Disable infinispan realm and user cache for map storage tests
Closes #11213
This commit is contained in:
vramik
Hynek Mlnařík
parent
09381faad7
commit
5248815091
29 changed files with 146 additions and 44 deletions
3
.github/workflows/ci.yml
vendored
3
.github/workflows/ci.yml
vendored
|
|
@ -143,7 +143,8 @@ jobs:
|
||||||
fetch-depth: 2
|
fetch-depth: 2
|
||||||
|
|
||||||
- name: Check whether HEAD^ contains HotRod storage relevant changes
|
- name: Check whether HEAD^ contains HotRod storage relevant changes
|
||||||
run: echo "GIT_HOTROD_RELEVANT_DIFF=$( git diff --name-only HEAD^ | egrep -ic -e '^model/hot-rod|^model/map|^model/build-processor|^testsuite/model' )" >> $GITHUB_ENV
|
run: echo "GIT_HOTROD_RELEVANT_DIFF=$( git diff --name-only HEAD^ | egrep -ic -e 'non-existent-folder' )" >> $GITHUB_ENV
|
||||||
|
# run: echo "GIT_HOTROD_RELEVANT_DIFF=$( git diff --name-only HEAD^ | egrep -ic -e '^model/hot-rod|^model/map|^model/build-processor|^testsuite/model' )" >> $GITHUB_ENV
|
||||||
|
|
||||||
- name: Cache Maven packages
|
- name: Cache Maven packages
|
||||||
if: ${{ github.event_name != 'pull_request' || matrix.server != 'undertow-map-hot-rod' || env.GIT_HOTROD_RELEVANT_DIFF != 0 }}
|
if: ${{ github.event_name != 'pull_request' || matrix.server != 'undertow-map-hot-rod' || env.GIT_HOTROD_RELEVANT_DIFF != 0 }}
|
||||||
|
|
|
||||||
|
|
@ -1797,6 +1797,9 @@ public class RealmAdapter implements RealmModel, JpaModel<RealmEntity> {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public RequiredActionProviderModel addRequiredActionProvider(RequiredActionProviderModel model) {
|
public RequiredActionProviderModel addRequiredActionProvider(RequiredActionProviderModel model) {
|
||||||
|
if (getRequiredActionProviderByAlias(model.getAlias()) != null) {
|
||||||
|
throw new ModelDuplicateException("A Required Action Provider with given alias already exists.");
|
||||||
|
}
|
||||||
RequiredActionProviderEntity auth = new RequiredActionProviderEntity();
|
RequiredActionProviderEntity auth = new RequiredActionProviderEntity();
|
||||||
String id = (model.getId() == null) ? KeycloakModelUtils.generateId(): model.getId();
|
String id = (model.getId() == null) ? KeycloakModelUtils.generateId(): model.getId();
|
||||||
auth.setId(id);
|
auth.setId(id);
|
||||||
|
|
|
||||||
|
|
@ -457,7 +457,8 @@ public abstract class MapClientAdapter extends AbstractClientModel<MapClientEnti
|
||||||
@Override
|
@Override
|
||||||
public boolean hasDirectScope(RoleModel role) {
|
public boolean hasDirectScope(RoleModel role) {
|
||||||
final String id = role == null ? null : role.getId();
|
final String id = role == null ? null : role.getId();
|
||||||
if (id != null && this.entity.getScopeMappings().contains(id)) {
|
final Collection<String> scopeMappings = this.entity.getScopeMappings();
|
||||||
|
if (id != null && scopeMappings != null && scopeMappings.contains(id)) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,7 @@ import org.keycloak.models.GroupModel;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.RoleModel;
|
import org.keycloak.models.RoleModel;
|
||||||
|
import org.keycloak.models.utils.RoleUtils;
|
||||||
|
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
@ -150,7 +151,7 @@ public class MapGroupAdapter extends AbstractGroupModel<MapGroupEntity> {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean hasRole(RoleModel role) {
|
public boolean hasRole(RoleModel role) {
|
||||||
return hasDirectRole(role);
|
return RoleUtils.hasRole(getRoleMappingsStream(), role);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
||||||
|
|
@ -483,6 +483,9 @@ public class MapRealmAdapter extends AbstractRealmModel<MapRealmEntity> implemen
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public int getActionTokenGeneratedByUserLifespan(String actionTokenType) {
|
public int getActionTokenGeneratedByUserLifespan(String actionTokenType) {
|
||||||
|
if (actionTokenType == null || getAttribute(ACTION_TOKEN_GENERATED_BY_USER_LIFESPAN + "." + actionTokenType) == null) {
|
||||||
|
return getActionTokenGeneratedByUserLifespan();
|
||||||
|
}
|
||||||
return getAttribute(ACTION_TOKEN_GENERATED_BY_USER_LIFESPAN + "." + actionTokenType, getAccessCodeLifespanUserAction());
|
return getAttribute(ACTION_TOKEN_GENERATED_BY_USER_LIFESPAN + "." + actionTokenType, getAccessCodeLifespanUserAction());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -521,6 +524,9 @@ public class MapRealmAdapter extends AbstractRealmModel<MapRealmEntity> implemen
|
||||||
if (model == null) {
|
if (model == null) {
|
||||||
throw new RuntimeException("Unknown credential type " + cred);
|
throw new RuntimeException("Unknown credential type " + cred);
|
||||||
}
|
}
|
||||||
|
if (getRequiredCredentialsStream().anyMatch(credential -> Objects.equals(model.getType(), credential.getType()))) {
|
||||||
|
throw new ModelDuplicateException("A Required Credential with given type already exists.");
|
||||||
|
}
|
||||||
entity.addRequiredCredential(MapRequiredCredentialEntity.fromModel(model));
|
entity.addRequiredCredential(MapRequiredCredentialEntity.fromModel(model));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -837,6 +843,9 @@ public class MapRealmAdapter extends AbstractRealmModel<MapRealmEntity> implemen
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AuthenticatorConfigModel addAuthenticatorConfig(AuthenticatorConfigModel model) {
|
public AuthenticatorConfigModel addAuthenticatorConfig(AuthenticatorConfigModel model) {
|
||||||
|
if (entity.getAuthenticatorConfig(model.getId()).isPresent()) {
|
||||||
|
throw new ModelDuplicateException("An Authenticator Config with given id already exists.");
|
||||||
|
}
|
||||||
MapAuthenticatorConfigEntity authenticatorConfig = MapAuthenticatorConfigEntity.fromModel(model);
|
MapAuthenticatorConfigEntity authenticatorConfig = MapAuthenticatorConfigEntity.fromModel(model);
|
||||||
entity.addAuthenticatorConfig(authenticatorConfig);
|
entity.addAuthenticatorConfig(authenticatorConfig);
|
||||||
model.setId(authenticatorConfig.getId());
|
model.setId(authenticatorConfig.getId());
|
||||||
|
|
@ -883,6 +892,12 @@ public class MapRealmAdapter extends AbstractRealmModel<MapRealmEntity> implemen
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public RequiredActionProviderModel addRequiredActionProvider(RequiredActionProviderModel model) {
|
public RequiredActionProviderModel addRequiredActionProvider(RequiredActionProviderModel model) {
|
||||||
|
if (entity.getRequiredActionProvider(model.getId()).isPresent()) {
|
||||||
|
throw new ModelDuplicateException("A Required Action Provider with given id already exists.");
|
||||||
|
}
|
||||||
|
if (getRequiredActionProviderByAlias(model.getAlias()) != null) {
|
||||||
|
throw new ModelDuplicateException("A Required Action Provider with given alias already exists.");
|
||||||
|
}
|
||||||
MapRequiredActionProviderEntity requiredActionProvider = MapRequiredActionProviderEntity.fromModel(model);
|
MapRequiredActionProviderEntity requiredActionProvider = MapRequiredActionProviderEntity.fromModel(model);
|
||||||
entity.addRequiredActionProvider(requiredActionProvider);
|
entity.addRequiredActionProvider(requiredActionProvider);
|
||||||
|
|
||||||
|
|
@ -943,6 +958,9 @@ public class MapRealmAdapter extends AbstractRealmModel<MapRealmEntity> implemen
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addIdentityProvider(IdentityProviderModel model) {
|
public void addIdentityProvider(IdentityProviderModel model) {
|
||||||
|
if (getIdentityProviderByAlias(model.getAlias()) != null) {
|
||||||
|
throw new ModelDuplicateException("An Identity Provider with given alias already exists.");
|
||||||
|
}
|
||||||
entity.addIdentityProvider(MapIdentityProviderEntity.fromModel(model));
|
entity.addIdentityProvider(MapIdentityProviderEntity.fromModel(model));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -265,8 +265,7 @@ public abstract class MapUserAdapter extends AbstractUserModel<MapUserEntity> {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isMemberOf(GroupModel group) {
|
public boolean isMemberOf(GroupModel group) {
|
||||||
Set<String> groups = entity.getGroupsMembership();
|
return RoleUtils.isMember(getGroupsStream(), group);
|
||||||
return groups != null && groups.contains(group.getId());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
@ -308,7 +307,8 @@ public abstract class MapUserAdapter extends AbstractUserModel<MapUserEntity> {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean hasRole(RoleModel role) {
|
public boolean hasRole(RoleModel role) {
|
||||||
return hasDirectRole(role);
|
return RoleUtils.hasRole(getRoleMappingsStream(), role)
|
||||||
|
|| RoleUtils.hasRoleFromGroup(getGroupsStream(), role, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
||||||
|
|
@ -80,6 +80,7 @@ public interface RoleMapperModel {
|
||||||
* For example, {@code true} is returned for hasRole(R) if:
|
* For example, {@code true} is returned for hasRole(R) if:
|
||||||
* <ul>
|
* <ul>
|
||||||
* <li>R is directly assigned to this object</li>
|
* <li>R is directly assigned to this object</li>
|
||||||
|
* <li>R is indirectly assigned to this object via composites</li>
|
||||||
* <li>R is not assigned to this object but this object belongs to a group G which is assigned the role R</li>
|
* <li>R is not assigned to this object but this object belongs to a group G which is assigned the role R</li>
|
||||||
* <li>R is not assigned to this object but this object belongs to a group G, and G belongs to group H which is assigned the role R</li>
|
* <li>R is not assigned to this object but this object belongs to a group G, and G belongs to group H which is assigned the role R</li>
|
||||||
* </ul>
|
* </ul>
|
||||||
|
|
|
||||||
|
|
@ -1140,6 +1140,8 @@
|
||||||
<keycloak.loginFailure.provider>map</keycloak.loginFailure.provider>
|
<keycloak.loginFailure.provider>map</keycloak.loginFailure.provider>
|
||||||
<keycloak.authorization.provider>map</keycloak.authorization.provider>
|
<keycloak.authorization.provider>map</keycloak.authorization.provider>
|
||||||
<keycloak.authorizationCache.enabled>false</keycloak.authorizationCache.enabled>
|
<keycloak.authorizationCache.enabled>false</keycloak.authorizationCache.enabled>
|
||||||
|
<keycloak.realmCache.enabled>false</keycloak.realmCache.enabled>
|
||||||
|
<keycloak.userCache.enabled>false</keycloak.userCache.enabled>
|
||||||
</systemPropertyVariables>
|
</systemPropertyVariables>
|
||||||
</configuration>
|
</configuration>
|
||||||
</plugin>
|
</plugin>
|
||||||
|
|
|
||||||
|
|
@ -45,6 +45,7 @@ public class TestCleanup {
|
||||||
private static final String GROUP_IDS = "GROUP_IDS";
|
private static final String GROUP_IDS = "GROUP_IDS";
|
||||||
private static final String AUTH_FLOW_IDS = "AUTH_FLOW_IDS";
|
private static final String AUTH_FLOW_IDS = "AUTH_FLOW_IDS";
|
||||||
private static final String AUTH_CONFIG_IDS = "AUTH_CONFIG_IDS";
|
private static final String AUTH_CONFIG_IDS = "AUTH_CONFIG_IDS";
|
||||||
|
private static final String REQUIRED_ACTION_ALIASES = "REQUIRED_ACTION_PROVIDERS";
|
||||||
private static final String LOCALIZATION_LANGUAGES = "LOCALIZATION_LANGUAGES";
|
private static final String LOCALIZATION_LANGUAGES = "LOCALIZATION_LANGUAGES";
|
||||||
|
|
||||||
private final TestContext testContext;
|
private final TestContext testContext;
|
||||||
|
|
@ -123,6 +124,9 @@ public class TestCleanup {
|
||||||
entities.add(AUTH_CONFIG_IDS, executionConfigId);
|
entities.add(AUTH_CONFIG_IDS, executionConfigId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void addRequiredAction(String alias) {
|
||||||
|
entities.add(REQUIRED_ACTION_ALIASES, alias);
|
||||||
|
}
|
||||||
|
|
||||||
public void executeCleanup() {
|
public void executeCleanup() {
|
||||||
RealmResource realm = getAdminClient().realm(realmName);
|
RealmResource realm = getAdminClient().realm(realmName);
|
||||||
|
|
@ -239,6 +243,17 @@ public class TestCleanup {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
List<String> requiredActionAliases = entities.get(REQUIRED_ACTION_ALIASES);
|
||||||
|
if (requiredActionAliases != null) {
|
||||||
|
for (String alias : requiredActionAliases) {
|
||||||
|
try {
|
||||||
|
realm.flows().removeRequiredAction(alias);
|
||||||
|
} catch (NotFoundException nfe) {
|
||||||
|
// required action might be already deleted in the test
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private Keycloak getAdminClient() {
|
private Keycloak getAdminClient() {
|
||||||
|
|
|
||||||
|
|
@ -36,6 +36,8 @@ import org.keycloak.admin.client.resource.UsersResource;
|
||||||
import org.keycloak.common.Profile;
|
import org.keycloak.common.Profile;
|
||||||
import org.keycloak.common.util.KeycloakUriBuilder;
|
import org.keycloak.common.util.KeycloakUriBuilder;
|
||||||
import org.keycloak.common.util.Time;
|
import org.keycloak.common.util.Time;
|
||||||
|
import org.keycloak.models.cache.CacheRealmProvider;
|
||||||
|
import org.keycloak.models.cache.UserCache;
