libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

KEYCLOAK-14826 Fix non-ssl auth-server tests failures

Browse source
This commit is contained in:
mhajas 2020-07-23 11:25:31 +02:00 committed by Hynek Mlnařík
parent 9416dd9339
commit 74988a3f21
6 changed files with 50 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/updaters/ClientAttributeUpdater.java
View file

@ -10,6 +10,7 @@ import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.function.Function; import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import static org.hamcrest.Matchers.hasSize; import static org.hamcrest.Matchers.hasSize;
import static org.junit.Assert.assertThat; import static org.junit.Assert.assertThat;
@ -78,6 +79,11 @@ public class ClientAttributeUpdater extends ServerResourceUpdater<ClientAttribut
this.rep.setRedirectUris(values); this.rep.setRedirectUris(values);
return this; return this;
} }
public ClientAttributeUpdater filterRedirectUris(Predicate<String> filter) {
this.rep.setRedirectUris(this.rep.getRedirectUris().stream().filter(filter).collect(Collectors.toList()));
return this;
}
public ClientAttributeUpdater removeAttribute(String name) { public ClientAttributeUpdater removeAttribute(String name) {
this.rep.getAttributes().remove(name); this.rep.getAttributes().remove(name);

15
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java
View file

@ -186,8 +186,7 @@ public class IdentityProviderTest extends AbstractAdminTest {
oidcConfig.setAuthorizationUrl("invalid://test"); oidcConfig.setAuthorizationUrl("invalid://test");
try (Response response = this.realm.identityProviders().create(newIdentityProvider)) { try (Response response = this.realm.identityProviders().create(newIdentityProvider)) {
assertEquals(AUTH_SERVER_SSL_REQUIRED ? Response.Status.BAD_REQUEST.getStatusCode() : assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
Response.Status.CREATED.getStatusCode(), response.getStatus());
ErrorRepresentation error = response.readEntity(ErrorRepresentation.class); ErrorRepresentation error = response.readEntity(ErrorRepresentation.class);
assertEquals("The url [authorization_url] is malformed", error.getErrorMessage()); assertEquals("The url [authorization_url] is malformed", error.getErrorMessage());
} }
@ -196,8 +195,7 @@ public class IdentityProviderTest extends AbstractAdminTest {
oidcConfig.setTokenUrl("http://test"); oidcConfig.setTokenUrl("http://test");
try (Response response = this.realm.identityProviders().create(newIdentityProvider)) { try (Response response = this.realm.identityProviders().create(newIdentityProvider)) {
assertEquals(AUTH_SERVER_SSL_REQUIRED ? Response.Status.BAD_REQUEST.getStatusCode() : assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
Response.Status.CREATED.getStatusCode(), response.getStatus());
ErrorRepresentation error = response.readEntity(ErrorRepresentation.class); ErrorRepresentation error = response.readEntity(ErrorRepresentation.class);
assertEquals("The url [token_url] requires secure connections", error.getErrorMessage()); assertEquals("The url [token_url] requires secure connections", error.getErrorMessage());
} }
@ -207,8 +205,7 @@ public class IdentityProviderTest extends AbstractAdminTest {
oidcConfig.setJwksUrl("http://test"); oidcConfig.setJwksUrl("http://test");
try (Response response = this.realm.identityProviders().create(newIdentityProvider)) { try (Response response = this.realm.identityProviders().create(newIdentityProvider)) {
assertEquals(AUTH_SERVER_SSL_REQUIRED ? Response.Status.BAD_REQUEST.getStatusCode() : assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
Response.Status.CREATED.getStatusCode(), response.getStatus());
ErrorRepresentation error = response.readEntity(ErrorRepresentation.class); ErrorRepresentation error = response.readEntity(ErrorRepresentation.class);
assertEquals("The url [jwks_url] requires secure connections", error.getErrorMessage()); assertEquals("The url [jwks_url] requires secure connections", error.getErrorMessage());
} }
@ -219,8 +216,7 @@ public class IdentityProviderTest extends AbstractAdminTest {
oidcConfig.setLogoutUrl("http://test"); oidcConfig.setLogoutUrl("http://test");
try (Response response = this.realm.identityProviders().create(newIdentityProvider)) { try (Response response = this.realm.identityProviders().create(newIdentityProvider)) {
assertEquals(AUTH_SERVER_SSL_REQUIRED ? Response.Status.BAD_REQUEST.getStatusCode() : assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
Response.Status.CREATED.getStatusCode(), response.getStatus());
ErrorRepresentation error = response.readEntity(ErrorRepresentation.class); ErrorRepresentation error = response.readEntity(ErrorRepresentation.class);
assertEquals("The url [logout_url] requires secure connections", error.getErrorMessage()); assertEquals("The url [logout_url] requires secure connections", error.getErrorMessage());
} }
@ -232,8 +228,7 @@ public class IdentityProviderTest extends AbstractAdminTest {
oidcConfig.setUserInfoUrl("http://test"); oidcConfig.setUserInfoUrl("http://test");
try (Response response = this.realm.identityProviders().create(newIdentityProvider)) { try (Response response = this.realm.identityProviders().create(newIdentityProvider)) {
assertEquals(AUTH_SERVER_SSL_REQUIRED ? Response.Status.BAD_REQUEST.getStatusCode() : assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
Response.Status.CREATED.getStatusCode(), response.getStatus());
ErrorRepresentation error = response.readEntity(ErrorRepresentation.class); ErrorRepresentation error = response.readEntity(ErrorRepresentation.class);
assertEquals("The url [userinfo_url] requires secure connections", error.getErrorMessage()); assertEquals("The url [userinfo_url] requires secure connections", error.getErrorMessage());
} }

