Tests for role and time policy configuration validation

Closes #28978

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
This commit is contained in:
Pedro Igor 2024-10-21 16:50:46 -03:00
parent a84a2c2ac2
commit 6d5923d560
2 changed files with 86 additions and 2 deletions

View file

@ -24,9 +24,11 @@ import static org.junit.Assert.fail;
import java.util.Collections;
import java.util.stream.Collectors;
import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.Response.Status;
import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.ClientResource;
@ -36,11 +38,13 @@ import org.keycloak.admin.client.resource.RolePolicyResource;
import org.keycloak.admin.client.resource.RolesResource;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.OAuth2ErrorRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.RolePolicyRepresentation;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.RoleBuilder;
import org.keycloak.testsuite.util.RolesBuilder;
@ -229,13 +233,49 @@ public class RolePolicyManagementTest extends AbstractPolicyManagementTest {
}
}
private void assertCreated(AuthorizationResource authorization, RolePolicyRepresentation representation) {
@Test
public void testFailDuplicatedRoles() {
AuthorizationResource authorization = getClient().authorization();
RolePolicyRepresentation representation = new RolePolicyRepresentation();
representation.setName(KeycloakModelUtils.generateId());
representation.setDescription("description");
representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
representation.setLogic(Logic.NEGATIVE);
representation.addRole("Role A");
representation.addRole("Role A");
try (
Response response = authorization.policies().role().create(representation);
) {
assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
assertEquals("Role can't be specified multiple times - Role A", response.readEntity(OAuth2ErrorRepresentation.class).getError());
}
representation.getRoles().clear();
representation.addRole("Role A");
representation.addRole("Role B");
representation = assertCreated(authorization, representation);
representation.addRole("Role B");
try {
authorization.policies().role().findById(representation.getId()).update(representation);
Assert.fail("should fail due to duplicated roles");
} catch (BadRequestException bre) {
Response response = bre.getResponse();
assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
assertEquals("Role can't be specified multiple times - Role B", response.readEntity(OAuth2ErrorRepresentation.class).getError());
}
}
private RolePolicyRepresentation assertCreated(AuthorizationResource authorization, RolePolicyRepresentation representation) {
RolePoliciesResource permissions = authorization.policies().role();
try (Response response = permissions.create(representation)) {
RolePolicyRepresentation created = response.readEntity(RolePolicyRepresentation.class);
RolePolicyResource permission = permissions.findById(created.getId());
assertRepresentation(representation, permission);
return permission.toRepresentation();
}
}

View file

@ -21,16 +21,21 @@ import static org.junit.Assert.fail;
import java.util.Collections;
import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.Response.Status;
import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.TimePoliciesResource;
import org.keycloak.admin.client.resource.TimePolicyResource;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.idm.OAuth2ErrorRepresentation;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.TimePolicyRepresentation;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.testsuite.Assert;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
@ -118,6 +123,44 @@ public class TimePolicyManagementTest extends AbstractPolicyManagementTest {
}
}
@Test
public void testInvalidDateFormat() {
AuthorizationResource authorization = getClient().authorization();
TimePolicyRepresentation representation = createRepresentation(KeycloakModelUtils.generateId());
representation.setNotBefore("invalid");
representation.setNotOnOrAfter("invalid");
try (
Response response = authorization.policies().time().create(representation)
) {
assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
assertEquals("Unable not parse a date using format [" + representation.getNotOnOrAfter() + "]", response.readEntity(OAuth2ErrorRepresentation.class).getError());
}
representation.setNotBefore("2017-01-01 00:00:00");
try (
Response response = authorization.policies().time().create(representation)
) {
assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
assertEquals("Unable not parse a date using format [" + representation.getNotOnOrAfter() + "]", response.readEntity(OAuth2ErrorRepresentation.class).getError());
}
representation.setNotOnOrAfter("2017-02-01 00:00:00");
representation = assertCreated(authorization, representation);
try {
representation.setNotOnOrAfter("2016-02-01 00:00:00");
authorization.policies().time().findById(representation.getId()).update(representation);
Assert.fail("should fail due to invalid dates");
} catch (BadRequestException bre) {
Response response = bre.getResponse();
assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
assertEquals("Expire time can't be set to a date before start time", response.readEntity(OAuth2ErrorRepresentation.class).getError());
}
}
private TimePolicyRepresentation createRepresentation(String name) {
TimePolicyRepresentation representation = new TimePolicyRepresentation();
@ -140,13 +183,14 @@ public class TimePolicyManagementTest extends AbstractPolicyManagementTest {
return representation;
}
private void assertCreated(AuthorizationResource authorization, TimePolicyRepresentation representation) {
private TimePolicyRepresentation assertCreated(AuthorizationResource authorization, TimePolicyRepresentation representation) {
TimePoliciesResource permissions = authorization.policies().time();
try (Response response = permissions.create(representation)) {
TimePolicyRepresentation created = response.readEntity(TimePolicyRepresentation.class);
TimePolicyResource permission = permissions.findById(created.getId());
assertRepresentation(representation, permission);
return permission.toRepresentation();
}
}