|
||||||
import org.keycloak.representations.idm.ClientRepresentation;
|
import org.keycloak.representations.idm.ClientRepresentation;
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
|
import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
|
||||||
|
|
@ -77,6 +79,7 @@ import java.util.Calendar;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
import java.util.Objects;
|
||||||
import java.util.Scanner;
|
import java.util.Scanner;
|
||||||
import java.util.concurrent.*;
|
import java.util.concurrent.*;
|
||||||
import java.util.function.Consumer;
|
import java.util.function.Consumer;
|
||||||
|
|
@ -716,4 +719,16 @@ public abstract class AbstractKeycloakTest {
|
||||||
final boolean isProduct = adminClient.serverInfo().getInfo().getProfileInfo().getName().equals("product");
|
final boolean isProduct = adminClient.serverInfo().getInfo().getProfileInfo().getName().equals("product");
|
||||||
return isProduct ? Profile.PRODUCT_NAME : Profile.PROJECT_NAME;
|
return isProduct ? Profile.PRODUCT_NAME : Profile.PROJECT_NAME;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected boolean isRealmCacheEnabled() {
|
||||||
|
String realmCache = testingClient.server()
|
||||||
|
.fetchString(s -> s.getKeycloakSessionFactory().getProviderFactory(CacheRealmProvider.class));
|
||||||
|
return Objects.nonNull(realmCache);
|
||||||
|
}
|
||||||
|
|
||||||
|
protected boolean isUserCacheEnabled() {
|
||||||
|
String userCache = testingClient.server()
|
||||||
|
.fetchString(s -> s.getKeycloakSessionFactory().getProviderFactory(UserCache.class));
|
||||||
|
return Objects.nonNull(userCache);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -27,7 +27,6 @@ import org.keycloak.authentication.authenticators.browser.WebAuthnPasswordlessAu
|
||||||
import org.keycloak.authentication.requiredactions.WebAuthnPasswordlessRegisterFactory;
|
import org.keycloak.authentication.requiredactions.WebAuthnPasswordlessRegisterFactory;
|
||||||
import org.keycloak.authentication.requiredactions.WebAuthnRegisterFactory;
|
import org.keycloak.authentication.requiredactions.WebAuthnRegisterFactory;
|
||||||
import org.keycloak.broker.provider.util.SimpleHttp;
|
import org.keycloak.broker.provider.util.SimpleHttp;
|
||||||
import org.keycloak.common.Profile;
|
|
||||||
import org.keycloak.common.enums.AccountRestApiVersion;
|
import org.keycloak.common.enums.AccountRestApiVersion;
|
||||||
import org.keycloak.common.util.ObjectUtil;
|
import org.keycloak.common.util.ObjectUtil;
|
||||||
import org.keycloak.credential.CredentialTypeMetadata;
|
import org.keycloak.credential.CredentialTypeMetadata;
|
||||||
|
|
@ -63,7 +62,6 @@ import org.keycloak.testsuite.admin.ApiUtil;
|
||||||
import org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest;
|
import org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest;
|
||||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
|
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
|
||||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
|
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
|
||||||
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
|
|
||||||
import org.keycloak.testsuite.util.OAuthClient;
|
import org.keycloak.testsuite.util.OAuthClient;
|
||||||
import org.keycloak.testsuite.util.TokenUtil;
|
import org.keycloak.testsuite.util.TokenUtil;
|
||||||
import org.keycloak.testsuite.util.UserBuilder;
|
import org.keycloak.testsuite.util.UserBuilder;
|
||||||
|
|
@ -536,12 +534,14 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
|
||||||
requiredAction.setName(WebAuthnRegisterFactory.PROVIDER_ID);
|
requiredAction.setName(WebAuthnRegisterFactory.PROVIDER_ID);
|
||||||
requiredAction.setProviderId(WebAuthnRegisterFactory.PROVIDER_ID);
|
requiredAction.setProviderId(WebAuthnRegisterFactory.PROVIDER_ID);
|
||||||
testRealm().flows().registerRequiredAction(requiredAction);
|
testRealm().flows().registerRequiredAction(requiredAction);
|
||||||
|
getCleanup().addRequiredAction(requiredAction.getProviderId());
|
||||||
|
|
||||||
requiredAction = new RequiredActionProviderSimpleRepresentation();
|
requiredAction = new RequiredActionProviderSimpleRepresentation();
|
||||||
requiredAction.setId("6789");
|
requiredAction.setId("6789");
|
||||||
requiredAction.setName(WebAuthnPasswordlessRegisterFactory.PROVIDER_ID);
|
requiredAction.setName(WebAuthnPasswordlessRegisterFactory.PROVIDER_ID);
|
||||||
requiredAction.setProviderId(WebAuthnPasswordlessRegisterFactory.PROVIDER_ID);
|
requiredAction.setProviderId(WebAuthnPasswordlessRegisterFactory.PROVIDER_ID);
|
||||||
testRealm().flows().registerRequiredAction(requiredAction);
|
testRealm().flows().registerRequiredAction(requiredAction);
|
||||||
|
getCleanup().addRequiredAction(requiredAction.getProviderId());
|
||||||
|
|
||||||
List<AccountCredentialResource.CredentialContainer> credentials = getCredentials();
|
List<AccountCredentialResource.CredentialContainer> credentials = getCredentials();
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -939,7 +939,7 @@ public class SAMLServletAdapterTest extends AbstractSAMLServletAdapterTest {
|
||||||
@Test
|
@Test
|
||||||
// https://issues.jboss.org/browse/KEYCLOAK-3971
|
// https://issues.jboss.org/browse/KEYCLOAK-3971
|
||||||
public void salesPostSigTestUnicodeCharacters() {
|
public void salesPostSigTestUnicodeCharacters() {
|
||||||
final String username = "ěščřžýáíRoàåéèíñòøöùüßÅÄÖÜ";
|
final String username = "ěščřžýáíroàåéèíñòøöùüßåäöü";
|
||||||
UserRepresentation user = UserBuilder
|
UserRepresentation user = UserBuilder
|
||||||
.edit(createUserRepresentation(username, "xyz@redhat.com", "ěščřžýáí", "RoàåéèíñòøöùüßÅÄÖÜ", true))
|
.edit(createUserRepresentation(username, "xyz@redhat.com", "ěščřžýáí", "RoàåéèíñòøöùüßÅÄÖÜ", true))
|
||||||
.addPassword(PASSWORD)
|
.addPassword(PASSWORD)
|
||||||
|
|
@ -965,7 +965,7 @@ public class SAMLServletAdapterTest extends AbstractSAMLServletAdapterTest {
|
||||||
@Test
|
@Test
|
||||||
// https://issues.jboss.org/browse/KEYCLOAK-3971
|
// https://issues.jboss.org/browse/KEYCLOAK-3971
|
||||||
public void employeeSigTestUnicodeCharacters() {
|
public void employeeSigTestUnicodeCharacters() {
|
||||||
final String username = "ěščřžýáíRoàåéèíñòøöùüßÅÄÖÜ";
|
final String username = "ěščřžýáíroàåéèíñòøöùüßåäöü";
|
||||||
UserRepresentation user = UserBuilder
|
UserRepresentation user = UserBuilder
|
||||||
.edit(createUserRepresentation(username, "xyz@redhat.com", "ěščřžýáí", "RoàåéèíñòøöùüßÅÄÖÜ", true))
|
