remove KEYCLOAK_REMEMBERME when user logs in without rememberme checked + tests
This commit is contained in:
Vlasta Ramik
parent
c05057748f
commit
6f1b8e1fee
3 changed files with 101 additions and 1 deletions
|
|
@ -436,7 +436,11 @@ public class AuthenticationManager {
|
|||
// refresh the cookies!
|
||||
createLoginCookie(session, realm, userSession.getUser(), userSession, uriInfo, clientConnection);
|
||||
if (userSession.getState() != UserSessionModel.State.LOGGED_IN) userSession.setState(UserSessionModel.State.LOGGED_IN);
|
||||
if (userSession.isRememberMe()) createRememberMeCookie(realm, userSession.getLoginUsername(), uriInfo, clientConnection);
|
||||
if (userSession.isRememberMe()) {
|
||||
createRememberMeCookie(realm, userSession.getLoginUsername(), uriInfo, clientConnection);
|
||||
} else {
|
||||
expireRememberMeCookie(realm, uriInfo, clientConnection);
|
||||
}
|
||||
|
||||
// Update userSession note with authTime. But just if flag SSO_AUTH is not set
|
||||
if (!isSSOAuthentication(clientSession)) {
|
||||
|
|
|
|||
|
|
@ -45,6 +45,7 @@ import java.util.Map;
|
|||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertNotEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
/**
|
||||
|
|
@ -481,6 +482,55 @@ public class LoginTest extends TestRealmKeycloakTest {
|
|||
setRememberMe(false);
|
||||
}
|
||||
}
|
||||
|
||||
//KEYCLOAK-2741
|
||||
@Test
|
||||
public void loginAgainWithoutRememberMe() {
|
||||
setRememberMe(true);
|
||||
|
||||
try {
|
||||
//login with remember me
|
||||
loginPage.open();
|
||||
assertFalse(loginPage.isRememberMeChecked());
|
||||
loginPage.setRememberMe(true);
|
||||
assertTrue(loginPage.isRememberMeChecked());
|
||||
loginPage.login("login-test", "password");
|
||||
|
||||
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
||||
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
|
||||
EventRepresentation loginEvent = events.expectLogin().user(userId)
|
||||
.detail(Details.USERNAME, "login-test")
|
||||
.detail(Details.REMEMBER_ME, "true")
|
||||
.assertEvent();
|
||||
String sessionId = loginEvent.getSessionId();
|
||||
|
||||
// Expire session
|
||||
testingClient.testing().removeUserSession("test", sessionId);
|
||||
|
||||
// Assert rememberMe checked and username/email prefilled
|
||||
loginPage.open();
|
||||
assertTrue(loginPage.isRememberMeChecked());
|
||||
Assert.assertEquals("login-test", loginPage.getUsername());
|
||||
|
||||
//login without remember me
|
||||
loginPage.setRememberMe(false);
|
||||
loginPage.login("login-test", "password");
|
||||
|
||||
// Expire session
|
||||
loginEvent = events.expectLogin().user(userId)
|
||||
.detail(Details.USERNAME, "login-test")
|
||||
.assertEvent();
|
||||
sessionId = loginEvent.getSessionId();
|
||||
testingClient.testing().removeUserSession("test", sessionId);
|
||||
|
||||
// Assert rememberMe not checked nor username/email prefilled
|
||||
loginPage.open();
|
||||
assertFalse(loginPage.isRememberMeChecked());
|
||||
assertNotEquals("login-test", loginPage.getUsername());
|
||||
} finally {
|
||||
setRememberMe(false);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
// KEYCLOAK-3181
|
||||
|
|
|
|||
|
|
@ -29,8 +29,10 @@ import org.keycloak.testsuite.pages.LoginPage;
|
|||
import java.io.IOException;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertNotEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import org.keycloak.testsuite.auth.page.account.AccountManagement;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||
|
|
@ -47,6 +49,9 @@ public class LogoutTest extends TestRealmKeycloakTest {
|
|||
@Page
|
||||
protected LoginPage loginPage;
|
||||
|
||||
@Page
|
||||
protected AccountManagement accountManagementPage;
|
||||
|
||||
@Override
|
||||
public void configureTestRealm(RealmRepresentation testRealm) {
|
||||
}
|
||||
|
|
@ -130,4 +135,45 @@ public class LogoutTest extends TestRealmKeycloakTest {
|
|||
events.expectLogin().session(sessionId3).removeDetail(Details.USERNAME).assertEvent();
|
||||
}
|
||||
|
||||
//KEYCLOAK-2741
|
||||
@Test
|
||||
public void logoutWithRememberMe() {
|
||||
setRememberMe(true);
|
||||
|
||||
try {
|
||||
loginPage.open();
|
||||
assertFalse(loginPage.isRememberMeChecked());
|
||||
loginPage.setRememberMe(true);
|
||||
assertTrue(loginPage.isRememberMeChecked());
|
||||
loginPage.login("test-user@localhost", "password");
|
||||
|
||||
String sessionId = events.expectLogin().assertEvent().getSessionId();
|
||||
|
||||
// Expire session
|
||||
testingClient.testing().removeUserSession("test", sessionId);
|
||||
|
||||
// Assert rememberMe checked and username/email prefilled
|
||||
loginPage.open();
|
||||
assertTrue(loginPage.isRememberMeChecked());
|
||||
assertEquals("test-user@localhost", loginPage.getUsername());
|
||||
|
||||
loginPage.login("test-user@localhost", "password");
|
||||
|
||||
//log out
|
||||
appPage.openAccount();
|
||||
accountManagementPage.signOut();
|
||||
// Assert rememberMe not checked nor username/email prefilled
|
||||
assertTrue(loginPage.isCurrent());
|
||||
assertFalse(loginPage.isRememberMeChecked());
|
||||
assertNotEquals("test-user@localhost", loginPage.getUsername());
|
||||
} finally {
|
||||
setRememberMe(false);
|
||||
}
|
||||
}
|
||||
|
||||
private void setRememberMe(boolean enabled) {
|
||||
RealmRepresentation rep = adminClient.realm("test").toRepresentation();
|
||||
rep.setRememberMe(enabled);
|
||||
adminClient.realm("test").update(rep);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue