Fix CRLF with LF
This commit is contained in:
parent
27ac253098
commit
66a2b916f2
4 changed files with 650 additions and 650 deletions
|
@ -1,73 +1,73 @@
|
||||||
package org.keycloak.representations.idm;
|
package org.keycloak.representations.idm;
|
||||||
|
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class RequiredActionProviderRepresentation {
|
public class RequiredActionProviderRepresentation {
|
||||||
|
|
||||||
private String alias;
|
private String alias;
|
||||||
private String name;
|
private String name;
|
||||||
private String providerId;
|
private String providerId;
|
||||||
private boolean enabled;
|
private boolean enabled;
|
||||||
private boolean defaultAction;
|
private boolean defaultAction;
|
||||||
private Map<String, String> config = new HashMap<String, String>();
|
private Map<String, String> config = new HashMap<String, String>();
|
||||||
|
|
||||||
|
|
||||||
public String getAlias() {
|
public String getAlias() {
|
||||||
return alias;
|
return alias;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setAlias(String alias) {
|
public void setAlias(String alias) {
|
||||||
this.alias = alias;
|
this.alias = alias;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Used for display purposes. Probably should clean this code up and make alias and name the same, but
|
* Used for display purposes. Probably should clean this code up and make alias and name the same, but
|
||||||
* the old code references an Enum and the admin console creates a "friendly" name for each enum.
|
* the old code references an Enum and the admin console creates a "friendly" name for each enum.
|
||||||
*
|
*
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
public String getName() {
|
public String getName() {
|
||||||
return name;
|
return name;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setName(String name) {
|
public void setName(String name) {
|
||||||
this.name = name;
|
this.name = name;
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isEnabled() {
|
public boolean isEnabled() {
|
||||||
return enabled;
|
return enabled;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setEnabled(boolean enabled) {
|
public void setEnabled(boolean enabled) {
|
||||||
this.enabled = enabled;
|
this.enabled = enabled;
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isDefaultAction() {
|
public boolean isDefaultAction() {
|
||||||
return defaultAction;
|
return defaultAction;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setDefaultAction(boolean defaultAction) {
|
public void setDefaultAction(boolean defaultAction) {
|
||||||
this.defaultAction = defaultAction;
|
this.defaultAction = defaultAction;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getProviderId() {
|
public String getProviderId() {
|
||||||
return providerId;
|
return providerId;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setProviderId(String providerId) {
|
public void setProviderId(String providerId) {
|
||||||
this.providerId = providerId;
|
this.providerId = providerId;
|
||||||
}
|
}
|
||||||
|
|
||||||
public Map<String, String> getConfig() {
|
public Map<String, String> getConfig() {
|
||||||
return config;
|
return config;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setConfig(Map<String, String> config) {
|
public void setConfig(Map<String, String> config) {
|
||||||
this.config = config;
|
this.config = config;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,58 +1,58 @@
|
||||||
package org.keycloak.utils;
|
package org.keycloak.utils;
|
||||||
|
|
||||||
import org.keycloak.authentication.Authenticator;
|
import org.keycloak.authentication.Authenticator;
|
||||||
import org.keycloak.authentication.AuthenticatorFactory;
|
import org.keycloak.authentication.AuthenticatorFactory;
|
||||||
import org.keycloak.authentication.ConfigurableAuthenticatorFactory;
|
import org.keycloak.authentication.ConfigurableAuthenticatorFactory;
|
||||||
import org.keycloak.authentication.FormAction;
|
import org.keycloak.authentication.FormAction;
|
||||||
import org.keycloak.authentication.FormActionFactory;
|
import org.keycloak.authentication.FormActionFactory;
|
||||||
import org.keycloak.authentication.authenticators.OTPFormAuthenticatorFactory;
|
import org.keycloak.authentication.authenticators.OTPFormAuthenticatorFactory;
|
||||||
import org.keycloak.authentication.authenticators.SpnegoAuthenticatorFactory;
|
import org.keycloak.authentication.authenticators.SpnegoAuthenticatorFactory;
|
||||||
import org.keycloak.authentication.authenticators.UsernamePasswordFormFactory;
|
import org.keycloak.authentication.authenticators.UsernamePasswordFormFactory;
|
||||||
import org.keycloak.models.AuthenticationExecutionModel;
|
import org.keycloak.models.AuthenticationExecutionModel;
|
||||||
import org.keycloak.models.AuthenticationFlowModel;
|
import org.keycloak.models.AuthenticationFlowModel;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserCredentialModel;
|
import org.keycloak.models.UserCredentialModel;
|
||||||
import org.keycloak.models.utils.DefaultAuthenticationFlows;
|
import org.keycloak.models.utils.DefaultAuthenticationFlows;
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* used to set an execution a state based on type.
|
* used to set an execution a state based on type.