.edit(createUserRepresentation(username, "xyz@redhat.com", "ěščřžýáí", "RoàåéèíñòøöùüßÅÄÖÜ", true))
|
||||||
.addPassword(PASSWORD)
|
.addPassword(PASSWORD)
|
||||||
|
|
|
||||||
|
|
@ -19,15 +19,14 @@ package org.keycloak.testsuite.admin.authentication;
|
||||||
|
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.common.Profile;
|
|
||||||
import org.keycloak.events.admin.OperationType;
|
import org.keycloak.events.admin.OperationType;
|
||||||
import org.keycloak.events.admin.ResourceType;
|
import org.keycloak.events.admin.ResourceType;
|
||||||
import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
|
import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
|
||||||
import org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation;
|
import org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation;
|
||||||
import org.keycloak.testsuite.actions.DummyRequiredActionFactory;
|
import org.keycloak.testsuite.actions.DummyRequiredActionFactory;
|
||||||
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
|
|
||||||
import org.keycloak.testsuite.util.AdminEventPaths;
|
import org.keycloak.testsuite.util.AdminEventPaths;
|
||||||
|
|
||||||
|
import javax.ws.rs.ClientErrorException;
|
||||||
import javax.ws.rs.NotFoundException;
|
import javax.ws.rs.NotFoundException;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
|
|
@ -94,6 +93,13 @@ public class RequiredActionsTest extends AbstractAuthenticationTest {
|
||||||
authMgmtResource.registerRequiredAction(action);
|
authMgmtResource.registerRequiredAction(action);
|
||||||
assertAdminEvents.assertEvent(testRealmId, OperationType.CREATE, AdminEventPaths.authMgmtBasePath() + "/register-required-action", action, ResourceType.REQUIRED_ACTION);
|
assertAdminEvents.assertEvent(testRealmId, OperationType.CREATE, AdminEventPaths.authMgmtBasePath() + "/register-required-action", action, ResourceType.REQUIRED_ACTION);
|
||||||
|
|
||||||
|
// Try to register 2nd time
|
||||||
|
try {
|
||||||
|
authMgmtResource.registerRequiredAction(action);
|
||||||
|
} catch (ClientErrorException ex) {
|
||||||
|
// Expected
|
||||||
|
}
|
||||||
|
|
||||||
// Try to find not-existent action - should fail
|
// Try to find not-existent action - should fail
|
||||||
try {
|
try {
|
||||||
authMgmtResource.getRequiredAction("not-existent");
|
authMgmtResource.getRequiredAction("not-existent");
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,7 @@ package org.keycloak.testsuite.admin.realm;
|
||||||
|
|
||||||
import org.apache.commons.io.IOUtils;
|
import org.apache.commons.io.IOUtils;
|
||||||
import org.hamcrest.Matchers;
|
import org.hamcrest.Matchers;
|
||||||
|
import org.junit.Assume;
|
||||||
import org.junit.Rule;
|
import org.junit.Rule;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.junit.rules.ExpectedException;
|
import org.junit.rules.ExpectedException;
|
||||||
|
|
@ -685,6 +686,7 @@ public class RealmTest extends AbstractAdminTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void clearRealmCache() {
|
public void clearRealmCache() {
|
||||||
|
Assume.assumeTrue("Realm cache disabled.", isRealmCacheEnabled());
|
||||||
RealmRepresentation realmRep = realm.toRepresentation();
|
RealmRepresentation realmRep = realm.toRepresentation();
|
||||||
assertTrue(testingClient.testing().cache("realms").contains(realmRep.getId()));
|
assertTrue(testingClient.testing().cache("realms").contains(realmRep.getId()));
|
||||||
|
|
||||||
|
|
@ -696,6 +698,7 @@ public class RealmTest extends AbstractAdminTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void clearUserCache() {
|
public void clearUserCache() {
|
||||||
|
Assume.assumeTrue("User cache disabled.", isUserCacheEnabled());
|
||||||
UserRepresentation user = new UserRepresentation();
|
UserRepresentation user = new UserRepresentation();
|
||||||
user.setUsername("clearcacheuser");
|
user.setUsername("clearcacheuser");
|
||||||
Response response = realm.users().create(user);
|
Response response = realm.users().create(user);
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,7 @@
|
||||||
package org.keycloak.testsuite.federation.ldap;
|
package org.keycloak.testsuite.federation.ldap;
|
||||||
|
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
|
import org.junit.Assume;
|
||||||
import org.junit.ClassRule;
|
import org.junit.ClassRule;
|
||||||
import org.junit.FixMethodOrder;
|
import org.junit.FixMethodOrder;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
@ -26,7 +27,6 @@ import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.models.LDAPConstants;
|
import org.keycloak.models.LDAPConstants;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
|
||||||
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||||
import org.keycloak.protocol.oidc.mappers.UserAttributeMapper;
|
import org.keycloak.protocol.oidc.mappers.UserAttributeMapper;
|
||||||
import org.keycloak.representations.IDToken;
|
import org.keycloak.representations.IDToken;
|
||||||
|
|
@ -105,6 +105,7 @@ public class LDAPMultipleAttributesTest extends AbstractLDAPTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testUserImport() {
|
public void testUserImport() {
|
||||||
|
Assume.assumeTrue("User cache disabled.", isUserCacheEnabled());
|
||||||
testingClient.server().run(session -> {
|
testingClient.server().run(session -> {
|
||||||
LDAPTestContext ctx = LDAPTestContext.init(session);
|
LDAPTestContext ctx = LDAPTestContext.init(session);
|
||||||
session.userCache().clear();
|
session.userCache().clear();
|
||||||
|
|
@ -120,6 +121,7 @@ public class LDAPMultipleAttributesTest extends AbstractLDAPTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testModel() {
|
public void testModel() {
|
||||||
|
Assume.assumeTrue("User cache disabled.", isUserCacheEnabled());
|
||||||
testingClient.server().run(session -> {
|
testingClient.server().run(session -> {
|
||||||
LDAPTestContext ctx = LDAPTestContext.init(session);
|
LDAPTestContext ctx = LDAPTestContext.init(session);
|
||||||
session.userCache().clear();
|
session.userCache().clear();
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,7 @@
|
||||||
package org.keycloak.testsuite.federation.ldap;
|
package org.keycloak.testsuite.federation.ldap;
|
||||||
|
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
|
import org.junit.Assume;
|
||||||
import org.junit.ClassRule;
|
import org.junit.ClassRule;
|
||||||
import org.junit.FixMethodOrder;
|
import org.junit.FixMethodOrder;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
