diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java index 5f8a51df68..5d12db4ca5 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java @@ -45,6 +45,7 @@ import javax.ws.rs.core.UriBuilder; import java.util.LinkedList; import java.util.List; import java.util.Map; + import org.jboss.arquillian.drone.api.annotation.Drone; import org.jboss.arquillian.graphene.page.Page; import org.keycloak.representations.idm.EventRepresentation; @@ -207,10 +208,9 @@ public class AccountTest extends TestRealmKeycloakTest { testRealm.setPasswordPolicy(policy); testRealm().update(testRealm); } - @Test - public void changePasswordWithLengthPasswordPolicy() { - setPasswordPolicy("length"); + @Test + public void changePasswordWithBlankCurrentPassword() { changePasswordPage.open(); loginPage.login("test-user@localhost", "password"); events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent(); @@ -219,7 +219,130 @@ public class AccountTest extends TestRealmKeycloakTest { Assert.assertEquals("Please specify password.", profilePage.getError()); events.expectAccount(EventType.UPDATE_PASSWORD_ERROR).error(Errors.PASSWORD_MISSING).assertEvent(); - changePasswordPage.changePassword("password", "new-password", "new-password"); + changePasswordPage.changePassword("password", "new", "new"); + Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); + events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent(); + } + + @Test + public void changePasswordWithLengthPasswordPolicy() { + setPasswordPolicy("length(8)"); + + changePasswordPage.open(); + loginPage.login("test-user@localhost", "password"); + events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent(); + + changePasswordPage.changePassword("password", "1234", "1234"); + Assert.assertEquals("Invalid password: minimum length 8.", profilePage.getError()); + events.expectAccount(EventType.UPDATE_PASSWORD_ERROR).error(Errors.PASSWORD_REJECTED).assertEvent(); + + changePasswordPage.changePassword("password", "12345678", "12345678"); + Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); + events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent(); + } + + @Test + public void changePasswordWithDigitsPolicy() { + setPasswordPolicy("digits(2)"); + + changePasswordPage.open(); + loginPage.login("test-user@localhost", "password"); + events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent(); + + changePasswordPage.changePassword("password", "invalidPassword1", "invalidPassword1"); + Assert.assertEquals("Invalid password: must contain at least 2 numerical digits.", profilePage.getError()); + events.expectAccount(EventType.UPDATE_PASSWORD_ERROR).error(Errors.PASSWORD_REJECTED).assertEvent(); + + changePasswordPage.changePassword("password", "validPassword12", "validPassword12"); + Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); + events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent(); + } + + @Test + public void changePasswordWithLowerCasePolicy() { + setPasswordPolicy("lowerCase(2)"); + + changePasswordPage.open(); + loginPage.login("test-user@localhost", "password"); + events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent(); + + changePasswordPage.changePassword("password", "iNVALIDPASSWORD", "iNVALIDPASSWORD"); + Assert.assertEquals("Invalid password: must contain at least 2 lower case characters.", profilePage.getError()); + events.expectAccount(EventType.UPDATE_PASSWORD_ERROR).error(Errors.PASSWORD_REJECTED).assertEvent(); + + changePasswordPage.changePassword("password", "vaLIDPASSWORD", "vaLIDPASSWORD"); + Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); + events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent(); + } + + @Test + public void changePasswordWithUpperCasePolicy() { + setPasswordPolicy("upperCase(2)"); + + changePasswordPage.open(); + loginPage.login("test-user@localhost", "password"); + events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent(); + + changePasswordPage.changePassword("password", "Invalidpassword", "Invalidpassword"); + Assert.assertEquals("Invalid password: must contain at least 2 upper case characters.", profilePage.getError()); + events.expectAccount(EventType.UPDATE_PASSWORD_ERROR).error(Errors.PASSWORD_REJECTED).assertEvent(); + + + changePasswordPage.changePassword("password", "VAlidpassword", "VAlidpassword"); + Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); + events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent(); + } + + @Test + public void changePasswordWithSpecialCharsPolicy() { + setPasswordPolicy("specialChars(2)"); + + changePasswordPage.open(); + loginPage.login("test-user@localhost", "password"); + events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent(); + + changePasswordPage.changePassword("password", "invalidPassword*", "invalidPassword*"); + Assert.assertEquals("Invalid password: must contain at least 2 special characters.", profilePage.getError()); + events.expectAccount(EventType.UPDATE_PASSWORD_ERROR).error(Errors.PASSWORD_REJECTED).assertEvent(); + + + changePasswordPage.changePassword("password", "validPassword*#", "validPassword*#"); + Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); + events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent(); + } + + @Test + public void changePasswordWithNotUsernamePolicy() { + setPasswordPolicy("notUsername(1)"); + + changePasswordPage.open(); + loginPage.login("test-user@localhost", "password"); + events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent(); + + changePasswordPage.changePassword("password", "test-user@localhost", "test-user@localhost"); + Assert.assertEquals("Invalid password: must not be equal to the username.", profilePage.getError()); + events.expectAccount(EventType.UPDATE_PASSWORD_ERROR).error(Errors.PASSWORD_REJECTED).assertEvent(); + + + changePasswordPage.changePassword("password", "newPassword", "newPassword"); + Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); + events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent(); + } + + @Test + public void changePasswordWithRegexPatternsPolicy() { + setPasswordPolicy("regexPattern(^[A-Z]+#[a-z]{8}$)"); + + changePasswordPage.open(); + loginPage.login("test-user@localhost", "password"); + events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent(); + + changePasswordPage.changePassword("password", "invalidPassword", "invalidPassword"); + Assert.assertEquals("Invalid password: fails to match regex pattern(s).", profilePage.getError()); + events.expectAccount(EventType.UPDATE_PASSWORD_ERROR).error(Errors.PASSWORD_REJECTED).assertEvent(); + + + changePasswordPage.changePassword("password", "VALID#password", "VALID#password"); Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent(); } diff --git a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authentication/PasswordPolicyTest.java b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authentication/PasswordPolicyTest.java index 68da020b1a..e70acd4f30 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authentication/PasswordPolicyTest.java +++ b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authentication/PasswordPolicyTest.java @@ -178,6 +178,12 @@ public class PasswordPolicyTest extends AbstractConsoleTest { testUserCredentialsPage.resetPassword("firstPassword"); assertAlertDanger(); + + testUserCredentialsPage.resetPassword("thirdPassword"); + assertAlertSuccess(); + + testUserCredentialsPage.resetPassword("firstPassword"); + assertAlertSuccess(); } }