libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Remove AccountUpdateProfilePage from the testsuite (#19362)

Browse source 
closes #15202
This commit is contained in:
Aboullos 2023-06-02 11:46:49 +02:00 committed by GitHub
parent 4eb05490f5
commit 612fe33ade
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
73 changed files with 877 additions and 1278 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/META-INF/keycloak-themes.json
View file

@ -1,7 +1,7 @@
{
"themes": [{
"name" : "address",
"types": [ "admin", "account", "login" ]
"types": [ "admin", "login" ]
}, {
"name" : "incorrect",
"types": [ "admin" ]

114
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/theme/address/account/account.ftl
View file

@ -1,114 +0,0 @@
<#import "template.ftl" as layout>
<@layout.mainLayout active='account' bodyClass='user'; section>
<div class="row">
<div class="col-md-10">
<h2>${msg("editAccountHtmlTtile")}</h2>
</div>
<div class="col-md-2 subtitle">
<span class="subtitle"><span class="required">*</span> ${msg("requiredFields")}</span>
</div>
</div>
<form action="${url.accountUrl}" class="form-horizontal" method="post">
<input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
<div class="form-group ${messagesPerField.printIfExists('username','has-error')}">
<div class="col-sm-2 col-md-2">
<label for="username" class="control-label">${msg("username")}</label> <#if realm.editUsernameAllowed><span class="required">*</span></#if>
</div>
<div class="col-sm-10 col-md-10">
<input type="text" class="form-control" id="username" name="username" <#if !realm.editUsernameAllowed>disabled="disabled"</#if> value="${(account.username!'')}"/>
</div>
</div>
<div class="form-group ${messagesPerField.printIfExists('email','has-error')}">
<div class="col-sm-2 col-md-2">
<label for="email" class="control-label">${msg("email")}</label> <span class="required">*</span>
</div>
<div class="col-sm-10 col-md-10">
<input type="text" class="form-control" id="email" name="email" autofocus value="${(account.email!'')}"/>
</div>
</div>
<div class="form-group ${messagesPerField.printIfExists('firstName','has-error')}">
<div class="col-sm-2 col-md-2">
<label for="firstName" class="control-label">${msg("firstName")}</label> <span class="required">*</span>
</div>
<div class="col-sm-10 col-md-10">
<input type="text" class="form-control" id="firstName" name="firstName" value="${(account.firstName!'')}"/>
</div>
</div>
<div class="form-group ${messagesPerField.printIfExists('lastName','has-error')}">
<div class="col-sm-2 col-md-2">
<label for="lastName" class="control-label">${msg("lastName")}</label> <span class="required">*</span>
</div>
<div class="col-sm-10 col-md-10">
<input type="text" class="form-control" id="lastName" name="lastName" value="${(account.lastName!'')}"/>
</div>
</div>
<div class="form-group">
<div class="col-sm-2 col-md-2">
<label for="user.attributes.street" class="control-label">${msg("street")}</label>
</div>
<div class="col-sm-10 col-md-10">
<input type="text" class="form-control" id="user.attributes.street" name="user.attributes.street" value="${(account.attributes.street!'')}"/>
</div>
</div>
<div class="form-group">
<div class="col-sm-2 col-md-2">
<label for="user.attributes.locality" class="control-label">${msg("locality")}</label>
</div>
<div class="col-sm-10 col-md-10">
<input type="text" class="form-control" id="user.attributes.locality" name="user.attributes.locality" value="${(account.attributes.locality!'')}"/>
</div>
</div>
<div class="form-group">
<div class="col-sm-2 col-md-2">
<label for="user.attributes.region" class="control-label">${msg("region")}</label>
</div>
<div class="col-sm-10 col-md-10">
<input type="text" class="form-control" id="user.attributes.region" name="user.attributes.region" value="${(account.attributes.region!'')}"/>
</div>
</div>
<div class="form-group">
<div class="col-sm-2 col-md-2">
<label for="user.attributes.postal_code" class="control-label">${msg("postal_code")}</label>
</div>
<div class="col-sm-10 col-md-10">
<input type="text" class="form-control" id="user.attributes.postal_code" name="user.attributes.postal_code" value="${(account.attributes.postal_code!'')}"/>
</div>
</div>
<div class="form-group">
<div class="col-sm-2 col-md-2">
<label for="user.attributes.country" class="control-label">${msg("country")}</label>
</div>
<div class="col-sm-10 col-md-10">
<input type="text" class="form-control" id="user.attributes.country" name="user.attributes.country" value="${(account.attributes.country!'')}"/>
</div>
</div>
<div class="form-group">
<div id="kc-form-buttons" class="col-md-offset-2 col-md-10 submit">
<div class="">
<#if url.referrerURI??><a href="${url.referrerURI}">${msg("backToApplication")?no_esc}/a></#if>
<button type="submit" class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" name="submitAction" value="Save">${msg("doSave")}</button>
<button type="submit" class="${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonLargeClass!}" name="submitAction" value="Cancel">${msg("doCancel")}</button>
</div>
</div>
</div>
</form>
</@layout.mainLayout>

18
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/theme/address/account/theme.properties
View file

@ -1,18 +0,0 @@
#
# Copyright 2016 Red Hat, Inc. and/or its affiliates
# and other contributors as indicated by the @author tags.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
parent=keycloak

198
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountUpdateProfilePage.java
View file

@ -1,198 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.pages;
import org.keycloak.models.Constants;
import org.keycloak.services.resources.RealmsResource;
import org.keycloak.testsuite.util.DroneUtils;
import org.openqa.selenium.By;
import org.openqa.selenium.NoSuchElementException;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.support.FindBy;
import jakarta.ws.rs.core.UriBuilder;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class AccountUpdateProfilePage extends AbstractAccountPage {
@FindBy(id = "username")
private WebElement usernameInput;
@FindBy(id = "firstName")
private WebElement firstNameInput;
@FindBy(id = "lastName")
private WebElement lastNameInput;
@FindBy(id = "email")
private WebElement emailInput;
@FindBy(id = "referrer")
private WebElement backToApplicationLink;
@FindBy(css = "button[type=\"submit\"][value=\"Save\"]")
private WebElement submitButton;
@FindBy(css = "button[type=\"submit\"][value=\"Cancel\"]")
private WebElement cancelButton;
@FindBy(className = "alert-success")
private WebElement successMessage;
@FindBy(className = "alert-error")
private WebElement errorMessage;
public String getPath() {
return RealmsResource.accountUrl(UriBuilder.fromUri(getAuthServerRoot())).build("test").toString();
}
public String getPath(String realm) {
return RealmsResource.accountUrl(UriBuilder.fromUri(getAuthServerRoot())).build(realm).toString();
}
public void updateProfile(String firstName, String lastName, String email) {
firstNameInput.clear();
firstNameInput.sendKeys(firstName);
lastNameInput.clear();
lastNameInput.sendKeys(lastName);
emailInput.clear();
emailInput.sendKeys(email);
submitButton.click();
}
public void updateProfile(String username, String firstName, String lastName, String email) {
usernameInput.clear();
usernameInput.sendKeys(username);
firstNameInput.clear();
firstNameInput.sendKeys(firstName);
lastNameInput.clear();
lastNameInput.sendKeys(lastName);
emailInput.clear();
emailInput.sendKeys(email);
submitButton.click();
}
public void updateUsername(String username) {
usernameInput.clear();
usernameInput.sendKeys(username);
submitButton.click();
}
public void updateEmail(String email) {
emailInput.clear();
emailInput.sendKeys(email);
submitButton.click();
}
public void updateAttribute(String attrName, String attrValue) {
WebElement attrElement = findAttributeInputElement(attrName);
attrElement.clear();
attrElement.sendKeys(attrValue);
submitButton.click();
}
public void submitWithoutChanges() {
submitButton.click();
}
public void clickCancel() {
cancelButton.click();
}
public String getUsername() {
return usernameInput.getAttribute("value");
}
public String getFirstName() {
return firstNameInput.getAttribute("value");
}
public String getLastName() {
return lastNameInput.getAttribute("value");
}
public String getEmail() {
return emailInput.getAttribute("value");
}
public String getAttribute(String attrName) {
WebElement attrElement = findAttributeInputElement(attrName);
return attrElement.getAttribute("value");
}
@Override
public boolean isCurrent() {
WebDriver currentDriver = DroneUtils.getCurrentDriver();
return currentDriver.getTitle().contains("Account Management") && currentDriver.getPageSource().contains("Edit Account");
}
@Override
public void open() {
driver.navigate().to(getPath());
}
public void open(String realm) {
driver.navigate().to(getPath(realm));
}
public void backToApplication() {
backToApplicationLink.click();
}
public String getBackToApplicationLinkText() {
try {
// Optional screen element, may not be present
return backToApplicationLink.getText();
} catch (NoSuchElementException ignored) {
return null;
}
}
public String getBackToApplicationLinkHref() {
try {
// Optional screen element, may not be present
return backToApplicationLink.getAttribute("href");
} catch (NoSuchElementException ignored) {
return null;
}
}
public String getSuccess(){
return successMessage.getText();
}
public String getError() {
return errorMessage.getText();
}
public boolean isPasswordUpdateSupported() {
return driver.getPageSource().contains(getPath() + "/password");
}
private WebElement findAttributeInputElement(String attrName) {
String attrId = Constants.USER_ATTRIBUTES_PREFIX + attrName;
return driver.findElement(By.id(attrId));
}
}

1
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/LoginPage.java
View file

@ -77,7 +77,6 @@ public class LoginPage extends LanguageComboboxAwarePage {
@FindBy(className = "instruction")
private WebElement instruction;
public void login(String username, String password) {
clearUsernameInputAndWaitIfNecessary();
usernameInput.sendKeys(username);

87
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomThemeTest.java
View file

@ -1,87 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.account.custom;
import jakarta.ws.rs.core.UriBuilder;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.events.Details;
import org.keycloak.events.EventType;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.UserBuilder;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class CustomThemeTest extends AbstractTestRealmKeycloakTest {
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
testRealm.setAccountTheme("address");
UserRepresentation user2 = UserBuilder.create()
.enabled(true)
.username("test-user-no-access@localhost")
.email("test-user-no-access@localhost")
.password("password")
.build();
RealmBuilder.edit(testRealm)
.user(user2);
}
@Rule
public AssertEvents events = new AssertEvents(this);
@Page
protected LoginPage loginPage;
@Page
protected AccountUpdateProfilePage profilePage;
// KEYCLOAK-3494
@Test
public void changeProfile() throws Exception {
profilePage.open();
loginPage.login("test-user@localhost", "password");
events.expectLogin().client("account").detail(Details.REDIRECT_URI, getAccountRedirectUrl()).assertEvent();
Assert.assertEquals("test-user@localhost", profilePage.getEmail());
Assert.assertEquals("", profilePage.getAttribute("street"));
profilePage.updateAttribute("street", "Elm 1");
Assert.assertEquals("Elm 1", profilePage.getAttribute("street"));
profilePage.updateAttribute("street", "Elm 2");
Assert.assertEquals("Elm 2", profilePage.getAttribute("street"));
events.expectAccount(EventType.UPDATE_PROFILE).assertEvent();
}
}

38
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/hal/ConsoleProtectionTest.java
View file

@ -21,8 +21,10 @@ import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm;
import static org.keycloak.testsuite.util.ServerURLs.getAuthServerContextRoot;
import java.io.IOException;
import java.net.URISyntaxException;
import java.util.List;
import java.util.concurrent.TimeoutException;
import org.jboss.arquillian.drone.api.annotation.Drone;
import org.jboss.arquillian.graphene.page.Page;
@ -33,12 +35,13 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.adapter.AbstractAdapterTest;
import org.keycloak.testsuite.arquillian.AppServerTestEnricher;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.AppServerWelcomePage;
import org.keycloak.testsuite.util.DroneUtils;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.util.JavascriptBrowser;
import org.keycloak.testsuite.util.WaitUtils;
import org.keycloak.testsuite.util.DroneUtils;
import org.keycloak.testsuite.util.TestAppHelper;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.keycloak.testsuite.pages.AppServerWelcomePage;
import org.openqa.selenium.WebDriver;
import org.wildfly.extras.creaper.core.online.CliException;
import org.wildfly.extras.creaper.core.online.OnlineManagementClient;
@ -54,6 +57,12 @@ import org.wildfly.extras.creaper.core.online.operations.admin.Administration;
@AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
public class ConsoleProtectionTest extends AbstractAdapterTest {
@Page
protected LoginPage loginPage;
@Page
protected AppPage appPage;
// Javascript browser needed KEYCLOAK-4703
@Drone
@JavascriptBrowser
@ -63,10 +72,6 @@ public class ConsoleProtectionTest extends AbstractAdapterTest {
@JavascriptBrowser
protected AppServerWelcomePage appServerWelcomePage;
@Page
@JavascriptBrowser
protected AccountUpdateProfilePage accountUpdateProfilePage;
@Override
public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
testRealms.add(loadRealm("/wildfly-integration/wildfly-management-realm.json"));
@ -112,18 +117,13 @@ public class ConsoleProtectionTest extends AbstractAdapterTest {
log.debug("Added jsDriver");
}
private void testLogin() throws InterruptedException {
appServerWelcomePage.navigateToConsole();
appServerWelcomePage.login("admin", "admin");
WaitUtils.pause(2000);
assertTrue(appServerWelcomePage.isCurrent());
}
@Test
public void testUserCanAccessAccountService() throws InterruptedException {
testLogin();
public void testUserCanAccessAccountService() {
TestAppHelper testAppHelper = new TestAppHelper(oauth, loginPage, appPage);
testAppHelper.login("admin", "admin");
appPage.assertCurrent();
appServerWelcomePage.navigateToAccessControl();
appServerWelcomePage.navigateManageProfile();
assertTrue(accountUpdateProfilePage.isCurrent());
}
}

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/BrokerLinkAndTokenExchangeTest.java
View file

@ -52,7 +52,6 @@ import org.keycloak.representations.idm.authorization.ClientPolicyRepresentation
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement;
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
@ -60,7 +59,6 @@ import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
import org.keycloak.testsuite.broker.BrokerTestTools;
import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginUpdateProfilePage;
@ -113,9 +111,6 @@ public class BrokerLinkAndTokenExchangeTest extends AbstractServletsAdapterTest
@Page
protected LoginUpdateProfilePage loginUpdateProfilePage;
@Page
protected AccountUpdateProfilePage profilePage;
@Page
private LoginPage loginPage;

16
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/ClientInitiatedAccountLinkTest.java
View file

@ -30,7 +30,6 @@ import org.keycloak.common.Profile;
import org.keycloak.common.util.Base64Url;
import org.keycloak.models.Constants;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.FederatedIdentityRepresentation;
@ -39,16 +38,15 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.resources.LoginActionsService;
import org.keycloak.services.resources.RealmsResource;
import org.keycloak.testsuite.ActionURIUtils;
import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.keycloak.testsuite.broker.BrokerTestTools;
import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginUpdateProfilePage;
@ -88,9 +86,6 @@ public class ClientInitiatedAccountLinkTest extends AbstractServletsAdapterTest
@Page
protected LoginUpdateProfilePage loginUpdateProfilePage;
@Page
protected AccountUpdateProfilePage profilePage;
@Page
private LoginPage loginPage;
@ -551,21 +546,18 @@ public class ClientInitiatedAccountLinkTest extends AbstractServletsAdapterTest
}
@Test
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true) // TODO remove this (KEYCLOAK-16228)
public void testAccountLinkingExpired() throws Exception {
public void testAccountLinkingExpired() {
RealmResource realm = adminClient.realms().realm(CHILD_IDP);
List<FederatedIdentityRepresentation> links = realm.users().get(childUserId).getFederatedIdentity();
Assert.assertTrue(links.isEmpty());
// Login to account mgmt first
profilePage.open(CHILD_IDP);
// Login to application first
appPage.navigateTo();
WaitUtils.waitForPageToLoad();
Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
loginPage.login("child", "password");
profilePage.assertCurrent();
// Now in another tab, request account linking
UriBuilder linkBuilder = UriBuilder.fromUri(appPage.getInjectedUrl().toString())

114
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractAdvancedBrokerTest.java
View file

@ -1,6 +1,5 @@
package org.keycloak.testsuite.broker;
import jakarta.validation.constraints.AssertTrue;
import org.junit.Test;
import org.keycloak.admin.client.resource.IdentityProviderResource;
import org.keycloak.admin.client.resource.RealmResource;
@ -35,9 +34,7 @@ import jakarta.ws.rs.client.ClientRequestFilter;
import jakarta.ws.rs.client.WebTarget;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Set;
@ -99,7 +96,7 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
* Refers to in old test suite: org.keycloak.testsuite.broker.AbstractKeycloakIdentityProviderTest#testAccountManagementLinkIdentity
*/
@Test
public void testAccountManagementLinkIdentity() throws URISyntaxException, IOException {
public void testAccountManagementLinkIdentity() {
createUser("consumer");
TestAppHelper testAppHelper = new TestAppHelper(oauth, loginPage, appPage);
@ -156,7 +153,7 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
* Refers to in old test suite: org.keycloak.testsuite.broker.AbstractKeycloakIdentityProviderTest#testAccountManagementLinkedIdentityAlreadyExists
*/
@Test
public void testAccountManagementLinkedIdentityAlreadyExists() throws URISyntaxException, IOException {
public void testAccountManagementLinkedIdentityAlreadyExists() {
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
createUser(bc.consumerRealmName(), "consumer", "password", "FirstName", "LastName", "consumer@localhost.com");
TestAppHelper testAppHelper = new TestAppHelper(oauth, loginPage, appPage);
@ -182,11 +179,12 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
identityProviderResource.update(idpRep);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
updatePasswordPage.updatePasswords("password", "password");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
Assert.assertTrue(appPage.isCurrent());
String username = bc.getUserLogin();
@ -228,9 +226,11 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
Assert.assertTrue(AccountHelper.updatePassword(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin(), "password"));
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
try {
waitForPage(driver, "sign in to", true);
@ -282,7 +282,9 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
.get(client.getId())
.update(ClientBuilder.edit(client).consentRequired(true).build());
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
driver.manage().timeouts().pageLoadTimeout(30, TimeUnit.MINUTES);
@ -306,8 +308,9 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
@Test
public void testDisabledUser() {
loginUser();
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
RealmResource realm = adminClient.realm(bc.consumerRealmName());
UserRepresentation userRep = realm.users().search(bc.getUserLogin()).get(0);
@ -317,6 +320,9 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
user.update(userRep);
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
errorPage.assertCurrent();
assertEquals("Account is disabled, contact your administrator.", errorPage.getError());
@ -369,8 +375,8 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
assertThat(currentRoles, hasItems(ROLE_MANAGER));
assertThat(currentRoles, not(hasItems(ROLE_USER)));
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
userResource.roles().realmLevel().add(Collections.singletonList(userRole));
@ -417,11 +423,14 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
assertThat(currentRoles, hasItems(ROLE_MANAGER));
assertThat(currentRoles, not(hasItems(ROLE_USER, ROLE_FRIENDLY_MANAGER)));
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
userResource.roles().realmLevel().add(Arrays.asList(userRole, friendlyManagerRole));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInAsUserInIDP();
currentRoles = consumerUserResource.roles().realmLevel().listAll().stream()
@ -430,14 +439,15 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
assertThat(currentRoles, hasItems(ROLE_MANAGER, ROLE_FRIENDLY_MANAGER));
assertThat(currentRoles, not(hasItems(ROLE_USER)));
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
}
// KEYCLOAK-4016
@Test
public void testExpiredCode() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
log.debug("Expire all browser cookies");
driver.manage().deleteAllCookies();
@ -448,7 +458,7 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
waitForPage(driver, "sorry", false);
errorPage.assertCurrent();
String link = errorPage.getBackToApplicationLink();
Assert.assertTrue(link.endsWith("/auth/realms/consumer/account/"));
Assert.assertTrue(link.contains("/auth/realms/" + bc.consumerRealmName() + "/app"));
}
/**
@ -459,7 +469,8 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
testingClient.server(bc.consumerRealmName()).run(configurePostBrokerLoginWithOTP(bc.getIDPAlias()));
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
@ -468,20 +479,28 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
totpPage.configure(totp.generateTOTP(totpSecret));
RealmResource realm = adminClient.realm(bc.consumerRealmName());
assertNumFederatedIdentities(realm.users().search(bc.getUserLogin()).get(0).getId(), 1);
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
setOtpTimeOffset(TimeBasedOTP.DEFAULT_INTERVAL_SECONDS, totp);
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
loginTotpPage.assertCurrent();
loginTotpPage.login(totp.generateTOTP(totpSecret));
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
testingClient.server(bc.consumerRealmName()).run(disablePostBrokerLoginFlow(bc.getIDPAlias()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
}
// KEYCLOAK-12986
@ -501,7 +520,8 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
realm.update(consumerRealmRep);
try {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
@ -509,10 +529,14 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
String totpSecret = totpPage.getTotpSecret();
totpPage.configure(totp.generateTOTP(totpSecret));
assertNumFederatedIdentities(realm.users().search(bc.getUserLogin()).get(0).getId(), 1);
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
setOtpTimeOffset(TimeBasedOTP.DEFAULT_INTERVAL_SECONDS, totp);
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
loginTotpPage.assertCurrent();
@ -535,8 +559,7 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
setOtpTimeOffset(TimeBasedOTP.DEFAULT_INTERVAL_SECONDS, totp);
loginTotpPage.login(totp.generateTOTP(totpSecret));
waitForAccountManagementTitle();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
} finally {
testingClient.server(bc.consumerRealmName()).run(disablePostBrokerLoginFlow(bc.getIDPAlias()));
@ -562,12 +585,20 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
idp.getConfig().put("backchannelSupported", "false");
adminClient.realm(bc.consumerRealmName()).identityProviders().get(bc.getIDPAlias()).update(idp);
Time.setOffset(2);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "update account information", false);
updateAccountInformationPage.assertCurrent();
updateAccountInformationPage.updateAccountInformation("FirstName", "LastName");
accountPage.logOut();
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
waitForPage(driver, "sign in to", true);
log.debug("Logging in");
assertTrue(this.driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/protocol/openid-connect/auth"));
@ -595,23 +626,26 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
adminClient.realm(bc.consumerRealmName()).components().add(component);
createUser(bc.providerRealmName(), "test-user", "password", "FirstName", "LastName", "test-user@localhost.com");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
loginPage.clickSocial(bc.getIDPAlias());
loginPage.login("test-user", "password");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
Assert.assertTrue(AccountHelper.updatePassword(adminClient.realm(bc.consumerRealmName()), "test-user", "new-password"));
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), "test-user");
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), "test-user");
createUser(bc.providerRealmName(), "test-user-noemail", "password", "FirstName", "LastName", "test-user-noemail@localhost.com");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
loginPage.clickSocial(bc.getIDPAlias());
loginPage.login("test-user-noemail", "password");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
Assert.assertTrue(AccountHelper.updatePassword(adminClient.realm(bc.consumerRealmName()), "test-user-noemail", "new-password"));
} finally {

