From 129eb6a3be1ab6b01dfe1ac076739bfc69edcb3c Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Thu, 27 Mar 2014 12:54:44 +0100
Subject: [PATCH] Fix LDAP tests and teststuite on windows. Set initial
 password directly in code as import from LDIF is problematic on windows

---
 .../keycloak/model/test/LdapTestUtils.java    | 33 +++++++++++++++++++
 .../model/test/AuthProvidersLDAPTest.java     | 17 ++++++----
 .../tests/src/test/resources/ldap/users.ldif  | 21 ++++++------
 .../PicketlinkAuthenticationProvider.java     |  3 +-
 .../forms/AuthProvidersIntegrationTest.java   |  8 +++--
 .../src/test/resources/ldap/users.ldif        |  1 -
 6 files changed, 59 insertions(+), 24 deletions(-)
 create mode 100644 model/tests/src/main/java/org/keycloak/model/test/LdapTestUtils.java

diff --git a/model/tests/src/main/java/org/keycloak/model/test/LdapTestUtils.java b/model/tests/src/main/java/org/keycloak/model/test/LdapTestUtils.java
new file mode 100644
index 0000000000..616c6007e7
--- /dev/null
+++ b/model/tests/src/main/java/org/keycloak/model/test/LdapTestUtils.java
@@ -0,0 +1,33 @@
+package org.keycloak.model.test;
+
+import org.jboss.resteasy.spi.ResteasyProviderFactory;
+import org.keycloak.models.RealmModel;
+import org.keycloak.spi.authentication.picketlink.PicketlinkAuthenticationProvider;
+import org.keycloak.util.KeycloakRegistry;
+import org.picketlink.idm.IdentityManager;
+import org.picketlink.idm.credential.Password;
+import org.picketlink.idm.model.basic.BasicModel;
+import org.picketlink.idm.model.basic.User;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class LdapTestUtils {
+
+    public static void setLdapPassword(RealmModel realm, String username, String password) {
+        // TODO: Workaround... should be improved once we have KeycloakSession with available application-scoped components
+        KeycloakRegistry registry = ResteasyProviderFactory.getContextData(KeycloakRegistry.class);
+        if (registry == null) {
+            ResteasyProviderFactory.pushContext(KeycloakRegistry.class, new KeycloakRegistry());
+        }
+
+        // Update password directly in ldap. It's workaround, but LDIF import doesn't seem to work on windows for ApacheDS
+        try {
+            IdentityManager identityManager = new PicketlinkAuthenticationProvider().getIdentityManager(realm);
+            User user = BasicModel.getUser(identityManager, username);
+            identityManager.updateCredential(user, new Password(password.toCharArray()));
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+}
diff --git a/model/tests/src/test/java/org/keycloak/model/test/AuthProvidersLDAPTest.java b/model/tests/src/test/java/org/keycloak/model/test/AuthProvidersLDAPTest.java
index 06a498c3b1..96157fe762 100644
--- a/model/tests/src/test/java/org/keycloak/model/test/AuthProvidersLDAPTest.java
+++ b/model/tests/src/test/java/org/keycloak/model/test/AuthProvidersLDAPTest.java
@@ -71,17 +71,20 @@ public class AuthProvidersLDAPTest extends AbstractModelTest {
     public void testLdapAuthentication() {
         MultivaluedMap<String, String> formData = AuthProvidersExternalModelTest.createFormData("john", "password");
 
-        // Verify that user doesn't exists in realm2 and can't authenticate here
-        Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_USER, am.authenticateForm(realm, formData));
-        Assert.assertNull(realm.getUser("john"));
-
-        // Add ldap authenticationProvider
-        setupAuthenticationProviders();
-
         try {
             // this is needed for Picketlink model provider
             ResteasyProviderFactory.pushContext(KeycloakRegistry.class, new KeycloakRegistry());
 
+            // Set password of user in LDAP
+            LdapTestUtils.setLdapPassword(realm, "john", "password");
+
+            // Verify that user doesn't exists in realm2 and can't authenticate here
+            Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_USER, am.authenticateForm(realm, formData));
+            Assert.assertNull(realm.getUser("john"));
+
+            // Add ldap authenticationProvider
+            setupAuthenticationProviders();
+
             // Authenticate john and verify that now he exists in realm
             Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, am.authenticateForm(realm, formData));
             UserModel john = realm.getUser("john");
diff --git a/model/tests/src/test/resources/ldap/users.ldif b/model/tests/src/test/resources/ldap/users.ldif
index 9f72f65e79..8ba3a98564 100644
--- a/model/tests/src/test/resources/ldap/users.ldif
+++ b/model/tests/src/test/resources/ldap/users.ldif
@@ -9,16 +9,6 @@ objectclass: top
 objectclass: organizationalUnit
 ou: People
 
-dn: ou=Roles,dc=keycloak,dc=org
-objectclass: top
-objectclass: organizationalUnit
-ou: Roles
-
-dn: ou=Groups,dc=keycloak,dc=org
-objectclass: top
-objectclass: organizationalUnit
-ou: Groups
-
 dn: uid=john,ou=People,dc=keycloak,dc=org
 objectclass: top
 objectclass: uidObject
@@ -28,4 +18,13 @@ uid: john
 cn: John
 sn: Doe
 mail: john@email.org
-userPassword: password
\ No newline at end of file
+
+dn: ou=Roles,dc=keycloak,dc=org
+objectclass: top
+objectclass: organizationalUnit
+ou: Roles
+
+dn: ou=Groups,dc=keycloak,dc=org
+objectclass: top
+objectclass: organizationalUnit
+ou: Groups
\ No newline at end of file
diff --git a/spi/authentication-picketlink/src/main/java/org/keycloak/spi/authentication/picketlink/PicketlinkAuthenticationProvider.java b/spi/authentication-picketlink/src/main/java/org/keycloak/spi/authentication/picketlink/PicketlinkAuthenticationProvider.java
index 2e9375d3ac..9d87e769d7 100644
--- a/spi/authentication-picketlink/src/main/java/org/keycloak/spi/authentication/picketlink/PicketlinkAuthenticationProvider.java
+++ b/spi/authentication-picketlink/src/main/java/org/keycloak/spi/authentication/picketlink/PicketlinkAuthenticationProvider.java
@@ -48,7 +48,6 @@ public class PicketlinkAuthenticationProvider implements AuthenticationProvider
         credential.setUsername(username);
         credential.setPassword(new Password(password.toCharArray()));
         identityManager.validateCredentials(credential);
-
         if (credential.getStatus() == Credentials.Status.VALID) {
             AuthResult result = new AuthResult(AuthProviderStatus.SUCCESS);
 
@@ -76,7 +75,7 @@ public class PicketlinkAuthenticationProvider implements AuthenticationProvider
         return true;
     }
 
-    protected IdentityManager getIdentityManager(RealmModel realm) throws AuthenticationProviderException {
+    public IdentityManager getIdentityManager(RealmModel realm) throws AuthenticationProviderException {
         IdentityManager identityManager = ResteasyProviderFactory.getContextData(IdentityManager.class);
         if (identityManager == null) {
             Iterable<PartitionManagerProvider> providers = ProviderLoader.load(PartitionManagerProvider.class);
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/AuthProvidersIntegrationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/AuthProvidersIntegrationTest.java
index 254e6d0ee1..f9520461ec 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/AuthProvidersIntegrationTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/AuthProvidersIntegrationTest.java
@@ -14,6 +14,7 @@ import org.junit.rules.RuleChain;
 import org.junit.rules.TestRule;
 import org.junit.runners.MethodSorters;
 import org.keycloak.OAuth2Constants;
+import org.keycloak.model.test.LdapTestUtils;
 import org.keycloak.models.AuthenticationProviderModel;
 import org.keycloak.models.PasswordPolicy;
 import org.keycloak.models.RealmModel;
@@ -51,15 +52,16 @@ public class AuthProvidersIntegrationTest {
             AuthenticationProviderModel modelProvider = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_MODEL, false, Collections.EMPTY_MAP);
             AuthenticationProviderModel picketlinkProvider = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_PICKETLINK, true, Collections.EMPTY_MAP);
 
-            // Configure LDAP
-            ldapRule.getEmbeddedServer().setupLdapInRealm(appRealm);
-
             // Delegate authentication to admin realm
             Map<String,String> config = new HashMap<String,String>();
             config.put(AuthProviderConstants.EXTERNAL_REALM_ID, adminstrationRealm.getId());
             AuthenticationProviderModel externalModelProvider = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_EXTERNAL_MODEL, true, config);
 
             appRealm.setAuthenticationProviders(Arrays.asList(modelProvider, picketlinkProvider, externalModelProvider));
+
+            // Configure LDAP
+            ldapRule.getEmbeddedServer().setupLdapInRealm(appRealm);
+            LdapTestUtils.setLdapPassword(appRealm, "john", "password");
         }
     });
 
diff --git a/testsuite/integration/src/test/resources/ldap/users.ldif b/testsuite/integration/src/test/resources/ldap/users.ldif
index 9f72f65e79..76295d328a 100644
--- a/testsuite/integration/src/test/resources/ldap/users.ldif
+++ b/testsuite/integration/src/test/resources/ldap/users.ldif
@@ -28,4 +28,3 @@ uid: john
 cn: John
 sn: Doe
 mail: john@email.org
-userPassword: password
\ No newline at end of file