parent
1aa3e2d7e3
commit
34b9eed8f0
8 changed files with 120 additions and 308 deletions
|
@ -1,128 +0,0 @@
|
|||
/*
|
||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.testsuite.pages;
|
||||
|
||||
import org.keycloak.services.Urls;
|
||||
import org.openqa.selenium.By;
|
||||
import org.openqa.selenium.WebElement;
|
||||
import org.openqa.selenium.support.FindBy;
|
||||
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||
*/
|
||||
public class AccountFederatedIdentityPage extends AbstractAccountPage {
|
||||
|
||||
@FindBy(className = "alert-error")
|
||||
private WebElement errorMessage;
|
||||
|
||||
public AccountFederatedIdentityPage() {};
|
||||
|
||||
private String realmName = "test";
|
||||
|
||||
public void open() {
|
||||
driver.navigate().to(getPath());
|
||||
}
|
||||
|
||||
public void realm(String realmName) {
|
||||
this.realmName = realmName;
|
||||
}
|
||||
|
||||
public String getPath() {
|
||||
return Urls.accountFederatedIdentityPage(getAuthServerRoot(), realmName).toString();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isCurrent() {
|
||||
return driver.getTitle().contains("Account Management") && driver.getPageSource().contains("Federated Identities");
|
||||
}
|
||||
|
||||
public List<FederatedIdentity> getIdentities() {
|
||||
List<FederatedIdentity> identities = new LinkedList<>();
|
||||
WebElement identitiesElement = driver.findElement(By.id("federated-identities"));
|
||||
for (WebElement i : identitiesElement.findElements(By.className("row"))) {
|
||||
|
||||
String providerId = i.findElement(By.tagName("label")).getText();
|
||||
String subject = i.findElement(By.tagName("input")).getAttribute("value");
|
||||
WebElement button = i.findElement(By.tagName("button"));
|
||||
|
||||
identities.add(new FederatedIdentity(providerId, subject, button));
|
||||
}
|
||||
return identities;
|
||||
}
|
||||
|
||||
public WebElement findAddProvider(String providerId) {
|
||||
return driver.findElement(By.id("add-link-" + providerId));
|
||||
}
|
||||
|
||||
public void clickAddProvider(String providerId) {
|
||||
findAddProvider(providerId).click();
|
||||
}
|
||||
|
||||
public void clickRemoveProvider(String providerId) {
|
||||
driver.findElement(By.id("remove-link-" + providerId)).click();
|
||||
}
|
||||
|
||||
public String getError() {
|
||||
return errorMessage.getText();
|
||||
}
|
||||
|
||||
public boolean isLinked(String idpAlias) {
|
||||
return driver.getPageSource().contains("id=\"remove-link-" + idpAlias + "\"");
|
||||
}
|
||||
|
||||
public static class FederatedIdentity {
|
||||
|
||||
private String providerId;
|
||||
private String subject;
|
||||
private WebElement action;
|
||||
|
||||
public FederatedIdentity(String providerId, String subject, WebElement action) {
|
||||
this.providerId = providerId;
|
||||
this.subject = subject;
|
||||
this.action = action;
|
||||
}
|
||||
|
||||
public String getProvider() {
|
||||
return providerId;
|
||||
}
|
||||
|
||||
public void setProviderId(String providerId) {
|
||||
this.providerId = providerId;
|
||||
}
|
||||
|
||||
public String getSubject() {
|
||||
return subject;
|
||||
}
|
||||
|
||||
public void setSubject(String subject) {
|
||||
this.subject = subject;
|
||||
}
|
||||
|
||||
public WebElement getAction() {
|
||||
return action;
|
||||
}
|
||||
|
||||
public void setAction(WebElement action) {
|
||||
this.action = action;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -232,4 +232,9 @@ public class LoginPage extends LanguageComboboxAwarePage {
|
|||
assertCurrent();
|
||||
}
|
||||
|
||||
public void open(String realm){
|
||||
oauth.realm(realm);
|
||||
oauth.openLoginForm();
|
||||
assertCurrent(realm);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
package org.keycloak.testsuite.broker;
|
||||
|
||||
import jakarta.validation.constraints.AssertTrue;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.IdentityProviderResource;
|
||||
import org.keycloak.admin.client.resource.RealmResource;
|
||||
|
@ -8,7 +9,6 @@ import org.keycloak.common.Profile;
|
|||
import org.keycloak.common.util.Time;
|
||||
import org.keycloak.models.IdentityProviderMapperSyncMode;
|
||||
import org.keycloak.models.IdentityProviderSyncMode;
|
||||
import org.keycloak.models.OTPPolicy;
|
||||
import org.keycloak.models.utils.TimeBasedOTP;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.ComponentRepresentation;
|
||||
|
@ -27,6 +27,7 @@ import org.keycloak.testsuite.util.AccountHelper;
|
|||
import org.keycloak.testsuite.util.ClientBuilder;
|
||||
import org.keycloak.testsuite.util.OAuthClient;
|
||||
import org.keycloak.testsuite.util.RealmBuilder;
|
||||
import org.keycloak.testsuite.util.TestAppHelper;
|
||||
import org.openqa.selenium.TimeoutException;
|
||||
|
||||
import jakarta.ws.rs.client.Client;
|
||||
|
@ -34,7 +35,9 @@ import jakarta.ws.rs.client.ClientRequestFilter;
|
|||
import jakarta.ws.rs.client.WebTarget;
|
||||
import jakarta.ws.rs.core.HttpHeaders;
|
||||
import jakarta.ws.rs.core.Response;
|
||||
import java.io.IOException;
|
||||
import java.net.URI;
|
||||
import java.net.URISyntaxException;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.Set;
|
||||
|
@ -96,29 +99,33 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
* Refers to in old test suite: org.keycloak.testsuite.broker.AbstractKeycloakIdentityProviderTest#testAccountManagementLinkIdentity
|
||||
*/
|
||||
@Test
|
||||
public void testAccountManagementLinkIdentity() {
|
||||
public void testAccountManagementLinkIdentity() throws URISyntaxException, IOException {
|
||||
createUser("consumer");
|
||||
// Login as pedroigor to account management
|
||||
accountFederatedIdentityPage.realm(bc.consumerRealmName());
|
||||
accountFederatedIdentityPage.open();
|
||||
loginPage.login("consumer", "password");
|
||||
assertTrue(accountFederatedIdentityPage.isCurrent());
|
||||
TestAppHelper testAppHelper = new TestAppHelper(oauth, loginPage, appPage);
|
||||
|
||||
accountFederatedIdentityPage.clickAddProvider(bc.getIDPAlias());
|
||||
this.loginPage.login(bc.getUserLogin(), bc.getUserPassword());
|
||||
// Link identity provider through Admin REST api
|
||||
Response response = AccountHelper.addIdentityProvider(adminClient.realm(bc.consumerRealmName()), "consumer", adminClient.realm(bc.providerRealmName()), bc.getUserLogin(), bc.getIDPAlias());
|
||||
Assert.assertEquals("status", 204, response.getStatus());
|
||||
|
||||
// Assert identity linked in account management
|
||||
assertTrue(accountFederatedIdentityPage.isCurrent());
|
||||
assertTrue(accountFederatedIdentityPage.isLinked(bc.getIDPAlias()));
|
||||
// Assert identity is linked through Admin REST api
|
||||
assertTrue(AccountHelper.isIdentityProviderLinked(adminClient.realm(bc.consumerRealmName()), "consumer", bc.getIDPAlias()));
|
||||
|
||||
// Revoke grant in account mgmt
|
||||
accountFederatedIdentityPage.clickRemoveProvider(bc.getIDPAlias());
|
||||
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), "consumer");
|
||||
|
||||
// Assert I am logged immediately into app page due to previously linked "test-user" identity
|
||||
testAppHelper.login(bc.getUserLogin(), bc.getUserPassword(), bc.consumerRealmName(), "broker-app", bc.getIDPAlias());
|
||||
|
||||
// Unlink idp from consumer
|
||||
AccountHelper.deleteIdentityProvider(adminClient.realm(bc.consumerRealmName()), "consumer", bc.getIDPAlias());
|
||||
assertFalse(AccountHelper.isIdentityProviderLinked(adminClient.realm(bc.consumerRealmName()), "consumer", bc.getIDPAlias()));
|
||||
|
||||
// Logout from account management
|
||||
accountFederatedIdentityPage.logout();
|
||||
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), "consumer");
|
||||
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), "testuser");
|
||||
|
||||
// Assert I am not logged immediately into app page and first-broker-login appears instead
|
||||
Assert.assertFalse(testAppHelper.login(bc.getUserLogin(), bc.getUserPassword(), bc.consumerRealmName(), "broker-app", bc.getIDPAlias()));
|
||||
|
||||
// Assert I am logged immediately to account management due to previously linked "test-user" identity
|
||||
logInWithBroker(bc);
|
||||
waitForPage(driver, "update account information", false);
|
||||
updateAccountInformationPage.assertCurrent();
|
||||
updateAccountInformationPage.updateAccountInformation("FirstName", "LastName");
|
||||
|
@ -128,20 +135,19 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
idpConfirmLinkPage.clickLinkAccount();
|
||||
|
||||
loginPage.login(bc.getUserPassword());
|
||||
|
||||
accountFederatedIdentityPage.assertCurrent();
|
||||
assertTrue(accountFederatedIdentityPage.isLinked(bc.getIDPAlias()));
|
||||
appPage.assertCurrent();
|
||||
assertTrue(AccountHelper.isIdentityProviderLinked(adminClient.realm(bc.consumerRealmName()), "consumer", bc.getIDPAlias()));
|
||||
|
||||
// Unlink my "test-user"
|
||||
accountFederatedIdentityPage.clickRemoveProvider(bc.getIDPAlias());
|
||||
assertFalse(accountFederatedIdentityPage.isLinked(bc.getIDPAlias()));
|
||||
AccountHelper.deleteIdentityProvider(adminClient.realm(bc.consumerRealmName()), "consumer", bc.getIDPAlias());
|
||||
assertFalse(AccountHelper.isIdentityProviderLinked(adminClient.realm(bc.consumerRealmName()), "consumer", bc.getIDPAlias()));
|
||||
|
||||
// Logout from account management
|
||||
accountFederatedIdentityPage.logout();
|
||||
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), "consumer");
|
||||
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), "testuser");
|
||||
|
||||
// Try to login. Previous link is not valid anymore, so now it should try to register new user
|
||||
loginPage.clickSocial(bc.getIDPAlias());
|
||||
loginPage.login(bc.getUserLogin(), bc.getUserPassword());
|
||||
//Try to log in. Previous link is not valid anymore, so now it should try to register new user instead of logging into app page
|
||||
Assert.assertFalse(testAppHelper.login(bc.getUserLogin(), bc.getUserPassword(), bc.consumerRealmName(), "broker-app", bc.getIDPAlias()));
|
||||
waitForPage(driver, "update account information", false);
|
||||
updateAccountInformationPage.assertCurrent();
|
||||
}
|
||||
|
@ -150,27 +156,17 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
* Refers to in old test suite: org.keycloak.testsuite.broker.AbstractKeycloakIdentityProviderTest#testAccountManagementLinkedIdentityAlreadyExists
|
||||
*/
|
||||
@Test
|
||||
public void testAccountManagementLinkedIdentityAlreadyExists() {
|
||||
public void testAccountManagementLinkedIdentityAlreadyExists() throws URISyntaxException, IOException {
|
||||
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
|
||||
createUser(bc.consumerRealmName(), "consumer", "password", "FirstName", "LastName", "consumer@localhost.com");
|
||||
TestAppHelper testAppHelper = new TestAppHelper(oauth, loginPage, appPage);
|
||||
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
waitForAccountManagementTitle();
|
||||
accountUpdateProfilePage.assertCurrent();
|
||||
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
// Link identity provider through Admin REST api
|
||||
Response response = AccountHelper.addIdentityProvider(adminClient.realm(bc.consumerRealmName()), "consumer", adminClient.realm(bc.providerRealmName()), bc.getUserLogin(), bc.getIDPAlias());
|
||||
Assert.assertEquals("status", 204, response.getStatus());
|
||||
|
||||
accountFederatedIdentityPage.realm(bc.consumerRealmName());
|
||||
accountFederatedIdentityPage.open();
|
||||
loginPage.login("consumer", "password");
|
||||
assertTrue(accountFederatedIdentityPage.isCurrent());
|
||||
|
||||
accountFederatedIdentityPage.clickAddProvider(bc.getIDPAlias());
|
||||
this.loginPage.login(bc.getUserLogin(), bc.getUserPassword());
|
||||
|
||||
assertTrue(accountFederatedIdentityPage.isCurrent());
|
||||
assertEquals("Federated identity returned by " + bc.getIDPAlias() + " is already linked to another user.", accountFederatedIdentityPage.getError());
|
||||
// Test we will log in immediately into app page
|
||||
Assert.assertTrue(testAppHelper.login(bc.getUserLogin(), bc.getUserPassword(), bc.consumerRealmName(), "broker-app", bc.getIDPAlias()));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -33,7 +33,6 @@ import org.keycloak.services.resources.RealmsResource;
|
|||
import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
|
||||
import org.keycloak.testsuite.pages.AccountFederatedIdentityPage;
|
||||
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
|
||||
import org.keycloak.testsuite.pages.ErrorPage;
|
||||
import org.keycloak.testsuite.pages.IdpConfirmLinkPage;
|
||||
|
@ -49,6 +48,7 @@ import org.keycloak.testsuite.pages.OAuthGrantPage;
|
|||
import org.keycloak.testsuite.pages.ProceedPage;
|
||||
import org.keycloak.testsuite.pages.UpdateAccountInformationPage;
|
||||
import org.keycloak.testsuite.pages.VerifyEmailPage;
|
||||
import org.keycloak.testsuite.pages.AppPage;
|
||||
import org.keycloak.testsuite.util.MailServer;
|
||||
import org.keycloak.testsuite.util.OAuthClient;
|
||||
import org.keycloak.testsuite.util.UserBuilder;
|
||||
|
@ -126,10 +126,10 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
|
|||
protected VerifyEmailPage verifyEmailPage;
|
||||
|
||||
@Page
|
||||
protected AccountFederatedIdentityPage accountFederatedIdentityPage;
|
||||
protected OAuthGrantPage grantPage;
|
||||
|
||||
@Page
|
||||
protected OAuthGrantPage grantPage;
|
||||
protected AppPage appPage;
|
||||
|
||||
protected TimeBasedOTP totp = new TimeBasedOTP();
|
||||
|
||||
|
|
|
@ -21,12 +21,12 @@ import jakarta.ws.rs.core.Response;
|
|||
import org.jboss.arquillian.graphene.page.Page;
|
||||
import org.junit.Assume;
|
||||
import org.junit.Before;
|
||||
import org.junit.Ignore;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.RealmResource;
|
||||
import org.keycloak.admin.client.resource.UserResource;
|
||||
import org.keycloak.admin.client.resource.UsersResource;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.common.Profile.Feature;
|
||||
import org.keycloak.common.util.MultivaluedHashMap;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
@ -41,11 +41,10 @@ import org.keycloak.testsuite.AbstractKeycloakTest;
|
|||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.admin.ApiUtil;
|
||||
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
|
||||
import org.keycloak.testsuite.federation.PassThroughFederatedUserStorageProvider;
|
||||
import org.keycloak.testsuite.federation.PassThroughFederatedUserStorageProviderFactory;
|
||||
import org.keycloak.testsuite.federation.UserMapStorageFactory;
|
||||
import org.keycloak.testsuite.pages.AccountFederatedIdentityPage;
|
||||
import org.keycloak.testsuite.pages.AppPage;
|
||||
import org.keycloak.testsuite.pages.LoginPage;
|
||||
import org.keycloak.testsuite.pages.UpdateAccountInformationPage;
|
||||
|
||||
|
@ -60,27 +59,27 @@ import static org.keycloak.testsuite.admin.ApiUtil.createUserAndResetPasswordWit
|
|||
import static org.keycloak.testsuite.admin.ApiUtil.createUserWithAdminClient;
|
||||
|
||||
import org.keycloak.testsuite.runonserver.RunOnServer;
|
||||
import org.keycloak.testsuite.util.AccountHelper;
|
||||
import org.keycloak.testsuite.util.FederatedIdentityBuilder;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true) // TODO remove this (KEYCLOAK-16228)
|
||||
public class AccountLinkTest extends AbstractKeycloakTest {
|
||||
public static final String CHILD_IDP = "child";
|
||||
public static final String PARENT_IDP = "parent-idp";
|
||||
public static final String PARENT_USERNAME = "parent";
|
||||
|
||||
@Page
|
||||
protected AccountFederatedIdentityPage accountFederatedIdentityPage;
|
||||
|
||||
@Page
|
||||
protected UpdateAccountInformationPage profilePage;
|
||||
|
||||
@Page
|
||||
protected LoginPage loginPage;
|
||||
|
||||
@Page
|
||||
protected AppPage appPage;
|
||||
|
||||
@Override
|
||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||
RealmRepresentation realm = new RealmRepresentation();
|
||||
|
@ -139,31 +138,27 @@ public class AccountLinkTest extends AbstractKeycloakTest {
|
|||
@Test
|
||||
public void testAccountLink() {
|
||||
String childUsername = "child";
|
||||
String childPassword = "password";
|
||||
String childIdp = CHILD_IDP;
|
||||
|
||||
testAccountLink(childUsername, childPassword, childIdp);
|
||||
testAccountLink(childUsername);
|
||||
}
|
||||
|
||||
@Test
|
||||
@Ignore // Ignore should be removed by https://github.com/keycloak/keycloak/issues/20441
|
||||
public void testAccountLinkWithUserStorageProvider() {
|
||||
ProfileAssume.assumeFeatureDisabled(Feature.MAP_STORAGE);
|
||||
ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE);
|
||||
|
||||
String childUsername = PassThroughFederatedUserStorageProvider.PASSTHROUGH_USERNAME;
|
||||
String childPassword = PassThroughFederatedUserStorageProvider.INITIAL_PASSWORD;
|
||||
String childIdp = CHILD_IDP;
|
||||
|
||||
testAccountLink(childUsername, childPassword, childIdp);
|
||||
|
||||
testAccountLink(childUsername);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDeleteIdentityOnProviderRemoval() {
|
||||
String childUsername = "child";
|
||||
String childPassword = "password";
|
||||
String childIdp = CHILD_IDP;
|
||||
|
||||
assertFederatedIdentity(childUsername, childPassword, childIdp);
|
||||
assertFederatedIdentity(childUsername);
|
||||
|
||||
RealmResource realm = adminClient.realm(CHILD_IDP);
|
||||
UsersResource users = realm.users();
|
||||
|
@ -250,54 +245,25 @@ public class AccountLinkTest extends AbstractKeycloakTest {
|
|||
assertNull(session.users().getFederatedIdentity(realm, user, PARENT_IDP));
|
||||
}
|
||||
|
||||
protected void testAccountLink(String childUsername, String childPassword, String childIdp) {
|
||||
assertFederatedIdentity(childUsername, childPassword, childIdp);
|
||||
protected void testAccountLink(String childUsername) {
|
||||
assertFederatedIdentity(childUsername);
|
||||
assertRemoveFederatedIdentity();
|
||||
|
||||
}
|
||||
|
||||
private void assertFederatedIdentity(String childUsername, String childPassword, String childIdp) {
|
||||
accountFederatedIdentityPage.realm(childIdp);
|
||||
accountFederatedIdentityPage.open();
|
||||
loginPage.isCurrent();
|
||||
loginPage.login(childUsername, childPassword);
|
||||
assertTrue(accountFederatedIdentityPage.isCurrent());
|
||||
private void assertFederatedIdentity(String childUsername) {
|
||||
//Link the identity provider through Admin REST API
|
||||
Response response = AccountHelper.addIdentityProvider(adminClient.realm(CHILD_IDP), childUsername, adminClient.realm(PARENT_IDP), PARENT_USERNAME, PARENT_IDP);
|
||||
Assert.assertEquals("status", 204, response.getStatus());
|
||||
assertTrue(AccountHelper.isIdentityProviderLinked(adminClient.realm(CHILD_IDP), childUsername, PARENT_IDP));
|
||||
|
||||
accountFederatedIdentityPage.clickAddProvider(PARENT_IDP);
|
||||
|
||||
this.loginPage.isCurrent();
|
||||
loginPage.login(PARENT_USERNAME, "password");
|
||||
|
||||
// Assert identity linked in account management
|
||||
assertTrue(accountFederatedIdentityPage.isCurrent());
|
||||
assertTrue(driver.getPageSource().contains("id=\"remove-link-" + PARENT_IDP + "\""));
|
||||
|
||||
// Logout from account management
|
||||
accountFederatedIdentityPage.logout();
|
||||
|
||||
// Assert I am logged immediately to account management due to previously linked "test-user" identity
|
||||
loginPage.isCurrent();
|
||||
loginPage.clickSocial(PARENT_IDP);
|
||||
loginPage.login(PARENT_USERNAME, "password");
|
||||
System.out.println(driver.getCurrentUrl());
|
||||
System.out.println("--------------------------------");
|
||||
System.out.println(driver.getPageSource());
|
||||
assertTrue(accountFederatedIdentityPage.isCurrent());
|
||||
assertTrue(driver.getPageSource().contains("id=\"remove-link-" + PARENT_IDP + "\""));
|
||||
}
|
||||
|
||||
private void assertRemoveFederatedIdentity() {
|
||||
// Unlink my "test-user"
|
||||
accountFederatedIdentityPage.clickRemoveProvider(PARENT_IDP);
|
||||
assertTrue(driver.getPageSource().contains("id=\"add-link-" + PARENT_IDP + "\""));
|
||||
|
||||
// Logout from account management
|
||||
accountFederatedIdentityPage.logout();
|
||||
|
||||
this.loginPage.clickSocial(PARENT_IDP);
|
||||
this.loginPage.login(PARENT_USERNAME, "password");
|
||||
this.profilePage.assertCurrent();
|
||||
}
|
||||
|
||||
// Unlink my "test-user" through Admin REST API
|
||||
AccountHelper.deleteIdentityProvider(adminClient.realm(CHILD_IDP), CHILD_IDP, PARENT_IDP);
|
||||
assertFalse(AccountHelper.isIdentityProviderLinked(adminClient.realm(CHILD_IDP), CHILD_IDP, PARENT_IDP));
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -99,54 +99,6 @@ public class KcOidcBrokerWithConsentTest extends AbstractInitializedBaseBrokerTe
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Referes to in old testsuite: org.keycloak.testsuite.broker.OIDCKeycloakServerBrokerWithConsentTest#testAccountManagementLinkingAndExpiredClientSession
|
||||
*/
|
||||
@Test
|
||||
public void testAccountManagementLinkingAndExpiredClientSession() {
|
||||
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
|
||||
createUser(bc.consumerRealmName(), "consumer", "password", "FirstName", "LastName", "consumer@localhost.com");
|
||||
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
loginPage.login("consumer", "password");
|
||||
|
||||
accountPage.federatedIdentity();
|
||||
accountFederatedIdentityPage.clickAddProvider(bc.getIDPAlias());
|
||||
|
||||
this.loginPage.login(bc.getUserLogin(), bc.getUserPassword());
|
||||
|
||||
// Set time offset
|
||||
invokeTimeOffset(60);
|
||||
try {
|
||||
// User rejected consent
|
||||
grantPage.assertCurrent();
|
||||
grantPage.cancel();
|
||||
|
||||
// Assert account error page with "staleCodeAccount" error displayed
|
||||
accountFederatedIdentityPage.assertCurrent();
|
||||
Assert.assertEquals("The page expired. Please try one more time.", accountFederatedIdentityPage.getError());
|
||||
|
||||
|
||||
// Try to link one more time
|
||||
accountFederatedIdentityPage.clickAddProvider(bc.getIDPAlias());
|
||||
|
||||
this.loginPage.login(bc.getUserLogin(), bc.getUserPassword());
|
||||
|
||||
invokeTimeOffset(120);
|
||||
|
||||
// User granted consent
|
||||
grantPage.assertCurrent();
|
||||
grantPage.accept();
|
||||
|
||||
// Assert account error page with "staleCodeAccount" error displayed
|
||||
accountFederatedIdentityPage.assertCurrent();
|
||||
Assert.assertEquals("The page expired. Please try one more time.", accountFederatedIdentityPage.getError());
|
||||
|
||||
} finally {
|
||||
invokeTimeOffset(0);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Referes to in old testsuite: org.keycloak.testsuite.broker.OIDCKeycloakServerBrokerWithConsentTest#testLoginCancelConsent
|
||||
*/
|
||||
|
@ -162,29 +114,4 @@ public class KcOidcBrokerWithConsentTest extends AbstractInitializedBaseBrokerTe
|
|||
|
||||
assertEquals("Sign in to " + bc.consumerRealmName(), driver.getTitle());
|
||||
}
|
||||
|
||||
/**
|
||||
* Referes to in old testsuite: org.keycloak.testsuite.broker.OIDCKeycloakServerBrokerWithConsentTest#testAccountManagementLinkingCancelConsent
|
||||
*/
|
||||
@Test
|
||||
public void testAccountManagementLinkingCancelConsent() throws Exception {
|
||||
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
|
||||
createUser(bc.consumerRealmName(), "consumer", "password", "FirstName", "LastName", "consumer@localhost.com");
|
||||
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
loginPage.login("consumer", "password");
|
||||
|
||||
accountPage.federatedIdentity();
|
||||
|
||||
accountFederatedIdentityPage.clickAddProvider(bc.getIDPAlias());
|
||||
this.loginPage.login(bc.getUserLogin(), bc.getUserPassword());
|
||||
|
||||
// User rejected consent
|
||||
grantPage.assertCurrent();
|
||||
grantPage.cancel();
|
||||
|
||||
// Assert account error page with "consentDenied" error displayed
|
||||
accountFederatedIdentityPage.assertCurrent();
|
||||
Assert.assertEquals("Access denied when authenticating with kc-oidc-idp", accountFederatedIdentityPage.getError());
|
||||
}
|
||||
}
|
||||
|
|
|
@ -22,8 +22,10 @@ import java.util.List;
|
|||
import java.util.Map;
|
||||
import org.keycloak.models.credential.OTPCredentialModel;
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.representations.idm.FederatedIdentityRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
|
||||
import jakarta.ws.rs.core.Response;
|
||||
import java.util.Optional;
|
||||
|
||||
public class AccountHelper {
|
||||
|
@ -63,11 +65,6 @@ public class AccountHelper {
|
|||
user.revokeConsent(clientId);
|
||||
}
|
||||
|
||||
public static void logout(RealmResource realm, String username) {
|
||||
UserResource user = getUserResource(realm, username);
|
||||
user.logout();
|
||||
}
|
||||
|
||||
private static Optional<CredentialRepresentation> getOtpCredentials(UserResource user, String userLabel) {
|
||||
return user.credentials().stream().filter(c -> c.getType().equals(OTPCredentialModel.TYPE)).filter(l -> l.getUserLabel().equals(userLabel)).findFirst();
|
||||
}
|
||||
|
@ -125,4 +122,38 @@ public class AccountHelper {
|
|||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
public static Response addIdentityProvider(RealmResource childRealm, String childUsername, RealmResource providerRealm, String providerUsername, String providerId) {
|
||||
UserResource user = getUserResource(childRealm, childUsername);
|
||||
|
||||
FederatedIdentityRepresentation identityRepresentation = FederatedIdentityBuilder.create()
|
||||
.identityProvider(providerId)
|
||||
.userId(getUserResource(providerRealm, providerUsername).toRepresentation().getId())
|
||||
.userName(providerUsername)
|
||||
.build();
|
||||
|
||||
return user.addFederatedIdentity(providerId, identityRepresentation);
|
||||
}
|
||||
|
||||
public static void deleteIdentityProvider(RealmResource realm, String username, String providerId) {
|
||||
UserResource user = getUserResource(realm, username);
|
||||
user.removeFederatedIdentity(providerId);
|
||||
}
|
||||
|
||||
public static boolean isIdentityProviderLinked(RealmResource realm, String username, String providerId) {
|
||||
UserResource user = getUserResource(realm, username);
|
||||
|
||||
for (FederatedIdentityRepresentation rep : user.getFederatedIdentity()){
|
||||
if(rep.getIdentityProvider().equals(providerId)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public static void logout(RealmResource realm, String username) {
|
||||
UserResource user = getUserResource(realm, username);
|
||||
user.logout();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -83,6 +83,21 @@ public class TestAppHelper {
|
|||
return appPage.isCurrent();
|
||||
}
|
||||
|
||||
public boolean login(String username, String password, String realm, String clientId, String idp) throws URISyntaxException, IOException {
|
||||
oauth.clientId(clientId);
|
||||
loginPage.open(realm);
|
||||
loginPage.clickSocial(idp);
|
||||
loginPage.login(username, password);
|
||||
|
||||
if (loginPage.isCurrent(realm)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
completeLogin();
|
||||
|
||||
return appPage.isCurrent();
|
||||
}
|
||||
|
||||
public boolean logout() {
|
||||
try (CloseableHttpResponse response = oauth.doLogout(refreshToken, "password")) {
|
||||
return response.getStatusLine().getStatusCode() == Response.Status.NO_CONTENT.getStatusCode();
|
||||
|
|
Loading…
Reference in a new issue