From 66a2b916f241be3c74eace43d20d9224472f05ec Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Mon, 20 Jul 2015 07:48:02 +0200 Subject: [PATCH] Fix CRLF with LF --- .../RequiredActionProviderRepresentation.java | 146 ++--- .../org/keycloak/utils/CredentialHelper.java | 116 ++-- .../actions/RequiredActionTotpSetupTest.java | 446 ++++++------- .../composites/CompositeRoleTest.java | 592 +++++++++--------- 4 files changed, 650 insertions(+), 650 deletions(-) diff --git a/core/src/main/java/org/keycloak/representations/idm/RequiredActionProviderRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RequiredActionProviderRepresentation.java index e145818cc2..d94fe5b735 100755 --- a/core/src/main/java/org/keycloak/representations/idm/RequiredActionProviderRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/RequiredActionProviderRepresentation.java @@ -1,73 +1,73 @@ -package org.keycloak.representations.idm; - -import java.util.HashMap; -import java.util.Map; - -/** -* @author Bill Burke -* @version $Revision: 1 $ -*/ -public class RequiredActionProviderRepresentation { - - private String alias; - private String name; - private String providerId; - private boolean enabled; - private boolean defaultAction; - private Map config = new HashMap(); - - - public String getAlias() { - return alias; - } - - public void setAlias(String alias) { - this.alias = alias; - } - - /** - * Used for display purposes. Probably should clean this code up and make alias and name the same, but - * the old code references an Enum and the admin console creates a "friendly" name for each enum. - * - * @return - */ - public String getName() { - return name; - } - - public void setName(String name) { - this.name = name; - } - - public boolean isEnabled() { - return enabled; - } - - public void setEnabled(boolean enabled) { - this.enabled = enabled; - } - - public boolean isDefaultAction() { - return defaultAction; - } - - public void setDefaultAction(boolean defaultAction) { - this.defaultAction = defaultAction; - } - - public String getProviderId() { - return providerId; - } - - public void setProviderId(String providerId) { - this.providerId = providerId; - } - - public Map getConfig() { - return config; - } - - public void setConfig(Map config) { - this.config = config; - } -} +package org.keycloak.representations.idm; + +import java.util.HashMap; +import java.util.Map; + +/** +* @author Bill Burke +* @version $Revision: 1 $ +*/ +public class RequiredActionProviderRepresentation { + + private String alias; + private String name; + private String providerId; + private boolean enabled; + private boolean defaultAction; + private Map config = new HashMap(); + + + public String getAlias() { + return alias; + } + + public void setAlias(String alias) { + this.alias = alias; + } + + /** + * Used for display purposes. Probably should clean this code up and make alias and name the same, but + * the old code references an Enum and the admin console creates a "friendly" name for each enum. + * + * @return + */ + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public boolean isEnabled() { + return enabled; + } + + public void setEnabled(boolean enabled) { + this.enabled = enabled; + } + + public boolean isDefaultAction() { + return defaultAction; + } + + public void setDefaultAction(boolean defaultAction) { + this.defaultAction = defaultAction; + } + + public String getProviderId() { + return providerId; + } + + public void setProviderId(String providerId) { + this.providerId = providerId; + } + + public Map getConfig() { + return config; + } + + public void setConfig(Map config) { + this.config = config; + } +} diff --git a/services/src/main/java/org/keycloak/utils/CredentialHelper.java b/services/src/main/java/org/keycloak/utils/CredentialHelper.java index c40656b46e..9b3af31618 100755 --- a/services/src/main/java/org/keycloak/utils/CredentialHelper.java +++ b/services/src/main/java/org/keycloak/utils/CredentialHelper.java @@ -1,58 +1,58 @@ -package org.keycloak.utils; - -import org.keycloak.authentication.Authenticator; -import org.keycloak.authentication.AuthenticatorFactory; -import org.keycloak.authentication.ConfigurableAuthenticatorFactory; -import org.keycloak.authentication.FormAction; -import org.keycloak.authentication.FormActionFactory; -import org.keycloak.authentication.authenticators.OTPFormAuthenticatorFactory; -import org.keycloak.authentication.authenticators.SpnegoAuthenticatorFactory; -import org.keycloak.authentication.authenticators.UsernamePasswordFormFactory; -import org.keycloak.models.AuthenticationExecutionModel; -import org.keycloak.models.AuthenticationFlowModel; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.RealmModel; -import org.keycloak.models.UserCredentialModel; -import org.keycloak.models.utils.DefaultAuthenticationFlows; -import org.keycloak.representations.idm.CredentialRepresentation; - -/** - * used to set an execution a state based on type. - * - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class CredentialHelper { - - public static void setRequiredCredential(KeycloakSession session, String type, RealmModel realm) { - AuthenticationExecutionModel.Requirement requirement = AuthenticationExecutionModel.Requirement.REQUIRED; - authenticationRequirement(session, realm, type, requirement); - } - - public static void setAlternativeCredential(KeycloakSession session, String type, RealmModel realm) { - AuthenticationExecutionModel.Requirement requirement = AuthenticationExecutionModel.Requirement.ALTERNATIVE; - authenticationRequirement(session, realm, type, requirement); - } - - public static void authenticationRequirement(KeycloakSession session, RealmModel realm, String type, AuthenticationExecutionModel.Requirement requirement) { - for (AuthenticationFlowModel flow : realm.getAuthenticationFlows()) { - for (AuthenticationExecutionModel execution : realm.getAuthenticationExecutions(flow.getId())) { - String providerId = execution.getAuthenticator(); - ConfigurableAuthenticatorFactory factory = getConfigurableAuthenticatorFactory(session, providerId); - if (factory == null) continue; - if (type.equals(factory.getReferenceCategory())) { - execution.setRequirement(requirement); - realm.updateAuthenticatorExecution(execution); - } - } - } - } - - public static ConfigurableAuthenticatorFactory getConfigurableAuthenticatorFactory(KeycloakSession session, String providerId) { - ConfigurableAuthenticatorFactory factory = (AuthenticatorFactory)session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, providerId); - if (factory == null) { - factory = (FormActionFactory)session.getKeycloakSessionFactory().getProviderFactory(FormAction.class, providerId); - } - return factory; - } -} +package org.keycloak.utils; + +import org.keycloak.authentication.Authenticator; +import org.keycloak.authentication.AuthenticatorFactory; +import org.keycloak.authentication.ConfigurableAuthenticatorFactory; +import org.keycloak.authentication.FormAction; +import org.keycloak.authentication.FormActionFactory; +import org.keycloak.authentication.authenticators.OTPFormAuthenticatorFactory; +import org.keycloak.authentication.authenticators.SpnegoAuthenticatorFactory; +import org.keycloak.authentication.authenticators.UsernamePasswordFormFactory; +import org.keycloak.models.AuthenticationExecutionModel; +import org.keycloak.models.AuthenticationFlowModel; +import org.keycloak.models.KeycloakSession; +import org.keycloak.models.RealmModel; +import org.keycloak.models.UserCredentialModel; +import org.keycloak.models.utils.DefaultAuthenticationFlows; +import org.keycloak.representations.idm.CredentialRepresentation; + +/** + * used to set an execution a state based on type. + * + * @author Bill Burke + * @version $Revision: 1 $ + */ +public class CredentialHelper { + + public static void setRequiredCredential(KeycloakSession session, String type, RealmModel realm) { + AuthenticationExecutionModel.Requirement requirement = AuthenticationExecutionModel.Requirement.REQUIRED; + authenticationRequirement(session, realm, type, requirement); + } + + public static void setAlternativeCredential(KeycloakSession session, String type, RealmModel realm) { + AuthenticationExecutionModel.Requirement requirement = AuthenticationExecutionModel.Requirement.ALTERNATIVE; + authenticationRequirement(session, realm, type, requirement); + } + + public static void authenticationRequirement(KeycloakSession session, RealmModel realm, String type, AuthenticationExecutionModel.Requirement requirement) { + for (AuthenticationFlowModel flow : realm.getAuthenticationFlows()) { + for (AuthenticationExecutionModel execution : realm.getAuthenticationExecutions(flow.getId())) { + String providerId = execution.getAuthenticator(); + ConfigurableAuthenticatorFactory factory = getConfigurableAuthenticatorFactory(session, providerId); + if (factory == null) continue; + if (type.equals(factory.getReferenceCategory())) { + execution.setRequirement(requirement); + realm.updateAuthenticatorExecution(execution); + } + } + } + } + + public static ConfigurableAuthenticatorFactory getConfigurableAuthenticatorFactory(KeycloakSession session, String providerId) { + ConfigurableAuthenticatorFactory factory = (AuthenticatorFactory)session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, providerId); + if (factory == null) { + factory = (FormActionFactory)session.getKeycloakSessionFactory().getProviderFactory(FormAction.class, providerId); + } + return factory; + } +} diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java index 56adc8961b..c448a927ea 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java @@ -1,223 +1,223 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2012, Red Hat, Inc., and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.keycloak.testsuite.actions; - -import org.junit.Assert; -import org.junit.ClassRule; -import org.junit.Rule; -import org.junit.Test; -import org.keycloak.authentication.requiredactions.UpdateTotp; -import org.keycloak.events.Details; -import org.keycloak.events.Event; -import org.keycloak.events.EventType; -import org.keycloak.models.RealmModel; -import org.keycloak.models.RequiredActionProviderModel; -import org.keycloak.models.UserModel; -import org.keycloak.models.utils.TimeBasedOTP; -import org.keycloak.representations.idm.CredentialRepresentation; -import org.keycloak.services.managers.RealmManager; -import org.keycloak.testsuite.AssertEvents; -import org.keycloak.testsuite.OAuthClient; -import org.keycloak.testsuite.pages.AccountTotpPage; -import org.keycloak.testsuite.pages.AppPage; -import org.keycloak.testsuite.pages.AppPage.RequestType; -import org.keycloak.testsuite.pages.LoginConfigTotpPage; -import org.keycloak.testsuite.pages.LoginPage; -import org.keycloak.testsuite.pages.LoginTotpPage; -import org.keycloak.testsuite.pages.RegisterPage; -import org.keycloak.testsuite.rule.KeycloakRule; -import org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup; -import org.keycloak.testsuite.rule.WebResource; -import org.keycloak.testsuite.rule.WebRule; -import org.keycloak.utils.CredentialHelper; -import org.openqa.selenium.WebDriver; - -/** - * @author Stian Thorgersen - */ -public class RequiredActionTotpSetupTest { - - @ClassRule - public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakSetup() { - - @Override - public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) { - CredentialHelper.setRequiredCredential(manager.getSession(), CredentialRepresentation.TOTP, appRealm); - //appRealm.addRequiredCredential(CredentialRepresentation.TOTP); - RequiredActionProviderModel requiredAction = appRealm.getRequiredActionProviderByAlias(UserModel.RequiredAction.CONFIGURE_TOTP.name()); - requiredAction.setDefaultAction(true); - appRealm.updateRequiredActionProvider(requiredAction); - appRealm.setResetPasswordAllowed(true); - } - - }); - - @Rule - public AssertEvents events = new AssertEvents(keycloakRule); - - @Rule - public WebRule webRule = new WebRule(this); - - @WebResource - protected WebDriver driver; - - @WebResource - protected AppPage appPage; - - @WebResource - protected LoginPage loginPage; - - @WebResource - protected LoginTotpPage loginTotpPage; - - @WebResource - protected LoginConfigTotpPage totpPage; - - @WebResource - protected AccountTotpPage accountTotpPage; - - @WebResource - protected OAuthClient oauth; - - @WebResource - protected RegisterPage registerPage; - - protected TimeBasedOTP totp = new TimeBasedOTP(); - - @Test - public void setupTotpRegister() { - loginPage.open(); - loginPage.clickRegister(); - registerPage.register("firstName", "lastName", "email@mail.com", "setupTotp", "password", "password"); - - String userId = events.expectRegister("setupTotp", "email@mail.com").assertEvent().getUserId(); - - totpPage.assertCurrent(); - - totpPage.configure(totp.generate(totpPage.getTotpSecret())); - - String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp").assertEvent().getSessionId(); - - Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType()); - - events.expectLogin().user(userId).session(sessionId).detail(Details.USERNAME, "setuptotp").assertEvent(); - } - - @Test - public void setupTotpExisting() { - loginPage.open(); - loginPage.login("test-user@localhost", "password"); - - totpPage.assertCurrent(); - - String totpSecret = totpPage.getTotpSecret(); - - totpPage.configure(totp.generate(totpSecret)); - - String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).assertEvent().getSessionId(); - - Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType()); - - Event loginEvent = events.expectLogin().session(sessionId).assertEvent(); - - oauth.openLogout(); - - events.expectLogout(loginEvent.getSessionId()).assertEvent(); - - loginPage.open(); - loginPage.login("test-user@localhost", "password"); - String src = driver.getPageSource(); - loginTotpPage.login(totp.generate(totpSecret)); - - Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType()); - - events.expectLogin().assertEvent(); - } - - @Test - public void setupTotpRegisteredAfterTotpRemoval() { - // Register new user - loginPage.open(); - loginPage.clickRegister(); - registerPage.register("firstName2", "lastName2", "email2@mail.com", "setupTotp2", "password2", "password2"); - - String userId = events.expectRegister("setupTotp2", "email2@mail.com").assertEvent().getUserId(); - - // Configure totp - totpPage.assertCurrent(); - - String totpCode = totpPage.getTotpSecret(); - totpPage.configure(totp.generate(totpCode)); - - // After totp config, user should be on the app page - Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType()); - - events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent(); - - Event loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent(); - - // Logout - oauth.openLogout(); - events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent(); - - // Try to login after logout - loginPage.open(); - loginPage.login("setupTotp2", "password2"); - - // Totp is already configured, thus one-time password is needed, login page should be loaded - Assert.assertTrue(loginPage.isCurrent()); - Assert.assertFalse(totpPage.isCurrent()); - - // Login with one-time password - loginTotpPage.login(totp.generate(totpCode)); - - loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent(); - - // Open account page - accountTotpPage.open(); - accountTotpPage.assertCurrent(); - - // Remove google authentificator - accountTotpPage.removeTotp(); - - events.expectAccount(EventType.REMOVE_TOTP).user(userId).assertEvent(); - - // Logout - oauth.openLogout(); - events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent(); - - // Try to login - loginPage.open(); - loginPage.login("setupTotp2", "password2"); - - // Since the authentificator was removed, it has to be set up again - totpPage.assertCurrent(); - totpPage.configure(totp.generate(totpPage.getTotpSecret())); - - String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent().getSessionId(); - - Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType()); - - events.expectLogin().user(userId).session(sessionId).detail(Details.USERNAME, "setuptotp2").assertEvent(); - } - -} +/* + * JBoss, Home of Professional Open Source. + * Copyright 2012, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.keycloak.testsuite.actions; + +import org.junit.Assert; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; +import org.keycloak.authentication.requiredactions.UpdateTotp; +import org.keycloak.events.Details; +import org.keycloak.events.Event; +import org.keycloak.events.EventType; +import org.keycloak.models.RealmModel; +import org.keycloak.models.RequiredActionProviderModel; +import org.keycloak.models.UserModel; +import org.keycloak.models.utils.TimeBasedOTP; +import org.keycloak.representations.idm.CredentialRepresentation; +import org.keycloak.services.managers.RealmManager; +import org.keycloak.testsuite.AssertEvents; +import org.keycloak.testsuite.OAuthClient; +import org.keycloak.testsuite.pages.AccountTotpPage; +import org.keycloak.testsuite.pages.AppPage; +import org.keycloak.testsuite.pages.AppPage.RequestType; +import