41
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java
View file

@ -22,7 +22,6 @@ import org.jboss.arquillian.graphene.page.Page;
import org.junit.After;
import org.junit.Before;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.Profile;
import org.keycloak.common.util.Retry;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.protocol.saml.SamlProtocol;
@ -32,8 +31,6 @@ import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.resources.RealmsResource;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.IdpConfirmLinkPage;
import org.keycloak.testsuite.pages.IdpLinkEmailPage;
@ -50,8 +47,8 @@ import org.keycloak.testsuite.pages.UpdateAccountInformationPage;
import org.keycloak.testsuite.pages.VerifyEmailPage;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.util.MailServer;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.testsuite.util.OAuthClient;
import org.openqa.selenium.TimeoutException;
import jakarta.ws.rs.core.Response;
@ -64,7 +61,6 @@ import java.util.Objects;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.Assert.assertEquals;
import static org.keycloak.models.Constants.ACCOUNT_MANAGEMENT_CLIENT_ID;
import static org.keycloak.testsuite.admin.ApiUtil.createUserWithAdminClient;
import static org.keycloak.testsuite.admin.ApiUtil.resetUserPassword;
import static org.keycloak.testsuite.broker.BrokerTestConstants.USER_EMAIL;
@ -78,14 +74,10 @@ import static org.keycloak.testsuite.util.ServerURLs.removeDefaultPorts;
/**
* No test methods there. Just some useful common functionality
*/
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true) // TODO remove this (KEYCLOAK-16228)
public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
protected static final String ATTRIBUTE_VALUE = "attribute.value";
@Page
protected AccountUpdateProfilePage accountUpdateProfilePage;
@Page
protected LoginPage loginPage;
@ -148,7 +140,6 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
}
protected void configureSMTPServer() {
MailServer.start();
MailServer.createEmailAccount(USER_EMAIL, "password");
@ -158,7 +149,6 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
realm.update(master);
}
protected void removeSMTPConfiguration(RealmResource consumerRealm) {
RealmRepresentation master = consumerRealm.toRepresentation();
master.setSmtpServer(Collections.emptyMap());
@ -200,7 +190,6 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
MailServer.stop();
}
protected String createUser(String username, String email) {
UserRepresentation newUser = UserBuilder.create().username(username).email(email).enabled(true).build();
String userId = createUserWithAdminClient(adminClient.realm(bc.consumerRealmName()), newUser);
@ -208,7 +197,6 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
return userId;
}
protected String createUser(String username) {
return createUser(username, USER_EMAIL);
}
@ -219,13 +207,15 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
}
protected void logInAsUserInIDP() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
}
// We are re-authenticating to the IDP. Hence it is assumed that "username" field is not visible on the login form on the IDP side
protected void logInAsUserInIDPWithReAuthenticate() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
waitForPage(driver, "sign in to", true);
log.debug("Clicking social " + bc.getIDPAlias());
@ -259,7 +249,7 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
protected void logInAsUserInIDPForFirstTimeAndAssertSuccess() {
logInAsUserInIDPForFirstTime();
assertLoggedInAccountManagement();
appPage.assertCurrent();
}
protected void updateAccountInformation() {
@ -278,11 +268,6 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
return contextRoot + "/auth/realms/" + realmName + "/account";
}
protected String getAccountPasswordUrl(String contextRoot, String realmName) {
return contextRoot + "/auth/realms/" + realmName + "/account/password";
}
/**
* Get the login page for an existing client in provided realm
*
@ -324,7 +309,7 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
// Completely logout from realm and confirm logout if present
protected void logoutFromRealm(String contextRoot, String realm, String initiatingIdp, String idTokenHint, String clientId, String redirectUri) {
final String defaultRedirectUri = redirectUri != null ? redirectUri : getAccountUrl(contextRoot, realm);
final String defaultClientId = (idTokenHint == null && clientId == null) ? ACCOUNT_MANAGEMENT_CLIENT_ID : clientId;
final String defaultClientId = (idTokenHint == null && clientId == null) ? "test-app" : clientId;
executeLogoutFromRealm(contextRoot, realm, initiatingIdp, idTokenHint, defaultClientId, defaultRedirectUri);
checkLogoutConfirmation(realm, idTokenHint, defaultClientId);
@ -396,18 +381,6 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
}
}
protected void assertLoggedInAccountManagement() {
assertLoggedInAccountManagement(bc.getUserLogin(), bc.getUserEmail());
}
protected void assertLoggedInAccountManagement(String username, String email) {
waitForAccountManagementTitle();
Assert.assertTrue(accountUpdateProfilePage.isCurrent());
Assert.assertEquals(accountUpdateProfilePage.getUsername(), username);
Assert.assertEquals(accountUpdateProfilePage.getEmail(), email);
}
protected void waitForAccountManagementTitle() {
final String title = "Keycloak account management";
waitForPage(driver, title, true);

33
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java
View file

@ -15,14 +15,15 @@ import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.pages.ConsentPage;
import org.keycloak.testsuite.util.AccountHelper;
import java.util.List;
import java.util.Map;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.keycloak.models.utils.DefaultAuthenticationFlows.IDP_REVIEW_PROFILE_CONFIG_ALIAS;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import static org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
/**
@ -48,7 +49,8 @@ public abstract class AbstractBrokerTest extends AbstractInitializedBaseBrokerTe
}
protected void loginUser() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
@ -60,6 +62,13 @@ public abstract class AbstractBrokerTest extends AbstractInitializedBaseBrokerTe
log.debug("Updating info on updateAccount page");
updateAccountInformationPage.updateAccountInformation(bc.getUserLogin(), bc.getUserEmail(), "Firstname", "Lastname");
UserRepresentation userRep = AccountHelper.getUserRepresentation(
adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
userRep.setFirstName("Firstname");
userRep.setLastName("Lastname");
AccountHelper.updateUser(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin(), userRep);
UsersResource consumerUsers = adminClient.realm(bc.consumerRealmName()).users();
int userCount = consumerUsers.count();
@ -86,10 +95,12 @@ public abstract class AbstractBrokerTest extends AbstractInitializedBaseBrokerTe
Integer userCount = adminClient.realm(bc.consumerRealmName()).users().count();
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
assertEquals(accountPage.buildUri().toASCIIString().replace("master", "consumer") + "/", driver.getCurrentUrl());
assertTrue(driver.getCurrentUrl().contains(getConsumerRoot() + "/auth/realms/master/app/"));
assertEquals(userCount, adminClient.realm(bc.consumerRealmName()).users().count());
}
@ -97,15 +108,17 @@ public abstract class AbstractBrokerTest extends AbstractInitializedBaseBrokerTe
protected void testSingleLogout() {
log.debug("Testing single log out");
driver.navigate().to(getAccountUrl(getProviderRoot(), bc.providerRealmName()));
oauth.realm(bc.consumerRealmName());
oauth.clientId("broker-app");
oauth.openLoginForm();
Assert.assertTrue("Should be logged in the account page", driver.getTitle().endsWith("Account Management"));
Assert.assertTrue("Should be logged in", driver.getTitle().endsWith("AUTH_RESPONSE"));
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
Assert.assertTrue("Should be on " + bc.providerRealmName() + " realm", driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName()));
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
Assert.assertTrue("Should be on " + bc.consumerRealmName() + " realm on login page",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/protocol/openid-connect/"));

14
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractDefaultIdpTest.java
View file

@ -39,7 +39,6 @@ import org.openqa.selenium.WebElement;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
/**
@ -65,7 +64,9 @@ public abstract class AbstractDefaultIdpTest extends AbstractInitializedBaseBrok
configureFlow(null);
// Navigate to the auth page
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the initial page and nothing should have happened",
@ -81,7 +82,9 @@ public abstract class AbstractDefaultIdpTest extends AbstractInitializedBaseBrok
createUser(bc.providerRealmName(), username, "password", "FirstName");
// Navigate to the auth page
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.providerRealmName());
waitForPage(driver, "sign in to", true);
// Make sure we got redirected to the remote IdP automatically
@ -97,7 +100,10 @@ public abstract class AbstractDefaultIdpTest extends AbstractInitializedBaseBrok
createUser(bc.providerRealmName(), username, "password", "FirstName");
// Navigate to the auth page
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
oauth.realm(bc.consumerRealmName());
oauth.openLoginForm();
waitForPage(driver, "sign in to", true);
// Make sure we got redirected to the remote IdP automatically

296
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractFirstBrokerLoginTest.java
View file

@ -29,6 +29,7 @@ import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.forms.VerifyProfileTest;
import org.keycloak.testsuite.pages.LoginPasswordUpdatePage;
import org.keycloak.testsuite.util.AccountHelper;
import org.keycloak.testsuite.util.MailServer;
import org.keycloak.testsuite.util.MailServerConfiguration;
import org.keycloak.testsuite.util.SecondBrowser;
@ -45,10 +46,8 @@ import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import static org.keycloak.testsuite.broker.BrokerRunOnServerUtil.assertHardCodedSessionNote;
import static org.keycloak.testsuite.broker.BrokerRunOnServerUtil.configureAutoLinkFlow;
import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_ALIAS;
import static org.keycloak.testsuite.broker.BrokerTestConstants.USER_EMAIL;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import static org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
import static org.keycloak.testsuite.util.MailAssert.assertEmailAndGetUrl;
@ -85,7 +84,9 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
public void testErrorExistingUserWithUpdateProfile() {
createUser("consumer");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "update account information", false);
@ -109,7 +110,9 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
String existingUser = createUser("consumer");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "account already exists", false);
@ -132,8 +135,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
}
loginPage.login("password");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
Assert.assertTrue(appPage.isCurrent());
assertNumFederatedIdentities(existingUser, 1);
}
@ -147,7 +149,9 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
String existingUser = createUser("consumer");
String anotherUser = createUser("foobar", "foo@bar.baz");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "account already exists", false);
@ -170,8 +174,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
}
loginPage.login("foobar", "password");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
Assert.assertTrue(appPage.isCurrent());
assertNumFederatedIdentities(existingUser, 0);
assertNumFederatedIdentities(anotherUser, 1);
@ -186,7 +189,9 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
updateExecutions(AbstractBrokerTest::disableExistingUser);
String existingUser = createUser("consumer");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
assertEquals("Authenticate to link your account with " + bc.getIDPAlias(), loginPage.getInfoMessage());
@ -204,8 +209,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
}
loginPage.login("consumer", "password");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
Assert.assertTrue(appPage.isCurrent());
assertNumFederatedIdentities(existingUser, 1);
}
@ -218,7 +222,9 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
String existingUser = createUser("consumer");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "account already exists", false);
@ -254,7 +260,9 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
updateExecutions(AbstractBrokerTest::disableExistingUser);
String existingUser = createUser("consumer");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
assertEquals("Authenticate to link your account with " + bc.getIDPAlias(), loginPage.getInfoMessage());
@ -292,7 +300,8 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
providerUser.update(userResource);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
log.debug("Clicking social " + bc.getIDPAlias());
loginPage.clickSocial(bc.getIDPAlias());
@ -345,8 +354,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
// Use correct password now
loginPage.login("password");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
appPage.assertCurrent();
assertNumFederatedIdentities(userId, 1);
}
@ -374,7 +382,8 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
providerUser.update(userResource);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
@ -399,8 +408,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
this.passwordUpdatePage.assertCurrent();
this.passwordUpdatePage.changePassword("password", "password");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
Assert.assertTrue(appPage.isCurrent());
assertNumFederatedIdentities(existingUser, 1);
}
@ -428,7 +436,9 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
providerUser.update(userResource);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "account already exists", false);
@ -487,7 +497,9 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "account already exists", false);
@ -504,7 +516,9 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
updateExecutions(AbstractBrokerTest::enableUpdateProfileOnFirstLogin);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
Assert.assertTrue(updateAccountInformationPage.isCurrent());
@ -526,7 +540,9 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
public void testRequiredUpdatedPassword() {
updateExecutions(AbstractBrokerTest::enableRequirePassword);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
Assert.assertTrue(updateAccountInformationPage.isCurrent());
@ -538,8 +554,8 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
waitForPage(driver, "update password", false);
updatePasswordPage.updatePasswords("password", "password");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
Assert.assertTrue(appPage.isCurrent());
}
@ -556,7 +572,9 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
consumerUser.setEmail(bc.getUserEmail());
userResource.update(consumerUser);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "update account information", false);
@ -580,12 +598,12 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
waitForPage(driver, "update account information", false);
Assert.assertTrue(updateAccountInformationPage.isCurrent());
updateAccountInformationPage.updateAccountInformation("test", "test@localhost.com", "FirstName", "LastName");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
Assert.assertEquals("FirstName", accountUpdateProfilePage.getFirstName());
Assert.assertEquals("LastName", accountUpdateProfilePage.getLastName());
Assert.assertEquals("test@localhost.com", accountUpdateProfilePage.getEmail());
Assert.assertEquals("test", accountUpdateProfilePage.getUsername());
UserRepresentation userRepresentation = AccountHelper.getUserRepresentation(adminClient.realm(bc.consumerRealmName()), "test");
Assert.assertEquals("FirstName", userRepresentation.getFirstName());
Assert.assertEquals("LastName", userRepresentation.getLastName());
Assert.assertEquals("test@localhost.com", userRepresentation.getEmail());
}
@ -613,7 +631,8 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
Response response = idpResource.addMapper(hardCodedSessionNoteMapper);
response.close();
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
@ -621,8 +640,6 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
updateAccountInformationPage.assertCurrent();
updateAccountInformationPage.updateAccountInformation("FirstName", "LastName");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
testingClient.server().run(assertHardCodedSessionNote());
}
@ -640,7 +657,9 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
realmRep.setRegistrationEmailAsUsername(true);
realm.update(realmRep);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
Assert.assertTrue(updateAccountInformationPage.isCurrent());
@ -655,8 +674,6 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
}
updateAccountInformationPage.updateAccountInformation("test@redhat.com", "FirstName", "LastName");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
assertEquals(1, realm.users().search("test@redhat.com").size());
}
@ -673,7 +690,9 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
String linkedUserId = createUser("consumer");
//test
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "update account information", false);
@ -695,7 +714,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
driver.navigate().to(url);
//test if user is logged in
assertEquals(accountPage.buildUri().toASCIIString().replace("master", "consumer") + "/", driver.getCurrentUrl());
assertTrue(driver.getCurrentUrl().startsWith(getConsumerRoot() + "/auth/realms/master/app/"));
//test if the user has verified email
assertTrue(realm.users().get(linkedUserId).toRepresentation().isEmailVerified());
@ -722,7 +741,9 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
configureSMTPServer();
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "update account information", false);
@ -735,8 +756,6 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
"verify your email address", false);
driver.navigate().to(verificationUrl.trim());
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
}
@ -756,7 +775,9 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
createUser(bc.providerRealmName(), "no-email", "password", "FirstName", "LastName", null);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
log.debug("Clicking social " + bc.getIDPAlias());
loginPage.clickSocial(bc.getIDPAlias());
waitForPage(driver, "sign in to", true);
@ -765,9 +786,6 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
log.debug("Logging in");
loginPage.login("no-email", "password");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
List<UserRepresentation> users = realm.users().search("no-email");
assertEquals(1, users.size());
List<String> requiredActions = users.get(0).getRequiredActions();
@ -795,16 +813,15 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
identityProviderResource.update(idpRep);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "update account information", false);
updateAccountInformationPage.assertCurrent();
updateAccountInformationPage.updateAccountInformation("FirstName", "LastName");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
List<UserRepresentation> users = realm.users().search(bc.getUserLogin());
assertEquals(1, users.size());
List<String> requiredActions = users.get(0).getRequiredActions();
@ -832,7 +849,9 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
configureSMTPServer();
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "update account information", false);
@ -845,8 +864,6 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
"verify your email address", false);
driver.navigate().to(verificationUrl.trim());
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
List<UserRepresentation> users = realm.users().search(bc.getUserLogin());
assertEquals(1, users.size());
@ -869,7 +886,9 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
userResource.update(consumerUser);
configureSMTPServer();
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
//link account by email
@ -885,13 +904,13 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
"Someone wants to link your ", false);
driver.navigate().to(url);
//test if user is logged in
assertEquals(accountPage.buildUri().toASCIIString().replace("master", "consumer") + "/", driver.getCurrentUrl());
assertTrue(driver.getCurrentUrl().startsWith(getConsumerRoot() + "/auth/realms/master/app/"));
//test if the user has verified email
assertTrue(adminClient.realm(bc.consumerRealmName()).users().get(consumerUser.getId()).toRepresentation().isEmailVerified());
driver.navigate().to(url);
waitForPage(driver, "you are already logged in.", false);
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), "consumer");
driver.navigate().to(url);
waitForPage(driver, "confirm linking the account testuser of identity provider " + bc.getIDPAlias() + " with your account.", false);
@ -914,7 +933,9 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
userResource.update(consumerUser);
configureSMTPServer();
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
//link account by email
@ -987,7 +1008,10 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
createUser(bc.providerRealmName(), "no-first-name", "password", null, "LastName", "no-first-name@localhost.com");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
log.debug("Clicking social " + bc.getIDPAlias());
loginPage.clickSocial(bc.getIDPAlias());
waitForPage(driver, "sign in to", true);
@ -1000,30 +1024,34 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
updateAccountInformationPage.assertCurrent();
updateAccountInformationPage.updateAccountInformation("FirstName", "LastName");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
Assert.assertEquals("FirstName", accountUpdateProfilePage.getFirstName());
Assert.assertEquals("LastName", accountUpdateProfilePage.getLastName());
Assert.assertEquals("no-first-name@localhost.com", accountUpdateProfilePage.getEmail());
Assert.assertEquals("no-first-name", accountUpdateProfilePage.getUsername());
UserRepresentation userRepresentation = AccountHelper.getUserRepresentation(adminClient.realm(bc.consumerRealmName()), "no-first-name");
Assert.assertEquals("FirstName", userRepresentation.getFirstName());
Assert.assertEquals("LastName", userRepresentation.getLastName());
Assert.assertEquals("no-first-name@localhost.com", userRepresentation.getEmail());
RealmRepresentation consumerRealmRep = adminClient.realm(bc.consumerRealmName()).toRepresentation();
events.expectAccount(EventType.IDENTITY_PROVIDER_FIRST_LOGIN).realm(consumerRealmRep).user((String)null)
events.expectAccount(EventType.IDENTITY_PROVIDER_FIRST_LOGIN).client("broker-app")
.realm(consumerRealmRep).user((String)null)
.detail(Details.IDENTITY_PROVIDER, bc.getIDPAlias())
.detail(Details.IDENTITY_PROVIDER_USERNAME, "no-first-name")
.assertEvent(getFirstConsumerEvent());
events.expectAccount(EventType.UPDATE_PROFILE).realm(consumerRealmRep).user((String)null)
events.expectAccount(EventType.UPDATE_PROFILE).client("broker-app")
.realm(consumerRealmRep).user((String)null)
.detail(Details.CONTEXT, UserProfileContext.IDP_REVIEW.name())
.assertEvent(getFirstConsumerEvent());
events.expectAccount(EventType.REGISTER).realm(consumerRealmRep).user(Matchers.any(String.class)).session((String) null)
events.expectAccount(EventType.REGISTER).client("broker-app")
.realm(consumerRealmRep).user(Matchers.any(String.class)).session((String) null)
.detail(Details.IDENTITY_PROVIDER_USERNAME, "no-first-name")
.detail(Details.REGISTER_METHOD, "broker")
.assertEvent(getFirstConsumerEvent());
events.expectAccount(EventType.LOGIN).realm(consumerRealmRep).user(Matchers.any(String.class)).session(Matchers.any(String.class))
events.expectAccount(EventType.LOGIN).client("broker-app")
.realm(consumerRealmRep).user(Matchers.any(String.class)).session(Matchers.any(String.class))
.detail(Details.IDENTITY_PROVIDER_USERNAME, "no-first-name")
.detail(Details.IDENTITY_PROVIDER, bc.getIDPAlias())
.assertEvent(getFirstConsumerEvent());
@ -1034,7 +1062,10 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
createUser(bc.providerRealmName(), "no-first-name", "password", null, "LastName", "no-first-name@localhost.com");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
log.debug("Clicking social " + bc.getIDPAlias());
loginPage.clickSocial(bc.getIDPAlias());
waitForPage(driver, "sign in to", true);
@ -1047,37 +1078,43 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
updateAccountInformationPage.assertCurrent();
updateAccountInformationPage.updateAccountInformation("new-email@localhost.com","FirstName", "LastName");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
Assert.assertEquals("FirstName", accountUpdateProfilePage.getFirstName());
Assert.assertEquals("LastName", accountUpdateProfilePage.getLastName());
Assert.assertEquals("new-email@localhost.com", accountUpdateProfilePage.getEmail());
Assert.assertEquals("no-first-name", accountUpdateProfilePage.getUsername());
UserRepresentation userRepresentation = AccountHelper.getUserRepresentation(adminClient.realm(bc.consumerRealmName()), "no-first-name");
Assert.assertEquals("FirstName", userRepresentation.getFirstName());
Assert.assertEquals("LastName", userRepresentation.getLastName());
Assert.assertEquals("new-email@localhost.com", userRepresentation.getEmail());
Assert.assertEquals("no-first-name", userRepresentation.getUsername());
RealmRepresentation consumerRealmRep = adminClient.realm(bc.consumerRealmName()).toRepresentation();
events.expectAccount(EventType.IDENTITY_PROVIDER_FIRST_LOGIN).realm(consumerRealmRep).user((String)null)
events.expectAccount(EventType.IDENTITY_PROVIDER_FIRST_LOGIN).client("broker-app")
.realm(consumerRealmRep).user((String)null)
.detail(Details.IDENTITY_PROVIDER, bc.getIDPAlias())
.detail(Details.IDENTITY_PROVIDER_USERNAME, "no-first-name")
.assertEvent(getFirstConsumerEvent());
events.expectAccount(EventType.UPDATE_PROFILE).realm(consumerRealmRep).user((String)null)
events.expectAccount(EventType.UPDATE_PROFILE).client("broker-app")
.realm(consumerRealmRep).user((String)null)
.detail(Details.CONTEXT, UserProfileContext.IDP_REVIEW.name())
.assertEvent(getFirstConsumerEvent());
events.expectAccount(EventType.UPDATE_EMAIL).realm(consumerRealmRep).user((String)null).session((String) null)
events.expectAccount(EventType.UPDATE_EMAIL).client("broker-app")
.realm(consumerRealmRep).user((String)null).session((String) null)
.detail(Details.CONTEXT, UserProfileContext.IDP_REVIEW.name())
.detail(Details.IDENTITY_PROVIDER_USERNAME, "no-first-name")
.detail(Details.PREVIOUS_EMAIL, "no-first-name@localhost.com")
.detail(Details.UPDATED_EMAIL, "new-email@localhost.com")
.assertEvent(getFirstConsumerEvent());
events.expectAccount(EventType.REGISTER).realm(consumerRealmRep).user(Matchers.any(String.class)).session((String) null)
events.expectAccount(EventType.REGISTER).client("broker-app")
.realm(consumerRealmRep).user(Matchers.any(String.class)).session((String) null)
.detail(Details.IDENTITY_PROVIDER_USERNAME, "no-first-name")
.detail(Details.REGISTER_METHOD, "broker")
.assertEvent(events.poll());
events.expectAccount(EventType.LOGIN).realm(consumerRealmRep).user(Matchers.any(String.class)).session(Matchers.any(String.class))
events.expectAccount(EventType.LOGIN).client("broker-app")
.realm(consumerRealmRep).user(Matchers.any(String.class)).session(Matchers.any(String.class))
.detail(Details.IDENTITY_PROVIDER_USERNAME, "no-first-name")
.detail(Details.IDENTITY_PROVIDER, bc.getIDPAlias())
.assertEvent(events.poll());
@ -1100,7 +1137,10 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
createUser(bc.providerRealmName(), "no-first-name", "password", null, "LastName", "no-first-name@localhost.com");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
log.debug("Clicking social " + bc.getIDPAlias());
loginPage.clickSocial(bc.getIDPAlias());
waitForPage(driver, "sign in to", true);
@ -1113,17 +1153,20 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
updateAccountInformationPage.assertCurrent();
updateAccountInformationPage.updateAccountInformation("FirstName", "LastName");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
Assert.assertEquals("FirstName", accountUpdateProfilePage.getFirstName());
Assert.assertEquals("LastName", accountUpdateProfilePage.getLastName());
Assert.assertEquals("no-first-name@localhost.com", accountUpdateProfilePage.getEmail());
Assert.assertEquals("no-first-name", accountUpdateProfilePage.getUsername());
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
UserRepresentation userRepresentation = AccountHelper.getUserRepresentation(adminClient.realm(bc.consumerRealmName()), "no-first-name");
Assert.assertEquals("FirstName", userRepresentation.getFirstName());
Assert.assertEquals("LastName", userRepresentation.getLastName());
Assert.assertEquals("no-first-name@localhost.com", userRepresentation.getEmail());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), "no-first-name");
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), "no-first-name");
createUser(bc.providerRealmName(), "no-last-name", "password", "FirstName", null, "no-last-name@localhost.com");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
log.debug("Clicking social " + bc.getIDPAlias());
loginPage.clickSocial(bc.getIDPAlias());
waitForPage(driver, "sign in to", true);
@ -1135,17 +1178,21 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
waitForPage(driver, "update account information", false);
updateAccountInformationPage.assertCurrent();
updateAccountInformationPage.updateAccountInformation("FirstName", "LastName");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
Assert.assertEquals("FirstName", accountUpdateProfilePage.getFirstName());
Assert.assertEquals("LastName", accountUpdateProfilePage.getLastName());
Assert.assertEquals("no-last-name@localhost.com", accountUpdateProfilePage.getEmail());
Assert.assertEquals("no-last-name", accountUpdateProfilePage.getUsername());
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
userRepresentation = AccountHelper.getUserRepresentation(adminClient.realm(bc.consumerRealmName()), "no-last-name");
Assert.assertEquals("FirstName", userRepresentation.getFirstName());
Assert.assertEquals("LastName", userRepresentation.getLastName());
Assert.assertEquals("no-last-name@localhost.com", userRepresentation.getEmail());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), "no-last-name");
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), "no-last-name");
createUser(bc.providerRealmName(), "no-email", "password", "FirstName", "LastName", null);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
log.debug("Clicking social " + bc.getIDPAlias());
loginPage.clickSocial(bc.getIDPAlias());
waitForPage(driver, "sign in to", true);
@ -1158,14 +1205,12 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
updateAccountInformationPage.assertCurrent();
updateAccountInformationPage.updateAccountInformation("no-email@localhost.com", "FirstName", "LastName");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
Assert.assertEquals("FirstName", accountUpdateProfilePage.getFirstName());
Assert.assertEquals("LastName", accountUpdateProfilePage.getLastName());
Assert.assertEquals("no-email@localhost.com", accountUpdateProfilePage.getEmail());
Assert.assertEquals("no-email", accountUpdateProfilePage.getUsername());
}
userRepresentation = AccountHelper.getUserRepresentation(adminClient.realm(bc.consumerRealmName()), "no-email");
Assert.assertEquals("FirstName", userRepresentation.getFirstName());
Assert.assertEquals("LastName", userRepresentation.getLastName());
Assert.assertEquals("no-email@localhost.com", userRepresentation.getEmail());
}
/**
* Refers to in old test suite: org.keycloak.testsuite.broker.AbstractKeycloakIdentityProviderTest.testSuccessfulAuthenticationUpdateProfileOnMissing_nothingMissing
@ -1175,7 +1220,9 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
createUser(bc.providerRealmName(), "all-info-set", "password", "FirstName", "LastName", "all-info-set@localhost.com");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
log.debug("Clicking social " + bc.getIDPAlias());
loginPage.clickSocial(bc.getIDPAlias());
waitForPage(driver, "sign in to", true);
@ -1184,12 +1231,11 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
log.debug("Logging in");
loginPage.login("all-info-set", "password");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
Assert.assertEquals("FirstName", accountUpdateProfilePage.getFirstName());
Assert.assertEquals("LastName", accountUpdateProfilePage.getLastName());
Assert.assertEquals("all-info-set@localhost.com", accountUpdateProfilePage.getEmail());
Assert.assertEquals("all-info-set", accountUpdateProfilePage.getUsername());
UserRepresentation userRepresentation = AccountHelper.getUserRepresentation(adminClient.realm(bc.providerRealmName()), "all-info-set");
Assert.assertEquals("FirstName", userRepresentation.getFirstName());
Assert.assertEquals("LastName", userRepresentation.getLastName());
Assert.assertEquals("all-info-set@localhost.com", userRepresentation.getEmail());
}
@ -1200,14 +1246,16 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
public void testWithoutUpdateProfile() {
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
Assert.assertEquals("", accountUpdateProfilePage.getFirstName());
Assert.assertEquals("", accountUpdateProfilePage.getLastName());
Assert.assertEquals(bc.getUserEmail(), accountUpdateProfilePage.getEmail());
Assert.assertEquals(bc.getUserLogin(), accountUpdateProfilePage.getUsername());
UserRepresentation userRepresentation = AccountHelper.getUserRepresentation(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
Assert.assertNull(userRepresentation.getFirstName());
Assert.assertNull(userRepresentation.getLastName());
Assert.assertEquals(bc.getUserEmail(), userRepresentation.getEmail());
}
@ -1219,7 +1267,9 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
public void testAutoLinkAccountWithBroker() {
testingClient.server(bc.consumerRealmName()).run(configureAutoLinkFlow(bc.getIDPAlias()));
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
RealmResource realm = adminClient.realm(bc.consumerRealmName());