|
||||||
*
|
*
|
||||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class CredentialHelper {
|
public class CredentialHelper {
|
||||||
|
|
||||||
public static void setRequiredCredential(KeycloakSession session, String type, RealmModel realm) {
|
public static void setRequiredCredential(KeycloakSession session, String type, RealmModel realm) {
|
||||||
AuthenticationExecutionModel.Requirement requirement = AuthenticationExecutionModel.Requirement.REQUIRED;
|
AuthenticationExecutionModel.Requirement requirement = AuthenticationExecutionModel.Requirement.REQUIRED;
|
||||||
authenticationRequirement(session, realm, type, requirement);
|
authenticationRequirement(session, realm, type, requirement);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void setAlternativeCredential(KeycloakSession session, String type, RealmModel realm) {
|
public static void setAlternativeCredential(KeycloakSession session, String type, RealmModel realm) {
|
||||||
AuthenticationExecutionModel.Requirement requirement = AuthenticationExecutionModel.Requirement.ALTERNATIVE;
|
AuthenticationExecutionModel.Requirement requirement = AuthenticationExecutionModel.Requirement.ALTERNATIVE;
|
||||||
authenticationRequirement(session, realm, type, requirement);
|
authenticationRequirement(session, realm, type, requirement);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void authenticationRequirement(KeycloakSession session, RealmModel realm, String type, AuthenticationExecutionModel.Requirement requirement) {
|
public static void authenticationRequirement(KeycloakSession session, RealmModel realm, String type, AuthenticationExecutionModel.Requirement requirement) {
|
||||||
for (AuthenticationFlowModel flow : realm.getAuthenticationFlows()) {
|
for (AuthenticationFlowModel flow : realm.getAuthenticationFlows()) {
|
||||||
for (AuthenticationExecutionModel execution : realm.getAuthenticationExecutions(flow.getId())) {
|
for (AuthenticationExecutionModel execution : realm.getAuthenticationExecutions(flow.getId())) {
|
||||||
String providerId = execution.getAuthenticator();
|
String providerId = execution.getAuthenticator();
|
||||||
ConfigurableAuthenticatorFactory factory = getConfigurableAuthenticatorFactory(session, providerId);
|
ConfigurableAuthenticatorFactory factory = getConfigurableAuthenticatorFactory(session, providerId);
|
||||||
if (factory == null) continue;
|
if (factory == null) continue;
|
||||||
if (type.equals(factory.getReferenceCategory())) {
|
if (type.equals(factory.getReferenceCategory())) {
|
||||||
execution.setRequirement(requirement);
|
execution.setRequirement(requirement);
|
||||||
realm.updateAuthenticatorExecution(execution);
|
realm.updateAuthenticatorExecution(execution);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static ConfigurableAuthenticatorFactory getConfigurableAuthenticatorFactory(KeycloakSession session, String providerId) {
|
public static ConfigurableAuthenticatorFactory getConfigurableAuthenticatorFactory(KeycloakSession session, String providerId) {
|
||||||
ConfigurableAuthenticatorFactory factory = (AuthenticatorFactory)session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, providerId);
|
ConfigurableAuthenticatorFactory factory = (AuthenticatorFactory)session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, providerId);
|
||||||
if (factory == null) {
|
if (factory == null) {
|
||||||
factory = (FormActionFactory)session.getKeycloakSessionFactory().getProviderFactory(FormAction.class, providerId);
|
factory = (FormActionFactory)session.getKeycloakSessionFactory().getProviderFactory(FormAction.class, providerId);
|
||||||
}
|
}
|
||||||
return factory;
|
return factory;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,223 +1,223 @@
|
||||||
/*
|
/*
|
||||||
* JBoss, Home of Professional Open Source.
|
* JBoss, Home of Professional Open Source.
|
||||||
* Copyright 2012, Red Hat, Inc., and individual contributors
|
* Copyright 2012, Red Hat, Inc., and individual contributors
|
||||||
* as indicated by the @author tags. See the copyright.txt file in the
|
* as indicated by the @author tags. See the copyright.txt file in the
|
||||||
* distribution for a full listing of individual contributors.
|
* distribution for a full listing of individual contributors.
|
||||||
*
|
*
|
||||||
* This is free software; you can redistribute it and/or modify it
|
* This is free software; you can redistribute it and/or modify it
|
||||||
* under the terms of the GNU Lesser General Public License as
|
* under the terms of the GNU Lesser General Public License as
|
||||||
* published by the Free Software Foundation; either version 2.1 of
|
* published by the Free Software Foundation; either version 2.1 of
|
||||||
* the License, or (at your option) any later version.
|
* the License, or (at your option) any later version.
|
||||||
*
|
*
|
||||||
* This software is distributed in the hope that it will be useful,
|
* This software is distributed in the hope that it will be useful,
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
* Lesser General Public License for more details.
|
* Lesser General Public License for more details.
|
||||||
*
|
*
|
||||||
* You should have received a copy of the GNU Lesser General Public
|
* You should have received a copy of the GNU Lesser General Public
|
||||||
* License along with this software; if not, write to the Free
|
* License along with this software; if not, write to the Free
|
||||||
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
||||||
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
|
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
|
||||||
*/
|
*/
|
||||||
package org.keycloak.testsuite.actions;
|
package org.keycloak.testsuite.actions;
|
||||||
|
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
import org.junit.ClassRule;
|
import org.junit.ClassRule;
|
||||||
import org.junit.Rule;
|
import org.junit.Rule;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.authentication.requiredactions.UpdateTotp;
|
import org.keycloak.authentication.requiredactions.UpdateTotp;
|
||||||
import org.keycloak.events.Details;
|
import org.keycloak.events.Details;
|
||||||
import org.keycloak.events.Event;
|
import org.keycloak.events.Event;
|
||||||
import org.keycloak.events.EventType;
|
import org.keycloak.events.EventType;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.RequiredActionProviderModel;
|
import org.keycloak.models.RequiredActionProviderModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.utils.TimeBasedOTP;
|
import org.keycloak.models.utils.TimeBasedOTP;
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
import org.keycloak.testsuite.AssertEvents;
