KEYCLOAK-4505 Add tests of clientSession for script based authenticator

This commit is contained in:
mhajas 2017-04-20 17:07:14 +02:00
parent 585653b88e
commit 4f66919474
2 changed files with 91 additions and 12 deletions

View file

@ -16,9 +16,14 @@
*/
package org.keycloak.testsuite.forms;
import com.google.common.collect.ImmutableMap;
import org.apache.commons.io.IOUtils;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.*;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.authentication.authenticators.browser.ScriptBasedAuthenticatorFactory;
import org.keycloak.authentication.authenticators.browser.UsernamePasswordFormFactory;
import org.keycloak.events.Details;
@ -40,6 +45,7 @@ import org.keycloak.testsuite.util.UserBuilder;
import javax.ws.rs.core.Response;
import java.io.IOException;
import java.util.Map;
/**
* Tests for {@link org.keycloak.authentication.authenticators.browser.ScriptBasedAuthenticator}
@ -56,8 +62,12 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
private AuthenticationFlowRepresentation flow;
public static final String EXECUTION_ID = "scriptAuth";
@BeforeClass
public static void enabled() { ProfileAssume.assumePreview(); }
public static void enabled() {
ProfileAssume.assumePreview();
}
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
@ -99,8 +109,6 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
.builtIn(false)
.build();
String scriptAuth = "scriptAuth";
Response createFlowResponse = testRealm().flows().createFlow(scriptBrowserFlow);
Assert.assertEquals(201, createFlowResponse.getStatus());
@ -119,7 +127,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
.build();
AuthenticationExecutionRepresentation authScriptExecution = ExecutionBuilder.create()
.id(scriptAuth)
.id(EXECUTION_ID)
.parentFlow(this.flow.getId())
.requirement(AuthenticationExecutionModel.Requirement.REQUIRED.name())
.authenticator(ScriptBasedAuthenticatorFactory.PROVIDER_ID)
@ -127,12 +135,11 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
Response addExecutionResponse = testRealm().flows().addExecution(usernamePasswordFormExecution);
Assert.assertEquals(201, addExecutionResponse.getStatus());
addExecutionResponse.close();
addExecutionResponse = testRealm().flows().addExecution(authScriptExecution);
Assert.assertEquals(201, addExecutionResponse.getStatus());
Response newExecutionConfigResponse = testRealm().flows().newExecutionConfig(scriptAuth, createScriptAuthConfig(scriptAuth, "authenticator-example.js", "/scripts/authenticator-example.js", "simple script based authenticator"));
Assert.assertEquals(201, newExecutionConfigResponse.getStatus());
addExecutionResponse.close();
testContext.setInitialized(true);
}
@ -142,6 +149,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
*/
@Test
public void loginShouldWorkWithScriptAuthenticator() {
addConfigFromFile("/scripts/authenticator-example.js");
loginPage.open();
@ -155,6 +163,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
*/
@Test
public void loginShouldFailWithScriptAuthenticator() {
addConfigFromFile("/scripts/authenticator-example.js");
loginPage.open();
@ -163,12 +172,61 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
events.expect(EventType.LOGIN_ERROR).user((String) null).error(Errors.USER_NOT_FOUND).assertEvent();
}
private AuthenticatorConfigRepresentation createScriptAuthConfig(String alias, String scriptName, String scriptCodePath, String scriptDescription) throws IOException {
/**
* KEYCLOAK-4505
*/
@Test
public void scriptWithClientSession() {
addConfigFromFile("/scripts/client-session-test.js", ImmutableMap.of(
"realm", "test",
"clientId", "test-app",
"authMethod", "openid-connect"));
loginPage.open();
loginPage.login("user", "password");
events.expectLogin().user("user").detail(Details.USERNAME, "user").assertEvent();
}
private void addConfigFromFile(String filename) {
addConfigFromFile(filename, null);
}
private void addConfigFromFile(String filename, Map<String, String> parameters) {
String alias = filename.substring(filename.lastIndexOf("/") + 1);
String script = loadFile(filename, parameters);
Response newExecutionConfigResponse = testRealm().flows().
newExecutionConfig(EXECUTION_ID, createScriptAuthConfig(EXECUTION_ID, alias, script, "script based authenticator"));
newExecutionConfigResponse.close();
Assert.assertEquals(201, newExecutionConfigResponse.getStatus());
}
private String loadFile(String filename, Map<String, String> parameters) {
String script = null;
try {
script = IOUtils.toString(getClass().getResourceAsStream(filename));
} catch (IOException e) {
throw new RuntimeException(e);
}
if (parameters != null) {
for (Map.Entry<String, String> entry : parameters.entrySet()) {
script = script.replaceAll("\\$\\{" + entry.getKey() + "}", entry.getValue());
}
}
return script;
}
private AuthenticatorConfigRepresentation createScriptAuthConfig(String alias, String scriptName, String script, String scriptDescription) {
AuthenticatorConfigRepresentation configRep = new AuthenticatorConfigRepresentation();
configRep.setAlias(alias);
configRep.getConfig().put("scriptCode", IOUtils.toString(getClass().getResourceAsStream(scriptCodePath)));
configRep.getConfig().put("scriptCode", script);
configRep.getConfig().put("scriptName", scriptName);
configRep.getConfig().put("scriptDescription", scriptDescription);

View file

@ -0,0 +1,21 @@
AuthenticationFlowError = Java.type("org.keycloak.authentication.AuthenticationFlowError");
function authenticate(context) {
if (clientSession.getRealm().getName() != "${realm}") {
context.failure(AuthenticationFlowError.INVALID_CLIENT_SESSION);
return;
}
if (clientSession.getClient().getClientId() != "${clientId}") {
context.failure(AuthenticationFlowError.UNKNOWN_CLIENT);
return;
}
if (clientSession.getAuthMethod() != "${authMethod}") {
context.failure(AuthenticationFlowError.INVALID_CLIENT_SESSION);
return;
}
context.success();
}