9
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractGroupBrokerMapperTest.java
View file

@ -19,6 +19,7 @@ package org.keycloak.testsuite.broker;
import static org.keycloak.models.IdentityProviderMapperSyncMode.IMPORT;
import java.io.IOException;
import java.util.List;
import java.util.Map;
import org.keycloak.models.IdentityProviderMapperSyncMode;
@ -55,7 +56,13 @@ public abstract class AbstractGroupBrokerMapperTest extends AbstractGroupMapperT
public UserRepresentation createMapperAndLoginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode syncMode,
boolean createAfterFirstLogin, String groupPath) {
return loginAsUserTwiceWithMapper(syncMode, createAfterFirstLogin, createMatchingAttributes(), groupPath);
UserRepresentation user = null;
try {
user = loginAsUserTwiceWithMapper(syncMode, createAfterFirstLogin, createMatchingAttributes(), groupPath);
} catch (IOException e) {}
return user;
}
@Override

11
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractGroupMapperTest.java
View file

@ -5,10 +5,9 @@ import static org.hamcrest.Matchers.contains;
import static org.hamcrest.Matchers.empty;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.not;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.CreatedResponseUtil;
import org.keycloak.broker.provider.ConfigConstants;
import org.keycloak.models.IdentityProviderMapperSyncMode;
@ -18,11 +17,13 @@ import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import java.io.IOException;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import jakarta.ws.rs.core.Response;
import org.keycloak.testsuite.util.AccountHelper;
/**
* @author <a href="mailto:artur.baltabayev@bosch.io">Artur Baltabayev</a>,
@ -62,7 +63,7 @@ public abstract class AbstractGroupMapperTest extends AbstractIdentityProviderMa
protected UserRepresentation loginAsUserTwiceWithMapper(
IdentityProviderMapperSyncMode syncMode, boolean createAfterFirstLogin,
Map<String, List<String>> userConfig, String groupPath) {
Map<String, List<String>> userConfig, String groupPath) throws IOException {
final IdentityProviderRepresentation idp = setupIdentityProvider();
if (!createAfterFirstLogin) {
createMapperInIdp(idp, syncMode, groupPath);
@ -81,12 +82,12 @@ public abstract class AbstractGroupMapperTest extends AbstractIdentityProviderMa
if (createAfterFirstLogin) {
createMapperInIdp(idp, syncMode, groupPath);
}
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
updateUser();
logInAsUserInIDP();
assertLoggedInAccountManagement();
appPage.assertCurrent();
user = findUser(bc.consumerRealmName(), bc.getUserLogin(), bc.getUserEmail());
return user;

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractNestedBrokerTest.java
View file

@ -1,6 +1,5 @@
package org.keycloak.testsuite.broker;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
import org.junit.After;
@ -29,7 +28,9 @@ public abstract class AbstractNestedBrokerTest extends AbstractBaseBrokerTest {
/** Logs in subconsumer realm via consumer IDP via provider IDP and updates account information */
protected void logInAsUserInNestedIDPForFirstTime() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), nbc.subConsumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(nbc.subConsumerRealmName());
waitForPage(driver, "sign in to", true);
log.debug("Clicking social " + nbc.getSubConsumerIDPDisplayName());
loginPage.clickSocial(nbc.getSubConsumerIDPDisplayName());

20
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractRoleMapperTest.java
View file

@ -9,7 +9,6 @@ import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.in;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import org.hamcrest.Matchers;
import org.junit.Before;
@ -25,9 +24,11 @@ import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.util.AccountHelper;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.RoleBuilder;
import java.io.IOException;
import java.util.Collections;
import java.util.List;
import java.util.Map;
@ -77,7 +78,7 @@ public abstract class AbstractRoleMapperTest extends AbstractIdentityProviderMap
}
@Test
public void tryToCreateBrokeredUserWithNonExistingClientRoleDoesNotBreakLogin() {
public void tryToCreateBrokeredUserWithNonExistingClientRoleDoesNotBreakLogin() throws IOException {
String clientRoleStringWithMissingRole = createClientRoleString(CLIENT_ID, "does-not-exist");
setup(clientRoleStringWithMissingRole);
@ -88,7 +89,7 @@ public abstract class AbstractRoleMapperTest extends AbstractIdentityProviderMap
* This test checks that the mapper can also be applied to realm roles (other tests mostly use client roles).
*/
@Test
public void mapperCanBeAppliedToRealmRoles() {
public void mapperCanBeAppliedToRealmRoles() throws IOException {
setup(REALM_ROLE);
logInAsUserInIDPForFirstTimeAndAssertSuccess();
@ -97,7 +98,7 @@ public abstract class AbstractRoleMapperTest extends AbstractIdentityProviderMap
}
@Test
public void mapperStillWorksWhenClientRoleIsRenamed() {
public void mapperStillWorksWhenClientRoleIsRenamed() throws IOException {
setup(CLIENT_ROLE_MAPPER_REPRESENTATION);
String newRoleName = "new-name-" + CLIENT_ROLE;
@ -116,7 +117,7 @@ public abstract class AbstractRoleMapperTest extends AbstractIdentityProviderMap
}
@Test
public void mapperStillWorksWhenClientIdIsChanged() {
public void mapperStillWorksWhenClientIdIsChanged() throws IOException {
setup(CLIENT_ROLE_MAPPER_REPRESENTATION);
String newClientId = "new-name-" + CLIENT_ID;
@ -129,13 +130,15 @@ public abstract class AbstractRoleMapperTest extends AbstractIdentityProviderMap
// mapper(s) should have been updated to the new client role name
assertMappersAreConfiguredWithRole(expectedNewClientRoleName);
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
logInAsUserInIDPForFirstTimeAndAssertSuccess();
assertThatRoleHasBeenAssignedInConsumerRealm(newClientId, CLIENT_ROLE);
}
@Test
public void mapperStillWorksWhenRealmRoleIsRenamed() {
public void mapperStillWorksWhenRealmRoleIsRenamed() throws IOException {
setup(REALM_ROLE);
String newRoleName = "new-name-" + REALM_ROLE;
@ -196,7 +199,8 @@ public abstract class AbstractRoleMapperTest extends AbstractIdentityProviderMap
if (createAfterFirstLogin) {
createMapperInIdp(syncMode, CLIENT_ROLE_MAPPER_REPRESENTATION);
}
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
updateUser();
@ -222,7 +226,7 @@ public abstract class AbstractRoleMapperTest extends AbstractIdentityProviderMap
userResource.roles().realmLevel().add(Collections.singletonList(role));
}
private void assertLoginSucceedsWithoutRoleAssignment() {
private void assertLoginSucceedsWithoutRoleAssignment() throws IOException {
logInAsUserInIDPForFirstTimeAndAssertSuccess();
assertThatNoRolesHaveBeenAssignedInConsumerRealm();

9
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractSamlLoginHintTest.java
View file

@ -7,7 +7,6 @@ import org.openqa.selenium.JavascriptExecutor;
import org.openqa.selenium.WebElement;
import static org.junit.Assert.assertEquals;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
/**
@ -21,7 +20,9 @@ public abstract class AbstractSamlLoginHintTest extends AbstractInitializedBaseB
String username = "all-info-set@localhost.com";
createUser(bc.providerRealmName(), username, "password");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
log.debug("Clicking social " + bc.getIDPAlias());
addLoginHintOnSocialButton(username);
loginPage.clickSocial(bc.getIDPAlias());
@ -43,7 +44,9 @@ public abstract class AbstractSamlLoginHintTest extends AbstractInitializedBaseB
String username = "all-info-set@localhost.com";
createUser(bc.providerRealmName(), username, "password", "FirstName");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
log.debug("Clicking social " + bc.getIDPAlias());
addLoginHintOnSocialButton("");
loginPage.clickSocial(bc.getIDPAlias());

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractUserAttributeMapperTest.java
View file

@ -5,7 +5,6 @@ import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.nullValue;
import static org.junit.Assert.assertThat;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import static org.keycloak.testsuite.broker.KcSamlBrokerConfiguration.ATTRIBUTE_TO_MAP_FRIENDLY_NAME;
import java.util.List;
@ -23,6 +22,7 @@ import org.keycloak.representations.idm.UserRepresentation;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import org.keycloak.testsuite.util.AccountHelper;
/**
*
@ -109,7 +109,8 @@ public abstract class AbstractUserAttributeMapperTest extends AbstractIdentityPr
assertUserAttributes(initialUserAttributes, userRep);
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
// update user in provider realm
UserRepresentation userRepProvider = findUser(bc.providerRealmName(), bc.getUserLogin(), email);

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractUsernameTemplateMapperTest.java
View file

@ -4,7 +4,6 @@ import static org.hamcrest.Matchers.is;
import static org.junit.Assert.assertThat;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
import static org.keycloak.testsuite.broker.KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import java.util.List;
@ -16,6 +15,7 @@ import org.keycloak.testsuite.Assert;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import org.keycloak.testsuite.util.AccountHelper;
/**
* @author <a href="mailto:external.martin.idel@bosch.io">Martin Idel</a>,
@ -63,7 +63,8 @@ public abstract class AbstractUsernameTemplateMapperTest extends AbstractIdentit
String mappedUserName = String.format(getMapperTemplate(), userName);
findUser(bc.consumerRealmName(), mappedUserName, bc.getUserEmail());
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), mappedUserName);
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
updateUser(updatedUserName);

11
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/BrokerWithLegacyIdTest.java
View file

@ -17,6 +17,7 @@
package org.keycloak.testsuite.broker;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UserResource;
@ -25,6 +26,7 @@ import org.keycloak.representations.idm.FederatedIdentityRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.broker.oidc.LegacyIdIdentityProviderFactory;
import org.keycloak.testsuite.util.AccountHelper;
import org.keycloak.testsuite.util.FederatedIdentityBuilder;
import org.keycloak.testsuite.util.UserBuilder;
@ -33,8 +35,6 @@ import java.util.List;
import static org.junit.Assert.assertEquals;
import static org.keycloak.testsuite.admin.ApiUtil.createUserWithAdminClient;
import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_ALIAS;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import static org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot;
import static org.keycloak.testsuite.broker.oidc.LegacyIdIdentityProvider.LEGACY_ID;
/**
@ -86,15 +86,14 @@ public class BrokerWithLegacyIdTest extends AbstractInitializedBaseBrokerTest {
logInAsUserInIDP();
// id should be migrated to new one
assertEquals(userId, getFederatedIdentity().getUserId());
assertLoggedInAccountManagement(consumerUser.getUsername(), consumerUser.getEmail());
appPage.assertCurrent();
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
// try to login again to double check the new ID works
logInAsUserInIDP();
assertEquals(userId, getFederatedIdentity().getUserId());
assertLoggedInAccountManagement(consumerUser.getUsername(), consumerUser.getEmail());
appPage.assertCurrent();
}
private FederatedIdentityRepresentation getFederatedIdentity() {

