitialCounter(0); + adminClient.realm("test").update(realmRep); + } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java index 7113ce39e6..80ee0fee84 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java @@ -18,6 +18,7 @@ package org.keycloak.testsuite.actions; import org.jboss.arquillian.graphene.page.Page; import org.junit.Assert; +import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.keycloak.events.Details; @@ -27,10 +28,12 @@ import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; +import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.pages.AppPage.RequestType; import org.keycloak.testsuite.pages.LoginPage; import org.keycloak.testsuite.pages.LoginUpdateProfileEditUsernameAllowedPage; +import org.keycloak.testsuite.util.UserBuilder; /** * @author Stian Thorgersen @@ -55,6 +58,27 @@ public class RequiredActionUpdateProfileTest extends AbstractTestRealmKeycloakTe ActionUtil.addRequiredActionForUser(testRealm, "john-doh@localhost", UserModel.RequiredAction.UPDATE_PROFILE.name()); } + @Before + public void beforeTest() { + ApiUtil.removeUserByUsername(testRealm(), "test-user@localhost"); + UserRepresentation user = UserBuilder.create().enabled(true) + .username("test-user@localhost") + .email("test-user@localhost") + .firstName("Tom") + .lastName("Brady") + .requiredAction(UserModel.RequiredAction.UPDATE_PROFILE.name()).build(); + ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password"); + + ApiUtil.removeUserByUsername(testRealm(), "john-doh@localhost"); + user = UserBuilder.create().enabled(true) + .username("john-doh@localhost") + .email("john-doh@localhost") + .firstName("John") + .lastName("Doh") + .requiredAction(UserModel.RequiredAction.UPDATE_PROFILE.name()).build(); + ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password"); + } + @Test public void updateProfile() { loginPage.open(); @@ -112,6 +136,7 @@ public class RequiredActionUpdateProfileTest extends AbstractTestRealmKeycloakTe Assert.assertEquals("New last", user.getLastName()); Assert.assertEquals("john-doh@localhost", user.getEmail()); Assert.assertEquals("new", user.getUsername()); + getCleanup().addUserId(user.getId()); } @Test diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java index 8eebf8f8a6..f1edf4aa67 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java @@ -79,6 +79,12 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest { } } + // TODO: Fix to not require re-import + @Override + protected boolean isImportAfterEachMethod() { + return true; + } + private void modifyClientJWKSUrl(RealmRepresentation realm, String regex, String replacement) { if (realm.getClients() != null) { realm.getClients().stream(). diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java index 85c6a5ed91..275a078a30 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java @@ -30,7 +30,6 @@ import org.keycloak.OAuth2Constants; import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.common.Version; import org.keycloak.common.util.Time; -import org.keycloak.common.util.UriUtils; import org.keycloak.constants.AdapterConstants; import org.keycloak.events.Details; import org.keycloak.events.EventType; @@ -51,6 +50,7 @@ import org.keycloak.testsuite.auth.page.login.OAuthGrant; import org.keycloak.testsuite.console.page.events.Config; import org.keycloak.testsuite.console.page.events.LoginEvents; import org.keycloak.testsuite.util.*; +import org.keycloak.testsuite.util.URLUtils; import org.keycloak.util.BasicAuthHelper; import org.openqa.selenium.By; @@ -79,6 +79,7 @@ import javax.ws.rs.core.Response.Status; import static org.hamcrest.Matchers.*; import static org.keycloak.testsuite.auth.page.AuthRealm.DEMO; import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlEquals; +import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith; import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWithLoginUrlOf; import static org.keycloak.testsuite.util.WaitUtils.*; @@ -372,7 +373,7 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen")); RealmRepresentation demoRealmRep = testRealmResource().toRepresentation(); - int originalIdle = demoRealmRep.getSsoSessionMaxLifespan(); + int originalMax = demoRealmRep.getSsoSessionMaxLifespan(); demoRealmRep.setSsoSessionMaxLifespan(1); testRealmResource().update(demoRealmRep); @@ -380,7 +381,7 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd productPortal.navigateTo(); assertCurrentUrlStartsWithLoginUrlOf(testRealmPage); - demoRealmRep.setSsoSessionIdleTimeout(originalIdle); + demoRealmRep.setSsoSessionMaxLifespan(originalMax); testRealmResource().update(demoRealmRep); String logoutUri = OIDCLoginProtocolService.logoutUrl(authServerPage.createUriBuilder()) @@ -660,6 +661,11 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd .assertEvent(); assertEvents.assertEmpty(); + + // Revert consent + client = clientResource.toRepresentation(); + client.setConsentRequired(false); + clientResource.update(client); } @Test @@ -701,6 +707,7 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd driver.navigate().to(testRealmPage.getOIDCLogoutUrl() + "?redirect_uri=" + customerPortal); + assertCurrentUrlStartsWithLoginUrlOf(testRealmPage); assertEvents.expectLogout(null) .realm(realm.getId()) diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractOIDCPublicKeyRotationAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractOIDCPublicKeyRotationAdapterTest.java index fc6bd67b25..c31b9c5825 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractOIDCPublicKeyRotationAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractOIDCPublicKeyRotationAdapterTest.java @@ -19,7 +19,6 @@ package org.keycloak.testsuite.adapter.servlet; import java.io.IOException; import java.io.InputStream; -import java.util.Map; import java.util.concurrent.TimeUnit; import javax.ws.rs.core.Response; @@ -100,8 +99,6 @@ public abstract class AbstractOIDCPublicKeyRotationAdapterTest extends AbstractS } - - @Before public void beforeRotationAdapterTest() { // Delete all cookies from token-min-ttl page to be sure we are logged out diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowDemoFilterServletAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowDemoFilterServletAdapterTest.java index 25ba365379..ca4c5c21b6 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowDemoFilterServletAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowDemoFilterServletAdapterTest.java @@ -27,9 +27,4 @@ import org.junit.Ignore; */ @AppServerContainer("auth-server-undertow") public class UndertowDemoFilterServletAdapterTest extends AbstractDemoFilterServletAdapterTest { - @Ignore - @Override - public void testAuthenticatedWithCustomSessionConfig() { - // Undertow deployment ignores session cookie settings in web.xml, see org.keycloak.testsuite.arquillian.undertow.SimpleWebXmlParser class - } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AbstractAdminTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AbstractAdminTest.java index 01456d4151..7d466a6ea8 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AbstractAdminTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AbstractAdminTest.java @@ -17,7 +17,6 @@ package org.keycloak.testsuite.admin; -import org.junit.After; import org.junit.Before; import org.junit.Rule; import org.keycloak.admin.client.resource.RealmResource; @@ -25,6 +24,7 @@ import org.keycloak.events.log.JBossLoggingEventListenerProviderFactory; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; import org.keycloak.testsuite.events.EventsListenerProviderFactory; +import org.keycloak.testsuite.util.TestCleanup; import org.keycloak.testsuite.util.AssertAdminEvents; import org.keycloak.util.JsonSerialization; @@ -55,11 +55,14 @@ public abstract class AbstractAdminTest extends AbstractTestRealmKeycloakTest { findTestApp(testRealm).setDirectAccessGrantsEnabled(true); } + + @Override public void addTestRealms(List testRealms) { super.addTestRealms(testRealms); RealmRepresentation adminRealmRep = new RealmRepresentation(); + adminRealmRep.setId(REALM_NAME); adminRealmRep.setRealm(REALM_NAME); adminRealmRep.setEnabled(true); Map config = new HashMap<>(); @@ -82,14 +85,9 @@ public abstract class AbstractAdminTest extends AbstractTestRealmKeycloakTest { realmId = realm.toRepresentation().getId(); } - // old testsuite expects this realm to be removed at the end of the test - @After - public void after() { - for (RealmRepresentation r : adminClient.realms().findAll()) { - if (r.getRealm().equals(REALM_NAME)) { - removeRealm(r); - } - } + @Override + protected TestCleanup getCleanup() { + return getCleanup(REALM_NAME); } // Taken from Keycloak class in old testsuite. diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java index bf366cffe5..cc47020a74 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java @@ -35,7 +35,6 @@ import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.Status; import javax.ws.rs.core.Response.StatusType; import java.net.URI; -import java.security.PublicKey; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -174,6 +173,13 @@ public class ApiUtil { userResource.roles().realmLevel().add(roleRepresentations); } + public static void removeUserByUsername(RealmResource realmResource, String username) { + UserRepresentation user = findUserByUsername(realmResource, username); + if (user != null) { + realmResource.users().delete(user.getId()); + } + } + public static void assignClientRoles(RealmResource realm, String userId, String clientName, String... roles) { String realmName = realm.toRepresentation().getRealm(); String clientId = ""; diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java index 35892914f4..6405d8c68b 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java @@ -81,6 +81,7 @@ public class ClientTest extends AbstractAdminTest { Response response = realm.clients().create(rep); response.close(); String id = ApiUtil.getCreatedId(response); + getCleanup().addClientUuid(id); assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(id), rep, ResourceType.CLIENT); @@ -212,6 +213,8 @@ public class ClientTest extends AbstractAdminTest { public void serviceAccount() { Response response = realm.clients().create(ClientBuilder.create().clientId("serviceClient").serviceAccount().build()); String id = ApiUtil.getCreatedId(response); + getCleanup().addClientUuid(id); + response.close(); UserRepresentation userRep = realm.clients().get(id).getServiceAccountUser(); assertEquals("service-account-serviceclient", userRep.getUsername()); } @@ -237,7 +240,10 @@ public class ClientTest extends AbstractAdminTest { .redirectUris("http://localhost/auth", "http://localhost/auth*") .build(); Response response = realm.clients().create(client); - ClientResource clientResource = realm.clients().get(ApiUtil.getCreatedId(response)); + String clientUuid = ApiUtil.getCreatedId(response); + ClientResource clientResource = realm.clients().get(clientUuid); + getCleanup().addClientUuid(clientUuid); + response.close(); client = clientResource.toRepresentation(); client.setRootUrl("http://localhost/base#someFragment"); @@ -291,6 +297,7 @@ public class ClientTest extends AbstractAdminTest { Response response = realm.clients().create(client); String id = ApiUtil.getCreatedId(response); + getCleanup().addClientUuid(id); response.close(); assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(id), client, ResourceType.CLIENT); @@ -378,6 +385,7 @@ public class ClientTest extends AbstractAdminTest { public void scopes() { Response response = realm.clients().create(ClientBuilder.create().clientId("client").fullScopeEnabled(false).build()); String id = ApiUtil.getCreatedId(response); + getCleanup().addClientUuid(id); response.close(); assertAdminEvents.poll(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ComponentsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ComponentsTest.java index 16a6ff3ae8..4634bfb042 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ComponentsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ComponentsTest.java @@ -49,7 +49,7 @@ public class ComponentsTest extends AbstractAdminTest { @Test public void testNotDeadlocked() { - for (int i = 0; i < 100; i++) { + for (int i = 0; i < 50; i++) { ComponentRepresentation rep = createComponentRepresentation("test-" + i); rep.getConfig().putSingle("required", "required-value"); createComponent(rep); @@ -263,6 +263,7 @@ public class ComponentsTest extends AbstractAdminTest { ComponentsResource components = realm.components(); Response response = components.add(rep); String id = ApiUtil.getCreatedId(response); + getCleanup().addComponentId(id); response.close(); return id; } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ConcurrencyTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ConcurrencyTest.java index 157a98d71d..583ec1b2e5 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ConcurrencyTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ConcurrencyTest.java @@ -268,12 +268,13 @@ public class ConcurrencyTest extends AbstractAdminTest { Thread thread = new Thread() { @Override public void run() { + Keycloak keycloak = null; try { if (lock != null) { lock.lock(); } - Keycloak keycloak = Keycloak.getInstance(getAuthServerRoot().toString(), "master", "admin", "admin", org.keycloak.models.Constants.ADMIN_CLI_CLIENT_ID); + keycloak = Keycloak.getInstance(getAuthServerRoot().toString(), "master", "admin", "admin", org.keycloak.models.Constants.ADMIN_CLI_CLIENT_ID); RealmResource realm = keycloak.realm(REALM_NAME); for (int i = 0; i < numIterationsPerThread && latch.getCount() > 0; i++) { log.infov("thread {0}, iteration {1}", threadNum, i); @@ -286,6 +287,7 @@ public class ConcurrencyTest extends AbstractAdminTest { latch.countDown(); } } finally { + keycloak.close(); if (lock != null) { lock.unlock(); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/CrossRealmPermissionsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/CrossRealmPermissionsTest.java index 100e452320..557177be21 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/CrossRealmPermissionsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/CrossRealmPermissionsTest.java @@ -17,36 +17,26 @@ package org.keycloak.testsuite.admin; -import org.junit.Rule; import org.junit.Test; import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.common.util.Time; import org.keycloak.models.AdminRoles; import org.keycloak.models.Constants; -import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.RealmRepresentation; -import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.UserRepresentation; -import org.keycloak.services.resources.admin.RealmAuth.Resource; import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.arquillian.AuthServerTestEnricher; import org.keycloak.testsuite.util.ClientBuilder; -import org.keycloak.testsuite.util.CredentialBuilder; -import org.keycloak.testsuite.util.GreenMailRule; import org.keycloak.testsuite.util.RealmBuilder; import org.keycloak.testsuite.util.UserBuilder; import javax.ws.rs.ClientErrorException; import javax.ws.rs.core.Response; -import java.lang.reflect.Method; -import java.util.Arrays; -import java.util.Collections; import java.util.List; import