@ -35,7 +36,6 @@ import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.RoleModel;
|
import org.keycloak.models.RoleModel;
|
||||||
import org.keycloak.models.UserCredentialModel;
|
import org.keycloak.models.UserCredentialModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
|
||||||
import org.keycloak.models.cache.CachedUserModel;
|
import org.keycloak.models.cache.CachedUserModel;
|
||||||
import org.keycloak.models.credential.PasswordCredentialModel;
|
import org.keycloak.models.credential.PasswordCredentialModel;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
|
|
@ -46,7 +46,6 @@ import org.keycloak.representations.idm.EventRepresentation;
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
import org.keycloak.representations.idm.UserRepresentation;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
import org.keycloak.services.managers.UserStorageSyncManager;
|
|
||||||
import org.keycloak.storage.ReadOnlyException;
|
import org.keycloak.storage.ReadOnlyException;
|
||||||
import org.keycloak.storage.StorageId;
|
import org.keycloak.storage.StorageId;
|
||||||
import org.keycloak.storage.UserStorageProvider;
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
|
|
@ -62,7 +61,6 @@ import org.keycloak.storage.ldap.mappers.HardcodedLDAPRoleStorageMapper;
|
||||||
import org.keycloak.storage.ldap.mappers.HardcodedLDAPRoleStorageMapperFactory;
|
import org.keycloak.storage.ldap.mappers.HardcodedLDAPRoleStorageMapperFactory;
|
||||||
import org.keycloak.storage.ldap.mappers.LDAPStorageMapper;
|
import org.keycloak.storage.ldap.mappers.LDAPStorageMapper;
|
||||||
import org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper;
|
import org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper;
|
||||||
import org.keycloak.storage.user.SynchronizationResult;
|
|
||||||
import org.keycloak.testsuite.AbstractAuthTest;
|
import org.keycloak.testsuite.AbstractAuthTest;
|
||||||
import org.keycloak.testsuite.admin.ApiUtil;
|
import org.keycloak.testsuite.admin.ApiUtil;
|
||||||
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
|
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
|
||||||
|
|
@ -575,6 +573,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testHardcodedAttributeMapperTest() throws Exception {
|
public void testHardcodedAttributeMapperTest() throws Exception {
|
||||||
|
Assume.assumeTrue("User cache disabled.", isUserCacheEnabled());
|
||||||
// Create hardcoded mapper for "description"
|
// Create hardcoded mapper for "description"
|
||||||
testingClient.server().run(session -> {
|
testingClient.server().run(session -> {
|
||||||
LDAPTestContext ctx = LDAPTestContext.init(session);
|
LDAPTestContext ctx = LDAPTestContext.init(session);
|
||||||
|
|
@ -854,6 +853,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testSearchWithCustomLDAPFilter() {
|
public void testSearchWithCustomLDAPFilter() {
|
||||||
|
Assume.assumeTrue("User cache disabled.", isUserCacheEnabled());
|
||||||
// Add custom filter for searching users
|
// Add custom filter for searching users
|
||||||
testingClient.server().run(session -> {
|
testingClient.server().run(session -> {
|
||||||
LDAPTestContext ctx = LDAPTestContext.init(session);
|
LDAPTestContext ctx = LDAPTestContext.init(session);
|
||||||
|
|
@ -1053,6 +1053,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
|
||||||
// KEYCLOAK-9002
|
// KEYCLOAK-9002
|
||||||
@Test
|
@Test
|
||||||
public void testSearchWithPartiallyCachedUser() {
|
public void testSearchWithPartiallyCachedUser() {
|
||||||
|
Assume.assumeTrue("User cache disabled.", isUserCacheEnabled());
|
||||||
testingClient.server().run(session -> {
|
testingClient.server().run(session -> {
|
||||||
session.userCache().clear();
|
session.userCache().clear();
|
||||||
});
|
});
|
||||||
|
|
@ -1079,6 +1080,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testLDAPUserRefreshCache() {
|
public void testLDAPUserRefreshCache() {
|
||||||
|
Assume.assumeTrue("User cache disabled.", isUserCacheEnabled());
|
||||||
testingClient.server().run(session -> {
|
testingClient.server().run(session -> {
|
||||||
session.userCache().clear();
|
session.userCache().clear();
|
||||||
});
|
});
|
||||||
|
|
@ -1122,6 +1124,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testCacheUser() {
|
public void testCacheUser() {
|
||||||
|
Assume.assumeTrue("User cache disabled.", isUserCacheEnabled());
|
||||||
String userId = testingClient.server().fetch(session -> {
|
String userId = testingClient.server().fetch(session -> {
|
||||||
LDAPTestContext ctx = LDAPTestContext.init(session);
|
LDAPTestContext ctx = LDAPTestContext.init(session);
|
||||||
ctx.getLdapModel().setCachePolicy(UserStorageProviderModel.CachePolicy.NO_CACHE);
|
ctx.getLdapModel().setCachePolicy(UserStorageProviderModel.CachePolicy.NO_CACHE);
|
||||||
|
|
|
||||||
|
|
@ -18,12 +18,12 @@
|
||||||
package org.keycloak.testsuite.federation.ldap;
|
package org.keycloak.testsuite.federation.ldap;
|
||||||
|
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
|
import org.junit.Assume;
|
||||||
import org.junit.ClassRule;
|
import org.junit.ClassRule;
|
||||||
import org.junit.FixMethodOrder;
|
import org.junit.FixMethodOrder;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.junit.runners.MethodSorters;
|
import org.junit.runners.MethodSorters;
|
||||||
import org.keycloak.component.ComponentModel;
|
import org.keycloak.component.ComponentModel;
|
||||||
import org.keycloak.models.AccountRoles;
|
|
||||||
import org.keycloak.models.ClientModel;
|
import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.models.Constants;
|
import org.keycloak.models.Constants;
|
||||||
import org.keycloak.models.LDAPConstants;
|
import org.keycloak.models.LDAPConstants;
|
||||||
|
|
@ -333,6 +333,7 @@ public class LDAPRoleMappingsTest extends AbstractLDAPTest {
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void test04_syncRoleMappings() {
|
public void test04_syncRoleMappings() {
|
||||||
|
Assume.assumeTrue("User cache disabled.", isUserCacheEnabled());
|
||||||
testingClient.server().run(session -> {
|
testingClient.server().run(session -> {
|
||||||
LDAPTestContext ctx = LDAPTestContext.init(session);
|
LDAPTestContext ctx = LDAPTestContext.init(session);
|
||||||
RealmModel appRealm = ctx.getRealm();
|
RealmModel appRealm = ctx.getRealm();
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,7 @@
|
||||||
package org.keycloak.testsuite.federation.ldap.noimport;
|
package org.keycloak.testsuite.federation.ldap.noimport;
|
||||||
|
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
|
import org.junit.Assume;
|
||||||
import org.junit.FixMethodOrder;
|
import org.junit.FixMethodOrder;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.junit.runners.MethodSorters;
|
import org.junit.runners.MethodSorters;
|
||||||
|
|
@ -42,6 +43,7 @@ public class LDAPMultipleAttributesNoImportTest extends LDAPMultipleAttributesTe
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testUserImport() {
|
public void testUserImport() {
|
||||||
|
Assume.assumeTrue("User cache disabled.", isUserCacheEnabled());
|
||||||
testingClient.server().run(session -> {
|
testingClient.server().run(session -> {
|
||||||
LDAPTestContext ctx = LDAPTestContext.init(session);
|
LDAPTestContext ctx = LDAPTestContext.init(session);
|
||||||
session.userCache().clear();
|
session.userCache().clear();
|
||||||
|
|
|
||||||
|
|
@ -23,6 +23,7 @@ import javax.ws.rs.BadRequestException;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
|
import org.junit.Assume;
|
||||||
import org.junit.FixMethodOrder;
|
import org.junit.FixMethodOrder;
|
||||||
import org.junit.Ignore;
|
import org.junit.Ignore;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
@ -193,6 +194,9 @@ public class LDAPProvidersIntegrationNoImportTest extends LDAPProvidersIntegrati
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testFullNameMapperWriteOnly() {
|
public void testFullNameMapperWriteOnly() {
|
||||||
|
Assume.assumeTrue("User cache disabled. UserModel behaves differently when it's cached adapter and when not. See https://github.com/keycloak/keycloak/discussions/10004",
|
||||||
|
isUserCacheEnabled());
|
||||||
|
|
||||||
ComponentRepresentation firstNameMapperRep = testingClient.server().fetch(session -> {
|
ComponentRepresentation firstNameMapperRep = testingClient.server().fetch(session -> {
|
||||||
LDAPTestContext ctx = LDAPTestContext.init(session);
|
LDAPTestContext ctx = LDAPTestContext.init(session);
|
||||||
RealmModel appRealm = ctx.getRealm();
|
RealmModel appRealm = ctx.getRealm();
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,8 @@
|
||||||
package org.keycloak.testsuite.federation.ldap.noimport;
|
package org.keycloak.testsuite.federation.ldap.noimport;
|
||||||
|
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
|
import org.junit.Assume;
|
||||||
|
import org.junit.Before;
|
||||||
import org.junit.ClassRule;
|
import org.junit.ClassRule;
|
||||||
import org.junit.FixMethodOrder;
|
import org.junit.FixMethodOrder;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
@ -58,6 +60,10 @@ public class LDAPRoleMappingsNoImportTest extends AbstractLDAPTest {
|
||||||
return ldapRule;
|
return ldapRule;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Before
|
||||||
|
public void enabled() {
|
||||||
|
Assume.assumeTrue("User cache disabled.", isUserCacheEnabled());
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected boolean isImportEnabled() {
|
protected boolean isImportEnabled() {
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,7 @@ package org.keycloak.testsuite.federation.storage;
|
||||||
|
|
||||||
import org.jboss.arquillian.graphene.page.Page;
|
import org.jboss.arquillian.graphene.page.Page;
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
|
import org.junit.Assume;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.Rule;
|
import org.junit.Rule;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
@ -326,6 +327,8 @@ public class ClientStorageTest extends AbstractTestRealmKeycloakTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testDailyEviction() {
|
public void testDailyEviction() {
|
||||||
|
Assume.assumeTrue("User cache disabled.", isUserCacheEnabled());
|
||||||
|
|
||||||
testIsCached();
|
testIsCached();
|
||||||
|
|
||||||
testingClient.server().run(session -> {
|
testingClient.server().run(session -> {
|
||||||
|
|
@ -349,6 +352,8 @@ public class ClientStorageTest extends AbstractTestRealmKeycloakTest {
|
||||||
}
|
}
|
||||||
@Test
|
@Test
|
||||||
public void testWeeklyEviction() {
|
public void testWeeklyEviction() {
|
||||||
|
Assume.assumeTrue("User cache disabled.", isUserCacheEnabled());
|
||||||
|
|
||||||
testIsCached();
|
testIsCached();
|
||||||
|
|
||||||
testingClient.server().run(session -> {
|
testingClient.server().run(session -> {
|
||||||
|
|
@ -375,6 +380,8 @@ public class ClientStorageTest extends AbstractTestRealmKeycloakTest {
|
||||||
}
|
}
|
||||||
@Test
|
@Test
|
||||||
public void testMaxLifespan() {
|
public void testMaxLifespan() {
|
||||||
|
Assume.assumeTrue("User cache disabled.", isUserCacheEnabled());
|
||||||
|
|
||||||
testIsCached();
|
testIsCached();
|
||||||
|
|
||||||
testingClient.server().run(session -> {
|
testingClient.server().run(session -> {
|
||||||
|
|
@ -412,6 +419,8 @@ public class ClientStorageTest extends AbstractTestRealmKeycloakTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testIsCached() {
|
public void testIsCached() {
|
||||||
|
Assume.assumeTrue("User cache disabled.", isUserCacheEnabled());
|
||||||
|
|
||||||
testingClient.server().run(session -> {
|
testingClient.server().run(session -> {
|
||||||
RealmModel realm = session.realms().getRealmByName("test");
|
RealmModel realm = session.realms().getRealmByName("test");
|
||||||
ClientModel hardcoded = realm.getClientByClientId("hardcoded-client");
|
ClientModel hardcoded = realm.getClientByClientId("hardcoded-client");
|
||||||
|
|
@ -423,6 +432,8 @@ public class ClientStorageTest extends AbstractTestRealmKeycloakTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testNoCache() {
|
public void testNoCache() {
|
||||||
|
Assume.assumeTrue("User cache disabled.", isUserCacheEnabled());
|
||||||
|
|
||||||
testIsCached();
|
testIsCached();
|
||||||
|
|
||||||
testingClient.server().run(session -> {
|
testingClient.server().run(session -> {
|
||||||
|
|
|
||||||
|
|
@ -20,6 +20,7 @@ import org.jboss.arquillian.container.test.api.ContainerController;
|
||||||
import org.jboss.arquillian.graphene.page.Page;
|
import org.jboss.arquillian.graphene.page.Page;
|
||||||
import org.jboss.arquillian.test.api.ArquillianResource;
|
import org.jboss.arquillian.test.api.ArquillianResource;
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
|
import org.junit.Assume;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.Rule;
|
import org.junit.Rule;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
@ -155,6 +156,8 @@ public class UserStorageFailureTest extends AbstractTestRealmKeycloakTest {
|
||||||
|
|
||||||
ContainerAssume.assumeNotAuthServerRemote();
|
ContainerAssume.assumeNotAuthServerRemote();
|
||||||
|
|
||||||
|
Assume.assumeTrue("User cache disabled.", isUserCacheEnabled());
|
||||||
|
|
||||||
oauth.scope(OAuth2Constants.OFFLINE_ACCESS);
|
oauth.scope(OAuth2Constants.OFFLINE_ACCESS);
|
||||||
oauth.clientId("offline-client");
|
oauth.clientId("offline-client");
|
||||||
oauth.redirectUri(OAuthClient.AUTH_SERVER_ROOT + "/offline-client");
|
oauth.redirectUri(OAuthClient.AUTH_SERVER_ROOT + "/offline-client");
|
||||||
|
|
@ -255,6 +258,8 @@ public class UserStorageFailureTest extends AbstractTestRealmKeycloakTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testKeycloak5926() {
|
public void testKeycloak5926() {
|
||||||
|
Assume.assumeTrue("User cache disabled.", isUserCacheEnabled());
|
||||||
|
|
||||||
oauth.clientId("test-app");
|
oauth.clientId("test-app");
|
||||||
oauth.redirectUri(OAuthClient.APP_AUTH_ROOT);
|
oauth.redirectUri(OAuthClient.APP_AUTH_ROOT);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,7 @@ import org.apache.commons.io.FileUtils;
|
||||||
import org.jboss.arquillian.graphene.page.Page;
|
import org.jboss.arquillian.graphene.page.Page;
|
||||||
import org.junit.After;
|
import org.junit.After;
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
|
import org.junit.Assume;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.Ignore;
|
import org.junit.Ignore;
|
||||||
import org.junit.Rule;
|
import org.junit.Rule;
|
||||||
|
|
@ -116,6 +117,8 @@ public class UserStorageTest extends AbstractAuthTest {
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void addProvidersBeforeTest() throws URISyntaxException, IOException {
|
public void addProvidersBeforeTest() throws URISyntaxException, IOException {
|
||||||
|
Assume.assumeTrue("User cache disabled.", isUserCacheEnabled());
|
||||||
|
|
||||||
ComponentRepresentation memProvider = new ComponentRepresentation();
|
ComponentRepresentation memProvider = new ComponentRepresentation();
|
||||||
memProvider.setName("memory");
|
memProvider.setName("memory");
|
||||||
memProvider.setProviderId(UserMapStorageFactory.PROVIDER_ID);
|
memProvider.setProviderId(UserMapStorageFactory.PROVIDER_ID);
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,7 @@ package org.keycloak.testsuite.forms;
|
||||||
|
|
||||||
import org.jboss.arquillian.graphene.page.Page;
|
import org.jboss.arquillian.graphene.page.Page;
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
|
import org.junit.Assume;
|
||||||
import org.junit.Rule;
|
import org.junit.Rule;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.authentication.AuthenticationFlow;
|
import org.keycloak.authentication.AuthenticationFlow;
|
||||||
|
|
@ -179,6 +180,8 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void registerUpperCaseEmailWithChangedEmailAsUsername() throws IOException {
|
public void registerUpperCaseEmailWithChangedEmailAsUsername() throws IOException {
|
||||||
|
Assume.assumeTrue("See https://github.com/keycloak/keycloak/issues/10245", isUserCacheEnabled());
|
||||||
|
|
||||||
String userId = registerUpperCaseAndGetUserId(false);
|
String userId = registerUpperCaseAndGetUserId(false);
|
||||||
assertThat(userId, notNullValue());
|
assertThat(userId, notNullValue());
|
||||||
oauth.openLogout();
|
oauth.openLogout();
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
package org.keycloak.testsuite.model;
|
package org.keycloak.testsuite.model;
|
||||||
|
|
||||||
|
import org.junit.Assume;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.models.ClientModel;
|
import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
|
|
@ -58,6 +58,7 @@ public class CacheTest extends AbstractTestRealmKeycloakTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testStaleCache() throws Exception {
|
public void testStaleCache() throws Exception {
|
||||||
|
Assume.assumeTrue("Realm cache disabled.", isRealmCacheEnabled());
|
||||||
testingClient.server().run(session -> {
|
testingClient.server().run(session -> {
|
||||||
String appId = null;
|
String appId = null;
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -449,12 +449,11 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
|
||||||
r.setSsoSessionMaxLifespanRememberMe(r.getSsoSessionMaxLifespan() * 4);
|
r.setSsoSessionMaxLifespanRememberMe(r.getSsoSessionMaxLifespan() * 4);
|
||||||
r.setSsoSessionIdleTimeoutRememberMe(r.getSsoSessionIdleTimeout() * 4);
|
r.setSsoSessionIdleTimeoutRememberMe(r.getSsoSessionIdleTimeout() * 4);
|
||||||
});
|
});
|
||||||
// update the realm reference so that the remember-me timeouts are now visible.
|
|
||||||
RealmModel realm = session.realms().getRealmByName("test");
|
|
||||||
|
|
||||||
// create an user session with remember-me enabled that is older than the default 'max lifespan' timeout but not older than the 'max lifespan remember-me' timeout.
|
// create an user session with remember-me enabled that is older than the default 'max lifespan' timeout but not older than the 'max lifespan remember-me' timeout.
|
||||||
// the session's last refresh also exceeds the default 'session idle' timeout but doesn't exceed the 'session idle remember-me' timeout.
|
// the session's last refresh also exceeds the default 'session idle' timeout but doesn't exceed the 'session idle remember-me' timeout.
|
||||||
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
|
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
|
||||||
|
RealmModel realm = kcSession.realms().getRealmByName("test");
|
||||||
Time.setOffset(-(realm.getSsoSessionMaxLifespan() * 2));
|
Time.setOffset(-(realm.getSsoSessionMaxLifespan() * 2));
|
||||||
UserSessionModel userSession = kcSession.sessions().createUserSession(realm, kcSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null);
|
UserSessionModel userSession = kcSession.sessions().createUserSession(realm, kcSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null);
|
||||||
AuthenticatedClientSessionModel clientSession = kcSession.sessions().createClientSession(realm, client, userSession);
|
AuthenticatedClientSessionModel clientSession = kcSession.sessions().createClientSession(realm, client, userSession);
|
||||||
|
|
@ -468,6 +467,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
|
||||||
|
|
||||||
// create an user session with remember-me enabled that is older than the 'max lifespan remember-me' timeout.
|
// create an user session with remember-me enabled that is older than the 'max lifespan remember-me' timeout.
|
||||||
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
|
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
|
||||||
|
RealmModel realm = kcSession.realms().getRealmByName("test");
|
||||||
Time.setOffset(-(realm.getSsoSessionMaxLifespanRememberMe() + 1));
|
Time.setOffset(-(realm.getSsoSessionMaxLifespanRememberMe() + 1));
|
||||||
UserSessionModel userSession = kcSession.sessions().createUserSession(realm, kcSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null);
|
UserSessionModel userSession = kcSession.sessions().createUserSession(realm, kcSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null);
|
||||||
expiredUserSessions.add(userSession.getId());
|
expiredUserSessions.add(userSession.getId());
|
||||||
|
|
@ -475,6 +475,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
|
||||||
|
|
||||||
// finally create an user session with remember-me enabled whose last refresh exceeds the 'session idle remember-me' timeout.
|
// finally create an user session with remember-me enabled whose last refresh exceeds the 'session idle remember-me' timeout.
|
||||||
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
|
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
|
||||||
|
RealmModel realm = kcSession.realms().getRealmByName("test");
|
||||||
Time.setOffset(-(realm.getSsoSessionIdleTimeoutRememberMe() + SessionTimeoutHelper.PERIODIC_CLEANER_IDLE_TIMEOUT_WINDOW_SECONDS + 1));
|
Time.setOffset(-(realm.getSsoSessionIdleTimeoutRememberMe() + SessionTimeoutHelper.PERIODIC_CLEANER_IDLE_TIMEOUT_WINDOW_SECONDS + 1));
|
||||||
UserSessionModel userSession = kcSession.sessions().createUserSession(realm, kcSession.users().getUserByUsername(realm, "user2"), "user2", "127.0.0.1", "form", true, null, null);
|
UserSessionModel userSession = kcSession.sessions().createUserSession(realm, kcSession.users().getUserByUsername(realm, "user2"), "user2", "127.0.0.1", "form", true, null, null);
|
||||||
// no need to explicitly set the last refresh time - it is the same as the creation time.
|
// no need to explicitly set the last refresh time - it is the same as the creation time.
|
||||||
|
|
@ -483,21 +484,24 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
|
||||||
|
|
||||||
// remove the expired sessions - the first session should not be removed as it doesn't exceed any of the remember-me timeout values.
|
// remove the expired sessions - the first session should not be removed as it doesn't exceed any of the remember-me timeout values.
|
||||||
Time.setOffset(0);
|
Time.setOffset(0);
|
||||||
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> kcSession.sessions().removeExpired(realm));
|
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> kcSession.sessions().removeExpired(kcSession.realms().getRealmByName("test")));
|
||||||
|
|
||||||
|
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
|
||||||
|
RealmModel realm = kcSession.realms().getRealmByName("test");
|
||||||
|
|
||||||
for (String sessionId : expiredUserSessions) {
|
for (String sessionId : expiredUserSessions) {
|
||||||
assertNull(session.sessions().getUserSession(realm, sessionId));
|
assertNull(kcSession.sessions().getUserSession(realm, sessionId));
|
||||||
}
|
}
|
||||||
|
|
||||||
for (String sessionId : validUserSessions) {
|
for (String sessionId : validUserSessions) {
|
||||||
UserSessionModel userSessionLoaded = session.sessions().getUserSession(realm, sessionId);
|
UserSessionModel userSessionLoaded = kcSession.sessions().getUserSession(realm, sessionId);
|
||||||
assertNotNull(userSessionLoaded);
|
assertNotNull(userSessionLoaded);
|
||||||
// the only valid user session should also have a valid client session that hasn't expired.
|
// the only valid user session should also have a valid client session that hasn't expired.
|
||||||
AuthenticatedClientSessionModel clientSessionModel = userSessionLoaded.getAuthenticatedClientSessions().get(client.getId());
|
AuthenticatedClientSessionModel clientSessionModel = userSessionLoaded.getAuthenticatedClientSessions().get(client.getId());
|
||||||
assertNotNull(clientSessionModel);
|
assertNotNull(clientSessionModel);
|
||||||
assertTrue(validClientSessions.contains(clientSessionModel.getId()));
|
assertTrue(validClientSessions.contains(clientSessionModel.getId()));
|
||||||
}
|
}
|
||||||
|
});
|
||||||
} finally {
|
} finally {
|
||||||
Time.setOffset(0);
|
Time.setOffset(0);
|
||||||
session.getKeycloakSessionFactory().publish(new ResetTimeOffsetEvent());
|
session.getKeycloakSessionFactory().publish(new ResetTimeOffsetEvent());
|
||||||
|
|
|
||||||
|
|
@ -468,6 +468,7 @@ public class UserSessionLimitsTest extends AbstractTestRealmKeycloakTest {
|
||||||
AuthenticationFlowModel flow = realm.getFlowByAlias(alias);
|
AuthenticationFlowModel flow = realm.getFlowByAlias(alias);
|
||||||
AuthenticatorConfigModel configModel = realm.getAuthenticatorConfigByAlias("user-session-limits-" + flow.getId());
|
AuthenticatorConfigModel configModel = realm.getAuthenticatorConfigByAlias("user-session-limits-" + flow.getId());
|
||||||
configModel.getConfig().put(key, value);
|
configModel.getConfig().put(key, value);
|
||||||
|
realm.updateAuthenticatorConfig(configModel);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -174,9 +174,8 @@
|
||||||
},
|
},
|
||||||
|
|
||||||
"userCache": {
|
"userCache": {
|
||||||
"provider": "${keycloak.user.cache.provider:default}",
|
|
||||||
"default" : {
|
"default" : {
|
||||||
"enabled": true
|
"enabled": "${keycloak.userCache.enabled:true}"
|
||||||
},
|
},
|
||||||
"mem": {
|
"mem": {
|
||||||
"maxSize": 20000
|
"maxSize": 20000
|
||||||
|
|
@ -235,9 +234,8 @@
|
||||||
},
|
},
|
||||||
|
|
||||||
"realmCache": {
|
"realmCache": {
|
||||||
"provider": "${keycloak.realm.cache.provider:default}",
|
|
||||||
"default" : {
|
"default" : {
|
||||||
"enabled": true
|
"enabled": "${keycloak.realmCache.enabled:true}"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -284,14 +284,6 @@
|
||||||
</properties>
|
</properties>
|
||||||
</profile>
|
</profile>
|
||||||
|
|
||||||
<profile>
|
|
||||||
<id>map+infinispan</id>
|
|
||||||
<properties>
|
|
||||||
<keycloak.profile.feature.map_storage>enabled</keycloak.profile.feature.map_storage>
|
|
||||||
<keycloak.model.parameters>Infinispan,Jpa,Map,ConcurrentHashMapStorage</keycloak.model.parameters>
|
|
||||||
</properties>
|
|
||||||
</profile>
|
|
||||||
|
|
||||||
<profile>
|
<profile>
|
||||||
<id>map</id>
|
<id>map</id>
|
||||||
<properties>
|
<properties>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue