libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

Reduce code duplication and test count

Browse source
This commit is contained in:
dashaylan 2020-10-02 11:56:07 -07:00 committed by Marek Posolda
parent 0d6da99844
commit 787d44be78
3 changed files with 63 additions and 158 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerClientUserInfoTest.java Normal file
View file

@ -0,0 +1,60 @@
package org.keycloak.testsuite.broker;
import org.keycloak.models.IdentityProviderSyncMode;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
import org.keycloak.protocol.oidc.mappers.UserAttributeMapper;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
public class KcOidcBrokerClientUserInfoTest extends AbstractBrokerTest {
protected static final String ATTRIBUTE_TO_MAP_USER_INFO = "user-attribute-ufo";
@Override
protected BrokerConfiguration getBrokerConfiguration() {
return new KcOidcBrokerConfigurationUserInfoOnlyMappers();
}
private class KcOidcBrokerConfigurationUserInfoOnlyMappers extends KcOidcBrokerConfiguration {
@Override
public List<ClientRepresentation> createProviderClients() {
List<ClientRepresentation> clientsRepList = super.createProviderClients();
log.info("Update provider clients to disable attributes in Access & ID token");
ProtocolMapperRepresentation userAttrMapper = new ProtocolMapperRepresentation();
userAttrMapper.setName("attribute - name");
userAttrMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
userAttrMapper.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);
Map<String, String> userAttrMapperConfig = userAttrMapper.getConfig();
userAttrMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, ATTRIBUTE_TO_MAP_USER_INFO);
userAttrMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, ATTRIBUTE_TO_MAP_USER_INFO);
userAttrMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "false");
userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "false");
userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");
for (ClientRepresentation client: clientsRepList) {
client.setProtocolMappers(Arrays.asList(userAttrMapper));
}
return clientsRepList;
}
@Override
protected void applyDefaultConfiguration(final Map<String, String> config, IdentityProviderSyncMode syncMode) {
super.applyDefaultConfiguration(config, syncMode);
config.put("disableUserInfo", "false");
}
}
}

82
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerConfigurationUserInfoOnlyMappers.java
View file

@ -1,82 +0,0 @@
package org.keycloak.testsuite.broker;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.IdentityProviderSyncMode;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
import org.keycloak.protocol.oidc.mappers.UserAttributeMapper;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import static org.keycloak.testsuite.broker.BrokerTestConstants.*;
import static org.keycloak.testsuite.broker.BrokerTestTools.*;
/**
* @author hmlnarik
*/
public class KcOidcBrokerConfigurationUserInfoOnlyMappers extends KcOidcBrokerConfiguration {
public static final KcOidcBrokerConfigurationUserInfoOnlyMappers INSTANCE = new KcOidcBrokerConfigurationUserInfoOnlyMappers();
protected static final String ATTRIBUTE_TO_MAP_USER_INFO = "user-attribute-ufo";
@Override
public List<ClientRepresentation> createProviderClients() {
ClientRepresentation client = new ClientRepresentation();
client.setId(CLIENT_ID);
client.setClientId(getIDPClientIdInProviderRealm());
client.setName(CLIENT_ID);
client.setSecret(CLIENT_SECRET);
client.setEnabled(true);
client.setRedirectUris(Collections.singletonList(getConsumerRoot() +
"/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_OIDC_ALIAS + "/endpoint/*"));
client.setAdminUrl(getConsumerRoot() +
"/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_OIDC_ALIAS + "/endpoint");
ProtocolMapperRepresentation userAttrMapper = new ProtocolMapperRepresentation();
userAttrMapper.setName("attribute - name");
userAttrMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
userAttrMapper.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);
Map<String, String> userAttrMapperConfig = userAttrMapper.getConfig();
userAttrMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, ATTRIBUTE_TO_MAP_USER_INFO);
userAttrMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, ATTRIBUTE_TO_MAP_USER_INFO);
userAttrMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "false");
userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "false");
userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");
userAttrMapperConfig.put(ProtocolMapperUtils.MULTIVALUED, "true");
client.setProtocolMappers(Arrays.asList(userAttrMapper));
return Collections.singletonList(client);
}
@Override
protected void applyDefaultConfiguration(final Map<String, String> config, IdentityProviderSyncMode syncMode) {
config.put(IdentityProviderModel.SYNC_MODE, syncMode.toString());
config.put("clientId", CLIENT_ID);
config.put("clientSecret", CLIENT_SECRET);
config.put("prompt", "login");
config.put("authorizationUrl", getProviderRoot() + "/auth/realms/" + REALM_PROV_NAME + "/protocol/openid-connect/auth");
config.put("tokenUrl", getProviderRoot() + "/auth/realms/" + REALM_PROV_NAME + "/protocol/openid-connect/token");
config.put("logoutUrl", getProviderRoot() + "/auth/realms/" + REALM_PROV_NAME + "/protocol/openid-connect/logout");
config.put("userInfoUrl", getProviderRoot() + "/auth/realms/" + REALM_PROV_NAME + "/protocol/openid-connect/userinfo");
config.put("defaultScope", "email profile");
config.put("backchannelSupported", "true");
config.put("disableUserInfo", "false");
}
}

79
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/OidcUserInfoClaimToRoleMapperTest.java
View file

@ -2,7 +2,6 @@ package org.keycloak.testsuite.broker;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import org.jetbrains.annotations.NotNull;
import org.junit.Test;
import org.keycloak.admin.client.resource.IdentityProviderResource;
import org.keycloak.broker.oidc.mappers.ClaimToRoleMapper;
@ -15,21 +14,15 @@ import org.keycloak.representations.idm.UserRepresentation;
import java.util.List;
import static org.keycloak.models.IdentityProviderMapperSyncMode.FORCE;
import static org.keycloak.models.IdentityProviderMapperSyncMode.LEGACY;
/**
* @author <a href="mailto:external.martin.idel@bosch.io">Martin Idel</a>
*/
public class OidcUserInfoClaimToRoleMapperTest extends AbstractRoleMapperTest {
private static final String USER_INFO_CLAIM = KcOidcBrokerConfigurationUserInfoOnlyMappers.ATTRIBUTE_TO_MAP_USER_INFO;
private static final String USER_INFO_CLAIM = KcOidcBrokerClientUserInfoTest.ATTRIBUTE_TO_MAP_USER_INFO;
private static final String USER_INFO_CLAIM_VALUE = "value 1";
private String claimOnSecondLogin = "";
@Override
protected BrokerConfiguration getBrokerConfiguration() {
return new KcOidcBrokerConfigurationUserInfoOnlyMappers();
return new KcOidcBrokerClientUserInfoTest().getBrokerConfiguration();
}
@Test
@ -58,71 +51,6 @@ public class OidcUserInfoClaimToRoleMapperTest extends AbstractRoleMapperTest {
assertThatRoleHasNotBeenAssignedInConsumerRealmTo(user);
}
@Test
public void claimValuesMismatch() {
createClaimToRoleMapper("other value");
createUserInProviderRealm(ImmutableMap.<String, List<String>>builder()
.put(USER_INFO_CLAIM, ImmutableList.<String>builder().add(USER_INFO_CLAIM_VALUE).build())
.build());
logInAsUserInIDPForFirstTime();
UserRepresentation user = findUser(bc.consumerRealmName(), bc.getUserLogin(), bc.getUserEmail());
assertThatRoleHasNotBeenAssignedInConsumerRealmTo(user);
}
@Test
public void updateBrokeredUserMismatchDeletesRoleInForceMode() {
UserRepresentation user = loginWithClaimThenChangeClaimToValue("value mismatch", FORCE, false);
assertThatRoleHasNotBeenAssignedInConsumerRealmTo(user);
}
@Test
public void updateBrokeredUserMismatchDeletesRoleInLegacyMode() {
UserRepresentation user = createMapperThenLoginWithStandardClaimThenChangeClaimToValue("value mismatch", LEGACY);
assertThatRoleHasNotBeenAssignedInConsumerRealmTo(user);
}
@Test
public void updateBrokeredUserNewMatchGrantsRoleAfterFirstLoginInForceMode() {
UserRepresentation user = loginWithStandardClaimThenAddMapperAndLoginAgain(FORCE);
assertThatRoleHasBeenAssignedInConsumerRealmTo(user);
}
@Test
public void updateBrokeredUserNewMatchDoesNotGrantRoleAfterFirstLoginInLegacyMode() {
UserRepresentation user = loginWithStandardClaimThenAddMapperAndLoginAgain(LEGACY);
assertThatRoleHasNotBeenAssignedInConsumerRealmTo(user);
}
@Test
public void updateBrokeredUserDoesNotDeleteRoleIfClaimStillMatches() {
UserRepresentation user = createMapperThenLoginWithStandardClaimThenChangeClaimToValue(USER_INFO_CLAIM_VALUE, FORCE);
assertThatRoleHasBeenAssignedInConsumerRealmTo(user);
}
private UserRepresentation loginWithStandardClaimThenAddMapperAndLoginAgain(IdentityProviderMapperSyncMode syncMode) {
return loginWithClaimThenChangeClaimToValue(OidcUserInfoClaimToRoleMapperTest.USER_INFO_CLAIM_VALUE, syncMode, true);
}
private UserRepresentation createMapperThenLoginWithStandardClaimThenChangeClaimToValue(String claimOnSecondLogin, IdentityProviderMapperSyncMode syncMode) {
return loginWithClaimThenChangeClaimToValue(claimOnSecondLogin, syncMode, false);
}
@NotNull
private UserRepresentation loginWithClaimThenChangeClaimToValue(String claimOnSecondLogin, IdentityProviderMapperSyncMode syncMode, boolean createAfterFirstLogin) {
this.claimOnSecondLogin = claimOnSecondLogin;
return loginAsUserTwiceWithMapper(syncMode, createAfterFirstLogin,
ImmutableMap.<String, List<String>>builder()
.put(USER_INFO_CLAIM, ImmutableList.<String>builder().add(USER_INFO_CLAIM_VALUE).build())
.build());
}
private void createClaimToRoleMapper(String claimValue) {
IdentityProviderRepresentation idp = setupIdentityProvider();
createClaimToRoleMapper(idp, claimValue, IdentityProviderMapperSyncMode.IMPORT);
@ -137,8 +65,7 @@ public class OidcUserInfoClaimToRoleMapperTest extends AbstractRoleMapperTest {
protected void createMapperInIdp(IdentityProviderRepresentation idp, IdentityProviderMapperSyncMode syncMode) {
createClaimToRoleMapper(idp, USER_INFO_CLAIM_VALUE, syncMode);
}
@Override
protected void updateUser() {
UserRepresentation user = findUser(bc.providerRealmName(), bc.getUserLogin(), bc.getUserEmail());