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/HardcodedUserAttributeMapperTest.java
View file

@ -5,7 +5,6 @@ import static org.hamcrest.Matchers.not;
import static org.junit.Assert.assertThat;
import static org.keycloak.models.IdentityProviderMapperSyncMode.FORCE;
import static org.keycloak.models.IdentityProviderMapperSyncMode.IMPORT;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import java.util.HashMap;
@ -19,6 +18,7 @@ import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import com.google.common.collect.ImmutableMap;
import org.keycloak.testsuite.util.AccountHelper;
/**
* <a href="mailto:external.martin.idel@bosch.io">Martin Idel</a>,
@ -88,7 +88,7 @@ public class HardcodedUserAttributeMapperTest extends AbstractIdentityProviderMa
if (createAfterFirstLogin) {
createMapperInIdp(idp, syncMode);
}
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
if (user.getAttributes() != null) {
user.setAttributes(new HashMap<>());

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/JsonUserAttributeMapperTest.java
View file

@ -14,6 +14,7 @@ import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.social.github.GitHubUserAttributeMapper;
import org.keycloak.testsuite.util.AccountHelper;
import java.util.HashMap;
@ -27,7 +28,6 @@ import static org.keycloak.models.IdentityProviderMapperSyncMode.LEGACY;
import static org.keycloak.testsuite.broker.KcOidcBrokerConfiguration.HARDOCDED_CLAIM;
import static org.keycloak.testsuite.broker.KcOidcBrokerConfiguration.HARDOCDED_VALUE;
import static org.keycloak.testsuite.broker.KcOidcBrokerConfiguration.USER_INFO_CLAIM;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
/**
* @author <a href="mailto:external.martin.idel@bosch.io">Martin Idel</a>
@ -115,7 +115,7 @@ public class JsonUserAttributeMapperTest extends AbstractIdentityProviderMapperT
if (createAfterFirstLogin) {
createGithubProviderMapper(idp, syncMode);
}
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
if (!createAfterFirstLogin) {
updateClaimSentToIDP(claim, updatedValue);

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcCustomOidcBrokerTest.java
View file

@ -18,7 +18,6 @@ package org.keycloak.testsuite.broker;
import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_ALIAS;
import static org.keycloak.testsuite.broker.BrokerTestTools.createIdentityProvider;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import org.junit.Test;
import org.keycloak.models.IdentityProviderSyncMode;
@ -51,7 +50,8 @@ public class KcCustomOidcBrokerTest extends AbstractInitializedBaseBrokerTest {
@Test
public void testCustomDisplayIcon() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
assertThat(driver.getPageSource(), containsString("my-custom-idp-icon"));
}
}

73
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java
View file

@ -45,6 +45,7 @@ import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.client.resources.TestingCacheResource;
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
import org.keycloak.testsuite.util.AccountHelper;
import org.keycloak.testsuite.util.OAuthClient;
import static org.junit.Assert.assertEquals;
@ -105,9 +106,9 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
// Check that user is able to login
logInAsUserInIDPForFirstTime();
assertLoggedInAccountManagement();
appPage.assertCurrent();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
// Rotate public keys on the parent broker
rotateKeys(Algorithm.RS256, "rsa-generated");
@ -116,13 +117,13 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
logInAsUserInIDP();
assertErrorPage("Unexpected error when authenticating with identity provider");
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
// Set time offset. New keys can be downloaded. Check that user is able to login.
setTimeOffset(20);
logInAsUserInIDPWithReAuthenticate();
assertLoggedInAccountManagement();
appPage.assertCurrent();
}
// Configure OIDC identity provider with JWKS URL and validateSignature=true
@ -153,9 +154,9 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
// Check that user is able to login
logInAsUserInIDPForFirstTime();
assertLoggedInAccountManagement();
appPage.assertCurrent();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
// Rotate public keys on the parent broker
rotateKeys(Algorithm.RS256, "rsa-generated");
@ -164,7 +165,7 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
logInAsUserInIDP();
assertErrorPage("Unexpected error when authenticating with identity provider");
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
// Even after time offset is user not able to login, because it uses old key hardcoded in identityProvider config
setTimeOffset(20);
@ -193,11 +194,11 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
.update()) {
logInAsUserInIDPForFirstTime();
assertLoggedInAccountManagement();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
appPage.assertCurrent();
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
logInAsUserInIDP();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
}
}
@ -221,11 +222,11 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
.update()) {
logInAsUserInIDPForFirstTime();
assertLoggedInAccountManagement();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
appPage.assertCurrent();
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
logInAsUserInIDP();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
}
}
@ -248,11 +249,11 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
.update()) {
logInAsUserInIDPForFirstTime();
assertLoggedInAccountManagement();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
appPage.assertCurrent();
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
logInAsUserInIDP();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
}
}
@ -272,9 +273,9 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
// Check that user is able to login
logInAsUserInIDPForFirstTime();
assertLoggedInAccountManagement();
appPage.assertCurrent();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
// Set key id to an invalid one
cfg.setPublicKeySignatureVerifierKeyId("invalid-key-id");
@ -287,22 +288,22 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
cfg.setPublicKeySignatureVerifierKeyId(expectedKeyId);
updateIdentityProvider(idpRep);
logInAsUserInIDPWithReAuthenticate();
assertLoggedInAccountManagement();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
appPage.assertCurrent();
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
// Set key id to empty
cfg.setPublicKeySignatureVerifierKeyId("");
updateIdentityProvider(idpRep);
logInAsUserInIDP();
assertLoggedInAccountManagement();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
appPage.assertCurrent();
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
// Unset key id
cfg.setPublicKeySignatureVerifierKeyId(null);
updateIdentityProvider(idpRep);
logInAsUserInIDP();
assertLoggedInAccountManagement();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
appPage.assertCurrent();
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
}
@ -315,7 +316,7 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
// Check that user is able to login
logInAsUserInIDPForFirstTime();
assertLoggedInAccountManagement();
appPage.assertCurrent();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
@ -342,9 +343,9 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
// Check that user is able to login
logInAsUserInIDPForFirstTime();
assertLoggedInAccountManagement();
appPage.assertCurrent();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
// Check that key is cached
IdentityProviderRepresentation idpRep = getIdentityProvider();
@ -378,11 +379,11 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
// Check that user is able to login with ES256
logInAsUserInIDPForFirstTime();
assertLoggedInAccountManagement();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
appPage.assertCurrent();
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
logInAsUserInIDP();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
}
}
@ -397,11 +398,11 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
// Check that user is able to login with PS512
logInAsUserInIDPForFirstTime();
assertLoggedInAccountManagement();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
appPage.assertCurrent();
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
logInAsUserInIDP();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
}
}
@ -427,11 +428,11 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
// Check that user is able to login with ES256
logInAsUserInIDPForFirstTime();
assertLoggedInAccountManagement();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
Assert.assertTrue(appPage.isCurrent());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
logInAsUserInIDP();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
}
}

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerAcrParameterTest.java
View file

@ -7,7 +7,6 @@ import org.keycloak.testsuite.Assert;
import java.util.List;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
public class KcOidcBrokerAcrParameterTest extends AbstractBrokerTest {
@ -21,7 +20,8 @@ public class KcOidcBrokerAcrParameterTest extends AbstractBrokerTest {
@Override
protected void loginUser() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
driver.navigate().to(driver.getCurrentUrl() + "&" + ACR_VALUES + "=" + ACR_3);

32
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerEventTest.java
View file

@ -29,7 +29,6 @@ import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.userprofile.UserProfileContext;
import static org.keycloak.testsuite.AssertEvents.DEFAULT_USERNAME;
import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_ALIAS;
/**
@ -74,7 +73,7 @@ public final class KcOidcBrokerEventTest extends AbstractBrokerTest {
events.expect(EventType.IDENTITY_PROVIDER_FIRST_LOGIN)
.realm(consumerRealm.toRepresentation().getId())
.client("account")
.client("broker-app")
.user((String)null)
.detail(Details.IDENTITY_PROVIDER, IDP_OIDC_ALIAS)
.detail(Details.IDENTITY_PROVIDER_USERNAME, bc.getUserLogin())
@ -82,14 +81,14 @@ public final class KcOidcBrokerEventTest extends AbstractBrokerTest {
events.expect(EventType.UPDATE_PROFILE)
.realm(consumerRealm.toRepresentation().getId())
.client("account")
.client("broker-app")
.user((String)null)
.detail(Details.CONTEXT, UserProfileContext.IDP_REVIEW.name())
.assertEvent();
events.expect(EventType.REGISTER)
.realm(consumerRealm.toRepresentation().getId())
.client("account")
.client("broker-app")
.user(consumerUserId == null? Matchers.any(String.class) : Matchers.is(consumerUserId))
.session((String) null)
.detail(Details.USERNAME, bc.getUserLogin())
@ -99,7 +98,7 @@ public final class KcOidcBrokerEventTest extends AbstractBrokerTest {
events.expect(EventType.LOGIN)
.realm(consumerRealm.toRepresentation().getId())
.client("account")
.client("broker-app")
.user(consumerUserId == null? Matchers.any(String.class) : Matchers.is(consumerUserId))
.session(Matchers.any(String.class))
.detail(Details.USERNAME, bc.getUserLogin())
@ -135,7 +134,7 @@ public final class KcOidcBrokerEventTest extends AbstractBrokerTest {
events.expect(EventType.LOGIN)
.realm(consumerRealm.toRepresentation().getId())
.client("account")
.client("broker-app")
.user(consumerUserId == null? Matchers.any(String.class) : Matchers.is(consumerUserId))
.session(Matchers.any(String.class))
.detail(Details.USERNAME, bc.getUserLogin())
@ -150,7 +149,8 @@ public final class KcOidcBrokerEventTest extends AbstractBrokerTest {
events.clear();
// navigate to the account url of the consumer realm
driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
// Do a wrong login with a user that does not exist
loginPage.login("wrong-user", "wrong-password");
@ -158,7 +158,7 @@ public final class KcOidcBrokerEventTest extends AbstractBrokerTest {
events.expect(EventType.LOGIN_ERROR)
.realm(consumerRealm.toRepresentation().getId())
.user((String) null)
.client("account")
.client("broker-app")
.session((String) null)
.detail(Details.USERNAME, "wrong-user")
.error("user_not_found")
@ -173,6 +173,8 @@ public final class KcOidcBrokerEventTest extends AbstractBrokerTest {
RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
UserRepresentation providerUser = providerRealm.users().search(bc.getUserLogin()).iterator().next();
events.clear();
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
super.loginUser();
@ -212,13 +214,6 @@ public final class KcOidcBrokerEventTest extends AbstractBrokerTest {
super.testSingleLogout();
events.expect(EventType.LOGOUT)
.realm(providerRealm.toRepresentation().getId())
.user(providerUser.getId())
.client((String) null)
.session(Matchers.any(String.class))
.assertEvent();
events.clear();
}
@ -235,10 +230,11 @@ public final class KcOidcBrokerEventTest extends AbstractBrokerTest {
Integer userCount = adminClient.realm(bc.consumerRealmName()).users().count();
// now do the second login
driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
Assert.assertEquals(accountPage.buildUri().toASCIIString().replace("master", "consumer") + "/", driver.getCurrentUrl());
Assert.assertTrue(driver.getCurrentUrl().contains("/auth/realms/master/app"));
Assert.assertEquals(userCount, adminClient.realm(bc.consumerRealmName()).users().count());
checkLoginEvents(providerRealm, consumerRealm, providerUser.getId(), consumerUser.getId());
@ -266,7 +262,7 @@ public final class KcOidcBrokerEventTest extends AbstractBrokerTest {
// now perform the login via the broker
logInWithBroker(bc);
Assert.assertEquals(accountPage.buildUri().toASCIIString().replace("master", "consumer") + "/", driver.getCurrentUrl());
Assert.assertTrue(driver.getCurrentUrl().contains("/auth/realms/master/app"));
Assert.assertEquals(userCount, adminClient.realm(bc.consumerRealmName()).users().count());
checkLoginEvents(providerRealm, consumerRealm, providerUser.getId(), consumerUser.getId());

11
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerFrontendUrlTest.java
View file

@ -17,6 +17,7 @@ import org.junit.Rule;
import org.junit.Test;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.util.ReverseProxy;
public final class KcOidcBrokerFrontendUrlTest extends AbstractBrokerTest {
@ -61,7 +62,11 @@ public final class KcOidcBrokerFrontendUrlTest extends AbstractBrokerTest {
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
createUser(bc.consumerRealmName(), "consumer", "password", "FirstName", "LastName", "consumer@localhost.com");
driver.navigate().to(proxy.getUrl() + "/realms/consumer/account");
oauth.clientId("broker-app");
oauth.realm(bc.consumerRealmName());
oauth.baseUrl(proxy.getUrl());
oauth.openLoginForm();
log.debug("Clicking social " + bc.getIDPAlias());
loginPage.clickSocial(bc.getIDPAlias());
waitForPage(driver, "sign in to", true);
@ -75,8 +80,8 @@ public final class KcOidcBrokerFrontendUrlTest extends AbstractBrokerTest {
}
loginPage.login(bc.getUserLogin(), bc.getUserPassword());
waitForPage(driver, "account management", true);
accountUpdateProfilePage.assertCurrent();
waitForPage(driver, "AUTH_RESPONSE", true);
appPage.assertCurrent();
}
@Ignore

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerHiddenIdpHintTest.java
View file

@ -27,7 +27,6 @@ import org.keycloak.testsuite.Assert;
import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_ALIAS;
import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_PROVIDER_ID;
import static org.keycloak.testsuite.broker.BrokerTestTools.createIdentityProvider;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
/**
* Migrated from old testsuite. Previous version by Pedro Igor.
@ -57,7 +56,9 @@ public class KcOidcBrokerHiddenIdpHintTest extends AbstractInitializedBaseBroker
@Test
public void testSuccessfulRedirectToProviderHiddenOnLoginPage() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
waitForPage(driver, "sign in to", true);
String url = driver.getCurrentUrl() + "&kc_idp_hint=" + bc.getIDPAlias();
driver.navigate().to(url);

14
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerIdpHintTest.java
View file

@ -18,7 +18,6 @@ package org.keycloak.testsuite.broker;
import org.junit.Test;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import org.keycloak.testsuite.Assert;
@ -37,7 +36,8 @@ public class KcOidcBrokerIdpHintTest extends AbstractInitializedBaseBrokerTest {
@Test
public void testSuccessfulRedirect() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
waitForPage(driver, "sign in to", true);
String url = driver.getCurrentUrl() + "&kc_idp_hint=" + bc.getIDPAlias();
driver.navigate().to(url);
@ -55,7 +55,8 @@ public class KcOidcBrokerIdpHintTest extends AbstractInitializedBaseBrokerTest {
// KEYCLOAK-5260
@Test
public void testSuccessfulRedirectToProviderAfterLoginPageShown() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
waitForPage(driver, "sign in to", true);
String urlWithHint = driver.getCurrentUrl() + "&kc_idp_hint=" + bc.getIDPAlias();
@ -71,7 +72,9 @@ public class KcOidcBrokerIdpHintTest extends AbstractInitializedBaseBrokerTest {
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
// redirect shouldn't happen
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the consumer realm page",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
@ -79,7 +82,8 @@ public class KcOidcBrokerIdpHintTest extends AbstractInitializedBaseBrokerTest {
@Test
public void testInvalidIdentityProviderHint() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
waitForPage(driver, "sign in to", true);
String url = driver.getCurrentUrl() + "&kc_idp_hint=bogus-idp";
driver.navigate().to(url);

7
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerLoginHintTest.java
View file

@ -9,7 +9,6 @@ import static org.keycloak.testsuite.broker.BrokerTestConstants.USER_EMAIL;
import static org.keycloak.testsuite.broker.BrokerTestTools.createIdentityProvider;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import org.junit.Test;
import org.keycloak.admin.client.resource.UserResource;
@ -44,7 +43,8 @@ public class KcOidcBrokerLoginHintTest extends AbstractBrokerTest {
@Override
protected void loginUser() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
driver.navigate().to(driver.getCurrentUrl() + "&login_hint=" + USER_EMAIL);
@ -100,7 +100,8 @@ public class KcOidcBrokerLoginHintTest extends AbstractBrokerTest {
.enabled(true)
.build()
)) {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
waitForPageToLoad();
driver.navigate().to(driver.getCurrentUrl() + "&login_hint=" + USER_EMAIL + "&kc_idp_hint=" + IDP_OIDC_ALIAS);
waitForPageToLoad();

7
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerLogoutFrontChannelTest.java
View file

@ -16,7 +16,6 @@ import static org.junit.Assert.assertEquals;
import static org.keycloak.testsuite.broker.BrokerTestConstants.REALM_CONS_NAME;
import static org.keycloak.testsuite.broker.BrokerTestConstants.REALM_PROV_NAME;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import static org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
public class KcOidcBrokerLogoutFrontChannelTest extends AbstractKcOidcBrokerLogoutTest {
@ -69,8 +68,10 @@ public class KcOidcBrokerLogoutFrontChannelTest extends AbstractKcOidcBrokerLogo
"broker-app",
getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/app");
// user should be logged out successfully from the IDP even though the id_token_hint is expired
driver.navigate().to(getAccountUrl(getProviderRoot(), REALM_PROV_NAME));
oauth.clientId("account");
oauth.redirectUri(getConsumerRoot() + "/auth/realms/" + REALM_PROV_NAME + "/account");
loginPage.open(REALM_PROV_NAME);
waitForPage(driver, "sign in to provider", true);
}
}

47
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerLogoutTest.java
View file

@ -9,13 +9,13 @@ import org.keycloak.representations.IDToken;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.util.CookieHelper;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.util.AccountHelper;
import org.keycloak.testsuite.util.OAuthClient;
import static org.junit.Assert.assertEquals;
import static org.keycloak.testsuite.broker.BrokerTestConstants.REALM_CONS_NAME;
import static org.keycloak.testsuite.broker.BrokerTestConstants.REALM_PROV_NAME;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import static org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
public class KcOidcBrokerLogoutTest extends AbstractKcOidcBrokerLogoutTest {
@ -31,31 +31,43 @@ public class KcOidcBrokerLogoutTest extends AbstractKcOidcBrokerLogoutTest {
@Test
public void logoutWithoutInitiatingIdpLogsOutOfIdp() {
logInAsUserInIDPForFirstTime();
assertLoggedInAccountManagement();
appPage.assertCurrent();
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
oauth.clientId("account");
oauth.redirectUri(getConsumerRoot() + "/auth/realms/" + REALM_PROV_NAME + "/account");
loginPage.open(REALM_PROV_NAME);
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
driver.navigate().to(getAccountUrl(getProviderRoot(), REALM_PROV_NAME));
waitForPage(driver, "sign in to provider", true);
}
@Test
public void logoutWithActualIdpAsInitiatingIdpDoesNotLogOutOfIdp() {
logInAsUserInIDPForFirstTime();
assertLoggedInAccountManagement();
appPage.assertCurrent();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName(), "kc-oidc-idp");
driver.navigate().to(getAccountUrl(getProviderRoot(), REALM_PROV_NAME));
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
waitForAccountManagementTitle();
oauth.clientId("broker-app");
loginPage.open(bc.providerRealmName());
waitForPage(driver, "sign in to provider", true);
}
@Test
public void logoutWithOtherIdpAsInitiatinIdpLogsOutOfIdp() {
logInAsUserInIDPForFirstTime();
assertLoggedInAccountManagement();
appPage.assertCurrent();
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
oauth.clientId("account");
oauth.redirectUri(getConsumerRoot() + "/auth/realms/" + REALM_PROV_NAME + "/account");
loginPage.open(REALM_PROV_NAME);
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName(), "something-else");
driver.navigate().to(getAccountUrl(getProviderRoot(), REALM_PROV_NAME));
waitForPage(driver, "sign in to provider", true);
}
@ -81,8 +93,12 @@ public class KcOidcBrokerLogoutTest extends AbstractKcOidcBrokerLogoutTest {
driver.manage().deleteCookieNamed(AuthenticationManager.KEYCLOAK_IDENTITY_COOKIE);
driver.manage().deleteCookieNamed(AuthenticationManager.KEYCLOAK_IDENTITY_COOKIE + CookieHelper.LEGACY_COOKIE);
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName(), null, idToken);
driver.navigate().to(getAccountUrl(getProviderRoot(), REALM_PROV_NAME));
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
oauth.clientId("account");
oauth.redirectUri(getConsumerRoot() + "/auth/realms/" + REALM_PROV_NAME + "/account");
loginPage.open(REALM_PROV_NAME);
waitForPage(driver, "sign in to provider", true);
}
@ -118,7 +134,10 @@ public class KcOidcBrokerLogoutTest extends AbstractKcOidcBrokerLogoutTest {
);
// user should be logged out successfully from the IDP even though the id_token_hint is expired
driver.navigate().to(getAccountUrl(getProviderRoot(), REALM_PROV_NAME));
oauth.clientId("account");
oauth.redirectUri(getConsumerRoot() + "/auth/realms/" + REALM_PROV_NAME + "/account");
loginPage.open(REALM_PROV_NAME);
waitForPage(driver, "sign in to provider", true);
}
}

