KEYCLOAK-19077 fix login for admin console based scenarios (PKCE is required by default)

* also don't fetch fonts that are not needed/available anymore
2021-08-19 09:06:46 +02:00 · 2021-08-19 09:06:46 +02:00 · 655d66b03f
commit 655d66b03f
parent aa018295c4
2 changed files with 24 additions and 20 deletions
--- a/testsuite/performance/tests/src/main/scala/org/keycloak/gatling/Utils.scala
+++ b/testsuite/performance/tests/src/main/scala/org/keycloak/gatling/Utils.scala
@ -1,6 +1,8 @@
 package org.keycloak.gatling

 import java.net.URLEncoder
+import java.security.{MessageDigest, SecureRandom}
+import org.apache.commons.codec.binary.Base64

 /**
  * @author <a href="mailto:mstrukel@redhat.com">Marko Strukelj</a>
@ -15,4 +17,18 @@ object Utils {
    URLEncoder.encode(url.split("/auth")(0), "utf-8")
  }

+  def generateCodeVerifier(): String = {
+    val secureRandom = new SecureRandom()
+    val code = new Array[Byte](32)
+    secureRandom.nextBytes(code)
+    Base64.encodeBase64URLSafeString(code)
+  }
+
+  def generateCodeChallenge(codeVerifier: String): String = {
+    val codeVerifierBytes = codeVerifier.getBytes("US-ASCII")
+    val md = MessageDigest.getInstance("SHA-256")
+    md.update(codeVerifierBytes, 0, codeVerifierBytes.length)
+    Base64.encodeBase64URLSafeString(md.digest)
+  }
+
 }
--- a/testsuite/performance/tests/src/test/scala/keycloak/AdminConsoleScenarioBuilder.scala
+++ b/testsuite/performance/tests/src/test/scala/keycloak/AdminConsoleScenarioBuilder.scala
@ -6,12 +6,11 @@ import keycloak.AdminConsoleScenarioBuilder._

 import java.time.ZonedDateTime
 import java.time.format.DateTimeFormatter
-
 import io.gatling.core.pause.Normal
 import io.gatling.http.request.StringBody
 import org.jboss.perf.util.Util
 import org.jboss.perf.util.Util.randomUUID
-import org.keycloak.gatling.Utils.{urlEncodedRoot, urlencode}
+import org.keycloak.gatling.Utils.{generateCodeChallenge, generateCodeVerifier, urlEncodedRoot, urlencode}
 import org.keycloak.performance.TestConfig
 import org.keycloak.performance.templates.DatasetTemplate

@ -60,6 +59,8 @@ class AdminConsoleScenarioBuilder {
  var chainBuilder = exec(s => {
    val realm = realmsIterator.next
    val serverUrl = TestConfig.serverUrisIterator.next()
+    val codeVerifier = generateCodeVerifier()
+    val codeChallenge = generateCodeChallenge(codeVerifier)
    s.setAll(
      "keycloakServer" -> serverUrl,
      "keycloakServerUrlEncoded" -> urlencode(serverUrl),
@ -70,7 +71,9 @@ class AdminConsoleScenarioBuilder {
      "realm" -> realm.getRepresentation.getRealm,
      "username" -> TestConfig.authUser,
      "password" -> TestConfig.authPassword,
-      "clientId" -> "security-admin-console"
+      "clientId" -> "security-admin-console",
+      "codeVerifier" -> codeVerifier,
+      "codeChallenge" -> codeChallenge
    )
  }).exitHereIfFailed

@ -135,7 +138,7 @@ class AdminConsoleScenarioBuilder {
  def loginThroughLoginForm() : AdminConsoleScenarioBuilder = {
    chainBuilder = chainBuilder
      .exec(http("JS Adapter Auth - Login Form Redirect")
-        .get("/auth/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=${keycloakServerUrlEncoded}%2Fadmin%2Fmaster%2Fconsole%2F&state=${state}&nonce=${nonce}&response_mode=fragment&response_type=code&scope=openid")
+        .get("/auth/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=${keycloakServerUrlEncoded}%2Fadmin%2Fmaster%2Fconsole%2F&state=${state}&nonce=${nonce}&response_mode=fragment&response_type=code&scope=openid&code_challenge=${codeChallenge}&code_challenge_method=S256")
        .headers(UI_HEADERS)
        .check(status.is(200), regex("action=\"([^\"]*)\"").find.transform(_.replaceAll("&amp;", "&")).saveAs("login-form-uri")))
      .exitHereIfFailed
@ -170,6 +173,7 @@ class AdminConsoleScenarioBuilder {
            .post("/auth/realms/master/protocol/openid-connect/token")
            .headers(ACCEPT_ALL)
            .formParam("code", "${code}")
+            .formParam("code_verifier", "${codeVerifier}")
            .formParam("grant_type", "authorization_code")
            .formParam("client_id", "security-admin-console")
            .formParam("redirect_uri", APP_URL)
@ -260,22 +264,6 @@ class AdminConsoleScenarioBuilder {
          .get("/auth/resources/${resourceVersion}/admin/keycloak/templates/kc-menu.html")
          //.headers(UI_HEADERS ++ Map("Referer" -> ""))  // TODO fix referer
          .headers(UI_HEADERS)
-          .check(status.is(200)),
-
-        // request fonts for css also set referer
-        http("OpenSans-Semibold-webfont.woff")
-          .get("/auth/resources/${resourceVersion}/admin/keycloak/lib/patternfly/fonts/OpenSans-Semibold-webfont.woff")
-          .headers(UI_HEADERS)
-          .check(status.is(200)),
-
-        http("OpenSans-Bold-webfont.woff")
-          .get("/auth/resources/${resourceVersion}/admin/keycloak/lib/patternfly/fonts/OpenSans-Bold-webfont.woff")
-          .headers(UI_HEADERS)
-          .check(status.is(200)),
-
-        http("OpenSans-Light-webfont.woff")
-          .get("/auth/resources/${resourceVersion}/admin/keycloak/lib/patternfly/fonts/OpenSans-Light-webfont.woff")
-          .headers(UI_HEADERS)
          .check(status.is(200))
      )
    )