org.keycloak.testsuite.pages.LoginConfigTotpPage; +import org.keycloak.testsuite.pages.LoginPage; +import org.keycloak.testsuite.pages.LoginTotpPage; +import org.keycloak.testsuite.pages.RegisterPage; +import org.keycloak.testsuite.rule.KeycloakRule; +import org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup; +import org.keycloak.testsuite.rule.WebResource; +import org.keycloak.testsuite.rule.WebRule; +import org.keycloak.utils.CredentialHelper; +import org.openqa.selenium.WebDriver; + +/** + * @author Stian Thorgersen + */ +public class RequiredActionTotpSetupTest { + + @ClassRule + public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakSetup() { + + @Override + public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) { + CredentialHelper.setRequiredCredential(manager.getSession(), CredentialRepresentation.TOTP, appRealm); + //appRealm.addRequiredCredential(CredentialRepresentation.TOTP); + RequiredActionProviderModel requiredAction = appRealm.getRequiredActionProviderByAlias(UserModel.RequiredAction.CONFIGURE_TOTP.name()); + requiredAction.setDefaultAction(true); + appRealm.updateRequiredActionProvider(requiredAction); + appRealm.setResetPasswordAllowed(true); + } + + }); + + @Rule + public AssertEvents events = new AssertEvents(keycloakRule); + + @Rule + public WebRule webRule = new WebRule(this); + + @WebResource + protected WebDriver driver; + + @WebResource + protected AppPage appPage; + + @WebResource + protected LoginPage loginPage; + + @WebResource + protected LoginTotpPage loginTotpPage; + + @WebResource + protected LoginConfigTotpPage totpPage; + + @WebResource + protected AccountTotpPage accountTotpPage; + + @WebResource + protected OAuthClient oauth; + + @WebResource + protected RegisterPage registerPage; + + protected TimeBasedOTP totp = new TimeBasedOTP(); + + @Test + public void setupTotpRegister() { + loginPage.open(); + loginPage.clickRegister(); + registerPage.register("firstName", "lastName", "email@mail.com", "setupTotp", "password", "password"); + + String userId = events.expectRegister("setupTotp", "email@mail.com").assertEvent().getUserId(); + + totpPage.assertCurrent(); + + totpPage.configure(totp.generate(totpPage.getTotpSecret())); + + String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp").assertEvent().getSessionId(); + + Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType()); + + events.expectLogin().user(userId).session(sessionId).detail(Details.USERNAME, "setuptotp").assertEvent(); + } + + @Test + public void setupTotpExisting() { + loginPage.open(); + loginPage.login("test-user@localhost", "password"); + + totpPage.assertCurrent(); + + String totpSecret = totpPage.getTotpSecret(); + + totpPage.configure(totp.generate(totpSecret)); + + String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).assertEvent().getSessionId(); + + Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType()); + + Event loginEvent = events.expectLogin().session(sessionId).assertEvent(); + + oauth.openLogout(); + + events.expectLogout(loginEvent.getSessionId()).assertEvent(); + + loginPage.open(); + loginPage.login("test-user@localhost", "password"); + String src = driver.getPageSource(); + loginTotpPage.login(totp.generate(totpSecret)); + + Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType()); + + events.expectLogin().assertEvent(); + } + + @Test + public void setupTotpRegisteredAfterTotpRemoval() { + // Register new user + loginPage.open(); + loginPage.clickRegister(); + registerPage.register("firstName2", "lastName2", "email2@mail.com", "setupTotp2", "password2", "password2"); + + String userId = events.expectRegister("setupTotp2", "email2@mail.com").assertEvent().getUserId(); + + // Configure totp + totpPage.assertCurrent(); + + String totpCode = totpPage.getTotpSecret(); + totpPage.configure(totp.generate(totpCode)); + + // After totp config, user should be on the app page + Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType()); + + events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent(); + + Event loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent(); + + // Logout + oauth.openLogout(); + events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent(); + + // Try to login after logout + loginPage.open(); + loginPage.login("setupTotp2", "password2"); + + // Totp is already configured, thus one-time password is needed, login page should be loaded + Assert.assertTrue(loginPage.isCurrent()); + Assert.assertFalse(totpPage.isCurrent()); + + // Login with one-time password + loginTotpPage.login(totp.generate(totpCode)); + + loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent(); + + // Open account page + accountTotpPage.open(); + accountTotpPage.assertCurrent(); + + // Remove google authentificator + accountTotpPage.removeTotp(); + + events.expectAccount(EventType.REMOVE_TOTP).user(userId).assertEvent(); + + // Logout + oauth.openLogout(); + events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent(); + + // Try to login + loginPage.open(); + loginPage.login("setupTotp2", "password2"); + + // Since the authentificator was removed, it has to be set up again + totpPage.assertCurrent(); + totpPage.configure(totp.generate(totpPage.getTotpSecret())); + + String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent().getSessionId(); + + Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType()); + + events.expectLogin().user(userId).session(sessionId).detail(Details.USERNAME, "setuptotp2").assertEvent(); + } + +} diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java index bf47e0c5ed..7178f1de10 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java @@ -1,296 +1,296 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2012, Red Hat, Inc., and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.keycloak.testsuite.composites; - -import org.junit.Assert; -import org.junit.ClassRule; -import org.junit.Rule; -import org.junit.Test; -import org.keycloak.OAuth2Constants; -import org.keycloak.enums.SslRequired; -import org.keycloak.models.ClientModel; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.RealmModel; -import org.keycloak.models.RoleModel; -import org.keycloak.models.UserCredentialModel; -import org.keycloak.models.UserModel; -import org.keycloak.models.utils.KeycloakModelUtils; -import org.keycloak.representations.AccessToken; -import org.keycloak.services.managers.ClientManager; -import org.keycloak.services.managers.RealmManager; -import org.keycloak.testsuite.ApplicationServlet; -import org.keycloak.testsuite.OAuthClient; -import org.keycloak.testsuite.OAuthClient.AccessTokenResponse; -import org.keycloak.testsuite.pages.LoginPage; -import org.keycloak.testsuite.rule.AbstractKeycloakRule; -import org.keycloak.testsuite.rule.WebResource; -import org.keycloak.testsuite.rule.WebRule; -import org.openqa.selenium.WebDriver; - -import java.security.PublicKey; - -/** - * @author Stian Thorgersen - */ -public class CompositeRoleTest { - - public static PublicKey realmPublicKey; - @ClassRule - public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule(){ - @Override - protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) { - RealmModel realm = manager.createRealm("test"); - KeycloakModelUtils.generateRealmKeys(realm); - realmPublicKey = realm.getPublicKey(); - realm.setSsoSessionIdleTimeout(3000); - realm.setAccessTokenLifespan(10000); - realm.setSsoSessionMaxLifespan(10000); - realm.setAccessCodeLifespanUserAction(1000); - realm.setAccessCodeLifespan(1000); - realm.setSslRequired(SslRequired.EXTERNAL); - realm.setEnabled(true); - realm.addRequiredCredential(UserCredentialModel.PASSWORD); - final RoleModel realmRole1 = realm.addRole("REALM_ROLE_1"); - final RoleModel realmRole2 = realm.addRole("REALM_ROLE_2"); - final RoleModel realmRole3 = realm.addRole("REALM_ROLE_3"); - final RoleModel realmComposite1 = realm.addRole("REALM_COMPOSITE_1"); - realmComposite1.addCompositeRole(realmRole1); - - final UserModel realmComposite1User = session.users().addUser(realm, "REALM_COMPOSITE_1_USER"); - realmComposite1User.setEnabled(true); - realmComposite1User.updateCredential(UserCredentialModel.password("password")); - realmComposite1User.grantRole(realmComposite1); - - final UserModel realmRole1User = session.users().addUser(realm, "REALM_ROLE_1_USER"); - realmRole1User.setEnabled(true); - realmRole1User.updateCredential(UserCredentialModel.password("password")); - realmRole1User.grantRole(realmRole1); - - final ClientModel realmComposite1Application = new ClientManager(manager).createClient(realm, "REALM_COMPOSITE_1_APPLICATION"); - realmComposite1Application.setFullScopeAllowed(false); - realmComposite1Application.setEnabled(true); - realmComposite1Application.addScopeMapping(realmComposite1); - realmComposite1Application.addRedirectUri("http://localhost:8081/app/*"); - realmComposite1Application.setBaseUrl("http://localhost:8081/app"); - realmComposite1Application.setManagementUrl("http://localhost:8081/app/logout"); - realmComposite1Application.setSecret("password"); - - final ClientModel realmRole1Application = new ClientManager(manager).createClient(realm, "REALM_ROLE_1_APPLICATION"); - realmRole1Application.setFullScopeAllowed(false); - realmRole1Application.setEnabled(true); - realmRole1Application.addScopeMapping(realmRole1); - realmRole1Application.addRedirectUri("http://localhost:8081/app/*"); - realmRole1Application.setBaseUrl("http://localhost:8081/app"); - realmRole1Application.setManagementUrl("http://localhost:8081/app/logout"); - realmRole1Application.setSecret("password"); - - - final ClientModel appRoleApplication = new ClientManager(manager).createClient(realm, "APP_ROLE_APPLICATION"); - appRoleApplication.setFullScopeAllowed(false); - appRoleApplication.setEnabled(true); - appRoleApplication.addRedirectUri("http://localhost:8081/app/*"); - appRoleApplication.setBaseUrl("http://localhost:8081/app"); - appRoleApplication.setManagementUrl("http://localhost:8081/app/logout"); - appRoleApplication.setSecret("password"); - final RoleModel appRole1 = appRoleApplication.addRole("APP_ROLE_1"); - final RoleModel appRole2 = appRoleApplication.addRole("APP_ROLE_2"); - - final RoleModel realmAppCompositeRole = realm.addRole("REALM_APP_COMPOSITE_ROLE"); - realmAppCompositeRole.addCompositeRole(appRole1); - - final UserModel realmAppCompositeUser = session.users().addUser(realm, "REALM_APP_COMPOSITE_USER"); - realmAppCompositeUser.setEnabled(true); - realmAppCompositeUser.updateCredential(UserCredentialModel.password("password")); - realmAppCompositeUser.grantRole(realmAppCompositeRole); - - final UserModel realmAppRoleUser = session.users().addUser(realm, "REALM_APP_ROLE_USER"); - realmAppRoleUser.setEnabled(true); - realmAppRoleUser.updateCredential(UserCredentialModel.password("password")); - realmAppRoleUser.grantRole(appRole2); - - final ClientModel appCompositeApplication = new ClientManager(manager).createClient(realm, "APP_COMPOSITE_APPLICATION"); - appCompositeApplication.setFullScopeAllowed(false); - appCompositeApplication.setEnabled(true); - appCompositeApplication.addRedirectUri("http://localhost:8081/app/*"); - appCompositeApplication.setBaseUrl("http://localhost:8081/app"); - appCompositeApplication.setManagementUrl("http://localhost:8081/app/logout"); - appCompositeApplication.setSecret("password"); - final RoleModel appCompositeRole = appCompositeApplication.addRole("APP_COMPOSITE_ROLE"); - appCompositeApplication.addScopeMapping(appRole2); - appCompositeRole.addCompositeRole(realmRole1); - appCompositeRole.addCompositeRole(realmRole2); - appCompositeRole.addCompositeRole(realmRole3); - appCompositeRole.addCompositeRole(appRole1); - - final UserModel appCompositeUser = session.users().addUser(realm, "APP_COMPOSITE_USER"); - appCompositeUser.setEnabled(true); - appCompositeUser.updateCredential(UserCredentialModel.password("password")); - appCompositeUser.grantRole(realmAppCompositeRole); - appCompositeUser.grantRole(realmComposite1); - - deployServlet("app", "/app", ApplicationServlet.class); - - } - }; - - @Rule - public WebRule webRule = new WebRule(this); - - @WebResource - protected WebDriver driver; - - @WebResource - protected OAuthClient oauth; - - @WebResource - protected LoginPage loginPage; - - @Test - public void testAppCompositeUser() throws Exception { - oauth.realm("test"); - oauth.realmPublicKey(realmPublicKey); - oauth.clientId("APP_COMPOSITE_APPLICATION"); - oauth.doLogin("APP_COMPOSITE_USER", "password"); - - String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); - AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password"); - - Assert.assertEquals(200, response.getStatusCode()); - - Assert.assertEquals("bearer", response.getTokenType()); - - AccessToken token = oauth.verifyToken(response.getAccessToken()); - - Assert.assertEquals(keycloakRule.getUser("test", "APP_COMPOSITE_USER").getId(), token.getSubject()); - - Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size()); - Assert.assertEquals(1, token.getRealmAccess().getRoles().size()); - Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1")); - Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1")); - - AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password"); - Assert.assertEquals(200, refreshResponse.getStatusCode()); - } - - - @Test - public void testRealmAppCompositeUser() throws Exception { - oauth.realm("test"); - oauth.realmPublicKey(realmPublicKey); - oauth.clientId("APP_ROLE_APPLICATION"); - oauth.doLogin("REALM_APP_COMPOSITE_USER", "password"); - - String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); - AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password"); - - Assert.assertEquals(200, response.getStatusCode()); - - Assert.assertEquals("bearer", response.getTokenType()); - - AccessToken token = oauth.verifyToken(response.getAccessToken()); - - Assert.assertEquals(keycloakRule.getUser("test", "REALM_APP_COMPOSITE_USER").getId(), token.getSubject()); - - Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size()); - Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1")); - - AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password"); - Assert.assertEquals(200, refreshResponse.getStatusCode()); - } - - @Test - public void testRealmOnlyWithUserCompositeAppComposite() throws Exception { - oauth.realm("test"); - oauth.realmPublicKey(realmPublicKey); - oauth.clientId("REALM_COMPOSITE_1_APPLICATION"); - oauth.doLogin("REALM_COMPOSITE_1_USER", "password"); - - String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); - AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password"); - - Assert.assertEquals(200, response.getStatusCode()); - - Assert.assertEquals("bearer", response.getTokenType()); - - AccessToken token = oauth.verifyToken(response.getAccessToken()); - - Assert.assertEquals(keycloakRule.getUser("test", "REALM_COMPOSITE_1_USER").getId(), token.getSubject()); - - Assert.assertEquals(2, token.getRealmAccess().getRoles().size()); - Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_COMPOSITE_1")); - Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1")); - - AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password"); - Assert.assertEquals(200, refreshResponse.getStatusCode()); - } - - @Test - public void testRealmOnlyWithUserCompositeAppRole() throws Exception { - oauth.realm("test"); - oauth.realmPublicKey(realmPublicKey); - oauth.clientId("REALM_ROLE_1_APPLICATION"); - oauth.doLogin("REALM_COMPOSITE_1_USER", "password"); - - String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); - AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password"); - - Assert.assertEquals(200, response.getStatusCode()); - - Assert.assertEquals("bearer", response.getTokenType()); - - AccessToken token = oauth.verifyToken(response.getAccessToken()); - - Assert.assertEquals(keycloakRule.getUser("test", "REALM_COMPOSITE_1_USER").getId(), token.getSubject()); - - Assert.assertEquals(1, token.getRealmAccess().getRoles().size()); - Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1")); - - AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password"); - Assert.assertEquals(200, refreshResponse.getStatusCode()); - } - - @Test - public void testRealmOnlyWithUserRoleAppComposite() throws Exception { - oauth.realm("test"); - oauth.realmPublicKey(realmPublicKey); - oauth.clientId("REALM_COMPOSITE_1_APPLICATION"); - oauth.doLogin("REALM_ROLE_1_USER", "password"); - - String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); - AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password"); - - Assert.assertEquals(200, response.getStatusCode()); - - Assert.assertEquals("bearer", response.getTokenType()); - - AccessToken token = oauth.verifyToken(response.getAccessToken()); - - Assert.assertEquals(keycloakRule.getUser("test", "REALM_ROLE_1_USER").getId(), token.getSubject()); - - Assert.assertEquals(1, token.getRealmAccess().getRoles().size()); - Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1")); - - AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password"); - Assert.assertEquals(200, refreshResponse.getStatusCode()); - } - -} +/* + * JBoss, Home of