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerNoLoginHintTest.java
View file

@ -8,7 +8,6 @@ import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_PROVIDE
import static org.keycloak.testsuite.broker.BrokerTestConstants.USER_EMAIL;
import static org.keycloak.testsuite.broker.BrokerTestTools.createIdentityProvider;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import org.apache.commons.lang3.StringUtils;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.models.IdentityProviderModel;
@ -39,7 +38,8 @@ public class KcOidcBrokerNoLoginHintTest extends AbstractBrokerTest {
@Override
protected void loginUser() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
driver.navigate().to(driver.getCurrentUrl() + "&login_hint=" + USER_EMAIL);

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerParameterForwardTest.java
View file

@ -6,7 +6,6 @@ import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_ALIAS;
import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_PROVIDER_ID;
import static org.keycloak.testsuite.broker.BrokerTestTools.createIdentityProvider;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import java.util.List;
import java.util.Map;
@ -43,7 +42,8 @@ public class KcOidcBrokerParameterForwardTest extends AbstractBrokerTest {
@Override
protected void loginUser() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
String queryString = "&" + FORWARDED_PARAMETER + "=" + FORWARDED_PARAMETER_VALUE + "&" + PARAMETER_NOT_FORWARDED + "=" + "value";
driver.navigate().to(driver.getCurrentUrl() + queryString);

11
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerPassMaxAgeTest.java
View file

@ -55,19 +55,19 @@ public class KcOidcBrokerPassMaxAgeTest extends AbstractBrokerTest {
@Test
@Override
public void loginWithExistingUser() {
// login as brokered user user, perform profile update on first broker login and logout user
loginUser();
testSingleLogout();
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
loginPage.clickSocial(bc.getIDPAlias());
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
loginPage.login(bc.getUserLogin(), bc.getUserPassword());
accountUpdateProfilePage.assertCurrent();
setTimeOffset(2);
@ -101,14 +101,15 @@ public class KcOidcBrokerPassMaxAgeTest extends AbstractBrokerTest {
loginUser();
testSingleLogout();
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
loginPage.clickSocial(bc.getIDPAlias());
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
loginPage.login(bc.getUserLogin(), bc.getUserPassword());
accountUpdateProfilePage.assertCurrent();
IdentityProviderResource idpResource = realmsResouce().realm(bc.consumerRealmName()).identityProviders()
.get(bc.getIDPAlias());

51
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerPromptNoneRedirectTest.java
View file

@ -19,21 +19,23 @@ package org.keycloak.testsuite.broker;
import java.util.List;
import java.util.Map;
import org.junit.Ignore;
import org.junit.Test;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.models.IdentityProviderSyncMode;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.util.AccountHelper;
import org.keycloak.testsuite.util.UserBuilder;
import static org.junit.Assert.assertEquals;
import static org.keycloak.testsuite.admin.ApiUtil.createUserWithAdminClient;
import static org.keycloak.testsuite.admin.ApiUtil.resetUserPassword;
import static org.keycloak.testsuite.broker.BrokerRunOnServerUtil.configurePostBrokerLoginWithOTP;
import static org.keycloak.testsuite.broker.BrokerTestConstants.CLIENT_ID;
import static org.keycloak.testsuite.broker.BrokerTestConstants.USER_EMAIL;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import static org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot;
/**
@ -42,6 +44,8 @@ import static org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot;
*
* @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
*/
// Remove @Ignore when closing Github issue 20642
@Ignore
public class KcOidcBrokerPromptNoneRedirectTest extends AbstractInitializedBaseBrokerTest {
@Override
@ -55,7 +59,7 @@ public class KcOidcBrokerPromptNoneRedirectTest extends AbstractInitializedBaseB
* @throws Exception if an error occurs while running the test.
*/
@Test
public void testSuccessfulRedirectToProviderWithPromptNone() throws Exception {
public void testSuccessfulRedirectToProviderWithPromptNone() {
/* we need to disable profile update for the prompt=none propagation to work. */
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
@ -65,26 +69,29 @@ public class KcOidcBrokerPromptNoneRedirectTest extends AbstractInitializedBaseB
/* now send an auth request to the consumer realm including both the kc_idp_hint (to identify the default provider) and prompt=none.
The presence of the default provider should cause the request with prompt=none to be propagated to the idp instead of resulting
in a login required error because the user is not yet authenticated in the consumer realm. */
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
waitForPage(driver, "sign in to", true);
String url = driver.getCurrentUrl() + "&kc_idp_hint=" + bc.getIDPAlias() + "&prompt=none";
driver.navigate().to(url);
/* no need to log in again, the idp should have been able to identify that the user is already logged in and the authenticated user should
have been established in the consumer realm. Lastly, user must be redirected to the account app as expected. */
waitForAccountManagementTitle();
Assert.assertTrue(driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/account"));
accountUpdateProfilePage.assertCurrent();
Assert.assertTrue(driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/account"));
/* let's try logging out from the consumer realm and then send an auth request with only prompt=none. The absence of a default idp
should result in a login required error because the user is not authenticated in the consumer realm and the request won't be propagated
all the way to the idp where the user is authenticated. */
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName(), bc.getIDPAlias());
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
waitForPage(driver, "sign in to", true);
url = driver.getCurrentUrl() + "&prompt=none";
driver.navigate().to(url);
Assert.assertTrue(driver.getCurrentUrl().contains(bc.consumerRealmName() + "/account/login-redirect?error=login_required"));
Assert.assertTrue(driver.getCurrentUrl().contains(bc.providerRealmName() + "/account/?error=login_required"));
}
/**
@ -98,11 +105,12 @@ public class KcOidcBrokerPromptNoneRedirectTest extends AbstractInitializedBaseB
/* try sending an auth request to the consumer realm with prompt=none. As we have no user authenticated in both
the consumer realm and the IDP, the IDP should return an error=login_required to the broker and the broker must
in turn return the same error to the client. */
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
waitForPage(driver, "sign in to", true);
String url = driver.getCurrentUrl() + "&prompt=none&kc_idp_hint=" + bc.getIDPAlias();
driver.navigate().to(url);
Assert.assertTrue(driver.getCurrentUrl().contains(bc.consumerRealmName() + "/account/login-redirect?error=login_required"));
Assert.assertTrue(driver.getCurrentUrl().contains("/app/auth?error=login_required"));
}
/**
@ -145,7 +153,7 @@ public class KcOidcBrokerPromptNoneRedirectTest extends AbstractInitializedBaseB
* @throws Exception if an error occurs while running the test.
*/
@Test
public void testLinkExistingAccountReturnsInteractionRequired() throws Exception {
public void testLinkExistingAccountReturnsInteractionRequired() {
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
/* create user in the consumer realm with same e-mail as the user in the idp */
UserRepresentation newUser = UserBuilder.create().username("consumer").email(USER_EMAIL).enabled(true).build();
@ -182,7 +190,7 @@ public class KcOidcBrokerPromptNoneRedirectTest extends AbstractInitializedBaseB
public void testRequireConsentReturnsInteractionRequired() throws Exception {
RealmResource brokeredRealm = adminClient.realm(bc.providerRealmName());
List<ClientRepresentation> clients = brokeredRealm.clients().findByClientId(CLIENT_ID);
org.junit.Assert.assertEquals(1, clients.size());
assertEquals(1, clients.size());
ClientRepresentation brokerApp = clients.get(0);
brokerApp.setConsentRequired(true);
brokeredRealm.clients().get(brokerApp.getId()).update(brokerApp);
@ -200,26 +208,31 @@ public class KcOidcBrokerPromptNoneRedirectTest extends AbstractInitializedBaseB
authenticateDirectlyInIDP();
/* send an auth request to the consumer realm with prompt=none and a default provider. */
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
waitForPage(driver, "sign in to", true);
String url = driver.getCurrentUrl() + "&kc_idp_hint=" + bc.getIDPAlias() + "&prompt=none";
driver.navigate().to(url);
Assert.assertTrue(driver.getCurrentUrl().contains(bc.consumerRealmName() + "/account/login-redirect?error=interaction_required"));
Assert.assertTrue(driver.getCurrentUrl().contains(bc.providerRealmName() + "/account/?error=interaction_required"));
}
/**
* Authenticates the broker user directly in the IDP to establish a valid authenticated session there.
*/
protected void authenticateDirectlyInIDP() {
driver.navigate().to(getAccountUrl(getProviderRoot(), bc.providerRealmName()));
oauth.clientId("account");
oauth.redirectUri(getAccountUrl(getProviderRoot(), bc.providerRealmName()));
loginPage.open(bc.providerRealmName());
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
loginPage.login(bc.getUserLogin(), bc.getUserPassword());
waitForAccountManagementTitle();
Assert.assertTrue(driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/account"));
accountUpdateProfilePage.assertCurrent();
Assert.assertTrue(
driver.getCurrentUrl().contains(
"/auth/realms/" + bc.providerRealmName() + "/"));
}
private class KcOidcBrokerPromptNoneConfiguration extends KcOidcBrokerConfiguration {

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerPromptParameterTest.java
View file

@ -10,7 +10,6 @@ import java.util.List;
import java.util.Map;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
public class KcOidcBrokerPromptParameterTest extends AbstractBrokerTest {
@ -25,7 +24,8 @@ public class KcOidcBrokerPromptParameterTest extends AbstractBrokerTest {
@Override
protected void loginUser() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
driver.navigate().to(driver.getCurrentUrl() + "&" + OIDCLoginProtocol.PROMPT_PARAM + "=" + PROMPT_CONSENT);

9
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerStateParameterTest.java
View file

@ -26,13 +26,11 @@ import org.keycloak.OAuth2Constants;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.common.util.UriUtils;
import org.keycloak.events.EventType;
import org.keycloak.models.Constants;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginExpiredPage;
import static org.junit.Assert.assertThat;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
/**
@ -112,8 +110,9 @@ public class KcOidcBrokerStateParameterTest extends AbstractInitializedBaseBroke
@Test
public void testCorrectStateParameterButIncorrectCode() throws Exception {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
public void testCorrectStateParameterButIncorrectCode() {
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
waitForPage(driver, "sign in to", true);
loginPage.clickSocial(bc.getIDPAlias());
@ -150,7 +149,7 @@ public class KcOidcBrokerStateParameterTest extends AbstractInitializedBaseBroke
.session((String) null)
.realm(consumerRealmId)
.user((String) null)
.client(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID)
.client("broker-app")
.error("identity_provider_login_failure")
.assertEvent();

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerSubMatchIntrospectionTest.java
View file

@ -51,7 +51,8 @@ public class KcOidcBrokerSubMatchIntrospectionTest extends AbstractBrokerTest {
@Override
public void testLogInAsUserInIDP() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
oauth.realm(bc.consumerRealmName());
oauth.clientId("consumer-client");

115
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerTest.java
View file

@ -36,6 +36,7 @@ import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.updaters.RealmAttributeUpdater;
import org.keycloak.testsuite.util.AccountHelper;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.WaitUtils;
@ -128,6 +129,8 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
UserResource userResource = adminClient.realm(bc.providerRealmName()).users().get(userId);
userResource.roles().realmLevel().add(Collections.singletonList(managerRole));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInAsUserInIDPForFirstTime();
UserResource consumerUserResource = adminClient.realm(bc.consumerRealmName()).users().get(
@ -139,11 +142,14 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
assertThat(currentRoles, hasItems(ROLE_MANAGER));
assertThat(currentRoles, not(hasItems(ROLE_USER)));
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
userResource.roles().realmLevel().add(Collections.singletonList(userRole));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInAsUserInIDP();
currentRoles = consumerUserResource.roles().realmLevel().listAll().stream()
@ -173,7 +179,9 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
brokerApp.getAttributes().put("validateSignature", Boolean.TRUE.toString());
clients.get(brokerApp.getId()).update(brokerApp);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "update account information", false);
@ -233,6 +241,9 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
identityProviderResource.addMapper(hardCodedSessionNoteMapper).close();
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
loginFetchingUserFromUserEndpoint();
UserRepresentation user = getFederatedIdentity();
@ -256,17 +267,24 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
adminClient.realm(bc.providerRealmName()).clients().create(samlClient);
consumerRealm.identityProviders().create(samlBroker);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
testingClient.server(bc.consumerRealmName()).run(configurePostBrokerLoginWithOTP(samlBrokerConfig.getIDPAlias()));
logInWithBroker(samlBrokerConfig);
totpPage.assertCurrent();
String totpSecret = totpPage.getTotpSecret();
totpPage.configure(totp.generateTOTP(totpSecret));
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
setOtpTimeOffset(DEFAULT_INTERVAL_SECONDS, totp);
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "account already exists", false);
@ -300,11 +318,18 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
adminClient.realm(bc.providerRealmName()).clients().create(samlClient);
consumerRealm.identityProviders().create(samlBroker);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(samlBrokerConfig);
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
testingClient.server(bc.consumerRealmName()).run(configurePostBrokerLoginWithOTP(bc.getIDPAlias()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "account already exists", false);
@ -344,15 +369,21 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
providerRealm.clients().create(samlClient);
consumerRealm.identityProviders().create(samlBroker);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
testingClient.server(bc.consumerRealmName()).run(configurePostBrokerLoginWithOTP(samlBrokerConfig.getIDPAlias()));
logInWithBroker(samlBrokerConfig);
totpPage.assertCurrent();
String totpSecret = totpPage.getTotpSecret();
totpPage.configure(totp.generateTOTP(totpSecret));
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
testingClient.server(bc.consumerRealmName()).run(configurePostBrokerLoginWithOTP(bc.getIDPAlias()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "account already exists", false);
@ -362,15 +393,16 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
loginTotpPage.assertCurrent();
loginTotpPage.login(totp.generateTOTP(totpSecret));
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
loginTotpPage.assertCurrent();
loginTotpPage.login(totp.generateTOTP(totpSecret));
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
assertNumFederatedIdentities(consumerRealm.users().search(samlBrokerConfig.getUserLogin()).get(0).getId(), 2);
} finally {
@ -383,8 +415,11 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
@Test
public void testInvalidIssuedFor() {
loginUser();
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
log.debug("Clicking social " + bc.getIDPAlias());
loginPage.clickSocial(bc.getIDPAlias());
@ -404,8 +439,11 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
@Test
public void testInvalidAudience() {
loginUser();
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
log.debug("Clicking social " + bc.getIDPAlias());
loginPage.clickSocial(bc.getIDPAlias());
@ -486,20 +524,20 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
updateIdPSyncMode(idProvider, consumerIdentityResource,
isForceSync ? IdentityProviderSyncMode.FORCE : IdentityProviderSyncMode.IMPORT);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
WaitUtils.waitForPageToLoad();
assertThat(driver.getTitle(), Matchers.containsString("Sign in to " + bc.consumerRealmName()));
logInWithIdp(IDP_NAME, USERNAME, PASSWORD);
accountUpdateProfilePage.assertCurrent();
assertThat(accountUpdateProfilePage.getUsername(), Matchers.equalTo(USERNAME));
assertThat(accountUpdateProfilePage.getEmail(), Matchers.equalTo(EMAIL));
assertThat(accountUpdateProfilePage.getFirstName(), Matchers.equalTo(FIRST_NAME));
assertThat(accountUpdateProfilePage.getLastName(), Matchers.equalTo(LAST_NAME));
UserRepresentation userRepresentation = AccountHelper.getUserRepresentation(adminClient.realm(bc.providerRealmName()), USERNAME);
accountUpdateProfilePage.submitWithoutChanges();
assertAccountConsoleIsCurrent();
assertThat(userRepresentation.getUsername(), Matchers.equalTo(USERNAME));
assertThat(userRepresentation.getEmail(), Matchers.equalTo(EMAIL));
assertThat(userRepresentation.getFirstName(), Matchers.equalTo(FIRST_NAME));
assertThat(userRepresentation.getLastName(), Matchers.equalTo(LAST_NAME));
RealmResource consumerRealmResource = realmsResouce().realm(bc.consumerRealmName());
List<UserRepresentation> foundUsers = consumerRealmResource.users().searchByUsername(USERNAME, true);
@ -511,8 +549,8 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
checkFederatedIdentityLink(consumerUserResource, providerUserID, USERNAME);
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), USERNAME);
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), USERNAME);
UserRepresentation providerUser = providerUserResource.toRepresentation();
providerUser.setUsername(NEW_USERNAME);
@ -521,25 +559,22 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
providerUser.setEmail(NEW_EMAIL);
providerUserResource.update(providerUser);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
WaitUtils.waitForPageToLoad();
assertThat(driver.getTitle(), Matchers.containsString("Sign in to " + bc.consumerRealmName()));
logInWithIdp(IDP_NAME, NEW_USERNAME, PASSWORD);
accountUpdateProfilePage.assertCurrent();
userRepresentation = AccountHelper.getUserRepresentation(adminClient.realm(bc.consumerRealmName()), USERNAME);
// consumer username stays the same, even when sync mode is force
assertThat(accountUpdateProfilePage.getUsername(), Matchers.equalTo(USERNAME));
assertThat(userRepresentation.getUsername(), Matchers.equalTo(USERNAME));
// other consumer attributes are updated, when sync mode is force
assertThat(accountUpdateProfilePage.getEmail(), Matchers.equalTo(isForceSync ? NEW_EMAIL : EMAIL));
assertThat(accountUpdateProfilePage.getFirstName(),
Matchers.equalTo(isForceSync ? NEW_FIRST_NAME : FIRST_NAME));
assertThat(accountUpdateProfilePage.getLastName(),
Matchers.equalTo(isForceSync ? NEW_LAST_NAME : LAST_NAME));
accountUpdateProfilePage.submitWithoutChanges();
assertAccountConsoleIsCurrent();
assertThat(userRepresentation.getEmail(), Matchers.equalTo(isForceSync ? NEW_EMAIL : EMAIL));
assertThat(userRepresentation.getFirstName(), Matchers.equalTo(isForceSync ? NEW_FIRST_NAME : FIRST_NAME));
assertThat(userRepresentation.getLastName(), Matchers.equalTo(isForceSync ? NEW_LAST_NAME : LAST_NAME));
checkFederatedIdentityLink(consumerUserResource, providerUserID, isForceSync ? NEW_USERNAME : USERNAME);
} finally {
@ -547,10 +582,6 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
}
}
private void assertAccountConsoleIsCurrent() {
assertThat(driver.getTitle(), Matchers.containsString("Account Management"));
}
private void allowUserEdit(RealmResource realmResource) {
RealmRepresentation realm = realmResource.toRepresentation();
realm.setEditUsernameAllowed(true);

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerUiLocalesDisabledTest.java
View file

@ -17,7 +17,6 @@ import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_ALIAS;
import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_PROVIDER_ID;
import static org.keycloak.testsuite.broker.BrokerTestTools.createIdentityProvider;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
public class KcOidcBrokerUiLocalesDisabledTest extends AbstractBrokerTest {
@ -40,11 +39,11 @@ public class KcOidcBrokerUiLocalesDisabledTest extends AbstractBrokerTest {
@Override
protected void loginUser() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
driver.navigate().to(driver.getCurrentUrl());
log.debug("Clicking social " + bc.getIDPAlias());
loginPage.clickSocial(bc.getIDPAlias());

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerUiLocalesEnabledTest.java
View file

@ -16,7 +16,6 @@ import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_ALIAS;
import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_PROVIDER_ID;
import static org.keycloak.testsuite.broker.BrokerTestTools.createIdentityProvider;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
public class KcOidcBrokerUiLocalesEnabledTest extends AbstractBrokerTest {
@ -39,11 +38,11 @@ public class KcOidcBrokerUiLocalesEnabledTest extends AbstractBrokerTest {
@Override
protected void loginUser() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
driver.navigate().to(driver.getCurrentUrl());
log.debug("Clicking social " + bc.getIDPAlias());
loginPage.clickSocial(bc.getIDPAlias());

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerUiLocalesWithIdpHintTest.java
View file

@ -5,13 +5,11 @@ import org.keycloak.models.IdentityProviderSyncMode;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.pages.PageUtils;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import static java.util.Locale.*;
import static org.hamcrest.CoreMatchers.*;
import static org.keycloak.OAuth2Constants.*;
import static org.keycloak.testsuite.broker.BrokerTestConstants.*;
@ -40,7 +38,8 @@ public class KcOidcBrokerUiLocalesWithIdpHintTest extends AbstractBrokerTest {
@Override
protected void loginUser() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
driver.navigate().to(driver.getCurrentUrl() + "&ui_locales=hu&kc_idp_hint=kc-oidc-idp");

16
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerWithConsentTest.java
View file

@ -3,7 +3,6 @@ package org.keycloak.testsuite.broker;
import static org.junit.Assert.assertEquals;
import static org.keycloak.testsuite.broker.BrokerRunOnServerUtil.removeBrokerExpiredSessions;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import java.util.List;
@ -51,7 +50,9 @@ public class KcOidcBrokerWithConsentTest extends AbstractInitializedBaseBrokerTe
*/
@Test
public void testConsentDeniedWithExpiredClientSession() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
log.debug("Clicking social " + bc.getIDPAlias());
loginPage.clickSocial(bc.getIDPAlias());
waitForPage(driver, "sign in to", true);
@ -78,13 +79,14 @@ public class KcOidcBrokerWithConsentTest extends AbstractInitializedBaseBrokerTe
*/
@Test
public void testConsentDeniedWithExpiredAndClearedClientSession() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
// Set time offset
invokeTimeOffset(60);
try {
testingClient.server(bc.providerRealmName()).run(removeBrokerExpiredSessions());
// User rejected consent
@ -93,7 +95,6 @@ public class KcOidcBrokerWithConsentTest extends AbstractInitializedBaseBrokerTe
// Assert login page with "You took too long to login..." message
Assert.assertEquals("Your login attempt timed out. Login will start from the beginning.", loginPage.getError());
} finally {
invokeTimeOffset(0);
}
@ -105,7 +106,10 @@ public class KcOidcBrokerWithConsentTest extends AbstractInitializedBaseBrokerTe
@Test
public void testLoginCancelConsent() {
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
// User rejected consent

34
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcFirstBrokerLoginDetectExistingUserTest.java
View file

@ -1,6 +1,5 @@
package org.keycloak.testsuite.broker;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.resource.AuthenticationManagementResource;
@ -14,17 +13,16 @@ import org.keycloak.models.IdentityProviderSyncMode;
import org.keycloak.representations.idm.AuthenticationExecutionRepresentation;
import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.testsuite.pages.LoginUpdateProfilePage;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.util.AccountHelper;
import org.keycloak.testsuite.util.ExecutionBuilder;
import static org.junit.Assert.*;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertEquals;
public class KcOidcFirstBrokerLoginDetectExistingUserTest extends AbstractInitializedBaseBrokerTest {
@Page
protected LoginUpdateProfilePage loginUpdateProfilePage;
@Override
protected BrokerConfiguration getBrokerConfiguration() {
return new KcOidcBrokerConfiguration();
@ -102,7 +100,9 @@ public class KcOidcFirstBrokerLoginDetectExistingUserTest extends AbstractInitia
String username = "firstandlastname";
createUser(bc.providerRealmName(), username, BrokerTestConstants.USER_PASSWORD, firstname, lastname, "firstnamelastname@example.org");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithIdp(bc.getIDPAlias(), username, BrokerTestConstants.USER_PASSWORD);
loginPage.assertCurrent(bc.consumerRealmName());
@ -112,7 +112,6 @@ public class KcOidcFirstBrokerLoginDetectExistingUserTest extends AbstractInitia
@Test
public void loginWhenUserExistsOnConsumer() {
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
final String firstname = "Firstname(loginWhenUserExistsOnConsumer)";
@ -122,14 +121,17 @@ public class KcOidcFirstBrokerLoginDetectExistingUserTest extends AbstractInitia
createUser(bc.providerRealmName(), username, BrokerTestConstants.USER_PASSWORD, firstname, lastname, email);
createUser(bc.consumerRealmName(), username, "THIS PASSWORD IS USELESS", null, null, email);
String accountUrl = getAccountUrl(getConsumerRoot(), bc.consumerRealmName());
getLogger().error("> LOG INTO " + accountUrl);
driver.navigate().to(accountUrl);
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithIdp(bc.getIDPAlias(), username, BrokerTestConstants.USER_PASSWORD);
assertTrue(driver.getTitle().contains("Account Management"));
assertTrue("email must be in the page", driver.getPageSource().contains("value=\""+ email + "\""));
assertTrue("firstname must appear in the page", driver.getPageSource().contains("value=\""+ firstname + "\""));
assertTrue("lastname must appear in the page", driver.getPageSource().contains("value=\""+ lastname + "\""));
assertTrue(driver.getTitle().contains("AUTH_RESPONSE"));
UserRepresentation userRepresentation = AccountHelper.getUserRepresentation(
adminClient.realm(bc.consumerRealmName()), username);
assertEquals("Email is not correct", userRepresentation.getEmail(), email);
assertEquals("Firstname is not correct", userRepresentation.getFirstName(), firstname);
assertEquals("Lastname is not correct", userRepresentation.getLastName(), lastname);
}
}

10
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcFirstBrokerLoginNewAuthTest.java
View file

@ -17,7 +17,6 @@ import org.keycloak.testsuite.util.UserBuilder;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
/**
* Tests first-broker-login flow with new authenticators.
@ -200,7 +199,9 @@ public class KcOidcFirstBrokerLoginNewAuthTest extends AbstractInitializedBaseBr
user.update(userRep);
// Login. TOTP will be required at login time.
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
loginPage.login(username, "password");
totpPage.assertCurrent();
@ -216,7 +217,8 @@ public class KcOidcFirstBrokerLoginNewAuthTest extends AbstractInitializedBaseBr
// Login with broker and click "Link account"
private void loginWithBrokerAndConfirmLinkAccount() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
@ -228,8 +230,6 @@ public class KcOidcFirstBrokerLoginNewAuthTest extends AbstractInitializedBaseBr
private void assertUserAuthenticatedInConsumer(String consumerRealmUserId) {
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
assertNumFederatedIdentities(consumerRealmUserId, 1);
}

85
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcFirstBrokerLoginTest.java
View file

@ -5,16 +5,18 @@ import org.junit.Test;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.pages.LoginUpdateProfilePage;
import org.keycloak.testsuite.pages.RegisterPage;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.util.AccountHelper;
import org.openqa.selenium.NoSuchElementException;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.keycloak.testsuite.admin.ApiUtil.removeUserByUsername;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@ -24,6 +26,9 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
@Page
protected LoginUpdateProfilePage loginUpdateProfilePage;
@Page
protected AppPage appPage;
@Page
protected RegisterPage registerPage;
@ -45,14 +50,16 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
String username = "firstandlastname";
createUser(bc.providerRealmName(), username, BrokerTestConstants.USER_PASSWORD, firstname, lastname, "firstnamelastname@example.org");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithIdp(bc.getIDPAlias(), username, BrokerTestConstants.USER_PASSWORD);
accountUpdateProfilePage.assertCurrent();
UserRepresentation userRepresentation = AccountHelper.getUserRepresentation(adminClient.realm(bc.consumerRealmName()), username);
assertEquals(username, accountUpdateProfilePage.getUsername());
assertEquals(firstname, accountUpdateProfilePage.getFirstName());
assertEquals(lastname, accountUpdateProfilePage.getLastName());
assertEquals(username, userRepresentation.getUsername());
assertEquals(firstname, userRepresentation.getFirstName());
assertEquals(lastname, userRepresentation.getLastName());
}
/**
@ -71,12 +78,16 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
adminClient.realm(bc.providerRealmName()).clients().create(samlClient);
consumerRealm.identityProviders().create(samlBroker);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(samlBrokerConfig);
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
Assert.assertTrue(appPage.isCurrent());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
@ -95,8 +106,6 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
log.debug("Clicking social " + samlBrokerConfig.getIDPAlias());
loginPage.clickSocial(samlBrokerConfig.getIDPAlias());
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
assertNumFederatedIdentities(consumerRealm.users().search(samlBrokerConfig.getUserLogin()).get(0).getId(), 2);
} finally {
@ -126,12 +135,16 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
consumerRealm.identityProviders().create(samlBroker);
consumerRealm.identityProviders().create(oidcBroker);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(samlBrokerConfig);
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
appPage.assertCurrent();
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
@ -155,8 +168,6 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
log.debug("Clicking social " + samlBrokerConfig.getIDPAlias());
loginPage.clickSocial(samlBrokerConfig.getIDPAlias());
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
assertNumFederatedIdentities(consumerRealm.users().search(samlBrokerConfig.getUserLogin()).get(0).getId(), 2);
} finally {
@ -181,7 +192,8 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
adminClient.realm(bc.providerRealmName()).clients().create(samlClient);
consumerRealm.identityProviders().create(samlBroker);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
createUser(bc.getUserLogin());
@ -226,11 +238,17 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
adminClient.realm(bc.providerRealmName()).clients().create(samlClient);
consumerRealm.identityProviders().create(samlBroker);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(samlBrokerConfig);
waitForPage(driver, "update account information", false);
updateAccountInformationPage.updateAccountInformation("FirstName", "LastName");
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
@ -241,8 +259,6 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
// User is federated after log in with the original broker
log.debug("Clicking social " + samlBrokerConfig.getIDPAlias());
loginPage.clickSocial(samlBrokerConfig.getIDPAlias());
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
assertNumFederatedIdentities(consumerRealm.users().search(samlBrokerConfig.getUserLogin()).get(0).getId(), 1);
} finally {
@ -255,8 +271,12 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
public void testEditUsername() {
updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
createUser(bc.providerRealmName(), "no-first-name", "password", null, "LastName", "no-first-name@localhost.com");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
createUser(bc.providerRealmName(), "no-first-name", "password", null,
"LastName", "no-first-name@localhost.com");
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
log.debug("Clicking social " + bc.getIDPAlias());
loginPage.clickSocial(bc.getIDPAlias());
waitForPage(driver, "sign in to", true);
@ -273,12 +293,12 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
assertEquals("Please specify username.", loginUpdateProfilePage.getInputErrors().getUsernameError());
updateAccountInformationPage.updateAccountInformation("new-username", "no-first-name@localhost.com", "First Name", "Last Name");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
Assert.assertEquals("First Name", accountUpdateProfilePage.getFirstName());
Assert.assertEquals("Last Name", accountUpdateProfilePage.getLastName());
Assert.assertEquals("no-first-name@localhost.com", accountUpdateProfilePage.getEmail());
Assert.assertEquals("new-username", accountUpdateProfilePage.getUsername());
UserRepresentation userRepresentation = AccountHelper.getUserRepresentation(adminClient.realm(bc.consumerRealmName()), "new-username");
Assert.assertEquals("First Name", userRepresentation.getFirstName());
Assert.assertEquals("Last Name", userRepresentation.getLastName());
Assert.assertEquals("no-first-name@localhost.com", userRepresentation.getEmail());
}
@ -292,7 +312,8 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
createUser(bc.providerRealmName(), "idp-cancel-test", "password", "IDP", "Cancel", "idp-cancel@localhost.com");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
loginPage.clickRegister();
registerPage.clickBackToLogin();

73
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcFirstBrokerLoginWithUserProfileTest.java
View file

@ -19,7 +19,6 @@ package org.keycloak.testsuite.broker;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.Assert.assertEquals;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
import static org.keycloak.testsuite.forms.VerifyProfileTest.ATTRIBUTE_DEPARTMENT;
import static org.keycloak.testsuite.forms.VerifyProfileTest.PERMISSIONS_ADMIN_EDITABLE;
@ -64,7 +63,9 @@ public class KcOidcFirstBrokerLoginWithUserProfileTest extends KcOidcFirstBroker
+ "{\"name\": \"department\", \"displayName\" : \"Department\", " + PERMISSIONS_ALL + ", \"required\":{}}"
+ "]}");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "update account information", false);
@ -95,7 +96,9 @@ public class KcOidcFirstBrokerLoginWithUserProfileTest extends KcOidcFirstBroker
+ "{\"name\": \"contact\" }"
+ "]}");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "update account information", false);
@ -160,7 +163,9 @@ public class KcOidcFirstBrokerLoginWithUserProfileTest extends KcOidcFirstBroker
+ "{\"name\": \"email\", " + VerifyProfileTest.PERMISSIONS_ALL + "}"
+ "]}");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "update account information", false);
@ -197,14 +202,15 @@ public class KcOidcFirstBrokerLoginWithUserProfileTest extends KcOidcFirstBroker
@Test
public void testAttributeInputTypes() {
updateExecutions(AbstractBrokerTest::enableUpdateProfileOnFirstLogin);
setUserProfileConfiguration("{\"attributes\": ["
+ RegisterWithUserProfileTest.UP_CONFIG_PART_INPUT_TYPES
+ "]}");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "update account information", false);
@ -224,11 +230,10 @@ public class KcOidcFirstBrokerLoginWithUserProfileTest extends KcOidcFirstBroker
+ "{\"name\": \"department\", " + PERMISSIONS_ADMIN_EDITABLE + ", \"required\":{}}"
+ "]}");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
logInWithBroker(bc);
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
logInWithBroker(bc);
}
@Test
@ -244,11 +249,10 @@ public class KcOidcFirstBrokerLoginWithUserProfileTest extends KcOidcFirstBroker
+ "{\"name\": \"department\", " + PERMISSIONS_ALL + ", \"required\":{}, \"selector\":{\"scopes\":[\"department\"]}}"
+ "]}");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
logInWithBroker(bc);
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
logInWithBroker(bc);
}
@Test
@ -263,7 +267,9 @@ public class KcOidcFirstBrokerLoginWithUserProfileTest extends KcOidcFirstBroker
+ "{\"name\": \"department\", " + PERMISSIONS_ALL + ", \"required\":{}, \"selector\":{\"scopes\":[\"profile\"]}}"
+ "]}");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "update account information", false);
@ -281,7 +287,9 @@ public class KcOidcFirstBrokerLoginWithUserProfileTest extends KcOidcFirstBroker
+ "{\"name\": \"department\", " + PERMISSIONS_ADMIN_EDITABLE + ", \"required\":{}}"
+ "]}");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "update account information", false);
@ -289,16 +297,11 @@ public class KcOidcFirstBrokerLoginWithUserProfileTest extends KcOidcFirstBroker
Assert.assertFalse(updateAccountInformationPage.isDepartmentPresent());
updateAccountInformationPage.updateAccountInformation( "requiredReadOnlyAttributeNotRenderedAndNotBlockingRegistration", "requiredReadOnlyAttributeNotRenderedAndNotBlockingRegistration@email", "FirstAA", "LastAA");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
}
@Test
public void testDynamicUserProfileReview_attributeRequiredAndSelectedByScopeMustBeSet() {
updateExecutions(AbstractBrokerTest::enableUpdateProfileOnFirstLogin);
//we use 'profile' scope which is requested by default
@ -308,7 +311,9 @@ public class KcOidcFirstBrokerLoginWithUserProfileTest extends KcOidcFirstBroker
+ "{\"name\": \"department\"," + PERMISSIONS_ALL + ", \"required\":{}, \"selector\":{\"scopes\":[\"profile\"]}}"
+ "]}");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "update account information", false);
@ -320,9 +325,6 @@ public class KcOidcFirstBrokerLoginWithUserProfileTest extends KcOidcFirstBroker
updateAccountInformationPage.updateAccountInformation( "attributeRequiredAndSelectedByScopeMustBeSet", "attributeRequiredAndSelectedByScopeMustBeSet@email", "FirstAA", "LastAA", "DepartmentAA");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
UserRepresentation user = VerifyProfileTest.getUserByUsername(testRealm(),"attributeRequiredAndSelectedByScopeMustBeSet");
assertEquals("FirstAA", user.getFirstName());
assertEquals("LastAA", user.getLastName());
@ -341,7 +343,9 @@ public class KcOidcFirstBrokerLoginWithUserProfileTest extends KcOidcFirstBroker
+ "{\"name\": \"department\"," + PERMISSIONS_ALL + ", \"selector\":{\"scopes\":[\"profile\"]}}"
+ "]}");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "update account information", false);
@ -350,9 +354,6 @@ public class KcOidcFirstBrokerLoginWithUserProfileTest extends KcOidcFirstBroker
Assert.assertTrue(updateAccountInformationPage.isDepartmentPresent());
updateAccountInformationPage.updateAccountInformation( "attributeNotRequiredAndSelectedByScopeCanBeIgnored", "attributeNotRequiredAndSelectedByScopeCanBeIgnored@email", "FirstAA", "LastAA");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
UserRepresentation user = VerifyProfileTest.getUserByUsername(testRealm(),"attributeNotRequiredAndSelectedByScopeCanBeIgnored");
assertEquals("FirstAA", user.getFirstName());
assertEquals("LastAA", user.getLastName());
@ -371,7 +372,9 @@ public class KcOidcFirstBrokerLoginWithUserProfileTest extends KcOidcFirstBroker
+ "{\"name\": \"department\"," + PERMISSIONS_ALL + ", \"selector\":{\"scopes\":[\"profile\"]}}"
+ "]}");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "update account information", false);
@ -380,9 +383,6 @@ public class KcOidcFirstBrokerLoginWithUserProfileTest extends KcOidcFirstBroker
Assert.assertTrue(updateAccountInformationPage.isDepartmentPresent());
updateAccountInformationPage.updateAccountInformation( "attributeNotRequiredAndSelectedByScopeCanBeSet", "attributeNotRequiredAndSelectedByScopeCanBeSet@email", "FirstAA", "LastAA","Department AA");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
UserRepresentation user = VerifyProfileTest.getUserByUsername(testRealm(),"attributeNotRequiredAndSelectedByScopeCanBeSet");
assertEquals("FirstAA", user.getFirstName());
assertEquals("LastAA", user.getLastName());
@ -402,7 +402,9 @@ public class KcOidcFirstBrokerLoginWithUserProfileTest extends KcOidcFirstBroker
+ "{\"name\": \"department\"," + PERMISSIONS_ALL + ", \"required\":{}, \"selector\":{\"scopes\":[\"department\"]}}"
+ "]}");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "update account information", false);
@ -411,9 +413,6 @@ public class KcOidcFirstBrokerLoginWithUserProfileTest extends KcOidcFirstBroker
Assert.assertFalse(updateAccountInformationPage.isDepartmentPresent());
updateAccountInformationPage.updateAccountInformation( "attributeRequiredButNotSelectedByScopeIsNotRenderedAndNotBlockingRegistration", "attributeRequiredButNotSelectedByScopeIsNotRenderedAndNotBlockingRegistration@email", "FirstAA", "LastAA");
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
UserRepresentation user = VerifyProfileTest.getUserByUsername(testRealm(),"attributeRequiredButNotSelectedByScopeIsNotRenderedAndNotBlockingRegistration");
assertEquals("FirstAA", user.getFirstName());
assertEquals("LastAA", user.getLastName());

11
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlBrokerFrontendUrlTest.java
View file

@ -14,6 +14,7 @@ import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.util.Matchers;
import org.keycloak.testsuite.util.ReverseProxy;
@ -114,7 +115,11 @@ public final class KcSamlBrokerFrontendUrlTest extends AbstractBrokerTest {
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
createUser(bc.consumerRealmName(), "consumer", "password", "FirstName", "LastName", "consumer@localhost.com");
driver.navigate().to(proxy.getUrl() + "/realms/consumer/account");
oauth.clientId("broker-app");
oauth.realm(bc.consumerRealmName());
oauth.baseUrl(proxy.getUrl());
oauth.openLoginForm();
log.debug("Clicking social " + bc.getIDPAlias());
loginPage.clickSocial(bc.getIDPAlias());
waitForPage(driver, "sign in to", true);
@ -128,8 +133,8 @@ public final class KcSamlBrokerFrontendUrlTest extends AbstractBrokerTest {
}
loginPage.login(bc.getUserLogin(), bc.getUserPassword());
waitForPage(driver, "account management", true);
accountUpdateProfilePage.assertCurrent();
waitForPage(driver, "AUTH_RESPONSE", true);
appPage.assertCurrent();
}
@Test

6
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlBrokerLoginHintWithOptionEnabledTest.java
View file

@ -4,19 +4,19 @@ import org.junit.Test;
import org.keycloak.testsuite.Assert;
import static org.junit.Assert.assertEquals;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
public class KcSamlBrokerLoginHintWithOptionEnabledTest extends AbstractSamlLoginHintTest {
// KEYCLOAK-13950
@Test
public void testPassLoginHintWithXmlCharShouldEncodeIt() {
String username = "all-info-set@localhost.com";
createUser(bc.providerRealmName(), username, "password", "FirstName");
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
log.debug("Clicking social " + bc.getIDPAlias());
String fishyLoginHint = "<an-xml-tag>";
addLoginHintOnSocialButton(fishyLoginHint);

38
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlBrokerTest.java
View file

@ -27,6 +27,7 @@ import org.keycloak.saml.processing.core.parsers.saml.protocol.SAMLProtocolQName
import org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder;
import org.keycloak.testsuite.saml.AbstractSamlTest;
import org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater;
import org.keycloak.testsuite.util.AccountHelper;
import org.keycloak.testsuite.util.SamlClient;
import org.keycloak.testsuite.util.SamlClient.Binding;
import org.keycloak.testsuite.util.SamlClientBuilder;
@ -55,7 +56,6 @@ import static org.keycloak.testsuite.util.SamlStreams.assertionsUnencrypted;
import static org.keycloak.testsuite.util.SamlStreams.attributeStatements;
import static org.keycloak.testsuite.util.SamlStreams.attributesUnecrypted;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import static org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot;
/**
* Final class as it's not intended to be overriden. Feel free to remove "final" if you really know what you are doing.
@ -163,12 +163,15 @@ public final class KcSamlBrokerTest extends AbstractAdvancedBrokerTest {
assertThat(currentRoles, hasItems(ROLE_MANAGER));
assertThat(currentRoles, not(hasItems(ROLE_USER, ROLE_FRIENDLY_MANAGER)));
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
userResource.roles().realmLevel().add(Collections.singletonList(userRole));
userResource.roles().realmLevel().add(Collections.singletonList(friendlyManagerRole));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInAsUserInIDP();
currentRoles = userResource.roles().realmLevel().listAll().stream()
@ -176,11 +179,14 @@ public final class KcSamlBrokerTest extends AbstractAdvancedBrokerTest {
.collect(Collectors.toSet());
assertThat(currentRoles, hasItems(ROLE_MANAGER, ROLE_USER, ROLE_FRIENDLY_MANAGER));
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
userResource.roles().realmLevel().remove(Collections.singletonList(friendlyManagerRole));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInAsUserInIDP();
currentRoles = userResource.roles().realmLevel().listAll().stream()
@ -189,8 +195,8 @@ public final class KcSamlBrokerTest extends AbstractAdvancedBrokerTest {
assertThat(currentRoles, hasItems(ROLE_MANAGER, ROLE_USER));
assertThat(currentRoles, not(hasItems(ROLE_FRIENDLY_MANAGER)));
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
}
@Test
@ -219,8 +225,8 @@ public final class KcSamlBrokerTest extends AbstractAdvancedBrokerTest {
assertThat(currentRoles, hasItems(ROLE_MANAGER));
assertThat(currentRoles, not(hasItems(ROLE_USER, ROLE_FRIENDLY_MANAGER, ROLE_USER_DOT_GUIDE)));
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
UserRepresentation urp = userResourceProv.toRepresentation();
urp.setAttributes(new HashMap<>());
@ -229,6 +235,9 @@ public final class KcSamlBrokerTest extends AbstractAdvancedBrokerTest {
userResourceProv.roles().realmLevel().add(Collections.singletonList(userRole));
userResourceProv.roles().realmLevel().add(Collections.singletonList(userRoleDotGuide));
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInAsUserInIDP();
currentRoles = userResourceCons.roles().realmLevel().listAll().stream()
@ -236,13 +245,16 @@ public final class KcSamlBrokerTest extends AbstractAdvancedBrokerTest {
.collect(Collectors.toSet());
assertThat(currentRoles, hasItems(ROLE_MANAGER, ROLE_USER, ROLE_USER_DOT_GUIDE, ROLE_FRIENDLY_MANAGER));
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
urp = userResourceProv.toRepresentation();
urp.setAttributes(new HashMap<>());
userResourceProv.update(urp);
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
logInAsUserInIDP();
currentRoles = userResourceCons.roles().realmLevel().listAll().stream()
@ -251,8 +263,8 @@ public final class KcSamlBrokerTest extends AbstractAdvancedBrokerTest {
assertThat(currentRoles, hasItems(ROLE_MANAGER, ROLE_USER, ROLE_USER_DOT_GUIDE));
assertThat(currentRoles, not(hasItems(ROLE_FRIENDLY_MANAGER)));
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
AccountHelper.logout(adminClient.realm(bc.providerRealmName()), bc.getUserLogin());
}
// KEYCLOAK-6106

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/OidcClaimToUserSessionNoteMapperTest.java
View file

@ -3,7 +3,6 @@ package org.keycloak.testsuite.broker;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.nullValue;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import org.junit.Before;
import org.junit.Test;
@ -24,6 +23,7 @@ import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.testsuite.util.AccountHelper;
import org.keycloak.testsuite.util.OAuthClient;
import com.google.common.collect.ImmutableMap;
@ -131,7 +131,7 @@ public class OidcClaimToUserSessionNoteMapperTest extends AbstractIdentityProvid
}
private void logout() {
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
AccountHelper.logout(adminClient.realm(bc.consumerRealmName()), bc.getUserLogin());
}
private AccessToken login() {

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/AbstractLDAPTest.java
View file

@ -18,7 +18,6 @@
package org.keycloak.testsuite.federation.ldap;
import org.keycloak.common.Profile.Feature;
import java.util.List;
import java.util.Map;
import org.jboss.arquillian.graphene.page.Page;
@ -29,7 +28,6 @@ import org.keycloak.storage.ldap.mappers.LDAPStorageMapper;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginPasswordUpdatePage;
@ -57,9 +55,6 @@ public abstract class AbstractLDAPTest extends AbstractTestRealmKeycloakTest {
@Page
protected RegisterPage registerPage;
@Page
protected AccountUpdateProfilePage profilePage;
@Page
protected OAuthGrantPage grantPage;

13
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPLegacyImportTest.java
View file

@ -28,12 +28,13 @@ import org.keycloak.common.Profile;
import org.keycloak.component.ComponentModel;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.ldap.LDAPStorageProvider;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.util.AccountHelper;
import org.keycloak.testsuite.util.LDAPRule;
import org.keycloak.testsuite.util.LDAPTestConfiguration;
import org.keycloak.testsuite.util.LDAPTestUtils;
@ -115,7 +116,6 @@ public class LDAPLegacyImportTest extends AbstractLDAPTest {
}
@Test
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true) // TODO remove this (KEYCLOAK-16228)
public void loginLdap() {
loginPage.open();
loginPage.login("johnkeycloak", "Password1");
@ -123,10 +123,11 @@ public class LDAPLegacyImportTest extends AbstractLDAPTest {
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
profilePage.open();
Assert.assertEquals("John", profilePage.getFirstName());
Assert.assertEquals("Doe", profilePage.getLastName());
Assert.assertEquals("john@email.org", profilePage.getEmail());
UserRepresentation userRepresentation = AccountHelper.getUserRepresentation(testRealm(), "johnkeycloak");
Assert.assertEquals("John", userRepresentation.getFirstName());
Assert.assertEquals("Doe", userRepresentation.getLastName());
Assert.assertEquals("john@email.org", userRepresentation.getEmail());
}

12
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java
View file

@ -69,7 +69,6 @@ import org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper;
import org.keycloak.testsuite.AbstractAuthTest;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.util.AccountHelper;
import org.keycloak.testsuite.util.LDAPRule;
@ -421,7 +420,6 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
}
@Test
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true) // TODO remove this (KEYCLOAK-16228)
public void deleteFederationLink() throws Exception {
// KEYCLOAK-4789: Login in client, which requires consent
oauth.clientId("third-party");
@ -471,7 +469,6 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
}
@Test
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true) // TODO remove this (KEYCLOAK-16228)
public void loginLdap() {
loginPage.open();
loginPage.login("johnkeycloak", "Password1");
@ -479,10 +476,11 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
profilePage.open();
Assert.assertEquals("John", profilePage.getFirstName());
Assert.assertEquals("Doe", profilePage.getLastName());
Assert.assertEquals("john@email.org", profilePage.getEmail());
UserRepresentation userRepresentation = AccountHelper.getUserRepresentation(adminClient.realm(TEST_REALM_NAME), "johnkeycloak");
Assert.assertEquals("John", userRepresentation.getFirstName());
Assert.assertEquals("Doe", userRepresentation.getLastName());
Assert.assertEquals("john@email.org", userRepresentation.getEmail());
}
@Test

26
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
View file

@ -57,7 +57,6 @@ import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.AppPage.RequestType;
import org.keycloak.testsuite.pages.ErrorPage;
@ -74,8 +73,8 @@ import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.TokenSignatureUtil;
import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.testsuite.util.WaitUtils;
import org.openqa.selenium.Cookie;
import org.keycloak.testsuite.util.AccountHelper;
import org.openqa.selenium.JavascriptExecutor;
import static org.hamcrest.Matchers.containsString;
@ -139,9 +138,6 @@ public class LoginTest extends AbstractTestRealmKeycloakTest {
@Page
protected ErrorPage errorPage;
@Page
protected AccountUpdateProfilePage profilePage;
@Page
protected LoginPasswordUpdatePage updatePasswordPage;
@ -360,31 +356,25 @@ public class LoginTest extends AbstractTestRealmKeycloakTest {
}
@Test
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true) // TODO remove this (KEYCLOAK-16228)
public void loginDifferentUserAfterDisabledUserThrownOut() {
String userId = adminClient.realm("test").users().search("test-user@localhost").get(0).getId();
String userId = AccountHelper.getUserRepresentation(adminClient.realm("test"), "test-user@localhost").getId();
try {
//profilePage.open();
loginPage.open();
loginPage.login("test-user@localhost", "password");
//accountPage.assertCurrent();
appPage.assertCurrent();
appPage.openAccount();
profilePage.assertCurrent();
setUserEnabled(userId, false);
// force refresh token which results in redirecting to login page
profilePage.updateUsername("notPermitted");
WaitUtils.waitForPageToLoad();
loginPage.open();
loginPage.assertCurrent();
// try to log in as different user
loginPage.login("keycloak-user@localhost", "password");
profilePage.assertCurrent();
appPage.assertCurrent();
} finally {
setUserEnabled(userId, true);
}
@ -592,8 +582,6 @@ public class LoginTest extends AbstractTestRealmKeycloakTest {
events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent().getSessionId();
}
@Test
public void loginLoginHint() {
String loginFormUrl = oauth.getLoginFormUrl() + "&login_hint=login-test";
@ -772,9 +760,7 @@ public class LoginTest extends AbstractTestRealmKeycloakTest {
}
}
// Login timeout scenarios
// KEYCLOAK-1037
@Test
public void loginExpiredCode() {

11
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/PasswordHashingTest.java
View file

@ -18,7 +18,6 @@ package org.keycloak.testsuite.forms;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.common.util.Base64;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.hash.PasswordHashProvider;
@ -35,9 +34,8 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.util.AccountHelper;
import org.keycloak.testsuite.util.UserBuilder;
import javax.crypto.SecretKeyFactory;
@ -55,9 +53,6 @@ import static org.junit.Assert.fail;
*/
public class PasswordHashingTest extends AbstractTestRealmKeycloakTest {
@Page
private AccountUpdateProfilePage updateProfilePage;
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
}
@ -124,7 +119,6 @@ public class PasswordHashingTest extends AbstractTestRealmKeycloakTest {
// KEYCLOAK-5282
@Test
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true) // TODO remove this (KEYCLOAK-16228)
public void testPasswordNotRehasedUnchangedIterations() {
setPasswordPolicy("");
@ -147,8 +141,7 @@ public class PasswordHashingTest extends AbstractTestRealmKeycloakTest {
setPasswordPolicy("hashIterations(" + Pbkdf2Sha256PasswordHashProviderFactory.DEFAULT_ITERATIONS + ")");
updateProfilePage.open();
updateProfilePage.logout();
AccountHelper.logout(adminClient.realm("test"), username);
loginPage.open();
loginPage.login(username, "password");

20
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java
View file

@ -28,7 +28,6 @@ import org.keycloak.authentication.forms.RegistrationPassword;
import org.keycloak.authentication.forms.RegistrationProfile;
import org.keycloak.authentication.forms.RegistrationRecaptcha;
import org.keycloak.authentication.forms.RegistrationUserCreation;
import org.keycloak.common.Profile;
import org.keycloak.events.Details;
import org.keycloak.events.EventType;
import org.keycloak.models.AuthenticationExecutionModel;
@ -37,8 +36,6 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.AppPage.RequestType;
import org.keycloak.testsuite.pages.LoginPage;
@ -50,6 +47,7 @@ import org.keycloak.testsuite.util.GreenMailRule;
import org.keycloak.testsuite.util.MailUtils;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.testsuite.util.AccountHelper;
import jakarta.mail.internet.MimeMessage;
import jakarta.ws.rs.core.Response;
@ -84,9 +82,6 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest {
@Page
protected VerifyEmailPage verifyEmailPage;
@Page
protected AccountUpdateProfilePage accountPage;
@Rule
public GreenMailRule greenMail = new GreenMailRule();
@ -474,7 +469,6 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest {
}
@Test
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true) // TODO remove this (KEYCLOAK-16228)
public void registerUserUmlats() {
loginPage.open();
@ -488,16 +482,10 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest {
String userId = events.expectRegister("registeruserumlats", "registeruserumlats@email").assertEvent().getUserId();
events.expectLogin().detail("username", "registeruserumlats").user(userId).assertEvent();
accountPage.open();
assertTrue(accountPage.isCurrent());
UserRepresentation userRepresentation = AccountHelper.getUserRepresentation(adminClient.realm("test"), "registeruserumlats");
UserRepresentation user = getUser(userId);
Assert.assertNotNull(user);
assertEquals("Äǜṳǚǘǖ", user.getFirstName());
assertEquals("Öṏṏ", user.getLastName());
assertEquals("Äǜṳǚǘǖ", accountPage.getFirstName());
assertEquals("Öṏṏ", accountPage.getLastName());
assertEquals("Äǜṳǚǘǖ", userRepresentation.getFirstName());
assertEquals("Öṏṏ", userRepresentation.getLastName());
}
// KEYCLOAK-3266

34
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
View file

@ -18,7 +18,6 @@ package org.keycloak.testsuite.forms;
import org.hamcrest.Matchers;
import org.jboss.arquillian.drone.api.annotation.Drone;
import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.authentication.actiontoken.resetcred.ResetCredentialsActionToken;
import org.jboss.arquillian.graphene.page.Page;
@ -39,9 +38,7 @@ import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.auth.page.account.AccountManagement;
import org.keycloak.testsuite.federation.kerberos.AbstractKerberosTest;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.AppPage.RequestType;
import org.keycloak.testsuite.pages.ErrorPage;
@ -62,6 +59,9 @@ import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.SecondBrowser;
import org.keycloak.testsuite.util.UserActionTokenBuilder;
import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.testsuite.util.WaitUtils;
import org.keycloak.testsuite.util.AccountHelper;
import org.keycloak.testsuite.util.TestAppHelper;
import jakarta.mail.MessagingException;
import jakarta.mail.internet.MimeMessage;
@ -77,13 +77,11 @@ import java.util.Map;
import java.util.concurrent.atomic.AtomicInteger;
import org.junit.*;
import org.keycloak.testsuite.util.WaitUtils;
import org.openqa.selenium.By;
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.WebElement;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.is;
import static org.junit.Assert.*;
/**
@ -147,9 +145,6 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
@Page
protected LoginPasswordUpdatePage updatePasswordPage;
@Page
protected AccountUpdateProfilePage account1ProfilePage;
@Page
protected LogoutConfirmPage logoutConfirmPage;
@ -159,7 +154,6 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
private int expectedMessagesCount;
@Test
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true) // TODO remove this (KEYCLOAK-16228)
public void resetPasswordLink() throws IOException, MessagingException {
String username = "login-test";
String resetUri = oauth.AUTH_SERVER_ROOT + "/realms/test/login-actions/reset-credentials";
@ -198,22 +192,12 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
.client("account")
.user(userId).detail(Details.USERNAME, username).assertEvent();
EventRepresentation loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, username)
.detail(Details.REDIRECT_URI, oauth.AUTH_SERVER_ROOT + "/realms/test/account/")
.client("account")
.assertEvent();
String sessionId = loginEvent.getSessionId();
AccountHelper.logout(testRealm(), username);
account1ProfilePage.assertCurrent();
account1ProfilePage.logout();
TestAppHelper testAppHelper = new TestAppHelper(oauth, loginPage, appPage);
testAppHelper.login("login-test", "resetPassword");
events.expectLogout(sessionId).user(userId).removeDetail(Details.REDIRECT_URI).assertEvent();
loginPage.open();
loginPage.login("login-test", "resetPassword");
events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();
appPage.assertCurrent();
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
}
@ -1145,12 +1129,12 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
try (BrowserTabUtil tabUtil = BrowserTabUtil.getInstanceAndSetEnv(driver)) {
assertThat(tabUtil.getCountOfTabs(), Matchers.is(1));
AccountHelper.logout(testRealm(), "login-test");
driver.navigate().to(REQUIRED_URI);
resetPasswordTwiceInNewTab(defaultUser, CLIENT_ID, false, REDIRECT_URI, REQUIRED_URI);
assertThat(driver.getTitle(), Matchers.equalTo(ACCOUNT_MANAGEMENT_TITLE));
account1ProfilePage.assertCurrent();
account1ProfilePage.logout();
AccountHelper.logout(testRealm(), "login-test");
driver.navigate().to(REQUIRED_URI);
resetPasswordTwiceInNewTab(defaultUser, CLIENT_ID, true, REDIRECT_URI, REQUIRED_URI);

10
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/SSOTest.java
View file

@ -23,7 +23,6 @@ import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.common.Profile;
import org.keycloak.events.Details;
import org.keycloak.events.EventType;
import org.keycloak.models.UserModel;
@ -33,9 +32,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.drone.Different;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.AppPage.RequestType;
import org.keycloak.testsuite.pages.LoginPage;
@ -67,9 +64,6 @@ public class SSOTest extends AbstractTestRealmKeycloakTest {
@Page
protected LoginPage loginPage;
@Page
protected AccountUpdateProfilePage profilePage;
@Page
protected LoginPasswordUpdatePage updatePasswordPage;
@ -81,7 +75,6 @@ public class SSOTest extends AbstractTestRealmKeycloakTest {
}
@Test
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true) // TODO remove this (KEYCLOAK-16228)
public void loginSuccess() {
loginPage.open();
loginPage.login("test-user@localhost", "password");
@ -113,8 +106,7 @@ public class SSOTest extends AbstractTestRealmKeycloakTest {
// auth time hasn't changed as we authenticated through SSO cookie
Assert.assertEquals(authTime, idToken.getAuth_time());
profilePage.open();
assertTrue(profilePage.isCurrent());
appPage.assertCurrent();
// Expire session
testingClient.testing().removeUserSession("test", sessionId);

81
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/AccountPageTest.java
View file

@ -1,81 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.i18n;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.Profile;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.ProfileAssume;
import java.util.List;
/**
* @author <a href="mailto:gerbermichi@me.com">Michael Gerber</a>
* @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
*/
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true) // TODO remove this (KEYCLOAK-16228)
public class AccountPageTest extends AbstractI18NTest {
@Page
protected AccountUpdateProfilePage accountUpdateProfilePage;
@Page
protected LoginPage loginPage;
@Test
public void languageDropdown() {
accountUpdateProfilePage.open();
loginPage.login("login@test.com", "password");
Assert.assertTrue(accountUpdateProfilePage.isCurrent());
Assert.assertEquals("English", accountUpdateProfilePage.getLanguageDropdownText());
accountUpdateProfilePage.openLanguage("Deutsch");
Assert.assertEquals("Deutsch", accountUpdateProfilePage.getLanguageDropdownText());
accountUpdateProfilePage.openLanguage("English");
Assert.assertEquals("English", accountUpdateProfilePage.getLanguageDropdownText());
accountUpdateProfilePage.logout();
}
@Test
public void testLocalizedReferrerLinkContent() {
RealmResource testRealm = testRealm();
List<ClientRepresentation> foundClients = testRealm.clients().findByClientId("var-named-test-app");
if (foundClients.isEmpty()) {
Assert.fail("Unable to find var-named-test-app");
}
ClientRepresentation namedClient = foundClients.get(0);
driver.navigate().to(accountUpdateProfilePage.getPath() + "?referrer=" + namedClient.getClientId());
loginPage.login("test-user@localhost", "password");
Assert.assertTrue(accountUpdateProfilePage.isCurrent());
accountUpdateProfilePage.openLanguage("Deutsch");
Assert.assertEquals("Deutsch", accountUpdateProfilePage.getLanguageDropdownText());
// When a client has a name provided as a variable, the name should be resolved using a localized bundle and available to the back link
Assert.assertEquals("Zur\u00FCck zu Test App Named - Clientkonto", accountUpdateProfilePage.getBackToApplicationLinkText());
Assert.assertEquals(namedClient.getBaseUrl(), accountUpdateProfilePage.getBackToApplicationLinkHref());
}
}

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/BackchannelLogoutTest.java
View file

@ -11,6 +11,7 @@ import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.jboss.arquillian.drone.api.annotation.Drone;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
@ -53,6 +54,8 @@ import java.util.stream.Collectors;
import jakarta.ws.rs.core.Response;
// Remove @Ignore when closing Github issue 20643
@Ignore
public class BackchannelLogoutTest extends AbstractNestedBrokerTest {
public static final String ACCOUNT_CLIENT_NAME = "account";
@ -361,7 +364,6 @@ public class BackchannelLogoutTest extends AbstractNestedBrokerTest {
@Test
public void postBackchannelLogoutWithoutSessionIdMultipleOpenSessionDifferentIdentityProvider() throws Exception {
IdentityProviderRepresentation identityProvider2 = addSecondIdentityProviderToConsumerRealm();
String brokerClientIdProviderRealm = getClientId(nbc.providerRealmName(), BROKER_CLIENT_ID);

16
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuth2OnlyTest.java
View file