|
import org.keycloak.testsuite.AssertEvents;
|
||||||
import org.keycloak.testsuite.OAuthClient;
|
import org.keycloak.testsuite.OAuthClient;
|
||||||
import org.keycloak.testsuite.pages.AccountTotpPage;
|
import org.keycloak.testsuite.pages.AccountTotpPage;
|
||||||
import org.keycloak.testsuite.pages.AppPage;
|
import org.keycloak.testsuite.pages.AppPage;
|
||||||
import org.keycloak.testsuite.pages.AppPage.RequestType;
|
import org.keycloak.testsuite.pages.AppPage.RequestType;
|
||||||
import org.keycloak.testsuite.pages.LoginConfigTotpPage;
|
import org.keycloak.testsuite.pages.LoginConfigTotpPage;
|
||||||
import org.keycloak.testsuite.pages.LoginPage;
|
import org.keycloak.testsuite.pages.LoginPage;
|
||||||
import org.keycloak.testsuite.pages.LoginTotpPage;
|
import org.keycloak.testsuite.pages.LoginTotpPage;
|
||||||
import org.keycloak.testsuite.pages.RegisterPage;
|
import org.keycloak.testsuite.pages.RegisterPage;
|
||||||
import org.keycloak.testsuite.rule.KeycloakRule;
|
import org.keycloak.testsuite.rule.KeycloakRule;
|
||||||
import org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup;
|
import org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup;
|
||||||
import org.keycloak.testsuite.rule.WebResource;
|
import org.keycloak.testsuite.rule.WebResource;
|
||||||
import org.keycloak.testsuite.rule.WebRule;
|
import org.keycloak.testsuite.rule.WebRule;
|
||||||
import org.keycloak.utils.CredentialHelper;
|
import org.keycloak.utils.CredentialHelper;
|
||||||
import org.openqa.selenium.WebDriver;
|
import org.openqa.selenium.WebDriver;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
*/
|
*/
|
||||||
public class RequiredActionTotpSetupTest {
|
public class RequiredActionTotpSetupTest {
|
||||||
|
|
||||||
@ClassRule
|
@ClassRule
|
||||||
public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakSetup() {
|
public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakSetup() {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) {
|
public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) {
|
||||||
CredentialHelper.setRequiredCredential(manager.getSession(), CredentialRepresentation.TOTP, appRealm);
|
CredentialHelper.setRequiredCredential(manager.getSession(), CredentialRepresentation.TOTP, appRealm);
|
||||||
//appRealm.addRequiredCredential(CredentialRepresentation.TOTP);
|
//appRealm.addRequiredCredential(CredentialRepresentation.TOTP);
|
||||||
RequiredActionProviderModel requiredAction = appRealm.getRequiredActionProviderByAlias(UserModel.RequiredAction.CONFIGURE_TOTP.name());
|
RequiredActionProviderModel requiredAction = appRealm.getRequiredActionProviderByAlias(UserModel.RequiredAction.CONFIGURE_TOTP.name());
|
||||||
requiredAction.setDefaultAction(true);
|
requiredAction.setDefaultAction(true);
|
||||||
appRealm.updateRequiredActionProvider(requiredAction);
|
appRealm.updateRequiredActionProvider(requiredAction);
|
||||||
appRealm.setResetPasswordAllowed(true);
|
appRealm.setResetPasswordAllowed(true);
|
||||||
}
|
}
|
||||||
|
|
||||||
});
|
});
|
||||||
|
|
||||||
@Rule
|
@Rule
|
||||||
public AssertEvents events = new AssertEvents(keycloakRule);
|
public AssertEvents events = new AssertEvents(keycloakRule);
|
||||||
|
|
||||||
@Rule
|
@Rule
|
||||||
public WebRule webRule = new WebRule(this);
|
public WebRule webRule = new WebRule(this);
|
||||||
|
|
||||||
@WebResource
|
@WebResource
|
||||||
protected WebDriver driver;
|
protected WebDriver driver;
|
||||||
|
|
||||||
@WebResource
|
@WebResource
|
||||||
protected AppPage appPage;
|
protected AppPage appPage;
|
||||||
|
|
||||||
@WebResource
|
@WebResource
|
||||||
protected LoginPage loginPage;
|
protected LoginPage loginPage;
|
||||||
|
|
||||||
@WebResource
|
@WebResource
|
||||||
protected LoginTotpPage loginTotpPage;
|
protected LoginTotpPage loginTotpPage;
|
||||||
|
|
||||||
@WebResource
|
@WebResource
|
||||||
protected LoginConfigTotpPage totpPage;
|
protected LoginConfigTotpPage totpPage;
|
||||||
|
|
||||||
@WebResource
|
@WebResource
|
||||||
protected AccountTotpPage accountTotpPage;
|
protected AccountTotpPage accountTotpPage;
|
||||||
|
|
||||||
@WebResource
|
@WebResource
|
||||||
protected OAuthClient oauth;
|
protected OAuthClient oauth;
|
||||||
|
|
||||||
@WebResource
|
@WebResource
|
||||||
protected RegisterPage registerPage;
|
protected RegisterPage registerPage;
|
||||||
|
|
||||||
protected TimeBasedOTP totp = new TimeBasedOTP();
|
protected TimeBasedOTP totp = new TimeBasedOTP();
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void setupTotpRegister() {
|
public void setupTotpRegister() {
|
||||||
loginPage.open();
|
loginPage.open();
|
||||||
loginPage.clickRegister();
|
loginPage.clickRegister();
|
||||||
registerPage.register("firstName", "lastName", "email@mail.com", "setupTotp", "password", "password");
|
registerPage.register("firstName", "lastName", "email@mail.com", "setupTotp", "password", "password");
|
||||||
|
|
||||||
String userId = events.expectRegister("setupTotp", "email@mail.com").assertEvent().getUserId();
|
String userId = events.expectRegister("setupTotp", "email@mail.com").assertEvent().getUserId();
|
||||||
|
|
||||||
totpPage.assertCurrent();
|
totpPage.assertCurrent();
|
||||||
|
|
||||||
totpPage.configure(totp.generate(totpPage.getTotpSecret()));
|
totpPage.configure(totp.generate(totpPage.getTotpSecret()));
|
||||||
|
|
||||||
String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp").assertEvent().getSessionId();
|
String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp").assertEvent().getSessionId();
|
||||||
|
|
||||||
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
||||||
|
|
||||||
events.expectLogin().user(userId).session(sessionId).detail(Details.USERNAME, "setuptotp").assertEvent();
|
events.expectLogin().user(userId).session(sessionId).detail(Details.USERNAME, "setuptotp").assertEvent();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void setupTotpExisting() {
|
public void setupTotpExisting() {
|
||||||
loginPage.open();
|
loginPage.open();
|
||||||
loginPage.login("test-user@localhost", "password");
|
loginPage.login("test-user@localhost", "password");
|
||||||
|
|
||||||
totpPage.assertCurrent();
|
totpPage.assertCurrent();
|
||||||
|
|
||||||
String totpSecret = totpPage.getTotpSecret();
|
String totpSecret = totpPage.getTotpSecret();
|
||||||
|
|
||||||
totpPage.configure(totp.generate(totpSecret));
|
totpPage.configure(totp.generate(totpSecret));
|
||||||
|
|
||||||
String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).assertEvent().getSessionId();
|
String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).assertEvent().getSessionId();
|
||||||
|
|
||||||
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
||||||
|
|
||||||
Event loginEvent = events.expectLogin().session(sessionId).assertEvent();
|
Event loginEvent = events.expectLogin().session(sessionId).assertEvent();
|
||||||
|
|
||||||
oauth.openLogout();
|
oauth.openLogout();
|
||||||
|
|
||||||
events.expectLogout(loginEvent.getSessionId()).assertEvent();
|
events.expectLogout(loginEvent.getSessionId()).assertEvent();
|
||||||
|
|
||||||
loginPage.open();
|
loginPage.open();
|
||||||
loginPage.login("test-user@localhost", "password");
|
loginPage.login("test-user@localhost", "password");
|
||||||
String src = driver.getPageSource();
|
String src = driver.getPageSource();
|
||||||
loginTotpPage.login(totp.generate(totpSecret));
|
loginTotpPage.login(totp.generate(totpSecret));
|
||||||
|
|
||||||
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
||||||
|
|
||||||
events.expectLogin().assertEvent();
|
events.expectLogin().assertEvent();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void setupTotpRegisteredAfterTotpRemoval() {
|
public void setupTotpRegisteredAfterTotpRemoval() {
|
||||||
// Register new user
|
// Register new user
|
||||||
loginPage.open();
|
loginPage.open();
|
||||||
loginPage.clickRegister();
|
loginPage.clickRegister();
|
||||||
registerPage.register("firstName2", "lastName2", "email2@mail.com", "setupTotp2", "password2", "password2");
|
registerPage.register("firstName2", "lastName2", "email2@mail.com", "setupTotp2", "password2", "password2");
|
||||||
|
|
||||||
String userId = events.expectRegister("setupTotp2", "email2@mail.com").assertEvent().getUserId();
|
String userId = events.expectRegister("setupTotp2", "email2@mail.com").assertEvent().getUserId();
|
||||||
|
|
||||||
// Configure totp
|
// Configure totp
|
||||||
totpPage.assertCurrent();
|
totpPage.assertCurrent();
|
||||||
|
|
||||||
String totpCode = totpPage.getTotpSecret();
|
String totpCode = totpPage.getTotpSecret();
|
||||||
totpPage.configure(totp.generate(totpCode));
|
totpPage.configure(totp.generate(totpCode));
|
||||||
|
|
||||||
// After totp config, user should be on the app page
|
// After totp config, user should be on the app page
|
||||||
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
||||||
|
|
||||||
events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent();
|
events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent();
|
||||||
|
|
||||||
Event loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent();
|
Event loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent();
|
||||||
|
|
||||||
// Logout
|
// Logout
|
||||||
oauth.openLogout();
|
oauth.openLogout();
|
||||||
events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent();
|
events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent();
|
||||||
|
|
||||||
// Try to login after logout
|
// Try to login after logout
|
||||||
loginPage.open();
|
loginPage.open();
|
||||||
loginPage.login("setupTotp2", "password2");
|
loginPage.login("setupTotp2", "password2");
|
||||||
|
|
||||||
// Totp is already configured, thus one-time password is needed, login page should be loaded
|
// Totp is already configured, thus one-time password is needed, login page should be loaded
|
||||||
Assert.assertTrue(loginPage.isCurrent());
|
Assert.assertTrue(loginPage.isCurrent());
|
||||||
Assert.assertFalse(totpPage.isCurrent());
|
Assert.assertFalse(totpPage.isCurrent());
|
||||||
|
|
||||||
// Login with one-time password
|
// Login with one-time password
|
||||||
loginTotpPage.login(totp.generate(totpCode));
|
loginTotpPage.login(totp.generate(totpCode));
|
||||||
|
|
||||||
loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent();
|
loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent();
|
||||||
|
|
||||||
// Open account page
|
// Open account page
|
||||||
accountTotpPage.open();
|
accountTotpPage.open();
|
||||||
accountTotpPage.assertCurrent();
|
accountTotpPage.assertCurrent();
|
||||||
|
|
||||||
// Remove google authentificator
|
// Remove google authentificator
|
||||||
accountTotpPage.removeTotp();
|
accountTotpPage.removeTotp();
|
||||||
|
|
||||||
events.expectAccount(EventType.REMOVE_TOTP).user(userId).assertEvent();
|
events.expectAccount(EventType.REMOVE_TOTP).user(userId).assertEvent();
|
||||||
|
|
||||||
// Logout
|
// Logout
|
||||||
oauth.openLogout();
|
oauth.openLogout();
|
||||||
events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent();
|
events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent();
|
||||||
|
|
||||||
// Try to login
|
// Try to login
|
||||||
loginPage.open();
|
loginPage.open();
|
||||||
loginPage.login("setupTotp2", "password2");
|
loginPage.login("setupTotp2", "password2");
|
||||||
|
|
||||||
// Since the authentificator was removed, it has to be set up again
|
// Since the authentificator was removed, it has to be set up again
|
||||||
totpPage.assertCurrent();
|
totpPage.assertCurrent();
|
||||||
totpPage.configure(totp.generate(totpPage.getTotpSecret()));
|
totpPage.configure(totp.generate(totpPage.getTotpSecret()));
|
||||||
|
|
||||||
String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent().getSessionId();
|
String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent().getSessionId();
|
||||||
|
|
||||||
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
||||||
|
|
||||||
events.expectLogin().user(userId).session(sessionId).detail(Details.USERNAME, "setuptotp2").assertEvent();
|
events.expectLogin().user(userId).session(sessionId).detail(Details.USERNAME, "setuptotp2").assertEvent();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,296 +1,296 @@
|
||||||
/*
|
/*
|
||||||
* JBoss, Home of Professional Open Source.
|
* JBoss, Home of Professional Open Source.
|
||||||
* Copyright 2012, Red Hat, Inc., and individual contributors
|
* Copyright 2012, Red Hat, Inc., and individual contributors
|
||||||
* as indicated by the @author tags. See the copyright.txt file in the
|
* as indicated by the @author tags. See the copyright.txt file in the
|
||||||
* distribution for a full listing of individual contributors.
|
* distribution for a full listing of individual contributors.
|
||||||
*
|
*
|
||||||
* This is free software; you can redistribute it and/or modify it
|
* This is free software; you can redistribute it and/or modify it
|
||||||
* under the terms of the GNU Lesser General Public License as
|
* under the terms of the GNU Lesser General Public License as
|
||||||
* published by the Free Software Foundation; either version 2.1 of
|
* published by the Free Software Foundation; either version 2.1 of
|
||||||
* the License, or (at your option) any later version.