Professional Open Source. + * Copyright 2012, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.keycloak.testsuite.composites; + +import org.junit.Assert; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; +import org.keycloak.OAuth2Constants; +import org.keycloak.enums.SslRequired; +import org.keycloak.models.ClientModel; +import org.keycloak.models.KeycloakSession; +import org.keycloak.models.RealmModel; +import org.keycloak.models.RoleModel; +import org.keycloak.models.UserCredentialModel; +import org.keycloak.models.UserModel; +import org.keycloak.models.utils.KeycloakModelUtils; +import org.keycloak.representations.AccessToken; +import org.keycloak.services.managers.ClientManager; +import org.keycloak.services.managers.RealmManager; +import org.keycloak.testsuite.ApplicationServlet; +import org.keycloak.testsuite.OAuthClient; +import org.keycloak.testsuite.OAuthClient.AccessTokenResponse; +import org.keycloak.testsuite.pages.LoginPage; +import org.keycloak.testsuite.rule.AbstractKeycloakRule; +import org.keycloak.testsuite.rule.WebResource; +import org.keycloak.testsuite.rule.WebRule; +import org.openqa.selenium.WebDriver; + +import java.security.PublicKey; + +/** + * @author Stian Thorgersen + */ +public class CompositeRoleTest { + + public static PublicKey realmPublicKey; + @ClassRule + public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule(){ + @Override + protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) { + RealmModel realm = manager.createRealm("test"); + KeycloakModelUtils.generateRealmKeys(realm); + realmPublicKey = realm.getPublicKey(); + realm.setSsoSessionIdleTimeout(3000); + realm.setAccessTokenLifespan(10000); + realm.setSsoSessionMaxLifespan(10000); + realm.setAccessCodeLifespanUserAction(1000); + realm.setAccessCodeLifespan(1000); + realm.setSslRequired(SslRequired.EXTERNAL); + realm.setEnabled(true); + realm.addRequiredCredential(UserCredentialModel.PASSWORD); + final RoleModel realmRole1 = realm.addRole("REALM_ROLE_1"); + final RoleModel realmRole2 = realm.addRole("REALM_ROLE_2"); + final RoleModel realmRole3 = realm.addRole("REALM_ROLE_3"); + final RoleModel realmComposite1 = realm.addRole("REALM_COMPOSITE_1"); + realmComposite1.addCompositeRole(realmRole1); + + final UserModel realmComposite1User = session.users().addUser(realm, "REALM_COMPOSITE_1_USER"); + realmComposite1User.setEnabled(true); + realmComposite1User.updateCredential(UserCredentialModel.password("password")); + realmComposite1User.grantRole(realmComposite1); + + final UserModel realmRole1User = session.users().addUser(realm, "REALM_ROLE_1_USER"); + realmRole1User.setEnabled(true); + realmRole1User.updateCredential(UserCredentialModel.password("password")); + realmRole1User.grantRole(realmRole1); + + final ClientModel realmComposite1Application = new ClientManager(manager).createClient(realm, "REALM_COMPOSITE_1_APPLICATION"); + realmComposite1Application.setFullScopeAllowed(false); + realmComposite1Application.setEnabled(true); + realmComposite1Application.addScopeMapping(realmComposite1); + realmComposite1Application.addRedirectUri("http://localhost:8081/app/*"); + realmComposite1Application.setBaseUrl("http://localhost:8081/app"); + realmComposite1Application.setManagementUrl("http://localhost:8081/app/logout"); + realmComposite1Application.setSecret("password"); + + final ClientModel realmRole1Application = new ClientManager(manager).createClient(realm, "REALM_ROLE_1_APPLICATION"); + realmRole1Application.setFullScopeAllowed(false); + realmRole1Application.setEnabled(true); + realmRole1Application.addScopeMapping(realmRole1); + realmRole1Application.addRedirectUri("http://localhost:8081/app/*"); + realmRole1Application.setBaseUrl("http://localhost:8081/app"); + realmRole1Application.setManagementUrl("http://localhost:8081/app/logout"); + realmRole1Application.setSecret("password"); + + + final ClientModel appRoleApplication = new ClientManager(manager).createClient(realm, "APP_ROLE_APPLICATION"); + appRoleApplication.setFullScopeAllowed(false); + appRoleApplication.setEnabled(true); + appRoleApplication.addRedirectUri("http://localhost:8081/app/*"); + appRoleApplication.setBaseUrl("http://localhost:8081/app"); + appRoleApplication.setManagementUrl("http://localhost:8081/app/logout"); + appRoleApplication.setSecret("password"); + final RoleModel appRole1 = appRoleApplication.addRole("APP_ROLE_1"); + final RoleModel appRole2 = appRoleApplication.addRole("APP_ROLE_2"); + + final RoleModel realmAppCompositeRole = realm.addRole("REALM_APP_COMPOSITE_ROLE"); + realmAppCompositeRole.addCompositeRole(appRole1); + + final UserModel realmAppCompositeUser = session.users().addUser(realm, "REALM_APP_COMPOSITE_USER"); + realmAppCompositeUser.setEnabled(true); + realmAppCompositeUser.updateCredential(UserCredentialModel.password("password")); + realmAppCompositeUser.grantRole(realmAppCompositeRole); + + final UserModel realmAppRoleUser = session.users().addUser(realm, "REALM_APP_ROLE_USER"); + realmAppRoleUser.setEnabled(true); + realmAppRoleUser.updateCredential(UserCredentialModel.password("password")); + realmAppRoleUser.grantRole(appRole2); + + final ClientModel appCompositeApplication = new ClientManager(manager).createClient(realm, "APP_COMPOSITE_APPLICATION"); + appCompositeApplication.setFullScopeAllowed(false); + appCompositeApplication.setEnabled(true); + appCompositeApplication.addRedirectUri("http://localhost:8081/app/*"); + appCompositeApplication.setBaseUrl("http://localhost:8081/app"); + appCompositeApplication.setManagementUrl("http://localhost:8081/app/logout"); + appCompositeApplication.setSecret("password"); + final RoleModel appCompositeRole = appCompositeApplication.addRole("APP_COMPOSITE_ROLE"); + appCompositeApplication.addScopeMapping(appRole2); + appCompositeRole.addCompositeRole(realmRole1); + appCompositeRole.addCompositeRole(realmRole2); + appCompositeRole.addCompositeRole(realmRole3); + appCompositeRole.addCompositeRole(appRole1); + + final UserModel appCompositeUser = session.users().addUser(realm, "APP_COMPOSITE_USER"); + appCompositeUser.setEnabled(true); + appCompositeUser.updateCredential(UserCredentialModel.password("password")); + appCompositeUser.grantRole(realmAppCompositeRole); + appCompositeUser.grantRole(realmComposite1); + + deployServlet("app", "/app", ApplicationServlet.class); + + } + }; + + @Rule + public WebRule webRule = new WebRule(this); + + @WebResource + protected WebDriver driver; + + @WebResource + protected OAuthClient oauth; + + @WebResource + protected LoginPage loginPage; + + @Test + public void testAppCompositeUser() throws Exception { + oauth.realm("test"); + oauth.realmPublicKey(realmPublicKey); + oauth.clientId("APP_COMPOSITE_APPLICATION"); + oauth.doLogin("APP_COMPOSITE_USER", "password"); + + String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); + AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password"); + + Assert.assertEquals(200, response.getStatusCode()); + + Assert.assertEquals("bearer", response.getTokenType()); + + AccessToken token = oauth.verifyToken(response.getAccessToken()); + + Assert.assertEquals(keycloakRule.getUser("test", "APP_COMPOSITE_USER").getId(), token.getSubject()); + + Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size()); + Assert.assertEquals(1, token.getRealmAccess().getRoles().size()); + Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1")); + Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1")); + + AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password"); + Assert.assertEquals(200, refreshResponse.getStatusCode()); + } + + + @Test + public void testRealmAppCompositeUser() throws Exception { + oauth.realm("test"); + oauth.realmPublicKey(realmPublicKey); + oauth.clientId("APP_ROLE_APPLICATION"); + oauth.doLogin("REALM_APP_COMPOSITE_USER", "password"); + + String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); + AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password"); + + Assert.assertEquals(200, response.getStatusCode()); + + Assert.assertEquals("bearer", response.getTokenType()); + + AccessToken token = oauth.verifyToken(response.getAccessToken()); + + Assert.assertEquals(keycloakRule.getUser("test", "REALM_APP_COMPOSITE_USER").getId(), token.getSubject()); + + Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size()); + Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1")); + + AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password"); + Assert.assertEquals(200, refreshResponse.getStatusCode()); + } + + @Test + public void testRealmOnlyWithUserCompositeAppComposite() throws Exception { + oauth.realm("test"); + oauth.realmPublicKey(realmPublicKey); + oauth.clientId("REALM_COMPOSITE_1_APPLICATION"); + oauth.doLogin("REALM_COMPOSITE_1_USER", "password"); + + String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); + AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password"); + + Assert.assertEquals(200, response.getStatusCode()); + + Assert.assertEquals("bearer", response.getTokenType()); + + AccessToken token = oauth.verifyToken(response.getAccessToken()); + + Assert.assertEquals(keycloakRule.getUser("test", "REALM_COMPOSITE_1_USER").getId(), token.getSubject()); + + Assert.assertEquals(2, token.getRealmAccess().getRoles().size()); + Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_COMPOSITE_1")); + Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1")); + + AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password"); + Assert.assertEquals(200, refreshResponse.getStatusCode()); + } + + @Test + public void testRealmOnlyWithUserCompositeAppRole() throws Exception { + oauth.realm("test"); + oauth.realmPublicKey(realmPublicKey); + oauth.clientId("REALM_ROLE_1_APPLICATION"); + oauth.doLogin("REALM_COMPOSITE_1_USER", "password"); + + String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); + AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password"); + + Assert.assertEquals(200, response.getStatusCode()); + + Assert.assertEquals("bearer", response.getTokenType()); + + AccessToken token = oauth.verifyToken(response.getAccessToken()); + + Assert.assertEquals(keycloakRule.getUser("test", "REALM_COMPOSITE_1_USER").getId(), token.getSubject()); + + Assert.assertEquals(1, token.getRealmAccess().getRoles().size()); + Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1")); + + AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password"); + Assert.assertEquals(200, refreshResponse.getStatusCode()); + } + + @Test + public void testRealmOnlyWithUserRoleAppComposite() throws Exception { + oauth.realm("test"); + oauth.realmPublicKey(realmPublicKey); + oauth.clientId("REALM_COMPOSITE_1_APPLICATION"); + oauth.doLogin("REALM_ROLE_1_USER", "password"); + + String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); + AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password"); + + Assert.assertEquals(200, response.getStatusCode()); + + Assert.assertEquals("bearer", response.getTokenType()); + + AccessToken token = oauth.verifyToken(response.getAccessToken()); + + Assert.assertEquals(keycloakRule.getUser("test", "REALM_ROLE_1_USER").getId(), token.getSubject()); + + Assert.assertEquals(1, token.getRealmAccess().getRoles().size()); + Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1")); + + AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password"); + Assert.assertEquals(200, refreshResponse.getStatusCode()); + } + +}