26
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java
View file

@ -78,8 +78,13 @@ import java.util.HashMap;
import java.util.LinkedList; import java.util.LinkedList;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.empty;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not;
import static org.keycloak.testsuite.util.OAuthClient.AUTH_SERVER_ROOT; import static org.keycloak.testsuite.util.OAuthClient.AUTH_SERVER_ROOT;
import static org.keycloak.testsuite.util.ServerURLs.getAuthServerContextRoot; import static org.keycloak.testsuite.util.ServerURLs.getAuthServerContextRoot;
@ -221,7 +226,9 @@ public class ImpersonationTest extends AbstractKeycloakTest {
loginPage.assertCurrent(); loginPage.assertCurrent();
// Impersonate and get SSO cookie. Setup that cookie for webDriver // Impersonate and get SSO cookie. Setup that cookie for webDriver
driver.manage().addCookie(testSuccessfulImpersonation("realm-admin", "test")); for (Cookie cookie : testSuccessfulImpersonation("realm-admin", "test")) {
driver.manage().addCookie(cookie);
}
// Open the URL again - should be directly redirected to the app due the SSO login // Open the URL again - should be directly redirected to the app due the SSO login
driver.navigate().to(loginFormUrl); driver.navigate().to(loginFormUrl);
@ -235,7 +242,7 @@ public class ImpersonationTest extends AbstractKeycloakTest {
// Return the SSO cookie from the impersonated session // Return the SSO cookie from the impersonated session
protected Cookie testSuccessfulImpersonation(String admin, String adminRealm) { protected Set<Cookie> testSuccessfulImpersonation(String admin, String adminRealm) {
ResteasyClientBuilder resteasyClientBuilder = new ResteasyClientBuilder(); ResteasyClientBuilder resteasyClientBuilder = new ResteasyClientBuilder();
resteasyClientBuilder.connectionPoolSize(10); resteasyClientBuilder.connectionPoolSize(10);
resteasyClientBuilder.httpEngine(AdminClientUtil.getCustomClientHttpEngine(resteasyClientBuilder, 10)); resteasyClientBuilder.httpEngine(AdminClientUtil.getCustomClientHttpEngine(resteasyClientBuilder, 10));
@ -248,7 +255,7 @@ public class ImpersonationTest extends AbstractKeycloakTest {
} }
} }
private Cookie impersonate(Keycloak adminClient, String admin, String adminRealm) { private Set<Cookie> impersonate(Keycloak adminClient, String admin, String adminRealm) {
BasicCookieStore cookieStore = new BasicCookieStore(); BasicCookieStore cookieStore = new BasicCookieStore();
try (CloseableHttpClient httpClient = HttpClientBuilder.create().setDefaultCookieStore(cookieStore).build()) { try (CloseableHttpClient httpClient = HttpClientBuilder.create().setDefaultCookieStore(cookieStore).build()) {
@ -284,12 +291,15 @@ public class ImpersonationTest extends AbstractKeycloakTest {
Assert.assertNotNull(notes.get(ImpersonationSessionNote.IMPERSONATOR_ID.toString())); Assert.assertNotNull(notes.get(ImpersonationSessionNote.IMPERSONATOR_ID.toString()));
Assert.assertEquals(admin, notes.get(ImpersonationSessionNote.IMPERSONATOR_USERNAME.toString())); Assert.assertEquals(admin, notes.get(ImpersonationSessionNote.IMPERSONATOR_USERNAME.toString()));
org.apache.http.cookie.Cookie cookie = cookieStore.getCookies().stream() Set<Cookie> cookies = cookieStore.getCookies().stream()
.filter(c -> c.getName().equals(AuthenticationManager.KEYCLOAK_IDENTITY_COOKIE)) .filter(c -> c.getName().startsWith(AuthenticationManager.KEYCLOAK_IDENTITY_COOKIE))
.findAny().orElse(null); .map(c -> new Cookie(c.getName(), c.getValue(), c.getDomain(), c.getPath(), c.getExpiryDate(), c.isSecure(), true) )
Assert.assertNotNull(cookie); .collect(Collectors.toSet());
return new Cookie(cookie.getName(), cookie.getValue(), cookie.getDomain(), cookie.getPath(), cookie.getExpiryDate(), cookie.isSecure(), true); Assert.assertNotNull(cookies);
Assert.assertThat(cookies, is(not(empty())));
return cookies;
} }
catch (IOException e) { catch (IOException e) {
throw new RuntimeException(e); throw new RuntimeException(e);

