From 34b9eed8f02112dfa10966ead28eab4e41fff819 Mon Sep 17 00:00:00 2001 From: wojnarfilip Date: Tue, 21 Mar 2023 14:13:09 +0100 Subject: [PATCH] Removes AccountFederatedIdentityPage from testsuite Closes #15199 --- .../pages/AccountFederatedIdentityPage.java | 128 ------------------ .../keycloak/testsuite/pages/LoginPage.java | 5 + .../broker/AbstractAdvancedBrokerTest.java | 82 ++++++----- .../broker/AbstractBaseBrokerTest.java | 6 +- .../testsuite/broker/AccountLinkTest.java | 78 +++-------- .../broker/KcOidcBrokerWithConsentTest.java | 73 ---------- .../testsuite/util/AccountHelper.java | 41 +++++- .../testsuite/util/TestAppHelper.java | 15 ++ 8 files changed, 120 insertions(+), 308 deletions(-) delete mode 100644 testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountFederatedIdentityPage.java diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountFederatedIdentityPage.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountFederatedIdentityPage.java deleted file mode 100644 index 1322d794ed..0000000000 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountFederatedIdentityPage.java +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.pages; - -import org.keycloak.services.Urls; -import org.openqa.selenium.By; -import org.openqa.selenium.WebElement; -import org.openqa.selenium.support.FindBy; - -import java.util.LinkedList; -import java.util.List; - -/** - * @author Marek Posolda - */ -public class AccountFederatedIdentityPage extends AbstractAccountPage { - - @FindBy(className = "alert-error") - private WebElement errorMessage; - - public AccountFederatedIdentityPage() {}; - - private String realmName = "test"; - - public void open() { - driver.navigate().to(getPath()); - } - - public void realm(String realmName) { - this.realmName = realmName; - } - - public String getPath() { - return Urls.accountFederatedIdentityPage(getAuthServerRoot(), realmName).toString(); - } - - @Override - public boolean isCurrent() { - return driver.getTitle().contains("Account Management") && driver.getPageSource().contains("Federated Identities"); - } - - public List getIdentities() { - List identities = new LinkedList<>(); - WebElement identitiesElement = driver.findElement(By.id("federated-identities")); - for (WebElement i : identitiesElement.findElements(By.className("row"))) { - - String providerId = i.findElement(By.tagName("label")).getText(); - String subject = i.findElement(By.tagName("input")).getAttribute("value"); - WebElement button = i.findElement(By.tagName("button")); - - identities.add(new FederatedIdentity(providerId, subject, button)); - } - return identities; - } - - public WebElement findAddProvider(String providerId) { - return driver.findElement(By.id("add-link-" + providerId)); - } - - public void clickAddProvider(String providerId) { - findAddProvider(providerId).click(); - } - - public void clickRemoveProvider(String providerId) { - driver.findElement(By.id("remove-link-" + providerId)).click(); - } - - public String getError() { - return errorMessage.getText(); - } - - public boolean isLinked(String idpAlias) { - return driver.getPageSource().contains("id=\"remove-link-" + idpAlias + "\""); - } - - public static class FederatedIdentity { - - private String providerId; - private String subject; - private WebElement action; - - public FederatedIdentity(String providerId, String subject, WebElement action) { - this.providerId = providerId; - this.subject = subject; - this.action = action; - } - - public String getProvider() { - return providerId; - } - - public void setProviderId(String providerId) { - this.providerId = providerId; - } - - public String getSubject() { - return subject; - } - - public void setSubject(String subject) { - this.subject = subject; - } - - public WebElement getAction() { - return action; - } - - public void setAction(WebElement action) { - this.action = action; - } - } - -} diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/LoginPage.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/LoginPage.java index 3724ccd3b7..b07487f513 100755 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/LoginPage.