diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java index 851a450500..5443a7e742 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java @@ -32,6 +32,7 @@ import org.keycloak.adapters.AdapterConstants; import org.keycloak.models.ApplicationModel; import org.keycloak.models.Constants; import org.keycloak.models.KeycloakSession; +import org.keycloak.models.PasswordPolicy; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.models.UserSessionModel; @@ -45,6 +46,7 @@ import org.keycloak.services.resources.admin.AdminRoot; import org.keycloak.testsuite.OAuthClient; import org.keycloak.testsuite.pages.LoginPage; import org.keycloak.testsuite.rule.AbstractKeycloakRule; +import org.keycloak.testsuite.rule.KeycloakRule; import org.keycloak.testsuite.rule.WebResource; import org.keycloak.testsuite.rule.WebRule; import org.keycloak.testutils.KeycloakServer; @@ -64,6 +66,7 @@ import java.net.URI; import java.net.URL; import java.security.PublicKey; import java.util.Map; +import java.util.concurrent.atomic.AtomicInteger; /** * Tests Undertow Adapter @@ -422,6 +425,11 @@ public class AdapterTest { Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL)); } + /** + * KEYCLOAK-732 + * + * @throws Throwable + */ @Test public void testSingleSessionInvalidated() throws Throwable { AdapterTest browser1 = this; @@ -457,6 +465,57 @@ public class AdapterTest { } } + /** + * KEYCLOAK-741 + */ + @Test + public void testSessionInvalidatedAfterFailedRefresh() throws Throwable { + final AtomicInteger origTokenLifespan = new AtomicInteger(); + + // Delete adminUrl and set short accessTokenLifespan + keycloakRule.update(new KeycloakRule.KeycloakSetup() { + @Override + public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel demoRealm) { + ApplicationModel sessionPortal = demoRealm.getApplicationByName("session-portal"); + sessionPortal.setManagementUrl(null); + + origTokenLifespan.set(demoRealm.getAccessTokenLifespan()); + demoRealm.setAccessTokenLifespan(1); + } + }, "demo"); + + // Login + loginAndCheckSession(driver, loginPage); + + // Logout + String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth")) + .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/session-portal").build("demo").toString(); + driver.navigate().to(logoutUri); + + // Wait until accessToken is expired + Thread.sleep(2000); + + // Assert that http session was invalidated + driver.navigate().to("http://localhost:8081/session-portal"); + Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL)); + loginPage.login("bburke@redhat.com", "password"); + Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/session-portal"); + String pageSource = driver.getPageSource(); + Assert.assertTrue(pageSource.contains("Counter=1")); + + keycloakRule.update(new KeycloakRule.KeycloakSetup() { + + @Override + public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel demoRealm) { + ApplicationModel sessionPortal = demoRealm.getApplicationByName("session-portal"); + sessionPortal.setManagementUrl("http://localhost:8081/session-portal"); + + demoRealm.setAccessTokenLifespan(origTokenLifespan.get()); + } + + }, "demo"); + } + private static void loginAndCheckSession(WebDriver driver, LoginPage loginPage) { driver.navigate().to("http://localhost:8081/session-portal"); Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL)); diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java index b0fd0951dc..7b616f332d 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java @@ -83,6 +83,25 @@ public abstract class AbstractKeycloakRule extends ExternalResource { } } + public void update(KeycloakRule.KeycloakSetup configurer, String realmId) { + KeycloakSession session = server.getSessionFactory().create(); + session.getTransaction().begin(); + + try { + RealmManager manager = new RealmManager(session); + + RealmModel adminstrationRealm = manager.getRealm(Config.getAdminRealm()); + RealmModel appRealm = manager.getRealm(realmId); + + configurer.session = session; + configurer.config(manager, adminstrationRealm, appRealm); + + session.getTransaction().commit(); + } finally { + session.close(); + } + } + protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) { } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java index 481b1d82a3..74df6c814f 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java @@ -81,22 +81,7 @@ public class KeycloakRule extends AbstractKeycloakRule { } public void update(KeycloakSetup configurer) { - KeycloakSession session = server.getSessionFactory().create(); - session.getTransaction().begin(); - - try { - RealmManager manager = new RealmManager(session); - - RealmModel adminstrationRealm = manager.getRealm(Config.getAdminRealm()); - RealmModel appRealm = manager.getRealm("test"); - - configurer.session = session; - configurer.config(manager, adminstrationRealm, appRealm); - - session.getTransaction().commit(); - } finally { - session.close(); - } + update(configurer, "test"); } diff --git a/testsuite/integration/src/test/resources/adapter-test/demorealm.json b/testsuite/integration/src/test/resources/adapter-test/demorealm.json index abc8e4086c..fc6ebaedbd 100755 --- a/testsuite/integration/src/test/resources/adapter-test/demorealm.json +++ b/testsuite/integration/src/test/resources/adapter-test/demorealm.json @@ -1,4 +1,5 @@ { + "id": "demo", "realm": "demo", "enabled": true, "accessTokenLifespan": 3000,