libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-1590 Realm import per test class

Browse source
This commit is contained in:
mposolda 2017-02-21 15:06:56 +01:00
parent 52fbe00c04
commit 091b376624
90 changed files with 1442 additions and 479 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPAttributeMapper.java
View file

@ -99,6 +99,10 @@ public class HardcodedLDAPAttributeMapper extends AbstractLDAPStorageMapper {
@Override
public UserModel proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm) {
// Don't update attribute in LDAP later. It's supposed to be written just at registration time
String ldapAttrName = mapperModel.get(LDAP_ATTRIBUTE_NAME);
ldapUser.addReadOnlyAttributeName(ldapAttrName);
return delegate;
}

7
server-spi-private/src/main/java/org/keycloak/events/admin/ResourceType.java
View file

@ -151,5 +151,10 @@ public enum ResourceType {
/**
*
*/
, CLUSTER_NODE;
, CLUSTER_NODE
/**
*
*/
, COMPONENT;
}

2
services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
View file

@ -221,7 +221,7 @@ public class AuthenticationManagementResource {
flow.setId(createdModel.getId());
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, createdModel.getId()).representation(flow).success();
return Response.status(201).build();
return Response.created(uriInfo.getAbsolutePathBuilder().path(flow.getId()).build()).build();
}
/**

7
services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java
View file

@ -25,6 +25,7 @@ import org.keycloak.component.ComponentModel;
import org.keycloak.component.ComponentValidationException;
import org.keycloak.component.SubComponentFactory;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.ModelToRepresentation;
@ -93,7 +94,7 @@ public class ComponentResource {
public ComponentResource(RealmModel realm, RealmAuth auth, AdminEventBuilder adminEvent) {
this.auth = auth;
this.realm = realm;
this.adminEvent = adminEvent;
this.adminEvent = adminEvent.resource(ResourceType.COMPONENT);
auth.init(RealmAuth.Resource.REALM);
}
@ -175,7 +176,7 @@ public class ComponentResource {
throw new NotFoundException("Could not find component");
}
RepresentationToModel.updateComponent(session, rep, model, false);
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo, model.getId()).representation(StripSecretsUtils.strip(session, rep)).success();
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(StripSecretsUtils.strip(session, rep)).success();
realm.updateComponent(model);
return Response.noContent().build();
} catch (ComponentValidationException e) {
@ -192,7 +193,7 @@ public class ComponentResource {
if (model == null) {
throw new NotFoundException("Could not find component");
}
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo, model.getId()).success();
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
realm.removeComponent(model);
}

8
testsuite/integration-arquillian/HOW-TO-RUN.md
View file

@ -21,8 +21,10 @@ Adding this system property when running any test:
-Darquillian.debug=true
will add lots of info to the log. Especially about all the triggered arquillian lifecycle events and executed observers listening to those events.
Also the bootstrap of WebDriver will be unlimited (by default there is 1 minute timeout and test is cancelled when WebDriver is not bootstrapped within it.)
will add lots of info to the log. Especially about:
* The test method names, which will be executed for each test class, will be written at the proper running order to the log at the beginning of each test (done by KcArquillian class).
* All the triggered arquillian lifecycle events and executed observers listening to those events will be written to the log
* The bootstrap of WebDriver will be unlimited. By default there is just 1 minute timeout and test is cancelled when WebDriver is not bootstrapped within it.
### WebDriver timeout
@ -41,7 +43,7 @@ and adapter are all in the same JVM and you can debug them easily. If it is not
-Dmaven.surefire.debug=true
and you will be able to attach remote debugger to the test. Unfortunately server and adapter are running in different JVMs, so you won't be able to debug them.
and you will be able to attach remote debugger to the test. Unfortunately server and adapter are running in different JVMs, so this won't help to debug those.
TODO: Improve and add more info about Wildfly debugging...

15
testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java
View file

@ -146,6 +146,11 @@ public class KeycloakOnUndertow implements DeployableContainer<KeycloakOnUnderto
@Override
public void start() throws LifecycleException {
if (isRemoteMode()) {
log.info("Skip bootstrap undertow. We are in remote mode");
return;
}
log.info("Starting auth server on embedded Undertow.");
long start = System.currentTimeMillis();
@ -169,11 +174,21 @@ public class KeycloakOnUndertow implements DeployableContainer<KeycloakOnUnderto
@Override
public void stop() throws LifecycleException {
if (isRemoteMode()) {
log.info("Skip stopping undertow. We are in remote mode");
return;
}
log.info("Stopping auth server.");
sessionFactory.close();
undertow.stop();
}
private boolean isRemoteMode() {
//return true;
return "true".equals(System.getProperty("remote.mode"));
}
@Override
public void undeploy(Archive<?> archive) throws DeploymentException {
Field containerField = Reflections.findDeclaredField(UndertowJaxrsServer.class, "container");

36
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java
View file

@ -28,9 +28,13 @@ import org.jboss.arquillian.core.api.annotation.Inject;
import org.jboss.arquillian.core.api.annotation.Observes;
import org.jboss.arquillian.test.spi.annotation.ClassScoped;
import org.jboss.arquillian.test.spi.annotation.SuiteScoped;
import org.jboss.arquillian.test.spi.event.suite.AfterClass;
import org.jboss.arquillian.test.spi.event.suite.BeforeClass;
import org.jboss.arquillian.test.spi.event.suite.BeforeSuite;
import org.jboss.logging.Logger;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.client.KeycloakTestingClient;
import org.keycloak.testsuite.util.LogChecker;
import org.keycloak.testsuite.util.OAuthClient;
@ -38,8 +42,11 @@ import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.ws.rs.NotFoundException;
/**
*
* @author tkyjovsk
@ -203,4 +210,33 @@ public class AuthServerTestEnricher {
oAuthClientProducer.set(oAuthClient);
}
public void afterClass(@Observes(precedence = 2) AfterClass event) {
TestContext testContext = testContextProducer.get();
List<RealmRepresentation> testRealmReps = testContext.getTestRealmReps();
Keycloak adminClient = testContext.getAdminClient();
KeycloakTestingClient testingClient = testContext.getTestingClient();
if (testRealmReps != null) {
log.info("removing test realms after test class");
for (RealmRepresentation testRealm : testRealmReps) {
String realmName = testRealm.getRealm();
log.info("removing realm: " + realmName);
try {
adminClient.realms().realm(realmName).remove();
} catch (NotFoundException e) {
// Ignore
}
}
}
if (adminClient != null) {
adminClient.close();
}
if (testingClient != null) {
testingClient.close();
}
}
}

53
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KcArquillian.java Normal file
View file

@ -0,0 +1,53 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.arquillian;
import java.util.List;
import org.jboss.arquillian.junit.Arquillian;
import org.jboss.logging.Logger;
import org.junit.runners.model.FrameworkMethod;
import org.junit.runners.model.InitializationError;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class KcArquillian extends Arquillian {
protected final Logger log = Logger.getLogger(this.getClass());
public static final boolean ARQUILLIAN_DEBUG = "true".equals(System.getProperty("arquillian.debug"));
public KcArquillian(Class<?> testClass) throws InitializationError
{
super(testClass);
}
@Override
protected List<FrameworkMethod> getChildren() {
List<FrameworkMethod> children = super.getChildren();
if (ARQUILLIAN_DEBUG) {
for (FrameworkMethod method : children) {
log.info(method.getName());
}
}
return children;
}
}

64
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/TestContext.java
View file

@ -21,6 +21,13 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.ws.rs.NotFoundException;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.client.KeycloakTestingClient;
import org.keycloak.testsuite.util.TestCleanup;
/**
*
* @author tkyjovsk
@ -38,6 +45,17 @@ public final class TestContext {
private final Map customContext = new HashMap<>();
private Keycloak adminClient;
private KeycloakTestingClient testingClient;
private List<RealmRepresentation> testRealmReps;
// Track if particular test was initialized. What exactly means "initialized" is test dependent (Eg. some user in @Before method was created, so we can set initialized to true
// to avoid creating user when @Before method is executed for 2nd time)
private boolean initialized;
// Key is realmName, value are objects to clean after the test method
private Map<String, TestCleanup> cleanups = new HashMap<>();
public TestContext(SuiteContext suiteContext, Class testClass) {
this.suiteContext = suiteContext;
this.testClass = testClass;
@ -92,6 +110,52 @@ public final class TestContext {
+ (isAdapterTest() ? "App server container: " + getAppServerInfo() + "\n" : "");
}
public Keycloak getAdminClient() {
return adminClient;
}
public void setAdminClient(Keycloak adminClient) {
this.adminClient = adminClient;
}
public KeycloakTestingClient getTestingClient() {
return testingClient;
}
public void setTestingClient(KeycloakTestingClient testingClient) {
this.testingClient = testingClient;
}
public List<RealmRepresentation> getTestRealmReps() {
return testRealmReps;
}
public void setTestRealmReps(List<RealmRepresentation> testRealmReps) {
this.testRealmReps = testRealmReps;
}
public boolean isInitialized() {
return initialized;
}
public void setInitialized(boolean initialized) {
this.initialized = initialized;
}
public TestCleanup getOrCreateCleanup(String realmName) {
TestCleanup cleanup = cleanups.get(realmName);
if (cleanup == null) {
cleanup = new TestCleanup(adminClient, realmName);
cleanups.put(realmName, cleanup);
}
return cleanup;
}
public Map<String, TestCleanup> getCleanups() {
return cleanups;
}
public Object getCustomValue(Object key) {
return customContext.get(key);
}

2
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestApplicationResource.java
View file

@ -53,7 +53,7 @@ public interface TestApplicationResource {
@POST
@Path("/clear-admin-actions")
Response clearAdminActions();
void clearAdminActions();
@GET
@Produces(MediaType.TEXT_HTML)

4
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingExportImportResource.java
View file

@ -35,12 +35,12 @@ public interface TestingExportImportResource {
@GET
@Path("/run-import")
@Produces(MediaType.APPLICATION_JSON)
public Response runImport();
void runImport();
@GET
@Path("/run-export")
@Produces(MediaType.APPLICATION_JSON)
public Response runExport();
void runExport();
@GET
@Path("/get-users-per-file")

24
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java
View file

@ -72,27 +72,27 @@ public interface TestingResource {
@POST
@Path("/clear-event-queue")
@Produces(MediaType.APPLICATION_JSON)
Response clearEventQueue();
void clearEventQueue();
@POST
@Path("/clear-admin-event-queue")
@Produces(MediaType.APPLICATION_JSON)
Response clearAdminEventQueue();
void clearAdminEventQueue();
@GET
@Path("/clear-event-store")
@Produces(MediaType.APPLICATION_JSON)
public Response clearEventStore();
void clearEventStore();
@GET
@Path("/clear-event-store-for-realm")
@Produces(MediaType.APPLICATION_JSON)
public Response clearEventStore(@QueryParam("realmId") String realmId);
void clearEventStore(@QueryParam("realmId") String realmId);
@GET
@Path("/clear-event-store-older-than")
@Produces(MediaType.APPLICATION_JSON)
public Response clearEventStore(@QueryParam("realmId") String realmId, @QueryParam("olderThan") long olderThan);
void clearEventStore(@QueryParam("realmId") String realmId, @QueryParam("olderThan") long olderThan);
/**
* Query events
@ -127,17 +127,17 @@ public interface TestingResource {
@GET
@Path("/clear-admin-event-store")
@Produces(MediaType.APPLICATION_JSON)
public Response clearAdminEventStore();
void clearAdminEventStore();
@GET
@Path("/clear-admin-event-store-for-realm")
@Produces(MediaType.APPLICATION_JSON)
public Response clearAdminEventStore(@QueryParam("realmId") String realmId);
void clearAdminEventStore(@QueryParam("realmId") String realmId);
@GET
@Path("/clear-admin-event-store-older-than")
@Produces(MediaType.APPLICATION_JSON)
public Response clearAdminEventStore(@QueryParam("realmId") String realmId, @QueryParam("olderThan") long olderThan);
void clearAdminEventStore(@QueryParam("realmId") String realmId, @QueryParam("olderThan") long olderThan);
/**
* Get admin events
@ -170,17 +170,17 @@ public interface TestingResource {
@POST
@Path("/on-admin-event")
@Consumes(MediaType.APPLICATION_JSON)
public void onAdminEvent(final AdminEventRepresentation rep, @QueryParam("includeRepresentation") boolean includeRepresentation);
void onAdminEvent(final AdminEventRepresentation rep, @QueryParam("includeRepresentation") boolean includeRepresentation);
@POST
@Path("/remove-user-session")
@Produces(MediaType.APPLICATION_JSON)
Response removeUserSession(@QueryParam("realm") final String realm, @QueryParam("session") final String sessionId);
void removeUserSession(@QueryParam("realm") final String realm, @QueryParam("session") final String sessionId);
@POST
@Path("/remove-user-sessions")
@Produces(MediaType.APPLICATION_JSON)
Response removeUserSessions(@QueryParam("realm") final String realm);
void removeUserSessions(@QueryParam("realm") final String realm);
@GET
@Path("/get-user-session")
@ -190,7 +190,7 @@ public interface TestingResource {
@POST
@Path("/remove-expired")
@Produces(MediaType.APPLICATION_JSON)
Response removeExpired(@QueryParam("realm") final String realm);
void removeExpired(@QueryParam("realm") final String realm);
@Path("/cache/{cache}")
TestingCacheResource cache(@PathParam("cache") String cacheName);

66
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java Normal file
View file

@ -0,0 +1,66 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.util;
import java.io.File;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import javax.net.ssl.SSLContext;
import org.apache.http.ssl.SSLContexts;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.models.Constants;
import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
import static org.keycloak.testsuite.auth.page.AuthRealm.ADMIN;
import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
import static org.keycloak.testsuite.util.IOUtil.PROJECT_BUILD_DIRECTORY;
public class AdminClientUtil {
public static Keycloak createAdminClient() throws Exception {
SSLContext ssl = null;
if ("true".equals(System.getProperty("auth.server.ssl.required"))) {
File trustore = new File(PROJECT_BUILD_DIRECTORY, "dependency/keystore/keycloak.truststore");
ssl = getSSLContextWithTrustore(trustore, "secret");
System.setProperty("javax.net.ssl.trustStore", trustore.getAbsolutePath());
}
return Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth",
MASTER, ADMIN, ADMIN, Constants.ADMIN_CLI_CLIENT_ID, null, ssl);
}
private static SSLContext getSSLContextWithTrustore(File file, String password) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
if (!file.isFile()) {
throw new RuntimeException("Truststore file not found: " + file.getAbsolutePath());
}
SSLContext theContext = SSLContexts.custom()
.useProtocol("TLS")
.loadTrustMaterial(file, password == null ? null : password.toCharArray())
.build();
return theContext;
}
}

28
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java
View file

@ -54,6 +54,8 @@ import org.openqa.selenium.By;
import org.openqa.selenium.WebDriver;
import javax.ws.rs.core.UriBuilder;
import java.io.Closeable;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
@ -271,7 +273,9 @@ public class OAuthClient {
try {
ByteArrayOutputStream out = new ByteArrayOutputStream();
client.execute(post).getEntity().writeTo(out);
CloseableHttpResponse response = client.execute(post);
response.getEntity().writeTo(out);
response.close();
return new String(out.toByteArray());
} catch (Exception e) {
@ -776,7 +780,8 @@ public class OAuthClient {
private String error;
private String errorDescription;
public AccessTokenResponse(HttpResponse response) throws Exception {
public AccessTokenResponse(CloseableHttpResponse response) throws Exception {
try {
statusCode = response.getStatusLine().getStatusCode();
if (!"application/json".equals(response.getHeaders("Content-Type")[0].getValue())) {
Assert.fail("Invalid content type");
@ -786,18 +791,21 @@ public class OAuthClient {
Map responseJson = JsonSerialization.readValue(s, Map.class);
if (statusCode == 200) {
idToken = (String)responseJson.get("id_token");
accessToken = (String)responseJson.get("access_token");
tokenType = (String)responseJson.get("token_type");
expiresIn = (Integer)responseJson.get("expires_in");
refreshExpiresIn = (Integer)responseJson.get("refresh_expires_in");
idToken = (String) responseJson.get("id_token");
accessToken = (String) responseJson.get("access_token");
tokenType = (String) responseJson.get("token_type");
expiresIn = (Integer) responseJson.get("expires_in");
refreshExpiresIn = (Integer) responseJson.get("refresh_expires_in");
if (responseJson.containsKey(OAuth2Constants.REFRESH_TOKEN)) {
refreshToken = (String)responseJson.get(OAuth2Constants.REFRESH_TOKEN);
refreshToken = (String) responseJson.get(OAuth2Constants.REFRESH_TOKEN);
}
} else {
error = (String)responseJson.get(OAuth2Constants.ERROR);
errorDescription = responseJson.containsKey(OAuth2Constants.ERROR_DESCRIPTION) ? (String)responseJson.get(OAuth2Constants.ERROR_DESCRIPTION) : null;
error = (String) responseJson.get(OAuth2Constants.ERROR);
errorDescription = responseJson.containsKey(OAuth2Constants.ERROR_DESCRIPTION) ? (String) responseJson.get(OAuth2Constants.ERROR_DESCRIPTION) : null;
}
} finally {
response.close();
}
}

202
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/TestCleanup.java Normal file
View file

@ -0,0 +1,202 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.util;
import java.util.LinkedList;
import java.util.List;
import javax.ws.rs.NotFoundException;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.RealmResource;
/**
* Enlist resources to be cleaned after test method
*
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class TestCleanup {
private final Keycloak adminClient;
private final String realmName;
private List<String> identityProviderAliases;
private List<String> userIds;
private List<String> componentIds;
private List<String> clientUuids;
private List<String> roleIds;
private List<String> groupIds;
private List<String> authFlowIds;
private List<String> authConfigIds;
public TestCleanup(Keycloak adminClient, String realmName) {
this.adminClient = adminClient;
this.realmName = realmName;
}
public void addUserId(String userId) {
if (userIds == null) {
userIds = new LinkedList<>();
}
userIds.add(userId);
}
public void addIdentityProviderAlias(String identityProviderAlias) {
if (identityProviderAliases == null) {
identityProviderAliases = new LinkedList<>();
}
identityProviderAliases.add(identityProviderAlias);
}
public void addComponentId(String componentId) {
if (componentIds == null) {
componentIds = new LinkedList<>();
}
componentIds.add(componentId);
}
public void addClientUuid(String clientUuid) {
if (clientUuids == null) {
clientUuids = new LinkedList<>();
}
clientUuids.add(clientUuid);
}
public void addRoleId(String roleId) {
if (roleIds == null) {
roleIds = new LinkedList<>();
}
roleIds.add(roleId);
}
public void addGroupId(String groupId) {
if (groupIds == null) {
groupIds = new LinkedList<>();
}
groupIds.add(groupId);
}
public void addAuthenticationFlowId(String flowId) {
if (authFlowIds == null) {
authFlowIds = new LinkedList<>();
}
authFlowIds.add(flowId);
}
public void addAuthenticationConfigId(String executionConfigId) {
if (authConfigIds == null) {
authConfigIds = new LinkedList<>();
}
authConfigIds.add(executionConfigId);
}
public void executeCleanup() {
RealmResource realm = adminClient.realm(realmName);
if (userIds != null) {
for (String userId : userIds) {
try {
realm.users().get(userId).remove();
} catch (NotFoundException nfe) {
// User might be already deleted in the test
}
}
}
if (identityProviderAliases != null) {
for (String idpAlias : identityProviderAliases) {
try {
realm.identityProviders().get(idpAlias).remove();
} catch (NotFoundException nfe) {
// Idp might be already deleted in the test
}
}
}
if (componentIds != null) {
for (String componentId : componentIds) {
try {
realm.components().component(componentId).remove();
} catch (NotFoundException nfe) {
// Idp might be already deleted in the test
}
}
}
if (clientUuids != null) {
for (String clientUuId : clientUuids) {
try {
realm.clients().get(clientUuId).remove();
} catch (NotFoundException nfe) {
// Idp might be already deleted in the test
}
}
}
if (roleIds != null) {
for (String roleId : roleIds) {
try {
realm.rolesById().deleteRole(roleId);
} catch (NotFoundException nfe) {
// Idp might be already deleted in the test
}
}
}
if (groupIds != null) {
for (String groupId : groupIds) {
try {
realm.groups().group(groupId).remove();
} catch (NotFoundException nfe) {
// Idp might be already deleted in the test
}
}
}
if (authFlowIds != null) {
for (String flowId : authFlowIds) {
try {
realm.flows().deleteFlow(flowId);
} catch (NotFoundException nfe) {
// Idp might be already deleted in the test
}
}
}
if (authConfigIds != null) {
for (String configId : authConfigIds) {
try {
realm.flows().removeAuthenticatorConfig(configId);
} catch (NotFoundException nfe) {
// Idp might be already deleted in the test
}
}
}
}
}

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractAuthTest.java
View file

@ -21,6 +21,7 @@ import org.junit.Before;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.auth.page.AuthRealm;
import org.keycloak.testsuite.auth.page.account.Account;
import org.keycloak.testsuite.auth.page.login.OIDCLogin;
@ -63,6 +64,7 @@ public abstract class AbstractAuthTest extends AbstractKeycloakTest {
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
RealmRepresentation testRealmRep = new RealmRepresentation();
testRealmRep.setId(TEST);
testRealmRep.setRealm(TEST);
testRealmRep.setEnabled(true);
testRealms.add(testRealmRep);
@ -89,6 +91,8 @@ public abstract class AbstractAuthTest extends AbstractKeycloakTest {
public void createTestUserWithAdminClient() {
ApiUtil.removeUserByUsername(testRealmResource(), "test");
log.debug("creating test user");
String id = createUserAndResetPasswordWithAdminClient(testRealmResource(), testUser, PASSWORD);
testUser.setId(id);

99
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java
View file

@ -19,19 +19,15 @@ package org.keycloak.testsuite;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.configuration.PropertiesConfiguration;
import org.apache.http.ssl.SSLContexts;
import org.h2.util.IOUtils;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.common.util.Time;
import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
import org.keycloak.testsuite.arquillian.KcArquillian;
import org.keycloak.testsuite.arquillian.TestContext;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
@ -46,7 +42,6 @@ import javax.ws.rs.NotFoundException;
import org.jboss.arquillian.container.test.api.RunAsClient;
import org.jboss.arquillian.drone.api.annotation.Drone;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.arquillian.junit.Arquillian;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.logging.Logger;
import org.junit.After;
@ -73,7 +68,9 @@ import org.keycloak.testsuite.auth.page.account.Account;
import org.keycloak.testsuite.auth.page.login.OIDCLogin;
import org.keycloak.testsuite.auth.page.login.UpdatePassword;
import org.keycloak.testsuite.client.KeycloakTestingClient;
import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.TestCleanup;
import org.keycloak.testsuite.util.TestEventsLogger;
import org.openqa.selenium.WebDriver;
@ -86,7 +83,7 @@ import static org.keycloak.testsuite.util.IOUtil.PROJECT_BUILD_DIRECTORY;
*
* @author tkyjovsk
*/
@RunWith(Arquillian.class)
@RunWith(KcArquillian.class)
@RunAsClient
public abstract class AbstractKeycloakTest {
@ -136,17 +133,12 @@ public abstract class AbstractKeycloakTest {
@Before
public void beforeAbstractKeycloakTest() throws Exception {
SSLContext ssl = null;
if ("true".equals(System.getProperty("auth.server.ssl.required"))) {
File trustore = new File(PROJECT_BUILD_DIRECTORY, "dependency/keystore/keycloak.truststore");
ssl = getSSLContextWithTrustore(trustore, "secret");
System.setProperty("javax.net.ssl.trustStore", trustore.getAbsolutePath());
adminClient = testContext.getAdminClient();
if (adminClient == null) {
adminClient = AdminClientUtil.createAdminClient();
testContext.setAdminClient(adminClient);
}
adminClient = Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth",
MASTER, ADMIN, ADMIN, Constants.ADMIN_CLI_CLIENT_ID, null, ssl);
getTestingClient();
adminUser = createAdminUserRepresentation();
@ -161,8 +153,14 @@ public abstract class AbstractKeycloakTest {
suiteContext.setAdminPasswordUpdated(true);
}
if (testContext.getTestRealmReps() == null) {
importTestRealms();
if (!isImportAfterEachMethod()) {
testContext.setTestRealmReps(testRealmReps);
}
}
oauth.init(adminClient, driver);
}
@ -172,8 +170,36 @@ public abstract class AbstractKeycloakTest {
resetTimeOffset();
}
removeTestRealms(); // Remove realms after tests. Tests should cleanup after themselves!
adminClient.close(); // don't keep admin connection open
if (isImportAfterEachMethod()) {
log.info("removing test realms after test method");
for (RealmRepresentation testRealm : testRealmReps) {
removeRealm(testRealm.getRealm());
}
} else {
// Logout all users after the test
List<RealmRepresentation> realms = testContext.getTestRealmReps();
for (RealmRepresentation realm : realms) {
adminClient.realm(realm.getRealm()).logoutAll();
}
// Cleanup objects
for (TestCleanup cleanup : testContext.getCleanups().values()) {
cleanup.executeCleanup();
}
testContext.getCleanups().clear();
}
}
protected TestCleanup getCleanup(String realmName) {
return testContext.getOrCreateCleanup(realmName);
}
protected TestCleanup getCleanup() {
return getCleanup("test");
}
protected boolean isImportAfterEachMethod() {
return false;
}
private void updateMasterAdminPassword() {
@ -194,18 +220,33 @@ public abstract class AbstractKeycloakTest {
driver.manage().deleteAllCookies();
}
protected void deleteAllCookiesForRealm(String realmName) {
// masterRealmPage.navigateTo();
driver.navigate().to(oauth.AUTH_SERVER_ROOT + "/realms/" + realmName + "/account"); // Because IE webdriver freezes when loading a JSON page (realm page), we need to use this alternative
log.info("deleting cookies in '" + realmName + "' realm");
driver.manage().deleteAllCookies();
}
public void setDefaultPageUriParameters() {
masterRealmPage.setAuthRealm(MASTER);
loginPage.setAuthRealm(MASTER);
}
public KeycloakTestingClient getTestingClient() {
if (testingClient == null) {
testingClient = testContext.getTestingClient();
if (testingClient == null) {
testingClient = KeycloakTestingClient.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth");
testContext.setTestingClient(testingClient);
}
}
return testingClient;
}
public TestContext getTestContext() {
return testContext;
}
public Keycloak getAdminClient() {
return adminClient;
}
@ -230,13 +271,6 @@ public abstract class AbstractKeycloakTest {
}
}
public void removeTestRealms() {
log.info("removing test realms");
for (RealmRepresentation testRealm : testRealmReps) {
removeRealm(testRealm);
}
}
private UserRepresentation createAdminUserRepresentation() {
UserRepresentation adminUserRep = new UserRepresentation();
adminUserRep.setUsername(ADMIN);
@ -265,10 +299,6 @@ public abstract class AbstractKeycloakTest {
}
}
public void removeRealm(RealmRepresentation realm) {
removeRealm(realm.getRealm());
}
public RealmsResource realmsResouce() {
return adminClient.realms();
}
@ -360,15 +390,4 @@ public abstract class AbstractKeycloakTest {
throw new RuntimeException(e);
}
}
public static SSLContext getSSLContextWithTrustore(File file, String password) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
if (!file.isFile()) {
throw new RuntimeException("Truststore file not found: " + file.getAbsolutePath());
}
SSLContext theContext = SSLContexts.custom()
.useProtocol("TLS")
.loadTrustMaterial(file, password == null ? null : password.toCharArray())
.build();
return theContext;
}
}

8
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractTestRealmKeycloakTest.java
View file

@ -17,6 +17,7 @@
package org.keycloak.testsuite;
import org.junit.After;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.util.reflections.Reflections;
import org.keycloak.events.Details;
@ -71,6 +72,13 @@ public abstract class AbstractTestRealmKeycloakTest extends AbstractKeycloakTest
configureTestRealm(testRealm);
}
// Logout user after test
@After
public void deleteCookies() {
deleteAllCookiesForRealm("test");
}
/**
* This allows a subclass to change the configuration of the testRealm before
* it is imported. This method will be called prior to any @Before methods

9
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AssertEvents.java
View file

@ -64,7 +64,7 @@ public class AssertEvents implements TestRule {
@Override
public void evaluate() throws Throwable {
// TODO: Ideally clear the queue just before testClass rather then before each method
context.getTestingClient().testing().clearEventQueue();
clear();
base.evaluate();
// TODO Test should fail if there are leftover events
}
@ -84,12 +84,7 @@ public class AssertEvents implements TestRule {
}
public void clear() {
Response res = context.testingClient.testing().clearEventQueue();
try {
Assert.assertEquals("clear-event-queue success", res.getStatus(), 200);
} finally {
res.close();
}
context.getTestingClient().testing().clearEventQueue();
}
public ExpectedEvent expectRequiredAction(EventType event) {

32
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java
View file

@ -18,6 +18,7 @@ package org.keycloak.testsuite.account;
import org.jboss.arquillian.drone.api.annotation.Drone;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
@ -159,6 +160,10 @@ public class AccountTest extends AbstractTestRealmKeycloakTest {
public void before() {
oauth.state("mystate"); // keycloak enforces that a state param has been sent by client
userId = findUser("test-user@localhost").getId();
// Revert any password policy and user password changes
setPasswordPolicy("");
ApiUtil.resetUserPassword(testRealm().users().get(userId), "password", false);
}
@Test
@ -399,18 +404,18 @@ public class AccountTest extends AbstractTestRealmKeycloakTest {
events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent();
assertChangePasswordFails ("password", "password"); // current: password
assertChangePasswordSucceeds("password", "password1"); // current: password
assertChangePasswordSucceeds("password", "password3"); // current: password
assertChangePasswordFails ("password1", "password"); // current: password1, history: password
assertChangePasswordFails ("password1", "password1"); // current: password1, history: password
assertChangePasswordSucceeds("password1", "password2"); // current: password1, history: password
assertChangePasswordFails ("password3", "password"); // current: password1, history: password
assertChangePasswordFails ("password3", "password3"); // current: password1, history: password
assertChangePasswordSucceeds("password3", "password4"); // current: password1, history: password
assertChangePasswordFails ("password2", "password"); // current: password2, history: password, password1
assertChangePasswordFails ("password2", "password1"); // current: password2, history: password, password1
assertChangePasswordFails ("password2", "password2"); // current: password2, history: password, password1
assertChangePasswordSucceeds("password2", "password3"); // current: password2, history: password, password1
assertChangePasswordFails ("password4", "password"); // current: password2, history: password, password1
assertChangePasswordFails ("password4", "password3"); // current: password2, history: password, password1
assertChangePasswordFails ("password4", "password4"); // current: password2, history: password, password1
assertChangePasswordSucceeds("password4", "password5"); // current: password2, history: password, password1
assertChangePasswordSucceeds("password3", "password"); // current: password3, history: password1, password2
assertChangePasswordSucceeds("password5", "password"); // current: password3, history: password1, password2
}
@Test
@ -443,10 +448,10 @@ public class AccountTest extends AbstractTestRealmKeycloakTest {
events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent();
assertChangePasswordFails ("password", "password"); // current: password
assertChangePasswordSucceeds("password", "password1"); // current: password
assertChangePasswordSucceeds("password", "password6"); // current: password
assertChangePasswordFails ("password1", "password1"); // current: password1
assertChangePasswordSucceeds("password1", "password"); // current: password1
assertChangePasswordFails ("password6", "password6"); // current: password1
assertChangePasswordSucceeds("password6", "password"); // current: password1
}
@Test
@ -611,6 +616,9 @@ public class AccountTest extends AbstractTestRealmKeycloakTest {
Assert.assertEquals("New first", profilePage.getFirstName());
Assert.assertEquals("New last", profilePage.getLastName());
Assert.assertEquals("new@email.com", profilePage.getEmail());
// Revert
profilePage.updateProfile("test-user@localhost", "Tom", "Brady", "test-user@localhost");
}
private void addUser(String username, String email) {

7
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
View file

@ -191,6 +191,13 @@ public class ProfileTest extends AbstractTestRealmKeycloakTest {
assertEquals("newemail@localhost", profile.getEmail());
assertEquals("NewFirst", profile.getFirstName());
assertEquals("NewLast", profile.getLastName());
// Revert
user.setFirstName("First");
user.setLastName("Last");
user.setEmail("test-user@localhost");
doUpdateProfile(token, null, JsonSerialization.writeValueAsString(user));
assertEquals(200, response.getStatusLine().getStatusCode());
}
@Test

12
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/TrustStoreEmailTest.java
View file

@ -22,6 +22,7 @@ import org.junit.Test;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.auth.page.AuthRealm;
import org.keycloak.testsuite.auth.page.account.AccountManagement;
import org.keycloak.testsuite.auth.page.login.OIDCLogin;
@ -53,13 +54,10 @@ public class TrustStoreEmailTest extends AbstractTestRealmKeycloakTest {
@Page
private VerifyEmail testRealmVerifyEmailPage;
private UserRepresentation user;
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
log.info("enable verify email and configure smtp server to run with ssl in test realm");
user = RealmRepUtil.findUser(testRealm, "test-user@localhost");
testRealm.setSmtpServer(SslMailServer.getServerConfiguration());
testRealm.setVerifyEmail(true);
}
@ -82,6 +80,8 @@ public class TrustStoreEmailTest extends AbstractTestRealmKeycloakTest {
@Test
public void verifyEmailWithSslEnabled() {
UserRepresentation user = ApiUtil.findUserByUsername(testRealm(), "test-user@localhost");
SslMailServer.startWithSsl(this.getClass().getClassLoader().getResource(SslMailServer.PRIVATE_KEY).getFile());
accountManagement.navigateTo();
testRealmLoginPage.form().login(user.getUsername(), "password");
@ -98,15 +98,17 @@ public class TrustStoreEmailTest extends AbstractTestRealmKeycloakTest {
assertCurrentUrlStartsWith(accountManagement);
accountManagement.signOut();
testRealmLoginPage.form().login(user);
testRealmLoginPage.form().login(user.getUsername(), "password");
assertCurrentUrlStartsWith(accountManagement);
}
@Test
public void verifyEmailWithSslWrongCertificate() {
UserRepresentation user = ApiUtil.findUserByUsername(testRealm(), "test-user@localhost");
SslMailServer.startWithSsl(this.getClass().getClassLoader().getResource(SslMailServer.INVALID_KEY).getFile());
accountManagement.navigateTo();
loginPage.form().login(user);
loginPage.form().login(user.getUsername(), "password");
assertEquals("Failed to send email, please try again later.\n" +
"« Back to Application",

8
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowCookieTest.java
View file

@ -20,9 +20,12 @@ import org.junit.Before;
import org.junit.Test;
import org.keycloak.models.AuthenticationExecutionModel.Requirement;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.testsuite.admin.ApiUtil;
import java.util.Arrays;
import javax.ws.rs.core.Response;
import static org.junit.Assert.assertEquals;
import static org.keycloak.testsuite.util.OAuthClient.APP_ROOT;
@ -44,7 +47,10 @@ public class CustomAuthFlowCookieTest extends AbstractCustomAccountManagementTes
testApp.setRedirectUris(Arrays.asList(new String[]{APP_ROOT + "/*"}));
testApp.setAdminUrl(APP_ROOT + "/logout");
testApp.setSecret("password");
assertEquals(201, testRealmResource().clients().create(testApp).getStatus());
Response response = testRealmResource().clients().create(testApp);
assertEquals(201, response.getStatus());
getCleanup().addClientUuid(ApiUtil.getCreatedId(response));
response.close();
}
@Test

45
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowOTPTest.java
View file

@ -20,15 +20,18 @@ import org.jboss.arquillian.graphene.page.Page;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.models.AuthenticationExecutionModel.Requirement;
import org.keycloak.models.utils.DefaultAuthenticationFlows;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.admin.Users;
import org.keycloak.testsuite.auth.page.login.OneTimeCode;
import org.keycloak.testsuite.pages.LoginConfigTotpPage;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;
import java.util.ArrayList;
import java.util.HashMap;
@ -101,6 +104,10 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
@Test
public void requireOTPTest() {
//update realm browser flow
RealmRepresentation realm = testRealmResource().toRepresentation();
realm.setBrowserFlow("browser");
testRealmResource().update(realm);
updateRequirement("browser", "auth-otp-form", Requirement.REQUIRED);
testRealmAccountManagementPage.navigateTo();
@ -225,10 +232,8 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
setConditionalOTPForm(config);
//create role
RoleRepresentation role = new RoleRepresentation("otp_role", "", false);
testRealmResource().roles().create(role);
//obtain id
role = testRealmResource().roles().get("otp_role").toRepresentation();
RoleRepresentation role = getOrCreateOTPRole();
//add role to user
List<RoleRepresentation> realmRoles = new ArrayList<>();
realmRoles.add(role);
@ -250,10 +255,8 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
setConditionalOTPForm(config);
//create role
RoleRepresentation role = new RoleRepresentation("otp_role", "", false);
testRealmResource().roles().create(role);
//obtain id
role = testRealmResource().roles().get("otp_role").toRepresentation();
RoleRepresentation role = getOrCreateOTPRole();
//add role to user
List<RoleRepresentation> realmRoles = new ArrayList<>();
realmRoles.add(role);
@ -273,6 +276,17 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
assertCurrentUrlStartsWith(testLoginOneTimeCodePage);
}
private RoleRepresentation getOrCreateOTPRole() {
try {
return testRealmResource().roles().get("otp_role").toRepresentation();
} catch (NotFoundException ex) {
RoleRepresentation role = new RoleRepresentation("otp_role", "", false);
testRealmResource().roles().create(role);
//obtain id
return testRealmResource().roles().get("otp_role").toRepresentation();
}
}
@Test
public void conditionalOTPRequestHeaderSkip() {
//prepare config - request header skip, default to force
@ -313,6 +327,19 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
}
private void setConditionalOTPForm(Map<String, String> config) {
List<AuthenticationFlowRepresentation> authFlows = getAuthMgmtResource().getFlows();
for (AuthenticationFlowRepresentation flow : authFlows) {
if ("ConditionalOTPFlow".equals(flow.getAlias())) {
//update realm browser flow
RealmRepresentation realm = testRealmResource().toRepresentation();
realm.setBrowserFlow(DefaultAuthenticationFlows.BROWSER_FLOW);
testRealmResource().update(realm);
getAuthMgmtResource().deleteFlow(flow.getId());
break;
}
}
String flowAlias = "ConditionalOTPFlow";
String provider = "auth-conditional-otp-form";
@ -360,6 +387,8 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
//add auth config to the execution
response = getAuthMgmtResource().newExecutionConfig(executionId, authConfig);
assertEquals("new execution success", 201, response.getStatus());
getCleanup().addAuthenticationConfigId(ApiUtil.getCreatedId(response));
response.close();
}
}

11
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
View file

@ -27,8 +27,10 @@ import org.keycloak.events.Errors;
import org.keycloak.events.EventType;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.AppPage.RequestType;
import org.keycloak.testsuite.pages.ErrorPage;
@ -38,11 +40,13 @@ import org.keycloak.testsuite.pages.RegisterPage;
import org.keycloak.testsuite.pages.VerifyEmailPage;
import org.keycloak.testsuite.util.GreenMailRule;
import org.keycloak.testsuite.util.MailUtils;
import org.keycloak.testsuite.util.UserBuilder;
import javax.mail.MessagingException;
import javax.mail.Multipart;
import javax.mail.internet.MimeMessage;
import java.io.IOException;
import java.util.Collections;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
@ -85,6 +89,13 @@ public class RequiredActionEmailVerificationTest extends AbstractTestRealmKeyclo
@Before
public void before() {
oauth.state("mystate"); // have to set this as keycloak validates that state is sent
ApiUtil.removeUserByUsername(testRealm(), "test-user@localhost");
UserRepresentation user = UserBuilder.create().enabled(true)
.username("test-user@localhost")
.email("test-user@localhost").build();
ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
}
@Test

32
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
View file

@ -17,6 +17,7 @@
package org.keycloak.testsuite.actions;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.arquillian.junit.InSequence;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
@ -32,8 +33,10 @@ import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentatio
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.pages.AccountTotpPage;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.AppPage.RequestType;
@ -42,7 +45,9 @@ import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginTotpPage;
import org.keycloak.testsuite.pages.RegisterPage;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.UserBuilder;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
@ -75,6 +80,15 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
adminClient.realm("test").flows().updateExecutions("browser", execution);
}
}
ApiUtil.removeUserByUsername(testRealm(), "test-user@localhost");
UserRepresentation user = UserBuilder.create().enabled(true)
.username("test-user@localhost")
.email("test-user@localhost")
.firstName("Tom")
.lastName("Brady")
.requiredAction(UserModel.RequiredAction.UPDATE_PROFILE.name()).build();
ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
}
@ -266,6 +280,12 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
// Revert
realmRep = adminClient.realm("test").toRepresentation();
RealmBuilder.edit(realmRep)
.otpDigits(6);
adminClient.realm("test").update(realmRep);
}
@Test
@ -334,6 +354,18 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
// Revert
realmRep = adminClient.realm("test").toRepresentation();
RealmBuilder.edit(realmRep)
.otpLookAheadWindow(1)
.otpDigits(6)
.otpPeriod(30)
.otpType(UserCredentialModel.TOTP)
.otpAlgorithm(HmacOTP.HMAC_SHA1)
.otpInitialCounter(0);
adminClient.realm("test").update(realmRep);
}
}

25
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java
View file

@ -18,6 +18,7 @@ package org.keycloak.testsuite.actions;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.events.Details;
@ -27,10 +28,12 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.AppPage.RequestType;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginUpdateProfileEditUsernameAllowedPage;
import org.keycloak.testsuite.util.UserBuilder;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@ -55,6 +58,27 @@ public class RequiredActionUpdateProfileTest extends AbstractTestRealmKeycloakTe
ActionUtil.addRequiredActionForUser(testRealm, "john-doh@localhost", UserModel.RequiredAction.UPDATE_PROFILE.name());
}
@Before
public void beforeTest() {
ApiUtil.removeUserByUsername(testRealm(), "test-user@localhost");
UserRepresentation user = UserBuilder.create().enabled(true)
.username("test-user@localhost")
.email("test-user@localhost")
.firstName("Tom")
.lastName("Brady")
.requiredAction(UserModel.RequiredAction.UPDATE_PROFILE.name()).build();
ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
ApiUtil.removeUserByUsername(testRealm(), "john-doh@localhost");
user = UserBuilder.create().enabled(true)
.username("john-doh@localhost")
.email("john-doh@localhost")
.firstName("John")
.lastName("Doh")
.requiredAction(UserModel.RequiredAction.UPDATE_PROFILE.name()).build();
ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
}
@Test
public void updateProfile() {
loginPage.open();
@ -112,6 +136,7 @@ public class RequiredActionUpdateProfileTest extends AbstractTestRealmKeycloakTe
Assert.assertEquals("New last", user.getLastName());
Assert.assertEquals("john-doh@localhost", user.getEmail());
Assert.assertEquals("new", user.getUsername());
getCleanup().addUserId(user.getId());
}
@Test

6
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java
View file

@ -79,6 +79,12 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
}
}
// TODO: Fix to not require re-import
@Override
protected boolean isImportAfterEachMethod() {
return true;
}
private void modifyClientJWKSUrl(RealmRepresentation realm, String regex, String replacement) {
if (realm.getClients() != null) {
realm.getClients().stream().

13
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java
View file

@ -30,7 +30,6 @@ import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.common.Version;
import org.keycloak.common.util.Time;
import org.keycloak.common.util.UriUtils;
import org.keycloak.constants.AdapterConstants;
import org.keycloak.events.Details;
import org.keycloak.events.EventType;
@ -51,6 +50,7 @@ import org.keycloak.testsuite.auth.page.login.OAuthGrant;
import org.keycloak.testsuite.console.page.events.Config;
import org.keycloak.testsuite.console.page.events.LoginEvents;
import org.keycloak.testsuite.util.*;
import org.keycloak.testsuite.util.URLUtils;
import org.keycloak.util.BasicAuthHelper;
import org.openqa.selenium.By;
@ -79,6 +79,7 @@ import javax.ws.rs.core.Response.Status;
import static org.hamcrest.Matchers.*;
import static org.keycloak.testsuite.auth.page.AuthRealm.DEMO;
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlEquals;
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith;
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWithLoginUrlOf;
import static org.keycloak.testsuite.util.WaitUtils.*;
@ -372,7 +373,7 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
RealmRepresentation demoRealmRep = testRealmResource().toRepresentation();
int originalIdle = demoRealmRep.getSsoSessionMaxLifespan();
int originalMax = demoRealmRep.getSsoSessionMaxLifespan();
demoRealmRep.setSsoSessionMaxLifespan(1);
testRealmResource().update(demoRealmRep);
@ -380,7 +381,7 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
productPortal.navigateTo();
assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
demoRealmRep.setSsoSessionIdleTimeout(originalIdle);
demoRealmRep.setSsoSessionMaxLifespan(originalMax);
testRealmResource().update(demoRealmRep);
String logoutUri = OIDCLoginProtocolService.logoutUrl(authServerPage.createUriBuilder())
@ -660,6 +661,11 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
.assertEvent();
assertEvents.assertEmpty();
// Revert consent
client = clientResource.toRepresentation();
client.setConsentRequired(false);
clientResource.update(client);
}
@Test
@ -701,6 +707,7 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
driver.navigate().to(testRealmPage.getOIDCLogoutUrl() + "?redirect_uri=" + customerPortal);
assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
assertEvents.expectLogout(null)
.realm(realm.getId())

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractOIDCPublicKeyRotationAdapterTest.java
View file

@ -19,7 +19,6 @@ package org.keycloak.testsuite.adapter.servlet;
import java.io.IOException;
import java.io.InputStream;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.ws.rs.core.Response;
@ -100,8 +99,6 @@ public abstract class AbstractOIDCPublicKeyRotationAdapterTest extends AbstractS
}
@Before
public void beforeRotationAdapterTest() {
// Delete all cookies from token-min-ttl page to be sure we are logged out

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowDemoFilterServletAdapterTest.java
View file

@ -27,9 +27,4 @@ import org.junit.Ignore;
*/
@AppServerContainer("auth-server-undertow")
public class UndertowDemoFilterServletAdapterTest extends AbstractDemoFilterServletAdapterTest {
@Ignore
@Override
public void testAuthenticatedWithCustomSessionConfig() {
// Undertow deployment ignores session cookie settings in web.xml, see org.keycloak.testsuite.arquillian.undertow.SimpleWebXmlParser class
}
}

16
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AbstractAdminTest.java
View file

@ -17,7 +17,6 @@
package org.keycloak.testsuite.admin;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.keycloak.admin.client.resource.RealmResource;
@ -25,6 +24,7 @@ import org.keycloak.events.log.JBossLoggingEventListenerProviderFactory;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.events.EventsListenerProviderFactory;
import org.keycloak.testsuite.util.TestCleanup;
import org.keycloak.testsuite.util.AssertAdminEvents;
import org.keycloak.util.JsonSerialization;
@ -55,11 +55,14 @@ public abstract class AbstractAdminTest extends AbstractTestRealmKeycloakTest {
findTestApp(testRealm).setDirectAccessGrantsEnabled(true);
}
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
super.addTestRealms(testRealms);
RealmRepresentation adminRealmRep = new RealmRepresentation();
adminRealmRep.setId(REALM_NAME);
adminRealmRep.setRealm(REALM_NAME);
adminRealmRep.setEnabled(true);
Map<String, String> config = new HashMap<>();
@ -82,14 +85,9 @@ public abstract class AbstractAdminTest extends AbstractTestRealmKeycloakTest {
realmId = realm.toRepresentation().getId();
}
// old testsuite expects this realm to be removed at the end of the test
@After
public void after() {
for (RealmRepresentation r : adminClient.realms().findAll()) {
if (r.getRealm().equals(REALM_NAME)) {
removeRealm(r);
}
}
@Override
protected TestCleanup getCleanup() {
return getCleanup(REALM_NAME);
}
// Taken from Keycloak class in old testsuite.

8
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java
View file

@ -35,7 +35,6 @@ import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.Response.StatusType;
import java.net.URI;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
@ -174,6 +173,13 @@ public class ApiUtil {
userResource.roles().realmLevel().add(roleRepresentations);
}
public static void removeUserByUsername(RealmResource realmResource, String username) {
UserRepresentation user = findUserByUsername(realmResource, username);
if (user != null) {
realmResource.users().delete(user.getId());
}
}
public static void assignClientRoles(RealmResource realm, String userId, String clientName, String... roles) {
String realmName = realm.toRepresentation().getRealm();
String clientId = "";

10
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java
View file

@ -81,6 +81,7 @@ public class ClientTest extends AbstractAdminTest {
Response response = realm.clients().create(rep);
response.close();
String id = ApiUtil.getCreatedId(response);
getCleanup().addClientUuid(id);
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(id), rep, ResourceType.CLIENT);
@ -212,6 +213,8 @@ public class ClientTest extends AbstractAdminTest {
public void serviceAccount() {
Response response = realm.clients().create(ClientBuilder.create().clientId("serviceClient").serviceAccount().build());
String id = ApiUtil.getCreatedId(response);
getCleanup().addClientUuid(id);
response.close();
UserRepresentation userRep = realm.clients().get(id).getServiceAccountUser();
assertEquals("service-account-serviceclient", userRep.getUsername());
}
@ -237,7 +240,10 @@ public class ClientTest extends AbstractAdminTest {
.redirectUris("http://localhost/auth", "http://localhost/auth*")
.build();
Response response = realm.clients().create(client);
ClientResource clientResource = realm.clients().get(ApiUtil.getCreatedId(response));
String clientUuid = ApiUtil.getCreatedId(response);
ClientResource clientResource = realm.clients().get(clientUuid);
getCleanup().addClientUuid(clientUuid);
response.close();
client = clientResource.toRepresentation();
client.setRootUrl("http://localhost/base#someFragment");
@ -291,6 +297,7 @@ public class ClientTest extends AbstractAdminTest {
Response response = realm.clients().create(client);
String id = ApiUtil.getCreatedId(response);
getCleanup().addClientUuid(id);
response.close();
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(id), client, ResourceType.CLIENT);
@ -378,6 +385,7 @@ public class ClientTest extends AbstractAdminTest {
public void scopes() {
Response response = realm.clients().create(ClientBuilder.create().clientId("client").fullScopeEnabled(false).build());
String id = ApiUtil.getCreatedId(response);
getCleanup().addClientUuid(id);
response.close();
assertAdminEvents.poll();

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ComponentsTest.java
View file

@ -49,7 +49,7 @@ public class ComponentsTest extends AbstractAdminTest {
@Test
public void testNotDeadlocked() {
for (int i = 0; i < 100; i++) {
for (int i = 0; i < 50; i++) {
ComponentRepresentation rep = createComponentRepresentation("test-" + i);
rep.getConfig().putSingle("required", "required-value");
createComponent(rep);
@ -263,6 +263,7 @@ public class ComponentsTest extends AbstractAdminTest {
ComponentsResource components = realm.components();
Response response = components.add(rep);
String id = ApiUtil.getCreatedId(response);
getCleanup().addComponentId(id);
response.close();
return id;
}

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ConcurrencyTest.java
View file

@ -268,12 +268,13 @@ public class ConcurrencyTest extends AbstractAdminTest {
Thread thread = new Thread() {
@Override
public void run() {
Keycloak keycloak = null;
try {
if (lock != null) {
lock.lock();
}
Keycloak keycloak = Keycloak.getInstance(getAuthServerRoot().toString(), "master", "admin", "admin", org.keycloak.models.Constants.ADMIN_CLI_CLIENT_ID);
keycloak = Keycloak.getInstance(getAuthServerRoot().toString(), "master", "admin", "admin", org.keycloak.models.Constants.ADMIN_CLI_CLIENT_ID);
RealmResource realm = keycloak.realm(REALM_NAME);
for (int i = 0; i < numIterationsPerThread && latch.getCount() > 0; i++) {
log.infov("thread {0}, iteration {1}", threadNum, i);
@ -286,6 +287,7 @@ public class ConcurrencyTest extends AbstractAdminTest {
latch.countDown();
}
} finally {
keycloak.close();
if (lock != null) {
lock.unlock();
}

12
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/CrossRealmPermissionsTest.java
View file

@ -17,36 +17,26 @@
package org.keycloak.testsuite.admin;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.util.Time;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.Constants;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.resources.admin.RealmAuth.Resource;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.CredentialBuilder;
import org.keycloak.testsuite.util.GreenMailRule;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.UserBuilder;
import javax.ws.rs.ClientErrorException;
import javax.ws.rs.core.Response;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.fail;
/**
@ -60,8 +50,6 @@ public class CrossRealmPermissionsTest extends AbstractKeycloakTest {
private RealmResource realm1;
private RealmResource realm2;
@Rule public GreenMailRule greenMailRule = new GreenMailRule();
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
RealmBuilder builder = RealmBuilder.create().name(REALM_NAME).testMail();

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java
View file

@ -207,6 +207,8 @@ public class IdentityProviderTest extends AbstractAdminTest {
Assert.assertNotNull(ApiUtil.getCreatedId(response));
response.close();
getCleanup().addIdentityProviderAlias(idpRep.getAlias());
String secret = idpRep.getConfig() != null ? idpRep.getConfig().get("clientSecret") : null;
idpRep = StripSecretsUtils.strip(idpRep);

11
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java
View file

@ -18,6 +18,7 @@
package org.keycloak.testsuite.admin;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.Config;
@ -62,11 +63,6 @@ public class ImpersonationTest extends AbstractKeycloakTest {
private String impersonatedUserId;
@Override
public void beforeAbstractKeycloakTest() throws Exception {
super.beforeAbstractKeycloakTest();
}
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
RealmBuilder realm = RealmBuilder.create().name("test").testEventListener();
@ -89,6 +85,11 @@ public class ImpersonationTest extends AbstractKeycloakTest {
&& "disabled".equals(System.getProperty("feature.value")));
}
@Before
public void beforeTest() {
impersonatedUserId = ApiUtil.findUserByUsername(adminClient.realm("test"), "test-user@localhost").getId();
}
@Test
public void testImpersonateByMasterAdmin() {
// test that composite is set up right for impersonation role

115
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java
View file

@ -18,6 +18,8 @@
package org.keycloak.testsuite.admin;
import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.admin.client.Keycloak;
@ -55,12 +57,14 @@ import org.keycloak.services.resources.admin.RealmAuth.Resource;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.CredentialBuilder;
import org.keycloak.testsuite.util.FederatedIdentityBuilder;
import org.keycloak.testsuite.util.GreenMailRule;
import org.keycloak.testsuite.util.IdentityProviderBuilder;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.TestCleanup;
import org.keycloak.testsuite.util.UserBuilder;
import javax.ws.rs.ClientErrorException;
@ -100,17 +104,11 @@ public class PermissionsTest extends AbstractKeycloakTest {
.username(AdminRoles.REALM_ADMIN)
.role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.REALM_ADMIN)
.addPassword("password"));
clients.put(AdminRoles.REALM_ADMIN,
Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, AdminRoles.REALM_ADMIN, "password", "test-client",
"secret"));
builder.user(UserBuilder.create().username("none").addPassword("password"));
clients.put("none",
Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, "none", "password", "test-client", "secret"));
for (String role : AdminRoles.ALL_REALM_ROLES) {
builder.user(UserBuilder.create().username(role).role(Constants.REALM_MANAGEMENT_CLIENT_ID, role).addPassword("password"));
clients.put(role, Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, role, "password", "test-client"));
}
testRealms.add(builder.build());
@ -118,40 +116,88 @@ public class PermissionsTest extends AbstractKeycloakTest {
builder2.client(ClientBuilder.create().clientId("test-client").publicClient().directAccessGrants());
builder2.user(UserBuilder.create().username("admin").role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.REALM_ADMIN).addPassword("password"));
testRealms.add(builder2.build());
clients.put("REALM2", Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "realm2", "admin", "password", "test-client"));
}
@Override
public void beforeAbstractKeycloakTest() throws Exception {
super.beforeAbstractKeycloakTest();
clients.put("master-admin", adminClient);
@Before
public void beforeClazz() {
if (testContext.isInitialized()) {
return;
}
createTestUsers();
testContext.setInitialized(true);
}
private void createTestUsers() {
RealmResource master = adminClient.realm("master");
{
Response response = master.users().create(UserBuilder.create().username("permissions-test-master-none").build());
String userId = ApiUtil.getCreatedId(response);
response.close();
master.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build());
clients.put("master-none",
Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "master", "permissions-test-master-none", "password",
Constants.ADMIN_CLI_CLIENT_ID));
}
for (String role : AdminRoles.ALL_REALM_ROLES) {
Response response = master.users().create(UserBuilder.create().username("permissions-test-master-" + role).build());
String userId = ApiUtil.getCreatedId(response);
response = master.users().create(UserBuilder.create().username("permissions-test-master-" + role).build());
userId = ApiUtil.getCreatedId(response);
response.close();
master.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build());
String clientId = master.clients().findByClientId(REALM_NAME + "-realm").get(0).getId();
RoleRepresentation roleRep = master.clients().get(clientId).roles().get(role).toRepresentation();
master.users().get(userId).roles().clientLevel(clientId).add(Collections.singletonList(roleRep));
}
}
@AfterClass
public static void removeTestUsers() throws Exception {
Keycloak adminClient = AdminClientUtil.createAdminClient();
try {
for (UserRepresentation u : adminClient.realm("master").users().search("permissions-test-master-", 0, 100)) {
adminClient.realm("master").users().get(u.getId()).remove();
}
} finally {
adminClient.close();
}
}
private void recreatePermissionRealm() throws Exception {
RealmRepresentation permissionRealm = testContext.getTestRealmReps().stream().filter(realm -> {
return realm.getRealm().equals(REALM_NAME);
}).findFirst().get();
adminClient.realms().create(permissionRealm);
removeTestUsers();
createTestUsers();
}
@Override
public void beforeAbstractKeycloakTest() throws Exception {
super.beforeAbstractKeycloakTest();
clients.put(AdminRoles.REALM_ADMIN,
Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, AdminRoles.REALM_ADMIN, "password", "test-client",
"secret"));
clients.put("none",
Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, "none", "password", "test-client", "secret"));
for (String role : AdminRoles.ALL_REALM_ROLES) {
clients.put(role, Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, role, "password", "test-client"));
}
clients.put("REALM2", Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "realm2", "admin", "password", "test-client"));
clients.put("master-admin", adminClient);
clients.put("master-none",
Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "master", "permissions-test-master-none", "password",
Constants.ADMIN_CLI_CLIENT_ID));
for (String role : AdminRoles.ALL_REALM_ROLES) {
clients.put("master-" + role,
Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "master", "permissions-test-master-" + role, "password",
Constants.ADMIN_CLI_CLIENT_ID));
@ -160,15 +206,22 @@ public class PermissionsTest extends AbstractKeycloakTest {
@Override
public void afterAbstractKeycloakTest() {
for (UserRepresentation u : adminClient.realm("master").users().search("permissions-test-master-", 0, 100)) {
adminClient.realm("master").users().get(u.getId()).remove();
}
// Don't close the "main" adminClient, but all others yes
clients.entrySet().stream().filter(entry -> {
super.afterAbstractKeycloakTest();
return !entry.getKey().equals("master-admin");
}).forEach(consumer -> {
consumer.getValue().close();
});
clients.clear();
}
@Test
public void realms() {
public void realms() throws Exception {
// Check returned realms
invoke(new Invocation() {
public void invoke(RealmResource realm) {
@ -312,6 +365,9 @@ public class PermissionsTest extends AbstractKeycloakTest {
clients.get(AdminRoles.REALM_ADMIN).realms().realm(REALM_NAME).remove();
}
}, adminClient, true);
// Revert realm removal
recreatePermissionRealm();
}
@Test
@ -959,7 +1015,7 @@ public class PermissionsTest extends AbstractKeycloakTest {
}
@Test
public void flows() {
public void flows() throws Exception {
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().getFormProviders();
@ -1113,6 +1169,11 @@ public class PermissionsTest extends AbstractKeycloakTest {
realm.flows().updateAuthenticatorConfig("nosuch", new AuthenticatorConfigRepresentation());
}
}, Resource.REALM, true);
// Re-create realm
adminClient.realm(REALM_NAME).remove();
recreatePermissionRealm();
}
@Test

6
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/RoleByIdResourceTest.java
View file

@ -59,6 +59,8 @@ public class RoleByIdResourceTest extends AbstractAdminTest {
Response response = adminClient.realm(REALM_NAME).clients().create(ClientBuilder.create().clientId("client-a").build());
clientUuid = ApiUtil.getCreatedId(response);
getCleanup().addClientUuid(clientUuid);
response.close();
adminClient.realm(REALM_NAME).clients().get(clientUuid).roles().create(RoleBuilder.create().name("role-c").description("Role C").build());
for (RoleRepresentation r : adminClient.realm(REALM_NAME).roles().list()) {
@ -69,6 +71,10 @@ public class RoleByIdResourceTest extends AbstractAdminTest {
ids.put(r.getName(), r.getId());
}
getCleanup().addRoleId(ids.get("role-a"));
getCleanup().addRoleId(ids.get("role-b"));
getCleanup().addRoleId(ids.get("role-c"));
resource = adminClient.realm(REALM_NAME).rolesById();
assertAdminEvents.clear(); // Tested in RealmRolesTest already

41
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java
View file

@ -21,7 +21,9 @@ import org.hamcrest.Matchers;
import org.jboss.arquillian.drone.api.annotation.Drone;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.admin.client.resource.IdentityProviderResource;
@ -60,6 +62,7 @@ import org.openqa.selenium.WebDriver;
import javax.mail.MessagingException;
import javax.mail.internet.MimeMessage;
import javax.ws.rs.ClientErrorException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import java.io.IOException;
@ -118,6 +121,9 @@ public class UserTest extends AbstractAdminTest {
response.close();
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(createdId), userRep, ResourceType.USER);
getCleanup().addUserId(createdId);
return createdId;
}
@ -280,7 +286,7 @@ public class UserTest extends AbstractAdminTest {
@Test
public void delete() {
String userId = createUser();
Response response = realm.users().delete( userId );
Response response = realm.users().delete(userId);
assertEquals(204, response.getStatus());
response.close();
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userResourcePath(userId), ResourceType.USER);
@ -288,7 +294,7 @@ public class UserTest extends AbstractAdminTest {
@Test
public void deleteNonExistent() {
Response response = realm.users().delete( "does-not-exist" );
Response response = realm.users().delete("does-not-exist");
assertEquals(404, response.getStatus());
response.close();
assertAdminEvents.assertEmpty();
@ -671,7 +677,7 @@ public class UserTest extends AbstractAdminTest {
@Test
public void updateUserWithNewUsername() {
switchEditUsernameAllowedOn();
switchEditUsernameAllowedOn(true);
String id = createUser();
UserResource user = realm.users().get(id);
@ -681,13 +687,14 @@ public class UserTest extends AbstractAdminTest {
userRep = realm.users().get(id).toRepresentation();
assertEquals("user11", userRep.getUsername());
// Revert
switchEditUsernameAllowedOn(false);
}
@Test
public void updateUserWithoutUsername() {
switchEditUsernameAllowedOn();
switchEditUsernameAllowedOn(true);
String id = createUser();
@ -711,6 +718,9 @@ public class UserTest extends AbstractAdminTest {
assertEquals("user1@localhost", rep.getEmail());
assertEquals("Firstname", rep.getFirstName());
assertEquals("Lastname", rep.getLastName());
// Revert
switchEditUsernameAllowedOn(false);
}
@Test
@ -728,7 +738,7 @@ public class UserTest extends AbstractAdminTest {
@Test
public void updateUserWithNewUsernameAccessingViaOldUsername() {
switchEditUsernameAllowedOn();
switchEditUsernameAllowedOn(true);
createUser();
try {
@ -741,13 +751,15 @@ public class UserTest extends AbstractAdminTest {
fail("Expected failure");
} catch (ClientErrorException e) {
assertEquals(404, e.getResponse().getStatus());
} finally {
switchEditUsernameAllowedOn(false);
}
}
@Test
public void updateUserWithExistingUsername() {
switchEditUsernameAllowedOn();
enableBruteForce();
switchEditUsernameAllowedOn(true);
enableBruteForce(true);
createUser();
UserRepresentation userRep = new UserRepresentation();
@ -767,6 +779,9 @@ public class UserTest extends AbstractAdminTest {
// TODO adminEvents: Event queue should be empty, but it's not because of bug in UsersResource.updateUser, which sends event earlier than transaction commit.
// assertAdminEvents.assertEmpty();
assertAdminEvents.poll();
} finally {
enableBruteForce(false);
switchEditUsernameAllowedOn(false);
}
}
@ -927,16 +942,16 @@ public class UserTest extends AbstractAdminTest {
assertEquals(111, users.search("test", 0, 1000).size());
}
private void switchEditUsernameAllowedOn() {
private void switchEditUsernameAllowedOn(boolean enable) {
RealmRepresentation rep = realm.toRepresentation();
rep.setEditUsernameAllowed(true);
rep.setEditUsernameAllowed(enable);
realm.update(rep);
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
}
private void enableBruteForce() {
private void enableBruteForce(boolean enable) {
RealmRepresentation rep = realm.toRepresentation();
rep.setBruteForceProtected(true);
rep.setBruteForceProtected(enable);
realm.update(rep);
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
}

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AbstractAuthenticationTest.java
View file

@ -30,6 +30,7 @@ import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.util.AdminEventPaths;
import org.keycloak.testsuite.util.AssertAdminEvents;
import org.keycloak.testsuite.util.RealmBuilder;
@ -196,6 +197,8 @@ public abstract class AbstractAuthenticationTest extends AbstractKeycloakTest {
Response response = authMgmtResource.createFlow(flowRep);
org.keycloak.testsuite.Assert.assertEquals(201, response.getStatus());
response.close();
String flowId = ApiUtil.getCreatedId(response);
getCleanup().addAuthenticationFlowId(flowId);
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AssertAdminEvents.isExpectedPrefixFollowedByUuid(AdminEventPaths.authFlowsPath()), flowRep, ResourceType.AUTH_FLOW);
}
}

7
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java
View file

@ -24,7 +24,9 @@ import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation;
import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.util.AdminEventPaths;
import org.keycloak.testsuite.util.AssertAdminEvents;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.NotFoundException;
@ -45,15 +47,16 @@ public class FlowTest extends AbstractAuthenticationTest {
// KEYCLOAK-3681: Delete top flow doesn't delete all subflows
@Test
public void testRemoveSubflows() {
authMgmtResource.createFlow(newFlow("Foo", "Foo flow", "generic", true, false));
createFlow(newFlow("Foo", "Foo flow", "generic", true, false));
addFlowToParent("Foo", "child");
addFlowToParent("child", "grandchild");
List<AuthenticationFlowRepresentation> flows = authMgmtResource.getFlows();
AuthenticationFlowRepresentation found = findFlowByAlias("Foo", flows);
authMgmtResource.deleteFlow(found.getId());
assertAdminEvents.clear();
authMgmtResource.createFlow(newFlow("Foo", "Foo flow", "generic", true, false));
createFlow(newFlow("Foo", "Foo flow", "generic", true, false));
addFlowToParent("Foo", "child");
// Under the old code, this would throw an error because "grandchild"

8
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractClientTest.java
View file

@ -36,7 +36,6 @@ import org.keycloak.testsuite.util.RealmBuilder;
import javax.ws.rs.core.Response;
import java.util.List;
import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
/**
*
@ -50,9 +49,8 @@ public abstract class AbstractClientTest extends AbstractAuthTest {
@Override
public void setDefaultPageUriParameters() {
super.setDefaultPageUriParameters();
testRealmPage.setAuthRealm(MASTER);
testRealmLoginPage.setAuthRealm(testRealmPage);
testRealmAccountPage.setAuthRealm(testRealmPage);
testRealmPage.setAuthRealm("test");
accountPage.setAuthRealm("test");
}
@Before
@ -75,7 +73,7 @@ public abstract class AbstractClientTest extends AbstractAuthTest {
}
protected String getRealmId() {
return MASTER;
return "test";
}
// returns UserRepresentation retrieved from server, with all fields, including id

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java
View file

@ -75,7 +75,7 @@ public class InstallationTest extends AbstractClientTest {
}
private String samlUrl() {
return authServerUrl() + "/realms/master/protocol/saml";
return authServerUrl() + "/realms/test/protocol/saml";
}
@Test
@ -111,7 +111,7 @@ public class InstallationTest extends AbstractClientTest {
}
private void assertOidcInstallationConfig(String config) {
assertThat(config, containsString("master"));
assertThat(config, containsString("test"));
assertThat(config, not(containsString(ApiUtil.findActiveKey(testRealmResource()).getPublicKey())));
assertThat(config, containsString(authServerUrl()));
}

11
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/SessionTest.java
View file

@ -38,7 +38,7 @@ import static org.junit.Assert.assertNotNull;
* @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
*/
public class SessionTest extends AbstractClientTest {
private static boolean testUserCreated = false;
@Page
protected AccountManagement testRealmAccountManagementPage;
@ -46,13 +46,18 @@ public class SessionTest extends AbstractClientTest {
@Before
public void init() {
// make user test user exists in test realm
if (!testUserCreated) {
createTestUserWithAdminClient();
getCleanup().addUserId(testUser.getId());
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.userResourcePath(testUser.getId()), ResourceType.USER);
assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.userResetPasswordPath(testUser.getId()), ResourceType.USER);
}
testUserCreated = true;
@Override
public void setDefaultPageUriParameters() {
super.setDefaultPageUriParameters();
testRealmAccountManagementPage.setAuthRealm(getRealmId());
loginPage.setAuthRealm(getRealmId());
}
@Test

29
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ImportAuthorizationSettingsTest.java
View file

@ -17,20 +17,16 @@
package org.keycloak.testsuite.admin.client.authorization;
import static com.sun.corba.se.impl.oa.poa.Policies.defaultPolicies;
import static org.junit.Assert.assertEquals;
import java.util.List;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.representations.adapters.config.PolicyEnforcerConfig;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import org.keycloak.util.JsonSerialization;
@ -40,6 +36,27 @@ import org.keycloak.util.JsonSerialization;
*/
public class ImportAuthorizationSettingsTest extends AbstractAuthorizationTest {
@Before
public void createRole() {
ClientResource clientResource = getClientResource();
RoleRepresentation role = new RoleRepresentation();
role.setName("admin");
clientResource.roles().create(role);
}
@After
public void onAfterAuthzTests() {
ClientResource clientResource = getClientResource();
// Needed to disable authz first. TODO: Looks like a bug. Check later...
ClientRepresentation client = clientResource.toRepresentation();
client.setAuthorizationServicesEnabled(false);
clientResource.update(client);
getClientResource().remove();
}
@Test
public void testImportUnorderedSettings() throws Exception {
ClientResource clientResource = getClientResource();

16
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AbstractEventTest.java
View file

@ -17,9 +17,11 @@
package org.keycloak.testsuite.admin.event;
import org.junit.Before;
import org.junit.Rule;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
import org.keycloak.testsuite.AbstractAuthTest;
import org.keycloak.testsuite.util.TestCleanup;
import java.util.Collections;
import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
@ -32,14 +34,6 @@ public abstract class AbstractEventTest extends AbstractAuthTest {
protected RealmEventsConfigRepresentation configRep;
@Override
public void setDefaultPageUriParameters() {
super.setDefaultPageUriParameters();
testRealmPage.setAuthRealm(MASTER);
testRealmLoginPage.setAuthRealm(testRealmPage);
testRealmAccountPage.setAuthRealm(testRealmPage);
}
@Before
public void setConfigRep() {
RealmResource testRsc = testRealmResource();
@ -51,6 +45,12 @@ public abstract class AbstractEventTest extends AbstractAuthTest {
saveConfig();
}
@Override
public void setDefaultPageUriParameters() {
testRealmPage.setAuthRealm("test");
accountPage.setAuthRealm("test");
}
protected void saveConfig() {
RealmResource testRsc = testRealmResource();
testRsc.updateRealmEventsConfig(configRep);

10
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventTest.java
View file

@ -59,7 +59,9 @@ public class AdminEventTest extends AbstractEventTest {
private String createUser(String username) {
UserRepresentation user = createUserRepresentation(username, username + "@foo.com", "foo", "bar", true);
return ApiUtil.createUserWithAdminClient(testRealmResource(), user);
String userId = ApiUtil.createUserWithAdminClient(testRealmResource(), user);
getCleanup().addUserId(userId);
return userId;
}
private void updateRealm() {
@ -90,7 +92,7 @@ public class AdminEventTest extends AbstractEventTest {
assertNull(event.getError());
AuthDetailsRepresentation details = event.getAuthDetails();
assertEquals(realmName(), details.getRealmId());
assertEquals("master", details.getRealmId());
assertNotNull(details.getClientId());
assertNotNull(details.getUserId());
assertNotNull(details.getIpAddress());
@ -106,7 +108,7 @@ public class AdminEventTest extends AbstractEventTest {
assertEquals("CREATE", event.getOperationType());
assertEquals(realmName(), event.getRealmId());
assertEquals(realmName(), event.getAuthDetails().getRealmId());
assertEquals("master", event.getAuthDetails().getRealmId());
assertNull(event.getRepresentation());
}
@ -130,7 +132,7 @@ public class AdminEventTest extends AbstractEventTest {
updateRealm();
assertEquals(3, events().size());
List<AdminEventRepresentation> events = testRealmResource().getAdminEvents(Arrays.asList("CREATE"), realmName(), null, null, null, null, null, null, null, null);
List<AdminEventRepresentation> events = testRealmResource().getAdminEvents(Arrays.asList("CREATE"), null, null, null, null, null, null, null, null, null);
assertEquals(2, events.size());
}

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/LoginEventsTest.java
View file

@ -60,7 +60,7 @@ public class LoginEventsTest extends AbstractEventTest {
}
private void badLogin() {
loginEventsPage.navigateTo();
accountPage.navigateTo();
loginPage.form().login("bad", "user");
}

1
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java
View file

@ -142,6 +142,7 @@ public class GroupTest extends AbstractGroupTest {
private GroupRepresentation createGroup(RealmResource realm, GroupRepresentation group) {
Response response = realm.groups().add(group);
String groupId = ApiUtil.getCreatedId(response);
getCleanup().addGroupId(groupId);
response.close();
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupPath(groupId), group, ResourceType.GROUP);

6
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmRolesTest.java
View file

@ -65,6 +65,8 @@ public class RealmRolesTest extends AbstractAdminTest {
ClientRepresentation clientRep = ClientBuilder.create().clientId("client-a").build();
Response response = adminClient.realm(REALM_NAME).clients().create(clientRep);
clientUuid = ApiUtil.getCreatedId(response);
getCleanup().addClientUuid(clientUuid);
response.close();
RoleRepresentation roleC = RoleBuilder.create().name("role-c").description("Role C").build();
adminClient.realm(REALM_NAME).clients().get(clientUuid).roles().create(roleC);
@ -77,6 +79,10 @@ public class RealmRolesTest extends AbstractAdminTest {
ids.put(r.getName(), r.getId());
}
getCleanup().addRoleId(ids.get("role-a"));
getCleanup().addRoleId(ids.get("role-b"));
getCleanup().addRoleId(ids.get("role-c"));
resource = adminClient.realm(REALM_NAME).roles();
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-a"), roleA, ResourceType.REALM_ROLE);

15
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
View file

@ -202,6 +202,17 @@ public class RealmTest extends AbstractAdminTest {
realm.remove();
Assert.assertNames(adminClient.realms().findAll(), "master", AuthRealm.TEST);
// Re-create realm
reCreateRealm();
}
private void reCreateRealm() {
// Re-create realm
RealmRepresentation realmRep = testContext.getTestRealmReps().stream().filter((RealmRepresentation realm) -> {
return realm.getRealm().equals(REALM_NAME);
}).findFirst().get();
adminClient.realms().create(realmRep);
}
@Test
@ -210,6 +221,8 @@ public class RealmTest extends AbstractAdminTest {
ServerInfoResource serverInfoResource = Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "master", "admin", "admin", Constants.ADMIN_CLI_CLIENT_ID).serverInfo();
serverInfoResource.getInfo();
reCreateRealm();
}
/**
@ -608,6 +621,7 @@ public class RealmTest extends AbstractAdminTest {
client.setSecret("secret");
Response resp = realm.clients().create(client);
String clientDbId = ApiUtil.getCreatedId(resp);
getCleanup().addClientUuid(clientDbId);
resp.close();
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(clientDbId), client, ResourceType.CLIENT);
@ -618,6 +632,7 @@ public class RealmTest extends AbstractAdminTest {
Response response = realm.users().create(userRep);
String userId = ApiUtil.getCreatedId(response);
response.close();
getCleanup().addUserId(userId);
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(userId), userRep, ResourceType.USER);
realm.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build());

20
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java
View file

@ -20,10 +20,14 @@ package org.keycloak.testsuite.broker;
import java.util.List;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.After;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.Retry;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.pages.AccountPasswordPage;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.ErrorPage;
@ -82,6 +86,22 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
}
@After
public void cleanupUsers() {
RealmResource providerRealm = adminClient.realm(bc.providerRealmName());
UserRepresentation userRep = ApiUtil.findUserByUsername(providerRealm, bc.getUserLogin());
if (userRep != null) {
providerRealm.users().get(userRep.getId()).remove();
}
RealmResource childRealm = adminClient.realm(bc.consumerRealmName());
userRep = ApiUtil.findUserByUsername(childRealm, bc.getUserLogin());
if (userRep != null) {
childRealm.users().get(userRep.getId()).remove();
}
}
protected void logInAsUserInIDP() {
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));

23
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java
View file

@ -1,5 +1,6 @@
package org.keycloak.testsuite.broker;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@ -13,6 +14,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.pages.ConsentPage;
import org.keycloak.testsuite.util.*;
@ -39,7 +41,7 @@ import static org.keycloak.testsuite.broker.BrokerTestTools.*;
public abstract class AbstractBrokerTest extends AbstractBaseBrokerTest {
@Before
public void createUser() {
public void beforeBrokerTest() {
log.debug("creating user for realm " + bc.providerRealmName());
UserRepresentation user = new UserRepresentation();
@ -52,18 +54,16 @@ public abstract class AbstractBrokerTest extends AbstractBaseBrokerTest {
userId = createUserWithAdminClient(realmResource, user);
resetUserPassword(realmResource.users().get(userId), bc.getUserPassword(), false);
if (testContext.isInitialized()) {
return;
}
@Before
public void addIdentityProviderToProviderRealm() {
log.debug("adding identity provider to realm " + bc.consumerRealmName());
RealmResource realm = adminClient.realm(bc.consumerRealmName());
realm.identityProviders().create(bc.setUpIdentityProvider(suiteContext));
}
@Before
public void addClients() {
// addClients
List<ClientRepresentation> clients = bc.createProviderClients(suiteContext);
if (clients != null) {
RealmResource providerRealm = adminClient.realm(bc.providerRealmName());
@ -83,6 +83,8 @@ public abstract class AbstractBrokerTest extends AbstractBaseBrokerTest {
consumerRealm.clients().create(client);
}
}
testContext.setInitialized(true);
}
@ -302,6 +304,13 @@ public abstract class AbstractBrokerTest extends AbstractBaseBrokerTest {
consentPage.cancel();
waitForPage(driver, "log in to");
// Revert consentRequired
adminClient.realm(bc.providerRealmName())
.clients()
.get(client.getId())
.update(ClientBuilder.edit(client).consentRequired(false).build());
}

11
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractUserAttributeMapperTest.java
View file

@ -49,12 +49,13 @@ public abstract class AbstractUserAttributeMapperTest extends AbstractBaseBroker
RealmResource realm = adminClient.realm(bc.consumerRealmName());
final IdentityProviderRepresentation idp = bc.setUpIdentityProvider(suiteContext);
realm.identityProviders().create(idp);
Response resp = realm.identityProviders().create(idp);
resp.close();
IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias());
for (IdentityProviderMapperRepresentation mapper : createIdentityProviderMappers()) {
mapper.setIdentityProviderAlias(bc.getIDPAlias());
Response resp = idpResource.addMapper(mapper);
resp = idpResource.addMapper(mapper);
resp.close();
}
}
@ -67,7 +68,8 @@ public abstract class AbstractUserAttributeMapperTest extends AbstractBaseBroker
for (ClientRepresentation client : clients) {
log.debug("adding client " + client.getName() + " to realm " + bc.providerRealmName());
providerRealm.clients().create(client);
Response resp = providerRealm.clients().create(client);
resp.close();
}
}
@ -77,7 +79,8 @@ public abstract class AbstractUserAttributeMapperTest extends AbstractBaseBroker
for (ClientRepresentation client : clients) {
log.debug("adding client " + client.getName() + " to realm " + bc.consumerRealmName());
consumerRealm.clients().create(client);
Response resp = consumerRealm.clients().create(client);
resp.close();
}
}
}

42
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AccountLinkTest.java
View file

@ -75,47 +75,41 @@ public class AccountLinkTest extends AbstractKeycloakTest {
}
@Before
public void addIdpUser() {
RealmResource realm = adminClient.realms().realm(PARENT_IDP);
public void beforeBrokerTest() {
if (testContext.isInitialized()) {
return;
}
// addIdpUser
RealmResource realmParent = adminClient.realms().realm(PARENT_IDP);
UserRepresentation user = new UserRepresentation();
user.setUsername(PARENT_USERNAME);
user.setEnabled(true);
String userId = createUserAndResetPasswordWithAdminClient(realm, user, "password");
String userId = createUserAndResetPasswordWithAdminClient(realmParent, user, "password");
}
@Before
public void addChildUser() {
RealmResource realm = adminClient.realms().realm(CHILD_IDP);
UserRepresentation user = new UserRepresentation();
// addChildUser
RealmResource realmChild = adminClient.realms().realm(CHILD_IDP);
user = new UserRepresentation();
user.setUsername("child");
user.setEnabled(true);
String userId = createUserAndResetPasswordWithAdminClient(realm, user, "password");
userId = createUserAndResetPasswordWithAdminClient(realmChild, user, "password");
}
@Before
public void setupUserStorageProvider() {
// setupUserStorageProvider
ComponentRepresentation provider = new ComponentRepresentation();
provider.setName("passthrough");
provider.setProviderId(PassThroughFederatedUserStorageProviderFactory.PROVIDER_ID);
provider.setProviderType(UserStorageProvider.class.getName());
provider.setConfig(new MultivaluedHashMap<>());
provider.getConfig().putSingle("priority", Integer.toString(1));
realmChild.components().add(provider);
RealmResource realm = adminClient.realms().realm(CHILD_IDP);
realm.components().add(provider);
}
@Before
public void createBroker() {
// createBroker
createParentChild();
testContext.setInitialized(true);
}
public void createParentChild() {
BrokerTestTools.createKcOidcBroker(adminClient, CHILD_IDP, PARENT_IDP, suiteContext);
}

9
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java
View file

@ -78,7 +78,8 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
log.debug("adding identity provider to realm " + bc.consumerRealmName());
RealmResource realm = adminClient.realm(bc.consumerRealmName());
realm.identityProviders().create(bc.setUpIdentityProvider(suiteContext));
Response resp = realm.identityProviders().create(bc.setUpIdentityProvider(suiteContext));
resp.close();
}
@ -90,7 +91,8 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
for (ClientRepresentation client : clients) {
log.debug("adding client " + client.getName() + " to realm " + bc.providerRealmName());
providerRealm.clients().create(client);
Response resp = providerRealm.clients().create(client);
resp.close();
}
}
@ -100,7 +102,8 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
for (ClientRepresentation client : clients) {
log.debug("adding client " + client.getName() + " to realm " + bc.consumerRealmName());
consumerRealm.clients().create(client);
Response resp = consumerRealm.clients().create(client);
resp.close();
}
}
}

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientRegistrationTest.java
View file

@ -108,9 +108,9 @@ public abstract class AbstractClientRegistrationTest extends AbstractKeycloakTes
return response;
}
public ClientRepresentation getClient(String clientId) {
public ClientRepresentation getClient(String clientUuid) {
try {
return adminClient.realm(REALM_NAME).clients().get(clientId).toRepresentation();
return adminClient.realm(REALM_NAME).clients().get(clientUuid).toRepresentation();
} catch (NotFoundException e) {
return null;
}

8
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AdapterInstallationConfigTest.java
View file

@ -24,6 +24,7 @@ import org.keycloak.client.registration.HttpErrorException;
import org.keycloak.common.enums.SslRequired;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.testsuite.admin.ApiUtil;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
@ -51,6 +52,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes
client.setRootUrl("http://root");
client = createClient(client);
client.setSecret("RegistrationAccessTokenTestClientSecret");
getCleanup().addClientUuid(client.getId());
client2 = new ClientRepresentation();
client2.setEnabled(true);
@ -60,6 +62,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes
client2.setRegistrationAccessToken("RegistrationAccessTokenTestRegistrationAccessToken");
client2.setRootUrl("http://root");
client2 = createClient(client2);
getCleanup().addClientUuid(client2.getId());
clientPublic = new ClientRepresentation();
clientPublic.setEnabled(true);
@ -68,6 +71,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes
clientPublic.setRegistrationAccessToken("RegistrationAccessTokenTestRegistrationAccessTokenPublic");
clientPublic.setRootUrl("http://root");
clientPublic = createClient(clientPublic);
getCleanup().addClientUuid(clientPublic.getId());
}
@Test
@ -80,7 +84,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes
@Test
public void getConfig() throws ClientRegistrationException {
reg.auth(Auth.client(client.getClientId(), client.getSecret()));
reg.auth(Auth.client(client.getClientId(), "RegistrationAccessTokenTestClientSecret"));
AdapterConfig config = reg.getAdapterConfig(client.getClientId());
assertNotNull(config);
@ -89,7 +93,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes
assertEquals("test", config.getRealm());
assertEquals(1, config.getCredentials().size());
assertEquals(client.getSecret(), config.getCredentials().get("secret"));
assertEquals("RegistrationAccessTokenTestClientSecret", config.getCredentials().get("secret"));
assertEquals(client.getClientId(), config.getResource());
assertEquals(SslRequired.EXTERNAL.name().toLowerCase(), config.getSslRequired());

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRedirectTest.java
View file

@ -47,7 +47,7 @@ public class ClientRedirectTest extends AbstractTestRealmKeycloakTest {
*
* @throws Exception
*/
//@Test
@Test
public void testClientRedirectEndpoint() throws Exception {
oauth.doLogin("test-user@localhost", "password");

101
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationPoliciesTest.java
View file

@ -23,6 +23,7 @@ import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.resource.RealmResource;
@ -80,12 +81,16 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
testRealms.get(0).setPublicKey(PUBLIC_KEY);
}
@Before
public void before() throws Exception {
super.before();
//
// ClientInitialAccessPresentation token = adminClient.realm(REALM_NAME).clientInitialAccess().create(new ClientInitialAccessCreatePresentation(0, 10));
// reg.auth(Auth.token(token));
@After
public void after() throws Exception {
super.after();
// Default setup of trustedHostPolicy
ComponentRepresentation trustedHostPolicy = findPolicyByProviderAndAuth(TrustedHostClientRegistrationPolicyFactory.PROVIDER_ID, getPolicyAnon());
trustedHostPolicy.getConfig().putSingle(TrustedHostClientRegistrationPolicyFactory.HOST_SENDING_REGISTRATION_REQUEST_MUST_MATCH, "true");
trustedHostPolicy.getConfig().putSingle(TrustedHostClientRegistrationPolicyFactory.CLIENT_URIS_MUST_MATCH, "true");
trustedHostPolicy.getConfig().put(TrustedHostClientRegistrationPolicyFactory.TRUSTED_HOSTS, Collections.emptyList());
realmResource().components().component(trustedHostPolicy.getId()).update(trustedHostPolicy);
}
private RealmResource realmResource() {
@ -175,7 +180,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
assertOidcFail(ClientRegOp.CREATE, client, 403, "Host not trusted");
// Should still fail (bad redirect_uri)
setTrustedHost("localhost", getPolicyAnon());
setTrustedHost("localhost");
assertOidcFail(ClientRegOp.CREATE, client, 403, "URL doesn't match");
// Should still fail (bad base_uri)
@ -194,7 +199,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
@Test
public void testAnonUpdateWithTrustedHost() throws Exception {
setTrustedHost("localhost", getPolicyAnon());
setTrustedHost("localhost");
OIDCClientRepresentation client = create();
// Fail update client
@ -235,7 +240,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
@Test
public void testAnonConsentRequired() throws Exception {
setTrustedHost("localhost", getPolicyAnon());
setTrustedHost("localhost");
OIDCClientRepresentation client = create();
// Assert new client has consent required
@ -255,7 +260,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
@Test
public void testAnonFullScopeAllowed() throws Exception {
setTrustedHost("localhost", getPolicyAnon());
setTrustedHost("localhost");
OIDCClientRepresentation client = create();
// Assert new client has fullScopeAllowed disabled
@ -275,7 +280,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
@Test
public void testClientDisabledPolicy() throws Exception {
setTrustedHost("localhost", getPolicyAnon());
setTrustedHost("localhost");
// Assert new client is enabled
OIDCClientRepresentation client = create();
@ -290,7 +295,9 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
rep.setProviderId(ClientDisabledClientRegistrationPolicyFactory.PROVIDER_ID);
rep.setProviderType(ClientRegistrationPolicy.class.getName());
rep.setSubType(getPolicyAnon());
realmResource().components().add(rep).close();
Response response = realmResource().components().add(rep);
String policyId = ApiUtil.getCreatedId(response);
response.close();
// Assert new client is disabled
client = create();
@ -305,12 +312,15 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
// Try update disabled client. Should pass
clientRep.setEnabled(false);
reg.update(clientRep);
// Revert
realmResource().components().component(policyId).remove();
}
@Test
public void testMaxClientsPolicy() throws Exception {
setTrustedHost("localhost", getPolicyAnon());
setTrustedHost("localhost");
int clientsCount = realmResource().clients().findAll().size();
int newClientsLimit = clientsCount + 1;
@ -325,6 +335,10 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
// I can't register more clients
assertOidcFail(ClientRegOp.CREATE, createRepOidc(), 403, "It's allowed to have max " + newClientsLimit + " clients per realm");
// Revert
maxClientsPolicyRep.getConfig().putSingle(MaxClientsClientRegistrationPolicyFactory.MAX_CLIENTS, String.valueOf(10000));
realmResource().components().component(maxClientsPolicyRep.getId()).update(maxClientsPolicyRep);
}
@ -355,11 +369,15 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
// Add some clientTemplates
ClientTemplateRepresentation clientTemplate = new ClientTemplateRepresentation();
clientTemplate.setName("foo");
realmResource().clientTemplates().create(clientTemplate);
Response response = realmResource().clientTemplates().create(clientTemplate);
String fooTemplateId = ApiUtil.getCreatedId(response);
response.close();
clientTemplate = new ClientTemplateRepresentation();
clientTemplate.setName("bar");
realmResource().clientTemplates().create(clientTemplate);
response = realmResource().clientTemplates().create(clientTemplate);
String barTemplateId = ApiUtil.getCreatedId(response);
response.close();
// send request again and test that clientTemplate provider contains added client templates
reps = realmResource().clientRegistrationPolicy().getProviders();
@ -371,6 +389,10 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
clientTemplates = getProviderConfigProperty(clientTemplateRep, ClientTemplatesClientRegistrationPolicyFactory.ALLOWED_CLIENT_TEMPLATES);
Assert.assertNames(clientTemplates, "foo", "bar");
// Revert client templates
realmResource().clientTemplates().get(fooTemplateId).remove();
realmResource().clientTemplates().get(barTemplateId).remove();
}
private List<String> getProviderConfigProperty(ComponentTypeRepresentation provider, String expectedConfigPropName) {
@ -394,12 +416,14 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
@Test
public void testClientTemplatesPolicy() throws Exception {
setTrustedHost("localhost", getPolicyAnon());
setTrustedHost("localhost");
// Add some clientTemplate through Admin REST
ClientTemplateRepresentation clientTemplate = new ClientTemplateRepresentation();
clientTemplate.setName("foo");
realmResource().clientTemplates().create(clientTemplate);
Response response = realmResource().clientTemplates().create(clientTemplate);
String clientTemplateId = ApiUtil.getCreatedId(response);
response.close();
// I can't register new client with this template
ClientRepresentation clientRep = createRep("test-app");
@ -422,17 +446,23 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
// Now the update via clientRegistration is permitted too as template was already set
reg.update(registeredClient);
// Revert client template
realmResource().clients().get(client.getId()).remove();
realmResource().clientTemplates().get(clientTemplateId).remove();
}
@Test
public void testClientTemplatesPolicyWithPermittedTemplate() throws Exception {
setTrustedHost("localhost", getPolicyAnon());
setTrustedHost("localhost");
// Add some clientTemplate through Admin REST
ClientTemplateRepresentation clientTemplate = new ClientTemplateRepresentation();
clientTemplate.setName("foo");
realmResource().clientTemplates().create(clientTemplate);
Response response = realmResource().clientTemplates().create(clientTemplate);
String clientTemplateId = ApiUtil.getCreatedId(response);
response.close();
// I can't register new client with this template
ClientRepresentation clientRep = createRep("test-app");
@ -447,6 +477,10 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
// Check that I can register client now
ClientRepresentation registeredClient = reg.create(clientRep);
Assert.assertNotNull(registeredClient.getRegistrationAccessToken());
// Revert client template
ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
realmResource().clientTemplates().get(clientTemplateId).remove();
}
@ -454,7 +488,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
@Test
public void testProtocolMappersCreate() throws Exception {
setTrustedHost("localhost", getPolicyAnon());
setTrustedHost("localhost");
// Try to add client with some "hardcoded role" mapper. Should fail
ClientRepresentation clientRep = createRep("test-app");
@ -480,6 +514,11 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
clientRep.setProtocolMappers(Collections.singletonList(createHardcodedMapperRep()));
reg.auth(null);
assertFail(ClientRegOp.CREATE, clientRep, 403, "ProtocolMapper type not allowed");
// Revert policy change
ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
protocolMapperPolicyRep.getConfig().remove(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES, HardcodedRole.PROVIDER_ID);
realmResource().components().component(protocolMapperPolicyRep.getId()).update(protocolMapperPolicyRep);
}
@ -497,7 +536,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
@Test
public void testProtocolMappersUpdate() throws Exception {
setTrustedHost("localhost", getPolicyAnon());
setTrustedHost("localhost");
// Check I can add client with allowed protocolMappers
ProtocolMapperRepresentation protocolMapper = new ProtocolMapperRepresentation();
@ -526,12 +565,15 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
// Check I can update client now
reg.update(registeredClient);
// Revert client
ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
}
@Test
public void testProtocolMappersConsentRequired() throws Exception {
setTrustedHost("localhost", getPolicyAnon());
setTrustedHost("localhost");
// Register client and assert it has builtin protocol mappers
ClientRepresentation clientRep = createRep("test-app");
@ -555,12 +597,17 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
return protocolMapper.getProtocolMapper().equals(UserPropertyMapper.PROVIDER_ID);
}).count();
Assert.assertEquals(0, usernamePropMappersCount);
// Revert
ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
protocolMapperPolicyRep.getConfig().getList(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES).add(UserPropertyMapper.PROVIDER_ID);
realmResource().components().component(protocolMapperPolicyRep.getId()).update(protocolMapperPolicyRep);
}
@Test
public void testProtocolMappersRemoveBuiltins() throws Exception {
setTrustedHost("localhost", getPolicyAnon());
setTrustedHost("localhost");
// Change policy to allow hardcoded mapper
@ -577,6 +624,11 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
ProtocolMapperRepresentation hardcodedMapper = registeredClient.getProtocolMappers().get(0);
Assert.assertTrue(hardcodedMapper.isConsentRequired());
Assert.assertEquals("Hardcoded foo role", hardcodedMapper.getConsentText());
// Revert
ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
protocolMapperPolicyRep.getConfig().remove(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES, HardcodedRole.PROVIDER_ID);
realmResource().components().component(protocolMapperPolicyRep.getId()).update(protocolMapperPolicyRep);
}
// HELPER METHODS
@ -601,8 +653,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
return null;
}
private void setTrustedHost(String hostname, String policyType) {
List<ComponentRepresentation> reps = realmResource().components().query(REALM_NAME, getPolicyAnon());
private void setTrustedHost(String hostname) {
ComponentRepresentation trustedHostRep = findPolicyByProviderAndAuth(TrustedHostClientRegistrationPolicyFactory.PROVIDER_ID, getPolicyAnon());
trustedHostRep.getConfig().putSingle(TrustedHostClientRegistrationPolicyFactory.TRUSTED_HOSTS, hostname);
realmResource().components().component(trustedHostRep.getId()).update(trustedHostRep);

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java
View file

@ -52,6 +52,9 @@ public class ClientRegistrationTest extends AbstractClientRegistrationTest {
client = adminClient.realm(REALM_NAME).clients().get(createdClient.getId()).toRepresentation();
assertEquals(CLIENT_ID, client.getClientId());
// Remove this client after test
getCleanup().addClientUuid(createdClient.getId());
return client;
}

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCJwksClientRegistrationTest.java
View file

@ -31,6 +31,7 @@ import javax.ws.rs.core.UriBuilder;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.DefaultHttpClient;
@ -369,12 +370,12 @@ public class OIDCJwksClientRegistrationTest extends AbstractClientRegistrationTe
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
HttpResponse response = sendRequest(oauth.getServiceAccountUrl(), parameters);
CloseableHttpResponse response = sendRequest(oauth.getServiceAccountUrl(), parameters);
return new OAuthClient.AccessTokenResponse(response);
}
private HttpResponse sendRequest(String requestUrl, List<NameValuePair> parameters) throws Exception {
private CloseableHttpResponse sendRequest(String requestUrl, List<NameValuePair> parameters) throws Exception {
CloseableHttpClient client = new DefaultHttpClient();
try {
HttpPost post = new HttpPost(requestUrl);

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/RegistrationAccessTokenTest.java
View file

@ -48,6 +48,7 @@ public class RegistrationAccessTokenTest extends AbstractClientRegistrationTest
c.setRootUrl("http://root");
client = createClient(c);
getCleanup().addClientUuid(client.getId());
c = new ClientRepresentation();
c.setEnabled(true);
@ -55,7 +56,8 @@ public class RegistrationAccessTokenTest extends AbstractClientRegistrationTest
c.setSecret("RegistrationAccessTokenTestClientSecret");
c.setRootUrl("http://root");
createClient(c);
c = createClient(c);
getCleanup().addClientUuid(c.getId());
reg.auth(Auth.token(client.getRegistrationAccessToken()));
}

91
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
View file

@ -155,10 +155,53 @@ public class CompositeRoleTest extends AbstractCompositeKeycloakTest {
}
@Before
public void addScopeMappings() {
public void before() {
if (testContext.isInitialized()) {
return;
}
// addScopeMappings
addRealmLevelScopeMapping("REALM_COMPOSITE_1_APPLICATION", "REALM_COMPOSITE_1");
addRealmLevelScopeMapping("REALM_ROLE_1_APPLICATION", "REALM_ROLE_1");
addClientLevelScopeMapping("APP_COMPOSITE_APPLICATION", "APP_ROLE_APPLICATION", "APP_ROLE_2");
// createRealmAppCompositeRole
ClientResource appRoleApplication = ApiUtil.findClientByClientId(testRealm(), "APP_ROLE_APPLICATION");
RoleResource appRole1 = appRoleApplication.roles().get("APP_ROLE_1");
RoleBuilder realmAppCompositeRole = RoleBuilder.create()
.name("REALM_APP_COMPOSITE_ROLE");
testRealm().roles().create(realmAppCompositeRole.build());
String id = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation().getId();
testRealm().rolesById().addComposites(id, Collections.singletonList(appRole1.toRepresentation()));
// addRealmAppCompositeToUsers
UserResource userRsc = ApiUtil.findUserByUsernameId(testRealm(), "REALM_APP_COMPOSITE_USER");
RoleRepresentation realmAppCompositeRolee = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation();
userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRolee));
// addRealmAppCompositeToUsers2
userRsc = ApiUtil.findUserByUsernameId(testRealm(), "APP_COMPOSITE_USER");
userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRolee));
ClientResource appCompositeApplication = ApiUtil.findClientByClientId(testRealm(), "APP_COMPOSITE_APPLICATION");
RoleResource appCompositeRole = appCompositeApplication.roles().get("APP_COMPOSITE_ROLE");
// addCompositeRolesToAppCompositeRoleInAppCompositeApplication
List<RoleRepresentation> toAdd = new LinkedList<>();
toAdd.add(testRealm().roles().get("REALM_ROLE_1").toRepresentation());
toAdd.add(testRealm().roles().get("REALM_ROLE_2").toRepresentation());
toAdd.add(testRealm().roles().get("REALM_ROLE_3").toRepresentation());
ClientResource appRolesApplication = ApiUtil.findClientByClientId(testRealm(), "APP_ROLE_APPLICATION");
RoleRepresentation appRole1Rep = appRolesApplication.roles().get("APP_ROLE_1").toRepresentation();
toAdd.add(appRole1Rep);
appCompositeRole.addComposites(toAdd);
// Track that we initialized model already
testContext.setInitialized(true);
}
private void addRealmLevelScopeMapping(String clientId, String roleName) {
@ -174,50 +217,6 @@ public class CompositeRoleTest extends AbstractCompositeKeycloakTest {
targetClient.getScopeMappings().clientLevel(sourceClient.toRepresentation().getId()).add(Collections.singletonList(role));
}
@Before
public void createRealmAppCompositeRole() {
ClientResource appRoleApplication = ApiUtil.findClientByClientId(testRealm(), "APP_ROLE_APPLICATION");
RoleResource appRole1 = appRoleApplication.roles().get("APP_ROLE_1");
RoleBuilder realmAppCompositeRole = RoleBuilder.create()
.name("REALM_APP_COMPOSITE_ROLE");
testRealm().roles().create(realmAppCompositeRole.build());
String id = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation().getId();
testRealm().rolesById().addComposites(id, Collections.singletonList(appRole1.toRepresentation()));
}
@Before
public void addRealmAppCompositeToUsers() {
UserResource userRsc = ApiUtil.findUserByUsernameId(testRealm(), "REALM_APP_COMPOSITE_USER");
RoleRepresentation realmAppCompositeRole = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation();
userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRole));
}
@Before
public void addRealmAppCompositeToUser2() {
UserResource userRsc = ApiUtil.findUserByUsernameId(testRealm(), "APP_COMPOSITE_USER");
RoleRepresentation realmAppCompositeRole = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation();
userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRole));
}
@Before
public void addCompositeRolesToAppCompositeRoleInAppCompositeApplication() {
ClientResource appCompositeApplication = ApiUtil.findClientByClientId(testRealm(), "APP_COMPOSITE_APPLICATION");
RoleResource appCompositeRole = appCompositeApplication.roles().get("APP_COMPOSITE_ROLE");
List<RoleRepresentation> toAdd = new LinkedList<>();
toAdd.add(testRealm().roles().get("REALM_ROLE_1").toRepresentation());
toAdd.add(testRealm().roles().get("REALM_ROLE_2").toRepresentation());
toAdd.add(testRealm().roles().get("REALM_ROLE_3").toRepresentation());
ClientResource appRolesApplication = ApiUtil.findClientByClientId(testRealm(), "APP_ROLE_APPLICATION");
RoleRepresentation appRole1 = appRolesApplication.roles().get("APP_ROLE_1").toRepresentation();
toAdd.add(appRole1);
appCompositeRole.addComposites(toAdd);
}
@Page
protected LoginPage loginPage;
@ -361,6 +360,8 @@ public class CompositeRoleTest extends AbstractCompositeKeycloakTest {
realmRoles = userResource.roles().realmLevel().listEffective();
Assert.assertNames(realmRoles, "REALM_COMPOSITE_1", "REALM_ROLE_1");
// Revert
testRealm().roles().get("REALM_ROLE_1").deleteComposites(Collections.singletonList(realmComposite1));
}
}

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java
View file

@ -125,7 +125,9 @@ public abstract class AbstractKerberosTest extends AbstractAuthTest {
oauth.clientId("kerberos-app");
ComponentRepresentation rep = getUserStorageConfiguration();
testRealmResource().components().add(rep);
Response resp = testRealmResource().components().add(rep);
getCleanup().addComponentId(ApiUtil.getCreatedId(resp));
resp.close();
}
@After

28
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java
View file

@ -14,9 +14,12 @@ import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;
import org.apache.commons.io.FileUtils;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.After;
import org.junit.Assert;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
@ -101,6 +104,22 @@ public class UserStorageTest extends AbstractAuthTest {
}
@After
public void removeTestUser() throws URISyntaxException, IOException {
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName("test");
if (realm == null) {
return;
}
UserModel user = session.users().getUserByUsername("thor", realm);
if (user != null) {
session.userLocalStorage().removeUser(realm, user);
session.userCache().clear();
}
});
}
protected ComponentRepresentation newPropProviderRW() {
ComponentRepresentation propProviderRW = new ComponentRepresentation();
propProviderRW.setName("user-props");
@ -114,7 +133,11 @@ public class UserStorageTest extends AbstractAuthTest {
}
protected String addComponent(ComponentRepresentation component) {
return ApiUtil.getCreatedId(testRealmResource().components().add(component));
Response resp = testRealmResource().components().add(component);
resp.close();
String id = ApiUtil.getCreatedId(resp);
getCleanup().addComponentId(id);
return id;
}
private void loginSuccessAndLogout(String username, String password) {
@ -547,6 +570,9 @@ public class UserStorageTest extends AbstractAuthTest {
UserMapStorage.realmRemovals.set(0);
});
// Re-create realm
RealmRepresentation repOrig = testContext.getTestRealmReps().get(0);
adminClient.realms().create(repOrig);
}
@Test

19
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/CustomFlowTest.java
View file

@ -96,6 +96,11 @@ public class CustomFlowTest extends AbstractFlowTest {
public void configureFlows() {
userId = findUser("login-test").getId();
// Do this just once per class
if (testContext.isInitialized()) {
return;
}
AuthenticationFlowRepresentation flow = FlowBuilder.create()
.alias("dummy")
.description("dummy pass through flow")
@ -169,6 +174,8 @@ public class CustomFlowTest extends AbstractFlowTest {
.authenticatorFlow(false)
.build();
testRealm().flows().addExecution(execution);
testContext.setInitialized(true);
}
@ -240,16 +247,16 @@ public class CustomFlowTest extends AbstractFlowTest {
loginPage.login("test-user@localhost", "password");
Assert.assertTrue(termsPage.isCurrent());
// Revert dummy flow
rep.setBrowserFlow("dummy");
testRealm().update(rep);
}
@Test
public void loginSuccess() {
AuthenticatorState state = new AuthenticatorState();
state.setUsername("login-test");
state.setClientId("test-app");
testingClient.testing().updateAuthenticator(state);
oauth.openLoginForm();
@ -264,6 +271,7 @@ public class CustomFlowTest extends AbstractFlowTest {
public void grantTest() throws Exception {
AuthenticatorState state = new AuthenticatorState();
state.setUsername("login-test");
state.setClientId("test-app");
testingClient.testing().updateAuthenticator(state);
grantAccessToken("test-app", "login-test");
@ -297,6 +305,9 @@ public class CustomFlowTest extends AbstractFlowTest {
.removeDetail(Details.CONSENT)
.error(Errors.INVALID_CLIENT_CREDENTIALS)
.assertEvent();
state.setClientId("test-app");
testingClient.testing().updateAuthenticator(state);
}

15
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
View file

@ -30,6 +30,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.AppPage.RequestType;
import org.keycloak.testsuite.pages.ErrorPage;
@ -275,16 +276,6 @@ public class LoginTest extends AbstractTestRealmKeycloakTest {
@Test
// KEYCLOAK-2557
public void loginUserWithEmailAsUsername() {
UserRepresentation rep = UserBuilder.create()
.enabled(true)
.id("foo")
.email("foo")
.username("login@test.com")
.password("password")
.build();
adminClient.realm(userId).users().create(rep);
loginPage.open();
loginPage.login("login@test.com", "password");
@ -363,9 +354,7 @@ public class LoginTest extends AbstractTestRealmKeycloakTest {
} finally {
setPasswordPolicy(null);
UserResource userRsc = adminClient.realm("test").users().get("login-test");
UserBuilder userBuilder = UserBuilder.edit(userRsc.toRepresentation())
.password("password");
userRsc.update(userBuilder.build());
ApiUtil.resetUserPassword(userRsc, "password", false);
}
}

10
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java
View file

@ -79,6 +79,9 @@ public class LogoutTest extends AbstractTestRealmKeycloakTest {
String sessionId2 = events.expectLogin().assertEvent().getSessionId();
assertNotEquals(sessionId, sessionId2);
driver.navigate().to(logoutUrl);
events.expectLogout(sessionId2).detail(Details.REDIRECT_URI, redirectUri).assertEvent();
}
@Test
@ -133,6 +136,10 @@ public class LogoutTest extends AbstractTestRealmKeycloakTest {
// Check session 3 logged-in
oauth.openLoginForm();
events.expectLogin().session(sessionId3).removeDetail(Details.USERNAME).assertEvent();
// Logout session 3 by redirect
driver.navigate().to(oauth.getLogoutUrl().redirectUri(AppPage.baseUrl).build());
events.expectLogout(sessionId3).detail(Details.REDIRECT_URI, AppPage.baseUrl).assertEvent();
}
//KEYCLOAK-2741
@ -198,6 +205,9 @@ public class LogoutTest extends AbstractTestRealmKeycloakTest {
String sessionId2 = events.expectLogin().assertEvent().getSessionId();
assertNotEquals(sessionId, sessionId2);
driver.navigate().to(logoutUrl);
events.expectLogout(sessionId2).removeDetail(Details.REDIRECT_URI).assertEvent();
}
}

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java
View file

@ -130,6 +130,9 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest {
assertEquals("test-user@localhost", user.getEmail());
assertEquals("firstName", user.getFirstName());
assertEquals("lastName", user.getLastName());
testRealm().users().get(userId).remove();
setDuplicateEmailsAllowed(false);
}
@Test

37
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
View file

@ -28,6 +28,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.AppPage.RequestType;
import org.keycloak.testsuite.pages.ErrorPage;
@ -52,41 +53,30 @@ import java.util.concurrent.atomic.AtomicInteger;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
//import org.keycloak.testsuite.Constants;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
* @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
*/
public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
static int lifespan = 0;
private String userId;
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
}
@Before
public void setup() {
UserRepresentation user = UserBuilder.create()
.username("login-test")
.email("login@test.com")
.enabled(true)
.password("password")
.build();
testRealm.getUsers().add(user);
userId = ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
getCleanup().addUserId(userId);
}
@Before
public void setAccessCodeLifespanUserAction() {
// Must do this with adminClient because default is not set until after testRealm.json is loaded.
lifespan = testRealm().toRepresentation().getAccessCodeLifespanUserAction();
}
@Before
public void setUserId() {
userId = findUser("login-test").getId();
}
private static String userId;
@Rule
public GreenMailRule greenMail = new GreenMailRule();
@ -466,6 +456,9 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
assertEquals(0, greenMail.getReceivedMessages().length);
events.expectRequiredAction(EventType.RESET_PASSWORD).session((String) null).user(userId).detail(Details.USERNAME, "login-test").removeDetail(Details.CODE_ID).error("user_disabled").assertEvent();
user.setEnabled(true);
updateUser(user);
}
@Test
@ -501,6 +494,8 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
host[0] = smtpConfig.get("host");
smtpConfig.put("host", "invalid_host");
RealmRepresentation realmRep = testRealm().toRepresentation();
Map<String, String> oldSmtp = realmRep.getSmtpServer();
realmRep.setSmtpServer(smtpConfig);
testRealm().update(realmRep);
@ -520,6 +515,10 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
events.expectRequiredAction(EventType.SEND_RESET_PASSWORD_ERROR).user(userId)
.session((String)null)
.detail(Details.USERNAME, "login-test").removeDetail(Details.CODE_ID).error(Errors.EMAIL_SEND_FAILED).assertEvent();
// Revert SMTP back
realmRep.setSmtpServer(oldSmtp);
testRealm().update(realmRep);
}
private void setPasswordPolicy(String policy) {

19
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java
View file

@ -48,10 +48,6 @@ import java.io.IOException;
*/
public class ScriptAuthenticatorTest extends AbstractFlowTest {
UserRepresentation failUser;
UserRepresentation okayUser;
@Page
protected LoginPage loginPage;
@ -66,7 +62,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
failUser = UserBuilder.create()
UserRepresentation failUser = UserBuilder.create()
.id("fail")
.username("fail")
.email("fail@test.com")
@ -74,7 +70,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
.password("password")
.build();
okayUser = UserBuilder.create()
UserRepresentation okayUser = UserBuilder.create()
.id("user")
.username("user")
.email("user@test.com")
@ -89,6 +85,9 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
@Before
public void configureFlows() throws Exception {
if (testContext.isInitialized()) {
return;
}
String scriptFlow = "scriptBrowser";
@ -134,6 +133,8 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
Response newExecutionConfigResponse = testRealm().flows().newExecutionConfig(scriptAuth, createScriptAuthConfig(scriptAuth, "authenticator-example.js", "/scripts/authenticator-example.js", "simple script based authenticator"));
Assert.assertEquals(201, newExecutionConfigResponse.getStatus());
testContext.setInitialized(true);
}
/**
@ -144,9 +145,9 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
loginPage.open();
loginPage.login(okayUser.getUsername(), "password");
loginPage.login("user", "password");
events.expectLogin().user(okayUser.getId()).detail(Details.USERNAME, okayUser.getUsername()).assertEvent();
events.expectLogin().user("user").detail(Details.USERNAME, "user").assertEvent();
}
/**
@ -157,7 +158,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
loginPage.open();
loginPage.login(failUser.getUsername(), "password");
loginPage.login("fail", "password");
events.expect(EventType.LOGIN_ERROR).user((String)null).error(Errors.USER_NOT_FOUND).assertEvent();
}

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/EmailTest.java
View file

@ -96,6 +96,9 @@ public class EmailTest extends AbstractI18NTest {
MimeMessage message = greenMail.getReceivedMessages()[0];
Assert.assertEquals("Passwort zurückzusetzen", message.getSubject());
// Revert
changeUserLocale("en");
}
}

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedHmacKeyProviderTest.java
View file

@ -80,6 +80,7 @@ public class GeneratedHmacKeyProviderTest extends AbstractKeycloakTest {
Response response = adminClient.realm("test").components().add(rep);
String id = ApiUtil.getCreatedId(response);
response.close();
ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
assertEquals(1, createdRep.getConfig().size());
@ -114,6 +115,7 @@ public class GeneratedHmacKeyProviderTest extends AbstractKeycloakTest {
Response response = adminClient.realm("test").components().add(rep);
String id = ApiUtil.getCreatedId(response);
response.close();
ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
assertEquals(2, createdRep.getConfig().size());
@ -147,6 +149,7 @@ public class GeneratedHmacKeyProviderTest extends AbstractKeycloakTest {
Response response = adminClient.realm("test").components().add(rep);
String id = ApiUtil.getCreatedId(response);
response.close();
ComponentRepresentation component = testingClient.server("test").fetch(RunHelpers.internalComponent(id));
assertEquals(32, Base64Url.decode(component.getConfig().getFirst("secret")).length);

9
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedRsaKeyProviderTest.java
View file

@ -73,6 +73,8 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
Response response = adminClient.realm("test").components().add(rep);
String id = ApiUtil.getCreatedId(response);
getCleanup().addComponentId(id);
response.close();
ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
assertEquals(1, createdRep.getConfig().size());
@ -99,6 +101,8 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
Response response = adminClient.realm("test").components().add(rep);
String id = ApiUtil.getCreatedId(response);
getCleanup().addComponentId(id);
response.close();
ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
assertEquals(2, createdRep.getConfig().size());
@ -124,6 +128,8 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
Response response = adminClient.realm("test").components().add(rep);
String id = ApiUtil.getCreatedId(response);
getCleanup().addComponentId(id);
response.close();
KeysMetadataRepresentation keys = adminClient.realm("test").keys().getKeyMetadata();
@ -153,6 +159,8 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
Response response = adminClient.realm("test").components().add(rep);
String id = ApiUtil.getCreatedId(response);
getCleanup().addComponentId(id);
response.close();
KeysMetadataRepresentation keys = adminClient.realm("test").keys().getKeyMetadata();
@ -187,6 +195,7 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
ErrorRepresentation errorRepresentation = response.readEntity(ErrorRepresentation.class);
assertEquals(error, errorRepresentation.getErrorMessage());
response.close();
}
protected ComponentRepresentation createRep(String name, String providerId) {

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/ImportedRsaKeyProviderTest.java
View file

@ -80,6 +80,7 @@ public class ImportedRsaKeyProviderTest extends AbstractKeycloakTest {
Response response = adminClient.realm("test").components().add(rep);
String id = ApiUtil.getCreatedId(response);
response.close();
ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
assertEquals(ComponentRepresentation.SECRET_VALUE, createdRep.getConfig().getFirst(Attributes.PRIVATE_KEY_KEY));
@ -116,6 +117,7 @@ public class ImportedRsaKeyProviderTest extends AbstractKeycloakTest {
Response response = adminClient.realm("test").components().add(rep);
String id = ApiUtil.getCreatedId(response);
response.close();
ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
assertEquals(ComponentRepresentation.SECRET_VALUE, createdRep.getConfig().getFirst(Attributes.PRIVATE_KEY_KEY));
@ -206,6 +208,7 @@ public class ImportedRsaKeyProviderTest extends AbstractKeycloakTest {
ErrorRepresentation errorRepresentation = response.readEntity(ErrorRepresentation.class);
assertEquals(error, errorRepresentation.getErrorMessage());
response.close();
}
protected ComponentRepresentation createRep(String name, String providerId) {

1
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/JavaKeystoreKeyProviderTest.java
View file

@ -153,6 +153,7 @@ public class JavaKeystoreKeyProviderTest extends AbstractKeycloakTest {
ErrorRepresentation errorRepresentation = response.readEntity(ErrorRepresentation.class);
assertTrue(errorRepresentation.getErrorMessage().startsWith(error));
response.close();
}
protected ComponentRepresentation createRep(String name, long priority) {

13
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/KeyRotationTest.java
View file

@ -37,6 +37,7 @@ import org.keycloak.representations.idm.KeysMetadataRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.AppPage.RequestType;
import org.keycloak.testsuite.pages.LoginPage;
@ -49,6 +50,7 @@ import javax.ws.rs.core.Response;
import java.io.IOException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.util.LinkedList;
import java.util.List;
import static org.junit.Assert.*;
@ -182,6 +184,9 @@ public class KeyRotationTest extends AbstractKeycloakTest {
KeysMetadataRepresentation keyMetadata = adminClient.realm("test").keys().getKeyMetadata();
assertEquals(PemUtils.encodeKey(keys2), keyMetadata.getKeys().get(0).getPublicKey());
dropKeys1();
dropKeys2();
}
@Test
@ -200,6 +205,8 @@ public class KeyRotationTest extends AbstractKeycloakTest {
keys.getConfig().putSingle("priority", "1000" + i);
Response response = adminClient.realm("test").components().add(keys);
assertEquals(201, response.getStatus());
String newId = ApiUtil.getCreatedId(response);
getCleanup().addComponentId(newId);
response.close();
String updatedActiveKid = adminClient.realm("test").keys().getKeyMetadata().getActive().get("RSA");
@ -244,7 +251,8 @@ public class KeyRotationTest extends AbstractKeycloakTest {
config.addFirst(Attributes.PRIVATE_KEY_KEY, privateKeyPem);
rep.setConfig(config);
adminClient.realm("test").components().add(rep);
Response response = adminClient.realm("test").components().add(rep);
response.close();
rep = new ComponentRepresentation();
rep.setName("mycomponent2");
@ -256,7 +264,8 @@ public class KeyRotationTest extends AbstractKeycloakTest {
config.addFirst("priority", priority);
rep.setConfig(config);
adminClient.realm("test").components().add(rep);
response = adminClient.realm("test").components().add(rep);
response.close();
return publicKey;
}

6
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
View file

@ -17,6 +17,7 @@
package org.keycloak.testsuite.oauth;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
@ -50,11 +51,6 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
@Rule
public AssertEvents events = new AssertEvents(this);
@Override
public void beforeAbstractKeycloakTest() throws Exception {
super.beforeAbstractKeycloakTest();
}
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
RealmRepresentation realmRepresentation = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);

67
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java
View file

@ -23,6 +23,7 @@ import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.mime.MultipartEntityBuilder;
import org.apache.http.entity.mime.content.FileBody;
@ -30,6 +31,7 @@ import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
@ -88,6 +90,8 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.ws.rs.core.Response;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotEquals;
@ -99,11 +103,11 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
@Rule
public AssertEvents events = new AssertEvents(this);
private String client1SAUserId;
private static String client1SAUserId;
private RealmRepresentation testRealm;
private ClientRepresentation app1, app2, app3;
private UserRepresentation defaultUser, serviceAccountUser;
private static RealmRepresentation testRealm;
private static ClientRepresentation app1, app2, app3;
private static UserRepresentation defaultUser, serviceAccountUser;
@BeforeClass
public static void beforeClientAuthSignedJWTTest() {
@ -144,15 +148,6 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
realmBuilder.client(app2);
app3 = ClientBuilder.create()
.id(KeycloakModelUtils.generateId())
.clientId("client3")
.directAccessGrants()
.authenticatorType(JWTClientAuthenticator.PROVIDER_ID)
.build();
realmBuilder.client(app3);
// This one is for keystore-client2.p12 , which doesn't work on Sun JDK
// app2.setAttribute(JWTClientAuthenticator.CERTIFICATE_ATTR, "MIICnTCCAYUCBgFPPLGHHjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdjbGllbnQxMB4XDTE1MDgxNzE3MjMzMVoXDTI1MDgxNzE3MjUxMVowEjEQMA4GA1UEAwwHY2xpZW50MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIsatXj38fFD9fHslNrsWrubobudXYwwdZpGYqkHIhuDeSojGvhBSLmKIFmtbHMVcLEbS0dIEsSbNVrwjdFfuRuvd9Vu6Ng0JUC8fRhSeQniC3jcBuP8P4WlXK4+ir3Wlya+T6Hum9b68BiH0KyNZtFGJ6zLHuCcq9Bl0JifvibnUkDeTZPwgJNA9+GxS/x8fAkApcAbJrgBZvr57PwhbgHoZdB8aAY5f5ogbGzKDtSUMvFh+Jah39gWtn7p3VOuuMXA8SugogoH8C5m2itrPBL1UPhAcKUeWiqx4SmZe/lZo7x2WbSecNiFaiqBhIW+QbqCYW6I4u0YvuLuEe3+TC8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAZzW5DZviCxUQdV5Ab07PZkUfvImHZ73oWWHZqzUQtZtbVdzfp3cnbb2wyXtlOvingO3hgpoTxV8vbKgLbIQfvkGGHBG1F5e0QVdtikfdcwWb7cy4/9F80OD7cgG0ZAzFbQ8ZY7iS3PToBp3+4tbIK2NK0ntt/MYgJnPbHeG4V4qfgUbFm1YgEK7WpbSVU8jGuJ5DWE+mlYgECZKZ5TSlaVGs2XOm6WXrJScucNekwcBWWiHyRsFHZEDzWmzt8TLTLnnb0vVjhx3qCYxah3RbyyMZm6WLZlLAaGEcwNDO8jaA3hAjrxoOA1xEaolQfGVsb/ElelHcR1Zfe0u4Ekd4tw==");
@ -177,6 +172,20 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
testRealms.add(testRealm);
}
@Before
public void recreateApp3() {
app3 = ClientBuilder.create()
.id(KeycloakModelUtils.generateId())
.clientId("client3")
.directAccessGrants()
.authenticatorType(JWTClientAuthenticator.PROVIDER_ID)
.build();
Response resp = adminClient.realm("test").clients().create(app3);
getCleanup().addClientUuid(ApiUtil.getCreatedId(resp));
resp.close();
}
// TEST SUCCESS
@Test
@ -452,7 +461,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
List<NameValuePair> parameters = new LinkedList<NameValuePair>();
parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CLIENT_CREDENTIALS));
HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
assertError(response, null, "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
@ -464,7 +473,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CLIENT_CREDENTIALS));
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, "invalid"));
HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
assertError(response, null, "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
@ -476,7 +485,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CLIENT_CREDENTIALS));
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
assertError(response, null, "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
@ -491,7 +500,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
assertError(response, null, "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
@ -506,7 +515,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
assertError(response, "unknown-client", "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
@ -524,12 +533,12 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
assertError(response, "client1", "invalid_client", Errors.CLIENT_DISABLED);
ClientManager.realm(adminClient.realm("test")).clientId("client1").enabled(false);
ClientManager.realm(adminClient.realm("test")).clientId("client1").enabled(true);
}
@Test
@ -553,7 +562,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
assertError(response, "client1", "unauthorized_client", "client_credentials_setup_required");
@ -571,7 +580,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
assertError(response, "client1", "unauthorized_client", AuthenticationFlowError.CLIENT_CREDENTIALS_SETUP_REQUIRED.toString().toLowerCase());
@ -589,7 +598,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
setTimeOffset(0);
@ -608,7 +617,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
setTimeOffset(0);
@ -733,7 +742,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
HttpResponse response = sendRequest(oauth.getAccessTokenUrl(), parameters);
CloseableHttpResponse response = sendRequest(oauth.getAccessTokenUrl(), parameters);
return new OAuthClient.AccessTokenResponse(response);
}
@ -744,7 +753,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
HttpResponse response = sendRequest(oauth.getRefreshTokenUrl(), parameters);
CloseableHttpResponse response = sendRequest(oauth.getRefreshTokenUrl(), parameters);
return new OAuthClient.AccessTokenResponse(response);
}
@ -764,7 +773,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
HttpResponse response = sendRequest(oauth.getServiceAccountUrl(), parameters);
CloseableHttpResponse response = sendRequest(oauth.getServiceAccountUrl(), parameters);
return new OAuthClient.AccessTokenResponse(response);
}
@ -776,11 +785,11 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
HttpResponse response = sendRequest(oauth.getResourceOwnerPasswordCredentialGrantUrl(), parameters);
CloseableHttpResponse response = sendRequest(oauth.getResourceOwnerPasswordCredentialGrantUrl(), parameters);
return new OAuthClient.AccessTokenResponse(response);
}
private HttpResponse sendRequest(String requestUrl, List<NameValuePair> parameters) throws Exception {
private CloseableHttpResponse sendRequest(String requestUrl, List<NameValuePair> parameters) throws Exception {
CloseableHttpClient client = new DefaultHttpClient();
try {
HttpPost post = new HttpPost(requestUrl);

6
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
View file

@ -17,6 +17,7 @@
package org.keycloak.testsuite.oauth;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.After;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
@ -70,11 +71,6 @@ public class OAuthGrantTest extends AbstractKeycloakTest {
@Page
protected AppPage appPage;
@Override
public void beforeAbstractKeycloakTest() throws Exception {
super.beforeAbstractKeycloakTest();
}
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {

26
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java
View file

@ -22,12 +22,14 @@ import java.util.List;
import java.util.Map;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ProtocolMappersResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.testsuite.util.ProtocolMapperUtil;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.mappers.AddressMapper;
import org.keycloak.representations.AccessToken;
@ -83,6 +85,15 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
oauth.clientId("test-app");
}
private void deleteMappers(ProtocolMappersResource protocolMappers) {
ProtocolMapperRepresentation mapper = ProtocolMapperUtil.getMapperByNameAndProtocol(protocolMappers, OIDCLoginProtocol.LOGIN_PROTOCOL, "Realm roles mapper");
protocolMappers.delete(mapper.getId());
mapper = ProtocolMapperUtil.getMapperByNameAndProtocol(protocolMappers, OIDCLoginProtocol.LOGIN_PROTOCOL, "Client roles mapper");
protocolMappers.delete(mapper.getId());
}
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
RealmRepresentation realm = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
@ -245,6 +256,9 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
assertRoles(testAppMappings,
"customer-user" // from direct assignment in user definition
);
// Revert
deleteMappers(protocolMappers);
}
@ -280,6 +294,9 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
"ta.customer-admin", // from client role customer-admin-composite-role - client role for test-app
"ta.sample-client-role" // from realm role realm-composite-role - client role for test-app
);
// Revert
deleteMappers(protocolMappers);
}
@Test
@ -310,6 +327,9 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
"pref.sample-realm-role" // from realm role realm-composite-role
);
assertRoles(testAppAuthzMappings); // There is no client role defined for test-app-authz
// Revert
deleteMappers(protocolMappers);
}
@Test
@ -339,6 +359,9 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
assertRoles(testAppScopeMappings,
"test-app-allowed-by-scope" // from direct assignment to roleRichUser, present as scope allows it
);
// Revert
deleteMappers(protocolMappers);
}
@Test
@ -369,6 +392,9 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
"test-app-allowed-by-scope", // from direct assignment to roleRichUser, present as scope allows it
"customer-admin-composite-role" // from direct assignment to /roleRichGroup/level2group, present as scope allows it
);
// Revert
deleteMappers(protocolMappers);
}
private void assertRoles(String actualRoleString, String...expectedRoles) {

7
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java
View file

@ -59,6 +59,8 @@ import org.keycloak.util.TokenUtil;
import java.util.Collections;
import java.util.List;
import javax.ws.rs.NotFoundException;
import static org.junit.Assert.assertEquals;
import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson;
import static org.keycloak.testsuite.admin.ApiUtil.findRealmRoleByName;
@ -253,8 +255,11 @@ public class OfflineTokenTest extends AbstractKeycloakTest {
// Assert userSession expired
testingClient.testing().removeExpired("test");
try {
testingClient.testing().removeUserSession("test", sessionId);
} catch (NotFoundException nfe) {
// Ignore
}
OAuthClient.AccessTokenResponse response = oauth.doRefreshTokenRequest(offlineTokenString, "secret1");
AccessToken refreshedToken = oauth.verifyToken(response.getAccessToken());

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AuthnRequestNameIdFormatTest.java
View file

@ -143,6 +143,11 @@ public class AuthnRequestNameIdFormatTest extends AbstractSamlTest {
clientRes.update(client);
testLoginWithNameIdPolicy(Binding.REDIRECT, Binding.POST, null, is("bburke"));
// Revert
client = clientRes.toRepresentation();
client.getAttributes().put(SamlConfigAttributes.SAML_FORCE_POST_BINDING, "false");
clientRes.update(client);
}
}

15
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AdminEventPaths.java
View file

@ -25,6 +25,7 @@ import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ClientTemplateResource;
import org.keycloak.admin.client.resource.ClientTemplatesResource;
import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.admin.client.resource.ComponentsResource;
import org.keycloak.admin.client.resource.GroupResource;
import org.keycloak.admin.client.resource.GroupsResource;
import org.keycloak.admin.client.resource.IdentityProviderResource;
@ -282,6 +283,20 @@ public class AdminEventPaths {
return uri.toString();
}
// COMPONENTS
public static String componentsPath() {
URI uri = UriBuilder.fromUri("").path(RealmResource.class, "components").build();
return uri.toString();
}
public static String componentPath(String componentId) {
URI uri = UriBuilder.fromUri(componentsPath()).path(ComponentsResource.class, "component").build(componentId);
return uri.toString();
}
// CLIENT INITIAL ACCESS
public static String clientInitialAccessPath(String clientInitialAccessId) {

9
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java
View file

@ -64,7 +64,7 @@ public class AssertAdminEvents implements TestRule {
@Override
public void evaluate() throws Throwable {
// TODO: Ideally clear the queue just before testClass rather then before each method
context.getTestingClient().testing().clearAdminEventQueue();
clear();
base.evaluate();
// TODO Test should fail if there are leftover events
}
@ -85,12 +85,7 @@ public class AssertAdminEvents implements TestRule {
// Clears both "classic" and admin events for now
public void clear() {
Response res = context.getTestingClient().testing().clearAdminEventQueue();
try {
Assert.assertEquals("clear-admin-event-queue success", res.getStatus(), 200);
} finally {
res.close();
}
context.getTestingClient().testing().clearAdminEventQueue();
}
private AdminEventRepresentation fetchNextEvent() {

11
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ProtocolMapperUtil.java
View file

@ -1,6 +1,8 @@
package org.keycloak.testsuite.util;
import org.keycloak.admin.client.resource.ProtocolMappersResource;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.protocol.ProtocolMapper;
import org.keycloak.protocol.oidc.mappers.AddressMapper;
import org.keycloak.protocol.oidc.mappers.HardcodedClaim;
import org.keycloak.protocol.oidc.mappers.HardcodedRole;
@ -123,4 +125,13 @@ public class ProtocolMapperUtil {
return ModelToRepresentation.toRepresentation(UserClientRoleMappingMapper.create(clientId, clientRolePrefix, name, tokenClaimName, accessToken, idToken));
}
public static ProtocolMapperRepresentation getMapperByNameAndProtocol(ProtocolMappersResource protocolMappers, String protocol, String name) {
for (ProtocolMapperRepresentation mapper : protocolMappers.getMappersPerProtocol(protocol)) {
if (name.equals(mapper.getName())) {
return mapper;
}
}
return null;
}
}