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/LoginPage.java @@ -232,4 +232,9 @@ public class LoginPage extends LanguageComboboxAwarePage { assertCurrent(); } + public void open(String realm){ + oauth.realm(realm); + oauth.openLoginForm(); + assertCurrent(realm); + } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractAdvancedBrokerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractAdvancedBrokerTest.java index 0838e99ec5..1fbb4c990a 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractAdvancedBrokerTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractAdvancedBrokerTest.java @@ -1,5 +1,6 @@ package org.keycloak.testsuite.broker; +import jakarta.validation.constraints.AssertTrue; import org.junit.Test; import org.keycloak.admin.client.resource.IdentityProviderResource; import org.keycloak.admin.client.resource.RealmResource; @@ -8,7 +9,6 @@ import org.keycloak.common.Profile; import org.keycloak.common.util.Time; import org.keycloak.models.IdentityProviderMapperSyncMode; import org.keycloak.models.IdentityProviderSyncMode; -import org.keycloak.models.OTPPolicy; import org.keycloak.models.utils.TimeBasedOTP; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.ComponentRepresentation; @@ -27,6 +27,7 @@ import org.keycloak.testsuite.util.AccountHelper; import org.keycloak.testsuite.util.ClientBuilder; import org.keycloak.testsuite.util.OAuthClient; import org.keycloak.testsuite.util.RealmBuilder; +import org.keycloak.testsuite.util.TestAppHelper; import org.openqa.selenium.TimeoutException; import jakarta.ws.rs.client.Client; @@ -34,7 +35,9 @@ import jakarta.ws.rs.client.ClientRequestFilter; import jakarta.ws.rs.client.WebTarget; import jakarta.ws.rs.core.HttpHeaders; import jakarta.ws.rs.core.Response; +import java.io.IOException; import java.net.URI; +import java.net.URISyntaxException; import java.util.Arrays; import java.util.Collections; import java.util.Set; @@ -96,29 +99,33 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest { * Refers to in old test suite: org.keycloak.testsuite.broker.AbstractKeycloakIdentityProviderTest#testAccountManagementLinkIdentity */ @Test - public void testAccountManagementLinkIdentity() { + public void testAccountManagementLinkIdentity() throws URISyntaxException, IOException { createUser("consumer"); - // Login as pedroigor to account management - accountFederatedIdentityPage.realm(bc.consumerRealmName()); - accountFederatedIdentityPage.open(); - loginPage.login("consumer", "password"); - assertTrue(accountFederatedIdentityPage.isCurrent()); + TestAppHelper testAppHelper = new TestAppHelper(oauth, loginPage, appPage); - accountFederatedIdentityPage.clickAddProvider(bc.getIDPAlias()); - this.loginPage.login(bc.getUserLogin(), bc.getUserPassword()); + // Link identity provider through Admin REST api + Response response = AccountHelper.addIdentityProvider(adminClient.realm(bc.consumerRealmName()), "consumer", adminClient.realm(bc.providerRealmName()), bc.getUserLogin(), bc.getIDPAlias()); + Assert.assertEquals("status", 204, response.getStatus()); - // Assert identity linked in account management - assertTrue(accountFederatedIdentityPage.isCurrent()); - assertTrue(accountFederatedIdentityPage.isLinked(bc.getIDPAlias())); + // Assert identity is linked through Admin REST api + assertTrue(AccountHelper.isIdentityProviderLinked(adminClient.realm(bc.consumerRealmName()), "consumer", bc.getIDPAlias())); - // Revoke grant in account mgmt - accountFederatedIdentityPage.clickRemoveProvider(bc.getIDPAlias()); + AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), "consumer"); + + // Assert I am logged immediately into app page due to previously linked "test-user" identity + testAppHelper.login(bc.getUserLogin(), bc.getUserPassword(), bc.consumerRealmName(), "broker-app", bc.getIDPAlias()); + + // Unlink idp from consumer + AccountHelper.deleteIdentityProvider(adminClient.realm(bc.consumerRealmName()), "consumer", bc.getIDPAlias()); + assertFalse(AccountHelper.isIdentityProviderLinked(adminClient.realm(bc.consumerRealmName()), "consumer", bc.getIDPAlias())); // Logout from account management - accountFederatedIdentityPage.logout(); + AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), "consumer"); + AccountHelper.logout(adminClient.realm(bc.providerRealmName()), "testuser"); + + // Assert I am not logged immediately into app page and first-broker-login appears instead + Assert.assertFalse(testAppHelper.login(bc.getUserLogin(), bc.getUserPassword(), bc.consumerRealmName(), "broker-app", bc.getIDPAlias())); - // Assert I am logged immediately to account management due to previously linked "test-user" identity - logInWithBroker(bc); waitForPage(driver, "update account information", false); updateAccountInformationPage.assertCurrent(); updateAccountInformationPage.updateAccountInformation("FirstName", "LastName"); @@ -128,20 +135,19 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest { idpConfirmLinkPage.clickLinkAccount(); loginPage.login(bc.getUserPassword()); - - accountFederatedIdentityPage.assertCurrent(); - assertTrue(accountFederatedIdentityPage.isLinked(bc.getIDPAlias())); + appPage.assertCurrent(); + assertTrue(AccountHelper.isIdentityProviderLinked(adminClient.realm(bc.consumerRealmName()), "consumer", bc.getIDPAlias())); // Unlink my "test-user" - accountFederatedIdentityPage.clickRemoveProvider(bc.getIDPAlias()); - assertFalse(accountFederatedIdentityPage.isLinked(bc.getIDPAlias())); + AccountHelper.deleteIdentityProvider(adminClient.realm(bc.consumerRealmName()), "consumer", bc.getIDPAlias()); + assertFalse(AccountHelper.isIdentityProviderLinked(adminClient.realm(bc.consumerRealmName()), "consumer", bc.getIDPAlias())); // Logout from account management - accountFederatedIdentityPage.logout(); + AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), "consumer"); + AccountHelper.logout(adminClient.realm(bc.providerRealmName()), "testuser"); - // Try to login. Previous link is not valid anymore, so now it should try to register new user - loginPage.clickSocial(bc.getIDPAlias()); - loginPage.login(bc.getUserLogin(), bc.getUserPassword()); + //Try to log in. Previous link is not valid anymore, so now it should try to register new user instead of logging into app page + Assert.assertFalse(testAppHelper.login(bc.getUserLogin(), bc.getUserPassword(), bc.consumerRealmName(), "broker-app", bc.getIDPAlias())); waitForPage(driver, "update account information", false); updateAccountInformationPage.assertCurrent(); } @@ -150,27 +156,17 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest { * Refers to in old test suite: org.keycloak.testsuite.broker.AbstractKeycloakIdentityProviderTest#testAccountManagementLinkedIdentityAlreadyExists */ @Test - public void testAccountManagementLinkedIdentityAlreadyExists() { + public void testAccountManagementLinkedIdentityAlreadyExists() throws URISyntaxException, IOException { updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin); createUser(bc.consumerRealmName(), "consumer", "password", "FirstName", "LastName", "consumer@localhost.com"); + TestAppHelper testAppHelper = new TestAppHelper(oauth, loginPage, appPage); - driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName())); - logInWithBroker(bc); - waitForAccountManagementTitle(); - accountUpdateProfilePage.assertCurrent(); - logoutFromRealm(getProviderRoot(), bc.providerRealmName()); - logoutFromRealm(getConsumerRoot(), bc.consumerRealmName()); + // Link identity provider through Admin REST api + Response response = AccountHelper.addIdentityProvider(adminClient.realm(bc.consumerRealmName()), "consumer", adminClient.realm(bc.providerRealmName()), bc.getUserLogin(), bc.getIDPAlias()); + Assert.assertEquals("status", 204, response.getStatus()); - accountFederatedIdentityPage.realm(bc.consumerRealmName()); - accountFederatedIdentityPage.open(); - loginPage.login("consumer", "password"); - assertTrue(accountFederatedIdentityPage.isCurrent()); - - accountFederatedIdentityPage.clickAddProvider(bc.getIDPAlias()); - this.loginPage.login(bc.getUserLogin(), bc.getUserPassword()); - - assertTrue(accountFederatedIdentityPage.isCurrent()); - assertEquals("Federated identity returned by " + bc.getIDPAlias() + " is already linked to another user.", accountFederatedIdentityPage.getError()); + // Test we will log in immediately into app page + Assert.assertTrue(testAppHelper.login(bc.getUserLogin(), bc.getUserPassword(), bc.consumerRealmName(), "broker-app", bc.getIDPAlias())); } /** diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java index ec5f15d25d..3512fc4990 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java @@ -33,7 +33,6 @@ import org.keycloak.services.resources.RealmsResource; import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.arquillian.annotation.DisableFeature; -import org.keycloak.testsuite.pages.AccountFederatedIdentityPage; import org.keycloak.testsuite.pages.AccountUpdateProfilePage; import org.keycloak.testsuite.pages.ErrorPage; import org.keycloak.testsuite.pages.IdpConfirmLinkPage; @@ -49,6 +48,7 @@ import org.keycloak.testsuite.pages.OAuthGrantPage; import org.keycloak.testsuite.pages.ProceedPage; import org.keycloak.testsuite.pages.UpdateAccountInformationPage; import org.keycloak.testsuite.pages.VerifyEmailPage; +import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.util.MailServer; import org.keycloak.testsuite.util.OAuthClient; import org.keycloak.testsuite.util.UserBuilder; @@ -126,10 +126,10 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest { protected VerifyEmailPage verifyEmailPage; @Page - protected AccountFederatedIdentityPage accountFederatedIdentityPage; + protected OAuthGrantPage grantPage; @Page - protected OAuthGrantPage grantPage; + protected AppPage appPage; protected TimeBasedOTP totp = new TimeBasedOTP(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AccountLinkTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AccountLinkTest.java index 4b9dd0fcd2..d09d2f0016 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AccountLinkTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AccountLinkTest.java @@ -21,12 +21,12 @@ import jakarta.ws.rs.core.Response; import org.jboss.arquillian.graphene.page.Page; import org.junit.Assume; import org.junit.Before; +import org.junit.Ignore; import org.junit.Test; import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.UserResource; import org.keycloak.admin.client.resource.UsersResource; import org.keycloak.common.Profile; -import org.keycloak.common.Profile.Feature; import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; @@ -41,11 +41,10 @@ import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.admin.ApiUtil; -import org.keycloak.testsuite.arquillian.annotation.DisableFeature; import org.keycloak.testsuite.federation.PassThroughFederatedUserStorageProvider; import org.keycloak.testsuite.federation.PassThroughFederatedUserStorageProviderFactory; import org.keycloak.testsuite.federation.UserMapStorageFactory; -import org.keycloak.testsuite.pages.AccountFederatedIdentityPage; +import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.pages.LoginPage; import org.keycloak.testsuite.pages.UpdateAccountInformationPage; @@ -60,27 +59,27 @@ import static org.keycloak.testsuite.admin.ApiUtil.createUserAndResetPasswordWit import static org.keycloak.testsuite.admin.ApiUtil.createUserWithAdminClient; import org.keycloak.testsuite.runonserver.RunOnServer; +import org.keycloak.testsuite.util.AccountHelper; import org.keycloak.testsuite.util.FederatedIdentityBuilder; /** * @author Bill Burke * @version $Revision: 1 $ */ -@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true) // TODO remove this (KEYCLOAK-16228) public class AccountLinkTest extends AbstractKeycloakTest { public static final String CHILD_IDP = "child"; public static final String PARENT_IDP = "parent-idp"; public static final String PARENT_USERNAME = "parent"; - @Page - protected AccountFederatedIdentityPage accountFederatedIdentityPage; - @Page protected UpdateAccountInformationPage profilePage; @Page protected LoginPage loginPage; + @Page + protected AppPage appPage; + @Override public void addTestRealms(List testRealms) { RealmRepresentation realm = new RealmRepresentation(); @@ -139,31 +138,27 @@ public class AccountLinkTest extends AbstractKeycloakTest { @Test public void testAccountLink() { String childUsername = "child"; - String childPassword = "password"; - String childIdp = CHILD_IDP; - testAccountLink(childUsername, childPassword, childIdp); + testAccountLink(childUsername); } @Test + @Ignore // Ignore should be removed by https://github.com/keycloak/keycloak/issues/20441 public void testAccountLinkWithUserStorageProvider() { - ProfileAssume.assumeFeatureDisabled(Feature.MAP_STORAGE); + ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE); String childUsername = PassThroughFederatedUserStorageProvider.PASSTHROUGH_USERNAME; String childPassword = PassThroughFederatedUserStorageProvider.INITIAL_PASSWORD; String childIdp = CHILD_IDP; - testAccountLink(childUsername, childPassword, childIdp); - + testAccountLink(childUsername); } @Test public void testDeleteIdentityOnProviderRemoval() { String childUsername = "child"; - String childPassword = "password"; - String childIdp = CHILD_IDP; - assertFederatedIdentity(childUsername, childPassword, childIdp); + assertFederatedIdentity(childUsername); RealmResource realm = adminClient.realm(CHILD_IDP); UsersResource users = realm.users(); @@ -242,7 +237,7 @@ public class AccountLinkTest extends AbstractKeycloakTest { assertNull(session.users().getFederatedIdentity(realm1, user, testIdpToDelete)); }); } - + private static void checkEmptyFederatedIdentities(KeycloakSession session) { RealmModel realm = session.getContext().getRealm(); UserModel user = session.users().getUserByUsername(realm, "child"); @@ -250,54 +245,25 @@ public class AccountLinkTest extends AbstractKeycloakTest { assertNull(session.users().getFederatedIdentity(realm, user, PARENT_IDP)); } - protected void testAccountLink(String childUsername, String childPassword, String childIdp) { - assertFederatedIdentity(childUsername, childPassword, childIdp); + protected void testAccountLink(String childUsername) { + assertFederatedIdentity(childUsername); assertRemoveFederatedIdentity(); } - private void assertFederatedIdentity(String childUsername, String childPassword, String childIdp) { - accountFederatedIdentityPage.realm(childIdp); - accountFederatedIdentityPage.open(); - loginPage.isCurrent(); - loginPage.login(childUsername, childPassword); - assertTrue(accountFederatedIdentityPage.isCurrent()); + private void assertFederatedIdentity(String childUsername) { + //Link the identity provider through Admin REST API + Response response = AccountHelper.addIdentityProvider(adminClient.realm(CHILD_IDP), childUsername, adminClient.realm(PARENT_IDP), PARENT_USERNAME, PARENT_IDP); + Assert.assertEquals("status", 204, response.getStatus()); + assertTrue(AccountHelper.isIdentityProviderLinked(adminClient.realm(CHILD_IDP), childUsername, PARENT_IDP)); - accountFederatedIdentityPage.clickAddProvider(PARENT_IDP); - - this.loginPage.isCurrent(); - loginPage.login(PARENT_USERNAME, "password"); - - // Assert identity linked in account management - assertTrue(accountFederatedIdentityPage.isCurrent()); - assertTrue(driver.getPageSource().contains("id=\"remove-link-" + PARENT_IDP + "\"")); - - // Logout from account management - accountFederatedIdentityPage.logout(); - - // Assert I am logged immediately to account management due to previously linked "test-user" identity - loginPage.isCurrent(); - loginPage.clickSocial(PARENT_IDP); - loginPage.login(PARENT_USERNAME, "password"); - System.out.println(driver.getCurrentUrl()); - System.out.println("--------------------------------"); - System.out.println(driver.getPageSource()); - assertTrue(accountFederatedIdentityPage.isCurrent()); - assertTrue(driver.getPageSource().contains("id=\"remove-link-" + PARENT_IDP + "\"")); } private void assertRemoveFederatedIdentity() { - // Unlink my "test-user" - accountFederatedIdentityPage.clickRemoveProvider(PARENT_IDP); - assertTrue(driver.getPageSource().contains("id=\"add-link-" + PARENT_IDP + "\"")); + // Unlink my "test-user" through Admin REST API + AccountHelper.deleteIdentityProvider(adminClient.realm(CHILD_IDP), CHILD_IDP, PARENT_IDP); + assertFalse(AccountHelper.isIdentityProviderLinked(adminClient.realm(CHILD_IDP), CHILD_IDP, PARENT_IDP)); - // Logout from account management - accountFederatedIdentityPage.logout(); - - this.loginPage.clickSocial(PARENT_IDP); - this.loginPage.login(PARENT_USERNAME, "password"); - this.profilePage.assertCurrent(); } - } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerWithConsentTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerWithConsentTest.java index e480cd8a9d..35b6c0695e 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerWithConsentTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerWithConsentTest.java @@ -99,54 +99,6 @@ public class KcOidcBrokerWithConsentTest extends AbstractInitializedBaseBrokerTe } } - /** - * Referes to in old testsuite: org.keycloak.testsuite.broker.OIDCKeycloakServerBrokerWithConsentTest#testAccountManagementLinkingAndExpiredClientSession - */ - @Test - public void testAccountManagementLinkingAndExpiredClientSession() { - updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin); - createUser(bc.consumerRealmName(), "consumer", "password", "FirstName", "LastName", "consumer@localhost.com"); - - driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName())); - loginPage.login("consumer", "password"); - - accountPage.federatedIdentity(); - accountFederatedIdentityPage.clickAddProvider(bc.getIDPAlias()); - - this.loginPage.login(bc.getUserLogin(), bc.getUserPassword()); - - // Set time offset - invokeTimeOffset(60); - try { - // User rejected consent - grantPage.assertCurrent(); - grantPage.cancel(); - - // Assert account error page with "staleCodeAccount" error displayed - accountFederatedIdentityPage.assertCurrent(); - Assert.assertEquals("The page expired. Please try one more time.", accountFederatedIdentityPage.getError()); - - - // Try to link one more time - accountFederatedIdentityPage.clickAddProvider(bc.getIDPAlias()); - - this.loginPage.login(bc.getUserLogin(), bc.getUserPassword()); - - invokeTimeOffset(120); - - // User granted consent - grantPage.assertCurrent(); - grantPage.accept(); - - // Assert account error page with "staleCodeAccount" error displayed - accountFederatedIdentityPage.assertCurrent(); - Assert.assertEquals("The page expired. Please try one more time.", accountFederatedIdentityPage.getError()); - - } finally { - invokeTimeOffset(0); - } - } - /** * Referes to in old testsuite: org.keycloak.testsuite.broker.OIDCKeycloakServerBrokerWithConsentTest#testLoginCancelConsent */ @@ -162,29 +114,4 @@ public class KcOidcBrokerWithConsentTest extends AbstractInitializedBaseBrokerTe assertEquals("Sign in to " + bc.consumerRealmName(), driver.getTitle()); } - - /** - * Referes to in old testsuite: org.keycloak.testsuite.broker.OIDCKeycloakServerBrokerWithConsentTest#testAccountManagementLinkingCancelConsent - */ - @Test - public void testAccountManagementLinkingCancelConsent() throws Exception { - updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin); - createUser(bc.consumerRealmName(), "consumer", "password", "FirstName", "LastName", "consumer@localhost.com"); - - driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName())); - loginPage.login("consumer", "password"); - - accountPage.federatedIdentity(); - - accountFederatedIdentityPage.clickAddProvider(bc.getIDPAlias()); - this.loginPage.login(bc.getUserLogin(), bc.getUserPassword()); - - // User rejected consent - grantPage.assertCurrent(); - grantPage.cancel(); - - // Assert account error page with "consentDenied" error displayed - accountFederatedIdentityPage.assertCurrent(); - Assert.assertEquals("Access denied when authenticating with kc-oidc-idp", accountFederatedIdentityPage.getError()); - } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AccountHelper.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AccountHelper.java index 39b9cc82a1..934de3c650 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AccountHelper.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AccountHelper.java @@ -22,8 +22,10 @@ import java.util.List; import java.util.Map; import org.keycloak.models.credential.OTPCredentialModel; import org.keycloak.representations.idm.CredentialRepresentation; +import org.keycloak.representations.idm.FederatedIdentityRepresentation; import org.keycloak.representations.idm.UserRepresentation; +import jakarta.ws.rs.core.Response; import java.util.Optional; public class AccountHelper { @@ -63,11 +65,6 @@ public class AccountHelper { user.revokeConsent(clientId); } - public static void logout(RealmResource realm, String username) { - UserResource user = getUserResource(realm, username); - user.logout(); - } - private static Optional getOtpCredentials(UserResource user, String userLabel) { return user.credentials().stream().filter(c -> c.getType().equals(OTPCredentialModel.TYPE)).filter(l -> l.getUserLabel().equals(userLabel)).findFirst(); } @@ -125,4 +122,38 @@ public class AccountHelper { return false; } } + + public static Response addIdentityProvider(RealmResource childRealm, String childUsername, RealmResource providerRealm, String providerUsername, String providerId) { + UserResource user = getUserResource(childRealm, childUsername); + + FederatedIdentityRepresentation identityRepresentation = FederatedIdentityBuilder.create() + .identityProvider(providerId) + .userId(getUserResource(providerRealm, providerUsername).toRepresentation().getId()) + .userName(providerUsername) + .build(); + + return user.addFederatedIdentity(providerId, identityRepresentation); + } + + public static void deleteIdentityProvider(RealmResource realm, String username, String providerId) { + UserResource user = getUserResource(realm, username); + user.removeFederatedIdentity(providerId); + } + + public static boolean isIdentityProviderLinked(RealmResource realm, String username, String providerId) { + UserResource user = getUserResource(realm, username); + + for (FederatedIdentityRepresentation rep : user.getFederatedIdentity()){ + if(rep.getIdentityProvider().equals(providerId)) { + return true; + } + } + return false; + } + + public static void logout(RealmResource realm, String username) { + UserResource user = getUserResource(realm, username); + user.logout(); + } + } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/TestAppHelper.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/TestAppHelper.java index 21423f15c1..4ebc506360 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/TestAppHelper.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/TestAppHelper.java @@ -83,6 +83,21 @@ public class TestAppHelper { return appPage.isCurrent(); } + public boolean login(String username, String password, String realm, String clientId, String idp) throws URISyntaxException, IOException { + oauth.clientId(clientId); + loginPage.open(realm); + loginPage.clickSocial(idp); + loginPage.login(username, password); + + if (loginPage.isCurrent(realm)) { + return false; + } + + completeLogin(); + + return appPage.isCurrent(); + } + public boolean logout() { try (CloseableHttpResponse response = oauth.doLogout(refreshToken, "password")) { return response.getStatusLine().getStatusCode() == Response.Status.NO_CONTENT.getStatusCode();