KEYCLOAK-14825 Make adapter tests running with FF to test cookies

This commit is contained in:
vmuzikar 2020-07-13 11:11:08 +02:00 committed by Bruno Oliveira da Silva
parent 3631618b24
commit 316f9f46e2
8 changed files with 42 additions and 18 deletions

View file

@ -62,7 +62,7 @@ public final class SuiteContext {
*/ */
private static final boolean adapterCompatTesting = parseBoolean(System.getProperty("testsuite.adapter.compat.testing")); private static final boolean adapterCompatTesting = parseBoolean(System.getProperty("testsuite.adapter.compat.testing"));
private static final boolean browserStrictCookies = parseBoolean(System.getProperty("browser.strict.cookies")); public static final boolean BROWSER_STRICT_COOKIES = parseBoolean(System.getProperty("browser.strict.cookies"));
public SuiteContext(Set<ContainerInfo> arquillianContainers) { public SuiteContext(Set<ContainerInfo> arquillianContainers) {
this.container = arquillianContainers; this.container = arquillianContainers;
@ -194,10 +194,6 @@ public final class SuiteContext {
return adapterCompatTesting; return adapterCompatTesting;
} }
public boolean hasBrowserStrictCookies() {
return browserStrictCookies;
}
@Override @Override
public String toString() { public String toString() {
StringBuilder sb = new StringBuilder("SUITE CONTEXT:\nAuth server: "); StringBuilder sb = new StringBuilder("SUITE CONTEXT:\nAuth server: ");

View file

@ -218,4 +218,18 @@ public final class UIUtils {
String ariaInvalid = element.getAttribute(ARIA_INVALID_ATTR_NAME); String ariaInvalid = element.getAttribute(ARIA_INVALID_ATTR_NAME);
return !Boolean.parseBoolean(ariaInvalid); return !Boolean.parseBoolean(ariaInvalid);
} }
public static String getRawPageSource(WebDriver driver) {
if (driver instanceof FirefoxDriver) {
// firefox has some weird "bug" it wraps xml in html
return driver.findElement(By.tagName("body")).getText();
}
else {
return driver.getPageSource();
}
}
public static String getRawPageSource() {
return getRawPageSource(getCurrentDriver());
}
} }

View file

@ -21,6 +21,7 @@ import org.apache.commons.io.IOUtils;
import org.jboss.arquillian.graphene.page.Page; import org.jboss.arquillian.graphene.page.Page;
import org.jboss.shrinkwrap.api.Archive; import org.jboss.shrinkwrap.api.Archive;
import org.jboss.shrinkwrap.api.asset.StringAsset; import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.AfterClass; import org.junit.AfterClass;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass; import org.junit.BeforeClass;
@ -32,6 +33,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractAuthTest; import org.keycloak.testsuite.AbstractAuthTest;
import org.keycloak.testsuite.adapter.page.AppServerContextRoot; import org.keycloak.testsuite.adapter.page.AppServerContextRoot;
import org.keycloak.testsuite.arquillian.AppServerTestEnricher; import org.keycloak.testsuite.arquillian.AppServerTestEnricher;
import org.keycloak.testsuite.arquillian.SuiteContext;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.util.ServerURLs; import org.keycloak.testsuite.util.ServerURLs;
@ -280,4 +282,10 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
throw new RuntimeException(ex); throw new RuntimeException(ex);
} }
} }
public static void addSameSiteUndertowHandlers(WebArchive archive) {
if (SuiteContext.BROWSER_STRICT_COOKIES) {
archive.addAsWebInfResource(undertowHandlersConf, UNDERTOW_HANDLERS_CONF);
}
}
} }