|
* the License, or (at your option) any later version.
|
||||||
*
|
*
|
||||||
* This software is distributed in the hope that it will be useful,
|
* This software is distributed in the hope that it will be useful,
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
* Lesser General Public License for more details.
|
* Lesser General Public License for more details.
|
||||||
*
|
*
|
||||||
* You should have received a copy of the GNU Lesser General Public
|
* You should have received a copy of the GNU Lesser General Public
|
||||||
* License along with this software; if not, write to the Free
|
* License along with this software; if not, write to the Free
|
||||||
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
||||||
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
|
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
|
||||||
*/
|
*/
|
||||||
package org.keycloak.testsuite.composites;
|
package org.keycloak.testsuite.composites;
|
||||||
|
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
import org.junit.ClassRule;
|
import org.junit.ClassRule;
|
||||||
import org.junit.Rule;
|
import org.junit.Rule;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
import org.keycloak.enums.SslRequired;
|
import org.keycloak.enums.SslRequired;
|
||||||
import org.keycloak.models.ClientModel;
|
import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.RoleModel;
|
import org.keycloak.models.RoleModel;
|
||||||
import org.keycloak.models.UserCredentialModel;
|
import org.keycloak.models.UserCredentialModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
import org.keycloak.representations.AccessToken;
|
import org.keycloak.representations.AccessToken;
|
||||||
import org.keycloak.services.managers.ClientManager;
|
import org.keycloak.services.managers.ClientManager;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
import org.keycloak.testsuite.ApplicationServlet;
|
import org.keycloak.testsuite.ApplicationServlet;
|
||||||
import org.keycloak.testsuite.OAuthClient;
|
import org.keycloak.testsuite.OAuthClient;
|
||||||
import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
|
import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
|
||||||
import org.keycloak.testsuite.pages.LoginPage;
|
import org.keycloak.testsuite.pages.LoginPage;
|
||||||
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
|
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
|
||||||
import org.keycloak.testsuite.rule.WebResource;
|
import org.keycloak.testsuite.rule.WebResource;
|
||||||
import org.keycloak.testsuite.rule.WebRule;
|
import org.keycloak.testsuite.rule.WebRule;
|
||||||
import org.openqa.selenium.WebDriver;
|
import org.openqa.selenium.WebDriver;
|
||||||
|
|
||||||
import java.security.PublicKey;
|
import java.security.PublicKey;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
*/
|
*/
|
||||||
public class CompositeRoleTest {
|
public class CompositeRoleTest {
|
||||||
|
|
||||||
public static PublicKey realmPublicKey;
|
public static PublicKey realmPublicKey;
|
||||||
@ClassRule
|
@ClassRule
|
||||||
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule(){
|
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule(){
|
||||||
@Override
|
@Override
|
||||||
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
||||||
RealmModel realm = manager.createRealm("test");
|
RealmModel realm = manager.createRealm("test");
|
||||||
KeycloakModelUtils.generateRealmKeys(realm);
|
KeycloakModelUtils.generateRealmKeys(realm);
|
||||||
realmPublicKey = realm.getPublicKey();
|
realmPublicKey = realm.getPublicKey();
|
||||||
realm.setSsoSessionIdleTimeout(3000);
|
realm.setSsoSessionIdleTimeout(3000);
|
||||||
realm.setAccessTokenLifespan(10000);
|
realm.setAccessTokenLifespan(10000);
|
||||||
realm.setSsoSessionMaxLifespan(10000);
|
realm.setSsoSessionMaxLifespan(10000);
|
||||||
realm.setAccessCodeLifespanUserAction(1000);
|
realm.setAccessCodeLifespanUserAction(1000);
|
||||||
realm.setAccessCodeLifespan(1000);
|
realm.setAccessCodeLifespan(1000);
|
||||||
realm.setSslRequired(SslRequired.EXTERNAL);
|
realm.setSslRequired(SslRequired.EXTERNAL);
|
||||||
realm.setEnabled(true);
|
realm.setEnabled(true);
|
||||||
realm.addRequiredCredential(UserCredentialModel.PASSWORD);
|
realm.addRequiredCredential(UserCredentialModel.PASSWORD);
|
||||||
final RoleModel realmRole1 = realm.addRole("REALM_ROLE_1");
|
final RoleModel realmRole1 = realm.addRole("REALM_ROLE_1");
|
||||||
final RoleModel realmRole2 = realm.addRole("REALM_ROLE_2");
|
final RoleModel realmRole2 = realm.addRole("REALM_ROLE_2");
|
||||||
final RoleModel realmRole3 = realm.addRole("REALM_ROLE_3");
|
final RoleModel realmRole3 = realm.addRole("REALM_ROLE_3");
|
||||||
final RoleModel realmComposite1 = realm.addRole("REALM_COMPOSITE_1");
|
final RoleModel realmComposite1 = realm.addRole("REALM_COMPOSITE_1");
|
||||||
realmComposite1.addCompositeRole(realmRole1);
|
realmComposite1.addCompositeRole(realmRole1);
|
||||||
|
|
||||||
final UserModel realmComposite1User = session.users().addUser(realm, "REALM_COMPOSITE_1_USER");
|
final UserModel realmComposite1User = session.users().addUser(realm, "REALM_COMPOSITE_1_USER");
|
||||||
realmComposite1User.setEnabled(true);
|
realmComposite1User.setEnabled(true);
|
||||||
realmComposite1User.updateCredential(UserCredentialModel.password("password"));
|
realmComposite1User.updateCredential(UserCredentialModel.password("password"));
|
||||||
realmComposite1User.grantRole(realmComposite1);
|
realmComposite1User.grantRole(realmComposite1);
|
||||||
|
|
||||||
final UserModel realmRole1User = session.users().addUser(realm, "REALM_ROLE_1_USER");
|
final UserModel realmRole1User = session.users().addUser(realm, "REALM_ROLE_1_USER");
|
||||||
realmRole1User.setEnabled(true);
|
realmRole1User.setEnabled(true);
|
||||||
realmRole1User.updateCredential(UserCredentialModel.password("password"));
|
realmRole1User.updateCredential(UserCredentialModel.password("password"));
|
||||||
realmRole1User.grantRole(realmRole1);
|
realmRole1User.grantRole(realmRole1);
|
||||||
|
|
||||||
final ClientModel realmComposite1Application = new ClientManager(manager).createClient(realm, "REALM_COMPOSITE_1_APPLICATION");
|
final ClientModel realmComposite1Application = new ClientManager(manager).createClient(realm, "REALM_COMPOSITE_1_APPLICATION");
|
||||||
realmComposite1Application.setFullScopeAllowed(false);
|
realmComposite1Application.setFullScopeAllowed(false);
|
||||||
realmComposite1Application.setEnabled(true);
|
realmComposite1Application.setEnabled(true);
|
||||||
realmComposite1Application.addScopeMapping(realmComposite1);
|
realmComposite1Application.addScopeMapping(realmComposite1);
|
||||||
realmComposite1Application.addRedirectUri("http://localhost:8081/app/*");
|
realmComposite1Application.addRedirectUri("http://localhost:8081/app/*");
|
||||||
realmComposite1Application.setBaseUrl("http://localhost:8081/app");
|
realmComposite1Application.setBaseUrl("http://localhost:8081/app");
|
||||||
realmComposite1Application.setManagementUrl("http://localhost:8081/app/logout");
|
realmComposite1Application.setManagementUrl("http://localhost:8081/app/logout");
|
||||||
realmComposite1Application.setSecret("password");
|
realmComposite1Application.setSecret("password");
|
||||||
|
|
||||||
final ClientModel realmRole1Application = new ClientManager(manager).createClient(realm, "REALM_ROLE_1_APPLICATION");
|
final ClientModel realmRole1Application = new ClientManager(manager).createClient(realm, "REALM_ROLE_1_APPLICATION");
|
||||||
realmRole1Application.setFullScopeAllowed(false);
|
realmRole1Application.setFullScopeAllowed(false);
|
||||||
realmRole1Application.setEnabled(true);
|
realmRole1Application.setEnabled(true);
|
||||||
realmRole1Application.addScopeMapping(realmRole1);
|
realmRole1Application.addScopeMapping(realmRole1);
|
||||||
realmRole1Application.addRedirectUri("http://localhost:8081/app/*");
|
realmRole1Application.addRedirectUri("http://localhost:8081/app/*");
|
||||||
realmRole1Application.setBaseUrl("http://localhost:8081/app");
|
realmRole1Application.setBaseUrl("http://localhost:8081/app");
|
||||||
realmRole1Application.setManagementUrl("http://localhost:8081/app/logout");
|
realmRole1Application.setManagementUrl("http://localhost:8081/app/logout");
|
||||||
realmRole1Application.setSecret("password");
|
realmRole1Application.setSecret("password");
|
||||||
|
|
||||||
|
|
||||||
final ClientModel appRoleApplication = new ClientManager(manager).createClient(realm, "APP_ROLE_APPLICATION");
|
final ClientModel appRoleApplication = new ClientManager(manager).createClient(realm, "APP_ROLE_APPLICATION");
|
||||||
appRoleApplication.setFullScopeAllowed(false);
|
appRoleApplication.setFullScopeAllowed(false);
|
||||||
appRoleApplication.setEnabled(true);
|
appRoleApplication.setEnabled(true);
|
||||||
appRoleApplication.addRedirectUri("http://localhost:8081/app/*");
|
appRoleApplication.addRedirectUri("http://localhost:8081/app/*");
|
||||||
appRoleApplication.setBaseUrl("http://localhost:8081/app");
|
appRoleApplication.setBaseUrl("http://localhost:8081/app");
|
||||||
appRoleApplication.setManagementUrl("http://localhost:8081/app/logout");
|
appRoleApplication.setManagementUrl("http://localhost:8081/app/logout");
|
||||||
appRoleApplication.setSecret("password");
|
appRoleApplication.setSecret("password");
|
||||||
final RoleModel appRole1 = appRoleApplication.addRole("APP_ROLE_1");
|
final RoleModel appRole1 = appRoleApplication.addRole("APP_ROLE_1");
|
||||||
final RoleModel appRole2 = appRoleApplication.addRole("APP_ROLE_2");
|
final RoleModel appRole2 = appRoleApplication.addRole("APP_ROLE_2");
|
||||||
|
|
||||||
final RoleModel realmAppCompositeRole = realm.addRole("REALM_APP_COMPOSITE_ROLE");
|
final RoleModel realmAppCompositeRole = realm.addRole("REALM_APP_COMPOSITE_ROLE");
|
||||||
realmAppCompositeRole.addCompositeRole(appRole1);
|
realmAppCompositeRole.addCompositeRole(appRole1);
|
||||||
|
|
||||||
final UserModel realmAppCompositeUser = session.users().addUser(realm, "REALM_APP_COMPOSITE_USER");
|
final UserModel realmAppCompositeUser = session.users().addUser(realm, "REALM_APP_COMPOSITE_USER");
|
||||||
realmAppCompositeUser.setEnabled(true);
|
realmAppCompositeUser.setEnabled(true);
|
||||||
realmAppCompositeUser.updateCredential(UserCredentialModel.password("password"));
|
realmAppCompositeUser.updateCredential(UserCredentialModel.password("password"));
|
||||||
realmAppCompositeUser.grantRole(realmAppCompositeRole);
|
realmAppCompositeUser.grantRole(realmAppCompositeRole);
|
||||||
|
|
||||||
final UserModel realmAppRoleUser = session.users().addUser(realm, "REALM_APP_ROLE_USER");
|
final UserModel realmAppRoleUser = session.users().addUser(realm, "REALM_APP_ROLE_USER");
|
||||||
realmAppRoleUser.setEnabled(true);
|
realmAppRoleUser.setEnabled(true);
|
||||||
realmAppRoleUser.updateCredential(UserCredentialModel.password("password"));
|
realmAppRoleUser.updateCredential(UserCredentialModel.password("password"));
|
||||||
realmAppRoleUser.grantRole(appRole2);
|
realmAppRoleUser.grantRole(appRole2);
|
||||||
|
|
||||||
final ClientModel appCompositeApplication = new ClientManager(manager).createClient(realm, "APP_COMPOSITE_APPLICATION");
|
final ClientModel appCompositeApplication = new ClientManager(manager).createClient(realm, "APP_COMPOSITE_APPLICATION");
|
||||||
appCompositeApplication.setFullScopeAllowed(false);
|
appCompositeApplication.setFullScopeAllowed(false);
|
||||||
appCompositeApplication.setEnabled(true);
|
appCompositeApplication.setEnabled(true);
|
||||||
appCompositeApplication.addRedirectUri("http://localhost:8081/app/*");
|
appCompositeApplication.addRedirectUri("http://localhost:8081/app/*");
|
||||||
appCompositeApplication.setBaseUrl("http://localhost:8081/app");
|
appCompositeApplication.setBaseUrl("http://localhost:8081/app");
|
||||||
appCompositeApplication.setManagementUrl("http://localhost:8081/app/logout");
|
appCompositeApplication.setManagementUrl("http://localhost:8081/app/logout");
|
||||||
appCompositeApplication.setSecret("password");
|
appCompositeApplication.setSecret("password");
|
||||||
final RoleModel appCompositeRole = appCompositeApplication.addRole("APP_COMPOSITE_ROLE");
|
final RoleModel appCompositeRole = appCompositeApplication.addRole("APP_COMPOSITE_ROLE");
|
||||||
appCompositeApplication.addScopeMapping(appRole2);
|
appCompositeApplication.addScopeMapping(appRole2);
|
||||||
appCompositeRole.addCompositeRole(realmRole1);
|
appCompositeRole.addCompositeRole(realmRole1);
|
||||||
appCompositeRole.addCompositeRole(realmRole2);
|
appCompositeRole.addCompositeRole(realmRole2);
|
||||||
appCompositeRole.addCompositeRole(realmRole3);
|
appCompositeRole.addCompositeRole(realmRole3);
|
||||||
appCompositeRole.addCompositeRole(appRole1);
|
appCompositeRole.addCompositeRole(appRole1);
|
||||||
|
|
||||||
final UserModel appCompositeUser = session.users().addUser(realm, "APP_COMPOSITE_USER");
|
final UserModel appCompositeUser = session.users().addUser(realm, "APP_COMPOSITE_USER");
|
||||||
appCompositeUser.setEnabled(true);
|
appCompositeUser.setEnabled(true);
|
||||||
appCompositeUser.updateCredential(UserCredentialModel.password("password"));
|
appCompositeUser.updateCredential(UserCredentialModel.password("password"));
|
||||||
appCompositeUser.grantRole(realmAppCompositeRole);
|
appCompositeUser.grantRole(realmAppCompositeRole);
|
||||||
appCompositeUser.grantRole(realmComposite1);
|
appCompositeUser.grantRole(realmComposite1);
|
||||||
|
|
||||||
deployServlet("app", "/app", ApplicationServlet.class);
|
deployServlet("app", "/app", ApplicationServlet.class);
|
||||||
|
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
@Rule
|
@Rule
|
||||||
public WebRule webRule = new WebRule(this);
|
public WebRule webRule = new WebRule(this);
|
||||||
|
|
||||||
@WebResource
|
@WebResource
|
||||||
protected WebDriver driver;
|
protected WebDriver driver;
|
||||||
|
|
||||||
@WebResource
|
@WebResource
|
||||||
protected OAuthClient oauth;
|
protected OAuthClient oauth;
|
||||||
|
|
||||||
@WebResource
|
@WebResource
|
||||||
protected LoginPage loginPage;
|
protected LoginPage loginPage;
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testAppCompositeUser() throws Exception {
|
public void testAppCompositeUser() throws Exception {
|
||||||
oauth.realm("test");
|
oauth.realm("test");
|
||||||
oauth.realmPublicKey(realmPublicKey);
|
oauth.realmPublicKey(realmPublicKey);
|
||||||
oauth.clientId("APP_COMPOSITE_APPLICATION");
|
oauth.clientId("APP_COMPOSITE_APPLICATION");
|
||||||
oauth.doLogin("APP_COMPOSITE_USER", "password");
|
oauth.doLogin("APP_COMPOSITE_USER", "password");
|
||||||
|
|
||||||
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
|
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
|
||||||
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
|
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
|
||||||
|
|
||||||
Assert.assertEquals(200, response.getStatusCode());
|
Assert.assertEquals(200, response.getStatusCode());
|
||||||
|
|
||||||
Assert.assertEquals("bearer", response.getTokenType());
|
Assert.assertEquals("bearer", response.getTokenType());
|
||||||
|
|
||||||
AccessToken token = oauth.verifyToken(response.getAccessToken());
|
AccessToken token = oauth.verifyToken(response.getAccessToken());
|
||||||
|
|
||||||
Assert.assertEquals(keycloakRule.getUser("test", "APP_COMPOSITE_USER").getId(), token.getSubject());
|
Assert.assertEquals(keycloakRule.getUser("test", "APP_COMPOSITE_USER").getId(), token.getSubject());
|
||||||
|
|
||||||
Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
|
Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
|
||||||
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
|
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
|
||||||
Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
|
Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
|
||||||
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
|
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
|
||||||
|
|
||||||
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
|
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
|
||||||
Assert.assertEquals(200, refreshResponse.getStatusCode());
|
Assert.assertEquals(200, refreshResponse.getStatusCode());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testRealmAppCompositeUser() throws Exception {
|
public void testRealmAppCompositeUser() throws Exception {
|
||||||
oauth.realm("test");
|
oauth.realm("test");
|
||||||
oauth.realmPublicKey(realmPublicKey);
|
oauth.realmPublicKey(realmPublicKey);
|
||||||
oauth.clientId("APP_ROLE_APPLICATION");
|
oauth.clientId("APP_ROLE_APPLICATION");
|
||||||
oauth.doLogin("REALM_APP_COMPOSITE_USER", "password");
|
oauth.doLogin("REALM_APP_COMPOSITE_USER", "password");
|
||||||
|
|
||||||
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
|
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
|
||||||
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
|
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
|
||||||
|
|
||||||
Assert.assertEquals(200, response.getStatusCode());
|
Assert.assertEquals(200, response.getStatusCode());
|
||||||
|
|
||||||
Assert.assertEquals("bearer", response.getTokenType());
|
Assert.assertEquals("bearer", response.getTokenType());
|
||||||
|
|
||||||
AccessToken token = oauth.verifyToken(response.getAccessToken());
|
AccessToken token = oauth.verifyToken(response.getAccessToken());
|
||||||
|
|
||||||
Assert.assertEquals(keycloakRule.getUser("test", "REALM_APP_COMPOSITE_USER").getId(), token.getSubject());
|
Assert.assertEquals(keycloakRule.getUser("test", "REALM_APP_COMPOSITE_USER").getId(), token.getSubject());
|
||||||
|
|
||||||
Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
|
Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
|
||||||
Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
|
Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
|
||||||
|
|
||||||
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
|
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
|
||||||
Assert.assertEquals(200, refreshResponse.getStatusCode());
|