7
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientPolicyBasicsTest.java
View file

@ -86,6 +86,7 @@ import org.keycloak.testsuite.util.OAuthClient;
import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
import org.keycloak.testsuite.util.ServerURLs;
@EnableFeature(value = Profile.Feature.CLIENT_POLICIES, skipRestart = true) @EnableFeature(value = Profile.Feature.CLIENT_POLICIES, skipRestart = true)
public class ClientPolicyBasicsTest extends AbstractKeycloakTest { public class ClientPolicyBasicsTest extends AbstractKeycloakTest {
@ -827,7 +828,7 @@ public class ClientPolicyBasicsTest extends AbstractKeycloakTest {
clientRep.setBearerOnly(Boolean.FALSE); clientRep.setBearerOnly(Boolean.FALSE);
clientRep.setPublicClient(Boolean.FALSE); clientRep.setPublicClient(Boolean.FALSE);
clientRep.setServiceAccountsEnabled(Boolean.TRUE); clientRep.setServiceAccountsEnabled(Boolean.TRUE);
clientRep.setRedirectUris(Collections.singletonList("https://localhost:8543/auth/realms/master/app/auth")); clientRep.setRedirectUris(Collections.singletonList(ServerURLs.getAuthServerContextRoot() + "/auth/realms/master/app/auth"));
op.accept(clientRep); op.accept(clientRep);
Response resp = adminClient.realm(REALM_NAME).clients().create(clientRep); Response resp = adminClient.realm(REALM_NAME).clients().create(clientRep);
if (resp.getStatus() == Response.Status.BAD_REQUEST.getStatusCode()) { if (resp.getStatus() == Response.Status.BAD_REQUEST.getStatusCode()) {
@ -858,8 +859,8 @@ public class ClientPolicyBasicsTest extends AbstractKeycloakTest {
private String createClientDynamically(String clientName, Consumer<OIDCClientRepresentation> op) throws ClientRegistrationException { private String createClientDynamically(String clientName, Consumer<OIDCClientRepresentation> op) throws ClientRegistrationException {
OIDCClientRepresentation clientRep = new OIDCClientRepresentation(); OIDCClientRepresentation clientRep = new OIDCClientRepresentation();
clientRep.setClientName(clientName); clientRep.setClientName(clientName);
clientRep.setClientUri("https://localhost:8543"); clientRep.setClientUri(ServerURLs.getAuthServerContextRoot());
clientRep.setRedirectUris(Collections.singletonList("https://localhost:8543/auth/realms/master/app/auth")); clientRep.setRedirectUris(Collections.singletonList(ServerURLs.getAuthServerContextRoot() + "/auth/realms/master/app/auth"));
op.accept(clientRep); op.accept(clientRep);
OIDCClientRepresentation response = reg.oidc().create(clientRep); OIDCClientRepresentation response = reg.oidc().create(clientRep);
reg.auth(Auth.token(response)); reg.auth(Auth.token(response));