java.util.concurrent.atomic.AtomicReference; import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNull; import static org.junit.Assert.fail; /** @@ -60,8 +50,6 @@ public class CrossRealmPermissionsTest extends AbstractKeycloakTest { private RealmResource realm1; private RealmResource realm2; - @Rule public GreenMailRule greenMailRule = new GreenMailRule(); - @Override public void addTestRealms(List testRealms) { RealmBuilder builder = RealmBuilder.create().name(REALM_NAME).testMail(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java index 2fbb5a30d6..5d93d39212 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java @@ -207,6 +207,8 @@ public class IdentityProviderTest extends AbstractAdminTest { Assert.assertNotNull(ApiUtil.getCreatedId(response)); response.close(); + getCleanup().addIdentityProviderAlias(idpRep.getAlias()); + String secret = idpRep.getConfig() != null ? idpRep.getConfig().get("clientSecret") : null; idpRep = StripSecretsUtils.strip(idpRep); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java index 26b1b16e64..72421cc25a 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java @@ -18,6 +18,7 @@ package org.keycloak.testsuite.admin; import org.junit.Assert; +import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.keycloak.Config; @@ -62,11 +63,6 @@ public class ImpersonationTest extends AbstractKeycloakTest { private String impersonatedUserId; - @Override - public void beforeAbstractKeycloakTest() throws Exception { - super.beforeAbstractKeycloakTest(); - } - @Override public void addTestRealms(List testRealms) { RealmBuilder realm = RealmBuilder.create().name("test").testEventListener(); @@ -85,10 +81,15 @@ public class ImpersonationTest extends AbstractKeycloakTest { @BeforeClass public static void enabled() { - Assume.assumeFalse("impersonation".equals(System.getProperty("feature.name")) + Assume.assumeFalse("impersonation".equals(System.getProperty("feature.name")) && "disabled".equals(System.getProperty("feature.value"))); } + @Before + public void beforeTest() { + impersonatedUserId = ApiUtil.findUserByUsername(adminClient.realm("test"), "test-user@localhost").getId(); + } + @Test public void testImpersonateByMasterAdmin() { // test that composite is set up right for impersonation role diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java index ce2863b6b2..d821179048 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java @@ -18,6 +18,8 @@ package org.keycloak.testsuite.admin; import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput; +import org.junit.AfterClass; +import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.keycloak.admin.client.Keycloak; @@ -55,12 +57,14 @@ import org.keycloak.services.resources.admin.RealmAuth.Resource; import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.arquillian.AuthServerTestEnricher; +import org.keycloak.testsuite.util.AdminClientUtil; import org.keycloak.testsuite.util.ClientBuilder; import org.keycloak.testsuite.util.CredentialBuilder; import org.keycloak.testsuite.util.FederatedIdentityBuilder; import org.keycloak.testsuite.util.GreenMailRule; import org.keycloak.testsuite.util.IdentityProviderBuilder; import org.keycloak.testsuite.util.RealmBuilder; +import org.keycloak.testsuite.util.TestCleanup; import org.keycloak.testsuite.util.UserBuilder; import javax.ws.rs.ClientErrorException; @@ -100,17 +104,11 @@ public class PermissionsTest extends AbstractKeycloakTest { .username(AdminRoles.REALM_ADMIN) .role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.REALM_ADMIN) .addPassword("password")); - clients.put(AdminRoles.REALM_ADMIN, - Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, AdminRoles.REALM_ADMIN, "password", "test-client", - "secret")); builder.user(UserBuilder.create().username("none").addPassword("password")); - clients.put("none", - Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, "none", "password", "test-client", "secret")); for (String role : AdminRoles.ALL_REALM_ROLES) { builder.user(UserBuilder.create().username(role).role(Constants.REALM_MANAGEMENT_CLIENT_ID, role).addPassword("password")); - clients.put(role, Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, role, "password", "test-client")); } testRealms.add(builder.build()); @@ -118,40 +116,88 @@ public class PermissionsTest extends AbstractKeycloakTest { builder2.client(ClientBuilder.create().clientId("test-client").publicClient().directAccessGrants()); builder2.user(UserBuilder.create().username("admin").role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.REALM_ADMIN).addPassword("password")); testRealms.add(builder2.build()); - - clients.put("REALM2", Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "realm2", "admin", "password", "test-client")); } - @Override - public void beforeAbstractKeycloakTest() throws Exception { - super.beforeAbstractKeycloakTest(); - clients.put("master-admin", adminClient); - - RealmResource master = adminClient.realm("master"); - - { - Response response = master.users().create(UserBuilder.create().username("permissions-test-master-none").build()); - String userId = ApiUtil.getCreatedId(response); - response.close(); - - master.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build()); - - clients.put("master-none", - Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "master", "permissions-test-master-none", "password", - Constants.ADMIN_CLI_CLIENT_ID)); + @Before + public void beforeClazz() { + if (testContext.isInitialized()) { + return; } + createTestUsers(); + + testContext.setInitialized(true); + } + + private void createTestUsers() { + RealmResource master = adminClient.realm("master"); + + Response response = master.users().create(UserBuilder.create().username("permissions-test-master-none").build()); + String userId = ApiUtil.getCreatedId(response); + response.close(); + master.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build()); + for (String role : AdminRoles.ALL_REALM_ROLES) { - Response response = master.users().create(UserBuilder.create().username("permissions-test-master-" + role).build()); - String userId = ApiUtil.getCreatedId(response); + response = master.users().create(UserBuilder.create().username("permissions-test-master-" + role).build()); + userId = ApiUtil.getCreatedId(response); response.close(); master.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build()); String clientId = master.clients().findByClientId(REALM_NAME + "-realm").get(0).getId(); RoleRepresentation roleRep = master.clients().get(clientId).roles().get(role).toRepresentation(); master.users().get(userId).roles().clientLevel(clientId).add(Collections.singletonList(roleRep)); + } + } + @AfterClass + public static void removeTestUsers() throws Exception { + Keycloak adminClient = AdminClientUtil.createAdminClient(); + try { + for (UserRepresentation u : adminClient.realm("master").users().search("permissions-test-master-", 0, 100)) { + adminClient.realm("master").users().get(u.getId()).remove(); + } + } finally { + adminClient.close(); + } + } + + private void recreatePermissionRealm() throws Exception { + RealmRepresentation permissionRealm = testContext.getTestRealmReps().stream().filter(realm -> { + return realm.getRealm().equals(REALM_NAME); + }).findFirst().get(); + adminClient.realms().create(permissionRealm); + + removeTestUsers(); + createTestUsers(); + } + + + @Override + public void beforeAbstractKeycloakTest() throws Exception { + super.beforeAbstractKeycloakTest(); + + clients.put(AdminRoles.REALM_ADMIN, + Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, AdminRoles.REALM_ADMIN, "password", "test-client", + "secret")); + + clients.put("none", + Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, "none", "password", "test-client", "secret")); + + for (String role : AdminRoles.ALL_REALM_ROLES) { + clients.put(role, Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, role, "password", "test-client")); + } + + clients.put("REALM2", Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "realm2", "admin", "password", "test-client")); + + clients.put("master-admin", adminClient); + + clients.put("master-none", + Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "master", "permissions-test-master-none", "password", + Constants.ADMIN_CLI_CLIENT_ID)); + + + for (String role : AdminRoles.ALL_REALM_ROLES) { clients.put("master-" + role, Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "master", "permissions-test-master-" + role, "password", Constants.ADMIN_CLI_CLIENT_ID)); @@ -160,15 +206,22 @@ public class PermissionsTest extends AbstractKeycloakTest { @Override public void afterAbstractKeycloakTest() { - for (UserRepresentation u : adminClient.realm("master").users().search("permissions-test-master-", 0, 100)) { - adminClient.realm("master").users().get(u.getId()).remove(); - } + // Don't close the "main" adminClient, but all others yes + clients.entrySet().stream().filter(entry -> { - super.afterAbstractKeycloakTest(); + return !entry.getKey().equals("master-admin"); + + }).forEach(consumer -> { + + consumer.getValue().close(); + + }); + + clients.clear(); } @Test - public void realms() { + public void realms() throws Exception { // Check returned realms invoke(new Invocation() { public void invoke(RealmResource realm) { @@ -312,6 +365,9 @@ public class PermissionsTest extends AbstractKeycloakTest { clients.get(AdminRoles.REALM_ADMIN).realms().realm(REALM_NAME).remove(); } }, adminClient, true); + + // Revert realm removal + recreatePermissionRealm(); } @Test @@ -959,7 +1015,7 @@ public class PermissionsTest extends AbstractKeycloakTest { } @Test - public void flows() { + public void flows() throws Exception { invoke(new Invocation() { public void invoke(RealmResource realm) { realm.flows().getFormProviders(); @@ -1113,6 +1169,11 @@ public class PermissionsTest extends AbstractKeycloakTest { realm.flows().updateAuthenticatorConfig("nosuch", new AuthenticatorConfigRepresentation()); } }, Resource.REALM, true); + + // Re-create realm + adminClient.realm(REALM_NAME).remove(); + + recreatePermissionRealm(); } @Test diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/RoleByIdResourceTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/RoleByIdResourceTest.java index 77c4ea742e..ee4326a39d 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/RoleByIdResourceTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/RoleByIdResourceTest.java @@ -59,6 +59,8 @@ public class RoleByIdResourceTest extends AbstractAdminTest { Response response = adminClient.realm(REALM_NAME).clients().create(ClientBuilder.create().clientId("client-a").build()); clientUuid = ApiUtil.getCreatedId(response); + getCleanup().addClientUuid(clientUuid); + response.close(); adminClient.realm(REALM_NAME).clients().get(clientUuid).roles().create(RoleBuilder.create().name("role-c").description("Role C").build()); for (RoleRepresentation r : adminClient.realm(REALM_NAME).roles().list()) { @@ -69,6 +71,10 @@ public class RoleByIdResourceTest extends AbstractAdminTest { ids.put(r.getName(), r.getId()); } + getCleanup().addRoleId(ids.get("role-a")); + getCleanup().addRoleId(ids.get("role-b")); + getCleanup().addRoleId(ids.get("role-c")); + resource = adminClient.realm(REALM_NAME).rolesById(); assertAdminEvents.clear(); // Tested in RealmRolesTest already diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java index e443191253..6a75b333c1 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java @@ -21,7 +21,9 @@ import org.hamcrest.Matchers; import org.jboss.arquillian.drone.api.annotation.Drone; import org.jboss.arquillian.graphene.page.Page; import org.jboss.arquillian.test.api.ArquillianResource; +import org.junit.After; import org.junit.Assert; +import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.keycloak.admin.client.resource.IdentityProviderResource; @@ -60,6 +62,7 @@ import org.openqa.selenium.WebDriver; import javax.mail.MessagingException; import javax.mail.internet.MimeMessage; import javax.ws.rs.ClientErrorException; +import javax.ws.rs.NotFoundException; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; import java.io.IOException; @@ -118,6 +121,9 @@ public class UserTest extends AbstractAdminTest { response.close(); assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(createdId), userRep, ResourceType.USER); + + getCleanup().addUserId(createdId); + return createdId; } @@ -280,7 +286,7 @@ public class UserTest extends AbstractAdminTest { @Test public void delete() { String userId = createUser(); - Response response = realm.users().delete( userId ); + Response response = realm.users().delete(userId); assertEquals(204, response.getStatus()); response.close(); assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userResourcePath(userId), ResourceType.USER); @@ -288,7 +294,7 @@ public class UserTest extends AbstractAdminTest { @Test public void deleteNonExistent() { - Response response = realm.users().delete( "does-not-exist" ); + Response response = realm.users().delete("does-not-exist"); assertEquals(404, response.getStatus()); response.close(); assertAdminEvents.assertEmpty(); @@ -671,7 +677,7 @@ public class UserTest extends AbstractAdminTest { @Test public void updateUserWithNewUsername() { - switchEditUsernameAllowedOn(); + switchEditUsernameAllowedOn(true); String id = createUser(); UserResource user = realm.users().get(id); @@ -681,13 +687,14 @@ public class UserTest extends AbstractAdminTest { userRep = realm.users().get(id).toRepresentation(); assertEquals("user11", userRep.getUsername()); + + // Revert + switchEditUsernameAllowedOn(false); } @Test public void updateUserWithoutUsername() { - - - switchEditUsernameAllowedOn(); + switchEditUsernameAllowedOn(true); String id = createUser(); @@ -711,6 +718,9 @@ public class UserTest extends AbstractAdminTest { assertEquals("user1@localhost", rep.getEmail()); assertEquals("Firstname", rep.getFirstName()); assertEquals("Lastname", rep.getLastName()); + + // Revert + switchEditUsernameAllowedOn(false); } @Test @@ -728,7 +738,7 @@ public class UserTest extends AbstractAdminTest { @Test public void updateUserWithNewUsernameAccessingViaOldUsername() { - switchEditUsernameAllowedOn(); + switchEditUsernameAllowedOn(true); createUser(); try { @@ -741,13 +751,15 @@ public class UserTest extends AbstractAdminTest { fail("Expected failure"); } catch (ClientErrorException e) { assertEquals(404, e.getResponse().getStatus()); + } finally { + switchEditUsernameAllowedOn(false); } } @Test public void updateUserWithExistingUsername() { - switchEditUsernameAllowedOn(); - enableBruteForce(); + switchEditUsernameAllowedOn(true); + enableBruteForce(true); createUser(); UserRepresentation userRep = new UserRepresentation(); @@ -767,6 +779,9 @@ public class UserTest extends AbstractAdminTest { // TODO adminEvents: Event queue should be empty, but it's not because of bug in UsersResource.updateUser, which sends event earlier than transaction commit. // assertAdminEvents.assertEmpty(); assertAdminEvents.poll(); + } finally { + enableBruteForce(false); + switchEditUsernameAllowedOn(false); } } @@ -927,16 +942,16 @@ public class UserTest extends AbstractAdminTest { assertEquals(111, users.search("test", 0, 1000).size()); } - private void switchEditUsernameAllowedOn() { + private void switchEditUsernameAllowedOn(boolean enable) { RealmRepresentation rep = realm.toRepresentation(); - rep.setEditUsernameAllowed(true); + rep.setEditUsernameAllowed(enable); realm.update(rep); assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM); } - private void enableBruteForce() { + private void enableBruteForce(boolean enable) { RealmRepresentation rep = realm.toRepresentation(); - rep.setBruteForceProtected(true); + rep.setBruteForceProtected(enable); realm.update(rep); assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AbstractAuthenticationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AbstractAuthenticationTest.java index 540a5dc135..383be49cd9 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AbstractAuthenticationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AbstractAuthenticationTest.java @@ -30,6 +30,7 @@ import org.keycloak.representations.idm.AuthenticationFlowRepresentation; import org.keycloak.representations.idm.AuthenticatorConfigRepresentation; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.testsuite.AbstractKeycloakTest; +import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.util.AdminEventPaths; import org.keycloak.testsuite.util.AssertAdminEvents; import org.keycloak.testsuite.util.RealmBuilder; @@ -196,6 +197,8 @@ public abstract class AbstractAuthenticationTest extends AbstractKeycloakTest { Response response = authMgmtResource.createFlow(flowRep); org.keycloak.testsuite.Assert.assertEquals(201, response.getStatus()); response.close(); + String flowId = ApiUtil.getCreatedId(response); + getCleanup().addAuthenticationFlowId(flowId); assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AssertAdminEvents.isExpectedPrefixFollowedByUuid(AdminEventPaths.authFlowsPath()), flowRep, ResourceType.AUTH_FLOW); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java index 990175dcbf..a728c8e7c0 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java @@ -24,7 +24,9 @@ import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.ResourceType; import org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation; import org.keycloak.representations.idm.AuthenticationFlowRepresentation; +import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.util.AdminEventPaths; +import org.keycloak.testsuite.util.AssertAdminEvents; import javax.ws.rs.BadRequestException; import javax.ws.rs.NotFoundException; @@ -45,15 +47,16 @@ public class FlowTest extends AbstractAuthenticationTest { // KEYCLOAK-3681: Delete top flow doesn't delete all subflows @Test public void testRemoveSubflows() { - authMgmtResource.createFlow(newFlow("Foo", "Foo flow", "generic", true, false)); + createFlow(newFlow("Foo", "Foo flow", "generic", true, false)); addFlowToParent("Foo", "child"); addFlowToParent("child", "grandchild"); List flows = authMgmtResource.getFlows(); AuthenticationFlowRepresentation found = findFlowByAlias("Foo", flows); authMgmtResource.deleteFlow(found.getId()); - - authMgmtResource.createFlow(newFlow("Foo", "Foo flow", "generic", true, false)); + assertAdminEvents.clear(); + + createFlow(newFlow("Foo", "Foo flow", "generic", true, false)); addFlowToParent("Foo", "child"); // Under the old code, this would throw an error because "grandchild" diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractClientTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractClientTest.java index c247009141..244323b0d9 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractClientTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractClientTest.java @@ -36,7 +36,6 @@ import org.keycloak.testsuite.util.RealmBuilder; import javax.ws.rs.core.Response; import java.util.List; -import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER; /** * @@ -50,11 +49,10 @@ public abstract class AbstractClientTest extends AbstractAuthTest { @Override public void setDefaultPageUriParameters() { super.setDefaultPageUriParameters(); - testRealmPage.setAuthRealm(MASTER); - testRealmLoginPage.setAuthRealm(testRealmPage); - testRealmAccountPage.setAuthRealm(testRealmPage); + testRealmPage.setAuthRealm("test"); + accountPage.setAuthRealm("test"); } - + @Before public void setupAdminEvents() { RealmRepresentation realm = testRealmResource().toRepresentation(); @@ -75,7 +73,7 @@ public abstract class AbstractClientTest extends AbstractAuthTest { } protected String getRealmId() { - return MASTER; + return "test"; } // returns UserRepresentation retrieved from server, with all fields, including id diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java index a33b2a11b2..eb3d2df4c9 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java @@ -75,7 +75,7 @@ public class InstallationTest extends AbstractClientTest { } private String samlUrl() { - return authServerUrl() + "/realms/master/protocol/saml"; + return authServerUrl() + "/realms/test/protocol/saml"; } @Test @@ -111,7 +111,7 @@ public class InstallationTest extends AbstractClientTest { } private void assertOidcInstallationConfig(String config) { - assertThat(config, containsString("master")); + assertThat(config, containsString("test")); assertThat(config, not(containsString(ApiUtil.findActiveKey(testRealmResource()).getPublicKey()))); assertThat(config, containsString(authServerUrl())); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/SessionTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/SessionTest.java index e25533fc93..6d99297033 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/SessionTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/SessionTest.java @@ -38,7 +38,7 @@ import static org.junit.Assert.assertNotNull; * @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc. */ public class SessionTest extends AbstractClientTest { - private static boolean testUserCreated = false; + @Page protected AccountManagement testRealmAccountManagementPage; @@ -46,13 +46,18 @@ public class SessionTest extends AbstractClientTest { @Before public void init() { // make user test user exists in test realm - if (!testUserCreated) { - createTestUserWithAdminClient(); + createTestUserWithAdminClient(); + getCleanup().addUserId(testUser.getId()); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.userResourcePath(testUser.getId()), ResourceType.USER); - assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.userResetPasswordPath(testUser.getId()), ResourceType.USER); - } - testUserCreated = true; + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.userResourcePath(testUser.getId()), ResourceType.USER); + assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.userResetPasswordPath(testUser.getId()), ResourceType.USER); + } + + @Override + public void setDefaultPageUriParameters() { + super.setDefaultPageUriParameters(); + testRealmAccountManagementPage.setAuthRealm(getRealmId()); + loginPage.setAuthRealm(getRealmId()); } @Test diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ImportAuthorizationSettingsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ImportAuthorizationSettingsTest.java index 2922a3ef2c..4b2168f0d1 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ImportAuthorizationSettingsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ImportAuthorizationSettingsTest.java @@ -17,20 +17,16 @@ package org.keycloak.testsuite.admin.client.authorization; -import static com.sun.corba.se.impl.oa.poa.Policies.defaultPolicies; import static org.junit.Assert.assertEquals; -import java.util.List; +import org.junit.After; +import org.junit.Before; import org.junit.Test; import org.keycloak.admin.client.resource.AuthorizationResource; import org.keycloak.admin.client.resource.ClientResource; -import org.keycloak.representations.adapters.config.PolicyEnforcerConfig; import org.keycloak.representations.idm.ClientRepresentation; -import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RoleRepresentation; -import org.keycloak.representations.idm.authorization.PolicyRepresentation; -import org.keycloak.representations.idm.authorization.ResourceRepresentation; import org.keycloak.representations.idm.authorization.ResourceServerRepresentation; import org.keycloak.util.JsonSerialization; @@ -40,6 +36,27 @@ import org.keycloak.util.JsonSerialization; */ public class ImportAuthorizationSettingsTest extends AbstractAuthorizationTest { + @Before + public void createRole() { + ClientResource clientResource = getClientResource(); + + RoleRepresentation role = new RoleRepresentation(); + role.setName("admin"); + clientResource.roles().create(role); + } + + @After + public void onAfterAuthzTests() { + ClientResource clientResource = getClientResource(); + + // Needed to disable authz first. TODO: Looks like a bug. Check later... + ClientRepresentation client = clientResource.toRepresentation(); + client.setAuthorizationServicesEnabled(false); + clientResource.update(client); + + getClientResource().remove(); + } + @Test public void testImportUnorderedSettings() throws Exception { ClientResource clientResource = getClientResource(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AbstractEventTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AbstractEventTest.java index 9cb3c32ffe..414151c61c 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AbstractEventTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AbstractEventTest.java @@ -17,9 +17,11 @@ package org.keycloak.testsuite.admin.event; import org.junit.Before; +import org.junit.Rule; import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.representations.idm.RealmEventsConfigRepresentation; import org.keycloak.testsuite.AbstractAuthTest; +import org.keycloak.testsuite.util.TestCleanup; import java.util.Collections; import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER; @@ -32,14 +34,6 @@ public abstract class AbstractEventTest extends AbstractAuthTest { protected RealmEventsConfigRepresentation configRep; - @Override - public void setDefaultPageUriParameters() { - super.setDefaultPageUriParameters(); - testRealmPage.setAuthRealm(MASTER); - testRealmLoginPage.setAuthRealm(testRealmPage); - testRealmAccountPage.setAuthRealm(testRealmPage); - } - @Before public void setConfigRep() { RealmResource testRsc = testRealmResource(); @@ -51,6 +45,12 @@ public abstract class AbstractEventTest extends AbstractAuthTest { saveConfig(); } + @Override + public void setDefaultPageUriParameters() { + testRealmPage.setAuthRealm("test"); + accountPage.setAuthRealm("test"); + } + protected void saveConfig() { RealmResource testRsc = testRealmResource(); testRsc.updateRealmEventsConfig(configRep); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventTest.java index 96e29204ed..ce233082bc 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventTest.java @@ -59,7 +59,9 @@ public class AdminEventTest extends AbstractEventTest { private String createUser(String username) { UserRepresentation user = createUserRepresentation(username, username + "@foo.com", "foo", "bar", true); - return ApiUtil.createUserWithAdminClient(testRealmResource(), user); + String userId = ApiUtil.createUserWithAdminClient(testRealmResource(), user); + getCleanup().addUserId(userId); + return userId; } private void updateRealm() { @@ -90,7 +92,7 @@ public class AdminEventTest extends AbstractEventTest { assertNull(event.getError()); AuthDetailsRepresentation details = event.getAuthDetails(); - assertEquals(realmName(), details.getRealmId()); + assertEquals("master", details.getRealmId()); assertNotNull(details.getClientId()); assertNotNull(details.getUserId()); assertNotNull(details.getIpAddress()); @@ -106,7 +108,7 @@ public class AdminEventTest extends AbstractEventTest { assertEquals("CREATE", event.getOperationType()); assertEquals(realmName(), event.getRealmId()); - assertEquals(realmName(), event.getAuthDetails().getRealmId()); + assertEquals("master", event.getAuthDetails().getRealmId()); assertNull(event.getRepresentation()); } @@ -130,7 +132,7 @@ public class AdminEventTest extends AbstractEventTest { updateRealm(); assertEquals(3, events().size()); - List events = testRealmResource().getAdminEvents(Arrays.asList("CREATE"), realmName(), null, null, null, null, null, null, null, null); + List events = testRealmResource().getAdminEvents(Arrays.asList("CREATE"), null, null, null, null, null, null, null, null, null); assertEquals(2, events.size()); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/LoginEventsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/LoginEventsTest.java index dc0d787cd4..e356227be1 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/LoginEventsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/LoginEventsTest.java @@ -60,7 +60,7 @@ public class LoginEventsTest extends AbstractEventTest { } private void badLogin() { - loginEventsPage.navigateTo(); + accountPage.navigateTo(); loginPage.form().login("bad", "user"); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java index 79908d8e69..b7274ecbe3 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java @@ -142,6 +142,7 @@ public class GroupTest extends AbstractGroupTest { private GroupRepresentation createGroup(RealmResource realm, GroupRepresentation group) { Response response = realm.groups().add(group); String groupId = ApiUtil.getCreatedId(response); + getCleanup().addGroupId(groupId); response.close(); assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupPath(groupId), group, ResourceType.GROUP); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmRolesTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmRolesTest.java index bf9c7947ff..4fa09df4b3 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmRolesTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmRolesTest.java @@ -65,6 +65,8 @@ public class RealmRolesTest extends AbstractAdminTest { ClientRepresentation clientRep = ClientBuilder.create().clientId("client-a").build(); Response response = adminClient.realm(REALM_NAME).clients().create(clientRep); clientUuid = ApiUtil.getCreatedId(response); + getCleanup().addClientUuid(clientUuid); + response.close(); RoleRepresentation roleC = RoleBuilder.create().name("role-c").description("Role C").build(); adminClient.realm(REALM_NAME).clients().get(clientUuid).roles().create(roleC); @@ -77,6 +79,10 @@ public class RealmRolesTest extends AbstractAdminTest { ids.put(r.getName(), r.getId()); } + getCleanup().addRoleId(ids.get("role-a")); + getCleanup().addRoleId(ids.get("role-b")); + getCleanup().addRoleId(ids.get("role-c")); + resource = adminClient.realm(REALM_NAME).roles(); assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-a"), roleA, ResourceType.REALM_ROLE); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java index db10d02a9a..e5c128745a 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java @@ -202,6 +202,17 @@ public class RealmTest extends AbstractAdminTest { realm.remove(); Assert.assertNames(adminClient.realms().findAll(), "master", AuthRealm.TEST); + + // Re-create realm + reCreateRealm(); + } + + private void reCreateRealm() { + // Re-create realm + RealmRepresentation realmRep = testContext.getTestRealmReps().stream().filter((RealmRepresentation realm) -> { + return realm.getRealm().equals(REALM_NAME); + }).findFirst().get(); + adminClient.realms().create(realmRep); } @Test @@ -210,6 +221,8 @@ public class RealmTest extends AbstractAdminTest { ServerInfoResource serverInfoResource = Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "master", "admin", "admin", Constants.ADMIN_CLI_CLIENT_ID).serverInfo(); serverInfoResource.getInfo(); + + reCreateRealm(); } /** @@ -608,6 +621,7 @@ public class RealmTest extends AbstractAdminTest { client.setSecret("secret"); Response resp = realm.clients().create(client); String clientDbId = ApiUtil.getCreatedId(resp); + getCleanup().addClientUuid(clientDbId); resp.close(); assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(clientDbId), client, ResourceType.CLIENT); @@ -618,6 +632,7 @@ public class RealmTest extends AbstractAdminTest { Response response = realm.users().create(userRep); String userId = ApiUtil.getCreatedId(response); response.close(); + getCleanup().addUserId(userId); assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(userId), userRep, ResourceType.USER); realm.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java index f9e50e5fd3..eabc7d17b0 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java @@ -20,10 +20,14 @@ package org.keycloak.testsuite.broker; import java.util.List; import org.jboss.arquillian.graphene.page.Page; +import org.junit.After; +import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Retry; +import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.pages.AccountPasswordPage; import org.keycloak.testsuite.pages.AccountUpdateProfilePage; import org.keycloak.testsuite.pages.ErrorPage; @@ -82,6 +86,22 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest { } + @After + public void cleanupUsers() { + RealmResource providerRealm = adminClient.realm(bc.providerRealmName()); + UserRepresentation userRep = ApiUtil.findUserByUsername(providerRealm, bc.getUserLogin()); + if (userRep != null) { + providerRealm.users().get(userRep.getId()).remove(); + } + + RealmResource childRealm = adminClient.realm(bc.consumerRealmName()); + userRep = ApiUtil.findUserByUsername(childRealm, bc.getUserLogin()); + if (userRep != null) { + childRealm.users().get(userRep.getId()).remove(); + } + } + + protected void logInAsUserInIDP() { driver.navigate().to(getAccountUrl(bc.consumerRealmName())); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java index f6e575f026..81292439ca 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java @@ -1,5 +1,6 @@ package org.keycloak.testsuite.broker; +import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -13,6 +14,7 @@ import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.testsuite.Assert; +import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.pages.ConsentPage; import org.keycloak.testsuite.util.*; @@ -39,7 +41,7 @@ import static org.keycloak.testsuite.broker.BrokerTestTools.*; public abstract class AbstractBrokerTest extends AbstractBaseBrokerTest { @Before - public void createUser() { + public void beforeBrokerTest() { log.debug("creating user for realm " + bc.providerRealmName()); UserRepresentation user = new UserRepresentation(); @@ -52,18 +54,16 @@ public abstract class AbstractBrokerTest extends AbstractBaseBrokerTest { userId = createUserWithAdminClient(realmResource, user); resetUserPassword(realmResource.users().get(userId), bc.getUserPassword(), false); - } - @Before - public void addIdentityProviderToProviderRealm() { + if (testContext.isInitialized()) { + return; + } + log.debug("adding identity provider to realm " + bc.consumerRealmName()); - RealmResource realm = adminClient.realm(bc.consumerRealmName()); realm.identityProviders().create(bc.setUpIdentityProvider(suiteContext)); - } - @Before - public void addClients() { + // addClients List clients = bc.createProviderClients(suiteContext); if (clients != null) { RealmResource providerRealm = adminClient.realm(bc.providerRealmName()); @@ -83,6 +83,8 @@ public abstract class AbstractBrokerTest extends AbstractBaseBrokerTest { consumerRealm.clients().create(client); } } + + testContext.setInitialized(true); } @@ -302,6 +304,13 @@ public abstract class AbstractBrokerTest extends AbstractBaseBrokerTest { consentPage.cancel(); waitForPage(driver, "log in to"); + + // Revert consentRequired + adminClient.realm(bc.providerRealmName()) + .clients() + .get(client.getId()) + .update(ClientBuilder.edit(client).consentRequired(false).build()); + } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractUserAttributeMapperTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractUserAttributeMapperTest.java index 2e15ad16c5..045aeb9d37 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractUserAttributeMapperTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractUserAttributeMapperTest.java @@ -49,12 +49,13 @@ public abstract class AbstractUserAttributeMapperTest extends AbstractBaseBroker RealmResource realm = adminClient.realm(bc.consumerRealmName()); final IdentityProviderRepresentation idp = bc.setUpIdentityProvider(suiteContext); - realm.identityProviders().create(idp); + Response resp = realm.identityProviders().create(idp); + resp.close(); IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias()); for (IdentityProviderMapperRepresentation mapper : createIdentityProviderMappers()) { mapper.setIdentityProviderAlias(bc.getIDPAlias()); - Response resp = idpResource.addMapper(mapper); + resp = idpResource.addMapper(mapper); resp.close(); } } @@ -67,7 +68,8 @@ public abstract class AbstractUserAttributeMapperTest extends AbstractBaseBroker for (ClientRepresentation client : clients) { log.debug("adding client " + client.getName() + " to realm " + bc.providerRealmName()); - providerRealm.clients().create(client); + Response resp = providerRealm.clients().create(client); + resp.close(); } } @@ -77,7 +79,8 @@ public abstract class AbstractUserAttributeMapperTest extends AbstractBaseBroker for (ClientRepresentation client : clients) { log.debug("adding client " + client.getName() + " to realm " + bc.consumerRealmName()); - consumerRealm.clients().create(client); + Response resp = consumerRealm.clients().create(client); + resp.close(); } } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AccountLinkTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AccountLinkTest.java index 7e796cd8a9..f08b4bf2c6 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AccountLinkTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AccountLinkTest.java @@ -75,47 +75,41 @@ public class AccountLinkTest extends AbstractKeycloakTest { } @Before - public void addIdpUser() { - RealmResource realm = adminClient.realms().realm(PARENT_IDP); + public void beforeBrokerTest() { + if (testContext.isInitialized()) { + return; + } + + // addIdpUser + RealmResource realmParent = adminClient.realms().realm(PARENT_IDP); UserRepresentation user = new UserRepresentation(); user.setUsername(PARENT_USERNAME); user.setEnabled(true); - String userId = createUserAndResetPasswordWithAdminClient(realm, user, "password"); + String userId = createUserAndResetPasswordWithAdminClient(realmParent, user, "password"); - } - - @Before - public void addChildUser() { - RealmResource realm = adminClient.realms().realm(CHILD_IDP); - UserRepresentation user = new UserRepresentation(); + // addChildUser + RealmResource realmChild = adminClient.realms().realm(CHILD_IDP); + user = new UserRepresentation(); user.setUsername("child"); user.setEnabled(true); - String userId = createUserAndResetPasswordWithAdminClient(realm, user, "password"); + userId = createUserAndResetPasswordWithAdminClient(realmChild, user, "password"); - } - - @Before - public void setupUserStorageProvider() { + // setupUserStorageProvider ComponentRepresentation provider = new ComponentRepresentation(); provider.setName("passthrough"); provider.setProviderId(PassThroughFederatedUserStorageProviderFactory.PROVIDER_ID); provider.setProviderType(UserStorageProvider.class.getName()); provider.setConfig(new MultivaluedHashMap<>()); provider.getConfig().putSingle("priority", Integer.toString(1)); + realmChild.components().add(provider); - RealmResource realm = adminClient.realms().realm(CHILD_IDP); - realm.components().add(provider); - - - - - } - - @Before - public void createBroker() { + // createBroker createParentChild(); + + testContext.setInitialized(true); } + public void createParentChild() { BrokerTestTools.createKcOidcBroker(adminClient, CHILD_IDP, PARENT_IDP, suiteContext); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java index e7d8d44a5b..566d288e28 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java @@ -78,7 +78,8 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest { log.debug("adding identity provider to realm " + bc.consumerRealmName()); RealmResource realm = adminClient.realm(bc.consumerRealmName()); - realm.identityProviders().create(bc.setUpIdentityProvider(suiteContext)); + Response resp = realm.identityProviders().create(bc.setUpIdentityProvider(suiteContext)); + resp.close(); } @@ -90,7 +91,8 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest { for (ClientRepresentation client : clients) { log.debug("adding client " + client.getName() + " to realm " + bc.providerRealmName()); - providerRealm.clients().create(client); + Response resp = providerRealm.clients().create(client); + resp.close(); } } @@ -100,7 +102,8 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest { for (ClientRepresentation client : clients) { log.debug("adding client " + client.getName() + " to realm " + bc.consumerRealmName()); - consumerRealm.clients().create(client); + Response resp = consumerRealm.clients().create(client); + resp.close(); } } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientRegistrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientRegistrationTest.java index f2f8c6d0fc..b678a23659 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientRegistrationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientRegistrationTest.java @@ -108,9 +108,9 @@ public abstract class AbstractClientRegistrationTest extends AbstractKeycloakTes return response; } - public ClientRepresentation getClient(String clientId) { + public ClientRepresentation getClient(String clientUuid) { try { - return adminClient.realm(REALM_NAME).clients().get(clientId).toRepresentation(); + return adminClient.realm(REALM_NAME).clients().get(clientUuid).toRepresentation(); } catch (NotFoundException e) { return null; } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AdapterInstallationConfigTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AdapterInstallationConfigTest.java index b2b2eb46ab..22d47310a9 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AdapterInstallationConfigTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AdapterInstallationConfigTest.java @@ -24,6 +24,7 @@ import org.keycloak.client.registration.HttpErrorException; import org.keycloak.common.enums.SslRequired; import org.keycloak.representations.adapters.config.AdapterConfig; import org.keycloak.representations.idm.ClientRepresentation; +import org.keycloak.testsuite.admin.ApiUtil; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; @@ -51,6 +52,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes client.setRootUrl("http://root"); client = createClient(client); client.setSecret("RegistrationAccessTokenTestClientSecret"); + getCleanup().addClientUuid(client.getId()); client2 = new ClientRepresentation(); client2.setEnabled(true); @@ -60,6 +62,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes client2.setRegistrationAccessToken("RegistrationAccessTokenTestRegistrationAccessToken"); client2.setRootUrl("http://root"); client2 = createClient(client2); + getCleanup().addClientUuid(client2.getId()); clientPublic = new ClientRepresentation(); clientPublic.setEnabled(true); @@ -68,6 +71,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes clientPublic.setRegistrationAccessToken("RegistrationAccessTokenTestRegistrationAccessTokenPublic"); clientPublic.setRootUrl("http://root"); clientPublic = createClient(clientPublic); + getCleanup().addClientUuid(clientPublic.getId()); } @Test @@ -80,7 +84,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes @Test public void getConfig() throws ClientRegistrationException { - reg.auth(Auth.client(client.getClientId(), client.getSecret())); + reg.auth(Auth.client(client.getClientId(), "RegistrationAccessTokenTestClientSecret")); AdapterConfig config = reg.getAdapterConfig(client.getClientId()); assertNotNull(config); @@ -89,7 +93,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes assertEquals("test", config.getRealm()); assertEquals(1, config.getCredentials().size()); - assertEquals(client.getSecret(), config.getCredentials().get("secret")); + assertEquals("RegistrationAccessTokenTestClientSecret", config.getCredentials().get("secret")); assertEquals(client.getClientId(), config.getResource()); assertEquals(SslRequired.EXTERNAL.name().toLowerCase(), config.getSslRequired()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRedirectTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRedirectTest.java index 1c80d51924..c47e6c841c 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRedirectTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRedirectTest.java @@ -47,7 +47,7 @@ public class ClientRedirectTest extends AbstractTestRealmKeycloakTest { * * @throws Exception */ - //@Test + @Test public void testClientRedirectEndpoint() throws Exception { oauth.doLogin("test-user@localhost", "password"); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationPoliciesTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationPoliciesTest.java index a48158c804..b59d883c66 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationPoliciesTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationPoliciesTest.java @@ -23,6 +23,7 @@ import java.util.List; import java.util.Map; import java.util.stream.Collectors; +import org.junit.After; import org.junit.Before; import org.junit.Test; import org.keycloak.admin.client.resource.RealmResource; @@ -80,12 +81,16 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe testRealms.get(0).setPublicKey(PUBLIC_KEY); } - @Before - public void before() throws Exception { - super.before(); -// -// ClientInitialAccessPresentation token = adminClient.realm(REALM_NAME).clientInitialAccess().create(new ClientInitialAccessCreatePresentation(0, 10)); -// reg.auth(Auth.token(token)); + @After + public void after() throws Exception { + super.after(); + + // Default setup of trustedHostPolicy + ComponentRepresentation trustedHostPolicy = findPolicyByProviderAndAuth(TrustedHostClientRegistrationPolicyFactory.PROVIDER_ID, getPolicyAnon()); + trustedHostPolicy.getConfig().putSingle(TrustedHostClientRegistrationPolicyFactory.HOST_SENDING_REGISTRATION_REQUEST_MUST_MATCH, "true"); + trustedHostPolicy.getConfig().putSingle(TrustedHostClientRegistrationPolicyFactory.CLIENT_URIS_MUST_MATCH, "true"); + trustedHostPolicy.getConfig().put(TrustedHostClientRegistrationPolicyFactory.TRUSTED_HOSTS, Collections.emptyList()); + realmResource().components().component(trustedHostPolicy.getId()).update(trustedHostPolicy); } private RealmResource realmResource() { @@ -175,7 +180,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe assertOidcFail(ClientRegOp.CREATE, client, 403, "Host not trusted"); // Should still fail (bad redirect_uri) - setTrustedHost("localhost", getPolicyAnon()); + setTrustedHost("localhost"); assertOidcFail(ClientRegOp.CREATE, client, 403, "URL doesn't match"); // Should still fail (bad base_uri) @@ -194,7 +199,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe @Test public void testAnonUpdateWithTrustedHost() throws Exception { - setTrustedHost("localhost", getPolicyAnon()); + setTrustedHost("localhost"); OIDCClientRepresentation client = create(); // Fail update client @@ -235,7 +240,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe @Test public void testAnonConsentRequired() throws Exception { - setTrustedHost("localhost", getPolicyAnon()); + setTrustedHost("localhost"); OIDCClientRepresentation client = create(); // Assert new client has consent required @@ -255,7 +260,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe @Test public void testAnonFullScopeAllowed() throws Exception { - setTrustedHost("localhost", getPolicyAnon()); + setTrustedHost("localhost"); OIDCClientRepresentation client = create(); // Assert new client has fullScopeAllowed disabled @@ -275,7 +280,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe @Test public void testClientDisabledPolicy() throws Exception { - setTrustedHost("localhost", getPolicyAnon()); + setTrustedHost("localhost"); // Assert new client is enabled OIDCClientRepresentation client = create(); @@ -290,7 +295,9 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe rep.setProviderId(ClientDisabledClientRegistrationPolicyFactory.PROVIDER_ID); rep.setProviderType(ClientRegistrationPolicy.class.getName()); rep.setSubType(getPolicyAnon()); - realmResource().components().add(rep).close(); + Response response = realmResource().components().add(rep); + String policyId = ApiUtil.getCreatedId(response); + response.close(); // Assert new client is disabled client = create(); @@ -305,12 +312,15 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe // Try update disabled client. Should pass clientRep.setEnabled(false); reg.update(clientRep); + + // Revert + realmResource().components().component(policyId).remove(); } @Test public void testMaxClientsPolicy() throws Exception { - setTrustedHost("localhost", getPolicyAnon()); + setTrustedHost("localhost"); int clientsCount = realmResource().clients().findAll().size(); int newClientsLimit = clientsCount + 1; @@ -325,6 +335,10 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe // I can't register more clients assertOidcFail(ClientRegOp.CREATE, createRepOidc(), 403, "It's allowed to have max " + newClientsLimit + " clients per realm"); + + // Revert + maxClientsPolicyRep.getConfig().putSingle(MaxClientsClientRegistrationPolicyFactory.MAX_CLIENTS, String.valueOf(10000)); + realmResource().components().component(maxClientsPolicyRep.getId()).update(maxClientsPolicyRep); } @@ -355,11 +369,15 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe // Add some clientTemplates ClientTemplateRepresentation clientTemplate = new ClientTemplateRepresentation(); clientTemplate.setName("foo"); - realmResource().clientTemplates().create(clientTemplate); + Response response = realmResource().clientTemplates().create(clientTemplate); + String fooTemplateId = ApiUtil.getCreatedId(response); + response.close(); clientTemplate = new ClientTemplateRepresentation(); clientTemplate.setName("bar"); - realmResource().clientTemplates().create(clientTemplate); + response = realmResource().clientTemplates().create(clientTemplate); + String barTemplateId = ApiUtil.getCreatedId(response); + response.close(); // send request again and test that clientTemplate provider contains added client templates reps = realmResource().clientRegistrationPolicy().getProviders(); @@ -371,6 +389,10 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe clientTemplates = getProviderConfigProperty(clientTemplateRep, ClientTemplatesClientRegistrationPolicyFactory.ALLOWED_CLIENT_TEMPLATES); Assert.assertNames(clientTemplates, "foo", "bar"); + + // Revert client templates + realmResource().clientTemplates().get(fooTemplateId).remove(); + realmResource().clientTemplates().get(barTemplateId).remove(); } private List getProviderConfigProperty(ComponentTypeRepresentation provider, String expectedConfigPropName) { @@ -394,12 +416,14 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe @Test public void testClientTemplatesPolicy() throws Exception { - setTrustedHost("localhost", getPolicyAnon()); + setTrustedHost("localhost"); // Add some clientTemplate through Admin REST ClientTemplateRepresentation clientTemplate = new ClientTemplateRepresentation(); clientTemplate.setName("foo"); - realmResource().clientTemplates().create(clientTemplate); + Response response = realmResource().clientTemplates().create(clientTemplate); + String clientTemplateId = ApiUtil.getCreatedId(response); + response.close(); // I can't register new client with this template ClientRepresentation clientRep = createRep("test-app"); @@ -422,17 +446,23 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe // Now the update via clientRegistration is permitted too as template was already set reg.update(registeredClient); + + // Revert client template + realmResource().clients().get(client.getId()).remove(); + realmResource().clientTemplates().get(clientTemplateId).remove(); } @Test public void testClientTemplatesPolicyWithPermittedTemplate() throws Exception { - setTrustedHost("localhost", getPolicyAnon()); + setTrustedHost("localhost"); // Add some clientTemplate through Admin REST ClientTemplateRepresentation clientTemplate = new ClientTemplateRepresentation(); clientTemplate.setName("foo"); - realmResource().clientTemplates().create(clientTemplate); + Response response = realmResource().clientTemplates().create(clientTemplate); + String clientTemplateId = ApiUtil.getCreatedId(response); + response.close(); // I can't register new client with this template ClientRepresentation clientRep = createRep("test-app"); @@ -447,6 +477,10 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe // Check that I can register client now ClientRepresentation registeredClient = reg.create(clientRep); Assert.assertNotNull(registeredClient.getRegistrationAccessToken()); + + // Revert client template + ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove(); + realmResource().clientTemplates().get(clientTemplateId).remove(); } @@ -454,7 +488,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe @Test public void testProtocolMappersCreate() throws Exception { - setTrustedHost("localhost", getPolicyAnon()); + setTrustedHost("localhost"); // Try to add client with some "hardcoded role" mapper. Should fail ClientRepresentation clientRep = createRep("test-app"); @@ -480,6 +514,11 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe clientRep.setProtocolMappers(Collections.singletonList(createHardcodedMapperRep())); reg.auth(null); assertFail(ClientRegOp.CREATE, clientRep, 403, "ProtocolMapper type not allowed"); + + // Revert policy change + ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove(); + protocolMapperPolicyRep.getConfig().remove(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES, HardcodedRole.PROVIDER_ID); + realmResource().components().component(protocolMapperPolicyRep.getId()).update(protocolMapperPolicyRep); } @@ -497,7 +536,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe @Test public void testProtocolMappersUpdate() throws Exception { - setTrustedHost("localhost", getPolicyAnon()); + setTrustedHost("localhost"); // Check I can add client with allowed protocolMappers ProtocolMapperRepresentation protocolMapper = new ProtocolMapperRepresentation(); @@ -526,12 +565,15 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe // Check I can update client now reg.update(registeredClient); + + // Revert client + ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove(); } @Test public void testProtocolMappersConsentRequired() throws Exception { - setTrustedHost("localhost", getPolicyAnon()); + setTrustedHost("localhost"); // Register client and assert it has builtin protocol mappers ClientRepresentation clientRep = createRep("test-app"); @@ -555,12 +597,17 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe return protocolMapper.getProtocolMapper().equals(UserPropertyMapper.PROVIDER_ID); }).count(); Assert.assertEquals(0, usernamePropMappersCount); + + // Revert + ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove(); + protocolMapperPolicyRep.getConfig().getList(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES).add(UserPropertyMapper.PROVIDER_ID); + realmResource().components().component(protocolMapperPolicyRep.getId()).update(protocolMapperPolicyRep); } @Test public void testProtocolMappersRemoveBuiltins() throws Exception { - setTrustedHost("localhost", getPolicyAnon()); + setTrustedHost("localhost"); // Change policy to allow hardcoded mapper @@ -577,6 +624,11 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe ProtocolMapperRepresentation hardcodedMapper = registeredClient.getProtocolMappers().get(0); Assert.assertTrue(hardcodedMapper.isConsentRequired()); Assert.assertEquals("Hardcoded foo role", hardcodedMapper.getConsentText()); + + // Revert + ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove(); + protocolMapperPolicyRep.getConfig().remove(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES, HardcodedRole.PROVIDER_ID); + realmResource().components().component(protocolMapperPolicyRep.getId()).update(protocolMapperPolicyRep); } // HELPER METHODS @@ -601,8 +653,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe return null; } - private void setTrustedHost(String hostname, String policyType) { - List reps = realmResource().components().query(REALM_NAME, getPolicyAnon()); + private void setTrustedHost(String hostname) { ComponentRepresentation trustedHostRep = findPolicyByProviderAndAuth(TrustedHostClientRegistrationPolicyFactory.PROVIDER_ID, getPolicyAnon()); trustedHostRep.getConfig().putSingle(TrustedHostClientRegistrationPolicyFactory.TRUSTED_HOSTS, hostname); realmResource().components().component(trustedHostRep.getId()).update(trustedHostRep); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java index 5d1f4aef26..08cfb7e42a 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java @@ -52,6 +52,9 @@ public class ClientRegistrationTest extends AbstractClientRegistrationTest { client = adminClient.realm(REALM_NAME).clients().get(createdClient.getId()).toRepresentation(); assertEquals(CLIENT_ID, client.getClientId()); + // Remove this client after test + getCleanup().addClientUuid(createdClient.getId()); + return client; } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCJwksClientRegistrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCJwksClientRegistrationTest.java index 74432a83da..8ce0632be7 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCJwksClientRegistrationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCJwksClientRegistrationTest.java @@ -31,6 +31,7 @@ import javax.ws.rs.core.UriBuilder; import org.apache.http.HttpResponse; import org.apache.http.NameValuePair; import org.apache.http.client.entity.UrlEncodedFormEntity; +import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpPost; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.DefaultHttpClient; @@ -369,12 +370,12 @@ public class OIDCJwksClientRegistrationTest extends AbstractClientRegistrationTe parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT)); parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt)); - HttpResponse response = sendRequest(oauth.getServiceAccountUrl(), parameters); + CloseableHttpResponse response = sendRequest(oauth.getServiceAccountUrl(), parameters); return new OAuthClient.AccessTokenResponse(response); } - private HttpResponse sendRequest(String requestUrl, List parameters) throws Exception { + private CloseableHttpResponse sendRequest(String requestUrl, List parameters) throws Exception { CloseableHttpClient client = new DefaultHttpClient(); try { HttpPost post = new HttpPost(requestUrl); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/RegistrationAccessTokenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/RegistrationAccessTokenTest.java index 1e48290927..3eb0d7e5ef 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/RegistrationAccessTokenTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/RegistrationAccessTokenTest.java @@ -48,6 +48,7 @@ public class RegistrationAccessTokenTest extends AbstractClientRegistrationTest c.setRootUrl("http://root"); client = createClient(c); + getCleanup().addClientUuid(client.getId()); c = new ClientRepresentation(); c.setEnabled(true); @@ -55,7 +56,8 @@ public class RegistrationAccessTokenTest extends AbstractClientRegistrationTest c.setSecret("RegistrationAccessTokenTestClientSecret"); c.setRootUrl("http://root"); - createClient(c); + c = createClient(c); + getCleanup().addClientUuid(c.getId()); reg.auth(Auth.token(client.getRegistrationAccessToken())); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java index 4cf3904851..9c97d2652d 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java @@ -155,10 +155,53 @@ public class CompositeRoleTest extends AbstractCompositeKeycloakTest { } @Before - public void addScopeMappings() { + public void before() { + if (testContext.isInitialized()) { + return; + } + + // addScopeMappings addRealmLevelScopeMapping("REALM_COMPOSITE_1_APPLICATION", "REALM_COMPOSITE_1"); addRealmLevelScopeMapping("REALM_ROLE_1_APPLICATION", "REALM_ROLE_1"); addClientLevelScopeMapping("APP_COMPOSITE_APPLICATION", "APP_ROLE_APPLICATION", "APP_ROLE_2"); + + // createRealmAppCompositeRole + ClientResource appRoleApplication = ApiUtil.findClientByClientId(testRealm(), "APP_ROLE_APPLICATION"); + RoleResource appRole1 = appRoleApplication.roles().get("APP_ROLE_1"); + + RoleBuilder realmAppCompositeRole = RoleBuilder.create() + .name("REALM_APP_COMPOSITE_ROLE"); + + testRealm().roles().create(realmAppCompositeRole.build()); + String id = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation().getId(); + testRealm().rolesById().addComposites(id, Collections.singletonList(appRole1.toRepresentation())); + + // addRealmAppCompositeToUsers + UserResource userRsc = ApiUtil.findUserByUsernameId(testRealm(), "REALM_APP_COMPOSITE_USER"); + RoleRepresentation realmAppCompositeRolee = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation(); + userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRolee)); + + // addRealmAppCompositeToUsers2 + userRsc = ApiUtil.findUserByUsernameId(testRealm(), "APP_COMPOSITE_USER"); + userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRolee)); + + ClientResource appCompositeApplication = ApiUtil.findClientByClientId(testRealm(), "APP_COMPOSITE_APPLICATION"); + RoleResource appCompositeRole = appCompositeApplication.roles().get("APP_COMPOSITE_ROLE"); + + // addCompositeRolesToAppCompositeRoleInAppCompositeApplication + List toAdd = new LinkedList<>(); + toAdd.add(testRealm().roles().get("REALM_ROLE_1").toRepresentation()); + toAdd.add(testRealm().roles().get("REALM_ROLE_2").toRepresentation()); + toAdd.add(testRealm().roles().get("REALM_ROLE_3").toRepresentation()); + + ClientResource appRolesApplication = ApiUtil.findClientByClientId(testRealm(), "APP_ROLE_APPLICATION"); + RoleRepresentation appRole1Rep = appRolesApplication.roles().get("APP_ROLE_1").toRepresentation(); + toAdd.add(appRole1Rep); + + appCompositeRole.addComposites(toAdd); + + // Track that we initialized model already + testContext.setInitialized(true); } private void addRealmLevelScopeMapping(String clientId, String roleName) { @@ -174,50 +217,6 @@ public class CompositeRoleTest extends AbstractCompositeKeycloakTest { targetClient.getScopeMappings().clientLevel(sourceClient.toRepresentation().getId()).add(Collections.singletonList(role)); } - @Before - public void createRealmAppCompositeRole() { - ClientResource appRoleApplication = ApiUtil.findClientByClientId(testRealm(), "APP_ROLE_APPLICATION"); - RoleResource appRole1 = appRoleApplication.roles().get("APP_ROLE_1"); - - RoleBuilder realmAppCompositeRole = RoleBuilder.create() - .name("REALM_APP_COMPOSITE_ROLE"); - - testRealm().roles().create(realmAppCompositeRole.build()); - String id = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation().getId(); - testRealm().rolesById().addComposites(id, Collections.singletonList(appRole1.toRepresentation())); - } - - @Before - public void addRealmAppCompositeToUsers() { - UserResource userRsc = ApiUtil.findUserByUsernameId(testRealm(), "REALM_APP_COMPOSITE_USER"); - RoleRepresentation realmAppCompositeRole = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation(); - userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRole)); - } - - @Before - public void addRealmAppCompositeToUser2() { - UserResource userRsc = ApiUtil.findUserByUsernameId(testRealm(), "APP_COMPOSITE_USER"); - RoleRepresentation realmAppCompositeRole = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation(); - userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRole)); - } - - @Before - public void addCompositeRolesToAppCompositeRoleInAppCompositeApplication() { - ClientResource appCompositeApplication = ApiUtil.findClientByClientId(testRealm(), "APP_COMPOSITE_APPLICATION"); - RoleResource appCompositeRole = appCompositeApplication.roles().get("APP_COMPOSITE_ROLE"); - - List toAdd = new LinkedList<>(); - toAdd.add(testRealm().roles().get("REALM_ROLE_1").toRepresentation()); - toAdd.add(testRealm().roles().get("REALM_ROLE_2").toRepresentation()); - toAdd.add(testRealm().roles().get("REALM_ROLE_3").toRepresentation()); - - ClientResource appRolesApplication = ApiUtil.findClientByClientId(testRealm(), "APP_ROLE_APPLICATION"); - RoleRepresentation appRole1 = appRolesApplication.roles().get("APP_ROLE_1").toRepresentation(); - toAdd.add(appRole1); - - appCompositeRole.addComposites(toAdd); - } - @Page protected LoginPage loginPage; @@ -361,6 +360,8 @@ public class CompositeRoleTest extends AbstractCompositeKeycloakTest { realmRoles = userResource.roles().realmLevel().listEffective(); Assert.assertNames(realmRoles, "REALM_COMPOSITE_1", "REALM_ROLE_1"); + // Revert + testRealm().roles().get("REALM_ROLE_1").deleteComposites(Collections.singletonList(realmComposite1)); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java index 2164ccd995..42722da3c2 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java @@ -125,7 +125,9 @@ public abstract class AbstractKerberosTest extends AbstractAuthTest { oauth.clientId("kerberos-app"); ComponentRepresentation rep = getUserStorageConfiguration(); - testRealmResource().components().add(rep); + Response resp = testRealmResource().components().add(rep); + getCleanup().addComponentId(ApiUtil.getCreatedId(resp)); + resp.close(); } @After diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java index a5f00a7ae3..4bd6e15023 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java @@ -14,9 +14,12 @@ import java.util.HashSet; import java.util.List; import java.util.Set; import javax.ws.rs.NotFoundException; +import javax.ws.rs.core.Response; + import org.apache.commons.io.FileUtils; import org.jboss.arquillian.container.test.api.Deployment; import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.junit.After; import org.junit.Assert; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; @@ -101,6 +104,22 @@ public class UserStorageTest extends AbstractAuthTest { } + @After + public void removeTestUser() throws URISyntaxException, IOException { + testingClient.server().run(session -> { + RealmModel realm = session.realms().getRealmByName("test"); + if (realm == null) { + return; + } + + UserModel user = session.users().getUserByUsername("thor", realm); + if (user != null) { + session.userLocalStorage().removeUser(realm, user); + session.userCache().clear(); + } + }); + } + protected ComponentRepresentation newPropProviderRW() { ComponentRepresentation propProviderRW = new ComponentRepresentation(); propProviderRW.setName("user-props"); @@ -114,7 +133,11 @@ public class UserStorageTest extends AbstractAuthTest { } protected String addComponent(ComponentRepresentation component) { - return ApiUtil.getCreatedId(testRealmResource().components().add(component)); + Response resp = testRealmResource().components().add(component); + resp.close(); + String id = ApiUtil.getCreatedId(resp); + getCleanup().addComponentId(id); + return id; } private void loginSuccessAndLogout(String username, String password) { @@ -547,6 +570,9 @@ public class UserStorageTest extends AbstractAuthTest { UserMapStorage.realmRemovals.set(0); }); + // Re-create realm + RealmRepresentation repOrig = testContext.getTestRealmReps().get(0); + adminClient.realms().create(repOrig); } @Test diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/CustomFlowTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/CustomFlowTest.java index 08d0d69622..72af35ae77 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/CustomFlowTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/CustomFlowTest.java @@ -96,6 +96,11 @@ public class CustomFlowTest extends AbstractFlowTest { public void configureFlows() { userId = findUser("login-test").getId(); + // Do this just once per class + if (testContext.isInitialized()) { + return; + } + AuthenticationFlowRepresentation flow = FlowBuilder.create() .alias("dummy") .description("dummy pass through flow") @@ -169,6 +174,8 @@ public class CustomFlowTest extends AbstractFlowTest { .authenticatorFlow(false) .build(); testRealm().flows().addExecution(execution); + + testContext.setInitialized(true); } @@ -240,16 +247,16 @@ public class CustomFlowTest extends AbstractFlowTest { loginPage.login("test-user@localhost", "password"); Assert.assertTrue(termsPage.isCurrent()); - - - - + // Revert dummy flow + rep.setBrowserFlow("dummy"); + testRealm().update(rep); } @Test public void loginSuccess() { AuthenticatorState state = new AuthenticatorState(); state.setUsername("login-test"); + state.setClientId("test-app"); testingClient.testing().updateAuthenticator(state); oauth.openLoginForm(); @@ -264,6 +271,7 @@ public class CustomFlowTest extends AbstractFlowTest { public void grantTest() throws Exception { AuthenticatorState state = new AuthenticatorState(); state.setUsername("login-test"); + state.setClientId("test-app"); testingClient.testing().updateAuthenticator(state); grantAccessToken("test-app", "login-test"); @@ -297,6 +305,9 @@ public class CustomFlowTest extends AbstractFlowTest { .removeDetail(Details.CONSENT) .error(Errors.INVALID_CLIENT_CREDENTIALS) .assertEvent(); + + state.setClientId("test-app"); + testingClient.testing().updateAuthenticator(state); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java index 27c2d91a69..63ed003dcb 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java @@ -30,6 +30,7 @@ import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; +import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.pages.AppPage.RequestType; import org.keycloak.testsuite.pages.ErrorPage; @@ -275,16 +276,6 @@ public class LoginTest extends AbstractTestRealmKeycloakTest { @Test // KEYCLOAK-2557 public void loginUserWithEmailAsUsername() { - UserRepresentation rep = UserBuilder.create() - .enabled(true) - .id("foo") - .email("foo") - .username("login@test.com") - .password("password") - .build(); - - adminClient.realm(userId).users().create(rep); - loginPage.open(); loginPage.login("login@test.com", "password"); @@ -363,9 +354,7 @@ public class LoginTest extends AbstractTestRealmKeycloakTest { } finally { setPasswordPolicy(null); UserResource userRsc = adminClient.realm("test").users().get("login-test"); - UserBuilder userBuilder = UserBuilder.edit(userRsc.toRepresentation()) - .password("password"); - userRsc.update(userBuilder.build()); + ApiUtil.resetUserPassword(userRsc, "password", false); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java index 9b8358350e..db66debfc1 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java @@ -79,6 +79,9 @@ public class LogoutTest extends AbstractTestRealmKeycloakTest { String sessionId2 = events.expectLogin().assertEvent().getSessionId(); assertNotEquals(sessionId, sessionId2); + + driver.navigate().to(logoutUrl); + events.expectLogout(sessionId2).detail(Details.REDIRECT_URI, redirectUri).assertEvent(); } @Test @@ -133,6 +136,10 @@ public class LogoutTest extends AbstractTestRealmKeycloakTest { // Check session 3 logged-in oauth.openLoginForm(); events.expectLogin().session(sessionId3).removeDetail(Details.USERNAME).assertEvent(); + + // Logout session 3 by redirect + driver.navigate().to(oauth.getLogoutUrl().redirectUri(AppPage.baseUrl).build()); + events.expectLogout(sessionId3).detail(Details.REDIRECT_URI, AppPage.baseUrl).assertEvent(); } //KEYCLOAK-2741 @@ -198,6 +205,9 @@ public class LogoutTest extends AbstractTestRealmKeycloakTest { String sessionId2 = events.expectLogin().assertEvent().getSessionId(); assertNotEquals(sessionId, sessionId2); + + driver.navigate().to(logoutUrl); + events.expectLogout(sessionId2).removeDetail(Details.REDIRECT_URI).assertEvent(); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java index 51922965f2..1a68d09b5e 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java @@ -130,6 +130,9 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest { assertEquals("test-user@localhost", user.getEmail()); assertEquals("firstName", user.getFirstName()); assertEquals("lastName", user.getLastName()); + + testRealm().users().get(userId).remove(); + setDuplicateEmailsAllowed(false); } @Test diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java index 8ecfa13870..3a12a76133 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java @@ -28,6 +28,7 @@ import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; +import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.pages.AppPage.RequestType; import org.keycloak.testsuite.pages.ErrorPage; @@ -52,41 +53,30 @@ import java.util.concurrent.atomic.AtomicInteger; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; -//import org.keycloak.testsuite.Constants; - /** * @author Stian Thorgersen * @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc. */ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest { - static int lifespan = 0; + private String userId; @Override public void configureTestRealm(RealmRepresentation testRealm) { + } + + @Before + public void setup() { UserRepresentation user = UserBuilder.create() - .username("login-test") - .email("login@test.com") - .enabled(true) - .password("password") - .build(); - testRealm.getUsers().add(user); + .username("login-test") + .email("login@test.com") + .enabled(true) + .build(); + + userId = ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password"); + getCleanup().addUserId(userId); } - @Before - public void setAccessCodeLifespanUserAction() { - // Must do this with adminClient because default is not set until after testRealm.json is loaded. - lifespan = testRealm().toRepresentation().getAccessCodeLifespanUserAction(); - } - - @Before - public void setUserId() { - userId = findUser("login-test").getId(); - } - - - private static String userId; - @Rule public GreenMailRule greenMail = new GreenMailRule(); @@ -466,6 +456,9 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest { assertEquals(0, greenMail.getReceivedMessages().length); events.expectRequiredAction(EventType.RESET_PASSWORD).session((String) null).user(userId).detail(Details.USERNAME, "login-test").removeDetail(Details.CODE_ID).error("user_disabled").assertEvent(); + + user.setEnabled(true); + updateUser(user); } @Test @@ -501,6 +494,8 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest { host[0] = smtpConfig.get("host"); smtpConfig.put("host", "invalid_host"); RealmRepresentation realmRep = testRealm().toRepresentation(); + Map oldSmtp = realmRep.getSmtpServer(); + realmRep.setSmtpServer(smtpConfig); testRealm().update(realmRep); @@ -520,6 +515,10 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest { events.expectRequiredAction(EventType.SEND_RESET_PASSWORD_ERROR).user(userId) .session((String)null) .detail(Details.USERNAME, "login-test").removeDetail(Details.CODE_ID).error(Errors.EMAIL_SEND_FAILED).assertEvent(); + + // Revert SMTP back + realmRep.setSmtpServer(oldSmtp); + testRealm().update(realmRep); } private void setPasswordPolicy(String policy) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java index 34113d811c..215bf15a90 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java @@ -48,10 +48,6 @@ import java.io.IOException; */ public class ScriptAuthenticatorTest extends AbstractFlowTest { - UserRepresentation failUser; - - UserRepresentation okayUser; - @Page protected LoginPage loginPage; @@ -66,7 +62,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest { @Override public void configureTestRealm(RealmRepresentation testRealm) { - failUser = UserBuilder.create() + UserRepresentation failUser = UserBuilder.create() .id("fail") .username("fail") .email("fail@test.com") @@ -74,7 +70,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest { .password("password") .build(); - okayUser = UserBuilder.create() + UserRepresentation okayUser = UserBuilder.create() .id("user") .username("user") .email("user@test.com") @@ -89,6 +85,9 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest { @Before public void configureFlows() throws Exception { + if (testContext.isInitialized()) { + return; + } String scriptFlow = "scriptBrowser"; @@ -134,6 +133,8 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest { Response newExecutionConfigResponse = testRealm().flows().newExecutionConfig(scriptAuth, createScriptAuthConfig(scriptAuth, "authenticator-example.js", "/scripts/authenticator-example.js", "simple script based authenticator")); Assert.assertEquals(201, newExecutionConfigResponse.getStatus()); + + testContext.setInitialized(true); } /** @@ -144,9 +145,9 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest { loginPage.open(); - loginPage.login(okayUser.getUsername(), "password"); + loginPage.login("user", "password"); - events.expectLogin().user(okayUser.getId()).detail(Details.USERNAME, okayUser.getUsername()).assertEvent(); + events.expectLogin().user("user").detail(Details.USERNAME, "user").assertEvent(); } /** @@ -157,7 +158,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest { loginPage.open(); - loginPage.login(failUser.getUsername(), "password"); + loginPage.login("fail", "password"); events.expect(EventType.LOGIN_ERROR).user((String)null).error(Errors.USER_NOT_FOUND).assertEvent(); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/EmailTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/EmailTest.java index 5256233ba9..61748426f6 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/EmailTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/EmailTest.java @@ -96,6 +96,9 @@ public class EmailTest extends AbstractI18NTest { MimeMessage message = greenMail.getReceivedMessages()[0]; Assert.assertEquals("Passwort zurückzusetzen", message.getSubject()); + + // Revert + changeUserLocale("en"); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedHmacKeyProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedHmacKeyProviderTest.java index e5d2bc2d97..961026d4c8 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedHmacKeyProviderTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedHmacKeyProviderTest.java @@ -80,6 +80,7 @@ public class GeneratedHmacKeyProviderTest extends AbstractKeycloakTest { Response response = adminClient.realm("test").components().add(rep); String id = ApiUtil.getCreatedId(response); + response.close(); ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation(); assertEquals(1, createdRep.getConfig().size()); @@ -114,6 +115,7 @@ public class GeneratedHmacKeyProviderTest extends AbstractKeycloakTest { Response response = adminClient.realm("test").components().add(rep); String id = ApiUtil.getCreatedId(response); + response.close(); ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation(); assertEquals(2, createdRep.getConfig().size()); @@ -147,6 +149,7 @@ public class GeneratedHmacKeyProviderTest extends AbstractKeycloakTest { Response response = adminClient.realm("test").components().add(rep); String id = ApiUtil.getCreatedId(response); + response.close(); ComponentRepresentation component = testingClient.server("test").fetch(RunHelpers.internalComponent(id)); assertEquals(32, Base64Url.decode(component.getConfig().getFirst("secret")).length); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedRsaKeyProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedRsaKeyProviderTest.java index 1f2bcc20e9..fba4add6a9 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedRsaKeyProviderTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedRsaKeyProviderTest.java @@ -73,6 +73,8 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest { Response response = adminClient.realm("test").components().add(rep); String id = ApiUtil.getCreatedId(response); + getCleanup().addComponentId(id); + response.close(); ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation(); assertEquals(1, createdRep.getConfig().size()); @@ -99,6 +101,8 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest { Response response = adminClient.realm("test").components().add(rep); String id = ApiUtil.getCreatedId(response); + getCleanup().addComponentId(id); + response.close(); ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation(); assertEquals(2, createdRep.getConfig().size()); @@ -124,6 +128,8 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest { Response response = adminClient.realm("test").components().add(rep); String id = ApiUtil.getCreatedId(response); + getCleanup().addComponentId(id); + response.close(); KeysMetadataRepresentation keys = adminClient.realm("test").keys().getKeyMetadata(); @@ -153,6 +159,8 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest { Response response = adminClient.realm("test").components().add(rep); String id = ApiUtil.getCreatedId(response); + getCleanup().addComponentId(id); + response.close(); KeysMetadataRepresentation keys = adminClient.realm("test").keys().getKeyMetadata(); @@ -187,6 +195,7 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest { ErrorRepresentation errorRepresentation = response.readEntity(ErrorRepresentation.class); assertEquals(error, errorRepresentation.getErrorMessage()); + response.close(); } protected ComponentRepresentation createRep(String name, String providerId) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/ImportedRsaKeyProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/ImportedRsaKeyProviderTest.java index cbec6c45b6..e8d11ecb37 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/ImportedRsaKeyProviderTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/ImportedRsaKeyProviderTest.java @@ -80,6 +80,7 @@ public class ImportedRsaKeyProviderTest extends AbstractKeycloakTest { Response response = adminClient.realm("test").components().add(rep); String id = ApiUtil.getCreatedId(response); + response.close(); ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation(); assertEquals(ComponentRepresentation.SECRET_VALUE, createdRep.getConfig().getFirst(Attributes.PRIVATE_KEY_KEY)); @@ -116,6 +117,7 @@ public class ImportedRsaKeyProviderTest extends AbstractKeycloakTest { Response response = adminClient.realm("test").components().add(rep); String id = ApiUtil.getCreatedId(response); + response.close(); ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation(); assertEquals(ComponentRepresentation.SECRET_VALUE, createdRep.getConfig().getFirst(Attributes.PRIVATE_KEY_KEY)); @@ -206,6 +208,7 @@ public class ImportedRsaKeyProviderTest extends AbstractKeycloakTest { ErrorRepresentation errorRepresentation = response.readEntity(ErrorRepresentation.class); assertEquals(error, errorRepresentation.getErrorMessage()); + response.close(); } protected ComponentRepresentation createRep(String name, String providerId) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/JavaKeystoreKeyProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/JavaKeystoreKeyProviderTest.java index b6fec3e2f8..efb6f87901 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/JavaKeystoreKeyProviderTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/JavaKeystoreKeyProviderTest.java @@ -153,6 +153,7 @@ public class JavaKeystoreKeyProviderTest extends AbstractKeycloakTest { ErrorRepresentation errorRepresentation = response.readEntity(ErrorRepresentation.class); assertTrue(errorRepresentation.getErrorMessage().startsWith(error)); + response.close(); } protected ComponentRepresentation createRep(String name, long priority) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/KeyRotationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/KeyRotationTest.java index 6c54d2b66e..068c426be1 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/KeyRotationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/KeyRotationTest.java @@ -37,6 +37,7 @@ import org.keycloak.representations.idm.KeysMetadataRepresentation; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AssertEvents; +import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.pages.AppPage.RequestType; import org.keycloak.testsuite.pages.LoginPage; @@ -49,6 +50,7 @@ import javax.ws.rs.core.Response; import java.io.IOException; import java.security.KeyPair; import java.security.PublicKey; +import java.util.LinkedList; import java.util.List; import static org.junit.Assert.*; @@ -182,6 +184,9 @@ public class KeyRotationTest extends AbstractKeycloakTest { KeysMetadataRepresentation keyMetadata = adminClient.realm("test").keys().getKeyMetadata(); assertEquals(PemUtils.encodeKey(keys2), keyMetadata.getKeys().get(0).getPublicKey()); + + dropKeys1(); + dropKeys2(); } @Test @@ -200,6 +205,8 @@ public class KeyRotationTest extends AbstractKeycloakTest { keys.getConfig().putSingle("priority", "1000" + i); Response response = adminClient.realm("test").components().add(keys); assertEquals(201, response.getStatus()); + String newId = ApiUtil.getCreatedId(response); + getCleanup().addComponentId(newId); response.close(); String updatedActiveKid = adminClient.realm("test").keys().getKeyMetadata().getActive().get("RSA"); @@ -244,7 +251,8 @@ public class KeyRotationTest extends AbstractKeycloakTest { config.addFirst(Attributes.PRIVATE_KEY_KEY, privateKeyPem); rep.setConfig(config); - adminClient.realm("test").components().add(rep); + Response response = adminClient.realm("test").components().add(rep); + response.close(); rep = new ComponentRepresentation(); rep.setName("mycomponent2"); @@ -256,7 +264,8 @@ public class KeyRotationTest extends AbstractKeycloakTest { config.addFirst("priority", priority); rep.setConfig(config); - adminClient.realm("test").components().add(rep); + response = adminClient.realm("test").components().add(rep); + response.close(); return publicKey; } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java index c05bc7ee1d..729f0c5626 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java @@ -17,6 +17,7 @@ package org.keycloak.testsuite.oauth; import org.jboss.arquillian.graphene.page.Page; +import org.junit.After; import org.junit.Assert; import org.junit.Before; import org.junit.Rule; @@ -50,11 +51,6 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest { @Rule public AssertEvents events = new AssertEvents(this); - @Override - public void beforeAbstractKeycloakTest() throws Exception { - super.beforeAbstractKeycloakTest(); - } - @Override public void addTestRealms(List testRealms) { RealmRepresentation realmRepresentation = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java index 998cc873b2..bcfae6f083 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java @@ -23,6 +23,7 @@ import org.apache.http.HttpResponse; import org.apache.http.NameValuePair; import org.apache.http.client.HttpClient; import org.apache.http.client.entity.UrlEncodedFormEntity; +import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpPost; import org.apache.http.entity.mime.MultipartEntityBuilder; import org.apache.http.entity.mime.content.FileBody; @@ -30,6 +31,7 @@ import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.message.BasicNameValuePair; +import org.junit.Before; import org.junit.BeforeClass; import org.junit.Rule; import org.junit.Test; @@ -88,6 +90,8 @@ import java.util.List; import java.util.Map; import java.util.Set; +import javax.ws.rs.core.Response; + import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotEquals; @@ -99,11 +103,11 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { @Rule public AssertEvents events = new AssertEvents(this); - private String client1SAUserId; + private static String client1SAUserId; - private RealmRepresentation testRealm; - private ClientRepresentation app1, app2, app3; - private UserRepresentation defaultUser, serviceAccountUser; + private static RealmRepresentation testRealm; + private static ClientRepresentation app1, app2, app3; + private static UserRepresentation defaultUser, serviceAccountUser; @BeforeClass public static void beforeClientAuthSignedJWTTest() { @@ -144,15 +148,6 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { realmBuilder.client(app2); - app3 = ClientBuilder.create() - .id(KeycloakModelUtils.generateId()) - .clientId("client3") - .directAccessGrants() - .authenticatorType(JWTClientAuthenticator.PROVIDER_ID) - .build(); - - realmBuilder.client(app3); - // This one is for keystore-client2.p12 , which doesn't work on Sun JDK // app2.setAttribute(JWTClientAuthenticator.CERTIFICATE_ATTR, "MIICnTCCAYUCBgFPPLGHHjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdjbGllbnQxMB4XDTE1MDgxNzE3MjMzMVoXDTI1MDgxNzE3MjUxMVowEjEQMA4GA1UEAwwHY2xpZW50MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIsatXj38fFD9fHslNrsWrubobudXYwwdZpGYqkHIhuDeSojGvhBSLmKIFmtbHMVcLEbS0dIEsSbNVrwjdFfuRuvd9Vu6Ng0JUC8fRhSeQniC3jcBuP8P4WlXK4+ir3Wlya+T6Hum9b68BiH0KyNZtFGJ6zLHuCcq9Bl0JifvibnUkDeTZPwgJNA9+GxS/x8fAkApcAbJrgBZvr57PwhbgHoZdB8aAY5f5ogbGzKDtSUMvFh+Jah39gWtn7p3VOuuMXA8SugogoH8C5m2itrPBL1UPhAcKUeWiqx4SmZe/lZo7x2WbSecNiFaiqBhIW+QbqCYW6I4u0YvuLuEe3+TC8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAZzW5DZviCxUQdV5Ab07PZkUfvImHZ73oWWHZqzUQtZtbVdzfp3cnbb2wyXtlOvingO3hgpoTxV8vbKgLbIQfvkGGHBG1F5e0QVdtikfdcwWb7cy4/9F80OD7cgG0ZAzFbQ8ZY7iS3PToBp3+4tbIK2NK0ntt/MYgJnPbHeG4V4qfgUbFm1YgEK7WpbSVU8jGuJ5DWE+mlYgECZKZ5TSlaVGs2XOm6WXrJScucNekwcBWWiHyRsFHZEDzWmzt8TLTLnnb0vVjhx3qCYxah3RbyyMZm6WLZlLAaGEcwNDO8jaA3hAjrxoOA1xEaolQfGVsb/ElelHcR1Zfe0u4Ekd4tw=="); @@ -177,6 +172,20 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { testRealms.add(testRealm); } + @Before + public void recreateApp3() { + app3 = ClientBuilder.create() + .id(KeycloakModelUtils.generateId()) + .clientId("client3") + .directAccessGrants() + .authenticatorType(JWTClientAuthenticator.PROVIDER_ID) + .build(); + + Response resp = adminClient.realm("test").clients().create(app3); + getCleanup().addClientUuid(ApiUtil.getCreatedId(resp)); + resp.close(); + } + // TEST SUCCESS @Test @@ -452,7 +461,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { List parameters = new LinkedList(); parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CLIENT_CREDENTIALS)); - HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters); + CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters); OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp); assertError(response, null, "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS); @@ -464,7 +473,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CLIENT_CREDENTIALS)); parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, "invalid")); - HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters); + CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters); OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp); assertError(response, null, "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS); @@ -476,7 +485,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CLIENT_CREDENTIALS)); parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT)); - HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters); + CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters); OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp); assertError(response, null, "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS); @@ -491,7 +500,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT)); parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt)); - HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters); + CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters); OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp); assertError(response, null, "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS); @@ -506,7 +515,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT)); parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt)); - HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters); + CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters); OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp); assertError(response, "unknown-client", "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS); @@ -524,12 +533,12 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT)); parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt)); - HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters); + CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters); OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp); assertError(response, "client1", "invalid_client", Errors.CLIENT_DISABLED); - ClientManager.realm(adminClient.realm("test")).clientId("client1").enabled(false); + ClientManager.realm(adminClient.realm("test")).clientId("client1").enabled(true); } @Test @@ -553,7 +562,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT)); parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt)); - HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters); + CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters); OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp); assertError(response, "client1", "unauthorized_client", "client_credentials_setup_required"); @@ -571,7 +580,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT)); parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt)); - HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters); + CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters); OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp); assertError(response, "client1", "unauthorized_client", AuthenticationFlowError.CLIENT_CREDENTIALS_SETUP_REQUIRED.toString().toLowerCase()); @@ -589,7 +598,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT)); parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt)); - HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters); + CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters); OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp); setTimeOffset(0); @@ -608,7 +617,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT)); parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt)); - HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters); + CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters); OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp); setTimeOffset(0); @@ -733,7 +742,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT)); parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt)); - HttpResponse response = sendRequest(oauth.getAccessTokenUrl(), parameters); + CloseableHttpResponse response = sendRequest(oauth.getAccessTokenUrl(), parameters); return new OAuthClient.AccessTokenResponse(response); } @@ -744,7 +753,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT)); parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt)); - HttpResponse response = sendRequest(oauth.getRefreshTokenUrl(), parameters); + CloseableHttpResponse response = sendRequest(oauth.getRefreshTokenUrl(), parameters); return new OAuthClient.AccessTokenResponse(response); } @@ -764,7 +773,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT)); parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt)); - HttpResponse response = sendRequest(oauth.getServiceAccountUrl(), parameters); + CloseableHttpResponse response = sendRequest(oauth.getServiceAccountUrl(), parameters); return new OAuthClient.AccessTokenResponse(response); } @@ -776,11 +785,11 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT)); parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt)); - HttpResponse response = sendRequest(oauth.getResourceOwnerPasswordCredentialGrantUrl(), parameters); + CloseableHttpResponse response = sendRequest(oauth.getResourceOwnerPasswordCredentialGrantUrl(), parameters); return new OAuthClient.AccessTokenResponse(response); } - private HttpResponse sendRequest(String requestUrl, List parameters) throws Exception { + private CloseableHttpResponse sendRequest(String requestUrl, List parameters) throws Exception { CloseableHttpClient client = new DefaultHttpClient(); try { HttpPost post = new HttpPost(requestUrl); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java index 6c829eceb8..f3200661fa 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java @@ -17,6 +17,7 @@ package org.keycloak.testsuite.oauth; import org.jboss.arquillian.graphene.page.Page; +import org.junit.After; import org.junit.Assert; import org.junit.Rule; import org.junit.Test; @@ -70,11 +71,6 @@ public class OAuthGrantTest extends AbstractKeycloakTest { @Page protected AppPage appPage; - @Override - public void beforeAbstractKeycloakTest() throws Exception { - super.beforeAbstractKeycloakTest(); - } - @Override public void addTestRealms(List testRealms) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java index 307ef96fec..01d4bebd86 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java @@ -22,12 +22,14 @@ import java.util.List; import java.util.Map; +import org.junit.After; import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ProtocolMappersResource; import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.testsuite.util.ProtocolMapperUtil; import org.keycloak.protocol.oidc.OIDCLoginProtocol; import org.keycloak.protocol.oidc.mappers.AddressMapper; import org.keycloak.representations.AccessToken; @@ -83,6 +85,15 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest { oauth.clientId("test-app"); } + + private void deleteMappers(ProtocolMappersResource protocolMappers) { + ProtocolMapperRepresentation mapper = ProtocolMapperUtil.getMapperByNameAndProtocol(protocolMappers, OIDCLoginProtocol.LOGIN_PROTOCOL, "Realm roles mapper"); + protocolMappers.delete(mapper.getId()); + + mapper = ProtocolMapperUtil.getMapperByNameAndProtocol(protocolMappers, OIDCLoginProtocol.LOGIN_PROTOCOL, "Client roles mapper"); + protocolMappers.delete(mapper.getId()); + } + @Override public void addTestRealms(List testRealms) { RealmRepresentation realm = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class); @@ -239,12 +250,15 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest { String realmRoleMappings = (String) roleMappings.get("realm"); String testAppMappings = (String) roleMappings.get("test-app"); assertRoles(realmRoleMappings, - "pref.user", // from direct assignment in user definition - "pref.offline_access" // from direct assignment in user definition + "pref.user", // from direct assignment in user definition + "pref.offline_access" // from direct assignment in user definition ); assertRoles(testAppMappings, "customer-user" // from direct assignment in user definition ); + + // Revert + deleteMappers(protocolMappers); } @@ -268,11 +282,11 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest { String realmRoleMappings = (String) roleMappings.get("realm"); String testAppMappings = (String) roleMappings.get(clientId); assertRoles(realmRoleMappings, - "pref.admin", // from direct assignment to /roleRichGroup/level2group - "pref.user", // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup - "pref.customer-user-premium", // from client role customer-admin-composite-role - realm role for test-app - "pref.realm-composite-role", // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup - "pref.sample-realm-role" // from realm role realm-composite-role + "pref.admin", // from direct assignment to /roleRichGroup/level2group + "pref.user", // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup + "pref.customer-user-premium", // from client role customer-admin-composite-role - realm role for test-app + "pref.realm-composite-role", // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup + "pref.sample-realm-role" // from realm role realm-composite-role ); assertRoles(testAppMappings, "ta.customer-user", // from direct assignment to /roleRichGroup/level2group @@ -280,6 +294,9 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest { "ta.customer-admin", // from client role customer-admin-composite-role - client role for test-app "ta.sample-client-role" // from realm role realm-composite-role - client role for test-app ); + + // Revert + deleteMappers(protocolMappers); } @Test @@ -303,13 +320,16 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest { String realmRoleMappings = (String) roleMappings.get("realm"); String testAppAuthzMappings = (String) roleMappings.get(clientId); assertRoles(realmRoleMappings, - "pref.admin", // from direct assignment to /roleRichGroup/level2group - "pref.user", // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup - "pref.customer-user-premium", // from client role customer-admin-composite-role - realm role for test-app - "pref.realm-composite-role", // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup - "pref.sample-realm-role" // from realm role realm-composite-role + "pref.admin", // from direct assignment to /roleRichGroup/level2group + "pref.user", // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup + "pref.customer-user-premium", // from client role customer-admin-composite-role - realm role for test-app + "pref.realm-composite-role", // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup + "pref.sample-realm-role" // from realm role realm-composite-role ); assertRoles(testAppAuthzMappings); // There is no client role defined for test-app-authz + + // Revert + deleteMappers(protocolMappers); } @Test @@ -333,12 +353,15 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest { String realmRoleMappings = (String) roleMappings.get("realm"); String testAppScopeMappings = (String) roleMappings.get(clientId); assertRoles(realmRoleMappings, - "pref.admin", // from direct assignment to /roleRichGroup/level2group - "pref.user" // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup + "pref.admin", // from direct assignment to /roleRichGroup/level2group + "pref.user" // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup ); assertRoles(testAppScopeMappings, "test-app-allowed-by-scope" // from direct assignment to roleRichUser, present as scope allows it ); + + // Revert + deleteMappers(protocolMappers); } @Test @@ -369,6 +392,9 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest { "test-app-allowed-by-scope", // from direct assignment to roleRichUser, present as scope allows it "customer-admin-composite-role" // from direct assignment to /roleRichGroup/level2group, present as scope allows it ); + + // Revert + deleteMappers(protocolMappers); } private void assertRoles(String actualRoleString, String...expectedRoles) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java index 150ff6b3cb..921e3dbd24 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java @@ -59,6 +59,8 @@ import org.keycloak.util.TokenUtil; import java.util.Collections; import java.util.List; +import javax.ws.rs.NotFoundException; + import static org.junit.Assert.assertEquals; import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson; import static org.keycloak.testsuite.admin.ApiUtil.findRealmRoleByName; @@ -253,8 +255,11 @@ public class OfflineTokenTest extends AbstractKeycloakTest { // Assert userSession expired testingClient.testing().removeExpired("test"); - - testingClient.testing().removeUserSession("test", sessionId); + try { + testingClient.testing().removeUserSession("test", sessionId); + } catch (NotFoundException nfe) { + // Ignore + } OAuthClient.AccessTokenResponse response = oauth.doRefreshTokenRequest(offlineTokenString, "secret1"); AccessToken refreshedToken = oauth.verifyToken(response.getAccessToken()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AuthnRequestNameIdFormatTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AuthnRequestNameIdFormatTest.java index 4f942606d7..ffa565117e 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AuthnRequestNameIdFormatTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AuthnRequestNameIdFormatTest.java @@ -143,6 +143,11 @@ public class AuthnRequestNameIdFormatTest extends AbstractSamlTest { clientRes.update(client); testLoginWithNameIdPolicy(Binding.REDIRECT, Binding.POST, null, is("bburke")); + + // Revert + client = clientRes.toRepresentation(); + client.getAttributes().put(SamlConfigAttributes.SAML_FORCE_POST_BINDING, "false"); + clientRes.update(client); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AdminEventPaths.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AdminEventPaths.java index 5e61d00c06..db16f02cca 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AdminEventPaths.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AdminEventPaths.java @@ -25,6 +25,7 @@ import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ClientTemplateResource; import org.keycloak.admin.client.resource.ClientTemplatesResource; import org.keycloak.admin.client.resource.ClientsResource; +import org.keycloak.admin.client.resource.ComponentsResource; import org.keycloak.admin.client.resource.GroupResource; import org.keycloak.admin.client.resource.GroupsResource; import org.keycloak.admin.client.resource.IdentityProviderResource; @@ -282,6 +283,20 @@ public class AdminEventPaths { return uri.toString(); } + // COMPONENTS + public static String componentsPath() { + URI uri = UriBuilder.fromUri("").path(RealmResource.class, "components").build(); + return uri.toString(); + } + + public static String componentPath(String componentId) { + URI uri = UriBuilder.fromUri(componentsPath()).path(ComponentsResource.class, "component").build(componentId); + return uri.toString(); + } + + + + // CLIENT INITIAL ACCESS public static String clientInitialAccessPath(String clientInitialAccessId) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java index 4736165ad2..ec1156a42c 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java @@ -64,7 +64,7 @@ public class AssertAdminEvents implements TestRule { @Override public void evaluate() throws Throwable { // TODO: Ideally clear the queue just before testClass rather then before each method - context.getTestingClient().testing().clearAdminEventQueue(); + clear(); base.evaluate(); // TODO Test should fail if there are leftover events } @@ -85,12 +85,7 @@ public class AssertAdminEvents implements TestRule { // Clears both "classic" and admin events for now public void clear() { - Response res = context.getTestingClient().testing().clearAdminEventQueue(); - try { - Assert.assertEquals("clear-admin-event-queue success", res.getStatus(), 200); - } finally { - res.close(); - } + context.getTestingClient().testing().clearAdminEventQueue(); } private AdminEventRepresentation fetchNextEvent() { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ProtocolMapperUtil.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ProtocolMapperUtil.java index 6bcea06cd2..e8e9e62643 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ProtocolMapperUtil.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ProtocolMapperUtil.java @@ -1,6 +1,8 @@ package org.keycloak.testsuite.util; +import org.keycloak.admin.client.resource.ProtocolMappersResource; import org.keycloak.models.utils.ModelToRepresentation; +import org.keycloak.protocol.ProtocolMapper; import org.keycloak.protocol.oidc.mappers.AddressMapper; import org.keycloak.protocol.oidc.mappers.HardcodedClaim; import org.keycloak.protocol.oidc.mappers.HardcodedRole; @@ -123,4 +125,13 @@ public class ProtocolMapperUtil { return ModelToRepresentation.toRepresentation(UserClientRoleMappingMapper.create(clientId, clientRolePrefix, name, tokenClaimName, accessToken, idToken)); } + + public static ProtocolMapperRepresentation getMapperByNameAndProtocol(ProtocolMappersResource protocolMappers, String protocol, String name) { + for (ProtocolMapperRepresentation mapper : protocolMappers.getMappersPerProtocol(protocol)) { + if (name.equals(mapper.getName())) { + return mapper; + } + } + return null; + } }