View file

@ -66,6 +66,7 @@ public abstract class AbstractExampleAdapterTest extends AbstractAdapterTest {
.importFrom(new File(EXAMPLES_HOME + "/" + name + "-" + EXAMPLES_VERSION_SUFFIX + ".war")) .importFrom(new File(EXAMPLES_HOME + "/" + name + "-" + EXAMPLES_VERSION_SUFFIX + ".war"))
.as(WebArchive.class) .as(WebArchive.class)
.addAsWebInfResource(jbossDeploymentStructure, JBOSS_DEPLOYMENT_STRUCTURE_XML); .addAsWebInfResource(jbossDeploymentStructure, JBOSS_DEPLOYMENT_STRUCTURE_XML);
addSameSiteUndertowHandlers(webArchive);
additionalResources.accept(webArchive); additionalResources.accept(webArchive);
@ -97,6 +98,7 @@ public abstract class AbstractExampleAdapterTest extends AbstractAdapterTest {
.as(WebArchive.class) .as(WebArchive.class)
.addAsWebInfResource(jbossDeploymentStructure, JBOSS_DEPLOYMENT_STRUCTURE_XML) .addAsWebInfResource(jbossDeploymentStructure, JBOSS_DEPLOYMENT_STRUCTURE_XML)
.add(new StringAsset(webXmlContent), "/WEB-INF/web.xml"); .add(new StringAsset(webXmlContent), "/WEB-INF/web.xml");
addSameSiteUndertowHandlers(webArchive);
additionalResources.accept(webArchive); additionalResources.accept(webArchive);

View file

@ -24,10 +24,8 @@ import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.adapter.filter.AdapterActionsFilter; import org.keycloak.testsuite.adapter.filter.AdapterActionsFilter;
import org.keycloak.testsuite.util.DroneUtils; import org.keycloak.testsuite.util.DroneUtils;
import org.keycloak.testsuite.util.WaitUtils;
import org.keycloak.testsuite.utils.arquillian.DeploymentArchiveProcessorUtils; import org.keycloak.testsuite.utils.arquillian.DeploymentArchiveProcessorUtils;
import org.keycloak.testsuite.utils.io.IOUtil; import org.keycloak.testsuite.utils.io.IOUtil;
import org.openqa.selenium.By;
import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriBuilder;
import java.io.IOException; import java.io.IOException;
@ -80,6 +78,7 @@ public abstract class AbstractServletsAdapterTest extends AbstractAdapterTest {
.addClasses(servletClasses) .addClasses(servletClasses)
.addAsWebInfResource(webXML, "web.xml") .addAsWebInfResource(webXML, "web.xml")
.addAsWebInfResource(jbossDeploymentStructure, JBOSS_DEPLOYMENT_STRUCTURE_XML); .addAsWebInfResource(jbossDeploymentStructure, JBOSS_DEPLOYMENT_STRUCTURE_XML);
addSameSiteUndertowHandlers(deployment);
URL keystore = AbstractServletsAdapterTest.class.getResource(webInfPath + "keystore.jks"); URL keystore = AbstractServletsAdapterTest.class.getResource(webInfPath + "keystore.jks");
if (keystore != null) { if (keystore != null) {
@ -120,6 +119,7 @@ public abstract class AbstractServletsAdapterTest extends AbstractAdapterTest {
WebArchive deployment = ShrinkWrap.create(WebArchive.class, customArchiveName + ".war") WebArchive deployment = ShrinkWrap.create(WebArchive.class, customArchiveName + ".war")
.addClasses(servletClasses) .addClasses(servletClasses)
.addAsWebInfResource(jbossDeploymentStructure, JBOSS_DEPLOYMENT_STRUCTURE_XML); .addAsWebInfResource(jbossDeploymentStructure, JBOSS_DEPLOYMENT_STRUCTURE_XML);
addSameSiteUndertowHandlers(deployment);
// if a role-mappings.properties file exist in WEB-INF, include it in the deployment. // if a role-mappings.properties file exist in WEB-INF, include it in the deployment.
URL roleMappingsConfig = AbstractServletsAdapterTest.class.getResource(webInfPath + "role-mappings.properties"); URL roleMappingsConfig = AbstractServletsAdapterTest.class.getResource(webInfPath + "role-mappings.properties");
@ -167,6 +167,7 @@ public abstract class AbstractServletsAdapterTest extends AbstractAdapterTest {
WebArchive deployment = ShrinkWrap.create(WebArchive.class, name + ".war") WebArchive deployment = ShrinkWrap.create(WebArchive.class, name + ".war")
.addClasses(servletClasses) .addClasses(servletClasses)
.addAsWebInfResource(jbossDeploymentStructure, JBOSS_DEPLOYMENT_STRUCTURE_XML); .addAsWebInfResource(jbossDeploymentStructure, JBOSS_DEPLOYMENT_STRUCTURE_XML);
addSameSiteUndertowHandlers(deployment);
String webXMLContent; String webXMLContent;
try { try {

View file

@ -46,6 +46,7 @@ import static org.keycloak.testsuite.saml.AbstractSamlTest.REALM_PRIVATE_KEY;
import static org.keycloak.testsuite.saml.AbstractSamlTest.REALM_PUBLIC_KEY; import static org.keycloak.testsuite.saml.AbstractSamlTest.REALM_PUBLIC_KEY;
import static org.keycloak.testsuite.util.Matchers.bodyHC; import static org.keycloak.testsuite.util.Matchers.bodyHC;
import static org.keycloak.testsuite.util.Matchers.statusCodeIsHC; import static org.keycloak.testsuite.util.Matchers.statusCodeIsHC;
import static org.keycloak.testsuite.util.UIUtils.getRawPageSource;
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith; import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith;
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad; import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement; import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement;
@ -197,7 +198,7 @@ public class SAMLLoginResponseHandlingTest extends AbstractSAMLServletAdapterTes
driver.navigate().to(employee2ServletPage.getUriBuilder().clone().path("getAssertionFromDocument").build().toURL()); driver.navigate().to(employee2ServletPage.getUriBuilder().clone().path("getAssertionFromDocument").build().toURL());
waitForPageToLoad(); waitForPageToLoad();
Assert.assertEquals("", driver.getPageSource()); Assert.assertEquals("", getRawPageSource());
employee2ServletPage.logout(); employee2ServletPage.logout();
checkLoggedOut(employee2ServletPage, testRealmSAMLPostLoginPage); checkLoggedOut(employee2ServletPage, testRealmSAMLPostLoginPage);

View file

@ -29,6 +29,7 @@ import static org.keycloak.testsuite.saml.AbstractSamlTest.REALM_PRIVATE_KEY;
import static org.keycloak.testsuite.saml.AbstractSamlTest.REALM_PUBLIC_KEY; import static org.keycloak.testsuite.saml.AbstractSamlTest.REALM_PUBLIC_KEY;
import static org.keycloak.testsuite.util.Matchers.bodyHC; import static org.keycloak.testsuite.util.Matchers.bodyHC;
import static org.keycloak.testsuite.util.Matchers.statusCodeIsHC; import static org.keycloak.testsuite.util.Matchers.statusCodeIsHC;
import static org.keycloak.testsuite.util.UIUtils.getRawPageSource;
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith; import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith;
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad; import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement; import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement;
@ -1373,7 +1374,7 @@ public class SAMLServletAdapterTest extends AbstractSAMLServletAdapterTest {
driver.navigate().to(employeeDomServletPage.getUriBuilder().clone().path("getAssertionFromDocument").build().toURL()); driver.navigate().to(employeeDomServletPage.getUriBuilder().clone().path("getAssertionFromDocument").build().toURL());
waitForPageToLoad(); waitForPageToLoad();
String xml = driver.getPageSource(); String xml = getRawPageSource();
Assert.assertNotEquals("", xml); Assert.assertNotEquals("", xml);
Document doc = DocumentUtil.getDocument(new StringReader(xml)); Document doc = DocumentUtil.getDocument(new StringReader(xml));
String certBase64 = DocumentUtil.getElement(doc, new QName("http://www.w3.org/2000/09/xmldsig#", "X509Certificate")).getTextContent(); String certBase64 = DocumentUtil.getElement(doc, new QName("http://www.w3.org/2000/09/xmldsig#", "X509Certificate")).getTextContent();

View file

@ -17,6 +17,7 @@ import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.SuiteContext;
import org.keycloak.testsuite.auth.page.account.Applications; import org.keycloak.testsuite.auth.page.account.Applications;
import org.keycloak.testsuite.auth.page.login.OAuthGrant; import org.keycloak.testsuite.auth.page.login.OAuthGrant;
import org.keycloak.testsuite.auth.page.login.UpdatePassword; import org.keycloak.testsuite.auth.page.login.UpdatePassword;
@ -156,13 +157,13 @@ public class JavascriptAdapterTest extends AbstractJavascriptTest {
// when 3rd party cookies are disabled, the adapter has to do a full redirect to KC to check whether the user // when 3rd party cookies are disabled, the adapter has to do a full redirect to KC to check whether the user
// is logged in or not it can't rely on silent check-sso iframe // is logged in or not it can't rely on silent check-sso iframe
testExecutor.init(checkSSO, this::assertInitNotAuth, suiteContext.hasBrowserStrictCookies()) testExecutor.init(checkSSO, this::assertInitNotAuth, SuiteContext.BROWSER_STRICT_COOKIES)
.login(this::assertOnLoginPage) .login(this::assertOnLoginPage)
.loginForm(testUser, this::assertOnTestAppUrl) .loginForm(testUser, this::assertOnTestAppUrl)
.init(checkSSO, this::assertInitAuth, false) .init(checkSSO, this::assertInitAuth, false)
.refresh() .refresh()
.init(checkSSO .init(checkSSO
, this::assertInitAuth, suiteContext.hasBrowserStrictCookies()); , this::assertInitAuth, SuiteContext.BROWSER_STRICT_COOKIES);
} }
@Test @Test
@ -170,14 +171,14 @@ public class JavascriptAdapterTest extends AbstractJavascriptTest {
JSObjectBuilder checkSSO = defaultArguments().checkSSOOnLoad() JSObjectBuilder checkSSO = defaultArguments().checkSSOOnLoad()
.add("silentCheckSsoRedirectUri", authServerContextRootPage.toString().replace(AUTH_SERVER_HOST, JS_APP_HOST) + JAVASCRIPT_URL + "/silent-check-sso.html"); .add("silentCheckSsoRedirectUri", authServerContextRootPage.toString().replace(AUTH_SERVER_HOST, JS_APP_HOST) + JAVASCRIPT_URL + "/silent-check-sso.html");
testExecutor.init(checkSSO, this::assertInitNotAuth, suiteContext.hasBrowserStrictCookies()) testExecutor.init(checkSSO, this::assertInitNotAuth, SuiteContext.BROWSER_STRICT_COOKIES)
.login(this::assertOnLoginPage) .login(this::assertOnLoginPage)
.loginForm(testUser, this::assertOnTestAppUrl) .loginForm(testUser, this::assertOnTestAppUrl)
.init(checkSSO, this::assertInitAuth, false) .init(checkSSO, this::assertInitAuth, false)
.refresh() .refresh()
.init(checkSSO .init(checkSSO
.disableCheckLoginIframe() .disableCheckLoginIframe()
, this::assertInitAuth, suiteContext.hasBrowserStrictCookies()); , this::assertInitAuth, SuiteContext.BROWSER_STRICT_COOKIES);
} }
@Test @Test
@ -192,7 +193,7 @@ public class JavascriptAdapterTest extends AbstractJavascriptTest {
.refresh() .refresh()
.init(checkSSO .init(checkSSO
// with the fall back disabled, the adapter won't do full redirect to KC // with the fall back disabled, the adapter won't do full redirect to KC
, suiteContext.hasBrowserStrictCookies() ? this::assertInitNotAuth : this::assertInitAuth); , SuiteContext.BROWSER_STRICT_COOKIES ? this::assertInitNotAuth : this::assertInitAuth);
} }
@Test @Test
@ -201,7 +202,7 @@ public class JavascriptAdapterTest extends AbstractJavascriptTest {
// when 3rd party cookies are disabled, the adapter has to do a full redirect to KC to check whether the user // when 3rd party cookies are disabled, the adapter has to do a full redirect to KC to check whether the user
// is logged in or not it can't rely on the login iframe // is logged in or not it can't rely on the login iframe
testExecutor.init(checkSSO, this::assertInitNotAuth, suiteContext.hasBrowserStrictCookies()) testExecutor.init(checkSSO, this::assertInitNotAuth, SuiteContext.BROWSER_STRICT_COOKIES)
.login(this::assertOnLoginPage) .login(this::assertOnLoginPage)
.loginForm(testUser, this::assertOnTestAppUrl) .loginForm(testUser, this::assertOnTestAppUrl)
.init(checkSSO, this::assertInitAuth, false) .init(checkSSO, this::assertInitAuth, false)
@ -216,7 +217,7 @@ public class JavascriptAdapterTest extends AbstractJavascriptTest {
.add("silentCheckSsoRedirectUri", authServerContextRootPage.toString().replace(AUTH_SERVER_HOST, JS_APP_HOST) + JAVASCRIPT_URL + "/silent-check-sso.html"); .add("silentCheckSsoRedirectUri", authServerContextRootPage.toString().replace(AUTH_SERVER_HOST, JS_APP_HOST) + JAVASCRIPT_URL + "/silent-check-sso.html");
testExecutor.init(checkSSO testExecutor.init(checkSSO
, this::assertInitNotAuth, suiteContext.hasBrowserStrictCookies()); , this::assertInitNotAuth, SuiteContext.BROWSER_STRICT_COOKIES);
} }
@Test @Test
@ -230,7 +231,7 @@ public class JavascriptAdapterTest extends AbstractJavascriptTest {
.wait(2000, (driver1, output, events) -> { // iframe is initialized after ~1 second, 2 seconds is just to be sure .wait(2000, (driver1, output, events) -> { // iframe is initialized after ~1 second, 2 seconds is just to be sure
assertAdapterIsLoggedIn(driver1, output, events); assertAdapterIsLoggedIn(driver1, output, events);
final String logMsg = "3rd party cookies aren't supported by this browser."; final String logMsg = "3rd party cookies aren't supported by this browser.";
if (suiteContext.hasBrowserStrictCookies()) { if (SuiteContext.BROWSER_STRICT_COOKIES) {
// this is here not really to test the log but also to make sure the browser is configured properly // this is here not really to test the log but also to make sure the browser is configured properly
// and cookies were blocked // and cookies were blocked
assertEventsWebElementContains(logMsg, driver1, output, events); assertEventsWebElementContains(logMsg, driver1, output, events);
@ -584,7 +585,7 @@ public class JavascriptAdapterTest extends AbstractJavascriptTest {
.add("refreshToken", refreshToken) .add("refreshToken", refreshToken)
, (driver1, output, events) -> { , (driver1, output, events) -> {
assertInitAuth(driver1, output, events); assertInitAuth(driver1, output, events);
if (suiteContext.hasBrowserStrictCookies()) { if (SuiteContext.BROWSER_STRICT_COOKIES) {
// iframe is unsupported so a token refresh had to be performed // iframe is unsupported so a token refresh had to be performed
assertEventsContains("Auth Refresh Success").validate(driver1, output, events); assertEventsContains("Auth Refresh Success").validate(driver1, output, events);
} }