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cluster/AuthenticationSessionFailoverClusterTest.java
View file

@ -30,6 +30,7 @@ import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.managers.AuthenticationSessionManager; import org.keycloak.services.managers.AuthenticationSessionManager;
import org.keycloak.services.util.CookieHelper;
import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.pages.AppPage;
@ -165,6 +166,9 @@ public class AuthenticationSessionFailoverClusterTest extends AbstractFailoverCl
public static String getAuthSessionCookieValue(WebDriver driver) { public static String getAuthSessionCookieValue(WebDriver driver) {
Cookie authSessionCookie = driver.manage().getCookieNamed(AuthenticationSessionManager.AUTH_SESSION_ID); Cookie authSessionCookie = driver.manage().getCookieNamed(AuthenticationSessionManager.AUTH_SESSION_ID);
if (authSessionCookie == null) {
authSessionCookie = driver.manage().getCookieNamed(AuthenticationSessionManager.AUTH_SESSION_ID + CookieHelper.LEGACY_COOKIE);
}
Assert.assertNotNull(authSessionCookie); Assert.assertNotNull(authSessionCookie);
return authSessionCookie.getValue(); return authSessionCookie.getValue();
} }

23
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
View file

@ -1116,19 +1116,22 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
final String REDIRECT_URI = OAuthClient.AUTH_SERVER_ROOT + "/realms/master/app/auth"; final String REDIRECT_URI = OAuthClient.AUTH_SERVER_ROOT + "/realms/master/app/auth";
final String CLIENT_ID = "test-app"; final String CLIENT_ID = "test-app";
try (BrowserTabUtil tabUtil = BrowserTabUtil.getInstanceAndSetEnv(driver)) { try (ClientAttributeUpdater cau = ClientAttributeUpdater.forClient(getAdminClient(), TEST_REALM_NAME, CLIENT_ID)
assertThat(tabUtil.getCountOfTabs(), Matchers.is(1)); .filterRedirectUris(uri -> uri.contains(getAuthServerRoot().toString()))
.update()) {
try (BrowserTabUtil tabUtil = BrowserTabUtil.getInstanceAndSetEnv(driver)) {
assertThat(tabUtil.getCountOfTabs(), Matchers.is(1));
loginPage.open(); loginPage.open();
resetPasswordTwiceInNewTab(defaultUser, CLIENT_ID, false, REDIRECT_URI); resetPasswordTwiceInNewTab(defaultUser, CLIENT_ID, false, REDIRECT_URI);
assertThat(driver.getCurrentUrl(), Matchers.containsString(REDIRECT_URI)); assertThat(driver.getCurrentUrl(), Matchers.containsString(REDIRECT_URI));
oauth.openLogout(); oauth.openLogout();
loginPage.open();
resetPasswordTwiceInNewTab(defaultUser, CLIENT_ID, true, REDIRECT_URI);
assertThat(driver.getCurrentUrl(), Matchers.containsString(REDIRECT_URI));
loginPage.open();
resetPasswordTwiceInNewTab(defaultUser, CLIENT_ID, true, REDIRECT_URI);
assertThat(driver.getCurrentUrl(), Matchers.containsString(REDIRECT_URI));
}
} }
} }