@ -36,11 +36,7 @@ import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.ActionURIUtils;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.OAuthGrantPage;
import org.keycloak.testsuite.util.ClientManager;
import org.keycloak.testsuite.util.OAuthClient;
@ -57,18 +53,6 @@ public class OAuth2OnlyTest extends AbstractTestRealmKeycloakTest {
@Rule
public AssertEvents events = new AssertEvents(this);
@Page
protected AppPage appPage;
@Page
protected LoginPage loginPage;
@Page
protected AccountUpdateProfilePage profilePage;
@Page
protected OAuthGrantPage grantPage;
@Page
protected ErrorPage errorPage;

6
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AbstractOIDCScopeTest.java
View file

@ -29,7 +29,6 @@ import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.LoginPage;
@ -50,13 +49,9 @@ public abstract class AbstractOIDCScopeTest extends AbstractTestRealmKeycloakTes
@Page
protected LoginPage loginPage;
@Page
protected AccountUpdateProfilePage profilePage;
@Page
protected OAuthGrantPage grantPage;
@Page
protected ErrorPage errorPage;
@ -98,7 +93,6 @@ public abstract class AbstractOIDCScopeTest extends AbstractTestRealmKeycloakTes
expectedScopes.containsAll(receivedScopes) && receivedScopes.containsAll(expectedScopes));
}
static class Tokens {
final IDToken idToken;
final AccessToken accessToken;

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AuthorizationTokenEncryptionTest.java
View file

@ -67,9 +67,6 @@ public class AuthorizationTokenEncryptionTest extends AbstractTestRealmKeycloakT
@Page
protected LoginPage loginPage;
@Page
protected AccountUpdateProfilePage profilePage;
@Page
protected OAuthGrantPage grantPage;

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/IdTokenEncryptionTest.java
View file

@ -46,7 +46,6 @@ import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
import org.keycloak.testsuite.client.resources.TestApplicationResourceUrls;
import org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.LoginPage;
@ -75,9 +74,6 @@ public class IdTokenEncryptionTest extends AbstractTestRealmKeycloakTest {
@Page
protected LoginPage loginPage;
@Page
protected AccountUpdateProfilePage profilePage;
@Page
protected OAuthGrantPage grantPage;

98
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCAdvancedRequestParamsTest.java
View file

@ -69,6 +69,7 @@ import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.KeysMetadataRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.resources.RealmsResource;
import org.keycloak.services.util.CertificateInfoHelper;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.Assert;
@ -78,16 +79,12 @@ import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.client.resources.TestApplicationResourceUrls;
import org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.OAuthGrantPage;
import org.keycloak.testsuite.rest.resource.TestingOIDCEndpointsApplicationResource;
import org.keycloak.testsuite.util.ClientManager;
import org.keycloak.testsuite.util.KeyUtils;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.UserInfoClientUtil;
import org.keycloak.testsuite.util.*;
import org.keycloak.util.JWKSUtils;
import org.keycloak.util.JsonSerialization;
@ -95,6 +92,8 @@ import jakarta.ws.rs.client.Client;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriBuilder;
import java.io.IOException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.List;
@ -110,8 +109,6 @@ import static org.keycloak.jose.jwe.JWEConstants.RSA_OAEP;
import static org.keycloak.jose.jwe.JWEConstants.RSA_OAEP_256;
import static org.keycloak.testsuite.admin.ApiUtil.findClientResourceByClientId;
import org.keycloak.testsuite.util.AdminClientUtil;
/**
* Test for supporting advanced parameters of OIDC specs (max_age, prompt, ...)
*
@ -129,9 +126,6 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
@Page
protected LoginPage loginPage;
@Page
protected AccountUpdateProfilePage profilePage;
@Page
protected OAuthGrantPage grantPage;
@ -313,17 +307,15 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
// Prompt=none with consent required for client
@Test
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true) // TODO remove this (KEYCLOAK-16228)
public void promptNoneConsentRequired() throws Exception {
public void promptNoneConsentRequired() {
// Require consent
ClientManager.realm(adminClient.realm("test")).clientId("test-app").consentRequired(true);
try {
// login to account mgmt.
profilePage.open();
driver.navigate().to(RealmsResource.accountUrl(UriBuilder.fromUri(getAuthServerRoot())).build("test").toString());
assertTrue(loginPage.isCurrent());
loginPage.login("test-user@localhost", "password");
profilePage.assertCurrent();
assertEquals(driver.getCurrentUrl(), getAuthServerRoot() + "realms/test/account/");
events.expectLogin().client(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID)
.removeDetail(Details.REDIRECT_URI)
@ -416,7 +408,6 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
Assert.assertEquals(oldIdToken.getSessionState(), newIdToken.getSessionState());
}
// prompt=consent
@Test
public void promptConsent() {
@ -477,9 +468,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
}
}
// DISPLAY & OTHERS
@Test
public void nonSupportedParams() {
driver.navigate().to(oauth.getLoginFormUrl() + "&display=popup&foo=foobar&claims_locales=fr");
@ -495,9 +484,8 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
}
// REQUEST & REQUEST_URI
@Test
public void requestObjectNotRequiredNotProvided() throws Exception {
public void requestObjectNotRequiredNotProvided() {
oauth.stateParamHardcoded("mystate2");
// Set request object not required for client
ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
@ -514,7 +502,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
}
@Test
public void requestObjectNotRequiredProvidedInRequestParam() throws Exception {
public void requestObjectNotRequiredProvidedInRequestParam() {
oauth.stateParamHardcoded("mystate2");
// Set request object not required for client
ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
@ -536,7 +524,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
}
@Test
public void requestObjectNotRequiredProvidedInRequestUriParam() throws Exception {
public void requestObjectNotRequiredProvidedInRequestUriParam() {
oauth.stateParamHardcoded("mystate2");
// Set request object not required for client
ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
@ -558,7 +546,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
}
@Test
public void requestObjectRequiredNotProvided() throws Exception {
public void requestObjectRequiredNotProvided() {
oauth.stateParamHardcoded("mystate2");
// Set request object not required for client
ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
@ -578,7 +566,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
}
@Test
public void requestObjectRequiredProvidedInRequestParam() throws Exception {
public void requestObjectRequiredProvidedInRequestParam() {
oauth.stateParamHardcoded("mystate2");
// Set request object not required for client
ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
@ -604,7 +592,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
}
@Test
public void requestObjectSupersedesQueryParameter() throws Exception {
public void requestObjectSupersedesQueryParameter() {
String stateInRequestObject = "stateInRequestObject";
String stateInQueryParameter = "stateInQueryParameter";
oauth.stateParamHardcoded(stateInQueryParameter);
@ -632,7 +620,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
}
@Test
public void requestObjectClientIdAndResponseTypeTest() throws Exception {
public void requestObjectClientIdAndResponseTypeTest() {
oauth.stateParamHardcoded("some-state");
// Test that "client_id" mandatory in the query even if set in the "request" object
@ -680,7 +668,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
}
@Test
public void requestObjectRequiredProvidedInRequestUriParam() throws Exception {
public void requestObjectRequiredProvidedInRequestUriParam() {
oauth.stateParamHardcoded("mystate2");
// Set request object not required for client
ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
@ -706,7 +694,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
}
@Test
public void requestObjectRequiredAsRequestParamNotProvided() throws Exception {
public void requestObjectRequiredAsRequestParamNotProvided() {
oauth.stateParamHardcoded("mystate2");
// Set request object not required for client
ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
@ -726,7 +714,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
}
@Test
public void requestObjectRequiredAsRequestParamProvidedInRequestParam() throws Exception {
public void requestObjectRequiredAsRequestParamProvidedInRequestParam() {
oauth.stateParamHardcoded("mystate2");
// Set request object not required for client
ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
@ -752,7 +740,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
}
@Test
public void requestObjectRequiredAsRequestParamProvidedInRequestUriParam() throws Exception {
public void requestObjectRequiredAsRequestParamProvidedInRequestUriParam() {
oauth.stateParamHardcoded("mystate2");
// Set request object not required for client
ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
@ -777,7 +765,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
}
@Test
public void requestObjectRequiredAsRequestUriParamNotProvided() throws Exception {
public void requestObjectRequiredAsRequestUriParamNotProvided() {
oauth.stateParamHardcoded("mystate2");
// Set request object not required for client
ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
@ -797,7 +785,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
}
@Test
public void requestObjectRequiredAsRequestUriParamProvidedInRequestParam() throws Exception {
public void requestObjectRequiredAsRequestUriParamProvidedInRequestParam() {
oauth.stateParamHardcoded("mystate2");
// Set request object not required for client
ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
@ -822,7 +810,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
}
@Test
public void requestObjectRequiredAsRequestUriParamProvidedInRequestUriParam() throws Exception {
public void requestObjectRequiredAsRequestUriParamProvidedInRequestUriParam() {
oauth.stateParamHardcoded("mystate2");
// Set request object not required for client
ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
@ -848,7 +836,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
}
@Test
public void requestParamUnsigned() throws Exception {
public void requestParamUnsigned() {
oauth.stateParamHardcoded("mystate2");
String validRedirectUri = oauth.getRedirectUri();
@ -876,7 +864,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
}
@Test
public void requestUriParamUnsigned() throws Exception {
public void requestUriParamUnsigned() {
String validRedirectUri = oauth.getRedirectUri();
TestOIDCEndpointsApplicationResource oidcClientEndpointsResource = testingClient.testApp().oidcClientEndpoints();
@ -899,7 +887,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
}
@Test
public void requestUriParamWithAllowedRequestUris() throws Exception {
public void requestUriParamWithAllowedRequestUris() {
String validRedirectUri = oauth.getRedirectUri();
TestOIDCEndpointsApplicationResource oidcClientEndpointsResource = testingClient.testApp().oidcClientEndpoints();
oidcClientEndpointsResource.setOIDCRequest("test", "test-app", validRedirectUri, "10", "mystate1", "none");
@ -960,11 +948,10 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
// Revert
clientMgrBuilder.setRequestUris(TestApplicationResourceUrls.clientRequestUri());
}
@Test
public void requestUriParamSigned() throws Exception {
public void requestUriParamSigned() {
String validRedirectUri = oauth.getRedirectUri();
TestOIDCEndpointsApplicationResource oidcClientEndpointsResource = testingClient.testApp().oidcClientEndpoints();
@ -1012,7 +999,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
clientResource.update(clientRep);
}
private void requestUriParamSignedIn(String expectedAlgorithm, String actualAlgorithm) throws Exception {
private void requestUriParamSignedIn(String expectedAlgorithm, String actualAlgorithm) {
ClientResource clientResource = null;
ClientRepresentation clientRep = null;
try {
@ -1042,13 +1029,15 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
// set time offset, so that new keys are downloaded
setTimeOffset(20);
oauth.realm("test");
oauth.clientId("test-app");
oauth.requestUri(TestApplicationResourceUrls.clientRequestUri());
if (expectedAlgorithm == null || expectedAlgorithm.equals(actualAlgorithm)) {
// Check signed request_uri will pass
OAuthClient.AuthorizationEndpointResponse response = oauth.doLogin("test-user@localhost", "password");
Assert.assertNotNull(response.getCode());
Assert.assertEquals("mystate3", response.getState());
assertTrue(appPage.isCurrent());
appPage.assertCurrent();
} else {
// Verify signed request_uri will fail due to failed signature validation
oauth.openLoginForm();
@ -1067,73 +1056,73 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
}
@Test
public void requestUriParamSignedExpectedES256ActualRS256() throws Exception {
public void requestUriParamSignedExpectedES256ActualRS256() {
// will fail
requestUriParamSignedIn(Algorithm.ES256, Algorithm.RS256);
}
@Test
public void requestUriParamSignedExpectedNoneActualES256() throws Exception {
public void requestUriParamSignedExpectedNoneActualES256() {
// will fail
requestUriParamSignedIn("none", Algorithm.ES256);
}
@Test
public void requestUriParamSignedExpectedNoneActualNone() throws Exception {
public void requestUriParamSignedExpectedNoneActualNone() {
// will success
requestUriParamSignedIn("none", "none");
}
@Test
public void requestUriParamSignedExpectedES256ActualES256() throws Exception {
public void requestUriParamSignedExpectedES256ActualES256() {
// will success
requestUriParamSignedIn(Algorithm.ES256, Algorithm.ES256);
}
@Test
public void requestUriParamSignedExpectedES384ActualES384() throws Exception {
public void requestUriParamSignedExpectedES384ActualES384() {
// will success
requestUriParamSignedIn(Algorithm.ES384, Algorithm.ES384);
}
@Test
public void requestUriParamSignedExpectedES512ActualES512() throws Exception {
public void requestUriParamSignedExpectedES512ActualES512() {
// will success
requestUriParamSignedIn(Algorithm.ES512, Algorithm.ES512);
}
@Test
public void requestUriParamSignedExpectedRS384ActualRS384() throws Exception {
public void requestUriParamSignedExpectedRS384ActualRS384() {
// will success
requestUriParamSignedIn(Algorithm.RS384, Algorithm.RS384);
}
@Test
public void requestUriParamSignedExpectedRS512ActualRS512() throws Exception {
public void requestUriParamSignedExpectedRS512ActualRS512() {
// will success
requestUriParamSignedIn(Algorithm.RS512, Algorithm.RS512);
}
@Test
public void requestUriParamSignedExpectedPS256ActualPS256() throws Exception {
public void requestUriParamSignedExpectedPS256ActualPS256() {
// will success
requestUriParamSignedIn(Algorithm.PS256, Algorithm.PS256);
}
@Test
public void requestUriParamSignedExpectedPS384ActualPS384() throws Exception {
public void requestUriParamSignedExpectedPS384ActualPS384() {
// will success
requestUriParamSignedIn(Algorithm.PS384, Algorithm.PS384);
}
@Test
public void requestUriParamSignedExpectedPS512ActualPS512() throws Exception {
public void requestUriParamSignedExpectedPS512ActualPS512() {
// will success
requestUriParamSignedIn(Algorithm.PS512, Algorithm.PS512);
}
@Test
public void requestUriParamSignedExpectedAnyActualES256() throws Exception {
public void requestUriParamSignedExpectedAnyActualES256() {
// Algorithm is null if 'any'
// will success
requestUriParamSignedIn(null, Algorithm.ES256);
@ -1166,7 +1155,8 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
String claimsJson = JsonSerialization.writeValueAsString(claims);
driver.navigate().to(oauth.getLoginFormUrl() + "&" + OIDCLoginProtocol.CLAIMS_PARAM + "=" + claimsJson);
driver.navigate().to(oauth.getLoginFormUrl() + "&" + OIDCLoginProtocol.CLAIMS_PARAM + "="
+ URLEncoder.encode(claimsJson, StandardCharsets.UTF_8.toString()));
// need to login so session id can be read from event
loginPage.assertCurrent();
@ -1228,7 +1218,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
}
@Test
public void processClaimsRequestParamSupported() throws Exception {
public void processClaimsRequestParamSupported() {
String clientScopeId = null;
try {
for (ClientScopeRepresentation rep : adminClient.realm("test").clientScopes().findAll()) {

6
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCBackwardsCompatibilityTest.java
View file

@ -31,7 +31,6 @@ import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.LoginPage;
@ -54,9 +53,6 @@ public class OIDCBackwardsCompatibilityTest extends AbstractTestRealmKeycloakTes
@Page
protected LoginPage loginPage;
@Page
protected AccountUpdateProfilePage profilePage;
@Page
protected OAuthGrantPage grantPage;
@ -100,7 +96,7 @@ public class OIDCBackwardsCompatibilityTest extends AbstractTestRealmKeycloakTes
// Open login again and assert session_state not present
driver.navigate().to(oauth.getLoginFormUrl());
org.keycloak.testsuite.Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
loginEvent = events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
authzResponse = new OAuthClient.AuthorizationEndpointResponse(oauth);
Assert.assertNull(authzResponse.getSessionState());

12
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/AbstractUserSessionLimitsBrokerTest.java
View file

@ -5,6 +5,7 @@ import org.keycloak.authentication.authenticators.sessionlimits.UserSessionLimit
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.RealmModel;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.broker.AbstractInitializedBaseBrokerTest;
import static org.junit.Assert.assertEquals;
@ -16,25 +17,25 @@ import static org.keycloak.testsuite.sessionlimits.UserSessionLimitsUtil.ERROR_T
public abstract class AbstractUserSessionLimitsBrokerTest extends AbstractInitializedBaseBrokerTest {
@Test
public void testSessionCountExceededAndNewSessionDeniedFirstBrokerLoginFlow() throws Exception {
public void testSessionCountExceededAndNewSessionDeniedFirstBrokerLoginFlow() {
configureFlow(UserSessionLimitsAuthenticatorFactory.DENY_NEW_SESSION, "0", "1");
loginTwiceAndVerifyBehavior(UserSessionLimitsAuthenticatorFactory.DENY_NEW_SESSION);
}
@Test
public void testSessionCountExceededAndOldestSessionRemovedFirstBrokerLoginFlow() throws Exception {
public void testSessionCountExceededAndOldestSessionRemovedFirstBrokerLoginFlow() {
configureFlow(UserSessionLimitsAuthenticatorFactory.TERMINATE_OLDEST_SESSION, "0", "1");
loginTwiceAndVerifyBehavior(UserSessionLimitsAuthenticatorFactory.TERMINATE_OLDEST_SESSION);
}
@Test
public void testRealmSessionCountExceededAndNewSessionDeniedFirstBrokerLoginFlow() throws Exception {
public void testRealmSessionCountExceededAndNewSessionDeniedFirstBrokerLoginFlow() {
configureFlow(UserSessionLimitsAuthenticatorFactory.DENY_NEW_SESSION, "1", "0");
loginTwiceAndVerifyBehavior(UserSessionLimitsAuthenticatorFactory.DENY_NEW_SESSION);
}
@Test
public void testRealmSessionCountExceededAndOldestFirstBrokerLoginFlow() throws Exception {
public void testRealmSessionCountExceededAndOldestFirstBrokerLoginFlow() {
configureFlow(UserSessionLimitsAuthenticatorFactory.TERMINATE_OLDEST_SESSION, "1", "0");
loginTwiceAndVerifyBehavior(UserSessionLimitsAuthenticatorFactory.TERMINATE_OLDEST_SESSION);
}
@ -63,7 +64,6 @@ public abstract class AbstractUserSessionLimitsBrokerTest extends AbstractInitia
private void loginTwiceAndVerifyBehavior(String behavior) {
logInAsUserInIDPForFirstTime();
assertLoggedInAccountManagement();
deleteAllCookiesForRealm(bc.consumerRealmName());
deleteAllCookiesForRealm(bc.providerRealmName());
@ -71,7 +71,7 @@ public abstract class AbstractUserSessionLimitsBrokerTest extends AbstractInitia
logInAsUserInIDP();
if (UserSessionLimitsAuthenticatorFactory.TERMINATE_OLDEST_SESSION.equals(behavior)) {
assertLoggedInAccountManagement();
appPage.assertCurrent();
testingClient.server(bc.consumerRealmName()).run(assertSessionCount(bc.consumerRealmName(), bc.getUserLogin(), 1));
}
else if (UserSessionLimitsAuthenticatorFactory.DENY_NEW_SESSION.equals(behavior)) {

18
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AccountHelper.java
View file

@ -30,15 +30,25 @@ import java.util.Optional;
public class AccountHelper {
private static UserResource getUserResource(RealmResource realm, String username) {
public static UserRepresentation getUserRepresentation(RealmResource realm, String username) {
Optional<UserRepresentation> userResult = realm.users().search(username, true).stream().findFirst();
if (userResult.isEmpty()) {
throw new RuntimeException("User with username " + username + " not found");
}
UserRepresentation userRepresentation = userResult.get();
UserResource user = realm.users().get(userRepresentation.getId());
return user;
return userResult.get();
}
private static UserResource getUserResource(RealmResource realm, String username) {
UserRepresentation userRepresentation = getUserRepresentation(realm, username);
return realm.users().get(userRepresentation.getId());
}
public static UserResource updateUser(RealmResource realm, String username, UserRepresentation userRepresentation) {
AccountHelper.getUserResource(realm, username).update(userRepresentation);
return AccountHelper.getUserResource(realm, username);
}
public static boolean updatePassword(RealmResource realm, String username, String password) {

7
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/TestAppHelper.java
View file

@ -24,7 +24,6 @@ import org.keycloak.testsuite.pages.LoginTotpPage;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import java.net.URISyntaxException;
public class TestAppHelper {
private OAuthClient oauth;
@ -45,7 +44,7 @@ public class TestAppHelper {
this.appPage = appPage;
}
public boolean login(String username, String password) throws URISyntaxException, IOException {
public boolean login(String username, String password) {
startLogin(username, password);
if (loginPage.isCurrent()) {
@ -70,7 +69,7 @@ public class TestAppHelper {
refreshToken = tokenResponse.getRefreshToken();
}
public boolean login(String username, String password, String otp) throws URISyntaxException, IOException {
public boolean login(String username, String password, String otp) {
startLogin(username, password);
loginTotpPage.login(otp);
@ -83,7 +82,7 @@ public class TestAppHelper {
return appPage.isCurrent();
}
public boolean login(String username, String password, String realm, String clientId, String idp) throws URISyntaxException, IOException {
public boolean login(String username, String password, String realm, String clientId, String idp) {
oauth.clientId(clientId);
loginPage.open(realm);
loginPage.clickSocial(idp);