Removing tests from base group broker mapper test classes
This commit is contained in:
Pedro Igor
parent
9b01bf382d
commit
1a1ee78dbd
4 changed files with 349 additions and 332 deletions
|
|
@ -1,209 +0,0 @@
|
|||
package org.keycloak.testsuite.broker;
|
||||
|
||||
import static org.keycloak.models.IdentityProviderMapperSyncMode.FORCE;
|
||||
import static org.keycloak.models.IdentityProviderMapperSyncMode.IMPORT;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.keycloak.models.IdentityProviderMapperSyncMode;
|
||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
|
||||
import com.google.common.collect.ImmutableList;
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:artur.baltabayev@bosch.io">Artur Baltabayev</a>,
|
||||
* <a href="mailto:daniel.fesenmeyer@bosch.io">Daniel Fesenmeyer</a>
|
||||
*/
|
||||
public abstract class AbstractAdvancedGroupMapperTest extends AbstractGroupMapperTest {
|
||||
|
||||
private static final String CLAIMS_OR_ATTRIBUTES = "[\n" +
|
||||
" {\n" +
|
||||
" \"key\": \"" + KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME + "\",\n" +
|
||||
" \"value\": \"value 1\"\n" +
|
||||
" },\n" +
|
||||
" {\n" +
|
||||
" \"key\": \"" + KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2 + "\",\n" +
|
||||
" \"value\": \"value 2\"\n" +
|
||||
" }\n" +
|
||||
"]";
|
||||
|
||||
private static final String CLAIMS_OR_ATTRIBUTES_REGEX = "[\n" +
|
||||
" {\n" +
|
||||
" \"key\": \"" + KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME + "\",\n" +
|
||||
" \"value\": \"va.*\"\n" +
|
||||
" },\n" +
|
||||
" {\n" +
|
||||
" \"key\": \"" + KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2 + "\",\n" +
|
||||
" \"value\": \"value 2\"\n" +
|
||||
" }\n" +
|
||||
"]";
|
||||
|
||||
private String newValueForAttribute2 = "";
|
||||
|
||||
@Test
|
||||
public void allValuesMatch() {
|
||||
createAdvancedGroupMapper(CLAIMS_OR_ATTRIBUTES, false, MAPPER_TEST_GROUP_PATH);
|
||||
createUserInProviderRealm(createMatchingAttributes());
|
||||
|
||||
logInAsUserInIDPForFirstTimeAndAssertSuccess();
|
||||
|
||||
UserRepresentation user = findUser(bc.consumerRealmName(), bc.getUserLogin(), bc.getUserEmail());
|
||||
assertThatUserHasBeenAssignedToGroup(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void valuesMismatch() {
|
||||
createAdvancedGroupMapper(CLAIMS_OR_ATTRIBUTES, false, MAPPER_TEST_GROUP_PATH);
|
||||
createUserInProviderRealm(ImmutableMap.<String, List<String>>builder()
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME, ImmutableList.<String>builder().add("value 1").build())
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2, ImmutableList.<String>builder().add("value mismatch").build())
|
||||
.build());
|
||||
|
||||
logInAsUserInIDPForFirstTimeAndAssertSuccess();
|
||||
|
||||
UserRepresentation user = findUser(bc.consumerRealmName(), bc.getUserLogin(), bc.getUserEmail());
|
||||
assertThatUserHasNotBeenAssignedToGroup(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void valuesMatchIfNoClaimsSpecified() {
|
||||
createAdvancedGroupMapper("[]", false, MAPPER_TEST_GROUP_PATH);
|
||||
createUserInProviderRealm(ImmutableMap.<String, List<String>>builder()
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME, ImmutableList.<String>builder().add("some value").build())
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2, ImmutableList.<String>builder().add("some value").build())
|
||||
.build());
|
||||
|
||||
logInAsUserInIDPForFirstTimeAndAssertSuccess();
|
||||
|
||||
UserRepresentation user = findUser(bc.consumerRealmName(), bc.getUserLogin(), bc.getUserEmail());
|
||||
assertThatUserHasBeenAssignedToGroup(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void allValuesMatchRegex() {
|
||||
createAdvancedGroupMapper(CLAIMS_OR_ATTRIBUTES_REGEX, true, MAPPER_TEST_GROUP_PATH);
|
||||
createUserInProviderRealm(createMatchingAttributes());
|
||||
|
||||
logInAsUserInIDPForFirstTimeAndAssertSuccess();
|
||||
|
||||
UserRepresentation user = findUser(bc.consumerRealmName(), bc.getUserLogin(), bc.getUserEmail());
|
||||
assertThatUserHasBeenAssignedToGroup(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void valuesMismatchRegex() {
|
||||
createAdvancedGroupMapper(CLAIMS_OR_ATTRIBUTES_REGEX, true, MAPPER_TEST_GROUP_PATH);
|
||||
createUserInProviderRealm(ImmutableMap.<String, List<String>>builder()
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME, ImmutableList.<String>builder().add("mismatch").build())
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2, ImmutableList.<String>builder().add("value 2").build())
|
||||
.build());
|
||||
|
||||
logInAsUserInIDPForFirstTimeAndAssertSuccess();
|
||||
|
||||
UserRepresentation user = findUser(bc.consumerRealmName(), bc.getUserLogin(), bc.getUserEmail());
|
||||
assertThatUserHasNotBeenAssignedToGroup(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void updateBrokeredUserMismatchLeavesGroup() {
|
||||
newValueForAttribute2 = "value mismatch";
|
||||
UserRepresentation user = createMapperAndLoginAsUserTwiceWithMapper(FORCE, false, MAPPER_TEST_GROUP_PATH);
|
||||
|
||||
assertThatUserHasNotBeenAssignedToGroup(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void updateBrokeredUserMismatchDoesNotLeaveGroupInImportMode() {
|
||||
newValueForAttribute2 = "value mismatch";
|
||||
UserRepresentation user = createMapperAndLoginAsUserTwiceWithMapper(IMPORT, false, MAPPER_TEST_GROUP_PATH);
|
||||
|
||||
assertThatUserHasBeenAssignedToGroup(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void updateBrokeredUserMatchDoesntLeaveGroup() {
|
||||
newValueForAttribute2 = "value 2";
|
||||
UserRepresentation user = createMapperAndLoginAsUserTwiceWithMapper(FORCE, false, MAPPER_TEST_GROUP_PATH);
|
||||
|
||||
assertThatUserHasBeenAssignedToGroup(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void tryToUpdateBrokeredUserWithMissingGroupDoesNotBreakLogin() {
|
||||
newValueForAttribute2 = "value 2";
|
||||
UserRepresentation user =
|
||||
createMapperAndLoginAsUserTwiceWithMapper(FORCE, true, MAPPER_TEST_NOT_EXISTING_GROUP_PATH);
|
||||
|
||||
assertThatUserDoesNotHaveGroups(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void updateBrokeredUserIsAssignedToGroupInForceModeWhenCreatingTheMapperAfterFirstLogin() {
|
||||
newValueForAttribute2 = "value 2";
|
||||
UserRepresentation user = createMapperAndLoginAsUserTwiceWithMapper(FORCE, true, MAPPER_TEST_GROUP_PATH);
|
||||
|
||||
assertThatUserHasBeenAssignedToGroup(user);
|
||||
}
|
||||
|
||||
public UserRepresentation createMapperAndLoginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode syncMode,
|
||||
boolean createAfterFirstLogin, String groupPath) {
|
||||
return loginAsUserTwiceWithMapper(syncMode, createAfterFirstLogin, createMatchingAttributes(), groupPath);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void updateUser() {
|
||||
UserRepresentation user = findUser(bc.providerRealmName(), bc.getUserLogin(), bc.getUserEmail());
|
||||
ImmutableMap<String, List<String>> matchingAttributes = ImmutableMap.<String, List<String>>builder()
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME, ImmutableList.<String>builder().add("value 1").build())
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2, ImmutableList.<String>builder().add(newValueForAttribute2).build())
|
||||
.put("some.other.attribute", ImmutableList.<String>builder().add("some value").build())
|
||||
.build();
|
||||
user.setAttributes(matchingAttributes);
|
||||
adminClient.realm(bc.providerRealmName()).users().get(user.getId()).update(user);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@Override
|
||||
protected String createMapperInIdp(IdentityProviderRepresentation idp, IdentityProviderMapperSyncMode syncMode,
|
||||
String groupPath) {
|
||||
return createMapperInIdp(idp, CLAIMS_OR_ATTRIBUTES, false, syncMode, groupPath);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String setupScenarioWithGroupPath(String groupPath) {
|
||||
String mapperId = createAdvancedGroupMapper(CLAIMS_OR_ATTRIBUTES, false, groupPath);
|
||||
createUserInProviderRealm(createMatchingAttributes());
|
||||
return mapperId;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void setupScenarioWithNonExistingGroup() {
|
||||
createAdvancedGroupMapper(CLAIMS_OR_ATTRIBUTES, false, MAPPER_TEST_NOT_EXISTING_GROUP_PATH);
|
||||
createUserInProviderRealm(createMatchingAttributes());
|
||||
}
|
||||
|
||||
protected String createAdvancedGroupMapper(String claimsOrAttributeRepresentation,
|
||||
boolean areClaimsOrAttributeValuesRegexes, String groupPath) {
|
||||
IdentityProviderRepresentation idp = setupIdentityProvider();
|
||||
return createMapperInIdp(idp, claimsOrAttributeRepresentation, areClaimsOrAttributeValuesRegexes, IMPORT,
|
||||
groupPath);
|
||||
}
|
||||
|
||||
abstract protected String createMapperInIdp(
|
||||
IdentityProviderRepresentation idp, String claimsOrAttributeRepresentation,
|
||||
boolean areClaimsOrAttributeValuesRegexes, IdentityProviderMapperSyncMode syncMode, String groupPath);
|
||||
|
||||
private static Map<String, List<String>> createMatchingAttributes() {
|
||||
return ImmutableMap.<String, List<String>> builder()
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME,
|
||||
ImmutableList.<String> builder().add("value 1").build())
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2,
|
||||
ImmutableList.<String> builder().add("value 2").build())
|
||||
.build();
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,114 @@
|
|||
/*
|
||||
* Copyright 2022 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.testsuite.broker;
|
||||
|
||||
import static org.keycloak.models.IdentityProviderMapperSyncMode.IMPORT;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import org.keycloak.models.IdentityProviderMapperSyncMode;
|
||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import com.google.common.collect.ImmutableList;
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
|
||||
public abstract class AbstractGroupBrokerMapperTest extends AbstractGroupMapperTest {
|
||||
|
||||
protected static final String CLAIMS_OR_ATTRIBUTES = "[\n" +
|
||||
" {\n" +
|
||||
" \"key\": \"" + KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME + "\",\n" +
|
||||
" \"value\": \"value 1\"\n" +
|
||||
" },\n" +
|
||||
" {\n" +
|
||||
" \"key\": \"" + KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2 + "\",\n" +
|
||||
" \"value\": \"value 2\"\n" +
|
||||
" }\n" +
|
||||
"]";
|
||||
|
||||
protected static final String CLAIMS_OR_ATTRIBUTES_REGEX = "[\n" +
|
||||
" {\n" +
|
||||
" \"key\": \"" + KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME + "\",\n" +
|
||||
" \"value\": \"va.*\"\n" +
|
||||
" },\n" +
|
||||
" {\n" +
|
||||
" \"key\": \"" + KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2 + "\",\n" +
|
||||
" \"value\": \"value 2\"\n" +
|
||||
" }\n" +
|
||||
"]";
|
||||
|
||||
protected String newValueForAttribute2 = "";
|
||||
|
||||
public UserRepresentation createMapperAndLoginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode syncMode,
|
||||
boolean createAfterFirstLogin, String groupPath) {
|
||||
return loginAsUserTwiceWithMapper(syncMode, createAfterFirstLogin, createMatchingAttributes(), groupPath);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void updateUser() {
|
||||
UserRepresentation user = findUser(bc.providerRealmName(), bc.getUserLogin(), bc.getUserEmail());
|
||||
ImmutableMap<String, List<String>> matchingAttributes = ImmutableMap.<String, List<String>>builder()
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME, ImmutableList.<String>builder().add("value 1").build())
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2, ImmutableList.<String>builder().add(newValueForAttribute2).build())
|
||||
.put("some.other.attribute", ImmutableList.<String>builder().add("some value").build())
|
||||
.build();
|
||||
user.setAttributes(matchingAttributes);
|
||||
adminClient.realm(bc.providerRealmName()).users().get(user.getId()).update(user);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@Override
|
||||
protected String createMapperInIdp(IdentityProviderRepresentation idp, IdentityProviderMapperSyncMode syncMode,
|
||||
String groupPath) {
|
||||
return createMapperInIdp(idp, CLAIMS_OR_ATTRIBUTES, false, syncMode, groupPath);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String setupScenarioWithGroupPath(String groupPath) {
|
||||
String mapperId = createAdvancedGroupMapper(CLAIMS_OR_ATTRIBUTES, false, groupPath);
|
||||
createUserInProviderRealm(createMatchingAttributes());
|
||||
return mapperId;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void setupScenarioWithNonExistingGroup() {
|
||||
createAdvancedGroupMapper(CLAIMS_OR_ATTRIBUTES, false, MAPPER_TEST_NOT_EXISTING_GROUP_PATH);
|
||||
createUserInProviderRealm(createMatchingAttributes());
|
||||
}
|
||||
|
||||
protected String createAdvancedGroupMapper(String claimsOrAttributeRepresentation,
|
||||
boolean areClaimsOrAttributeValuesRegexes, String groupPath) {
|
||||
IdentityProviderRepresentation idp = setupIdentityProvider();
|
||||
return createMapperInIdp(idp, claimsOrAttributeRepresentation, areClaimsOrAttributeValuesRegexes, IMPORT,
|
||||
groupPath);
|
||||
}
|
||||
|
||||
abstract protected String createMapperInIdp(
|
||||
IdentityProviderRepresentation idp, String claimsOrAttributeRepresentation,
|
||||
boolean areClaimsOrAttributeValuesRegexes, IdentityProviderMapperSyncMode syncMode, String groupPath);
|
||||
|
||||
protected static Map<String, List<String>> createMatchingAttributes() {
|
||||
return ImmutableMap.<String, List<String>> builder()
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME,
|
||||
ImmutableList.<String> builder().add("value 1").build())
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2,
|
||||
ImmutableList.<String> builder().add("value 2").build())
|
||||
.build();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -60,127 +60,6 @@ public abstract class AbstractGroupMapperTest extends AbstractIdentityProviderMa
|
|||
mapperGroupId = CreatedResponseUtil.getCreatedId(response);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void tryToCreateBrokeredUserWithNonExistingGroupDoesNotBreakLogin() {
|
||||
setupScenarioWithNonExistingGroup();
|
||||
|
||||
logInAsUserInIDPForFirstTimeAndAssertSuccess();
|
||||
|
||||
UserRepresentation user = findUser(bc.consumerRealmName(), bc.getUserLogin(), bc.getUserEmail());
|
||||
assertThatUserDoesNotHaveGroups(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void mapperStillWorksWhenTopLevelGroupIsConvertedToSubGroup() {
|
||||
final String mapperId = setupScenarioWithGroupPath(MAPPER_TEST_GROUP_PATH);
|
||||
|
||||
String newParentGroupName = "new-parent";
|
||||
GroupRepresentation newParentGroup = new GroupRepresentation();
|
||||
newParentGroup.setName(newParentGroupName);
|
||||
String newParentGroupId = CreatedResponseUtil.getCreatedId(realm.groups().add(newParentGroup));
|
||||
|
||||
GroupRepresentation mappedGroup = realm.groups().group(mapperGroupId).toRepresentation();
|
||||
realm.groups().group(newParentGroupId).subGroup(mappedGroup).close();
|
||||
|
||||
String expectedNewGroupPath = buildGroupPath(newParentGroupName, MAPPER_TEST_GROUP_NAME);
|
||||
|
||||
assertMapperHasExpectedPathAndSucceeds(mapperId, expectedNewGroupPath);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void mapperStillWorksWhenSubGroupChangesParent() {
|
||||
String parentGroupName = "parent-group";
|
||||
GroupRepresentation parentGroup = new GroupRepresentation();
|
||||
parentGroup.setName(parentGroupName);
|
||||
String parentGroupId = CreatedResponseUtil.getCreatedId(realm.groups().add(parentGroup));
|
||||
|
||||
GroupRepresentation mappedGroup = realm.groups().group(mapperGroupId).toRepresentation();
|
||||
realm.groups().group(parentGroupId).subGroup(mappedGroup).close();
|
||||
|
||||
String initialGroupPath = buildGroupPath(parentGroupName, MAPPER_TEST_GROUP_NAME);
|
||||
|
||||
final String mapperId = setupScenarioWithGroupPath(initialGroupPath);
|
||||
|
||||
String newParentGroupName = "new-parent-group";
|
||||
GroupRepresentation newParentGroup = new GroupRepresentation();
|
||||
newParentGroup.setName(newParentGroupName);
|
||||
String newParentGroupId = CreatedResponseUtil.getCreatedId(realm.groups().add(newParentGroup));
|
||||
|
||||
realm.groups().group(newParentGroupId).subGroup(mappedGroup).close();
|
||||
|
||||
String expectedNewGroupPath = buildGroupPath(newParentGroupName, MAPPER_TEST_GROUP_NAME);
|
||||
|
||||
assertMapperHasExpectedPathAndSucceeds(mapperId, expectedNewGroupPath);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void mapperStillWorksWhenSubGroupIsConvertedToTopLevelGroup() {
|
||||
String parentGroupName = "parent-group";
|
||||
GroupRepresentation parentGroup = new GroupRepresentation();
|
||||
parentGroup.setName(parentGroupName);
|
||||
String parentGroupId = CreatedResponseUtil.getCreatedId(realm.groups().add(parentGroup));
|
||||
|
||||
GroupRepresentation mappedGroup = realm.groups().group(mapperGroupId).toRepresentation();
|
||||
realm.groups().group(parentGroupId).subGroup(mappedGroup).close();
|
||||
|
||||
String initialGroupPath = buildGroupPath(parentGroupName, MAPPER_TEST_GROUP_NAME);
|
||||
|
||||
final String mapperId = setupScenarioWithGroupPath(initialGroupPath);
|
||||
|
||||
// convert the mapped group to a top-level group
|
||||
realm.groups().add(realm.groups().group(mapperGroupId).toRepresentation());
|
||||
|
||||
String expectedNewGroupPath = buildGroupPath(MAPPER_TEST_GROUP_NAME);
|
||||
|
||||
assertMapperHasExpectedPathAndSucceeds(mapperId, expectedNewGroupPath);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void mapperStillWorksWhenGroupIsRenamed() {
|
||||
final String mapperId = setupScenarioWithGroupPath(MAPPER_TEST_GROUP_PATH);
|
||||
|
||||
String newGroupName = "new-name-" + MAPPER_TEST_GROUP_NAME;
|
||||
GroupRepresentation mappedGroup = realm.groups().group(mapperGroupId).toRepresentation();
|
||||
mappedGroup.setName(newGroupName);
|
||||
realm.groups().group(mapperGroupId).update(mappedGroup);
|
||||
|
||||
String expectedNewGroupPath = buildGroupPath(newGroupName);
|
||||
|
||||
assertMapperHasExpectedPathAndSucceeds(mapperId, expectedNewGroupPath);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void mapperStillWorksWhenAncestorGroupIsRenamed() {
|
||||
String topLevelGroupName = "top-level";
|
||||
GroupRepresentation topLevelGroup = new GroupRepresentation();
|
||||
topLevelGroup.setName(topLevelGroupName);
|
||||
String topLevelGroupId = CreatedResponseUtil.getCreatedId(realm.groups().add(topLevelGroup));
|
||||
|
||||
String midLevelGroupName = "mid-level";
|
||||
GroupRepresentation midLevelGroup = new GroupRepresentation();
|
||||
midLevelGroup.setName(midLevelGroupName);
|
||||
String midLevelGroupId = CreatedResponseUtil.getCreatedId(realm.groups().add(midLevelGroup));
|
||||
|
||||
midLevelGroup = realm.groups().group(midLevelGroupId).toRepresentation();
|
||||
realm.groups().group(topLevelGroupId).subGroup(midLevelGroup).close();
|
||||
|
||||
GroupRepresentation mappedGroup = realm.groups().group(mapperGroupId).toRepresentation();
|
||||
realm.groups().group(midLevelGroupId).subGroup(mappedGroup).close();
|
||||
|
||||
String initialGroupPath = buildGroupPath(topLevelGroupName, midLevelGroupName, MAPPER_TEST_GROUP_NAME);
|
||||
|
||||
final String mapperId = setupScenarioWithGroupPath(initialGroupPath);
|
||||
|
||||
String newTopLevelGroupName = "new-name-" + topLevelGroupName;
|
||||
topLevelGroup = realm.groups().group(topLevelGroupId).toRepresentation();
|
||||
topLevelGroup.setName(newTopLevelGroupName);
|
||||
realm.groups().group(topLevelGroupId).update(topLevelGroup);
|
||||
|
||||
String expectedNewGroupPath = buildGroupPath(newTopLevelGroupName, midLevelGroupName, MAPPER_TEST_GROUP_NAME);
|
||||
|
||||
assertMapperHasExpectedPathAndSucceeds(mapperId, expectedNewGroupPath);
|
||||
}
|
||||
|
||||
protected UserRepresentation loginAsUserTwiceWithMapper(
|
||||
IdentityProviderMapperSyncMode syncMode, boolean createAfterFirstLogin,
|
||||
Map<String, List<String>> userConfig, String groupPath) {
|
||||
|
|
@ -213,7 +92,7 @@ public abstract class AbstractGroupMapperTest extends AbstractIdentityProviderMa
|
|||
return user;
|
||||
}
|
||||
|
||||
private void assertMapperHasExpectedPathAndSucceeds(String mapperId, String expectedGroupPath) {
|
||||
protected void assertMapperHasExpectedPathAndSucceeds(String mapperId, String expectedGroupPath) {
|
||||
IdentityProviderMapperRepresentation mapper =
|
||||
realm.identityProviders().get(bc.getIDPAlias()).getMapperById(mapperId);
|
||||
Map<String, String> config = mapper.getConfig();
|
||||
|
|
|
|||
|
|
@ -1,14 +1,22 @@
|
|||
package org.keycloak.testsuite.broker;
|
||||
|
||||
import static org.keycloak.models.IdentityProviderMapperSyncMode.FORCE;
|
||||
import static org.keycloak.models.IdentityProviderMapperSyncMode.IMPORT;
|
||||
|
||||
import java.util.List;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.CreatedResponseUtil;
|
||||
import org.keycloak.admin.client.resource.IdentityProviderResource;
|
||||
import org.keycloak.broker.oidc.mappers.AdvancedClaimToGroupMapper;
|
||||
import org.keycloak.broker.provider.ConfigConstants;
|
||||
import org.keycloak.models.IdentityProviderMapperModel;
|
||||
import org.keycloak.models.IdentityProviderMapperSyncMode;
|
||||
import org.keycloak.representations.idm.GroupRepresentation;
|
||||
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
|
||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
|
||||
import com.google.common.collect.ImmutableList;
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
|
||||
import javax.ws.rs.core.Response;
|
||||
|
|
@ -17,7 +25,7 @@ import javax.ws.rs.core.Response;
|
|||
* @author <a href="mailto:artur.baltabayev@bosch.io">Artur Baltabayev</a>,
|
||||
* <a href="mailto:daniel.fesenmeyer@bosch.io">Daniel Fesenmeyer</a>
|
||||
*/
|
||||
public class OidcAdvancedClaimToGroupMapperTest extends AbstractAdvancedGroupMapperTest {
|
||||
public class OidcAdvancedClaimToGroupMapperTest extends AbstractGroupBrokerMapperTest {
|
||||
|
||||
@Override
|
||||
protected BrokerConfiguration getBrokerConfiguration() {
|
||||
|
|
@ -44,4 +52,229 @@ public class OidcAdvancedClaimToGroupMapperTest extends AbstractAdvancedGroupMap
|
|||
return CreatedResponseUtil.getCreatedId(response);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void allValuesMatch() {
|
||||
createAdvancedGroupMapper(CLAIMS_OR_ATTRIBUTES, false, MAPPER_TEST_GROUP_PATH);
|
||||
createUserInProviderRealm(createMatchingAttributes());
|
||||
|
||||
logInAsUserInIDPForFirstTimeAndAssertSuccess();
|
||||
|
||||
UserRepresentation user = findUser(bc.consumerRealmName(), bc.getUserLogin(), bc.getUserEmail());
|
||||
assertThatUserHasBeenAssignedToGroup(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void valuesMismatch() {
|
||||
createAdvancedGroupMapper(CLAIMS_OR_ATTRIBUTES, false, MAPPER_TEST_GROUP_PATH);
|
||||
createUserInProviderRealm(ImmutableMap.<String, List<String>>builder()
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME, ImmutableList.<String>builder().add("value 1").build())
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2, ImmutableList.<String>builder().add("value mismatch").build())
|
||||
.build());
|
||||
|
||||
logInAsUserInIDPForFirstTimeAndAssertSuccess();
|
||||
|
||||
UserRepresentation user = findUser(bc.consumerRealmName(), bc.getUserLogin(), bc.getUserEmail());
|
||||
assertThatUserHasNotBeenAssignedToGroup(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void valuesMatchIfNoClaimsSpecified() {
|
||||
createAdvancedGroupMapper("[]", false, MAPPER_TEST_GROUP_PATH);
|
||||
createUserInProviderRealm(ImmutableMap.<String, List<String>>builder()
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME, ImmutableList.<String>builder().add("some value").build())
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2, ImmutableList.<String>builder().add("some value").build())
|
||||
.build());
|
||||
|
||||
logInAsUserInIDPForFirstTimeAndAssertSuccess();
|
||||
|
||||
UserRepresentation user = findUser(bc.consumerRealmName(), bc.getUserLogin(), bc.getUserEmail());
|
||||
assertThatUserHasBeenAssignedToGroup(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void allValuesMatchRegex() {
|
||||
createAdvancedGroupMapper(CLAIMS_OR_ATTRIBUTES_REGEX, true, MAPPER_TEST_GROUP_PATH);
|
||||
createUserInProviderRealm(createMatchingAttributes());
|
||||
|
||||
logInAsUserInIDPForFirstTimeAndAssertSuccess();
|
||||
|
||||
UserRepresentation user = findUser(bc.consumerRealmName(), bc.getUserLogin(), bc.getUserEmail());
|
||||
assertThatUserHasBeenAssignedToGroup(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void valuesMismatchRegex() {
|
||||
createAdvancedGroupMapper(CLAIMS_OR_ATTRIBUTES_REGEX, true, MAPPER_TEST_GROUP_PATH);
|
||||
createUserInProviderRealm(ImmutableMap.<String, List<String>>builder()
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME, ImmutableList.<String>builder().add("mismatch").build())
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2, ImmutableList.<String>builder().add("value 2").build())
|
||||
.build());
|
||||
|
||||
logInAsUserInIDPForFirstTimeAndAssertSuccess();
|
||||
|
||||
UserRepresentation user = findUser(bc.consumerRealmName(), bc.getUserLogin(), bc.getUserEmail());
|
||||
assertThatUserHasNotBeenAssignedToGroup(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void updateBrokeredUserMismatchLeavesGroup() {
|
||||
newValueForAttribute2 = "value mismatch";
|
||||
UserRepresentation user = createMapperAndLoginAsUserTwiceWithMapper(FORCE, false, MAPPER_TEST_GROUP_PATH);
|
||||
|
||||
assertThatUserHasNotBeenAssignedToGroup(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void updateBrokeredUserMismatchDoesNotLeaveGroupInImportMode() {
|
||||
newValueForAttribute2 = "value mismatch";
|
||||
UserRepresentation user = createMapperAndLoginAsUserTwiceWithMapper(IMPORT, false, MAPPER_TEST_GROUP_PATH);
|
||||
|
||||
assertThatUserHasBeenAssignedToGroup(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void updateBrokeredUserMatchDoesntLeaveGroup() {
|
||||
newValueForAttribute2 = "value 2";
|
||||
UserRepresentation user = createMapperAndLoginAsUserTwiceWithMapper(FORCE, false, MAPPER_TEST_GROUP_PATH);
|
||||
|
||||
assertThatUserHasBeenAssignedToGroup(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void tryToUpdateBrokeredUserWithMissingGroupDoesNotBreakLogin() {
|
||||
newValueForAttribute2 = "value 2";
|
||||
UserRepresentation user =
|
||||
createMapperAndLoginAsUserTwiceWithMapper(FORCE, true, MAPPER_TEST_NOT_EXISTING_GROUP_PATH);
|
||||
|
||||
assertThatUserDoesNotHaveGroups(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void updateBrokeredUserIsAssignedToGroupInForceModeWhenCreatingTheMapperAfterFirstLogin() {
|
||||
newValueForAttribute2 = "value 2";
|
||||
UserRepresentation user = createMapperAndLoginAsUserTwiceWithMapper(FORCE, true, MAPPER_TEST_GROUP_PATH);
|
||||
|
||||
assertThatUserHasBeenAssignedToGroup(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void tryToCreateBrokeredUserWithNonExistingGroupDoesNotBreakLogin() {
|
||||
setupScenarioWithNonExistingGroup();
|
||||
|
||||
logInAsUserInIDPForFirstTimeAndAssertSuccess();
|
||||
|
||||
UserRepresentation user = findUser(bc.consumerRealmName(), bc.getUserLogin(), bc.getUserEmail());
|
||||
assertThatUserDoesNotHaveGroups(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void mapperStillWorksWhenTopLevelGroupIsConvertedToSubGroup() {
|
||||
final String mapperId = setupScenarioWithGroupPath(MAPPER_TEST_GROUP_PATH);
|
||||
|
||||
String newParentGroupName = "new-parent";
|
||||
GroupRepresentation newParentGroup = new GroupRepresentation();
|
||||
newParentGroup.setName(newParentGroupName);
|
||||
String newParentGroupId = CreatedResponseUtil.getCreatedId(realm.groups().add(newParentGroup));
|
||||
|
||||
GroupRepresentation mappedGroup = realm.groups().group(mapperGroupId).toRepresentation();
|
||||
realm.groups().group(newParentGroupId).subGroup(mappedGroup).close();
|
||||
|
||||
String expectedNewGroupPath = buildGroupPath(newParentGroupName, MAPPER_TEST_GROUP_NAME);
|
||||
|
||||
assertMapperHasExpectedPathAndSucceeds(mapperId, expectedNewGroupPath);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void mapperStillWorksWhenSubGroupChangesParent() {
|
||||
String parentGroupName = "parent-group";
|
||||
GroupRepresentation parentGroup = new GroupRepresentation();
|
||||
parentGroup.setName(parentGroupName);
|
||||
String parentGroupId = CreatedResponseUtil.getCreatedId(realm.groups().add(parentGroup));
|
||||
|
||||
GroupRepresentation mappedGroup = realm.groups().group(mapperGroupId).toRepresentation();
|
||||
realm.groups().group(parentGroupId).subGroup(mappedGroup).close();
|
||||
|
||||
String initialGroupPath = buildGroupPath(parentGroupName, MAPPER_TEST_GROUP_NAME);
|
||||
|
||||
final String mapperId = setupScenarioWithGroupPath(initialGroupPath);
|
||||
|
||||
String newParentGroupName = "new-parent-group";
|
||||
GroupRepresentation newParentGroup = new GroupRepresentation();
|
||||
newParentGroup.setName(newParentGroupName);
|
||||
String newParentGroupId = CreatedResponseUtil.getCreatedId(realm.groups().add(newParentGroup));
|
||||
|
||||
realm.groups().group(newParentGroupId).subGroup(mappedGroup).close();
|
||||
|
||||
String expectedNewGroupPath = buildGroupPath(newParentGroupName, MAPPER_TEST_GROUP_NAME);
|
||||
|
||||
assertMapperHasExpectedPathAndSucceeds(mapperId, expectedNewGroupPath);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void mapperStillWorksWhenSubGroupIsConvertedToTopLevelGroup() {
|
||||
String parentGroupName = "parent-group";
|
||||
GroupRepresentation parentGroup = new GroupRepresentation();
|
||||
parentGroup.setName(parentGroupName);
|
||||
String parentGroupId = CreatedResponseUtil.getCreatedId(realm.groups().add(parentGroup));
|
||||
|
||||
GroupRepresentation mappedGroup = realm.groups().group(mapperGroupId).toRepresentation();
|
||||
realm.groups().group(parentGroupId).subGroup(mappedGroup).close();
|
||||
|
||||
String initialGroupPath = buildGroupPath(parentGroupName, MAPPER_TEST_GROUP_NAME);
|
||||
|
||||
final String mapperId = setupScenarioWithGroupPath(initialGroupPath);
|
||||
|
||||
// convert the mapped group to a top-level group
|
||||
realm.groups().add(realm.groups().group(mapperGroupId).toRepresentation());
|
||||
|
||||
String expectedNewGroupPath = buildGroupPath(MAPPER_TEST_GROUP_NAME);
|
||||
|
||||
assertMapperHasExpectedPathAndSucceeds(mapperId, expectedNewGroupPath);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void mapperStillWorksWhenGroupIsRenamed() {
|
||||
final String mapperId = setupScenarioWithGroupPath(MAPPER_TEST_GROUP_PATH);
|
||||
|
||||
String newGroupName = "new-name-" + MAPPER_TEST_GROUP_NAME;
|
||||
GroupRepresentation mappedGroup = realm.groups().group(mapperGroupId).toRepresentation();
|
||||
mappedGroup.setName(newGroupName);
|
||||
realm.groups().group(mapperGroupId).update(mappedGroup);
|
||||
|
||||
String expectedNewGroupPath = buildGroupPath(newGroupName);
|
||||
|
||||
assertMapperHasExpectedPathAndSucceeds(mapperId, expectedNewGroupPath);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void mapperStillWorksWhenAncestorGroupIsRenamed() {
|
||||
String topLevelGroupName = "top-level";
|
||||
GroupRepresentation topLevelGroup = new GroupRepresentation();
|
||||
topLevelGroup.setName(topLevelGroupName);
|
||||
String topLevelGroupId = CreatedResponseUtil.getCreatedId(realm.groups().add(topLevelGroup));
|
||||
|
||||
String midLevelGroupName = "mid-level";
|
||||
GroupRepresentation midLevelGroup = new GroupRepresentation();
|
||||
midLevelGroup.setName(midLevelGroupName);
|
||||
String midLevelGroupId = CreatedResponseUtil.getCreatedId(realm.groups().add(midLevelGroup));
|
||||
|
||||
midLevelGroup = realm.groups().group(midLevelGroupId).toRepresentation();
|
||||
realm.groups().group(topLevelGroupId).subGroup(midLevelGroup).close();
|
||||
|
||||
GroupRepresentation mappedGroup = realm.groups().group(mapperGroupId).toRepresentation();
|
||||
realm.groups().group(midLevelGroupId).subGroup(mappedGroup).close();
|
||||
|
||||
String initialGroupPath = buildGroupPath(topLevelGroupName, midLevelGroupName, MAPPER_TEST_GROUP_NAME);
|
||||
|
||||
final String mapperId = setupScenarioWithGroupPath(initialGroupPath);
|
||||
|
||||
String newTopLevelGroupName = "new-name-" + topLevelGroupName;
|
||||
topLevelGroup = realm.groups().group(topLevelGroupId).toRepresentation();
|
||||
topLevelGroup.setName(newTopLevelGroupName);
|
||||
realm.groups().group(topLevelGroupId).update(topLevelGroup);
|
||||
|
||||
String expectedNewGroupPath = buildGroupPath(newTopLevelGroupName, midLevelGroupName, MAPPER_TEST_GROUP_NAME);
|
||||
|
||||
assertMapperHasExpectedPathAndSucceeds(mapperId, expectedNewGroupPath);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue