Tests: Determine IDs from Keycloak
Instead of assuming that the ID of created objects is honored, the tests are rewritten in the way which obtains the ID from the created objects. This is to account for storages where ID is not necessarily an UUID and cannot be thus prescribed. Closes: #19814
This commit is contained in:
Hynek Mlnarik
Hynek Mlnařík
parent
b22801c8dd
commit
80ba42a0b4
22 changed files with 183 additions and 89 deletions
|
|
@ -43,6 +43,7 @@ import org.keycloak.testsuite.util.ClientBuilder;
|
||||||
import org.keycloak.testsuite.util.ClientScopeBuilder;
|
import org.keycloak.testsuite.util.ClientScopeBuilder;
|
||||||
import org.keycloak.testsuite.util.RealmBuilder;
|
import org.keycloak.testsuite.util.RealmBuilder;
|
||||||
import org.keycloak.testsuite.util.UserBuilder;
|
import org.keycloak.testsuite.util.UserBuilder;
|
||||||
|
import java.util.Objects;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Test for the various "Advanced" scenarios of java admin-client
|
* Test for the various "Advanced" scenarios of java admin-client
|
||||||
|
|
@ -78,11 +79,9 @@ public class AdminClientTest extends AbstractKeycloakTest {
|
||||||
RealmBuilder realm = RealmBuilder.create().name(realmName)
|
RealmBuilder realm = RealmBuilder.create().name(realmName)
|
||||||
.testEventListener();
|
.testEventListener();
|
||||||
|
|
||||||
clientUUID = KeycloakModelUtils.generateId();
|
|
||||||
clientId = "service-account-cl";
|
clientId = "service-account-cl";
|
||||||
clientSecret = "secret1";
|
clientSecret = "secret1";
|
||||||
ClientRepresentation enabledAppWithSkipRefreshToken = ClientBuilder.create()
|
ClientRepresentation enabledAppWithSkipRefreshToken = ClientBuilder.create()
|
||||||
.id(clientUUID)
|
|
||||||
.clientId(clientId)
|
.clientId(clientId)
|
||||||
.secret(clientSecret)
|
.secret(clientSecret)
|
||||||
.serviceAccountsEnabled(true)
|
.serviceAccountsEnabled(true)
|
||||||
|
|
@ -92,7 +91,6 @@ public class AdminClientTest extends AbstractKeycloakTest {
|
||||||
userId = KeycloakModelUtils.generateId();
|
userId = KeycloakModelUtils.generateId();
|
||||||
userName = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + enabledAppWithSkipRefreshToken.getClientId();
|
userName = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + enabledAppWithSkipRefreshToken.getClientId();
|
||||||
UserBuilder serviceAccountUser = UserBuilder.create()
|
UserBuilder serviceAccountUser = UserBuilder.create()
|
||||||
.id(userId)
|
|
||||||
.username(userName)
|
.username(userName)
|
||||||
.serviceAccountId(enabledAppWithSkipRefreshToken.getClientId())
|
.serviceAccountId(enabledAppWithSkipRefreshToken.getClientId())
|
||||||
.role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.REALM_ADMIN);
|
.role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.REALM_ADMIN);
|
||||||
|
|
@ -108,6 +106,15 @@ public class AdminClientTest extends AbstractKeycloakTest {
|
||||||
testRealms.add(realm.build());
|
testRealms.add(realm.build());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void importRealm(RealmRepresentation realm) {
|
||||||
|
super.importRealm(realm);
|
||||||
|
if (Objects.equals(realm.getRealm(), realmName)) {
|
||||||
|
clientUUID = adminClient.realm(realmName).clients().findByClientId(clientId).get(0).getId();
|
||||||
|
userId = adminClient.realm(realmName).users().searchByUsername(userName, true).get(0).getId();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void clientCredentialsAuthSuccess() throws Exception {
|
public void clientCredentialsAuthSuccess() throws Exception {
|
||||||
try (Keycloak adminClient = AdminClientUtil.createAdminClientWithClientCredentials(realmName, clientId, clientSecret, null)) {
|
try (Keycloak adminClient = AdminClientUtil.createAdminClientWithClientCredentials(realmName, clientId, clientSecret, null)) {
|
||||||
|
|
@ -173,8 +180,7 @@ public class AdminClientTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
// we need to create custom scope after import, otherwise the default scopes are missing.
|
// we need to create custom scope after import, otherwise the default scopes are missing.
|
||||||
final String scopeName = "myScope";
|
final String scopeName = "myScope";
|
||||||
final String scopeId = KeycloakModelUtils.generateId();
|
String scopeId = createScope(testRealm, scopeName, KeycloakModelUtils.generateId());
|
||||||
createScope(testRealm, scopeName, scopeId);
|
|
||||||
testRealm.clients().get(clientUUID).addOptionalClientScope(scopeId);
|
testRealm.clients().get(clientUUID).addOptionalClientScope(scopeId);
|
||||||
|
|
||||||
// with scope
|
// with scope
|
||||||
|
|
@ -198,11 +204,13 @@ public class AdminClientTest extends AbstractKeycloakTest {
|
||||||
client.update(clientRep);
|
client.update(clientRep);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void createScope(RealmResource testRealm, String scopeName, String scopeId) {
|
private String createScope(RealmResource testRealm, String scopeName, String scopeId) {
|
||||||
final ClientScopeRepresentation testScope =
|
final ClientScopeRepresentation testScope =
|
||||||
ClientScopeBuilder.create().name(scopeName).protocol("openid-connect").build();
|
ClientScopeBuilder.create().name(scopeName).protocol("openid-connect").build();
|
||||||
testScope.setId(scopeId);
|
testScope.setId(scopeId);
|
||||||
final Response scope = testRealm.clientScopes().create(testScope);
|
try (Response response = testRealm.clientScopes().create(testScope)) {
|
||||||
Assert.assertEquals(201, scope.getStatus());
|
Assert.assertEquals(201, response.getStatus());
|
||||||
|
return ApiUtil.getCreatedId(response);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -88,6 +88,15 @@ public class AdminEventAuthDetailsTest extends AbstractAuthTest {
|
||||||
testRealms.add(realm.build());
|
testRealms.add(realm.build());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void importTestRealms() {
|
||||||
|
super.importTestRealms();
|
||||||
|
client1Uuid = adminClient.realm("test").clients().findByClientId("client1").get(0).getId();
|
||||||
|
admin1Id = adminClient.realm("test").users().search("admin1", true).get(0).getId();
|
||||||
|
admin2Id = adminClient.realm("test").users().search("admin2", true).get(0).getId();
|
||||||
|
appUserId = adminClient.realm("test").users().search("app-user", true).get(0).getId();
|
||||||
|
}
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void initConfig() {
|
public void initConfig() {
|
||||||
RealmResource masterRealm = adminClient.realm(MASTER);
|
RealmResource masterRealm = adminClient.realm(MASTER);
|
||||||
|
|
|
||||||
|
|
@ -80,6 +80,7 @@ import static org.junit.Assert.assertTrue;
|
||||||
|
|
||||||
import org.keycloak.admin.client.Keycloak;
|
import org.keycloak.admin.client.Keycloak;
|
||||||
import org.keycloak.models.AdminRoles;
|
import org.keycloak.models.AdminRoles;
|
||||||
|
import org.keycloak.models.GroupModel;
|
||||||
import org.keycloak.models.ModelDuplicateException;
|
import org.keycloak.models.ModelDuplicateException;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
|
|
@ -278,18 +279,19 @@ public class GroupTest extends AbstractGroupTest {
|
||||||
@Test
|
@Test
|
||||||
@UncaughtServerErrorExpected
|
@UncaughtServerErrorExpected
|
||||||
public void doNotAllowSameGroupNameAtTopLevelInDatabase() throws Exception {
|
public void doNotAllowSameGroupNameAtTopLevelInDatabase() throws Exception {
|
||||||
final String id = KeycloakModelUtils.generateId();
|
final String id = testingClient.server().fetch(session -> {
|
||||||
testingClient.server().run(session -> {
|
|
||||||
RealmModel realm = session.realms().getRealmByName("test");
|
RealmModel realm = session.realms().getRealmByName("test");
|
||||||
realm.createGroup(id, "test-group");
|
GroupModel g = realm.createGroup("test-group");
|
||||||
});
|
return g.getId();
|
||||||
|
}, String.class);
|
||||||
getCleanup().addGroupId(id);
|
getCleanup().addGroupId(id);
|
||||||
// unique key should work even in top groups
|
// unique key should work even in top groups
|
||||||
expectedException.expect(RunOnServerException.class);
|
expectedException.expect(RunOnServerException.class);
|
||||||
expectedException.expectMessage(ModelDuplicateException.class.getName());
|
expectedException.expectMessage(ModelDuplicateException.class.getName());
|
||||||
testingClient.server().run(session -> {
|
testingClient.server().run(session -> {
|
||||||
RealmModel realm = session.realms().getRealmByName("test");
|
RealmModel realm = session.realms().getRealmByName("test");
|
||||||
realm.createGroup("test-group");
|
GroupModel g = realm.createGroup("test-group");
|
||||||
|
realm.removeGroup(g);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -52,6 +52,8 @@ import org.keycloak.testsuite.util.UserBuilder;
|
||||||
public abstract class AbstractResourceServerTest extends AbstractAuthzTest {
|
public abstract class AbstractResourceServerTest extends AbstractAuthzTest {
|
||||||
|
|
||||||
protected static final String REALM_NAME = "authz-test";
|
protected static final String REALM_NAME = "authz-test";
|
||||||
|
protected String martaId;
|
||||||
|
protected String koloId;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||||
|
|
@ -81,6 +83,13 @@ public abstract class AbstractResourceServerTest extends AbstractAuthzTest {
|
||||||
.build());
|
.build());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void importTestRealms() {
|
||||||
|
super.importTestRealms();
|
||||||
|
koloId = adminClient.realm(REALM_NAME).users().search("kolo", true).get(0).getId();
|
||||||
|
martaId = adminClient.realm(REALM_NAME).users().search("marta", true).get(0).getId();
|
||||||
|
}
|
||||||
|
|
||||||
protected AuthorizationResponse authorize(String resourceName, String[] scopeNames, String claimToken) {
|
protected AuthorizationResponse authorize(String resourceName, String[] scopeNames, String claimToken) {
|
||||||
return authorize(null, null, resourceName, scopeNames, null, null, claimToken);
|
return authorize(null, null, resourceName, scopeNames, null, null, claimToken);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -586,6 +586,7 @@ public class EntitlementAPITest extends AbstractAuthzTest {
|
||||||
request.addPermission("Sensortest", "sensors:view");
|
request.addPermission("Sensortest", "sensors:view");
|
||||||
|
|
||||||
getTestContext().getTestingClient().testing().clearEventQueue();
|
getTestContext().getTestingClient().testing().clearEventQueue();
|
||||||
|
AccessToken at = toAccessToken(accessToken);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
authzClient.authorization(accessToken).authorize(request);
|
authzClient.authorization(accessToken).authorize(request);
|
||||||
|
|
@ -595,11 +596,12 @@ public class EntitlementAPITest extends AbstractAuthzTest {
|
||||||
assertTrue(HttpResponseException.class.cast(expected.getCause()).toString().contains("invalid_resource"));
|
assertTrue(HttpResponseException.class.cast(expected.getCause()).toString().contains("invalid_resource"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
events.expect(EventType.PERMISSION_TOKEN_ERROR).realm(getRealm().toRepresentation().getId()).client(RESOURCE_SERVER_TEST)
|
events.expect(EventType.PERMISSION_TOKEN_ERROR).realm(getRealm().toRepresentation().getId()).client(RESOURCE_SERVER_TEST)
|
||||||
.session((String) null)
|
.session((String) null)
|
||||||
.error("invalid_request")
|
.error("invalid_request")
|
||||||
.detail("reason", "Resource with id [Sensortest] does not exist.")
|
.detail("reason", "Resource with id [Sensortest] does not exist.")
|
||||||
.user(isUUID())
|
.user(at.getSubject())
|
||||||
.assertEvent();
|
.assertEvent();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -319,14 +319,14 @@ public class UserManagedAccessTest extends AbstractResourceServerTest {
|
||||||
String realmId = getRealm().toRepresentation().getId();
|
String realmId = getRealm().toRepresentation().getId();
|
||||||
String clientId = client.toRepresentation().getClientId();
|
String clientId = client.toRepresentation().getClientId();
|
||||||
events.expectLogin().realm(realmId).client(clientId)
|
events.expectLogin().realm(realmId).client(clientId)
|
||||||
.user(isUUID())
|
.user(koloId)
|
||||||
.clearDetails()
|
.clearDetails()
|
||||||
.assertEvent();
|
.assertEvent();
|
||||||
events.expectLogin().realm(realmId).client(clientId)
|
events.expectLogin().realm(realmId).client(clientId)
|
||||||
.user(isUUID())
|
.user(koloId)
|
||||||
.clearDetails()
|
.clearDetails()
|
||||||
.assertEvent();
|
.assertEvent();
|
||||||
events.expect(EventType.PERMISSION_TOKEN_ERROR).realm(realmId).client(clientId).user(isUUID())
|
events.expect(EventType.PERMISSION_TOKEN_ERROR).realm(realmId).client(clientId).user(koloId)
|
||||||
.session((String) null)
|
.session((String) null)
|
||||||
.error("access_denied")
|
.error("access_denied")
|
||||||
.detail("reason", "request_submitted")
|
.detail("reason", "request_submitted")
|
||||||
|
|
@ -375,14 +375,14 @@ public class UserManagedAccessTest extends AbstractResourceServerTest {
|
||||||
assertTrue(permissions.isEmpty());
|
assertTrue(permissions.isEmpty());
|
||||||
|
|
||||||
events.expectLogin().realm(realmId).client(clientId)
|
events.expectLogin().realm(realmId).client(clientId)
|
||||||
.user(isUUID())
|
.user(koloId)
|
||||||
.clearDetails()
|
.clearDetails()
|
||||||
.assertEvent();
|
.assertEvent();
|
||||||
events.expectLogin().realm(realmId).client(clientId)
|
events.expectLogin().realm(realmId).client(clientId)
|
||||||
.user(isUUID())
|
.user(koloId)
|
||||||
.clearDetails()
|
.clearDetails()
|
||||||
.assertEvent();
|
.assertEvent();
|
||||||
events.expect(EventType.PERMISSION_TOKEN).realm(realmId).client(clientId).user(isUUID())
|
events.expect(EventType.PERMISSION_TOKEN).realm(realmId).client(clientId).user(koloId)
|
||||||
.session((String) null)
|
.session((String) null)
|
||||||
.clearDetails()
|
.clearDetails()
|
||||||
.assertEvent();
|
.assertEvent();
|
||||||
|
|
|
||||||
|
|
@ -2704,11 +2704,12 @@ public class CIBATest extends AbstractClientPoliciesTest {
|
||||||
|
|
||||||
private void verifyBackchannelAuthenticationTokenRequest(OAuthClient.AccessTokenResponse tokenRes, String clientId, String username) {
|
private void verifyBackchannelAuthenticationTokenRequest(OAuthClient.AccessTokenResponse tokenRes, String clientId, String username) {
|
||||||
assertThat(tokenRes.getStatusCode(), is(equalTo(200)));
|
assertThat(tokenRes.getStatusCode(), is(equalTo(200)));
|
||||||
EventRepresentation event = events.expectAuthReqIdToToken(null, null).clearDetails().user(AssertEvents.isUUID()).client(clientId).assertEvent();
|
|
||||||
|
|
||||||
AccessToken accessToken = oauth.verifyToken(tokenRes.getAccessToken());
|
AccessToken accessToken = oauth.verifyToken(tokenRes.getAccessToken());
|
||||||
assertThat(accessToken.getIssuedFor(), is(equalTo(clientId)));
|
assertThat(accessToken.getIssuedFor(), is(equalTo(clientId)));
|
||||||
|
|
||||||
|
EventRepresentation event = events.expectAuthReqIdToToken(null, null).clearDetails().user(accessToken.getSubject()).client(clientId).assertEvent();
|
||||||
|
|
||||||
RefreshToken refreshToken = oauth.parseRefreshToken(tokenRes.getRefreshToken());
|
RefreshToken refreshToken = oauth.parseRefreshToken(tokenRes.getRefreshToken());
|
||||||
assertThat(refreshToken.getIssuedFor(), is(equalTo(clientId)));
|
assertThat(refreshToken.getIssuedFor(), is(equalTo(clientId)));
|
||||||
assertThat(refreshToken.getAudience()[0], is(equalTo(refreshToken.getIssuer())));
|
assertThat(refreshToken.getAudience()[0], is(equalTo(refreshToken.getIssuer())));
|
||||||
|
|
@ -2778,7 +2779,7 @@ public class CIBATest extends AbstractClientPoliciesTest {
|
||||||
assertThat(idToken.getAudience()[0], is(equalTo(idToken.getIssuedFor())));
|
assertThat(idToken.getAudience()[0], is(equalTo(idToken.getIssuedFor())));
|
||||||
checkTokenExpiration(idToken, tokenRes.getExpiresIn());
|
checkTokenExpiration(idToken, tokenRes.getExpiresIn());
|
||||||
|
|
||||||
events.expectRefresh(tokenRes.getRefreshToken(), sessionId).session(CoreMatchers.notNullValue(String.class)).user(AssertEvents.isUUID()).clearDetails().assertEvent();
|
events.expectRefresh(tokenRes.getRefreshToken(), sessionId).session(CoreMatchers.notNullValue(String.class)).user(accessToken.getSubject()).clearDetails().assertEvent();
|
||||||
|
|
||||||
return tokenRes;
|
return tokenRes;
|
||||||
}
|
}
|
||||||
|
|
@ -2808,7 +2809,8 @@ public class CIBATest extends AbstractClientPoliciesTest {
|
||||||
if (isOfflineAccess) assertThat(tokenRes.getErrorDescription(), is(equalTo("Offline user session not found")));
|
if (isOfflineAccess) assertThat(tokenRes.getErrorDescription(), is(equalTo("Offline user session not found")));
|
||||||
else assertThat(tokenRes.getErrorDescription(), is(equalTo("Session not active")));
|
else assertThat(tokenRes.getErrorDescription(), is(equalTo("Session not active")));
|
||||||
|
|
||||||
return events.expectLogout(sessionId).client(TEST_CLIENT_NAME).user(AssertEvents.isUUID()).session(AssertEvents.isUUID()).clearDetails().assertEvent();
|
RefreshToken rt = oauth.parseRefreshToken(refreshToken);
|
||||||
|
return events.expectLogout(sessionId).client(TEST_CLIENT_NAME).user(rt.getSubject()).session(AssertEvents.isUUID()).clearDetails().assertEvent();
|
||||||
}
|
}
|
||||||
|
|
||||||
private EventRepresentation doTokenRevokeByRefreshToken(String refreshToken, String sessionId, String userId, boolean isOfflineAccess) throws IOException {
|
private EventRepresentation doTokenRevokeByRefreshToken(String refreshToken, String sessionId, String userId, boolean isOfflineAccess) throws IOException {
|
||||||
|
|
@ -2823,7 +2825,8 @@ public class CIBATest extends AbstractClientPoliciesTest {
|
||||||
if (isOfflineAccess) assertThat(tokenRes.getErrorDescription(), is(equalTo("Offline user session not found")));
|
if (isOfflineAccess) assertThat(tokenRes.getErrorDescription(), is(equalTo("Offline user session not found")));
|
||||||
else assertThat(tokenRes.getErrorDescription(), is(equalTo("Session not active")));
|
else assertThat(tokenRes.getErrorDescription(), is(equalTo("Session not active")));
|
||||||
|
|
||||||
return events.expect(EventType.REVOKE_GRANT).clearDetails().client(TEST_CLIENT_NAME).user(AssertEvents.isUUID()).assertEvent();
|
RefreshToken rt = oauth.parseRefreshToken(refreshToken);
|
||||||
|
return events.expect(EventType.REVOKE_GRANT).clearDetails().client(TEST_CLIENT_NAME).user(rt.getSubject()).assertEvent();
|
||||||
}
|
}
|
||||||
|
|
||||||
private void testBackchannelAuthenticationFlow(boolean isOfflineAccess) throws Exception {
|
private void testBackchannelAuthenticationFlow(boolean isOfflineAccess) throws Exception {
|
||||||
|
|
|
||||||
|
|
@ -622,12 +622,12 @@ public class FAPICIBATest extends AbstractClientPoliciesTest {
|
||||||
|
|
||||||
private void verifyBackchannelAuthenticationTokenRequest(OAuthClient.AccessTokenResponse tokenRes, String clientId, String username) {
|
private void verifyBackchannelAuthenticationTokenRequest(OAuthClient.AccessTokenResponse tokenRes, String clientId, String username) {
|
||||||
assertThat(tokenRes.getStatusCode(), is(equalTo(200)));
|
assertThat(tokenRes.getStatusCode(), is(equalTo(200)));
|
||||||
events.expectAuthReqIdToToken(null, null).clearDetails().user(AssertEvents.isUUID()).client(clientId).assertEvent();
|
|
||||||
|
|
||||||
AccessToken accessToken = oauth.verifyToken(tokenRes.getAccessToken());
|
AccessToken accessToken = oauth.verifyToken(tokenRes.getAccessToken());
|
||||||
assertThat(accessToken.getIssuedFor(), is(equalTo(clientId)));
|
assertThat(accessToken.getIssuedFor(), is(equalTo(clientId)));
|
||||||
Assert.assertNotNull(accessToken.getCertConf().getCertThumbprint());
|
Assert.assertNotNull(accessToken.getCertConf().getCertThumbprint());
|
||||||
|
|
||||||
|
events.expectAuthReqIdToToken(null, null).clearDetails().user(accessToken.getSubject()).client(clientId).assertEvent();
|
||||||
|
|
||||||
RefreshToken refreshToken = oauth.parseRefreshToken(tokenRes.getRefreshToken());
|
RefreshToken refreshToken = oauth.parseRefreshToken(tokenRes.getRefreshToken());
|
||||||
assertThat(refreshToken.getIssuedFor(), is(equalTo(clientId)));
|
assertThat(refreshToken.getIssuedFor(), is(equalTo(clientId)));
|
||||||
|
|
|
||||||
|
|
@ -101,22 +101,18 @@ public class LoginTest extends AbstractTestRealmKeycloakTest {
|
||||||
@Override
|
@Override
|
||||||
public void configureTestRealm(RealmRepresentation testRealm) {
|
public void configureTestRealm(RealmRepresentation testRealm) {
|
||||||
UserRepresentation user = UserBuilder.create()
|
UserRepresentation user = UserBuilder.create()
|
||||||
.id(UUID.randomUUID().toString())
|
|
||||||
.username("login-test")
|
.username("login-test")
|
||||||
.email("login@test.com")
|
.email("login@test.com")
|
||||||
.enabled(true)
|
.enabled(true)
|
||||||
.password("password")
|
.password("password")
|
||||||
.build();
|
.build();
|
||||||
userId = user.getId();
|
|
||||||
|
|
||||||
UserRepresentation user2 = UserBuilder.create()
|
UserRepresentation user2 = UserBuilder.create()
|
||||||
.id(UUID.randomUUID().toString())
|
|
||||||
.username("login-test2")
|
.username("login-test2")
|
||||||
.email("login2@test.com")
|
.email("login2@test.com")
|
||||||
.enabled(true)
|
.enabled(true)
|
||||||
.password("password")
|
.password("password")
|
||||||
.build();
|
.build();
|
||||||
user2Id = user2.getId();
|
|
||||||
|
|
||||||
UserRepresentation admin = UserBuilder.create()
|
UserRepresentation admin = UserBuilder.create()
|
||||||
.username("admin")
|
.username("admin")
|
||||||
|
|
@ -161,6 +157,13 @@ public class LoginTest extends AbstractTestRealmKeycloakTest {
|
||||||
|
|
||||||
private static String user2Id;
|
private static String user2Id;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void importTestRealms() {
|
||||||
|
super.importTestRealms();
|
||||||
|
userId = testRealm().users().search("login-test", Boolean.TRUE).get(0).getId();
|
||||||
|
user2Id = testRealm().users().search("login-test2", Boolean.TRUE).get(0).getId();
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testBrowserSecurityHeaders() {
|
public void testBrowserSecurityHeaders() {
|
||||||
Client client = AdminClientUtil.createResteasyClient();
|
Client client = AdminClientUtil.createResteasyClient();
|
||||||
|
|
|
||||||
|
|
@ -67,8 +67,8 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
|
||||||
public AssertEvents events = new AssertEvents(this);
|
public AssertEvents events = new AssertEvents(this);
|
||||||
|
|
||||||
private AuthenticationFlowRepresentation flow;
|
private AuthenticationFlowRepresentation flow;
|
||||||
private final static String userId = UUID.randomUUID().toString();
|
private static String userId;
|
||||||
private final static String failId = UUID.randomUUID().toString();
|
private static String failId;
|
||||||
|
|
||||||
public static final String EXECUTION_ID = "scriptAuth";
|
public static final String EXECUTION_ID = "scriptAuth";
|
||||||
|
|
||||||
|
|
@ -81,7 +81,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
|
||||||
public void configureTestRealm(RealmRepresentation testRealm) {
|
public void configureTestRealm(RealmRepresentation testRealm) {
|
||||||
|
|
||||||
UserRepresentation failUser = UserBuilder.create()
|
UserRepresentation failUser = UserBuilder.create()
|
||||||
.id(failId)
|
.id(UUID.randomUUID().toString())
|
||||||
.username("fail")
|
.username("fail")
|
||||||
.email("fail@test.com")
|
.email("fail@test.com")
|
||||||
.enabled(true)
|
.enabled(true)
|
||||||
|
|
@ -89,7 +89,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
UserRepresentation okayUser = UserBuilder.create()
|
UserRepresentation okayUser = UserBuilder.create()
|
||||||
.id(userId)
|
.id(UUID.randomUUID().toString())
|
||||||
.username("user")
|
.username("user")
|
||||||
.email("user@test.com")
|
.email("user@test.com")
|
||||||
.enabled(true)
|
.enabled(true)
|
||||||
|
|
@ -101,6 +101,13 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
|
||||||
.user(okayUser);
|
.user(okayUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void importTestRealms() {
|
||||||
|
super.importTestRealms();
|
||||||
|
userId = adminClient.realm("test").users().search("user", true).get(0).getId();
|
||||||
|
failId = adminClient.realm("test").users().search("fail", true).get(0).getId();
|
||||||
|
}
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void configureFlows() throws Exception {
|
public void configureFlows() throws Exception {
|
||||||
String scriptFlow = "scriptBrowser";
|
String scriptFlow = "scriptBrowser";
|
||||||
|
|
|
||||||
|
|
@ -107,25 +107,12 @@ public class VerifyProfileTest extends AbstractTestRealmKeycloakTest {
|
||||||
enableDynamicUserProfile(testRealm);
|
enableDynamicUserProfile(testRealm);
|
||||||
|
|
||||||
UserRepresentation user = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-test").email("login@test.com").enabled(true).password("password").build();
|
UserRepresentation user = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-test").email("login@test.com").enabled(true).password("password").build();
|
||||||
userId = user.getId();
|
|
||||||
|
|
||||||
UserRepresentation user2 = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-test2").email("login2@test.com").enabled(true).password("password").build();
|
UserRepresentation user2 = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-test2").email("login2@test.com").enabled(true).password("password").build();
|
||||||
user2Id = user2.getId();
|
|
||||||
|
|
||||||
UserRepresentation user3 = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-test3").email("login3@test.com").enabled(true).password("password").lastName("ExistingLast").build();
|
UserRepresentation user3 = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-test3").email("login3@test.com").enabled(true).password("password").lastName("ExistingLast").build();
|
||||||
user3Id = user3.getId();
|
|
||||||
|
|
||||||
UserRepresentation user4 = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-test4").email("login4@test.com").enabled(true).password("password").lastName("ExistingLast").build();
|
UserRepresentation user4 = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-test4").email("login4@test.com").enabled(true).password("password").lastName("ExistingLast").build();
|
||||||
user4Id = user4.getId();
|
|
||||||
|
|
||||||
UserRepresentation user5 = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-test5").email("login5@test.com").enabled(true).password("password").firstName("ExistingFirst").lastName("ExistingLast").build();
|
UserRepresentation user5 = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-test5").email("login5@test.com").enabled(true).password("password").firstName("ExistingFirst").lastName("ExistingLast").build();
|
||||||
user5Id = user5.getId();
|
|
||||||
|
|
||||||
UserRepresentation user6 = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-test6").email("login6@test.com").enabled(true).password("password").firstName("ExistingFirst").lastName("ExistingLast").build();
|
UserRepresentation user6 = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-test6").email("login6@test.com").enabled(true).password("password").firstName("ExistingFirst").lastName("ExistingLast").build();
|
||||||
user6Id = user6.getId();
|
|
||||||
|
|
||||||
UserRepresentation userWithoutEmail = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-nomail").enabled(true).password("password").firstName("NoMailFirst").lastName("NoMailLast").build();
|
UserRepresentation userWithoutEmail = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-nomail").enabled(true).password("password").firstName("NoMailFirst").lastName("NoMailLast").build();
|
||||||
userWithoutEmailId = userWithoutEmail.getId();
|
|
||||||
|
|
||||||
RealmBuilder.edit(testRealm).user(user).user(user2).user(user3).user(user4).user(user5).user(user6).user(userWithoutEmail);
|
RealmBuilder.edit(testRealm).user(user).user(user2).user(user3).user(user4).user(user5).user(user6).user(userWithoutEmail);
|
||||||
|
|
||||||
|
|
@ -151,6 +138,18 @@ public class VerifyProfileTest extends AbstractTestRealmKeycloakTest {
|
||||||
client_scope_optional.setRedirectUris(Collections.singletonList("*"));
|
client_scope_optional.setRedirectUris(Collections.singletonList("*"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void importTestRealms() {
|
||||||
|
super.importTestRealms();
|
||||||
|
userId = adminClient.realm("test").users().search("login-test", true).get(0).getId();
|
||||||
|
user2Id = adminClient.realm("test").users().search("login-test2", true).get(0).getId();
|
||||||
|
user3Id = adminClient.realm("test").users().search("login-test3", true).get(0).getId();
|
||||||
|
user4Id = adminClient.realm("test").users().search("login-test4", true).get(0).getId();
|
||||||
|
user5Id = adminClient.realm("test").users().search("login-test5", true).get(0).getId();
|
||||||
|
user6Id = adminClient.realm("test").users().search("login-test6", true).get(0).getId();
|
||||||
|
userWithoutEmailId = adminClient.realm("test").users().search("login-nomail", true).get(0).getId();
|
||||||
|
}
|
||||||
|
|
||||||
@Rule
|
@Rule
|
||||||
public AssertEvents events = new AssertEvents(this);
|
public AssertEvents events = new AssertEvents(this);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -164,7 +164,6 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
|
||||||
.testEventListener();
|
.testEventListener();
|
||||||
|
|
||||||
app1 = ClientBuilder.create()
|
app1 = ClientBuilder.create()
|
||||||
.id(KeycloakModelUtils.generateId())
|
|
||||||
.clientId("client1")
|
.clientId("client1")
|
||||||
.attribute(JWTClientAuthenticator.CERTIFICATE_ATTR, generatedKeystoreClient1.getCertificateInfo().getCertificate())
|
.attribute(JWTClientAuthenticator.CERTIFICATE_ATTR, generatedKeystoreClient1.getCertificateInfo().getCertificate())
|
||||||
.attribute(OIDCConfigAttributes.USE_REFRESH_TOKEN_FOR_CLIENT_CREDENTIALS_GRANT, "true")
|
.attribute(OIDCConfigAttributes.USE_REFRESH_TOKEN_FOR_CLIENT_CREDENTIALS_GRANT, "true")
|
||||||
|
|
@ -175,7 +174,6 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
|
||||||
realmBuilder.client(app1);
|
realmBuilder.client(app1);
|
||||||
|
|
||||||
app2 = ClientBuilder.create()
|
app2 = ClientBuilder.create()
|
||||||
.id(KeycloakModelUtils.generateId())
|
|
||||||
.clientId("client2")
|
.clientId("client2")
|
||||||
.directAccessGrants()
|
.directAccessGrants()
|
||||||
.serviceAccountsEnabled(true)
|
.serviceAccountsEnabled(true)
|
||||||
|
|
@ -187,17 +185,13 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
|
||||||
realmBuilder.client(app2);
|
realmBuilder.client(app2);
|
||||||
|
|
||||||
defaultUser = UserBuilder.create()
|
defaultUser = UserBuilder.create()
|
||||||
.id(KeycloakModelUtils.generateId())
|
|
||||||
//.serviceAccountId(app1.getClientId())
|
//.serviceAccountId(app1.getClientId())
|
||||||
.username("test-user@localhost")
|
.username("test-user@localhost")
|
||||||
.password("password")
|
.password("password")
|
||||||
.build();
|
.build();
|
||||||
realmBuilder.user(defaultUser);
|
realmBuilder.user(defaultUser);
|
||||||
|
|
||||||
client1SAUserId = KeycloakModelUtils.generateId();
|
|
||||||
|
|
||||||
serviceAccountUser = UserBuilder.create()
|
serviceAccountUser = UserBuilder.create()
|
||||||
.id(client1SAUserId)
|
|
||||||
.username(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + app1.getClientId())
|
.username(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + app1.getClientId())
|
||||||
.serviceAccountId(app1.getClientId())
|
.serviceAccountId(app1.getClientId())
|
||||||
.build();
|
.build();
|
||||||
|
|
@ -207,18 +201,29 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
|
||||||
testRealms.add(testRealm);
|
testRealms.add(testRealm);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void importTestRealms() {
|
||||||
|
super.importTestRealms();
|
||||||
|
app1 = adminClient.realm("test").clients().findByClientId("client1").get(0);
|
||||||
|
app2 = adminClient.realm("test").clients().findByClientId("client2").get(0);
|
||||||
|
defaultUser.setId(adminClient.realm("test").users().search("test-user@localhost", true).get(0).getId());
|
||||||
|
client1SAUserId = adminClient.realm("test").users().search(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + app1.getClientId(), true).get(0).getId();
|
||||||
|
serviceAccountUser.setId(client1SAUserId);
|
||||||
|
}
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void recreateApp3() {
|
public void recreateApp3() {
|
||||||
app3 = ClientBuilder.create()
|
app3 = ClientBuilder.create()
|
||||||
.id(KeycloakModelUtils.generateId())
|
|
||||||
.clientId("client3")
|
.clientId("client3")
|
||||||
.directAccessGrants()
|
.directAccessGrants()
|
||||||
.authenticatorType(JWTClientAuthenticator.PROVIDER_ID)
|
.authenticatorType(JWTClientAuthenticator.PROVIDER_ID)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
Response resp = adminClient.realm("test").clients().create(app3);
|
try (Response resp = adminClient.realm("test").clients().create(app3)) {
|
||||||
getCleanup().addClientUuid(ApiUtil.getCreatedId(resp));
|
final String id = ApiUtil.getCreatedId(resp);
|
||||||
resp.close();
|
getCleanup().addClientUuid(id);
|
||||||
|
app3.setId(id);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// TEST SUCCESS
|
// TEST SUCCESS
|
||||||
|
|
|
||||||
|
|
@ -143,7 +143,6 @@ public class OfflineTokenTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
realm.client(app);
|
realm.client(app);
|
||||||
|
|
||||||
serviceAccountUserId = KeycloakModelUtils.generateId();
|
|
||||||
UserRepresentation serviceAccountUser = UserBuilder.create()
|
UserRepresentation serviceAccountUser = UserBuilder.create()
|
||||||
.id(serviceAccountUserId)
|
.id(serviceAccountUserId)
|
||||||
.addRoles("user", "offline_access")
|
.addRoles("user", "offline_access")
|
||||||
|
|
@ -157,6 +156,12 @@ public class OfflineTokenTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void importTestRealms() {
|
||||||
|
super.importTestRealms();
|
||||||
|
serviceAccountUserId = adminClient.realm("test").users().search(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "offline-client", true).get(0).getId();
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void offlineTokenDisabledForClient() throws Exception {
|
public void offlineTokenDisabledForClient() throws Exception {
|
||||||
// Remove offline-access scope from client
|
// Remove offline-access scope from client
|
||||||
|
|
|
||||||
|
|
@ -133,25 +133,20 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
|
||||||
.password("password");
|
.password("password");
|
||||||
realm.user(defaultUser);
|
realm.user(defaultUser);
|
||||||
|
|
||||||
userId = KeycloakModelUtils.generateId();
|
|
||||||
UserRepresentation user = UserBuilder.create()
|
UserRepresentation user = UserBuilder.create()
|
||||||
.id(userId)
|
|
||||||
.username("direct-login")
|
.username("direct-login")
|
||||||
.email("direct-login@localhost")
|
.email("direct-login@localhost")
|
||||||
.password("password")
|
.password("password")
|
||||||
.build();
|
.build();
|
||||||
realm.user(user);
|
realm.user(user);
|
||||||
|
|
||||||
userId2 = KeycloakModelUtils.generateId();
|
|
||||||
UserRepresentation user2 = UserBuilder.create()
|
UserRepresentation user2 = UserBuilder.create()
|
||||||
.id(userId2)
|
|
||||||
.username("direct-login-otp")
|
.username("direct-login-otp")
|
||||||
.password("password")
|
.password("password")
|
||||||
.totpSecret("totpSecret")
|
.totpSecret("totpSecret")
|
||||||
.build();
|
.build();
|
||||||
realm.user(user2);
|
realm.user(user2);
|
||||||
|
|
||||||
userIdMultipleOTPs = KeycloakModelUtils.generateId();
|
|
||||||
UserBuilder userBuilderMultipleOTPs = UserBuilder.create()
|
UserBuilder userBuilderMultipleOTPs = UserBuilder.create()
|
||||||
.id(userIdMultipleOTPs)
|
.id(userIdMultipleOTPs)
|
||||||
.username("direct-login-multiple-otps")
|
.username("direct-login-multiple-otps")
|
||||||
|
|
@ -163,6 +158,14 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
|
||||||
testRealms.add(realm.build());
|
testRealms.add(realm.build());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void importTestRealms() {
|
||||||
|
super.importTestRealms();
|
||||||
|
userIdMultipleOTPs = adminClient.realm("test").users().search("direct-login-multiple-otps", true).get(0).getId();
|
||||||
|
userId = adminClient.realm("test").users().search("direct-login", true).get(0).getId();
|
||||||
|
userId2 = adminClient.realm("test").users().search("direct-login-otp", true).get(0).getId();
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void grantAccessTokenUsername() throws Exception {
|
public void grantAccessTokenUsername() throws Exception {
|
||||||
int authSessionsBefore = getAuthenticationSessionsCount();
|
int authSessionsBefore = getAuthenticationSessionsCount();
|
||||||
|
|
|
||||||
|
|
@ -75,7 +75,8 @@ import static org.junit.Assert.assertThat;
|
||||||
*/
|
*/
|
||||||
public class ServiceAccountTest extends AbstractKeycloakTest {
|
public class ServiceAccountTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
private static String userId;
|
private static String userIdClRefreshOn;
|
||||||
|
private static String userIdCl;
|
||||||
private static String userName;
|
private static String userName;
|
||||||
|
|
||||||
@Rule
|
@Rule
|
||||||
|
|
@ -137,11 +138,10 @@ public class ServiceAccountTest extends AbstractKeycloakTest {
|
||||||
.username("test-user@localhost");
|
.username("test-user@localhost");
|
||||||
realm.user(defaultUser);
|
realm.user(defaultUser);
|
||||||
|
|
||||||
userId = KeycloakModelUtils.generateId();
|
|
||||||
userName = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + enabledApp.getClientId();
|
userName = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + enabledApp.getClientId();
|
||||||
|
|
||||||
UserBuilder serviceAccountUser = UserBuilder.create()
|
UserBuilder serviceAccountUser = UserBuilder.create()
|
||||||
.id(userId)
|
.id(KeycloakModelUtils.generateId())
|
||||||
.username(userName)
|
.username(userName)
|
||||||
.serviceAccountId(enabledApp.getClientId());
|
.serviceAccountId(enabledApp.getClientId());
|
||||||
realm.user(serviceAccountUser);
|
realm.user(serviceAccountUser);
|
||||||
|
|
@ -149,6 +149,13 @@ public class ServiceAccountTest extends AbstractKeycloakTest {
|
||||||
testRealms.add(realm.build());
|
testRealms.add(realm.build());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void importTestRealms() {
|
||||||
|
super.importTestRealms();
|
||||||
|
userIdClRefreshOn = adminClient.realm("test").users().search(userName, true).get(0).getId();
|
||||||
|
userIdCl = adminClient.realm("test").users().search(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "service-account-cl", true).get(0).getId();
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void clientCredentialsAuthSuccess() throws Exception {
|
public void clientCredentialsAuthSuccess() throws Exception {
|
||||||
oauth.clientId("service-account-cl-refresh-on");
|
oauth.clientId("service-account-cl-refresh-on");
|
||||||
|
|
@ -169,7 +176,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
events.expectClientLogin()
|
events.expectClientLogin()
|
||||||
.client("service-account-cl-refresh-on")
|
.client("service-account-cl-refresh-on")
|
||||||
.user(userId)
|
.user(userIdClRefreshOn)
|
||||||
.session(accessToken.getSessionState())
|
.session(accessToken.getSessionState())
|
||||||
.detail(Details.TOKEN_ID, accessToken.getId())
|
.detail(Details.TOKEN_ID, accessToken.getId())
|
||||||
.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
|
.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
|
||||||
|
|
@ -190,7 +197,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest {
|
||||||
assertEquals(accessToken.getSessionState(), refreshedAccessToken.getSessionState());
|
assertEquals(accessToken.getSessionState(), refreshedAccessToken.getSessionState());
|
||||||
assertEquals(accessToken.getSessionState(), refreshedRefreshToken.getSessionState());
|
assertEquals(accessToken.getSessionState(), refreshedRefreshToken.getSessionState());
|
||||||
|
|
||||||
events.expectRefresh(refreshToken.getId(), refreshToken.getSessionState()).user(userId).client("service-account-cl-refresh-on").assertEvent();
|
events.expectRefresh(refreshToken.getId(), refreshToken.getSessionState()).user(userIdClRefreshOn).client("service-account-cl-refresh-on").assertEvent();
|
||||||
}
|
}
|
||||||
|
|
||||||
// This is for the backwards compatibility only. By default, there won't be refresh token and hence there won't be availability for the logout
|
// This is for the backwards compatibility only. By default, there won't be refresh token and hence there won't be availability for the logout
|
||||||
|
|
@ -208,7 +215,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
events.expectClientLogin()
|
events.expectClientLogin()
|
||||||
.client("service-account-cl-refresh-on")
|
.client("service-account-cl-refresh-on")
|
||||||
.user(userId)
|
.user(userIdClRefreshOn)
|
||||||
.session(accessToken.getSessionState())
|
.session(accessToken.getSessionState())
|
||||||
.detail(Details.TOKEN_ID, accessToken.getId())
|
.detail(Details.TOKEN_ID, accessToken.getId())
|
||||||
.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
|
.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
|
||||||
|
|
@ -220,7 +227,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest {
|
||||||
assertEquals(204, logoutResponse.getStatusLine().getStatusCode());
|
assertEquals(204, logoutResponse.getStatusLine().getStatusCode());
|
||||||
events.expectLogout(accessToken.getSessionState())
|
events.expectLogout(accessToken.getSessionState())
|
||||||
.client("service-account-cl-refresh-on")
|
.client("service-account-cl-refresh-on")
|
||||||
.user(userId)
|
.user(userIdClRefreshOn)
|
||||||
.removeDetail(Details.REDIRECT_URI)
|
.removeDetail(Details.REDIRECT_URI)
|
||||||
.assertEvent();
|
.assertEvent();
|
||||||
|
|
||||||
|
|
@ -230,7 +237,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
events.expectRefresh(refreshToken.getId(), refreshToken.getSessionState())
|
events.expectRefresh(refreshToken.getId(), refreshToken.getSessionState())
|
||||||
.client("service-account-cl-refresh-on")
|
.client("service-account-cl-refresh-on")
|
||||||
.user(userId)
|
.user(userIdClRefreshOn)
|
||||||
.removeDetail(Details.TOKEN_ID)
|
.removeDetail(Details.TOKEN_ID)
|
||||||
.removeDetail(Details.UPDATED_REFRESH_TOKEN_ID)
|
.removeDetail(Details.UPDATED_REFRESH_TOKEN_ID)
|
||||||
.error(Errors.INVALID_TOKEN).assertEvent();
|
.error(Errors.INVALID_TOKEN).assertEvent();
|
||||||
|
|
@ -293,7 +300,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest {
|
||||||
// Username updated after client ID changed
|
// Username updated after client ID changed
|
||||||
events.expectClientLogin()
|
events.expectClientLogin()
|
||||||
.client("updated-client")
|
.client("updated-client")
|
||||||
.user(userId)
|
.user(userIdClRefreshOn)
|
||||||
.session(accessToken.getSessionState())
|
.session(accessToken.getSessionState())
|
||||||
.detail(Details.TOKEN_ID, accessToken.getId())
|
.detail(Details.TOKEN_ID, accessToken.getId())
|
||||||
.detail(Details.USERNAME, ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "updated-client")
|
.detail(Details.USERNAME, ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "updated-client")
|
||||||
|
|
@ -319,6 +326,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest {
|
||||||
finally {
|
finally {
|
||||||
ClientManager.realm(adminClient.realm("test")).clientId("service-account-cl").setServiceAccountsEnabled(true);
|
ClientManager.realm(adminClient.realm("test")).clientId("service-account-cl").setServiceAccountsEnabled(true);
|
||||||
UserRepresentation user = ClientManager.realm(adminClient.realm("test")).clientId("service-account-cl").getServiceAccountUser();
|
UserRepresentation user = ClientManager.realm(adminClient.realm("test")).clientId("service-account-cl").getServiceAccountUser();
|
||||||
|
userIdCl = user.getId();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -329,7 +337,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void failManagePassword() {
|
public void failManagePassword() {
|
||||||
UserResource serviceAccount = adminClient.realm("test").users().get(userId);
|
UserResource serviceAccount = adminClient.realm("test").users().get(userIdClRefreshOn);
|
||||||
UserRepresentation representation = serviceAccount.toRepresentation();
|
UserRepresentation representation = serviceAccount.toRepresentation();
|
||||||
|
|
||||||
CredentialRepresentation password = new CredentialRepresentation();
|
CredentialRepresentation password = new CredentialRepresentation();
|
||||||
|
|
@ -361,7 +369,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
events.expect(EventType.REVOKE_GRANT)
|
events.expect(EventType.REVOKE_GRANT)
|
||||||
.client("service-account-cl")
|
.client("service-account-cl")
|
||||||
.user(AssertEvents.isUUID())
|
.user(userIdCl)
|
||||||
.session(Matchers.isEmptyOrNullString())
|
.session(Matchers.isEmptyOrNullString())
|
||||||
.detail(Details.TOKEN_ID, accessToken.getId())
|
.detail(Details.TOKEN_ID, accessToken.getId())
|
||||||
.assertEvent();
|
.assertEvent();
|
||||||
|
|
@ -404,7 +412,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
events.expectClientLogin()
|
events.expectClientLogin()
|
||||||
.client("service-account-cl")
|
.client("service-account-cl")
|
||||||
.user(AssertEvents.isUUID())
|
.user(userIdCl)
|
||||||
.session(AssertEvents.isUUID())
|
.session(AssertEvents.isUUID())
|
||||||
.detail(Details.TOKEN_ID, accessToken.getId())
|
.detail(Details.TOKEN_ID, accessToken.getId())
|
||||||
.detail(Details.USERNAME, ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "service-account-cl")
|
.detail(Details.USERNAME, ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "service-account-cl")
|
||||||
|
|
@ -418,7 +426,6 @@ public class ServiceAccountTest extends AbstractKeycloakTest {
|
||||||
Assert.assertTrue(getIntrospectionResponse("service-account-cl", "secret1", tokenString));
|
Assert.assertTrue(getIntrospectionResponse("service-account-cl", "secret1", tokenString));
|
||||||
events.expect(EventType.INTROSPECT_TOKEN)
|
events.expect(EventType.INTROSPECT_TOKEN)
|
||||||
.client("service-account-cl")
|
.client("service-account-cl")
|
||||||
.user(AssertEvents.isUUID())
|
|
||||||
.user(Matchers.isEmptyOrNullString())
|
.user(Matchers.isEmptyOrNullString())
|
||||||
.session(Matchers.isEmptyOrNullString())
|
.session(Matchers.isEmptyOrNullString())
|
||||||
.assertEvent();
|
.assertEvent();
|
||||||
|
|
@ -469,7 +476,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
events.expectClientLogin()
|
events.expectClientLogin()
|
||||||
.client("service-account-cl-refresh-on")
|
.client("service-account-cl-refresh-on")
|
||||||
.user(userId)
|
.user(userIdClRefreshOn)
|
||||||
.session(accessToken.getSessionState())
|
.session(accessToken.getSessionState())
|
||||||
.detail(Details.TOKEN_ID, accessToken.getId())
|
.detail(Details.TOKEN_ID, accessToken.getId())
|
||||||
.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
|
.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
|
||||||
|
|
@ -490,7 +497,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest {
|
||||||
assertEquals(accessToken.getSessionState(), refreshedAccessToken.getSessionState());
|
assertEquals(accessToken.getSessionState(), refreshedAccessToken.getSessionState());
|
||||||
assertEquals(accessToken.getSessionState(), refreshedRefreshToken.getSessionState());
|
assertEquals(accessToken.getSessionState(), refreshedRefreshToken.getSessionState());
|
||||||
|
|
||||||
events.expectRefresh(refreshToken.getId(), refreshToken.getSessionState()).user(userId).client("service-account-cl-refresh-on").assertEvent();
|
events.expectRefresh(refreshToken.getId(), refreshToken.getSessionState()).user(userIdClRefreshOn).client("service-account-cl-refresh-on").assertEvent();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
|
||||||
|
|
@ -107,11 +107,10 @@ public class ServiceAccountUserProfileTest extends AbstractKeycloakTest {
|
||||||
.username("test-user@localhost");
|
.username("test-user@localhost");
|
||||||
realm.user(defaultUser);
|
realm.user(defaultUser);
|
||||||
|
|
||||||
userId = KeycloakModelUtils.generateId();
|
|
||||||
userName = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + enabledApp.getClientId();
|
userName = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + enabledApp.getClientId();
|
||||||
|
|
||||||
UserBuilder serviceAccountUser = UserBuilder.create()
|
UserBuilder serviceAccountUser = UserBuilder.create()
|
||||||
.id(userId)
|
.id(KeycloakModelUtils.generateId())
|
||||||
.username(userName)
|
.username(userName)
|
||||||
.serviceAccountId(enabledApp.getClientId());
|
.serviceAccountId(enabledApp.getClientId());
|
||||||
realm.user(serviceAccountUser);
|
realm.user(serviceAccountUser);
|
||||||
|
|
@ -121,6 +120,12 @@ public class ServiceAccountUserProfileTest extends AbstractKeycloakTest {
|
||||||
testRealms.add(realmRep);
|
testRealms.add(realmRep);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void importTestRealms() {
|
||||||
|
super.importTestRealms();
|
||||||
|
userId = adminClient.realm("test").users().search(userName, true).get(0).getId();
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testDoNotUpdateUsername() {
|
public void testDoNotUpdateUsername() {
|
||||||
RealmResource test = adminClient.realm("test");
|
RealmResource test = adminClient.realm("test");
|
||||||
|
|
|
||||||
|
|
@ -428,7 +428,7 @@ public class HoKTest extends AbstractTestRealmKeycloakTest {
|
||||||
assertEquals(1, refreshedToken.getResourceAccess(oauth.getClientId()).getRoles().size());
|
assertEquals(1, refreshedToken.getResourceAccess(oauth.getClientId()).getRoles().size());
|
||||||
Assert.assertTrue(refreshedToken.getResourceAccess(oauth.getClientId()).isUserInRole("customer-user"));
|
Assert.assertTrue(refreshedToken.getResourceAccess(oauth.getClientId()).isUserInRole("customer-user"));
|
||||||
|
|
||||||
EventRepresentation refreshEvent = events.expectRefresh(tokenEvent.getDetails().get(Details.REFRESH_TOKEN_ID), sessionId).user(AssertEvents.isUUID()).assertEvent();
|
EventRepresentation refreshEvent = events.expectRefresh(tokenEvent.getDetails().get(Details.REFRESH_TOKEN_ID), sessionId).user(refreshToken.getSubject()).assertEvent();
|
||||||
Assert.assertNotEquals(tokenEvent.getDetails().get(Details.TOKEN_ID), refreshEvent.getDetails().get(Details.TOKEN_ID));
|
Assert.assertNotEquals(tokenEvent.getDetails().get(Details.TOKEN_ID), refreshEvent.getDetails().get(Details.TOKEN_ID));
|
||||||
Assert.assertNotEquals(tokenEvent.getDetails().get(Details.REFRESH_TOKEN_ID), refreshEvent.getDetails().get(Details.UPDATED_REFRESH_TOKEN_ID));
|
Assert.assertNotEquals(tokenEvent.getDetails().get(Details.REFRESH_TOKEN_ID), refreshEvent.getDetails().get(Details.UPDATED_REFRESH_TOKEN_ID));
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -65,12 +65,17 @@ public abstract class AbstractRARParserTest extends AbstractTestRealmKeycloakTes
|
||||||
.enabled(true)
|
.enabled(true)
|
||||||
.password("password")
|
.password("password")
|
||||||
.build();
|
.build();
|
||||||
userId = user.getId();
|
|
||||||
|
|
||||||
RealmBuilder.edit(testRealm)
|
RealmBuilder.edit(testRealm)
|
||||||
.user(user);
|
.user(user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void importTestRealms() {
|
||||||
|
super.importTestRealms();
|
||||||
|
userId = adminClient.realm("test").users().search("rar-test", true).get(0).getId();
|
||||||
|
}
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void clientConfiguration() {
|
public void clientConfiguration() {
|
||||||
ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true);
|
ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true);
|
||||||
|
|
|
||||||
|
|
@ -48,7 +48,7 @@ import java.util.Collections;
|
||||||
*/
|
*/
|
||||||
public class AudienceTest extends AbstractOIDCScopeTest {
|
public class AudienceTest extends AbstractOIDCScopeTest {
|
||||||
|
|
||||||
private static final String userId = KeycloakModelUtils.generateId();
|
private static String userId;
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
@ -74,7 +74,7 @@ public class AudienceTest extends AbstractOIDCScopeTest {
|
||||||
|
|
||||||
// Create sample user
|
// Create sample user
|
||||||
UserRepresentation user = UserBuilder.create()
|
UserRepresentation user = UserBuilder.create()
|
||||||
.id(userId)
|
.id(KeycloakModelUtils.generateId())
|
||||||
.username("john")
|
.username("john")
|
||||||
.enabled(true)
|
.enabled(true)
|
||||||
.email("john@email.cz")
|
.email("john@email.cz")
|
||||||
|
|
@ -88,6 +88,12 @@ public class AudienceTest extends AbstractOIDCScopeTest {
|
||||||
testRealm.getUsers().add(user);
|
testRealm.getUsers().add(user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void importTestRealms() {
|
||||||
|
super.importTestRealms();
|
||||||
|
userId = adminClient.realm("test").users().search("john", true).get(0).getId();
|
||||||
|
}
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void beforeTest() {
|
public void beforeTest() {
|
||||||
// Check if already exists
|
// Check if already exists
|
||||||
|
|
|
||||||
|
|
@ -55,13 +55,13 @@ import static org.keycloak.common.Profile.Feature.DYNAMIC_SCOPES;
|
||||||
@EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
|
@EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
|
||||||
public class OIDCDynamicScopeTest extends OIDCScopeTest {
|
public class OIDCDynamicScopeTest extends OIDCScopeTest {
|
||||||
|
|
||||||
private static String userId = KeycloakModelUtils.generateId();
|
private static String userId;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void configureTestRealm(RealmRepresentation testRealm) {
|
public void configureTestRealm(RealmRepresentation testRealm) {
|
||||||
super.configureTestRealm(testRealm);
|
super.configureTestRealm(testRealm);
|
||||||
UserRepresentation user = UserBuilder.create()
|
UserRepresentation user = UserBuilder.create()
|
||||||
.id(userId)
|
.id(KeycloakModelUtils.generateId())
|
||||||
.username("johnDynamic")
|
.username("johnDynamic")
|
||||||
.enabled(true)
|
.enabled(true)
|
||||||
.email("johnDynamic@scopes.xyz")
|
.email("johnDynamic@scopes.xyz")
|
||||||
|
|
@ -86,6 +86,12 @@ public class OIDCDynamicScopeTest extends OIDCScopeTest {
|
||||||
testRealm.getRoles().getRealm().add(dynamicScopeRole);
|
testRealm.getRoles().getRealm().add(dynamicScopeRole);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void importTestRealms() {
|
||||||
|
super.importTestRealms();
|
||||||
|
userId = adminClient.realm("test").users().search("john", true).get(0).getId();
|
||||||
|
}
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void assertDynamicScopesFeatureEnabled() {
|
public void assertDynamicScopesFeatureEnabled() {
|
||||||
ProfileAssume.assumeFeatureEnabled(DYNAMIC_SCOPES);
|
ProfileAssume.assumeFeatureEnabled(DYNAMIC_SCOPES);
|
||||||
|
|
|
||||||
|
|
@ -66,12 +66,12 @@ import static org.keycloak.testsuite.auth.page.AuthRealm.TEST;
|
||||||
*/
|
*/
|
||||||
public class OIDCScopeTest extends AbstractOIDCScopeTest {
|
public class OIDCScopeTest extends AbstractOIDCScopeTest {
|
||||||
|
|
||||||
private static String userId = KeycloakModelUtils.generateId();
|
private static String userId;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void configureTestRealm(RealmRepresentation testRealm) {
|
public void configureTestRealm(RealmRepresentation testRealm) {
|
||||||
UserRepresentation user = UserBuilder.create()
|
UserRepresentation user = UserBuilder.create()
|
||||||
.id(userId)
|
.id(KeycloakModelUtils.generateId())
|
||||||
.username("john")
|
.username("john")
|
||||||
.enabled(true)
|
.enabled(true)
|
||||||
.email("john@email.cz")
|
.email("john@email.cz")
|
||||||
|
|
@ -148,6 +148,12 @@ public class OIDCScopeTest extends AbstractOIDCScopeTest {
|
||||||
testRealm.getUsers().add(user);
|
testRealm.getUsers().add(user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void importTestRealms() {
|
||||||
|
super.importTestRealms();
|
||||||
|
userId = adminClient.realm("test").users().search("john", true).get(0).getId();
|
||||||
|
}
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void clientConfiguration() {
|
public void clientConfiguration() {
|
||||||
ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true);
|
ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true);
|
||||||
|
|
|
||||||
|
|
@ -297,8 +297,6 @@ public abstract class AbstractX509AuthenticationTest extends AbstractTestRealmKe
|
||||||
.addAttribute("x509_issuer_identity", "Keycloak Intermediate CA")
|
.addAttribute("x509_issuer_identity", "Keycloak Intermediate CA")
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
userId2 = user.getId();
|
|
||||||
|
|
||||||
ClientRepresentation client = findTestApp(testRealm);
|
ClientRepresentation client = findTestApp(testRealm);
|
||||||
URI baseUri = URI.create(client.getRedirectUris().get(0));
|
URI baseUri = URI.create(client.getRedirectUris().get(0));
|
||||||
URI redir = URI.create("https://localhost:" + System.getProperty("auth.server.https.port", "8543") + baseUri.getRawPath());
|
URI redir = URI.create("https://localhost:" + System.getProperty("auth.server.https.port", "8543") + baseUri.getRawPath());
|
||||||
|
|
@ -312,6 +310,12 @@ public abstract class AbstractX509AuthenticationTest extends AbstractTestRealmKe
|
||||||
.client(app);
|
.client(app);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void importTestRealms() {
|
||||||
|
super.importTestRealms();
|
||||||
|
userId2 = adminClient.realm("test").users().search("keycloak", true).get(0).getId();
|
||||||
|
}
|
||||||
|
|
||||||
AuthenticationFlowRepresentation createFlow(AuthenticationFlowRepresentation flowRep) {
|
AuthenticationFlowRepresentation createFlow(AuthenticationFlowRepresentation flowRep) {
|
||||||
Response response = authMgmtResource.createFlow(flowRep);
|
Response response = authMgmtResource.createFlow(flowRep);
|
||||||
try {
|
try {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue