Make the ORGANIZATION a default feature (#32404)

Closes #32395

Signed-off-by: vramik <vramik@redhat.com>
This commit is contained in:
Vlasta Ramik 2024-09-18 12:19:28 +02:00 committed by GitHub
parent c137482d77
commit 4ce40be1af
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
41 changed files with 210 additions and 168 deletions

View file

@ -118,7 +118,7 @@ public class Profile {
DECLARATIVE_UI("declarative ui spi", Type.EXPERIMENTAL), DECLARATIVE_UI("declarative ui spi", Type.EXPERIMENTAL),
ORGANIZATION("Organization support within realms", Type.PREVIEW), ORGANIZATION("Organization support within realms", Type.DEFAULT),
PASSKEYS("Passkeys", Type.PREVIEW), PASSKEYS("Passkeys", Type.PREVIEW),

View file

@ -104,6 +104,10 @@ when exporting a realm.
For information on how to migrate, see the link:{upgradingguide_link}[{upgradingguide_name}]. For information on how to migrate, see the link:{upgradingguide_link}[{upgradingguide_name}].
= Keycloak Organization is now a supported feature
Starting with {project_name} 26, the Organizations feature is fully supported.
= Adding support for ECDH-ES encryption key management algorithms = Adding support for ECDH-ES encryption key management algorithms
Now {project_name} allows configuring ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW or ECDH-ES+A256KW as the encryption key management algorithm for clients. The Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) specification introduces three new header parameters for the JWT: `epk`, `apu` and `apv`. Currently {project_name} implementation only manages the compulsory `epk` while the other two (which are optional) are never added to the header. For more information about those algorithms please refer to the link:https://datatracker.ietf.org/doc/html/rfc7518#section-4.6[JSON Web Algorithms (JWA)]. Now {project_name} allows configuring ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW or ECDH-ES+A256KW as the encryption key management algorithm for clients. The Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) specification introduces three new header parameters for the JWT: `epk`, `apu` and `apv`. Currently {project_name} implementation only manages the compulsory `epk` while the other two (which are optional) are never added to the header. For more information about those algorithms please refer to the link:https://datatracker.ietf.org/doc/html/rfc7518#section-4.6[JSON Web Algorithms (JWA)].

View file

@ -155,7 +155,7 @@ public class ExecutionTest extends AbstractAuthenticationTest {
AuthenticationExecutionInfoRepresentation previousExecution = findPreviousExecution(exec, executionReps); AuthenticationExecutionInfoRepresentation previousExecution = findPreviousExecution(exec, executionReps);
Assert.assertNotNull(previousExecution); Assert.assertNotNull(previousExecution);
compareExecution(newExecInfo("Review Profile", "idp-review-profile", true, 0, 4, DISABLED, null, new String[]{REQUIRED, ALTERNATIVE,DISABLED}, previousExecution.getPriority() + 1), exec); compareExecution(newExecInfo("Review Profile", "idp-review-profile", true, 0, 5, DISABLED, null, new String[]{REQUIRED, ALTERNATIVE,DISABLED}, previousExecution.getPriority() + 1), exec);
// remove execution // remove execution
authMgmtResource.removeExecution(exec.getId()); authMgmtResource.removeExecution(exec.getId());

View file

@ -408,7 +408,8 @@ public class FlowTest extends AbstractAuthenticationTest {
// adjust expected values before comparing // adjust expected values before comparing
browser.setAlias("Copy of browser"); browser.setAlias("Copy of browser");
browser.setBuiltIn(false); browser.setBuiltIn(false);
browser.getAuthenticationExecutions().get(3).setFlowAlias("Copy of browser forms"); browser.getAuthenticationExecutions().get(3).setFlowAlias("Copy of browser Organization");
browser.getAuthenticationExecutions().get(4).setFlowAlias("Copy of browser forms");
compareFlows(browser, copyOfBrowser); compareFlows(browser, copyOfBrowser);
// get new flow directly and compare // get new flow directly and compare

View file

@ -126,13 +126,18 @@ public class InitialFlowsTest extends AbstractAuthenticationTest {
addExecExport(flow, null, false, "auth-cookie", false, null, ALTERNATIVE, 10); addExecExport(flow, null, false, "auth-cookie", false, null, ALTERNATIVE, 10);
addExecExport(flow, null, false, "auth-spnego", false, null, DISABLED, 20); addExecExport(flow, null, false, "auth-spnego", false, null, DISABLED, 20);
addExecExport(flow, null, false, "identity-provider-redirector", false, null, ALTERNATIVE, 25); addExecExport(flow, null, false, "identity-provider-redirector", false, null, ALTERNATIVE, 25);
addExecExport(flow, "Organization", false, null, true, null, ALTERNATIVE, 26);
addExecExport(flow, "forms", false, null, true, null, ALTERNATIVE, 30); addExecExport(flow, "forms", false, null, true, null, ALTERNATIVE, 30);
List<AuthenticationExecutionInfoRepresentation> execs = new LinkedList<>(); List<AuthenticationExecutionInfoRepresentation> execs = new LinkedList<>();
addExecInfo(execs, "Cookie", "auth-cookie", false, 0, 0, ALTERNATIVE, null, new String[]{REQUIRED, ALTERNATIVE, DISABLED}, 10); addExecInfo(execs, "Cookie", "auth-cookie", false, 0, 0, ALTERNATIVE, null, new String[]{REQUIRED, ALTERNATIVE, DISABLED}, 10);
addExecInfo(execs, "Kerberos", "auth-spnego", false, 0, 1, DISABLED, null, kerberosAuthExpectedChoices, 20); addExecInfo(execs, "Kerberos", "auth-spnego", false, 0, 1, DISABLED, null, kerberosAuthExpectedChoices, 20);
addExecInfo(execs, "Identity Provider Redirector", "identity-provider-redirector", true, 0, 2, ALTERNATIVE, null, new String[]{REQUIRED, ALTERNATIVE, DISABLED}, 25); addExecInfo(execs, "Identity Provider Redirector", "identity-provider-redirector", true, 0, 2, ALTERNATIVE, null, new String[]{REQUIRED, ALTERNATIVE, DISABLED}, 25);
addExecInfo(execs, "forms", null, false, 0, 3, ALTERNATIVE, true, new String[]{REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL}, 30); addExecInfo(execs, "Organization", null, false, 0, 3, ALTERNATIVE, true, new String[]{REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL}, 26);
addExecInfo(execs, "Browser - Conditional Organization", null, false, 1, 0, CONDITIONAL, true, new String[]{REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL}, 10);
addExecInfo(execs, "Condition - user configured", "conditional-user-configured", false, 2, 0, REQUIRED, null, new String[]{REQUIRED, DISABLED}, 10);
addExecInfo(execs, "Organization Identity-First Login", "organization", true, 2, 1, ALTERNATIVE, null, new String[]{REQUIRED, ALTERNATIVE, DISABLED}, 20);
addExecInfo(execs, "forms", null, false, 0, 4, ALTERNATIVE, true, new String[]{REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL}, 30);
addExecInfo(execs, "Username Password Form", "auth-username-password-form", false, 1, 0, REQUIRED, null, new String[]{REQUIRED}, 10); addExecInfo(execs, "Username Password Form", "auth-username-password-form", false, 1, 0, REQUIRED, null, new String[]{REQUIRED}, 10);
addExecInfo(execs, "Browser - Conditional OTP", null, false, 1, 1, CONDITIONAL, true, new String[]{REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL}, 20); addExecInfo(execs, "Browser - Conditional OTP", null, false, 1, 1, CONDITIONAL, true, new String[]{REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL}, 20);
addExecInfo(execs, "Condition - user configured", "conditional-user-configured", false, 2, 0, REQUIRED, null, new String[]{REQUIRED, DISABLED}, 10); addExecInfo(execs, "Condition - user configured", "conditional-user-configured", false, 2, 0, REQUIRED, null, new String[]{REQUIRED, DISABLED}, 10);
@ -176,6 +181,7 @@ public class InitialFlowsTest extends AbstractAuthenticationTest {
"basic-flow", true, true); "basic-flow", true, true);
addExecExport(flow, null, false, "idp-review-profile", false, "review profile config", REQUIRED, 10); addExecExport(flow, null, false, "idp-review-profile", false, "review profile config", REQUIRED, 10);
addExecExport(flow, "User creation or linking", false, null, true, null, REQUIRED, 20); addExecExport(flow, "User creation or linking", false, null, true, null, REQUIRED, 20);
addExecExport(flow, "First Broker Login - Conditional Organization", false, null, true, null, CONDITIONAL, 50);
execs = new LinkedList<>(); execs = new LinkedList<>();
addExecInfo(execs, "Review Profile", "idp-review-profile", true, 0, 0, REQUIRED, null, new String[]{REQUIRED, ALTERNATIVE, DISABLED}, 10); addExecInfo(execs, "Review Profile", "idp-review-profile", true, 0, 0, REQUIRED, null, new String[]{REQUIRED, ALTERNATIVE, DISABLED}, 10);
@ -190,6 +196,9 @@ public class InitialFlowsTest extends AbstractAuthenticationTest {
addExecInfo(execs, "First broker login - Conditional OTP", null, false, 4, 1, CONDITIONAL, true, new String[]{REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL}, 20); addExecInfo(execs, "First broker login - Conditional OTP", null, false, 4, 1, CONDITIONAL, true, new String[]{REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL}, 20);
addExecInfo(execs, "Condition - user configured", "conditional-user-configured", false, 5, 0, REQUIRED, null, new String[]{REQUIRED, DISABLED}, 10); addExecInfo(execs, "Condition - user configured", "conditional-user-configured", false, 5, 0, REQUIRED, null, new String[]{REQUIRED, DISABLED}, 10);
addExecInfo(execs, "OTP Form", "auth-otp-form", false, 5, 1, REQUIRED, null, new String[]{REQUIRED, ALTERNATIVE, DISABLED}, 20); addExecInfo(execs, "OTP Form", "auth-otp-form", false, 5, 1, REQUIRED, null, new String[]{REQUIRED, ALTERNATIVE, DISABLED}, 20);
addExecInfo(execs, "First Broker Login - Conditional Organization", null, false, 0, 2, CONDITIONAL, true, new String[]{REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL}, 50);
addExecInfo(execs, "Condition - user configured", "conditional-user-configured", false, 1, 0, REQUIRED, null, new String[]{REQUIRED, DISABLED}, 10);
addExecInfo(execs, "Organization Member Onboard", "idp-add-organization-member", false, 1, 1, REQUIRED, null, new String[]{REQUIRED, ALTERNATIVE, DISABLED}, 20);
expected.add(new FlowExecutions(flow, execs)); expected.add(new FlowExecutions(flow, execs));
flow = newFlow("registration", "Registration flow", "basic-flow", true, true); flow = newFlow("registration", "Registration flow", "basic-flow", true, true);

View file

@ -230,6 +230,9 @@ public class ProvidersTest extends AbstractAuthenticationTest {
addProviderInfo(result, "custom-callback-authenticator", "Custom callback Factory", addProviderInfo(result, "custom-callback-authenticator", "Custom callback Factory",
"Used for testing purposes of Callback factory"); "Used for testing purposes of Callback factory");
addProviderInfo(result, "idp-add-organization-member", "Organization Member Onboard", "Adds a federated user as a member of an organization");
addProviderInfo(result, "organization", "Organization Identity-First Login", "If organizations are enabled, automatically redirects users to the corresponding identity provider.");
return result; return result;
} }
@ -246,9 +249,9 @@ public class ProvidersTest extends AbstractAuthenticationTest {
} }
private List<Map<String, Object>> normalizeResults(List<Map<String, Object>> list) { private List<Map<String, Object>> normalizeResults(List<Map<String, Object>> list) {
ArrayList<Map<String, Object>> result = new ArrayList(); ArrayList<Map<String, Object>> result = new ArrayList<>();
for (Map<String, Object> item: list) { for (Map<String, Object> item: list) {
result.add(new HashMap(item)); result.add(new HashMap<>(item));
} }
return sortProviders(result); return sortProviders(result);
} }

View file

@ -984,6 +984,7 @@ public class UserStorageTest extends AbstractAuthTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
RealmModel realm = currentSession.realms().getRealmByName("test"); RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
UserModel user = currentSession.users().getUserByUsername(realm, "thor"); UserModel user = currentSession.users().getUserByUsername(realm, "thor");
Assert.assertFalse(StorageId.isLocalStorage(user.getId())); Assert.assertFalse(StorageId.isLocalStorage(user.getId()));
@ -1008,6 +1009,7 @@ public class UserStorageTest extends AbstractAuthTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
RealmModel realm = currentSession.realms().getRealmByName("test"); RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
UserModel user = currentSession.users().getUserByUsername(realm, "thor"); UserModel user = currentSession.users().getUserByUsername(realm, "thor");
// Assert priorities: password, otp1, otp2 // Assert priorities: password, otp1, otp2
@ -1027,6 +1029,7 @@ public class UserStorageTest extends AbstractAuthTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
RealmModel realm = currentSession.realms().getRealmByName("test"); RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
UserModel user = currentSession.users().getUserByUsername(realm, "thor"); UserModel user = currentSession.users().getUserByUsername(realm, "thor");
// Assert priorities: password, otp2, otp1 // Assert priorities: password, otp2, otp1
@ -1040,6 +1043,7 @@ public class UserStorageTest extends AbstractAuthTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
RealmModel realm = currentSession.realms().getRealmByName("test"); RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
UserModel user = currentSession.users().getUserByUsername(realm, "thor"); UserModel user = currentSession.users().getUserByUsername(realm, "thor");
// Assert priorities: otp2, password, otp1 // Assert priorities: otp2, password, otp1
@ -1053,6 +1057,7 @@ public class UserStorageTest extends AbstractAuthTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
RealmModel realm = currentSession.realms().getRealmByName("test"); RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
UserModel user = currentSession.users().getUserByUsername(realm, "thor"); UserModel user = currentSession.users().getUserByUsername(realm, "thor");
// Assert priorities: otp2, otp1, password // Assert priorities: otp2, otp1, password
@ -1066,6 +1071,7 @@ public class UserStorageTest extends AbstractAuthTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
RealmModel realm = currentSession.realms().getRealmByName("test"); RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
UserModel user = currentSession.users().getUserByUsername(realm, "thor"); UserModel user = currentSession.users().getUserByUsername(realm, "thor");
// Assert priorities: otp2, otp1, password // Assert priorities: otp2, otp1, password
@ -1079,6 +1085,7 @@ public class UserStorageTest extends AbstractAuthTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
RealmModel realm = currentSession.realms().getRealmByName("test"); RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
UserModel user = currentSession.users().getUserByUsername(realm, "thor"); UserModel user = currentSession.users().getUserByUsername(realm, "thor");
// Assert priorities: otp2, password // Assert priorities: otp2, password

View file

@ -23,7 +23,6 @@ import org.junit.After;
import org.junit.Before; import org.junit.Before;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.common.util.Time; import org.keycloak.common.util.Time;
import org.keycloak.infinispan.util.InfinispanUtils; import org.keycloak.infinispan.util.InfinispanUtils;
import org.keycloak.models.ClientModel; import org.keycloak.models.ClientModel;
@ -100,6 +99,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCRUD1) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCRUD1) -> {
KeycloakSession currentSession = sessionCRUD1; KeycloakSession currentSession = sessionCRUD1;
RealmModel realm = currentSession.realms().getRealm(realmId); RealmModel realm = currentSession.realms().getRealm(realmId);
currentSession.getContext().setRealm(realm);
ClientModel client1 = realm.getClientByClientId("test-app"); ClientModel client1 = realm.getClientByClientId("test-app");
@ -116,6 +116,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCRUD2) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCRUD2) -> {
KeycloakSession currentSession = sessionCRUD2; KeycloakSession currentSession = sessionCRUD2;
RealmModel realm = currentSession.realms().getRealm(realmId); RealmModel realm = currentSession.realms().getRealm(realmId);
currentSession.getContext().setRealm(realm);
ClientModel client1 = realm.getClientByClientId("test-app"); ClientModel client1 = realm.getClientByClientId("test-app");
@ -135,6 +136,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCRUD3) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCRUD3) -> {
KeycloakSession currentSession = sessionCRUD3; KeycloakSession currentSession = sessionCRUD3;
RealmModel realm = currentSession.realms().getRealm(realmId); RealmModel realm = currentSession.realms().getRealm(realmId);
currentSession.getContext().setRealm(realm);
UserModel user1 = currentSession.users().getUserByUsername(realm, "user1"); UserModel user1 = currentSession.users().getUserByUsername(realm, "user1");
// Ensure currentSession was updated // Ensure currentSession was updated
@ -153,6 +155,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCRUD4) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCRUD4) -> {
KeycloakSession currentSession = sessionCRUD4; KeycloakSession currentSession = sessionCRUD4;
RealmModel realm = currentSession.realms().getRealm(realmId); RealmModel realm = currentSession.realms().getRealm(realmId);
currentSession.getContext().setRealm(realm);
// Ensure currentSession was removed // Ensure currentSession was removed
assertThat(currentSession.authenticationSessions().getRootAuthenticationSession(realm, rootAuthSessionID.get()), nullValue()); assertThat(currentSession.authenticationSessions().getRootAuthenticationSession(realm, rootAuthSessionID.get()), nullValue());
@ -169,6 +172,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRestart1) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRestart1) -> {
KeycloakSession currentSession = sessionRestart1; KeycloakSession currentSession = sessionRestart1;
RealmModel realm = currentSession.realms().getRealm(realmId); RealmModel realm = currentSession.realms().getRealm(realmId);
currentSession.getContext().setRealm(realm);
ClientModel client1 = realm.getClientByClientId("test-app"); ClientModel client1 = realm.getClientByClientId("test-app");
UserModel user1 = currentSession.users().getUserByUsername(realm, "user1"); UserModel user1 = currentSession.users().getUserByUsername(realm, "user1");
@ -191,6 +195,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRestart2) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRestart2) -> {
KeycloakSession currentSession = sessionRestart2; KeycloakSession currentSession = sessionRestart2;
RealmModel realm = currentSession.realms().getRealm(realmId); RealmModel realm = currentSession.realms().getRealm(realmId);
currentSession.getContext().setRealm(realm);
// Test restart root authentication session // Test restart root authentication session
ClientModel client1 = realm.getClientByClientId("test-app"); ClientModel client1 = realm.getClientByClientId("test-app");
@ -202,6 +207,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRestart3) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRestart3) -> {
KeycloakSession currentSession = sessionRestart3; KeycloakSession currentSession = sessionRestart3;
RealmModel realm = currentSession.realms().getRealm(realmId); RealmModel realm = currentSession.realms().getRealm(realmId);
currentSession.getContext().setRealm(realm);
ClientModel client1 = realm.getClientByClientId("test-app"); ClientModel client1 = realm.getClientByClientId("test-app");

View file

@ -122,6 +122,7 @@ public class CompositeRolesModelTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session5) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session5) -> {
RealmModel realm = session5.realms().getRealmByName("TestComposites"); RealmModel realm = session5.realms().getRealmByName("TestComposites");
session5.getContext().setRealm(realm);
Set<RoleModel> requestedRoles = getRequestedRoles(realm.getClientByClientId("APP_COMPOSITE_APPLICATION"), session.users().getUserByUsername(realm, "APP_COMPOSITE_USER")); Set<RoleModel> requestedRoles = getRequestedRoles(realm.getClientByClientId("APP_COMPOSITE_APPLICATION"), session.users().getUserByUsername(realm, "APP_COMPOSITE_USER"));

View file

@ -225,6 +225,7 @@ public class ConcurrentTransactionsTest extends AbstractTestRealmKeycloakTest {
try { try {
// Read user attribute // Read user attribute
RealmModel realm = session1.realms().getRealmByName("original"); RealmModel realm = session1.realms().getRealmByName("original");
session1.getContext().setRealm(realm);
UserModel john = session1.users().getUserByUsername(realm, "john"); UserModel john = session1.users().getUserByUsername(realm, "john");
String attrVal = john.getFirstAttribute("foo"); String attrVal = john.getFirstAttribute("foo");

View file

@ -36,6 +36,7 @@ public class CredentialModelTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
RealmModel realm = currentSession.realms().getRealmByName("test"); RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
UserModel user = currentSession.users().getUserByUsername(realm, "test-user@localhost"); UserModel user = currentSession.users().getUserByUsername(realm, "test-user@localhost");
List<CredentialModel> list = user.credentialManager().getStoredCredentialsStream() List<CredentialModel> list = user.credentialManager().getStoredCredentialsStream()
@ -55,6 +56,7 @@ public class CredentialModelTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
RealmModel realm = currentSession.realms().getRealmByName("test"); RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
UserModel user = currentSession.users().getUserByUsername(realm, "test-user@localhost"); UserModel user = currentSession.users().getUserByUsername(realm, "test-user@localhost");
// Assert priorities: password, otp1, otp2 // Assert priorities: password, otp1, otp2
@ -74,6 +76,7 @@ public class CredentialModelTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
RealmModel realm = currentSession.realms().getRealmByName("test"); RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
UserModel user = currentSession.users().getUserByUsername(realm, "test-user@localhost"); UserModel user = currentSession.users().getUserByUsername(realm, "test-user@localhost");
// Assert priorities: password, otp2, otp1 // Assert priorities: password, otp2, otp1
@ -87,6 +90,7 @@ public class CredentialModelTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
RealmModel realm = currentSession.realms().getRealmByName("test"); RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
UserModel user = currentSession.users().getUserByUsername(realm, "test-user@localhost"); UserModel user = currentSession.users().getUserByUsername(realm, "test-user@localhost");
// Assert priorities: otp2, password, otp1 // Assert priorities: otp2, password, otp1
@ -100,6 +104,7 @@ public class CredentialModelTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
RealmModel realm = currentSession.realms().getRealmByName("test"); RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
UserModel user = currentSession.users().getUserByUsername(realm, "test-user@localhost"); UserModel user = currentSession.users().getUserByUsername(realm, "test-user@localhost");
// Assert priorities: otp2, otp1, password // Assert priorities: otp2, otp1, password
@ -113,6 +118,7 @@ public class CredentialModelTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
RealmModel realm = currentSession.realms().getRealmByName("test"); RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
UserModel user = currentSession.users().getUserByUsername(realm, "test-user@localhost"); UserModel user = currentSession.users().getUserByUsername(realm, "test-user@localhost");
// Assert priorities: otp2, otp1, password // Assert priorities: otp2, otp1, password
@ -126,6 +132,7 @@ public class CredentialModelTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
RealmModel realm = currentSession.realms().getRealmByName("test"); RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
UserModel user = currentSession.users().getUserByUsername(realm, "test-user@localhost"); UserModel user = currentSession.users().getUserByUsername(realm, "test-user@localhost");
// Assert priorities: otp2, password // Assert priorities: otp2, password
@ -139,7 +146,7 @@ public class CredentialModelTest extends AbstractTestRealmKeycloakTest {
private void assertOrder(List<CredentialModel> creds, String... expectedIds) { private void assertOrder(List<CredentialModel> creds, String... expectedIds) {
Assert.assertEquals(expectedIds.length, creds.size()); Assert.assertEquals(expectedIds.length, creds.size());
if (creds.size() == 0) return; if (creds.isEmpty()) return;
for (int i=0 ; i<expectedIds.length ; i++) { for (int i=0 ; i<expectedIds.length ; i++) {
Assert.assertEquals(creds.get(i).getId(), expectedIds[i]); Assert.assertEquals(creds.get(i).getId(), expectedIds[i]);

View file

@ -80,21 +80,23 @@ public class MultipleRealmsTest extends AbstractTestRealmKeycloakTest {
KeycloakSession currentSession = sessionTestUser1; KeycloakSession currentSession = sessionTestUser1;
RealmModel realm1 = currentSession.realms().createRealm(KeycloakModelUtils.generateId(), "realm1"); RealmModel realm1 = currentSession.realms().createRealm(KeycloakModelUtils.generateId(), "realm1");
RealmModel realm2 = currentSession.realms().createRealm(KeycloakModelUtils.generateId(), "realm2"); currentSession.getContext().setRealm(realm1);
String id1 = realm1.getId(); String id1 = realm1.getId();
String id2 = realm2.getId();
realm1.setDefaultRole(currentSession.roles().addRealmRole(realm1, Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + realm1.getName())); realm1.setDefaultRole(currentSession.roles().addRealmRole(realm1, Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + realm1.getName()));
realm2.setDefaultRole(currentSession.roles().addRealmRole(realm2, Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + realm2.getName()));
createObjects(currentSession, realm1); createObjects(currentSession, realm1);
createObjects(currentSession, realm2);
UserModel r1user1 = currentSession.users().getUserByUsername(realm1, "user1"); UserModel r1user1 = currentSession.users().getUserByUsername(realm1, "user1");
UserModel r2user1 = currentSession.users().getUserByUsername(realm2, "user1");
r1user1Atomic.set(r1user1); r1user1Atomic.set(r1user1);
RealmModel realm2 = currentSession.realms().createRealm(KeycloakModelUtils.generateId(), "realm2");
currentSession.getContext().setRealm(realm2);
String id2 = realm2.getId();
realm2.setDefaultRole(currentSession.roles().addRealmRole(realm2, Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + realm2.getName()));
createObjects(currentSession, realm2);
UserModel r2user1 = currentSession.users().getUserByUsername(realm2, "user1");
Assert.assertEquals(r1user1.getUsername(), r2user1.getUsername()); Assert.assertEquals(r1user1.getUsername(), r2user1.getUsername());
// The following check is not valid anymore since file store does have the same ID, and is redundant due to the previous line // The following check is not valid anymore since file store does have the same ID, and is redundant due to the previous line
// Assert.assertNotEquals(r1user1.getId(), r2user1.getId()); // Assert.assertNotEquals(r1user1.getId(), r2user1.getId());
@ -108,6 +110,7 @@ public class MultipleRealmsTest extends AbstractTestRealmKeycloakTest {
Assert.assertFalse(r2user1.credentialManager().isValid(UserCredentialModel.password("pass1"))); Assert.assertFalse(r2user1.credentialManager().isValid(UserCredentialModel.password("pass1")));
Assert.assertTrue(r2user1.credentialManager().isValid(UserCredentialModel.password("pass2"))); Assert.assertTrue(r2user1.credentialManager().isValid(UserCredentialModel.password("pass2")));
currentSession.getContext().setRealm(realm1);
// Test searching // Test searching
Assert.assertEquals(2, currentSession.users().searchForUserStream(realm1, Map.of(UserModel.SEARCH, "user")).count()); Assert.assertEquals(2, currentSession.users().searchForUserStream(realm1, Map.of(UserModel.SEARCH, "user")).count());
@ -162,30 +165,34 @@ public class MultipleRealmsTest extends AbstractTestRealmKeycloakTest {
KeycloakSession currentSession = sessionById; KeycloakSession currentSession = sessionById;
RealmModel realm1 = currentSession.realms().createRealm(KeycloakModelUtils.generateId(), "realm1"); RealmModel realm1 = currentSession.realms().createRealm(KeycloakModelUtils.generateId(), "realm1");
RealmModel realm2 = currentSession.realms().createRealm(KeycloakModelUtils.generateId(), "realm2"); currentSession.getContext().setRealm(realm1);
String id1 = realm1.getId(); String id1 = realm1.getId();
String id2 = realm2.getId();
realm1.setDefaultRole(currentSession.roles().addRealmRole(realm1, Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + realm1.getName())); realm1.setDefaultRole(currentSession.roles().addRealmRole(realm1, Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + realm1.getName()));
realm2.setDefaultRole(currentSession.roles().addRealmRole(realm2, Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + realm2.getName()));
createObjects(currentSession, realm1); createObjects(currentSession, realm1);
createObjects(currentSession, realm2);
Assert.assertEquals(realm1, currentSession.realms().getRealm(id1)); Assert.assertEquals(realm1, currentSession.realms().getRealm(id1));
Assert.assertEquals(realm1, currentSession.realms().getRealmByName("realm1")); Assert.assertEquals(realm1, currentSession.realms().getRealmByName("realm1"));
Assert.assertEquals(realm2, currentSession.realms().getRealm(id2));
Assert.assertEquals(realm2, currentSession.realms().getRealmByName("realm2"));
ClientModel r1app1 = realm1.getClientByClientId("app1"); ClientModel r1app1 = realm1.getClientByClientId("app1");
Assert.assertNotNull(realm1.getClientByClientId("app2")); Assert.assertNotNull(realm1.getClientByClientId("app2"));
Assert.assertNotNull(realm2.getClientByClientId("app1"));
Assert.assertNotNull(realm2.getClientByClientId("app2"));
Assert.assertEquals(r1app1, realm1.getClientById(r1app1.getId())); Assert.assertEquals(r1app1, realm1.getClientById(r1app1.getId()));
assertThat(r1app1.getAttribute(REALM_ATTRIBUTE), is(realm1.getName())); assertThat(r1app1.getAttribute(REALM_ATTRIBUTE), is(realm1.getName()));
RealmModel realm2 = currentSession.realms().createRealm(KeycloakModelUtils.generateId(), "realm2");
currentSession.getContext().setRealm(realm2);
String id2 = realm2.getId();
realm2.setDefaultRole(currentSession.roles().addRealmRole(realm2, Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + realm2.getName()));
createObjects(currentSession, realm2);
Assert.assertEquals(realm2, currentSession.realms().getRealm(id2));
Assert.assertEquals(realm2, currentSession.realms().getRealmByName("realm2"));
Assert.assertNotNull(realm2.getClientByClientId("app1"));
Assert.assertNotNull(realm2.getClientByClientId("app2"));
ClientModel r2cl1 = realm2.getClientByClientId("cl1"); ClientModel r2cl1 = realm2.getClientByClientId("cl1");
Assert.assertEquals(r2cl1.getId(), realm2.getClientById(r2cl1.getId()).getId()); Assert.assertEquals(r2cl1.getId(), realm2.getClientById(r2cl1.getId()).getId());
assertThat(r2cl1.getAttribute(REALM_ATTRIBUTE), is(realm2.getName())); assertThat(r2cl1.getAttribute(REALM_ATTRIBUTE), is(realm2.getName()));
@ -197,8 +204,11 @@ public class MultipleRealmsTest extends AbstractTestRealmKeycloakTest {
RoleModel r2Role1 = realm2.getRole("role2"); RoleModel r2Role1 = realm2.getRole("role2");
assertAttrRealm(realm2, r2Role1.getAttributeStream(REALM_ATTRIBUTE)); assertAttrRealm(realm2, r2Role1.getAttributeStream(REALM_ATTRIBUTE));
currentSession.getContext().setRealm(realm1);
UserModel user1 = currentSession.users().getUserByUsername(realm1, "user1"); UserModel user1 = currentSession.users().getUserByUsername(realm1, "user1");
assertAttrRealm(realm1, user1.getAttributeStream(REALM_ATTRIBUTE)); assertAttrRealm(realm1, user1.getAttributeStream(REALM_ATTRIBUTE));
currentSession.getContext().setRealm(realm2);
UserModel user1a = currentSession.users().getUserByUsername(realm2, "user1"); UserModel user1a = currentSession.users().getUserByUsername(realm2, "user1");
assertAttrRealm(realm2, user1a.getAttributeStream(REALM_ATTRIBUTE)); assertAttrRealm(realm2, user1a.getAttributeStream(REALM_ATTRIBUTE));

View file

@ -160,6 +160,7 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
KeycloakSession currentSession = sessionCT; KeycloakSession currentSession = sessionCT;
RealmModel realm = currentSession.realms().getRealm(realmId); RealmModel realm = currentSession.realms().getRealm(realmId);
currentSession.getContext().setRealm(realm);
ClientModel fooClient = realm.getClientByClientId("foo-client"); ClientModel fooClient = realm.getClientByClientId("foo-client");
ClientModel barClient = realm.getClientByClientId("bar-client"); ClientModel barClient = realm.getClientByClientId("bar-client");
@ -168,26 +169,26 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
UserModel mary = currentSession.users().getUserByUsername(realm, "mary"); UserModel mary = currentSession.users().getUserByUsername(realm, "mary");
UserConsentModel johnFooConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId()); UserConsentModel johnFooConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId());
Assert.assertEquals(johnFooConsent.getGrantedClientScopes().size(), 1); Assert.assertEquals(1, johnFooConsent.getGrantedClientScopes().size());
Assert.assertTrue(isClientScopeGranted(realm, "foo", johnFooConsent)); Assert.assertTrue(isClientScopeGranted(realm, "foo", johnFooConsent));
Assert.assertNotNull("Created Date should be set", johnFooConsent.getCreatedDate()); Assert.assertNotNull("Created Date should be set", johnFooConsent.getCreatedDate());
Assert.assertNotNull("Last Updated Date should be set", johnFooConsent.getLastUpdatedDate()); Assert.assertNotNull("Last Updated Date should be set", johnFooConsent.getLastUpdatedDate());
UserConsentModel johnBarConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, barClient.getId()); UserConsentModel johnBarConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, barClient.getId());
Assert.assertEquals(johnBarConsent.getGrantedClientScopes().size(), 1); Assert.assertEquals(1, johnBarConsent.getGrantedClientScopes().size());
Assert.assertTrue(isClientScopeGranted(realm, "bar", johnBarConsent)); Assert.assertTrue(isClientScopeGranted(realm, "bar", johnBarConsent));
Assert.assertNotNull("Created Date should be set", johnBarConsent.getCreatedDate()); Assert.assertNotNull("Created Date should be set", johnBarConsent.getCreatedDate());
Assert.assertNotNull("Last Updated Date should be set", johnBarConsent.getLastUpdatedDate()); Assert.assertNotNull("Last Updated Date should be set", johnBarConsent.getLastUpdatedDate());
UserConsentModel maryConsent = UserConsentManager.getConsentByClient(currentSession, realm, mary, fooClient.getId()); UserConsentModel maryConsent = UserConsentManager.getConsentByClient(currentSession, realm, mary, fooClient.getId());
Assert.assertEquals(maryConsent.getGrantedClientScopes().size(), 1); Assert.assertEquals(1, maryConsent.getGrantedClientScopes().size());
Assert.assertTrue(isClientScopeGranted(realm, "foo", maryConsent)); Assert.assertTrue(isClientScopeGranted(realm, "foo", maryConsent));
Assert.assertNotNull("Created Date should be set", maryConsent.getCreatedDate()); Assert.assertNotNull("Created Date should be set", maryConsent.getCreatedDate());
Assert.assertNotNull("Last Updated Date should be set", maryConsent.getLastUpdatedDate()); Assert.assertNotNull("Last Updated Date should be set", maryConsent.getLastUpdatedDate());
ClientModel hardcodedClient = currentSession.clients().getClientByClientId(realm, "hardcoded-client"); ClientModel hardcodedClient = currentSession.clients().getClientByClientId(realm, "hardcoded-client");
UserConsentModel maryHardcodedConsent = UserConsentManager.getConsentByClient(currentSession, realm, mary, hardcodedClient.getId()); UserConsentModel maryHardcodedConsent = UserConsentManager.getConsentByClient(currentSession, realm, mary, hardcodedClient.getId());
Assert.assertEquals(maryHardcodedConsent.getGrantedClientScopes().size(), 0); Assert.assertEquals(0, maryHardcodedConsent.getGrantedClientScopes().size());
Assert.assertNotNull("Created Date should be set", maryHardcodedConsent.getCreatedDate()); Assert.assertNotNull("Created Date should be set", maryHardcodedConsent.getCreatedDate());
Assert.assertNotNull("Last Updated Date should be set", maryHardcodedConsent.getLastUpdatedDate()); Assert.assertNotNull("Last Updated Date should be set", maryHardcodedConsent.getLastUpdatedDate());
@ -203,6 +204,7 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionACT) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionACT) -> {
KeycloakSession currentSession = sessionACT; KeycloakSession currentSession = sessionACT;
RealmModel realm = currentSession.realms().getRealm(realmId); RealmModel realm = currentSession.realms().getRealm(realmId);
currentSession.getContext().setRealm(realm);
ClientModel fooClient = realm.getClientByClientId("foo-client"); ClientModel fooClient = realm.getClientByClientId("foo-client");
@ -224,11 +226,11 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
} }
Assert.assertEquals(maryConsent.getClient().getId(), fooClient.getId()); Assert.assertEquals(maryConsent.getClient().getId(), fooClient.getId());
Assert.assertEquals(maryConsent.getGrantedClientScopes().size(), 1); Assert.assertEquals(1, maryConsent.getGrantedClientScopes().size());
Assert.assertTrue(isClientScopeGranted(realm, "foo", maryConsent)); Assert.assertTrue(isClientScopeGranted(realm, "foo", maryConsent));
Assert.assertEquals(maryHardcodedConsent.getClient().getId(), hardcodedClient.getId()); Assert.assertEquals(maryHardcodedConsent.getClient().getId(), hardcodedClient.getId());
Assert.assertEquals(maryHardcodedConsent.getGrantedClientScopes().size(), 0); Assert.assertEquals(0, maryHardcodedConsent.getGrantedClientScopes().size());
}); });
} }
@ -239,6 +241,7 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession removalTestSession1) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession removalTestSession1) -> {
KeycloakSession currentSession = removalTestSession1; KeycloakSession currentSession = removalTestSession1;
RealmModel realm = currentSession.realms().getRealm(realmId); RealmModel realm = currentSession.realms().getRealm(realmId);
currentSession.getContext().setRealm(realm);
ClientModel fooClient = realm.getClientByClientId("foo-client"); ClientModel fooClient = realm.getClientByClientId("foo-client");
UserModel john = currentSession.users().getUserByUsername(realm, "john"); UserModel john = currentSession.users().getUserByUsername(realm, "john");
@ -256,12 +259,13 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession removalTestSession2) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession removalTestSession2) -> {
KeycloakSession currentSession = removalTestSession2; KeycloakSession currentSession = removalTestSession2;
RealmModel realm = currentSession.realms().getRealm(realmId); RealmModel realm = currentSession.realms().getRealm(realmId);
currentSession.getContext().setRealm(realm);
ClientModel fooClient = realm.getClientByClientId("foo-client"); ClientModel fooClient = realm.getClientByClientId("foo-client");
UserModel john = currentSession.users().getUserByUsername(realm, "john"); UserModel john = currentSession.users().getUserByUsername(realm, "john");
UserConsentModel johnConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId()); UserConsentModel johnConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId());
Assert.assertEquals(johnConsent.getGrantedClientScopes().size(), 0); Assert.assertEquals(0, johnConsent.getGrantedClientScopes().size());
Assert.assertTrue("Created date should be less than last updated date", johnConsent.getCreatedDate() < johnConsent.getLastUpdatedDate()); Assert.assertTrue("Created date should be less than last updated date", johnConsent.getCreatedDate() < johnConsent.getLastUpdatedDate());
}); });
} }
@ -273,6 +277,7 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRT1) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRT1) -> {
KeycloakSession currentSession = sessionRT1; KeycloakSession currentSession = sessionRT1;
RealmModel realm = currentSession.realms().getRealm(realmId); RealmModel realm = currentSession.realms().getRealm(realmId);
currentSession.getContext().setRealm(realm);
ClientModel fooClient = realm.getClientByClientId("foo-client"); ClientModel fooClient = realm.getClientByClientId("foo-client");
UserModel john = currentSession.users().getUserByUsername(realm, "john"); UserModel john = currentSession.users().getUserByUsername(realm, "john");
@ -286,6 +291,7 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRT2) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRT2) -> {
KeycloakSession currentSession = sessionRT2; KeycloakSession currentSession = sessionRT2;
RealmModel realm = currentSession.realms().getRealm(realmId); RealmModel realm = currentSession.realms().getRealm(realmId);
currentSession.getContext().setRealm(realm);
ClientModel fooClient = realm.getClientByClientId("foo-client"); ClientModel fooClient = realm.getClientByClientId("foo-client");
ClientModel hardcodedClient = currentSession.clients().getClientByClientId(realm, "hardcoded-client"); ClientModel hardcodedClient = currentSession.clients().getClientByClientId(realm, "hardcoded-client");
@ -320,6 +326,7 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionST1) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionST1) -> {
KeycloakSession currentSession = sessionST1; KeycloakSession currentSession = sessionST1;
RealmModel realm = currentSession.realms().getRealm(realmId); RealmModel realm = currentSession.realms().getRealm(realmId);
currentSession.getContext().setRealm(realm);
ClientScopeModel fooScope = KeycloakModelUtils.getClientScopeByName(realm, "foo"); ClientScopeModel fooScope = KeycloakModelUtils.getClientScopeByName(realm, "foo");
realm.removeClientScope(fooScope.getId()); realm.removeClientScope(fooScope.getId());
@ -328,13 +335,14 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionST2) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionST2) -> {
KeycloakSession currentSession = sessionST2; KeycloakSession currentSession = sessionST2;
RealmModel realm = currentSession.realms().getRealm(realmId); RealmModel realm = currentSession.realms().getRealm(realmId);
currentSession.getContext().setRealm(realm);
ClientModel fooClient = realm.getClientByClientId("foo-client"); ClientModel fooClient = realm.getClientByClientId("foo-client");
UserModel john = currentSession.users().getUserByUsername(realm, "john"); UserModel john = currentSession.users().getUserByUsername(realm, "john");
UserConsentModel johnConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId()); UserConsentModel johnConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId());
Assert.assertEquals(johnConsent.getGrantedClientScopes().size(), 0); Assert.assertEquals(0, johnConsent.getGrantedClientScopes().size());
}); });
} }
@ -347,6 +355,7 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionDCT1) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionDCT1) -> {
KeycloakSession currentSession = sessionDCT1; KeycloakSession currentSession = sessionDCT1;
RealmModel realm = currentSession.realms().getRealm(realmId); RealmModel realm = currentSession.realms().getRealm(realmId);
currentSession.getContext().setRealm(realm);
ClientModel barClient = realm.getClientByClientId("bar-client"); ClientModel barClient = realm.getClientByClientId("bar-client");
barClientID.set(barClient.getId()); barClientID.set(barClient.getId());
@ -357,15 +366,15 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionDCT2) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionDCT2) -> {
KeycloakSession currentSession = sessionDCT2; KeycloakSession currentSession = sessionDCT2;
RealmModel realm = currentSession.realms().getRealm(realmId); RealmModel realm = currentSession.realms().getRealm(realmId);
currentSession.getContext().setRealm(realm);
ClientModel fooClient = realm.getClientByClientId("foo-client"); ClientModel fooClient = realm.getClientByClientId("foo-client");
Assert.assertNull(realm.getClientByClientId("bar-client")); Assert.assertNull(realm.getClientByClientId("bar-client"));
UserModel john = currentSession.users().getUserByUsername(realm, "john"); UserModel john = currentSession.users().getUserByUsername(realm, "john");
ClientModel barClient = realm.getClientByClientId("bar-client");
UserConsentModel johnFooConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId()); UserConsentModel johnFooConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId());
Assert.assertEquals(johnFooConsent.getGrantedClientScopes().size(), 1); Assert.assertEquals(1, johnFooConsent.getGrantedClientScopes().size());
Assert.assertTrue(isClientScopeGranted(realm, "foo", johnFooConsent)); Assert.assertTrue(isClientScopeGranted(realm, "foo", johnFooConsent));
Assert.assertNull(UserConsentManager.getConsentByClient(currentSession, realm, john, barClientID.get())); Assert.assertNull(UserConsentManager.getConsentByClient(currentSession, realm, john, barClientID.get()));
@ -379,6 +388,7 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCST1) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCST1) -> {
KeycloakSession currentSession = sessionCST1; KeycloakSession currentSession = sessionCST1;
RealmModel realm = currentSession.realms().getRealm(realmId); RealmModel realm = currentSession.realms().getRealm(realmId);
currentSession.getContext().setRealm(realm);
realm.removeComponent(clientStorageComponent); realm.removeComponent(clientStorageComponent);
}); });
@ -386,6 +396,7 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCST2) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCST2) -> {
KeycloakSession currentSession = sessionCST2; KeycloakSession currentSession = sessionCST2;
RealmModel realm = currentSession.realms().getRealm(realmId); RealmModel realm = currentSession.realms().getRealm(realmId);
currentSession.getContext().setRealm(realm);
ClientModel hardcodedClient = currentSession.clients().getClientByClientId(realm, "hardcoded-client"); ClientModel hardcodedClient = currentSession.clients().getClientByClientId(realm, "hardcoded-client");
Assert.assertNull(hardcodedClient); Assert.assertNull(hardcodedClient);

View file

@ -167,6 +167,7 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSessionCT) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSessionCT) -> {
KeycloakSession currentSession = currentSessionCT; KeycloakSession currentSession = currentSessionCT;
RealmModel realm = currentSession.realms().getRealmByName("original"); RealmModel realm = currentSession.realms().getRealmByName("original");
currentSession.getContext().setRealm(realm);
ClientModel fooClient = realm.getClientByClientId("foo-client"); ClientModel fooClient = realm.getClientByClientId("foo-client");
ClientModel barClient = realm.getClientByClientId("bar-client"); ClientModel barClient = realm.getClientByClientId("bar-client");
@ -175,26 +176,26 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
UserModel mary = currentSessionCT.users().getUserByUsername(realm, "mary"); UserModel mary = currentSessionCT.users().getUserByUsername(realm, "mary");
UserConsentModel johnFooConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId()); UserConsentModel johnFooConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId());
Assert.assertEquals(johnFooConsent.getGrantedClientScopes().size(), 1); Assert.assertEquals(1, johnFooConsent.getGrantedClientScopes().size());
Assert.assertTrue(isClientScopeGranted(realm, "foo", johnFooConsent)); Assert.assertTrue(isClientScopeGranted(realm, "foo", johnFooConsent));
Assert.assertNotNull("Created Date should be set", johnFooConsent.getCreatedDate()); Assert.assertNotNull("Created Date should be set", johnFooConsent.getCreatedDate());
Assert.assertNotNull("Last Updated Date should be set", johnFooConsent.getLastUpdatedDate()); Assert.assertNotNull("Last Updated Date should be set", johnFooConsent.getLastUpdatedDate());
UserConsentModel johnBarConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, barClient.getId()); UserConsentModel johnBarConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, barClient.getId());
Assert.assertEquals(johnBarConsent.getGrantedClientScopes().size(), 1); Assert.assertEquals(1, johnBarConsent.getGrantedClientScopes().size());
Assert.assertTrue(isClientScopeGranted(realm, "bar", johnBarConsent)); Assert.assertTrue(isClientScopeGranted(realm, "bar", johnBarConsent));
Assert.assertNotNull("Created Date should be set", johnBarConsent.getCreatedDate()); Assert.assertNotNull("Created Date should be set", johnBarConsent.getCreatedDate());
Assert.assertNotNull("Last Updated Date should be set", johnBarConsent.getLastUpdatedDate()); Assert.assertNotNull("Last Updated Date should be set", johnBarConsent.getLastUpdatedDate());
UserConsentModel maryConsent = UserConsentManager.getConsentByClient(currentSession, realm, mary, fooClient.getId()); UserConsentModel maryConsent = UserConsentManager.getConsentByClient(currentSession, realm, mary, fooClient.getId());
Assert.assertEquals(maryConsent.getGrantedClientScopes().size(), 1); Assert.assertEquals(1, maryConsent.getGrantedClientScopes().size());
Assert.assertTrue(isClientScopeGranted(realm, "foo", maryConsent)); Assert.assertTrue(isClientScopeGranted(realm, "foo", maryConsent));
Assert.assertNotNull("Created Date should be set", maryConsent.getCreatedDate()); Assert.assertNotNull("Created Date should be set", maryConsent.getCreatedDate());
Assert.assertNotNull("Last Updated Date should be set", maryConsent.getLastUpdatedDate()); Assert.assertNotNull("Last Updated Date should be set", maryConsent.getLastUpdatedDate());
ClientModel hardcodedClient = currentSessionCT.clients().getClientByClientId(realm, "hardcoded-client"); ClientModel hardcodedClient = currentSessionCT.clients().getClientByClientId(realm, "hardcoded-client");
UserConsentModel maryHardcodedConsent = UserConsentManager.getConsentByClient(currentSession, realm, mary, hardcodedClient.getId()); UserConsentModel maryHardcodedConsent = UserConsentManager.getConsentByClient(currentSession, realm, mary, hardcodedClient.getId());
Assert.assertEquals(maryHardcodedConsent.getGrantedClientScopes().size(), 0); Assert.assertEquals(0, maryHardcodedConsent.getGrantedClientScopes().size());
Assert.assertNotNull("Created Date should be set", maryHardcodedConsent.getCreatedDate()); Assert.assertNotNull("Created Date should be set", maryHardcodedConsent.getCreatedDate());
Assert.assertNotNull("Last Updated Date should be set", maryHardcodedConsent.getLastUpdatedDate()); Assert.assertNotNull("Last Updated Date should be set", maryHardcodedConsent.getLastUpdatedDate());
@ -210,6 +211,7 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSessionACT) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSessionACT) -> {
KeycloakSession currentSession = currentSessionACT; KeycloakSession currentSession = currentSessionACT;
RealmModel realm = currentSession.realms().getRealmByName("original"); RealmModel realm = currentSession.realms().getRealmByName("original");
currentSession.getContext().setRealm(realm);
ClientModel fooClient = realm.getClientByClientId("foo-client"); ClientModel fooClient = realm.getClientByClientId("foo-client");
@ -231,11 +233,11 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
} }
Assert.assertEquals(maryConsent.getClient().getId(), fooClient.getId()); Assert.assertEquals(maryConsent.getClient().getId(), fooClient.getId());
Assert.assertEquals(maryConsent.getGrantedClientScopes().size(), 1); Assert.assertEquals(1, maryConsent.getGrantedClientScopes().size());
Assert.assertTrue(isClientScopeGranted(realm, "foo", maryConsent)); Assert.assertTrue(isClientScopeGranted(realm, "foo", maryConsent));
Assert.assertEquals(maryHardcodedConsent.getClient().getId(), hardcodedClient.getId()); Assert.assertEquals(maryHardcodedConsent.getClient().getId(), hardcodedClient.getId());
Assert.assertEquals(maryHardcodedConsent.getGrantedClientScopes().size(), 0); Assert.assertEquals(0, maryHardcodedConsent.getGrantedClientScopes().size());
}); });
} }
@ -246,6 +248,7 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionScopeRemoval1) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionScopeRemoval1) -> {
KeycloakSession currentSession = sessionScopeRemoval1; KeycloakSession currentSession = sessionScopeRemoval1;
RealmModel realm = currentSession.realms().getRealmByName("original"); RealmModel realm = currentSession.realms().getRealmByName("original");
currentSession.getContext().setRealm(realm);
ClientModel fooClient = realm.getClientByClientId("foo-client"); ClientModel fooClient = realm.getClientByClientId("foo-client");
UserModel john = currentSession.users().getUserByUsername(realm, "john"); UserModel john = currentSession.users().getUserByUsername(realm, "john");
@ -263,12 +266,13 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionScopeRemoval2) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionScopeRemoval2) -> {
KeycloakSession currentSession = sessionScopeRemoval2; KeycloakSession currentSession = sessionScopeRemoval2;
RealmModel realm = currentSession.realms().getRealmByName("original"); RealmModel realm = currentSession.realms().getRealmByName("original");
currentSession.getContext().setRealm(realm);
ClientModel fooClient = realm.getClientByClientId("foo-client"); ClientModel fooClient = realm.getClientByClientId("foo-client");
UserModel john = currentSession.users().getUserByUsername(realm, "john"); UserModel john = currentSession.users().getUserByUsername(realm, "john");
UserConsentModel johnConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId()); UserConsentModel johnConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId());
Assert.assertEquals(johnConsent.getGrantedClientScopes().size(), 0); Assert.assertEquals(0, johnConsent.getGrantedClientScopes().size());
Assert.assertTrue("Created date should be less than last updated date", johnConsent.getCreatedDate() < johnConsent.getLastUpdatedDate()); Assert.assertTrue("Created date should be less than last updated date", johnConsent.getCreatedDate() < johnConsent.getLastUpdatedDate());
}); });
} }
@ -280,6 +284,7 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRevoke1) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRevoke1) -> {
KeycloakSession currentSession = sessionRevoke1; KeycloakSession currentSession = sessionRevoke1;
RealmModel realm = currentSession.realms().getRealmByName("original"); RealmModel realm = currentSession.realms().getRealmByName("original");
currentSession.getContext().setRealm(realm);
ClientModel fooClient = realm.getClientByClientId("foo-client"); ClientModel fooClient = realm.getClientByClientId("foo-client");
UserModel john = currentSession.users().getUserByUsername(realm, "john"); UserModel john = currentSession.users().getUserByUsername(realm, "john");
@ -293,6 +298,7 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRevoke2) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRevoke2) -> {
KeycloakSession currentSession = sessionRevoke2; KeycloakSession currentSession = sessionRevoke2;
RealmModel realm = currentSession.realms().getRealmByName("original"); RealmModel realm = currentSession.realms().getRealmByName("original");
currentSession.getContext().setRealm(realm);
ClientModel fooClient = realm.getClientByClientId("foo-client"); ClientModel fooClient = realm.getClientByClientId("foo-client");
ClientModel hardcodedClient = currentSession.clients().getClientByClientId(realm, "hardcoded-client"); ClientModel hardcodedClient = currentSession.clients().getClientByClientId(realm, "hardcoded-client");
@ -329,8 +335,8 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesDelClScope1) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesDelClScope1) -> {
KeycloakSession currentSession = sesDelClScope1; KeycloakSession currentSession = sesDelClScope1;
RealmModel realm = currentSession.realms().getRealmByName("original"); RealmModel realm = currentSession.realms().getRealmByName("original");
currentSession.getContext().setRealm(realm);
ClientModel fooClient = realm.getClientByClientId("foo-client");
ClientScopeModel fooScope = KeycloakModelUtils.getClientScopeByName(realm, "foo"); ClientScopeModel fooScope = KeycloakModelUtils.getClientScopeByName(realm, "foo");
realm.removeClientScope(fooScope.getId()); realm.removeClientScope(fooScope.getId());
}); });
@ -338,12 +344,13 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesDelClScope2) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesDelClScope2) -> {
KeycloakSession currentSession = sesDelClScope2; KeycloakSession currentSession = sesDelClScope2;
RealmModel realm = currentSession.realms().getRealmByName("original"); RealmModel realm = currentSession.realms().getRealmByName("original");
currentSession.getContext().setRealm(realm);
ClientModel fooClient = realm.getClientByClientId("foo-client"); ClientModel fooClient = realm.getClientByClientId("foo-client");
UserModel john = currentSession.users().getUserByUsername(realm, "john"); UserModel john = currentSession.users().getUserByUsername(realm, "john");
UserConsentModel johnConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId()); UserConsentModel johnConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId());
Assert.assertEquals(johnConsent.getGrantedClientScopes().size(), 0); Assert.assertEquals(0, johnConsent.getGrantedClientScopes().size());
}); });
} }
@ -356,6 +363,7 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
KeycloakSession currentSession = sesDelClient1; KeycloakSession currentSession = sesDelClient1;
RealmManager realmManager = new RealmManager(currentSession); RealmManager realmManager = new RealmManager(currentSession);
RealmModel realm = realmManager.getRealmByName("original"); RealmModel realm = realmManager.getRealmByName("original");
currentSession.getContext().setRealm(realm);
ClientModel barClient = realm.getClientByClientId("bar-client"); ClientModel barClient = realm.getClientByClientId("bar-client");
barClientID.set(barClient.getId()); barClientID.set(barClient.getId());
@ -367,6 +375,7 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
KeycloakSession currentSession = sesDelClient2; KeycloakSession currentSession = sesDelClient2;
RealmManager realmManager = new RealmManager(currentSession); RealmManager realmManager = new RealmManager(currentSession);
RealmModel realm = realmManager.getRealmByName("original"); RealmModel realm = realmManager.getRealmByName("original");
currentSession.getContext().setRealm(realm);
ClientModel fooClient = realm.getClientByClientId("foo-client"); ClientModel fooClient = realm.getClientByClientId("foo-client");
Assert.assertNull(realm.getClientByClientId("bar-client")); Assert.assertNull(realm.getClientByClientId("bar-client"));
@ -374,7 +383,7 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
UserModel john = realmManager.getSession().users().getUserByUsername(realm, "john"); UserModel john = realmManager.getSession().users().getUserByUsername(realm, "john");
UserConsentModel johnFooConsent = UserConsentManager.getConsentByClient(realmManager.getSession(), realm, john, fooClient.getId()); UserConsentModel johnFooConsent = UserConsentManager.getConsentByClient(realmManager.getSession(), realm, john, fooClient.getId());
Assert.assertEquals(johnFooConsent.getGrantedClientScopes().size(), 1); Assert.assertEquals(1, johnFooConsent.getGrantedClientScopes().size());
Assert.assertTrue(isClientScopeGranted(realm, "foo", johnFooConsent)); Assert.assertTrue(isClientScopeGranted(realm, "foo", johnFooConsent));
Assert.assertNull(UserConsentManager.getConsentByClient(realmManager.getSession(), realm, john, barClientID.get())); Assert.assertNull(UserConsentManager.getConsentByClient(realmManager.getSession(), realm, john, barClientID.get()));
@ -388,6 +397,7 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesDelClientStore1) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesDelClientStore1) -> {
KeycloakSession currentSession = sesDelClientStore1; KeycloakSession currentSession = sesDelClientStore1;
RealmModel realm = currentSession.realms().getRealmByName("original"); RealmModel realm = currentSession.realms().getRealmByName("original");
currentSession.getContext().setRealm(realm);
realm.removeComponent(clientStorageComponent); realm.removeComponent(clientStorageComponent);
}); });
@ -395,6 +405,7 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesDelClientStore2) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesDelClientStore2) -> {
KeycloakSession currentSession = sesDelClientStore2; KeycloakSession currentSession = sesDelClientStore2;
RealmModel realm = currentSession.realms().getRealmByName("original"); RealmModel realm = currentSession.realms().getRealmByName("original");
currentSession.getContext().setRealm(realm);
ClientModel hardcodedClient = currentSession.clients().getClientByClientId(realm, "hardcoded-client"); ClientModel hardcodedClient = currentSession.clients().getClientByClientId(realm, "hardcoded-client");
Assert.assertNull(hardcodedClient); Assert.assertNull(hardcodedClient);

View file

@ -64,17 +64,11 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
@Rule @Rule
public InfinispanTestTimeServiceRule ispnTestTimeService = new InfinispanTestTimeServiceRule(this); public InfinispanTestTimeServiceRule ispnTestTimeService = new InfinispanTestTimeServiceRule(this);
public static void setupRealm(KeycloakSession session){
RealmModel realm = session.realms().getRealmByName("test");
UserModel user1 = session.users().addUser(realm, "user1");
user1.setEmail("user1@localhost");
UserModel user2 = session.users().addUser(realm, "user2");
user2.setEmail("user2@localhost");
}
@Before @Before
public void before() { public void before() {
testingClient.server().run( session -> { testingClient.server().run( session -> {
RealmModel realm = session.realms().getRealmByName("test"); RealmModel realm = session.realms().getRealmByName("test");
session.getContext().setRealm(realm);
session.users().addUser(realm, "user1").setEmail("user1@localhost"); session.users().addUser(realm, "user1").setEmail("user1@localhost");
session.users().addUser(realm, "user2").setEmail("user2@localhost"); session.users().addUser(realm, "user2").setEmail("user2@localhost");
}); });
@ -84,6 +78,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
public void after() { public void after() {
testingClient.server().run( session -> { testingClient.server().run( session -> {
RealmModel realm = session.realms().getRealmByName("test"); RealmModel realm = session.realms().getRealmByName("test");
session.getContext().setRealm(realm);
session.sessions().removeUserSessions(realm); session.sessions().removeUserSessions(realm);
UserModel user1 = session.users().getUserByUsername(realm, "user1"); UserModel user1 = session.users().getUserByUsername(realm, "user1");
UserModel user2 = session.users().getUserByUsername(realm, "user2"); UserModel user2 = session.users().getUserByUsername(realm, "user2");
@ -105,6 +100,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
RealmModel realm = session.realms().getRealmByName("test"); RealmModel realm = session.realms().getRealmByName("test");
UserSessionModel[] sessions = createSessions(session); UserSessionModel[] sessions = createSessions(session);
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> {
kcSession.getContext().setRealm(realm);
assertSession(kcSession.sessions().getUserSession(realm, sessions[0].getId()), session.users().getUserByUsername(realm, "user1"), "127.0.0.1", started, started, "test-app", "third-party"); assertSession(kcSession.sessions().getUserSession(realm, sessions[0].getId()), session.users().getUserByUsername(realm, "user1"), "127.0.0.1", started, started, "test-app", "third-party");
assertSession(kcSession.sessions().getUserSession(realm, sessions[1].getId()), session.users().getUserByUsername(realm, "user1"), "127.0.0.2", started, started, "test-app"); assertSession(kcSession.sessions().getUserSession(realm, sessions[1].getId()), session.users().getUserByUsername(realm, "user1"), "127.0.0.2", started, started, "test-app");
assertSession(kcSession.sessions().getUserSession(realm, sessions[2].getId()), session.users().getUserByUsername(realm, "user2"), "127.0.0.3", started, started, "test-app"); assertSession(kcSession.sessions().getUserSession(realm, sessions[2].getId()), session.users().getUserByUsername(realm, "user2"), "127.0.0.3", started, started, "test-app");
@ -118,6 +114,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
UserSessionModel[] sessions = createSessions(session); UserSessionModel[] sessions = createSessions(session);
int lastRefresh = Time.currentTime(); int lastRefresh = Time.currentTime();
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> {
kcSession.getContext().setRealm(realm);
kcSession.sessions().getUserSession(realm, sessions[0].getId()).setLastSessionRefresh(lastRefresh); kcSession.sessions().getUserSession(realm, sessions[0].getId()).setLastSessionRefresh(lastRefresh);
assertEquals(lastRefresh, kcSession.sessions().getUserSession(realm, sessions[0].getId()).getLastSessionRefresh()); assertEquals(lastRefresh, kcSession.sessions().getUserSession(realm, sessions[0].getId()).getLastSessionRefresh());
}); });
@ -130,6 +127,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
UserSessionModel[] sessions = createSessions(session); UserSessionModel[] sessions = createSessions(session);
int lastRefresh = Time.currentTime(); int lastRefresh = Time.currentTime();
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> {
kcSession.getContext().setRealm(realm);
kcSession.sessions().getUserSession(realm, sessions[0].getId()).setLastSessionRefresh(lastRefresh); kcSession.sessions().getUserSession(realm, sessions[0].getId()).setLastSessionRefresh(lastRefresh);
assertEquals(lastRefresh, kcSession.sessions().getUserSession(realm, sessions[0].getId()).getLastSessionRefresh()); assertEquals(lastRefresh, kcSession.sessions().getUserSession(realm, sessions[0].getId()).getLastSessionRefresh());
}); });
@ -145,6 +143,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
Time.setOffset(100); Time.setOffset(100);
try { try {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> {
kcSession.getContext().setRealm(realm);
UserSessionModel userSession = kcSession.sessions().getUserSession(realm, sessions[0].getId()); UserSessionModel userSession = kcSession.sessions().getUserSession(realm, sessions[0].getId());
assertSession(userSession, kcSession.users().getUserByUsername(realm, "user1"), "127.0.0.1", started, started, "test-app", "third-party"); assertSession(userSession, kcSession.users().getUserByUsername(realm, "user1"), "127.0.0.1", started, started, "test-app", "third-party");
@ -166,6 +165,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
UserSessionModel[] sessions = createSessions(session); UserSessionModel[] sessions = createSessions(session);
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> {
kcSession.getContext().setRealm(realm);
Map<String, AuthenticatedClientSessionModel> clientSessions = kcSession.sessions().getUserSession(realm, sessions[0].getId()).getAuthenticatedClientSessions(); Map<String, AuthenticatedClientSessionModel> clientSessions = kcSession.sessions().getUserSession(realm, sessions[0].getId()).getAuthenticatedClientSessions();
assertEquals(2, clientSessions.size()); assertEquals(2, clientSessions.size());
@ -192,6 +192,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
String clientUUID = realm.getClientByClientId("test-app").getId(); String clientUUID = realm.getClientByClientId("test-app").getId();
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> {
kcSession.getContext().setRealm(realm);
UserSessionModel userSession = kcSession.sessions().getUserSession(realm, userSessionId); UserSessionModel userSession = kcSession.sessions().getUserSession(realm, userSessionId);
AuthenticatedClientSessionModel clientSession = userSession.getAuthenticatedClientSessions().get(clientUUID); AuthenticatedClientSessionModel clientSession = userSession.getAuthenticatedClientSessions().get(clientUUID);
@ -217,6 +218,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
String clientUUID = realm.getClientByClientId("test-app").getId(); String clientUUID = realm.getClientByClientId("test-app").getId();
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> {
kcSession.getContext().setRealm(realm);
UserSessionModel userSession = kcSession.sessions().getUserSession(realm, userSessionId); UserSessionModel userSession = kcSession.sessions().getUserSession(realm, userSessionId);
AuthenticatedClientSessionModel clientSession = userSession.getAuthenticatedClientSessionByClient(clientUUID); AuthenticatedClientSessionModel clientSession = userSession.getAuthenticatedClientSessionByClient(clientUUID);
@ -242,6 +244,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
String clientUUID = realm.getClientByClientId("test-app").getId(); String clientUUID = realm.getClientByClientId("test-app").getId();
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> {
kcSession.getContext().setRealm(realm);
UserSessionModel userSession = kcSession.sessions().getUserSession(realm, userSessionId); UserSessionModel userSession = kcSession.sessions().getUserSession(realm, userSessionId);
AuthenticatedClientSessionModel clientSession = userSession.getAuthenticatedClientSessionByClient(clientUUID); AuthenticatedClientSessionModel clientSession = userSession.getAuthenticatedClientSessionByClient(clientUUID);
@ -261,6 +264,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
UserSessionModel[] sessions = createSessions(session); UserSessionModel[] sessions = createSessions(session);
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> {
kcSession.getContext().setRealm(realm);
assertSessions(kcSession.sessions().getUserSessionsStream(realm, session.users().getUserByUsername(realm, "user1")) assertSessions(kcSession.sessions().getUserSessionsStream(realm, session.users().getUserByUsername(realm, "user1"))
.collect(Collectors.toList()), sessions[0], sessions[1]); .collect(Collectors.toList()), sessions[0], sessions[1]);
assertSessions(kcSession.sessions().getUserSessionsStream(realm, session.users().getUserByUsername(realm, "user2")) assertSessions(kcSession.sessions().getUserSessionsStream(realm, session.users().getUserByUsername(realm, "user2"))
@ -276,6 +280,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
final Map<String, Integer> clientSessionsKept = new HashMap<>(); final Map<String, Integer> clientSessionsKept = new HashMap<>();
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
kcSession.getContext().setRealm(realm);
clientSessionsKept.putAll(kcSession.sessions().getUserSessionsStream(realm, clientSessionsKept.putAll(kcSession.sessions().getUserSessionsStream(realm,
kcSession.users().getUserByUsername(realm, "user2")) kcSession.users().getUserByUsername(realm, "user2"))
.collect(Collectors.toMap(model -> model.getId(), model -> model.getAuthenticatedClientSessions().keySet().size()))); .collect(Collectors.toMap(model -> model.getId(), model -> model.getAuthenticatedClientSessions().keySet().size())));
@ -284,6 +289,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
}); });
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> {
kcSession.getContext().setRealm(realm);
assertEquals(0, kcSession.sessions().getUserSessionsStream(realm, kcSession.users().getUserByUsername(realm, "user1")) assertEquals(0, kcSession.sessions().getUserSessionsStream(realm, kcSession.users().getUserByUsername(realm, "user1"))
.count()); .count());
List<UserSessionModel> userSessions = kcSession.sessions().getUserSessionsStream(realm, List<UserSessionModel> userSessions = kcSession.sessions().getUserSessionsStream(realm,
@ -303,6 +309,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
public void testRemoveUserSession(KeycloakSession session) { public void testRemoveUserSession(KeycloakSession session) {
String userSessionId = KeycloakModelUtils.runJobInTransactionWithResult(session.getKeycloakSessionFactory(), kcSession -> { String userSessionId = KeycloakModelUtils.runJobInTransactionWithResult(session.getKeycloakSessionFactory(), kcSession -> {
RealmModel realm = kcSession.realms().getRealmByName("test"); RealmModel realm = kcSession.realms().getRealmByName("test");
kcSession.getContext().setRealm(realm);
UserSessionModel userSession = createSessions(kcSession)[0]; UserSessionModel userSession = createSessions(kcSession)[0];
userSession = kcSession.sessions().getUserSession(realm, userSession.getId()); userSession = kcSession.sessions().getUserSession(realm, userSession.getId());
@ -320,9 +327,13 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
@ModelTest @ModelTest
public void testRemoveUserSessionsByRealm(KeycloakSession session) { public void testRemoveUserSessionsByRealm(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test"); RealmModel realm = session.realms().getRealmByName("test");
session.getContext().setRealm(realm);
createSessions(session); createSessions(session);
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> kcSession.sessions().removeUserSessions(realm)); KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> {
kcSession.getContext().setRealm(realm);
kcSession.sessions().removeUserSessions(realm);
});
var user1 = session.users().getUserByUsername(realm, "user1"); var user1 = session.users().getUserByUsername(realm, "user1");
var user2 = session.users().getUserByUsername(realm, "user2"); var user2 = session.users().getUserByUsername(realm, "user2");
@ -340,6 +351,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
try { try {
clientRemoved = KeycloakModelUtils.runJobInTransactionWithResult(session.getKeycloakSessionFactory(), kcSession -> { clientRemoved = KeycloakModelUtils.runJobInTransactionWithResult(session.getKeycloakSessionFactory(), kcSession -> {
RealmModel realm = kcSession.realms().getRealmByName("test"); RealmModel realm = kcSession.realms().getRealmByName("test");
kcSession.getContext().setRealm(realm);
String thirdPartyClientUUID = realm.getClientByClientId("third-party").getId(); String thirdPartyClientUUID = realm.getClientByClientId("third-party").getId();
Map<String, Set<String>> clientSessionsKept = new HashMap<>(); Map<String, Set<String>> clientSessionsKept = new HashMap<>();
@ -366,6 +378,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> {
// Revert client // Revert client
RealmModel realm = kcSession.realms().getRealmByName("test"); RealmModel realm = kcSession.realms().getRealmByName("test");
kcSession.getContext().setRealm(realm);
realm.addClient("third-party"); realm.addClient("third-party");
}); });
} }
@ -377,6 +390,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
public void testRemoveUserSessionsByExpired(KeycloakSession session) { public void testRemoveUserSessionsByExpired(KeycloakSession session) {
try { try {
RealmModel realm = session.realms().getRealmByName("test"); RealmModel realm = session.realms().getRealmByName("test");
session.getContext().setRealm(realm);
ClientModel client = realm.getClientByClientId("test-app"); ClientModel client = realm.getClientByClientId("test-app");
Set<String> validUserSessions = new HashSet<>(); Set<String> validUserSessions = new HashSet<>();
@ -385,6 +399,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
// create an user session that is older than the max lifespan timeout. // create an user session that is older than the max lifespan timeout.
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> {
session1.getContext().setRealm(realm);
Time.setOffset(-(realm.getSsoSessionMaxLifespan() + 1)); Time.setOffset(-(realm.getSsoSessionMaxLifespan() + 1));
UserSessionModel userSession = session1.sessions().createUserSession(null, realm, session1.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", false, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT); UserSessionModel userSession = session1.sessions().createUserSession(null, realm, session1.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", false, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
expiredUserSessions.add(userSession.getId()); expiredUserSessions.add(userSession.getId());
@ -394,6 +409,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
// create an user session whose last refresh exceeds the max session idle timeout. // create an user session whose last refresh exceeds the max session idle timeout.
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> {
session1.getContext().setRealm(realm);
Time.setOffset(-(realm.getSsoSessionIdleTimeout() + SessionTimeoutHelper.PERIODIC_CLEANER_IDLE_TIMEOUT_WINDOW_SECONDS + 1)); Time.setOffset(-(realm.getSsoSessionIdleTimeout() + SessionTimeoutHelper.PERIODIC_CLEANER_IDLE_TIMEOUT_WINDOW_SECONDS + 1));
UserSessionModel s = session1.sessions().createUserSession(null, realm, session1.users().getUserByUsername(realm, "user2"), "user2", "127.0.0.1", "form", false, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT); UserSessionModel s = session1.sessions().createUserSession(null, realm, session1.users().getUserByUsername(realm, "user2"), "user2", "127.0.0.1", "form", false, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
// no need to explicitly set the last refresh time - it is the same as the creation time. // no need to explicitly set the last refresh time - it is the same as the creation time.
@ -403,15 +419,20 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
// create an user session and associated client session that conforms to the max lifespan and max idle timeouts. // create an user session and associated client session that conforms to the max lifespan and max idle timeouts.
Time.setOffset(0); Time.setOffset(0);
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> {
session1.getContext().setRealm(realm);
UserSessionModel userSession = session1.sessions().createUserSession(null, realm, session1.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", false, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT); UserSessionModel userSession = session1.sessions().createUserSession(null, realm, session1.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", false, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
validUserSessions.add(userSession.getId()); validUserSessions.add(userSession.getId());
validClientSessions.add(session1.sessions().createClientSession(realm, client, userSession).getId()); validClientSessions.add(session1.sessions().createClientSession(realm, client, userSession).getId());
}); });
// remove the expired sessions - we expect the first two sessions to have been removed as they either expired the max lifespan or the session idle timeouts. // remove the expired sessions - we expect the first two sessions to have been removed as they either expired the max lifespan or the session idle timeouts.
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> session1.sessions().removeExpired(realm)); KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> {
session1.getContext().setRealm(realm);
session1.sessions().removeExpired(realm);
});
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> {
kcSession.getContext().setRealm(realm);
for (String e : expiredUserSessions) { for (String e : expiredUserSessions) {
assertNull(kcSession.sessions().getUserSession(realm, e)); assertNull(kcSession.sessions().getUserSession(realm, e));
} }
@ -435,11 +456,13 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
@ModelTest @ModelTest
public void testTransientUserSession(KeycloakSession session) { public void testTransientUserSession(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test"); RealmModel realm = session.realms().getRealmByName("test");
session.getContext().setRealm(realm);
ClientModel client = realm.getClientByClientId("test-app"); ClientModel client = realm.getClientByClientId("test-app");
String userSessionId = UUID.randomUUID().toString(); String userSessionId = UUID.randomUUID().toString();
// create an user session, but don't persist it to infinispan // create an user session, but don't persist it to infinispan
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> {
session1.getContext().setRealm(realm);
long sessionsBefore = session1.sessions().getActiveUserSessions(realm, client); long sessionsBefore = session1.sessions().getActiveUserSessions(realm, client);
UserSessionModel userSession = session1.sessions().createUserSession(userSessionId, realm, session1.users().getUserByUsername(realm, "user1"), UserSessionModel userSession = session1.sessions().createUserSession(userSessionId, realm, session1.users().getUserByUsername(realm, "user1"),
@ -459,6 +482,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
// create an user session whose last refresh exceeds the max session idle timeout. // create an user session whose last refresh exceeds the max session idle timeout.
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> {
session1.getContext().setRealm(realm);
UserSessionModel userSession = session1.sessions().getUserSession(realm, userSessionId); UserSessionModel userSession = session1.sessions().getUserSession(realm, userSessionId);
Assert.assertNull(userSession); Assert.assertNull(userSession);
}); });
@ -474,6 +498,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
@ModelTest @ModelTest
public void testRemoveUserSessionsByExpiredRememberMe(KeycloakSession session) { public void testRemoveUserSessionsByExpiredRememberMe(KeycloakSession session) {
RealmModel testRealm = session.realms().getRealmByName("test"); RealmModel testRealm = session.realms().getRealmByName("test");
session.getContext().setRealm(testRealm);
int previousMaxLifespan = testRealm.getSsoSessionMaxLifespanRememberMe(); int previousMaxLifespan = testRealm.getSsoSessionMaxLifespanRememberMe();
int previousMaxIdle = testRealm.getSsoSessionIdleTimeoutRememberMe(); int previousMaxIdle = testRealm.getSsoSessionIdleTimeoutRememberMe();
try { try {
@ -485,6 +510,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
// first lets update the realm by setting remember-me timeout values, which will be 4 times higher than the default timeout values. // first lets update the realm by setting remember-me timeout values, which will be 4 times higher than the default timeout values.
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
RealmModel r = kcSession.realms().getRealmByName("test"); RealmModel r = kcSession.realms().getRealmByName("test");
kcSession.getContext().setRealm(r);
r.setSsoSessionMaxLifespanRememberMe(r.getSsoSessionMaxLifespan() * 4); r.setSsoSessionMaxLifespanRememberMe(r.getSsoSessionMaxLifespan() * 4);
r.setSsoSessionIdleTimeoutRememberMe(r.getSsoSessionIdleTimeout() * 4); r.setSsoSessionIdleTimeoutRememberMe(r.getSsoSessionIdleTimeout() * 4);
}); });
@ -493,6 +519,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
// the session's last refresh also exceeds the default 'session idle' timeout but doesn't exceed the 'session idle remember-me' timeout. // the session's last refresh also exceeds the default 'session idle' timeout but doesn't exceed the 'session idle remember-me' timeout.
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test"); RealmModel realm = kcSession.realms().getRealmByName("test");
kcSession.getContext().setRealm(realm);
Time.setOffset(-(realm.getSsoSessionMaxLifespan() * 2)); Time.setOffset(-(realm.getSsoSessionMaxLifespan() * 2));
UserSessionModel userSession = kcSession.sessions().createUserSession(null, realm, kcSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT); UserSessionModel userSession = kcSession.sessions().createUserSession(null, realm, kcSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
AuthenticatedClientSessionModel clientSession = kcSession.sessions().createClientSession(realm, client, userSession); AuthenticatedClientSessionModel clientSession = kcSession.sessions().createClientSession(realm, client, userSession);
@ -507,6 +534,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
// create an user session with remember-me enabled that is older than the 'max lifespan remember-me' timeout. // create an user session with remember-me enabled that is older than the 'max lifespan remember-me' timeout.
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test"); RealmModel realm = kcSession.realms().getRealmByName("test");
kcSession.getContext().setRealm(realm);
Time.setOffset(-(realm.getSsoSessionMaxLifespanRememberMe() + 1)); Time.setOffset(-(realm.getSsoSessionMaxLifespanRememberMe() + 1));
UserSessionModel userSession = kcSession.sessions().createUserSession(null, realm, kcSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT); UserSessionModel userSession = kcSession.sessions().createUserSession(null, realm, kcSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
expiredUserSessions.add(userSession.getId()); expiredUserSessions.add(userSession.getId());
@ -515,6 +543,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
// finally create an user session with remember-me enabled whose last refresh exceeds the 'session idle remember-me' timeout. // finally create an user session with remember-me enabled whose last refresh exceeds the 'session idle remember-me' timeout.
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test"); RealmModel realm = kcSession.realms().getRealmByName("test");
kcSession.getContext().setRealm(realm);
Time.setOffset(-(realm.getSsoSessionIdleTimeoutRememberMe() + SessionTimeoutHelper.PERIODIC_CLEANER_IDLE_TIMEOUT_WINDOW_SECONDS + 1)); Time.setOffset(-(realm.getSsoSessionIdleTimeoutRememberMe() + SessionTimeoutHelper.PERIODIC_CLEANER_IDLE_TIMEOUT_WINDOW_SECONDS + 1));
UserSessionModel userSession = kcSession.sessions().createUserSession(null, realm, kcSession.users().getUserByUsername(realm, "user2"), "user2", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT); UserSessionModel userSession = kcSession.sessions().createUserSession(null, realm, kcSession.users().getUserByUsername(realm, "user2"), "user2", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
// no need to explicitly set the last refresh time - it is the same as the creation time. // no need to explicitly set the last refresh time - it is the same as the creation time.
@ -523,10 +552,15 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
// remove the expired sessions - the first session should not be removed as it doesn't exceed any of the remember-me timeout values. // remove the expired sessions - the first session should not be removed as it doesn't exceed any of the remember-me timeout values.
Time.setOffset(0); Time.setOffset(0);
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> kcSession.sessions().removeExpired(kcSession.realms().getRealmByName("test"))); KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test");
kcSession.getContext().setRealm(realm);
kcSession.sessions().removeExpired(realm);
});
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test"); RealmModel realm = kcSession.realms().getRealmByName("test");
kcSession.getContext().setRealm(realm);
for (String sessionId : expiredUserSessions) { for (String sessionId : expiredUserSessions) {
assertNull(kcSession.sessions().getUserSession(realm, sessionId)); assertNull(kcSession.sessions().getUserSession(realm, sessionId));
@ -547,6 +581,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
// restore the original remember-me timeout values in the realm. // restore the original remember-me timeout values in the realm.
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
RealmModel r = kcSession.realms().getRealmByName("test"); RealmModel r = kcSession.realms().getRealmByName("test");
kcSession.getContext().setRealm(r);
r.setSsoSessionMaxLifespanRememberMe(previousMaxLifespan); r.setSsoSessionMaxLifespanRememberMe(previousMaxLifespan);
r.setSsoSessionIdleTimeoutRememberMe(previousMaxIdle); r.setSsoSessionIdleTimeoutRememberMe(previousMaxIdle);
}); });
@ -561,6 +596,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
try { try {
UserSessionModel userSession = sessions[0]; UserSessionModel userSession = sessions[0];
RealmModel realm = userSession.getRealm(); RealmModel realm = userSession.getRealm();
session.getContext().setRealm(realm);
// reload userSession in current session // reload userSession in current session
userSession = session.sessions().getUserSession(realm, userSession.getId()); userSession = session.sessions().getUserSession(realm, userSession.getId());
Time.setOffset(3600000); Time.setOffset(3600000);
@ -581,6 +617,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
final UserSessionModel[] sessions = createSessions(session); final UserSessionModel[] sessions = createSessions(session);
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
kcSession.getContext().setRealm(realm);
assertSessions(kcSession.sessions().getUserSessionsStream(realm, realm.getClientByClientId("test-app")) assertSessions(kcSession.sessions().getUserSessionsStream(realm, realm.getClientByClientId("test-app"))
.collect(Collectors.toList()), sessions[0], sessions[1], sessions[2]); .collect(Collectors.toList()), sessions[0], sessions[1], sessions[2]);
assertSessions(kcSession.sessions().getUserSessionsStream(realm, realm.getClientByClientId("third-party")) assertSessions(kcSession.sessions().getUserSessionsStream(realm, realm.getClientByClientId("third-party"))
@ -594,6 +631,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
RealmModel realm = session.realms().getRealmByName("test"); RealmModel realm = session.realms().getRealmByName("test");
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
kcSession.getContext().setRealm(realm);
try { try {
for (int i = 0; i < 25; i++) { for (int i = 0; i < 25; i++) {
Time.setOffset(i); Time.setOffset(i);
@ -611,6 +649,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
}); });
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
kcSession.getContext().setRealm(realm);
assertPaginatedSession(kcSession, realm, realm.getClientByClientId("test-app"), 0, 1, 1); assertPaginatedSession(kcSession, realm, realm.getClientByClientId("test-app"), 0, 1, 1);
assertPaginatedSession(kcSession, realm, realm.getClientByClientId("test-app"), 0, 10, 10); assertPaginatedSession(kcSession, realm, realm.getClientByClientId("test-app"), 0, 10, 10);
assertPaginatedSession(kcSession, realm, realm.getClientByClientId("test-app"), 10, 10, 10); assertPaginatedSession(kcSession, realm, realm.getClientByClientId("test-app"), 10, 10, 10);
@ -623,6 +662,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
@ModelTest @ModelTest
public void testCreateAndGetInSameTransaction(KeycloakSession session) { public void testCreateAndGetInSameTransaction(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test"); RealmModel realm = session.realms().getRealmByName("test");
session.getContext().setRealm(realm);
ClientModel client = realm.getClientByClientId("test-app"); ClientModel client = realm.getClientByClientId("test-app");
UserSessionModel userSession = session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.2", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT); UserSessionModel userSession = session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.2", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
AuthenticatedClientSessionModel clientSession = createClientSession(session, client, userSession, "http://redirect", "state"); AuthenticatedClientSessionModel clientSession = createClientSession(session, client, userSession, "http://redirect", "state");
@ -640,6 +680,8 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
@ModelTest @ModelTest
public void testAuthenticatedClientSessions(KeycloakSession session) { public void testAuthenticatedClientSessions(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test"); RealmModel realm = session.realms().getRealmByName("test");
session.getContext().setRealm(realm);
realm.setSsoSessionIdleTimeout(1800); realm.setSsoSessionIdleTimeout(1800);
realm.setSsoSessionMaxLifespan(36000); realm.setSsoSessionMaxLifespan(36000);
UserSessionModel userSession = session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.2", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT); UserSessionModel userSession = session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.2", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
@ -720,6 +762,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
createSessions(session); createSessions(session);
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), kcSession -> {
kcSession.getContext().setRealm(realm);
assertEquals(3, kcSession.sessions().getActiveUserSessions(realm, realm.getClientByClientId("test-app"))); assertEquals(3, kcSession.sessions().getActiveUserSessions(realm, realm.getClientByClientId("test-app")));
assertEquals(1, kcSession.sessions().getActiveUserSessions(realm, realm.getClientByClientId("third-party"))); assertEquals(1, kcSession.sessions().getActiveUserSessions(realm, realm.getClientByClientId("third-party")));
}); });
@ -729,6 +772,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
public void loginFailures() { public void loginFailures() {
testingClient.server().run((KeycloakSession kcSession) -> { testingClient.server().run((KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test"); RealmModel realm = kcSession.realms().getRealmByName("test");
kcSession.getContext().setRealm(realm);
UserLoginFailureModel failure1 = kcSession.loginFailures().addUserLoginFailure(realm, "user1"); UserLoginFailureModel failure1 = kcSession.loginFailures().addUserLoginFailure(realm, "user1");
failure1.incrementFailures(); failure1.incrementFailures();
@ -739,6 +783,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
testingClient.server().run((KeycloakSession kcSession) -> { testingClient.server().run((KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test"); RealmModel realm = kcSession.realms().getRealmByName("test");
kcSession.getContext().setRealm(realm);
UserLoginFailureModel failure1 = kcSession.loginFailures().getUserLoginFailure(realm, "user1"); UserLoginFailureModel failure1 = kcSession.loginFailures().getUserLoginFailure(realm, "user1");
assertEquals(1, failure1.getNumFailures()); assertEquals(1, failure1.getNumFailures());
@ -760,11 +805,13 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
testingClient.server().run((KeycloakSession kcSession) -> { testingClient.server().run((KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test"); RealmModel realm = kcSession.realms().getRealmByName("test");
kcSession.getContext().setRealm(realm);
kcSession.loginFailures().removeUserLoginFailure(realm, "user1"); kcSession.loginFailures().removeUserLoginFailure(realm, "user1");
}); });
testingClient.server().run((KeycloakSession kcSession) -> { testingClient.server().run((KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test"); RealmModel realm = kcSession.realms().getRealmByName("test");
kcSession.getContext().setRealm(realm);
assertNull(kcSession.loginFailures().getUserLoginFailure(realm, "user1")); assertNull(kcSession.loginFailures().getUserLoginFailure(realm, "user1"));
@ -773,6 +820,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
testingClient.server().run((KeycloakSession kcSession) -> { testingClient.server().run((KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test"); RealmModel realm = kcSession.realms().getRealmByName("test");
kcSession.getContext().setRealm(realm);
assertNull(kcSession.loginFailures().getUserLoginFailure(realm, "user1")); assertNull(kcSession.loginFailures().getUserLoginFailure(realm, "user1"));
assertNull(kcSession.loginFailures().getUserLoginFailure(realm, "user2")); assertNull(kcSession.loginFailures().getUserLoginFailure(realm, "user2"));
}); });
@ -784,22 +832,26 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
} }
public static void testOnUserRemoved(KeycloakSession session) { public static void testOnUserRemoved(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test"); RealmModel realm = session.realms().getRealmByName("test");
session.getContext().setRealm(realm);
UserModel user1 = session.users().getUserByUsername(realm, "user1"); UserModel user1 = session.users().getUserByUsername(realm, "user1");
UserModel user2 = session.users().getUserByUsername(realm, "user2"); UserModel user2 = session.users().getUserByUsername(realm, "user2");
createSessions(session); createSessions(session);
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
kcSession.getContext().setRealm(realm);
assertEquals(2, kcSession.sessions().getUserSessionsStream(realm, user1).count()); assertEquals(2, kcSession.sessions().getUserSessionsStream(realm, user1).count());
assertEquals(1, kcSession.sessions().getUserSessionsStream(realm, user2).count()); assertEquals(1, kcSession.sessions().getUserSessionsStream(realm, user2).count());
}); });
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
kcSession.getContext().setRealm(realm);
// remove user1 // remove user1
new UserManager(kcSession).removeUser(realm, user1); new UserManager(kcSession).removeUser(realm, user1);
}); });
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
kcSession.getContext().setRealm(realm);
assertEquals(0, kcSession.sessions().getUserSessionsStream(realm, user1).count()); assertEquals(0, kcSession.sessions().getUserSessionsStream(realm, user1).count());
assertEquals(1, kcSession.sessions().getUserSessionsStream(realm, user2).count()); assertEquals(1, kcSession.sessions().getUserSessionsStream(realm, user2).count());
}); });
@ -817,6 +869,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
UserSessionModel[] sessions = new UserSessionModel[3]; UserSessionModel[] sessions = new UserSessionModel[3];
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> { KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test"); RealmModel realm = kcSession.realms().getRealmByName("test");
kcSession.getContext().setRealm(realm);
sessions[0] = kcSession.sessions().createUserSession(null, realm, kcSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT); sessions[0] = kcSession.sessions().createUserSession(null, realm, kcSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);

View file

@ -386,7 +386,7 @@ public abstract class AbstractWellKnownProviderTest extends AbstractKeycloakTest
protected void assertScopesSupportedMatchesWithRealm(OIDCConfigurationRepresentation oidcConfig) { protected void assertScopesSupportedMatchesWithRealm(OIDCConfigurationRepresentation oidcConfig) {
Assert.assertNames(oidcConfig.getScopesSupported(), OAuth2Constants.SCOPE_OPENID, OAuth2Constants.OFFLINE_ACCESS, Assert.assertNames(oidcConfig.getScopesSupported(), OAuth2Constants.SCOPE_OPENID, OAuth2Constants.OFFLINE_ACCESS,
OAuth2Constants.SCOPE_PROFILE, OAuth2Constants.SCOPE_EMAIL, OAuth2Constants.SCOPE_PHONE, OAuth2Constants.SCOPE_ADDRESS, OIDCLoginProtocolFactory.ACR_SCOPE, OIDCLoginProtocolFactory.BASIC_SCOPE, OAuth2Constants.SCOPE_PROFILE, OAuth2Constants.SCOPE_EMAIL, OAuth2Constants.SCOPE_PHONE, OAuth2Constants.SCOPE_ADDRESS, OIDCLoginProtocolFactory.ACR_SCOPE, OIDCLoginProtocolFactory.BASIC_SCOPE,
OIDCLoginProtocolFactory.ROLES_SCOPE, OIDCLoginProtocolFactory.WEB_ORIGINS_SCOPE, OIDCLoginProtocolFactory.MICROPROFILE_JWT_SCOPE); OIDCLoginProtocolFactory.ROLES_SCOPE, OIDCLoginProtocolFactory.WEB_ORIGINS_SCOPE, OIDCLoginProtocolFactory.MICROPROFILE_JWT_SCOPE, OAuth2Constants.ORGANIZATION);
} }
protected OIDCConfigurationRepresentation getOIDCDiscoveryRepresentation(Client client, String uriTemplate) { protected OIDCConfigurationRepresentation getOIDCDiscoveryRepresentation(Client client, String uriTemplate) {

View file

@ -32,20 +32,17 @@ import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.resource.OrganizationResource; import org.keycloak.admin.client.resource.OrganizationResource;
import org.keycloak.broker.provider.util.SimpleHttp.Response; import org.keycloak.broker.provider.util.SimpleHttp.Response;
import org.keycloak.common.Profile.Feature;
import org.keycloak.representations.account.LinkedAccountRepresentation; import org.keycloak.representations.account.LinkedAccountRepresentation;
import org.keycloak.representations.account.OrganizationRepresentation; import org.keycloak.representations.account.OrganizationRepresentation;
import org.keycloak.representations.idm.ErrorRepresentation; import org.keycloak.representations.idm.ErrorRepresentation;
import org.keycloak.representations.idm.OrganizationDomainRepresentation; import org.keycloak.representations.idm.OrganizationDomainRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault; import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest; import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest;
import org.keycloak.testsuite.util.TokenUtil; import org.keycloak.testsuite.util.TokenUtil;
import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserBuilder;
@EnableFeature(Feature.ORGANIZATION)
public class OrganizationAccountTest extends AbstractOrganizationTest { public class OrganizationAccountTest extends AbstractOrganizationTest {
@Rule @Rule

View file

@ -29,7 +29,6 @@ import java.util.Set;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.resource.UserResource; import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.common.Profile.Feature;
import org.keycloak.models.GroupModel; import org.keycloak.models.GroupModel;
import org.keycloak.models.ModelValidationException; import org.keycloak.models.ModelValidationException;
import org.keycloak.models.OrganizationModel; import org.keycloak.models.OrganizationModel;
@ -41,10 +40,8 @@ import org.keycloak.organization.jpa.OrganizationAdapter;
import org.keycloak.representations.idm.GroupRepresentation; import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.OrganizationRepresentation; import org.keycloak.representations.idm.OrganizationRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.runonserver.RunOnServer; import org.keycloak.testsuite.runonserver.RunOnServer;
@EnableFeature(Feature.ORGANIZATION)
public class OrganizationGroupTest extends AbstractOrganizationTest { public class OrganizationGroupTest extends AbstractOrganizationTest {
@Test @Test

View file

@ -39,7 +39,6 @@ import org.jboss.arquillian.graphene.page.Page;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.resource.OrganizationResource; import org.keycloak.admin.client.resource.OrganizationResource;
import org.keycloak.common.Profile.Feature;
import org.keycloak.common.util.UriUtils; import org.keycloak.common.util.UriUtils;
import org.keycloak.cookie.CookieType; import org.keycloak.cookie.CookieType;
import org.keycloak.representations.idm.ErrorRepresentation; import org.keycloak.representations.idm.ErrorRepresentation;
@ -50,7 +49,6 @@ import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.pages.InfoPage; import org.keycloak.testsuite.pages.InfoPage;
import org.keycloak.testsuite.pages.RegisterPage; import org.keycloak.testsuite.pages.RegisterPage;
import org.keycloak.testsuite.util.GreenMailRule; import org.keycloak.testsuite.util.GreenMailRule;
@ -58,7 +56,6 @@ import org.keycloak.testsuite.util.MailUtils;
import org.keycloak.testsuite.util.MailUtils.EmailBody; import org.keycloak.testsuite.util.MailUtils.EmailBody;
import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserBuilder;
@EnableFeature(Feature.ORGANIZATION)
public class OrganizationInvitationLinkTest extends AbstractOrganizationTest { public class OrganizationInvitationLinkTest extends AbstractOrganizationTest {
@Rule @Rule

View file

@ -51,7 +51,6 @@ import org.junit.Test;
import org.keycloak.admin.client.resource.OrganizationResource; import org.keycloak.admin.client.resource.OrganizationResource;
import org.keycloak.admin.client.resource.OrganizationsResource; import org.keycloak.admin.client.resource.OrganizationsResource;
import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.Profile.Feature;
import org.keycloak.models.OrganizationModel; import org.keycloak.models.OrganizationModel;
import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.organization.OrganizationProvider; import org.keycloak.organization.OrganizationProvider;
@ -61,12 +60,10 @@ import org.keycloak.representations.idm.OrganizationDomainRepresentation;
import org.keycloak.representations.idm.OrganizationRepresentation; import org.keycloak.representations.idm.OrganizationRepresentation;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.runonserver.RunOnServer; import org.keycloak.testsuite.runonserver.RunOnServer;
import org.keycloak.testsuite.updaters.RealmAttributeUpdater; import org.keycloak.testsuite.updaters.RealmAttributeUpdater;
import org.keycloak.testsuite.util.RealmBuilder; import org.keycloak.testsuite.util.RealmBuilder;
@EnableFeature(Feature.ORGANIZATION)
public class OrganizationTest extends AbstractOrganizationTest { public class OrganizationTest extends AbstractOrganizationTest {
@Test @Test

View file

@ -33,7 +33,6 @@ import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.resource.OrganizationResource; import org.keycloak.admin.client.resource.OrganizationResource;
import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.Profile.Feature;
import org.keycloak.models.OrganizationModel.IdentityProviderRedirectMode; import org.keycloak.models.OrganizationModel.IdentityProviderRedirectMode;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.IdentityProviderRepresentation; import org.keycloak.representations.idm.IdentityProviderRepresentation;
@ -41,13 +40,11 @@ import org.keycloak.representations.idm.OrganizationRepresentation;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginPage; import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginUpdateProfilePage; import org.keycloak.testsuite.pages.LoginUpdateProfilePage;
import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserBuilder;
@EnableFeature(Feature.ORGANIZATION)
public class OrganizationThemeTest extends AbstractOrganizationTest { public class OrganizationThemeTest extends AbstractOrganizationTest {
@Page @Page

View file

@ -25,14 +25,11 @@ import java.io.IOException;
import org.hamcrest.Matchers; import org.hamcrest.Matchers;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.resource.OrganizationResource; import org.keycloak.admin.client.resource.OrganizationResource;
import org.keycloak.common.Profile.Feature;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest; import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest;
import org.keycloak.testsuite.updaters.RealmAttributeUpdater; import org.keycloak.testsuite.updaters.RealmAttributeUpdater;
@EnableFeature(Feature.ORGANIZATION)
public class OrganizationAuthenticationTest extends AbstractOrganizationTest { public class OrganizationAuthenticationTest extends AbstractOrganizationTest {
@Test @Test

View file

@ -1,30 +0,0 @@
/*
* Copyright 2024 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.organization.authentication;
import org.keycloak.common.Profile.Feature;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.forms.BruteForceTest;
/**
* Remove this test class once the {@link Feature#ORGANIZATION} is supported
*/
@EnableFeature(Feature.ORGANIZATION)
public class OrganizationBruteForceTest extends BruteForceTest {
}

View file

@ -28,7 +28,6 @@ import org.hamcrest.Matchers;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.Profile.Feature;
import org.keycloak.models.AdminRoles; import org.keycloak.models.AdminRoles;
import org.keycloak.models.Constants; import org.keycloak.models.Constants;
import org.keycloak.representations.idm.IdentityProviderRepresentation; import org.keycloak.representations.idm.IdentityProviderRepresentation;
@ -36,12 +35,10 @@ import org.keycloak.representations.idm.OrganizationRepresentation;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest; import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest;
import org.keycloak.testsuite.util.AdminClientUtil; import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserBuilder;
@EnableFeature(Feature.ORGANIZATION)
public class OrganizationAdminPermissionsTest extends AbstractOrganizationTest { public class OrganizationAdminPermissionsTest extends AbstractOrganizationTest {
@Override @Override

View file

@ -35,17 +35,14 @@ import org.junit.Test;
import org.keycloak.admin.client.resource.IdentityProviderResource; import org.keycloak.admin.client.resource.IdentityProviderResource;
import org.keycloak.admin.client.resource.OrganizationIdentityProviderResource; import org.keycloak.admin.client.resource.OrganizationIdentityProviderResource;
import org.keycloak.admin.client.resource.OrganizationResource; import org.keycloak.admin.client.resource.OrganizationResource;
import org.keycloak.common.Profile.Feature;
import org.keycloak.models.IdentityProviderModel; import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.OrganizationModel; import org.keycloak.models.OrganizationModel;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.organization.OrganizationProvider; import org.keycloak.organization.OrganizationProvider;
import org.keycloak.representations.idm.IdentityProviderRepresentation; import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.OrganizationRepresentation; import org.keycloak.representations.idm.OrganizationRepresentation;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest; import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest;
@EnableFeature(Feature.ORGANIZATION)
public class OrganizationIdentityProviderTest extends AbstractOrganizationTest { public class OrganizationIdentityProviderTest extends AbstractOrganizationTest {
@Test @Test

View file

@ -19,15 +19,12 @@ package org.keycloak.testsuite.organization.broker;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.resource.OrganizationResource; import org.keycloak.admin.client.resource.OrganizationResource;
import org.keycloak.common.Profile.Feature;
import org.keycloak.representations.idm.IdentityProviderRepresentation; import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import java.util.List; import java.util.List;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
@EnableFeature(Feature.ORGANIZATION)
public class OrganizationOIDCBrokerSelfRegistrationTest extends AbstractBrokerSelfRegistrationTest { public class OrganizationOIDCBrokerSelfRegistrationTest extends AbstractBrokerSelfRegistrationTest {
@Test @Test

View file

@ -18,14 +18,11 @@
package org.keycloak.testsuite.organization.broker; package org.keycloak.testsuite.organization.broker;
import org.keycloak.broker.saml.SAMLIdentityProviderConfig; import org.keycloak.broker.saml.SAMLIdentityProviderConfig;
import org.keycloak.common.Profile.Feature;
import org.keycloak.models.IdentityProviderSyncMode; import org.keycloak.models.IdentityProviderSyncMode;
import org.keycloak.representations.idm.IdentityProviderRepresentation; import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.broker.BrokerConfiguration; import org.keycloak.testsuite.broker.BrokerConfiguration;
import org.keycloak.testsuite.broker.KcSamlBrokerConfiguration; import org.keycloak.testsuite.broker.KcSamlBrokerConfiguration;
@EnableFeature(Feature.ORGANIZATION)
public class OrganizationSAMLBrokerSelfRegistrationTest extends AbstractBrokerSelfRegistrationTest { public class OrganizationSAMLBrokerSelfRegistrationTest extends AbstractBrokerSelfRegistrationTest {
@Override @Override

View file

@ -31,7 +31,6 @@ import java.util.stream.Stream;
import org.junit.After; import org.junit.After;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.keycloak.common.Profile.Feature;
import org.keycloak.models.IdentityProviderStorageProvider; import org.keycloak.models.IdentityProviderStorageProvider;
import org.keycloak.models.IdentityProviderStorageProvider.FetchMode; import org.keycloak.models.IdentityProviderStorageProvider.FetchMode;
import org.keycloak.models.OrganizationDomainModel; import org.keycloak.models.OrganizationDomainModel;
@ -47,11 +46,9 @@ import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.OrganizationDomainRepresentation; import org.keycloak.representations.idm.OrganizationDomainRepresentation;
import org.keycloak.representations.idm.OrganizationRepresentation; import org.keycloak.representations.idm.OrganizationRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest; import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest;
import org.keycloak.testsuite.runonserver.RunOnServer; import org.keycloak.testsuite.runonserver.RunOnServer;
@EnableFeature(Feature.ORGANIZATION)
public class OrganizationCacheTest extends AbstractOrganizationTest { public class OrganizationCacheTest extends AbstractOrganizationTest {
@Before @Before

View file

@ -1,33 +0,0 @@
/*
* Copyright 2024 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.organization.exportimport;
import org.keycloak.common.Profile;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.exportimport.ExportImportTest;
/**
* Tests the export/import functionality with the organization feature enabled.
*
* NOTE: When export/import of organizations is implemented and the organization feature is supported, we should either enhance
* this class or the existing ExportImportTest to check org-specific settings.
*
* @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
*/
@EnableFeature(Profile.Feature.ORGANIZATION)
public class OrganizationEnabledExportImportTest extends ExportImportTest {
}

View file

@ -37,7 +37,6 @@ import org.keycloak.admin.client.resource.AuthenticationManagementResource;
import org.keycloak.admin.client.resource.OrganizationResource; import org.keycloak.admin.client.resource.OrganizationResource;
import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UsersResource; import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.common.Profile.Feature;
import org.keycloak.exportimport.ExportImportConfig; import org.keycloak.exportimport.ExportImportConfig;
import org.keycloak.exportimport.singlefile.SingleFileExportProviderFactory; import org.keycloak.exportimport.singlefile.SingleFileExportProviderFactory;
import org.keycloak.exportimport.singlefile.SingleFileImportProviderFactory; import org.keycloak.exportimport.singlefile.SingleFileImportProviderFactory;
@ -49,13 +48,11 @@ import org.keycloak.representations.idm.OrganizationRepresentation;
import org.keycloak.representations.idm.PartialImportRepresentation; import org.keycloak.representations.idm.PartialImportRepresentation;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.client.resources.TestingExportImportResource; import org.keycloak.testsuite.client.resources.TestingExportImportResource;
import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest; import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest;
import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserBuilder;
@EnableFeature(Feature.ORGANIZATION)
public class OrganizationExportTest extends AbstractOrganizationTest { public class OrganizationExportTest extends AbstractOrganizationTest {
@Test @Test

View file

@ -44,7 +44,6 @@ import org.keycloak.TokenVerifier;
import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ClientScopeResource; import org.keycloak.admin.client.resource.ClientScopeResource;
import org.keycloak.admin.client.resource.OrganizationResource; import org.keycloak.admin.client.resource.OrganizationResource;
import org.keycloak.common.Profile.Feature;
import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.UriUtils; import org.keycloak.common.util.UriUtils;
import org.keycloak.models.OrganizationModel; import org.keycloak.models.OrganizationModel;
@ -62,13 +61,11 @@ import org.keycloak.representations.idm.MemberRepresentation;
import org.keycloak.representations.idm.OrganizationRepresentation; import org.keycloak.representations.idm.OrganizationRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation; import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.broker.KcOidcBrokerConfiguration; import org.keycloak.testsuite.broker.KcOidcBrokerConfiguration;
import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest; import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest;
import org.keycloak.testsuite.util.OAuthClient; import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse; import org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse;
@EnableFeature(Feature.ORGANIZATION)
public class OrganizationOIDCProtocolMapperTest extends AbstractOrganizationTest { public class OrganizationOIDCProtocolMapperTest extends AbstractOrganizationTest {
@Before @Before

View file

@ -29,7 +29,6 @@ import jakarta.ws.rs.core.UriBuilder;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.resource.OrganizationResource; import org.keycloak.admin.client.resource.OrganizationResource;
import org.keycloak.common.Profile.Feature;
import org.keycloak.dom.saml.v2.assertion.AttributeStatementType; import org.keycloak.dom.saml.v2.assertion.AttributeStatementType;
import org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType; import org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
import org.keycloak.dom.saml.v2.assertion.AttributeType; import org.keycloak.dom.saml.v2.assertion.AttributeType;
@ -40,7 +39,6 @@ import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants; import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder; import org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder;
import org.keycloak.services.resources.RealmsResource; import org.keycloak.services.resources.RealmsResource;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest; import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest;
import org.keycloak.testsuite.saml.RoleMapperTest; import org.keycloak.testsuite.saml.RoleMapperTest;
import org.keycloak.testsuite.util.ClientBuilder; import org.keycloak.testsuite.util.ClientBuilder;
@ -48,7 +46,6 @@ import org.keycloak.testsuite.util.Matchers;
import org.keycloak.testsuite.util.SamlClient; import org.keycloak.testsuite.util.SamlClient;
import org.keycloak.testsuite.util.SamlClientBuilder; import org.keycloak.testsuite.util.SamlClientBuilder;
@EnableFeature(Feature.ORGANIZATION)
public class OrganizationSAMLProtocolMapperTest extends AbstractOrganizationTest { public class OrganizationSAMLProtocolMapperTest extends AbstractOrganizationTest {
@Test @Test

View file

@ -46,7 +46,6 @@ import org.junit.Test;
import org.keycloak.admin.client.resource.OrganizationMemberResource; import org.keycloak.admin.client.resource.OrganizationMemberResource;
import org.keycloak.admin.client.resource.OrganizationResource; import org.keycloak.admin.client.resource.OrganizationResource;
import org.keycloak.admin.client.resource.UserResource; import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.common.Profile.Feature;
import org.keycloak.models.OrganizationModel; import org.keycloak.models.OrganizationModel;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
@ -60,13 +59,11 @@ import org.keycloak.representations.userprofile.config.UPConfig;
import org.keycloak.representations.userprofile.config.UPConfig.UnmanagedAttributePolicy; import org.keycloak.representations.userprofile.config.UPConfig.UnmanagedAttributePolicy;
import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest; import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest;
import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.updaters.RealmAttributeUpdater; import org.keycloak.testsuite.updaters.RealmAttributeUpdater;
import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserBuilder;
@EnableFeature(Feature.ORGANIZATION)
public class OrganizationMemberTest extends AbstractOrganizationTest { public class OrganizationMemberTest extends AbstractOrganizationTest {
@Test @Test

View file

@ -50,6 +50,7 @@ import org.keycloak.timer.TimerProviderFactory;
import java.util.Set; import java.util.Set;
import java.util.concurrent.atomic.AtomicInteger; import java.util.concurrent.atomic.AtomicInteger;
import org.keycloak.models.cache.infinispan.organization.InfinispanOrganizationProviderFactory;
/** /**
* *
@ -87,6 +88,7 @@ public class Infinispan extends KeycloakModelParameters {
.add(TimerProviderFactory.class) .add(TimerProviderFactory.class)
.add(InfinispanPublicKeyStorageProviderFactory.class) .add(InfinispanPublicKeyStorageProviderFactory.class)
.add(InfinispanCachePublicKeyProviderFactory.class) .add(InfinispanCachePublicKeyProviderFactory.class)
.add(InfinispanOrganizationProviderFactory.class)
.build(); .build();
@Override @Override

View file

@ -45,6 +45,8 @@ import org.keycloak.models.jpa.session.JpaRevokedTokensPersisterProviderFactory;
import org.keycloak.models.jpa.session.JpaUserSessionPersisterProviderFactory; import org.keycloak.models.jpa.session.JpaUserSessionPersisterProviderFactory;
import org.keycloak.models.session.RevokedTokenPersisterSpi; import org.keycloak.models.session.RevokedTokenPersisterSpi;
import org.keycloak.models.session.UserSessionPersisterSpi; import org.keycloak.models.session.UserSessionPersisterSpi;
import org.keycloak.organization.OrganizationSpi;
import org.keycloak.organization.jpa.JpaOrganizationProviderFactory;
import org.keycloak.protocol.LoginProtocolFactory; import org.keycloak.protocol.LoginProtocolFactory;
import org.keycloak.protocol.LoginProtocolSpi; import org.keycloak.protocol.LoginProtocolSpi;
import org.keycloak.provider.ProviderFactory; import org.keycloak.provider.ProviderFactory;
@ -80,6 +82,8 @@ public class Jpa extends KeycloakModelParameters {
.add(IdentityProviderStorageSpi.class) .add(IdentityProviderStorageSpi.class)
.add(IdentityProviderSpi.class) .add(IdentityProviderSpi.class)
.add(OrganizationSpi.class)
.build(); .build();
static final Set<Class<? extends ProviderFactory>> ALLOWED_FACTORIES = ImmutableSet.<Class<? extends ProviderFactory>>builder() static final Set<Class<? extends ProviderFactory>> ALLOWED_FACTORIES = ImmutableSet.<Class<? extends ProviderFactory>>builder()
@ -109,6 +113,8 @@ public class Jpa extends KeycloakModelParameters {
//required for FederatedIdentityModel //required for FederatedIdentityModel
.add(IdentityProviderFactory.class) .add(IdentityProviderFactory.class)
.add(JpaOrganizationProviderFactory.class)
.build(); .build();
public Jpa() { public Jpa() {

View file

@ -176,6 +176,7 @@ public class SessionTimeoutsTest extends KeycloakModelTest {
try { try {
final String[] sessions = inComittedTransaction(session -> { final String[] sessions = inComittedTransaction(session -> {
RealmModel realm = session.realms().getRealm(realmId); RealmModel realm = session.realms().getRealm(realmId);
session.getContext().setRealm(realm);
UserModel user = session.users().getUserByUsername(realm, "user1"); UserModel user = session.users().getUserByUsername(realm, "user1");
UserSessionModel userSession = createUserSession(session, realm, user, offline); UserSessionModel userSession = createUserSession(session, realm, user, offline);

View file

@ -86,6 +86,7 @@ public class UserSessionConcurrencyTest extends KeycloakModelTest {
IntStream.range(0, 20 * CLIENTS_COUNT).parallel() IntStream.range(0, 20 * CLIENTS_COUNT).parallel()
.forEach(i -> inComittedTransaction(i, (session, n) -> { try { .forEach(i -> inComittedTransaction(i, (session, n) -> { try {
RealmModel realm = session.realms().getRealm(realmId); RealmModel realm = session.realms().getRealm(realmId);
session.getContext().setRealm(realm);
ClientModel client = realm.getClientByClientId("client" + (n % CLIENTS_COUNT)); ClientModel client = realm.getClientByClientId("client" + (n % CLIENTS_COUNT));
UserSessionModel uSession = session.sessions().getUserSession(realm, uId); UserSessionModel uSession = session.sessions().getUserSession(realm, uId);

View file

@ -108,6 +108,7 @@ public class UserSessionInitializerTest extends KeycloakModelTest {
inComittedTransaction(session -> { inComittedTransaction(session -> {
RealmModel realm = session.realms().getRealm(realmId); RealmModel realm = session.realms().getRealm(realmId);
session.getContext().setRealm(realm);
// Assert sessions are in // Assert sessions are in
ClientModel testApp = realm.getClientByClientId("test-app"); ClientModel testApp = realm.getClientByClientId("test-app");
@ -140,6 +141,7 @@ public class UserSessionInitializerTest extends KeycloakModelTest {
inComittedTransaction(session -> { inComittedTransaction(session -> {
RealmModel realm = session.realms().getRealm(realmId); RealmModel realm = session.realms().getRealm(realmId);
session.getContext().setRealm(realm);
// Assert sessions are in // Assert sessions are in
ClientModel thirdparty = realm.getClientByClientId("third-party"); ClientModel thirdparty = realm.getClientByClientId("third-party");

View file

@ -146,6 +146,7 @@ public class UserSessionPersisterProviderTest extends KeycloakModelTest {
inComittedTransaction(session -> { inComittedTransaction(session -> {
// Persist 3 created userSessions and clientSessions as offline // Persist 3 created userSessions and clientSessions as offline
RealmModel realm = session.realms().getRealm(realmId); RealmModel realm = session.realms().getRealm(realmId);
session.getContext().setRealm(realm);
ClientModel testApp = realm.getClientByClientId("test-app"); ClientModel testApp = realm.getClientByClientId("test-app");
session.sessions().getUserSessionsStream(realm, testApp).collect(Collectors.toList()) session.sessions().getUserSessionsStream(realm, testApp).collect(Collectors.toList())
.forEach(userSessionLooper -> persistUserSession(session, userSessionLooper, true)); .forEach(userSessionLooper -> persistUserSession(session, userSessionLooper, true));
@ -196,6 +197,7 @@ public class UserSessionPersisterProviderTest extends KeycloakModelTest {
inComittedTransaction(session -> { inComittedTransaction(session -> {
RealmModel realm = session.realms().getRealm(realmId); RealmModel realm = session.realms().getRealm(realmId);
session.getContext().setRealm(realm);
UserSessionModel[] origSessions = origSessionsAt.get(); UserSessionModel[] origSessions = origSessionsAt.get();
// Persist 1 offline session // Persist 1 offline session
@ -449,6 +451,7 @@ public class UserSessionPersisterProviderTest extends KeycloakModelTest {
public void testMoreSessions() { public void testMoreSessions() {
inComittedTransaction(session -> { inComittedTransaction(session -> {
RealmModel realm = session.realms().getRealm(realmId); RealmModel realm = session.realms().getRealm(realmId);
session.getContext().setRealm(realm);
// Create 10 userSessions - each having 1 clientSession // Create 10 userSessions - each having 1 clientSession
List<String> userSessionsInner = new LinkedList<>(); List<String> userSessionsInner = new LinkedList<>();
@ -505,6 +508,7 @@ public class UserSessionPersisterProviderTest extends KeycloakModelTest {
inComittedTransaction(session -> { inComittedTransaction(session -> {
// Persist 2 offline sessions of 2 users // Persist 2 offline sessions of 2 users
RealmModel realm = session.realms().getRealm(realmId); RealmModel realm = session.realms().getRealm(realmId);
session.getContext().setRealm(realm);
userSession1[0] = session.sessions().getUserSession(realm, origSessions[1].getId()); userSession1[0] = session.sessions().getUserSession(realm, origSessions[1].getId());
userSession2[0] = session.sessions().getUserSession(realm, origSessions[2].getId()); userSession2[0] = session.sessions().getUserSession(realm, origSessions[2].getId());
persistUserSession(session, userSession1[0], true); persistUserSession(session, userSession1[0], true);
@ -551,6 +555,7 @@ public class UserSessionPersisterProviderTest extends KeycloakModelTest {
UserSessionModel origSession = inComittedTransaction(session -> { UserSessionModel origSession = inComittedTransaction(session -> {
// Create session in infinispan // Create session in infinispan
RealmModel realm = session.realms().getRealm(realmId); RealmModel realm = session.realms().getRealm(realmId);
session.getContext().setRealm(realm);
UserSessionModel userSession = session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT); UserSessionModel userSession = session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
createClientSession(session, realmId, realm.getClientByClientId("test-app"), userSession, "http://redirect", "state"); createClientSession(session, realmId, realm.getClientByClientId("test-app"), userSession, "http://redirect", "state");
@ -567,6 +572,7 @@ public class UserSessionPersisterProviderTest extends KeycloakModelTest {
inComittedTransaction(session -> { inComittedTransaction(session -> {
// Assert offline session // Assert offline session
RealmModel realm = session.realms().getRealm(realmId); RealmModel realm = session.realms().getRealm(realmId);
session.getContext().setRealm(realm);
List<UserSessionModel> loadedSessions = loadPersistedSessionsPaginated(session, true, 1, 1, 1); List<UserSessionModel> loadedSessions = loadPersistedSessionsPaginated(session, true, 1, 1, 1);
assertSessions(loadedSessions, new String[]{origSession.getId()}); assertSessions(loadedSessions, new String[]{origSession.getId()});
@ -618,6 +624,7 @@ public class UserSessionPersisterProviderTest extends KeycloakModelTest {
} }
private void setupClientStorageComponents(KeycloakSession s, RealmModel realm) { private void setupClientStorageComponents(KeycloakSession s, RealmModel realm) {
s.getContext().setRealm(realm);
getParameters(ClientStorageProviderModel.class).forEach(cm -> { getParameters(ClientStorageProviderModel.class).forEach(cm -> {
cm.put(HardcodedClientStorageProviderFactory.CLIENT_ID, "external-storage-client"); cm.put(HardcodedClientStorageProviderFactory.CLIENT_ID, "external-storage-client");
cm.put(HardcodedClientStorageProviderFactory.DELAYED_SEARCH, Boolean.toString(false)); cm.put(HardcodedClientStorageProviderFactory.DELAYED_SEARCH, Boolean.toString(false));
@ -632,6 +639,7 @@ public class UserSessionPersisterProviderTest extends KeycloakModelTest {
} }
private void cleanClientStorageComponents(KeycloakSession s, RealmModel realm) { private void cleanClientStorageComponents(KeycloakSession s, RealmModel realm) {
s.getContext().setRealm(realm);
s.roles().removeRoles(realm); s.roles().removeRoles(realm);
s.clientScopes().removeClientScopes(realm); s.clientScopes().removeClientScopes(realm);
@ -648,6 +656,7 @@ public class UserSessionPersisterProviderTest extends KeycloakModelTest {
protected static UserSessionModel[] createSessions(KeycloakSession session, String realmId) { protected static UserSessionModel[] createSessions(KeycloakSession session, String realmId) {
RealmModel realm = session.realms().getRealm(realmId); RealmModel realm = session.realms().getRealm(realmId);
session.getContext().setRealm(realm);
UserSessionModel[] sessions = new UserSessionModel[3]; UserSessionModel[] sessions = new UserSessionModel[3];
sessions[0] = session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT); sessions[0] = session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);

View file

@ -148,6 +148,7 @@ public class UserSessionProviderModelTest extends KeycloakModelTest {
inComittedTransaction(session -> { inComittedTransaction(session -> {
RealmModel realm = session.realms().getRealm(realmId); RealmModel realm = session.realms().getRealm(realmId);
session.getContext().setRealm(realm);
UserSessionModel userSession = session.sessions().getUserSession(realm, origSessions[0].getId()); UserSessionModel userSession = session.sessions().getUserSession(realm, origSessions[0].getId());
Assert.assertEquals(origSessions[0], userSession); Assert.assertEquals(origSessions[0], userSession);
@ -194,6 +195,7 @@ public class UserSessionProviderModelTest extends KeycloakModelTest {
public void testTransientUserSessionIsNotPersisted() { public void testTransientUserSessionIsNotPersisted() {
String id = inComittedTransaction(session -> { String id = inComittedTransaction(session -> {
RealmModel realm = session.realms().getRealm(realmId); RealmModel realm = session.realms().getRealm(realmId);
session.getContext().setRealm(realm);
UserSessionModel userSession = session.sessions().createUserSession(KeycloakModelUtils.generateId(), realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", false, null, null, UserSessionModel.SessionPersistenceState.TRANSIENT); UserSessionModel userSession = session.sessions().createUserSession(KeycloakModelUtils.generateId(), realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", false, null, null, UserSessionModel.SessionPersistenceState.TRANSIENT);
ClientModel testApp = realm.getClientByClientId("test-app"); ClientModel testApp = realm.getClientByClientId("test-app");
@ -217,6 +219,7 @@ public class UserSessionProviderModelTest extends KeycloakModelTest {
public void testClientSessionIsNotPersistedForTransientUserSession() { public void testClientSessionIsNotPersistedForTransientUserSession() {
Object[] transientUserSessionWithClientSessionId = inComittedTransaction(session -> { Object[] transientUserSessionWithClientSessionId = inComittedTransaction(session -> {
RealmModel realm = session.realms().getRealm(realmId); RealmModel realm = session.realms().getRealm(realmId);
session.getContext().setRealm(realm);
UserSessionModel userSession = session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", false, null, null, UserSessionModel.SessionPersistenceState.TRANSIENT); UserSessionModel userSession = session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", false, null, null, UserSessionModel.SessionPersistenceState.TRANSIENT);
ClientModel testApp = realm.getClientByClientId("test-app"); ClientModel testApp = realm.getClientByClientId("test-app");
AuthenticatedClientSessionModel clientSession = session.sessions().createClientSession(realm, testApp, userSession); AuthenticatedClientSessionModel clientSession = session.sessions().createClientSession(realm, testApp, userSession);

View file

@ -146,6 +146,7 @@ public class UserSessionProviderOfflineModelTest extends KeycloakModelTest {
inComittedTransaction(session -> { inComittedTransaction(session -> {
RealmModel realm = session.realms().getRealm(realmId); RealmModel realm = session.realms().getRealm(realmId);
session.getContext().setRealm(realm);
sessionManager = new UserSessionManager(session); sessionManager = new UserSessionManager(session);
persister = session.getProvider(UserSessionPersisterProvider.class); persister = session.getProvider(UserSessionPersisterProvider.class);
@ -275,6 +276,7 @@ public class UserSessionProviderOfflineModelTest extends KeycloakModelTest {
inComittedTransaction(session -> { inComittedTransaction(session -> {
RealmModel realm = session.realms().getRealm(realmId); RealmModel realm = session.realms().getRealm(realmId);
session.getContext().setRealm(realm);
sessionManager = new UserSessionManager(session); sessionManager = new UserSessionManager(session);
persister = session.getProvider(UserSessionPersisterProvider.class); persister = session.getProvider(UserSessionPersisterProvider.class);