Assert.assertEquals(200, refreshResponse.getStatusCode());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testRealmOnlyWithUserCompositeAppComposite() throws Exception {
|
public void testRealmOnlyWithUserCompositeAppComposite() throws Exception {
|
||||||
oauth.realm("test");
|
oauth.realm("test");
|
||||||
oauth.realmPublicKey(realmPublicKey);
|
oauth.realmPublicKey(realmPublicKey);
|
||||||
oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
|
oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
|
||||||
oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
|
oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
|
||||||
|
|
||||||
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
|
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
|
||||||
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
|
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
|
||||||
|
|
||||||
Assert.assertEquals(200, response.getStatusCode());
|
Assert.assertEquals(200, response.getStatusCode());
|
||||||
|
|
||||||
Assert.assertEquals("bearer", response.getTokenType());
|
Assert.assertEquals("bearer", response.getTokenType());
|
||||||
|
|
||||||
AccessToken token = oauth.verifyToken(response.getAccessToken());
|
AccessToken token = oauth.verifyToken(response.getAccessToken());
|
||||||
|
|
||||||
Assert.assertEquals(keycloakRule.getUser("test", "REALM_COMPOSITE_1_USER").getId(), token.getSubject());
|
Assert.assertEquals(keycloakRule.getUser("test", "REALM_COMPOSITE_1_USER").getId(), token.getSubject());
|
||||||
|
|
||||||
Assert.assertEquals(2, token.getRealmAccess().getRoles().size());
|
Assert.assertEquals(2, token.getRealmAccess().getRoles().size());
|
||||||
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_COMPOSITE_1"));
|
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_COMPOSITE_1"));
|
||||||
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
|
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
|
||||||
|
|
||||||
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
|
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
|
||||||
Assert.assertEquals(200, refreshResponse.getStatusCode());
|
Assert.assertEquals(200, refreshResponse.getStatusCode());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testRealmOnlyWithUserCompositeAppRole() throws Exception {
|
public void testRealmOnlyWithUserCompositeAppRole() throws Exception {
|
||||||
oauth.realm("test");
|
oauth.realm("test");
|
||||||
oauth.realmPublicKey(realmPublicKey);
|
oauth.realmPublicKey(realmPublicKey);
|
||||||
oauth.clientId("REALM_ROLE_1_APPLICATION");
|
oauth.clientId("REALM_ROLE_1_APPLICATION");
|
||||||
oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
|
oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
|
||||||
|
|
||||||
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
|
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
|
||||||
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
|
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
|
||||||
|
|
||||||
Assert.assertEquals(200, response.getStatusCode());
|
Assert.assertEquals(200, response.getStatusCode());
|
||||||
|
|
||||||
Assert.assertEquals("bearer", response.getTokenType());
|
Assert.assertEquals("bearer", response.getTokenType());
|
||||||
|
|
||||||
AccessToken token = oauth.verifyToken(response.getAccessToken());
|
AccessToken token = oauth.verifyToken(response.getAccessToken());
|
||||||
|
|
||||||
Assert.assertEquals(keycloakRule.getUser("test", "REALM_COMPOSITE_1_USER").getId(), token.getSubject());
|
Assert.assertEquals(keycloakRule.getUser("test", "REALM_COMPOSITE_1_USER").getId(), token.getSubject());
|
||||||
|
|
||||||
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
|
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
|
||||||
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
|
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
|
||||||
|
|
||||||
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
|
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
|
||||||
Assert.assertEquals(200, refreshResponse.getStatusCode());
|
Assert.assertEquals(200, refreshResponse.getStatusCode());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testRealmOnlyWithUserRoleAppComposite() throws Exception {
|
public void testRealmOnlyWithUserRoleAppComposite() throws Exception {
|
||||||
oauth.realm("test");
|
oauth.realm("test");
|
||||||
oauth.realmPublicKey(realmPublicKey);
|
oauth.realmPublicKey(realmPublicKey);
|
||||||
oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
|
oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
|
||||||
oauth.doLogin("REALM_ROLE_1_USER", "password");
|
oauth.doLogin("REALM_ROLE_1_USER", "password");
|
||||||
|
|
||||||
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
|
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
|
||||||
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
|
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
|
||||||
|
|
||||||
Assert.assertEquals(200, response.getStatusCode());
|
Assert.assertEquals(200, response.getStatusCode());
|
||||||
|
|
||||||
Assert.assertEquals("bearer", response.getTokenType());
|
Assert.assertEquals("bearer", response.getTokenType());
|
||||||
|
|
||||||
AccessToken token = oauth.verifyToken(response.getAccessToken());
|
AccessToken token = oauth.verifyToken(response.getAccessToken());
|
||||||
|
|
||||||
Assert.assertEquals(keycloakRule.getUser("test", "REALM_ROLE_1_USER").getId(), token.getSubject());
|
Assert.assertEquals(keycloakRule.getUser("test", "REALM_ROLE_1_USER").getId(), token.getSubject());
|
||||||
|
|
||||||
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
|
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
|
||||||
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
|
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
|
||||||
|
|
||||||
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
|
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
|
||||||
Assert.assertEquals(200, refreshResponse.getStatusCode());
|
Assert.assertEquals(200, refreshResponse.getStatusCode());
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue